diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py
index d71e27eb2644..55a9c4ecce77 100755
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@@ -32,6 +32,7 @@
lock_file = "/var/lock/cloudstack_security_group.lock"
driver = "qemu:///system"
lock_handle = None
+SYSTEM_VM_PREFIXES = ('r-', 's-', 'v-')
def obtain_file_lock(path):
@@ -194,16 +195,13 @@ def get_bridge_physdev(brname):
def destroy_network_rules_for_vm(vm_name, vif=None):
vmchain = iptables_chain_name(vm_name)
vmchain_egress = egress_chain_name(vm_name)
- vmchain_default = None
+ vmchain_default = default_chain_name(vm_name)
vm_ipsetname=ipset_chain_name(vm_name)
delete_rules_for_vm_in_bridge_firewall_chain(vm_name)
- if 1 in [vm_name.startswith(c) for c in ['r-', 's-', 'v-']]:
+ if is_system_vm_name(vm_name):
return True
- if vm_name.startswith('i-'):
- vmchain_default = '-'.join(vm_name.split('-')[:-1]) + "-def"
-
destroy_ebtables_rules(vm_name, vif)
chains = [vmchain_default, vmchain, vmchain_egress]
@@ -507,7 +505,7 @@ def ebtables_rules_vmip (vmname, vmmac, ips, action):
def check_default_network_rules(vm_name, vm_id, vm_ip, vm_ip6, vm_mac, vif, brname, sec_ips, is_first_nic=False):
brfw = get_br_fw(brname)
- vmchain_default = '-'.join(vm_name.split('-')[:-1]) + "-def"
+ vmchain_default = default_chain_name(vm_name)
try:
rules = execute("iptables-save |grep -w %s |grep -w %s |grep -w %s" % (brfw, vif, vmchain_default))
except:
@@ -539,7 +537,7 @@ def default_network_rules(vm_name, vm_id, vm_ip, vm_ip6, vm_mac, vif, brname, se
vmchain = iptables_chain_name(vm_name)
vmchain_egress = egress_chain_name(vm_name)
- vmchain_default = '-'.join(vmchain.split('-')[:-1]) + "-def"
+ vmchain_default = default_chain_name(vm_name)
ipv6_link_local = ipv6_link_local_addr(vm_mac)
action = "-A"
@@ -698,7 +696,7 @@ def default_network_rules(vm_name, vm_id, vm_ip, vm_ip6, vm_mac, vif, brname, se
def post_default_network_rules(vm_name, vm_id, vm_ip, vm_mac, vif, brname, dhcpSvr, hostIp, hostMacAddr):
- vmchain_default = '-'.join(vm_name.split('-')[:-1]) + "-def"
+ vmchain_default = default_chain_name(vm_name)
iptables_vmchain=iptables_chain_name(vm_name)
vmchain_in = iptables_vmchain + "-in"
vmchain_out = iptables_vmchain + "-out"
@@ -731,11 +729,10 @@ def post_default_network_rules(vm_name, vm_id, vm_ip, vm_mac, vif, brname, dhcpS
def delete_rules_for_vm_in_bridge_firewall_chain(vmName):
vm_name = vmName
- if vm_name.startswith('i-'):
- vm_name=iptables_chain_name(vm_name)
- vm_name = '-'.join(vm_name.split('-')[:-1]) + "-def"
-
- vmchain = iptables_chain_name(vm_name)
+ if is_system_vm_name(vm_name):
+ vmchain = iptables_chain_name(vm_name)
+ else:
+ vmchain = default_chain_name(vm_name)
delcmd = """iptables-save | awk '/BF(.*)physdev-is-bridged(.*)%s/ { sub(/-A/, "-D", $1) ; print }'""" % vmchain
delcmds = [_f for _f in execute(delcmd).split('\n') if _f]
@@ -827,12 +824,12 @@ def network_rules_for_rebooted_vm(vmName):
else:
brName = execute("iptables-save |grep physdev-is-bridged |grep FORWARD |grep BF |grep '\-o' |awk '{print $4}' | head -1").strip()
- if 1 in [ vm_name.startswith(c) for c in ['r-', 's-', 'v-'] ]:
+ if is_system_vm_name(vm_name):
default_network_rules_systemvm(vm_name, brName)
return True
vmchain = iptables_chain_name(vm_name)
- vmchain_default = '-'.join(vmchain.split('-')[:-1]) + "-def"
+ vmchain_default = default_chain_name(vm_name)
vifs = get_vifs(vmName)
logging.debug(vifs, brName)
@@ -874,12 +871,12 @@ def get_rule_logs_for_vms():
try:
for name in vms:
name = name.rstrip()
- if 1 not in [name.startswith(c) for c in ['r-', 's-', 'v-', 'i-'] ]:
+ if is_system_vm_name(name):
continue
# Move actions on rebooted vm to java code
# network_rules_for_rebooted_vm(name)
- if name.startswith('i-'):
- log = get_rule_log_for_vm(name)
+ log = get_rule_log_for_vm(name)
+ if log:
result.append(log)
except:
logging.exception("Failed to get rule logs, better luck next time!")
@@ -966,6 +963,24 @@ def cleanup_rules():
logging.debug("vm " + vm_name + " is not running or paused, cleaning up ebtables rules")
cleanup.append(vm_name)
+ if os.path.isdir(logpath):
+ for log_file in os.listdir(logpath):
+ if not log_file.endswith(".log"):
+ continue
+ vm_name = log_file[:-4]
+ if is_system_vm_name(vm_name):
+ continue
+
+ vmpresent = False
+ for vm in vmsInHost:
+ if vm_name in vm:
+ vmpresent = True
+ break
+
+ if vmpresent is False:
+ logging.debug("vm " + vm_name + " is not running or paused, cleaning up logged rules")
+ cleanup.append(vm_name)
+
cleanup = list(set(cleanup)) # remove duplicates
for vmname in cleanup:
destroy_network_rules_for_vm(vmname)
@@ -1060,6 +1075,17 @@ def egress_chain_name(vm_name):
return chain_name + "-eg"
+def default_chain_name(vm_name):
+ chain_name = iptables_chain_name(vm_name)
+ if chain_name.startswith('i-') and '-' in chain_name:
+ return '-'.join(chain_name.split('-')[:-1]) + "-def"
+ return chain_name + "-def"
+
+
+def is_system_vm_name(vm_name):
+ return vm_name.startswith(SYSTEM_VM_PREFIXES)
+
+
def parse_network_rules(rules):
ret = []
@@ -1468,7 +1494,7 @@ def verify_default_iptables_rules_for_vm(vm_name, vm_id, vm_ips, vm_ip6, vm_mac,
brfwout = brfw + "-OUT"
vmchain = iptables_chain_name(vm_name)
vmchain_egress = egress_chain_name(vm_name)
- vm_def = '-'.join(vm_name.split('-')[:-1]) + "-def"
+ vm_def = default_chain_name(vm_name)
expected_rules = []
expected_rules.append("-A %s -m physdev --physdev-in %s --physdev-is-bridged -j %s" % (brfwin, vif, vm_def))
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index 4deac6d51823..c72a185cdfe5 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -2680,10 +2680,10 @@
"label.windows": "Windows",
"label.with.snapshotid": "with Snapshot ID",
"label.write": "Write",
-"label.writeback": "Write-back disk caching",
-"label.writecachetype": "Write-cache Type",
+"label.writeback": "Write-Back disk caching",
+"label.writecachetype": "Write-Cache Type",
"label.writeio": "Write (IO)",
-"label.writethrough": "Write-through",
+"label.writethrough": "Write-Through",
"label.xennetworklabel": "XenServer Traffic Label",
"label.xenserver": "XenServer",
"label.xenservertoolsversion61plus": "Original XS Version is 6.1+",
diff --git a/ui/public/locales/ko_KR.json b/ui/public/locales/ko_KR.json
index 83031e0a16f5..8054f859f39f 100644
--- a/ui/public/locales/ko_KR.json
+++ b/ui/public/locales/ko_KR.json
@@ -496,7 +496,7 @@
"label.by.type": "\uc720\ud615\ubcc4",
"label.by.zone": "Zone\ubcc4",
"label.bypassvlanoverlapcheck": "VLAN ID/\ubc94\uc704 \uc911\ubcf5 \uc6b0\ud68c",
-"label.cachemode": "Write-cache \uc720\ud615",
+"label.cachemode": "Write-Cache \uc720\ud615",
"label.cancel": "\ucde8\uc18c",
"label.cancel.shutdown": "\uc885\ub8cc \ucde8\uc18c",
"label.cancelmaintenance": "\uc720\uc9c0 \uad00\ub9ac \ucde8\uc18c",
@@ -2677,10 +2677,10 @@
"label.windows": "Windows",
"label.with.snapshotid": "with \uc2a4\ub0c5\uc0f7 ID",
"label.write": "\uc4f0\uae30",
-"label.writeback": "Write-back \ub514\uc2a4\ud06c \uce90\uc2f1",
-"label.writecachetype": "Write-cache \uc720\ud615",
+"label.writeback": "Write-Back \ub514\uc2a4\ud06c \uce90\uc2f1",
+"label.writecachetype": "Write-Cache \uc720\ud615",
"label.writeio": "\uc4f0\uae30(IO)",
-"label.writethrough": "Write-through",
+"label.writethrough": "Write-Through",
"label.xennetworklabel": "XenServer \ud2b8\ub798\ud53d \ub77c\ubca8",
"label.xenserver": "XenServer",
"label.xenservertoolsversion61plus": "\uc6d0\ub798 XS \ubc84\uc804\uc740 6.1 \uc774\uc0c1\uc785\ub2c8\ub2e4.",
diff --git a/ui/src/views/offering/AddComputeOffering.vue b/ui/src/views/offering/AddComputeOffering.vue
index 1269f5824cc0..807c7812d31c 100644
--- a/ui/src/views/offering/AddComputeOffering.vue
+++ b/ui/src/views/offering/AddComputeOffering.vue
@@ -412,15 +412,15 @@
v-model:value="form.cachemode"
buttonStyle="solid"
@change="selected => { handleCacheModeChange(selected.target.value) }">
-
- {{ $t('label.nodiskcache') }}
-
{{ $t('label.writeback') }}
{{ $t('label.writethrough') }}
+
+ {{ $t('label.nodiskcache') }}
+
@@ -641,7 +641,7 @@ export default {
},
storageType: 'shared',
provisioningType: 'thin',
- cacheMode: 'none',
+ cacheMode: 'writeback',
offeringType: 'fixed',
isCustomizedDiskIops: false,
isPublic: true,
diff --git a/ui/src/views/offering/AddDiskOffering.vue b/ui/src/views/offering/AddDiskOffering.vue
index e6d2c19d42df..5c0509c3ea34 100644
--- a/ui/src/views/offering/AddDiskOffering.vue
+++ b/ui/src/views/offering/AddDiskOffering.vue
@@ -214,15 +214,15 @@
v-model:value="form.writecachetype"
buttonStyle="solid"
@change="selected => { handleWriteCacheTypeChange(selected.target.value) }">
-
- {{ $t('label.nodiskcache') }}
-
{{ $t('label.writeback') }}
{{ $t('label.writethrough') }}
+
+ {{ $t('label.nodiskcache') }}
+
@@ -377,7 +377,7 @@ export default {
storagetype: 'shared',
provisioningtype: 'thin',
customdisksize: true,
- writecachetype: 'none',
+ writecachetype: 'writeback',
qostype: '',
ispublic: this.isPublic,
disksizestrictness: this.disksizestrictness,