Admin apis for the provider firewall is broken
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Undecided
|
Vish Ishaya |
Bug Description
Hi All,
I am implementing the blueprint: xenapi-
a. remove_
b. block_external_
c. On successful call, a dictionary is returned with msg=OK, so on an unsuccessful call, it should return a dictionary with a failed status message. This part needs to be implemented for the provider apis.
d. say, I block ' 10.10.10.11/24'. In db the value will be '10.10.10.11/24' but in iptables it will be ' 10.10.10.0/24'. This behavior should be changed to keep the value in sync i.e. 10.10.10.0/24 both in db and iptables, otherwise it gets really confusing.
I am planning to post the fix for this along with the provider firewall blueprint implementation.
Please let know if anybody has any comments.
Changed in nova: | |
status: | New → In Progress |
Changed in nova: | |
assignee: | nobody → Deepak Garg (deepak.garg) |
Changed in nova: | |
assignee: | Deepak Garg (deepak.garg) → Ewan Mellor (ewanmellor) |
Changed in nova: | |
assignee: | Ewan Mellor (ewanmellor) → Vish Ishaya (vishvananda) |
Changed in nova: | |
milestone: | none → essex-4 |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | essex-4 → 2012.1 |
Reviewed: https:/ /review. openstack. org/3207 github. com/openstack/ nova/commit/ fe1c97ff4c36d1c c2642d9a485f828 74e4b3bda2
Committed: http://
Submitter: Jenkins
Branch: master
commit fe1c97ff4c36d1c c2642d9a485f828 74e4b3bda2
Author: Deepak Garg <email address hidden>
Date: Fri Jan 13 16:03:45 2012 +0530
Blueprint xenapi- provider- firewall and Bug #915403.
1. Provides dom0 IPtables driver to implement the Provider firewall rules. external_ address_ block returned 'OK' on removing blocks which didn't exist. This is now fixed. addresses raised exception earlier on duplicate network blocks. Now the exception is logged and failed status message is returned.
2. Existing libvirt code has been refactored to reduce the amount of duplicated code to a minimum
3. The three provider apis in ec2/admin.py file are now fixed the following way:
a. remove_
b. block_external_
c. all the three provider apis now logs for invalid and improper inputs and return uniform (a dictionary ) and proper status messages for all cases.
4. appropriate unit tests added to cover the same
Change-Id: I27d83186f85042 3a6268947aed0c9 a349d8f8d65