[
https://issues.apache.org/jira/browse/CLOUDSTACK-309?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13601925#comment-13601925
]
John Kinsella commented on CLOUDSTACK-309:
------------------------------------------
Confirmed.
On a system including the following iptables rules:
-A BF-cloudbr0-IN -m physdev --physdev-in vnet9 --physdev-is-bridged -j
i-2-1713-def
-A BF-cloudbr0-IN -m physdev --physdev-in vnet10 --physdev-is-bridged -j
i-2-1718-def
-A BF-cloudbr0-IN -m physdev --physdev-in vnet11 --physdev-is-bridged -j
i-2-1720-def
-A BF-cloudbr0-IN -m physdev --physdev-in vnet12 --physdev-is-bridged -j
i-2-1722-def
-A BF-cloudbr0-OUT -m physdev --physdev-out vnet9 --physdev-is-bridged -j
i-2-1713-def
-A BF-cloudbr0-OUT -m physdev --physdev-out vnet10 --physdev-is-bridged -j
i-2-1718-def
-A BF-cloudbr0-OUT -m physdev --physdev-out vnet11 --physdev-is-bridged -j
i-2-1720-def
-A BF-cloudbr0-OUT -m physdev --physdev-out vnet12 --physdev-is-bridged -j
i-2-1722-def
executing "locate ^Csconfig.py(reverse-i-search)`py':
/usr/lib64/cloud/common/scripts/vm/network/security_group.py
destroy_network_rules_for_vm --vmname i-2-17-VM" removed all the above rules.
(With ACS 4.0 release)
Looks like similar statements elsewhere in the script prevent similar effects,
going to apply that fix here as well.
> iptables rules being deleted from wrong VM after a migration
> ------------------------------------------------------------
>
> Key: CLOUDSTACK-309
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-309
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Affects Versions: pre-4.0.0
> Environment: cloudstack 3.0.2 with kvm on centos
> Reporter: Francois Scala
> Assignee: John Kinsella
> Fix For: 4.1.0
>
>
> First migration :
> 2012-10-09 17:57:26,571 - iptables-save | grep BF | grep i-2-82 | grep
> physdev-is-bridged | sed 's/-A/-D/'
> 2012-10-09 17:57:26,619 - iptables -A BF-cloudbr0-OUT -m physdev
> --physdev-is-bridged --physdev-out vnet1 -j i-2-82-def
> 2012-10-09 17:57:26,628 - iptables -A BF-cloudbr0-IN -m physdev
> --physdev-is-bridged --physdev-in vnet1 -j i-2-82-def
> Second migration, wrong rules are being deleted due to a grep mismatch :
> 2012-10-09 18:33:22,301 - iptables-save | grep BF | grep i-2-8 | grep
> physdev-is-bridged | sed 's/-A/-D/'
> 2012-10-09 18:33:22,307 - iptables -D BF-cloudbr0-IN -m physdev --physdev-in
> vnet1 --physdev-is-bridged -j i-2-82-def
> 2012-10-09 18:33:22,317 - iptables -D BF-cloudbr0-OUT -m physdev
> --physdev-out vnet1 --physdev-is-bridged -j i-2-82-def
> 2012-10-09 18:33:22,372 - iptables -A BF-cloudbr0-OUT -m physdev
> --physdev-is-bridged --physdev-out vnet2 -j i-2-8-def
> 2012-10-09 18:33:22,382 - iptables -A BF-cloudbr0-IN -m physdev
> --physdev-is-bridged --physdev-in vnet2 -j i-2-8-def
> Proposed patch :
> /usr/lib64/cloud/agent/scripts/vm/network/security_group.py line 342 :
> << delcmd = "iptables-save | grep BF | grep " + vmchain + " | grep
> physdev-is-bridged | sed 's/-A/-D/'"
> >> delcmd = "iptables-save | grep BF | grep " + vmchain + "- | grep
> >> physdev-is-bridged | sed 's/-A/-D/'"
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
