On Thu, Mar 14, 2013 at 12:28:55PM -0700, John Kinsella wrote: > I've fixed several bugs in security_group.py in the last few days. Would be > nice if we could get this into 4.1.
Ack and pushed. Can you please resolve all relevant bugs? > > commit 381f737e64ed9192e6eea4aeffe1920637f7d835 > Author: John Kinsella <j...@stratosec.co> > Date: Wed Mar 13 16:52:49 2013 -0700 > > Summary: Fix exception handling in security_group.py > > Detail: Code was attempting to concatinate an exception to a string. > Updated to convert to text and concatinate that. > > BUG-ID: CLOUDSTACK-1052 > > commit 1079d63b6f978b2124db26d7f84f7ae62ba9daa0 > Author: John Kinsella <j...@stratosec.co> > Date: Wed Mar 13 17:54:50 2013 -0700 > > Summary: Prevent deletion of wrong iptables rules > > Detail: A grep in security_group.py wasn't defined well enough, could > potentially delete rules for VMs other than intended > > BUG-ID: CLOUDSTACK-309 > > commit 08a0788b384f7083eb261dbeec51d3efe5907927 > Author: John Kinsella <j...@stratosec.co> > Date: Thu Mar 14 11:48:47 2013 -0700 > > Summary: security_group.py: catch exception when flushing chain > > Detail: Added exception handling around iptables chain flushing, along > with a call to default_network_rules() to re-initialize. > > Testing: > On agent, ls /var/run/cloud and pick one of the VMs to test with. Make a > backup of it's logfile (eg cp /var/run/cloud/i-2-1722.log /tmp ) > Destroy the firewall ruleset for that VM with > /usr/lib64/cloud/common/scripts/vm/network/security_group.py > destroy_network_rules_for_vm --vmname i-2-1722-VM --vif vnet10 > Now copy the log file back, edit the file and decrement the last field by > 1 > ACS should notice the out-of-date sequence ID and push a new ruleset for > the VM within 60 seconds. > > BUG-ID: CLOUDSTACK-1685 > >
