From 3263fd596e1a8d8b8543410529d32a2984dd6ba0 Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Tue, 13 Dec 2011 14:47:03 -0800 Subject: [PATCH] bug 10904: add a global config to enable/disable automatically add the vm to the default security group status 10904: resolved fixed --- server/src/com/cloud/configuration/Config.java | 2 ++ server/src/com/cloud/network/NetworkManager.java | 2 ++ server/src/com/cloud/network/NetworkManagerImpl.java | 6 ++++++ server/src/com/cloud/vm/UserVmManagerImpl.java | 8 ++++---- setup/db/db/schema-2214to30.sql | 1 + 5 files changed, 15 insertions(+), 4 deletions(-) diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index be8a22482eb..af5dc697f38 100755 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -102,6 +102,8 @@ public enum Config { SecurityGroupWorkerThreads("Network", ManagementServer.class, Integer.class, "network.securitygroups.workers.pool.size", "50", "Number of worker threads processing the security group update work queue", null), SecurityGroupWorkGlobalLockTimeout("Network", ManagementServer.class, Integer.class, "network.securitygroups.work.lock.timeout", "300", "Lock wait timeout (seconds) while updating the security group work queue", null), SecurityGroupWorkPerAgentMaxQueueSize("Network", ManagementServer.class, Integer.class, "network.securitygroups.work.per.agent.queue.size", "100", "The number of outstanding security group work items that can be queued to a host. If exceeded, work items will get dropped to conserve memory. Security Group Sync will take care of ensuring that the host gets updated eventually", null), + + SecurityGroupDefaultAdding("Network", ManagementServer.class, Boolean.class, "network.securitygroups.defaultadding", "true", "If true, the user VM would be added to the default security group by default", null), FirewallRuleUiEnabled("Network", ManagementServer.class, Boolean.class, "firewall.rule.ui.enabled", "false", "enable/disable UI that separates firewall rules from NAT/LB rules", null), diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java index 23f170e822d..51443a9f160 100644 --- a/server/src/com/cloud/network/NetworkManager.java +++ b/server/src/com/cloud/network/NetworkManager.java @@ -258,4 +258,6 @@ public interface NetworkManager extends NetworkService { List getPhysicalNetworkInfo(long dcId, HypervisorType hypervisorType); + + boolean canAddDefaultSecurityGroup(); } diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index eddf084c52e..c033ae0bf55 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -5201,4 +5201,10 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } } } + + @Override + public boolean canAddDefaultSecurityGroup() { + String defaultAdding = _configDao.getValue(Config.SecurityGroupDefaultAdding.key()); + return (defaultAdding != null && defaultAdding.equalsIgnoreCase("true")); + } } diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index d99107f604c..40bb43bf928 100755 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -2050,7 +2050,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager if (securityGroupIdList != null && isVmWare) { throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor"); - } else if (!isVmWare && _networkMgr.isSecurityGroupSupportedInNetwork(defaultNetwork)) { + } else if (!isVmWare && _networkMgr.isSecurityGroupSupportedInNetwork(defaultNetwork) && _networkMgr.canAddDefaultSecurityGroup()) { if (securityGroupIdList == null) { securityGroupIdList = new ArrayList(); } @@ -2162,7 +2162,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager } // if network is security group enabled, and default security group is not present in the list of groups specified, add it automatically - if (isSecurityGroupEnabledNetworkUsed && !isVmWare) { + if (isSecurityGroupEnabledNetworkUsed && !isVmWare && _networkMgr.canAddDefaultSecurityGroup()) { if (securityGroupIdList == null) { securityGroupIdList = new ArrayList(); } @@ -2828,9 +2828,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager } UserVO user = _userDao.findById(userId); - + //check if vm is security group enabled - if (_securityGroupMgr.isVmSecurityGroupEnabled(vmId) && !_securityGroupMgr.isVmMappedToDefaultSecurityGroup(vmId)) { + if (_securityGroupMgr.isVmSecurityGroupEnabled(vmId) && !_securityGroupMgr.isVmMappedToDefaultSecurityGroup(vmId) && _networkMgr.canAddDefaultSecurityGroup()) { //if vm is not mapped to security group, create a mapping if (s_logger.isDebugEnabled()) { s_logger.debug("Vm " + vm + " is security group enabled, but not mapped to default security group; creating the mapping automatically"); diff --git a/setup/db/db/schema-2214to30.sql b/setup/db/db/schema-2214to30.sql index 836f9fbb53a..5ff9ce6570e 100755 --- a/setup/db/db/schema-2214to30.sql +++ b/setup/db/db/schema-2214to30.sql @@ -114,6 +114,7 @@ INSERT IGNORE INTO configuration VALUES ('Alert', 'DEFAULT', 'management-server' INSERT IGNORE INTO configuration VALUES ('Alert', 'DEFAULT', 'management-server', 'zone.secstorage.capacity.notificationthreshold' , .75, 'Percentage (as a value between 0 and 1) of secondary storage utilization above which alerts will be sent about low storage available.'); INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'management-server', 'custom.diskoffering.size.min', '1', 'Minimum size in GB for custom disk offering'); INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'management-server', 'custom.diskoffering.size.max', '1024', 'Maximum size in GB for custom disk offering'); +INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-server', 'network.securitygroups.defaultadding' , 'true', 'If true, the user VM would be added to the default security group by default'); update configuration set name = 'cluster.storage.allocated.capacity.notificationthreshold' , category = 'Alert' where name = 'storage.allocated.capacity.threshold' ; update configuration set name = 'cluster.storage.capacity.notificationthreshold' , category = 'Alert' where name = 'storage.capacity.threshold' ;