firewall logging

Azure · Dec 27, 2024 · a122f02 · a122f02
1 parent f047b31
commit a122f02
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/azurelinuxagent/ga/firewall_manager.py b/azurelinuxagent/ga/firewall_manager.py
@@ -186,6 +186,7 @@ def _execute_delete_command(self, command):
     def check(self):
         missing_rules = []
         existing_rules = []
+        missing_rules_reasons = []
 
         for rule, command in self._get_commands(self._get_check_command_option()):
             try:
@@ -194,14 +195,18 @@ def check(self):
             except CommandError as e:
                 if e.returncode == 1:  # rule does not exist
                     missing_rules.append(rule)
+                    # Issue: Even though the drop rule exists, the agent perceives it as missing when checking all rules.
+                    # This might occur because we mark the rule as missing due to the same error code being returned for other reasons.
+                    # So logging the error message to understand the reason for the rule being marked as missing.
+                    missing_rules_reasons.append(e.stderr)
                 else:
                     raise
 
         if len(missing_rules) == 0:  # all rules are present
             return True
 
         if len(existing_rules) > 0:  # some rules are present, but not all
-            raise FirewallStateError("The following rules are missing: {0}".format(missing_rules))
+            raise FirewallStateError("The following rules are missing: {0} due to: {1}".format(missing_rules, missing_rules_reasons))
 
         return False
 

diff --git a/azurelinuxagent/ga/update.py b/azurelinuxagent/ga/update.py
@@ -1151,7 +1151,7 @@ def _initialize_firewall(wire_server_address):
                     firewall_manager.setup()
                     event.info(WALAEventOperation.Firewall, "Created firewall rules for Azure Fabric:\n{0}", firewall_manager.get_state())
             except FirewallStateError as e:
-                event.warn(WALAEventOperation.Firewall, "The firewall rules for Azure Fabric are not setup correctly (the environment thread will fix it): {0}", ustr(e))
+                event.warn(WALAEventOperation.Firewall, "The firewall rules for Azure Fabric are not setup correctly (the environment thread will fix it): {0}. Current state:\n{1}", ustr(e), firewall_manager.get_state())
 
             #
             # Ensure firewall rules are persisted across reboots