port copy template fix to acton

2012-02-09 14:18:54 -08:00 · 2012-02-09 14:18:54 -08:00 · aa9d250280
parent 9ee043efde
commit aa9d250280
4 changed files with 33 additions and 16 deletions
--- a/api/src/com/cloud/agent/api/SecStorageFirewallCfgCommand.java
+++ b/api/src/com/cloud/agent/api/SecStorageFirewallCfgCommand.java
@ -52,18 +52,26 @@ public class SecStorageFirewallCfgCommand extends Command {
 	}
 	
 	private List<PortConfig> portConfigs = new ArrayList<PortConfig>();
+	private boolean isAppendAIp = false;	
 	
 	public SecStorageFirewallCfgCommand() {
 		
 	}
    
-    
+	public SecStorageFirewallCfgCommand(boolean isAppend) {
+    	this.isAppendAIp = isAppend;
+	} 
+	
    public void addPortConfig(String sourceIp, String port, boolean add, String intf) {
    	PortConfig pc = new PortConfig(sourceIp, port, add, intf);
    	this.portConfigs.add(pc);
    	
    }

+	public boolean getIsAppendAIp() {
+		return isAppendAIp;
+	}
+	
 	@Override
    public boolean executeInSequence() {
        return false;
--- a/console-proxy/scripts/ipfirewall.sh
+++ b/console-proxy/scripts/ipfirewall.sh
@ -15,11 +15,6 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 # 

-
-
- 
-
-
 BASE_DIR="/var/www/html/copy/"
 HTACCESS="$BASE_DIR/.htaccess"

@ -36,13 +31,18 @@ config_htaccess() {
 }

 ips(){
+  public_ip=`ip addr show eth2|grep "inet "|sed "s/^ *//"|cut -d "/" -f 1|cut -d " " -f 2`
+  ip route add $1 via $public_ip
  echo "allow from $1" >> $HTACCESS
  result=$?
  return $result
 }

-
-config_htaccess
+is_append="$1"
+shift
+if [ $is_append != "true" ]; then
+	config_htaccess
+fi
 for i in $@
 do
        ips "$i"
--- a/core/src/com/cloud/storage/resource/NfsSecondaryStorageResource.java
+++ b/core/src/com/cloud/storage/resource/NfsSecondaryStorageResource.java
@ -774,7 +774,7 @@ public class NfsSecondaryStorageResource extends ServerResourceBase implements S
 		}
 		boolean success = true;
 		String result;
-		result = configureIpFirewall(ipList);
+		result = configureIpFirewall(ipList, cmd.getIsAppendAIp());
 		if (result !=null)
 			success = false;

@ -1136,8 +1136,9 @@ public class NfsSecondaryStorageResource extends ServerResourceBase implements S
 		return result;
 	}
 	
-	private String configureIpFirewall(List<String> ipList){
-		Script command = new Script(_configIpFirewallScr);		
+	private String configureIpFirewall(List<String> ipList, boolean isAppend){
+		Script command = new Script(_configIpFirewallScr);
+		command.add(String.valueOf(isAppend));
 		for (String ip : ipList){
 			command.add(ip);
 		}		
--- a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
+++ b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
@ -400,7 +400,6 @@ public class SecondaryStorageManagerImpl implements SecondaryStorageVmManager, V
            return true;
        }
        HostVO ssAHost = _hostDao.findById(ssAHostId);
-        Long zoneId = ssAHost.getDataCenterId();
        SecondaryStorageVmVO thisSecStorageVm = _secStorageVmDao.findByInstanceName(ssAHost.getName());
        
        if (thisSecStorageVm == null) {
@ -409,16 +408,17 @@ public class SecondaryStorageManagerImpl implements SecondaryStorageVmManager, V
        }

        String copyPort = _useSSlCopy? "443" : Integer.toString(TemplateConstants.DEFAULT_TMPLT_COPY_PORT);
-        SecStorageFirewallCfgCommand cpc = new SecStorageFirewallCfgCommand();
-        SecStorageFirewallCfgCommand thiscpc = new SecStorageFirewallCfgCommand();
+        SecStorageFirewallCfgCommand thiscpc = new SecStorageFirewallCfgCommand(true);
        thiscpc.addPortConfig(thisSecStorageVm.getPublicIpAddress(), copyPort, true, TemplateConstants.DEFAULT_TMPLT_COPY_INTF);
        
        SearchCriteriaService<HostVO, HostVO> sc = SearchCriteria2.create(HostVO.class);
-        sc.addAnd(sc.getEntity().getDataCenterId(), Op.EQ, zoneId);
        sc.addAnd(sc.getEntity().getType(), Op.EQ, Host.Type.SecondaryStorageVM);
        sc.addAnd(sc.getEntity().getStatus(), Op.IN, com.cloud.host.Status.Up, com.cloud.host.Status.Connecting);
        List<HostVO> ssvms = sc.list();
        for (HostVO ssvm : ssvms) {
+        	if (ssvm.getId() == ssAHostId) {
+        		continue;
+        	}
            Answer answer = _agentMgr.easySend(ssvm.getId(), thiscpc);
            if (answer != null && answer.getResult()) {
                if (s_logger.isDebugEnabled()) {
@ -432,7 +432,15 @@ public class SecondaryStorageManagerImpl implements SecondaryStorageVmManager, V
            }
        }
        
-        Answer answer = _agentMgr.easySend(ssAHostId, cpc);
+        SecStorageFirewallCfgCommand allSSVMIpList = new SecStorageFirewallCfgCommand(false);
+        for (HostVO ssvm : ssvms) {
+        	if (ssvm.getId() == ssAHostId) {
+        		continue;
+        	}
+        	allSSVMIpList.addPortConfig(ssvm.getPublicIpAddress(), copyPort, true, TemplateConstants.DEFAULT_TMPLT_COPY_INTF);
+        }
+        
+        Answer answer = _agentMgr.easySend(ssAHostId, allSSVMIpList);
        if (answer != null && answer.getResult()) {
            if (s_logger.isDebugEnabled()) {
                s_logger.debug("Successfully programmed firewall rules into " + thisSecStorageVm.getHostName());