You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/06/15 20:53:53 UTC
[1/2] git commit: updated refs/heads/4.5 to ad1fbc1
Repository: cloudstack
Updated Branches:
refs/heads/4.5 979956a4e -> ad1fbc1b7
CLOUDSTACK-8559: IP Source spoofing should not be allowed
We did not verify if the packets leaving an Instance had the correct
source address.
Any IP packet not matching the Instance IP(s) will be dropped
(cherry picked from commit 3e3c11ffcaf6ab736800dfdc777cb0681f58ddf1)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/9ff3fe37
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/9ff3fe37
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/9ff3fe37
Branch: refs/heads/4.5
Commit: 9ff3fe371e3b5db77fc1eb6e7c60280d674fd949
Parents: 979956a
Author: Wido den Hollander <wi...@widodh.nl>
Authored: Mon Jun 15 14:15:26 2015 +0200
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Jun 15 21:51:01 2015 +0300
----------------------------------------------------------------------
scripts/vm/network/security_group.py | 1 +
1 file changed, 1 insertion(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9ff3fe37/scripts/vm/network/security_group.py
----------------------------------------------------------------------
diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py
index 146e403..44d20fc 100755
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@@ -474,6 +474,7 @@ def default_network_rules(vm_name, vm_id, vm_ip, vm_mac, vif, brname, sec_ips):
#don't let vm spoof its ip address
if vm_ip is not None:
+ execute("iptables -A " + vmchain_default + " -m physdev --physdev-is-bridged --physdev-in " + vif + " -m set ! --set " + vmipsetName + " src -j DROP")
execute("iptables -A " + vmchain_default + " -m physdev --physdev-is-bridged --physdev-in " + vif + " -m set --set " + vmipsetName + " src -p udp --dport 53 -j RETURN ")
execute("iptables -A " + vmchain_default + " -m physdev --physdev-is-bridged --physdev-in " + vif + " -m set --set " + vmipsetName + " src -j " + vmchain_egress)
execute("iptables -A " + vmchain_default + " -m physdev --physdev-is-bridged --physdev-out " + vif + " -j " + vmchain)
[2/2] git commit: updated refs/heads/4.5 to ad1fbc1
Posted by bh...@apache.org.
CLOUDSTACK-8560: Stat the resulting image after copying from template and return the size
This way we update the DB with the actual size of the disk after deployment from template
(cherry picked from commit 4b4c52ea77aedde663cd0238b774aa243c856f42)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Conflicts:
plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/storage/LibvirtStorageAdaptor.java
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ad1fbc1b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ad1fbc1b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ad1fbc1b
Branch: refs/heads/4.5
Commit: ad1fbc1b79691b33bed776a4c73415ce3f90bd53
Parents: 9ff3fe3
Author: Wido den Hollander <wi...@widodh.nl>
Authored: Mon Jun 15 17:30:06 2015 +0200
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Jun 15 21:53:20 2015 +0300
----------------------------------------------------------------------
.../kvm/storage/LibvirtStorageAdaptor.java | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ad1fbc1b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/storage/LibvirtStorageAdaptor.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/storage/LibvirtStorageAdaptor.java b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/storage/LibvirtStorageAdaptor.java
index 5edc07b..856a78a 100644
--- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/storage/LibvirtStorageAdaptor.java
+++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/storage/LibvirtStorageAdaptor.java
@@ -39,6 +39,7 @@ import com.ceph.rados.RadosException;
import com.ceph.rbd.Rbd;
import com.ceph.rbd.RbdException;
import com.ceph.rbd.RbdImage;
+import com.ceph.rbd.jna.RbdImageInfo;
import com.ceph.rbd.jna.RbdSnapInfo;
import org.apache.cloudstack.utils.qemu.QemuImg;
@@ -1243,6 +1244,10 @@ public class LibvirtStorageAdaptor implements StorageAdaptor {
destFile = new QemuImgFile(destPath, destFormat);
try {
qemu.convert(srcFile, destFile);
+ Map<String, String> destInfo = qemu.info(destFile);
+ Long virtualSize = Long.parseLong(destInfo.get(new String("virtual_size")));
+ newDisk.setVirtualSize(virtualSize);
+ newDisk.setSize(virtualSize);
} catch (QemuImgException e) {
s_logger.error("Failed to convert " + srcFile.getFileName() + " to " + destFile.getFileName() + " the error was: " + e.getMessage());
newDisk = null;
@@ -1264,18 +1269,19 @@ public class LibvirtStorageAdaptor implements StorageAdaptor {
try {
srcFile = new QemuImgFile(sourcePath, sourceFormat);
+ String rbdDestPath = destPool.getSourceDir() + "/" + name;
String rbdDestFile = KVMPhysicalDisk.RBDStringBuilder(destPool.getSourceHost(),
destPool.getSourcePort(),
destPool.getAuthUserName(),
destPool.getAuthSecret(),
- destPool.getSourceDir() + "/" + name);
+ rbdDestPath);
destFile = new QemuImgFile(rbdDestFile, destFormat);
- s_logger.debug("Starting copy from source image " + srcFile.getFileName() + " to RBD image " + destPool.getSourceDir() + "/" + name);
+ s_logger.debug("Starting copy from source image " + srcFile.getFileName() + " to RBD image " + rbdDestPath);
qemu.convert(srcFile, destFile);
- s_logger.debug("Succesfully converted source image " + srcFile.getFileName() + " to RBD image " + destPool.getSourceDir() + "/" + name);
+ s_logger.debug("Succesfully converted source image " + srcFile.getFileName() + " to RBD image " + rbdDestPath);
- /* We still have to create and protect a RBD snapshot in order to do cloning */
+ /* We have to stat the RBD image to see how big it became afterwards */
Rados r = new Rados(destPool.getAuthUserName());
r.confSet("mon_host", destPool.getSourceHost() + ":" + destPool.getSourcePort());
r.confSet("key", destPool.getAuthSecret());
@@ -1287,8 +1293,12 @@ public class LibvirtStorageAdaptor implements StorageAdaptor {
Rbd rbd = new Rbd(io);
RbdImage image = rbd.open(name);
-
+ RbdImageInfo rbdInfo = image.stat();
+ newDisk.setSize(rbdInfo.size);
+ newDisk.setVirtualSize(rbdInfo.size);
+ s_logger.debug("After copy the resulting RBD image " + rbdDestPath + " is " + rbdInfo.size + " bytes long");
rbd.close(image);
+
r.ioCtxDestroy(io);
} catch (QemuImgException e) {
s_logger.error("Failed to convert from " + srcFile.getFileName() + " to " + destFile.getFileName() + " the error was: " + e.getMessage());