Updated Branches: refs/heads/master 0d9b81aac -> cefc5cbff
bug CS-16172 Reviewed-by: chiradeep Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/cefc5cbf Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/cefc5cbf Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/cefc5cbf Branch: refs/heads/master Commit: cefc5cbff3c61db405b9ab4ad655c070083d482d Parents: 0d9b81a Author: Edison Su <[email protected]> Authored: Fri Aug 24 16:01:59 2012 -0700 Committer: Edison Su <[email protected]> Committed: Fri Aug 24 16:13:29 2012 -0700 ---------------------------------------------------------------------- scripts/vm/network/security_group.py | 74 ++++++++++++++++++----------- 1 files changed, 46 insertions(+), 28 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/cefc5cbf/scripts/vm/network/security_group.py ---------------------------------------------------------------------- diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py index 31e0544..b079890 100755 --- a/scripts/vm/network/security_group.py +++ b/scripts/vm/network/security_group.py @@ -489,36 +489,54 @@ def cleanup_rules_for_dead_vms(): def cleanup_rules(): - try: - - chainscmd = "iptables-save | grep '^:' | grep -v '.*-def' | grep -v '.*-eg' | awk '{print $1}' | cut -d':' -f2" - chains = execute(chainscmd).split('\n') - cleaned = 0 - cleanup = [] - for chain in chains: - if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]: - vm_name = chain - - cmd = "virsh list |grep " + vm_name - try: - result = execute(cmd) - except: - result = None - - if result == None or len(result) == 0: - logging.debug("chain " + chain + " does not correspond to a vm, cleaning up") - cleanup.append(vm_name) - continue - if result.find("running") == -1: - logging.debug("vm " + vm_name + " is not running, cleaning up") - cleanup.append(vm_name) + try: + chainscmd = "iptables-save | grep '^:' | grep -v '.*-def' | grep -v '.*-eg' | awk '{print $1}' | cut -d':' -f2" + chains = execute(chainscmd).split('\n') + cleanup = [] + for chain in chains: + if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]: + vm_name = chain - for vmname in cleanup: - destroy_network_rules_for_vm(vmname) + cmd = "virsh list |grep " + vm_name + try: + result = execute(cmd) + except: + result = None + + if result == None or len(result) == 0: + logging.debug("chain " + chain + " does not correspond to a vm, cleaning up") + cleanup.append(vm_name) + continue + if result.find("running") == -1: + logging.debug("vm " + vm_name + " is not running, cleaning up") + cleanup.append(vm_name) + + chainscmd = "ebtables-save |grep :i |awk '{print $1}' |sed -e 's/\-in//g' |sed -e 's/\-out//g' |sed -e 's/^://g'" + chains = execute(chainscmd).split('\n') + for chain in chains: + if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]: + vm_name = chain + + cmd = "virsh list |grep " + vm_name + try: + result = execute(cmd) + except: + result = None + + if result == None or len(result) == 0: + logging.debug("chain " + chain + " does not correspond to a vm, cleaning up") + cleanup.append(vm_name) + continue + if result.find("running") == -1: + logging.debug("vm " + vm_name + " is not running, cleaning up") + cleanup.append(vm_name) + + for vmname in cleanup: + destroy_network_rules_for_vm(vmname) - logging.debug("Cleaned up rules for " + str(len(cleanup)) + " chains") - except: - logging.debug("Failed to cleanup rules !") + logging.debug("Cleaned up rules for " + str(len(cleanup)) + " chains") + except: + logging.debug("Failed to cleanup rules !") def check_rule_log_for_vm(vmName, vmId, vmIP, domID, signature, seqno): vm_name = vmName;
