From e18477a9690bfb77da46e0fac66292173af901d1 Mon Sep 17 00:00:00 2001
From: Anton Todorov <atodorov-storpool@users.noreply.github.com>
Date: Tue, 22 Oct 2024 12:12:22 +0300
Subject: [PATCH 1/2] B #6759: finalise the SG rules on sg rule error

instead of reseting the rules.
Open Nebula will raise and log the rule error for further investigation, but the VM will not be left unprotected.
---
 src/vnm_mad/remotes/lib/sg_driver.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/vnm_mad/remotes/lib/sg_driver.rb b/src/vnm_mad/remotes/lib/sg_driver.rb
index fe361c5dee8..62e3e3cd876 100644
--- a/src/vnm_mad/remotes/lib/sg_driver.rb
+++ b/src/vnm_mad/remotes/lib/sg_driver.rb
@@ -125,7 +125,7 @@ def activate(do_all = false)
                         sg.run!
                     rescue StandardError => e
                         unlock
-                        deactivate(do_all)
+                        SGIPTables.nic_post(@vm, nic)
                         raise e
                     end
                 end

From d1e4734189064497f91656b354d72cdfcf88150c Mon Sep 17 00:00:00 2001
From: Anton Todorov <a.todorov@storpool.com>
Date: Tue, 26 Nov 2024 13:19:10 +0200
Subject: [PATCH 2/2] B #6759: finalise the SG rules on sg rule error (v2)

try SG on all nick before raising an error
---
 src/vnm_mad/remotes/lib/sg_driver.rb | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/vnm_mad/remotes/lib/sg_driver.rb b/src/vnm_mad/remotes/lib/sg_driver.rb
index 62e3e3cd876..0927178c45a 100644
--- a/src/vnm_mad/remotes/lib/sg_driver.rb
+++ b/src/vnm_mad/remotes/lib/sg_driver.rb
@@ -102,6 +102,7 @@ def activate(do_all = false)
             end
 
             # Process the rules for each NIC
+            sg_error = 0
             process do |nic|
                 next if attach_nic_id && attach_nic_id != nic[:nic_id]
 
@@ -124,9 +125,8 @@ def activate(do_all = false)
                         sg.process_rules
                         sg.run!
                     rescue StandardError => e
-                        unlock
-                        SGIPTables.nic_post(@vm, nic)
-                        raise e
+                        sg_error = e
+                        break
                     end
                 end
 
@@ -142,6 +142,10 @@ def activate(do_all = false)
 
             unlock
 
+            unless sg_error == 0
+                raise sg_error
+            end
+
             0
         end