Amador Pahim has posted comments on this change. Change subject: Sysctl to allow iSCSI multipath with multiple NICs in the same subnet ......................................................................
Patch Set 17: (8 comments) http://gerrit.ovirt.org/#/c/31529/17/lib/vdsm/utils.py File lib/vdsm/utils.py: Line 1136: Line 1137: Line 1138: def set_rp_filter(dev, mode): Line 1139: path = '/proc/sys/net/ipv4/conf/%s/rp_filter' % dev Line 1140: with open(path, 'w') as rp_filter: > buffering is not an issue, this is just bloat. Check all the code involved Ok, we better create sysctl module now and do it right from scratch. Done. http://gerrit.ovirt.org/#/c/31529/17/vdsm/storage/iscsi.py File vdsm/storage/iscsi.py: Line 44: DEFAULT_TPGT = 1 Line 45: ISCSI_DEFAULT_PORT = 3260 Line 46: SCAN_PATTERN = "/sys/class/scsi_host/host*/scan" Line 47: _SYSCTL_RPFILTER_STRICT = '0' Line 48: _SYSCTL_RPFILTER_LOOSE = '2' > These constants do not belong to this module Done Line 49: Line 50: IscsiSession = namedtuple("IscsiSession", "id, iface, target, credentials") Line 51: Line 52: _iscsiadmTransactionLock = RLock() Line 186: key = "node.session." + key Line 187: iscsiadm.node_update(iface.name, portalStr, target.iqn, Line 188: key, value, hideValue=True) Line 189: Line 190: if iface.netIfaceName: > +1 for loosening only on the second interface. Ack. Line 191: supervdsm.getProxy().setRpFilter(iface.netIfaceName, Line 192: _SYSCTL_RPFILTER_LOOSE) Line 193: Line 194: iscsiadm.node_login(iface.name, portalStr, target.iqn) Line 188: key, value, hideValue=True) Line 189: Line 190: if iface.netIfaceName: Line 191: supervdsm.getProxy().setRpFilter(iface.netIfaceName, Line 192: _SYSCTL_RPFILTER_LOOSE) > This is little too wordy, lets add a sysctl module with these functions and Done Line 193: Line 194: iscsiadm.node_login(iface.name, portalStr, target.iqn) Line 195: Line 196: iscsiadm.node_update(iface.name, portalStr, target.iqn, Line 539: Line 540: return 0 Line 541: Line 542: Line 543: def setStrictRpFilterIfUnique(sessionID): > This name is not clear. Done Line 544: """ Line 545: Set rp_filter back to strict mode if the device in use by the session is Line 546: not used by any other iSCSI session. Line 547: This is needed to avoid the security breach where an untrusted VM can DoS Line 542: Line 543: def setStrictRpFilterIfUnique(sessionID): Line 544: """ Line 545: Set rp_filter back to strict mode if the device in use by the session is Line 546: not used by any other iSCSI session. > Add empty line between paragraphs. Done Line 547: This is needed to avoid the security breach where an untrusted VM can DoS Line 548: the host by sending it packages with spoofed random sources. Line 549: Arguments: Line 550: sessionID Line 544: """ Line 545: Set rp_filter back to strict mode if the device in use by the session is Line 546: not used by any other iSCSI session. Line 547: This is needed to avoid the security breach where an untrusted VM can DoS Line 548: the host by sending it packages with spoofed random sources. > packages -> packets Done Line 549: Arguments: Line 550: sessionID Line 551: """ Line 552: Line 557: and session.id != sessionID): Line 558: log.debug("Skipping unset rp_filter for session [%s]. " Line 559: "net_ifacename [%s] in use by session [%s]." % Line 560: (sessionID, sessionInfo.iface.netIfaceName, Line 561: session.id)) > Lets extract this part to: Done Line 562: return Line 563: Line 564: supervdsm.getProxy().setRpFilter(sessionInfo.iface.netIfaceName, -- To view, visit http://gerrit.ovirt.org/31529 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ibf93d49317c76aece764e53e58e0ff28868f16b0 Gerrit-PatchSet: 17 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Amador Pahim <apa...@redhat.com> Gerrit-Reviewer: Amador Pahim <apa...@redhat.com> Gerrit-Reviewer: Antoni Segura Puimedon <asegu...@redhat.com> Gerrit-Reviewer: Dan Kenigsberg <dan...@redhat.com> Gerrit-Reviewer: Nir Soffer <nsof...@redhat.com> Gerrit-Reviewer: Sergey Gotliv <sgot...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: jian wang <wjia...@gmail.com> Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
