From 1c702a1d69b2eac61302c868eb3f9292ef32f740 Mon Sep 17 00:00:00 2001 From: Kelven Yang Date: Thu, 21 Oct 2010 21:36:56 -0700 Subject: [PATCH] 1) As the lack of dom0 scripting support in vmware hyperviors, domR, and other system VM will fall back to private network interface instead of link local interface, accordingly, domR scripting will be running directly inside domR and be driven from management server instead of dom0 host 2) firewall/sshd setting changes for #1 --- .../cloud/agent/api/StartRouterCommand.java | 11 ++++++++-- .../config/etc/init.d/cloud-early-config | 22 ++++++++++++++----- .../config/etc/iptables/iptables-consoleproxy | 2 ++ .../config/etc/iptables/iptables-secstorage | 1 + .../systemvm/debian/config/root/userdata.py | 3 --- .../router/DomainRouterManagerImpl.java | 4 +++- 6 files changed, 31 insertions(+), 12 deletions(-) diff --git a/core/src/com/cloud/agent/api/StartRouterCommand.java b/core/src/com/cloud/agent/api/StartRouterCommand.java index 3f6b5bfe858..795137eb21d 100755 --- a/core/src/com/cloud/agent/api/StartRouterCommand.java +++ b/core/src/com/cloud/agent/api/StartRouterCommand.java @@ -31,6 +31,7 @@ public class StartRouterCommand extends AbstractStartCommand { int networkRateMbps; int networkRateMulticastMbps; private String guestOSDescription; + private String mgmt_host; protected StartRouterCommand() { super(); @@ -43,12 +44,13 @@ public class StartRouterCommand extends AbstractStartCommand { public StartRouterCommand(DomainRouterVO router, int networkRateMbps, int networkRateMulticastMbps, String routerName, String[] storageIps, List vols, boolean mirroredVols, - String guestOSDescription ) { + String guestOSDescription, String mgmtHost) { super(routerName, storageIps, vols, mirroredVols); this.router = router; this.networkRateMbps = networkRateMbps; this.networkRateMulticastMbps = networkRateMulticastMbps; this.guestOSDescription = guestOSDescription; + this.mgmt_host = mgmtHost; } public DomainRouter getRouter() { @@ -66,12 +68,17 @@ public class StartRouterCommand extends AbstractStartCommand { public int getNetworkRateMulticastMbps() { return networkRateMulticastMbps; } + + public String getManagementHost() { + return mgmt_host; + } + public String getBootArgs() { String eth2Ip = router.getPublicIpAddress()==null?"0.0.0.0":router.getPublicIpAddress(); String basic = " eth0ip=" + router.getGuestIpAddress() + " eth0mask=" + router.getGuestNetmask() + " eth1ip=" + router.getPrivateIpAddress() + " eth1mask=" + router.getPrivateNetmask() + " gateway=" + router.getGateway() - + " dns1=" + router.getDns1() + " name=" + router.getName(); + + " dns1=" + router.getDns1() + " name=" + router.getName() + " mgmtcidr=" + mgmt_host; if (!router.getPublicMacAddress().equalsIgnoreCase("FE:FF:FF:FF:FF:FF")) { basic = basic + " eth2ip=" + eth2Ip + " eth2mask=" + router.getPublicNetmask(); } diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config index da3487c7a73..e3955c0a5e6 100755 --- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config +++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config @@ -43,9 +43,9 @@ patch() { privkey=/var/cache/cloud/authorized_keys umount $EXTRA_MOUNT elif [ -e /dev/cdrom1 ]; then - vmware-guestd --cmd 'machine.id.get' > /var/cache/cloud/cmdline + vmware-guestd --cmd 'machine.id.get' > /var/cache/cloud/cmdline else - cat /proc/cmdline > /var/cache/cloud/cmdline + cat /proc/cmdline > /var/cache/cloud/cmdline fi if [ -e /dev/xvdd ]; then @@ -258,9 +258,13 @@ setup_secstorage() { echo "$public_ip $NAME" >> /etc/hosts cp /etc/iptables/iptables-secstorage /etc/iptables/rules - setup_sshd $ETH0_IP + if [ -e /dev/cdrom1 ]; then + setup_sshd $ETH1_IP + else + setup_sshd $ETH0_IP + fi setup_apache2 $ETH2_IP - + enable_fwding 0 enable_svc haproxy 0 enable_svc dnsmasq 0 @@ -268,7 +272,6 @@ setup_secstorage() { enable_svc cloud 1 } - setup_console_proxy() { log_action_begin_msg "Setting up console proxy system vm" setup_common eth0 eth1 eth2 @@ -277,7 +280,11 @@ setup_console_proxy() { sed -i /gateway/d /etc/hosts echo "$public_ip $NAME" >> /etc/hosts cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules - setup_sshd $ETH0_IP + if [ -e /dev/cdrom1 ]; then + setup_sshd $ETH1_IP + else + setup_sshd $ETH0_IP + fi enable_fwding 0 enable_svc haproxy 0 @@ -346,6 +353,9 @@ for i in $CMDLINE eth2ip) ETH2_IP=$VALUE ;; + host) + MGMT_HOST=$VALUE + ;; gateway) GW=$VALUE ;; diff --git a/patches/systemvm/debian/config/etc/iptables/iptables-consoleproxy b/patches/systemvm/debian/config/etc/iptables/iptables-consoleproxy index 92a26f7b558..dbd092cb269 100644 --- a/patches/systemvm/debian/config/etc/iptables/iptables-consoleproxy +++ b/patches/systemvm/debian/config/etc/iptables/iptables-consoleproxy @@ -14,7 +14,9 @@ COMMIT -A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 3922 -j ACCEPT +-A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 3922 -j ACCEPT -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT +-A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT -A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT COMMIT diff --git a/patches/systemvm/debian/config/etc/iptables/iptables-secstorage b/patches/systemvm/debian/config/etc/iptables/iptables-secstorage index ef733c431a0..ffdf116be15 100644 --- a/patches/systemvm/debian/config/etc/iptables/iptables-secstorage +++ b/patches/systemvm/debian/config/etc/iptables/iptables-secstorage @@ -17,4 +17,5 @@ COMMIT -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT +-A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT COMMIT diff --git a/patches/systemvm/debian/config/root/userdata.py b/patches/systemvm/debian/config/root/userdata.py index db4776b40ca..553f1d4c1df 100644 --- a/patches/systemvm/debian/config/root/userdata.py +++ b/patches/systemvm/debian/config/root/userdata.py @@ -8,8 +8,6 @@ def vm_data(args): router_ip = args.pop('routerIP') vm_ip = args.pop('vmIP') - util.SMlog(" adding vmdata for VM with IP: " + vm_ip + " to router with IP: " + router_ip) - for pair in args: pairList = pair.split(',') vmDataFolder = pairList[0] @@ -41,7 +39,6 @@ def vm_data(args): txt = util.pread2(cmd) txt = 'success' except: - util.SMlog(" vmdata failed with folder: " + vmDataFolder + " and file: " + vmDataFile) txt = '' if (fd != None): diff --git a/server/src/com/cloud/network/router/DomainRouterManagerImpl.java b/server/src/com/cloud/network/router/DomainRouterManagerImpl.java index 6e2e7da983c..ff037fd9db1 100644 --- a/server/src/com/cloud/network/router/DomainRouterManagerImpl.java +++ b/server/src/com/cloud/network/router/DomainRouterManagerImpl.java @@ -230,6 +230,7 @@ public class DomainRouterManagerImpl implements DomainRouterManager, VirtualMach String _domain; String _instance; String _defaultHypervisorType; + String _mgmt_host; int _routerCleanupInterval = 3600; int _routerStatsInterval = 300; @@ -970,7 +971,7 @@ public class DomainRouterManagerImpl implements DomainRouterManager, VirtualMach } final StartRouterCommand cmdStartRouter = new StartRouterCommand(router, _networkRate, - _multicastRate, name, storageIps, vols, mirroredVols, guestOSDescription); + _multicastRate, name, storageIps, vols, mirroredVols, guestOSDescription, _mgmt_host); answer = _agentMgr.send(routingHost.getId(), cmdStartRouter); if (answer != null && answer.getResult()) { if (answer instanceof StartRouterAnswer){ @@ -1411,6 +1412,7 @@ public class DomainRouterManagerImpl implements DomainRouterManager, VirtualMach final Map configs = _configDao.getConfiguration("AgentManager", params); + _mgmt_host = configs.get("host"); _routerRamSize = NumbersUtil.parseInt(configs.get("router.ram.size"), 128); // String value = configs.get("guest.ip.network");