cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@apache.org
Subject [08/50] [abbrv] git commit: updated refs/heads/master to 1c408de
Date Thu, 07 May 2015 14:04:46 GMT
CLOUDSTACK-4611: cleanup_rules using ebtables rules from /proc/modules

The SG python script depends on ebtables-save which is not available on Debian
based distros (Ubuntu and Debian for example). The commit uses /proc/modules
to find available bridge tables (one of nat, filter or broute) and then
find VMs that need to be removed. Further it uses set() to remove duplicate VMs
so we don't try to remove a VM's rules more than once leading to unwanted errors
in the log.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d6667710
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d6667710
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d6667710

Branch: refs/heads/master
Commit: d66677101c7770b5c4b8c39064eba5ee94d124c6
Parents: 50dd37f
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Authored: Sat Apr 25 01:00:16 2015 +0200
Committer: Rohit Yadav <rohit.yadav@shapeblue.com>
Committed: Sat Apr 25 02:58:12 2015 +0200

----------------------------------------------------------------------
 scripts/vm/network/security_group.py | 33 ++++++++++++++++---------------
 1 file changed, 17 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d6667710/scripts/vm/network/security_group.py
----------------------------------------------------------------------
diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py
index 5e022d8..f5d3169 100755
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@@ -701,22 +701,23 @@ def cleanup_rules():
                     logging.debug("vm " + vm_name + " is not running or paused, cleaning
up iptable rules")
                     cleanup.append(vm_name)
 
-        chainscmd = """ebtables-save | awk '/:i/ { gsub(/(^:|-(in|out|ips))/, "") ; print
$1}'"""
-        chains = execute(chainscmd).split('\n')
-        for chain in chains:
-            if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]:
-                vm_name = chain
-
-                result = virshdomstate(vm_name)
-
-                if result == None or len(result) == 0:
-                    logging.debug("chain " + chain + " does not correspond to a vm, cleaning
up ebtable rules")
-                    cleanup.append(vm_name)
-                    continue
-                if not (result == "running" or result == "paused"):
-                    logging.debug("vm " + vm_name + " is not running or paused, cleaning
up ebtable rules")
-                    cleanup.append(vm_name)
-
+        bridge_tables = execute("""grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed
s/ebtable_//""").split('\n')
+        for table in filter(None, bridge_tables):
+            chainscmd = """ebtables -t %s -L | awk '/chain:/ { gsub(/(^.*chain: |-(in|out|ips).*)/,
""); print $1}' | sort | uniq""" % table
+            chains = execute(chainscmd).split('\n')
+            for chain in filter(None, chains):
+                if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]:
+                    vm_name = chain
+                    result = virshdomstate(vm_name)
+                    if result == None or len(result) == 0:
+                        logging.debug("chain " + chain + " does not correspond to a vm, cleaning
up ebtable rules")
+                        cleanup.append(vm_name)
+                        continue
+                    if not (result == "running" or result == "paused"):
+                        logging.debug("vm " + vm_name + " is not running or paused, cleaning
up ebtable rules")
+                        cleanup.append(vm_name)
+
+        cleanup = list(set(cleanup))  # remove duplicates
         for vmname in cleanup:
             destroy_network_rules_for_vm(vmname)
 


Mime
View raw message