cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chip Childers <chip.child...@sungard.com>
Subject Re: [ACS41][Patch Request] Several patches to security_group.py
Date Thu, 14 Mar 2013 19:41:47 GMT
On Thu, Mar 14, 2013 at 12:28:55PM -0700, John Kinsella wrote:
> I've fixed several bugs in security_group.py in the last few days. Would be nice if we
could get this into 4.1.

Ack and pushed.  Can you please resolve all relevant bugs?

> 
> commit 381f737e64ed9192e6eea4aeffe1920637f7d835
> Author: John Kinsella <jlk@stratosec.co>
> Date:   Wed Mar 13 16:52:49 2013 -0700
> 
>     Summary: Fix exception handling in security_group.py
>     
>     Detail: Code was attempting to concatinate an exception to a string.
>     Updated to convert to text and concatinate that.
>     
>     BUG-ID: CLOUDSTACK-1052
> 
> commit 1079d63b6f978b2124db26d7f84f7ae62ba9daa0
> Author: John Kinsella <jlk@stratosec.co>
> Date:   Wed Mar 13 17:54:50 2013 -0700
> 
>     Summary: Prevent deletion of wrong iptables rules
>     
>     Detail: A grep in security_group.py wasn't defined well enough, could
>     potentially delete rules for VMs other than intended
>     
>     BUG-ID: CLOUDSTACK-309
> 
> commit 08a0788b384f7083eb261dbeec51d3efe5907927
> Author: John Kinsella <jlk@stratosec.co>
> Date:   Thu Mar 14 11:48:47 2013 -0700
> 
>     Summary: security_group.py: catch exception when flushing chain
>     
>     Detail: Added exception handling around iptables chain flushing, along
>     with a call to default_network_rules() to re-initialize.
>     
>     Testing:
>     On agent, ls /var/run/cloud and pick one of the VMs to test with. Make a
>     backup of it's logfile (eg cp /var/run/cloud/i-2-1722.log /tmp )
>     Destroy the firewall ruleset for that VM with
>     /usr/lib64/cloud/common/scripts/vm/network/security_group.py destroy_network_rules_for_vm
--vmname i-2-1722-VM --vif vnet10
>     Now copy the log file back, edit the file and decrement the last field by 1
>     ACS should notice the out-of-date sequence ID and push a new ruleset for
>     the VM within 60 seconds.
> 
>     BUG-ID: CLOUDSTACK-1685
> 
> 

Mime
View raw message