apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-12-17 19:14:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug 10800: iptable rable restore upon failure is changed

Browse Source
This commit is contained in:
Naredula Janardhana Reddy 2011-07-28 13:42:32 +05:30
parent 63205f1f02
commit d79633b545
1 changed files with 23 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
patches/systemvm/debian/config/root/loadbalancer.sh
View File

@ -42,7 +42,21 @@ check_gw() {
fi fi
return $?; return $?;
} }
fw_remove_backup() {
for vif in $VIF_LIST; do
iptables -F back_load_balancer_$vif 2> /dev/null
iptables -D INPUT -i $vif -p tcp -j back_load_balancer_$vif 2> /dev/null
iptables -X back_load_balancer_$vif 2> /dev/null
done
}
fw_restore() {
for vif in $VIF_LIST; do
iptables -F load_balancer_$vif 2> /dev/null
iptables -D INPUT -i $vif -p tcp -j load_balancer_$vif 2> /dev/null
iptables -X load_balancer_$vif 2> /dev/null
iptables -E back_load_balancer_$vif load_balancer_$vif 2> /dev/null
done
}
# firewall entry to ensure that haproxy can receive on specified port # firewall entry to ensure that haproxy can receive on specified port
fw_entry() { fw_entry() {
local added=$1 local added=$1
@ -61,16 +75,13 @@ fw_entry() {
local a=$(echo $added | cut -d, -f1- --output-delimiter=" ") local a=$(echo $added | cut -d, -f1- --output-delimiter=" ")
local r=$(echo $removed | cut -d, -f1- --output-delimiter=" ") local r=$(echo $removed | cut -d, -f1- --output-delimiter=" ")
# Flush all the load balancer rules. # back up the iptable rules by renaming before creating new.
for vif in $VIF_LIST; do for vif in $VIF_LIST; do
iptables -F load_balancer_$vif 2> /dev/null iptables -E load_balancer_$vif back_load_balancer_$vif 2> /dev/null
iptables -D INPUT -i $vif -p tcp -j load_balancer_$vif 2> /dev/null iptables -N load_balancer_$vif 2> /dev/null
iptables -X load_balancer_$vif 2> /dev/null
iptables -N load_balancer_$vif
iptables -A INPUT -i $vif -p tcp -j load_balancer_$vif iptables -A INPUT -i $vif -p tcp -j load_balancer_$vif
done done
for i in $a for i in $a
do do
local pubIp=$(echo $i | cut -d: -f1) local pubIp=$(echo $i | cut -d: -f1)
@ -86,14 +97,6 @@ fw_entry() {
fi fi
done done
done done
for i in $r
do
local pubIp=$(echo $i | cut -d: -f1)
local dport=$(echo $i | cut -d: -f2)
local cidrs=$(echo $i | cut -d: -f3 | sed 's/-/,/')
done
return 0 return 0
} }
@ -185,10 +188,13 @@ then
# Restore the LB # Restore the LB
restore_lb restore_lb
# Revert iptables rules on DomR, with addedIps and removedIps swapped # Revert iptables rules on DomR
fw_entry $removedIps $addedIps fw_restore
exit 1 exit 1
else
# Remove backedup iptable rules
fw_remove_backup
fi fi
exit 0 exit 0