You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2013/07/10 13:13:49 UTC
[jira] [Commented] (CLOUDSTACK-3409) Security groups get clean up
if VM is not in a running state
[ https://issues.apache.org/jira/browse/CLOUDSTACK-3409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13704436#comment-13704436 ]
ASF subversion and git services commented on CLOUDSTACK-3409:
-------------------------------------------------------------
Commit 8e4e56f73175363038a5361fe99e882562c2913a in branch refs/heads/master from [~widodh]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=8e4e56f ]
CLOUDSTACK-3409: Do not clean up security group rules for Instances in the "paused" state.
When 'security_group.py cleanup_rules' is called by the KVM Agent it will clean up all Instances
not in the "running" state according to libvirt.
However, when a snapshot is created of a Instance it will go to the "paused" state while the snapshot
is created.
This leads to Security Rules being removed when a Instance is being snapshotted and the cleanup process
is initiated.
> Security groups get clean up if VM is not in a running state
> ------------------------------------------------------------
>
> Key: CLOUDSTACK-3409
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3409
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Hypervisor Controller, KVM
> Affects Versions: 4.1.0, 4.1.1, 4.2.0
> Environment: - Ubuntu 12.04
> - KVM hypervisor
> Reporter: Wido den Hollander
> Fix For: 4.1.1
>
>
> I heard complaints that Security Groups of running instances were clean up while they were running.
> I did some digging in the security group logs on that hypervisor and saw this: "vm i-211-469-VM is not running, cleaning up"
> That VM was actually running, but the Security Group script thought it wasn't so it cleaned up the rules.
> When looking in security_group.py it checks if the state of the VM is "running", but I think that this VM was in the "paused" state at that moment since it was being snapshotting by libvirt.
> if result.find("running") == -1:
> logging.debug("vm " + vm_name + " is not running, cleaning up")
> cleanup.append(vm_name)
> This should be modified that it also accepts the "paused" state for a VM.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira