cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From muralire...@apache.org
Subject git commit: updated refs/heads/4.4 to 89c6f00
Date Fri, 28 Mar 2014 11:39:13 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/4.4 14796783f -> 89c6f0087


OVS distributed routing: fix the issues related to applying network
ACL's on OVS. OVS OF rules does not accept 0.0.0.0/0 so while applying
ACL dont include source CIDR in the OF rule if source CIDR is 0.0.0.0/0


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/89c6f008
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/89c6f008
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/89c6f008

Branch: refs/heads/4.4
Commit: 89c6f0087c832a05ed55256a394aee7541ac83d4
Parents: 1479678
Author: Murali Reddy <muralimmreddy@gmail.com>
Authored: Fri Mar 28 17:06:02 2014 +0530
Committer: Murali Reddy <muralimmreddy@gmail.com>
Committed: Fri Mar 28 17:08:22 2014 +0530

----------------------------------------------------------------------
 .../xenserver/cloudstack_pluginlib.py           | 86 ++++++++++++++------
 scripts/vm/hypervisor/xenserver/ovstunnel       |  4 +-
 2 files changed, 62 insertions(+), 28 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/89c6f008/scripts/vm/hypervisor/xenserver/cloudstack_pluginlib.py
----------------------------------------------------------------------
diff --git a/scripts/vm/hypervisor/xenserver/cloudstack_pluginlib.py b/scripts/vm/hypervisor/xenserver/cloudstack_pluginlib.py
index 4ebb435..50a1fa2 100644
--- a/scripts/vm/hypervisor/xenserver/cloudstack_pluginlib.py
+++ b/scripts/vm/hypervisor/xenserver/cloudstack_pluginlib.py
@@ -358,7 +358,7 @@ def configure_bridge_for_network_topology(bridge, this_host_id, json_config):
         for host in vpc_spanning_hosts:
             if str(this_host_id) == str(host.hostid):
                 continue
-            other_host_vms = get_vms_on_host(vpconfig, host.hostid)
+            other_host_vms = get_vms_on_host(vpconfig, str(host.hostid))
             for vm in other_host_vms:
                 for nic in vm.nics:
                     mac_addr = nic.macaddress
@@ -397,8 +397,9 @@ def configure_ovs_bridge_for_routing_policies(bridge, json_config):
         return "FAILURE:IMPROPER_JSON_CONFG_FILE"
 
     try:
-        # First flush current egress ACL's before re-applying the ACL's
+        # First flush current ingress and egress ACL's before re-applying the ACL's
         del_flows(bridge, table=3)
+        del_flows(bridge, table=5)
 
         egress_rules_added = False
         ingress_rules_added = False
@@ -419,15 +420,22 @@ def configure_ovs_bridge_for_routing_policies(bridge, json_config):
                 source_cidrs = acl_item.sourcecidrs
                 acl_priority = 1000 + number
                 for source_cidr in source_cidrs:
-                    if direction is "ingress":
+                    if direction == "ingress":
                         ingress_rules_added = True
-
                         if source_port_start is None and source_port_end is None:
-                            if action is "deny":
-                                add_flow(bridge, priority= acl_priority, table=5, nw_src=source_cidr,
nw_dst=tier_cidr,
+                            if source_cidr.startswith('0.0.0.0'):
+                                if action == "deny":
+                                    add_flow(bridge, priority= acl_priority, table=5, nw_dst=tier_cidr,
+                                         nw_proto=protocol, actions='drop')
+                                if action == "allow":
+                                    add_flow(bridge, priority= acl_priority,table=5, nw_dst=tier_cidr,
+                                         nw_proto=protocol, actions='resubmit(,1)')
+                            else:
+                                if action == "deny":
+                                    add_flow(bridge, priority= acl_priority, table=5, nw_src=source_cidr,
nw_dst=tier_cidr,
                                          nw_proto=protocol, actions='drop')
-                            if action is "allow":
-                                add_flow(bridge, priority= acl_priority,table=5, nw_src=source_cidr,
nw_dst=tier_cidr,
+                                if action == "allow":
+                                    add_flow(bridge, priority= acl_priority,table=5, nw_src=source_cidr,
nw_dst=tier_cidr,
                                          nw_proto=protocol, actions='resubmit(,1)')
                             continue
 
@@ -435,36 +443,59 @@ def configure_ovs_bridge_for_routing_policies(bridge, json_config):
                         # source_cidr and destination ip is in tier_cidr
                         port = source_port_start
                         while (port < source_port_end):
-                            if action is "deny":
-                                add_flow(bridge, priority= acl_priority, table=5, nw_src=source_cidr,
nw_dst=tier_cidr, tp_dst=port,
+                            if source_cidr.startswith('0.0.0.0'):
+                                if action == "deny":
+                                    add_flow(bridge, priority= acl_priority, table=5, nw_dst=tier_cidr,
tp_dst=port,
                                          nw_proto=protocol, actions='drop')
-                            if action is "allow":
-                                add_flow(bridge, priority= acl_priority,table=5, nw_src=source_cidr,
nw_dst=tier_cidr, tp_dst=port,
+                                if action == "allow":
+                                    add_flow(bridge, priority= acl_priority,table=5, nw_dst=tier_cidr,
tp_dst=port,
+                                         nw_proto=protocol, actions='resubmit(,1)')
+                            else:
+                                if action == "deny":
+                                    add_flow(bridge, priority= acl_priority, table=5, nw_src=source_cidr,
nw_dst=tier_cidr, tp_dst=port,
+                                         nw_proto=protocol, actions='drop')
+                                if action == "allow":
+                                    add_flow(bridge, priority= acl_priority,table=5, nw_src=source_cidr,
nw_dst=tier_cidr, tp_dst=port,
                                          nw_proto=protocol, actions='resubmit(,1)')
                             port = port + 1
 
-                    elif direction in "egress":
+                    elif direction == "egress":
                         egress_rules_added = True
-
                         if source_port_start is None and source_port_end is None:
-                            if action is "deny":
-                                add_flow(bridge, priority= acl_priority, table=3, nw_src=source_cidr,
nw_dst=tier_cidr,
+                            if source_cidr.startswith('0.0.0.0'):
+                                if action == "deny":
+                                    add_flow(bridge, priority= acl_priority, table=3, nw_dst=tier_cidr,
                                          nw_proto=protocol, actions='drop')
-                            if action is "allow":
-                                add_flow(bridge, priority= acl_priority,table=3, nw_src=source_cidr,
nw_dst=tier_cidr,
-                                         nw_proto=protocol, actions='resubmit(,1)')
+                                if action == "allow":
+                                    add_flow(bridge, priority= acl_priority,table=3, nw_dst=tier_cidr,
+                                         nw_proto=protocol, actions='resubmit(,4)')
+                            else:
+                                if action == "deny":
+                                    add_flow(bridge, priority= acl_priority, table=3, nw_src=source_cidr,
nw_dst=tier_cidr,
+                                         nw_proto=protocol, actions='drop')
+                                if action == "allow":
+                                    add_flow(bridge, priority= acl_priority,table=3, nw_src=source_cidr,
nw_dst=tier_cidr,
+                                         nw_proto=protocol, actions='resubmit(,4)')
                             continue
 
                         # add flow rule to do action (allow/deny) for flows where destination
IP of the packet is in
                         # source_cidr and source ip is in tier_cidr
                         port = source_port_start
                         while (port < source_port_end):
-                            if action is "deny":
-                                add_flow(bridge, priority= acl_priority, table=3, nw_src=tier_cidr,
nw_dst=source_cidr, tp_dst=port,
-                                         nw_proto=protocol, actions='drop')
-                            if action is "allow":
-                                add_flow(bridge, priority= acl_priority, table=3, nw_src=tier_cidr,
nw_dst=source_cidr, tp_dst=port,
-                                         nw_proto=protocol, actions='resubmit(,1)')
+                            if source_cidr.startswith('0.0.0.0'):
+                                if action == "deny":
+                                    add_flow(bridge, priority= acl_priority, table=3, nw_dst=source_cidr,
tp_dst=port,
+                                             nw_proto=protocol, actions='drop')
+                                if action == "allow":
+                                    add_flow(bridge, priority= acl_priority, table=3, nw_dst=source_cidr,
tp_dst=port,
+                                             nw_proto=protocol, actions='resubmit(,4)')
+                            else:
+                                if action == "deny":
+                                    add_flow(bridge, priority= acl_priority, table=3, nw_src=tier_cidr,
nw_dst=source_cidr, tp_dst=port,
+                                             nw_proto=protocol, actions='drop')
+                                if action == "allow":
+                                    add_flow(bridge, priority= acl_priority, table=3, nw_src=tier_cidr,
nw_dst=source_cidr, tp_dst=port,
+                                             nw_proto=protocol, actions='resubmit(,4)')
                             port = port + 1
 
         if egress_rules_added is False:
@@ -472,8 +503,11 @@ def configure_ovs_bridge_for_routing_policies(bridge, json_config):
             add_flow(bridge, priority=0, table=3, actions='resubmit(,4)')
 
         if ingress_rules_added is False:
-            # add a default rule in egress table drop packets
+            # add a default rule in ingress table drop packets
             add_flow(bridge, priority=0, table=5, actions='drop')
+
+        return "SUCCESS: successfully configured bridge as per the later routing policies
of the VPC"
+
     except:
         logging.debug("An unexpected error occurred while configuring bridge as per VPC's
routing policies.")
         raise
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/89c6f008/scripts/vm/hypervisor/xenserver/ovstunnel
----------------------------------------------------------------------
diff --git a/scripts/vm/hypervisor/xenserver/ovstunnel b/scripts/vm/hypervisor/xenserver/ovstunnel
index 068f89f..3e17360 100755
--- a/scripts/vm/hypervisor/xenserver/ovstunnel
+++ b/scripts/vm/hypervisor/xenserver/ovstunnel
@@ -402,7 +402,7 @@ def configure_ovs_bridge_for_routing_policies(session, args):
     bridge = args.pop("bridge")
     json_config = args.pop("config")
 
-    return lib.configure_ovs_bridge_for_router_policies(bridge, json_config)
+    return lib.configure_ovs_bridge_for_routing_policies(bridge, json_config)
 
 if __name__ == "__main__":
     XenAPIPlugin.dispatch({"create_tunnel": create_tunnel,
@@ -413,4 +413,4 @@ if __name__ == "__main__":
                            "getLabel": getLabel,
                            "setup_ovs_bridge_for_distributed_routing": setup_ovs_bridge_for_distributed_routing,
                            "configure_ovs_bridge_for_network_topology": configure_ovs_bridge_for_network_topology,
-                           "configure_ovs_bridge_for_routing_policies": "configure_ovs_bridge_for_routing_policies"})
+                           "configure_ovs_bridge_for_routing_policies": configure_ovs_bridge_for_routing_policies})


Mime
View raw message