cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-8395) Basic Zone Security Group rules fail with XenServer 6.5
Date Tue, 21 Apr 2015 15:49:59 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8395?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14505145#comment-14505145
] 

ASF subversion and git services commented on CLOUDSTACK-8395:
-------------------------------------------------------------

Commit c11080a99d0479c51eaa4f2d2664ed7f8e348a5a in cloudstack's branch refs/heads/CLOUDSTACK-8395
from [~rohit.yadav@shapeblue.com]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=c11080a ]

CLOUDSTACK-8395: vmops plugin should work on both XS 6.5 and 6.2 :fist:

This fixes the issue of Security Groups not working in case of XenServer 6.5;
- Uses nethash ipset data-structure to store CIDRs (efficient than iphash and
  avoids overflow errors in case users add /8 /4 ingress/egress cidrs)
- Support for ipset versions both on 6.2 and 6.5, both have different outputs. This
  fixes the issue of destroy_network_rules_for_vm failing
- Implements defensive filtering of list, instead of popping last item without
  checking if it's None or empty
- Greps using names that are 'quoted' to avoid bash errors
- Before setting up new network rule, tries to clean and remove old ipset entry
- Idents, whitespace and naming fixes

PS. This is my 1000th commit to the :monkey_face: project :)

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


> Basic Zone Security Group rules fail with XenServer 6.5
> -------------------------------------------------------
>
>                 Key: CLOUDSTACK-8395
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8395
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.5.0, 4.6.0
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>            Priority: Blocker
>             Fix For: 4.6.0, 4.5.1
>
>
> With latest ACS 4.5 branch, SG rules on XenServer 6.5 were found to be flaky. They worked
sometimes and sometimes failed. On inspection of cloud.log and SMLog, the following errors
were found:
> DEBUG [root] Ignoring failure to delete rules for vm s-2-VM 
> ...
> DEBUG [root] Ignoring failure to delete ebtables chain for vm s-2-VM                
                             
> ...
> DEBUG [root] Ignoring failure to delete arptables chain for vm s-2-VM
> ...
> DEBUG [root] Ignoring failure to delete ingress chain s-2-VM
> DEBUG [root] Ignoring failure to delete egress chain s-2-VM-eg
> ...
> The possible issue discovered was how the python based vmops plugin execute iptables
rules. The sm/util.py shipped with XS 6.5 is possibly different than that on XS 6.2.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message