You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by se...@apache.org on 2014/06/17 17:07:54 UTC
git commit: updated refs/heads/4.3 to 0711d14
Repository: cloudstack
Updated Branches:
refs/heads/4.3 9b33deb62 -> 0711d14b8
CLOUDSTACK-6927: Ensure that any rules get cleaned if required
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0711d14b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0711d14b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0711d14b
Branch: refs/heads/4.3
Commit: 0711d14b87921c65ba4d476ebe2c8f31fec5b59d
Parents: 9b33deb
Author: Loic Lambiel <ll...@exoscale.ch>
Authored: Wed Jun 4 15:53:52 2014 +0200
Committer: Sebastien Goasguen <ru...@gmail.com>
Committed: Tue Jun 17 17:07:23 2014 +0200
----------------------------------------------------------------------
scripts/vm/network/security_group.py | 42 +++++++++++++++++++++----------
1 file changed, 29 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0711d14b/scripts/vm/network/security_group.py
----------------------------------------------------------------------
diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py
index 8a946bc..aea7b7c 100755
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@@ -683,27 +683,43 @@ def cleanup_rules_for_dead_vms():
def cleanup_rules():
try:
- chainscmd = """iptables-save | grep -P '^:(?!.*-(def|eg))' | awk '{sub(/^:/, "", $1) ; print $1}'"""
+ chainscmd = """iptables-save | awk '{for(i=1;i<=NF;i++){ if($i ~ /[i|r|s|v]-[0-9]/){print $i} } }'"""
chains = execute(chainscmd).split('\n')
cleanup = []
for chain in chains:
- if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]:
- vm_name = chain
+ if chain == '':
+ continue
+ elif chain.startswith(':'):
+ chain = chain[1:]
+ if chain.endswith('-eg'):
+ chain = chain[:-3]
+ elif chain.endswith('-def'):
+ chain = chain[:-3]
+ chain = chain + 'VM'
- result = virshdomstate(vm_name)
+ vm_name = chain
- if result == None or len(result) == 0:
- logging.debug("chain " + chain + " does not correspond to a vm, cleaning up iptable rules")
- cleanup.append(vm_name)
- continue
- if not (result == "running" or result == "paused"):
- logging.debug("vm " + vm_name + " is not running or paused, cleaning up iptable rules")
- cleanup.append(vm_name)
+ result = virshdomstate(vm_name)
+
+ if result == None or len(result) == 0:
+ logging.debug("chain " + chain + " does not correspond to a vm, cleaning up iptable rules")
+ cleanup.append(vm_name)
+ continue
+ if not (result == "running" or result == "paused"):
+ logging.debug("vm " + vm_name + " is not running or paused, cleaning up iptable rules")
+ cleanup.append(vm_name)
- chainscmd = """ebtables-save | awk '/:i/ { gsub(/(^:|-(in|out|ips))/, "") ; print $1}'"""
+ chainscmd = """ebtables-save | awk '{for(i=1;i<=NF;i++){ if($i ~ /[i|r|s|v]-[0-9]/){print $i} } }'"""
chains = execute(chainscmd).split('\n')
for chain in chains:
- if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]:
+ if chain == '':
+ continue
+ elif chain.startswith(':'):
+ chain = chain[1:]
+ if not chain.endswith('VM'):
+ chain = chain.split('VM')
+ chain = chain[0] + 'VM'
+
vm_name = chain
result = virshdomstate(vm_name)