vr_cfg.sh use lots of memory failed to start if there are many firewall rules. #4449
Description
ISSUE TYPE
- Bug Report
COMPONENT NAME
VR
CLOUDSTACK VERSION
All version after 4.7 affected
CONFIGURATION
Vmware
OS / ENVIRONMENT
SUMMARY
Script writing style in /opt/cloud/bin/vr_cfg.sh in VR will consume HUGE memory if there are more than 1,000 firewall rules.
When VR is restarted, cloudstack will pass a aggregation of JSON files to VR and use vr_cfg.sh to unpack it and run python script to load them. The problem is cloudstack will generate each JSON file to one-line-file, which is ok. But vr_cfg.sh is written in following style:
while read line; do
...
done < $cfg
If JSON file is big, hundreds of kilo-byte for example, there will be a very LOOOOOOOOONG line for the script to read. This will use a lot of memory and result in memory exhausted and will fail the async job of start VR.
And of course , VR will not come up after that.
As a result of my test, 2k firewall rules will cause this problem on a VR with 1GB memory. 6K firewall rules will kill a VR with 8GB memory, and 10k firewall rules will kill the VR even with 16GB memory.
The fix is simple, just change it to
cat $cfg | while read line; do
...
done
will fix this problem.
STEPS TO REPRODUCE
- add 2000 firewall rules to a VR with 1GB memory
- stop and start it
it will fail to start.
EXPECTED RESULTS
VR failed to start
ACTUAL RESULTS
Job will failed and a memory out log in the management server log.