CLOUDSTACK-4611: cleanup_rules using ebtables rules from /proc/modules

The SG python script depends on ebtables-save which is not available on Debian based distros (Ubuntu and Debian for example). The commit uses /proc/modules to find available bridge tables (one of nat, filter or broute) and then find VMs that need to be removed. Further it uses set() to remove duplicate VMs so we don't try to remove a VM's rules more than once leading to unwanted errors in the log. Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> (cherry picked from commit d66677101c) Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2015-04-25 01:00:16 +02:00 · 2015-04-25 01:00:16 +02:00 · acd9a251d3
parent 9cf31b0714
commit acd9a251d3
1 changed files with 16 additions and 15 deletions
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@ -700,22 +700,23 @@ def cleanup_rules():
                    logging.debug("vm " + vm_name + " is not running or paused, cleaning up iptable rules")
                    cleanup.append(vm_name)

-        chainscmd = """ebtables-save | awk '/:i/ { gsub(/(^:|-(in|out|ips))/, "") ; print $1}'"""
-        chains = execute(chainscmd).split('\n')
-        for chain in chains:
-            if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]:
-                vm_name = chain
-
-                result = virshdomstate(vm_name)
-
-                if result == None or len(result) == 0:
-                    logging.debug("chain " + chain + " does not correspond to a vm, cleaning up ebtable rules")
-                    cleanup.append(vm_name)
-                    continue
-                if not (result == "running" or result == "paused"):
-                    logging.debug("vm " + vm_name + " is not running or paused, cleaning up ebtable rules")
-                    cleanup.append(vm_name)
+        bridge_tables = execute("""grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//""").split('\n')
+        for table in filter(None, bridge_tables):
+            chainscmd = """ebtables -t %s -L | awk '/chain:/ { gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq""" % table
+            chains = execute(chainscmd).split('\n')
+            for chain in filter(None, chains):
+                if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]:
+                    vm_name = chain
+                    result = virshdomstate(vm_name)
+                    if result == None or len(result) == 0:
+                        logging.debug("chain " + chain + " does not correspond to a vm, cleaning up ebtable rules")
+                        cleanup.append(vm_name)
+                        continue
+                    if not (result == "running" or result == "paused"):
+                        logging.debug("vm " + vm_name + " is not running or paused, cleaning up ebtable rules")
+                        cleanup.append(vm_name)

+        cleanup = list(set(cleanup))  # remove duplicates
        for vmname in cleanup:
            destroy_network_rules_for_vm(vmname)