You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ro...@apache.org on 2021/03/04 09:31:25 UTC

[cloudstack] 01/01: Merge remote-tracking branch 'origin/4.13' into 4.14

This is an automated email from the ASF dual-hosted git repository.

rohit pushed a commit to branch 4.14
in repository https://gitbox.apache.org/repos/asf/cloudstack.git

commit 709ebf606238f7246f7aa95afdae2be1bdf4ea87
Merge: f893c5c 6e7516c
Author: Rohit Yadav <ro...@shapeblue.com>
AuthorDate: Thu Mar 4 15:00:51 2021 +0530

    Merge remote-tracking branch 'origin/4.13' into 4.14

 scripts/vm/network/security_group.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --cc scripts/vm/network/security_group.py
index 680177e,21f6f7e..0783e4a
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@@@ -145,47 -147,9 +145,47 @@@ def split_ips_by_family(ips)
              ip6s.append(ip)
      return ip4s, ip6s
  
 +def destroy_network_rules_for_nic(vm_name, vm_ip, vm_mac, vif, sec_ips):
 +    try:
 +        rules = execute("""iptables-save -t filter | awk '/ %s / { sub(/-A/, "-D", $1) ; print }'""" % vif ).split("\n")
 +        for rule in filter(None, rules):
 +            try:
 +                execute("iptables " + rule)
 +            except:
 +                logging.debug("Ignoring failure to delete rule: " + rule)
 +    except:
 +        pass
 +
 +    try:
 +        dnats = execute("""iptables-save -t nat | awk '/ %s / { sub(/-A/, "-D", $1) ; print }'""" % vif ).split("\n")
 +        for dnat in filter(None, dnats):
 +            try:
 +                execute("iptables -t nat " + dnat)
 +            except:
 +                logging.debug("Ignoring failure to delete dnat: " + dnat)
 +    except:
 +        pass
 +
 +    ips = sec_ips.split(';')
 +    ips.pop()
 +    ips.append(vm_ip)
 +    add_to_ipset(vm_name, ips, "-D")
 +    ebtables_rules_vmip(vm_name, vm_mac, ips, "-D")
 +
 +    vmchain_in = vm_name + "-in"
 +    vmchain_out = vm_name + "-out"
 +    vmchain_in_src = vm_name + "-in-src"
 +    vmchain_out_dst = vm_name + "-out-dst"
 +    try:
 +        execute("ebtables -t nat -D " + vmchain_in_src + " -s " + vm_mac + " -j RETURN")
 +        execute("ebtables -t nat -D " + vmchain_out_dst + " -p ARP --arp-op Reply --arp-mac-dst " + vm_mac + " -j RETURN")
 +        execute("ebtables -t nat -D PREROUTING -i " + vif + " -j " + vmchain_in)
 +        execute("ebtables -t nat -D POSTROUTING -o " + vif + " -j " + vmchain_out)
 +    except:
 +        logging.debug("Ignoring failure to delete ebtable rules for vm: " + vm_name)
  
  def get_bridge_physdev(brname):
-     physdev = execute("bridge -o link show | awk '/master %s / && !/^[0-9]+: vnet/ {print $2}' | head -1" % brname)
+     physdev = execute("bridge -o link show | awk '/master %s / && !/^[0-9]+: vnet/ {print $2}' | head -1 | cut -d ':' -f1" % brname)
      return physdev.strip()