diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py index 6a13ef4ced1..abd7da8c441 100755 --- a/scripts/vm/network/security_group.py +++ b/scripts/vm/network/security_group.py @@ -116,7 +116,7 @@ def destroy_network_rules_for_vm(vm_name): delete_rules_for_vm_in_bridge_firewall_chain(vm_name) if vm_name.startswith('i-') or vm_name.startswith('r-'): vmchain = '-'.join(vm_name.split('-')[:-1]) - vmchain_default = '-'.join(vm_name.split('-')[:-2]) + "-def" + vmchain_default = '-'.join(vm_name.split('-')[:-1]) + "-def" destroy_ebtables_rules(vmchain) @@ -201,8 +201,6 @@ def default_network_rules_systemvm(vm_name): vifs = getVifs(vm_name) domid = getvmId(vm_name) vmchain = vm_name - if vm_name.startswith('r-'): - vmchain = '-'.join(vm_name.split('-')[:-1]) delete_rules_for_vm_in_bridge_firewall_chain(vm_name) @@ -234,7 +232,6 @@ def default_network_rules(vm_name, vm_ip, vm_id, vm_mac): vmName = vm_name domID = getvmId(vm_name) delete_rules_for_vm_in_bridge_firewall_chain(vmName) - vm_name = '-'.join(vm_name.split('-')[:-1]) vmchain = vm_name vmchain_default = '-'.join(vmchain.split('-')[:-1]) + "-def" @@ -282,7 +279,7 @@ def default_network_rules(vm_name, vm_ip, vm_id, vm_mac): def delete_rules_for_vm_in_bridge_firewall_chain(vmName): vm_name = vmName if vm_name.startswith('i-') or vm_name.startswith('r-'): - vm_name = '-'.join(vm_name.split('-')[:-2]) + vm_name = '-'.join(vm_name.split('-')[:-1]) vmchain = vm_name @@ -295,52 +292,6 @@ def delete_rules_for_vm_in_bridge_firewall_chain(vmName): except: logging.exception("Ignoring failure to delete rules for vm " + vmName) -''' -def network_rules_for_rebooted_vm(vmName): - vm_name = vmName - vifs = getVifs(vmName) - logging.debug("Found a rebooted VM -- reprogramming rules for " + vmName) - - delete_rules_for_vm_in_bridge_firewall_chain(vmName) - if 1 in [ vm_name.startswith(c) for c in ['r-', 's-', 'v-'] ]: - default_network_rules_systemvm(session, {"vmName":vmName}) - return True - - vmchain = '-'.join(vm_name.split('-')[:-1]) - vmchain_default = '-'.join(vm_name.split('-')[:-2]) + "-def" - - for v in vifs: - iptables('-A', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged', '--physdev-out', v, '-j', vmchain_default) - iptables('-A', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '-j', vmchain_default) - - #change antispoof rule in vmchain - try: - delcmd = "iptables -S " + vmchain_default + " | grep physdev-in | sed 's/-A/-D/'" - inscmd = "iptables -S " + vmchain_default + " | grep physdev-in | grep vif | sed -r 's/vif[0-9]+.0/" + vif + "/' | sed 's/-A/-I/'" - inscmd2 = "iptables -S " + vmchain_default + " | grep physdev-in | grep tap | sed -r 's/tap[0-9]+.0/" + tap + "/' | sed 's/-A/-I/'" - - ipts = [] - for cmd in [delcmd, inscmd, inscmd2]: - cmds = bash('-c', cmd.split(' ')).split('\n') - cmds.pop() - for c in cmds: - ipt = c.split(' ') - ipt.pop() - ipts.append(ipt) - - for ipt in ipts: - try: - iptables(ipt) - except: - logging.debug("Failed to rewrite antispoofing rules for vm " + vmName) - except: - logging.debug("No rules found for vm " + vmchain) - - - rewrite_rule_log_for_vm(vmName, curr_domid) - return True -''' - def rewrite_rule_log_for_vm(vm_name, new_domid): logfilename = "/var/run/cloud/" + vm_name +".log" if not os.path.exists(logfilename): @@ -395,16 +346,13 @@ def cleanup_rules_for_dead_vms(): def cleanup_rules(): try: - chainscmd = "iptables-save | grep '^:' | grep '.*-def' | awk '{print $1}' | cut -d':' -f2" + chainscmd = "iptables-save | grep '^:' | grep -v '.*-def' | awk '{print $1}' | cut -d':' -f2" chains = execute(chainscmd).split('\n') cleaned = 0 cleanup = [] for chain in chains: if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]: - if chain.startswith('i-') or chain.startswith('r-'): - vm_name = chain + '-untagged' - else: - vm_name = chain + vm_name = chain cmd = "virsh list |grep " + vm_name try: @@ -421,7 +369,7 @@ def cleanup_rules(): cleanup.append(vm_name) for vmname in cleanup: - destroy_network_rules_for_vm({'vmName':vmname}) + destroy_network_rules_for_vm(vmname) logging.debug("Cleaned up rules for " + str(len(cleanup)) + " chains") except: diff --git a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java index e0ce0d848eb..da41b0e05b1 100644 --- a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java +++ b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java @@ -2010,16 +2010,6 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx NicProfile controlNic = (NicProfile)profile.getParameter("control.nic"); CheckSshCommand check = new CheckSshCommand(profile.getInstanceName(), controlNic.getIp4Address(), 3922, 5, 20); cmds.addCommand("checkSsh", check); - return true; - } - - @Override - public boolean finalizeStart(Commands cmds, VirtualMachineProfile profile, DeployDestination dest, ReservationContext context) { - CheckSshAnswer answer = (CheckSshAnswer)cmds.getAnswer("checkSsh"); - if (!answer.getResult()) { - s_logger.warn("Unable to ssh to the VM: " + answer.getDetails()); - return false; - } ConsoleProxyVO proxy = profile.getVirtualMachine(); List nics = _nicDao.listBy(proxy.getId()); @@ -2039,6 +2029,17 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx proxy.setPrivateMacAddress(nic.getMacAddress()); } } + _consoleProxyDao.update(proxy.getId(), proxy); + return true; + } + + @Override + public boolean finalizeStart(Commands cmds, VirtualMachineProfile profile, DeployDestination dest, ReservationContext context) { + CheckSshAnswer answer = (CheckSshAnswer)cmds.getAnswer("checkSsh"); + if (!answer.getResult()) { + s_logger.warn("Unable to ssh to the VM: " + answer.getDetails()); + return false; + } return true; } diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index c1f42920d81..e913d48d65b 100644 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -1524,6 +1524,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian router.setPrivateMacAddress(nic.getMacAddress()); } } + _routerDao.update(router.getId(), router); //source NAT address is stored in /proc/cmdline of the domR and gets //reassigned upon powerup. Source NAT rule gets configured in StartRouter command //The command should be sent for domR only, skip for DHCP diff --git a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java index c96294cee09..b2f7dc294fe 100644 --- a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java +++ b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java @@ -1509,6 +1509,26 @@ public class SecondaryStorageManagerImpl implements SecondaryStorageVmManager, V NicProfile controlNic = (NicProfile)profile.getParameter("control.nic"); CheckSshCommand check = new CheckSshCommand(profile.getInstanceName(), controlNic.getIp4Address(), 3922, 5, 20); cmds.addCommand("checkSsh", check); + + SecondaryStorageVmVO secVm = profile.getVirtualMachine(); + List nics = _nicDao.listBy(secVm.getId()); + for (NicVO nic : nics) { + NetworkVO network = _networkDao.findById(nic.getNetworkId()); + if (network.getTrafficType() == TrafficType.Public) { + secVm.setPublicIpAddress(nic.getIp4Address()); + secVm.setPublicNetmask(nic.getNetmask()); + secVm.setPublicMacAddress(nic.getMacAddress()); + } else if (network.getTrafficType() == TrafficType.Control) { + secVm.setGuestIpAddress(nic.getIp4Address()); + secVm.setGuestNetmask(nic.getNetmask()); + secVm.setGuestMacAddress(nic.getMacAddress()); + } else if (network.getTrafficType() == TrafficType.Management) { + secVm.setPrivateIpAddress(nic.getIp4Address()); + secVm.setPrivateNetmask(nic.getNetmask()); + secVm.setPrivateMacAddress(nic.getMacAddress()); + } + } + _secStorageVmDao.update(secVm.getId(), secVm); return true; } @@ -1521,24 +1541,7 @@ public class SecondaryStorageManagerImpl implements SecondaryStorageVmManager, V s_logger.warn("Unable to ssh to the VM: " + answer.getDetails()); return false; } - SecondaryStorageVmVO secVm = profile.getVirtualMachine(); - List nics = _nicDao.listBy(secVm.getId()); - for (NicVO nic : nics) { - NetworkVO network = _networkDao.findById(nic.getNetworkId()); - if (network.getTrafficType() == TrafficType.Public) { - secVm.setPublicIpAddress(nic.getIp4Address()); - secVm.setPublicNetmask(nic.getNetmask()); - secVm.setPublicMacAddress(nic.getMacAddress()); - } else if (network.getTrafficType() == TrafficType.Control) { - secVm.setGuestIpAddress(nic.getIp4Address()); - secVm.setGuestNetmask(nic.getNetmask()); - secVm.setGuestMacAddress(nic.getMacAddress()); - } else if (network.getTrafficType() == TrafficType.Management) { - secVm.setPrivateIpAddress(nic.getIp4Address()); - secVm.setPrivateNetmask(nic.getNetmask()); - secVm.setPrivateMacAddress(nic.getMacAddress()); - } - } + return true; } diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index c6de140f8de..36ba50a218a 100755 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -2495,23 +2495,25 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager return true; } - @Override - public boolean finalizeDeployment(Commands cmds, VirtualMachineProfile profile, DeployDestination dest, ReservationContext context) { - return true; - } + @Override + public boolean finalizeDeployment(Commands cmds, VirtualMachineProfile profile, DeployDestination dest, ReservationContext context) { + UserVmVO userVm = profile.getVirtualMachine(); + List nics = _nicDao.listBy(userVm.getId()); + for (NicVO nic : nics) { + NetworkVO network = _networkDao.findById(nic.getNetworkId()); + if (network.getTrafficType() == TrafficType.Guest) { + userVm.setPrivateIpAddress(nic.getIp4Address()); + userVm.setPrivateNetmask(nic.getNetmask()); + userVm.setPrivateMacAddress(nic.getMacAddress()); + } + } + _vmDao.update(userVm.getId(), userVm); + + return true; + } @Override public boolean finalizeStart(Commands cmds, VirtualMachineProfile profile, DeployDestination dest, ReservationContext context) { - UserVmVO userVm = profile.getVirtualMachine(); - List nics = _nicDao.listBy(userVm.getId()); - for (NicVO nic : nics) { - NetworkVO network = _networkDao.findById(nic.getNetworkId()); - if (network.getTrafficType() == TrafficType.Guest) { - userVm.setPrivateIpAddress(nic.getIp4Address()); - userVm.setPrivateNetmask(nic.getNetmask()); - userVm.setPrivateMacAddress(nic.getMacAddress()); - } - } return true; }