Skip to content

kvm: fix issue that network rules for secondary IPs are not applied #3636

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yadvr merged 1 commit into from
Nov 21, 2019
Merged

kvm: fix issue that network rules for secondary IPs are not applied #3636

yadvr merged 1 commit into from
Nov 21, 2019

Conversation

@ustcweizhou
Copy link
Contributor

@ustcweizhou ustcweizhou commented Oct 15, 2019

Description

When I add a secondary IP to a nic on shared network in advanced zone with security groups, the network rules for new IP are not applied on KVM hypervisors.
It is because "--action -A" cannot be recognized in security_group.py after commit ac73e7e. changing to "--action=-A" will fix it.

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)

Screenshots (if appropriate):

How Has This Been Tested?

When add a ip (ip must to be specified see #3635) to a nic, in advanced zone with security groups, the network rules for the ip should be added on hypervisor. However it does not work in 4.13/master.

in agent.log it gives the following error

root@node32:~# /usr/share/cloudstack-common/scripts/vm/network/security_group.py network_rules_vmSecondaryIp --vmname i-14-54-VM --nicsecips 192.168.116.246 --action -A
usage: security_group.py [-h] [--vmname VMNAME] [--vmip VMIP] [--vmip6 VMIP6]
                         [--vmid VMID] [--vmmac VMMAC] [--vif VIF] [--sig SIG]
                         [--seq SEQ] [--rules RULES] [--brname BRNAME]
                         [--localbrname LOCALBRNAME] [--dhcpSvr DHCPSVR]
                         [--hostIp HOSTIP] [--hostMacAddr HOSTMACADDR]
                         [--nicsecips NICSECIPS] [--action ACTION]
                         [--privnic PRIVNIC] [--isFirstNic] [--check]
                         command
security_group.py: error: argument --action: expected one argument

The rules (ipset, iptables, ebtables) are added after this fix.

@ustcweizhou
kvm: fix issue that network rules for secondary IPs are not applied
45594e1 
When I add a secondary IP to a nic on shared network in advanced zone with security groups, the network rules for new IP are not applied on KVM hypervisors.
It is because "--action -A" cannot be recognized in security_group.py after commit ac73e7e. changing to "--action=-A" will fix it.
@ustcweizhou
Copy link
Contributor Author

ustcweizhou commented Oct 15, 2019

@wido @GabrielBrascher could you please review and test it ?

@ustcweizhou ustcweizhou mentioned this pull request Oct 17, 2019
Merged
5 tasks
@yadvr yadvr added this to the 4.13.1.0 milestone Oct 22, 2019
@yadvr
Copy link
Member

yadvr commented Nov 11, 2019

@blueorangutan package

@blueorangutan
Copy link

blueorangutan commented Nov 11, 2019

@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

@blueorangutan
Copy link

blueorangutan commented Nov 11, 2019

Packaging result: ✔centos6 ✔centos7 ✔debian. JID-343

GabrielBrascher
GabrielBrascher approved these changes Nov 13, 2019
View reviewed changes
Copy link
Member

@GabrielBrascher GabrielBrascher left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM. Tested and it works.

@yadvr
Copy link
Member

yadvr commented Nov 21, 2019

Requires SG env that BO cannot kick by default, since manually tested, not kicking explicit test.

@yadvr yadvr merged commit 23ca806 into apache:4.13 Nov 21, 2019
ustcweizhou added a commit to ustcweizhou/cloudstack that referenced this pull request Feb 28, 2020
@ustcweizhou
kvm: fix issue that network rules for secondary IPs are not applied (a…
4226e36 
…pache#3636)

When I add a secondary IP to a nic on shared network in advanced zone with security groups, the network rules for new IP are not applied on KVM hypervisors.
It is because "--action -A" cannot be recognized in security_group.py after commit ac73e7e. changing to "--action=-A" will fix it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yadvr yadvr yadvr approved these changes

@GabrielBrascher GabrielBrascher GabrielBrascher approved these changes

Assignees

@ustcweizhou ustcweizhou

Labels

component:kvm component:networking type:bug

Projects

None yet

Milestone

4.13.1.0

Development

Successfully merging this pull request may close these issues.

5 participants

@ustcweizhou @yadvr @blueorangutan @GabrielBrascher @svenvogel