etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bug 7659: fix the race condition that agent inside systemvm connecting to mgt server at the head of startcommand returning to mgt server, then got a NPE. and fix bugs in security group of KVM 

status 7659: resolved fixed
This commit is contained in:
edison 2010-12-28 15:48:34 -08:00
parent 960b91acc5
commit 3a143577b9
5 changed files with 54 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
scripts/vm/network/security_group.py
View File

@ -116,7 +116,7 @@ def destroy_network_rules_for_vm(vm_name):
delete_rules_for_vm_in_bridge_firewall_chain(vm_name)
if vm_name.startswith('i-') or vm_name.startswith('r-'):
vmchain = '-'.join(vm_name.split('-')[:-1])
vmchain_default = '-'.join(vm_name.split('-')[:-2]) + "-def"
vmchain_default = '-'.join(vm_name.split('-')[:-1]) + "-def"
destroy_ebtables_rules(vmchain)
@ -201,8 +201,6 @@ def default_network_rules_systemvm(vm_name):
vifs = getVifs(vm_name)
domid = getvmId(vm_name)
vmchain = vm_name
if vm_name.startswith('r-'):
vmchain = '-'.join(vm_name.split('-')[:-1])
delete_rules_for_vm_in_bridge_firewall_chain(vm_name)
@ -234,7 +232,6 @@ def default_network_rules(vm_name, vm_ip, vm_id, vm_mac):
vmName = vm_name
domID = getvmId(vm_name)
delete_rules_for_vm_in_bridge_firewall_chain(vmName)
vm_name = '-'.join(vm_name.split('-')[:-1])
vmchain = vm_name
vmchain_default = '-'.join(vmchain.split('-')[:-1]) + "-def"
@ -282,7 +279,7 @@ def default_network_rules(vm_name, vm_ip, vm_id, vm_mac):
def delete_rules_for_vm_in_bridge_firewall_chain(vmName):
vm_name = vmName
if vm_name.startswith('i-') or vm_name.startswith('r-'):
vm_name = '-'.join(vm_name.split('-')[:-2])
vm_name = '-'.join(vm_name.split('-')[:-1])
vmchain = vm_name
@ -295,52 +292,6 @@ def delete_rules_for_vm_in_bridge_firewall_chain(vmName):
except:
logging.exception("Ignoring failure to delete rules for vm " + vmName)
'''
def network_rules_for_rebooted_vm(vmName):
vm_name = vmName
vifs = getVifs(vmName)
logging.debug("Found a rebooted VM -- reprogramming rules for " + vmName)
delete_rules_for_vm_in_bridge_firewall_chain(vmName)
if 1 in [ vm_name.startswith(c) for c in ['r-', 's-', 'v-'] ]:
default_network_rules_systemvm(session, {"vmName":vmName})
return True
vmchain = '-'.join(vm_name.split('-')[:-1])
vmchain_default = '-'.join(vm_name.split('-')[:-2]) + "-def"
for v in vifs:
iptables('-A', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged', '--physdev-out', v, '-j', vmchain_default)
iptables('-A', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '-j', vmchain_default)
#change antispoof rule in vmchain
try:
delcmd = "iptables -S " + vmchain_default + " | grep physdev-in | sed 's/-A/-D/'"
inscmd = "iptables -S " + vmchain_default + " | grep physdev-in | grep vif | sed -r 's/vif[0-9]+.0/" + vif + "/' | sed 's/-A/-I/'"
inscmd2 = "iptables -S " + vmchain_default + " | grep physdev-in | grep tap | sed -r 's/tap[0-9]+.0/" + tap + "/' | sed 's/-A/-I/'"
ipts = []
for cmd in [delcmd, inscmd, inscmd2]:
cmds = bash('-c', cmd.split(' ')).split('\n')
cmds.pop()
for c in cmds:
ipt = c.split(' ')
ipt.pop()
ipts.append(ipt)
for ipt in ipts:
try:
iptables(ipt)
except:
logging.debug("Failed to rewrite antispoofing rules for vm " + vmName)
except:
logging.debug("No rules found for vm " + vmchain)
rewrite_rule_log_for_vm(vmName, curr_domid)
return True
'''
def rewrite_rule_log_for_vm(vm_name, new_domid):
logfilename = "/var/run/cloud/" + vm_name +".log"
if not os.path.exists(logfilename):
@ -395,16 +346,13 @@ def cleanup_rules_for_dead_vms():
def cleanup_rules():
try:
chainscmd = "iptables-save | grep '^:' | grep '.*-def' | awk '{print $1}' | cut -d':' -f2"
chainscmd = "iptables-save | grep '^:' | grep -v '.*-def' | awk '{print $1}' | cut -d':' -f2"
chains = execute(chainscmd).split('\n')
cleaned = 0
cleanup = []
for chain in chains:
if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]:
if chain.startswith('i-') or chain.startswith('r-'):
vm_name = chain + '-untagged'
else:
vm_name = chain
vm_name = chain
cmd = "virsh list |grep " + vm_name
try:
@ -421,7 +369,7 @@ def cleanup_rules():
cleanup.append(vm_name)
for vmname in cleanup:
destroy_network_rules_for_vm({'vmName':vmname})
destroy_network_rules_for_vm(vmname)
logging.debug("Cleaned up rules for " + str(len(cleanup)) + " chains")
except:

21
server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
View File

@ -2010,16 +2010,6 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx
NicProfile controlNic = (NicProfile)profile.getParameter("control.nic");
CheckSshCommand check = new CheckSshCommand(profile.getInstanceName(), controlNic.getIp4Address(), 3922, 5, 20);
cmds.addCommand("checkSsh", check);
return true;
}
@Override
public boolean finalizeStart(Commands cmds, VirtualMachineProfile<ConsoleProxyVO> profile, DeployDestination dest, ReservationContext context) {
CheckSshAnswer answer = (CheckSshAnswer)cmds.getAnswer("checkSsh");
if (!answer.getResult()) {
s_logger.warn("Unable to ssh to the VM: " + answer.getDetails());
return false;
}
ConsoleProxyVO proxy = profile.getVirtualMachine();
List<NicVO> nics = _nicDao.listBy(proxy.getId());
@ -2039,6 +2029,17 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx
proxy.setPrivateMacAddress(nic.getMacAddress());
}
}
_consoleProxyDao.update(proxy.getId(), proxy);
return true;
}
@Override
public boolean finalizeStart(Commands cmds, VirtualMachineProfile<ConsoleProxyVO> profile, DeployDestination dest, ReservationContext context) {
CheckSshAnswer answer = (CheckSshAnswer)cmds.getAnswer("checkSsh");
if (!answer.getResult()) {
s_logger.warn("Unable to ssh to the VM: " + answer.getDetails());
return false;
}
return true;
}

1
server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
View File

@ -1524,6 +1524,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
router.setPrivateMacAddress(nic.getMacAddress());
}
}
_routerDao.update(router.getId(), router);
//source NAT address is stored in /proc/cmdline of the domR and gets
//reassigned upon powerup. Source NAT rule gets configured in StartRouter command
//The command should be sent for domR only, skip for DHCP

39
server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
View File

@ -1509,6 +1509,26 @@ public class SecondaryStorageManagerImpl implements SecondaryStorageVmManager, V
NicProfile controlNic = (NicProfile)profile.getParameter("control.nic");
CheckSshCommand check = new CheckSshCommand(profile.getInstanceName(), controlNic.getIp4Address(), 3922, 5, 20);
cmds.addCommand("checkSsh", check);
SecondaryStorageVmVO secVm = profile.getVirtualMachine();
List<NicVO> nics = _nicDao.listBy(secVm.getId());
for (NicVO nic : nics) {
NetworkVO network = _networkDao.findById(nic.getNetworkId());
if (network.getTrafficType() == TrafficType.Public) {
secVm.setPublicIpAddress(nic.getIp4Address());
secVm.setPublicNetmask(nic.getNetmask());
secVm.setPublicMacAddress(nic.getMacAddress());
} else if (network.getTrafficType() == TrafficType.Control) {
secVm.setGuestIpAddress(nic.getIp4Address());
secVm.setGuestNetmask(nic.getNetmask());
secVm.setGuestMacAddress(nic.getMacAddress());
} else if (network.getTrafficType() == TrafficType.Management) {
secVm.setPrivateIpAddress(nic.getIp4Address());
secVm.setPrivateNetmask(nic.getNetmask());
secVm.setPrivateMacAddress(nic.getMacAddress());
}
}
_secStorageVmDao.update(secVm.getId(), secVm);
return true;
}
@ -1521,24 +1541,7 @@ public class SecondaryStorageManagerImpl implements SecondaryStorageVmManager, V
s_logger.warn("Unable to ssh to the VM: " + answer.getDetails());
return false;
}
SecondaryStorageVmVO secVm = profile.getVirtualMachine();
List<NicVO> nics = _nicDao.listBy(secVm.getId());
for (NicVO nic : nics) {
NetworkVO network = _networkDao.findById(nic.getNetworkId());
if (network.getTrafficType() == TrafficType.Public) {
secVm.setPublicIpAddress(nic.getIp4Address());
secVm.setPublicNetmask(nic.getNetmask());
secVm.setPublicMacAddress(nic.getMacAddress());
} else if (network.getTrafficType() == TrafficType.Control) {
secVm.setGuestIpAddress(nic.getIp4Address());
secVm.setGuestNetmask(nic.getNetmask());
secVm.setGuestMacAddress(nic.getMacAddress());
} else if (network.getTrafficType() == TrafficType.Management) {
secVm.setPrivateIpAddress(nic.getIp4Address());
secVm.setPrivateNetmask(nic.getNetmask());
secVm.setPrivateMacAddress(nic.getMacAddress());
}
}
return true;
}

30
server/src/com/cloud/vm/UserVmManagerImpl.java
View File

@ -2495,23 +2495,25 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
return true;
}
@Override
public boolean finalizeDeployment(Commands cmds, VirtualMachineProfile<UserVmVO> profile, DeployDestination dest, ReservationContext context) {
return true;
}
@Override
public boolean finalizeDeployment(Commands cmds, VirtualMachineProfile<UserVmVO> profile, DeployDestination dest, ReservationContext context) {
UserVmVO userVm = profile.getVirtualMachine();
List<NicVO> nics = _nicDao.listBy(userVm.getId());
for (NicVO nic : nics) {
NetworkVO network = _networkDao.findById(nic.getNetworkId());
if (network.getTrafficType() == TrafficType.Guest) {
userVm.setPrivateIpAddress(nic.getIp4Address());
userVm.setPrivateNetmask(nic.getNetmask());
userVm.setPrivateMacAddress(nic.getMacAddress());
}
}
_vmDao.update(userVm.getId(), userVm);
return true;
}
@Override
public boolean finalizeStart(Commands cmds, VirtualMachineProfile<UserVmVO> profile, DeployDestination dest, ReservationContext context) {
UserVmVO userVm = profile.getVirtualMachine();
List<NicVO> nics = _nicDao.listBy(userVm.getId());
for (NicVO nic : nics) {
NetworkVO network = _networkDao.findById(nic.getNetworkId());
if (network.getTrafficType() == TrafficType.Guest) {
userVm.setPrivateIpAddress(nic.getIp4Address());
userVm.setPrivateNetmask(nic.getNetmask());
userVm.setPrivateMacAddress(nic.getMacAddress());
}
}
return true;
}