You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by jayapalu <gi...@git.apache.org> on 2016/12/09 09:06:12 UTC
[GitHub] cloudstack pull request #1824: CLOUDSTACK-9657: Fixed security group ipset i...
GitHub user jayapalu opened a pull request:
https://github.com/apache/cloudstack/pull/1824
CLOUDSTACK-9657: Fixed security group ipset issues with long vm name
ipset set name max length allowed is 31 char. If the vm name has longer name then the trimming of set has done in this fix. Also cleanup of rules are taken care.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/jayapalu/cloudstack SGipset
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cloudstack/pull/1824.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1824
----
commit 32357d0b7c62bbef983967e3b7b690f9d3d68426
Author: Jayapalu <ja...@apache.org>
Date: 2016-12-08T10:35:21Z
CLOUDSTACK-9657: Fixed security group ipset issues with long vm name
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1824: CLOUDSTACK-9657: Fixed security group ipset issues w...
Posted by kishankavala <gi...@git.apache.org>.
Github user kishankavala commented on the issue:
https://github.com/apache/cloudstack/pull/1824
Code LGTM
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack issue #1824: CLOUDSTACK-9657: Fixed security group ipset issues w...
Posted by jayapalu <gi...@git.apache.org>.
Github user jayapalu commented on the issue:
https://github.com/apache/cloudstack/pull/1824
tag:mergeready
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request #1824: CLOUDSTACK-9657: Fixed security group ipset i...
Posted by kishankavala <gi...@git.apache.org>.
Github user kishankavala commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/1824#discussion_r101981007
--- Diff: scripts/vm/hypervisor/xenserver/vmops ---
@@ -232,28 +233,50 @@ def deleteFile(session, args):
return txt
+#using all the iptables chain names length to 24 because cleanup_rules groups the vm chain excluding -def,-eg
+#to avoid multiple iptables chains for single vm there using length 24
def chain_name(vm_name):
if vm_name.startswith('i-') or vm_name.startswith('r-'):
if vm_name.endswith('untagged'):
return '-'.join(vm_name.split('-')[:-1])
if len(vm_name) > 28:
--- End diff --
Check should be > 25
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request #1824: CLOUDSTACK-9657: Fixed security group ipset i...
Posted by jayapalu <gi...@git.apache.org>.
Github user jayapalu commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/1824#discussion_r102192868
--- Diff: scripts/vm/hypervisor/xenserver/vmops ---
@@ -232,28 +233,50 @@ def deleteFile(session, args):
return txt
+#using all the iptables chain names length to 24 because cleanup_rules groups the vm chain excluding -def,-eg
+#to avoid multiple iptables chains for single vm there using length 24
def chain_name(vm_name):
if vm_name.startswith('i-') or vm_name.startswith('r-'):
if vm_name.endswith('untagged'):
return '-'.join(vm_name.split('-')[:-1])
if len(vm_name) > 28:
--- End diff --
Updated it.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request #1824: CLOUDSTACK-9657: Fixed security group ipset i...
Posted by kishankavala <gi...@git.apache.org>.
Github user kishankavala commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/1824#discussion_r101981147
--- Diff: scripts/vm/hypervisor/xenserver/vmops ---
@@ -232,28 +233,50 @@ def deleteFile(session, args):
return txt
+#using all the iptables chain names length to 24 because cleanup_rules groups the vm chain excluding -def,-eg
+#to avoid multiple iptables chains for single vm there using length 24
def chain_name(vm_name):
if vm_name.startswith('i-') or vm_name.startswith('r-'):
if vm_name.endswith('untagged'):
return '-'.join(vm_name.split('-')[:-1])
if len(vm_name) > 28:
- vm_name = vm_name[0:27]
+ vm_name = vm_name[0:24]
return vm_name
def chain_name_def(vm_name):
+ #iptables chain length max is 29 chars
+ if len(vm_name) > 28:
--- End diff --
Check should be > 25, "-def" is suffixed
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---