Repository: cloudstack Updated Branches: refs/heads/master 9cf31b071 -> 840c0a097
CLOUDSTACK-4611: cleanup_rules using ebtables rules from /proc/modules The SG python script depends on ebtables-save which is not available on Debian based distros (Ubuntu and Debian for example). The commit uses /proc/modules to find available bridge tables (one of nat, filter or broute) and then find VMs that need to be removed. Further it uses set() to remove duplicate VMs so we don't try to remove a VM's rules more than once leading to unwanted errors in the log. Signed-off-by: Rohit Yadav <[email protected]> (cherry picked from commit d66677101c7770b5c4b8c39064eba5ee94d124c6) Signed-off-by: Rohit Yadav <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/acd9a251 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/acd9a251 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/acd9a251 Branch: refs/heads/master Commit: acd9a251d30a0c8bf607c4e4df99c3a06d9d716e Parents: 9cf31b0 Author: Rohit Yadav <[email protected]> Authored: Sat Apr 25 01:00:16 2015 +0200 Committer: Rohit Yadav <[email protected]> Committed: Sat Apr 25 03:13:58 2015 +0200 ---------------------------------------------------------------------- scripts/vm/network/security_group.py | 33 ++++++++++++++++--------------- 1 file changed, 17 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/acd9a251/scripts/vm/network/security_group.py ---------------------------------------------------------------------- diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py index e11ce1c..90b60c7 100755 --- a/scripts/vm/network/security_group.py +++ b/scripts/vm/network/security_group.py @@ -700,22 +700,23 @@ def cleanup_rules(): logging.debug("vm " + vm_name + " is not running or paused, cleaning up iptable rules") cleanup.append(vm_name) - chainscmd = """ebtables-save | awk '/:i/ { gsub(/(^:|-(in|out|ips))/, "") ; print $1}'""" - chains = execute(chainscmd).split('\n') - for chain in chains: - if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]: - vm_name = chain - - result = virshdomstate(vm_name) - - if result == None or len(result) == 0: - logging.debug("chain " + chain + " does not correspond to a vm, cleaning up ebtable rules") - cleanup.append(vm_name) - continue - if not (result == "running" or result == "paused"): - logging.debug("vm " + vm_name + " is not running or paused, cleaning up ebtable rules") - cleanup.append(vm_name) - + bridge_tables = execute("""grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//""").split('\n') + for table in filter(None, bridge_tables): + chainscmd = """ebtables -t %s -L | awk '/chain:/ { gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq""" % table + chains = execute(chainscmd).split('\n') + for chain in filter(None, chains): + if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]: + vm_name = chain + result = virshdomstate(vm_name) + if result == None or len(result) == 0: + logging.debug("chain " + chain + " does not correspond to a vm, cleaning up ebtable rules") + cleanup.append(vm_name) + continue + if not (result == "running" or result == "paused"): + logging.debug("vm " + vm_name + " is not running or paused, cleaning up ebtable rules") + cleanup.append(vm_name) + + cleanup = list(set(cleanup)) # remove duplicates for vmname in cleanup: destroy_network_rules_for_vm(vmname)
