dheeraj12347 commented on issue #12770: URL: https://github.com/apache/cloudstack/issues/12770#issuecomment-4062721860
Hi @DaanHoogland, @rybakovanton-metta, I’ve implemented the proposed fix in scripts/vm/network/security_group.py. Changes made: Added helper functions iptables_chain_exists, ip6tables_chain_exists, and ipset_exists that call the existing execute() wrapper and treat exit code 1 as “does not exist” (logged at DEBUG), while re‑raising other exit codes as real errors. Updated destroy_network_rules_for_vm() so that for each VM‑related chain (<vm>-def, <vm>, and the egress chain) it checks iptables_chain_exists / ip6tables_chain_exists before calling iptables/ip6tables -F/-X, and logs “chain does not exist, skipping” at DEBUG when appropriate. For the VM ipsets (IPv4 and IPv6) it checks ipset_exists before ipset -F/-X, and logs “ipset does not exist, skipping” at DEBUG when they’re already gone. This makes the VM cleanup idempotent and avoids misleading ERROR‑level tracebacks during normal cleanup, while still surfacing real failures. I’ve run python -m py_compile scripts/vm/network/security_group.py locally to verify syntax. Please let me know if this approach looks good or if you’d like any adjustments. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
