diff --git a/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java b/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java index a5f4deb1776..efe6ea3861f 100644 --- a/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java +++ b/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java @@ -161,6 +161,17 @@ public class ConsoleProxyResource extends ServerResourceBase implements ServerRe return new Answer(cmd, success, errorStr!=null?errorStr:successStr); } + + private void disableRpFilter() { + try { + FileWriter fstream = new FileWriter("/proc/sys/net/ipv4/conf/eth2/rp_filter"); + BufferedWriter out = new BufferedWriter(fstream); + out.write("0"); + out.close(); + } catch(IOException e) { + s_logger.warn("Unable to disable rp_filter"); + } + } private boolean copyCertToDirectory(String certificate, String filePath) throws IOException { boolean success; @@ -302,6 +313,11 @@ public class ConsoleProxyResource extends ServerResourceBase implements ServerRe _pubIp = (String)params.get("public.ip"); + value = (String)params.get("disable_rp_filter"); + if(value != null && value.equalsIgnoreCase("true")) { + disableRpFilter(); + } + if(s_logger.isInfoEnabled()) s_logger.info("Receive proxyVmId in ConsoleProxyResource configuration as " + _proxyVmId); diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index a3fe5052336..f12828019e4 100644 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -97,6 +97,7 @@ public enum Config { ConsoleProxyRamSize("Console Proxy", AgentManager.class, Integer.class, "consoleproxy.ram.size", "1024", "RAM size (in MB) used to create new console proxy VMs", null), ConsoleProxySessionMax("Console Proxy", AgentManager.class, Integer.class, "consoleproxy.session.max", "50", "The max number of viewer sessions console proxy is configured to serve for", null), ConsoleProxySessionTimeout("Console Proxy", AgentManager.class, Integer.class, "consoleproxy.session.timeout", "300000", "Timeout(in milliseconds) that console proxy tries to maintain a viewer session before it times out the session for no activity", null), + ConsoleProxyDisableRpFilter("Console Proxy", AgentManager.class, Integer.class, "consoleproxy.disable.rpfilter", "false", "disable rp_filter on console proxy VM public interface", null), // ConsoleProxyURLPort("Console Proxy", ManagementServer.class, Integer.class, "consoleproxy.url.port", "80", "Console proxy port for AJAX viewer", null), diff --git a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java index da41b0e05b1..4ccbe5b508d 100644 --- a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java +++ b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java @@ -262,7 +262,7 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx private int _ssh_sleep; private boolean _use_lvm; private boolean _use_storage_vm; - + private boolean _disable_rp_filter = false; private String _domain; private String _instance; @@ -1844,6 +1844,10 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx if (value != null) { _consoleProxyUrlPort = NumbersUtil.parseInt(value, ConsoleProxyManager.DEFAULT_PROXY_URL_PORT); } + + value = configs.get(Config.ConsoleProxyDisableRpFilter.key()); + if(value != null && value.equalsIgnoreCase("true")) + _disable_rp_filter = true; value = configs.get("system.vm.use.local.storage"); if (value != null && value.equalsIgnoreCase("true")) { @@ -1948,6 +1952,8 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx buf.append(" pod=").append(dest.getPod().getId()); buf.append(" guid=Proxy.").append(profile.getId()); buf.append(" proxy_vm=").append(profile.getId()); + if(_disable_rp_filter) + buf.append(" disable_rp_filter=true"); boolean externalDhcp = false; String externalDhcpStr = _configDao.getValue("direct.attach.network.externalIpAllocator.enabled");