> On March 5, 2013, 7:28 p.m., anthony xu wrote:
> > - log file for SG is used to restore SG when VM reboot, and do SG sync, I
> > saw log for second ip is added, I didn't see code to use the log to restore
> > SG, can you check it SG rules is correct after you reboot VM through
> > xencener? after VM reboot, the NIC interface name changes, CS uses log to
> > rebuild SG rules for this VM. can you check if VM SG rules are deleted
> > after you shutdown VM through xencenter?
> > - I didn't see the change for KVM, is this feature only for XS.
I tested the vm reboot case from xencenter. The rules (SG) rules for secondary
ips are added correctly.
When vm is stopped the rules for the secondary ips are deleted.
1.destroy_arptables_rules - deletes all the the arprules
2.The existing code flush and delete ipset with name VMNAME, this causes the
deletion of
ipset with vmname i created.
The secondary ip log file is read using the get_vm_sec_ips
When vm is rebooted all the arprules for the secondary ips are added using the
secondary ip log file.
The ipset is update will not change on reboot.
The update of ipset happen only when the vm secondary ip added/deleted and
ipset is deleted when vm is destroyed.
get_vm_sec_ips - get the vm secondary ips from the log file
arp_rules_vmip - adds the arp rules for the vm ips
In vm reboot we destroy the SG rules and add rules again.
In network_rules_for_rebooted_vm we have below code for secondary ips
#check wether the vm has secondary ips
if is_secondary_ips_set(vm_name) == True:
vmips = get_vm_sec_ips(vm_name)
#add arp rules for the secondaryp ip
for ip in vmips:
arp_rules_vmip(vmchain, vifs, [ip], vm_mac, "-A")
- Jayapal
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/9730/#review17417
-----------------------------------------------------------
On March 4, 2013, 1:18 p.m., Jayapal Reddy wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/9730/
> -----------------------------------------------------------
>
> (Updated March 4, 2013, 1:18 p.m.)
>
>
> Review request for cloudstack, Abhinandan Prateek, Murali Reddy, and anthony
> xu.
>
>
> Description
> -------
>
> In this patch changes are made for the basic zone and security groups
>
>
> This addresses bug cloudstack-24.
>
>
> Diffs
> -----
>
> api/src/com/cloud/agent/api/SecurityGroupRulesCmd.java affad1f
> api/src/com/cloud/agent/api/to/NicTO.java aa2aa19
> api/src/com/cloud/network/security/SecurityGroupService.java c648032
> api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java
> 0f99274
> api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java
> cb5e085
> core/src/com/cloud/agent/api/NetworkRulesVmSecondaryIpCommand.java
> PRE-CREATION
>
> plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
> 1896b0e
> scripts/vm/hypervisor/xenserver/vmops 92ed79a
> server/src/com/cloud/hypervisor/HypervisorGuruBase.java efe9396
> server/src/com/cloud/network/NetworkManager.java 8b6bf9a
> server/src/com/cloud/network/NetworkManagerImpl.java a575183
> server/src/com/cloud/network/NetworkModelImpl.java 0525888
> server/src/com/cloud/network/NetworkServiceImpl.java 4c61aec
> server/src/com/cloud/network/dao/IPAddressDao.java 1052639
> server/src/com/cloud/network/dao/IPAddressDaoImpl.java 691e460
> server/src/com/cloud/network/guru/DirectNetworkGuru.java 46a525e
> server/src/com/cloud/network/security/SecurityGroupManagerImpl.java eafe88e
> server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java
> a3a0fc3
> server/src/com/cloud/vm/UserVmManagerImpl.java 3fb5d92
> server/src/com/cloud/vm/dao/NicDao.java 794bacc
> server/src/com/cloud/vm/dao/NicDaoImpl.java 4491174
> server/test/com/cloud/network/MockNetworkManagerImpl.java 8004310
> server/test/com/cloud/vpc/MockNetworkManagerImpl.java 63ef874
>
> Diff: https://reviews.apache.org/r/9730/diff/
>
>
> Testing
> -------
>
> Unit Tests done:
> 1. adding a secondary ip to nic
> 2. remove ip from nic
> 3. reaching public network from the VM.
> 4. security groups changes for the secondary ip are done.
>
>
> Thanks,
>
> Jayapal Reddy
>
>
