From 0b03db5fd48bee36837bb80a232f08485764b232 Mon Sep 17 00:00:00 2001 From: Vijayendra Bhamidipati Date: Wed, 1 Aug 2012 14:42:44 -0400 Subject: [PATCH] Bug CS-15260 / bug14735 VR under VMware needs to ping all interfaces to kick vSwitch to function We already ping the VR's private and public network interface. We change the netwrok security setting to allow promiscuous mode and other two modes on the private cloud interface for the vSwitch. --- .../vmware/resource/VmwareResource.java | 2 ++ .../cloud/hypervisor/vmware/mo/HostMO.java | 25 +++++++++------- .../vmware/mo/HypervisorHostHelper.java | 29 ++++++++++++------- 3 files changed, 36 insertions(+), 20 deletions(-) diff --git a/core/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java b/core/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java index a4b64d57897..3d699a2fd61 100755 --- a/core/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java +++ b/core/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java @@ -191,6 +191,8 @@ import com.vmware.vim25.DatastoreSummary; import com.vmware.vim25.DynamicProperty; import com.vmware.vim25.HostFirewallInfo; import com.vmware.vim25.HostFirewallRuleset; +import com.vmware.vim25.HostNetworkPolicy; +import com.vmware.vim25.HostNetworkSecurityPolicy; import com.vmware.vim25.HostNetworkTrafficShapingPolicy; import com.vmware.vim25.HostPortGroupSpec; import com.vmware.vim25.ManagedObjectReference; diff --git a/vmware-base/src/com/cloud/hypervisor/vmware/mo/HostMO.java b/vmware-base/src/com/cloud/hypervisor/vmware/mo/HostMO.java index cdfdaa36abb..84ed0db341e 100755 --- a/vmware-base/src/com/cloud/hypervisor/vmware/mo/HostMO.java +++ b/vmware-base/src/com/cloud/hypervisor/vmware/mo/HostMO.java @@ -29,6 +29,7 @@ import com.vmware.vim25.HostIpRouteEntry; import com.vmware.vim25.HostListSummaryQuickStats; import com.vmware.vim25.HostNetworkInfo; import com.vmware.vim25.HostNetworkPolicy; +import com.vmware.vim25.HostNetworkSecurityPolicy; import com.vmware.vim25.HostNetworkTrafficShapingPolicy; import com.vmware.vim25.HostPortGroup; import com.vmware.vim25.HostPortGroupSpec; @@ -353,8 +354,8 @@ public class HostMO extends BaseMO implements VmwareHypervisorHost { return false; } - public void createPortGroup(HostVirtualSwitch vSwitch, String portGroupName, Integer vlanId, HostNetworkTrafficShapingPolicy shapingPolicy) throws Exception { - assert(portGroupName != null); + public void createPortGroup(HostVirtualSwitch vSwitch, String portGroupName, Integer vlanId, HostNetworkSecurityPolicy secPolicy, HostNetworkTrafficShapingPolicy shapingPolicy) throws Exception { + assert(portGroupName != null); HostNetworkSystemMO hostNetMo = getHostNetworkSystemMO(); assert(hostNetMo != null); @@ -363,14 +364,16 @@ public class HostMO extends BaseMO implements VmwareHypervisorHost { spec.setName(portGroupName); if(vlanId != null) spec.setVlanId(vlanId.intValue()); - HostNetworkPolicy policy = new HostNetworkPolicy(); - policy.setShapingPolicy(shapingPolicy); - spec.setPolicy(policy); + HostNetworkPolicy policy = new HostNetworkPolicy(); + if (secPolicy != null) + policy.setSecurity(secPolicy); + policy.setShapingPolicy(shapingPolicy); + spec.setPolicy(policy); spec.setVswitchName(vSwitch.getName()); hostNetMo.addPortGroup(spec); } - public void updatePortGroup(HostVirtualSwitch vSwitch, String portGroupName, Integer vlanId, HostNetworkTrafficShapingPolicy shapingPolicy) throws Exception { + public void updatePortGroup(HostVirtualSwitch vSwitch, String portGroupName, Integer vlanId, HostNetworkSecurityPolicy secPolicy, HostNetworkTrafficShapingPolicy shapingPolicy) throws Exception { assert(portGroupName != null); HostNetworkSystemMO hostNetMo = getHostNetworkSystemMO(); assert(hostNetMo != null); @@ -380,9 +383,11 @@ public class HostMO extends BaseMO implements VmwareHypervisorHost { spec.setName(portGroupName); if(vlanId != null) spec.setVlanId(vlanId.intValue()); - HostNetworkPolicy policy = new HostNetworkPolicy(); - policy.setShapingPolicy(shapingPolicy); - spec.setPolicy(policy); + HostNetworkPolicy policy = new HostNetworkPolicy(); + if (secPolicy != null) + policy.setSecurity(secPolicy); + policy.setShapingPolicy(shapingPolicy); + spec.setPolicy(policy); spec.setVswitchName(vSwitch.getName()); hostNetMo.updatePortGroup(portGroupName, spec); } @@ -547,7 +552,7 @@ public class HostMO extends BaseMO implements VmwareHypervisorHost { if(s_logger.isTraceEnabled()) s_logger.trace("vCenter API trace - retrieveProperties() for VM properties. target MOR: " + _mor.get_value() + ", properties: " + new Gson().toJson(propertyPaths)); - PropertySpec pSpec = new PropertySpec(); + PropertySpec pSpec = new PropertySpec(); pSpec.setType("VirtualMachine"); pSpec.setPathSet(propertyPaths); diff --git a/vmware-base/src/com/cloud/hypervisor/vmware/mo/HypervisorHostHelper.java b/vmware-base/src/com/cloud/hypervisor/vmware/mo/HypervisorHostHelper.java index 25bc3743f46..68cfc62ba8a 100755 --- a/vmware-base/src/com/cloud/hypervisor/vmware/mo/HypervisorHostHelper.java +++ b/vmware-base/src/com/cloud/hypervisor/vmware/mo/HypervisorHostHelper.java @@ -17,6 +17,8 @@ import com.cloud.utils.Pair; import com.cloud.utils.db.GlobalLock; import com.cloud.utils.net.NetUtils; import com.vmware.vim25.DynamicProperty; +import com.vmware.vim25.HostNetworkPolicy; +import com.vmware.vim25.HostNetworkSecurityPolicy; import com.vmware.vim25.HostNetworkTrafficShapingPolicy; import com.vmware.vim25.HostPortGroupSpec; import com.vmware.vim25.HostVirtualSwitch; @@ -117,15 +119,18 @@ public class HypervisorHostHelper { // allow 5 seconds of burst transfer shapingPolicy.setBurstSize(5*shapingPolicy.getAverageBandwidth()/8); } - +// HostNetworkSecurityPolicy secPolicy = new HostNetworkSecurityPolicy(); +// secPolicy.setAllowPromiscuous(Boolean.FALSE); +// secPolicy.setForgedTransmits(Boolean.TRUE); +// secPolicy.setMacChanges(Boolean.TRUE); boolean bWaitPortGroupReady = false; if (!hostMo.hasPortGroup(vSwitch, networkName)) { - hostMo.createPortGroup(vSwitch, networkName, vid, shapingPolicy); + hostMo.createPortGroup(vSwitch, networkName, vid, null, shapingPolicy); bWaitPortGroupReady = true; } else { HostPortGroupSpec spec = hostMo.getPortGroupSpec(networkName); if(!isSpecMatch(spec, vid, shapingPolicy)) { - hostMo.updatePortGroup(vSwitch, networkName, vid, shapingPolicy); + hostMo.updatePortGroup(vSwitch, networkName, vid, null, shapingPolicy); bWaitPortGroupReady = true; } } @@ -198,11 +203,15 @@ public class HypervisorHostHelper { String networkName; networkName = composeCloudNetworkName("cloud.private", vlanId == null ? null : String.valueOf(vlanId), null, vSwitchName); - - if (!hostMo.hasPortGroup(vSwitch, networkName)) { - hostMo.createPortGroup(vSwitch, networkName, vlanId, null); + HostNetworkSecurityPolicy secPolicy = new HostNetworkSecurityPolicy(); + secPolicy.setAllowPromiscuous(Boolean.TRUE); + secPolicy.setForgedTransmits(Boolean.TRUE); + secPolicy.setMacChanges(Boolean.TRUE); + if (!hostMo.hasPortGroup(vSwitch, networkName)) { + hostMo.createPortGroup(vSwitch, networkName, vlanId, secPolicy, null); + } else { + hostMo.updatePortGroup(vSwitch, networkName, vlanId, secPolicy, null); } - ManagedObjectReference morNetwork = waitForNetworkReady(hostMo, networkName, timeOutMs); if (morNetwork == null) { String msg = "Failed to create private network"; @@ -271,15 +280,15 @@ public class HypervisorHostHelper { // allow 5 seconds of burst transfer shapingPolicy.setBurstSize(5*shapingPolicy.getAverageBandwidth()/8); } - + boolean bWaitPortGroupReady = false; if (!hostMo.hasPortGroup(vSwitch, networkName)) { - hostMo.createPortGroup(vSwitch, networkName, vid, shapingPolicy); + hostMo.createPortGroup(vSwitch, networkName, vid, null, shapingPolicy); bWaitPortGroupReady = true; } else { HostPortGroupSpec spec = hostMo.getPortGroupSpec(networkName); if(!isSpecMatch(spec, vid, shapingPolicy)) { - hostMo.updatePortGroup(vSwitch, networkName, vid, shapingPolicy); + hostMo.updatePortGroup(vSwitch, networkName, vid, null, shapingPolicy); bWaitPortGroupReady = true; } }