From e6148622cab27f7248083155add8fb67d550854c Mon Sep 17 00:00:00 2001
From: JS Choi <77760789+jschoiRR@users.noreply.github.com>
Date: Wed, 27 May 2026 16:39:36 +0900
Subject: [PATCH 1/2] =?UTF-8?q?=EC=BB=B4=ED=93=A8=ED=8A=B8=20=EC=98=A4?=
=?UTF-8?q?=ED=8D=BC=EB=A7=81/=EB=94=94=EC=8A=A4=ED=81=AC=20=EC=98=A4?=
=?UTF-8?q?=ED=8D=BC=EB=A7=81=20=EC=83=9D=EC=84=B1=20=ED=99=94=EB=A9=B4?=
=?UTF-8?q?=EC=9D=98=20Write-cache=20=EA=B8=B0=EB=B3=B8=EA=B0=92=EC=9D=84?=
=?UTF-8?q?=20none=EC=97=90=EC=84=9C=20writeback=EC=9C=BC=EB=A1=9C=20?=
=?UTF-8?q?=EB=B3=80=EA=B2=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
ui/public/locales/en.json | 6 +++---
ui/public/locales/ko_KR.json | 8 ++++----
ui/src/views/offering/AddComputeOffering.vue | 8 ++++----
ui/src/views/offering/AddDiskOffering.vue | 8 ++++----
4 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index 4deac6d51823..c72a185cdfe5 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -2680,10 +2680,10 @@
"label.windows": "Windows",
"label.with.snapshotid": "with Snapshot ID",
"label.write": "Write",
-"label.writeback": "Write-back disk caching",
-"label.writecachetype": "Write-cache Type",
+"label.writeback": "Write-Back disk caching",
+"label.writecachetype": "Write-Cache Type",
"label.writeio": "Write (IO)",
-"label.writethrough": "Write-through",
+"label.writethrough": "Write-Through",
"label.xennetworklabel": "XenServer Traffic Label",
"label.xenserver": "XenServer",
"label.xenservertoolsversion61plus": "Original XS Version is 6.1+",
diff --git a/ui/public/locales/ko_KR.json b/ui/public/locales/ko_KR.json
index 83031e0a16f5..8054f859f39f 100644
--- a/ui/public/locales/ko_KR.json
+++ b/ui/public/locales/ko_KR.json
@@ -496,7 +496,7 @@
"label.by.type": "\uc720\ud615\ubcc4",
"label.by.zone": "Zone\ubcc4",
"label.bypassvlanoverlapcheck": "VLAN ID/\ubc94\uc704 \uc911\ubcf5 \uc6b0\ud68c",
-"label.cachemode": "Write-cache \uc720\ud615",
+"label.cachemode": "Write-Cache \uc720\ud615",
"label.cancel": "\ucde8\uc18c",
"label.cancel.shutdown": "\uc885\ub8cc \ucde8\uc18c",
"label.cancelmaintenance": "\uc720\uc9c0 \uad00\ub9ac \ucde8\uc18c",
@@ -2677,10 +2677,10 @@
"label.windows": "Windows",
"label.with.snapshotid": "with \uc2a4\ub0c5\uc0f7 ID",
"label.write": "\uc4f0\uae30",
-"label.writeback": "Write-back \ub514\uc2a4\ud06c \uce90\uc2f1",
-"label.writecachetype": "Write-cache \uc720\ud615",
+"label.writeback": "Write-Back \ub514\uc2a4\ud06c \uce90\uc2f1",
+"label.writecachetype": "Write-Cache \uc720\ud615",
"label.writeio": "\uc4f0\uae30(IO)",
-"label.writethrough": "Write-through",
+"label.writethrough": "Write-Through",
"label.xennetworklabel": "XenServer \ud2b8\ub798\ud53d \ub77c\ubca8",
"label.xenserver": "XenServer",
"label.xenservertoolsversion61plus": "\uc6d0\ub798 XS \ubc84\uc804\uc740 6.1 \uc774\uc0c1\uc785\ub2c8\ub2e4.",
diff --git a/ui/src/views/offering/AddComputeOffering.vue b/ui/src/views/offering/AddComputeOffering.vue
index 1269f5824cc0..807c7812d31c 100644
--- a/ui/src/views/offering/AddComputeOffering.vue
+++ b/ui/src/views/offering/AddComputeOffering.vue
@@ -412,15 +412,15 @@
v-model:value="form.cachemode"
buttonStyle="solid"
@change="selected => { handleCacheModeChange(selected.target.value) }">
-
- {{ $t('label.nodiskcache') }}
-
{{ $t('label.writeback') }}
{{ $t('label.writethrough') }}
+
+ {{ $t('label.nodiskcache') }}
+
@@ -641,7 +641,7 @@ export default {
},
storageType: 'shared',
provisioningType: 'thin',
- cacheMode: 'none',
+ cacheMode: 'writeback',
offeringType: 'fixed',
isCustomizedDiskIops: false,
isPublic: true,
diff --git a/ui/src/views/offering/AddDiskOffering.vue b/ui/src/views/offering/AddDiskOffering.vue
index e6d2c19d42df..5c0509c3ea34 100644
--- a/ui/src/views/offering/AddDiskOffering.vue
+++ b/ui/src/views/offering/AddDiskOffering.vue
@@ -214,15 +214,15 @@
v-model:value="form.writecachetype"
buttonStyle="solid"
@change="selected => { handleWriteCacheTypeChange(selected.target.value) }">
-
- {{ $t('label.nodiskcache') }}
-
{{ $t('label.writeback') }}
{{ $t('label.writethrough') }}
+
+ {{ $t('label.nodiskcache') }}
+
@@ -377,7 +377,7 @@ export default {
storagetype: 'shared',
provisioningtype: 'thin',
customdisksize: true,
- writecachetype: 'none',
+ writecachetype: 'writeback',
qostype: '',
ispublic: this.isPublic,
disksizestrictness: this.disksizestrictness,
From 618bfe63943d63c098ab5dfc03ba588fdcf7a87c Mon Sep 17 00:00:00 2001
From: JS Choi <77760789+jschoiRR@users.noreply.github.com>
Date: Wed, 27 May 2026 16:40:39 +0900
Subject: [PATCH 2/2] =?UTF-8?q?security=5Fgroup.py=EC=97=90=EC=84=9C=20VM?=
=?UTF-8?q?=20=EB=82=B4=EB=B6=80=20=EC=9D=B4=EB=A6=84=EC=9D=B4=20i-x-x-VM?=
=?UTF-8?q?=20=ED=98=95=EC=8B=9D=EC=9D=B4=20=EC=95=84=EB=8B=88=EC=96=B4?=
=?UTF-8?q?=EB=8F=84=20=EB=B3=B4=EC=95=88=EA=B7=B8=EB=A3=B9=20=EC=B2=B4?=
=?UTF-8?q?=EC=9D=B8=EC=9D=84=20=EC=83=9D=EC=84=B1=ED=95=98=EB=8F=84?=
=?UTF-8?q?=EB=A1=9D=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
scripts/vm/network/security_group.py | 64 +++++++++++++++++++---------
1 file changed, 45 insertions(+), 19 deletions(-)
diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py
index d71e27eb2644..55a9c4ecce77 100755
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@@ -32,6 +32,7 @@
lock_file = "/var/lock/cloudstack_security_group.lock"
driver = "qemu:///system"
lock_handle = None
+SYSTEM_VM_PREFIXES = ('r-', 's-', 'v-')
def obtain_file_lock(path):
@@ -194,16 +195,13 @@ def get_bridge_physdev(brname):
def destroy_network_rules_for_vm(vm_name, vif=None):
vmchain = iptables_chain_name(vm_name)
vmchain_egress = egress_chain_name(vm_name)
- vmchain_default = None
+ vmchain_default = default_chain_name(vm_name)
vm_ipsetname=ipset_chain_name(vm_name)
delete_rules_for_vm_in_bridge_firewall_chain(vm_name)
- if 1 in [vm_name.startswith(c) for c in ['r-', 's-', 'v-']]:
+ if is_system_vm_name(vm_name):
return True
- if vm_name.startswith('i-'):
- vmchain_default = '-'.join(vm_name.split('-')[:-1]) + "-def"
-
destroy_ebtables_rules(vm_name, vif)
chains = [vmchain_default, vmchain, vmchain_egress]
@@ -507,7 +505,7 @@ def ebtables_rules_vmip (vmname, vmmac, ips, action):
def check_default_network_rules(vm_name, vm_id, vm_ip, vm_ip6, vm_mac, vif, brname, sec_ips, is_first_nic=False):
brfw = get_br_fw(brname)
- vmchain_default = '-'.join(vm_name.split('-')[:-1]) + "-def"
+ vmchain_default = default_chain_name(vm_name)
try:
rules = execute("iptables-save |grep -w %s |grep -w %s |grep -w %s" % (brfw, vif, vmchain_default))
except:
@@ -539,7 +537,7 @@ def default_network_rules(vm_name, vm_id, vm_ip, vm_ip6, vm_mac, vif, brname, se
vmchain = iptables_chain_name(vm_name)
vmchain_egress = egress_chain_name(vm_name)
- vmchain_default = '-'.join(vmchain.split('-')[:-1]) + "-def"
+ vmchain_default = default_chain_name(vm_name)
ipv6_link_local = ipv6_link_local_addr(vm_mac)
action = "-A"
@@ -698,7 +696,7 @@ def default_network_rules(vm_name, vm_id, vm_ip, vm_ip6, vm_mac, vif, brname, se
def post_default_network_rules(vm_name, vm_id, vm_ip, vm_mac, vif, brname, dhcpSvr, hostIp, hostMacAddr):
- vmchain_default = '-'.join(vm_name.split('-')[:-1]) + "-def"
+ vmchain_default = default_chain_name(vm_name)
iptables_vmchain=iptables_chain_name(vm_name)
vmchain_in = iptables_vmchain + "-in"
vmchain_out = iptables_vmchain + "-out"
@@ -731,11 +729,10 @@ def post_default_network_rules(vm_name, vm_id, vm_ip, vm_mac, vif, brname, dhcpS
def delete_rules_for_vm_in_bridge_firewall_chain(vmName):
vm_name = vmName
- if vm_name.startswith('i-'):
- vm_name=iptables_chain_name(vm_name)
- vm_name = '-'.join(vm_name.split('-')[:-1]) + "-def"
-
- vmchain = iptables_chain_name(vm_name)
+ if is_system_vm_name(vm_name):
+ vmchain = iptables_chain_name(vm_name)
+ else:
+ vmchain = default_chain_name(vm_name)
delcmd = """iptables-save | awk '/BF(.*)physdev-is-bridged(.*)%s/ { sub(/-A/, "-D", $1) ; print }'""" % vmchain
delcmds = [_f for _f in execute(delcmd).split('\n') if _f]
@@ -827,12 +824,12 @@ def network_rules_for_rebooted_vm(vmName):
else:
brName = execute("iptables-save |grep physdev-is-bridged |grep FORWARD |grep BF |grep '\-o' |awk '{print $4}' | head -1").strip()
- if 1 in [ vm_name.startswith(c) for c in ['r-', 's-', 'v-'] ]:
+ if is_system_vm_name(vm_name):
default_network_rules_systemvm(vm_name, brName)
return True
vmchain = iptables_chain_name(vm_name)
- vmchain_default = '-'.join(vmchain.split('-')[:-1]) + "-def"
+ vmchain_default = default_chain_name(vm_name)
vifs = get_vifs(vmName)
logging.debug(vifs, brName)
@@ -874,12 +871,12 @@ def get_rule_logs_for_vms():
try:
for name in vms:
name = name.rstrip()
- if 1 not in [name.startswith(c) for c in ['r-', 's-', 'v-', 'i-'] ]:
+ if is_system_vm_name(name):
continue
# Move actions on rebooted vm to java code
# network_rules_for_rebooted_vm(name)
- if name.startswith('i-'):
- log = get_rule_log_for_vm(name)
+ log = get_rule_log_for_vm(name)
+ if log:
result.append(log)
except:
logging.exception("Failed to get rule logs, better luck next time!")
@@ -966,6 +963,24 @@ def cleanup_rules():
logging.debug("vm " + vm_name + " is not running or paused, cleaning up ebtables rules")
cleanup.append(vm_name)
+ if os.path.isdir(logpath):
+ for log_file in os.listdir(logpath):
+ if not log_file.endswith(".log"):
+ continue
+ vm_name = log_file[:-4]
+ if is_system_vm_name(vm_name):
+ continue
+
+ vmpresent = False
+ for vm in vmsInHost:
+ if vm_name in vm:
+ vmpresent = True
+ break
+
+ if vmpresent is False:
+ logging.debug("vm " + vm_name + " is not running or paused, cleaning up logged rules")
+ cleanup.append(vm_name)
+
cleanup = list(set(cleanup)) # remove duplicates
for vmname in cleanup:
destroy_network_rules_for_vm(vmname)
@@ -1060,6 +1075,17 @@ def egress_chain_name(vm_name):
return chain_name + "-eg"
+def default_chain_name(vm_name):
+ chain_name = iptables_chain_name(vm_name)
+ if chain_name.startswith('i-') and '-' in chain_name:
+ return '-'.join(chain_name.split('-')[:-1]) + "-def"
+ return chain_name + "-def"
+
+
+def is_system_vm_name(vm_name):
+ return vm_name.startswith(SYSTEM_VM_PREFIXES)
+
+
def parse_network_rules(rules):
ret = []
@@ -1468,7 +1494,7 @@ def verify_default_iptables_rules_for_vm(vm_name, vm_id, vm_ips, vm_ip6, vm_mac,
brfwout = brfw + "-OUT"
vmchain = iptables_chain_name(vm_name)
vmchain_egress = egress_chain_name(vm_name)
- vm_def = '-'.join(vm_name.split('-')[:-1]) + "-def"
+ vm_def = default_chain_name(vm_name)
expected_rules = []
expected_rules.append("-A %s -m physdev --physdev-in %s --physdev-is-bridged -j %s" % (brfwin, vif, vm_def))