* [Qemu-devel] [Bug 1261450] [NEW] libvirtd reload and hooks problem routed-net
@ 2013-12-16 17:00 Chris Weltzien
2013-12-17 11:00 ` Stefan Hajnoczi
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Chris Weltzien @ 2013-12-16 17:00 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
if we do a reload of libvirt, some iptables rules, which are created through /etc/libvirt/hooks/qemu are not working anymore.
Every time a other (one or two,thee) vm is affected.
our qemu file:
#!/bin/bash
do_net() {
local status=$2
local ip=$3
local in=$4
local out=$5
if [[ ! $status || ! $ip || ! $in || ! $out ]]; then
echo "Not all parameters were passed!"
exit 1
fi
if [ "$status" = "stopped" -o "$status" = "reconnect" ]; then
ip route del $ip via 191.255.255.1 dev $out
ip neigh del proxy $ip dev $in
iptables -D FORWARD -i $in -o $out -s 0.0.0.0/0 -d $ip/32 -j ACCEPT
iptables -D FORWARD -i $out -o $in -s $ip/32 -d 0.0.0.0/0 -j ACCEPT
fi
if [ "$status" = "start" -o "$status" = "reconnect" ]; then
ip route add $ip via 191.255.255.1 dev $out
ip neigh add proxy $ip dev $in
iptables -I FORWARD 4 -i $in -o $out -s 0.0.0.0/0 -d $ip/32 -j ACCEPT
iptables -I FORWARD 4 -i $out -o $in -s $ip/32 -d 0.0.0.0/0 -j ACCEPT
fi
}
CONF=//etc/libvirt/hooks/vms/*
for file in $CONF
do
guest_ipaddr=""
guest_name=""
type=""
destination="0.0.0.0/0"
while read line; do
eval $line
done < $file
guest_ipaddrnet=$guest_ipaddr"/32"
for dest in ${destination}
do
if [ "${1}" = "${guest_name}" ]; then
echo "SRC-IP="$guest_ipaddr " " $guest_ipaddrnet " VM="$guest_name " Dest="$dest
if [ "${2}" = "stopped" ]; then
ip route del $guest_ipaddr via 191.255.255.1 dev virbr1
ip neigh del proxy $guest_ipaddr dev bond0
iptables -D FORWARD -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT
iptables -D FORWARD -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT
fi
if [ "${2}" = "start" ]; then
ip route add $guest_ipaddr via 191.255.255.1 dev virbr1
ip neigh add proxy $guest_ipaddr dev bond0
iptables -I FORWARD 4 -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT
iptables -I FORWARD 4 -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT
fi
if [ "${2}" = "reconnect" ]; then
ip route del $guest_ipaddr via 191.255.255.1 dev virbr1
ip neigh del proxy $guest_ipaddr dev bond0
iptables -D FORWARD -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT
iptables -D FORWARD -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT
sleep 1
ip route add $guest_ipaddr via 191.255.255.1 dev virbr1
ip neigh add proxy $guest_ipaddr dev bond0
iptables -I FORWARD 4 -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT
iptables -I FORWARD 4 -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT
fi
fi
done
done
** Affects: qemu
Importance: Undecided
Status: New
** Tags: libvirtd reload
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1261450
Title:
libvirtd reload and hooks problem routed-net
Status in QEMU:
New
Bug description:
if we do a reload of libvirt, some iptables rules, which are created through /etc/libvirt/hooks/qemu are not working anymore.
Every time a other (one or two,thee) vm is affected.
our qemu file:
#!/bin/bash
do_net() {
local status=$2
local ip=$3
local in=$4
local out=$5
if [[ ! $status || ! $ip || ! $in || ! $out ]]; then
echo "Not all parameters were passed!"
exit 1
fi
if [ "$status" = "stopped" -o "$status" = "reconnect" ]; then
ip route del $ip via 191.255.255.1 dev $out
ip neigh del proxy $ip dev $in
iptables -D FORWARD -i $in -o $out -s 0.0.0.0/0 -d $ip/32 -j ACCEPT
iptables -D FORWARD -i $out -o $in -s $ip/32 -d 0.0.0.0/0 -j ACCEPT
fi
if [ "$status" = "start" -o "$status" = "reconnect" ]; then
ip route add $ip via 191.255.255.1 dev $out
ip neigh add proxy $ip dev $in
iptables -I FORWARD 4 -i $in -o $out -s 0.0.0.0/0 -d $ip/32 -j ACCEPT
iptables -I FORWARD 4 -i $out -o $in -s $ip/32 -d 0.0.0.0/0 -j ACCEPT
fi
}
CONF=//etc/libvirt/hooks/vms/*
for file in $CONF
do
guest_ipaddr=""
guest_name=""
type=""
destination="0.0.0.0/0"
while read line; do
eval $line
done < $file
guest_ipaddrnet=$guest_ipaddr"/32"
for dest in ${destination}
do
if [ "${1}" = "${guest_name}" ]; then
echo "SRC-IP="$guest_ipaddr " " $guest_ipaddrnet " VM="$guest_name " Dest="$dest
if [ "${2}" = "stopped" ]; then
ip route del $guest_ipaddr via 191.255.255.1 dev virbr1
ip neigh del proxy $guest_ipaddr dev bond0
iptables -D FORWARD -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT
iptables -D FORWARD -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT
fi
if [ "${2}" = "start" ]; then
ip route add $guest_ipaddr via 191.255.255.1 dev virbr1
ip neigh add proxy $guest_ipaddr dev bond0
iptables -I FORWARD 4 -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT
iptables -I FORWARD 4 -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT
fi
if [ "${2}" = "reconnect" ]; then
ip route del $guest_ipaddr via 191.255.255.1 dev virbr1
ip neigh del proxy $guest_ipaddr dev bond0
iptables -D FORWARD -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT
iptables -D FORWARD -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT
sleep 1
ip route add $guest_ipaddr via 191.255.255.1 dev virbr1
ip neigh add proxy $guest_ipaddr dev bond0
iptables -I FORWARD 4 -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT
iptables -I FORWARD 4 -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT
fi
fi
done
done
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1261450/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [Bug 1261450] [NEW] libvirtd reload and hooks problem routed-net
2013-12-16 17:00 [Qemu-devel] [Bug 1261450] [NEW] libvirtd reload and hooks problem routed-net Chris Weltzien
@ 2013-12-17 11:00 ` Stefan Hajnoczi
2014-02-19 10:23 ` [Qemu-devel] [Bug 1261450] " Tim Rohde
2017-01-26 7:50 ` Thomas Huth
2 siblings, 0 replies; 4+ messages in thread
From: Stefan Hajnoczi @ 2013-12-17 11:00 UTC (permalink / raw)
To: Bug 1261450; +Cc: qemu-devel
On Mon, Dec 16, 2013 at 05:00:51PM -0000, Chris Weltzien wrote:
> if we do a reload of libvirt, some iptables rules, which are created through /etc/libvirt/hooks/qemu are not working anymore.
> Every time a other (one or two,thee) vm is affected.
Please report this to the libvirt project:
http://libvirt.org/bugs.html
Stefan
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Qemu-devel] [Bug 1261450] Re: libvirtd reload and hooks problem routed-net
2013-12-16 17:00 [Qemu-devel] [Bug 1261450] [NEW] libvirtd reload and hooks problem routed-net Chris Weltzien
2013-12-17 11:00 ` Stefan Hajnoczi
@ 2014-02-19 10:23 ` Tim Rohde
2017-01-26 7:50 ` Thomas Huth
2 siblings, 0 replies; 4+ messages in thread
From: Tim Rohde @ 2014-02-19 10:23 UTC (permalink / raw)
To: qemu-devel
Hi,
we have a workaround for that. We´ve add sleep
${RANDOM:0:1}.${RANDOM:-1:1} between the IP Tables rules. The Problem
is, that IP tables cannot execute twice or more times simultaneously.
Cheers Tim
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1261450
Title:
libvirtd reload and hooks problem routed-net
Status in QEMU:
New
Bug description:
if we do a reload of libvirt, some iptables rules, which are created through /etc/libvirt/hooks/qemu are not working anymore.
Every time a other (one or two,thee) vm is affected.
our qemu file:
#!/bin/bash
do_net() {
local status=$2
local ip=$3
local in=$4
local out=$5
if [[ ! $status || ! $ip || ! $in || ! $out ]]; then
echo "Not all parameters were passed!"
exit 1
fi
if [ "$status" = "stopped" -o "$status" = "reconnect" ]; then
ip route del $ip via 191.255.255.1 dev $out
ip neigh del proxy $ip dev $in
iptables -D FORWARD -i $in -o $out -s 0.0.0.0/0 -d $ip/32 -j ACCEPT
iptables -D FORWARD -i $out -o $in -s $ip/32 -d 0.0.0.0/0 -j ACCEPT
fi
if [ "$status" = "start" -o "$status" = "reconnect" ]; then
ip route add $ip via 191.255.255.1 dev $out
ip neigh add proxy $ip dev $in
iptables -I FORWARD 4 -i $in -o $out -s 0.0.0.0/0 -d $ip/32 -j ACCEPT
iptables -I FORWARD 4 -i $out -o $in -s $ip/32 -d 0.0.0.0/0 -j ACCEPT
fi
}
CONF=//etc/libvirt/hooks/vms/*
for file in $CONF
do
guest_ipaddr=""
guest_name=""
type=""
destination="0.0.0.0/0"
while read line; do
eval $line
done < $file
guest_ipaddrnet=$guest_ipaddr"/32"
for dest in ${destination}
do
if [ "${1}" = "${guest_name}" ]; then
echo "SRC-IP="$guest_ipaddr " " $guest_ipaddrnet " VM="$guest_name " Dest="$dest
if [ "${2}" = "stopped" ]; then
ip route del $guest_ipaddr via 191.255.255.1 dev virbr1
ip neigh del proxy $guest_ipaddr dev bond0
iptables -D FORWARD -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT
iptables -D FORWARD -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT
fi
if [ "${2}" = "start" ]; then
ip route add $guest_ipaddr via 191.255.255.1 dev virbr1
ip neigh add proxy $guest_ipaddr dev bond0
iptables -I FORWARD 4 -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT
iptables -I FORWARD 4 -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT
fi
if [ "${2}" = "reconnect" ]; then
ip route del $guest_ipaddr via 191.255.255.1 dev virbr1
ip neigh del proxy $guest_ipaddr dev bond0
iptables -D FORWARD -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT
iptables -D FORWARD -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT
sleep 1
ip route add $guest_ipaddr via 191.255.255.1 dev virbr1
ip neigh add proxy $guest_ipaddr dev bond0
iptables -I FORWARD 4 -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT
iptables -I FORWARD 4 -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT
fi
fi
done
done
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1261450/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Qemu-devel] [Bug 1261450] Re: libvirtd reload and hooks problem routed-net
2013-12-16 17:00 [Qemu-devel] [Bug 1261450] [NEW] libvirtd reload and hooks problem routed-net Chris Weltzien
2013-12-17 11:00 ` Stefan Hajnoczi
2014-02-19 10:23 ` [Qemu-devel] [Bug 1261450] " Tim Rohde
@ 2017-01-26 7:50 ` Thomas Huth
2 siblings, 0 replies; 4+ messages in thread
From: Thomas Huth @ 2017-01-26 7:50 UTC (permalink / raw)
To: qemu-devel
Closing, since this is not a QEMU bug.
** Changed in: qemu
Status: New => Invalid
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1261450
Title:
libvirtd reload and hooks problem routed-net
Status in QEMU:
Invalid
Bug description:
if we do a reload of libvirt, some iptables rules, which are created through /etc/libvirt/hooks/qemu are not working anymore.
Every time a other (one or two,thee) vm is affected.
our qemu file:
#!/bin/bash
do_net() {
local status=$2
local ip=$3
local in=$4
local out=$5
if [[ ! $status || ! $ip || ! $in || ! $out ]]; then
echo "Not all parameters were passed!"
exit 1
fi
if [ "$status" = "stopped" -o "$status" = "reconnect" ]; then
ip route del $ip via 191.255.255.1 dev $out
ip neigh del proxy $ip dev $in
iptables -D FORWARD -i $in -o $out -s 0.0.0.0/0 -d $ip/32 -j ACCEPT
iptables -D FORWARD -i $out -o $in -s $ip/32 -d 0.0.0.0/0 -j ACCEPT
fi
if [ "$status" = "start" -o "$status" = "reconnect" ]; then
ip route add $ip via 191.255.255.1 dev $out
ip neigh add proxy $ip dev $in
iptables -I FORWARD 4 -i $in -o $out -s 0.0.0.0/0 -d $ip/32 -j ACCEPT
iptables -I FORWARD 4 -i $out -o $in -s $ip/32 -d 0.0.0.0/0 -j ACCEPT
fi
}
CONF=//etc/libvirt/hooks/vms/*
for file in $CONF
do
guest_ipaddr=""
guest_name=""
type=""
destination="0.0.0.0/0"
while read line; do
eval $line
done < $file
guest_ipaddrnet=$guest_ipaddr"/32"
for dest in ${destination}
do
if [ "${1}" = "${guest_name}" ]; then
echo "SRC-IP="$guest_ipaddr " " $guest_ipaddrnet " VM="$guest_name " Dest="$dest
if [ "${2}" = "stopped" ]; then
ip route del $guest_ipaddr via 191.255.255.1 dev virbr1
ip neigh del proxy $guest_ipaddr dev bond0
iptables -D FORWARD -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT
iptables -D FORWARD -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT
fi
if [ "${2}" = "start" ]; then
ip route add $guest_ipaddr via 191.255.255.1 dev virbr1
ip neigh add proxy $guest_ipaddr dev bond0
iptables -I FORWARD 4 -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT
iptables -I FORWARD 4 -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT
fi
if [ "${2}" = "reconnect" ]; then
ip route del $guest_ipaddr via 191.255.255.1 dev virbr1
ip neigh del proxy $guest_ipaddr dev bond0
iptables -D FORWARD -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT
iptables -D FORWARD -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT
sleep 1
ip route add $guest_ipaddr via 191.255.255.1 dev virbr1
ip neigh add proxy $guest_ipaddr dev bond0
iptables -I FORWARD 4 -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT
iptables -I FORWARD 4 -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT
fi
fi
done
done
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1261450/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-01-26 8:05 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-12-16 17:00 [Qemu-devel] [Bug 1261450] [NEW] libvirtd reload and hooks problem routed-net Chris Weltzien
2013-12-17 11:00 ` Stefan Hajnoczi
2014-02-19 10:23 ` [Qemu-devel] [Bug 1261450] " Tim Rohde
2017-01-26 7:50 ` Thomas Huth
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).