Updated Branches: refs/heads/master d65f47c76 -> 8e4e56f73
CLOUDSTACK-3409: Do not clean up security group rules for Instances in the "paused" state. When 'security_group.py cleanup_rules' is called by the KVM Agent it will clean up all Instances not in the "running" state according to libvirt. However, when a snapshot is created of a Instance it will go to the "paused" state while the snapshot is created. This leads to Security Rules being removed when a Instance is being snapshotted and the cleanup process is initiated. Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/8e4e56f7 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/8e4e56f7 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/8e4e56f7 Branch: refs/heads/master Commit: 8e4e56f73175363038a5361fe99e882562c2913a Parents: d65f47c Author: Wido den Hollander <w...@widodh.nl> Authored: Wed Jul 10 12:50:06 2013 +0200 Committer: Wido den Hollander <w...@widodh.nl> Committed: Wed Jul 10 13:12:46 2013 +0200 ---------------------------------------------------------------------- scripts/vm/network/security_group.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8e4e56f7/scripts/vm/network/security_group.py ---------------------------------------------------------------------- diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py index 6c12409..0ac8b74 100755 --- a/scripts/vm/network/security_group.py +++ b/scripts/vm/network/security_group.py @@ -621,18 +621,18 @@ def cleanup_rules(): if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]: vm_name = chain - cmd = "virsh list |grep " + vm_name + cmd = "virsh list |grep " + vm_name + "|awk '{print $3}'" try: - result = execute(cmd) + result = execute(cmd).strip() except: result = None if result == None or len(result) == 0: - logging.debug("chain " + chain + " does not correspond to a vm, cleaning up") + logging.debug("chain " + chain + " does not correspond to a vm, cleaning up iptable rules") cleanup.append(vm_name) continue - if result.find("running") == -1: - logging.debug("vm " + vm_name + " is not running, cleaning up") + if not (result == "running" or result == "paused"): + logging.debug("vm " + vm_name + " is not running or paused, cleaning up iptable rules") cleanup.append(vm_name) chainscmd = "ebtables-save |grep :i |awk '{print $1}' |sed -e 's/\-in//g' |sed -e 's/\-out//g' |sed -e 's/^://g'" @@ -641,18 +641,18 @@ def cleanup_rules(): if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]: vm_name = chain - cmd = "virsh list |grep " + vm_name + cmd = "virsh list |grep " + vm_name + "|awk '{print $3}'" try: - result = execute(cmd) + result = execute(cmd).strip() except: result = None if result == None or len(result) == 0: - logging.debug("chain " + chain + " does not correspond to a vm, cleaning up") + logging.debug("chain " + chain + " does not correspond to a vm, cleaning up ebtable rules") cleanup.append(vm_name) continue - if result.find("running") == -1: - logging.debug("vm " + vm_name + " is not running, cleaning up") + if not (result == "running" or result == "paused"): + logging.debug("vm " + vm_name + " is not running or paused, cleaning up ebtable rules") cleanup.append(vm_name) for vmname in cleanup:
