cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anthon...@apache.org
Subject git commit: updated refs/heads/4.2 to 728c505
Date Thu, 05 Dec 2013 10:14:37 GMT
Updated Branches:
  refs/heads/4.2 25dd11567 -> 728c505fc


 after XS host reboot, all SG rules are gone, need to check if SG rules frame is there when
program  rules for VM, if not , create the SG rule frame


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/728c505f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/728c505f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/728c505f

Branch: refs/heads/4.2
Commit: 728c505fcef3322fae529c4b4baab05390530b6b
Parents: 25dd115
Author: Anthony Xu <anthony.xu@citrix.com>
Authored: Thu Dec 5 02:07:24 2013 -0800
Committer: Anthony Xu <anthony.xu@citrix.com>
Committed: Thu Dec 5 02:14:24 2013 -0800

----------------------------------------------------------------------
 scripts/vm/hypervisor/xenserver/vmops | 33 ++++++++++--------------------
 1 file changed, 11 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/728c505f/scripts/vm/hypervisor/xenserver/vmops
----------------------------------------------------------------------
diff --git a/scripts/vm/hypervisor/xenserver/vmops b/scripts/vm/hypervisor/xenserver/vmops
index 5383e0e..e4b3caf 100755
--- a/scripts/vm/hypervisor/xenserver/vmops
+++ b/scripts/vm/hypervisor/xenserver/vmops
@@ -373,25 +373,6 @@ def deleteFile(session, args):
 
     return txt
 
-
-    
-def get_private_nic(session, args):
-    vms = session.xenapi.VM.get_all()
-    host_uuid = args.get('host_uuid')
-    host = session.xenapi.host.get_by_uuid(host_uuid)
-    piflist = session.xenapi.host.get_PIFs(host)
-    mgmtnic = 'eth0'
-    for pif in piflist:
-        pifrec = session.xenapi.PIF.get_record(pif)
-        network = pifrec.get('network')
-        nwrec = session.xenapi.network.get_record(network)
-        if nwrec.get('name_label') == 'cloud-guest':
-            return pifrec.get('device')
-        if pifrec.get('management'):
-            mgmtnic = pifrec.get('device')
-    
-    return mgmtnic
-
 def chain_name(vm_name):
     if vm_name.startswith('i-') or vm_name.startswith('r-'):
         if vm_name.endswith('untagged'):
@@ -421,7 +402,6 @@ def can_bridge_firewall(session, args):
     except:
         return 'false'
 
-    host_uuid = args.get('host_uuid')
     try:
         util.pread2(['iptables', '-N', 'BRIDGE-FIREWALL'])
         util.pread2(['iptables', '-I', 'BRIDGE-FIREWALL', '-m', 'state', '--state', 'RELATED,ESTABLISHED',
'-j', 'ACCEPT'])
@@ -443,14 +423,12 @@ def can_bridge_firewall(session, args):
     except:
         util.SMlog('Chain BRIDGE-DEFAULT-FIREWALL already exists')
 
-    privnic = get_private_nic(session, args)
     result = 'true'
     try:
         util.pread2(['/bin/bash', '-c', 'iptables -n -L FORWARD | grep BRIDGE-FIREWALL'])
     except:
         try:
             util.pread2(['iptables', '-I', 'FORWARD', '-m', 'physdev', '--physdev-is-bridged',
'-j', 'BRIDGE-FIREWALL'])
-            util.pread2(['iptables', '-A', 'FORWARD', '-m', 'physdev', '--physdev-is-bridged',
'--physdev-out', privnic, '-j', 'ACCEPT'])
             util.pread2(['iptables', '-A', 'FORWARD', '-j', 'DROP'])
         except:
             return 'false'
@@ -774,6 +752,11 @@ def network_rules_vmSecondaryIp(session, args):
 
 @echo
 def default_network_rules_systemvm(session, args):
+    try:
+        util.pread2(['/bin/bash', '-c', 'iptables -n -L FORWARD | grep BRIDGE-FIREWALL'])
+    except:
+        can_bridge_firewall(session, args)
+
     vm_name = args.pop('vmName')
     try:
         vm = session.xenapi.VM.get_by_name_label(vm_name)
@@ -1463,6 +1446,12 @@ def network_rules(session, args):
     seqno = args.pop('seqno')
     sec_ips = args.get("secIps")
     deflated = 'false'
+
+    try:
+        util.pread2(['/bin/bash', '-c', 'iptables -n -L FORWARD | grep BRIDGE-FIREWALL'])
+    except:
+        can_bridge_firewall(session, args)
+
     if 'deflated' in args:
         deflated = args.pop('deflated')
     


Mime
View raw message