etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-9848: Added exit status checking for the iptables commands

This commit is contained in:
Jayapal 2017-05-09 16:13:26 +05:30
parent ed2f573160
commit da8a3567a3
4 changed files with 16 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
systemvm/patches/debian/config/opt/cloud/bin/configure.py
View File

@ -168,12 +168,10 @@ class CsAcl(CsDataBag):
if rule['protocol'] == "icmp":
fwr += " -s %s " % cidr + \
" -p %s " % rule['protocol'] + \
" -m %s " % rule['protocol'] + \
" --icmp-type %s" % icmp_type
elif rule['protocol'] != "all":
fwr += " -s %s " % cidr + \
" -p %s " % rule['protocol'] + \
" -m %s " % rule['protocol'] + \
" %s" % rnge
elif rule['protocol'] == "all":
fwr += " -s %s " % cidr
@ -1022,6 +1020,7 @@ def main(argv):
static_routes.process()
except Exception:
logging.exception("Exception while configuring router")
return 1
if __name__ == "__main__":
main(sys.argv)

8
systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
View File

@ -382,7 +382,7 @@ class CsIP:
"-A FIREWALL_%s " % self.address['public_ip'] +
"-m state --state RELATED,ESTABLISHED -j ACCEPT"])
self.fw.append(["mangle", "",
"-A FIREWALL_%s DROP" % self.address['public_ip']])
"-A FIREWALL_%s -j DROP" % self.address['public_ip']])
self.fw.append(["mangle", "",
"-A VPN_%s -m state --state RELATED,ESTABLISHED -j ACCEPT" % self.address['public_ip']])
self.fw.append(["mangle", "",
@ -392,8 +392,6 @@ class CsIP:
self.fw.append(["mangle", "",
"-A PREROUTING -i %s -m state --state NEW " % self.dev +
"-j CONNMARK --set-xmark %s/0xffffffff" % self.dnum])
self.fw.append(
["mangle", "", "-A FIREWALL_%s -j DROP" % self.address['public_ip']])
self.fw.append(["filter", "",
"-A FORWARD -i %s -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT" % self.dev])
self.fw.append(["filter", "",
@ -484,10 +482,6 @@ class CsIP:
(guestNetworkCidr, self.dev, self.address['public_ip'])])
if self.get_type() in ["public"]:
self.fw.append(["", "front",
"-A FORWARD -o %s -d %s -j ACL_INBOUND_%s" % (
self.dev, self.address['network'], self.dev)
])
self.fw.append(
["mangle", "", "-A FORWARD -j VPN_STATS_%s" % self.dev])
self.fw.append(

5
systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py
View File

@ -181,8 +181,11 @@ def get_hostname():
def execute(command):
""" Execute command """
logging.debug("Executing: %s" % command)
p = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
p.wait()
rc = p.returncode
logging.debug("Executed: %s - exitstatus=%s " % (command, rc))
result = p.communicate()[0]
return result.splitlines()

13
systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py
View File

@ -16,8 +16,7 @@
# specific language governing permissions and limitations
# under the License.
import CsHelper
from pprint import pprint
from CsDatabag import CsDataBag, CsCmdLine
from CsDatabag import CsCmdLine
import logging
@ -173,7 +172,15 @@ class CsNetfilters(object):
cpy = cpy.replace("-A %s" % new_rule.get_chain(), '-I %s %s' % (new_rule.get_chain(), rule_count))
else:
cpy = cpy.replace("-A %s" % new_rule.get_chain(), '-I %s %s' % (new_rule.get_chain(), fw[1]))
CsHelper.execute("iptables -t %s %s" % (new_rule.get_table(), cpy))
ret = CsHelper.execute2("iptables -t %s %s" % (new_rule.get_table(), cpy))
#There are some issues in this framework causing failures .. like adding a chain without checking it is present causing
# the failures. Also some of the rule like removeFromLoadBalancerRule is deleting rule and deleteLoadBalancerRule
#trying to delete which causes the failure.
#For now raising the log.
#TODO: Need to fix in the framework.
if ret.returncode != 0 :
error = ret.communicate()[0]
logging.debug("iptables command got failed ... continuing")
ruleSet.add(tupledFw)
self.chain.add_rule(rule_chain)
self.del_standard()