cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-8395) Basic Zone Security Group rules fail with XenServer 6.5
Date Thu, 23 Apr 2015 08:12:39 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8395?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14508641#comment-14508641
] 

ASF subversion and git services commented on CLOUDSTACK-8395:
-------------------------------------------------------------

Commit a3ea616835878448cff9faec3c00225b9cf2dfa0 in cloudstack's branch refs/heads/CLOUDSTACK-8395
from [~rohit.yadav@shapeblue.com]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=a3ea616 ]

CLOUDSTACK-8395: vmops plugin should work on both XS 6.5 and 6.2 :fist:

This fixes the issue of Security Groups not working in case of XenServer 6.5;
- Uses nethash ipset data-structure to store CIDRs (efficient than iphash and
  avoids overflow errors in case users add /8 /4 ingress/egress cidrs)
- Support for ipset versions both on 6.2 and 6.5, both have different outputs. This
  fixes the issue of destroy_network_rules_for_vm failing
- Implements defensive filtering of list, instead of popping last item without
  checking if it's None or empty
- Greps using names that are 'quoted' to avoid bash errors
- Before setting up new network rule, tries to clean and remove old ipset entry
- Idents, whitespace and naming fixes

PS. This is my 1000th commit to the :monkey_face: project :)

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


> Basic Zone Security Group rules fail with XenServer 6.5
> -------------------------------------------------------
>
>                 Key: CLOUDSTACK-8395
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8395
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.5.0, 4.6.0
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>            Priority: Blocker
>             Fix For: 4.6.0, 4.5.1
>
>
> With latest ACS 4.5 branch, SG rules on XenServer 6.5 were found to be flaky. They worked
sometimes and sometimes failed. On inspection of cloud.log and SMLog, the following errors
were found:
> DEBUG [root] Ignoring failure to delete rules for vm s-2-VM 
> ...
> DEBUG [root] Ignoring failure to delete ebtables chain for vm s-2-VM                
                             
> ...
> DEBUG [root] Ignoring failure to delete arptables chain for vm s-2-VM
> ...
> DEBUG [root] Ignoring failure to delete ingress chain s-2-VM
> DEBUG [root] Ignoring failure to delete egress chain s-2-VM-eg
> ...
> The possible issue discovered was how the python based vmops plugin execute iptables
rules. The sm/util.py shipped with XS 6.5 is possibly different than that on XS 6.2.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message