You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2013/07/10 13:13:49 UTC

[jira] [Commented] (CLOUDSTACK-3409) Security groups get clean up if VM is not in a running state

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-3409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13704436#comment-13704436 ] 

ASF subversion and git services commented on CLOUDSTACK-3409:
-------------------------------------------------------------

Commit 8e4e56f73175363038a5361fe99e882562c2913a in branch refs/heads/master from [~widodh]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=8e4e56f ]

CLOUDSTACK-3409: Do not clean up security group rules for Instances in the "paused" state.

When 'security_group.py cleanup_rules' is called by the KVM Agent it will clean up all Instances
not in the "running" state according to libvirt.

However, when a snapshot is created of a Instance it will go to the "paused" state while the snapshot
is created.

This leads to Security Rules being removed when a Instance is being snapshotted and the cleanup process
is initiated.

                
> Security groups get clean up if VM is not in a running state
> ------------------------------------------------------------
>
>                 Key: CLOUDSTACK-3409
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3409
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Hypervisor Controller, KVM
>    Affects Versions: 4.1.0, 4.1.1, 4.2.0
>         Environment: - Ubuntu 12.04
> - KVM hypervisor
>            Reporter: Wido den Hollander
>             Fix For: 4.1.1
>
>
> I heard complaints that Security Groups of running instances were clean up while they were running.
> I did some digging in the security group logs on that hypervisor and saw this: "vm i-211-469-VM is not running, cleaning up"
> That VM was actually running, but the Security Group script thought it wasn't so it cleaned up the rules.
> When looking in security_group.py it checks if the state of the VM is "running", but I think that this VM was in the "paused" state at that moment since it was being snapshotting by libvirt.
>                 if result.find("running") == -1:
>                     logging.debug("vm " + vm_name + " is not running, cleaning up")
>                     cleanup.append(vm_name)
> This should be modified that it also accepts the "paused" state for a VM.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira