diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config index 08804544952..a7d2d141f9b 100755 --- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config +++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config @@ -429,13 +429,15 @@ setup_elbvm() { setup_common eth0 eth1 eth2 sed -i /gateway/d /etc/hosts public_ip=$ETH2_IP - [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH0_IP + [ "$ETH2_IP" == "0.0.0.0" ] || [ "$ETH2_IP" == "" ] && public_ip=$ETH0_IP echo "$public_ip $NAME" >> /etc/hosts if [ "$SSHONGUEST" == "true" ] then + sed '/3922/s/eth1/eth0/' setup_sshd $ETH0_IP else + cp /etc/iptables/iptables-elbvm /etc/iptables/rules setup_sshd $ETH1_IP fi @@ -444,6 +446,7 @@ setup_elbvm() { enable_svc dnsmasq 0 enable_svc cloud-passwd-srvr 0 enable_svc cloud 0 + chkconfig nfs-common off } setup_default() { diff --git a/patches/systemvm/debian/config/etc/iptables/iptables-elbvm b/patches/systemvm/debian/config/etc/iptables/iptables-elbvm new file mode 100755 index 00000000000..30dbcc1013a --- /dev/null +++ b/patches/systemvm/debian/config/etc/iptables/iptables-elbvm @@ -0,0 +1,17 @@ +*nat +:PREROUTING ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +COMMIT +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -p icmp -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT +COMMIT + diff --git a/patches/systemvm/debian/config/root/loadbalancer.sh b/patches/systemvm/debian/config/root/loadbalancer.sh index d620b58415c..4a7d2c7cd48 100755 --- a/patches/systemvm/debian/config/root/loadbalancer.sh +++ b/patches/systemvm/debian/config/root/loadbalancer.sh @@ -52,8 +52,8 @@ ip_entry() { for i in $a do - logger -t cloud "Adding public ips for load balancing" local pubIp=$(echo $i | cut -d: -f1) + logger -t cloud "Adding public ip $pubIp for load balancing" for vif in $VIF_LIST; do sudo ip addr add dev $vif $pubIp/32 #ignore error since it is because the ip is already there @@ -64,6 +64,7 @@ ip_entry() { do logger -t cloud "Removing public ips for deleted loadbalancers" local pubIp=$(echo $i | cut -d: -f1) + logger -t cloud "Removing public ip $pubIp for deleted loadbalancers" for vif in $VIF_LIST; do sudo ip addr del $pubIp/32 dev $vif done @@ -92,9 +93,9 @@ fw_entry() { for i in $a do - logger -t cloud "Opening up firewall (INPUT chain) for load balancing" local pubIp=$(echo $i | cut -d: -f1) local dport=$(echo $i | cut -d: -f2) + logger -t cloud "Opening up firewall $pubIp:$dport (INPUT chain) for load balancing" for vif in $VIF_LIST; do sudo iptables -D INPUT -i $vif -p tcp -d $pubIp --dport $dport -j ACCEPT 2> /dev/null @@ -109,9 +110,9 @@ fw_entry() { for i in $r do - logger -t cloud "Closing up firewall (INPUT chain) for deleted load balancers" local pubIp=$(echo $i | cut -d: -f1) local dport=$(echo $i | cut -d: -f2) + logger -t cloud "Closing up firewall (INPUT chain) $pubIp:$dport for deleted load balancers" for vif in $VIF_LIST; do sudo iptables -D INPUT -i $vif -p tcp -d $pubIp --dport $dport -j ACCEPT @@ -154,6 +155,7 @@ get_vif_list() { vif_list="eth0" fi + logger -t cloud "Loadbalancer public interfaces = $vif_list" echo $vif_list } @@ -219,7 +221,7 @@ reconfig_lb $cfgfile if [ $? -gt 0 ] then - printf "Reconfiguring loadbalancer failed\n" + logger -t cloud "Reconfiguring loadbalancer failed" #FIXME: make this explicit via check on vm type or passed in flag if [ "$VIF_LIST" == "eth0" ] then diff --git a/scripts/vm/hypervisor/xenserver/vmops b/scripts/vm/hypervisor/xenserver/vmops index bf2193509bc..e6ce3a67b7b 100755 --- a/scripts/vm/hypervisor/xenserver/vmops +++ b/scripts/vm/hypervisor/xenserver/vmops @@ -345,14 +345,14 @@ def get_private_nic(session, args): return mgmtnic def chain_name(vm_name): - if vm_name.startswith('i-') or vm_name.startswith('r-'): + if vm_name.startswith('i-') or vm_name.startswith('r-') or vm_name.startswith('l-'): if vm_name.endswith('untagged'): return '-'.join(vm_name.split('-')[:-1]) return '-'.join(vm_name.split('-')) return vm_name def chain_name_def(vm_name): - if vm_name.startswith('i-') or vm_name.startswith('r-'): + if vm_name.startswith('i-') or vm_name.startswith('r-') or vm_name.startswith('l-'): if vm_name.endswith('untagged'): return '-'.join(vm_name.split('-')[:-2]) + "-def" return '-'.join(vm_name.split('-')[:-1]) + "-def" @@ -442,7 +442,7 @@ def destroy_network_rules_for_vm(session, args): vmchain_default = chain_name_def(vm_name) delete_rules_for_vm_in_bridge_firewall_chain(vm_name) - if vm_name.startswith('i-') or vm_name.startswith('r-'): + if vm_name.startswith('i-') or vm_name.startswith('r-') or vm_name.startswith('l-'): try: util.pread2(['iptables', '-F', vmchain_default]) util.pread2(['iptables', '-X', vmchain_default]) @@ -461,7 +461,7 @@ def destroy_network_rules_for_vm(session, args): remove_rule_log_for_vm(vm_name) - if 1 in [ vm_name.startswith(c) for c in ['r-', 's-', 'v-'] ]: + if 1 in [ vm_name.startswith(c) for c in ['r-', 's-', 'v-', 'l-'] ]: return 'true' try: @@ -735,7 +735,7 @@ def network_rules_for_rebooted_vm(session, vmName): util.SMlog("Found a rebooted VM -- reprogramming rules for " + vm_name) delete_rules_for_vm_in_bridge_firewall_chain(vm_name) - if 1 in [ vm_name.startswith(c) for c in ['r-', 's-', 'v-'] ]: + if 1 in [ vm_name.startswith(c) for c in ['r-', 's-', 'v-', 'l-'] ]: default_network_rules_systemvm(session, {"vmName":vm_name}) return True @@ -823,7 +823,7 @@ def get_rule_logs_for_vms(session, args): result = [] try: for name in [session.xenapi.VM.get_name_label(x) for x in vms]: - if 1 not in [ name.startswith(c) for c in ['r-', 's-', 'v-', 'i-'] ]: + if 1 not in [ name.startswith(c) for c in ['r-', 's-', 'v-', 'i-', 'l-'] ]: continue network_rules_for_rebooted_vm(session, name) if name.startswith('i-'): @@ -840,7 +840,7 @@ def cleanup_rules_for_dead_vms(session): vms = session.xenapi.VM.get_all() cleaned = 0 for vm_name in [session.xenapi.VM.get_name_label(x) for x in vms]: - if 1 in [ vm_name.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]: + if 1 in [ vm_name.startswith(c) for c in ['r-', 'i-', 's-', 'v-', 'l-'] ]: vm = session.xenapi.VM.get_by_name_label(vm_name) if len(vm) != 1: continue @@ -868,7 +868,7 @@ def cleanup_rules(session, args): cleaned = 0 cleanup = [] for chain in chains: - if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]: + if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-', 'l-'] ]: vm = session.xenapi.VM.get_by_name_label(chain) if len(vm) != 1: util.SMlog("chain " + chain + " does not correspond to a vm, cleaning up") diff --git a/server/src/com/cloud/network/lb/dao/ElasticLbVmMapDaoImpl.java b/server/src/com/cloud/network/lb/dao/ElasticLbVmMapDaoImpl.java index e2e44c51e9a..9a753e63080 100644 --- a/server/src/com/cloud/network/lb/dao/ElasticLbVmMapDaoImpl.java +++ b/server/src/com/cloud/network/lb/dao/ElasticLbVmMapDaoImpl.java @@ -70,7 +70,7 @@ public class ElasticLbVmMapDaoImpl extends GenericDaoBase lbs = dao.listLbsForElbVm(10); + List lbs = dao.listLbsForElbVm(5); if (lbs == null) { System.out.println("Not Found"); } else { - System.out.println("Found"); + System.out.println("Found " + lbs.size() + " lbs"); } } }