You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ra...@apache.org on 2017/02/28 00:33:11 UTC
[1/2] git commit: updated refs/heads/master to 026ba02
Repository: cloudstack
Updated Branches:
refs/heads/master 6a18cdd6e -> 026ba02d5
CLOUDSTACK-8871: fixed issue with the xenserver 6.2 ipset nethash
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/175c8d83
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/175c8d83
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/175c8d83
Branch: refs/heads/master
Commit: 175c8d83b8a628566a4c443db0de587874718c8c
Parents: 8bd33d3
Author: Jayapal <ja...@accelerite.com>
Authored: Mon Feb 20 18:29:14 2017 +0530
Committer: Jayapal <ja...@accelerite.com>
Committed: Mon Feb 20 18:34:13 2017 +0530
----------------------------------------------------------------------
scripts/vm/hypervisor/xenserver/vmops | 25 +++++++++++++++++++------
1 file changed, 19 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/175c8d83/scripts/vm/hypervisor/xenserver/vmops
----------------------------------------------------------------------
diff --git a/scripts/vm/hypervisor/xenserver/vmops b/scripts/vm/hypervisor/xenserver/vmops
index 0dfa6da..46aeffa 100755
--- a/scripts/vm/hypervisor/xenserver/vmops
+++ b/scripts/vm/hypervisor/xenserver/vmops
@@ -356,10 +356,21 @@ def allow_egress_traffic(session):
return 'false'
return 'true'
+def getIpsetType():
+ try:
+ out = util.pread2(['/bin/bash', '-c', "ipset -v | awk '{print $5}'"])
+ out.replace(".","")
+ if int(out) < 6:
+ return 'iptreemap'
+ else:
+ return 'nethash'
+ except:
+ return 'iptreemap'
def ipset(ipsetname, proto, start, end, cidrs):
+ type = getIpsetType()
try:
- util.pread2(['ipset', '-N', ipsetname, 'nethash'])
+ util.pread2(['ipset', '-N', ipsetname, type])
except:
logging.debug("ipset chain already exists: " + ipsetname)
@@ -367,7 +378,7 @@ def ipset(ipsetname, proto, start, end, cidrs):
ipsettmp = ''.join(''.join(ipsetname.split('-')).split('_')) + str(int(time.time()) % 1000)
try:
- util.pread2(['ipset', '-N', ipsettmp, 'nethash'])
+ util.pread2(['ipset', '-N', ipsettmp, type])
except:
logging.debug("Failed to create temp ipset, reusing old name= " + ipsettmp)
try:
@@ -396,7 +407,7 @@ def ipset(ipsetname, proto, start, end, cidrs):
# the old ipset entry could be of iphash type, try to delete and recreate
try:
util.pread2(['ipset', '-X', ipsetname])
- util.pread2(['ipset', '-N', ipsetname, 'nethash'])
+ util.pread2(['ipset', '-N', ipsetname, type])
util.pread2(['ipset', '-W', ipsettmp, ipsetname])
except:
logging.debug("Failed to swap ipset " + ipsetname)
@@ -672,14 +683,15 @@ def default_network_rules_systemvm(session, args):
@echo
def create_ipset_forvm (ipsetname):
result = True
+ type = getIpsetType()
try:
logging.debug("Creating ipset chain .... " + ipsetname)
util.pread2(['ipset', '-F', ipsetname])
util.pread2(['ipset', '-X', ipsetname])
- util.pread2(['ipset', '-N', ipsetname, 'iphash'])
+ util.pread2(['ipset', '-N', ipsetname, type])
except:
logging.debug("ipset chain not exists creating.... " + ipsetname)
- util.pread2(['ipset', '-N', ipsetname, 'iphash'])
+ util.pread2(['ipset', '-N', ipsetname, type])
return result
@@ -1252,9 +1264,10 @@ def inflate_rules (zipped):
@echo
def cache_ipset_keyword():
+ type = getIpsetType()
tmpname = 'ipsetqzvxtmp'
try:
- util.pread2(['/bin/bash', '-c', 'ipset -N ' + tmpname + ' iphash'])
+ util.pread2(['/bin/bash', '-c', 'ipset -N ' + tmpname + type])
except:
util.pread2(['/bin/bash', '-c', 'ipset -F ' + tmpname])
[2/2] git commit: updated refs/heads/master to 026ba02
Posted by ra...@apache.org.
Merge pull request #843 from jayapalu/SGIssue
Security group ingress/egress issues with xenserver 6.2There is issue with the xenserver 6.2 ipset type nethash. Fixed it by adding nethash for ipset version 6 which is xenserver 6.5. For ipset version 4.x use iptreemap.
1. Tested configuring egress/ingress rules.
2. Tested the traffic for the configured rules from the VM.
* pr/843:
CLOUDSTACK-8871: fixed issue with the xenserver 6.2 ipset nethash
Signed-off-by: Rajani Karuturi <ra...@accelerite.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/026ba02d
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/026ba02d
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/026ba02d
Branch: refs/heads/master
Commit: 026ba02d53f304e58ada5c0d07f7b1b954368b4f
Parents: 6a18cdd 175c8d8
Author: Rajani Karuturi <ra...@accelerite.com>
Authored: Tue Feb 28 06:02:57 2017 +0530
Committer: Rajani Karuturi <ra...@accelerite.com>
Committed: Tue Feb 28 06:02:59 2017 +0530
----------------------------------------------------------------------
scripts/vm/hypervisor/xenserver/vmops | 25 +++++++++++++++++++------
1 file changed, 19 insertions(+), 6 deletions(-)
----------------------------------------------------------------------