etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add multiple nics support for security group

This commit is contained in:
Edison Su 2011-02-17 13:47:37 -05:00
parent 37cb0ae2c9
commit 0c8b86fc56
3 changed files with 52 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java
View File

@ -2243,13 +2243,11 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
isoPath = isoVol.getPath();
DiskDef iso = new DiskDef();
iso.defFileBasedDisk(isoPath, "hdc", DiskDef.diskBus.IDE, DiskDef.diskFmtType.RAW);
iso.setDeviceType(DiskDef.deviceType.CDROM);
iso.defISODisk(isoPath);
isoXml = iso.toString();
} else {
DiskDef iso = new DiskDef();
iso.defFileBasedDisk(null, "hdc", DiskDef.diskBus.IDE, DiskDef.diskFmtType.RAW);
iso.setDeviceType(DiskDef.deviceType.CDROM);
iso.defISODisk(null);
isoXml = iso.toString();
}
@ -2259,43 +2257,44 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
protected synchronized String attachOrDetachDisk(Connect conn, boolean attach, String vmName, String sourceFile, int devId) throws LibvirtException, InternalErrorException {
List<DiskDef> disks = null;
Domain dm = null;
int deviceId = devId;
try {
dm = conn.domainLookupByUUID(UUID.nameUUIDFromBytes(vmName.getBytes()));
LibvirtDomainXMLParser parser = new LibvirtDomainXMLParser();
String xml = dm.getXMLDesc(0);
parser.parseDomainXML(xml);
disks = parser.getDisks();
} catch (LibvirtException e) {
throw e;
if (!attach) {
dm = conn.domainLookupByUUID(UUID.nameUUIDFromBytes(vmName.getBytes()));
LibvirtDomainXMLParser parser = new LibvirtDomainXMLParser();
String xml = dm.getXMLDesc(0);
parser.parseDomainXML(xml);
disks = parser.getDisks();
boolean diskAttached = false;
for (DiskDef disk : disks) {
String file = disk.getDiskPath();
if (file != null && file.equalsIgnoreCase(sourceFile)) {
deviceId = disk.getDiskSeq();
diskAttached = true;
break;
}
}
if (!diskAttached) {
throw new InternalErrorException("disk: " + sourceFile + " is not attached before");
}
}
DiskDef disk = new DiskDef();
String guestOSType = getGuestType(conn, vmName);
if (isGuestPVEnabled(guestOSType)) {
disk.defFileBasedDisk(sourceFile, deviceId, DiskDef.diskBus.VIRTIO, DiskDef.diskFmtType.QCOW2);
} else {
disk.defFileBasedDisk(sourceFile, deviceId, DiskDef.diskBus.SCSI, DiskDef.diskFmtType.QCOW2);
}
String xml = disk.toString();
return attachOrDetachDevice(conn, attach, vmName, xml);
} finally {
if (dm != null) {
dm.free();
}
}
if (!attach) {
boolean diskAttached = false;
for (DiskDef disk : disks) {
if (disk.getDiskPath().equalsIgnoreCase(sourceFile)) {
devId = disk.getDiskSeq();
diskAttached = true;
}
}
if (!diskAttached) {
throw new InternalErrorException("disk: " + sourceFile + " is not attached before");
}
}
DiskDef disk = new DiskDef();
String guestOSType = getGuestType(conn, vmName);
if (isGuestPVEnabled(guestOSType)) {
disk.defFileBasedDisk(sourceFile, devId, DiskDef.diskBus.VIRTIO, DiskDef.diskFmtType.QCOW2);
} else {
disk.defFileBasedDisk(sourceFile, devId, DiskDef.diskBus.SCSI, DiskDef.diskFmtType.QCOW2);
}
String xml = disk.toString();
return attachOrDetachDevice(conn, attach, vmName, xml);
}
private synchronized String attachOrDetachDevice(Connect conn, boolean attach, String vmName, String xml) throws LibvirtException, InternalErrorException{
@ -3193,7 +3192,8 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
cmd.add("--sig", sig);
cmd.add("--seq", seq);
cmd.add("--vmmac", mac);
cmd.add("--rules", newRules);
if (rules != null)
cmd.add("--rules", newRules);
String result = cmd.execute();
if (result != null) {
return false;

4
agent/src/com/cloud/agent/resource/computing/LibvirtVMDef.java
View File

@ -303,9 +303,9 @@ public class LibvirtVMDef {
_bus = bus;
}
/*device id starting from 0, but iso is 3*/
/*skip iso label*/
private String getDevLabel(int devId, diskBus bus) {
if ( devId >= 2 ) {
if ( devId == 2 ) {
devId++;
}

27
scripts/vm/network/security_group.py
View File

@ -115,7 +115,6 @@ def destroy_network_rules_for_vm(vm_name):
delete_rules_for_vm_in_bridge_firewall_chain(vm_name)
if vm_name.startswith('i-') or vm_name.startswith('r-'):
vmchain = '-'.join(vm_name.split('-')[:-1])
vmchain_default = '-'.join(vm_name.split('-')[:-1]) + "-def"
destroy_ebtables_rules(vmchain)
@ -183,12 +182,12 @@ def default_ebtables_rules(vm_name, rules):
vm_mac = r.split(",")[1]
vif = r.split(",")[2]
execute("ebtables -t nat -A " + vmchain_in + " -i " + vif + " -s ! " + vm_mac + " -j DROP")
execute("ebtables -t nat -A " + vmchain_in + " -p ARP -s ! " + vm_mac + " -j DROP")
execute("ebtables -t nat -A " + vmchain_in + " -p ARP --arp-mac-src ! " + vm_mac + " -j DROP")
execute("ebtables -t nat -A " + vmchain_in + " -p ARP --arp-ip-src ! " + vm_ip + " -j DROP")
execute("ebtables -t nat -A " + vmchain_in + " -p ARP --arp-op Request -j ACCEPT")
execute("ebtables -t nat -A " + vmchain_in + " -p ARP --arp-op Reply -j ACCEPT")
execute("ebtables -t nat -A " + vmchain_in + " -p ARP -j DROP")
execute("ebtables -t nat -A " + vmchain_in + " -i " + vif + " -p ARP -s ! " + vm_mac + " -j DROP")
execute("ebtables -t nat -A " + vmchain_in + " -i " + vif + " -p ARP --arp-mac-src ! " + vm_mac + " -j DROP")
execute("ebtables -t nat -A " + vmchain_in + " -i " + vif + " -p ARP --arp-ip-src ! " + vm_ip + " -j DROP")
execute("ebtables -t nat -A " + vmchain_in + " -i " + vif + " -p ARP --arp-op Request -j ACCEPT")
execute("ebtables -t nat -A " + vmchain_in + " -i " + vif + " -p ARP --arp-op Reply -j ACCEPT")
execute("ebtables -t nat -A " + vmchain_in + " -i " + vif + " -p ARP -j DROP")
except:
logging.exception("Failed to program default ebtables IN rules")
return 'false'
@ -197,11 +196,12 @@ def default_ebtables_rules(vm_name, rules):
for r in rule:
vm_ip = r.split(",")[0]
vm_mac = r.split(",")[1]
execute("ebtables -t nat -A " + vmchain_out + " -p ARP --arp-op Reply --arp-mac-dst ! " + vm_mac + " -j DROP")
execute("ebtables -t nat -A " + vmchain_out + " -p ARP --arp-ip-dst ! " + vm_ip + " -j DROP")
execute("ebtables -t nat -A " + vmchain_out + " -p ARP --arp-op Request -j ACCEPT")
execute("ebtables -t nat -A " + vmchain_out + " -p ARP --arp-op Reply -j ACCEPT")
execute("ebtables -t nat -A " + vmchain_out + " -p ARP -j DROP")
vif = r.split(",")[2]
execute("ebtables -t nat -A " + vmchain_out + " -i " + vif + " -p ARP --arp-op Reply --arp-mac-dst ! " + vm_mac + " -j DROP")
execute("ebtables -t nat -A " + vmchain_out + " -i " + vif + " -p ARP --arp-ip-dst ! " + vm_ip + " -j DROP")
execute("ebtables -t nat -A " + vmchain_out + " -i " + vif + " -p ARP --arp-op Request -j ACCEPT")
execute("ebtables -t nat -A " + vmchain_out + " -i " + vif + " -p ARP --arp-op Reply -j ACCEPT")
execute("ebtables -t nat -A " + vmchain_out + " -i " + vif + " -p ARP -j DROP")
except:
logging.debug("Failed to program default ebtables OUT rules")
return 'false'
@ -455,7 +455,8 @@ def add_network_rules(vm_name, vm_id, vm_ip, signature, seqno, vmMac, rules):
return 'true'
if rules == "" or rules == None:
return 'true'
write_rule_log_for_vm(vmName, vm_id, vm_ip, domId, signature, seqno)
return 'true'
lines = rules.split(';')[:-1]