Bug #3807: Remove only rules for ATTACH=YES nics when

doing a detach (deactivate method)
2025-03-21 14:50:08 +03:00 · 2015-05-26 19:01:08 +02:00 · 2015-05-26 19:01:08 +02:00 · dc318dd064
commit dc318dd064
parent 4eb305b721
4 changed files with 32 additions and 6 deletions
--- a/src/vnm_mad/remotes/ebtables/Ebtables.rb
+++ b/src/vnm_mad/remotes/ebtables/Ebtables.rb
@ -62,8 +62,15 @@ class EbtablesVLAN < VNMMAD::VNMDriver
    def deactivate
        lock

+        attach_nic_id = @vm['TEMPLATE/NIC[ATTACH="YES"]/NIC_ID']
+
        process do |nic|
+            if attach_nic_id && attach_nic_id != nic[:nic_id]
+                next
+            end
+
            mac = nic[:mac]
+
            # remove 0-padding
            mac = mac.split(":").collect{|e| e.hex.to_s(16)}.join(":")

--- a/src/vnm_mad/remotes/lib/fw_driver.rb
+++ b/src/vnm_mad/remotes/lib/fw_driver.rb
@ -40,7 +40,7 @@ module VNMMAD
            lock

            vm_id = @vm['ID']
-            
+
            process do |nic|
                #:white_ports_tcp => iptables_range
                #:white_ports_udp => iptables_range
@ -93,8 +93,15 @@ module VNMMAD
        def deactivate
            lock

-            vm_id =  @vm['ID']
+            vm_id = @vm['ID']
+
+            attach_nic_id = @vm['TEMPLATE/NIC[ATTACH="YES"]/NIC_ID']
+
            process do |nic|
+                if attach_nic_id && attach_nic_id != nic[:nic_id]
+                    next
+                end
+
                chain   = "one-#{vm_id}-#{nic[:network_id]}"
                iptables_out = `#{command(:iptables)} -n -v --line-numbers -L FORWARD`
                if m = iptables_out.match(/.*#{chain}.*/)
@ -196,4 +203,4 @@ module VNMMAD
            "#{command(:iptables)} #{rule}"
        end
    end
-end
+end
--- a/src/vnm_mad/remotes/lib/sg_driver.rb
+++ b/src/vnm_mad/remotes/lib/sg_driver.rb
@ -23,7 +23,7 @@ module VNMMAD

        DRIVER       = "sg"
        XPATH_FILTER = "TEMPLATE/NIC"
-        
+
        # Creates a new SG driver and scans SG Rules
        def initialize(vm, deploy_id = nil, hypervisor = nil)
            super(vm, XPATH_FILTER, deploy_id, hypervisor)
@ -48,7 +48,7 @@ module VNMMAD
            @security_group_rules = rules
        end

-        # Activate the rules, bootstrap iptables chains and set filter rules for 
+        # Activate the rules, bootstrap iptables chains and set filter rules for
        # each VM NIC
        def activate
            deactivate
@ -68,7 +68,7 @@ module VNMMAD
                sg_ids.each do |sg_id|
                    rules = @security_group_rules[sg_id]

-                    sg = SGIPTables::SecurityGroupIPTables.new(@vm, nic, sg_id, 
+                    sg = SGIPTables::SecurityGroupIPTables.new(@vm, nic, sg_id,
                        rules)

                    begin
@ -92,7 +92,13 @@ module VNMMAD
            lock

            begin
+                attach_nic_id = @vm['TEMPLATE/NIC[ATTACH="YES"]/NIC_ID']
+
                @vm.nics.each do |nic|
+                    if attach_nic_id && attach_nic_id != nic[:nic_id]
+                        next
+                    end
+
                    SGIPTables.nic_deactivate(@vm, nic)
                end
            rescue Exception => e
--- a/src/vnm_mad/remotes/ovswitch/OpenvSwitch.rb
+++ b/src/vnm_mad/remotes/ovswitch/OpenvSwitch.rb
@ -72,7 +72,13 @@ class OpenvSwitchVLAN < VNMMAD::VNMDriver
    def deactivate
        lock

+        attach_nic_id = @vm['TEMPLATE/NIC[ATTACH="YES"]/NIC_ID']
+
        process do |nic|
+            if attach_nic_id && attach_nic_id != nic[:nic_id]
+                next
+            end
+
            @nic = nic

            # Remove flows