You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ro...@apache.org on 2021/03/04 09:31:24 UTC
[cloudstack] branch 4.14 updated (f893c5c -> 709ebf6)
This is an automated email from the ASF dual-hosted git repository.
rohit pushed a change to branch 4.14
in repository https://gitbox.apache.org/repos/asf/cloudstack.git.
from f893c5c cks: fix token TTL, set it to never expire (#4747)
add 6e7516c kvm: Fix get_bridge_physdev where it returns "device:" instead of just "device" (#4740)
new 709ebf6 Merge remote-tracking branch 'origin/4.13' into 4.14
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
scripts/vm/network/security_group.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[cloudstack] 01/01: Merge remote-tracking branch 'origin/4.13' into
4.14
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rohit pushed a commit to branch 4.14
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit 709ebf606238f7246f7aa95afdae2be1bdf4ea87
Merge: f893c5c 6e7516c
Author: Rohit Yadav <ro...@shapeblue.com>
AuthorDate: Thu Mar 4 15:00:51 2021 +0530
Merge remote-tracking branch 'origin/4.13' into 4.14
scripts/vm/network/security_group.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --cc scripts/vm/network/security_group.py
index 680177e,21f6f7e..0783e4a
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@@@ -145,47 -147,9 +145,47 @@@ def split_ips_by_family(ips)
ip6s.append(ip)
return ip4s, ip6s
+def destroy_network_rules_for_nic(vm_name, vm_ip, vm_mac, vif, sec_ips):
+ try:
+ rules = execute("""iptables-save -t filter | awk '/ %s / { sub(/-A/, "-D", $1) ; print }'""" % vif ).split("\n")
+ for rule in filter(None, rules):
+ try:
+ execute("iptables " + rule)
+ except:
+ logging.debug("Ignoring failure to delete rule: " + rule)
+ except:
+ pass
+
+ try:
+ dnats = execute("""iptables-save -t nat | awk '/ %s / { sub(/-A/, "-D", $1) ; print }'""" % vif ).split("\n")
+ for dnat in filter(None, dnats):
+ try:
+ execute("iptables -t nat " + dnat)
+ except:
+ logging.debug("Ignoring failure to delete dnat: " + dnat)
+ except:
+ pass
+
+ ips = sec_ips.split(';')
+ ips.pop()
+ ips.append(vm_ip)
+ add_to_ipset(vm_name, ips, "-D")
+ ebtables_rules_vmip(vm_name, vm_mac, ips, "-D")
+
+ vmchain_in = vm_name + "-in"
+ vmchain_out = vm_name + "-out"
+ vmchain_in_src = vm_name + "-in-src"
+ vmchain_out_dst = vm_name + "-out-dst"
+ try:
+ execute("ebtables -t nat -D " + vmchain_in_src + " -s " + vm_mac + " -j RETURN")
+ execute("ebtables -t nat -D " + vmchain_out_dst + " -p ARP --arp-op Reply --arp-mac-dst " + vm_mac + " -j RETURN")
+ execute("ebtables -t nat -D PREROUTING -i " + vif + " -j " + vmchain_in)
+ execute("ebtables -t nat -D POSTROUTING -o " + vif + " -j " + vmchain_out)
+ except:
+ logging.debug("Ignoring failure to delete ebtable rules for vm: " + vm_name)
def get_bridge_physdev(brname):
- physdev = execute("bridge -o link show | awk '/master %s / && !/^[0-9]+: vnet/ {print $2}' | head -1" % brname)
+ physdev = execute("bridge -o link show | awk '/master %s / && !/^[0-9]+: vnet/ {print $2}' | head -1 | cut -d ':' -f1" % brname)
return physdev.strip()