mirror of https://github.com/apache/cloudstack.git
Merge branch '4.18'
This commit is contained in:
Daan Hoogland
commit
8db8aa4163
|
|
@ -41,6 +41,8 @@ import com.cloud.network.vpc.NetworkACLItem.State;
|
|||
import com.cloud.network.vpc.dao.NetworkACLDao;
|
||||
import com.cloud.network.vpc.dao.VpcGatewayDao;
|
||||
import com.cloud.offering.NetworkOffering;
|
||||
import com.cloud.server.ResourceTag;
|
||||
import com.cloud.tags.dao.ResourceTagDao;
|
||||
import com.cloud.utils.component.ManagerBase;
|
||||
import com.cloud.utils.db.DB;
|
||||
import com.cloud.utils.db.EntityManager;
|
||||
|
|
@ -73,6 +75,8 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
|
|||
private VpcService _vpcSvc;
|
||||
@Inject
|
||||
private MessageBus _messageBus;
|
||||
@Inject
|
||||
private ResourceTagDao resourceTagDao;
|
||||
|
||||
private List<NetworkACLServiceProvider> _networkAclElements;
|
||||
|
||||
|
|
@ -275,7 +279,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
|
|||
if (s_logger.isDebugEnabled()) {
|
||||
s_logger.debug("Found a rule that is still in stage state so just removing it: " + rule);
|
||||
}
|
||||
_networkACLItemDao.remove(rule.getId());
|
||||
removeRule(rule);
|
||||
} else if (rule.getState() == State.Add || rule.getState() == State.Active) {
|
||||
rule.setState(State.Revoke);
|
||||
_networkACLItemDao.update(rule.getId(), rule);
|
||||
|
|
@ -353,8 +357,9 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
|
|||
return rules;
|
||||
}
|
||||
|
||||
private void removeRule(final NetworkACLItem rule) {
|
||||
_networkACLItemDao.remove(rule.getId());
|
||||
boolean removeRule(final NetworkACLItem rule) {
|
||||
boolean rc = resourceTagDao.removeByIdAndType(rule.getId(), ResourceTag.ResourceObjectType.NetworkACL);
|
||||
return rc && _networkACLItemDao.remove(rule.getId());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -390,7 +395,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
|
|||
|
||||
/**
|
||||
* Updates and applies the network ACL rule ({@link NetworkACLItemVO}).
|
||||
* We will first try to update the ACL rule in the database using {@link NetworkACLItemDao#update(Long, NetworkACLItemVO)}. If it does not work, a {@link CloudRuntimeException} is thrown.
|
||||
* We will first try to update the ACL rule in the database using {@link NetworkACLItemDao#updateNumberFieldNetworkItem(long, int)}. If it does not work, a {@link CloudRuntimeException} is thrown.
|
||||
* If we manage to update the ACL rule in the database, we proceed to apply it using {@link #applyNetworkACL(long)}. If this does not work we throw a {@link CloudRuntimeException}.
|
||||
* If all is working we return the {@link NetworkACLItemVO} given as parameter. We wil set the state of the rule to {@link com.cloud.network.vpc.NetworkACLItem.State#Add}.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -974,8 +974,16 @@ public class StatsCollector extends ManagerBase implements ComponentMethodInterc
|
|||
private double getSystemCpuCyclesTotal() {
|
||||
String cpucaps = Script.runSimpleBashScript("cat /proc/cpuinfo | grep \"cpu MHz\" | grep \"cpu MHz\" | cut -f 2 -d : | tr -d ' '| tr '\\n' \" \"");
|
||||
double totalcpucap = 0;
|
||||
for (String cpucap : cpucaps.split(" ")) {
|
||||
totalcpucap += Double.parseDouble(cpucap);
|
||||
if (StringUtils.isEmpty(cpucaps)) {
|
||||
String totalCpus = Script.runSimpleBashScript("nproc --all| tr '\\n' \" \"");
|
||||
String maxCpuSpeed = Script.runSimpleBashScript("lscpu | egrep 'CPU max MHz' | head -1 | cut -f 2 -d : | tr -d ' '| tr '\\n' \" \"");
|
||||
if (StringUtils.isNotEmpty(totalCpus) && StringUtils.isNotEmpty(maxCpuSpeed)) {
|
||||
totalcpucap = Double.parseDouble(totalCpus) * Double.parseDouble(maxCpuSpeed);
|
||||
}
|
||||
} else {
|
||||
for (String cpucap : cpucaps.split(" ")) {
|
||||
totalcpucap += Double.parseDouble(cpucap);
|
||||
}
|
||||
}
|
||||
return totalcpucap;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package com.cloud.vpc;
|
||||
package com.cloud.network.vpc;
|
||||
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.anyList;
|
||||
|
|
@ -30,6 +30,7 @@ import java.util.UUID;
|
|||
|
||||
import javax.inject.Inject;
|
||||
|
||||
import com.cloud.server.ResourceTag;
|
||||
import org.apache.cloudstack.context.CallContext;
|
||||
import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
|
||||
import org.apache.cloudstack.framework.messagebus.MessageBus;
|
||||
|
|
@ -58,18 +59,7 @@ import com.cloud.network.dao.NetworkDao;
|
|||
import com.cloud.network.dao.NetworkServiceMapDao;
|
||||
import com.cloud.network.dao.NetworkVO;
|
||||
import com.cloud.network.element.NetworkACLServiceProvider;
|
||||
import com.cloud.network.vpc.NetworkACLItem;
|
||||
import com.cloud.network.vpc.NetworkACLItem.State;
|
||||
import com.cloud.network.vpc.NetworkACLItemDao;
|
||||
import com.cloud.network.vpc.NetworkACLItemVO;
|
||||
import com.cloud.network.vpc.NetworkACLManager;
|
||||
import com.cloud.network.vpc.NetworkACLManagerImpl;
|
||||
import com.cloud.network.vpc.NetworkACLVO;
|
||||
import com.cloud.network.vpc.PrivateGateway;
|
||||
import com.cloud.network.vpc.VpcGateway;
|
||||
import com.cloud.network.vpc.VpcGatewayVO;
|
||||
import com.cloud.network.vpc.VpcManager;
|
||||
import com.cloud.network.vpc.VpcService;
|
||||
import com.cloud.network.vpc.dao.NetworkACLDao;
|
||||
import com.cloud.network.vpc.dao.VpcGatewayDao;
|
||||
import com.cloud.offerings.dao.NetworkOfferingDao;
|
||||
|
|
@ -88,7 +78,7 @@ import junit.framework.TestCase;
|
|||
@ContextConfiguration(loader = AnnotationConfigContextLoader.class)
|
||||
public class NetworkACLManagerTest extends TestCase {
|
||||
@Inject
|
||||
NetworkACLManager _aclMgr;
|
||||
NetworkACLManagerImpl _aclMgr;
|
||||
|
||||
@Inject
|
||||
AccountManager _accountMgr;
|
||||
|
|
@ -103,10 +93,6 @@ public class NetworkACLManagerTest extends TestCase {
|
|||
@Inject
|
||||
NetworkOfferingDao networkOfferingDao;
|
||||
@Inject
|
||||
ConfigurationManager _configMgr;
|
||||
@Inject
|
||||
EntityManager _entityMgr;
|
||||
@Inject
|
||||
NetworkModel _networkModel;
|
||||
@Inject
|
||||
List<NetworkACLServiceProvider> _networkAclElements;
|
||||
|
|
@ -114,6 +100,8 @@ public class NetworkACLManagerTest extends TestCase {
|
|||
VpcService _vpcSvc;
|
||||
@Inject
|
||||
VpcGatewayDao _vpcGatewayDao;
|
||||
@Inject
|
||||
private ResourceTagDao resourceTagDao;
|
||||
|
||||
private NetworkACLVO acl;
|
||||
private NetworkACLItemVO aclItem;
|
||||
|
|
@ -154,9 +142,17 @@ public class NetworkACLManagerTest extends TestCase {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void testApplyNetworkACL() throws Exception {
|
||||
public void testApplyNetworkACLsOnGatewayAndInGeneral() throws Exception {
|
||||
driveTestApplyNetworkACL(true, true, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testApplyNetworkACLsOnGatewayOnly() throws Exception {
|
||||
driveTestApplyNetworkACL(false, false, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testApplyNetworkACLsButNotOnGateway() throws Exception {
|
||||
driveTestApplyNetworkACL(false, true, false);
|
||||
}
|
||||
|
||||
|
|
@ -168,11 +164,12 @@ public class NetworkACLManagerTest extends TestCase {
|
|||
// Prepare
|
||||
// Reset mocked objects to reuse
|
||||
Mockito.reset(_networkACLItemDao);
|
||||
Mockito.reset(_networkDao);
|
||||
|
||||
// Make sure it is handled
|
||||
final long aclId = 1L;
|
||||
final NetworkVO network = Mockito.mock(NetworkVO.class);
|
||||
final List<NetworkVO> networks = new ArrayList<NetworkVO>();
|
||||
final List<NetworkVO> networks = new ArrayList<>();
|
||||
networks.add(network);
|
||||
|
||||
NetworkServiceMapDao ntwkSrvcDao = mock(NetworkServiceMapDao.class);
|
||||
|
|
@ -194,7 +191,7 @@ public class NetworkACLManagerTest extends TestCase {
|
|||
|
||||
// Create 4 rules to test all 4 scenarios: only revoke should
|
||||
// be deleted, only add should update
|
||||
final List<NetworkACLItemVO> rules = new ArrayList<NetworkACLItemVO>();
|
||||
final List<NetworkACLItemVO> rules = new ArrayList<>();
|
||||
final NetworkACLItemVO ruleActive = Mockito.mock(NetworkACLItemVO.class);
|
||||
final NetworkACLItemVO ruleStaged = Mockito.mock(NetworkACLItemVO.class);
|
||||
final NetworkACLItemVO rule2Revoke = Mockito.mock(NetworkACLItemVO.class);
|
||||
|
|
@ -224,7 +221,6 @@ public class NetworkACLManagerTest extends TestCase {
|
|||
|
||||
// Assert if conditions met, network ACL was applied
|
||||
final int timesProcessingDone = applyNetworkACLs && applyACLToPrivateGw ? 1 : 0;
|
||||
Mockito.verify(_networkACLItemDao, Mockito.times(timesProcessingDone)).remove(revokeId);
|
||||
Mockito.verify(rule2Add, Mockito.times(timesProcessingDone)).setState(NetworkACLItem.State.Active);
|
||||
Mockito.verify(_networkACLItemDao, Mockito.times(timesProcessingDone)).update(addId, rule2Add);
|
||||
}
|
||||
|
|
@ -235,9 +231,20 @@ public class NetworkACLManagerTest extends TestCase {
|
|||
assertTrue(_aclMgr.revokeNetworkACLItem(1L));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRemoveRule() {
|
||||
NetworkACLItem aclItem = Mockito.mock(NetworkACLItemVO.class);
|
||||
when(aclItem.getId()).thenReturn(1l);
|
||||
Mockito.when(resourceTagDao.removeByIdAndType(1l, ResourceTag.ResourceObjectType.NetworkACL)).thenReturn(true);
|
||||
Mockito.when(_networkACLItemDao.remove(1l)).thenReturn(true);
|
||||
assertTrue(_aclMgr.removeRule(aclItem));
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void deleteNonEmptyACL() throws Exception {
|
||||
final List<NetworkACLItemVO> aclItems = new ArrayList<NetworkACLItemVO>();
|
||||
Mockito.reset(_networkDao);
|
||||
final List<NetworkACLItemVO> aclItems = new ArrayList<>();
|
||||
aclItems.add(aclItem);
|
||||
Mockito.when(_networkACLItemDao.listByACL(anyLong())).thenReturn(aclItems);
|
||||
Mockito.when(acl.getId()).thenReturn(3l);
|
||||
|
|
@ -342,5 +349,4 @@ public class NetworkACLManagerTest extends TestCase {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1113,6 +1113,8 @@
|
|||
"label.kubernetes.cluster.stop": "Stop Kubernetes cluster",
|
||||
"label.kubernetes.cluster.upgrade": "Upgrade Kubernetes cluster",
|
||||
"label.kubernetes.dashboard": "Kubernetes dashboard UI",
|
||||
"label.kubernetes.dashboard.create.token": "Create token for Kubernetes dashboard",
|
||||
"label.kubernetes.dashboard.create.token.desc": "Since Kubernetes v1.24.0, there is no auto-generation of secret-based service account token due to security reason. You need to create a service account and an optional long-lived Bearer Token for the service account.",
|
||||
"label.kubernetes.isos": "Kubernetes ISOs",
|
||||
"label.kubernetes.service": "Kubernetes service",
|
||||
"label.kubernetes.version.add": "Add Kubernetes version",
|
||||
|
|
|
|||
|
|
@ -1995,7 +1995,8 @@ export default {
|
|||
deployVmData.iodriverpolicy = values.iodriverpolicy
|
||||
deployVmData.nicmultiqueuenumber = values.nicmultiqueuenumber
|
||||
deployVmData.nicpackedvirtqueuesenabled = values.nicpackedvirtqueuesenabled
|
||||
if (values.userdata && values.userdata.length > 0) {
|
||||
const isUserdataAllowed = !this.userdataDefaultOverridePolicy || (this.userdataDefaultOverridePolicy === 'ALLOWOVERRIDE' && this.doUserdataOverride) || (this.userdataDefaultOverridePolicy === 'APPEND' && this.doUserdataAppend)
|
||||
if (isUserdataAllowed && values.userdata && values.userdata.length > 0) {
|
||||
deployVmData.userdata = this.$toBase64AndURIEncoded(values.userdata)
|
||||
}
|
||||
// step 2: select template/iso
|
||||
|
|
@ -2118,7 +2119,9 @@ export default {
|
|||
}
|
||||
// step 7: select ssh key pair
|
||||
deployVmData.keypairs = this.sshKeyPairs.join(',')
|
||||
deployVmData.userdataid = values.userdataid
|
||||
if (isUserdataAllowed) {
|
||||
deployVmData.userdataid = values.userdataid
|
||||
}
|
||||
|
||||
if (values.name) {
|
||||
deployVmData.name = values.name
|
||||
|
|
@ -2154,7 +2157,7 @@ export default {
|
|||
idx++
|
||||
}
|
||||
}
|
||||
if (this.userDataValues) {
|
||||
if (isUserdataAllowed && this.userDataValues) {
|
||||
for (const [key, value] of Object.entries(this.userDataValues)) {
|
||||
deployVmData['userdatadetails[' + idx + '].' + `${key}`] = value
|
||||
idx++
|
||||
|
|
|
|||
|
|
@ -79,6 +79,11 @@
|
|||
<a href="http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/"><code>http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/</code></a>
|
||||
</p>
|
||||
</a-timeline-item>
|
||||
<a-timeline-item>
|
||||
<p v-html="$t('label.kubernetes.dashboard.create.token')"></p>
|
||||
<p v-html="$t('label.kubernetes.dashboard.create.token.desc')"></p>
|
||||
<a-textarea :value="'kubectl --kubeconfig /custom/path/kube.conf apply -f - <<EOF\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: kubernetes-dashboard-admin-user\n namespace: kubernetes-dashboard\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: kubernetes-dashboard-admin-user\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n name: kubernetes-dashboard-admin-user\n namespace: kubernetes-dashboard\n---\napiVersion: v1\nkind: Secret\ntype: kubernetes.io/service-account-token\nmetadata:\n name: kubernetes-dashboard-token\n namespace: kubernetes-dashboard\n annotations:\n kubernetes.io/service-account.name: kubernetes-dashboard-admin-user\nEOF'" :rows="10" readonly />
|
||||
</a-timeline-item>
|
||||
<a-timeline-item>
|
||||
<p>
|
||||
{{ $t('label.token.for.dashboard.login') }}<br><br>
|
||||
|
|
|
|||
Loading…
Reference in New Issue