[GitHub] cloudstack pull request: Make the routers iptables config persiste...

Tue, 14 Apr 2015 22:23:31 -0700 

Github user wilderrodrigues commented on the pull request:

    https://github.com/apache/cloudstack/pull/167#issuecomment-93194201
  
    Hi @resmo 
    
    On the cherry pick: I'm afraid it cannot be done. Why? Besides the IP 
tables we now have also the whole router configuration (e.g. guest networks, 
public IPs, vm metadata, etc) persisted in JSON files, which are managed by new 
Java code - all part of the Persistent SystemVM/Redundant VPC features. That 
was a huge change pushed towards Master about a month ago. We are busy testing 
it in order to get 100% for 4.6.
    
    @bhaisaab could you elaborate on that or do you think it would make sense 
to cherry-pick? Also to keep in mind, new features would be expected to go 
under a 4.x release.
    
    Concerning the iptables-persistent: when I started looking into it I saw 
that the new package was introduced in Debian Squeeze (6.0). So, why not use 
it. :) Following Debian's wiki and other site I understood that one would only 
need to save the configuration in the rules.v4/6 files and they would be picked 
up automatically by the iptables-persistent during reboot. So, based on that I 
did:
    
    iptables-save > /etc/iptables/rulesv4/6
    
    That was already enough to break all the routes. I also noticed that after 
a restart the iptables-vpcroutes was being loaded, instead of the rules.v4.
    
    To be honest, I did not "/etc/init.d/iptables-persistent start" to load and 
"/etc/init.d/iptables-persistent save" as you pointed in your first comment.
    
    What can I do from here: I can give it a try with iptables-persistent using 
start/save to see if it will work fine. I can also change the current way I'm 
doing to do the iptables-restore here /etc/network/if-pre-up.d/iptables instead 
of in the rc.local file.
    
    I'm always in for improvements and the right way to do things. :)
    
    Cheers,
    Wilder
    



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to