cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Animesh Chaturvedi <animesh.chaturv...@citrix.com>
Subject RE: [VOTE] Apache CloudStack 4.3.0 (eighth round)
Date Fri, 14 Mar 2014 22:09:22 GMT


> -----Original Message-----
> From: Edison Su [mailto:Edison.su@citrix.com]
> Sent: Friday, March 14, 2014 2:57 PM
> To: dev@cloudstack.apache.org
> Subject: RE: [VOTE] Apache CloudStack 4.3.0 (eighth round)
> 
> Add a fix: e5c391fcf3852e50ebd99d4a72fd51d1753b05eb on 4.3-forward
> branch.
> I do see the rule coming on the kvm host:
> 
> -A FORWARD -o cloudbr0 -m physdev --physdev-is-bridged -j BF-cloudbr0 -A
> FORWARD -i cloudbr0 -m physdev --physdev-is-bridged -j BF-cloudbr0 -A
> FORWARD -o cloudbr0 -j DROP -A FORWARD -i cloudbr0 -j DROP
> 
> Animesh, could you cherry-pick it into 4.3?


[Animesh] Edison thanks for the fix. Can you also add tracking bug in JIRA for this issue.
Nux do you mind pulling in Edison's commit and confirm the fix?


> > -----Original Message-----
> > From: Edison Su [mailto:Edison.su@citrix.com]
> > Sent: Friday, March 14, 2014 1:59 PM
> > To: dev@cloudstack.apache.org
> > Subject: RE: [VOTE] Apache CloudStack 4.3.0 (eighth round)
> >
> > The following change will the be root cause:
> >
> > -        refs = execute("iptables -n -L " + brfw + " |grep " + brfw + " | cut -d
\( -
> f2
> > | awk '{print $1}'").strip()
> > +        refs = execute("""iptables -n -L " + brfw + " | awk
> > + '/%s(.*)references/ {gsub(/\(/, "") ;print $3}'""" % brfw).strip()
> >
> > In commit: 052bff15c6603877e7a0767993eb4675e9bd9ca8
> >
> > The code should be
> > +        refs = execute("""iptables -n -L " + %s + " | awk
> > + '/%s(.*)references/ {gsub(/\(/, "") ;print $3}'""" % (brfw,
> > + brfw)).strip()
> >
> > > -----Original Message-----
> > > From: Nux! [mailto:nux@li.nux.ro]
> > > Sent: Friday, March 14, 2014 1:13 PM
> > > To: dev@cloudstack.apache.org
> > > Subject: RE: [VOTE] Apache CloudStack 4.3.0 (eighth round)
> > >
> > > On 14.03.2014 19:36, Edison Su wrote:
> > > >> -----Original Message-----
> > > >> From: Nux! [mailto:nux@li.nux.ro]
> > > >> Sent: Friday, March 14, 2014 12:19 PM
> > > >> To: dev@cloudstack.apache.org
> > > >> Subject: RE: [VOTE] Apache CloudStack 4.3.0 (eighth round)
> > > >>
> > > >> On 14.03.2014 19:14, Edison Su wrote:
> > > >>> Hi Nux,
> > > >>>    Could you post security group log file on your 4.3 kvm host?
> > > >>> The file is @/var/log/cloudstack/agent/security_group.log
> > > >>
> > > >> Thanks Edison, but the problem went away once I replaced that
> > > >> python script with
> > > >> https://git-wip-
> > > >> us.apache.org/repos/asf?p=cloudstack.git;a=blob_plain;f=scripts/v
> > > >> m/
> > > >> ne
> > > >> two
> > > >>
> > >
> >
> rk/security_group.py;h=0ac8b74a872d46b5def69be8df35e4fc49eb52b3;hb=0
> > > >> 898a264a5463b85c4cab3033f9c3161c5ef83f8
> > > >
> > > > But the code is not for 4.3, right?
> > > > I want to figure out, why 4.3 security group is broken.
> > >
> > > I think this is the key difference:
> > >
> > > -A FORWARD -o brbond0-540 -m physdev --physdev-is-bridged -j
> > > BF-brbond0-540
> > > -A FORWARD -i brbond0-540 -m physdev --physdev-is-bridged -j
> > > BF-brbond0-540
> > > -A FORWARD -o brbond0-540 -j DROP
> > > -A FORWARD -i brbond0-540 -j DROP
> > >
> > > It's missing in the 4.3 and since FORWARD chain defaults to ACCEPT ...
> > > I'll try to rollback to old script and send you the logs.
> > >
> > > Lucian
> > >
> > > --
> > > Sent from the Delta quadrant using Borg technology!
> > >
> > > Nux!
> > > www.nux.ro
Mime
View raw message