From 75c9d43f2f9afb0bb936900c130f2487006df525 Mon Sep 17 00:00:00 2001 From: Kelven Yang Date: Tue, 9 Aug 2011 13:31:23 -0700 Subject: [PATCH 01/77] Seperate template cleanup control to enable template preloading --- .../src/com/cloud/configuration/Config.java | 1 + .../com/cloud/storage/StorageManagerImpl.java | 60 +++++++++++-------- setup/db/db/schema-229to2210.sql | 1 + 3 files changed, 36 insertions(+), 26 deletions(-) diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index b1bcaa9a0d1..67fae82f481 100755 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -55,6 +55,7 @@ public enum Config { MaxVolumeSize("Storage", ManagementServer.class, Integer.class, "storage.max.volume.size", "2000", "The maximum size for a volume (in GB).", null), TotalRetries("Storage", AgentManager.class, Integer.class, "total.retries", "4", "The number of times each command sent to a host should be retried in case of failure.", null), StoragePoolMaxWaitSeconds("Storage", ManagementServer.class, Integer.class, "storage.pool.max.waitseconds", "3600", "Timeout (in seconds) to synchronize storage pool operations.", null), + StorageTemplateCleanupEnabled("Storage", ManagementServer.class, Boolean.class, "storage.template.cleanup.enabled", "true", "Enable/disable template cleanup activity, only take effect when overall storage cleanup is enabled", null), // Network NetworkLBHaproxyStatsVisbility("Network", ManagementServer.class, String.class, "network.loadbalancer.haproxy.stats.visibility", "global", "Load Balancer(haproxy) stats visibilty, it can be global,guest-network,disabled", null), diff --git a/server/src/com/cloud/storage/StorageManagerImpl.java b/server/src/com/cloud/storage/StorageManagerImpl.java index dd434c20d7c..ab86e63be37 100755 --- a/server/src/com/cloud/storage/StorageManagerImpl.java +++ b/server/src/com/cloud/storage/StorageManagerImpl.java @@ -295,6 +295,7 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag ScheduledExecutorService _executor = null; boolean _storageCleanupEnabled; + boolean _templateCleanupEnabled = true; int _storageCleanupInterval; int _storagePoolAcquisitionWaitSeconds = 1800; // 30 minutes protected int _retry = 2; @@ -809,9 +810,14 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag String storageCleanupEnabled = configs.get("storage.cleanup.enabled"); _storageCleanupEnabled = (storageCleanupEnabled == null) ? true : Boolean.parseBoolean(storageCleanupEnabled); - + + String value = configDao.getValue(Config.StorageTemplateCleanupEnabled.key()); + _templateCleanupEnabled = (value == null ? true : Boolean.parseBoolean(value)); + String time = configs.get("storage.cleanup.interval"); _storageCleanupInterval = NumbersUtil.parseInt(time, 86400); + + s_logger.info("Storage cleanup enabled: " + _storageCleanupEnabled + ", interval: " + _storageCleanupInterval + ", template cleanup enabled: " + _templateCleanupEnabled); String workers = configs.get("expunge.workers"); int wrks = NumbersUtil.parseInt(workers, 10); @@ -1913,31 +1919,33 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag if (scanLock.lock(3)) { try { // Cleanup primary storage pools - List storagePools = _storagePoolDao.listAll(); - for (StoragePoolVO pool : storagePools) { - try { - - List unusedTemplatesInPool = _tmpltMgr.getUnusedTemplatesInPool(pool); - s_logger.debug("Storage pool garbage collector found " + unusedTemplatesInPool.size() + " templates to clean up in storage pool: " + pool.getName()); - for (VMTemplateStoragePoolVO templatePoolVO : unusedTemplatesInPool) { - if (templatePoolVO.getDownloadState() != VMTemplateStorageResourceAssoc.Status.DOWNLOADED) { - s_logger.debug("Storage pool garbage collector is skipping templatePoolVO with ID: " + templatePoolVO.getId() + " because it is not completely downloaded."); - continue; - } - - if (!templatePoolVO.getMarkedForGC()) { - templatePoolVO.setMarkedForGC(true); - _vmTemplatePoolDao.update(templatePoolVO.getId(), templatePoolVO); - s_logger.debug("Storage pool garbage collector has marked templatePoolVO with ID: " + templatePoolVO.getId() + " for garbage collection."); - continue; - } - - _tmpltMgr.evictTemplateFromStoragePool(templatePoolVO); - } - } catch (Exception e) { - s_logger.warn("Problem cleaning up primary storage pool " + pool, e); - } - } + if(_templateCleanupEnabled) { + List storagePools = _storagePoolDao.listAll(); + for (StoragePoolVO pool : storagePools) { + try { + + List unusedTemplatesInPool = _tmpltMgr.getUnusedTemplatesInPool(pool); + s_logger.debug("Storage pool garbage collector found " + unusedTemplatesInPool.size() + " templates to clean up in storage pool: " + pool.getName()); + for (VMTemplateStoragePoolVO templatePoolVO : unusedTemplatesInPool) { + if (templatePoolVO.getDownloadState() != VMTemplateStorageResourceAssoc.Status.DOWNLOADED) { + s_logger.debug("Storage pool garbage collector is skipping templatePoolVO with ID: " + templatePoolVO.getId() + " because it is not completely downloaded."); + continue; + } + + if (!templatePoolVO.getMarkedForGC()) { + templatePoolVO.setMarkedForGC(true); + _vmTemplatePoolDao.update(templatePoolVO.getId(), templatePoolVO); + s_logger.debug("Storage pool garbage collector has marked templatePoolVO with ID: " + templatePoolVO.getId() + " for garbage collection."); + continue; + } + + _tmpltMgr.evictTemplateFromStoragePool(templatePoolVO); + } + } catch (Exception e) { + s_logger.warn("Problem cleaning up primary storage pool " + pool, e); + } + } + } // Cleanup secondary storage hosts List secondaryStorageHosts = _hostDao.listSecondaryStorageHosts(); diff --git a/setup/db/db/schema-229to2210.sql b/setup/db/db/schema-229to2210.sql index 0bfa781a99f..dffa1a3fbfc 100644 --- a/setup/db/db/schema-229to2210.sql +++ b/setup/db/db/schema-229to2210.sql @@ -17,3 +17,4 @@ ALTER TABLE `cloud`.`host` MODIFY `storage_ip_address` char(40); INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-server', 'network.redundantrouter', 'false', 'enable/disable redundant virtual router'); INSERT IGNORE INTO configuration VALUES ('Storage', 'DEFAULT', 'management-server', 'storage.pool.max.waitseconds', '3600', 'Timeout (in seconds) to synchronize storage pool operations.'); +INSERT IGNORE INTO configuration VALUES ('Storage', 'DEFAULT', 'management-server', 'storage.template.cleanup.enabled', 'true', 'Enable/disable template cleanup activity, only take effect when overall storage cleanup is enabled'); From f558f74863ccfec3c46a389188117ca579c99790 Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Tue, 9 Aug 2011 15:02:41 -0700 Subject: [PATCH 02/77] Catch domr creation exception --- .../VirtualNetworkApplianceManagerImpl.java | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 5c38b04a177..283e63212d6 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -940,6 +940,11 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian } txn.commit(); + } catch (InsufficientCapacityException ex) { + s_logger.error("Fail to create the virtual router!", ex); + throw ex; + } catch (Exception ex) { + s_logger.error("Fail to create the virtual router due to error: " + ex.getMessage()); } finally { if (network != null) { _networkDao.releaseFromLockTable(network.getId()); @@ -1018,10 +1023,10 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian assert guestNetwork.getTrafficType() == TrafficType.Guest; List routers = findOrCreateVirtualRouters(guestNetwork, dest, owner, isRedundant); - List runningRouters = null; + List runningRouters = new ArrayList(); - if (routers != null) { - runningRouters = new ArrayList(); + if (routers == null) { + return runningRouters; } for (DomainRouterVO router : routers) { @@ -1118,7 +1123,11 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian } txn.commit(); - + } catch (InsufficientCapacityException ex) { + s_logger.error("Fail to create the virtual router!", ex); + throw ex; + } catch (Exception ex) { + s_logger.error("Fail to create the virtual router due to error: " + ex.getMessage()); } finally { if (network != null) { _networkDao.releaseFromLockTable(network.getId()); From 2846f569238cce3be04648aa81308ee2cedaf5d4 Mon Sep 17 00:00:00 2001 From: alena Date: Tue, 9 Aug 2011 15:04:35 -0700 Subject: [PATCH 03/77] Revert "Network_domain is supported in nectarine 2.2.8, so adding corresponding db upgrade step to 228-229 upgrade" This reverts commit bc43d5ba5c6b329f39b2ab89256c381e3ca677f6. Conflicts: setup/db/db/schema-228to229.sql --- setup/db/db/schema-228to229.sql | 1 - 1 file changed, 1 deletion(-) diff --git a/setup/db/db/schema-228to229.sql b/setup/db/db/schema-228to229.sql index 26cdc42e24d..248bf751825 100644 --- a/setup/db/db/schema-228to229.sql +++ b/setup/db/db/schema-228to229.sql @@ -76,4 +76,3 @@ CREATE TABLE `cloud`.`elastic_lb_vm_map` ( CONSTRAINT `fk_elastic_lb_vm_map__lb_id` FOREIGN KEY `fk_elastic_lb_vm_map__lb_id` (`lb_id`) REFERENCES `load_balancing_rules` (`id`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; - From 31153792cc8fe51fb50e482072ea3be041c3c0dd Mon Sep 17 00:00:00 2001 From: Edison Su Date: Tue, 9 Aug 2011 15:31:40 -0700 Subject: [PATCH 04/77] bug 10809: add copyvolume for kvm status 10809: resolved fixed --- .../computing/LibvirtComputingResource.java | 46 ++++++++++++++++++- .../computing/LibvirtStorageResource.java | 13 ++++++ 2 files changed, 58 insertions(+), 1 deletion(-) diff --git a/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java b/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java index 0c6ad49fdf9..022af07baaf 100644 --- a/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java +++ b/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java @@ -138,6 +138,8 @@ import com.cloud.agent.api.proxy.WatchConsoleProxyLoadCommand; import com.cloud.agent.api.routing.IpAssocCommand; import com.cloud.agent.api.routing.IpAssocAnswer; import com.cloud.agent.api.routing.NetworkElementCommand; +import com.cloud.agent.api.storage.CopyVolumeAnswer; +import com.cloud.agent.api.storage.CopyVolumeCommand; import com.cloud.agent.api.storage.CreateAnswer; import com.cloud.agent.api.storage.CreateCommand; import com.cloud.agent.api.storage.CreatePrivateTemplateAnswer; @@ -894,6 +896,8 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv return execute((NetworkRulesSystemVmCommand)cmd); } else if (cmd instanceof CleanupNetworkRulesCmd) { return execute((CleanupNetworkRulesCmd)cmd); + } else if (cmd instanceof CopyVolumeCommand) { + return execute((CopyVolumeCommand)cmd); } else { s_logger.warn("Unsupported command "); return Answer.createUnsupportedCommandAnswer(cmd); @@ -904,7 +908,47 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv } - protected Answer execute(DeleteStoragePoolCommand cmd) { + private CopyVolumeAnswer execute(CopyVolumeCommand cmd) { + boolean copyToSecondary = cmd.toSecondaryStorage(); + String volumePath = cmd.getVolumePath(); + StorageFilerTO pool = cmd.getPool(); + String secondaryStorageUrl = cmd.getSecondaryStorageURL(); + StoragePool primaryPool = null; + Connect conn; + try { + conn = LibvirtConnection.getConnection(); + primaryPool = _storageResource.getStoragePool(conn, pool.getUuid()); + LibvirtStoragePoolDef primary = _storageResource.getStoragePoolDef(conn, primaryPool); + String primaryMountPath = primary.getTargetPath(); + + StoragePool secondaryStoragePool = _storageResource.getStoragePoolbyURI(conn, new URI(secondaryStorageUrl)); + LibvirtStoragePoolDef spd = _storageResource.getStoragePoolDef(conn, secondaryStoragePool); + String ssPmountPath = spd.getTargetPath(); + + String volumeName = UUID.randomUUID().toString(); + + if (copyToSecondary) { + StorageVol volume = _storageResource.getVolume(conn, primaryPool, volumePath); + String volumeDestPath = ssPmountPath + File.separator + "volumes/" + cmd.getVolumeId() + File.separator; + _storageResource.copyVolume(volumePath, volumeDestPath, volumeName, _cmdsTimeout); + return new CopyVolumeAnswer(cmd, true, null, null, volumeName); + } else { + volumePath = ssPmountPath + File.separator + "volumes/" + cmd.getVolumeId() + File.separator + volumePath; + _storageResource.copyVolume(volumePath, primaryMountPath, volumeName, _cmdsTimeout); + return new CopyVolumeAnswer(cmd, true, null, null, primaryMountPath + File.separator + volumeName); + } + + } catch (LibvirtException e) { + return new CopyVolumeAnswer(cmd, false, e.toString(), null, null); + } catch (URISyntaxException e) { + return new CopyVolumeAnswer(cmd, false, e.toString(), null, null); + } catch (InternalErrorException e) { + return new CopyVolumeAnswer(cmd, false, e.toString(), null, null); + } + + } + + protected Answer execute(DeleteStoragePoolCommand cmd) { try { Connect conn = LibvirtConnection.getConnection(); _storageResource.deleteStoragePool(conn, cmd.getPool()); diff --git a/agent/src/com/cloud/agent/resource/computing/LibvirtStorageResource.java b/agent/src/com/cloud/agent/resource/computing/LibvirtStorageResource.java index bdbef6d6924..4143d01548c 100644 --- a/agent/src/com/cloud/agent/resource/computing/LibvirtStorageResource.java +++ b/agent/src/com/cloud/agent/resource/computing/LibvirtStorageResource.java @@ -386,6 +386,19 @@ public class LibvirtStorageResource { return vol; } + public boolean copyVolume(String srcPath, String destPath, String volumeName, int timeout) throws InternalErrorException{ + _storageLayer.mkdirs(destPath); + if (!_storageLayer.exists(srcPath)) { + throw new InternalErrorException("volume:" + srcPath + " is not exits"); + } + String result = Script.runSimpleBashScript("cp " + srcPath + " " + destPath + File.separator + volumeName, timeout); + if (result != null) { + return false; + } else { + return true; + } + } + public LibvirtStoragePoolDef getStoragePoolDef(Connect conn, StoragePool pool) throws LibvirtException { String poolDefXML = pool.getXMLDesc(0); LibvirtStoragePoolXMLParser parser = new LibvirtStoragePoolXMLParser(); From 69ca341f1b814bcd1004cf593c5906d7e0729f72 Mon Sep 17 00:00:00 2001 From: Kelven Yang Date: Tue, 9 Aug 2011 15:44:58 -0700 Subject: [PATCH 05/77] bug 11017: kick VMware vSwitch by pinging the default gateway to work around mysterous VMware network problem --- patches/systemvm/debian/config/etc/init.d/cloud-early-config | 3 +++ 1 file changed, 3 insertions(+) diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config index d67215c6d02..6449f405b95 100755 --- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config +++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config @@ -244,6 +244,9 @@ setup_common() { ip route add default via $GW dev $3 fi fi + + # a hacking way to activate vSwitch under VMware + ping -n -c 3 $GW } setup_dnsmasq() { From 15cad8ba8e2ffae83e1bd4613ac145678af43404 Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Tue, 9 Aug 2011 15:57:33 -0700 Subject: [PATCH 06/77] Revert "Catch domr creation exception" This reverts commit 2eff1d0eb9e39e4a8d702bb9867b9e95bb276b3e. --- .../VirtualNetworkApplianceManagerImpl.java | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 283e63212d6..5c38b04a177 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -940,11 +940,6 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian } txn.commit(); - } catch (InsufficientCapacityException ex) { - s_logger.error("Fail to create the virtual router!", ex); - throw ex; - } catch (Exception ex) { - s_logger.error("Fail to create the virtual router due to error: " + ex.getMessage()); } finally { if (network != null) { _networkDao.releaseFromLockTable(network.getId()); @@ -1023,10 +1018,10 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian assert guestNetwork.getTrafficType() == TrafficType.Guest; List routers = findOrCreateVirtualRouters(guestNetwork, dest, owner, isRedundant); - List runningRouters = new ArrayList(); + List runningRouters = null; - if (routers == null) { - return runningRouters; + if (routers != null) { + runningRouters = new ArrayList(); } for (DomainRouterVO router : routers) { @@ -1123,11 +1118,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian } txn.commit(); - } catch (InsufficientCapacityException ex) { - s_logger.error("Fail to create the virtual router!", ex); - throw ex; - } catch (Exception ex) { - s_logger.error("Fail to create the virtual router due to error: " + ex.getMessage()); + } finally { if (network != null) { _networkDao.releaseFromLockTable(network.getId()); From 501dc0d9f42bbdd2ca9c42d30ec602dfc24cf657 Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Tue, 9 Aug 2011 18:21:28 -0700 Subject: [PATCH 07/77] bug 10640: Update redundant virtual router allocation algorithm Try to put routers to two different primary storages with two hosts, not the same host. --- .../network/router/VirtualNetworkApplianceManagerImpl.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 5c38b04a177..661cb92cf46 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -981,12 +981,13 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian avoids[1] = new ExcludeList(); avoids[1].addCluster(_hostDao.findById(routerToBeAvoid.getHostId()).getClusterId()); avoids[2] = new ExcludeList(); - avoids[2].addHost(routerToBeAvoid.getHostId()); - avoids[3] = new ExcludeList(); List volumes = _volumeDao.findByInstanceAndType(routerToBeAvoid.getId(), Type.ROOT); if (volumes != null && volumes.size() != 0) { - avoids[3].addPool(volumes.get(0).getPoolId()); + avoids[2].addPool(volumes.get(0).getPoolId()); } + avoids[2].addHost(routerToBeAvoid.getHostId()); + avoids[3] = new ExcludeList(); + avoids[3].addHost(routerToBeAvoid.getHostId()); avoids[4] = new ExcludeList(); for (int i = 0; i < retryIndex; i++) { From bfe3fd2a8f555b6e603b7eb23e0885417ce36b9e Mon Sep 17 00:00:00 2001 From: anthony Date: Tue, 9 Aug 2011 19:58:10 -0700 Subject: [PATCH 08/77] bug 11046: fixed a typo, otherwise Other PV doesn't work status 11046: resolved fixed --- .../com/cloud/hypervisor/xen/resource/CitrixHelper.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/core/src/com/cloud/hypervisor/xen/resource/CitrixHelper.java b/core/src/com/cloud/hypervisor/xen/resource/CitrixHelper.java index 570dd2c9091..99e206289c5 100644 --- a/core/src/com/cloud/hypervisor/xen/resource/CitrixHelper.java +++ b/core/src/com/cloud/hypervisor/xen/resource/CitrixHelper.java @@ -238,8 +238,8 @@ public class CitrixHelper { _xenServer56FP1GuestOsMap.put("Ubuntu 10.04 (32-bit)", "Ubuntu Lucid Lynx 10.04 (32-bit) (experimental)"); _xenServer56FP1GuestOsMap.put("Ubuntu 10.04 (64-bit)", "Ubuntu Lucid Lynx 10.04 (64-bit) (experimental)"); _xenServer56FP1GuestOsMap.put("Other install media", "Other install media"); - _xenServer56FP1GuestOsMap.put("Other PV (32-bit)", "CentOS 5.5 (32-bit)"); - _xenServer56FP1GuestOsMap.put("Other PV (64-bit)", "CentOS 5.5 (64-bit)"); + _xenServer56FP1GuestOsMap.put("Other PV (32-bit)", "CentOS 5 (32-bit)"); + _xenServer56FP1GuestOsMap.put("Other PV (64-bit)", "CentOS 5 (64-bit)"); } @@ -314,8 +314,8 @@ public class CitrixHelper { _xenServer56FP2GuestOsMap.put("Ubuntu 10.04 (32-bit)", "Ubuntu Lucid Lynx 10.04 (32-bit) (experimental)"); _xenServer56FP2GuestOsMap.put("Ubuntu 10.04 (64-bit)", "Ubuntu Lucid Lynx 10.04 (64-bit) (experimental)"); _xenServer56FP2GuestOsMap.put("Other install media", "Other install media"); - _xenServer56FP2GuestOsMap.put("Other PV (32-bit)", "CentOS 5.5 (32-bit)"); - _xenServer56FP2GuestOsMap.put("Other PV (64-bit)", "CentOS 5.5 (64-bit)"); + _xenServer56FP2GuestOsMap.put("Other PV (32-bit)", "CentOS 5 (32-bit)"); + _xenServer56FP2GuestOsMap.put("Other PV (64-bit)", "CentOS 5 (64-bit)"); } From ba2ec7e770b843d185e9dbc332ce3b2c1eed91b7 Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Tue, 9 Aug 2011 21:01:09 -0700 Subject: [PATCH 09/77] Fix redundant router start up commit e4fe14a9ce19fbbdb15bbfaad586d80031ca9fbc break redundant router, because at time of ping, the network is not up for redundant router. Add timout for ping --- patches/systemvm/debian/config/etc/init.d/cloud-early-config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config index 6449f405b95..afe2ed480db 100755 --- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config +++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config @@ -246,7 +246,7 @@ setup_common() { fi # a hacking way to activate vSwitch under VMware - ping -n -c 3 $GW + ping -n -c 3 -deadline 5 $GW } setup_dnsmasq() { From 9a0a3f195c928fa10f4e1e976874a7bf268a5873 Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Tue, 9 Aug 2011 21:41:56 -0700 Subject: [PATCH 10/77] Fix ping commandline parameter --- patches/systemvm/debian/config/etc/init.d/cloud-early-config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config index afe2ed480db..8856b4a1568 100755 --- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config +++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config @@ -246,7 +246,7 @@ setup_common() { fi # a hacking way to activate vSwitch under VMware - ping -n -c 3 -deadline 5 $GW + ping -n -c 3 -w 5 $GW } setup_dnsmasq() { From 738a9b3ad0e518abfd3fe35e7989c1d36ece3454 Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Tue, 9 Aug 2011 22:25:06 -0700 Subject: [PATCH 11/77] Fix "RTNETLINK answers: No such process" when starting redundant router The issue happened quite rare, but indeed can show. And when the issue happen, the status of redundant router would be "Status: FAULT". It's due to ipassoc.sh wasn't executed before the system bring eth2 up and go to master mode, then eth2 wasn't configured correctly. Then "ip route add default xx" can't complete. This commit should fixes the issue. --- .../debian/config/etc/init.d/cloud-early-config | 11 ++++++----- .../root/redundant_router/enable_pubip.sh.templ | 2 -- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config index 8856b4a1568..39449f585b7 100755 --- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config +++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config @@ -162,7 +162,10 @@ setup_interface() { fi ifdown $intf - ifup $intf + if [ "$RROUTER" != "1" -o "$1" != "2" ] + then + ifup $intf + fi } enable_fwding() { @@ -197,7 +200,7 @@ setup_common() { init_interfaces $1 $2 $3 setup_interface "0" $ETH0_IP $ETH0_MASK $GW setup_interface "1" $ETH1_IP $ETH1_MASK $GW - if [ -n "$ETH2_IP" -a "$RROUTER" != "1" ] + if [ -n "$ETH2_IP" ] then setup_interface "2" $ETH2_IP $ETH2_MASK $GW fi @@ -325,12 +328,10 @@ setup_router() { log_it "Setting up virtual router system vm" if [ -n "$ETH2_IP" ] then + setup_common eth0 eth1 eth2 if [ "$RROUTER" == "1" ] then - setup_common eth0 eth1 setup_redundant_router - else - setup_common eth0 eth1 eth2 fi else setup_common eth0 eth1 diff --git a/patches/systemvm/debian/config/root/redundant_router/enable_pubip.sh.templ b/patches/systemvm/debian/config/root/redundant_router/enable_pubip.sh.templ index 045eac7d731..93539422753 100644 --- a/patches/systemvm/debian/config/root/redundant_router/enable_pubip.sh.templ +++ b/patches/systemvm/debian/config/root/redundant_router/enable_pubip.sh.templ @@ -3,7 +3,5 @@ ifconfig eth2 down && \ ifconfig eth2 hw ether [ETH2MAC] && \ ifconfig eth2 up && \ -sleep 3 && \ ip route add 0/0 via [GATEWAY] && \ -sleep 3 && \ service dnsmasq restart From 9bba09857ed29bd9c87305096926a2bd8f6122fe Mon Sep 17 00:00:00 2001 From: Abhinandan Prateek Date: Wed, 10 Aug 2011 13:52:42 +0530 Subject: [PATCH 12/77] bug 10561: readding source cidr changes to firewall rules --- .../commands/CreateIpForwardingRuleCmd.java | 5 ++++ .../cloud/network/lb/LoadBalancingRule.java | 5 ++++ .../com/cloud/network/rules/FirewallRule.java | 2 ++ .../src/com/cloud/network/LoadBalancerVO.java | 2 +- .../network/dao/FirewallRulesDaoImpl.java | 21 ++++++++++++++++ .../network/firewall/FirewallManagerImpl.java | 17 +++++++++---- .../cloud/network/rules/FirewallManager.java | 2 +- .../cloud/network/rules/FirewallRuleVO.java | 24 +++++++++++++++---- .../network/rules/PortForwardingRuleVO.java | 2 +- .../cloud/network/rules/RulesManagerImpl.java | 4 ++-- .../network/rules/StaticNatRuleImpl.java | 5 ++++ 11 files changed, 76 insertions(+), 13 deletions(-) diff --git a/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java index 1b48d4ba59d..6d2ddc2ddd4 100644 --- a/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java @@ -263,5 +263,10 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Sta public Integer getIcmpType() { return null; } + + @Override + public List getSourceCidrList() { + return null; + } } diff --git a/api/src/com/cloud/network/lb/LoadBalancingRule.java b/api/src/com/cloud/network/lb/LoadBalancingRule.java index 48b82a8341e..2103badfb2d 100644 --- a/api/src/com/cloud/network/lb/LoadBalancingRule.java +++ b/api/src/com/cloud/network/lb/LoadBalancingRule.java @@ -164,4 +164,9 @@ public class LoadBalancingRule implements FirewallRule, LoadBalancer{ public Integer getIcmpType() { return null; } + + @Override + public List getSourceCidrList() { + return null; + } } diff --git a/api/src/com/cloud/network/rules/FirewallRule.java b/api/src/com/cloud/network/rules/FirewallRule.java index 21593aa31b9..aa08fd1cfa9 100644 --- a/api/src/com/cloud/network/rules/FirewallRule.java +++ b/api/src/com/cloud/network/rules/FirewallRule.java @@ -73,5 +73,7 @@ public interface FirewallRule extends ControlledEntity { Integer getIcmpCode(); Integer getIcmpType(); + + List getSourceCidrList(); } diff --git a/server/src/com/cloud/network/LoadBalancerVO.java b/server/src/com/cloud/network/LoadBalancerVO.java index 800af92af83..1f211699f71 100644 --- a/server/src/com/cloud/network/LoadBalancerVO.java +++ b/server/src/com/cloud/network/LoadBalancerVO.java @@ -55,7 +55,7 @@ public class LoadBalancerVO extends FirewallRuleVO implements LoadBalancer { } public LoadBalancerVO(String xId, String name, String description, long srcIpId, int srcPort, int dstPort, String algorithm, long networkId, long accountId, long domainId) { - super(xId, srcIpId, srcPort, NetUtils.TCP_PROTO, networkId, accountId, domainId, Purpose.LoadBalancing, null, null); + super(xId, srcIpId, srcPort, NetUtils.TCP_PROTO, networkId, accountId, domainId, Purpose.LoadBalancing, null, null, null); this.name = name; this.description = description; this.algorithm = algorithm; diff --git a/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java b/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java index 78b403b5d26..ac56fa18487 100644 --- a/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java +++ b/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java @@ -176,6 +176,27 @@ public class FirewallRulesDaoImpl extends GenericDaoBase i return listBy(sc); } + @Override @DB + public FirewallRuleVO persist(FirewallRuleVO firewallRule) { + Transaction txn = Transaction.currentTxn(); + txn.start(); + + FirewallRuleVO dbfirewallRule = super.persist(firewallRule); + saveSourceCidrs(firewallRule); + + txn.commit(); + return dbfirewallRule; + } + + + public void saveSourceCidrs(FirewallRuleVO firewallRule) { + List cidrlist = firewallRule.getSourceCidrList(); + if (cidrlist == null) { + return; + } + _firewallRulesCidrsDao.persist(firewallRule.getId(), cidrlist); + } + @Override public List listByIpPurposeAndProtocolAndNotRevoked(long ipAddressId, Integer startPort, Integer endPort, String protocol, FirewallRule.Purpose purpose) { diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java index b9281832db7..f02a29c73ca 100644 --- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java @@ -99,13 +99,13 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma public FirewallRule createFirewallRule(FirewallRule rule) throws NetworkRuleConflictException { Account caller = UserContext.current().getCaller(); - return createFirewallRule(rule.getSourceIpAddressId(), caller, rule.getXid(), rule.getSourcePortStart() ,rule.getSourcePortEnd(), rule.getProtocol(), rule.getIcmpCode(), rule.getIcmpType()); + return createFirewallRule(rule.getSourceIpAddressId(), caller, rule.getXid(), rule.getSourcePortStart() ,rule.getSourcePortEnd(), rule.getProtocol(), rule.getSourceCidrList(), rule.getIcmpCode(), rule.getIcmpType()); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_OPEN, eventDescription = "creating firewll rule", create = true) - public FirewallRule createFirewallRule(long ipAddrId, Account caller, String xId, Integer portStart,Integer portEnd, String protocol, Integer icmpCode, Integer icmpType) throws NetworkRuleConflictException{ + public FirewallRule createFirewallRule(long ipAddrId, Account caller, String xId, Integer portStart,Integer portEnd, String protocol, List sourceCidrList, Integer icmpCode, Integer icmpType) throws NetworkRuleConflictException{ IPAddressVO ipAddress = _ipAddressDao.findById(ipAddrId); // Validate ip address @@ -128,7 +128,7 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma Transaction txn = Transaction.currentTxn(); txn.start(); - FirewallRuleVO newRule = new FirewallRuleVO (xId, ipAddrId, portStart, portEnd, protocol.toLowerCase(), networkId, accountId, domainId, Purpose.Firewall, icmpCode, icmpType); + FirewallRuleVO newRule = new FirewallRuleVO (xId, ipAddrId, portStart, portEnd, protocol.toLowerCase(), networkId, accountId, domainId, Purpose.Firewall, sourceCidrList, icmpCode, icmpType); newRule = _firewallDao.persist(newRule); detectRulesConflict(newRule, ipAddress); @@ -334,6 +334,12 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma return true; } + for (FirewallRuleVO rule: rules){ + // load cidrs if any + rule.setSourceCidrList(_firewallCidrsDao.getSourceCidrs(rule.getId())); + } + + if (caller != null) { _accountMgr.checkAccess(caller, rules.toArray(new FirewallRuleVO[rules.size()])); } @@ -457,7 +463,10 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma if (!rules.isEmpty()) { return rules.get(0); } - return createFirewallRule(ipAddrId, caller, null, startPort, endPort, protocol, icmpCode, icmpType); + + List oneCidr = new ArrayList(); + oneCidr.add(NetUtils.ALL_CIDRS); + return createFirewallRule(ipAddrId, caller, null, startPort, endPort, protocol, oneCidr, icmpCode, icmpType); } @Override diff --git a/server/src/com/cloud/network/rules/FirewallManager.java b/server/src/com/cloud/network/rules/FirewallManager.java index bac3975cd16..c7faf66b6ac 100644 --- a/server/src/com/cloud/network/rules/FirewallManager.java +++ b/server/src/com/cloud/network/rules/FirewallManager.java @@ -48,7 +48,7 @@ public interface FirewallManager extends FirewallService{ */ boolean revokeFirewallRule(long ruleId, boolean apply, Account caller, long userId); - FirewallRule createFirewallRule(long ipAddrId, Account caller, String xId, Integer portStart, Integer portEnd, String protocol, Integer icmpCode, Integer icmpType) + FirewallRule createFirewallRule(long ipAddrId, Account caller, String xId, Integer portStart, Integer portEnd, String protocol, List sourceCidrList, Integer icmpCode, Integer icmpType) throws NetworkRuleConflictException; FirewallRule createRuleForAllCidrs(long ipAddrId, Account caller, Integer startPort, Integer endPort, String protocol, Integer icmpCode, Integer icmpType) throws NetworkRuleConflictException; diff --git a/server/src/com/cloud/network/rules/FirewallRuleVO.java b/server/src/com/cloud/network/rules/FirewallRuleVO.java index 448ca3030f2..cf73e52d75a 100644 --- a/server/src/com/cloud/network/rules/FirewallRuleVO.java +++ b/server/src/com/cloud/network/rules/FirewallRuleVO.java @@ -89,7 +89,22 @@ public class FirewallRuleVO implements FirewallRule { @Column(name="icmp_type") Integer icmpType; - + + // This is a delayed load value. If the value is null, + // then this field has not been loaded yet. + // Call firewallrules dao to load it. + @Transient + List sourceCidrs; + + + public void setSourceCidrList(List sourceCidrs) { + this.sourceCidrs=sourceCidrs; + } + + @Override + public List getSourceCidrList() { + return sourceCidrs; + } @Override public long getAccountId() { @@ -157,7 +172,7 @@ public class FirewallRuleVO implements FirewallRule { protected FirewallRuleVO() { } - public FirewallRuleVO(String xId, long ipAddressId, Integer portStart, Integer portEnd, String protocol, long networkId, long accountId, long domainId, Purpose purpose, Integer icmpCode, Integer icmpType) { + public FirewallRuleVO(String xId, long ipAddressId, Integer portStart, Integer portEnd, String protocol, long networkId, long accountId, long domainId, Purpose purpose, List sourceCidrs, Integer icmpCode, Integer icmpType) { this.xId = xId; if (xId == null) { this.xId = UUID.randomUUID().toString(); @@ -173,10 +188,11 @@ public class FirewallRuleVO implements FirewallRule { this.state = State.Staged; this.icmpCode = icmpCode; this.icmpType = icmpType; + this.sourceCidrs = sourceCidrs; } - public FirewallRuleVO(String xId, long ipAddressId, int port, String protocol, long networkId, long accountId, long domainId, Purpose purpose, Integer icmpCode, Integer icmpType) { - this(xId, ipAddressId, port, port, protocol, networkId, accountId, domainId, purpose, icmpCode, icmpType); + public FirewallRuleVO(String xId, long ipAddressId, int port, String protocol, long networkId, long accountId, long domainId, Purpose purpose, List sourceCidrs, Integer icmpCode, Integer icmpType) { + this(xId, ipAddressId, port, port, protocol, networkId, accountId, domainId, purpose, sourceCidrs, icmpCode, icmpType); } @Override diff --git a/server/src/com/cloud/network/rules/PortForwardingRuleVO.java b/server/src/com/cloud/network/rules/PortForwardingRuleVO.java index 3278b68304f..69d8230a307 100644 --- a/server/src/com/cloud/network/rules/PortForwardingRuleVO.java +++ b/server/src/com/cloud/network/rules/PortForwardingRuleVO.java @@ -53,7 +53,7 @@ public class PortForwardingRuleVO extends FirewallRuleVO implements PortForwardi } public PortForwardingRuleVO(String xId, long srcIpId, int srcPortStart, int srcPortEnd, Ip dstIp, int dstPortStart, int dstPortEnd, String protocol, long networkId, long accountId, long domainId, long instanceId) { - super(xId, srcIpId, srcPortStart, srcPortEnd, protocol, networkId, accountId, domainId, Purpose.PortForwarding, null, null); + super(xId, srcIpId, srcPortStart, srcPortEnd, protocol, networkId, accountId, domainId, Purpose.PortForwarding, null, null, null); this.destinationIpAddress = dstIp; this.virtualMachineId = instanceId; this.destinationPortStart = dstPortStart; diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index f9492d60182..4afe37eb0e3 100755 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -265,7 +265,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { } FirewallRuleVO newRule = new FirewallRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol().toLowerCase(), - networkId, accountId, domainId, rule.getPurpose(), null, null); + networkId, accountId, domainId, rule.getPurpose(), null, null, null); newRule = _firewallDao.persist(newRule); try { @@ -904,7 +904,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { _firewallMgr.createRuleForAllCidrs(ip.getId(), caller, ports[i], ports[i], protocol, null, null); } - rules[i] = new FirewallRuleVO(null, ip.getId(), ports[i], protocol, ip.getAssociatedWithNetworkId(), ip.getAllocatedToAccountId(), ip.getAllocatedInDomainId(), purpose, null, null); + rules[i] = new FirewallRuleVO(null, ip.getId(), ports[i], protocol, ip.getAssociatedWithNetworkId(), ip.getAllocatedToAccountId(), ip.getAllocatedInDomainId(), purpose, null, null, null); rules[i] = _firewallDao.persist(rules[i]); } txn.commit(); diff --git a/server/src/com/cloud/network/rules/StaticNatRuleImpl.java b/server/src/com/cloud/network/rules/StaticNatRuleImpl.java index dec3a208a00..58e8cda4384 100644 --- a/server/src/com/cloud/network/rules/StaticNatRuleImpl.java +++ b/server/src/com/cloud/network/rules/StaticNatRuleImpl.java @@ -117,5 +117,10 @@ public class StaticNatRuleImpl implements StaticNatRule{ public Integer getIcmpType() { return null; } + + @Override + public List getSourceCidrList() { + return null; + } } From f409a9535ffac8a4c3a1821b24a4b95392eabb43 Mon Sep 17 00:00:00 2001 From: Abhinandan Prateek Date: Wed, 10 Aug 2011 15:43:04 +0530 Subject: [PATCH 13/77] bug 10812: adding the domain serach order to option 15, now the dhcp client is able to set this for search entry --- .../config/etc/init.d/cloud-early-config | 30 ++++++++++++------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config index 39449f585b7..2785816331d 100755 --- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config +++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config @@ -256,15 +256,28 @@ setup_dnsmasq() { log_it "Setting up dnsmasq" [ -z $DHCP_RANGE ] && DHCP_RANGE=$ETH0_IP [ -z $DOMAIN ] && DOMAIN="cloudnine.internal" + if [ -n "$DOMAIN" ] then - #send domain name to dhcp clients - sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf - #DNS server will append $DOMAIN to local queries - sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf - #answer all local domain queries - sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf + #send domain name to dhcp clients + sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf + #DNS server will append $DOMAIN to local queries + sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf + #answer all local domain queries + sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf fi + + if [ -n "$DNS_SEARCH_ORDER" ] + then + sed -i -e "/^[#]*dhcp-option.*=119.*$/d" /etc/dnsmasq.conf + echo "dhcp-option-force=119,$DNS_SEARCH_ORDER" >> /etc/dnsmasq.conf + # set the domain search order as a space seprated list for option 15 + DNS_SEARCH_ORDER=$(echo $DNS_SEARCH_ORDER | sed 's/,/ /g') + #send domain name to dhcp clients + sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\""$DNS_SEARCH_ORDER"\"/ /etc/dnsmasq.conf + fi + + sed -i -e "s/^dhcp-range=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf sed -i -e "s/^[#]*listen-address=.*$/listen-address=$ETH0_IP/" /etc/dnsmasq.conf @@ -276,11 +289,6 @@ setup_dnsmasq() { echo "dhcp-option=6,$GUEST_GW" >> /etc/dnsmasq.conf fi - if [ -n "$DNS_SEARCH_ORDER" ] - then - sed -i -e "/^[#]*dhcp-option=119.*$/d" /etc/dnsmasq.conf - echo "dhcp-option=119,$DNS_SEARCH_ORDER" >> /etc/dnsmasq.conf - fi } From a9eb14c42e7ad1d14ad920006118e7df0d218baf Mon Sep 17 00:00:00 2001 From: Naredula Janardhana Reddy Date: Wed, 10 Aug 2011 17:06:06 +0530 Subject: [PATCH 14/77] bug 10561: backend added for CreateFirewallRule and deleteFirewallRule --- .../api/routing/SetFirewallRulesAnswer.java | 5 +- .../api/routing/SetFirewallRulesCommand.java | 46 ++++++ .../cloud/agent/api/to/FirewallRuleTO.java | 28 +++- .../agent/api/to/PortForwardingRuleTO.java | 2 +- .../cloud/agent/api/to/StaticNatRuleTO.java | 4 +- .../xen/resource/CitrixResourceBase.java | 36 +++-- .../debian/config/root/firewall_rule.sh | 138 ++++++++++++++++++ scripts/network/domr/call_firewall.sh | 24 ++- 8 files changed, 260 insertions(+), 23 deletions(-) create mode 100755 patches/systemvm/debian/config/root/firewall_rule.sh diff --git a/api/src/com/cloud/agent/api/routing/SetFirewallRulesAnswer.java b/api/src/com/cloud/agent/api/routing/SetFirewallRulesAnswer.java index 701b5f5aeb8..99fbe7f055f 100644 --- a/api/src/com/cloud/agent/api/routing/SetFirewallRulesAnswer.java +++ b/api/src/com/cloud/agent/api/routing/SetFirewallRulesAnswer.java @@ -25,9 +25,8 @@ public class SetFirewallRulesAnswer extends Answer { protected SetFirewallRulesAnswer() { } - public SetFirewallRulesAnswer(SetFirewallRulesCommand cmd, String[] results) { - super(cmd, true, null); - + public SetFirewallRulesAnswer(SetFirewallRulesCommand cmd, Boolean success, String[] results) { + super(cmd, success, null); assert (cmd.getRules().length == results.length) : "rules and their results should be the same length don't you think?"; this.results = results; } diff --git a/api/src/com/cloud/agent/api/routing/SetFirewallRulesCommand.java b/api/src/com/cloud/agent/api/routing/SetFirewallRulesCommand.java index 3a48e3ffd15..f5842d1bead 100644 --- a/api/src/com/cloud/agent/api/routing/SetFirewallRulesCommand.java +++ b/api/src/com/cloud/agent/api/routing/SetFirewallRulesCommand.java @@ -17,9 +17,13 @@ */ package com.cloud.agent.api.routing; +import java.util.HashSet; import java.util.List; +import java.util.Set; import com.cloud.agent.api.to.FirewallRuleTO; +import com.cloud.agent.api.to.LoadBalancerTO; +import com.cloud.utils.StringUtils; /** * SetFirewallRulesCommand is the transport for firewall rules. @@ -40,4 +44,46 @@ public class SetFirewallRulesCommand extends NetworkElementCommand { public FirewallRuleTO[] getRules() { return rules; } + + public String[][] generateFwRules() { + String [][] result = new String [2][]; + Set toAdd = new HashSet(); + + + for (FirewallRuleTO fwTO: rules) { + if (fwTO.revoked() == true) continue; + + List cidr; + StringBuilder sb = new StringBuilder(); + sb.append(fwTO.getProtocol()).append(":"); + if ("icmp".compareTo(fwTO.getProtocol()) == 0) + { + sb.append(fwTO.getIcmpType()).append(":").append(fwTO.getIcmpCode()).append(":"); + + }else if (fwTO.getStringSrcPortRange() == null) + sb.append("0:0").append(":"); + else + sb.append(fwTO.getStringSrcPortRange()).append(":"); + cidr = fwTO.getSourceCidrList(); + if (cidr == null || cidr.isEmpty()) + { + sb.append("0.0.0.0/0"); + }else{ + Boolean firstEntry = true; + for (String tag : cidr) { + if (!firstEntry) sb.append("-"); + sb.append(tag); + firstEntry = false; + } + } + sb.append(":"); + String fwRuleEntry = sb.toString(); + + toAdd.add(fwRuleEntry); + + } + result[0] = toAdd.toArray(new String[toAdd.size()]); + + return result; + } } diff --git a/api/src/com/cloud/agent/api/to/FirewallRuleTO.java b/api/src/com/cloud/agent/api/to/FirewallRuleTO.java index 236f0562524..96e02d0afdb 100644 --- a/api/src/com/cloud/agent/api/to/FirewallRuleTO.java +++ b/api/src/com/cloud/agent/api/to/FirewallRuleTO.java @@ -51,12 +51,16 @@ public class FirewallRuleTO { int[] srcPortRange; boolean revoked; boolean alreadyAdded; + private List sourceCidrList; FirewallRule.Purpose purpose; + private Integer icmpType; + private Integer icmpCode; + protected FirewallRuleTO() { } - public FirewallRuleTO(long id, String srcIp, String protocol, Integer srcPortStart, Integer srcPortEnd, boolean revoked, boolean alreadyAdded, FirewallRule.Purpose purpose) { + public FirewallRuleTO(long id, String srcIp, String protocol, Integer srcPortStart, Integer srcPortEnd, boolean revoked, boolean alreadyAdded, FirewallRule.Purpose purpose, List sourceCidr,Integer icmpType,Integer icmpCode) { this.srcIp = srcIp; this.protocol = protocol; @@ -78,10 +82,13 @@ public class FirewallRuleTO { this.revoked = revoked; this.alreadyAdded = alreadyAdded; this.purpose = purpose; + this.sourceCidrList = sourceCidr; + this.icmpType = icmpType; + this.icmpCode = icmpCode; } public FirewallRuleTO(FirewallRule rule, String srcIp) { - this(rule.getId(), srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState()==State.Revoke, rule.getState()==State.Active, rule.getPurpose()); + this(rule.getId(), srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState()==State.Revoke, rule.getState()==State.Active, rule.getPurpose(),rule.getSourceCidrList(),rule.getIcmpType(),rule.getIcmpCode()); } public long getId() { @@ -100,14 +107,29 @@ public class FirewallRuleTO { return srcPortRange; } + public Integer getIcmpType(){ + return icmpType; + } + + public Integer getIcmpCode(){ + return icmpCode; + } + public String getStringSrcPortRange() { - return NetUtils.portRangeToString(srcPortRange); + if (srcPortRange == null || srcPortRange.length < 2) + return "0:0"; + else + return NetUtils.portRangeToString(srcPortRange); } public boolean revoked() { return revoked; } + public List getSourceCidrList() { + return sourceCidrList; + } + public boolean isAlreadyAdded() { return alreadyAdded; } diff --git a/api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java b/api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java index 9818ebb523a..4b6342b0c59 100644 --- a/api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java +++ b/api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java @@ -45,7 +45,7 @@ public class PortForwardingRuleTO extends FirewallRuleTO { } protected PortForwardingRuleTO(long id, String srcIp, int srcPortStart, int srcPortEnd, String dstIp, int dstPortStart, int dstPortEnd, String protocol, boolean revoked, boolean brandNew) { - super(id, srcIp, protocol, srcPortStart, srcPortEnd, revoked, brandNew, FirewallRule.Purpose.PortForwarding); + super(id, srcIp, protocol, srcPortStart, srcPortEnd, revoked, brandNew, FirewallRule.Purpose.PortForwarding, null,0,0); this.dstIp = dstIp; this.dstPortRange = new int[] { dstPortStart, dstPortEnd }; } diff --git a/api/src/com/cloud/agent/api/to/StaticNatRuleTO.java b/api/src/com/cloud/agent/api/to/StaticNatRuleTO.java index 2c2f0dfdd1b..c0359dbb0d7 100644 --- a/api/src/com/cloud/agent/api/to/StaticNatRuleTO.java +++ b/api/src/com/cloud/agent/api/to/StaticNatRuleTO.java @@ -36,13 +36,13 @@ public class StaticNatRuleTO extends FirewallRuleTO{ } public StaticNatRuleTO(StaticNatRule rule, String scrIp, String dstIp) { - super(rule.getId(), scrIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(),rule.getState()==State.Revoke, rule.getState()==State.Active, rule.getPurpose()); + super(rule.getId(), scrIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(),rule.getState()==State.Revoke, rule.getState()==State.Active, rule.getPurpose(), null,0,0); this.dstIp = dstIp; } protected StaticNatRuleTO(long id, String srcIp, int srcPortStart, int srcPortEnd, String dstIp, int dstPortStart, int dstPortEnd, String protocol, boolean revoked, boolean brandNew) { - super(id, srcIp, protocol, srcPortStart, srcPortEnd, revoked, brandNew, FirewallRule.Purpose.StaticNat); + super(id, srcIp, protocol, srcPortStart, srcPortEnd, revoked, brandNew, FirewallRule.Purpose.StaticNat, null,0,0); this.dstIp = dstIp; } diff --git a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java index 9cc83671b24..a715dfa7663 100644 --- a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java +++ b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java @@ -6455,16 +6455,34 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe } protected SetFirewallRulesAnswer execute(SetFirewallRulesCommand cmd) { - Connection conn = getConnection(); - - String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP); - String[] results = new String[cmd.getRules().length]; - int i = 0; - for (FirewallRuleTO rule : cmd.getRules()) { - //FIXME - Jana, add implementation here - } + String[] results = new String[cmd.getRules().length]; + String ret; + Connection conn = getConnection(); + String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP); + + if (routerIp == null) { + return new SetFirewallRulesAnswer(cmd, false, results); + } + + String[][] rules = cmd.generateFwRules(); + String args = ""; + args += routerIp+" -F "; + StringBuilder sb = new StringBuilder(); + String[] addRules = rules[0]; + if (addRules.length > 0) { + for (int i = 0; i < addRules.length; i++) { + sb.append(addRules[i]).append(','); + } + args += " -a " + sb.toString(); + } + + ret = callHostPlugin(conn, "vmops", "setFirewallRule", "args", args); + + if (ret == null || ret.isEmpty()) { + return new SetFirewallRulesAnswer(cmd,false, results); + } + return new SetFirewallRulesAnswer(cmd, true, results); - return new SetFirewallRulesAnswer(cmd, results); } } diff --git a/patches/systemvm/debian/config/root/firewall_rule.sh b/patches/systemvm/debian/config/root/firewall_rule.sh new file mode 100755 index 00000000000..84d670873a8 --- /dev/null +++ b/patches/systemvm/debian/config/root/firewall_rule.sh @@ -0,0 +1,138 @@ +#!/usr/bin/env bash + +# $Id: firewall.sh 9947 2010-06-25 19:34:24Z manuel $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/patches/xenserver/root/loadbalancer.sh $ +# +# +# @VERSION@ +echo $* >> /tmp/jana.log +usage() { + printf "Usage: %s: -F -a \n" $(basename $0) >&2 +# scourcecidrs format: n1-n2-n3-n4 +} + +# set -x + +#FIXME: eating up the error code during execution of iptables +fw_remove_backup() { + for vif in $VIF_LIST; do + sudo iptables -F back_firewall_rules_$vif 2> /dev/null + sudo iptables -D INPUT -i $vif -j back_firewall_rules_$vif 2> /dev/null + sudo iptables -X back_firewall_rules_$vif 2> /dev/null + done +} +fw_restore() { + for vif in $VIF_LIST; do + sudo iptables -F firewall_rules_$vif 2> /dev/null + sudo iptables -D INPUT -i $vif -j firewall_rules_$vif 2> /dev/null + sudo iptables -X firewall_rules_$vif 2> /dev/null + sudo iptables -E back_firewall_rules_$vif firewall_rules_$vif 2> /dev/null + done +} +# firewall entry to ensure that haproxy can receive on specified port +fw_entry() { + local added=$1 + + if [ "$added" == "none" ] + then + added="" + fi + + + local a=$(echo $added | cut -d, -f1- --output-delimiter=" ") + +# back up the iptable rules by renaming before creating new. + for vif in $VIF_LIST; do + sudo iptables -E firewall_rules_$vif back_firewall_rules_$vif 2> /dev/null + sudo iptables -N firewall_rules_$vif 2> /dev/null + sudo iptables -A INPUT -i $vif -j firewall_rules_$vif + done + + for i in $a + do + local prot=$(echo $i | cut -d: -f1) + local sport=$(echo $i | cut -d: -f2) + local eport=$(echo $i | cut -d: -f3) + local scidrs=$(echo $i | cut -d: -f4 | sed 's/-/,/g') + + + for vif in $VIF_LIST; do + if [ "$prot" == "icmp" ] + then +# TODO icmp code need to be implemented +# sport is icmpType , dport is icmpcode + if [ "$sport" == "-1" ] + then + sudo iptables -A firewall_rules_$vif -s $scidrs -p $prot -j ACCEPT + else + sudo iptables -A firewall_rules_$vif -s $scidrs -p $prot --icmp-type $sport -j ACCEPT + fi + else + sudo iptables -A firewall_rules_$vif -s $scidrs -p $prot --dport $sport:$eport -j ACCEPT + fi + + if [ $? -gt 0 ] + then + return 1 + fi + done + done + + return 0 +} + +get_vif_list() { + local vif_list="" + for i in /sys/class/net/eth*; do + vif=$(basename $i); + if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ] + then + vif_list="$vif_list $vif"; + fi + done + if [ "$vif_list" == "" ] + then + vif_list="eth0" + fi + + logger -t cloud "FirewallRule public interfaces = $vif_list" + echo $vif_list +} + +shift +while getopts 'a:' OPTION +do + case $OPTION in + a) aflag=1 + rules="$OPTARG" + ;; + ?) usage + exit 2 + ;; + esac +done + +VIF_LIST=$(get_vif_list) + +if [ "$rules" == "" ] +then + rules="none" +fi + +# iptables entry to ensure that haproxy receives traffic +fw_entry $rules + +if [ $? -gt 0 ] +then + logger -t cloud "Reverting firewall config" + # Revert iptables rules on DomR + fw_restore + + exit 1 +else + # Remove backedup iptable rules + fw_remove_backup +fi + +exit 0 + + diff --git a/scripts/network/domr/call_firewall.sh b/scripts/network/domr/call_firewall.sh index 29765e657d9..c9e6147cef0 100755 --- a/scripts/network/domr/call_firewall.sh +++ b/scripts/network/domr/call_firewall.sh @@ -24,15 +24,17 @@ # firewall.sh -- allow some ports / protocols to vm instances # # - +echo $* >> /tmp/jana.log usage() { - printf "Usage: %s: (-A|-D) -i -r -P protocol (-p port_range | -t icmp_type_code) -l -d [-f -u -y -z ] \n" $(basename $0) >&2 + printf "Usage for Firewall rule : %s: -F " $(basename $0) >&2 + printf "Usage for other purposes : %s: (-A|-D) -i -r -P protocol (-p port_range | -t icmp_type_code) -l -d [-f -u -y -z ] \n" $(basename $0) >&2 } -# set -x + set -x # check if gateway domain is up and running check_gw() { +# return 0; ping -c 1 -n -q $1 > /dev/null if [ $? -gt 0 ] then @@ -52,9 +54,21 @@ if [ $? -gt 0 ] then exit 1 fi +fflag= +while getopts 'F:' OPTION +do + case $OPTION in + F) fflag=1 + ;; + esac +done - -ssh -p 3922 -q -o StrictHostKeyChecking=no -i $cert root@$domRIp "/root/firewall.sh $*" +if [ -n "$fflag" ] +then + ssh -p 3922 -q -o StrictHostKeyChecking=no -i $cert root@$domRIp "/root/firewall_rule.sh $*" +else + ssh -p 3922 -q -o StrictHostKeyChecking=no -i $cert root@$domRIp "/root/firewall.sh $*" +fi exit $? From f5011189c87a32195245c7ea7632f27086c698b8 Mon Sep 17 00:00:00 2001 From: Naredula Janardhana Reddy Date: Wed, 10 Aug 2011 18:15:07 +0530 Subject: [PATCH 15/77] bug 10561: code cleanup --- .../xen/resource/CitrixResourceBase.java | 53 +++++++++---------- 1 file changed, 26 insertions(+), 27 deletions(-) diff --git a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java index a715dfa7663..098306736a8 100644 --- a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java +++ b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java @@ -6454,35 +6454,34 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe return new Answer(cmd, success, ""); } - protected SetFirewallRulesAnswer execute(SetFirewallRulesCommand cmd) { - String[] results = new String[cmd.getRules().length]; - String ret; - Connection conn = getConnection(); - String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP); + protected SetFirewallRulesAnswer execute(SetFirewallRulesCommand cmd) { + String[] results = new String[cmd.getRules().length+1]; + String callResult; + Connection conn = getConnection(); + String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP); - if (routerIp == null) { - return new SetFirewallRulesAnswer(cmd, false, results); - } + if (routerIp == null) { + return new SetFirewallRulesAnswer(cmd, false, results); + } - String[][] rules = cmd.generateFwRules(); - String args = ""; - args += routerIp+" -F "; - StringBuilder sb = new StringBuilder(); - String[] addRules = rules[0]; - if (addRules.length > 0) { - for (int i = 0; i < addRules.length; i++) { - sb.append(addRules[i]).append(','); - } - args += " -a " + sb.toString(); - } + String[][] rules = cmd.generateFwRules(); + String args = ""; + args += routerIp + " -F "; + StringBuilder sb = new StringBuilder(); + String[] fwRules = rules[0]; + if (fwRules.length > 0) { + for (int i = 0; i < fwRules.length; i++) { + sb.append(fwRules[i]).append(','); + } + args += " -a " + sb.toString(); + } - ret = callHostPlugin(conn, "vmops", "setFirewallRule", "args", args); - - if (ret == null || ret.isEmpty()) { - return new SetFirewallRulesAnswer(cmd,false, results); - } - return new SetFirewallRulesAnswer(cmd, true, results); + callResult = callHostPlugin(conn, "vmops", "setFirewallRule", "args", args); - } - + if (callResult == null || callResult.isEmpty()) { + results[cmd.getRules().length] = "failed"; + return new SetFirewallRulesAnswer(cmd, false, results); + } + return new SetFirewallRulesAnswer(cmd, true, results); + } } From 2a7a698a6478b766d6bc240235d7c741ea3fdd69 Mon Sep 17 00:00:00 2001 From: Jessica Wang Date: Wed, 10 Aug 2011 10:13:30 -0700 Subject: [PATCH 16/77] cloudStack - Elastic Load Balancer - IP address page - continue calling listPublicIpAddresses API instead of showing error when supportELB is "false". --- ui/scripts/cloud.core.ipaddress.js | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/ui/scripts/cloud.core.ipaddress.js b/ui/scripts/cloud.core.ipaddress.js index 9030c7b220e..7a0843d9714 100644 --- a/ui/scripts/cloud.core.ipaddress.js +++ b/ui/scripts/cloud.core.ipaddress.js @@ -71,8 +71,7 @@ function afterLoadIpJSP() { var tabContentArray = [$("#tab_content_details"), $("#tab_content_port_range"), $("#tab_content_port_forwarding"), $("#tab_content_load_balancer"), $("#tab_content_vpn")]; var afterSwitchFnArray = [ipJsonToDetailsTab, ipJsonToPortRangeTab, ipJsonToPortForwardingTab, ipJsonToLoadBalancerTab, ipJsonToVPNTab]; switchBetweenDifferentTabs(tabArray, tabContentArray, afterSwitchFnArray); - //***** switch between different tabs (end) ********************************************************************** - + //***** switch between different tabs (end) ********************************************************************** if(g_supportELB == "guest" || g_supportELB == "public") { $("#tab_details,#tab_port_range,#tab_port_forwarding,#tab_load_balancer,#tab_vpn").hide(); @@ -1385,12 +1384,8 @@ function ipJsonToDetailsTab() { else if(g_supportELB == "public") { cmd = "command=listPublicIpAddresses&forvirtualnetwork=true&id="+publicipid; } - else { - if(g_supportELB == null) - alert("supportELB should be either guest or public. It should not be null."); - else - alert("supportELB should be either guest or public. It should not be " + g_supportELB); - return; + else { //g_supportELB == "false" + cmd = "command=listPublicIpAddresses&id="+publicipid; } $.ajax({ From 3f3c64025bb67446f4907f10164adbc3dcb6cf26 Mon Sep 17 00:00:00 2001 From: Chiradeep Vittal Date: Wed, 10 Aug 2011 10:20:45 -0700 Subject: [PATCH 17/77] change it back to false since ui now handles false --- server/src/com/cloud/server/ManagementServerImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 36b8dad8e05..52c86402ae2 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -4207,7 +4207,7 @@ public class ManagementServerImpl implements ManagementServer { boolean securityGroupsEnabled = false; boolean elasticLoadBalancerEnabled = false; - String supportELB = "public"; + String supportELB = "false"; List dc = _dcDao.listSecurityGroupEnabledZones(); if (dc != null && !dc.isEmpty()) { securityGroupsEnabled = true; From 32b53351ff2b64f0da0d1eb0e45c92a9a81a93ad Mon Sep 17 00:00:00 2001 From: alena Date: Wed, 10 Aug 2011 10:47:45 -0700 Subject: [PATCH 18/77] Fixed response processing in createFirewallRule command --- .../commands/CreateIpForwardingRuleCmd.java | 21 ++++++++++----- .../commands/CreateLoadBalancerRuleCmd.java | 26 +++++++++++++++---- .../commands/CreatePortForwardingRuleCmd.java | 23 ++++++++-------- .../xen/resource/CitrixResourceBase.java | 7 +++-- .../cloud/network/rules/RulesManagerImpl.java | 2 +- 5 files changed, 52 insertions(+), 27 deletions(-) diff --git a/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java index 6d2ddc2ddd4..d6f2797fb5e 100644 --- a/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java @@ -66,6 +66,9 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Sta @Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN, description = "if true, firewall rule for source/end pubic port is automatically created; if false - firewall rule has to be created explicitely. Has value true by default") private Boolean openFirewall; + @Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the cidr list to forward traffic from") + private List cidrlist; + ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -102,6 +105,7 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Sta @Override public void execute() throws ResourceUnavailableException{ + boolean result = true; FirewallRule rule = null; try { @@ -127,15 +131,19 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Sta @Override public void create() { - StaticNatRule rule; + + //cidr list parameter is deprecated + if (cidrlist != null) { + throw new InvalidParameterValueException("Parameter cidrList is deprecated; if you need to open firewall rule for the specific cidr, please refer to createFirewallRule command"); + } + try { - rule = _rulesService.createStaticNatRule(this, getOpenFirewall()); + StaticNatRule rule = _rulesService.createStaticNatRule(this, getOpenFirewall()); + this.setEntityId(rule.getId()); } catch (NetworkRuleConflictException e) { - s_logger.info("Unable to create Static Nat Rule due to " + e.getMessage()); + s_logger.info("Unable to create Static Nat Rule due to ", e); throw new ServerApiException(BaseCmd.NETWORK_RULE_CONFLICT_ERROR, e.getMessage()); } - - this.setEntityId(rule.getId()); } @Override @@ -263,8 +271,7 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Sta public Integer getIcmpType() { return null; } - - @Override + public List getSourceCidrList() { return null; } diff --git a/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java b/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java index 0e639c1fc0b..334bad5edca 100644 --- a/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java @@ -81,6 +81,9 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCmd /*implements LoadBa @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID associated with the load balancer") private Long domainId; + @Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the cidr list to forward traffic from") + private List cidrlist; + ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// ///////////////////////////////////////////////////// @@ -125,6 +128,14 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCmd /*implements LoadBa return true; } } + + public List getSourceCidrList() { + if (cidrlist != null) { + throw new InvalidParameterValueException("Parameter cidrList is deprecated; if you need to open firewall rule for the specific cidr, please refer to createFirewallRule command"); + } + return null; + } + ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// @@ -137,9 +148,17 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCmd /*implements LoadBa @Override public void execute() throws ResourceAllocationException, ResourceUnavailableException { - LoadBalancer result = null; + + //cidr list parameter is deprecated + if (cidrlist != null) { + throw new InvalidParameterValueException("Parameter cidrList is deprecated; if you need to open firewall rule for the specific cidr, please refer to createFirewallRule command"); + } + try { - result = _lbService.createLoadBalancerRule(this, getOpenFirewall()); + LoadBalancer result = _lbService.createLoadBalancerRule(this, getOpenFirewall()); + LoadBalancerResponse response = _responseGenerator.createLoadBalancerResponse(result); + response.setResponseName(getCommandName()); + this.setResponseObject(response); } catch (NetworkRuleConflictException e) { s_logger.warn("Exception: ", e); throw new ServerApiException(BaseCmd.NETWORK_RULE_CONFLICT_ERROR, e.getMessage()); @@ -147,9 +166,6 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCmd /*implements LoadBa s_logger.warn("Exception: ", e); throw new ServerApiException(BaseCmd.INSUFFICIENT_CAPACITY_ERROR, e.getMessage()); } - LoadBalancerResponse response = _responseGenerator.createLoadBalancerResponse(result); - response.setResponseName(getCommandName()); - this.setResponseObject(response); } diff --git a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java index 42f9c93ca36..84a6a8f15e4 100644 --- a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java @@ -98,7 +98,10 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P } public List getSourceCidrList() { - return cidrlist; + if (cidrlist != null) { + throw new InvalidParameterValueException("Parameter cidrList is deprecated; if you need to open firewall rule for the specific cidr, please refer to createFirewallRule command"); + } + return null; } public Boolean getOpenFirewall() { @@ -117,10 +120,6 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P public String getCommandName() { return s_name; } - - public void setSourceCidrList(List cidrs){ - cidrlist = cidrs; - } @Override public void execute() throws ResourceUnavailableException { @@ -227,17 +226,17 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P @Override public void create() { - if (cidrlist != null) - for (String cidr: cidrlist){ - if (!NetUtils.isValidCIDR(cidr)){ - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Source cidrs formatting error " + cidr); - } - } + + //cidr list parameter is deprecated + if (cidrlist != null) { + throw new InvalidParameterValueException("Parameter cidrList is deprecated; if you need to open firewall rule for the specific cidr, please refer to createFirewallRule command"); + } + try { PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId, getOpenFirewall()); setEntityId(result.getId()); } catch (NetworkRuleConflictException ex) { - s_logger.info("Network rule conflict: " + ex.getMessage()); + s_logger.info("Network rule conflict: " , ex); s_logger.trace("Network Rule Conflict: ", ex); throw new ServerApiException(BaseCmd.NETWORK_RULE_CONFLICT_ERROR, ex.getMessage()); } diff --git a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java index 098306736a8..8a64e14310e 100644 --- a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java +++ b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java @@ -6455,7 +6455,7 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe } protected SetFirewallRulesAnswer execute(SetFirewallRulesCommand cmd) { - String[] results = new String[cmd.getRules().length+1]; + String[] results = new String[cmd.getRules().length]; String callResult; Connection conn = getConnection(); String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP); @@ -6479,7 +6479,10 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe callResult = callHostPlugin(conn, "vmops", "setFirewallRule", "args", args); if (callResult == null || callResult.isEmpty()) { - results[cmd.getRules().length] = "failed"; + //FIXME - in the future we have to process each rule separately; now we temporarely set every rule to be false if single rule fails + for (int i=0; i < results.length; i++) { + results[i] = "Failed"; + } return new SetFirewallRulesAnswer(cmd, false, results); } return new SetFirewallRulesAnswer(cmd, true, results); diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index 4afe37eb0e3..2a044ec656b 100755 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -225,7 +225,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { if (e instanceof NetworkRuleConflictException) { throw (NetworkRuleConflictException) e; } - throw new CloudRuntimeException("Unable to add rule for the ip id=" + newRule.getSourceIpAddressId(), e); + throw new CloudRuntimeException("Unable to add rule for the ip id=" + ipAddrId, e); } } From 6e0eeb132e3559d06b1b03f967efb5bc26d44d17 Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Wed, 10 Aug 2011 12:01:38 -0700 Subject: [PATCH 19/77] bug 11045: Fix exception exit of CheckRouterTask Catch all the exception and come back to work. status 11045: resolved fixed --- .../VirtualNetworkApplianceManagerImpl.java | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 661cb92cf46..9d345e9bb3b 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -828,15 +828,18 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian @Override public void run() { - - final List routers = _routerDao.listVirtualUpByHostId(null); - s_logger.debug("Found " + routers.size() + " running routers. "); + try { + final List routers = _routerDao.listVirtualUpByHostId(null); + s_logger.debug("Found " + routers.size() + " running routers. "); - updateRoutersRedundantState(routers); - - /* FIXME assumed the a pair of redundant routers managed by same mgmt server, - * then the update above can get the latest status */ - checkDuplicateMaster(routers); + updateRoutersRedundantState(routers); + + /* FIXME assumed the a pair of redundant routers managed by same mgmt server, + * then the update above can get the latest status */ + checkDuplicateMaster(routers); + } catch (Exception ex) { + s_logger.error("Fail to complete the CheckRouterTask! ", ex); + } } } From 0f33a2cdbca9d29eb7768ff13ca43eef02d9cec5 Mon Sep 17 00:00:00 2001 From: Jessica Wang Date: Wed, 10 Aug 2011 12:10:48 -0700 Subject: [PATCH 20/77] cloudStack - IP Address page - Port Forwarding tab - remove Source CIDR. --- ui/jsp/ipaddress.jsp | 35 ++++++++++-------------------- ui/scripts/cloud.core.ipaddress.js | 26 +++++----------------- 2 files changed, 18 insertions(+), 43 deletions(-) diff --git a/ui/jsp/ipaddress.jsp b/ui/jsp/ipaddress.jsp index 428af847570..957643ec789 100644 --- a/ui/jsp/ipaddress.jsp +++ b/ui/jsp/ipaddress.jsp @@ -288,11 +288,7 @@ dictionary = {
-
-
-
-
-
+
@@ -305,24 +301,20 @@ dictionary = {
-
+
-
+
-
+
-
-
- - -
+
@@ -345,15 +337,15 @@ dictionary = {
-
+
-
+
-
+
@@ -673,10 +665,7 @@ dictionary = {