For site-specific reasons, I use the network-route/vif-route scripts. I have found that we need to maintain a few custom firewall rules in order to make things operate in an acceptable manner. I''d like to see a place to put such scripts and any other site-specific setup related to bringing up a vif. Keeping this separate from vif-route is useful so that the installed scripts may be kept unmodified. What I have come up with is vif-local, a script that lives in /etc/xen/scripts. I modified vif-route to call vif-local right before it logs "Successful..." Would it be possible to modify vif-route, vif-bridge, etc. to operate in this manner? This has been discussed briefly on the list before, but I had not yet seen a solution. -- Mike :wq _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On Thu, 2011-05-05 at 18:15 +0100, W. Michael Petullo wrote:> For site-specific reasons, I use the network-route/vif-route scripts. I > have found that we need to maintain a few custom firewall rules in order > to make things operate in an acceptable manner. I''d like to see a place > to put such scripts and any other site-specific setup related to bringing > up a vif. Keeping this separate from vif-route is useful so that the > installed scripts may be kept unmodified. > > What I have come up with is vif-local, a script that lives in > /etc/xen/scripts. I modified vif-route to call vif-local right before > it logs "Successful..."I think it would be better to be more general and support a vif-post.d style directory which can contain scripts all of which are called (with a defined set of paramters/env variables). Not sure if we want vif-{route,bridge,etc}-post.d or not, perhaps that''s overkill. Using -post.d leaves open the option to add -pre.d in the future as necessary.> Would it be possible to modify vif-route, vif-bridge, etc. to operate > in this manner?Seems like a reasonable enough idea to me, please send a patch though. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
>> For site-specific reasons, I use the network-route/vif-route scripts. I >> have found that we need to maintain a few custom firewall rules in order >> to make things operate in an acceptable manner. I''d like to see a place >> to put such scripts and any other site-specific setup related to bringing >> up a vif. Keeping this separate from vif-route is useful so that the >> installed scripts may be kept unmodified. >> >> What I have come up with is vif-local, a script that lives in >> /etc/xen/scripts. I modified vif-route to call vif-local right before >> it logs "Successful..."> I think it would be better to be more general and support a vif-post.d > style directory which can contain scripts all of which are called (with > a defined set of paramters/env variables).> Not sure if we want vif-{route,bridge,etc}-post.d or not, perhaps that''s > overkill. Using -post.d leaves open the option to add -pre.d in the > future as necessary.I have attached a patch against Xen 4.1.0 that implements a vif-post.d system. I only support the Linux hotplug case at this point. -- Mike :wq _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On Fri, 2011-05-06 at 18:06 +0100, W. Michael Petullo wrote:> >> For site-specific reasons, I use the network-route/vif-route scripts. I > >> have found that we need to maintain a few custom firewall rules in order > >> to make things operate in an acceptable manner. I''d like to see a place > >> to put such scripts and any other site-specific setup related to bringing > >> up a vif. Keeping this separate from vif-route is useful so that the > >> installed scripts may be kept unmodified. > >> > >> What I have come up with is vif-local, a script that lives in > >> /etc/xen/scripts. I modified vif-route to call vif-local right before > >> it logs "Successful..." > > > I think it would be better to be more general and support a vif-post.d > > style directory which can contain scripts all of which are called (with > > a defined set of paramters/env variables). > > > Not sure if we want vif-{route,bridge,etc}-post.d or not, perhaps that''s > > overkill. Using -post.d leaves open the option to add -pre.d in the > > future as necessary. > > I have attached a patch against Xen 4.1.0 that implements a vif-post.d > system. I only support the Linux hotplug case at this point.Thanks. I''ve got a few comments. The header of "${XEN_SCRIPT_DIR}/vif-post.d/00-vif-local" describes a command line parameter "(add|remove|online|offline)" but none of the invocations actually pass one. I think it would be better to encapsulate the functionality in a "call_hooks <devtype> <hook> <other args...>" function in xen-hotplug-common.sh, calling it as "call_hooks vif post ..." rather than open coding that loop everywhere. I think generally it is a good idea to have an explicit suffix (e.g. ".hook") for this sort of thing since then you can use *.hook to get the list of files which saves manually filtering out *~ *.rpmsave *.dpkg-bak *.disabled-by-admin *.some-random-suffix-intended-to-disable-the-script etc. You probably want to quote $f in case some nutter uses a space in the hook filename. You don''t actually install 00-vif-local but I think that''s a good thing since the default is an empty script so we save a fork/exec by not running it. Lastly we need a Signed-off-by per the DCO (section 11 of http://lwn.net/Articles/139918/) as well as a suitable changelog message before we can apply any patch. Thanks, Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
>> I have attached a patch against Xen 4.1.0 that implements a vif-post.d >> system. I only support the Linux hotplug case at this point.> The header of "${XEN_SCRIPT_DIR}/vif-post.d/00-vif-local" describes a > command line parameter "(add|remove|online|offline)" but none of the > invocations actually pass one.Since the hooks are now sourced they no longer take parameters. It is, in fact, a shell variable and I have updated the comments.> I think it would be better to encapsulate the functionality in a > "call_hooks <devtype> <hook> <other args...>" function in > xen-hotplug-common.sh, calling it as "call_hooks vif post ..." rather > than open coding that loop everywhere.Good idea. Implemented.> I think generally it is a good idea to have an explicit suffix (e.g. > ".hook") for this sort of thing since then you can use *.hook to get the > list of files which saves manually filtering out *~ *.rpmsave *.dpkg-bak > *.disabled-by-admin *.some-random-suffix-intended-to-disable-the-script > etc.Implemented.> You probably want to quote $f in case some nutter uses a space in the > hook filename.Implemented.> You don''t actually install 00-vif-local but I think that''s a good thing > since the default is an empty script so we save a fork/exec by not > running it.Good.> Lastly we need a Signed-off-by per the DCO (section 11 of > http://lwn.net/Articles/139918/) as well as a suitable changelog message > before we can apply any patch.Please see the attached patch. Allow for site-specific hooks that will be executed after Xen initializes a vif. This allows an administrator to specify custom firewall rules or other special configuration parameters. Signed-off-by: W. Michael Petullo <mike@flyn.org> -- Mike :wq _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On Mon, 2011-05-09 at 18:10 +0100, W. Michael Petullo wrote:> > Lastly we need a Signed-off-by per the DCO (section 11 of > > http://lwn.net/Articles/139918/) as well as a suitable changelog message > > before we can apply any patch. > > Please see the attached patch. > > Allow for site-specific hooks that will be executed after Xen initializes > a vif. This allows an administrator to specify custom firewall rules or > other special configuration parameters. > > Signed-off-by: W. Michael Petullo <mike@flyn.org>This is against 4.1? can you check that it applies to xen-unstable.hg please, other than that: Acked-by: Ian Campbell <ian.campbell@citrix.com> Cheers, Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
>>> Lastly we need a Signed-off-by per the DCO (section 11 of >>> http://lwn.net/Articles/139918/) as well as a suitable changelog message >>> before we can apply any patch.>> Please see the attached patch.>> Allow for site-specific hooks that will be executed after Xen initializes >> a vif. This allows an administrator to specify custom firewall rules or >> other special configuration parameters. >> >> Signed-off-by: W. Michael Petullo <mike@flyn.org>> This is against 4.1? can you check that it applies to xen-unstable.hg > please, other than that: > > Acked-by: Ian Campbell <ian.campbell@citrix.com>I pulled xen-unstable.hg from Mercurial and the patch applied cleanly. The modified scripts were identical to those resulting from applying the patch against 4.1.0. -- Mike :wq _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On Tue, 2011-05-10 at 17:06 +0100, W. Michael Petullo wrote:> >>> Lastly we need a Signed-off-by per the DCO (section 11 of > >>> http://lwn.net/Articles/139918/) as well as a suitable changelog message > >>> before we can apply any patch. > > >> Please see the attached patch. > > >> Allow for site-specific hooks that will be executed after Xen initializes > >> a vif. This allows an administrator to specify custom firewall rules or > >> other special configuration parameters. > >> > >> Signed-off-by: W. Michael Petullo <mike@flyn.org> > > > This is against 4.1? can you check that it applies to xen-unstable.hg > > please, other than that: > > > > Acked-by: Ian Campbell <ian.campbell@citrix.com> > > I pulled xen-unstable.hg from Mercurial and the patch applied cleanly. The > modified scripts were identical to those resulting from applying the > patch against 4.1.0.Great, thanks for checking. My Acked-by stands... Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Ian Jackson
2011-May-24 17:31 UTC
Re: [Xen-devel] Proposal: vif-local [and 1 more messages]
W. Michael Petullo writes ("Re: [Xen-devel] Re: New 4.0.2 and 4.1.1 release
candidates"):> Is it too late to merge the patch discussed at
> http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00306.html
We don''t generally apply patches directly to the stable trees (4.0 and
4.1, at the moment). We like them to come through xen-unstable first.
When you submitted your patch, you got this reply:
Ian Campbell writes ("Re: [Xen-devel] Proposal:
vif-local"):> On Mon, 2011-05-09 at 18:10 +0100, W. Michael Petullo wrote:
> > Allow for site-specific hooks that will be executed after Xen
initializes
> > a vif. This allows an administrator to specify custom firewall rules
or
> > other special configuration parameters.
> >
> > Signed-off-by: W. Michael Petullo <mike@flyn.org>
>
> This is against 4.1? can you check that it applies to xen-unstable.hg
> please, other than that:
>
> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Can you confirm that your patch applies and works correctly against
xen-unstable.hg ?
Thanks,
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
Ian Campbell
2011-May-24 17:51 UTC
Re: [Xen-devel] Proposal: vif-local [and 1 more messages]
On Tue, 2011-05-24 at 18:31 +0100, Ian Jackson wrote:> W. Michael Petullo writes ("Re: [Xen-devel] Re: New 4.0.2 and 4.1.1 release candidates"): > > Is it too late to merge the patch discussed at > > http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00306.html > > We don''t generally apply patches directly to the stable trees (4.0 and > 4.1, at the moment). We like them to come through xen-unstable first. > > When you submitted your patch, you got this reply: > > Ian Campbell writes ("Re: [Xen-devel] Proposal: vif-local"): > > On Mon, 2011-05-09 at 18:10 +0100, W. Michael Petullo wrote: > > > Allow for site-specific hooks that will be executed after Xen initializes > > > a vif. This allows an administrator to specify custom firewall rules or > > > other special configuration parameters. > > > > > > Signed-off-by: W. Michael Petullo <mike@flyn.org> > > > > This is against 4.1? can you check that it applies to xen-unstable.hg > > please, other than that: > > > > Acked-by: Ian Campbell <ian.campbell@citrix.com> > > Can you confirm that your patch applies and works correctly against > xen-unstable.hg ?Michael replied to this mail in <20110510160631.GA17482@imp.local>:> I pulled xen-unstable.hg from Mercurial and the patch applied cleanly. > The modified scripts were identical to those resulting from applying > the patch against 4.1.0.Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Ian Jackson
2011-May-25 09:45 UTC
Re: [Xen-devel] Proposal: vif-local [and 1 more messages]
Ian Campbell writes ("Re: [Xen-devel] Proposal: vif-local [and 1 more
messages]"):> On Tue, 2011-05-24 at 18:31 +0100, Ian Jackson wrote:
> > Can you confirm that your patch applies and works correctly against
> > xen-unstable.hg ?
>
> Michael replied to this mail in <20110510160631.GA17482@imp.local>:
I don''t know how I overlooked that. Sorry. I have applied the patch
to xen-unstable.
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel