[
https://issues.apache.org/jira/browse/CLOUDSTACK-8395?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14505147#comment-14505147
]
ASF GitHub Bot commented on CLOUDSTACK-8395:
--------------------------------------------
GitHub user bhaisaab opened a pull request:
https://github.com/apache/cloudstack/pull/186
CLOUDSTACK-8395: vmops plugin should work on both XS 6.5 and 6.2 :fist:
This fixes the issue of Security Groups not working in case of XenServer
6.5;
- Uses nethash ipset data-structure to store CIDRs (efficient than iphash
and
avoids overflow errors in case users add /8 /4 ingress/egress cidrs)
- Support for ipset versions both on 6.2 and 6.5, both have different
outputs. This
fixes the issue of destroy_network_rules_for_vm failing
- Implements defensive filtering of list, instead of popping last item
without
checking if it's None or empty
- Greps using names that are 'quoted' to avoid bash errors
- Before setting up new network rule, tries to clean and remove old ipset
entry
- Idents, whitespace and naming fixes
PS. This is my 1000th commit to the :monkey_face: project :)
Signed-off-by: Rohit Yadav <[email protected]>
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/apache/cloudstack CLOUDSTACK-8395
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cloudstack/pull/186.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #186
----
commit c11080a99d0479c51eaa4f2d2664ed7f8e348a5a
Author: Rohit Yadav <[email protected]>
Date: 2015-04-21T15:35:36Z
CLOUDSTACK-8395: vmops plugin should work on both XS 6.5 and 6.2 :fist:
This fixes the issue of Security Groups not working in case of XenServer
6.5;
- Uses nethash ipset data-structure to store CIDRs (efficient than iphash
and
avoids overflow errors in case users add /8 /4 ingress/egress cidrs)
- Support for ipset versions both on 6.2 and 6.5, both have different
outputs. This
fixes the issue of destroy_network_rules_for_vm failing
- Implements defensive filtering of list, instead of popping last item
without
checking if it's None or empty
- Greps using names that are 'quoted' to avoid bash errors
- Before setting up new network rule, tries to clean and remove old ipset
entry
- Idents, whitespace and naming fixes
PS. This is my 1000th commit to the :monkey_face: project :)
Signed-off-by: Rohit Yadav <[email protected]>
----
> Basic Zone Security Group rules fail with XenServer 6.5
> -------------------------------------------------------
>
> Key: CLOUDSTACK-8395
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8395
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Affects Versions: 4.5.0, 4.6.0
> Reporter: Rohit Yadav
> Assignee: Rohit Yadav
> Priority: Blocker
> Fix For: 4.6.0, 4.5.1
>
>
> With latest ACS 4.5 branch, SG rules on XenServer 6.5 were found to be flaky.
> They worked sometimes and sometimes failed. On inspection of cloud.log and
> SMLog, the following errors were found:
> DEBUG [root] Ignoring failure to delete rules for vm s-2-VM
> ...
> DEBUG [root] Ignoring failure to delete ebtables chain for vm s-2-VM
>
> ...
> DEBUG [root] Ignoring failure to delete arptables chain for vm s-2-VM
> ...
> DEBUG [root] Ignoring failure to delete ingress chain s-2-VM
> DEBUG [root] Ignoring failure to delete egress chain s-2-VM-eg
> ...
> The possible issue discovered was how the python based vmops plugin execute
> iptables rules. The sm/util.py shipped with XS 6.5 is possibly different than
> that on XS 6.2.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
