[one-users] 回复: problem with ebtables-xen OpenNebula
高建平
13810416995 at qq.com
Fri May 6 03:42:28 PDT 2011
Hi,
thanks for you repply ,
I have changed those commnd to full path in the ebtables-xen script , but it did not work. the following is my script :
#!/usr/bin/env ruby
# -------------------------------------------------------------------------- #
# Copyright 2002-2009, Distributed Systems Architecture Group, Universidad #
# Complutense de Madrid (dsa-research.org) #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
VM_NAME=ARGV[0]
# Uncomment to act only on the listed bridges.
#FILTERED_BRIDGES = ['beth0']
def activate(rule)
system "sudo /usr/local/sbin/ebtables -A #{rule}"
end
def get_bridges
bridges = Hash.new
brctl_exit=`/usr/sbin/brctl show`
cur_bridge = ""
brctl_exit.split("\n")[1..-1].each do |l|
l = l.split
if l.length > 1
cur_bridge = l[0]
bridges[cur_bridge] = Array.new
bridges[cur_bridge] << l[3]
else
bridges[cur_bridge] << l[0]
end
end
bridges
end
def get_interfaces
bridges = get_bridges
if defined? FILTERED_BRIDGES
FILTERED_BRIDGES.collect {|k,v| bridges[k]}.flatten
else
bridges.values.flatten
end
end
vm_id=`sudo /usr/sbin/xm domid #{VM_NAME}`.strip
networks=`sudo /usr/sbin/xm network-list #{vm_id}`.split("\n")[1..-1]
interfaces = get_interfaces
networks.each {|net|
n=net.split
iface_id=n[0]
iface_mac=n[2]
tap="vif#{vm_id}.#{iface_id}"
if interfaces.include? tap
mac=iface_mac.split(':')
mac[-1]='00'
net_mac=mac.join(':')
in_rule="FORWARD -s ! #{net_mac}/ff:ff:ff:ff:ff:00 -o #{tap} -j DROP"
out_rule="FORWARD -s ! #{iface_mac} -i #{tap} -j DROP"
activate(in_rule)
activate(out_rule)
end
}
------------------ 原始邮件 ------------------
发件人: "Jaime Melis"<jmelis at opennebula.org>;
发送时间: 2011年5月6日(星期五) 晚上6:24
收件人: "高建平"<13810416995 at qq.com>;
抄送: "users"<users at lists.opennebula.org>;
主题: Re: [one-users] problem with ebtables-xen OpenNebula
Hi,
change lines 54 and 55 of ebtables-xen script to reflect the full path of the xm binary (typically /usr/sbin/xm).
I suggest you migrate to OpenNebula 2.2
regards,
Jaime
2011/5/6 高建平 <13810416995 at qq.com>
Dear
I have some problem when I using ebtables to isolate vlans. My OpenNebula version is 1.4,and i'm using Xen(3.0.3) and centos(5.4;nodes os). and I have done sone configuration according to Private Cloud Computing with OpenNebula 1.4 document:
1. install ebtables and configure sudoers on every nodes.
oneadmin ALL=(ALL) NOPASSWD: /usr/local/sbin/ebtables*
2. modify my one configure, /opt/nebula/ONE/etc/oned.conf:
VM_HOOK = [
name ="ebtables-start",
on ="running",
command ="/opt/nebula/ONE/share/hooks/ebtables-xen",
arguments ="one-$VMID",
remote ="yes" ]
VM_HOOK = [
name ="ebtables-flush",
on ="done",
command ="/opt/nebula/ONE/share/hooks/ebtables-flush",
arguments ="",
remote ="yes" ]
but when VM is created the ebtables rules is empty,and the oned.log has this msg:
Thu May 5 15:59:41 2011 [HKM][D]: Message received: LOG - 10 CQ_TEST## ssh node30 '/opt/nebula/ONE/share/hooks/ebtables-xen one-10' ; echo ExitCode: $? 1>&2
Thu May 5 15:59:42 2011 [HKM][D]: Message received: LOG - 10 Command execution fail: '/opt/nebula/ONE/share/hooks/ebtables-xen one-10'
Thu May 5 15:59:42 2011 [HKM][D]: Message received: LOG - 10 STDERR follows.
Thu May 5 15:59:42 2011 [HKM][D]: Message received: LOG - 10 sudo: xm: command not found
Thu May 5 15:59:42 2011 [HKM][D]: Message received: LOG - 10 sudo: xm: command not found
Thu May 5 15:59:42 2011 [HKM][D]: Message received: LOG - 10 /opt/nebula/ONE/share/hooks/ebtables-xen:80: command not found: brctl show
Thu May 5 15:59:42 2011 [HKM][D]: Message received: LOG - 10 /opt/nebula/ONE/share/hooks/ebtables-xen:33:in `get_bridges': undefined method `each' for nil:NilClass (NoMethodError)
Thu May 5 15:59:42 2011 [HKM][D]: Message received: LOG - 10 from /opt/nebula/ONE/share/hooks/ebtables-xen:47:in `get_interfaces'
Thu May 5 15:59:42 2011 [HKM][D]: Message received: LOG - 10 from /opt/nebula/ONE/share/hooks/ebtables-xen:58
Thu May 5 15:59:42 2011 [HKM][D]: Message received: LOG - 10 ExitCode: 1
Thu May 5 15:59:42 2011 [HKM][D]: Message received: EXECUTE FAILURE 10 ebtables-start
can you help me to fix this problem, thanks for your time. Best Regardsgaojp
_______________________________________________
Users mailing list
Users at lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
Jaime Melis, Cloud Technology Engineer/Researcher
Major Contributor
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | jmelis at opennebula.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20110506/91826ed8/attachment-0002.htm>
More information about the Users
mailing list