[Mold Diplo] 컴퓨트, 디스크 오퍼링 기본 캐시 설정 및 보안그룹 체인 생성 개선

scripts/vm/network/security_group.py

@@ -32,6 +32,7 @@
 lock_file = "/var/lock/cloudstack_security_group.lock"
 driver = "qemu:///system"
 lock_handle = None
+SYSTEM_VM_PREFIXES = ('r-', 's-', 'v-')
 
 
 def obtain_file_lock(path):
@@ -194,16 +195,13 @@ def get_bridge_physdev(brname):
 def destroy_network_rules_for_vm(vm_name, vif=None):
     vmchain = iptables_chain_name(vm_name)
     vmchain_egress = egress_chain_name(vm_name)
-    vmchain_default = None
+    vmchain_default = default_chain_name(vm_name)
     vm_ipsetname=ipset_chain_name(vm_name)
 
     delete_rules_for_vm_in_bridge_firewall_chain(vm_name)
-    if 1 in [vm_name.startswith(c) for c in ['r-', 's-', 'v-']]:
+    if is_system_vm_name(vm_name):
         return True
 
-    if vm_name.startswith('i-'):
-        vmchain_default = '-'.join(vm_name.split('-')[:-1]) + "-def"
-
     destroy_ebtables_rules(vm_name, vif)
 
     chains = [vmchain_default, vmchain, vmchain_egress]
@@ -507,7 +505,7 @@ def ebtables_rules_vmip (vmname, vmmac, ips, action):
 
 def check_default_network_rules(vm_name, vm_id, vm_ip, vm_ip6, vm_mac, vif, brname, sec_ips, is_first_nic=False):
     brfw = get_br_fw(brname)
-    vmchain_default = '-'.join(vm_name.split('-')[:-1]) + "-def"
+    vmchain_default = default_chain_name(vm_name)
     try:
         rules = execute("iptables-save |grep -w %s |grep -w %s |grep -w %s" % (brfw, vif, vmchain_default))
     except:
@@ -539,7 +537,7 @@ def default_network_rules(vm_name, vm_id, vm_ip, vm_ip6, vm_mac, vif, brname, se
 
     vmchain = iptables_chain_name(vm_name)
     vmchain_egress = egress_chain_name(vm_name)
-    vmchain_default = '-'.join(vmchain.split('-')[:-1]) + "-def"
+    vmchain_default = default_chain_name(vm_name)
     ipv6_link_local = ipv6_link_local_addr(vm_mac)
 
     action = "-A"
@@ -698,7 +696,7 @@ def default_network_rules(vm_name, vm_id, vm_ip, vm_ip6, vm_mac, vif, brname, se
 
 
 def post_default_network_rules(vm_name, vm_id, vm_ip, vm_mac, vif, brname, dhcpSvr, hostIp, hostMacAddr):
-    vmchain_default = '-'.join(vm_name.split('-')[:-1]) + "-def"
+    vmchain_default = default_chain_name(vm_name)
     iptables_vmchain=iptables_chain_name(vm_name)
     vmchain_in = iptables_vmchain + "-in"
     vmchain_out = iptables_vmchain + "-out"
@@ -731,11 +729,10 @@ def post_default_network_rules(vm_name, vm_id, vm_ip, vm_mac, vif, brname, dhcpS
 
 def delete_rules_for_vm_in_bridge_firewall_chain(vmName):
     vm_name = vmName
-    if vm_name.startswith('i-'):
-        vm_name=iptables_chain_name(vm_name)
-        vm_name = '-'.join(vm_name.split('-')[:-1]) + "-def"
-
-    vmchain = iptables_chain_name(vm_name)
+    if is_system_vm_name(vm_name):
+        vmchain = iptables_chain_name(vm_name)
+    else:
+        vmchain = default_chain_name(vm_name)
 
     delcmd = """iptables-save | awk '/BF(.*)physdev-is-bridged(.*)%s/ { sub(/-A/, "-D", $1) ; print }'""" % vmchain
     delcmds = [_f for _f in execute(delcmd).split('\n') if _f]
@@ -827,12 +824,12 @@ def network_rules_for_rebooted_vm(vmName):
     else:
         brName = execute("iptables-save |grep physdev-is-bridged |grep FORWARD |grep BF |grep '\-o' |awk '{print $4}' | head -1").strip()
 
-    if 1 in [ vm_name.startswith(c) for c in ['r-', 's-', 'v-'] ]:
+    if is_system_vm_name(vm_name):
         default_network_rules_systemvm(vm_name, brName)
         return True
 
     vmchain = iptables_chain_name(vm_name)
-    vmchain_default = '-'.join(vmchain.split('-')[:-1]) + "-def"
+    vmchain_default = default_chain_name(vm_name)
 
     vifs = get_vifs(vmName)
     logging.debug(vifs, brName)
@@ -874,12 +871,12 @@ def get_rule_logs_for_vms():
     try:
         for name in vms:
             name = name.rstrip()
-            if 1 not in [name.startswith(c) for c in ['r-', 's-', 'v-', 'i-'] ]:
+            if is_system_vm_name(name):
                 continue
             # Move actions on rebooted vm to java code
             # network_rules_for_rebooted_vm(name)
-            if name.startswith('i-'):
-                log = get_rule_log_for_vm(name)
+            log = get_rule_log_for_vm(name)
+            if log:
                 result.append(log)
     except:
         logging.exception("Failed to get rule logs, better luck next time!")
@@ -966,6 +963,24 @@ def cleanup_rules():
                     logging.debug("vm " + vm_name + " is not running or paused, cleaning up ebtables rules")
                     cleanup.append(vm_name)
 
+        if os.path.isdir(logpath):
+            for log_file in os.listdir(logpath):
+                if not log_file.endswith(".log"):
+                    continue
+                vm_name = log_file[:-4]
+                if is_system_vm_name(vm_name):
+                    continue
+
+                vmpresent = False
+                for vm in vmsInHost:
+                    if vm_name in vm:
+                        vmpresent = True
+                        break
+
+                if vmpresent is False:
+                    logging.debug("vm " + vm_name + " is not running or paused, cleaning up logged rules")
+                    cleanup.append(vm_name)
+
         cleanup = list(set(cleanup))  # remove duplicates
         for vmname in cleanup:
             destroy_network_rules_for_vm(vmname)
@@ -1060,6 +1075,17 @@ def egress_chain_name(vm_name):
     return chain_name + "-eg"
 
 
+def default_chain_name(vm_name):
+    chain_name = iptables_chain_name(vm_name)
+    if chain_name.startswith('i-') and '-' in chain_name:
+        return '-'.join(chain_name.split('-')[:-1]) + "-def"
+    return chain_name + "-def"
+
+
+def is_system_vm_name(vm_name):
+    return vm_name.startswith(SYSTEM_VM_PREFIXES)
+
+
 def parse_network_rules(rules):
     ret = []
 
@@ -1468,7 +1494,7 @@ def verify_default_iptables_rules_for_vm(vm_name, vm_id, vm_ips, vm_ip6, vm_mac,
     brfwout = brfw + "-OUT"
     vmchain = iptables_chain_name(vm_name)
     vmchain_egress = egress_chain_name(vm_name)
-    vm_def = '-'.join(vm_name.split('-')[:-1]) + "-def"
+    vm_def = default_chain_name(vm_name)
 
     expected_rules = []
     expected_rules.append("-A %s -m physdev --physdev-in %s --physdev-is-bridged -j %s" % (brfwin, vif, vm_def))

ui/public/locales/en.json

@@ -2680,10 +2680,10 @@
 "label.windows": "Windows",
 "label.with.snapshotid": "with Snapshot ID",
 "label.write": "Write",
-"label.writeback": "Write-back disk caching",
-"label.writecachetype": "Write-cache Type",
+"label.writeback": "Write-Back disk caching",
+"label.writecachetype": "Write-Cache Type",
 "label.writeio": "Write (IO)",
-"label.writethrough": "Write-through",
+"label.writethrough": "Write-Through",
 "label.xennetworklabel": "XenServer Traffic Label",
 "label.xenserver": "XenServer",
 "label.xenservertoolsversion61plus": "Original XS Version is 6.1+",

ui/public/locales/ko_KR.json

@@ -496,7 +496,7 @@
 "label.by.type": "\uc720\ud615\ubcc4",
 "label.by.zone": "Zone\ubcc4",
 "label.bypassvlanoverlapcheck": "VLAN ID/\ubc94\uc704 \uc911\ubcf5 \uc6b0\ud68c",
-"label.cachemode": "Write-cache \uc720\ud615",
+"label.cachemode": "Write-Cache \uc720\ud615",
 "label.cancel": "\ucde8\uc18c",
 "label.cancel.shutdown": "\uc885\ub8cc \ucde8\uc18c",
 "label.cancelmaintenance": "\uc720\uc9c0 \uad00\ub9ac \ucde8\uc18c",
@@ -2677,10 +2677,10 @@
 "label.windows": "Windows",
 "label.with.snapshotid": "with \uc2a4\ub0c5\uc0f7 ID",
 "label.write": "\uc4f0\uae30",
-"label.writeback": "Write-back \ub514\uc2a4\ud06c \uce90\uc2f1",
-"label.writecachetype": "Write-cache \uc720\ud615",
+"label.writeback": "Write-Back \ub514\uc2a4\ud06c \uce90\uc2f1",
+"label.writecachetype": "Write-Cache \uc720\ud615",
 "label.writeio": "\uc4f0\uae30(IO)",
-"label.writethrough": "Write-through",
+"label.writethrough": "Write-Through",
 "label.xennetworklabel": "XenServer \ud2b8\ub798\ud53d \ub77c\ubca8",
 "label.xenserver": "XenServer",
 "label.xenservertoolsversion61plus": "\uc6d0\ub798 XS \ubc84\uc804\uc740 6.1 \uc774\uc0c1\uc785\ub2c8\ub2e4.",

ui/src/views/offering/AddComputeOffering.vue

@@ -412,15 +412,15 @@
                 v-model:value="form.cachemode"
                 buttonStyle="solid"
                 @change="selected => { handleCacheModeChange(selected.target.value) }">
-                <a-radio-button value="none">
-                  {{ $t('label.nodiskcache') }}
-                </a-radio-button>
                 <a-radio-button value="writeback">
                   {{ $t('label.writeback') }}
                 </a-radio-button>
                 <a-radio-button value="writethrough">
                   {{ $t('label.writethrough') }}
                 </a-radio-button>
+                <a-radio-button value="none">
+                  {{ $t('label.nodiskcache') }}
+                </a-radio-button>
               </a-radio-group>
             </a-form-item>
             <a-form-item :label="$t('label.qostype')" name="qostype" ref="qostype">
@@ -641,7 +641,7 @@ export default {
       },
       storageType: 'shared',
       provisioningType: 'thin',
-      cacheMode: 'none',
+      cacheMode: 'writeback',
       offeringType: 'fixed',
       isCustomizedDiskIops: false,
       isPublic: true,

ui/src/views/offering/AddDiskOffering.vue

@@ -214,15 +214,15 @@
             v-model:value="form.writecachetype"
             buttonStyle="solid"
             @change="selected => { handleWriteCacheTypeChange(selected.target.value) }">
-            <a-radio-button value="none">
-              {{ $t('label.nodiskcache') }}
-            </a-radio-button>
             <a-radio-button value="writeback">
               {{ $t('label.writeback') }}
             </a-radio-button>
             <a-radio-button value="writethrough">
               {{ $t('label.writethrough') }}
             </a-radio-button>
+            <a-radio-button value="none">
+              {{ $t('label.nodiskcache') }}
+            </a-radio-button>
           </a-radio-group>
         </a-form-item>
         <a-form-item v-if="isAdmin() || isDomainAdminAllowedToInformTags" name="tags" ref="tags">
@@ -377,7 +377,7 @@ export default {
         storagetype: 'shared',
         provisioningtype: 'thin',
         customdisksize: true,
-        writecachetype: 'none',
+        writecachetype: 'writeback',
         qostype: '',
         ispublic: this.isPublic,
         disksizestrictness: this.disksizestrictness,