You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by ra...@apache.org on 2017/02/28 00:33:11 UTC

[1/2] git commit: updated refs/heads/master to 026ba02

Repository: cloudstack
Updated Branches:
  refs/heads/master 6a18cdd6e -> 026ba02d5


CLOUDSTACK-8871: fixed issue with the xenserver 6.2 ipset nethash


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/175c8d83
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/175c8d83
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/175c8d83

Branch: refs/heads/master
Commit: 175c8d83b8a628566a4c443db0de587874718c8c
Parents: 8bd33d3
Author: Jayapal <ja...@accelerite.com>
Authored: Mon Feb 20 18:29:14 2017 +0530
Committer: Jayapal <ja...@accelerite.com>
Committed: Mon Feb 20 18:34:13 2017 +0530

----------------------------------------------------------------------
 scripts/vm/hypervisor/xenserver/vmops | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/175c8d83/scripts/vm/hypervisor/xenserver/vmops
----------------------------------------------------------------------
diff --git a/scripts/vm/hypervisor/xenserver/vmops b/scripts/vm/hypervisor/xenserver/vmops
index 0dfa6da..46aeffa 100755
--- a/scripts/vm/hypervisor/xenserver/vmops
+++ b/scripts/vm/hypervisor/xenserver/vmops
@@ -356,10 +356,21 @@ def allow_egress_traffic(session):
                 return 'false'
     return 'true'
 
+def getIpsetType():
+    try:
+        out = util.pread2(['/bin/bash', '-c', "ipset -v | awk '{print $5}'"])
+        out.replace(".","")
+        if int(out) < 6:
+            return 'iptreemap'
+        else:
+            return 'nethash'
+    except:
+        return 'iptreemap'
 
 def ipset(ipsetname, proto, start, end, cidrs):
+    type = getIpsetType()
     try:
-        util.pread2(['ipset', '-N', ipsetname, 'nethash'])
+        util.pread2(['ipset', '-N', ipsetname, type])
     except:
         logging.debug("ipset chain already exists: " + ipsetname)
 
@@ -367,7 +378,7 @@ def ipset(ipsetname, proto, start, end, cidrs):
     ipsettmp = ''.join(''.join(ipsetname.split('-')).split('_')) + str(int(time.time()) % 1000)
 
     try:
-        util.pread2(['ipset', '-N', ipsettmp, 'nethash'])
+        util.pread2(['ipset', '-N', ipsettmp, type])
     except:
         logging.debug("Failed to create temp ipset, reusing old name= " + ipsettmp)
         try:
@@ -396,7 +407,7 @@ def ipset(ipsetname, proto, start, end, cidrs):
         # the old ipset entry could be of iphash type, try to delete and recreate
         try:
             util.pread2(['ipset', '-X', ipsetname])
-            util.pread2(['ipset', '-N', ipsetname, 'nethash'])
+            util.pread2(['ipset', '-N', ipsetname, type])
             util.pread2(['ipset', '-W', ipsettmp, ipsetname])
         except:
             logging.debug("Failed to swap ipset " + ipsetname)
@@ -672,14 +683,15 @@ def default_network_rules_systemvm(session, args):
 @echo
 def create_ipset_forvm (ipsetname):
     result = True
+    type = getIpsetType()
     try:
         logging.debug("Creating ipset chain .... " + ipsetname)
         util.pread2(['ipset', '-F', ipsetname])
         util.pread2(['ipset', '-X', ipsetname])
-        util.pread2(['ipset', '-N', ipsetname, 'iphash'])
+        util.pread2(['ipset', '-N', ipsetname, type])
     except:
         logging.debug("ipset chain not exists creating.... " + ipsetname)
-        util.pread2(['ipset', '-N', ipsetname, 'iphash'])
+        util.pread2(['ipset', '-N', ipsetname, type])
 
     return result
 
@@ -1252,9 +1264,10 @@ def inflate_rules (zipped):
 
 @echo
 def cache_ipset_keyword():
+    type = getIpsetType()
     tmpname = 'ipsetqzvxtmp'
     try:
-        util.pread2(['/bin/bash', '-c', 'ipset -N ' + tmpname + ' iphash'])
+        util.pread2(['/bin/bash', '-c', 'ipset -N ' + tmpname + type])
     except:
         util.pread2(['/bin/bash', '-c', 'ipset -F ' + tmpname])

[2/2] git commit: updated refs/heads/master to 026ba02

Posted by ra...@apache.org.

Merge pull request #843 from jayapalu/SGIssue

Security group ingress/egress issues with xenserver 6.2There is issue with the xenserver 6.2 ipset type nethash. Fixed it by adding nethash for ipset version 6 which is xenserver 6.5. For ipset version 4.x use iptreemap.
1. Tested configuring egress/ingress rules.
2. Tested the traffic for the configured rules from the VM.

* pr/843:
  CLOUDSTACK-8871: fixed issue with the xenserver 6.2 ipset nethash

Signed-off-by: Rajani Karuturi <ra...@accelerite.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/026ba02d
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/026ba02d
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/026ba02d

Branch: refs/heads/master
Commit: 026ba02d53f304e58ada5c0d07f7b1b954368b4f
Parents: 6a18cdd 175c8d8
Author: Rajani Karuturi <ra...@accelerite.com>
Authored: Tue Feb 28 06:02:57 2017 +0530
Committer: Rajani Karuturi <ra...@accelerite.com>
Committed: Tue Feb 28 06:02:59 2017 +0530

----------------------------------------------------------------------
 scripts/vm/hypervisor/xenserver/vmops | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)
----------------------------------------------------------------------