[
https://issues.apache.org/jira/browse/CLOUDSTACK-8395?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14505552#comment-14505552
]
ASF subversion and git services commented on CLOUDSTACK-8395:
-------------------------------------------------------------
Commit ce930e5cfd54564e37028300c16d09e37ac80cf2 in cloudstack's branch
refs/heads/CLOUDSTACK-8395 from [[email protected]]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=ce930e5 ]
CLOUDSTACK-8395: vmops plugin should work on both XS 6.5 and 6.2 :fist:
This fixes the issue of Security Groups not working in case of XenServer 6.5;
- Uses nethash ipset data-structure to store CIDRs (efficient than iphash and
avoids overflow errors in case users add /8 /4 ingress/egress cidrs)
- Support for ipset versions both on 6.2 and 6.5, both have different outputs.
This
fixes the issue of destroy_network_rules_for_vm failing
- Implements defensive filtering of list, instead of popping last item without
checking if it's None or empty
- Greps using names that are 'quoted' to avoid bash errors
- Before setting up new network rule, tries to clean and remove old ipset entry
- Idents, whitespace and naming fixes
PS. This is my 1000th commit to the :monkey_face: project :)
Signed-off-by: Rohit Yadav <[email protected]>
> Basic Zone Security Group rules fail with XenServer 6.5
> -------------------------------------------------------
>
> Key: CLOUDSTACK-8395
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8395
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Affects Versions: 4.5.0, 4.6.0
> Reporter: Rohit Yadav
> Assignee: Rohit Yadav
> Priority: Blocker
> Fix For: 4.6.0, 4.5.1
>
>
> With latest ACS 4.5 branch, SG rules on XenServer 6.5 were found to be flaky.
> They worked sometimes and sometimes failed. On inspection of cloud.log and
> SMLog, the following errors were found:
> DEBUG [root] Ignoring failure to delete rules for vm s-2-VM
> ...
> DEBUG [root] Ignoring failure to delete ebtables chain for vm s-2-VM
>
> ...
> DEBUG [root] Ignoring failure to delete arptables chain for vm s-2-VM
> ...
> DEBUG [root] Ignoring failure to delete ingress chain s-2-VM
> DEBUG [root] Ignoring failure to delete egress chain s-2-VM-eg
> ...
> The possible issue discovered was how the python based vmops plugin execute
> iptables rules. The sm/util.py shipped with XS 6.5 is possibly different than
> that on XS 6.2.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
