etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into ui-vm-affinity

This commit is contained in:
Brian Federle 2013-04-10 14:58:50 -07:00
parent e907a08fba f66b9b570f
commit b6c354a057
140 changed files with 4038 additions and 1370 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
agent/src/com/cloud/agent/AgentShell.java
View File

@ -38,12 +38,10 @@ import java.util.UUID;
import javax.naming.ConfigurationException;
import org.apache.commons.beanutils.PropertyUtils;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.log4j.Logger;
import org.apache.log4j.PropertyConfigurator;
import org.apache.log4j.xml.DOMConfigurator;
import com.cloud.agent.Agent.ExitStatus;
@ -373,6 +371,7 @@ public class AgentShell implements IAgentShell {
throw new ConfigurationException("Unable to find the guid");
}
_guid = UUID.randomUUID().toString();
_properties.setProperty("guid", _guid);
}
return true;

4
agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
View File

@ -235,14 +235,14 @@ public class ConsoleProxyResource extends ServerResourceBase implements
if (_eth1ip != null) {
params.put("private.network.device", "eth1");
} else {
s_logger.warn("WARNING: eth1ip parameter is not found!");
s_logger.info("eth1ip parameter has not been configured, assuming that we are not inside a system vm");
}
String eth2ip = (String) params.get("eth2ip");
if (eth2ip != null) {
params.put("public.network.device", "eth2");
} else {
s_logger.warn("WARNING: eth2ip parameter is not found!");
s_logger.info("eth2ip parameter is not found, assuming that we are not inside a system vm");
}
super.configure(name, params);

6
api/src/com/cloud/agent/api/to/FirewallRuleTO.java
View File

@ -23,6 +23,7 @@ import org.apache.cloudstack.api.InternalIdentity;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.FirewallRule.State;
import com.cloud.network.rules.FirewallRule.TrafficType;
import com.cloud.utils.net.NetUtils;
/**
@ -109,6 +110,11 @@ public class FirewallRuleTO implements InternalIdentity {
this(rule.getId(),srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), revokeState, alreadyAdded, purpose,rule.getSourceCidrList(),rule.getIcmpType(),rule.getIcmpCode());
}
public FirewallRuleTO(FirewallRule rule, String guestVlanTag, FirewallRule.TrafficType trafficType) {
this(rule.getId(), guestVlanTag, null, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState()==State.Revoke, rule.getState()==State.Active, rule.getPurpose(), rule.getSourceCidrList(), rule.getIcmpType(), rule.getIcmpCode());
this.trafficType = trafficType;
}
public FirewallRule.TrafficType getTrafficType(){
return trafficType;
}

197
api/src/com/cloud/api/commands/CreatePrivateNetworkCmd.java
View File

@ -1,197 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.api.commands;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCreateCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.DomainResponse;
import org.apache.cloudstack.api.response.NetworkResponse;
import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
import org.apache.cloudstack.api.response.ProjectResponse;
import org.apache.log4j.Logger;
import com.cloud.event.EventTypes;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.network.Network;
import com.cloud.user.UserContext;
//@APICommand(description="Creates a private network", responseObject=NetworkResponse.class)
public class CreatePrivateNetworkCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreatePrivateNetworkCmd.class.getName());
private static final String s_name = "createnetworkresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="the name of the network")
private String name;
@Parameter(name=ApiConstants.DISPLAY_TEXT, type=CommandType.STRING, required=true, description="the display text of the network")
private String displayText;
@Parameter(name=ApiConstants.PHYSICAL_NETWORK_ID, type=CommandType.UUID, entityType = PhysicalNetworkResponse.class,
required=true, description="the Physical Network ID the network belongs to")
private Long physicalNetworkId;
@Parameter(name=ApiConstants.GATEWAY, type=CommandType.STRING, required=true, description="the gateway of the network")
private String gateway;
@Parameter(name=ApiConstants.NETMASK, type=CommandType.STRING, required=true, description="the netmask of the network")
private String netmask;
@Parameter(name=ApiConstants.START_IP, type=CommandType.STRING, required=true, description="the beginning IP address in the network IP range")
private String startIp;
@Parameter(name=ApiConstants.END_IP, type=CommandType.STRING, description="the ending IP address in the network IP" +
" range. If not specified, will be defaulted to startIP")
private String endIp;
@Parameter(name=ApiConstants.VLAN, type=CommandType.STRING, required=true, description="the ID or VID of the network")
private String vlan;
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="account who will own the network")
private String accountName;
@Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.UUID, entityType = ProjectResponse.class,
description="an optional project for the ssh key")
private Long projectId;
@Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.UUID, entityType = DomainResponse.class,
description="domain ID of the account owning a network")
private Long domainId;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public String getGateway() {
return gateway;
}
public String getVlan() {
return vlan;
}
public String getAccountName() {
return accountName;
}
public Long getDomainId() {
return domainId;
}
public String getNetmask() {
return netmask;
}
public String getStartIp() {
return startIp;
}
public String getNetworkName() {
return name;
}
public String getDisplayText() {
return displayText;
}
public Long getProjectId() {
return projectId;
}
public long getPhysicalNetworkId() {
return physicalNetworkId;
}
public String getEndIp() {
return endIp;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public void create() throws ResourceAllocationException {
Network result = null;
try {
result = _networkService.createPrivateNetwork(getNetworkName(), getDisplayText(), getPhysicalNetworkId(), getVlan(),
getStartIp(), getEndIp(), getGateway(), getNetmask(), getEntityOwnerId(), null);
} catch (InsufficientCapacityException ex){
s_logger.info(ex);
s_logger.trace(ex);
throw new ServerApiException(ApiErrorCode.INSUFFICIENT_CAPACITY_ERROR, ex.getMessage());
} catch (ConcurrentOperationException ex) {
s_logger.warn("Exception: ", ex);
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, ex.getMessage());
}
if (result != null) {
this.setEntityId(result.getId());
this.setEntityUuid(result.getUuid());
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create a Private network");
}
}
@Override
public void execute() throws InsufficientCapacityException, ConcurrentOperationException, ResourceAllocationException{
Network result = _networkService.getNetwork(getEntityId());
if (result != null) {
NetworkResponse response = _responseGenerator.createNetworkResponse(result);
response.setResponseName(getCommandName());
this.setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create private network");
}
}
@Override
public long getEntityOwnerId() {
Long accountId = finalyzeAccountId(accountName, domainId, projectId, true);
if (accountId == null) {
return UserContext.current().getCaller().getId();
}
return accountId;
}
@Override
public String getEventType() {
return EventTypes.EVENT_NETWORK_CREATE;
}
@Override
public String getEventDescription() {
return "creating private network";
}
}

93
api/src/com/cloud/api/commands/DestroyConsoleProxyCmd.java
View File

@ -1,93 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.api.commands;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.SuccessResponse;
import org.apache.log4j.Logger;
import com.cloud.event.EventTypes;
import com.cloud.user.Account;
import com.cloud.user.UserContext;
//@APICommand(description="Destroys console proxy", responseObject=SuccessResponse.class)
public class DestroyConsoleProxyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DestroyConsoleProxyCmd.class.getName());
private static final String s_name = "destroyconsoleproxyresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name=ApiConstants.ID, type=CommandType.LONG, required=true, description="console proxy ID")
private Long id;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getId() {
return id;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public long getEntityOwnerId() {
Account account = (Account)UserContext.current().getCaller();
if (account != null) {
return account.getId();
}
return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
}
@Override
public String getEventType() {
return EventTypes.EVENT_PROXY_DESTROY;
}
@Override
public String getEventDescription() {
return "destroying console proxy: " + getId();
}
@Override
public void execute(){
boolean result = _consoleProxyService.destroyConsoleProxy(this);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
this.setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to destroy console proxy");
}
}
}

1
api/src/com/cloud/offering/NetworkOffering.java
View File

@ -46,6 +46,7 @@ public interface NetworkOffering extends InfrastructureEntity, InternalIdentity,
public final static String SystemPrivateGatewayNetworkOffering = "System-Private-Gateway-Network-Offering";
public final static String DefaultSharedNetworkOfferingWithSGService = "DefaultSharedNetworkOfferingWithSGService";
public final static String QuickCloudNoServices = "QuickCloudNoServices";
public final static String DefaultIsolatedNetworkOfferingWithSourceNatService = "DefaultIsolatedNetworkOfferingWithSourceNatService";
public final static String OvsIsolatedNetworkOfferingWithSourceNatService = "OvsIsolatedNetworkOfferingWithSourceNatService";
public final static String DefaultSharedNetworkOffering = "DefaultSharedNetworkOffering";

2
api/src/org/apache/cloudstack/api/BaseCmd.java
View File

@ -32,7 +32,6 @@ import org.apache.cloudstack.usage.UsageService;
import org.apache.log4j.Logger;
import com.cloud.configuration.ConfigurationService;
import com.cloud.consoleproxy.ConsoleProxyService;
import com.cloud.dao.EntityManager;
import com.cloud.domain.Domain;
import com.cloud.exception.ConcurrentOperationException;
@ -109,7 +108,6 @@ public abstract class BaseCmd {
@Inject public TemplateService _templateService;
@Inject public SecurityGroupService _securityGroupService;
@Inject public SnapshotService _snapshotService;
@Inject public ConsoleProxyService _consoleProxyService;
@Inject public VpcVirtualNetworkApplianceService _routerService;
@Inject public ResponseGenerator _responseGenerator;
@Inject public EntityManager _entityMgr;

2
api/src/org/apache/cloudstack/api/command/user/vmsnapshot/CreateVMSnapshotCmd.java
View File

@ -34,7 +34,7 @@ import com.cloud.user.UserContext;
import com.cloud.uservm.UserVm;
import com.cloud.vm.snapshot.VMSnapshot;
@APICommand(name = "createVMSnapshot", description = "Creates snapshot for a vm.", responseObject = VMSnapshotResponse.class)
@APICommand(name = "createVMSnapshot", description = "Creates snapshot for a vm.", responseObject = VMSnapshotResponse.class, since="4.2.0")
public class CreateVMSnapshotCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger

2
api/src/org/apache/cloudstack/api/command/user/vmsnapshot/DeleteVMSnapshotCmd.java
View File

@ -32,7 +32,7 @@ import com.cloud.user.Account;
import com.cloud.user.UserContext;
import com.cloud.vm.snapshot.VMSnapshot;
@APICommand(name="deleteVMSnapshot", description = "Deletes a vmsnapshot.", responseObject = SuccessResponse.class)
@APICommand(name="deleteVMSnapshot", description = "Deletes a vmsnapshot.", responseObject = SuccessResponse.class, since="4.2.0")
public class DeleteVMSnapshotCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger
.getLogger(DeleteVMSnapshotCmd.class.getName());

2
api/src/org/apache/cloudstack/api/command/user/vmsnapshot/ListVMSnapshotCmd.java
View File

@ -30,7 +30,7 @@ import org.apache.cloudstack.api.response.VMSnapshotResponse;
import com.cloud.vm.snapshot.VMSnapshot;
@APICommand(name="listVMSnapshot", description = "List virtual machine snapshot by conditions", responseObject = VMSnapshotResponse.class)
@APICommand(name="listVMSnapshot", description = "List virtual machine snapshot by conditions", responseObject = VMSnapshotResponse.class, since="4.2.0")
public class ListVMSnapshotCmd extends BaseListTaggedResourcesCmd {
private static final String s_name = "listvmsnapshotresponse";

2
api/src/org/apache/cloudstack/api/command/user/vmsnapshot/RevertToSnapshotCmd.java
View File

@ -37,7 +37,7 @@ import com.cloud.user.UserContext;
import com.cloud.uservm.UserVm;
import com.cloud.vm.snapshot.VMSnapshot;
@APICommand(name = "revertToSnapshot",description = "Revert VM from a vmsnapshot.", responseObject = UserVmResponse.class)
@APICommand(name = "revertToSnapshot",description = "Revert VM from a vmsnapshot.", responseObject = UserVmResponse.class, since="4.2.0")
public class RevertToSnapshotCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger
.getLogger(RevertToSnapshotCmd.class.getName());

12
api/src/org/apache/cloudstack/api/response/FirewallRuleResponse.java
View File

@ -71,6 +71,18 @@ public class FirewallRuleResponse extends BaseResponse {
@SerializedName(ApiConstants.TAGS) @Param(description="the list of resource tags associated with the rule", responseObject = ResourceTagResponse.class)
private List<ResourceTagResponse> tags;
@SerializedName(ApiConstants.VM_GUEST_IP) @Param(description="the vm ip address for the port forwarding rule")
private String destNatVmIp;
public String getDestNatVmIp() {
return destNatVmIp;
}
public void setDestNatVmIp(String destNatVmIp) {
this.destNatVmIp = destNatVmIp;
}
@Override
public String getObjectId() {

16
client/pom.xml
View File

@ -453,6 +453,22 @@
</target>
</configuration>
</execution>
<execution>
<id>process-quickcloud-spring-context</id>
<phase>process-resources</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<target if="${quickcloud}">
<echo>quickcloud</echo>
<replaceregexp
file="${basedir}/target/generated-webapp/WEB-INF/classes/applicationContext.xml"
match="com.cloud.consoleproxy.ConsoleProxyManagerImpl"
replace="com.cloud.consoleproxy.StaticConsoleProxyManager" byline="true" />
</target>
</configuration>
</execution>
</executions>
</plugin>
<!-- there are the jasypt libs requires by some of the python scripts -->

2
client/tomcatconf/applicationContext.xml.in
View File

@ -503,7 +503,7 @@
<property name="name" value="XCP Agent"/>
</bean>
<bean id="SecondaryStorageDiscoverer" class="com.cloud.storage.secondary.SecondaryStorageDiscoverer">
<bean id="SecondaryStorageDiscoverer" class="org.apache.cloudstack.storage.resource.SecondaryStorageDiscoverer">
<property name="name" value="SecondaryStorage"/>
</bean>

13
core/src/com/cloud/hypervisor/HypervisorCapabilitiesVO.java
View File

@ -62,6 +62,9 @@ public class HypervisorCapabilitiesVO implements HypervisorCapabilities {
@Column(name="max_hosts_per_cluster")
private Integer maxHostsPerCluster;
@Column(name="vm_snapshot_enabled")
private Boolean vmSnapshotEnabled;
protected HypervisorCapabilitiesVO() {
this.uuid = UUID.randomUUID().toString();
}
@ -169,7 +172,15 @@ public class HypervisorCapabilitiesVO implements HypervisorCapabilities {
this.maxHostsPerCluster = maxHostsPerCluster;
}
@Override
public Boolean getVmSnapshotEnabled() {
return vmSnapshotEnabled;
}
public void setVmSnapshotEnabled(Boolean vmSnapshotEnabled) {
this.vmSnapshotEnabled = vmSnapshotEnabled;
}
@Override
public boolean equals(Object obj) {
if (obj instanceof HypervisorCapabilitiesVO) {
return ((HypervisorCapabilitiesVO)obj).getId() == this.getId();

2
core/src/com/cloud/resource/ServerResourceBase.java
View File

@ -80,7 +80,7 @@ public abstract class ServerResourceBase implements ServerResource {
_storageNic2 = getNetworkInterface(storageNic2);
if (_privateNic == null) {
s_logger.error("Nics are not configured!");
s_logger.warn("Nics are not specified in properties file/db, will try to autodiscover");
Enumeration<NetworkInterface> nics = null;
try {

13
deps/install-non-oss.sh vendored
View File

@ -17,7 +17,6 @@
# under the License.
mvn install:install-file -Dfile=cloud-iControl.jar -DgroupId=com.cloud.com.f5 -DartifactId=icontrol -Dversion=1.0 -Dpackaging=jar
mvn install:install-file -Dfile=cloud-netscaler.jar -DgroupId=com.cloud.com.citrix -DartifactId=netscaler -Dversion=1.0 -Dpackaging=jar
mvn install:install-file -Dfile=cloud-netscaler-sdx.jar -DgroupId=com.cloud.com.citrix -DartifactId=netscaler-sdx -Dversion=1.0 -Dpackaging=jar
# From http://support.netapp.com/ (not available online, contact your support representative)
@ -25,18 +24,6 @@ mvn install:install-file -Dfile=cloud-netscaler-sdx.jar -DgroupId=com.cloud.com.
if [ -e cloud-manageontap.jar ]; then mv cloud-manageontap.jar manageontap.jar; fi
mvn install:install-file -Dfile=manageontap.jar -DgroupId=com.cloud.com.netapp -DartifactId=manageontap -Dversion=4.0 -Dpackaging=jar
# From https://my.vmware.com/group/vmware/get-download?downloadGroup=VSDK41
# Version: 4.1, Release-date: 2010-07-13, Build: 257238
if [ -e vmware-apputils.jar ]; then mv vmware-apputils.jar apputils.jar; fi
if [ -e vmware-vim.jar ]; then mv vmware-vim.jar vim.jar; fi
if [ -e vmware-vim25.jar ]; then mv vmware-vim25.jar vim25.jar; fi
mvn install:install-file -Dfile=vim25.jar -DgroupId=com.cloud.com.vmware -DartifactId=vmware-vim25 -Dversion=4.1 -Dpackaging=jar
mvn install:install-file -Dfile=apputils.jar -DgroupId=com.cloud.com.vmware -DartifactId=vmware-apputils -Dversion=4.1 -Dpackaging=jar
mvn install:install-file -Dfile=vim.jar -DgroupId=com.cloud.com.vmware -DartifactId=vmware-vim -Dversion=4.1 -Dpackaging=jar
#
# From https://my.vmware.com/group/vmware/get-download?downloadGroup=VSP510-WEBSDK-510
# Version: 5.1, Release-date: 2012-09-10, Build: 774886
mvn install:install-file -Dfile=vim25_51.jar -DgroupId=com.cloud.com.vmware -DartifactId=vmware-vim25 -Dversion=5.1 -Dpackaging=jar

2
docs/en-US/Book_Info.xml
View File

@ -27,7 +27,7 @@
<title>&PRODUCT; Guide</title>
<subtitle>Revised August 9, 2012 10:48 pm Pacific</subtitle>
<productname>Apache CloudStack</productname>
<productnumber>4.0.0-incubating</productnumber>
<productnumber>4.0.0</productnumber>
<edition>1</edition>
<pubsnumber></pubsnumber>
<abstract>

90
docs/en-US/Release_Notes.xml
View File

@ -33,7 +33,7 @@ under the License.
<para>If you run into any issues during upgrades, please feel free to ask questions on users@apache.cloudstack.org or dev@apache.cloudstack.org.</para>
<section id="upgrade-from-4.0-to-4.1">
<title>Upgrade from 4.0.x to 4.1.0</title>
<para>This section will guide you from Apache CloudStack 4.0.x versions (4.0.0-incubating, 4.0.1-incubating, and 4.0.2) to &PRODUCT; 4.1.0.</para>
<para>This section will guide you from Apache CloudStack 4.0.x versions to &PRODUCT; 4.1.0.</para>
<para>Any steps that are hypervisor-specific will be called out with a note.</para>
<warning><title>Package Structure Changes</title>
<para>The package structure for &PRODUCT; has changed significantly since the 4.0.x releases. If you've compiled your own packages, you'll notice that the package names and the number of packages has changed. This is <emphasis>not</emphasis> a bug.</para>
@ -48,32 +48,23 @@ under the License.
</listitem>
<listitem>
<para>Stop your management server or servers. Run this on all management server hosts:</para>
<programlisting># service cloud-management stop</programlisting>
<programlisting><prompt>#</prompt> service cloud-management stop</programlisting>
</listitem>
<listitem>
<para>If you are running a usage server or usage servers, stop those as well:</para>
<programlisting><prompt>#</prompt> service cloud-usage stop</programlisting>
</listitem>
<listitem>
<para>Make a backup of your MySQL database. If you run into any issues or need to roll back the upgrade, this will assist in debugging or restoring your existing environment. You'll be prompted for your password.</para>
<programlisting># mysqldump -u root -p cloud &gt; cloudstack-backup.sql</programlisting>
<programlisting><prompt>#</prompt> mysqldump -u root -p cloud &gt; cloudstack-backup.sql</programlisting>
</listitem>
<listitem>
<para>Whether you're upgrading a Red Hat/CentOS based system or Ubuntu based system, you're going to need to stop the CloudStack management server before proceeding.</para>
<programlisting language="Bash"># service cloud-management stop</programlisting>
<programlisting language="Bash"><prompt>#</prompt> service cloud-management stop</programlisting>
</listitem>
<listitem>
<para>If you have made changes to <filename>/etc/cloud/management/components.xml</filename>, you'll need to carry these over manually to the new file, <filename>/etc/cloudstack/management/componentContext.xml</filename>. This is not done automatically. (If you're unsure, we recommend making a backup of the original <filename>components.xml</filename> to be on the safe side.</para>
</listitem>
<listitem>
<note><title>For AWS API Users Only</title>
<para>This step is only necessary if you're using the AWS APIs with &PRODUCT;. If not, you can skip this step.</para>
</note>
<para>The file <filename>/etc/cloud/management/db.properties</filename> will be carried over to <filename>etc/cloudstack/management/db.properties</filename>, but the parameters for the AWS API are <emphasis>not</emphasis> carried over. You'll need to add these parameters to the new file manually:</para>
<programlisting language="Bash">
db.awsapi.username=
db.awsapi.password=
db.awsapi.host=
db.awsapi.port=
</programlisting>
<para>For the AWS API queries to work, you'll need to copy those over to <filename>/etc/cloudstack/management/db.properties</filename> (with the values you have currently).</para>
</listitem>
<listitem id="upgrade-deb-packages">
<para>If you are using Ubuntu, follow this procedure to upgrade your packages. If not, skip to step <xref linkend="upgrade-rpm-packages" />.</para>
<note><title>Community Packages</title>
@ -110,12 +101,51 @@ db.awsapi.port=
</listitem>
<listitem>
<para>Restart the agent:</para>
<programlisting language="Bash">
service cloud-agent stop
killall jsvc
service cloudstack-agent start
</programlisting>
</listitem>
<listitem>
<para>During the upgrade, <filename>log4j-cloud.xml</filename> was simply copied over, so the logs will continue to be added to <filename>/var/log/cloud/agent/agent.log</filename>. There's nothing <emphasis>wrong</emphasis> with this, but if you prefer to be consistent, you can change this by copying over the sample configuration file:</para>
<programlisting language="Bash">
cd /etc/cloudstack/agent
mv log4j-cloud.xml.dpkg-dist log4j-cloud.xml
service cloudstack-agent restart
</programlisting>
</listitem>
<listitem>
<para>Once the agent is running, you can uninstall the old cloud-* packages from your system:</para>
<programlisting language="Bash">sudo dpkg --purge cloud-agent</programlisting>
</listitem>
</orderedlist>
</listitem>
<listitem id="upgrade-rpm-packages">
<para>###</para>
<para>The package names have changed between 4.0 and 4.1, so upgrading the packages won't happen automatically with a <command>yum update</command></para>
</listitem>
<listitem id="restart-system-vms">
<para>Once you've upgraded the packages on your management servers, you'll need to restart the system VMs. Make sure port 8096 is open <!-- [FIXME, where?] --> to do this.</para>
<para>There is a script that will do this for you, all you need to do is run the script and supply the IP address for your MySQL instance and your MySQL credentials:</para>
<programlisting language="Bash"><prompt>#</prompt> nohup cloudstack-sysvmadm -d <replaceable>IP address</replaceable> -u cloud -p -a &gt; sysvm.log 2&gt;&amp;1 &amp;</programlisting>
<para>You can monitor the log for progress. The process of restarting the system VMs can take an hour or more.</para>
<programlisting language="Bash"><prompt>#</prompt> tail -f sysvm.log</programlisting>
<para>The output to <filename>sysvm.log</filename> will look something like this:</para>
<programlisting language="Bash">
Stopping and starting 1 secondary storage vm(s)...
Done stopping and starting secondary storage vm(s)
Stopping and starting 1 console proxy vm(s)...
Done stopping and starting console proxy vm(s).
Stopping and starting 4 running routing vm(s)...
Done restarting router(s).
</programlisting>
</listitem>
<listitem>
<note><title>For Xen Hosts: Copy vhd-utils</title>
<para>This step is only for CloudStack installs that are using Xen hosts.</para>
</note>
<para>Copy the file <filename>vhd-utils</filename> to <filename>/usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver</filename>.</para>
</listitem>
</orderedlist>
</section>
<section id="upgrade-from-3.0.2-to-4.0">
@ -220,11 +250,11 @@ db.awsapi.port=
</listitem>
<listitem id="stopping-usage-servers">
<para>Stop all Usage Servers if running. Run this on all Usage Server hosts.</para>
<programlisting># service cloud-usage stop</programlisting>
<programlisting language="Bash"><prompt>#</prompt> service cloud-usage stop</programlisting>
</listitem>
<listitem>
<para>Stop the Management Servers. Run this on all Management Server hosts.</para>
<programlisting># service cloud-management stop</programlisting>
<programlisting language="Bash"><prompt>#</prompt> service cloud-management stop</programlisting>
</listitem>
<listitem>
<para>On the MySQL master, take a backup of the MySQL databases. We recommend performing
@ -288,7 +318,7 @@ db.awsapi.port=
<listitem>
<para>Start the first Management Server. Do not start any other Management Server nodes
yet.</para>
<programlisting># service cloud-management start</programlisting>
<programlisting language="Bash"><prompt>#</prompt> service cloud-management start</programlisting>
<para>Wait until the databases are upgraded. Ensure that the database upgrade is complete.
After confirmation, start the other Management Servers one at a time by running the same
command on each node.</para>
@ -669,7 +699,7 @@ db.awsapi.port=
</listitem>
<listitem>
<para>Stop the Management Servers. Run this on all Management Server hosts.</para>
<programlisting># service cloud-management stop</programlisting>
<programlisting language="Bash"><prompt>#</prompt> service cloud-management stop</programlisting>
</listitem>
<listitem>
<para>On the MySQL master, take a backup of the MySQL databases. We recommend performing
@ -780,7 +810,7 @@ db.awsapi.port=
<listitem>
<para>Start the first Management Server. Do not start any other Management Server nodes
yet.</para>
<programlisting># service cloud-management start</programlisting>
<programlisting language="Bash"><prompt>#</prompt> service cloud-management start</programlisting>
<para>Wait until the databases are upgraded. Ensure that the database upgrade is complete.
You should see a message like "Complete! Done." After confirmation, start the other
Management Servers one at a time by running the same command on each node.</para>
@ -788,7 +818,7 @@ db.awsapi.port=
<listitem>
<para>Start all Usage Servers (if they were running on your previous version). Perform
this on each Usage Server host.</para>
<programlisting># service cloud-usage start</programlisting>
<programlisting language="Bash"><prompt>#</prompt> service cloud-usage start</programlisting>
</listitem>
<listitem>
<para>(KVM only) Additional steps are required for each KVM host. These steps will not
@ -856,12 +886,12 @@ db.awsapi.port=
<programlisting><prompt>#</prompt> <command>tail</command> -f <filename>sysvm.log</filename></programlisting>
<para>The content should be like the following:</para>
<programlisting>
Stopping and starting 1 secondary storage vm(s)...
Done stopping and starting secondary storage vm(s)
Stopping and starting 1 console proxy vm(s)...
Done stopping and starting console proxy vm(s).
Stopping and starting 4 running routing vm(s)...
Done restarting router(s).
Stopping and starting 1 secondary storage vm(s)...
Done stopping and starting secondary storage vm(s)
Stopping and starting 1 console proxy vm(s)...
Done stopping and starting console proxy vm(s).
Stopping and starting 4 running routing vm(s)...
Done restarting router(s).
</programlisting>
</listitem>
</orderedlist>

104
docs/en-US/add-clusters-vsphere.xml
View File

@ -71,38 +71,106 @@
<para>In Hypervisor, choose VMware.</para>
</listitem>
<listitem>
<para>Provide the following information in the dialog. The fields below make reference to
<para>Provide the following information in the dialog. The fields below make reference to the
values from vCenter.</para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/add-cluster.png"/>
</imageobject>
<textobject>
<phrase>addcluster.png: add a cluster</phrase>
</textobject>
</mediaobject>
<itemizedlist>
<listitem>
<para>Cluster Name. Enter the name of the cluster you created in vCenter. For example,
"cloud.cluster.2.2.1"</para>
<para><emphasis role="bold">Cluster Name</emphasis>: Enter the name of the cluster you
created in vCenter. For example, "cloud.cluster.2.2.1"</para>
</listitem>
<listitem>
<para>vCenter Host. Enter the hostname or IP address of the vCenter server. </para>
<para><emphasis role="bold">vCenter Username</emphasis>: Enter the username that &PRODUCT;
should use to connect to vCenter. This user must have all the administrative
privileges.</para>
</listitem>
<listitem>
<para>vCenter Username. Enter the username that &PRODUCT; should use to connect to
vCenter. This user must have all administrative privileges.</para>
<para><emphasis role="bold">CPU overcommit ratio</emphasis>: Enter the CPU overcommit
ratio for the cluster. The value you enter determines the CPU consumption of each VM in
the selected cluster. By increasing the over-provisioning ratio, more resource capacity
will be used. If no value is specified, the value is defaulted to 1, which implies no
over-provisioning is done.</para>
</listitem>
<listitem>
<para>vCenter Password. Enter the password for the user named above</para>
<para><emphasis role="bold">RAM overcommit ratio</emphasis>: Enter the RAM overcommit
ratio for the cluster. The value you enter determines the memory consumption of each VM
in the selected cluster. By increasing the over-provisioning ratio, more resource
capacity will be used. If no value is specified, the value is defaulted to 1, which
implies no over-provisioning is done.</para>
</listitem>
<listitem>
<para>vCenter Datacenter. Enter the vCenter datacenter that the cluster is in. For
example, "cloud.dc.VM".</para>
<para><emphasis role="bold">vCenter Host</emphasis>: Enter the hostname or IP address of
the vCenter server.</para>
</listitem>
<listitem>
<para><emphasis role="bold">vCenter Password</emphasis>: Enter the password for the user
named above.</para>
</listitem>
<listitem>
<para><emphasis role="bold">vCenter Datacenter</emphasis>: Enter the vCenter datacenter
that the cluster is in. For example, "cloud.dc.VM".</para>
</listitem>
<listitem>
<para><emphasis role="bold">Override Public Traffic</emphasis>: Enable this option to
override the zone-wide public traffic for the cluster you are creating.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Public Traffic vSwitch Type</emphasis>: This option is
displayed only if you enable the Override Public Traffic option. Select a desirable
switch. If the vmware.use.dvswitch global parameter is true, the default option will be
VMware vNetwork Distributed Virtual Switch.</para>
<para>If you have enabled Nexus dvSwitch in the environment, the following parameters for
dvSwitch configuration are displayed:</para>
<itemizedlist>
<listitem>
<para>Nexus dvSwitch IP Address: The IP address of the Nexus VSM appliance.</para>
</listitem>
<listitem>
<para>Nexus dvSwitch Username: The username required to access the Nexus VSM
appliance.</para>
</listitem>
<listitem>
<para>Nexus dvSwitch Password: The password associated with the username specified
above.</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><emphasis role="bold">Override Guest Traffic</emphasis>: Enable this option to
override the zone-wide guest traffic for the cluster you are creating.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Guest Traffic vSwitch Type</emphasis>: This option is
displayed only if you enable the Override Guest Traffic option. Select a desirable
switch. </para>
<para>If the vmware.use.dvswitch global parameter is true, the default option will be
VMware vNetwork Distributed Virtual Switch.</para>
<para>If you have enabled Nexus dvSwitch in the environment, the following parameters for
dvSwitch configuration are displayed:</para>
<itemizedlist>
<listitem>
<para>Nexus dvSwitch IP Address: The IP address of the Nexus VSM appliance.</para>
</listitem>
<listitem>
<para>Nexus dvSwitch Username: The username required to access the Nexus VSM
appliance.</para>
</listitem>
<listitem>
<para>Nexus dvSwitch Password: The password associated with the username specified
above.</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<mediaobject>
<imageobject>
<imagedata fileref="./images/add-cluster.png"/>
</imageobject>
<textobject>
<phrase>addcluster.png: add cluster</phrase>
</textobject>
</mediaobject>
<para>There might be a slight delay while the cluster is provisioned. It will
automatically display in the UI</para>
automatically display in the UI.</para>
</listitem>
</itemizedlist>
</listitem>

43
docs/en-US/added-API-commands-4.2.xml Normal file
View File

@ -0,0 +1,43 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="added-API-commands-4.2">
<title>Added API Commands in 4.2</title>
<itemizedlist>
<listitem>
<para>addIpToNic </para>
<para>Adds an IP address to the NIC from the guest subnet. The request parameters are: nicid,
ipaddress.</para>
<para>The response parameters are: nicid, ipaddress, networkid </para>
</listitem>
<listitem>
<para>removeIpFromNic</para>
<para> Removes the reserved IP for the NIC. The request parameters is: id.</para>
<para>The response parameters are: true, false</para>
</listitem>
<listitem>
<para>listNics</para>
<para>Lists the NIC details of the user VM; the API response also contains the Secondary IP
addresses of the NIC. The request parameters are: nicid, virtualmachineid.</para>
<para>The response parameters are: id, ipaddress, secondaryips, gateway, netmask, macaddr,
broadcasturi, isolationuri, isdefault,</para>
</listitem>
</itemizedlist>
</section>

2
docs/en-US/added-API-commands.xml
View File

@ -87,7 +87,7 @@
<entry><para>suspendProject (Suspends a project)</para></entry>
<entry><para>listProjects (Lists projects and provides detailed information for listed
projects)</para></entry>
<entry><para>addAccountToProject (Adds acoount to a project)</para></entry>
<entry><para>addAccountToProject (Adds account to a project)</para></entry>
</row>
<row>
<entry><para>deleteAccountFromProject (Deletes account from the project)</para></entry>

2
docs/en-US/aws-ec2-introduction.xml
View File

@ -45,7 +45,7 @@
<para>Available in fresh installations of &PRODUCT;. Not available through upgrade of previous versions.</para>
</listitem>
<listitem>
<para>Features such as Elastic IP (EIP) and Elastic Load Balacing (ELB) are only available in an infrastructure
<para>Features such as Elastic IP (EIP) and Elastic Load Balancing (ELB) are only available in an infrastructure
with a Citrix NetScaler device. Users accessing a Zone with a NetScaler device will need to use a
NetScaler-enabled network offering (DefaultSharedNetscalerEIP and ELBNetworkOffering).</para>
</listitem>

2
docs/en-US/building-documentation.xml
View File

@ -25,7 +25,7 @@
<section id="building-documentation">
<title>Building &PRODUCT; Documentation</title>
<para>To build a specific guide, go to the source tree of the documentation in /docs and identify the guide you want to build.</para>
<para>Currenlty there are four guides plus the release notes, all defined in publican configuration files:</para>
<para>Currently there are four guides plus the release notes, all defined in publican configuration files:</para>
<programlisting>
publican-adminguide.cfg
publican-devguide.cfg

2
docs/en-US/building-marvin.xml
View File

@ -27,7 +27,7 @@
<para>Marvin is built with Maven and is dependent on APIdoc. To build it do the following in the root tree of &PRODUCT;:</para>
<programlisting>mvn -P developer -pl :cloud-apidoc</programlisting>
<programlisting>mvn -P developer -pl :cloud-marvin</programlisting>
<para>If successfull the build will have created the cloudstackAPI Python package under tools/marvin/marvin/cloudstackAPI as well as a gziped Marvin package under tools/marvin dist. To install the Python Marvin module do the following in tools/marvin:</para>
<para>If successful the build will have created the cloudstackAPI Python package under tools/marvin/marvin/cloudstackAPI as well as a gziped Marvin package under tools/marvin dist. To install the Python Marvin module do the following in tools/marvin:</para>
<programlisting>sudo python ./setup.py install</programlisting>
<para>The dependencies will be downloaded the Python module installed and you should be able to use Marvin in Python. Check that you can import the module before starting to use it.</para>
<programlisting>$ python

2
docs/en-US/building-translation.xml
View File

@ -52,7 +52,7 @@
how to <ulink url="http://rlandmann.fedorapeople.org/pug/sect-Users_Guide-Preparing_a_document_for_translation.html">prepare</ulink> a document for translation.</para>
<para>The basic command to execute to build the pot files for the developer guide is:</para>
<programlisting>publican update_pot --config=publican-devguide.cfg</programlisting>
<para>This will create a pot directory with pot files in it, one for each corresponding xml files needed to build the guide. Once genereated, all pots files need to be configured for translation using transifex this is best done by using the transifex client that you can install with the following command (For RHEL and its derivatives):</para>
<para>This will create a pot directory with pot files in it, one for each corresponding xml files needed to build the guide. Once generated, all pots files need to be configured for translation using transifex this is best done by using the transifex client that you can install with the following command (For RHEL and its derivatives):</para>
<programlisting>yum install transifex-client</programlisting>
<para>The transifex client is also available via PyPi and you can install it like this:</para>
<programlisting>easy_install transifex-client</programlisting>

2
docs/en-US/change-console-proxy-ssl-certificate-domain.xml
View File

@ -32,7 +32,7 @@
<listitem><para>Generate a new 2048-bit private key</para><programlisting>openssl genrsa -des3 -out yourprivate.key 2048</programlisting></listitem>
<listitem><para>Generate a new certificate CSR</para><programlisting>openssl req -new -key yourprivate.key -out yourcertificate.csr</programlisting></listitem>
<listitem><para>Head to the website of your favorite trusted Certificate Authority, purchase an SSL certificate, and submit the CSR. You should receive a valid certificate in return</para></listitem>
<listitem><para>Convert your private key format into PKCS#8 encrypted format.</para><programlisting>openssl pkcs8 -topk8 -in yourprivate.key -out yourprivate.pkcs8.encryped.key</programlisting></listitem>
<listitem><para>Convert your private key format into PKCS#8 encrypted format.</para><programlisting>openssl pkcs8 -topk8 -in yourprivate.key -out yourprivate.pkcs8.encrypted.key</programlisting></listitem>
<listitem><para>Convert your PKCS#8 encrypted private key into the PKCS#8 format that is compliant with &PRODUCT;</para><programlisting>openssl pkcs8 -in yourprivate.pkcs8.encrypted.key -out yourprivate.pkcs8.key</programlisting></listitem>
</orderedlist>
</listitem>

2
docs/en-US/citrix-xenserver-installation.xml
View File

@ -62,7 +62,7 @@
support any system that is not up to date with patches.</para>
</listitem>
<listitem>
<para>All hosts within a cluster must be homogenous. The CPUs must be of the same type,
<para>All hosts within a cluster must be homogeneous. The CPUs must be of the same type,
count, and feature flags.</para>
</listitem>
<listitem>

2
docs/en-US/configure-package-repository.xml
View File

@ -33,7 +33,7 @@
If you didn't follow the steps to build your own packages from source
in the sections for <xref linkend="sect-source-buildrpm" /> or
<xref linkend="sect-source-builddebs" /> you may find pre-built
DEB and RPM packages for your convience linked from the
DEB and RPM packages for your convenience linked from the
<ulink url="http://cloudstack.apache.org/downloads.html">downloads</ulink>
page.
</para>

2
docs/en-US/configure-vpn.xml
View File

@ -29,7 +29,7 @@
<listitem><para>In the left navigation, click Global Settings.</para></listitem>
<listitem><para>Set the following global configuration parameters.</para>
<itemizedlist>
<listitem><para>remote.access.vpn.client.ip.range The range of IP addressess to be allocated to remote access VPN clients. The first IP in the range is used by the VPN server.</para></listitem>
<listitem><para>remote.access.vpn.client.ip.range The range of IP addresses to be allocated to remote access VPN clients. The first IP in the range is used by the VPN server.</para></listitem>
<listitem><para>remote.access.vpn.psk.length Length of the IPSec key.</para></listitem>
<listitem><para>remote.access.vpn.user.limit Maximum number of VPN users per account.</para></listitem>
</itemizedlist></listitem></orderedlist>

2
docs/en-US/console-proxy.xml
View File

@ -95,7 +95,7 @@
</listitem>
<listitem>
<para>Convert your private key format into PKCS#8 encrypted format.</para>
<programlisting>openssl pkcs8 -topk8 -in yourprivate.key -out yourprivate.pkcs8.encryped.key</programlisting>
<programlisting>openssl pkcs8 -topk8 -in yourprivate.key -out yourprivate.pkcs8.encrypted.key</programlisting>
</listitem>
<listitem>
<para>Convert your PKCS#8 encrypted private key into the PKCS#8 format that is compliant

2
docs/en-US/hypervisor-host-install-libvirt.xml
View File

@ -28,7 +28,7 @@
<orderedlist>
<listitem>
<para>In order to have live migration working libvirt has to listen for unsecured TCP connections. We also need to turn off libvirts attempt to use Multicast DNS advertising. Both of these settings are in <filename>/etc/libvirt/libvirtd.conf</filename></para>
<para>Set the following paramaters:</para>
<para>Set the following parameters:</para>
<programlisting>listen_tls = 0</programlisting>
<programlisting>listen_tcp = 1</programlisting>
<programlisting>tcp_port = "16509"</programlisting>

2
docs/en-US/hypervisor-host-install-network-openvswitch.xml
View File

@ -69,7 +69,7 @@
we can proceed to configuring the network.</para>
<para>First we configure eth0</para>
<programlisting language="Bash">vi /etc/sysconfig/network-scripts/ifcfg-eth0</programlisting>
<para>Make sure it looks similair to:</para>
<para>Make sure it looks similar to:</para>
<programlisting><![CDATA[DEVICE=eth0
HWADDR=00:04:xx:xx:xx:xx
ONBOOT=yes

4
docs/en-US/hypervisor-host-install-network.xml
View File

@ -50,7 +50,7 @@
<para>The required packages were installed when libvirt was installed, we can proceed to configuring the network.</para>
<para>First we configure eth0</para>
<programlisting language="Bash">vi /etc/sysconfig/network-scripts/ifcfg-eth0</programlisting>
<para>Make sure it looks similair to:</para>
<para>Make sure it looks similar to:</para>
<programlisting><![CDATA[DEVICE=eth0
HWADDR=00:04:xx:xx:xx:xx
ONBOOT=yes
@ -89,7 +89,7 @@ VLAN=yes
BRIDGE=cloudbr1]]></programlisting>
<para>Now we have the VLAN interfaces configured we can add the bridges on top of them.</para>
<programlisting language="Bash">vi /etc/sysconfig/network-scripts/ifcfg-cloudbr0</programlisting>
<para>Now we just configure it is a plain bridge without an IP-Adress</para>
<para>Now we just configure it is a plain bridge without an IP-Address</para>
<programlisting><![CDATA[DEVICE=cloudbr0
TYPE=Bridge
ONBOOT=yes

BIN
docs/en-US/images/add-cluster.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 45 KiB

After

Width:  |  Height:  |  Size: 35 KiB

BIN
docs/en-US/images/dvswitch-config.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 41 KiB

BIN
docs/en-US/images/dvswitchconfig.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 38 KiB

2
docs/en-US/management-server-install-prepare-os.xml
View File

@ -30,7 +30,7 @@
<listitem>
<para>Check for a fully qualified hostname.</para>
<programlisting language="Bash">hostname --fqdn</programlisting>
<para>This should return a fully qualified hostname such as "managament1.lab.example.org". If it does not, edit /etc/hosts so that it does.</para>
<para>This should return a fully qualified hostname such as "management1.lab.example.org". If it does not, edit /etc/hosts so that it does.</para>
</listitem>
<listitem>
<para>Make sure that the machine can reach the Internet.</para>

2
docs/en-US/management-server-lb.xml
View File

@ -58,7 +58,7 @@
</tbody>
</tgroup>
</informaltable>
<para>In addition to above settings, the adminstrator is responsible for setting the 'host' global
<para>In addition to above settings, the administrator is responsible for setting the 'host' global
config value from the management server IP to load balancer virtual IP address.
If the 'host' value is not set to the VIP for Port 8250 and one of your management servers crashes,
the UI is still available but the system VMs will not be able to contact the management server.

2
docs/en-US/minimum-system-requirements.xml
View File

@ -57,7 +57,7 @@
<listitem><note><para>If DHCP is used for hosts, ensure that no conflict occurs between DHCP server used for these hosts and the DHCP router created by &PRODUCT;.</para></note></listitem>
<listitem><para>Latest hotfixes applied to hypervisor software</para></listitem>
<listitem><para>When you deploy &PRODUCT;, the hypervisor host must not have any VMs already running</para></listitem>
<listitem><para>All hosts within a cluster must be homogenous. The CPUs must be of the same type, count, and feature flags.</para></listitem>
<listitem><para>All hosts within a cluster must be homogeneous. The CPUs must be of the same type, count, and feature flags.</para></listitem>
</itemizedlist>
<para>Hosts have additional requirements depending on the hypervisor. See the requirements listed at the top of the Installation section for your chosen hypervisor:</para>
<warning>

91
docs/en-US/multiple-ip-nic.xml Normal file
View File

@ -0,0 +1,91 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="multiple-ip-nic">
<title>Configuring Multiple IP Addresses on a Single NIC</title>
<para>&PRODUCT; now provides you the ability to associate multiple private IP addresses per guest
VM NIC. This feature is supported on all the network configurations&mdash;Basic, Advanced, and
VPC. Security Groups, Static NAT and Port forwarding services are supported on these additional
IPs. In addition to the primary IP, you can assign additional IPs to the guest VM NIC. Up to 256
IP addresses are allowed per NIC.</para>
<para>As always, you can specify an IP from the guest subnet; if not specified, an IP is
automatically picked up from the guest VM subnet. You can view the IPs associated with for each
guest VM NICs on the UI. You can apply NAT on these additional guest IPs by using firewall
configuration in the &PRODUCT; UI. You must specify the NIC to which the IP should be
associated.</para>
<para>This feature is supported on XenServer, KVM, and VMware hypervisors.</para>
<note>
<para>You need to configure the secondary IP address on the guest VM. &PRODUCT; will
not configure the acquired IP address on the VM. Ensure that you assign IPs to NIC each
time the VM reboots.</para>
</note>
<para>Some of the use cases are described below:</para>
<itemizedlist>
<listitem>
<para>Building network appliances: Network appliances, such as firewalls and load balancers,
generally work best when they have access to multiple IP addresses on the network
interface.</para>
</listitem>
<listitem>
<para>Moving private IP addresses between interfaces or instances. Applications that are bound
to specific IP addresses can be moved between instances. </para>
</listitem>
<listitem>
<para>Hosting multiple SSL Websites on a single instance. You can install multiple SSL
certificates on a single instance, each associated with a distinct IP address.</para>
</listitem>
</itemizedlist>
<section id="workflow-rn">
<title>Assigning Additional IPs to a VM</title>
<orderedlist>
<listitem>
<para>Log in to the &PRODUCT; UI.</para>
</listitem>
<listitem>
<para>In the left navigation bar, click Instances.</para>
</listitem>
<listitem>
<para>Click the name of the instance you want to work with.</para>
</listitem>
<listitem>
<para>In the Details tab, click NICs.</para>
</listitem>
<listitem>
<para>Click View All.</para>
</listitem>
<listitem>
<para>Click Acquire New IP, and click Yes in the confirmation dialog.</para>
<para>You are prompted for confirmation because, typically, IP addresses are a limited
resource. Within a few moments, the new IP address should appear with the state Allocated.
You can now use the IP address in Port Forwarding or StaticNAT rules.</para>
</listitem>
</orderedlist>
</section>
<section id="caveats">
<title>Port Forwarding and StaticNAT Services Changes</title>
<para>Because multiple IPs can be associated per NIC, you are allowed to select a desired IP for
the Port Forwarding and StaticNAT services. The default is the primary IP. To enable this
functionality, an extra optional parameter 'vmguestip' is added to the Port forwarding and
StaticNAT APIs (enableStaticNat, createIpForwardingRule) to indicate on what IP address NAT
need to be configured. If vmguestip is passed, NAT is configured on the specified private IP
of the VM. if not passed, NAT is configured on the primary IP of the VM.</para>
</section>
</section>

1
docs/en-US/networks.xml
View File

@ -32,6 +32,7 @@
xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="using-multiple-guest-networks.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="reserved-ip-addresses-non-csvms.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="multiple-ip-nic.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="security-groups.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="external-firewalls-and-load-balancers.xml"
xmlns:xi="http://www.w3.org/2001/XInclude"/>

2
docs/en-US/translating-documentation.xml
View File

@ -32,7 +32,7 @@
<listitem><para>Using the Transifex client and pushing your translated strings to the website.</para></listitem>
</itemizedlist>
</para>
<para>Once a translation is complete, a site admin will pull the translated strings within the &PRODUCT; repository, build the documenation and publish it.</para>
<para>Once a translation is complete, a site admin will pull the translated strings within the &PRODUCT; repository, build the documentation and publish it.</para>
<para>For instructions on how to use the Transifex website see <ulink url="http://sebgoa.blogspot.ch/2012/11/translating-apache-cloudstack-docs-with.html">http://sebgoa.blogspot.ch/2012/11/translating-apache-cloudstack-docs-with.html</ulink></para>
<para>For instructions on how to use the Transifex client to translate from the command line see <ulink url="http://sebgoa.blogspot.ch/2012/12/using-transifex-client-to-translate.html">http://sebgoa.blogspot.ch/2012/12/using-transifex-client-to-translate.html</ulink></para>
</section>

2
docs/en-US/using-sshkeys.xml
View File

@ -92,7 +92,7 @@ KfEEuzcCUIxtJYTahJ1pvlFkQ8anpuxjSEDp8x/18bq3
<para>After you save the SSH keypair file, you must create an instance by using the template that you created at <xref linkend="create-ssh-template"/>. Ensure that you use the same SSH key name that you created at <xref linkend="create-ssh-keypair"/>.</para>
<note><para>You cannot create the instance by using the GUI at this time and associate the instance with the newly created SSH keypair.</para></note>
<para>A sample curl command to create a new instance is:</para>
<programlisting>curl --globoff http://localhost:&lt;port numbet&gt;/?command=deployVirtualMachine\&amp;zoneId=1\&amp;serviceOfferingId=18727021-7556-4110-9322-d625b52e0813\&amp;templateId=e899c18a-ce13-4bbf-98a9-625c5026e0b5\&amp;securitygroupids=ff03f02f-9e3b-48f8-834d-91b822da40c5\&amp;account=admin\&amp;domainid=1\&amp;keypair=keypair-doc</programlisting>
<programlisting>curl --globoff http://localhost:&lt;port number&gt;/?command=deployVirtualMachine\&amp;zoneId=1\&amp;serviceOfferingId=18727021-7556-4110-9322-d625b52e0813\&amp;templateId=e899c18a-ce13-4bbf-98a9-625c5026e0b5\&amp;securitygroupids=ff03f02f-9e3b-48f8-834d-91b822da40c5\&amp;account=admin\&amp;domainid=1\&amp;keypair=keypair-doc</programlisting>
<para>Substitute the template, service offering and security group IDs (if you are using the security group feature) that are in your cloud environment.</para>
</section>
<section id="logging-in-ssh">

193
docs/en-US/vmware-cluster-config-dvswitch.xml Normal file
View File

@ -0,0 +1,193 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="vmware-cluster-config-dvswitch">
<title>Configuring a vSphere Cluster with VMware Distributed Virtual Switch</title>
<para>&PRODUCT;supports VMware vNetwork Distributed Switch (VDS) for virtual network configuration
in a VMware vSphere environment. This section helps you configure VMware VDS in a &PRODUCT;
deployment. Each vCenter server instance can support up to 128 VDS instances and each VDS
instance can manage up to 500 VMware hosts.</para>
<section id="about-dvswitch">
<title>About VMware Distributed Virtual Switch</title>
<para>VMware VDS is an aggregation of host-level virtual switches on a VMware vCenter server.
VDS abstracts the configuration of individual virtual switches that span across a large number
of hosts, and enables centralized provisioning, administration, and monitoring for your entire
datacenter from a centralized interface. In effect, a VDS acts as a single virtual switch at
the datacenter level and manages networking for a number of hosts in a datacenter from a
centralized VMware vCenter server. Each VDS maintains network runtime state for VMs as they
move across multiple hosts, enabling inline monitoring and centralized firewall services. A
VDS can be deployed with or without Virtual Standard Switch and a Nexus 1000V virtual
switch.</para>
</section>
<section id="prereq-dvswitch">
<title>Prerequisites and Guidelines</title>
<itemizedlist>
<listitem>
<para>Do not attempt to configure VDS by altering VMware traffic label when configuring
physical networks. This will only work for Standard Virtual Switch and should not be
distributed.</para>
</listitem>
<listitem>
<para>VMware VDS does not support multiple VDS per traffic type. If a user has many VDS
switches, only one can be used for Guest traffic and another one for Public
traffic.</para>
</listitem>
<listitem>
<para>Management and Storage network does not support VDS. Therefore, use Standard Switch
for these networks.</para>
</listitem>
</itemizedlist>
</section>
<section id="enable-dvswitch">
<title>Enabling Virtual Distributed Switch in &PRODUCT;</title>
<para>To make a &PRODUCT; deployment VDS enabled, set the vmware.use.dvswitch parameter to true
by using the Global Settings page in the &PRODUCT; UI and restart the Management Server.
Unless you enable the vmware.use.dvswitch parameter, you cannot see any UI options specific to
VDS, and &PRODUCT; ignores the VDS-specific parameters given in the AddClusterCmd API call.
Additionally, &PRODUCT; uses VDS for virtual network infrastructure if the value of
vmware.use.dvswitch parameter is true and the value of vmware.use.nexus.dvswitch parameter is
false.</para>
<para>&PRODUCT; supports orchestration of virtual networks in a deployment with a mix of Virtual
Distributed Switch, Standard Virtual Switch and Nexus 1000v Virtual Switch. </para>
</section>
<section id="config-dvswitch">
<title>Configuring Distributed Virtual Switch in &PRODUCT;</title>
<para>You can configure VDS by adding the necessary resources while a zone is created.</para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/dvSwitch-config.png"/>
</imageobject>
<textobject>
<phrase>dvSwitchConfig.png: Configuring dvSwitch</phrase>
</textobject>
</mediaobject>
<para>Alternatively, you can create an additional cluster with VDS enabled in the existing zone.
Use the Add Cluster option. For information as given in <xref linkend="add-clusters-vsphere"
/>.</para>
<para>In both these cases, you must specify the following parameters to configure VDS:</para>
<informaltable frame="all">
<tgroup cols="2" align="left" colsep="1" rowsep="1">
<colspec colname="c1"/>
<colspec colname="c2"/>
<thead>
<row>
<entry><para>Parameters</para></entry>
<entry><para>Description</para></entry>
</row>
</thead>
<tbody>
<row>
<entry><para>Cluster Name</para></entry>
<entry><para>Enter the name of the cluster you created in vCenter. For example,
&quot;cloud.cluster&quot;.</para></entry>
</row>
<row>
<entry><para>vCenter Host</para></entry>
<entry><para>Enter the name or the IP address of the vCenter host where you have deployed the VMware
VDS.</para></entry>
</row>
<row>
<entry><para>vCenter User name</para></entry>
<entry><para>Enter the username that &PRODUCT; should use to connect to vCenter. This
user must have all administrative privileges.</para></entry>
</row>
<row>
<entry><para>vCenter Password</para></entry>
<entry><para>Enter the password for the user named above.</para></entry>
</row>
<row>
<entry><para>vCenter Datacenter</para></entry>
<entry><para>Enter the vCenter datacenter that the cluster is in. For example,
&quot;cloud.dc.VM&quot;.</para></entry>
</row>
<row>
<entry><para>Override Public Traffic</para></entry>
<entry><para>Enable this option to override the zone-wide public traffic for the cluster
you are creating. </para></entry>
</row>
<row>
<entry><para>Public Traffic vSwitch Type</para></entry>
<entry><para>This option is displayed only if you enable the Override Public Traffic
option. Select VMware vNetwork Distributed Virtual Switch. </para>
<para>If the vmware.use.dvswitch global parameter is true, the default option will be
VMware vNetwork Distributed Virtual Switch.</para></entry>
</row>
<row>
<entry><para>Public Traffic vSwitch Name</para></entry>
<entry><para>Name of virtual switch to be used for the public traffic.</para></entry>
</row>
<row>
<entry><para>Override Guest Traffic</para></entry>
<entry><para>Enable the option to override the zone-wide guest traffic for the cluster
you are creating.</para></entry>
</row>
<row>
<entry><para>Guest Traffic vSwitch Type</para></entry>
<entry><para>This option is displayed only if you enable the Override Guest Traffic
option. Select VMware vNetwork Distributed Virtual Switch. </para>
<para>If the vmware.use.dvswitch global parameter is true, the default option will be
VMware vNetwork Distributed Virtual Switch.</para></entry>
</row>
<row>
<entry><para>Guest Traffic vSwitch Name</para></entry>
<entry><para>Name of virtual switch to be used for guest traffic.</para></entry>
</row>
</tbody>
</tgroup>
</informaltable>
</section>
<section id="vmware-dvswitch-remove">
<title>Removing VMware Virtual Switch</title>
<orderedlist>
<listitem>
<para>In the vCenter datacenter that is served by the VDS, ensure that you delete all the
hosts in the corresponding cluster.</para>
</listitem>
<listitem>
<para>Log in with Admin permissions to the &PRODUCT; administrator UI.</para>
</listitem>
<listitem>
<para>In the left navigation bar, select Infrastructure.</para>
</listitem>
<listitem>
<para>In the Infrastructure page, click View all under Clusters.</para>
</listitem>
<listitem>
<para>Select the cluster where you want to remove the virtual switch.</para>
</listitem>
<listitem>
<para>In the VMware dvSwitch tab, click the name of the virtual switch.</para>
</listitem>
<listitem>
<para> In the Details page, click Delete VMware dvSwitch icon. <inlinemediaobject>
<imageobject>
<imagedata fileref="./images/delete-button.png"/>
</imageobject>
<textobject>
<phrase>DeleteButton.png: button to delete dvSwitch</phrase>
</textobject>
</inlinemediaobject>
</para>
<para>Click Yes in the confirmation dialog box.</para>
</listitem>
</orderedlist>
</section>
</section>

513
docs/en-US/vmware-install.xml
View File

@ -327,282 +327,439 @@ esxcfg-firewall -o 59000-60000,tcp,out,vncextras
guide.</para>
</section>
</section>
<!-- <section id="vmware-vsphere-cluster-config-nexus-vswitch">
<section id="vmware-vsphere-cluster-config-nexus-vswitch">
<title>Configuring a vSphere Cluster with Nexus 1000v Virtual Switch</title>
<para>&PRODUCT; supports Cisco Nexus 1000v dvSwitch (Distributed Virtual Switch) for virtual network configuration in a VMware vSphere environment. This section helps you configure a vSphere cluster with Nexus 1000v virtual switch in a VMware vCenter environment. For information on creating a vSphere cluster, see <xref linkend="vmware-install" /></para>
<para>&PRODUCT; supports Cisco Nexus 1000v dvSwitch (Distributed Virtual Switch) for virtual
network configuration in a VMware vSphere environment. This section helps you configure a
vSphere cluster with Nexus 1000v virtual switch in a VMware vCenter environment. For
information on creating a vSphere cluster, see <xref linkend="vmware-install"/></para>
<section id="vmware-vsphere-cluster-config-nexus-vswitch-about">
<title>About Cisco Nexus 1000v Distributed Virtual Switch</title>
<para>The Cisco Nexus 1000V virtual switch is a software-based virtual machine access switch for VMware vSphere environments. It can span multiple hosts running VMware ESXi 4.0 and later. A Nexus virtual switch consists of two components: the Virtual Supervisor Module (VSM) and the Virtual Ethernet Module (VEM). The VSM is a virtual appliance that acts as the switch&apos;s supervisor. It controls multiple VEMs as a single network device. The VSM is installed independent of the VEM and is deployed in redundancy mode as pairs or as a standalone appliance. The VEM is installed on each VMware ESXi server to provide packet-forwarding capability. It provides each virtual machine with dedicated switch ports. This VSM-VEM architecture is analogous to a physical Cisco switch&apos;s supervisor (standalone or configured in high-availability mode) and multiple linecards architecture.</para>
<para>Nexus 1000v switch uses vEthernet port profiles to simplify network provisioning for virtual machines. There are two types of port profiles: Ethernet port profile and vEthernet port profile. The Ethernet port profile is applied to the physical uplink ports-the NIC ports of the physical NIC adapter on an ESXi server. The vEthernet port profile is associated with the virtual NIC (vNIC) that is plumbed on a guest VM on the ESXi server. The port profiles help the network administrators define network policies which can be reused for new virtual machines. The Ethernet port profiles are created on the VSM and are represented as port groups on the vCenter server.</para>
<title>About Cisco Nexus 1000v Distributed Virtual Switch</title>
<para>The Cisco Nexus 1000V virtual switch is a software-based virtual machine access switch
for VMware vSphere environments. It can span multiple hosts running VMware ESXi 4.0 and
later. A Nexus virtual switch consists of two components: the Virtual Supervisor Module
(VSM) and the Virtual Ethernet Module (VEM). The VSM is a virtual appliance that acts as the
switch&apos;s supervisor. It controls multiple VEMs as a single network device. The VSM is
installed independent of the VEM and is deployed in redundancy mode as pairs or as a
standalone appliance. The VEM is installed on each VMware ESXi server to provide
packet-forwarding capability. It provides each virtual machine with dedicated switch ports.
This VSM-VEM architecture is analogous to a physical Cisco switch&apos;s supervisor
(standalone or configured in high-availability mode) and multiple linecards
architecture.</para>
<para>Nexus 1000v switch uses vEthernet port profiles to simplify network provisioning for
virtual machines. There are two types of port profiles: Ethernet port profile and vEthernet
port profile. The Ethernet port profile is applied to the physical uplink ports-the NIC
ports of the physical NIC adapter on an ESXi server. The vEthernet port profile is
associated with the virtual NIC (vNIC) that is plumbed on a guest VM on the ESXi server. The
port profiles help the network administrators define network policies which can be reused
for new virtual machines. The Ethernet port profiles are created on the VSM and are
represented as port groups on the vCenter server.</para>
</section>
<section id="vmware-vsphere-cluster-config-nexus-vswitch-prerequisite-guide">
<title>Prerequisites and Guidelines</title>
<para>This section discusses prerequisites and guidelines for using Nexus virtual switch in &PRODUCT;. Before configuring Nexus virtual switch, ensure that your system meets the following requirements:</para>
<itemizedlist>
<listitem><para>A cluster of servers (ESXi 4.1 or later) is configured in the vCenter.</para></listitem>
<listitem><para>Each cluster managed by &PRODUCT; is the only cluster in its vCenter datacenter.</para></listitem>
<listitem><para>A Cisco Nexus 1000v virtual switch is installed to serve the datacenter that contains the vCenter cluster. This ensures that &PRODUCT; doesn&apos;t have to deal with dynamic migration of virtual adapters or networks across other existing virtual switches. See <ulink url="http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_5_1/install_upgrade/vsm_vem/guide/n1000v_installupgrade.html">Cisco Nexus 1000V Installation and Upgrade Guide</ulink> for guidelines on how to install the Nexus 1000v VSM and VEM modules.</para></listitem>
<listitem><para>The Nexus 1000v VSM is not deployed on a vSphere host that is managed by &PRODUCT;.</para></listitem>
<listitem><para>When the maximum number of VEM modules per VSM instance is reached, an additional VSM instance is created before introducing any more ESXi hosts. The limit is 64 VEM modules for each VSM instance.</para></listitem>
<listitem><para>&PRODUCT; expects that the Management Network of the ESXi host is configured on the standard vSwitch and searches for it in the standard vSwitch. Therefore, ensure that you do not migrate the management network to Nexus 1000v virtual switch during configuration.</para></listitem>
<listitem><para>All information given in <xref linkend="vmware-vsphere-cluster-config-nexus-vswitch-preconfig" /></para></listitem>
</itemizedlist>
<title>Prerequisites and Guidelines</title>
<para>This section discusses prerequisites and guidelines for using Nexus virtual switch in
&PRODUCT;. Before configuring Nexus virtual switch, ensure that your system meets the
following requirements:</para>
<itemizedlist>
<listitem>
<para>A cluster of servers (ESXi 4.1 or later) is configured in the vCenter.</para>
</listitem>
<listitem>
<para>Each cluster managed by &PRODUCT; is the only cluster in its vCenter
datacenter.</para>
</listitem>
<listitem>
<para>A Cisco Nexus 1000v virtual switch is installed to serve the datacenter that
contains the vCenter cluster. This ensures that &PRODUCT; doesn&apos;t have to deal with
dynamic migration of virtual adapters or networks across other existing virtual
switches. See <ulink
url="http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_5_1/install_upgrade/vsm_vem/guide/n1000v_installupgrade.html"
>Cisco Nexus 1000V Installation and Upgrade Guide</ulink> for guidelines on how to
install the Nexus 1000v VSM and VEM modules.</para>
</listitem>
<listitem>
<para>The Nexus 1000v VSM is not deployed on a vSphere host that is managed by
&PRODUCT;.</para>
</listitem>
<listitem>
<para>When the maximum number of VEM modules per VSM instance is reached, an additional
VSM instance is created before introducing any more ESXi hosts. The limit is 64 VEM
modules for each VSM instance.</para>
</listitem>
<listitem>
<para>&PRODUCT; expects that the Management Network of the ESXi host is configured on the
standard vSwitch and searches for it in the standard vSwitch. Therefore, ensure that you
do not migrate the management network to Nexus 1000v virtual switch during
configuration.</para>
</listitem>
<listitem>
<para>All information given in <xref
linkend="vmware-vsphere-cluster-config-nexus-vswitch-preconfig"/></para>
</listitem>
</itemizedlist>
</section>
<section id="vmware-vsphere-cluster-config-nexus-vswitch-preconfig">
<title>Nexus 1000v Virtual Switch Preconfiguration</title>
<section id="vmware-vsphere-cluster-config-nexus-vswitch-preconfig-checklist">
<title>Nexus 1000v Virtual Switch Preconfiguration</title>
<section id="vmware-vsphere-cluster-config-nexus-vswitch-preconfig-checklist">
<title>Preparation Checklist</title>
<para>For a smoother configuration of Nexus 1000v switch, gather the following information before you start:</para>
<para>For a smoother configuration of Nexus 1000v switch, gather the following information
before you start:</para>
<itemizedlist>
<listitem><para>vCenter Credentials</para></listitem>
<listitem><para>Nexus 1000v VSM IP address</para></listitem>
<listitem><para>Nexus 1000v VSM Credentials</para></listitem>
<listitem><para>Ethernet port profile names</para></listitem>
<listitem>
<para>vCenter Credentials</para>
</listitem>
<listitem>
<para>Nexus 1000v VSM IP address</para>
</listitem>
<listitem>
<para>Nexus 1000v VSM Credentials</para>
</listitem>
<listitem>
<para>Ethernet port profile names</para>
</listitem>
</itemizedlist>
<section id="vmware-vsphere-cluster-config-nexus-vswitch-vcenter-credential-checklist">
<title>vCenter Credentials Checklist</title>
<para>You will need the following information about vCenter:</para>
<informaltable frame="all">
<title>vCenter Credentials Checklist</title>
<para>You will need the following information about vCenter:</para>
<informaltable frame="all">
<tgroup cols="3" align="left" colsep="1" rowsep="1">
<colspec colname="c1" />
<colspec colname="c2" />
<colspec colname="c3" />
<thead>
<colspec colname="c1"/>
<colspec colname="c2"/>
<colspec colname="c3"/>
<thead>
<row>
<entry><para>Nexus vSwitch Requirements</para></entry>
<entry><para>Value</para></entry>
<entry><para>Notes</para></entry>
<entry><para>Nexus vSwitch Requirements</para></entry>
<entry><para>Value</para></entry>
<entry><para>Notes</para></entry>
</row>
</thead>
<tbody>
</thead>
<tbody>
<row>
<entry><para>vCenter IP</para></entry>
<entry><para></para></entry>
<entry><para>The IP address of the vCenter.</para></entry>
<entry><para>vCenter IP</para></entry>
<entry><para/></entry>
<entry><para>The IP address of the vCenter.</para></entry>
</row>
<row>
<entry><para>Secure HTTP Port Number</para></entry>
<entry><para>443</para></entry>
<entry><para>Port 443 is configured by default; however, you can change the port if needed.</para></entry>
<entry><para>Secure HTTP Port Number</para></entry>
<entry><para>443</para></entry>
<entry><para>Port 443 is configured by default; however, you can change the port
if needed.</para></entry>
</row>
<row>
<entry><para>vCenter User ID</para></entry>
<entry><para></para></entry>
<entry><para>The vCenter user with administrator-level privileges. The vCenter User ID is required when you configure the virtual switch in &PRODUCT;.</para></entry>
<entry><para>vCenter User ID</para></entry>
<entry><para/></entry>
<entry><para>The vCenter user with administrator-level privileges. The vCenter
User ID is required when you configure the virtual switch in
&PRODUCT;.</para></entry>
</row>
<row>
<entry><para>vCenter Password</para></entry>
<entry><para></para></entry>
<entry><para>The password for the vCenter user specified above. The password for this vCenter user is required when you configure the switch in &PRODUCT;.</para></entry>
<entry><para>vCenter Password</para></entry>
<entry><para/></entry>
<entry><para>The password for the vCenter user specified above. The password for
this vCenter user is required when you configure the switch in
&PRODUCT;.</para></entry>
</row>
</tbody>
</tbody>
</tgroup>
</informaltable>
</informaltable>
</section>
<section id="vmware-vsphere-cluster-config-nexus-vswitch-net-config-checklist">
<title>Network Configuration Checklist</title>
<para>The following information specified in the Nexus Configure Networking screen is displayed in the Details tab of the Nexus dvSwitch in the &PRODUCT; UI:</para>
<informaltable frame="all">
<title>Network Configuration Checklist</title>
<para>The following information specified in the Nexus Configure Networking screen is
displayed in the Details tab of the Nexus dvSwitch in the &PRODUCT; UI:</para>
<informaltable frame="all">
<tgroup cols="3" align="left" colsep="1" rowsep="1">
<colspec colname="c1" />
<colspec colname="c2" />
<colspec colname="c3" />
<thead>
<colspec colname="c1"/>
<colspec colname="c2"/>
<colspec colname="c3"/>
<thead>
<row>
<entry><para>Network Requirements</para></entry>
<entry><para>Value</para></entry>
<entry><para>Notes</para></entry>
<entry><para>Network Requirements</para></entry>
<entry><para>Value</para></entry>
<entry><para>Notes</para></entry>
</row>
</thead>
<tbody>
</thead>
<tbody>
<row>
<entry><para>Control Port Group VLAN ID</para></entry>
<entry><para></para></entry>
<entry><para>The VLAN ID of the Control Port Group. The control VLAN is used for communication between the VSM and the VEMs.</para></entry>
<entry><para>Control Port Group VLAN ID</para></entry>
<entry><para/></entry>
<entry><para>The VLAN ID of the Control Port Group. The control VLAN is used for
communication between the VSM and the VEMs.</para></entry>
</row>
<row>
<entry><para>Management Port Group VLAN ID</para></entry>
<entry><para></para></entry>
<entry><para>The VLAN ID of the Management Port Group. The management VLAN corresponds to the mgmt0 interface that is used to establish and maintain the connection between the VSM and VMware vCenter Server.</para></entry>
<entry><para>Management Port Group VLAN ID</para></entry>
<entry><para/></entry>
<entry><para>The VLAN ID of the Management Port Group. The management VLAN
corresponds to the mgmt0 interface that is used to establish and maintain the
connection between the VSM and VMware vCenter Server.</para></entry>
</row>
<row>
<entry><para>Packet Port Group VLAN ID</para></entry>
<entry><para></para></entry>
<entry><para>The VLAN ID of the Packet Port Group. The packet VLAN forwards relevant data packets from the VEMs to the VSM.</para></entry>
<entry><para>Packet Port Group VLAN ID</para></entry>
<entry><para/></entry>
<entry><para>The VLAN ID of the Packet Port Group. The packet VLAN forwards
relevant data packets from the VEMs to the VSM.</para></entry>
</row>
</tbody>
</tbody>
</tgroup>
</informaltable>
<note><para>The VLANs used for control, packet, and management port groups can be the same.</para></note>
<para>For more information, see <ulink url="http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_4_b/getting_started/configuration/guide/n1000v_gsg.pdf">Cisco Nexus 1000V Getting Started Guide</ulink>.</para>
</informaltable>
<note>
<para>The VLANs used for control, packet, and management port groups can be the
same.</para>
</note>
<para>For more information, see <ulink
url="http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_4_b/getting_started/configuration/guide/n1000v_gsg.pdf"
>Cisco Nexus 1000V Getting Started Guide</ulink>.</para>
</section>
<section id="vmware-vsphere-cluster-config-nexus-vswitch-vsm-config-checklist">
<title>VSM Configuration Checklist</title>
<para>You will need the following information about network configuration:</para>
<informaltable frame="all">
<title>VSM Configuration Checklist</title>
<para>You will need the following information about network configuration:</para>
<informaltable frame="all">
<tgroup cols="3" align="left" colsep="1" rowsep="1">
<colspec colname="c1" />
<colspec colname="c2" />
<colspec colname="c3" />
<thead>
<colspec colname="c1"/>
<colspec colname="c2"/>
<colspec colname="c3"/>
<thead>
<row>
<entry><para>VSM Configuration Parameters Value Notes</para></entry>
<entry><para>Value</para></entry>
<entry><para>Notes</para></entry>
<entry><para>VSM Configuration Parameters Value Notes</para></entry>
<entry><para>Value</para></entry>
<entry><para>Notes</para></entry>
</row>
</thead>
<tbody>
</thead>
<tbody>
<row>
<entry><para>Admin Name and Password</para></entry>
<entry><para></para></entry>
<entry><para>The admin name and password to connect to the VSM appliance. You must specify these credentials while configuring Nexus virtual switch.</para></entry>
<entry><para>Admin Name and Password</para></entry>
<entry><para/></entry>
<entry><para>The admin name and password to connect to the VSM appliance. You must
specify these credentials while configuring Nexus virtual
switch.</para></entry>
</row>
<row>
<entry><para>Management IP Address</para></entry>
<entry><para></para></entry>
<entry><para>This is the IP address of the VSM appliance. This is the IP address you specify in the virtual switch IP Address field while configuting Nexus virtual switch.</para></entry>
<entry><para>Management IP Address</para></entry>
<entry><para/></entry>
<entry><para>This is the IP address of the VSM appliance. This is the IP address
you specify in the virtual switch IP Address field while configuting Nexus
virtual switch.</para></entry>
</row>
<row>
<entry><para>SSL</para></entry>
<entry><para>Enable</para></entry>
<entry><para>Always enable SSL. SSH is usually enabled by default during the VSM installation. However, check whether the SSH connection to the VSM is working, without which &PRODUCT; failes to connect to the VSM.</para></entry>
<entry><para>SSL</para></entry>
<entry><para>Enable</para></entry>
<entry><para>Always enable SSL. SSH is usually enabled by default during the VSM
installation. However, check whether the SSH connection to the VSM is working,
without which &PRODUCT; failes to connect to the VSM.</para></entry>
</row>
</tbody>
</tbody>
</tgroup>
</informaltable>
</informaltable>
</section>
</section>
<section id="vmware-vsphere-cluster-config-nexus-vswitch-create-port-profile">
</section>
<section id="vmware-vsphere-cluster-config-nexus-vswitch-create-port-profile">
<title>Creating a Port Profile</title>
<itemizedlist>
<listitem>
<para>Whether you create a Basic or Advanced zone configuration, ensure that you always create an Ethernet port profile on the VSM after you install it and before you create the zone.</para>
<listitem>
<para>Whether you create a Basic or Advanced zone configuration, ensure that you always
create an Ethernet port profile on the VSM after you install it and before you create
the zone.</para>
<itemizedlist>
<listitem><para>The Ethernet port profile created to represent the physical network or networks used by an Advanced zone configuration trunk all the VLANs including guest VLANs, the VLANs that serve the native VLAN, and the packet/control/data/management VLANs of the VSM.</para></listitem>
<listitem><para>The Ethernet port profile created for a Basic zone configuration does not trunk the guest VLANs because the guest VMs do not get their own VLANs provisioned on their network interfaces in a Basic zone.</para></listitem>
<listitem>
<para>The Ethernet port profile created to represent the physical network or
networks used by an Advanced zone configuration trunk all the VLANs including
guest VLANs, the VLANs that serve the native VLAN, and the
packet/control/data/management VLANs of the VSM.</para>
</listitem>
<listitem>
<para>The Ethernet port profile created for a Basic zone configuration does not
trunk the guest VLANs because the guest VMs do not get their own VLANs provisioned
on their network interfaces in a Basic zone.</para>
</listitem>
</itemizedlist>
</listitem>
<listitem><para>An Ethernet port profile configured on the Nexus 1000v virtual switch should not use in its set of system VLANs, or any of the VLANs configured or intended to be configured for use towards VMs or VM resources in the &PRODUCT; environment.</para></listitem>
<listitem><para>You do not have to create any vEthernet port profiles &PRODUCT; does that during VM deployment.</para></listitem>
<listitem><para>Ensure that you create required port profiles to be used by &PRODUCT; for different traffic types of &PRODUCT;, such as Management traffic, Guest traffic, Storage traffic, and Public traffic. The physical networks configured during zone creation should have a one-to-one relation with the Ethernet port profiles.</para></listitem>
</listitem>
<listitem>
<para>An Ethernet port profile configured on the Nexus 1000v virtual switch should not
use in its set of system VLANs, or any of the VLANs configured or intended to be
configured for use towards VMs or VM resources in the &PRODUCT; environment.</para>
</listitem>
<listitem>
<para>You do not have to create any vEthernet port profiles &PRODUCT; does that during
VM deployment.</para>
</listitem>
<listitem>
<para>Ensure that you create required port profiles to be used by &PRODUCT; for
different traffic types of &PRODUCT;, such as Management traffic, Guest traffic,
Storage traffic, and Public traffic. The physical networks configured during zone
creation should have a one-to-one relation with the Ethernet port profiles.</para>
</listitem>
</itemizedlist>
<mediaobject>
<imageobject>
<imageobject>
<imagedata fileref="./images/vmware-nexus-port-profile.png"/>
</imageobject>
<textobject>
</imageobject>
<textobject>
<phrase>vsphereclient.png: vSphere client</phrase>
</textobject>
</textobject>
</mediaobject>
<para>For information on creating a port profile, see <ulink url="http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_4_a/port_profile/configuration/guide/n1000v_port_profile.html">Cisco Nexus 1000V Port Profile Configuration Guide</ulink>.</para>
</section>
<section id="vmware-vsphere-cluster-config-nexus-vswitch-assign-nic-adapters">
<para>For information on creating a port profile, see <ulink
url="http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_4_a/port_profile/configuration/guide/n1000v_port_profile.html"
>Cisco Nexus 1000V Port Profile Configuration Guide</ulink>.</para>
</section>
<section id="vmware-vsphere-cluster-config-nexus-vswitch-assign-nic-adapters">
<title>Assigning Physical NIC Adapters</title>
<para>Assign ESXi host&apos;s physical NIC adapters, which correspond to each physical network, to the port profiles. In each ESXi host that is part of the vCenter cluster, observe the physical networks assigned to each port profile and note down the names of the port profile for future use. This mapping information helps you when configuring physical networks during the zone configuration on &PRODUCT;. These Ethernet port profile names are later specified as VMware Traffic Labels for different traffic types when configuring physical networks during the zone configuration. For more information on configuring physical networks, see <xref linkend="vmware-vsphere-cluster-config-nexus-vswitch" />.</para>
</section>
<section id="vmware-vsphere-cluster-config-nexus-vswitch-add-vlan-range">
<para>Assign ESXi host&apos;s physical NIC adapters, which correspond to each physical
network, to the port profiles. In each ESXi host that is part of the vCenter cluster,
observe the physical networks assigned to each port profile and note down the names of the
port profile for future use. This mapping information helps you when configuring physical
networks during the zone configuration on &PRODUCT;. These Ethernet port profile names are
later specified as VMware Traffic Labels for different traffic types when configuring
physical networks during the zone configuration. For more information on configuring
physical networks, see <xref linkend="vmware-vsphere-cluster-config-nexus-vswitch"
/>.</para>
</section>
<section id="vmware-vsphere-cluster-config-nexus-vswitch-add-vlan-range">
<title>Adding VLAN Ranges</title>
<para>Determine the public VLAN, System VLAN, and Guest VLANs to be used by the &PRODUCT;. Ensure that you add them to the port profile database. Corresponding to each physical network, add the VLAN range to port profiles. In the VSM command prompt, run the switchport trunk allowed vlan&lt;range&gt; command to add the VLAN ranges to the port profile.</para>
<para>Determine the public VLAN, System VLAN, and Guest VLANs to be used by the &PRODUCT;.
Ensure that you add them to the port profile database. Corresponding to each physical
network, add the VLAN range to port profiles. In the VSM command prompt, run the
switchport trunk allowed vlan&lt;range&gt; command to add the VLAN ranges to the port
profile.</para>
<para>For example:</para>
<programlisting>switchport trunk allowed vlan 1,140-147,196-203</programlisting>
<para>In this example, the allowed VLANs added are 1, 140-147, and 196-203</para>
<para>You must also add all the public and private VLANs or VLAN ranges to the switch. This range is the VLAN range you specify in your zone.</para>
<note><para>Before you run the vlan command, ensure that the configuration mode is enabled in Nexus 1000v virtual switch.</para></note>
<para>You must also add all the public and private VLANs or VLAN ranges to the switch. This
range is the VLAN range you specify in your zone.</para>
<note>
<para>Before you run the vlan command, ensure that the configuration mode is enabled in
Nexus 1000v virtual switch.</para>
</note>
<para>For example:</para>
<para>If you want the VLAN 200 to be used on the switch, run the following command:</para>
<programlisting>vlan 200</programlisting>
<para>If you want the VLAN range 1350-1750 to be used on the switch, run the following command:</para>
<para>If you want the VLAN range 1350-1750 to be used on the switch, run the following
command:</para>
<programlisting>vlan 1350-1750</programlisting>
<para>Refer to Cisco Nexus 1000V Command Reference of specific product version.</para>
</section>
</section>
</section>
<section id="vmware-vsphere-cluster-config-nexus-vswitch-enable">
<title>Enabling Nexus Virtual Switch in &PRODUCT;</title>
<para>To make a &PRODUCT; deployment Nexus enabled, you must set the vmware.use.nexus.vswitch parameter true by using the Global Settings page in the &PRODUCT; UI. Unless this parameter is set to &quot;true&quot; and restart the management server, you cannot see any UI options specific to Nexus virtual switch, and &PRODUCT; ignores the Nexus virtual switch specific parameters specified in the AddTrafficTypeCmd, UpdateTrafficTypeCmd, and AddClusterCmd API calls.</para>
<para>Unless the &PRODUCT; global parameter &quot;vmware.use.nexus.vswitch&quot; is set to &quot;true&quot;, &PRODUCT; by default uses VMware standard vSwitch for virtual network infrastructure. In this release, &PRODUCT; doesnt support configuring virtual networks in a deployment with a mix of standard vSwitch and Nexus 1000v virtual switch. The deployment can have either standard vSwitch or Nexus 1000v virtual switch.</para>
<title>Enabling Nexus Virtual Switch in &PRODUCT;</title>
<para>To make a &PRODUCT; deployment Nexus enabled, you must set the vmware.use.nexus.vswitch
parameter true by using the Global Settings page in the &PRODUCT; UI. Unless this parameter
is set to &quot;true&quot; and restart the management server, you cannot see any UI options
specific to Nexus virtual switch, and &PRODUCT; ignores the Nexus virtual switch specific
parameters specified in the AddTrafficTypeCmd, UpdateTrafficTypeCmd, and AddClusterCmd API
calls.</para>
<para>Unless the &PRODUCT; global parameter &quot;vmware.use.nexus.vswitch&quot; is set to
&quot;true&quot;, &PRODUCT; by default uses VMware standard vSwitch for virtual network
infrastructure. In this release, &PRODUCT; doesnt support configuring virtual networks in a
deployment with a mix of standard vSwitch and Nexus 1000v virtual switch. The deployment can
have either standard vSwitch or Nexus 1000v virtual switch.</para>
</section>
<section id="vmware-vsphere-cluster-config-nexus-vswitch-config">
<title>Configuring Nexus 1000v Virtual Switch in &PRODUCT;</title>
<para>You can configure Nexus dvSwitch by adding the necessary resources while the zone is being created.</para>
<mediaobject>
<title>Configuring Nexus 1000v Virtual Switch in &PRODUCT;</title>
<para>You can configure Nexus dvSwitch by adding the necessary resources while the zone is
being created.</para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/vmware-nexus-add-cluster.png"/>
<imagedata fileref="./images/vmware-nexus-add-cluster.png"/>
</imageobject>
<textobject>
<phrase>vsphereclient.png: vSphere client</phrase>
<phrase>vsphereclient.png: vSphere client</phrase>
</textobject>
</mediaobject>
<para>After the zone is created, if you want to create an additional cluster along with Nexus 1000v virtual switch in the existing zone, use the Add Cluster option. For information on creating a cluster, see <xref linkend="add-clusters-vsphere" />.</para>
<para>In both these cases, you must specify the following parameters to configure Nexus virtual switch:</para>
<informaltable frame="all">
</mediaobject>
<para>After the zone is created, if you want to create an additional cluster along with Nexus
1000v virtual switch in the existing zone, use the Add Cluster option. For information on
creating a cluster, see <xref linkend="add-clusters-vsphere"/>.</para>
<para>In both these cases, you must specify the following parameters to configure Nexus
virtual switch:</para>
<informaltable frame="all">
<tgroup cols="2" align="left" colsep="1" rowsep="1">
<colspec colname="c1" />
<colspec colname="c2" />
<thead>
<colspec colname="c1"/>
<colspec colname="c2"/>
<thead>
<row>
<entry><para>Parameters</para></entry>
<entry><para>Description</para></entry>
<entry><para>Parameters</para></entry>
<entry><para>Description</para></entry>
</row>
</thead>
<tbody>
</thead>
<tbody>
<row>
<entry><para>Cluster Name</para></entry>
<entry><para>Enter the name of the cluster you created in vCenter. For example, &quot;cloud.cluster&quot;.</para></entry>
<entry><para>Cluster Name</para></entry>
<entry><para>Enter the name of the cluster you created in vCenter. For example,
&quot;cloud.cluster&quot;.</para></entry>
</row>
<row>
<entry><para>vCenter Host</para></entry>
<entry><para>Enter the host name or the IP address of the vCenter host where you have deployed the Nexus virtual switch.</para></entry>
<entry><para>vCenter Host</para></entry>
<entry><para>Enter the host name or the IP address of the vCenter host where you have
deployed the Nexus virtual switch.</para></entry>
</row>
<row>
<entry><para>vCenter User name</para></entry>
<entry><para>Enter the username that &PRODUCT; should use to connect to vCenter. This user must have all administrative privileges.</para></entry>
<entry><para>vCenter User name</para></entry>
<entry><para>Enter the username that &PRODUCT; should use to connect to vCenter. This
user must have all administrative privileges.</para></entry>
</row>
<row>
<entry><para>vCenter Password</para></entry>
<entry><para>Enter the password for the user named above.</para></entry>
<entry><para>vCenter Password</para></entry>
<entry><para>Enter the password for the user named above.</para></entry>
</row>
<row>
<entry><para>vCenter Datacenter</para></entry>
<entry><para>Enter the vCenter datacenter that the cluster is in. For example, &quot;cloud.dc.VM&quot;.</para></entry>
<entry><para>vCenter Datacenter</para></entry>
<entry><para>Enter the vCenter datacenter that the cluster is in. For example,
&quot;cloud.dc.VM&quot;.</para></entry>
</row>
<row>
<entry><para>Nexus dvSwitch IP Address</para></entry>
<entry><para>The IP address of the VSM component of the Nexus 1000v virtual switch.</para></entry>
<entry><para>Nexus dvSwitch IP Address</para></entry>
<entry><para>The IP address of the VSM component of the Nexus 1000v virtual
switch.</para></entry>
</row>
<row>
<entry><para>Nexus dvSwitch Username</para></entry>
<entry><para>The admin name to connect to the VSM appliance.</para></entry>
<entry><para>Nexus dvSwitch Username</para></entry>
<entry><para>The admin name to connect to the VSM appliance.</para></entry>
</row>
<row>
<entry><para>Nexus dvSwitch Password</para></entry>
<entry><para>The corresponding password for the admin user specified above.</para></entry>
<entry><para>Nexus dvSwitch Password</para></entry>
<entry><para>The corresponding password for the admin user specified
above.</para></entry>
</row>
</tbody>
</tbody>
</tgroup>
</informaltable>
</informaltable>
</section>
<section id="vmware-vsphere-cluster-config-nexus-vswitch-remove">
<title>Removing Nexus Virtual Switch</title>
<orderedlist>
<listitem><para>In the vCenter datacenter that is served by the Nexus virtual switch, ensure that you delete all the hosts in the corresponding cluster.</para></listitem>
<listitem><para>Log in with Admin permissions to the &PRODUCT; administrator UI.</para></listitem>
<listitem><para>In the left navigation bar, select Infrastructure.</para></listitem>
<listitem><para>In the Infrastructure page, click View all under Clusters.</para></listitem>
<listitem><para>Select the cluster where you want to remove the virtual switch.</para></listitem>
<listitem><para>In the dvSwitch tab, click the name of the virtual switch.</para></listitem>
<title>Removing Nexus Virtual Switch</title>
<orderedlist>
<listitem>
<para>
In the Details page, click Delete Nexus dvSwitch icon.
<inlinemediaobject>
<imageobject><imagedata fileref="./images/delete-button.png" /></imageobject>
<textobject><phrase>DeleteButton.png: button to delete dvSwitch</phrase></textobject>
</inlinemediaobject>
</para>
<para>Click Yes in the confirmation dialog box.</para>
<para>In the vCenter datacenter that is served by the Nexus virtual switch, ensure that
you delete all the hosts in the corresponding cluster.</para>
</listitem>
</orderedlist>
</section>
</section> -->
<listitem>
<para>Log in with Admin permissions to the &PRODUCT; administrator UI.</para>
</listitem>
<listitem>
<para>In the left navigation bar, select Infrastructure.</para>
</listitem>
<listitem>
<para>In the Infrastructure page, click View all under Clusters.</para>
</listitem>
<listitem>
<para>Select the cluster where you want to remove the virtual switch.</para>
</listitem>
<listitem>
<para>In the dvSwitch tab, click the name of the virtual switch.</para>
</listitem>
<listitem>
<para> In the Details page, click Delete Nexus dvSwitch icon. <inlinemediaobject>
<imageobject>
<imagedata fileref="./images/delete-button.png"/>
</imageobject>
<textobject>
<phrase>DeleteButton.png: button to delete dvSwitch</phrase>
</textobject>
</inlinemediaobject>
</para>
<para>Click Yes in the confirmation dialog box.</para>
</listitem>
</orderedlist>
</section>
</section>
<xi:include href="vmware-cluster-config-dvswitch.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<section id="vmware-vsphere-iscsi-storage-preparation">
<title>Storage Preparation for vSphere (iSCSI only)</title>
<para>Use of iSCSI requires preparatory work in vCenter. You must add an iSCSI target and create

2
docs/en-US/vmware-requirements.xml
View File

@ -68,7 +68,7 @@
<listitem><para>vCenter must be configured to use the standard port 443 so that it can communicate with the &PRODUCT; Management Server.</para></listitem>
<listitem><para>You must re-install VMware ESXi if you are going to re-use a host from a previous install.</para></listitem>
<listitem><para>&PRODUCT; requires VMware vSphere 4.1 or 5.0. VMware vSphere 4.0 is not supported.</para></listitem>
<listitem><para>All hosts must be 64-bit and must support HVM (Intel-VT or AMD-V enabled). All hosts within a cluster must be homogenous. That means the CPUs must be of the same type, count, and feature flags.</para></listitem>
<listitem><para>All hosts must be 64-bit and must support HVM (Intel-VT or AMD-V enabled). All hosts within a cluster must be homogeneous. That means the CPUs must be of the same type, count, and feature flags.</para></listitem>
<listitem><para>The &PRODUCT; management network must not be configured as a separate virtual network. The &PRODUCT; management network is the same as the vCenter management network, and will inherit its configuration. See <xref linkend="vmware-physical-host-networking-config-vcenter-mgt" />.</para></listitem>
<listitem><para>&PRODUCT; requires ESXi. ESX is not supported.</para></listitem>
<listitem><para>All resources used for &PRODUCT; must be used for &PRODUCT; only. &PRODUCT; cannot share instance of ESXi or storage with other management consoles. Do not share the same storage volumes that will be used by &PRODUCT; with a different set of ESXi servers that are not managed by &PRODUCT;.</para></listitem>

6
docs/en-US/whats-new.xml
View File

@ -21,7 +21,11 @@
<chapter id="whats-new">
<title>What's New in the API?</title>
<para>The following describes any new major features of each &PRODUCT; version as it applies to
API usage.</para>
API usage.</para>
<section id="whats-new-in-api-4.2">
<title>What's New in the API for 4.2</title>
<xi:include href="added-API-commands-4.2.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
</section>
<section id="whats-new-in-api-4.1">
<title>What's New in the API for 4.1</title>
<xi:include href="add-remove-nic.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>

4
docs/en-US/writing-new-documentation.xml
View File

@ -82,7 +82,7 @@
<section id="building-documentation">
<title>Building &PRODUCT; Documentation</title>
<para>To build a specific guide, go to the source tree of the documentation in /docs and identify the guide you want to build.</para>
<para>Currenlty there are four guides plus the release notes, all defined in publican configuration files:</para>
<para>Currently there are four guides plus the release notes, all defined in publican configuration files:</para>
<programlisting>
publican-adminguide.cfg
publican-devguide.cfg
@ -96,5 +96,5 @@
</section>
]]>
</programlisting>
<para>Happy Publicaning and DocBooking.</para>
<para>Happy Publicating and DocBooking.</para>
</section>

2
engine/orchestration/src/org/apache/cloudstack/engine/cloud/entity/api/VMEntityManagerImpl.java
View File

@ -207,7 +207,7 @@ public class VMEntityManagerImpl implements VMEntityManager {
}
DataCenterDeployment plan = new DataCenterDeployment(vm.getDataCenterId(), vmReservation.getPodId(), vmReservation.getClusterId(),
vmReservation.getHostId(), poolId , null);
vmReservation.getHostId(), null , null);
VMInstanceVO vmDeployed = _itMgr.start(vm, params, _userDao.findById(new Long(caller)), _accountDao.findById(vm.getAccountId()), plan);

56
patches/systemvm/debian/config/etc/init.d/cloud-early-config
View File

@ -386,33 +386,39 @@ setup_common() {
ip route delete default
if [ "$RROUTER" != "1" ]
then
if [ -z "$3" ]
gwdev=$3
if [ -z "$gwdev" ]
then
gwdev="eth0"
fi
timer=0
#default route add fails if we run before interface configured with ip
log_it "checking that $gwdev has IP before setting default route to $GW"
echo "checking that $gwdev has IP before setting default route to $GW"
while true
do
ip=$(ifconfig $gwdev | grep "inet addr:" | awk '{print $2}' | awk -F: '{print $2}')
if [ -z $ip ]
then
ip route add default via $GW dev eth0
sleep 1;
#waiting for the interface to setup with ip
log_it "waiting for $gwdev interface setup with ip"
echo "waiting for $gwdev interface setup with ip"
else
timer=0
#default route add fails if we run before interface configured with ip
while true
do
ip=$(ifconfig $3 | grep "inet addr:" | awk '{print $2}' | awk -F: '{print $2}')
if [ -z $ip ]
then
sleep 1;
#waiting for the interface to setup with ip
echo "waiting for $3 interface setup with ip"
else
ip route add default via $GW dev $3
break
fi
if [ $timer -gt 5 ]
then
echo "interface $3 is not set up with ip... configuring default route failed"
break
fi
timer=`expr $timer + 1`
done
ip route add default via $GW dev $gwdev
break
fi
if [ $timer -gt 15 ]
then
log_it "interface $gwdev is not set up with ip... configuring default route failed";
echo "interface $gwdev is not set up with ip... configuring default route failed"
break
fi
timer=`expr $timer + 1`
done
fi
# a hacking way to activate vSwitch under VMware
@ -704,7 +710,7 @@ setup_vpcrouter() {
fi
cat > /etc/network/interfaces << EOF
auto lo $1
auto lo eth0
iface lo inet loopback
EOF
setup_interface "0" $ETH0_IP $ETH0_MASK $GW

5
plugins/hypervisors/simulator/pom.xml
View File

@ -40,5 +40,10 @@
<artifactId>cloud-utils</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cloudstack</groupId>
<artifactId>cloud-secondary-storage</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
</project>

2
plugins/hypervisors/simulator/src/com/cloud/resource/AgentStorageResource.java
View File

@ -20,6 +20,7 @@ import java.util.Map;
import javax.naming.ConfigurationException;
import org.apache.cloudstack.storage.resource.SecondaryStorageResource;
import org.apache.log4j.Logger;
import com.cloud.agent.api.Answer;
@ -35,7 +36,6 @@ import com.cloud.agent.manager.SimulatorManager;
import com.cloud.agent.manager.SimulatorManager.AgentType;
import com.cloud.host.Host;
import com.cloud.host.Host.Type;
import com.cloud.storage.resource.SecondaryStorageResource;
import com.cloud.vm.SecondaryStorageVm;

3
plugins/hypervisors/simulator/src/com/cloud/resource/SimulatorSecondaryDiscoverer.java
View File

@ -24,6 +24,7 @@ import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
import org.apache.cloudstack.storage.resource.SecondaryStorageDiscoverer;
import org.apache.log4j.Logger;
import com.cloud.agent.AgentManager;
@ -40,9 +41,7 @@ import com.cloud.host.HostVO;
import com.cloud.host.Status;
import com.cloud.storage.SnapshotVO;
import com.cloud.storage.dao.SnapshotDao;
import com.cloud.storage.secondary.SecondaryStorageDiscoverer;
import com.cloud.utils.exception.CloudRuntimeException;
import org.springframework.stereotype.Component;
@Local(value=Discoverer.class)

5
plugins/hypervisors/vmware/pom.xml
View File

@ -32,6 +32,11 @@
<artifactId>cloud-vmware-base</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cloudstack</groupId>
<artifactId>cloud-secondary-storage</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>com.cloud.com.vmware</groupId>
<artifactId>vmware-vim25</artifactId>

5
plugins/hypervisors/vmware/src/com/cloud/hypervisor/guru/VMwareGuru.java
View File

@ -135,10 +135,9 @@ public class VMwareGuru extends HypervisorGuruBase implements HypervisorGuru {
if (!(vm.getVirtualMachine() instanceof DomainRouterVO || vm.getVirtualMachine() instanceof ConsoleProxyVO
|| vm.getVirtualMachine() instanceof SecondaryStorageVmVO)){
// user vm
if (diskDeviceType != null){
details.remove(VmDetailConstants.ROOK_DISK_CONTROLLER);
if (diskDeviceType == null){
details.put(VmDetailConstants.ROOK_DISK_CONTROLLER, _vmwareMgr.getRootDiskController());
}
details.put(VmDetailConstants.ROOK_DISK_CONTROLLER, _vmwareMgr.getRootDiskController());
}
to.setDetails(details);

2
plugins/hypervisors/vmware/src/com/cloud/storage/resource/PremiumSecondaryStorageResource.java
View File

@ -21,6 +21,8 @@ import java.util.Map;
import javax.naming.ConfigurationException;
import org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource;
import org.apache.cloudstack.storage.resource.SecondaryStorageResourceHandler;
import org.apache.log4j.Logger;
import com.cloud.agent.api.Answer;

1
plugins/hypervisors/vmware/src/com/cloud/storage/resource/VmwareSecondaryStorageResourceHandler.java
View File

@ -18,6 +18,7 @@ package com.cloud.storage.resource;
import java.util.List;
import org.apache.cloudstack.storage.resource.SecondaryStorageResourceHandler;
import org.apache.log4j.Logger;
import com.cloud.agent.api.Answer;

2
plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
View File

@ -6380,7 +6380,7 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
String guestOSType = cmd.getGuestOSType();
boolean snapshotMemory = cmd.getTarget().getType() == VMSnapshot.Type.DiskAndMemory;
long timeout = 600;
long timeout = cmd.getWait();
Connection conn = getConnection();
VM vm = null;

2
plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
View File

@ -274,7 +274,7 @@ PortForwardingServiceProvider, RemoteAccessVPNServiceProvider, IpDeployer, Junip
firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp");
firewallCapabilities.put(Capability.MultipleIps, "true");
firewallCapabilities.put(Capability.TrafficStatistics, "per public ip");
firewallCapabilities.put(Capability.SupportedTrafficDirection, "ingress");
firewallCapabilities.put(Capability.SupportedTrafficDirection, "ingress, egress");
capabilities.put(Service.Firewall, firewallCapabilities);
// Disabling VPN for Juniper in Acton as it 1) Was never tested 2) probably just doesn't work

322
plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java
View File

@ -303,7 +303,7 @@ public class JuniperSrxResource implements ServerResource {
}
private enum Protocol {
tcp, udp, icmp, any;
tcp, udp, icmp, all, any;
}
private enum RuleMatchCondition {
@ -320,7 +320,8 @@ public class JuniperSrxResource implements ServerResource {
private enum SecurityPolicyType {
STATIC_NAT("staticnat"),
DESTINATION_NAT("destnat"),
VPN("vpn");
VPN("vpn"),
SECURITYPOLICY_EGRESS("egress");
private String identifier;
@ -776,6 +777,43 @@ public class JuniperSrxResource implements ServerResource {
s_logger.debug(msg);
}
private Map<String, ArrayList<FirewallRuleTO>> getActiveFirewallEgressRules(FirewallRuleTO[] allRules) {
Map<String, ArrayList<FirewallRuleTO>> activeRules = new HashMap<String, ArrayList<FirewallRuleTO>>();
for (FirewallRuleTO rule : allRules) {
String guestVlan;
guestVlan = rule.getSrcVlanTag();
ArrayList<FirewallRuleTO> activeRulesForNetwork = activeRules.get(guestVlan);
if (activeRulesForNetwork == null) {
activeRulesForNetwork = new ArrayList<FirewallRuleTO>();
}
if (!rule.revoked() || rule.isAlreadyAdded()) {
activeRulesForNetwork.add(rule);
}
activeRules.put(guestVlan, activeRulesForNetwork);
}
return activeRules;
}
private List<String> extractCidrs(List<FirewallRuleTO> rules) throws ExecutionException {
List<String> allCidrs = new ArrayList<String>();
List<String> cidrs = new ArrayList<String>();
for (FirewallRuleTO rule : rules) {
cidrs = (rule.getSourceCidrList());
for (String cidr: cidrs) {
if (!allCidrs.contains(cidr)) {
allCidrs.add(cidr);
}
}
}
return allCidrs;
}
/* security policies */
private synchronized Answer execute(SetFirewallRulesCommand cmd) {
@ -787,24 +825,39 @@ public class JuniperSrxResource implements ServerResource {
FirewallRuleTO[] rules = cmd.getRules();
try {
openConfiguration();
if (rules[0].getTrafficType() == FirewallRule.TrafficType.Egress) {
Map<String, ArrayList<FirewallRuleTO>> activeRules = getActiveFirewallEgressRules(rules);
Set<String> guestVlans = activeRules.keySet();
List<String> cidrs = new ArrayList();
for (FirewallRuleTO rule : rules) {
int startPort = 0, endPort = 0;
if (rule.getSrcPortRange() != null) {
startPort = rule.getSrcPortRange()[0];
endPort = rule.getSrcPortRange()[1];
for (String guestVlan : guestVlans) {
List<FirewallRuleTO> activeRulesForGuestNw = activeRules.get(guestVlan);
removeEgressSecurityPolicyAndApplications(SecurityPolicyType.SECURITYPOLICY_EGRESS, guestVlan, extractCidrs(activeRulesForGuestNw));
if (activeRulesForGuestNw.size() > 0) {
addEgressSecurityPolicyAndApplications(SecurityPolicyType.SECURITYPOLICY_EGRESS, guestVlan, extractApplications(activeRulesForGuestNw), extractCidrs(activeRulesForGuestNw));
}
}
FirewallFilterTerm term = new FirewallFilterTerm(genIpIdentifier(rule.getSrcIp()) + "-" + String.valueOf(rule.getId()), rule.getSourceCidrList(),
rule.getSrcIp(), rule.getProtocol(), startPort, endPort,
rule.getIcmpType(), rule.getIcmpCode(), genIpIdentifier(rule.getSrcIp()) + _usageFilterIPInput.getCounterIdentifier());
if (!rule.revoked()) {
manageFirewallFilter(SrxCommand.ADD, term, _publicZoneInputFilterName);
} else {
manageFirewallFilter(SrxCommand.DELETE, term, _publicZoneInputFilterName);
commitConfiguration();
} else {
for (FirewallRuleTO rule : rules) {
int startPort = 0, endPort = 0;
if (rule.getSrcPortRange() != null) {
startPort = rule.getSrcPortRange()[0];
endPort = rule.getSrcPortRange()[1];
FirewallFilterTerm term = new FirewallFilterTerm(genIpIdentifier(rule.getSrcIp()) + "-" + String.valueOf(rule.getId()), rule.getSourceCidrList(),
rule.getSrcIp(), rule.getProtocol(), startPort, endPort,
rule.getIcmpType(), rule.getIcmpCode(), genIpIdentifier(rule.getSrcIp()) + _usageFilterIPInput.getCounterIdentifier());
if (!rule.revoked()) {
manageFirewallFilter(SrxCommand.ADD, term, _publicZoneInputFilterName);
} else {
manageFirewallFilter(SrxCommand.DELETE, term, _publicZoneInputFilterName);
}
}
commitConfiguration();
}
}
commitConfiguration();
return new Answer(cmd);
} catch (ExecutionException e) {
s_logger.error(e);
@ -992,7 +1045,7 @@ public class JuniperSrxResource implements ServerResource {
// Delete all security policies
for (String securityPolicyName : getVpnObjectNames(SrxXml.SECURITY_POLICY_GETALL, accountId)) {
manageSecurityPolicy(SecurityPolicyType.VPN, SrxCommand.DELETE, accountId, null, null, null, securityPolicyName);
manageSecurityPolicy(SecurityPolicyType.VPN, SrxCommand.DELETE, accountId, null, null, null, null, securityPolicyName);
}
// Delete all address book entries
@ -1064,7 +1117,7 @@ public class JuniperSrxResource implements ServerResource {
manageAddressBookEntry(srxCmd, _privateZone , guestNetworkCidr, ipsecVpnName);
// Security policy
manageSecurityPolicy(SecurityPolicyType.VPN, srxCmd, null, null, guestNetworkCidr, null, ipsecVpnName);
manageSecurityPolicy(SecurityPolicyType.VPN, srxCmd, null, null, guestNetworkCidr, null, null, ipsecVpnName);
}
commitConfiguration();
@ -2455,38 +2508,44 @@ public class JuniperSrxResource implements ServerResource {
* Applications
*/
private String genApplicationName(Protocol protocol, int startPort, int endPort) {
private String genApplicationName(SecurityPolicyType type, Protocol protocol, int startPort, int endPort) {
if (protocol.equals(Protocol.any)) {
return Protocol.any.toString();
} else {
return genObjectName(protocol.toString(), String.valueOf(startPort), String.valueOf(endPort));
if (type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS)) {
return genObjectName(type.getIdentifier(), protocol.toString(), String.valueOf(startPort), String.valueOf(endPort));
} else {
return genObjectName(protocol.toString(), String.valueOf(startPort), String.valueOf(endPort));
}
}
}
private Object[] parseApplicationName(String applicationName) throws ExecutionException {
private Object[] parseApplicationName(SecurityPolicyType type, String applicationName) throws ExecutionException {
String errorMsg = "Invalid application: " + applicationName;
String[] applicationComponents = applicationName.split("-");
Protocol protocol;
Integer startPort;
Integer endPort;
int offset = 0;
try {
protocol = getProtocol(applicationComponents[0]);
startPort = Integer.parseInt(applicationComponents[1]);
endPort = Integer.parseInt(applicationComponents[2]);
} catch (Exception e) {
offset = type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS) ? 1 : 0;
protocol = getProtocol(applicationComponents[offset + 0]);
startPort = Integer.parseInt(applicationComponents[offset + 1]);
endPort = Integer.parseInt(applicationComponents[offset + 2]);
} catch (Exception e) {
throw new ExecutionException(errorMsg);
}
return new Object[]{protocol, startPort, endPort};
}
private boolean manageApplication(SrxCommand command, Protocol protocol, int startPort, int endPort) throws ExecutionException {
private boolean manageApplication(SecurityPolicyType type, SrxCommand command, Protocol protocol, int startPort, int endPort) throws ExecutionException {
if (protocol.equals(Protocol.any)) {
return true;
}
String applicationName = genApplicationName(protocol, startPort, endPort);
String applicationName = genApplicationName(type, protocol, startPort, endPort);
String xml;
switch (command) {
@ -2498,23 +2557,28 @@ public class JuniperSrxResource implements ServerResource {
return sendRequestAndCheckResponse(command, xml, "name", applicationName);
case ADD:
if (manageApplication(SrxCommand.CHECK_IF_EXISTS, protocol, startPort, endPort)) {
if (manageApplication(type, SrxCommand.CHECK_IF_EXISTS, protocol, startPort, endPort)) {
return true;
}
String icmpOrDestPort;
xml = SrxXml.APPLICATION_ADD.getXml();
xml = replaceXmlValue(xml, "name", applicationName);
xml = replaceXmlValue(xml, "protocol", protocol.toString());
String destPort;
if (startPort == endPort) {
destPort = String.valueOf(startPort);
if (protocol.toString() == Protocol.icmp.toString()) {
icmpOrDestPort = "<icmp-type>" + startPort + "</icmp-type>";
icmpOrDestPort += "<icmp-code>" + endPort + "</icmp-code>";
} else {
destPort = startPort + "-" + endPort;
String destPort;
if (startPort == endPort) {
destPort = String.valueOf(startPort);
} else {
destPort = startPort + "-" + endPort;
}
icmpOrDestPort = "<destination-port>" + destPort + "</destination-port>";
}
xml = replaceXmlValue(xml, "dest-port", destPort);
xml = replaceXmlValue(xml, "dest-port-icmp", icmpOrDestPort);
if (!sendRequestAndCheckResponse(command, xml)) {
throw new ExecutionException("Failed to add application " + applicationName);
} else {
@ -2522,7 +2586,7 @@ public class JuniperSrxResource implements ServerResource {
}
case DELETE:
if (!manageApplication(SrxCommand.CHECK_IF_EXISTS, protocol, startPort, endPort)) {
if (!manageApplication(type, SrxCommand.CHECK_IF_EXISTS, protocol, startPort, endPort)) {
return true;
}
@ -2543,13 +2607,13 @@ public class JuniperSrxResource implements ServerResource {
}
private List<String> getUnusedApplications(List<String> applications) throws ExecutionException {
private List<String> getUnusedApplications(List<String> applications, String fromZone, String toZone) throws ExecutionException {
List<String> unusedApplications = new ArrayList<String>();
// Check if any of the applications are unused by existing security policies
String xml = SrxXml.SECURITY_POLICY_GETALL.getXml();
xml = replaceXmlValue(xml, "from-zone", _publicZone);
xml = replaceXmlValue(xml, "to-zone", _privateZone);
xml = replaceXmlValue(xml, "from-zone", fromZone);
xml = replaceXmlValue(xml, "to-zone", toZone);
String allPolicies = sendRequest(xml);
for (String application : applications) {
@ -2560,10 +2624,7 @@ public class JuniperSrxResource implements ServerResource {
return unusedApplications;
}
private List<String> getApplicationsForSecurityPolicy(SecurityPolicyType type, String privateIp) throws ExecutionException {
String fromZone = _publicZone;
String toZone = _privateZone;
private List<String> getApplicationsForSecurityPolicy(SecurityPolicyType type, String privateIp, String fromZone, String toZone) throws ExecutionException {
String policyName = genSecurityPolicyName(type, null, null, fromZone, toZone, privateIp);
String xml = SrxXml.SECURITY_POLICY_GETONE.getXml();
xml = setDelete(xml, false);
@ -2591,8 +2652,31 @@ public class JuniperSrxResource implements ServerResource {
for (FirewallRuleTO rule : rules) {
Object[] application = new Object[3];
application[0] = getProtocol(rule.getProtocol());
application[1] = rule.getSrcPortRange()[0];
application[2] = rule.getSrcPortRange()[1];
if (application[0] == Protocol.icmp) {
if (rule.getIcmpType() == -1) {
application[1] = 255;
} else {
application[1] = rule.getIcmpType();
}
if (rule.getIcmpCode() == -1) {
application[2] = 255;
} else {
application[2] = rule.getIcmpCode();
}
} else if (application[0] == Protocol.tcp || application[0] == Protocol.udp) {
if (rule.getSrcPortRange() != null) {
application[1] = rule.getSrcPortRange()[0];
application[2] = rule.getSrcPortRange()[1];
} else {
application[1] = 0;
application[2] = 65535;
}
} else if (application[0] == Protocol.all) {
application[1] = 0;
application[2] = 65535;
}
applications.add(application);
}
@ -2611,16 +2695,20 @@ public class JuniperSrxResource implements ServerResource {
}
}
private boolean manageSecurityPolicy(SecurityPolicyType type, SrxCommand command, Long accountId, String username, String privateIp, List<String> applicationNames, String ipsecVpnName) throws ExecutionException {
private boolean manageSecurityPolicy(SecurityPolicyType type, SrxCommand command, Long accountId, String username, String privateIp, List<String> applicationNames, List<String> cidrs, String ipsecVpnName) throws ExecutionException {
String fromZone = _publicZone;
String toZone = _privateZone;
String securityPolicyName;
String addressBookEntryName;
String addressBookEntryName = null;
if (type.equals(SecurityPolicyType.VPN) && ipsecVpnName != null) {
securityPolicyName = ipsecVpnName;
addressBookEntryName = ipsecVpnName;
securityPolicyName = ipsecVpnName;
addressBookEntryName = ipsecVpnName;
} else if (type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS)) {
fromZone = _privateZone;
toZone = _publicZone;
securityPolicyName = genSecurityPolicyName(type, accountId, username, fromZone, toZone, privateIp);
} else {
securityPolicyName = genSecurityPolicyName(type, accountId, username, fromZone, toZone, privateIp);
addressBookEntryName = genAddressBookEntryName(privateIp);
@ -2661,17 +2749,38 @@ public class JuniperSrxResource implements ServerResource {
return false;
case ADD:
if (!manageAddressBookEntry(SrxCommand.CHECK_IF_EXISTS, toZone, privateIp, ipsecVpnName)) {
throw new ExecutionException("No address book entry for policy: " + securityPolicyName);
if (!type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS)) {
if (!manageAddressBookEntry(SrxCommand.CHECK_IF_EXISTS, toZone, privateIp, addressBookEntryName)) {
throw new ExecutionException("No address book entry for policy: " + securityPolicyName);
}
}
String srcAddrs = "";
String dstAddrs = "";
xml = SrxXml.SECURITY_POLICY_ADD.getXml();
xml = replaceXmlValue(xml, "policy-name", securityPolicyName);
if (type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS)) {
xml = replaceXmlValue(xml, "from-zone", _privateZone);
xml = replaceXmlValue(xml, "to-zone", _publicZone);
if (cidrs == null) {
srcAddrs = "<source-address>any</source-address>";
} else {
for (String cidr : cidrs) {
srcAddrs += "<source-address>" + genAddressBookEntryName(cidr) + "</source-address>";
}
}
xml = replaceXmlValue(xml, "src-address", srcAddrs);
dstAddrs = "<destination-address>any</destination-address>";
xml = replaceXmlValue(xml, "dst-address", dstAddrs);
} else {
xml = replaceXmlValue(xml, "from-zone", fromZone);
xml = replaceXmlValue(xml, "to-zone", toZone);
srcAddrs = "<source-address>any</source-address>";
xml = replaceXmlValue(xml, "src-address", srcAddrs);
dstAddrs = "<destination-address>" + addressBookEntryName + "</destination-address>";
xml = replaceXmlValue(xml, "dst-address", dstAddrs);
}
xml = SrxXml.SECURITY_POLICY_ADD.getXml();
xml = replaceXmlValue(xml, "from-zone", fromZone);
xml = replaceXmlValue(xml, "to-zone", toZone);
xml = replaceXmlValue(xml, "policy-name", securityPolicyName);
xml = replaceXmlValue(xml, "src-address", "any");
xml = replaceXmlValue(xml, "dest-address", addressBookEntryName);
if (type.equals(SecurityPolicyType.VPN) && ipsecVpnName != null) {
xml = replaceXmlValue(xml, "tunnel", "<tunnel><ipsec-vpn>" + ipsecVpnName + "</ipsec-vpn></tunnel>");
} else {
@ -2679,7 +2788,7 @@ public class JuniperSrxResource implements ServerResource {
}
String applications;
if (applicationNames == null) {
if (applicationNames == null || applicationNames.size() == 0) {
applications = "<application>any</application>";
} else {
applications = "";
@ -2697,11 +2806,11 @@ public class JuniperSrxResource implements ServerResource {
}
case DELETE:
if (!manageSecurityPolicy(type, SrxCommand.CHECK_IF_EXISTS, null, null, privateIp, applicationNames, ipsecVpnName)) {
if (!manageSecurityPolicy(type, SrxCommand.CHECK_IF_EXISTS, null, null, privateIp, applicationNames, cidrs, ipsecVpnName)) {
return true;
}
if (manageSecurityPolicy(type, SrxCommand.CHECK_IF_IN_USE, null, null, privateIp, applicationNames, ipsecVpnName)) {
if (manageSecurityPolicy(type, SrxCommand.CHECK_IF_IN_USE, null, null, privateIp, applicationNames, cidrs, ipsecVpnName)) {
return true;
}
@ -2757,42 +2866,42 @@ public class JuniperSrxResource implements ServerResource {
int startPort = application[1] != null ? ((Integer) application[1]) : -1;
int endPort = application[2] != null ? ((Integer) application[2]) : -1;
String applicationName = genApplicationName(protocol, startPort, endPort);
String applicationName = genApplicationName(type, protocol, startPort, endPort);
if (!applicationNames.contains(applicationName)) {
applicationNames.add(applicationName);
}
manageApplication(SrxCommand.ADD, protocol, startPort, endPort);
manageApplication(type, SrxCommand.ADD, protocol, startPort, endPort);
}
// Add a new security policy
manageSecurityPolicy(type, SrxCommand.ADD, null, null, privateIp, applicationNames, null);
manageSecurityPolicy(type, SrxCommand.ADD, null, null, privateIp, applicationNames, null, null);
return true;
}
private boolean removeSecurityPolicyAndApplications(SecurityPolicyType type, String privateIp) throws ExecutionException {
if (!manageSecurityPolicy(type, SrxCommand.CHECK_IF_EXISTS, null, null, privateIp, null, null)) {
if (!manageSecurityPolicy(type, SrxCommand.CHECK_IF_EXISTS, null, null, privateIp, null,null, null)) {
return true;
}
if (manageSecurityPolicy(type, SrxCommand.CHECK_IF_IN_USE, null, null, privateIp, null, null)) {
if (manageSecurityPolicy(type, SrxCommand.CHECK_IF_IN_USE, null, null, privateIp, null, null, null)) {
return true;
}
// Get a list of applications for this security policy
List<String> applications = getApplicationsForSecurityPolicy(type, privateIp);
List<String> applications = getApplicationsForSecurityPolicy(type, privateIp, _publicZone, _privateZone);
// Remove the security policy
manageSecurityPolicy(type, SrxCommand.DELETE, null, null, privateIp, null, null);
// Remove the security policy
manageSecurityPolicy(type, SrxCommand.DELETE, null, null, privateIp, null, null, null);
// Remove any applications for the removed security policy that are no longer in use
List<String> unusedApplications = getUnusedApplications(applications);
List<String> unusedApplications = getUnusedApplications(applications, _publicZone, _privateZone);
for (String application : unusedApplications) {
Object[] applicationComponents;
try {
applicationComponents = parseApplicationName(application);
applicationComponents = parseApplicationName(type, application);
} catch (ExecutionException e) {
s_logger.error("Found an invalid application: " + application + ". Not attempting to clean up.");
continue;
@ -2800,13 +2909,78 @@ public class JuniperSrxResource implements ServerResource {
Protocol protocol = (Protocol) applicationComponents[0];
Integer startPort = (Integer) applicationComponents[1];
Integer endPort = (Integer) applicationComponents[2];
manageApplication(SrxCommand.DELETE, protocol, startPort, endPort);
Integer endPort = (Integer) applicationComponents[2];
manageApplication(type, SrxCommand.DELETE, protocol, startPort, endPort);
}
return true;
}
private boolean removeEgressSecurityPolicyAndApplications(SecurityPolicyType type, String guestVlan, List <String> cidrs) throws ExecutionException {
if (!manageSecurityPolicy(type, SrxCommand.CHECK_IF_EXISTS, null, null, guestVlan, null, cidrs, null)) {
return true;
}
// Get a list of applications for this security policy
List<String> applications;
applications = getApplicationsForSecurityPolicy(type, guestVlan, _privateZone, _publicZone);
// Remove the security policy even if it is in use
manageSecurityPolicy(type, SrxCommand.DELETE, null, null, guestVlan, null, cidrs, null);
// Remove any applications for the removed security policy that are no longer in use
List<String> unusedApplications;
unusedApplications = getUnusedApplications(applications, _privateZone, _publicZone);
for (String application : unusedApplications) {
Object[] applicationComponents;
try {
applicationComponents = parseApplicationName(type, application);
} catch (ExecutionException e) {
s_logger.error("Found an invalid application: " + application + ". Not attempting to clean up.");
continue;
}
Protocol protocol = (Protocol) applicationComponents[0];
Integer startPort = (Integer) applicationComponents[1];
Integer endPort = (Integer) applicationComponents[2];
manageApplication(type, SrxCommand.DELETE, protocol, startPort, endPort);
}
for (String cidr: cidrs) {
manageAddressBookEntry(SrxCommand.DELETE, _publicZone, cidr, null);
}
return true;
}
private boolean addEgressSecurityPolicyAndApplications(SecurityPolicyType type, String guestVlan, List<Object[]> applications, List <String> cidrs) throws ExecutionException {
// Add all necessary applications
List<String> applicationNames = new ArrayList<String>();
for (Object[] application : applications) {
Protocol protocol = (Protocol) application[0];
if (!protocol.equals(Protocol.all)) {
int startPort = application[1] != null ? ((Integer) application[1]) : 0;
int endPort = application[2] != null ? ((Integer) application[2]) : 65535;
String applicationName = genApplicationName(type, protocol, startPort, endPort);
if (!applicationNames.contains(applicationName)) {
applicationNames.add(applicationName);
}
manageApplication(type, SrxCommand.ADD, protocol, startPort, endPort);
}
}
for (String cidr: cidrs) {
manageAddressBookEntry(SrxCommand.ADD, _privateZone, cidr, null);
}
// Add a new security policy
manageSecurityPolicy(type, SrxCommand.ADD, null, null, guestVlan, applicationNames, cidrs, null);
s_logger.debug("Added Egress firewall rule for guest network " + guestVlan);
return true;
}
/*
* Filter terms
*/

4
pom.xml
View File

@ -317,6 +317,10 @@
<exclude>deps/XenServerJava/Makefile</exclude>
<exclude>dist/console-proxy/js/jquery.js</exclude>
<exclude>scripts/vm/systemvm/id_rsa.cloud</exclude>
<exclude>services/console-proxy/server/conf/agent.properties</exclude>
<exclude>services/console-proxy/server/conf/environment.properties</exclude>
<exclude>services/secondary-storage/conf/agent.properties</exclude>
<exclude>services/secondary-storage/conf/environment.properties</exclude>
<exclude>tools/devcloud/basebuild/puppet-devcloudinitial/files/network.conf</exclude>
<exclude>tools/appliance/definitions/devcloud/*</exclude>
<exclude>tools/appliance/definitions/systemvmtemplate/*</exclude>

2
scripts/network/juniper/application-add.xml
View File

@ -23,7 +23,7 @@ under the License.
<application>
<name>%name%</name>
<protocol>%protocol%</protocol>
<destination-port>%dest-port%</destination-port>
%dest-port-icmp%
</application>
</applications>
</configuration>

4
scripts/network/juniper/security-policy-add.xml
View File

@ -27,8 +27,8 @@ under the License.
<policy>
<name>%policy-name%</name>
<match>
<source-address>%src-address%</source-address>
<destination-address>%dest-address%</destination-address>
%src-address%
%dst-address%
%applications%
</match>
<then>

2
scripts/vm/hypervisor/kvm/patchviasocket.pl
View File

@ -53,6 +53,6 @@ my $msg = "pubkey:" . $key . "\ncmdline:" . $cmdline;
my $socket = IO::Socket::UNIX->new(Peer=>$sockfile,Type=>SOCK_STREAM)
or die "ERROR: unable to connect to $sockfile - $^E\n";
print $socket "$msg\r\n";
print $socket "$msg\n";
close $socket;

26
scripts/vm/systemvm/injectkeys.sh
View File

@ -22,6 +22,7 @@
# $2 = new private key
#set -x
set -e
TMP=/tmp
MOUNTPATH=${HOME}/systemvm_mnt
@ -29,7 +30,7 @@ TMPDIR=${TMP}/cloud/systemvm
clean_up() {
sudo umount $MOUNTPATH
$SUDO umount $MOUNTPATH
}
inject_into_iso() {
@ -39,23 +40,23 @@ inject_into_iso() {
local tmpiso=${TMP}/$1
mkdir -p $MOUNTPATH
[ ! -f $isofile ] && echo "$(basename $0): Could not find systemvm iso patch file $isofile" && return 1
sudo mount -o loop $isofile $MOUNTPATH
$SUDO mount -o loop $isofile $MOUNTPATH
[ $? -ne 0 ] && echo "$(basename $0): Failed to mount original iso $isofile" && clean_up && return 1
diff -q $MOUNTPATH/authorized_keys $newpubkey &> /dev/null && clean_up && return 0
sudo cp -b $isofile $backup
$SUDO cp -b $isofile $backup
[ $? -ne 0 ] && echo "$(basename $0): Failed to backup original iso $isofile" && clean_up && return 1
rm -rf $TMPDIR
mkdir -p $TMPDIR
[ ! -d $TMPDIR ] && echo "$(basename $0): Could not find/create temporary dir $TMPDIR" && clean_up && return 1
sudo cp -fr $MOUNTPATH/* $TMPDIR/
$SUDO cp -fr $MOUNTPATH/* $TMPDIR/
[ $? -ne 0 ] && echo "$(basename $0): Failed to copy from original iso $isofile" && clean_up && return 1
sudo cp $newpubkey $TMPDIR/authorized_keys
$SUDO cp $newpubkey $TMPDIR/authorized_keys
[ $? -ne 0 ] && echo "$(basename $0): Failed to copy key $newpubkey from original iso to new iso " && clean_up && return 1
mkisofs -quiet -r -o $tmpiso $TMPDIR
[ $? -ne 0 ] && echo "$(basename $0): Failed to create new iso $tmpiso from $TMPDIR" && clean_up && return 1
sudo umount $MOUNTPATH
$SUDO umount $MOUNTPATH
[ $? -ne 0 ] && echo "$(basename $0): Failed to unmount old iso from $MOUNTPATH" && return 1
sudo cp -f $tmpiso $isofile
$SUDO cp -f $tmpiso $isofile
[ $? -ne 0 ] && echo "$(basename $0): Failed to overwrite old iso $isofile with $tmpiso" && return 1
rm -rf $TMPDIR
}
@ -63,12 +64,17 @@ inject_into_iso() {
copy_priv_key() {
local newprivkey=$1
diff -q $newprivkey $(dirname $0)/id_rsa.cloud && return 0
sudo cp -fb $newprivkey $(dirname $0)/id_rsa.cloud
sudo chmod 644 $(dirname $0)/id_rsa.cloud
$SUDO cp -fb $newprivkey $(dirname $0)/id_rsa.cloud
$SUDO chmod 644 $(dirname $0)/id_rsa.cloud
return $?
}
sudo mkdir -p $MOUNTPATH
if [[ "$EUID" -ne 0 ]]
then
SUDO="sudo "
fi
$SUDO mkdir -p $MOUNTPATH
[ $# -ne 3 ] && echo "Usage: $(basename $0) <new public key file> <new private key file> <systemvm iso path>" && exit 3
newpubkey=$1

1
server/src/com/cloud/api/ApiResponseHelper.java
View File

@ -965,6 +965,7 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setPublicIpAddress(ip.getAddress().addr());
if (ip != null && fwRule.getDestinationIpAddress() != null) {
response.setDestNatVmIp(fwRule.getDestinationIpAddress().toString());
UserVm vm = ApiDBUtils.findUserVmById(fwRule.getVirtualMachineId());
if (vm != null) {
response.setVirtualMachineId(vm.getUuid());

4
server/src/com/cloud/configuration/Config.java
View File

@ -397,9 +397,7 @@ public enum Config {
// VMSnapshots
VMSnapshotMax("Advanced", VMSnapshotManager.class, Integer.class, "vmsnapshot.max", "10", "Maximum vm snapshots for a vm", null),
VMSnapshotCreateWait("Advanced", VMSnapshotManager.class, Integer.class, "vmsnapshot.create.wait", "600", "In second, timeout for create vm snapshot", null),
VMSnapshotExpungeInterval("Advanced", VMSnapshotManager.class, Integer.class, "vmsnapshot.expunge.interval", "60", "The interval (in seconds) to wait before running the expunge thread.", null),
VMSnapshotExpungeWorkers("Advanced", VMSnapshotManager.class, Integer.class, "vmsnapshot.expunge.workers", "1", "Number of workers performing expunge ", null),
VMSnapshotCreateWait("Advanced", VMSnapshotManager.class, Integer.class, "vmsnapshot.create.wait", "1800", "In second, timeout for create vm snapshot", null),
CloudDnsName("Advanced", ManagementServer.class, String.class, "cloud.dns.name", "default", " DNS name of the cloud", null);

184
server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java
View File

@ -23,48 +23,28 @@ import javax.inject.Inject;
import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.AgentControlAnswer;
import com.cloud.agent.api.ConsoleAccessAuthenticationAnswer;
import com.cloud.agent.api.ConsoleAccessAuthenticationCommand;
import com.cloud.agent.api.ConsoleProxyLoadReportCommand;
import com.cloud.agent.api.GetVncPortAnswer;
import com.cloud.agent.api.GetVncPortCommand;
import com.cloud.agent.api.StartupCommand;
import com.cloud.agent.api.StartupProxyCommand;
import com.cloud.agent.api.StopAnswer;
import com.cloud.agent.api.to.NicTO;
import com.cloud.agent.api.to.VirtualMachineTO;
import com.cloud.agent.manager.Commands;
import com.cloud.configuration.dao.ConfigurationDao;
import com.cloud.deploy.DeployDestination;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.host.HostVO;
import com.cloud.host.Status;
import com.cloud.host.dao.HostDao;
import com.cloud.info.ConsoleProxyInfo;
import com.cloud.network.Network;
import com.cloud.keystore.KeystoreManager;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.component.ManagerBase;
import com.cloud.vm.ConsoleProxyVO;
import com.cloud.vm.ReservationContext;
import com.cloud.vm.UserVmVO;
import com.cloud.vm.VMInstanceVO;
import com.cloud.vm.VirtualMachine;
import com.cloud.vm.VirtualMachineGuru;
import com.cloud.vm.VirtualMachineManager;
import com.cloud.vm.VirtualMachineName;
import com.cloud.vm.VirtualMachineProfile;
import com.cloud.vm.dao.ConsoleProxyDao;
import com.cloud.vm.dao.UserVmDao;
import com.cloud.vm.dao.VMInstanceDao;
@Local(value = { ConsoleProxyManager.class })
public class AgentBasedConsoleProxyManager extends ManagerBase implements ConsoleProxyManager, VirtualMachineGuru<ConsoleProxyVO>, AgentHook {
public class AgentBasedConsoleProxyManager extends ManagerBase implements ConsoleProxyManager {
private static final Logger s_logger = Logger.getLogger(AgentBasedConsoleProxyManager.class);
@Inject
@ -85,9 +65,25 @@ public class AgentBasedConsoleProxyManager extends ManagerBase implements Consol
VirtualMachineManager _itMgr;
@Inject
protected ConsoleProxyDao _cpDao;
@Inject
protected KeystoreManager _ksMgr;
@Inject ConfigurationDao _configDao;
public class AgentBasedAgentHook extends AgentHookBase {
public AgentBasedAgentHook(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao,
KeystoreManager ksMgr, AgentManager agentMgr) {
super(instanceDao, hostDao, cfgDao, ksMgr, agentMgr);
}
@Override
protected HostVO findConsoleProxyHost(StartupProxyCommand cmd) {
return _hostDao.findByGuid(cmd.getGuid());
}
}
public int getVncPort(VMInstanceVO vm) {
if (vm.getHostId() == null) {
return -1;
@ -123,11 +119,10 @@ public class AgentBasedConsoleProxyManager extends ManagerBase implements Consol
_consoleProxyUrlDomain = configs.get("consoleproxy.url.domain");
_listener = new ConsoleProxyListener(this);
_listener =
new ConsoleProxyListener(new AgentBasedAgentHook(_instanceDao, _hostDao, _configDao, _ksMgr, _agentMgr));
_agentMgr.registerForHostEvents(_listener, true, true, false);
_itMgr.registerGuru(VirtualMachine.Type.ConsoleProxy, this);
if (s_logger.isInfoEnabled()) {
s_logger.info("AgentBasedConsoleProxyManager has been configured. SSL enabled: " + _sslEnabled);
}
@ -177,64 +172,8 @@ public class AgentBasedConsoleProxyManager extends ManagerBase implements Consol
return null;
}
@Override
public void onLoadReport(ConsoleProxyLoadReportCommand cmd) {
}
@Override
public AgentControlAnswer onConsoleAccessAuthentication(ConsoleAccessAuthenticationCommand cmd) {
long vmId = 0;
if (cmd.getVmId() != null && cmd.getVmId().isEmpty()) {
if (s_logger.isTraceEnabled()) {
s_logger.trace("Invalid vm id sent from proxy(happens when proxy session has terminated)");
}
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
try {
vmId = Long.parseLong(cmd.getVmId());
} catch (NumberFormatException e) {
s_logger.error("Invalid vm id " + cmd.getVmId() + " sent from console access authentication", e);
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
// TODO authentication channel between console proxy VM and management
// server needs to be secured,
// the data is now being sent through private network, but this is
// apparently not enough
VMInstanceVO vm = _instanceDao.findById(vmId);
if (vm == null) {
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
if (vm.getHostId() == null) {
s_logger.warn("VM " + vmId + " lost host info, failed authentication request");
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
HostVO host = _hostDao.findById(vm.getHostId());
if (host == null) {
s_logger.warn("VM " + vmId + "'s host does not exist, fail authentication request");
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
String sid = cmd.getSid();
if (sid == null || !sid.equals(vm.getVncPassword())) {
s_logger.warn("sid " + sid + " in url does not match stored sid " + vm.getVncPassword());
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
return new ConsoleAccessAuthenticationAnswer(cmd, true);
}
@Override
public void onAgentConnect(HostVO host, StartupCommand cmd) {
}
@Override
public void onAgentDisconnect(long agentId, Status state) {
}
@Override
public ConsoleProxyVO startProxy(long proxyVmId) {
@ -269,91 +208,8 @@ public class AgentBasedConsoleProxyManager extends ManagerBase implements Consol
public void resumeLastManagementState() {
}
@Override
public void startAgentHttpHandlerInVM(StartupProxyCommand startupCmd) {
}
@Override
public String getName() {
return _name;
}
@Override
public Long convertToId(String vmName) {
if (!VirtualMachineName.isValidConsoleProxyName(vmName, _instance)) {
return null;
}
return VirtualMachineName.getConsoleProxyId(vmName);
}
@Override
public ConsoleProxyVO findByName(String name) {
// TODO Auto-generated method stub
return null;
}
@Override
public ConsoleProxyVO findById(long id) {
// TODO Auto-generated method stub
return null;
}
@Override
public ConsoleProxyVO persist(ConsoleProxyVO vm) {
// TODO Auto-generated method stub
return null;
}
@Override
public boolean finalizeVirtualMachineProfile(VirtualMachineProfile<ConsoleProxyVO> profile, DeployDestination dest, ReservationContext context) {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean finalizeDeployment(Commands cmds, VirtualMachineProfile<ConsoleProxyVO> profile, DeployDestination dest, ReservationContext context) {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean finalizeCommandsOnStart(Commands cmds, VirtualMachineProfile<ConsoleProxyVO> profile) {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean finalizeStart(VirtualMachineProfile<ConsoleProxyVO> profile, long hostId, Commands cmds, ReservationContext context) {
// TODO Auto-generated method stub
return false;
}
@Override
public void finalizeStop(VirtualMachineProfile<ConsoleProxyVO> profile, StopAnswer answer) {
// TODO Auto-generated method stub
}
@Override
public void finalizeExpunge(ConsoleProxyVO proxy) {
}
@Override
public boolean plugNic(Network network, NicTO nic, VirtualMachineTO vm,
ReservationContext context, DeployDestination dest) throws ConcurrentOperationException, ResourceUnavailableException,
InsufficientCapacityException {
//not supported
throw new UnsupportedOperationException("Plug nic is not supported for vm of type " + vm.getType());
}
@Override
public boolean unplugNic(Network network, NicTO nic, VirtualMachineTO vm,
ReservationContext context, DeployDestination dest) throws ConcurrentOperationException, ResourceUnavailableException {
//not supported
throw new UnsupportedOperationException("Unplug nic is not supported for vm of type " + vm.getType());
}
@Override
public void prepareStop(VirtualMachineProfile<ConsoleProxyVO> profile) {
}
}

298
server/src/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java.orig Executable file
View File

@ -0,0 +1,298 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.consoleproxy;
import java.util.Map;
import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.GetVncPortAnswer;
import com.cloud.agent.api.GetVncPortCommand;
import com.cloud.agent.api.StartupProxyCommand;
import com.cloud.configuration.dao.ConfigurationDao;
import com.cloud.host.HostVO;
import com.cloud.host.dao.HostDao;
import com.cloud.info.ConsoleProxyInfo;
import com.cloud.keystore.KeystoreManager;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.component.ManagerBase;
import com.cloud.vm.ConsoleProxyVO;
import com.cloud.vm.UserVmVO;
import com.cloud.vm.VMInstanceVO;
import com.cloud.vm.VirtualMachineManager;
import com.cloud.vm.dao.ConsoleProxyDao;
import com.cloud.vm.dao.UserVmDao;
import com.cloud.vm.dao.VMInstanceDao;
@Local(value = { ConsoleProxyManager.class })
public class AgentBasedConsoleProxyManager extends ManagerBase implements ConsoleProxyManager {
private static final Logger s_logger = Logger.getLogger(AgentBasedConsoleProxyManager.class);
@Inject
protected HostDao _hostDao;
@Inject
protected UserVmDao _userVmDao;
private String _instance;
protected String _consoleProxyUrlDomain;
@Inject
private VMInstanceDao _instanceDao;
private ConsoleProxyListener _listener;
protected int _consoleProxyUrlPort = ConsoleProxyManager.DEFAULT_PROXY_URL_PORT;
protected int _consoleProxyPort = ConsoleProxyManager.DEFAULT_PROXY_VNC_PORT;
protected boolean _sslEnabled = false;
@Inject
AgentManager _agentMgr;
@Inject
VirtualMachineManager _itMgr;
@Inject
protected ConsoleProxyDao _cpDao;
@Inject
protected KeystoreManager _ksMgr;
@Inject ConfigurationDao _configDao;
public class AgentBasedAgentHook extends AgentHookBase {
public AgentBasedAgentHook(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao,
KeystoreManager ksMgr, AgentManager agentMgr) {
super(instanceDao, hostDao, cfgDao, ksMgr, agentMgr);
}
@Override
protected HostVO findConsoleProxyHost(StartupProxyCommand cmd) {
return _hostDao.findByGuid(cmd.getGuid());
}
}
public int getVncPort(VMInstanceVO vm) {
if (vm.getHostId() == null) {
return -1;
}
GetVncPortAnswer answer = (GetVncPortAnswer) _agentMgr.easySend(vm.getHostId(), new GetVncPortCommand(vm.getId(), vm.getHostName()));
return (answer == null || !answer.getResult()) ? -1 : answer.getPort();
}
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
if (s_logger.isInfoEnabled()) {
s_logger.info("Start configuring AgentBasedConsoleProxyManager");
}
Map<String, String> configs = _configDao.getConfiguration("management-server", params);
String value = configs.get("consoleproxy.url.port");
if (value != null) {
_consoleProxyUrlPort = NumbersUtil.parseInt(value, ConsoleProxyManager.DEFAULT_PROXY_URL_PORT);
}
value = configs.get("consoleproxy.port");
if (value != null) {
_consoleProxyPort = NumbersUtil.parseInt(value, ConsoleProxyManager.DEFAULT_PROXY_VNC_PORT);
}
value = configs.get("consoleproxy.sslEnabled");
if (value != null && value.equalsIgnoreCase("true")) {
_sslEnabled = true;
}
_instance = configs.get("instance.name");
_consoleProxyUrlDomain = configs.get("consoleproxy.url.domain");
_listener =
new ConsoleProxyListener(new AgentBasedAgentHook(_instanceDao, _hostDao, _configDao, _ksMgr, _agentMgr));
_agentMgr.registerForHostEvents(_listener, true, true, false);
if (s_logger.isInfoEnabled()) {
s_logger.info("AgentBasedConsoleProxyManager has been configured. SSL enabled: " + _sslEnabled);
}
return true;
}
HostVO findHost(VMInstanceVO vm) {
return _hostDao.findById(vm.getHostId());
}
@Override
public ConsoleProxyInfo assignProxy(long dataCenterId, long userVmId) {
UserVmVO userVm = _userVmDao.findById(userVmId);
if (userVm == null) {
s_logger.warn("User VM " + userVmId + " no longer exists, return a null proxy for user vm:" + userVmId);
return null;
}
HostVO host = findHost(userVm);
if (host != null) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Assign embedded console proxy running at " + host.getName() + " to user vm " + userVmId + " with public IP "
+ host.getPublicIpAddress());
}
// only private IP, public IP, host id have meaningful values, rest
// of all are place-holder values
String publicIp = host.getPublicIpAddress();
if (publicIp == null) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Host " + host.getName() + "/" + host.getPrivateIpAddress()
+ " does not have public interface, we will return its private IP for cosole proxy.");
}
publicIp = host.getPrivateIpAddress();
}
int urlPort = _consoleProxyUrlPort;
if (host.getProxyPort() != null && host.getProxyPort().intValue() > 0) {
urlPort = host.getProxyPort().intValue();
}
return new ConsoleProxyInfo(_sslEnabled, publicIp, _consoleProxyPort, urlPort, _consoleProxyUrlDomain);
} else {
s_logger.warn("Host that VM is running is no longer available, console access to VM " + userVmId + " will be temporarily unavailable.");
}
return null;
}
@Override
public ConsoleProxyVO startProxy(long proxyVmId) {
return null;
}
@Override
public boolean destroyProxy(long proxyVmId) {
return false;
}
@Override
public boolean rebootProxy(long proxyVmId) {
return false;
}
@Override
public boolean stopProxy(long proxyVmId) {
return false;
}
@Override
public void setManagementState(ConsoleProxyManagementState state) {
}
@Override
public ConsoleProxyManagementState getManagementState() {
return null;
}
@Override
public void resumeLastManagementState() {
}
@Override
public String getName() {
return _name;
}
<<<<<<< HEAD
@Override
public Long convertToId(String vmName) {
if (!VirtualMachineName.isValidConsoleProxyName(vmName, _instance)) {
return null;
}
return VirtualMachineName.getConsoleProxyId(vmName);
}
@Override
public ConsoleProxyVO findByName(String name) {
// TODO Auto-generated method stub
return null;
}
@Override
public ConsoleProxyVO findById(long id) {
// TODO Auto-generated method stub
return null;
}
@Override
public ConsoleProxyVO persist(ConsoleProxyVO vm) {
// TODO Auto-generated method stub
return null;
}
@Override
public boolean finalizeVirtualMachineProfile(VirtualMachineProfile<ConsoleProxyVO> profile, DeployDestination dest, ReservationContext context) {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean finalizeDeployment(Commands cmds, VirtualMachineProfile<ConsoleProxyVO> profile, DeployDestination dest, ReservationContext context) {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean finalizeCommandsOnStart(Commands cmds, VirtualMachineProfile<ConsoleProxyVO> profile) {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean finalizeStart(VirtualMachineProfile<ConsoleProxyVO> profile, long hostId, Commands cmds, ReservationContext context) {
// TODO Auto-generated method stub
return false;
}
@Override
public void finalizeStop(VirtualMachineProfile<ConsoleProxyVO> profile, StopAnswer answer) {
// TODO Auto-generated method stub
}
@Override
public void finalizeExpunge(ConsoleProxyVO proxy) {
}
@Override
public boolean plugNic(Network network, NicTO nic, VirtualMachineTO vm,
ReservationContext context, DeployDestination dest) throws ConcurrentOperationException, ResourceUnavailableException,
InsufficientCapacityException {
//not supported
throw new UnsupportedOperationException("Plug nic is not supported for vm of type " + vm.getType());
}
@Override
public boolean unplugNic(Network network, NicTO nic, VirtualMachineTO vm,
ReservationContext context, DeployDestination dest) throws ConcurrentOperationException, ResourceUnavailableException {
//not supported
throw new UnsupportedOperationException("Unplug nic is not supported for vm of type " + vm.getType());
}
@Override
public void prepareStop(VirtualMachineProfile<ConsoleProxyVO> profile) {
}
}
=======
}
>>>>>>> QuickCloud: refactor to avoid copy paste of authentication and startup code

266
server/src/com/cloud/consoleproxy/AgentHookBase.java Normal file
View File

@ -0,0 +1,266 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.consoleproxy;
import java.util.Date;
import java.util.Random;
import java.util.UUID;
import org.apache.log4j.Logger;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.AgentControlAnswer;
import com.cloud.agent.api.Answer;
import com.cloud.agent.api.ConsoleAccessAuthenticationAnswer;
import com.cloud.agent.api.ConsoleAccessAuthenticationCommand;
import com.cloud.agent.api.ConsoleProxyLoadReportCommand;
import com.cloud.agent.api.GetVncPortAnswer;
import com.cloud.agent.api.GetVncPortCommand;
import com.cloud.agent.api.StartupCommand;
import com.cloud.agent.api.StartupProxyCommand;
import com.cloud.agent.api.proxy.StartConsoleProxyAgentHttpHandlerCommand;
import com.cloud.configuration.Config;
import com.cloud.configuration.dao.ConfigurationDao;
import com.cloud.exception.AgentUnavailableException;
import com.cloud.exception.OperationTimedoutException;
import com.cloud.host.HostVO;
import com.cloud.host.Status;
import com.cloud.host.dao.HostDao;
import com.cloud.keystore.KeystoreManager;
import com.cloud.servlet.ConsoleProxyServlet;
import com.cloud.utils.Ternary;
import com.cloud.vm.VirtualMachine;
import com.cloud.vm.dao.VMInstanceDao;
/**
* Utility class to manage interactions with agent-based console access
* Extracted from ConsoleProxyManagerImpl so that other console proxy managers
* can reuse
*/
public abstract class AgentHookBase implements AgentHook {
private static final Logger s_logger = Logger.getLogger(AgentHookBase.class);
VMInstanceDao _instanceDao;
HostDao _hostDao;
ConfigurationDao _configDao;
AgentManager _agentMgr;
KeystoreManager _ksMgr;
final Random _random = new Random(System.currentTimeMillis());
private String _hashKey;
public AgentHookBase(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao, KeystoreManager ksMgr,
AgentManager agentMgr) {
this._instanceDao = instanceDao;
this._hostDao = hostDao;
this._agentMgr = agentMgr;
this._configDao = cfgDao;
this._ksMgr = ksMgr;
}
public String getHashKey() {
// although we may have race condition here, database transaction
// serialization should give us the same key
if (_hashKey == null) {
_hashKey =
_configDao.getValueAndInitIfNotExist(Config.HashKey.key(), Config.HashKey.getCategory(), UUID
.randomUUID().toString());
}
return _hashKey;
}
public AgentControlAnswer onConsoleAccessAuthentication(ConsoleAccessAuthenticationCommand cmd) {
Long vmId = null;
String ticketInUrl = cmd.getTicket();
if (ticketInUrl == null) {
s_logger.error("Access ticket could not be found, you could be running an old version of console proxy. vmId: "
+ cmd.getVmId());
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
if (s_logger.isDebugEnabled()) {
s_logger.debug("Console authentication. Ticket in url for " + cmd.getHost() + ":" + cmd.getPort() + "-"
+ cmd.getVmId() + " is " + ticketInUrl);
}
if (!cmd.isReauthenticating()) {
String ticket =
ConsoleProxyServlet.genAccessTicket(cmd.getHost(), cmd.getPort(), cmd.getSid(), cmd.getVmId());
if (s_logger.isDebugEnabled()) {
s_logger.debug("Console authentication. Ticket in 1 minute boundary for " + cmd.getHost() + ":"
+ cmd.getPort() + "-" + cmd.getVmId() + " is " + ticket);
}
if (!ticket.equals(ticketInUrl)) {
Date now = new Date();
// considering of minute round-up
String minuteEarlyTicket =
ConsoleProxyServlet.genAccessTicket(cmd.getHost(), cmd.getPort(), cmd.getSid(), cmd.getVmId(),
new Date(now.getTime() - 60 * 1000));
if (s_logger.isDebugEnabled()) {
s_logger.debug("Console authentication. Ticket in 2-minute boundary for " + cmd.getHost() + ":"
+ cmd.getPort() + "-" + cmd.getVmId() + " is " + minuteEarlyTicket);
}
if (!minuteEarlyTicket.equals(ticketInUrl)) {
s_logger.error("Access ticket expired or has been modified. vmId: " + cmd.getVmId()
+ "ticket in URL: " + ticketInUrl + ", tickets to check against: " + ticket + ","
+ minuteEarlyTicket);
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
}
}
if (cmd.getVmId() != null && cmd.getVmId().isEmpty()) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Invalid vm id sent from proxy(happens when proxy session has terminated)");
}
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
VirtualMachine vm = _instanceDao.findByUuid(cmd.getVmId());
if (vm == null) {
vm = _instanceDao.findById(Long.parseLong(cmd.getVmId()));
}
if (vm == null) {
s_logger.error("Invalid vm id " + cmd.getVmId() + " sent from console access authentication");
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
if (vm.getHostId() == null) {
s_logger.warn("VM " + vmId + " lost host info, failed authentication request");
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
HostVO host = _hostDao.findById(vm.getHostId());
if (host == null) {
s_logger.warn("VM " + vmId + "'s host does not exist, fail authentication request");
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
String sid = cmd.getSid();
if (sid == null || !sid.equals(vm.getVncPassword())) {
s_logger.warn("sid " + sid + " in url does not match stored sid " + vm.getVncPassword());
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
if (cmd.isReauthenticating()) {
ConsoleAccessAuthenticationAnswer authenticationAnswer = new ConsoleAccessAuthenticationAnswer(cmd, true);
authenticationAnswer.setReauthenticating(true);
s_logger.info("Re-authentication request, ask host " + vm.getHostId() + " for new console info");
GetVncPortAnswer answer =
(GetVncPortAnswer) _agentMgr.easySend(vm.getHostId(),
new GetVncPortCommand(vm.getId(), vm.getInstanceName()));
if (answer != null && answer.getResult()) {
Ternary<String, String, String> parsedHostInfo = ConsoleProxyServlet.parseHostInfo(answer.getAddress());
if (parsedHostInfo.second() != null && parsedHostInfo.third() != null) {
s_logger.info("Re-authentication result. vm: " + vm.getId() + ", tunnel url: "
+ parsedHostInfo.second() + ", tunnel session: " + parsedHostInfo.third());
authenticationAnswer.setTunnelUrl(parsedHostInfo.second());
authenticationAnswer.setTunnelSession(parsedHostInfo.third());
} else {
s_logger.info("Re-authentication result. vm: " + vm.getId() + ", host address: "
+ parsedHostInfo.first() + ", port: " + answer.getPort());
authenticationAnswer.setHost(parsedHostInfo.first());
authenticationAnswer.setPort(answer.getPort());
}
} else {
s_logger.warn("Re-authentication request failed");
authenticationAnswer.setSuccess(false);
}
return authenticationAnswer;
}
return new ConsoleAccessAuthenticationAnswer(cmd, true);
}
public void startAgentHttpHandlerInVM(StartupProxyCommand startupCmd) {
StartConsoleProxyAgentHttpHandlerCommand cmd = null;
if (_configDao.isPremium()) {
String storePassword = String.valueOf(_random.nextLong());
byte[] ksBits =
_ksMgr.getKeystoreBits(ConsoleProxyManager.CERTIFICATE_NAME, ConsoleProxyManager.CERTIFICATE_NAME,
storePassword);
assert (ksBits != null);
if (ksBits == null) {
s_logger.error("Could not find and construct a valid SSL certificate");
}
cmd = new StartConsoleProxyAgentHttpHandlerCommand(ksBits, storePassword);
cmd.setEncryptorPassword(getHashKey());
} else {
cmd = new StartConsoleProxyAgentHttpHandlerCommand();
cmd.setEncryptorPassword(getHashKey());
}
try {
HostVO consoleProxyHost = findConsoleProxyHost(startupCmd);
assert (consoleProxyHost != null);
Answer answer = _agentMgr.send(consoleProxyHost.getId(), cmd);
if (answer == null || !answer.getResult()) {
s_logger.error("Console proxy agent reported that it failed to execute http handling startup command");
} else {
s_logger.info("Successfully sent out command to start HTTP handling in console proxy agent");
}
} catch (AgentUnavailableException e) {
s_logger.error("Unable to send http handling startup command to the console proxy resource for proxy:"
+ startupCmd.getProxyVmId(), e);
} catch (OperationTimedoutException e) {
s_logger.error(
"Unable to send http handling startup command(time out) to the console proxy resource for proxy:"
+ startupCmd.getProxyVmId(), e);
} catch (OutOfMemoryError e) {
s_logger.error("Unrecoverable OutOfMemory Error, exit and let it be re-launched");
System.exit(1);
} catch (Exception e) {
s_logger.error(
"Unexpected exception when sending http handling startup command(time out) to the console proxy resource for proxy:"
+ startupCmd.getProxyVmId(), e);
}
}
protected abstract HostVO findConsoleProxyHost(StartupProxyCommand cmd);
@Override
public void onLoadReport(ConsoleProxyLoadReportCommand cmd) {
// no-op since we do not auto-scale
}
@Override
public void onAgentConnect(HostVO host, StartupCommand cmd) {
// no-op
}
@Override
public void onAgentDisconnect(long agentId, Status state) {
// no-op since we do not autoscale
}
}

17
server/src/com/cloud/consoleproxy/ConsoleProxyManager.java
View File

@ -16,17 +16,9 @@
// under the License.
package com.cloud.consoleproxy;
import com.cloud.agent.api.AgentControlAnswer;
import com.cloud.agent.api.ConsoleAccessAuthenticationCommand;
import com.cloud.agent.api.ConsoleProxyLoadReportCommand;
import com.cloud.agent.api.StartupCommand;
import com.cloud.host.HostVO;
import com.cloud.host.Status;
import com.cloud.host.Host.Type;
import com.cloud.info.ConsoleProxyInfo;
import com.cloud.utils.component.Manager;
import com.cloud.vm.ConsoleProxyVO;
public interface ConsoleProxyManager extends Manager {
public interface ConsoleProxyManager extends Manager, ConsoleProxyService {
public static final int DEFAULT_PROXY_CAPACITY = 50;
public static final int DEFAULT_STANDBY_CAPACITY = 10;
@ -45,16 +37,9 @@ public interface ConsoleProxyManager extends Manager {
public ConsoleProxyManagementState getManagementState();
public void resumeLastManagementState();
public ConsoleProxyInfo assignProxy(long dataCenterId, long userVmId);
public ConsoleProxyVO startProxy(long proxyVmId);
public boolean stopProxy(long proxyVmId);
public boolean rebootProxy(long proxyVmId);
public boolean destroyProxy(long proxyVmId);
public void onLoadReport(ConsoleProxyLoadReportCommand cmd);
public AgentControlAnswer onConsoleAccessAuthentication(ConsoleAccessAuthenticationCommand cmd);
public void onAgentConnect(HostVO host, StartupCommand cmd);
public void onAgentDisconnect(long agentId, Status state);
}

380
server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
View File

@ -23,26 +23,19 @@ import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.UUID;
import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao;
import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
import org.apache.log4j.Logger;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.AgentControlAnswer;
import com.cloud.agent.api.Answer;
import com.cloud.agent.api.ConsoleAccessAuthenticationAnswer;
import com.cloud.agent.api.ConsoleAccessAuthenticationCommand;
import com.cloud.agent.api.ConsoleProxyLoadReportCommand;
import com.cloud.agent.api.GetVncPortAnswer;
import com.cloud.agent.api.GetVncPortCommand;
import com.cloud.agent.api.RebootCommand;
import com.cloud.agent.api.StartupCommand;
import com.cloud.agent.api.StartupProxyCommand;
@ -50,11 +43,9 @@ import com.cloud.agent.api.StopAnswer;
import com.cloud.agent.api.check.CheckSshAnswer;
import com.cloud.agent.api.check.CheckSshCommand;
import com.cloud.agent.api.proxy.ConsoleProxyLoadAnswer;
import com.cloud.agent.api.proxy.StartConsoleProxyAgentHttpHandlerCommand;
import com.cloud.agent.api.to.NicTO;
import com.cloud.agent.api.to.VirtualMachineTO;
import com.cloud.agent.manager.Commands;
import com.cloud.api.commands.DestroyConsoleProxyCmd;
import com.cloud.certificate.dao.CertificateDao;
import com.cloud.cluster.ClusterManager;
import com.cloud.configuration.Config;
@ -68,11 +59,8 @@ import com.cloud.dc.dao.DataCenterDao;
import com.cloud.dc.dao.HostPodDao;
import com.cloud.deploy.DataCenterDeployment;
import com.cloud.deploy.DeployDestination;
import com.cloud.exception.AgentUnavailableException;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.OperationTimedoutException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.exception.StorageUnavailableException;
import com.cloud.host.Host;
@ -109,12 +97,11 @@ import com.cloud.resource.ServerResource;
import com.cloud.resource.UnableDeleteHostException;
import com.cloud.service.ServiceOfferingVO;
import com.cloud.service.dao.ServiceOfferingDao;
import com.cloud.servlet.ConsoleProxyServlet;
import com.cloud.storage.StorageManager;
import com.cloud.storage.StoragePoolStatus;
import com.cloud.storage.VMTemplateHostVO;
import com.cloud.storage.VMTemplateVO;
import com.cloud.storage.VMTemplateStorageResourceAssoc.Status;
import com.cloud.storage.VMTemplateVO;
import com.cloud.storage.dao.DiskOfferingDao;
import com.cloud.storage.dao.VMTemplateDao;
import com.cloud.storage.dao.VMTemplateHostDao;
@ -126,8 +113,6 @@ import com.cloud.user.UserContext;
import com.cloud.utils.DateUtil;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.Pair;
import com.cloud.utils.Ternary;
import com.cloud.utils.component.Manager;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.GlobalLock;
@ -170,7 +155,8 @@ import com.google.gson.GsonBuilder;
// because sooner or later, it will be driven into Running state
//
@Local(value = { ConsoleProxyManager.class, ConsoleProxyService.class })
public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxyManager, ConsoleProxyService, AgentHook, VirtualMachineGuru<ConsoleProxyVO>, SystemVmLoadScanHandler<Long>, ResourceStateAdapter {
public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxyManager,
VirtualMachineGuru<ConsoleProxyVO>, SystemVmLoadScanHandler<Long>, ResourceStateAdapter {
private static final Logger s_logger = Logger.getLogger(ConsoleProxyManagerImpl.class);
private static final int DEFAULT_CAPACITY_SCAN_INTERVAL = 30000; // 30 seconds
@ -458,7 +444,131 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
private KeystoreDao _ksDao;
@Inject
private KeystoreManager _ksMgr;
private final Random _random = new Random(System.currentTimeMillis());
public class VmBasedAgentHook extends AgentHookBase {
public VmBasedAgentHook(VMInstanceDao instanceDao, HostDao hostDao, ConfigurationDao cfgDao,
KeystoreManager ksMgr, AgentManager agentMgr) {
super(instanceDao, hostDao, cfgDao, ksMgr, agentMgr);
}
@Override
public void onLoadReport(ConsoleProxyLoadReportCommand cmd) {
if (cmd.getLoadInfo() == null) {
return;
}
ConsoleProxyStatus status = null;
try {
GsonBuilder gb = new GsonBuilder();
gb.setVersion(1.3);
Gson gson = gb.create();
status = gson.fromJson(cmd.getLoadInfo(), ConsoleProxyStatus.class);
} catch (Throwable e) {
s_logger.warn("Unable to parse load info from proxy, proxy vm id : " + cmd.getProxyVmId() + ", info : " + cmd.getLoadInfo());
}
if (status != null) {
int count = 0;
if (status.getConnections() != null) {
count = status.getConnections().length;
}
byte[] details = null;
if (cmd.getLoadInfo() != null) {
details = cmd.getLoadInfo().getBytes(Charset.forName("US-ASCII"));
}
_consoleProxyDao.update(cmd.getProxyVmId(), count, DateUtil.currentGMTTime(), details);
} else {
if (s_logger.isTraceEnabled()) {
s_logger.trace("Unable to get console proxy load info, id : " + cmd.getProxyVmId());
}
_consoleProxyDao.update(cmd.getProxyVmId(), 0, DateUtil.currentGMTTime(), null);
}
}
@Override
public void onAgentConnect(HostVO host, StartupCommand cmd) {
// no-op
}
@Override
public void onAgentDisconnect(long agentId, com.cloud.host.Status state) {
if (state == com.cloud.host.Status.Alert || state == com.cloud.host.Status.Disconnected) {
// be it either in alert or in disconnected state, the agent
// process
// may be gone in the VM,
// we will be reacting to stop the corresponding VM and let the
// scan
// process to
HostVO host = _hostDao.findById(agentId);
if (host.getType() == Type.ConsoleProxy) {
String name = host.getName();
if (s_logger.isInfoEnabled()) {
s_logger.info("Console proxy agent disconnected, proxy: " + name);
}
if (name != null && name.startsWith("v-")) {
String[] tokens = name.split("-");
long proxyVmId = 0;
try {
proxyVmId = Long.parseLong(tokens[1]);
} catch (NumberFormatException e) {
s_logger.error("Unexpected exception " + e.getMessage(), e);
return;
}
final ConsoleProxyVO proxy = _consoleProxyDao.findById(proxyVmId);
if (proxy != null) {
// Disable this feature for now, as it conflicts
// with
// the case of allowing user to reboot console proxy
// when rebooting happens, we will receive
// disconnect
// here and we can't enter into stopping process,
// as when the rebooted one comes up, it will kick
// off a
// newly started one and trigger the process
// continue on forever
/*
* _capacityScanScheduler.execute(new Runnable() {
* public void run() { if(s_logger.isInfoEnabled())
* s_logger.info("Stop console proxy " +
* proxy.getName() +
* " VM because of that the agent running inside it has disconnected"
* ); stopProxy(proxy.getId()); } });
*/
} else {
if (s_logger.isInfoEnabled()) {
s_logger.info("Console proxy agent disconnected but corresponding console proxy VM no longer exists in DB, proxy: "
+ name);
}
}
} else {
assert (false) : "Invalid console proxy name: " + name;
}
}
}
}
@Override
protected HostVO findConsoleProxyHost(StartupProxyCommand startupCmd) {
long proxyVmId = startupCmd.getProxyVmId();
ConsoleProxyVO consoleProxy = _consoleProxyDao.findById(proxyVmId);
if (consoleProxy == null) {
s_logger.info("Proxy " + proxyVmId + " is no longer in DB, skip sending startup command");
return null;
}
assert (consoleProxy != null);
return findConsoleProxyHostByName(consoleProxy.getHostName());
}
}
@Override
public ConsoleProxyInfo assignProxy(final long dataCenterId, final long vmId) {
@ -850,181 +960,9 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
}
}
@Override
public void onLoadReport(ConsoleProxyLoadReportCommand cmd) {
if (cmd.getLoadInfo() == null) {
return;
}
ConsoleProxyStatus status = null;
try {
GsonBuilder gb = new GsonBuilder();
gb.setVersion(1.3);
Gson gson = gb.create();
status = gson.fromJson(cmd.getLoadInfo(), ConsoleProxyStatus.class);
} catch (Throwable e) {
s_logger.warn("Unable to parse load info from proxy, proxy vm id : " + cmd.getProxyVmId() + ", info : " + cmd.getLoadInfo());
}
if (status != null) {
int count = 0;
if (status.getConnections() != null) {
count = status.getConnections().length;
}
byte[] details = null;
if (cmd.getLoadInfo() != null) {
details = cmd.getLoadInfo().getBytes(Charset.forName("US-ASCII"));
}
_consoleProxyDao.update(cmd.getProxyVmId(), count, DateUtil.currentGMTTime(), details);
} else {
if (s_logger.isTraceEnabled()) {
s_logger.trace("Unable to get console proxy load info, id : " + cmd.getProxyVmId());
}
_consoleProxyDao.update(cmd.getProxyVmId(), 0, DateUtil.currentGMTTime(), null);
}
}
@Override
public AgentControlAnswer onConsoleAccessAuthentication(ConsoleAccessAuthenticationCommand cmd) {
Long vmId = null;
String ticketInUrl = cmd.getTicket();
if (ticketInUrl == null) {
s_logger.error("Access ticket could not be found, you could be running an old version of console proxy. vmId: " + cmd.getVmId());
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
if (s_logger.isDebugEnabled()) {
s_logger.debug("Console authentication. Ticket in url for " + cmd.getHost() + ":" + cmd.getPort() + "-" + cmd.getVmId() + " is " + ticketInUrl);
}
if(!cmd.isReauthenticating()) {
String ticket = ConsoleProxyServlet.genAccessTicket(cmd.getHost(), cmd.getPort(), cmd.getSid(), cmd.getVmId());
if (s_logger.isDebugEnabled()) {
s_logger.debug("Console authentication. Ticket in 1 minute boundary for " + cmd.getHost() + ":" + cmd.getPort() + "-" + cmd.getVmId() + " is " + ticket);
}
if (!ticket.equals(ticketInUrl)) {
Date now = new Date();
// considering of minute round-up
String minuteEarlyTicket = ConsoleProxyServlet.genAccessTicket(cmd.getHost(), cmd.getPort(), cmd.getSid(), cmd.getVmId(), new Date(now.getTime() - 60 * 1000));
if (s_logger.isDebugEnabled()) {
s_logger.debug("Console authentication. Ticket in 2-minute boundary for " + cmd.getHost() + ":" + cmd.getPort() + "-" + cmd.getVmId() + " is " + minuteEarlyTicket);
}
if (!minuteEarlyTicket.equals(ticketInUrl)) {
s_logger.error("Access ticket expired or has been modified. vmId: " + cmd.getVmId() + "ticket in URL: " + ticketInUrl + ", tickets to check against: " + ticket + ","
+ minuteEarlyTicket);
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
}
}
if (cmd.getVmId() != null && cmd.getVmId().isEmpty()) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Invalid vm id sent from proxy(happens when proxy session has terminated)");
}
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
VirtualMachine vm = _instanceDao.findByUuid(cmd.getVmId());
if (vm == null) {
vm = _instanceDao.findById(Long.parseLong(cmd.getVmId()));
}
if (vm == null) {
s_logger.error("Invalid vm id " + cmd.getVmId() + " sent from console access authentication");
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
if (vm.getHostId() == null) {
s_logger.warn("VM " + vmId + " lost host info, failed authentication request");
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
HostVO host = _hostDao.findById(vm.getHostId());
if (host == null) {
s_logger.warn("VM " + vmId + "'s host does not exist, fail authentication request");
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
String sid = cmd.getSid();
if (sid == null || !sid.equals(vm.getVncPassword())) {
s_logger.warn("sid " + sid + " in url does not match stored sid " + vm.getVncPassword());
return new ConsoleAccessAuthenticationAnswer(cmd, false);
}
if(cmd.isReauthenticating()) {
ConsoleAccessAuthenticationAnswer authenticationAnswer = new ConsoleAccessAuthenticationAnswer(cmd, true);
authenticationAnswer.setReauthenticating(true);
s_logger.info("Re-authentication request, ask host " + vm.getHostId() + " for new console info");
GetVncPortAnswer answer = (GetVncPortAnswer) _agentMgr.easySend(vm.getHostId(), new
GetVncPortCommand(vm.getId(), vm.getInstanceName()));
if (answer != null && answer.getResult()) {
Ternary<String, String, String> parsedHostInfo = ConsoleProxyServlet.parseHostInfo(answer.getAddress());
if(parsedHostInfo.second() != null && parsedHostInfo.third() != null) {
s_logger.info("Re-authentication result. vm: " + vm.getId() + ", tunnel url: " + parsedHostInfo.second()
+ ", tunnel session: " + parsedHostInfo.third());
authenticationAnswer.setTunnelUrl(parsedHostInfo.second());
authenticationAnswer.setTunnelSession(parsedHostInfo.third());
} else {
s_logger.info("Re-authentication result. vm: " + vm.getId() + ", host address: " + parsedHostInfo.first()
+ ", port: " + answer.getPort());
authenticationAnswer.setHost(parsedHostInfo.first());
authenticationAnswer.setPort(answer.getPort());
}
} else {
s_logger.warn("Re-authentication request failed");
authenticationAnswer.setSuccess(false);
}
return authenticationAnswer;
}
return new ConsoleAccessAuthenticationAnswer(cmd, true);
}
@Override
public void onAgentConnect(HostVO host, StartupCommand cmd) {
// if (host.getType() == Type.ConsoleProxy) {
// // TODO we can use this event to mark the proxy is up and
// // functioning instead of
// // pinging the console proxy VM command port
// //
// // for now, just log a message
// if (s_logger.isInfoEnabled()) {
// s_logger.info("Console proxy agent is connected. proxy: " + host.getName());
// }
//
// /* update public/private ip address */
// if (_IpAllocator != null && _IpAllocator.exteralIpAddressAllocatorEnabled()) {
// try {
// ConsoleProxyVO console = findConsoleProxyByHost(host);
// if (console == null) {
// s_logger.debug("Can't find console proxy ");
// return;
// }
// console.setPrivateIpAddress(cmd.getPrivateIpAddress());
// console.setPublicIpAddress(cmd.getPublicIpAddress());
// console.setPublicNetmask(cmd.getPublicNetmask());
// _consoleProxyDao.persist(console);
// } catch (NumberFormatException e) {
// }
// }
// }
}
@Override
public void onAgentDisconnect(long agentId, com.cloud.host.Status state) {
public void handleAgentDisconnect(long agentId, com.cloud.host.Status state) {
if (state == com.cloud.host.Status.Alert || state == com.cloud.host.Status.Disconnected) {
// be it either in alert or in disconnected state, the agent process
// may be gone in the VM,
@ -1499,7 +1437,9 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
value = agentMgrConfigs.get("port");
_mgmt_port = NumbersUtil.parseInt(value, 8250);
_listener = new ConsoleProxyListener(this);
_listener =
new ConsoleProxyListener(new VmBasedAgentHook(_instanceDao, _hostDao, _configDao, _ksMgr,
_agentMgr));
_agentMgr.registerForHostEvents(_listener, true, true, false);
_itMgr.registerGuru(VirtualMachine.Type.ConsoleProxy, this);
@ -1549,18 +1489,7 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
return true;
}
@Override
public boolean destroyConsoleProxy(DestroyConsoleProxyCmd cmd) throws ServerApiException {
Long proxyId = cmd.getId();
// verify parameters
ConsoleProxyVO proxy = _consoleProxyDao.findById(proxyId);
if (proxy == null) {
throw new InvalidParameterValueException("unable to find a console proxy with id " + proxyId);
}
return destroyProxy(proxyId);
}
protected ConsoleProxyManagerImpl() {
}
@ -1733,52 +1662,7 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
_consoleProxyDao.update(proxy.getId(), proxy);
}
@Override
public void startAgentHttpHandlerInVM(StartupProxyCommand startupCmd) {
StartConsoleProxyAgentHttpHandlerCommand cmd = null;
if (_configDao.isPremium()) {
String storePassword = String.valueOf(_random.nextLong());
byte[] ksBits = _ksMgr.getKeystoreBits(ConsoleProxyManager.CERTIFICATE_NAME, ConsoleProxyManager.CERTIFICATE_NAME, storePassword);
assert (ksBits != null);
if (ksBits == null) {
s_logger.error("Could not find and construct a valid SSL certificate");
}
cmd = new StartConsoleProxyAgentHttpHandlerCommand(ksBits, storePassword);
cmd.setEncryptorPassword(getHashKey());
} else {
cmd = new StartConsoleProxyAgentHttpHandlerCommand();
cmd.setEncryptorPassword(getHashKey());
}
try {
long proxyVmId = startupCmd.getProxyVmId();
ConsoleProxyVO consoleProxy = _consoleProxyDao.findById(proxyVmId);
if (consoleProxy == null) {
s_logger.info("Proxy " + proxyVmId + " is no longer in DB, skip sending startup command");
return;
}
assert (consoleProxy != null);
HostVO consoleProxyHost = findConsoleProxyHostByName(consoleProxy.getHostName());
Answer answer = _agentMgr.send(consoleProxyHost.getId(), cmd);
if (answer == null || !answer.getResult()) {
s_logger.error("Console proxy agent reported that it failed to execute http handling startup command");
} else {
s_logger.info("Successfully sent out command to start HTTP handling in console proxy agent");
}
} catch (AgentUnavailableException e) {
s_logger.error("Unable to send http handling startup command to the console proxy resource for proxy:" + startupCmd.getProxyVmId(), e);
} catch (OperationTimedoutException e) {
s_logger.error("Unable to send http handling startup command(time out) to the console proxy resource for proxy:" + startupCmd.getProxyVmId(), e);
} catch (OutOfMemoryError e) {
s_logger.error("Unrecoverable OutOfMemory Error, exit and let it be re-launched");
System.exit(1);
} catch (Exception e) {
s_logger.error("Unexpected exception when sending http handling startup command(time out) to the console proxy resource for proxy:" + startupCmd.getProxyVmId(), e);
}
}
@Override
public ConsoleProxyVO persist(ConsoleProxyVO proxy) {

8
api/src/com/cloud/consoleproxy/ConsoleProxyService.java → server/src/com/cloud/consoleproxy/ConsoleProxyService.java
View File

@ -16,8 +16,10 @@
// under the License.
package com.cloud.consoleproxy;
import com.cloud.api.commands.DestroyConsoleProxyCmd;
import com.cloud.info.ConsoleProxyInfo;
public interface ConsoleProxyService {
boolean destroyConsoleProxy(DestroyConsoleProxyCmd cmd);
}
public abstract ConsoleProxyInfo assignProxy(long dataCenterId, long userVmId);
}

84
server/src/com/cloud/consoleproxy/StaticConsoleProxyManager.java
View File

@ -16,29 +16,59 @@
// under the License.
package com.cloud.consoleproxy;
import java.util.List;
import java.util.Map;
import java.util.Random;
import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
import org.springframework.stereotype.Component;
import org.apache.log4j.Logger;
import com.cloud.agent.api.StartupCommand;
import com.cloud.agent.api.StartupProxyCommand;
import com.cloud.configuration.dao.ConfigurationDao;
import com.cloud.host.Host.Type;
import com.cloud.host.HostVO;
import com.cloud.host.dao.HostDao;
import com.cloud.info.ConsoleProxyInfo;
import com.cloud.keystore.KeystoreDao;
import com.cloud.keystore.KeystoreManager;
import com.cloud.resource.ResourceManager;
import com.cloud.resource.ResourceStateAdapter;
import com.cloud.resource.ServerResource;
import com.cloud.resource.UnableDeleteHostException;
import com.cloud.utils.NumbersUtil;
import com.cloud.vm.VMInstanceVO;
import com.cloud.vm.dao.ConsoleProxyDao;
import com.cloud.vm.dao.VMInstanceDao;
@Local(value={ConsoleProxyManager.class})
public class StaticConsoleProxyManager extends AgentBasedConsoleProxyManager implements ConsoleProxyManager {
String _ip = null;
@Inject ConsoleProxyDao _proxyDao;
@Inject ResourceManager _resourceMgr;
@Inject ConfigurationDao _configDao;
public class StaticConsoleProxyManager extends AgentBasedConsoleProxyManager implements ConsoleProxyManager,
ResourceStateAdapter {
private static final Logger s_logger = Logger.getLogger(StaticConsoleProxyManager.class);
@Inject
ConsoleProxyDao _proxyDao;
@Inject
ResourceManager _resourceMgr;
@Inject
ConfigurationDao _configDao;
@Inject
private VMInstanceDao _instanceDao;
@Inject
KeystoreDao _ksDao;
@Inject
private KeystoreManager _ksMgr;
@Inject
private HostDao _hostDao;
private final Random _random = new Random(System.currentTimeMillis());
private String _hashKey;
private String _ip = null;
@Override
protected HostVO findHost(VMInstanceVO vm) {
@ -50,20 +80,52 @@ public class StaticConsoleProxyManager extends AgentBasedConsoleProxyManager imp
@Override
public ConsoleProxyInfo assignProxy(long dataCenterId, long userVmId) {
return new ConsoleProxyInfo(false, _ip, _consoleProxyPort, _consoleProxyUrlPort, _consoleProxyUrlDomain);
return new ConsoleProxyInfo(_sslEnabled, _ip, _consoleProxyPort, _consoleProxyUrlPort, _consoleProxyUrlDomain);
}
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
super.configure(name, params);
Map<String, String> dbParams = _configDao.getConfiguration("ManagementServer", params);
_ip = dbParams.get("public.ip");
_ip = _configDao.getValue("consoleproxy.static.publicIp");
if (_ip == null) {
_ip = "127.0.0.1";
}
String value = (String) params.get("consoleproxy.sslEnabled");
if (value != null && value.equalsIgnoreCase("true")) {
_sslEnabled = true;
}
int defaultPort = 8088;
if (_sslEnabled)
defaultPort = 8443;
_consoleProxyUrlPort = NumbersUtil.parseInt(_configDao.getValue("consoleproxy.static.port"), defaultPort);
_resourceMgr.registerResourceStateAdapter(this.getClass().getSimpleName(), this);
return true;
}
@Override
public HostVO createHostVOForConnectedAgent(HostVO host, StartupCommand[] cmd) {
if (!(cmd[0] instanceof StartupProxyCommand)) {
return null;
}
host.setType(com.cloud.host.Host.Type.ConsoleProxy);
return host;
}
@Override
public HostVO createHostVOForDirectConnectAgent(HostVO host, StartupCommand[] startup, ServerResource resource,
Map<String, String> details, List<String> hostTags) {
return null;
}
@Override
public DeleteHostAnswer deleteHost(HostVO host, boolean isForced, boolean isForceDeleteStorage)
throws UnableDeleteHostException {
return null;
}
}

39
server/src/com/cloud/deploy/FirstFitPlanner.java
View File

@ -102,7 +102,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
@Inject protected StorageManager _storageMgr;
@Inject DataStoreManager dataStoreMgr;
@Inject protected ClusterDetailsDao _clusterDetailsDao;
protected List<StoragePoolAllocator> _storagePoolAllocators;
public List<StoragePoolAllocator> getStoragePoolAllocators() {
return _storagePoolAllocators;
@ -157,7 +157,8 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
if(plan.getHostId() != null && haVmTag == null){
Long hostIdSpecified = plan.getHostId();
if (s_logger.isDebugEnabled()){
s_logger.debug("DeploymentPlan has host_id specified, making no checks on this host, looks like admin test: "+hostIdSpecified);
s_logger.debug("DeploymentPlan has host_id specified, choosing this host and making no checks on this host: "
+ hostIdSpecified);
}
HostVO host = _hostDao.findById(hostIdSpecified);
if (s_logger.isDebugEnabled()) {
@ -407,9 +408,9 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
}
/**
* This method should reorder the given list of Cluster Ids by applying any necessary heuristic
* This method should reorder the given list of Cluster Ids by applying any necessary heuristic
* for this planner
* For FirstFitPlanner there is no specific heuristic to be applied
* For FirstFitPlanner there is no specific heuristic to be applied
* other than the capacity based ordering which is done by default.
* @return List<Long> ordered list of Cluster Ids
*/
@ -419,9 +420,9 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
}
/**
* This method should reorder the given list of Pod Ids by applying any necessary heuristic
* This method should reorder the given list of Pod Ids by applying any necessary heuristic
* for this planner
* For FirstFitPlanner there is no specific heuristic to be applied
* For FirstFitPlanner there is no specific heuristic to be applied
* other than the capacity based ordering which is done by default.
* @return List<Long> ordered list of Pod Ids
*/
@ -443,7 +444,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
private List<Long> listDisabledPods(long zoneId){
List<Long> disabledPods = _podDao.listDisabledPods(zoneId);
return disabledPods;
}
}
private Map<Short,Float> getCapacityThresholdMap(){
// Lets build this real time so that the admin wont have to restart MS if he changes these values
@ -461,9 +462,9 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
}
private List<Short> getCapacitiesForCheckingThreshold(){
List<Short> capacityList = new ArrayList<Short>();
List<Short> capacityList = new ArrayList<Short>();
capacityList.add(Capacity.CAPACITY_TYPE_CPU);
capacityList.add(Capacity.CAPACITY_TYPE_MEMORY);
capacityList.add(Capacity.CAPACITY_TYPE_MEMORY);
return capacityList;
}
@ -479,7 +480,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
// For each capacity get the cluster list crossing the threshold and remove it from the clusterList that will be used for vm allocation.
for(short capacity : capacityList){
if (clusterListForVmAllocation == null || clusterListForVmAllocation.size() == 0){
return;
}
@ -492,17 +493,17 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
capacityThresholdMap.get(capacity), ram_requested );
}
if (clustersCrossingThreshold != null && clustersCrossingThreshold.size() != 0){
// addToAvoid Set
avoid.addClusterList(clustersCrossingThreshold);
// Remove clusters crossing disabled threshold
clusterListForVmAllocation.removeAll(clustersCrossingThreshold);
s_logger.debug("Cannot allocate cluster list " + clustersCrossingThreshold.toString() + " for vm creation since their allocated percentage" +
" crosses the disable capacity threshold: " + capacityThresholdMap.get(capacity) + " for capacity Type : " + capacity + ", skipping these clusters");
}
}
}
@ -652,7 +653,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
public int compare(Volume v1, Volume v2) {
if(v1.getSize() < v2.getSize())
return 1;
else
else
return -1;
}
});
@ -749,7 +750,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
}else{
pool = (StoragePool)this.dataStoreMgr.getPrimaryDataStore(plan.getPoolId());
}
if(!pool.isInMaintenance()){
if(!avoid.shouldAvoid(pool)){
long exstPoolDcId = pool.getDataCenterId();
@ -781,13 +782,13 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
if(!isRootAdmin(plan.getReservationContext())){
if(!isEnabledForAllocation(plan.getDataCenterId(), plan.getPodId(), plan.getClusterId())){
if(s_logger.isDebugEnabled()){
s_logger.debug("Cannot allocate new storagepool for this volume in this cluster, allocation state is disabled");
s_logger.debug("Cannot allocate new storagepool for this volume in this cluster, allocation state is disabled");
s_logger.debug("Cannot deploy to this specified plan, allocation state is disabled, returning.");
}
//Cannot find suitable storage pools under this cluster for this volume since allocation_state is disabled.
//Cannot find suitable storage pools under this cluster for this volume since allocation_state is disabled.
//- remove any suitable pools found for other volumes.
//All volumes should get suitable pools under this cluster; else we cant use this cluster.
suitableVolumeStoragePools.clear();
suitableVolumeStoragePools.clear();
break;
}
}
@ -877,7 +878,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
super.configure(name, params);
_allocationAlgorithm = _configDao.getValue(Config.VmAllocationAlgorithm.key());
return true;
}
}
private boolean isEnabledForAllocation(long zoneId, Long podId, Long clusterId){
// Check if the zone exists in the system

2
server/src/com/cloud/hypervisor/dao/HypervisorCapabilitiesDao.java
View File

@ -33,4 +33,6 @@ public interface HypervisorCapabilitiesDao extends GenericDao<HypervisorCapabili
Integer getMaxDataVolumesLimit(HypervisorType hypervisorType, String hypervisorVersion);
Integer getMaxHostsPerCluster(HypervisorType hypervisorType, String hypervisorVersion);
Boolean isVmSnapshotEnabled(HypervisorType hypervisorType, String hypervisorVersion);
}

7
server/src/com/cloud/hypervisor/dao/HypervisorCapabilitiesDaoImpl.java
View File

@ -95,4 +95,11 @@ public class HypervisorCapabilitiesDaoImpl extends GenericDaoBase<HypervisorCapa
HypervisorCapabilitiesVO result = getCapabilities(hypervisorType, hypervisorVersion);
return result.getMaxHostsPerCluster();
}
@Override
public Boolean isVmSnapshotEnabled(HypervisorType hypervisorType,
String hypervisorVersion) {
HypervisorCapabilitiesVO result = getCapabilities(hypervisorType, hypervisorVersion);
return result.getVmSnapshotEnabled();
}
}

12
server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java
View File

@ -1,3 +1,4 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
@ -541,8 +542,15 @@ public abstract class ExternalFirewallDeviceManagerImpl extends AdapterBase impl
if (rule.getSourceCidrList() == null && (rule.getPurpose() == Purpose.Firewall || rule.getPurpose() == Purpose.NetworkACL)) {
_fwRulesDao.loadSourceCidrs((FirewallRuleVO)rule);
}
IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr());
FirewallRuleTO ruleTO;
if (rule.getPurpose() == Purpose.Firewall && rule.getTrafficType() == FirewallRule.TrafficType.Egress) {
String guestVlanTag = network.getBroadcastUri().getHost();
String guestCidr = network.getCidr();
ruleTO = new FirewallRuleTO(rule, guestVlanTag, rule.getTrafficType());
} else {
IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr());
}
rulesTO.add(ruleTO);
}

16
server/src/com/cloud/network/NetworkManagerImpl.java
View File

@ -968,9 +968,21 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager, L
// diff between offering #1 and #2 - securityGroup is enabled for the first, and disabled for the third
NetworkOfferingVO offering = null;
if (_networkOfferingDao.findByUniqueName(NetworkOffering.QuickCloudNoServices) == null) {
offering =
_configMgr.createNetworkOffering(NetworkOffering.QuickCloudNoServices,
"Offering for QuickCloud with no services", TrafficType.Guest, null, true,
Availability.Optional, null, new HashMap<Network.Service, Set<Network.Provider>>(), true,
Network.GuestType.Shared, false, null, true, null, true, false);
offering.setState(NetworkOffering.State.Enabled);
_networkOfferingDao.update(offering.getId(), offering);
}
if (_networkOfferingDao.findByUniqueName(NetworkOffering.DefaultSharedNetworkOfferingWithSGService) == null) {
offering = _configMgr.createNetworkOffering(NetworkOffering.DefaultSharedNetworkOfferingWithSGService, "Offering for Shared Security group enabled networks", TrafficType.Guest, null,
true, Availability.Optional, null, defaultSharedNetworkOfferingProviders, true, Network.GuestType.Shared, false, null, true, null, true, false);
offering =
_configMgr.createNetworkOffering(NetworkOffering.DefaultSharedNetworkOfferingWithSGService,
"Offering for Shared Security group enabled networks", TrafficType.Guest, null, true,
Availability.Optional, null, defaultSharedNetworkOfferingProviders, true,
Network.GuestType.Shared, false, null, true, null, true, false);
offering.setState(NetworkOffering.State.Enabled);
_networkOfferingDao.update(offering.getId(), offering);
}

6
server/src/com/cloud/secstorage/PremiumSecondaryStorageManagerImpl.java
View File

@ -25,8 +25,6 @@ import javax.inject.Inject;
import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
import org.springframework.context.annotation.Primary;
import org.springframework.stereotype.Component;
import com.cloud.agent.api.Command;
import com.cloud.configuration.Config;
@ -90,6 +88,10 @@ public class PremiumSecondaryStorageManagerImpl extends SecondaryStorageManagerI
@Override
public Pair<AfterScanAction, Object> scanPool(Long pool) {
long dataCenterId = pool.longValue();
if (!isSecondaryStorageVmRequired(dataCenterId)) {
return new Pair<AfterScanAction, Object>(AfterScanAction.nop, null);
}
Date cutTime = new Date(DateUtil.currentGMTTime().getTime() - _maxExecutionTimeMs);
_cmdExecLogDao.expungeExpiredRecords(cutTime);

11
server/src/com/cloud/storage/download/DownloadMonitorImpl.java
View File

@ -851,7 +851,7 @@ public class DownloadMonitorImpl extends ManagerBase implements DownloadMonitor
TemplateInfo tmpltInfo = templateInfos.remove(uniqueName);
toBeDownloaded.remove(tmplt);
if (tmpltHost != null) {
s_logger.info("Template Sync found " + uniqueName + " already in the template host table");
s_logger.info("Template Sync found " + tmplt.getName() + " already in the template host table");
if (tmpltHost.getDownloadState() != Status.DOWNLOADED) {
tmpltHost.setErrorString("");
}
@ -911,10 +911,12 @@ public class DownloadMonitorImpl extends ManagerBase implements DownloadMonitor
continue;
}
if (tmpltHost != null && tmpltHost.getDownloadState() != Status.DOWNLOADED) {
s_logger.info("Template Sync did not find " + uniqueName + " ready on server " + sserverId + ", will request download to start/resume shortly");
s_logger.info("Template Sync did not find " + tmplt.getName() + " ready on server " + sserverId
+ ", will request download to start/resume shortly");
} else if (tmpltHost == null) {
s_logger.info("Template Sync did not find " + uniqueName + " on the server " + sserverId + ", will request download shortly");
s_logger.info("Template Sync did not find " + tmplt.getName() + " on the server " + sserverId
+ ", will request download shortly");
VMTemplateHostVO templtHost = new VMTemplateHostVO(sserverId, tmplt.getId(), new Date(), 0, Status.NOT_DOWNLOADED, null, null, null, null, tmplt.getUrl());
_vmTemplateHostDao.persist(templtHost);
VMTemplateZoneVO tmpltZoneVO = _vmTemplateZoneDao.findByZoneTemplate(zoneId, tmplt.getId());
@ -964,6 +966,9 @@ public class DownloadMonitorImpl extends ManagerBase implements DownloadMonitor
}
s_logger.debug("Template " + tmplt.getName() + " needs to be downloaded to " + ssHost.getName());
downloadTemplateToStorage(tmplt, ssHost);
} else {
s_logger.info("Skipping download of template " + tmplt.getName() + " since we don't have any "
+ tmplt.getHypervisorType() + " hypervisors");
}
}
}

10
server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
View File

@ -30,8 +30,6 @@ import javax.inject.Inject;
import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
import org.springframework.context.annotation.Primary;
import org.springframework.stereotype.Component;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.Answer;
@ -98,8 +96,8 @@ import com.cloud.service.dao.ServiceOfferingDao;
import com.cloud.storage.SnapshotVO;
import com.cloud.storage.Storage;
import com.cloud.storage.VMTemplateHostVO;
import com.cloud.storage.VMTemplateVO;
import com.cloud.storage.VMTemplateStorageResourceAssoc.Status;
import com.cloud.storage.VMTemplateVO;
import com.cloud.storage.dao.SnapshotDao;
import com.cloud.storage.dao.StoragePoolHostDao;
import com.cloud.storage.dao.VMTemplateDao;
@ -474,7 +472,7 @@ public class SecondaryStorageManagerImpl extends ManagerBase implements Secondar
}
private boolean isSecondaryStorageVmRequired(long dcId) {
protected boolean isSecondaryStorageVmRequired(long dcId) {
DataCenterVO dc = _dcDao.findById(dcId);
_dcDao.loadDetails(dc);
String ssvmReq = dc.getDetail(ZoneConfig.EnableSecStorageVm.key());
@ -1066,10 +1064,10 @@ public class SecondaryStorageManagerImpl extends ManagerBase implements Secondar
buf.append(" resource=com.cloud.storage.resource.PremiumSecondaryStorageResource");
} else {
s_logger.debug("Telling the ssvm to load the NfsSecondaryStorageResource");
buf.append(" resource=com.cloud.storage.resource.NfsSecondaryStorageResource");
buf.append(" resource=org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource");
}
} else {
buf.append(" resource=com.cloud.storage.resource.NfsSecondaryStorageResource");
buf.append(" resource=org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource");
}
buf.append(" instance=SecStorage");
buf.append(" sslcopy=").append(Boolean.toString(_useSSlCopy));

60
server/src/com/cloud/upgrade/dao/Upgrade410to420.java
View File

@ -65,6 +65,7 @@ public class Upgrade410to420 implements DbUpgrade {
updateSystemVmTemplates(conn);
updateCluster_details(conn);
updatePrimaryStore(conn);
addEgressFwRulesForSRXGuestNw(conn);
}
private void updateSystemVmTemplates(Connection conn) {
@ -305,4 +306,63 @@ public class Upgrade410to420 implements DbUpgrade {
}
}
}
private void addEgressFwRulesForSRXGuestNw(Connection conn) {
PreparedStatement pstmt = null;
ResultSet rs = null;
ResultSet rsId = null;
ResultSet rsNw = null;
try {
pstmt = conn.prepareStatement("select network_id FROM `cloud`.`ntwk_service_map` where service='Firewall' and provider='JuniperSRX' ");
rs = pstmt.executeQuery();
while (rs.next()) {
long netId = rs.getLong(1);
//checking for Isolated OR Virtual
pstmt = conn.prepareStatement("select account_id, domain_id FROM `cloud`.`networks` where (guest_type='Isolated' OR guest_type='Virtual') and traffic_type='Guest' and vpc_id is NULL and (state='implemented' OR state='Shutdown') and id=? ");
pstmt.setLong(1, netId);
s_logger.debug("Getting account_id, domain_id from networks table: " + pstmt);
rsNw = pstmt.executeQuery();
if(rsNw.next()) {
long accountId = rsNw.getLong(1);
long domainId = rsNw.getLong(2);
//Add new rule for the existing networks
s_logger.debug("Adding default egress firewall rule for network " + netId);
pstmt = conn.prepareStatement("INSERT INTO firewall_rules (uuid, state, protocol, purpose, account_id, domain_id, network_id, xid, created, traffic_type) VALUES (?, 'Active', 'all', 'Firewall', ?, ?, ?, ?, now(), 'Egress')");
pstmt.setString(1, UUID.randomUUID().toString());
pstmt.setLong(2, accountId);
pstmt.setLong(3, domainId);
pstmt.setLong(4, netId);
pstmt.setString(5, UUID.randomUUID().toString());
s_logger.debug("Inserting default egress firewall rule " + pstmt);
pstmt.executeUpdate();
pstmt = conn.prepareStatement("select id from firewall_rules where protocol='all' and network_id=?");
pstmt.setLong(1, netId);
rsId = pstmt.executeQuery();
long firewallRuleId;
if(rsId.next()) {
firewallRuleId = rsId.getLong(1);
pstmt = conn.prepareStatement("insert into firewall_rules_cidrs (firewall_rule_id,source_cidr) values (?, '0.0.0.0/0')");
pstmt.setLong(1, firewallRuleId);
s_logger.debug("Inserting rule for cidr 0.0.0.0/0 for the new Firewall rule id=" + firewallRuleId + " with statement " + pstmt);
pstmt.executeUpdate();
}
}
}
} catch (SQLException e) {
throw new CloudRuntimeException("Unable to set egress firewall rules ", e);
} finally {
try {
if (rs != null) {
rs.close();
}
if (pstmt != null) {
pstmt.close();
}
} catch (SQLException e) {
}
}
}
}

6
server/src/com/cloud/user/AccountManagerImpl.java
View File

@ -2138,7 +2138,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
permittedAccounts, Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject,
boolean listAll, boolean forProjectInvitation) {
Long domainId = domainIdRecursiveListProject.first();
if (domainId != null) {
Domain domain = _domainDao.findById(domainId);
if (domain == null) {
@ -2154,10 +2153,13 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
}
Account userAccount = null;
Domain domain = null;
if (domainId != null) {
userAccount = _accountDao.findActiveAccount(accountName, domainId);
domain = _domainDao.findById(domainId);
} else {
userAccount = _accountDao.findActiveAccount(accountName, caller.getDomainId());
domain = _domainDao.findById(caller.getDomainId());
}
if (userAccount != null) {
@ -2165,7 +2167,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
//check permissions
permittedAccounts.add(userAccount.getId());
} else {
throw new InvalidParameterValueException("could not find account " + accountName + " in domain " + domainId);
throw new InvalidParameterValueException("could not find account " + accountName + " in domain " + domain.getUuid());
}
}

21
server/src/com/cloud/vm/UserVmManagerImpl.java
View File

@ -2485,6 +2485,21 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Use
_vmCloneSettingDao.persist(vmCloneSettingVO);
}
long guestOSId = template.getGuestOSId();
GuestOSVO guestOS = _guestOSDao.findById(guestOSId);
long guestOSCategoryId = guestOS.getCategoryId();
GuestOSCategoryVO guestOSCategory = _guestOSCategoryDao.findById(guestOSCategoryId);
// If hypervisor is vSphere and OS is OS X, set special settings.
if (hypervisorType.equals(HypervisorType.VMware)) {
if (guestOS.getDisplayName().toLowerCase().contains("apple mac os")){
vm.setDetail("smc.present", "TRUE");
vm.setDetail(VmDetailConstants.ROOK_DISK_CONTROLLER, "scsi");
vm.setDetail("firmware", "efi");
s_logger.info("guestOS is OSX : overwrite root disk controller to scsi, use smc and efi");
}
}
_vmDao.persist(vm);
_vmDao.saveDetails(vm);
@ -2492,12 +2507,6 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Use
s_logger.debug("Allocating in the DB for vm");
DataCenterDeployment plan = new DataCenterDeployment(zone.getId());
long guestOSId = template.getGuestOSId();
GuestOSVO guestOS = _guestOSDao.findById(guestOSId);
long guestOSCategoryId = guestOS.getCategoryId();
GuestOSCategoryVO guestOSCategory = _guestOSCategoryDao.findById(guestOSCategoryId);
List<String> computeTags = new ArrayList<String>();
computeTags.add(offering.getHostTag());

13
server/src/com/cloud/vm/snapshot/VMSnapshotManagerImpl.java
View File

@ -59,6 +59,7 @@ import com.cloud.host.Host;
import com.cloud.host.HostVO;
import com.cloud.host.dao.HostDao;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.hypervisor.dao.HypervisorCapabilitiesDao;
import com.cloud.hypervisor.HypervisorGuruManager;
import com.cloud.projects.Project.ListProjectResourcesCriteria;
import com.cloud.storage.GuestOSVO;
@ -119,7 +120,9 @@ public class VMSnapshotManagerImpl extends ManagerBase implements VMSnapshotMana
@Inject VirtualMachineManager _itMgr;
@Inject DataStoreManager dataStoreMgr;
@Inject ConfigurationDao _configDao;
@Inject HypervisorCapabilitiesDao _hypervisorCapabilitiesDao;
int _vmSnapshotMax;
int _wait;
StateMachine2<VMSnapshot.State, VMSnapshot.Event, VMSnapshot> _vmSnapshottateMachine ;
@Override
@ -131,6 +134,9 @@ public class VMSnapshotManagerImpl extends ManagerBase implements VMSnapshotMana
}
_vmSnapshotMax = NumbersUtil.parseInt(_configDao.getValue("vmsnapshot.max"), VMSNAPSHOTMAX);
String value = _configDao.getValue("vmsnapshot.create.wait");
_wait = NumbersUtil.parseInt(value, 1800);
_vmSnapshottateMachine = VMSnapshot.State.getStateMachine();
return true;
@ -240,7 +246,11 @@ public class VMSnapshotManagerImpl extends ManagerBase implements VMSnapshotMana
if (userVmVo == null) {
throw new InvalidParameterValueException("Creating VM snapshot failed due to VM:" + vmId + " is a system VM or does not exist");
}
// check hypervisor capabilities
if(!_hypervisorCapabilitiesDao.isVmSnapshotEnabled(userVmVo.getHypervisorType(), "default"))
throw new InvalidParameterValueException("VM snapshot is not enabled for hypervisor type: " + userVmVo.getHypervisorType());
// parameter length check
if(vsDisplayName != null && vsDisplayName.length()>255)
throw new InvalidParameterValueException("Creating VM snapshot failed due to length of VM snapshot vsDisplayName should not exceed 255");
@ -361,6 +371,7 @@ public class VMSnapshotManagerImpl extends ManagerBase implements VMSnapshotMana
vmSnapshot.setParent(current.getId());
CreateVMSnapshotCommand ccmd = new CreateVMSnapshotCommand(userVm.getInstanceName(),target ,volumeTOs, guestOS.getDisplayName(),userVm.getState());
ccmd.setWait(_wait);
answer = (CreateVMSnapshotAnswer) sendToPool(hostId, ccmd);
if (answer != null && answer.getResult()) {

20
server/test/com/cloud/vm/snapshot/VMSnapshotManagerTest.java
View File

@ -27,6 +27,8 @@ import static org.mockito.Mockito.when;
import java.util.ArrayList;
import java.util.List;
import javax.inject.Inject;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao;
@ -36,6 +38,7 @@ import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import org.mockito.Spy;
import com.amazonaws.services.ec2.model.HypervisorType;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.Answer;
import com.cloud.agent.api.CreateVMSnapshotAnswer;
@ -47,7 +50,9 @@ import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.OperationTimedoutException;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.host.dao.HostDao;
import com.cloud.hypervisor.Hypervisor;
import com.cloud.hypervisor.HypervisorGuruManager;
import com.cloud.hypervisor.dao.HypervisorCapabilitiesDao;
import com.cloud.storage.GuestOSVO;
import com.cloud.storage.Snapshot;
import com.cloud.storage.SnapshotVO;
@ -88,6 +93,7 @@ public class VMSnapshotManagerTest {
@Mock SnapshotDao _snapshotDao;
@Mock VirtualMachineManager _itMgr;
@Mock ConfigurationDao _configDao;
@Mock HypervisorCapabilitiesDao _hypervisorCapabilitiesDao;
int _vmSnapshotMax = 10;
private static long TEST_VM_ID = 3L;
@ -105,6 +111,7 @@ public class VMSnapshotManagerTest {
_vmSnapshotMgr._accountMgr = _accountMgr;
_vmSnapshotMgr._snapshotDao = _snapshotDao;
_vmSnapshotMgr._guestOSDao = _guestOSDao;
_vmSnapshotMgr._hypervisorCapabilitiesDao = _hypervisorCapabilitiesDao;
doNothing().when(_accountMgr).checkAccess(any(Account.class), any(AccessType.class),
any(Boolean.class), any(ControlledEntity.class));
@ -114,7 +121,8 @@ public class VMSnapshotManagerTest {
when(_userVMDao.findById(anyLong())).thenReturn(vmMock);
when(_vmSnapshotDao.findByName(anyLong(), anyString())).thenReturn(null);
when(_vmSnapshotDao.findByVm(anyLong())).thenReturn(new ArrayList<VMSnapshotVO>());
when(_hypervisorCapabilitiesDao.isVmSnapshotEnabled(Hypervisor.HypervisorType.XenServer, "default")).thenReturn(true);
List<VolumeVO> mockVolumeList = new ArrayList<VolumeVO>();
mockVolumeList.add(volumeMock);
when(volumeMock.getInstanceId()).thenReturn(TEST_VM_ID);
@ -122,7 +130,7 @@ public class VMSnapshotManagerTest {
when(vmMock.getInstanceName()).thenReturn("i-3-VM-TEST");
when(vmMock.getState()).thenReturn(State.Running);
when(vmMock.getHypervisorType()).thenReturn(Hypervisor.HypervisorType.XenServer);
when(_guestOSDao.findById(anyLong())).thenReturn(mock(GuestOSVO.class));
}
@ -133,6 +141,14 @@ public class VMSnapshotManagerTest {
_vmSnapshotMgr.allocVMSnapshot(TEST_VM_ID,"","",true);
}
// hypervisorCapabilities not expected case
@Test(expected=InvalidParameterValueException.class)
public void testAllocVMSnapshotF6() throws ResourceAllocationException{
when(vmMock.getHypervisorType()).thenReturn(Hypervisor.HypervisorType.Ovm);
when(_hypervisorCapabilitiesDao.isVmSnapshotEnabled(Hypervisor.HypervisorType.Ovm, "default")).thenReturn(false);
_vmSnapshotMgr.allocVMSnapshot(TEST_VM_ID,"","",true);
}
// vm state not in [running, stopped] case
@Test(expected=InvalidParameterValueException.class)
public void testAllocVMSnapshotF2() throws ResourceAllocationException{

17
services/console-proxy/server/conf/agent.properties
View File

@ -1,19 +1,2 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
instance=ConsoleProxy
resource=com.cloud.agent.resource.consoleproxy.ConsoleProxyResource

2
services/console-proxy/server/conf/environment.properties Normal file
View File

@ -0,0 +1,2 @@
paths.script=../../scripts/storage/secondary/
paths.pid=.

2
services/console-proxy/server/conf/log4j-cloud.xml
View File

@ -27,7 +27,7 @@ under the License.
<!-- A time/date based rolling appender -->
<appender name="FILE" class="org.apache.log4j.DailyRollingFileAppender">
<param name="File" value="/var/log/cloud/systemvm.log"/>
<param name="File" value="${log.home}systemvm.log"/>
<param name="Append" value="true"/>
<param name="Threshold" value="DEBUG"/>

41
services/console-proxy/server/pom.xml
View File

@ -57,6 +57,11 @@
<version>${project.version}</version>
<type>pom</type>
</dependency>
<dependency>
<groupId>org.apache.cloudstack</groupId>
<artifactId>cloud-secondary-storage</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
<build>
<defaultGoal>install</defaultGoal>
@ -254,6 +259,42 @@
</plugins>
</build>
</profile>
<profile>
<id>quickcloud</id>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>1.2.1</version>
<executions>
<execution>
<goals>
<goal>java</goal>
</goals>
</execution>
</executions>
<configuration>
<mainClass>com.cloud.agent.AgentShell</mainClass>
<arguments>
<argument>zone=1</argument>
<argument>pod=1</argument>
<argument>host=192.168.56.1</argument>
<argument>guid=ConsoleProxy.1</argument>
</arguments>
<systemProperties>
<systemProperty>
<key>javax.net.ssl.trustStore</key>
<value>certs/realhostip.keystore</value>
<key>log.home</key>
<value>${PWD}/</value>
</systemProperty>
</systemProperties>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>

3
services/console-proxy/server/scripts/_run.sh
View File

@ -35,6 +35,7 @@ do
CP=${CP}:$file
done
keyvalues=
LOGHOME=/var/log/cloud/
CMDLINE=$(cat /var/cache/cloud/cmdline)
@ -60,4 +61,4 @@ then
maxmem=$eightypcnt
fi
java -Djavax.net.ssl.trustStore=./certs/realhostip.keystore -mx${maxmem}m -cp $CP com.cloud.agent.AgentShell $keyvalues $@
java -Djavax.net.ssl.trustStore=./certs/realhostip.keystore -Dlog.home=$LOGHOME -mx${maxmem}m -cp $CP com.cloud.agent.AgentShell $keyvalues $@

33
services/console-proxy/server/scripts/consoleproxy.sh Executable file
View File

@ -0,0 +1,33 @@
#!/usr/bin/env bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#runs the console proxy as a standalone server
#i.e., not in the system vm
CP=./:./conf
for file in *.jar
do
CP=${CP}:$file
done
keyvalues=
#LOGHOME=/var/log/cloud/
LOGHOME=$PWD/
java -Djavax.net.ssl.trustStore=./certs/realhostip.keystore -Dlog.home=$LOGHOME -cp $CP com.cloud.agent.AgentShell $keyvalues $@

33
services/console-proxy/server/scripts/secstorage.sh Executable file
View File

@ -0,0 +1,33 @@
#!/usr/bin/env bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#runs the secondary storage service as a standalone server
#i.e., not in the system vm
CP=./:./conf
for file in *.jar
do
CP=${CP}:$file
done
keyvalues=
#LOGHOME=/var/log/cloud/
LOGHOME=$PWD/
java -Djavax.net.ssl.trustStore=./certs/realhostip.keystore -Dlog.home=$LOGHOME -cp $CP com.cloud.agent.AgentShell $keyvalues $@

16
services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxy.java
View File

@ -17,6 +17,8 @@
package com.cloud.consoleproxy;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
@ -34,6 +36,7 @@ import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.xml.DOMConfigurator;
import com.cloud.consoleproxy.util.Logger;
import com.cloud.utils.PropertiesUtil;
import com.google.gson.Gson;
import com.sun.net.httpserver.HttpServer;
@ -282,8 +285,17 @@ public class ConsoleProxy {
InputStream confs = ConsoleProxy.class.getResourceAsStream("/conf/consoleproxy.properties");
Properties props = new Properties();
if (confs == null) {
s_logger.info("Can't load consoleproxy.properties from classpath, will use default configuration");
} else {
final File file = PropertiesUtil.findConfigFile("consoleproxy.properties");
if (file == null)
s_logger.info("Can't load consoleproxy.properties from classpath, will use default configuration");
else
try {
confs = new FileInputStream(file);
} catch (FileNotFoundException e) {
s_logger.info("Ignoring file not found exception and using defaults");
}
}
if (confs != null) {
try {
props.load(confs);

1
services/pom.xml
View File

@ -32,5 +32,6 @@
</build>
<modules>
<module>console-proxy</module>
<module>secondary-storage</module>
</modules>
</project>

2
services/secondary-storage/conf/agent.properties Normal file
View File

@ -0,0 +1,2 @@
#mount.path=~/secondary-storage/
resource=org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource

2
services/secondary-storage/conf/environment.properties Normal file
View File

@ -0,0 +1,2 @@
paths.script=../../scripts/storage/secondary/
paths.pid=.

102
services/secondary-storage/conf/log4j-cloud.xml Normal file
View File

@ -0,0 +1,102 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
<!-- ================================= -->
<!-- Preserve messages in a local file -->
<!-- ================================= -->
<!-- A time/date based rolling appender -->
<appender name="FILE" class="org.apache.log4j.DailyRollingFileAppender">
<param name="File" value="${ss.log.home}systemvm.log"/>
<param name="Append" value="true"/>
<param name="Threshold" value="DEBUG"/>
<!-- Rollover at midnight each day -->
<param name="DatePattern" value="'.'yyyy-MM-dd"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d %-5p [%c{3}] (%t:%x) %m%n"/>
</layout>
</appender>
<!-- ============================== -->
<!-- Append messages to the console -->
<!-- ============================== -->
<appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
<param name="Target" value="System.out"/>
<param name="Threshold" value="WARN"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d{ABSOLUTE} %5p %c{1}:%L - %m%n"/>
</layout>
</appender>
<!-- ================ -->
<!-- Limit categories -->
<!-- ================ -->
<category name="com.cloud.console.ConsoleCanvas">
<priority value="WARN"/>
</category>
<category name="com.cloud.consoleproxy.ConsoleProxyAjaxImageHandler">
<priority value="WARN"/>
</category>
<category name="com.cloud.consoleproxy.ConsoleProxyViewer">
<priority value="WARN"/>
</category>
<category name="com.cloud.consoleproxy">
<priority value="INFO"/>
</category>
<category name="com.cloud">
<priority value="DEBUG"/>
</category>
<!-- Limit the org.apache category to INFO as its DEBUG is verbose -->
<category name="org.apache">
<priority value="DEBUG"/>
</category>
<category name="org">
<priority value="INFO"/>
</category>
<category name="net">
<priority value="INFO"/>
</category>
<!-- ======================= -->
<!-- Setup the Root category -->
<!-- ======================= -->
<root>
<level value="DEBUG"/>
<appender-ref ref="CONSOLE"/>
<appender-ref ref="FILE"/>
</root>
</log4j:configuration>

Some files were not shown because too many files have changed in this diff Show More