F #1574: Make ipset size configurable

2025-03-21 14:50:08 +03:00 · 2017-12-21 10:01:06 +01:00 · 2017-12-21 10:01:06 +01:00 · a200d830f9
commit a200d830f9
parent fa0eac0cab
4 changed files with 19 additions and 7 deletions
--- a/src/vnm_mad/remotes/OpenNebulaNetwork.conf
+++ b/src/vnm_mad/remotes/OpenNebulaNetwork.conf
@ -57,6 +57,12 @@
 # Default MTU for the VXLAN interface
 :vxlan_mtu: 1500

+################################################################################
+# Security Group Options
+################################################################################
+
+# Maximal number of entries in the IP set
+:ipset_maxelem: 65536

 ################################################################################
 # Bridge and Interface Creation Options
--- a/src/vnm_mad/remotes/lib/security_groups_iptables.rb
+++ b/src/vnm_mad/remotes/lib/security_groups_iptables.rb
@ -146,7 +146,11 @@ module SGIPTables
                end

                if !sets.include?(set)
-                    cmds.add :ipset, "create #{set} hash:net,port family #{family}"
+                    maxelem = vars[:nic][:conf][:ipset_maxelem] ?
+                        "maxelem #{vars[:nic][:conf][:ipset_maxelem]}" :
+                        "maxelem #{CONF[:ipset_maxelem]}"
+
+                    cmds.add :ipset, "create #{set} hash:net,port family #{family} #{maxelem}"
                    cmds.add command, "-A #{chain} -m set --match-set" \
                        " #{set} #{dir} -j RETURN"

@ -318,10 +322,11 @@ module SGIPTables

        vars = {}

-        vars[:vm_id]     = vm_id,
-        vars[:nic_id]    = nic_id,
-        vars[:chain]     = "one-#{vm_id}-#{nic_id}",
-        vars[:chain_in]  = "#{vars[:chain]}-i",
+        vars[:nic]       = nic
+        vars[:vm_id]     = vm_id
+        vars[:nic_id]    = nic_id
+        vars[:chain]     = "one-#{vm_id}-#{nic_id}"
+        vars[:chain_in]  = "#{vars[:chain]}-i"
        vars[:chain_out] = "#{vars[:chain]}-o"

        if sg_id
--- a/src/vnm_mad/remotes/lib/sg_driver.rb
+++ b/src/vnm_mad/remotes/lib/sg_driver.rb
@ -81,7 +81,7 @@ module VNMMAD
            attach_nic_id = @vm['TEMPLATE/NIC[ATTACH="YES"]/NIC_ID'] if !do_all

            # Process the rules
-            @vm.nics.each do |nic|
+            process do |nic|
                next if attach_nic_id && attach_nic_id != nic[:nic_id]

                if nic[:security_groups].nil?
--- a/src/vnm_mad/remotes/lib/vnmmad.rb
+++ b/src/vnm_mad/remotes/lib/vnmmad.rb
@ -48,7 +48,8 @@ rescue
        :vxlan_ttl           => "16",
        :vxlan_mtu           => "1500",
        :validate_vlan_id    => false,
-        :vlan_mtu            => "1500"
+        :vlan_mtu            => "1500",
+        :ipset_maxelem       => "65536",
    }
 end