Return-Path: X-Original-To: apmail-cloudstack-commits-archive@www.apache.org Delivered-To: apmail-cloudstack-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 367EC18C68 for ; Sat, 25 Apr 2015 01:12:56 +0000 (UTC) Received: (qmail 17509 invoked by uid 500); 25 Apr 2015 01:12:56 -0000 Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org Received: (qmail 17394 invoked by uid 500); 25 Apr 2015 01:12:55 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 17265 invoked by uid 99); 25 Apr 2015 01:12:55 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Apr 2015 01:12:55 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id AF951E0979; Sat, 25 Apr 2015 01:12:55 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: bhaisaab@apache.org To: commits@cloudstack.apache.org Date: Sat, 25 Apr 2015 01:12:55 -0000 Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: [1/2] git commit: updated refs/heads/4.5 to 3925512 Repository: cloudstack Updated Branches: refs/heads/4.5 50dd37fcc -> 392551211 CLOUDSTACK-4611: cleanup_rules using ebtables rules from /proc/modules The SG python script depends on ebtables-save which is not available on Debian based distros (Ubuntu and Debian for example). The commit uses /proc/modules to find available bridge tables (one of nat, filter or broute) and then find VMs that need to be removed. Further it uses set() to remove duplicate VMs so we don't try to remove a VM's rules more than once leading to unwanted errors in the log. Signed-off-by: Rohit Yadav Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d6667710 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d6667710 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d6667710 Branch: refs/heads/4.5 Commit: d66677101c7770b5c4b8c39064eba5ee94d124c6 Parents: 50dd37f Author: Rohit Yadav Authored: Sat Apr 25 01:00:16 2015 +0200 Committer: Rohit Yadav Committed: Sat Apr 25 02:58:12 2015 +0200 ---------------------------------------------------------------------- scripts/vm/network/security_group.py | 33 ++++++++++++++++--------------- 1 file changed, 17 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d6667710/scripts/vm/network/security_group.py ---------------------------------------------------------------------- diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py index 5e022d8..f5d3169 100755 --- a/scripts/vm/network/security_group.py +++ b/scripts/vm/network/security_group.py @@ -701,22 +701,23 @@ def cleanup_rules(): logging.debug("vm " + vm_name + " is not running or paused, cleaning up iptable rules") cleanup.append(vm_name) - chainscmd = """ebtables-save | awk '/:i/ { gsub(/(^:|-(in|out|ips))/, "") ; print $1}'""" - chains = execute(chainscmd).split('\n') - for chain in chains: - if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]: - vm_name = chain - - result = virshdomstate(vm_name) - - if result == None or len(result) == 0: - logging.debug("chain " + chain + " does not correspond to a vm, cleaning up ebtable rules") - cleanup.append(vm_name) - continue - if not (result == "running" or result == "paused"): - logging.debug("vm " + vm_name + " is not running or paused, cleaning up ebtable rules") - cleanup.append(vm_name) - + bridge_tables = execute("""grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//""").split('\n') + for table in filter(None, bridge_tables): + chainscmd = """ebtables -t %s -L | awk '/chain:/ { gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq""" % table + chains = execute(chainscmd).split('\n') + for chain in filter(None, chains): + if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]: + vm_name = chain + result = virshdomstate(vm_name) + if result == None or len(result) == 0: + logging.debug("chain " + chain + " does not correspond to a vm, cleaning up ebtable rules") + cleanup.append(vm_name) + continue + if not (result == "running" or result == "paused"): + logging.debug("vm " + vm_name + " is not running or paused, cleaning up ebtable rules") + cleanup.append(vm_name) + + cleanup = list(set(cleanup)) # remove duplicates for vmname in cleanup: destroy_network_rules_for_vm(vmname)