cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From t..@apache.org
Subject [13/50] [abbrv] git commit: refs/heads/marvin-refactor - Summary: security_group.py: catch exception when flushing chain
Date Mon, 18 Mar 2013 12:27:11 GMT
Summary: security_group.py: catch exception when flushing chain

Detail: Added exception handling around iptables chain flushing, along
with a call to default_network_rules() to re-initialize.

Testing:
On agent, ls /var/run/cloud and pick one of the VMs to test with. Make a
backup of it's logfile (eg cp /var/run/cloud/i-2-1722.log /tmp )
Destroy the firewall ruleset for that VM with
/usr/lib64/cloud/common/scripts/vm/network/security_group.py destroy_network_rules_for_vm
--vmname i-2-1722-VM --vif vnet10
Now copy the log file back, edit the file and decrement the last field by 1
ACS should notice the out-of-date sequence ID and push a new ruleset for
the VM within 60 seconds.

BUG-ID: CLOUDSTACK-1685
Bugfix-for: John Kinsella
Reviewed-by:
Reported-by:
Signed-off-by: John Kinsella <jlk@stratosec.co> 1363286927 -0700


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/08a0788b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/08a0788b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/08a0788b

Branch: refs/heads/marvin-refactor
Commit: 08a0788b384f7083eb261dbeec51d3efe5907927
Parents: e6d46d7
Author: John Kinsella <jlk@stratosec.co>
Authored: Thu Mar 14 11:48:47 2013 -0700
Committer: John Kinsella <jlk@stratosec.co>
Committed: Thu Mar 14 11:48:47 2013 -0700

----------------------------------------------------------------------
 scripts/vm/network/security_group.py |   12 ++++++++----
 1 files changed, 8 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/08a0788b/scripts/vm/network/security_group.py
----------------------------------------------------------------------
diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py
index 1bcbc3e..03e35fb 100755
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@@ -622,10 +622,14 @@ def add_network_rules(vm_name, vm_id, vm_ip, signature, seqno, vmMac,
rules, vif
         lines = rules.split(';')[:-1]
 
     logging.debug("    programming network rules for  IP: " + vm_ip + " vmname=" + vm_name)
-    vmchain = vm_name
-    execute("iptables -F " + vmchain)
-    egress_vmchain = egress_chain_name(vm_name)
-    execute("iptables -F " + egress_vmchain)
+    try:
+      vmchain = vm_name
+      execute("iptables -F " + vmchain)
+      egress_vmchain = egress_chain_name(vm_name)
+      execute("iptables -F " + egress_vmchain)
+    except: 
+      logging.debug("Error flushing iptables rules for " + vmchain + ".  Presuming firewall
rules deleted, re-initializing." )
+      default_network_rules(vm_name, vm_id, vm_ip, vmMac, vif, brname)
     egressrule = 0
     for line in lines:
 	


Mime
View raw message