[jira] [Commented] (CLOUDSTACK-8395) Basic Zone Security Group rules fail with XenServer 6.5

Thu, 23 Apr 2015 01:13:07 -0700 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-8395?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14508641#comment-14508641
 ] 

ASF subversion and git services commented on CLOUDSTACK-8395:
-------------------------------------------------------------

Commit a3ea616835878448cff9faec3c00225b9cf2dfa0 in cloudstack's branch 
refs/heads/CLOUDSTACK-8395 from [~rohit.ya...@shapeblue.com]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=a3ea616 ]

CLOUDSTACK-8395: vmops plugin should work on both XS 6.5 and 6.2 :fist:

This fixes the issue of Security Groups not working in case of XenServer 6.5;
- Uses nethash ipset data-structure to store CIDRs (efficient than iphash and
  avoids overflow errors in case users add /8 /4 ingress/egress cidrs)
- Support for ipset versions both on 6.2 and 6.5, both have different outputs. 
This
  fixes the issue of destroy_network_rules_for_vm failing
- Implements defensive filtering of list, instead of popping last item without
  checking if it's None or empty
- Greps using names that are 'quoted' to avoid bash errors
- Before setting up new network rule, tries to clean and remove old ipset entry
- Idents, whitespace and naming fixes

PS. This is my 1000th commit to the :monkey_face: project :)

Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com>


> Basic Zone Security Group rules fail with XenServer 6.5
> -------------------------------------------------------
>
>                 Key: CLOUDSTACK-8395
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8395
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>    Affects Versions: 4.5.0, 4.6.0
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>            Priority: Blocker
>             Fix For: 4.6.0, 4.5.1
>
>
> With latest ACS 4.5 branch, SG rules on XenServer 6.5 were found to be flaky. 
> They worked sometimes and sometimes failed. On inspection of cloud.log and 
> SMLog, the following errors were found:
> DEBUG [root] Ignoring failure to delete rules for vm s-2-VM 
> ...
> DEBUG [root] Ignoring failure to delete ebtables chain for vm s-2-VM          
>                                     
> ...
> DEBUG [root] Ignoring failure to delete arptables chain for vm s-2-VM
> ...
> DEBUG [root] Ignoring failure to delete ingress chain s-2-VM
> DEBUG [root] Ignoring failure to delete egress chain s-2-VM-eg
> ...
> The possible issue discovered was how the python based vmops plugin execute 
> iptables rules. The sm/util.py shipped with XS 6.5 is possibly different than 
> that on XS 6.2.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to