You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by al...@apache.org on 2012/06/16 00:38:03 UTC
[47/51] [abbrv] git commit: typo fix
typo fix
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/1a621a01
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/1a621a01
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/1a621a01
Branch: refs/heads/vpc
Commit: 1a621a01f59753ff6040b4627893ca210726f0fd
Parents: c442d6d
Author: anthony <an...@cloud.com>
Authored: Mon Jun 4 18:00:14 2012 -0700
Committer: Alena Prokharchyk <al...@citrix.com>
Committed: Fri Jun 15 14:19:02 2012 -0700
----------------------------------------------------------------------
patches/systemvm/debian/config/root/acl.sh | 80 ++++++++---------
patches/systemvm/debian/config/root/guestnw.sh | 91 ++++++++++---------
wscript | 2 +-
3 files changed, 90 insertions(+), 83 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1a621a01/patches/systemvm/debian/config/root/acl.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/acl.sh b/patches/systemvm/debian/config/root/acl.sh
index 6a3449a..525dfe4 100755
--- a/patches/systemvm/debian/config/root/acl.sh
+++ b/patches/systemvm/debian/config/root/acl.sh
@@ -30,48 +30,48 @@ usage() {
#set -x
#FIXME: eating up the error code during execution of iptables
acl_remove_backup() {
- sudo iptables -F _ACL_INBOND_$gGW 2>/dev/null
- sudo iptables -D FORWARD -o $dev -d $gcidr -j _ACL_INBOND_$gGW 2>/dev/null
- sudo iptables -X _ACL_INBOND_$gGW 2>/dev/null
- sudo iptables -F _ACL_OUTBOND_$gGW 2>/dev/null
- sudo iptables -D FORWARD -i $dev -s $gcidr -j _ACL_OUTBOND_$gGW 2>/dev/null
- sudo iptables -X _ACL_OUTBOND_$gGW 2>/dev/null
+ sudo iptables -F _ACL_INBOUND_$ip 2>/dev/null
+ sudo iptables -D FORWARD -o $dev -d $gcidr -j _ACL_INBOUND_$ip 2>/dev/null
+ sudo iptables -X _ACL_INBOUND_$ip 2>/dev/null
+ sudo iptables -F _ACL_OUTBOUND_$ip 2>/dev/null
+ sudo iptables -D FORWARD -i $dev -s $gcidr -j _ACL_OUTBOUND_$ip 2>/dev/null
+ sudo iptables -X _ACL_OUTBOUND_$ip 2>/dev/null
}
acl_remove() {
- sudo iptables -F ACL_INBOND_$gGW 2>/dev/null
- sudo iptables -D FORWARD -o $dev -d $gcidr -j ACL_INBOND_$gGW 2>/dev/null
- sudo iptables -X ACL_INBOND_$gGW 2>/dev/null
- sudo iptables -F ACL_OUTBOND_$gGW 2>/dev/null
- sudo iptables -D FORWARD -i $dev -s $gcidr -j ACL_OUTBOND_$gGW 2>/dev/null
- sudo iptables -X ACL_OUTBOND_$gGW 2>/dev/null
+ sudo iptables -F ACL_INBOUND_$ip 2>/dev/null
+ sudo iptables -D FORWARD -o $dev -d $gcidr -j ACL_INBOUND_$ip 2>/dev/null
+ sudo iptables -X ACL_INBOUND_$ip 2>/dev/null
+ sudo iptables -F ACL_OUTBOUND_$ip 2>/dev/null
+ sudo iptables -D FORWARD -i $dev -s $gcidr -j ACL_OUTBOUND_$ip 2>/dev/null
+ sudo iptables -X ACL_OUTBOUND_$ip 2>/dev/null
}
acl_restore() {
acl_remove
- sudo iptables -E _ACL_INBOND_$gGW ACL_INBOND_$gGW 2>/dev/null
- sudo iptables -E _ACL_OUTBOND_$gGW ACL_OUTBOND_$gGW 2>/dev/null
+ sudo iptables -E _ACL_INBOUND_$ip ACL_INBOUND_$ip 2>/dev/null
+ sudo iptables -E _ACL_OUTBOUND_$ip ACL_OUTBOUND_$ip 2>/dev/null
}
acl_save() {
acl_remove_backup
- sudo iptables -E ACL_INBOND_$gGW _ACL_INBOND_$gGW 2>/dev/null
- sudo iptables -E ACL_OUTBOND_$gGW _ACL_OUTBOND_$gGW 2>/dev/null
+ sudo iptables -E ACL_INBOUND_$ip _ACL_INBOUND_$ip 2>/dev/null
+ sudo iptables -E ACL_OUTBOUND_$ip _ACL_OUTBOUND_$gGW 2>/dev/null
}
acl_chain_for_guest_network () {
acl_save
- # inbond
- sudo iptables -E ACL_INBOND_$gGW _ACL_INBOND_$gGW 2>/dev/null
- sudo iptables -N ACL_INBOND_$gGW 2>/dev/null
+ # inbound
+ sudo iptables -E ACL_INBOUND_$ip _ACL_INBOUND_$ip 2>/dev/null
+ sudo iptables -N ACL_INBOUND_$ip 2>/dev/null
# drop if no rules match (this will be the last rule in the chain)
- sudo iptables -A ACL_INBOND_$gGW -j DROP 2>/dev/null
- sudo iptables -A FORWARD -o $dev -d $gcidr -j ACL_INBOND_$gGW 2>/dev/null
- # outbond
- sudo iptables -E ACL_OUTBOND_$gGW _ACL_OUTBOND_$gGW 2>/dev/null
- sudo iptables -N ACL_OUTBOND_$gGW 2>/dev/null
- sudo iptables -A ACL_OUTBOND_$gGW -j DROP 2>/dev/null
- sudo iptables -D FORWARD -i $dev -s $gcidr -j ACL_OUTBOND_$gGW 2>/dev/null
+ sudo iptables -A ACL_INBOUND_$ip -j DROP 2>/dev/null
+ sudo iptables -A FORWARD -o $dev -d $gcidr -j ACL_INBOUND_$ip 2>/dev/null
+ # outbound
+ sudo iptables -E ACL_OUTBOUND_$ip _ACL_OUTBOUND_$ip 2>/dev/null
+ sudo iptables -N ACL_OUTBOUND_$ip 2>/dev/null
+ sudo iptables -A ACL_OUTBOUND_$ip -j DROP 2>/dev/null
+ sudo iptables -D FORWARD -i $dev -s $gcidr -j ACL_OUTBOUND_$ip 2>/dev/null
}
@@ -79,13 +79,13 @@ acl_chain_for_guest_network () {
acl_entry_for_guest_network() {
local rule=$1
- local inbond=$(echo $rule | cut -d: -f1)
+ local inbound=$(echo $rule | cut -d: -f1)
local prot=$(echo $rules | cut -d: -f2)
local sport=$(echo $rules | cut -d: -f3)
local eport=$(echo $rules | cut -d: -f4)
local cidrs=$(echo $rules | cut -d: -f5 | sed 's/-/ /g')
- logger -t cloud "$(basename $0): enter apply firewall rules for guest network: $gcidr inbond:$inbond:$prot:$sport:$eport:$cidrs"
+ logger -t cloud "$(basename $0): enter apply acl rules for guest network: $gcidr, inbound:$inbound:$prot:$sport:$eport:$cidrs"
# note that rules are inserted after the RELATED,ESTABLISHED rule
# but before the DROP rule
@@ -97,30 +97,30 @@ acl_entry_for_guest_network() {
typecode="$sport/$eport"
[ "$eport" == "-1" ] && typecode="$sport"
[ "$sport" == "-1" ] && typecode="any"
- if [ "$inbond" == "1" ]
+ if [ "$inbound" == "1" ]
then
- sudo iptables -I ACL_INBOND_$gGW -p $prot -s $lcidr \
+ sudo iptables -I ACL_INBOUND_$gGW -p $prot -s $lcidr \
--icmp-type $typecode -j ACCEPT
else
- sudo iptables -I ACL_OUTBOND_$gGW -p $prot -d $lcidr \
+ sudo iptables -I ACL_OUTBOUND_$gGW -p $prot -d $lcidr \
--icmp-type $typecode -j ACCEPT
fi
else
- if [ "$inbond" == "1" ]
+ if [ "$inbound" == "1" ]
then
- sudo iptables -I ACL_INBOND_$gGW -p $prot -s $lcidr \
+ sudo iptables -I ACL_INBOUND_$gGW -p $prot -s $lcidr \
--dport $sport:$eport -j ACCEPT
else
- sudo iptables -I ACL_OUTBOND_$gGW -p $prot -d $lcidr \
+ sudo iptables -I ACL_OUTBOUND_$gGW -p $prot -d $lcidr \
--dport $sport:$eport -j ACCEP`T
fi
result=$?
[ $result -gt 0 ] &&
- logger -t cloud "Error adding iptables entry for $pubIp:$prot:$sport:$eport:$src" &&
+ logger -t cloud "Error adding iptables entry for guest network : $gcidr,inbound:$inbound:$prot:$sport:$eport:$cidrs" &&
break
done
- logger -t cloud "$(basename $0): exit apply firewall rules for public ip $pubIp"
+ logger -t cloud "$(basename $0): exit apply acl rules for guest network : $gcidr"
return $result
}
@@ -132,7 +132,7 @@ aflag=0
rules=""
rules_list=""
gcidr=""
-gGW=""
+ip=""
dev=""
while getopts ':d:g:a:' OPTION
do
@@ -150,9 +150,7 @@ do
esac
done
-VIF_LIST=$(get_vif_list)
-
-if [ "$gflag$aflag" != "11" ]
+if [ "$dflag$gflag$aflag" != "!11" ]
then
usage()
fi
@@ -170,7 +168,7 @@ fi
# example : 172.16.92.44:tcp:80:80:0.0.0.0/0:,172.16.92.44:tcp:220:220:0.0.0.0/0:,200.1.1.2:reverted:0:0:0
success=0
-gGW=$(echo $gcidr | awk -F'/' '{print $1}')
+ip=$(echo $gcidr | awk -F'/' '{print $1}')
acl_chain_for_guest_network
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1a621a01/patches/systemvm/debian/config/root/guestnw.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/guestnw.sh b/patches/systemvm/debian/config/root/guestnw.sh
index e958dd0..d15f8a4 100755
--- a/patches/systemvm/debian/config/root/guestnw.sh
+++ b/patches/systemvm/debian/config/root/guestnw.sh
@@ -31,64 +31,71 @@ usage() {
setup_dnsmasq() {
- loger -t cloud "Setting up dnsmasq for network $gwIP "
+ loger -t cloud "Setting up dnsmasq for network $ip/$mask "
- sed -i -e "/^[#]*dhcp-range=interface:$ethDev/d" /etc/dnsmasq.d/cloud.conf
+ sed -i -e "/^[#]*dhcp-range=interface:$dev/d" /etc/dnsmasq.d/cloud.conf
- echo "dhcp-range=interface:$ethDev,$gwIP,static/" >> /etc/dnsmasq.d/cloud.conf
+ echo "dhcp-range=interface:$dev,set:interface-$dev,$ip,static/" >> /etc/dnsmasq.d/cloud.conf
+ sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,option:router.*$/d" /etc/dnsmasq.d/cloud.conf
+ if [ -n "$gw" ]
+ then
+ echo "dhcp-option=tag:interface-$dev,option:router,$gw" >> /etc/dnsmasq.d/cloud.conf
+ fi
+ sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,6.*$/d" /etc/dnsmasq.d/cloud.conf
+ if [ -n "$NS" ]
+ then
+ echo "dhcp-option=tag:interface-$dev,6,$NS" >> /etc/dnsmasq.d/cloud.conf
+ fi
service dnsmasq restart
sleep 1
}
desetup_dnsmasq() {
- loger -t cloud "Setting up dnsmasq for network $gwIP "
+ loger -t cloud "Setting up dnsmasq for network $ip/$mask "
- sed -i -e "/^[#]*dhcp-range=interface:$ethDev/d" /etc/dnsmasq.d/cloud.conf
-
+ sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,option:router.*$/d" /etc/dnsmasq.d/cloud.conf
+ sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,6.*$/d" /etc/dnsmasq.d/cloud.conf
+ sed -i -e "/^[#]*dhcp-range=interface:$dev/d" /etc/dnsmasq.d/cloud.conf
service dnsmasq restart
sleep 1
}
-create_network() {
- logger -t cloud " $(basename $0): Create network on interface $ethDev, gateway $gwIP, network $network, cidr $cidr "
+create_guest_network() {
+ logger -t cloud " $(basename $0): Create network on interface $dev, gateway $gw, network $ip/$mask "
- sudo ip addr add $ethDev $gwIP/$cidr
+ sudo ip addr add $dev $ip/$mask
- # create inbond acl chain
- if sudo iptables -N ACL_INBOND_$gwIP 2>/dev/null
+ # create inbound acl chain
+ if sudo iptables -N ACL_INBOUND_$ip 2>/dev/null
then
- logger -t cloud "$(basename $0): create VPC inbond acl chain for network $gwIP"
+ logger -t cloud "$(basename $0): create VPC inbound acl chain for network $ip/$mask"
# policy drop
- sudo iptables -A ACL_INBOND_$gwIP DROP >/dev/null
- sudo iptables -A FORWARD -o $dev -d $gwIP/$cidr -j ACL_INBOND_$gwIP
+ sudo iptables -A ACL_INBOUND_$ip DROP >/dev/null
+ sudo iptables -A FORWARD -o $dev -d $ip/$mask -j ACL_INBOUND_$ip
fi
- # create outbond acl chain
- if sudo iptables -N ACL_OUTBOND_$gwIP 2>/dev/null
+ # create outbound acl chain
+ if sudo iptables -N ACL_OUTBOUND_$ip 2>/dev/null
then
- logger -t cloud "$(basename $0): create VPC outbond acl chain for network $gwIP"
- sudo iptables -A ACL_OUTBOND_$gwIP DROP >/dev/null
- sudo iptables -A FORWARD -i $dev -s $gwIP/$cidr -j ACL_OUTBOND_$gwIP
+ logger -t cloud "$(basename $0): create VPC outbound acl chain for network $ip/$mask"
+ sudo iptables -A ACL_OUTBOUND_$ip DROP >/dev/null
+ sudo iptables -A FORWARD -i $dev -s $ip/$mask -j ACL_OUTBOUND_$ip
fi
setup_dnsmasq
}
-destroy_network() {
- logger -t cloud " $(basename $0): Create network on interface $ethDev, gateway $gwIP, network $network, cidr $cidr "
-
-
- # destroy egress firewall chain
- sudo iptables -t mangle -D PREROUTING -s $gwIP/$cidr -j FIREWALL_EGRESS_$gwIP
- sudo iptables -t mangle -F FIREWALL_EGRESS_$gwIP
- sudo iptables -t mangle -X FIREWALL_EGRESS_$gwIP
-
- # destroy ingress firewall chain
-
- sudo iptables -t mangle -D POSTROUTING -o $devDev-d $gwIP/$cidr -j FIREWALL_IEGRESS_$gwIP
- sudo iptables -t mangle -F FIREWALL_INGRESS_$gwIP
- sudo iptables -t mangle -X FIREWALL_INGRESS_$gwIP
+destroy_guest_network() {
+ logger -t cloud " $(basename $0): Create network on interface $dev, gateway $gw, network $ip/$mask "
+ # destroy inbound acl chain
+ sudo iptables -F ACL_INBOUND_$ip 2>/dev/null
+ sudo iptables -D FORWARD -o $dev -d $ip/$mask -j ACL_INBOUND_$ip 2>/dev/null
+ sudo iptables -X ACL_INBOUND_$ip 2>/dev/null
+ # destroy outbound acl chain
+ sudo iptables -F ACL_OUTBOUND_$ip 2>/dev/null
+ sudo iptables -D FORWARD -i $dev -s $ip/$mask -j ACL_OUTBOUND_$ip 2>/dev/null
+ sudo iptables -X ACL_OUTBOUND_$ip 2>/dev/null
desetup_dnsmasq
}
@@ -116,18 +123,20 @@ do
n) nflag=1
network="$OPTAGR"
;;
- c) cflag=1
- cidr="$OPTARG"
+ c) mflag=1
+ mask="$OPTARG"
;;
d) dflag=1
- ethDev="$OPTARG"
+ dev="$OPTARG"
;;
- v) vflag=1
- vcidr="$OPTARG"
+ v) iflag=1
+ ip="$OPTARG"
;;
-
g) gflag=1
- gwIP="$OPTARG"
+ gw="$OPTARG"
+ ;;
+ s) sflag=1
+ DNS="$OPTARG"
;;
?) usage
unlock_exit 2 $lock $locked
@@ -142,7 +151,7 @@ then
unlock_exit 2 $lock $locked
fi
-if [ "$Cflag" == "1" ] && ["$nflag$mflag$gflag$vflag" != "1111" ]
+if [ "$Cflag" == "1" ] && ["$dflag$iflag$gflag$mflag" != "1111" ]
then
usage
unlock_exit 2 $lock $locked
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1a621a01/wscript
----------------------------------------------------------------------
diff --git a/wscript b/wscript
index 6bf54e5..921cc37 100644
--- a/wscript
+++ b/wscript
@@ -3,7 +3,7 @@
# the following two variables are used by the target "waf dist"
# if you change 'em here, you need to change it also in cloud.spec, add a %changelog entry there, and add an entry in debian/changelog
-VERSION = '3.0.3.2012-05-25T20:59:05Z'
+VERSION = '3.0.3.2012-06-04T23:35:51Z'
APPNAME = 'cloud'
import shutil,os