Merge release branch 4.13 to master

* 4.13: vr: add missing rule for port forwarding rule in vpc (#3857) vpc: set traffic type of private gateway IP to Public to fix ke… (#3851)
2020-02-06 20:38:07 +01:00 · 2020-02-06 20:38:07 +01:00 · 10482da136
parent 33e9a50945 d88c614a35
commit 10482da136
5 changed files with 50 additions and 5 deletions
--- a/engine/schema/src/main/java/com/cloud/network/vpc/dao/VpcGatewayDao.java
+++ b/engine/schema/src/main/java/com/cloud/network/vpc/dao/VpcGatewayDao.java
@ -32,4 +32,6 @@ public interface VpcGatewayDao extends GenericDao<VpcGatewayVO, Long> {
    List<VpcGatewayVO> listByAclIdAndType(long aclId, VpcGateway.Type type);

    List<VpcGatewayVO> listByVpcId(long vpcId);
+
+    VpcGatewayVO getVpcGatewayByNetworkId(long networkId);
 }
--- a/engine/schema/src/main/java/com/cloud/network/vpc/dao/VpcGatewayDaoImpl.java
+++ b/engine/schema/src/main/java/com/cloud/network/vpc/dao/VpcGatewayDaoImpl.java
@ -89,4 +89,11 @@ public class VpcGatewayDaoImpl extends GenericDaoBase<VpcGatewayVO, Long> implem
        sc.setParameters("vpcId", vpcId);
        return listBy(sc);
    }
+
+    @Override
+    public VpcGatewayVO getVpcGatewayByNetworkId(long networkId) {
+        SearchCriteria<VpcGatewayVO> sc = AllFieldsSearch.create();
+        sc.setParameters("networkid", networkId);
+        return findOneBy(sc);
+    }
 }
--- a/server/src/main/java/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkModelImpl.java
@ -94,7 +94,9 @@ import com.cloud.network.element.UserDataServiceProvider;
 import com.cloud.network.rules.FirewallRule.Purpose;
 import com.cloud.network.rules.FirewallRuleVO;
 import com.cloud.network.rules.dao.PortForwardingRulesDao;
+import com.cloud.network.vpc.VpcGatewayVO;
 import com.cloud.network.vpc.dao.PrivateIpDao;
+import com.cloud.network.vpc.dao.VpcGatewayDao;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offering.NetworkOffering.Detail;
 import com.cloud.offerings.NetworkOfferingServiceMapVO;
@ -158,6 +160,8 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel, Confi
    NicDao _nicDao = null;
    @Inject
    PodVlanMapDao _podVlanMapDao;
+    @Inject
+    VpcGatewayDao _vpcGatewayDao;

    private List<NetworkElement> networkElements;

@ -1780,8 +1784,8 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel, Confi

    @Override
    public boolean isPrivateGateway(long ntwkId) {
-        Network network = getNetwork(ntwkId);
-        if (network.getTrafficType() != TrafficType.Guest || network.getNetworkOfferingId() != s_privateOfferingId.longValue()) {
+        final VpcGatewayVO gateway = _vpcGatewayDao.getVpcGatewayByNetworkId(ntwkId);
+        if (gateway == null) {
            return false;
        }
        return true;
--- a/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java
+++ b/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java
@ -104,7 +104,9 @@ import com.cloud.network.vpc.PrivateIpAddress;
 import com.cloud.network.vpc.StaticRouteProfile;
 import com.cloud.network.vpc.Vpc;
 import com.cloud.network.vpc.VpcGateway;
+import com.cloud.network.vpc.VpcGatewayVO;
 import com.cloud.network.vpc.dao.VpcDao;
+import com.cloud.network.vpc.dao.VpcGatewayDao;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offerings.NetworkOfferingVO;
 import com.cloud.offerings.dao.NetworkOfferingDao;
@ -170,6 +172,8 @@ public class CommandSetupHelper {
    @Inject
    private VpcDao _vpcDao;
    @Inject
+    private VpcGatewayDao _vpcGatewayDao;
+    @Inject
    private VlanDao _vlanDao;
    @Inject
    private IPAddressDao _ipAddressDao;
@ -707,7 +711,7 @@ public class CommandSetupHelper {
                final IpAddressTO ip = new IpAddressTO(ipAddr.getAccountId(), ipAddr.getAddress().addr(), add, firstIP, sourceNat, BroadcastDomainType.fromString(ipAddr.getVlanTag()).toString(), ipAddr.getGateway(),
                        ipAddr.getNetmask(), macAddress, networkRate, ipAddr.isOneToOneNat());

-                ip.setTrafficType(network.getTrafficType());
+                ip.setTrafficType(getNetworkTrafficType(network));
                ip.setNetworkName(_networkModel.getNetworkTag(router.getHypervisorType(), network));
                ipsToSend[i++] = ip;
                if (ipAddr.isSourceNat()) {
@ -823,7 +827,7 @@ public class CommandSetupHelper {
                final IpAddressTO ip = new IpAddressTO(ipAddr.getAccountId(), ipAddr.getAddress().addr(), add, firstIP, sourceNat, vlanId, vlanGateway, vlanNetmask,
                        vifMacAddress, networkRate, ipAddr.isOneToOneNat());

-                ip.setTrafficType(network.getTrafficType());
+                ip.setTrafficType(getNetworkTrafficType(network));
                ip.setNetworkName(_networkModel.getNetworkTag(router.getHypervisorType(), network));
                ipsToSend[i++] = ip;
                /*
@ -948,7 +952,7 @@ public class CommandSetupHelper {
                final IpAddressTO ip = new IpAddressTO(Account.ACCOUNT_ID_SYSTEM, ipAddr.getIpAddress(), add, false, ipAddr.getSourceNat(), ipAddr.getBroadcastUri(),
                        ipAddr.getGateway(), ipAddr.getNetmask(), ipAddr.getMacAddress(), null, false);

-                ip.setTrafficType(network.getTrafficType());
+                ip.setTrafficType(getNetworkTrafficType(network));
                ip.setNetworkName(_networkModel.getNetworkTag(router.getHypervisorType(), network));
                ipsToSend[i++] = ip;

@ -1101,4 +1105,14 @@ public class CommandSetupHelper {
        }
        return dhcpRange;
    }
+
+    private TrafficType getNetworkTrafficType(Network network) {
+        final VpcGatewayVO gateway = _vpcGatewayDao.getVpcGatewayByNetworkId(network.getId());
+        if (gateway != null) {
+            s_logger.debug("network " + network.getId() + " (name: " + network.getName() + " ) is a vpc private gateway, set traffic type to Public");
+            return TrafficType.Public;
+        } else {
+            return network.getTrafficType();
+        }
+    }
 }
--- a/systemvm/debian/opt/cloud/bin/configure.py
+++ b/systemvm/debian/opt/cloud/bin/configure.py
@ -793,6 +793,12 @@ class CsForwardingRules(CsDataBag):

        return None

+    def getGuestIpByIp(self, ipa):
+        for interface in self.config.address().get_interfaces():
+            if interface.ip_in_subnet(ipa):
+                return interface.get_ip()
+        return None
+
    def getDeviceByIp(self, ipa):
        for interface in self.config.address().get_interfaces():
            if interface.ip_in_subnet(ipa):
@ -930,8 +936,20 @@ class CsForwardingRules(CsDataBag):
        if not rule["internal_ports"] == "any":
            fw_output_rule += ":" + self.portsToString(rule["internal_ports"], "-")

+        fw_postrout_rule2 = "-j SNAT --to-source %s -A POSTROUTING -s %s -d %s/32 -o %s -p %s -m %s --dport %s" % \
+            (
+                self.getGuestIpByIp(rule['internal_ip']),
+                self.getNetworkByIp(rule['internal_ip']),
+                rule['internal_ip'],
+                self.getDeviceByIp(rule['internal_ip']),
+                rule['protocol'],
+                rule['protocol'],
+                self.portsToString(rule['internal_ports'], ':')
+            )
+
        self.fw.append(["nat", "", fw_prerout_rule])
        self.fw.append(["nat", "", fw_postrout_rule])
+        self.fw.append(["nat", "", fw_postrout_rule2])
        self.fw.append(["nat", "", fw_output_rule])

    def processStaticNatRule(self, rule):