etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bugfix #2 vpc vr: fix issue if static nat is disabled but still other IP used by lb/pf

This commit is contained in:
Wei Zhou 2020-11-18 15:56:03 +00:00 committed by dahn
parent f5ab87c153
commit 655ed10655
6 changed files with 51 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server/src/main/java/com/cloud/network/rules/NicPlugInOutRules.java
View File

@ -40,6 +40,7 @@ import com.cloud.network.NetworkModel;
import com.cloud.network.Networks.BroadcastDomainType;
import com.cloud.network.Networks.IsolationType;
import com.cloud.network.PublicIpAddress;
import com.cloud.network.dao.FirewallRulesDao;
import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.dao.IPAddressVO;
import com.cloud.network.router.VirtualRouter;
@ -189,6 +190,7 @@ public class NicPlugInOutRules extends RuleApplier {
VpcManager vpcMgr = visitor.getVirtualNetworkApplianceFactory().getVpcMgr();
NicDao nicDao = visitor.getVirtualNetworkApplianceFactory().getNicDao();
IPAddressDao ipAddressDao = visitor.getVirtualNetworkApplianceFactory().getIpAddressDao();
FirewallRulesDao rulesDao = visitor.getVirtualNetworkApplianceFactory().getFirewallRulesDao();
// find out nics to unplug
for (PublicIpAddress ip : _ipAddresses) {
@ -206,7 +208,10 @@ public class NicPlugInOutRules extends RuleApplier {
final List<IPAddressVO> allIps = ipAddressDao.listByAssociatedVpc(ip.getVpcId(), null);
boolean ipUpdated = false;
for (IPAddressVO allIp : allIps) {
if (allIp.getId() != ip.getId() && allIp.getVlanId() == ip.getVlanId() && allIp.getVmIp() != null) {
if (allIp.getId() != ip.getId() && allIp.getVlanId() == ip.getVlanId()
&& (allIp.isSourceNat()
|| rulesDao.countRulesByIpIdAndState(allIp.getId(), FirewallRule.State.Active) > 0
|| (allIp.isOneToOneNat() && allIp.getRuleState() == null))) {
s_logger.debug("Updating the nic " + nic + " with new ip address " + allIp.getAddress().addr());
nic.setIPv4Address(allIp.getAddress().addr());
nicDao.update(nic.getId(), nic);

7
server/src/main/java/com/cloud/network/rules/VirtualNetworkApplianceFactory.java
View File

@ -26,6 +26,7 @@ import com.cloud.dc.dao.HostPodDao;
import com.cloud.dc.dao.VlanDao;
import com.cloud.network.IpAddressManager;
import com.cloud.network.NetworkModel;
import com.cloud.network.dao.FirewallRulesDao;
import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.dao.LoadBalancerDao;
import com.cloud.network.dao.NetworkDao;
@ -85,6 +86,8 @@ public class VirtualNetworkApplianceFactory {
private IpAddressManager _ipAddrMgr;
@Inject
private NetworkACLManager _networkACLMgr;
@Inject
private FirewallRulesDao _rulesDao;
@Autowired
@Qualifier("networkHelper")
@ -183,4 +186,8 @@ public class VirtualNetworkApplianceFactory {
public NetworkTopologyContext getNetworkTopologyContext() {
return _networkTopologyContext;
}
public FirewallRulesDao getFirewallRulesDao() {
return _rulesDao;
}
}

19
test/integration/component/test_multiple_subnets_in_isolated_network.py
View File

@ -35,6 +35,7 @@ from marvin.lib.base import (Account,
NetworkOffering,
VPC,
VpcOffering,
StaticNATRule,
NATRule,
PublicIPAddress,
PublicIpRange)
@ -247,7 +248,7 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
# verify the IPs in VR. eth0 -> guest nic IP, eth2 -> source nat IP
# 6. create new public ip range 1
# 7. get a free ip in new ip range, assign to network, and create port forwarding rules (ssh) to the vm
# 7. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm
# verify the available nics in VR should be "eth0,eth1,eth2,eth3"
# verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 1
# 8. get a free ip in new ip range, assign to network, and create port forwarding rules (ssh) to the vm
@ -395,7 +396,7 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
)
self.cleanup.append(self.public_ip_range1)
# 7. get a free ip in new ip range, assign to network, and create port forwarding rules (ssh) to the vm
# 7. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm
ip_address_1 = self.get_free_ipaddress(self.public_ip_range1.vlan.id)
ipaddress_1 = PublicIPAddress.create(
self.apiclient,
@ -404,12 +405,11 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
ipaddress=ip_address_1
)
nat_rule = NATRule.create(
StaticNATRule.enable(
self.apiclient,
self.virtual_machine1,
self.services["natrule"],
virtualmachineid=self.virtual_machine1.id,
ipaddressid=ipaddress_1.ipaddress.id,
openfirewall=True
networkid=self.network1.id
)
# verify the available nics in VR should be "eth0,eth1,eth2,eth3"
@ -544,12 +544,11 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
ipaddress=ip_address_4
)
nat_rule = NATRule.create(
StaticNATRule.enable(
self.apiclient,
self.virtual_machine1,
self.services["natrule"],
virtualmachineid=self.virtual_machine1.id,
ipaddressid=ipaddress_4.ipaddress.id,
openfirewall=True
networkid=self.network1.id
)

19
test/integration/component/test_multiple_subnets_in_isolated_network_rvr.py
View File

@ -35,6 +35,7 @@ from marvin.lib.base import (Account,
NetworkOffering,
VPC,
VpcOffering,
StaticNATRule,
NATRule,
PublicIPAddress,
PublicIpRange)
@ -247,7 +248,7 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
# verify the IPs in VR. eth0 -> guest nic IP, eth2 -> source nat IP
# 6. create new public ip range 1
# 7. get a free ip in new ip range, assign to network, and create port forwarding rules (ssh) to the vm
# 7. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm
# verify the available nics in VR should be "eth0,eth1,eth2,eth3"
# verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 1
# 8. get a free ip in new ip range, assign to network, and create port forwarding rules (ssh) to the vm
@ -395,7 +396,7 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
)
self.cleanup.append(self.public_ip_range1)
# 7. get a free ip in new ip range, assign to network, and create port forwarding rules (ssh) to the vm
# 7. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm
ip_address_1 = self.get_free_ipaddress(self.public_ip_range1.vlan.id)
ipaddress_1 = PublicIPAddress.create(
self.apiclient,
@ -404,12 +405,11 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
ipaddress=ip_address_1
)
nat_rule = NATRule.create(
StaticNATRule.enable(
self.apiclient,
self.virtual_machine1,
self.services["natrule"],
virtualmachineid=self.virtual_machine1.id,
ipaddressid=ipaddress_1.ipaddress.id,
openfirewall=True
networkid=self.network1.id
)
# verify the available nics in VR should be "eth0,eth1,eth2,eth3"
@ -544,12 +544,11 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
ipaddress=ip_address_4
)
nat_rule = NATRule.create(
StaticNATRule.enable(
self.apiclient,
self.virtual_machine1,
self.services["natrule"],
virtualmachineid=self.virtual_machine1.id,
ipaddressid=ipaddress_4.ipaddress.id,
openfirewall=True
networkid=self.network1.id
)

21
test/integration/component/test_multiple_subnets_in_vpc.py
View File

@ -35,6 +35,7 @@ from marvin.lib.base import (Account,
NetworkOffering,
VPC,
VpcOffering,
StaticNATRule,
NATRule,
PublicIPAddress,
PublicIpRange)
@ -272,7 +273,7 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
# verify the IPs in VR. eth1 -> source nat IP, eth2 -> tier 1, eth3 -> new ip 3, eth4 -> tier 2
# 13. create new public ip range 2
# 14. get a free ip 4 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
# 14. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm 2 in tier 2
# verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,eth5,"
# verify the IPs in VR. eth1 -> source nat IP, eth2 -> tier 1, eth3 -> new ip 3, eth4 -> tier 2, eth5 -> new ip 4
# 15. get a free ip 5 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
@ -451,10 +452,9 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
ipaddress=ip_address_1
)
nat_rule = NATRule.create(
StaticNATRule.enable(
self.apiclient,
self.virtual_machine1,
self.services["natrule"],
virtualmachineid=self.virtual_machine1.id,
ipaddressid=ipaddress_1.ipaddress.id,
networkid=vpc_tier_1.id
)
@ -581,7 +581,7 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
)
try:
self.virtual_machine1 = VirtualMachine.create(
self.virtual_machine2 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account1.name,
@ -621,7 +621,7 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
)
self.cleanup.append(self.public_ip_range2)
# 14. get a free ip 4 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
# 14. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm 2 in tier 2
# verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,eth5,"
# verify the IPs in VR. eth1 -> source nat IP, eth2 -> tier 1, eth3 -> new ip 3, eth4 -> tier 2, eth5 -> new ip 4
ip_address_4 = self.get_free_ipaddress(self.public_ip_range2.vlan.id)
@ -632,10 +632,9 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
ipaddress=ip_address_4
)
nat_rule = NATRule.create(
StaticNATRule.enable(
self.apiclient,
self.virtual_machine1,
self.services["natrule"],
virtualmachineid=self.virtual_machine2.id,
ipaddressid=ipaddress_4.ipaddress.id,
networkid=vpc_tier_2.id
)
@ -665,7 +664,7 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
nat_rule = NATRule.create(
self.apiclient,
self.virtual_machine1,
self.virtual_machine2,
self.services["natrule"],
ipaddressid=ipaddress_5.ipaddress.id,
networkid=vpc_tier_2.id
@ -696,7 +695,7 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
nat_rule = NATRule.create(
self.apiclient,
self.virtual_machine1,
self.virtual_machine2,
self.services["natrule"],
ipaddressid=ipaddress_6.ipaddress.id,
networkid=vpc_tier_2.id

21
test/integration/component/test_multiple_subnets_in_vpc_rvr.py
View File

@ -35,6 +35,7 @@ from marvin.lib.base import (Account,
NetworkOffering,
VPC,
VpcOffering,
StaticNATRule,
NATRule,
PublicIPAddress,
PublicIpRange)
@ -272,7 +273,7 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
# verify the IPs in VR. eth1 -> source nat IP, eth2 -> tier 1, eth3 -> new ip 3, eth4 -> tier 2
# 13. create new public ip range 2
# 14. get a free ip 4 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
# 14. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm 2 in tier 2
# verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,eth5,"
# verify the IPs in VR. eth1 -> source nat IP, eth2 -> tier 1, eth3 -> new ip 3, eth4 -> tier 2, eth5 -> new ip 4
# 15. get a free ip 5 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
@ -451,10 +452,9 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
ipaddress=ip_address_1
)
nat_rule = NATRule.create(
StaticNATRule.enable(
self.apiclient,
self.virtual_machine1,
self.services["natrule"],
virtualmachineid=self.virtual_machine1.id,
ipaddressid=ipaddress_1.ipaddress.id,
networkid=vpc_tier_1.id
)
@ -581,7 +581,7 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
)
try:
self.virtual_machine1 = VirtualMachine.create(
self.virtual_machine2 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account1.name,
@ -621,7 +621,7 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
)
self.cleanup.append(self.public_ip_range2)
# 14. get a free ip 4 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
# 14. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm 2 in tier 2
# verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,eth5,"
# verify the IPs in VR. eth1 -> source nat IP, eth2 -> tier 1, eth3 -> new ip 3, eth4 -> tier 2, eth5 -> new ip 4
ip_address_4 = self.get_free_ipaddress(self.public_ip_range2.vlan.id)
@ -632,10 +632,9 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
ipaddress=ip_address_4
)
nat_rule = NATRule.create(
StaticNATRule.enable(
self.apiclient,
self.virtual_machine1,
self.services["natrule"],
virtualmachineid=self.virtual_machine2.id,
ipaddressid=ipaddress_4.ipaddress.id,
networkid=vpc_tier_2.id
)
@ -665,7 +664,7 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
nat_rule = NATRule.create(
self.apiclient,
self.virtual_machine1,
self.virtual_machine2,
self.services["natrule"],
ipaddressid=ipaddress_5.ipaddress.id,
networkid=vpc_tier_2.id
@ -696,7 +695,7 @@ class TestMultiplePublicIpSubnets(cloudstackTestCase):
nat_rule = NATRule.create(
self.apiclient,
self.virtual_machine1,
self.virtual_machine2,
self.services["natrule"],
ipaddressid=ipaddress_6.ipaddress.id,
networkid=vpc_tier_2.id