From e4092e808418dd533eee149b735c9f792c6f0a52 Mon Sep 17 00:00:00 2001 From: Chiradeep Vittal Date: Thu, 11 Aug 2011 17:42:50 -0700 Subject: [PATCH 01/65] do not release ip for advanced networking / regular LB usage --- .../com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java b/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java index 61b01f3d2a3..1631ac42caa 100644 --- a/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java +++ b/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java @@ -772,6 +772,9 @@ public class ElasticLoadBalancerManagerImpl implements @Override public void handleDeleteLoadBalancerRule(LoadBalancer lb, long userId, Account caller) { + if (!_enabled) { + return; + } List remainingLbs = _loadBalancerDao.listByIpAddress(lb.getSourceIpAddressId()); if (remainingLbs.size() == 0) { s_logger.debug("ELB mgr: releasing ip " + lb.getSourceIpAddressId() + " since no LB rules remain for this ip address"); From 0387b6e802f3a6800a182a847601cc68b0aa99a0 Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Thu, 11 Aug 2011 17:55:53 -0700 Subject: [PATCH 02/65] Redundant router script fix, also fix CheckRouterTask --- patches/systemvm/debian/config/etc/init.d/cloud-early-config | 3 ++- .../debian/config/root/redundant_router/disable_pubip.sh | 1 - .../debian/config/root/redundant_router/enable_pubip.sh.templ | 4 ++-- .../network/router/VirtualNetworkApplianceManagerImpl.java | 4 +++- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config index d3748093337..cbdb975163e 100755 --- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config +++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config @@ -327,9 +327,10 @@ setup_redundant_router() { sed -i "s/\[IGNORE_IP2\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf sed -i "s/\[IGNORE_IP3\]/$ETH1_IP/g" /etc/conntrackd/conntrackd.conf sed -i "s/\[ETH2IP\]/$ETH2_IP/g" /root/redundant_router/enable_pubip.sh + sed -i "s/\[ETH2MASK\]/$ETH2_MASK/g" /root/redundant_router/enable_pubip.sh sed -i "s/\[GATEWAY\]/$GW/g" /root/redundant_router/enable_pubip.sh sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived - #grep "sleep 10;" /etc/init.d/keepalived > /dev/null + grep "sleep 10;" /etc/init.d/keepalived > /dev/null if [ $? -ne 0 ] then sed -i "s/if\ start-stop-daemon\ --start/sleep\ 10;if\ start-stop-daemon\ --start/g" /etc/init.d/keepalived diff --git a/patches/systemvm/debian/config/root/redundant_router/disable_pubip.sh b/patches/systemvm/debian/config/root/redundant_router/disable_pubip.sh index 349ddef14ea..9a9a2c6f72f 100644 --- a/patches/systemvm/debian/config/root/redundant_router/disable_pubip.sh +++ b/patches/systemvm/debian/config/root/redundant_router/disable_pubip.sh @@ -1,5 +1,4 @@ #!/bin/bash -ifdown eth2 ifconfig eth2 down service dnsmasq stop diff --git a/patches/systemvm/debian/config/root/redundant_router/enable_pubip.sh.templ b/patches/systemvm/debian/config/root/redundant_router/enable_pubip.sh.templ index ac8b0e0ea85..1ad513ab6ac 100644 --- a/patches/systemvm/debian/config/root/redundant_router/enable_pubip.sh.templ +++ b/patches/systemvm/debian/config/root/redundant_router/enable_pubip.sh.templ @@ -1,8 +1,8 @@ #!/bin/bash -ifdown eth2 && \ ifconfig eth2 down && \ ifconfig eth2 hw ether [ETH2MAC] && \ -ifup eth2 && \ +ifconfig eth2 [ETH2IP] netmask [ETH2MASK] && \ +ifconfig eth2 up && \ ip route add default via [GATEWAY] dev eth2 && \ service dnsmasq restart diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 5671d64f326..f71b76bb8ad 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -98,6 +98,7 @@ import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.exception.StorageUnavailableException; import com.cloud.host.HostVO; +import com.cloud.host.Status; import com.cloud.host.dao.HostDao; import com.cloud.hypervisor.Hypervisor.HypervisorType; import com.cloud.network.IPAddressVO; @@ -766,7 +767,8 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian String privateIP = router.getPrivateIpAddress(); HostVO host = _hostDao.findById(router.getHostId()); /* Only cover hosts managed by this management server */ - if (host == null || host.getManagementServerId() != ManagementServerNode.getManagementServerId()) { + if (host == null || host.getStatus() != Status.Up || + host.getManagementServerId() != ManagementServerNode.getManagementServerId()) { continue; } if (privateIP != null) { From a3ad26ed89b4b6386a067dacf92b574a5ef7a442 Mon Sep 17 00:00:00 2001 From: Kelven Yang Date: Thu, 11 Aug 2011 18:07:57 -0700 Subject: [PATCH 03/65] Disable HA in CloudStack HA manager under VMware --- .../com/cloud/ha/HighAvailabilityManagerImpl.java | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/server/src/com/cloud/ha/HighAvailabilityManagerImpl.java b/server/src/com/cloud/ha/HighAvailabilityManagerImpl.java index 407e081a14a..a4210a5c13b 100644 --- a/server/src/com/cloud/ha/HighAvailabilityManagerImpl.java +++ b/server/src/com/cloud/ha/HighAvailabilityManagerImpl.java @@ -56,6 +56,7 @@ import com.cloud.host.Host; import com.cloud.host.HostVO; import com.cloud.host.Status; import com.cloud.host.dao.HostDao; +import com.cloud.hypervisor.Hypervisor.HypervisorType; import com.cloud.server.ManagementServer; import com.cloud.storage.StorageManager; import com.cloud.storage.dao.GuestOSCategoryDao; @@ -185,6 +186,12 @@ public class HighAvailabilityManagerImpl implements HighAvailabilityManager, Clu if (host.getType() != Host.Type.Routing) { return; } + + if(host.getHypervisorType() == HypervisorType.VMware) { + s_logger.warn("Skip HA for VMware host " + host.getId()); + return; + } + s_logger.warn("Scheduling restart for VMs on host " + host.getId()); final List vms = _instanceDao.listByHostId(host.getId()); @@ -267,6 +274,12 @@ public class HighAvailabilityManagerImpl implements HighAvailabilityManager, Clu } return; } + + if(vm.getHypervisorType() == HypervisorType.VMware) { + s_logger.info("Skip HA for VMware VM " + vm.getInstanceName()); + return; + } + if (!investigate) { if (s_logger.isDebugEnabled()) { s_logger.debug("VM does not require investigation so I'm marking it as Stopped: " + vm.toString()); From 4530d35bc53e4933f72e9f3bd43731db043390d7 Mon Sep 17 00:00:00 2001 From: alena Date: Thu, 11 Aug 2011 18:05:18 -0700 Subject: [PATCH 04/65] bug 11029: db upgrade from 2.2.9 to 2.2.10 includes firewall_rule upgrade now status 11029: resolved fixed Commit also includes the following: * map firewall rule to pf/lb/staticNat/vpn when the firewall rule is created as a part of pf/lb/staticNat/vpn rule creation * when delete firewall rules, also delete related firewall rule --- .../api/commands/CreateFirewallRuleCmd.java | 5 + .../commands/CreateIpForwardingRuleCmd.java | 10 ++ .../commands/CreatePortForwardingRuleCmd.java | 12 ++- .../commands/CreateRemoteAccessVpnCmd.java | 1 - .../commands/DeleteIpForwardingRuleCmd.java | 1 + .../commands/DeleteLoadBalancerRuleCmd.java | 2 + .../commands/DeletePortForwardingRuleCmd.java | 3 +- .../network/firewall/FirewallService.java | 1 + .../cloud/network/lb/LoadBalancingRule.java | 5 + .../com/cloud/network/rules/FirewallRule.java | 2 + .../com/cloud/network/rules/RulesService.java | 2 + .../VirtualRoutingResource.java | 8 +- .../src/com/cloud/network/LoadBalancerVO.java | 2 +- .../cloud/network/dao/FirewallRulesDao.java | 3 +- .../network/dao/FirewallRulesDaoImpl.java | 11 ++- .../network/firewall/FirewallManagerImpl.java | 10 +- .../lb/LoadBalancingRulesManagerImpl.java | 8 +- .../cloud/network/rules/FirewallManager.java | 4 +- .../cloud/network/rules/FirewallRuleVO.java | 20 +++- .../network/rules/PortForwardingRuleVO.java | 7 +- .../cloud/network/rules/RulesManagerImpl.java | 43 ++++++--- .../network/rules/StaticNatRuleImpl.java | 5 + .../vpn/RemoteAccessVpnManagerImpl.java | 61 ++++++++---- .../com/cloud/upgrade/dao/DbUpgradeUtils.java | 20 +++- .../cloud/upgrade/dao/Upgrade229to2210.java | 96 +++++++++++++++++-- setup/db/create-schema.sql | 2 + setup/db/db/schema-229to2210.sql | 12 +++ 27 files changed, 291 insertions(+), 65 deletions(-) diff --git a/api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java b/api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java index 346f4e4c2cb..0594a5c5108 100644 --- a/api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java @@ -279,5 +279,10 @@ public class CreateFirewallRuleCmd extends BaseAsyncCreateCmd implements Firewal } return null; } + + @Override + public Long getRelated() { + return null; + } } diff --git a/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java index e2798eafea9..963e55d4d3c 100644 --- a/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java @@ -124,6 +124,11 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Sta } finally { if (!result || rule == null) { _rulesService.revokeStaticNatRule(getEntityId(), true); + + if (getOpenFirewall()) { + _rulesService.revokeRelatedFirewallRule(getEntityId(), true); + } + throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Error in creating ip forwarding rule on the domr"); } } @@ -276,4 +281,9 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Sta return null; } + @Override + public Long getRelated() { + return null; + } + } diff --git a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java index f0d390ad2f4..66094639cce 100644 --- a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java @@ -35,11 +35,11 @@ import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.NetworkRuleConflictException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.IpAddress; +import com.cloud.network.rules.FirewallRule; import com.cloud.network.rules.PortForwardingRule; import com.cloud.user.Account; import com.cloud.user.UserContext; import com.cloud.utils.net.Ip; -import com.cloud.utils.net.NetUtils; @Implementation(description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class) public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements PortForwardingRule { @@ -146,6 +146,11 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P } finally { if (!success || rule == null) { _rulesService.revokePortForwardingRule(getEntityId(), true); + + if (getOpenFirewall()) { + _rulesService.revokeRelatedFirewallRule(getEntityId(), true); + } + throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to apply port forwarding rule"); } } @@ -286,5 +291,10 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements P public Integer getIcmpType() { return null; } + + @Override + public Long getRelated() { + return null; + } } diff --git a/api/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java b/api/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java index 4f62dee3349..07a1a644151 100644 --- a/api/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java +++ b/api/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java @@ -27,7 +27,6 @@ import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; -import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.RemoteAccessVpnResponse; import com.cloud.event.EventTypes; import com.cloud.exception.InvalidParameterValueException; diff --git a/api/src/com/cloud/api/commands/DeleteIpForwardingRuleCmd.java b/api/src/com/cloud/api/commands/DeleteIpForwardingRuleCmd.java index 9427dc283f4..26ff77ac693 100644 --- a/api/src/com/cloud/api/commands/DeleteIpForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/DeleteIpForwardingRuleCmd.java @@ -70,6 +70,7 @@ public class DeleteIpForwardingRuleCmd extends BaseAsyncCmd { public void execute(){ UserContext.current().setEventDetails("Rule Id: "+id); boolean result = _rulesService.revokeStaticNatRule(id, true); + result = result && _rulesService.revokeRelatedFirewallRule(id, true); if (result) { SuccessResponse response = new SuccessResponse(getCommandName()); diff --git a/api/src/com/cloud/api/commands/DeleteLoadBalancerRuleCmd.java b/api/src/com/cloud/api/commands/DeleteLoadBalancerRuleCmd.java index 0e870a0d2d2..373a53d0266 100644 --- a/api/src/com/cloud/api/commands/DeleteLoadBalancerRuleCmd.java +++ b/api/src/com/cloud/api/commands/DeleteLoadBalancerRuleCmd.java @@ -84,6 +84,8 @@ public class DeleteLoadBalancerRuleCmd extends BaseAsyncCmd { public void execute(){ UserContext.current().setEventDetails("Load balancer Id: "+getId()); boolean result = _lbService.deleteLoadBalancerRule(id, true); + result = result && _rulesService.revokeRelatedFirewallRule(id, true); + if (result) { SuccessResponse response = new SuccessResponse(getCommandName()); this.setResponseObject(response); diff --git a/api/src/com/cloud/api/commands/DeletePortForwardingRuleCmd.java b/api/src/com/cloud/api/commands/DeletePortForwardingRuleCmd.java index 45a67f6b5ee..240569b43cb 100644 --- a/api/src/com/cloud/api/commands/DeletePortForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/DeletePortForwardingRuleCmd.java @@ -88,9 +88,10 @@ public class DeletePortForwardingRuleCmd extends BaseAsyncCmd { } @Override - public void execute() throws ResourceUnavailableException { + public void execute(){ UserContext.current().setEventDetails("Rule Id: "+id); boolean result = _rulesService.revokePortForwardingRule(id, true); + result = result && _rulesService.revokeRelatedFirewallRule(id, true); if (result) { SuccessResponse response = new SuccessResponse(getCommandName()); diff --git a/api/src/com/cloud/network/firewall/FirewallService.java b/api/src/com/cloud/network/firewall/FirewallService.java index 9fd665144d7..468cc4cf3bd 100644 --- a/api/src/com/cloud/network/firewall/FirewallService.java +++ b/api/src/com/cloud/network/firewall/FirewallService.java @@ -22,4 +22,5 @@ public interface FirewallService { boolean applyFirewallRules(long ipId, Account caller) throws ResourceUnavailableException; FirewallRule getFirewallRule(long ruleId); + } diff --git a/api/src/com/cloud/network/lb/LoadBalancingRule.java b/api/src/com/cloud/network/lb/LoadBalancingRule.java index 2103badfb2d..2eaa4382caf 100644 --- a/api/src/com/cloud/network/lb/LoadBalancingRule.java +++ b/api/src/com/cloud/network/lb/LoadBalancingRule.java @@ -169,4 +169,9 @@ public class LoadBalancingRule implements FirewallRule, LoadBalancer{ public List getSourceCidrList() { return null; } + + @Override + public Long getRelated() { + return null; + } } diff --git a/api/src/com/cloud/network/rules/FirewallRule.java b/api/src/com/cloud/network/rules/FirewallRule.java index aa08fd1cfa9..1ce1b8332af 100644 --- a/api/src/com/cloud/network/rules/FirewallRule.java +++ b/api/src/com/cloud/network/rules/FirewallRule.java @@ -75,5 +75,7 @@ public interface FirewallRule extends ControlledEntity { Integer getIcmpType(); List getSourceCidrList(); + + Long getRelated(); } diff --git a/api/src/com/cloud/network/rules/RulesService.java b/api/src/com/cloud/network/rules/RulesService.java index 61e912ae5e0..57a093e6a84 100644 --- a/api/src/com/cloud/network/rules/RulesService.java +++ b/api/src/com/cloud/network/rules/RulesService.java @@ -70,5 +70,7 @@ public interface RulesService { StaticNatRule buildStaticNatRule(FirewallRule rule); List getSourceCidrs(long ruleId); + + boolean revokeRelatedFirewallRule(long ruleId, boolean apply); } diff --git a/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java b/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java index d51ca001c1e..e911d443ca6 100755 --- a/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java +++ b/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java @@ -47,8 +47,8 @@ import com.cloud.agent.api.proxy.CheckConsoleProxyLoadCommand; import com.cloud.agent.api.proxy.ConsoleProxyLoadAnswer; import com.cloud.agent.api.proxy.WatchConsoleProxyLoadCommand; import com.cloud.agent.api.routing.DhcpEntryCommand; -import com.cloud.agent.api.routing.IpAssocCommand; import com.cloud.agent.api.routing.IpAssocAnswer; +import com.cloud.agent.api.routing.IpAssocCommand; import com.cloud.agent.api.routing.LoadBalancerConfigCommand; import com.cloud.agent.api.routing.NetworkElementCommand; import com.cloud.agent.api.routing.SavePasswordCommand; @@ -203,7 +203,11 @@ public class VirtualRoutingResource implements Manager { //1:1 NAT needs instanceip;publicip;domrip;op command.add(" -l ", rule.getSrcIp()); command.add(" -r ", rule.getDstIp()); - command.add(" -P ", rule.getProtocol().toLowerCase()); + + if (rule.getProtocol() != null) { + command.add(" -P ", rule.getProtocol().toLowerCase()); + } + command.add(" -d ", rule.getStringSrcPortRange()); command.add(" -G ") ; diff --git a/server/src/com/cloud/network/LoadBalancerVO.java b/server/src/com/cloud/network/LoadBalancerVO.java index 1f211699f71..c8c517a2c0d 100644 --- a/server/src/com/cloud/network/LoadBalancerVO.java +++ b/server/src/com/cloud/network/LoadBalancerVO.java @@ -55,7 +55,7 @@ public class LoadBalancerVO extends FirewallRuleVO implements LoadBalancer { } public LoadBalancerVO(String xId, String name, String description, long srcIpId, int srcPort, int dstPort, String algorithm, long networkId, long accountId, long domainId) { - super(xId, srcIpId, srcPort, NetUtils.TCP_PROTO, networkId, accountId, domainId, Purpose.LoadBalancing, null, null, null); + super(xId, srcIpId, srcPort, NetUtils.TCP_PROTO, networkId, accountId, domainId, Purpose.LoadBalancing, null, null, null, null); this.name = name; this.description = description; this.algorithm = algorithm; diff --git a/server/src/com/cloud/network/dao/FirewallRulesDao.java b/server/src/com/cloud/network/dao/FirewallRulesDao.java index a80fe8be2b4..cb930de262b 100644 --- a/server/src/com/cloud/network/dao/FirewallRulesDao.java +++ b/server/src/com/cloud/network/dao/FirewallRulesDao.java @@ -46,5 +46,6 @@ public interface FirewallRulesDao extends GenericDao { List listStaticNatByVmId(long vmId); List listByIpPurposeAndProtocolAndNotRevoked(long ipAddressId, Integer startPort, Integer endPort, String protocol, FirewallRule.Purpose purpose); - + + FirewallRuleVO findByRelatedId(long ruleId); } diff --git a/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java b/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java index ac56fa18487..ef21bd4ad8e 100644 --- a/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java +++ b/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java @@ -61,6 +61,7 @@ public class FirewallRulesDaoImpl extends GenericDaoBase i AllFieldsSearch.and("domain", AllFieldsSearch.entity().getDomainId(), Op.EQ); AllFieldsSearch.and("id", AllFieldsSearch.entity().getId(), Op.EQ); AllFieldsSearch.and("networkId", AllFieldsSearch.entity().getNetworkId(), Op.EQ); + AllFieldsSearch.and("related", AllFieldsSearch.entity().getRelated(), Op.EQ); AllFieldsSearch.done(); NotRevokedSearch = createSearchBuilder(); @@ -218,6 +219,14 @@ public class FirewallRulesDaoImpl extends GenericDaoBase i return listBy(sc); + } + + @Override + public FirewallRuleVO findByRelatedId(long ruleId) { + SearchCriteria sc = AllFieldsSearch.create(); + sc.setParameters("related", ruleId); + sc.setParameters("purpose", Purpose.Firewall); + + return findOneBy(sc); } - } diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java index d55e8d5b6aa..eff3e2210c9 100644 --- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java @@ -107,13 +107,13 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma public FirewallRule createFirewallRule(FirewallRule rule) throws NetworkRuleConflictException { Account caller = UserContext.current().getCaller(); - return createFirewallRule(rule.getSourceIpAddressId(), caller, rule.getXid(), rule.getSourcePortStart() ,rule.getSourcePortEnd(), rule.getProtocol(), rule.getSourceCidrList(), rule.getIcmpCode(), rule.getIcmpType()); + return createFirewallRule(rule.getSourceIpAddressId(), caller, rule.getXid(), rule.getSourcePortStart() ,rule.getSourcePortEnd(), rule.getProtocol(), rule.getSourceCidrList(), rule.getIcmpCode(), rule.getIcmpType(), null); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_OPEN, eventDescription = "creating firewll rule", create = true) - public FirewallRule createFirewallRule(long ipAddrId, Account caller, String xId, Integer portStart,Integer portEnd, String protocol, List sourceCidrList, Integer icmpCode, Integer icmpType) throws NetworkRuleConflictException{ + public FirewallRule createFirewallRule(long ipAddrId, Account caller, String xId, Integer portStart,Integer portEnd, String protocol, List sourceCidrList, Integer icmpCode, Integer icmpType, Long relatedRuleId) throws NetworkRuleConflictException{ IPAddressVO ipAddress = _ipAddressDao.findById(ipAddrId); // Validate ip address @@ -139,7 +139,7 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma Transaction txn = Transaction.currentTxn(); txn.start(); - FirewallRuleVO newRule = new FirewallRuleVO (xId, ipAddrId, portStart, portEnd, protocol.toLowerCase(), networkId, accountId, domainId, Purpose.Firewall, sourceCidrList, icmpCode, icmpType); + FirewallRuleVO newRule = new FirewallRuleVO (xId, ipAddrId, portStart, portEnd, protocol.toLowerCase(), networkId, accountId, domainId, Purpose.Firewall, sourceCidrList, icmpCode, icmpType, relatedRuleId); newRule = _firewallDao.persist(newRule); detectRulesConflict(newRule, ipAddress); @@ -478,7 +478,7 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma } @Override - public FirewallRule createRuleForAllCidrs(long ipAddrId, Account caller, Integer startPort, Integer endPort, String protocol, Integer icmpCode, Integer icmpType) throws NetworkRuleConflictException{ + public FirewallRule createRuleForAllCidrs(long ipAddrId, Account caller, Integer startPort, Integer endPort, String protocol, Integer icmpCode, Integer icmpType, Long relatedRuleId) throws NetworkRuleConflictException{ //If firwallRule for this port range already exists, return it List rules = _firewallDao.listByIpPurposeAndProtocolAndNotRevoked(ipAddrId, startPort, endPort, protocol, Purpose.Firewall); @@ -488,7 +488,7 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma List oneCidr = new ArrayList(); oneCidr.add(NetUtils.ALL_CIDRS); - return createFirewallRule(ipAddrId, caller, null, startPort, endPort, protocol, oneCidr, icmpCode, icmpType); + return createFirewallRule(ipAddrId, caller, null, startPort, endPort, protocol, oneCidr, icmpCode, icmpType, relatedRuleId); } @Override diff --git a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java index aeeaf3ef8a8..0d84e78f5ca 100755 --- a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java +++ b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java @@ -416,14 +416,16 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager, Transaction txn = Transaction.currentTxn(); txn.start(); - if (openFirewall) { - _firewallMgr.createRuleForAllCidrs(ipId, caller.getCaller(), lb.getSourcePortStart(), lb.getSourcePortEnd(), lb.getProtocol(), null, null); - } LoadBalancerVO newRule = new LoadBalancerVO(lb.getXid(), lb.getName(), lb.getDescription(), lb.getSourceIpAddressId(), lb.getSourcePortEnd(), lb.getDefaultPortStart(), lb.getAlgorithm(), network.getId(), ipAddr.getAccountId(), ipAddr.getDomainId()); newRule = _lbDao.persist(newRule); + + if (openFirewall) { + _firewallMgr.createRuleForAllCidrs(ipId, caller.getCaller(), lb.getSourcePortStart(), lb.getSourcePortEnd(), lb.getProtocol(), null, null, newRule.getId()); + } + boolean success = true; try { diff --git a/server/src/com/cloud/network/rules/FirewallManager.java b/server/src/com/cloud/network/rules/FirewallManager.java index 6367c482c29..a3827eac978 100644 --- a/server/src/com/cloud/network/rules/FirewallManager.java +++ b/server/src/com/cloud/network/rules/FirewallManager.java @@ -49,10 +49,10 @@ public interface FirewallManager extends FirewallService{ */ boolean revokeFirewallRule(long ruleId, boolean apply, Account caller, long userId); - FirewallRule createFirewallRule(long ipAddrId, Account caller, String xId, Integer portStart, Integer portEnd, String protocol, List sourceCidrList, Integer icmpCode, Integer icmpType) + FirewallRule createFirewallRule(long ipAddrId, Account caller, String xId, Integer portStart, Integer portEnd, String protocol, List sourceCidrList, Integer icmpCode, Integer icmpType, Long relatedRuleId) throws NetworkRuleConflictException; - FirewallRule createRuleForAllCidrs(long ipAddrId, Account caller, Integer startPort, Integer endPort, String protocol, Integer icmpCode, Integer icmpType) throws NetworkRuleConflictException; + FirewallRule createRuleForAllCidrs(long ipAddrId, Account caller, Integer startPort, Integer endPort, String protocol, Integer icmpCode, Integer icmpType, Long relatedRuleId) throws NetworkRuleConflictException; boolean revokeAllFirewallRulesForNetwork(long networkId, long userId, Account caller) throws ResourceUnavailableException; diff --git a/server/src/com/cloud/network/rules/FirewallRuleVO.java b/server/src/com/cloud/network/rules/FirewallRuleVO.java index cf73e52d75a..9a2f5ae923a 100644 --- a/server/src/com/cloud/network/rules/FirewallRuleVO.java +++ b/server/src/com/cloud/network/rules/FirewallRuleVO.java @@ -90,6 +90,9 @@ public class FirewallRuleVO implements FirewallRule { @Column(name="icmp_type") Integer icmpType; + @Column(name="related") + Long related; + // This is a delayed load value. If the value is null, // then this field has not been loaded yet. // Call firewallrules dao to load it. @@ -172,7 +175,7 @@ public class FirewallRuleVO implements FirewallRule { protected FirewallRuleVO() { } - public FirewallRuleVO(String xId, long ipAddressId, Integer portStart, Integer portEnd, String protocol, long networkId, long accountId, long domainId, Purpose purpose, List sourceCidrs, Integer icmpCode, Integer icmpType) { + public FirewallRuleVO(String xId, long ipAddressId, Integer portStart, Integer portEnd, String protocol, long networkId, long accountId, long domainId, Purpose purpose, List sourceCidrs, Integer icmpCode, Integer icmpType, Long related) { this.xId = xId; if (xId == null) { this.xId = UUID.randomUUID().toString(); @@ -189,10 +192,16 @@ public class FirewallRuleVO implements FirewallRule { this.icmpCode = icmpCode; this.icmpType = icmpType; this.sourceCidrs = sourceCidrs; + + if (related != null) { + assert (purpose == Purpose.Firewall) : "related field can be set for rule of purpose " + Purpose.Firewall + " only"; + } + + this.related = related; } - public FirewallRuleVO(String xId, long ipAddressId, int port, String protocol, long networkId, long accountId, long domainId, Purpose purpose, List sourceCidrs, Integer icmpCode, Integer icmpType) { - this(xId, ipAddressId, port, port, protocol, networkId, accountId, domainId, purpose, sourceCidrs, icmpCode, icmpType); + public FirewallRuleVO(String xId, long ipAddressId, int port, String protocol, long networkId, long accountId, long domainId, Purpose purpose, List sourceCidrs, Integer icmpCode, Integer icmpType, Long related) { + this(xId, ipAddressId, port, port, protocol, networkId, accountId, domainId, purpose, sourceCidrs, icmpCode, icmpType, related); } @Override @@ -209,5 +218,10 @@ public class FirewallRuleVO implements FirewallRule { public Integer getIcmpType() { return icmpType; } + + @Override + public Long getRelated() { + return related; + } } diff --git a/server/src/com/cloud/network/rules/PortForwardingRuleVO.java b/server/src/com/cloud/network/rules/PortForwardingRuleVO.java index 69d8230a307..d6a26dac192 100644 --- a/server/src/com/cloud/network/rules/PortForwardingRuleVO.java +++ b/server/src/com/cloud/network/rules/PortForwardingRuleVO.java @@ -53,7 +53,7 @@ public class PortForwardingRuleVO extends FirewallRuleVO implements PortForwardi } public PortForwardingRuleVO(String xId, long srcIpId, int srcPortStart, int srcPortEnd, Ip dstIp, int dstPortStart, int dstPortEnd, String protocol, long networkId, long accountId, long domainId, long instanceId) { - super(xId, srcIpId, srcPortStart, srcPortEnd, protocol, networkId, accountId, domainId, Purpose.PortForwarding, null, null, null); + super(xId, srcIpId, srcPortStart, srcPortEnd, protocol, networkId, accountId, domainId, Purpose.PortForwarding, null, null, null, null); this.destinationIpAddress = dstIp; this.virtualMachineId = instanceId; this.destinationPortStart = dstPortStart; @@ -82,6 +82,11 @@ public class PortForwardingRuleVO extends FirewallRuleVO implements PortForwardi @Override public long getVirtualMachineId() { return virtualMachineId; + } + + @Override + public Long getRelated() { + return null; } } diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index f8ec8f32cf2..a1eaa9f632b 100755 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -201,14 +201,14 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { Transaction txn = Transaction.currentTxn(); txn.start(); - //create firewallRule for 0.0.0.0/0 cidr - if (openFirewall) { - _firewallMgr.createRuleForAllCidrs(ipAddrId, caller, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), null, null); - } - PortForwardingRuleVO newRule = new PortForwardingRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), dstIp, rule.getDestinationPortStart(), rule.getDestinationPortEnd(), rule.getProtocol().toLowerCase(), networkId, accountId, domainId, vmId); newRule = _forwardingDao.persist(newRule); + + //create firewallRule for 0.0.0.0/0 cidr + if (openFirewall) { + _firewallMgr.createRuleForAllCidrs(ipAddrId, caller, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), null, null, newRule.getId()); + } try { _firewallMgr.detectRulesConflict(newRule, ipAddress); @@ -256,14 +256,15 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { Transaction txn = Transaction.currentTxn(); txn.start(); + FirewallRuleVO newRule = new FirewallRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol().toLowerCase(), + networkId, accountId, domainId, rule.getPurpose(), null, null, null, null); + newRule = _firewallDao.persist(newRule); + //create firewallRule for 0.0.0.0/0 cidr if (openFirewall) { - _firewallMgr.createRuleForAllCidrs(ipAddrId, caller, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), null, null); + _firewallMgr.createRuleForAllCidrs(ipAddrId, caller, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), null, null, newRule.getId()); } - FirewallRuleVO newRule = new FirewallRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol().toLowerCase(), - networkId, accountId, domainId, rule.getPurpose(), null, null, null); - newRule = _firewallDao.persist(newRule); try { _firewallMgr.detectRulesConflict(newRule, ipAddress); @@ -948,12 +949,12 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { txn.start(); for (int i = 0; i < ports.length; i++) { - if (openFirewall) { - _firewallMgr.createRuleForAllCidrs(ip.getId(), caller, ports[i], ports[i], protocol, null, null); - } - - rules[i] = new FirewallRuleVO(null, ip.getId(), ports[i], protocol, ip.getAssociatedWithNetworkId(), ip.getAllocatedToAccountId(), ip.getAllocatedInDomainId(), purpose, null, null, null); + rules[i] = new FirewallRuleVO(null, ip.getId(), ports[i], protocol, ip.getAssociatedWithNetworkId(), ip.getAllocatedToAccountId(), ip.getAllocatedInDomainId(), purpose, null, null, null, null); rules[i] = _firewallDao.persist(rules[i]); + + if (openFirewall) { + _firewallMgr.createRuleForAllCidrs(ip.getId(), caller, ports[i], ports[i], protocol, null, null, rules[i].getId()); + } } txn.commit(); @@ -1099,4 +1100,18 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { return true; } + @Override + public boolean revokeRelatedFirewallRule(long ruleId, boolean apply) { + FirewallRule fwRule = _firewallDao.findByRelatedId(ruleId); + + if (fwRule == null) { + s_logger.trace("No related firewall rule exists for rule id=" + ruleId + " so returning true here"); + return true; + } + + s_logger.debug("Revoking Firewall rule id=" + fwRule.getId() + " as a part of rule delete id=" + ruleId + " with apply=" + apply); + return _firewallMgr.revokeFirewallRule(fwRule.getId(), apply); + + } + } diff --git a/server/src/com/cloud/network/rules/StaticNatRuleImpl.java b/server/src/com/cloud/network/rules/StaticNatRuleImpl.java index 58e8cda4384..a133112a4ba 100644 --- a/server/src/com/cloud/network/rules/StaticNatRuleImpl.java +++ b/server/src/com/cloud/network/rules/StaticNatRuleImpl.java @@ -123,4 +123,9 @@ public class StaticNatRuleImpl implements StaticNatRule{ return null; } + @Override + public Long getRelated() { + return null; + } + } diff --git a/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java b/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java index f4c3bd5332b..4e3c4f15cad 100755 --- a/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java +++ b/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java @@ -17,6 +17,7 @@ */ package com.cloud.network.vpn; +import java.util.ArrayList; import java.util.List; import java.util.Map; @@ -53,6 +54,7 @@ import com.cloud.network.router.VirtualNetworkApplianceManager; import com.cloud.network.rules.FirewallManager; import com.cloud.network.rules.FirewallRule; import com.cloud.network.rules.FirewallRule.Purpose; +import com.cloud.network.rules.FirewallRuleVO; import com.cloud.network.rules.RulesManager; import com.cloud.user.Account; import com.cloud.user.AccountManager; @@ -228,24 +230,51 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag } } finally { if (success) { + //Cleanup corresponding ports + List vpnFwRules = _rulesDao.listByIpAndPurpose(ipId, Purpose.Vpn); Transaction txn = Transaction.currentTxn(); - try { - txn.start(); - _remoteAccessVpnDao.remove(ipId); - - //Cleanup corresponding ports - List ports = _rulesDao.listByIpAndPurpose(ipId, Purpose.Vpn); - if (ports != null) { - for (FirewallRule port : ports) { - _rulesDao.remove(port.getId()); - s_logger.debug("Successfully removed firewall rule with ip id=" + port.getSourceIpAddressId() + " and port " + port.getSourcePortStart() + " as a part of vpn cleanup"); - } - } - txn.commit(); - } catch (Exception ex) { - txn.rollback(); - s_logger.warn("Unable to release the three vpn ports from the firewall rules", ex); + + boolean applyFirewall = false; + List fwRules = new ArrayList(); + //if related firewall rule is created for the first vpn port, it would be created for the 2 other ports as well, so need to cleanup the backend + if (_rulesDao.findByRelatedId(vpnFwRules.get(0).getId()) != null) { + applyFirewall = true; } + + if (applyFirewall) { + txn.start(); + + for (FirewallRule vpnFwRule : vpnFwRules) { + //don't apply on the backend yet; send all 3 rules in a banch + _rulesMgr.revokeRelatedFirewallRule(vpnFwRule.getId(), false); + fwRules.add(_rulesDao.findByRelatedId(vpnFwRule.getId())); + } + + txn.commit(); + + //now apply vpn rules on the backend + s_logger.debug("Applying " + fwRules.size() + " firewall rules as a part of disable remote access vpn"); + success = _firewallMgr.applyFirewallRules(fwRules, false, caller); + } + + if (success) { + + try { + txn.start(); + _remoteAccessVpnDao.remove(ipId); + if (vpnFwRules != null) { + for (FirewallRule vpnFwRule : vpnFwRules) { + _rulesDao.remove(vpnFwRule.getId()); + s_logger.debug("Successfully removed firewall rule with ip id=" + vpnFwRule.getSourceIpAddressId() + " and port " + vpnFwRule.getSourcePortStart() + " as a part of vpn cleanup"); + } + } + txn.commit(); + } catch (Exception ex) { + txn.rollback(); + s_logger.warn("Unable to release the three vpn ports from the firewall rules", ex); + } + } + } } } diff --git a/server/src/com/cloud/upgrade/dao/DbUpgradeUtils.java b/server/src/com/cloud/upgrade/dao/DbUpgradeUtils.java index 574bc79fba9..e61174a3ca0 100644 --- a/server/src/com/cloud/upgrade/dao/DbUpgradeUtils.java +++ b/server/src/com/cloud/upgrade/dao/DbUpgradeUtils.java @@ -14,8 +14,8 @@ public class DbUpgradeUtils { public static void dropKeysIfExist(Connection conn, String tableName, List keys, boolean isForeignKey) { for (String key : keys) { + PreparedStatement pstmt = null; try { - PreparedStatement pstmt = null; if (isForeignKey) { pstmt = conn.prepareStatement("ALTER TABLE " + tableName + " DROP FOREIGN KEY " + key); } else { @@ -23,10 +23,17 @@ public class DbUpgradeUtils { } pstmt.executeUpdate(); s_logger.debug("Key " + key + " is dropped successfully from the table " + tableName); - pstmt.close(); } catch (SQLException e) { // do nothing here + continue; + } finally { + try { + if (pstmt != null) { + pstmt.close(); + } + } catch (SQLException e) { + } } } } @@ -39,7 +46,6 @@ public class DbUpgradeUtils { try { pstmt = conn.prepareStatement("SELECT " + column + " FROM " + tableName); pstmt.executeQuery(); - } catch (SQLException e) { // if there is an exception, it means that field doesn't exist, so do nothing here s_logger.trace("Field " + column + " doesn't exist in " + tableName); @@ -49,11 +55,17 @@ public class DbUpgradeUtils { pstmt = conn.prepareStatement("ALTER TABLE " + tableName + " DROP COLUMN " + column); pstmt.executeUpdate(); s_logger.debug("Column " + column + " is dropped successfully from the table " + tableName); - pstmt.close(); } } catch (SQLException e) { s_logger.warn("Unable to drop columns using query " + pstmt + " due to exception", e); throw new CloudRuntimeException("Unable to drop columns due to ", e); + } finally { + try { + if (pstmt != null) { + pstmt.close(); + } + } catch (SQLException e) { + } } } } diff --git a/server/src/com/cloud/upgrade/dao/Upgrade229to2210.java b/server/src/com/cloud/upgrade/dao/Upgrade229to2210.java index d457c833861..0e8b74187cd 100644 --- a/server/src/com/cloud/upgrade/dao/Upgrade229to2210.java +++ b/server/src/com/cloud/upgrade/dao/Upgrade229to2210.java @@ -20,7 +20,9 @@ package com.cloud.upgrade.dao; import java.io.File; import java.sql.Connection; import java.sql.PreparedStatement; +import java.sql.ResultSet; import java.sql.SQLException; +import java.util.UUID; import org.apache.log4j.Logger; @@ -57,15 +59,7 @@ public class Upgrade229to2210 implements DbUpgrade { @Override public void performDataMigration(Connection conn) { - PreparedStatement pstmt; - try { - pstmt = conn.prepareStatement("INSERT IGNORE INTO `cloud`.`configuration` (category, instance, name, value, description) VALUES ('Network', 'DEFAULT', 'firewall.rule.ui.enabled', 'true', 'enable/disable UI that separates firewall rules from NAT/LB rules')"); - pstmt.execute(); - - pstmt.close(); - } catch (SQLException e) { - throw new CloudRuntimeException("Unable to perform data migration", e); - } + updateFirewallRules(conn); } @Override @@ -73,4 +67,88 @@ public class Upgrade229to2210 implements DbUpgrade { return null; } + + private void updateFirewallRules(Connection conn) { + PreparedStatement pstmt = null; + ResultSet rs = null; + long currentRuleId = 0; + try { + // Host and Primary storage capacity types + pstmt = conn.prepareStatement("select id, ip_address_id, start_port, end_port, protocol, account_id, domain_id, network_id from firewall_rules"); + rs = pstmt.executeQuery(); + while (rs.next()) { + long id = rs.getLong(1); + long ipId = rs.getLong(2); + int startPort = rs.getInt(3); + int endPort = rs.getInt(4); + String protocol = rs.getString(5); + long accountId = rs.getLong(6); + long domainId = rs.getLong(7); + long networkId = rs.getLong(8); + currentRuleId = id; + Long firewallRuleId = null; + + pstmt = conn.prepareStatement("INSERT INTO firewall_rules (ip_address_id, start_port, end_port, protocol, account_id, domain_id, network_id, purpose, state, xid, created, related) VALUES (?, ?, ?, ?, ?, ?, ?, 'Firewall', 'Active', ?, now(), ?)"); + + pstmt.setLong(1, ipId); + pstmt.setInt(2, startPort); + pstmt.setInt(3, endPort); + pstmt.setString(4, protocol); + pstmt.setLong(5, accountId); + pstmt.setLong(6, domainId); + pstmt.setLong(7, networkId); + pstmt.setString(8, UUID.randomUUID().toString()); + pstmt.setLong(9, id); + + s_logger.debug("Updating firewall rule with the statement " + pstmt); + pstmt.executeUpdate(); + + //get new FirewallRule update + pstmt = conn.prepareStatement("SELECT id from firewall_rules where purpose='Firewall' and start_port=? and end_port=? and protocol=?"); + pstmt.setInt(1, startPort); + pstmt.setInt(2, endPort); + pstmt.setString(3, protocol); + + ResultSet rs1 = pstmt.executeQuery(); + + if (rs1.next()) { + firewallRuleId = rs1.getLong(1); + } else { + throw new CloudRuntimeException("Unable to find just inserted firewall rule for ptocol " + protocol + ", start_port " + startPort + " and end_port " + endPort); + } + + pstmt = conn.prepareStatement("select id from firewall_rules_cidrs where firewall_rule_id=?"); + pstmt.setLong(1, id); + + ResultSet rs2 = pstmt.executeQuery(); + + if (rs2.next()) { + pstmt = conn.prepareStatement("update firewall_rules_cidrs set firewall_rule_id=? where firewall_rule_id=?"); + pstmt.setLong(1, firewallRuleId); + pstmt.setLong(2, id); + s_logger.debug("Updating existing cidrs for the rule id=" + id + " with the new Firewall rule id=" + firewallRuleId + " with statement" + pstmt); + pstmt.executeUpdate(); + } else { + pstmt = conn.prepareStatement("insert into firewall_rules_cidrs (firewall_rule_id,source_cidr) values (?, '0.0.0.0/0')"); + pstmt.setLong(1, firewallRuleId); + s_logger.debug("Inserting rule for cidr 0.0.0.0/0 for the new Firewall rule id=" + firewallRuleId + " with statement " + pstmt); + pstmt.executeUpdate(); + } + } + } catch (SQLException e) { + throw new CloudRuntimeException("Unable to update firewall rule id=" + currentRuleId, e); + } finally { + try { + if (rs != null) { + rs.close(); + } + + if (pstmt != null) { + pstmt.close(); + } + } catch (SQLException e) { + } + } + } + } diff --git a/setup/db/create-schema.sql b/setup/db/create-schema.sql index 7e863df623c..aa4a125b246 100755 --- a/setup/db/create-schema.sql +++ b/setup/db/create-schema.sql @@ -588,11 +588,13 @@ CREATE TABLE `cloud`.`firewall_rules` ( `created` datetime COMMENT 'Date created', `icmp_code` int(10) COMMENT 'The ICMP code (if protocol=ICMP). A value of -1 means all codes for the given ICMP type.', `icmp_type` int(10) COMMENT 'The ICMP type (if protocol=ICMP). A value of -1 means all types.', + `related` bigint unsigned COMMENT 'related to what other firewall rule', PRIMARY KEY (`id`), CONSTRAINT `fk_firewall_rules__ip_address_id` FOREIGN KEY(`ip_address_id`) REFERENCES `user_ip_address`(`id`), CONSTRAINT `fk_firewall_rules__network_id` FOREIGN KEY(`network_id`) REFERENCES `networks`(`id`) ON DELETE CASCADE, CONSTRAINT `fk_firewall_rules__account_id` FOREIGN KEY(`account_id`) REFERENCES `account`(`id`) ON DELETE CASCADE, CONSTRAINT `fk_firewall_rules__domain_id` FOREIGN KEY(`domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE, + CONSTRAINT `fk_firewall_rules__related` FOREIGN KEY(`related`) REFERENCES `firewall_rules`(`id`) ON DELETE CASCADE, INDEX `i_firewall_rules__purpose`(`purpose`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; diff --git a/setup/db/db/schema-229to2210.sql b/setup/db/db/schema-229to2210.sql index dffa1a3fbfc..be9ebf80609 100644 --- a/setup/db/db/schema-229to2210.sql +++ b/setup/db/db/schema-229to2210.sql @@ -18,3 +18,15 @@ ALTER TABLE `cloud`.`host` MODIFY `storage_ip_address` char(40); INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-server', 'network.redundantrouter', 'false', 'enable/disable redundant virtual router'); INSERT IGNORE INTO configuration VALUES ('Storage', 'DEFAULT', 'management-server', 'storage.pool.max.waitseconds', '3600', 'Timeout (in seconds) to synchronize storage pool operations.'); INSERT IGNORE INTO configuration VALUES ('Storage', 'DEFAULT', 'management-server', 'storage.template.cleanup.enabled', 'true', 'Enable/disable template cleanup activity, only take effect when overall storage cleanup is enabled'); + + +ALTER TABLE `cloud`.`firewall_rules` ADD COLUMN `icmp_code` int(10) COMMENT 'The ICMP code (if protocol=ICMP). A value of -1 means all codes for the given ICMP type.'; +ALTER TABLE `cloud`.`firewall_rules` ADD COLUMN `icmp_type` int(10) COMMENT 'The ICMP type (if protocol=ICMP). A value of -1 means all types.'; +ALTER TABLE `cloud`.`firewall_rules` ADD COLUMN `related` bigint unsigned COMMENT 'related to what other firewall rule'; +ALTER TABLE `cloud`.`firewall_rules` ADD CONSTRAINT `fk_firewall_rules__related` FOREIGN KEY(`related`) REFERENCES `firewall_rules`(`id`) ON DELETE CASCADE; + +ALTER TABLE `cloud`.`firewall_rules` MODIFY `start_port` int(10) COMMENT 'starting port of a port range'; +ALTER TABLE `cloud`.`firewall_rules` MODIFY `end_port` int(10) COMMENT 'end port of a port range'; + +INSERT IGNORE INTO `cloud`.`configuration` (category, instance, name, value, description) VALUES ('Network', 'DEFAULT', 'firewall.rule.ui.enabled', 'true', 'enable/disable UI that separates firewall rules from NAT/LB rules'); + From 34ffbdfceb8128ec5c4da412b35812eed02f0415 Mon Sep 17 00:00:00 2001 From: Chiradeep Vittal Date: Thu, 11 Aug 2011 18:23:35 -0700 Subject: [PATCH 05/65] bug 11084: ensure AH and ESP protocols are allowed in when creating a VPN --- .../debian/vpn/opt/cloud/bin/vpn_l2tp.sh | 28 ++++++++++++------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/patches/systemvm/debian/vpn/opt/cloud/bin/vpn_l2tp.sh b/patches/systemvm/debian/vpn/opt/cloud/bin/vpn_l2tp.sh index abffc5ef208..fdafdac5b37 100755 --- a/patches/systemvm/debian/vpn/opt/cloud/bin/vpn_l2tp.sh +++ b/patches/systemvm/debian/vpn/opt/cloud/bin/vpn_l2tp.sh @@ -42,18 +42,26 @@ iptables_() { local subnet_if="eth0" local subnet_ip=$(get_intf_ip $subnet_if) - iptables $op INPUT -i $public_if --dst $public_ip -p udp -m udp --dport 500 -j ACCEPT - iptables $op INPUT -i $public_if --dst $public_ip -p udp -m udp --dport 4500 -j ACCEPT - iptables $op INPUT -i $public_if --dst $public_ip -p udp -m udp --dport 1701 -j ACCEPT - iptables $op INPUT -i eth2 -p ah -j ACCEPT - iptables $op INPUT -i eth2 -p esp -j ACCEPT - iptables $op FORWARD -i ppp+ -o $subnet_if -j ACCEPT - iptables $op FORWARD -i $subnet_if -o ppp+ -j ACCEPT - iptables $op FORWARD -i ppp+ -o ppp+ -j ACCEPT - iptables $op INPUT -i ppp+ -m udp -p udp --dport 53 -j ACCEPT + sudo iptables $op INPUT -i $public_if --dst $public_ip -p udp -m udp --dport 500 -j ACCEPT + sudo iptables $op INPUT -i $public_if --dst $public_ip -p udp -m udp --dport 4500 -j ACCEPT + sudo iptables $op INPUT -i $public_if --dst $public_ip -p udp -m udp --dport 1701 -j ACCEPT + sudo iptables $op INPUT -i eth2 -p ah -j ACCEPT + sudo iptables $op INPUT -i eth2 -p esp -j ACCEPT + sudo iptables $op FORWARD -i ppp+ -o $subnet_if -j ACCEPT + sudo iptables $op FORWARD -i $subnet_if -o ppp+ -j ACCEPT + sudo iptables $op FORWARD -i ppp+ -o ppp+ -j ACCEPT + sudo iptables $op INPUT -i ppp+ -m udp -p udp --dport 53 -j ACCEPT + sudo iptables -t nat $op PREROUTING -i ppp+ -p udp -m udp --dport 53 -j DNAT --to-destination $subnet_ip + if sudo iptables -t mangle -N FIREWALL_$public_ip &> /dev/null + then + logger -t cloud "$(basename $0): created firewall chain in PREROUTING mangle" + fi + op2="-D" + [ "$op" == "-A" ] && op2="-I" + sudo iptables -t mangle $op FIREWALL_$public_ip -p ah -j ACCEPT + sudo iptables -t mangle $op FIREWALL_$public_ip -p esp -j ACCEPT - iptables -t nat $op PREROUTING -i ppp+ -p udp -m udp --dport 53 -j DNAT --to-destination $subnet_ip } From b560880907194b1faefca724201700a9948eb19a Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Thu, 11 Aug 2011 23:36:31 -0700 Subject: [PATCH 06/65] Add alert and log for redundant router state change --- .../router/VirtualNetworkApplianceManagerImpl.java | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index f71b76bb8ad..44eca6d0586 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -760,6 +760,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian if (!router.getIsRedundantRouter()) { continue; } + RedundantState prevState = router.getRedundantState(); if (router.getState() != State.Running) { router.setRedundantState(RedundantState.UNKNOWN); updated = true; @@ -807,6 +808,18 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian txn.close(); } } + RedundantState currState = router.getRedundantState(); + if (prevState != currState) { + String title = "Redundant virtual router " + router.getInstanceName() + + " just switch from " + prevState + " to " + currState; + String context = "Redundant virtual router (name: " + router.getHostName() + ", id: " + router.getId() + ") " + + " just switch from " + prevState + " to " + currState; + s_logger.info(context); + if (currState == RedundantState.MASTER) { + _alertMgr.sendAlert(AlertManager.ALERT_TYPE_DOMAIN_ROUTER, + router.getDataCenterIdToDeployIn(), router.getPodIdToDeployIn(), title, context); + } + } } } From c30faf8b5360bbb77902bf37a92315d3fc4a818b Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Fri, 12 Aug 2011 00:04:57 -0700 Subject: [PATCH 07/65] bug 11083: Fix broadcast address is 0.0.0.0 The reason is: 1. In redundant router, we won't enable eth2(public network interface) until keepalived determine the router is MASTER. 2. ipassoc.sh normally kick in before keepalived process running. And it would set eth2's IP address using "ip addr add $dev $ip" 3. "ip addr add $dev $ip" won't add mask for the device, then there is no way to update broadcast address for eth2. Then broadcast address is 0.0.0.0. 4. As long as "ip addr add $dev $ip" executed, later executed "ifconfig $dev $ip netmask $mask" won't calculated the broadcast address from $ip and $mask. To fix this, we enable and configure eth2 temporaily when cloud-early-config executed, then disable eth2 interface. By this way, broadcast address of should be calculated and set correctly. status 11083: resolved fixed --- patches/systemvm/debian/config/etc/init.d/cloud-early-config | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config index cbdb975163e..c732f693f04 100755 --- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config +++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config @@ -162,9 +162,10 @@ setup_interface() { fi ifdown $intf - if [ "$RROUTER" != "1" -o "$1" != "2" ] + ifup $intf + if [ "$RROUTER" == "1" -a "$1" == "2" ] then - ifup $intf + ifdown $intf fi } From 00dbaf09545cc8889ba77382d60aec04867a47a4 Mon Sep 17 00:00:00 2001 From: Naredula Janardhana Reddy Date: Fri, 12 Aug 2011 12:53:50 +0530 Subject: [PATCH 08/65] bug 10561: allowing to create a firewall rule with sameport range but different protocols --- server/src/com/cloud/network/firewall/FirewallManagerImpl.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java index eff3e2210c9..877f8d5acf7 100644 --- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java @@ -232,7 +232,8 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma } - boolean allowFirewall = ((rule.getPurpose() == Purpose.Firewall || newRule.getPurpose() == Purpose.Firewall) && newRule.getPurpose() != rule.getPurpose()); + boolean allowFirewall = ((rule.getPurpose() == Purpose.Firewall || newRule.getPurpose() == Purpose.Firewall) && ((newRule.getPurpose() != rule.getPurpose()) || (!newRule.getProtocol().equalsIgnoreCase(rule.getProtocol())))); + if (!allowFirewall) { if (rule.getPurpose() == Purpose.StaticNat && newRule.getPurpose() != Purpose.StaticNat) { From e7a199e253ecd3cc80fe180a2ae07b70c76cdfc2 Mon Sep 17 00:00:00 2001 From: Nitin Date: Fri, 12 Aug 2011 12:21:02 +0530 Subject: [PATCH 09/65] bug 11096: ExtractTemplate - For private template choose the correct sec storage host id since its not present in all the sec storage now. --- .../DeleteEntityDownloadURLCommand.java | 12 ++++++- .../storage/template/UploadManagerImpl.java | 2 +- .../storage/upload/UploadMonitorImpl.java | 34 ++++++------------- 3 files changed, 23 insertions(+), 25 deletions(-) diff --git a/api/src/com/cloud/agent/api/storage/DeleteEntityDownloadURLCommand.java b/api/src/com/cloud/agent/api/storage/DeleteEntityDownloadURLCommand.java index 05066b06549..24e1f074072 100755 --- a/api/src/com/cloud/agent/api/storage/DeleteEntityDownloadURLCommand.java +++ b/api/src/com/cloud/agent/api/storage/DeleteEntityDownloadURLCommand.java @@ -25,12 +25,14 @@ public class DeleteEntityDownloadURLCommand extends AbstractDownloadCommand { private String path; private String extractUrl; private Upload.Type type; + private String parentPath; - public DeleteEntityDownloadURLCommand(String path, Upload.Type type, String url) { + public DeleteEntityDownloadURLCommand(String path, Upload.Type type, String url, String parentPath) { super(); this.path = path; this.type = type; this.extractUrl = url; + this.parentPath = parentPath; } public DeleteEntityDownloadURLCommand() { @@ -61,4 +63,12 @@ public class DeleteEntityDownloadURLCommand extends AbstractDownloadCommand { this.extractUrl = extractUrl; } + public String getParentPath() { + return parentPath; + } + + public void setParentPath(String parentPath) { + this.parentPath = parentPath; + } + } diff --git a/core/src/com/cloud/storage/template/UploadManagerImpl.java b/core/src/com/cloud/storage/template/UploadManagerImpl.java index da88da86868..583f6f0af4d 100755 --- a/core/src/com/cloud/storage/template/UploadManagerImpl.java +++ b/core/src/com/cloud/storage/template/UploadManagerImpl.java @@ -411,7 +411,7 @@ public class UploadManagerImpl implements UploadManager { if(cmd.getType() == Upload.Type.VOLUME){ command = new Script("/bin/bash", s_logger); command.add("-c"); - command.add("rm -f " + parentDir +File.separator+ path); + command.add("rm -f /mnt/SecStorage/" + cmd.getParentPath() +File.separator+ path); s_logger.warn(" " +parentDir +File.separator+ path); result = command.execute(); if (result != null) { diff --git a/server/src/com/cloud/storage/upload/UploadMonitorImpl.java b/server/src/com/cloud/storage/upload/UploadMonitorImpl.java index 320954a460e..5eabeced5e8 100755 --- a/server/src/com/cloud/storage/upload/UploadMonitorImpl.java +++ b/server/src/com/cloud/storage/upload/UploadMonitorImpl.java @@ -194,26 +194,13 @@ public class UploadMonitorImpl implements UploadMonitor { String errorString = ""; boolean success = false; - List storageServers = _serverDao.listByTypeDataCenter(Host.Type.SecondaryStorage, dataCenterId); - if(storageServers == null || storageServers.size() == 0) { - throw new CloudRuntimeException("No Storage Server found at the datacenter - " +dataCenterId); - } - + Host secStorage = ApiDBUtils.findHostById(vmTemplateHost.getHostId()); Type type = (template.getFormat() == ImageFormat.ISO) ? Type.ISO : Type.TEMPLATE ; - List storageServerVMs = _serverDao.listByTypeDataCenter(Host.Type.SecondaryStorageVM, dataCenterId); - //Check if one ssvm is up - boolean no_vm_up = true; - HostVO use_ssvm = null; - for (HostVO ssvm: storageServerVMs){ - if(ssvm.getStatus() == com.cloud.host.Status.Up){ - no_vm_up = false; - use_ssvm = ssvm; - break; - } - } - if(no_vm_up){ - throw new CloudRuntimeException("Couldnt create extract link - Secondary Storage Vm is not up"); + //Check if ssvm is up + HostVO ssvm = _agentMgr.getSSAgent(ApiDBUtils.findHostById(vmTemplateHost.getHostId())); + if( ssvm == null ) { + throw new CloudRuntimeException("There is no secondary storage VM for secondary storage host " + secStorage.getId()); } //Check if it already exists. @@ -223,7 +210,7 @@ public class UploadMonitorImpl implements UploadMonitor { } // It doesn't exist so create a DB entry. - UploadVO uploadTemplateObj = new UploadVO(use_ssvm.getId(), template.getId(), new Date(), + UploadVO uploadTemplateObj = new UploadVO(vmTemplateHost.getHostId(), template.getId(), new Date(), Status.DOWNLOAD_URL_NOT_CREATED, 0, type, Mode.HTTP_DOWNLOAD); uploadTemplateObj.setInstallPath(vmTemplateHost.getInstallPath()); _uploadDao.persist(uploadTemplateObj); @@ -231,8 +218,8 @@ public class UploadMonitorImpl implements UploadMonitor { // Create Symlink at ssvm String path = vmTemplateHost.getInstallPath(); String uuid = UUID.randomUUID().toString() + path.substring(path.length() - 4) ; // last 4 characters of the path specify the format like .vhd - CreateEntityDownloadURLCommand cmd = new CreateEntityDownloadURLCommand(storageServers.get(0).getParent(), path, uuid); - long result = send(use_ssvm.getId(), cmd, null); + CreateEntityDownloadURLCommand cmd = new CreateEntityDownloadURLCommand(secStorage.getParent(), path, uuid); + long result = send(ssvm.getId(), cmd, null); if (result == -1){ errorString = "Unable to create a link for " +type+ " id:"+template.getId(); s_logger.error(errorString); @@ -474,10 +461,11 @@ public class UploadMonitorImpl implements UploadMonitor { for (UploadVO extractJob : extractJobs){ if( getTimeDiff(extractJob.getLastUpdated()) > EXTRACT_URL_LIFE_LIMIT_IN_SECONDS ){ String path = extractJob.getInstallPath(); + HostVO secStorage = ApiDBUtils.findHostById(extractJob.getHostId()); s_logger.debug("Sending deletion of extract URL "+extractJob.getUploadUrl()); // Would delete the symlink for the Type and if Type == VOLUME then also the volume - DeleteEntityDownloadURLCommand cmd = new DeleteEntityDownloadURLCommand(path, extractJob.getType(),extractJob.getUploadUrl()); - HostVO ssvm = _agentMgr.getSSAgent(ApiDBUtils.findHostById(extractJob.getHostId())); + DeleteEntityDownloadURLCommand cmd = new DeleteEntityDownloadURLCommand(path, extractJob.getType(),extractJob.getUploadUrl(), secStorage.getParent()); + HostVO ssvm = _agentMgr.getSSAgent(secStorage); if( ssvm == null ) { s_logger.warn("There is no secondary storage VM for secondary storage host " + extractJob.getHostId()); continue; From ba9a127d3e46a7e847bb9d80738d2a40f3d8af32 Mon Sep 17 00:00:00 2001 From: Murali Reddy Date: Fri, 12 Aug 2011 17:30:01 +0530 Subject: [PATCH 10/65] bug 10923: changes for snapshot command to carry primary storage pool path --- .../com/cloud/agent/api/BackupSnapshotCommand.java | 11 ++++++++++- .../com/cloud/agent/api/ManageSnapshotCommand.java | 13 +++++++++++-- .../cloud/storage/snapshot/SnapshotManagerImpl.java | 6 ++++-- 3 files changed, 25 insertions(+), 5 deletions(-) diff --git a/api/src/com/cloud/agent/api/BackupSnapshotCommand.java b/api/src/com/cloud/agent/api/BackupSnapshotCommand.java index b00da5aed64..afff7368c70 100644 --- a/api/src/com/cloud/agent/api/BackupSnapshotCommand.java +++ b/api/src/com/cloud/agent/api/BackupSnapshotCommand.java @@ -17,7 +17,9 @@ */ package com.cloud.agent.api; +import com.cloud.agent.api.to.StorageFilerTO; import com.cloud.agent.api.to.SwiftTO; +import com.cloud.storage.StoragePool; /** * When a snapshot of a VDI is taken, it creates two new files, @@ -33,7 +35,8 @@ public class BackupSnapshotCommand extends SnapshotCommand { private String vmName; private Long snapshotId; private SwiftTO swift; - + StorageFilerTO pool; + protected BackupSnapshotCommand() { } @@ -55,6 +58,7 @@ public class BackupSnapshotCommand extends SnapshotCommand { Long volumeId, Long snapshotId, String volumePath, + StoragePool pool, String snapshotUuid, String snapshotName, String prevSnapshotUuid, @@ -68,6 +72,7 @@ public class BackupSnapshotCommand extends SnapshotCommand { this.prevBackupUuid = prevBackupUuid; this.isVolumeInactive = isVolumeInactive; this.vmName = vmName; + this.pool = new StorageFilerTO(pool); setVolumePath(volumePath); } @@ -98,4 +103,8 @@ public class BackupSnapshotCommand extends SnapshotCommand { public Long getSnapshotId() { return snapshotId; } + + public StorageFilerTO getPool() { + return pool; + } } \ No newline at end of file diff --git a/api/src/com/cloud/agent/api/ManageSnapshotCommand.java b/api/src/com/cloud/agent/api/ManageSnapshotCommand.java index efcb37d2ab2..0693509e6a7 100644 --- a/api/src/com/cloud/agent/api/ManageSnapshotCommand.java +++ b/api/src/com/cloud/agent/api/ManageSnapshotCommand.java @@ -17,6 +17,9 @@ */ package com.cloud.agent.api; + +import com.cloud.agent.api.to.StorageFilerTO; +import com.cloud.storage.StoragePool; public class ManageSnapshotCommand extends Command { @@ -29,7 +32,8 @@ public class ManageSnapshotCommand extends Command { // Information about the volume that the snapshot is based on private String _volumePath = null; - + StorageFilerTO _pool; + // Information about the snapshot private String _snapshotPath = null; private String _snapshotName = null; @@ -38,9 +42,10 @@ public class ManageSnapshotCommand extends Command { public ManageSnapshotCommand() {} - public ManageSnapshotCommand(long snapshotId, String volumePath, String preSnapshotPath ,String snapshotName, String vmName) { + public ManageSnapshotCommand(long snapshotId, String volumePath, StoragePool pool, String preSnapshotPath ,String snapshotName, String vmName) { _commandSwitch = ManageSnapshotCommand.CREATE_SNAPSHOT; _volumePath = volumePath; + _pool = new StorageFilerTO(pool); _snapshotPath = preSnapshotPath; _snapshotName = snapshotName; _snapshotId = snapshotId; @@ -65,6 +70,10 @@ public class ManageSnapshotCommand extends Command { public String getVolumePath() { return _volumePath; } + + public StorageFilerTO getPool() { + return _pool; + } public String getSnapshotPath() { return _snapshotPath; diff --git a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java index adb5692dfc3..9767c0a0b04 100755 --- a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java +++ b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java @@ -265,7 +265,8 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma preSnapshotPath = preSnapshotVO.getPath(); } } - ManageSnapshotCommand cmd = new ManageSnapshotCommand(snapshotId, volume.getPath(), preSnapshotPath, snapshot.getName(), vmName); + StoragePoolVO srcPool = _storagePoolDao.findById(volume.getPoolId()); + ManageSnapshotCommand cmd = new ManageSnapshotCommand(snapshotId, volume.getPath(), srcPool, preSnapshotPath, snapshot.getName(), vmName); ManageSnapshotAnswer answer = (ManageSnapshotAnswer) sendToPool(volume, cmd); // Update the snapshot in the database @@ -557,7 +558,8 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma } boolean isVolumeInactive = _storageMgr.volumeInactive(volume); String vmName = _storageMgr.getVmNameOnVolume(volume); - BackupSnapshotCommand backupSnapshotCommand = new BackupSnapshotCommand(primaryStoragePoolNameLabel, secondaryStoragePoolUrl, dcId, accountId, volumeId, snapshot.getId(), volume.getPath(), snapshotUuid, + StoragePoolVO srcPool = _storagePoolDao.findById(volume.getPoolId()); + BackupSnapshotCommand backupSnapshotCommand = new BackupSnapshotCommand(primaryStoragePoolNameLabel, secondaryStoragePoolUrl, dcId, accountId, volumeId, snapshot.getId(), volume.getPath(), srcPool, snapshotUuid, snapshot.getName(), prevSnapshotUuid, prevBackupUuid, isVolumeInactive, vmName); if ( swift != null ) { From d32ca5ae4590b17289b9764b71d8d38ccec1af8b Mon Sep 17 00:00:00 2001 From: anthony Date: Fri, 12 Aug 2011 10:59:53 -0700 Subject: [PATCH 11/65] revert pool vm sync to host vm sync in startupcommand in 2.2.10. then XenServer upgrade is supported in 2.2.10 --- .../cloud/hypervisor/xen/resource/CitrixResourceBase.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java index a5fcc203484..7926a616c80 100644 --- a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java +++ b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java @@ -2578,8 +2578,10 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe } try { final HashMap vmStates = new HashMap(); - Map vmRs = VM.getAllRecords(conn); - for (VM.Record record : vmRs.values()) { + Host lhost = Host.getByUuid(conn, _host.uuid); + Set vms = lhost.getResidentVMs(conn); + for (VM vm: vms) { + VM.Record record = vm.getRecord(conn); if (record.isControlDomain || record.isASnapshot || record.isATemplate) { continue; // Skip DOM0 } From 671b360df7175c007a221172ec75836b6855bc03 Mon Sep 17 00:00:00 2001 From: alena Date: Fri, 12 Aug 2011 12:38:17 -0700 Subject: [PATCH 12/65] Resend firewall rules on domR restart --- api/src/com/cloud/agent/api/to/IpAddressTO.java | 3 ++- .../router/VirtualNetworkApplianceManagerImpl.java | 10 +++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/api/src/com/cloud/agent/api/to/IpAddressTO.java b/api/src/com/cloud/agent/api/to/IpAddressTO.java index 750757ffa54..f41f8f203ca 100644 --- a/api/src/com/cloud/agent/api/to/IpAddressTO.java +++ b/api/src/com/cloud/agent/api/to/IpAddressTO.java @@ -39,7 +39,7 @@ public class IpAddressTO { private TrafficType trafficType; private String[] networkTags; - public IpAddressTO(String ipAddress, boolean add, boolean firstIP, boolean sourceNat, String vlanId, String vlanGateway, String vlanNetmask, String vifMacAddress, String guestIp, Integer networkRate) { + public IpAddressTO(String ipAddress, boolean add, boolean firstIP, boolean sourceNat, String vlanId, String vlanGateway, String vlanNetmask, String vifMacAddress, String guestIp, Integer networkRate, boolean isOneToOneNat) { this.publicIp = ipAddress; this.add = add; this.firstIP = firstIP; @@ -50,6 +50,7 @@ public class IpAddressTO { this.vifMacAddress = vifMacAddress; this.guestIp = guestIp; this.networkRate = networkRate; + this.oneToOneNat = isOneToOneNat; } protected IpAddressTO() { diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 44eca6d0586..6393947a4a0 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -1410,11 +1410,13 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian List pfRules = new ArrayList(); List staticNatFirewallRules = new ArrayList(); List staticNats = new ArrayList(); + List firewallRules = new ArrayList(); //Get information about all the rules (StaticNats and StaticNatRules; PFVPN to reapply on domR start) for (PublicIpAddress ip : publicIps) { pfRules.addAll(_pfRulesDao.listForApplication(ip.getId())); staticNatFirewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.StaticNat)); + firewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.Firewall)); RemoteAccessVpn vpn = _vpnDao.findById(ip.getId()); if (vpn != null) { @@ -1433,6 +1435,12 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian if (!staticNats.isEmpty()) { createApplyStaticNatCommands(staticNats, router, cmds); } + + //Re-apply firewall rules + s_logger.debug("Found " + staticNats.size() + " firewall rule(s) to apply as a part of domR " + router + " start."); + if (!firewallRules.isEmpty()) { + createFirewallRulesCommands(firewallRules, router, cmds); + } // Re-apply port forwarding rules s_logger.debug("Found " + pfRules.size() + " port forwarding rule(s) to apply as a part of domR " + router + " start."); @@ -1892,7 +1900,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian String vmGuestAddress = null; - IpAddressTO ip = new IpAddressTO(ipAddr.getAddress().addr(), add, firstIP, sourceNat, vlanId, vlanGateway, vlanNetmask, vifMacAddress, vmGuestAddress, networkRate); + IpAddressTO ip = new IpAddressTO(ipAddr.getAddress().addr(), add, firstIP, sourceNat, vlanId, vlanGateway, vlanNetmask, vifMacAddress, vmGuestAddress, networkRate, ipAddr.isOneToOneNat()); ip.setTrafficType(network.getTrafficType()); ip.setNetworkTags(network.getTags()); ipsToSend[i++] = ip; From 1ee9afd8df9828f100946e83c31f98eb87de32fc Mon Sep 17 00:00:00 2001 From: Edison Su Date: Fri, 12 Aug 2011 14:40:38 -0700 Subject: [PATCH 13/65] fix NPE when listvolume if vm got destroyed --- server/src/com/cloud/api/ApiResponseHelper.java | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java index 37e794ddcd5..f0b232b3d88 100755 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@ -822,12 +822,14 @@ public class ApiResponseHelper implements ResponseGenerator { Long instanceId = volume.getInstanceId(); if (instanceId != null && volume.getState() != Volume.State.Destroy) { VMInstanceVO vm = ApiDBUtils.findVMInstanceById(instanceId); - volResponse.setVirtualMachineId(vm.getId()); - volResponse.setVirtualMachineName(vm.getHostName()); - UserVm userVm = ApiDBUtils.findUserVmById(vm.getId()); - if (userVm != null) { - volResponse.setVirtualMachineDisplayName(userVm.getDisplayName()); - volResponse.setVirtualMachineState(vm.getState().toString()); + if (vm != null) { + volResponse.setVirtualMachineId(vm.getId()); + volResponse.setVirtualMachineName(vm.getHostName()); + UserVm userVm = ApiDBUtils.findUserVmById(vm.getId()); + if (userVm != null) { + volResponse.setVirtualMachineDisplayName(userVm.getDisplayName()); + volResponse.setVirtualMachineState(vm.getState().toString()); + } } } From 989d862c5779f28176d2d3af6f913b8f4327a40b Mon Sep 17 00:00:00 2001 From: Jessica Wang Date: Thu, 11 Aug 2011 16:30:15 -0700 Subject: [PATCH 14/65] bug 10977: cloudStack - instance page - provide "Migrate Instance" action to all hypervisors. --- ui/scripts/cloud.core.instance.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/scripts/cloud.core.instance.js b/ui/scripts/cloud.core.instance.js index 21f15552681..02ea1a4a68b 100755 --- a/ui/scripts/cloud.core.instance.js +++ b/ui/scripts/cloud.core.instance.js @@ -1960,7 +1960,7 @@ function vmBuildActionMenu(jsonObj, $thisTab, $midmenuItem1) { buildActionLinkForTab("label.action.stop.instance", vmActionMap, $actionMenu, $midmenuItem1, $thisTab); buildActionLinkForTab("label.action.reboot.instance", vmActionMap, $actionMenu, $midmenuItem1, $thisTab); buildActionLinkForTab("label.action.destroy.instance", vmActionMap, $actionMenu, $midmenuItem1, $thisTab); - if (isAdmin() && (jsonObj.rootdevicetype == 'NetworkFilesystem' || jsonObj.rootdevicetype == 'IscsiLUN' || jsonObj.rootdevicetype == 'PreSetup') && jsonObj.hypervisor == 'XenServer') { + if (isAdmin() && (jsonObj.rootdevicetype == 'NetworkFilesystem' || jsonObj.rootdevicetype == 'IscsiLUN' || jsonObj.rootdevicetype == 'PreSetup')) { buildActionLinkForTab("label.action.migrate.instance", vmActionMap, $actionMenu, $midmenuItem1, $thisTab); } From 6fb2c6ca439648fd9de951750c31dee40a9cf470 Mon Sep 17 00:00:00 2001 From: Jessica Wang Date: Thu, 11 Aug 2011 16:50:15 -0700 Subject: [PATCH 15/65] bug 10977: cloudStack - instance page - limit "Migrate Instance" action to be only available for XenServer and VMware (because KVM does not support Migrate Instance). --- ui/scripts/cloud.core.instance.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ui/scripts/cloud.core.instance.js b/ui/scripts/cloud.core.instance.js index 02ea1a4a68b..ee3d71358c6 100755 --- a/ui/scripts/cloud.core.instance.js +++ b/ui/scripts/cloud.core.instance.js @@ -1960,7 +1960,10 @@ function vmBuildActionMenu(jsonObj, $thisTab, $midmenuItem1) { buildActionLinkForTab("label.action.stop.instance", vmActionMap, $actionMenu, $midmenuItem1, $thisTab); buildActionLinkForTab("label.action.reboot.instance", vmActionMap, $actionMenu, $midmenuItem1, $thisTab); buildActionLinkForTab("label.action.destroy.instance", vmActionMap, $actionMenu, $midmenuItem1, $thisTab); - if (isAdmin() && (jsonObj.rootdevicetype == 'NetworkFilesystem' || jsonObj.rootdevicetype == 'IscsiLUN' || jsonObj.rootdevicetype == 'PreSetup')) { + if (isAdmin() + && (jsonObj.rootdevicetype == 'NetworkFilesystem' || jsonObj.rootdevicetype == 'IscsiLUN' || jsonObj.rootdevicetype == 'PreSetup') + && (jsonObj.hypervisor == 'XenServer' || jsonObj.hypervisor == 'VMware')) + { buildActionLinkForTab("label.action.migrate.instance", vmActionMap, $actionMenu, $midmenuItem1, $thisTab); } From ecf9c37f7e1e282064006b9bdeedaa9b4d7012c0 Mon Sep 17 00:00:00 2001 From: Jessica Wang Date: Fri, 12 Aug 2011 16:14:35 -0700 Subject: [PATCH 16/65] bug 11108: cloudStack - IP Address page - Port Range tab - Create Port Range row - Make "Add" link under actions column instead of state column. --- ui/jsp/ipaddress.jsp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/jsp/ipaddress.jsp b/ui/jsp/ipaddress.jsp index 150ce9e31cc..88424a0fab0 100644 --- a/ui/jsp/ipaddress.jsp +++ b/ui/jsp/ipaddress.jsp @@ -347,7 +347,7 @@ dictionary = {
-
+
From 4a3635ee348d245293cdc44219386854e8000dbe Mon Sep 17 00:00:00 2001 From: alena Date: Fri, 12 Aug 2011 16:19:09 -0700 Subject: [PATCH 17/65] Remove firewall rule along with pf/staticNat/lb rule if the pf/staticNat/lb failed to create due to network rule conflict --- .../network/lb/LoadBalancingRulesManagerImpl.java | 11 +++++++++-- .../com/cloud/network/rules/RulesManagerImpl.java | 14 +++++++++++++- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java index 0d84e78f5ca..429988cbd42 100755 --- a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java +++ b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java @@ -53,8 +53,8 @@ import com.cloud.network.LoadBalancerVMMapVO; import com.cloud.network.LoadBalancerVO; import com.cloud.network.Network.Service; import com.cloud.network.NetworkManager; -import com.cloud.network.dao.FirewallRulesCidrsDao; import com.cloud.network.NetworkVO; +import com.cloud.network.dao.FirewallRulesCidrsDao; import com.cloud.network.dao.FirewallRulesDao; import com.cloud.network.dao.IPAddressDao; import com.cloud.network.dao.LoadBalancerDao; @@ -73,7 +73,6 @@ import com.cloud.user.UserContext; import com.cloud.user.dao.AccountDao; import com.cloud.uservm.UserVm; import com.cloud.utils.Pair; -import com.cloud.utils.component.Adapters; import com.cloud.utils.component.Inject; import com.cloud.utils.component.Manager; import com.cloud.utils.db.DB; @@ -132,6 +131,8 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager, ElasticLoadBalancerManager _elbMgr; @Inject NetworkDao _networkDao; + @Inject + FirewallRulesDao _firewallDao; @Override @@ -453,6 +454,12 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager, throw new CloudRuntimeException("Unable to add rule for ip address id=" + newRule.getSourceIpAddressId(), e); } finally { if (!success) { + + txn.start(); + _firewallDao.remove(_firewallDao.findByRelatedId(newRule.getId()).getId()); + _lbDao.remove(newRule.getId()); + txn.commit(); + _lbDao.remove(newRule.getId()); } } diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index a1eaa9f632b..57cd1db9f3e 100755 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -221,7 +221,14 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { txn.commit(); return newRule; } catch (Exception e) { + + txn.start(); + + _firewallDao.remove(_firewallDao.findByRelatedId(newRule.getId()).getId()); _forwardingDao.remove(newRule.getId()); + + txn.commit(); + if (e instanceof NetworkRuleConflictException) { throw (NetworkRuleConflictException) e; } @@ -280,7 +287,12 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { return staticNatRule; } catch (Exception e) { - _forwardingDao.remove(newRule.getId()); + + txn.start(); + _firewallDao.remove(_firewallDao.findByRelatedId(newRule.getId()).getId()); + _forwardingDao.remove(newRule.getId()); + txn.commit(); + if (e instanceof NetworkRuleConflictException) { throw (NetworkRuleConflictException) e; } From 78849c29593781170534dd6ed47781776ad074d0 Mon Sep 17 00:00:00 2001 From: alena Date: Fri, 12 Aug 2011 17:27:08 -0700 Subject: [PATCH 18/65] Revert "fix NPE when listvolume if vm got destroyed" This reverts commit 9bdaa9d967a6390cc1655ce7344d5af474890e4c. --- server/src/com/cloud/api/ApiResponseHelper.java | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java index f0b232b3d88..37e794ddcd5 100755 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@ -822,14 +822,12 @@ public class ApiResponseHelper implements ResponseGenerator { Long instanceId = volume.getInstanceId(); if (instanceId != null && volume.getState() != Volume.State.Destroy) { VMInstanceVO vm = ApiDBUtils.findVMInstanceById(instanceId); - if (vm != null) { - volResponse.setVirtualMachineId(vm.getId()); - volResponse.setVirtualMachineName(vm.getHostName()); - UserVm userVm = ApiDBUtils.findUserVmById(vm.getId()); - if (userVm != null) { - volResponse.setVirtualMachineDisplayName(userVm.getDisplayName()); - volResponse.setVirtualMachineState(vm.getState().toString()); - } + volResponse.setVirtualMachineId(vm.getId()); + volResponse.setVirtualMachineName(vm.getHostName()); + UserVm userVm = ApiDBUtils.findUserVmById(vm.getId()); + if (userVm != null) { + volResponse.setVirtualMachineDisplayName(userVm.getDisplayName()); + volResponse.setVirtualMachineState(vm.getState().toString()); } } From 5bd0ffa80a2629d2537de6adb6ecbbf38e554de0 Mon Sep 17 00:00:00 2001 From: Chiradeep Vittal Date: Fri, 12 Aug 2011 16:18:08 -0700 Subject: [PATCH 19/65] bug 11103: create firewall chains on ipassoc status 11103: resolved fixed bug 11106: this is somehow fixed / cannot reproduced status 11106: resolved fixed --- .../systemvm/debian/config/root/firewall.sh | 4 +- .../debian/config/root/firewall_rule.sh | 8 +- .../systemvm/debian/config/root/ipassoc.sh | 77 ++++++++++++++++++- .../debian/vpn/opt/cloud/bin/vpn_l2tp.sh | 12 +-- 4 files changed, 86 insertions(+), 15 deletions(-) diff --git a/patches/systemvm/debian/config/root/firewall.sh b/patches/systemvm/debian/config/root/firewall.sh index a4b60b55378..e9d5abb5cdb 100755 --- a/patches/systemvm/debian/config/root/firewall.sh +++ b/patches/systemvm/debian/config/root/firewall.sh @@ -142,10 +142,10 @@ fw_chain_for_ip() { local pubIp=$1 if iptables -t mangle -N FIREWALL_$pubIp &> /dev/null then - logger -t cloud "created a fw chain for $pubIp to DROP by default" + logger -t cloud "$(basename $0): created a firewall chain for $pubIp" (sudo iptables -t mangle -A FIREWALL_$pubIp -j DROP) && (sudo iptables -t mangle -I FIREWALL_$pubIp -m state --state RELATED,ESTABLISHED -j ACCEPT ) && - (sudo iptables -t mangle -I PREROUTING -d $pubIp -j FIREWALL_$pubIp) + (sudo iptables -t mangle -I PREROUTING 2 -d $pubIp -j FIREWALL_$pubIp) return $? fi logger -t cloud "fw chain for $pubIp already exists" diff --git a/patches/systemvm/debian/config/root/firewall_rule.sh b/patches/systemvm/debian/config/root/firewall_rule.sh index f0f8c0c1e2d..41d3927315a 100755 --- a/patches/systemvm/debian/config/root/firewall_rule.sh +++ b/patches/systemvm/debian/config/root/firewall_rule.sh @@ -29,17 +29,18 @@ usage() { fw_remove_backup() { local pubIp=$1 sudo iptables -t mangle -F _FIREWALL_$pubIp 2> /dev/null - sudo iptables -t mangle -D PREROUTING -j _FIREWALL_$pubIp -d $pubIp 2> /dev/null + sudo iptables -t mangle -D PREROUTING -d $pubIp -j _FIREWALL_$pubIp 2> /dev/null sudo iptables -t mangle -X _FIREWALL_$pubIp 2> /dev/null } fw_restore() { local pubIp=$1 sudo iptables -t mangle -F FIREWALL_$pubIp 2> /dev/null - sudo iptables -t mangle -D PREROUTING -j FIREWALL_$pubIp -d $pubIp 2> /dev/null + sudo iptables -t mangle -D PREROUTING -d $pubIp -j FIREWALL_$pubIp 2> /dev/null sudo iptables -t mangle -X FIREWALL_$pubIp 2> /dev/null sudo iptables -t mangle -E _FIREWALL_$pubIp FIREWALL_$pubIp 2> /dev/null } + fw_chain_for_ip () { local pubIp=$1 fw_remove_backup $1 @@ -49,7 +50,8 @@ fw_chain_for_ip () { sudo iptables -t mangle -A FIREWALL_$pubIp -j DROP> /dev/null # ensure outgoing connections are maintained (first rule in chain) sudo iptables -t mangle -I FIREWALL_$pubIp -m state --state RELATED,ESTABLISHED -j ACCEPT> /dev/null - sudo iptables -t mangle -I PREROUTING -d $pubIp -j FIREWALL_$pubIp + #ensure that this table is after VPN chain + sudo iptables -t mangle -I PREROUTING 2 -d $pubIp -j FIREWALL_$pubIp } fw_entry_for_public_ip() { diff --git a/patches/systemvm/debian/config/root/ipassoc.sh b/patches/systemvm/debian/config/root/ipassoc.sh index 949b8ac4671..afc9fb5b71d 100644 --- a/patches/systemvm/debian/config/root/ipassoc.sh +++ b/patches/systemvm/debian/config/root/ipassoc.sh @@ -30,6 +30,69 @@ usage() { printf " %s -D -l -c [-f] \n" $(basename $0) >&2 } +add_fw_chain_for_ip () { + local pubIp=$(echo $1 | awk -F'/' '{print $1}') + if sudo iptables -t mangle -N FIREWALL_$pubIp &> /dev/null + then + logger -t cloud "$(basename $0): created firewall chain for $pubIp" + #drop if no rules match (this will be the last rule in the chain) + sudo iptables -t mangle -A FIREWALL_$pubIp -j DROP> /dev/null + #ensure outgoing connections are maintained (first rule in chain) + sudo iptables -t mangle -I FIREWALL_$pubIp -m state --state RELATED,ESTABLISHED -j ACCEPT> /dev/null + #ensure that this table is after VPN chain + sudo iptables -t mangle -I PREROUTING 2 -d $pubIp -j FIREWALL_$pubIp + return $? + fi + logger -t cloud "$(basename $0): firewall chain for $pubIp already exists" +} + +add_vpn_chain_for_ip () { + local pubIp=$(echo $1 | awk -F'/' '{print $1}') + if sudo iptables -t mangle -N VPN_$pubIp &> /dev/null + then + logger -t cloud "$(basename $0): created VPN chain for $pubIp" + #ensure outgoing connections are maintained (first rule in chain) + sudo iptables -t mangle -I VPN_$pubIp -m state --state RELATED,ESTABLISHED -j ACCEPT + sudo iptables -t mangle -A VPN_$pubIp -j RETURN + #ensure that this table is the first + sudo iptables -t mangle -I PREROUTING 1 -d $pubIp -j VPN_$pubIp + return $? + fi + logger -t cloud "$(basename $0): VPN chain for $pubIp already exists" +} + +del_fw_chain_for_ip () { + local pubIp=$(echo $1 | awk -F'/' '{print $1}') + if ! sudo iptables -t mangle -N FIREWALL_$pubIp &> /dev/null + then + logger -t cloud "$(basename $0): destroying firewall chain for $pubIp" + sudo iptables -t mangle -D PREROUTING -d $pubIp -j FIREWALL_$pubIp + sudo iptables -t mangle -F FIREWALL_$pubIp + sudo iptables -t mangle -X FIREWALL_$pubIp + return $? + fi + # firewall chain got created as a result of testing for the chain, cleanup + sudo iptables -t mangle -F FIREWALL_$pubIp + sudo iptables -t mangle -X FIREWALL_$pubIp + logger -t cloud "$(basename $0): firewall chain did not exist for $pubIp, cleaned up" +} + +del_vpn_chain_for_ip () { + local pubIp=$(echo $1 | awk -F'/' '{print $1}') + if ! sudo iptables -t mangle -N VPN_$pubIp &> /dev/null + then + logger -t cloud "$(basename $0): destroying vpn chain for $pubIp" + sudo iptables -t mangle -D PREROUTING -d $pubIp -j VPN_$pubIp + sudo iptables -t mangle -F VPN_$pubIp + sudo iptables -t mangle -X VPN_$pubIp + return $? + fi + # vpn chain got created as a result of testing for the chain, cleanup + sudo iptables -t mangle -F VPN_$pubIp + sudo iptables -t mangle -X VPN_$pubIp + logger -t cloud "$(basename $0): vpn chain did not exist for $pubIp, cleaned up" +} + add_nat_entry() { local pubIp=$1 logger -t cloud "$(basename $0):Adding nat entry for ip $pubIp on interface $ethDev" @@ -195,25 +258,31 @@ fi if [ "$fflag" == "1" ] && [ "$Aflag" == "1" ] then - add_nat_entry $publicIp + add_nat_entry $publicIp && + add_vpn_chain_for_ip $publicIp && + add_fw_chain_for_ip $publicIp exit $? fi if [ "$Aflag" == "1" ] then - add_an_ip $publicIp + add_an_ip $publicIp && + add_fw_chain_for_ip $publicIp exit $? fi if [ "$fflag" == "1" ] && [ "$Dflag" == "1" ] then - del_nat_entry $publicIp + del_nat_entry $publicIp && + del_fw_chain_for_ip $publicIp && + del_vpn_chain_for_ip $publicIp exit $? fi if [ "$Dflag" == "1" ] then - remove_an_ip $publicIp + remove_an_ip $publicIp && + del_fw_chain_for_ip $publicIp exit $? fi diff --git a/patches/systemvm/debian/vpn/opt/cloud/bin/vpn_l2tp.sh b/patches/systemvm/debian/vpn/opt/cloud/bin/vpn_l2tp.sh index fdafdac5b37..80815783760 100755 --- a/patches/systemvm/debian/vpn/opt/cloud/bin/vpn_l2tp.sh +++ b/patches/systemvm/debian/vpn/opt/cloud/bin/vpn_l2tp.sh @@ -53,16 +53,16 @@ iptables_() { sudo iptables $op INPUT -i ppp+ -m udp -p udp --dport 53 -j ACCEPT sudo iptables -t nat $op PREROUTING -i ppp+ -p udp -m udp --dport 53 -j DNAT --to-destination $subnet_ip - if sudo iptables -t mangle -N FIREWALL_$public_ip &> /dev/null + if sudo iptables -t mangle -N VPN_$public_ip &> /dev/null then - logger -t cloud "$(basename $0): created firewall chain in PREROUTING mangle" + logger -t cloud "$(basename $0): created VPN chain in PREROUTING mangle" + sudo iptables -t mangle -I PREROUTING -d $public_ip -j VPN_$public_ip + sudo iptables -t mangle -A VPN_$public_ip -j RETURN fi op2="-D" [ "$op" == "-A" ] && op2="-I" - sudo iptables -t mangle $op FIREWALL_$public_ip -p ah -j ACCEPT - sudo iptables -t mangle $op FIREWALL_$public_ip -p esp -j ACCEPT - - + sudo iptables -t mangle $op VPN_$public_ip -p ah -j ACCEPT + sudo iptables -t mangle $op VPN_$public_ip -p esp -j ACCEPT } ipsec_server() { From 716e305355c9bcbdc84e630e9d5dcb0737e51444 Mon Sep 17 00:00:00 2001 From: alena Date: Fri, 12 Aug 2011 18:00:16 -0700 Subject: [PATCH 20/65] If one of the static nat rules failed to apply on the backend, the end result should be false --- .../agent/api/routing/SetFirewallRulesAnswer.java | 2 +- .../api/routing/SetPortForwardingRulesAnswer.java | 4 ++-- .../agent/api/routing/SetStaticNatRulesAnswer.java | 2 +- .../virtualnetwork/VirtualRoutingResource.java | 11 +++++++++-- .../hypervisor/xen/resource/CitrixResourceBase.java | 11 +++++++++-- 5 files changed, 22 insertions(+), 8 deletions(-) diff --git a/api/src/com/cloud/agent/api/routing/SetFirewallRulesAnswer.java b/api/src/com/cloud/agent/api/routing/SetFirewallRulesAnswer.java index 99fbe7f055f..92f6fa60ed5 100644 --- a/api/src/com/cloud/agent/api/routing/SetFirewallRulesAnswer.java +++ b/api/src/com/cloud/agent/api/routing/SetFirewallRulesAnswer.java @@ -25,7 +25,7 @@ public class SetFirewallRulesAnswer extends Answer { protected SetFirewallRulesAnswer() { } - public SetFirewallRulesAnswer(SetFirewallRulesCommand cmd, Boolean success, String[] results) { + public SetFirewallRulesAnswer(SetFirewallRulesCommand cmd, boolean success, String[] results) { super(cmd, success, null); assert (cmd.getRules().length == results.length) : "rules and their results should be the same length don't you think?"; this.results = results; diff --git a/api/src/com/cloud/agent/api/routing/SetPortForwardingRulesAnswer.java b/api/src/com/cloud/agent/api/routing/SetPortForwardingRulesAnswer.java index b24d077a540..a0a6958f734 100644 --- a/api/src/com/cloud/agent/api/routing/SetPortForwardingRulesAnswer.java +++ b/api/src/com/cloud/agent/api/routing/SetPortForwardingRulesAnswer.java @@ -25,8 +25,8 @@ public class SetPortForwardingRulesAnswer extends Answer { super(); } - public SetPortForwardingRulesAnswer(SetPortForwardingRulesCommand cmd, String[] results) { - super(cmd, true, null); + public SetPortForwardingRulesAnswer(SetPortForwardingRulesCommand cmd, String[] results, boolean success) { + super(cmd, success, null); assert(cmd.getRules().length == results.length) : "Shouldn't the results match the commands?"; this.results = results; diff --git a/api/src/com/cloud/agent/api/routing/SetStaticNatRulesAnswer.java b/api/src/com/cloud/agent/api/routing/SetStaticNatRulesAnswer.java index f393e8d31de..5063dbbfb6d 100644 --- a/api/src/com/cloud/agent/api/routing/SetStaticNatRulesAnswer.java +++ b/api/src/com/cloud/agent/api/routing/SetStaticNatRulesAnswer.java @@ -25,7 +25,7 @@ public class SetStaticNatRulesAnswer extends Answer { super(); } - public SetStaticNatRulesAnswer(SetStaticNatRulesCommand cmd, String[] results, Boolean success) { + public SetStaticNatRulesAnswer(SetStaticNatRulesCommand cmd, String[] results, boolean success) { super(cmd, success, null); assert(cmd.getRules().length == results.length) : "Shouldn't the results match the commands?"; diff --git a/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java b/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java index e911d443ca6..5fa68c094e7 100755 --- a/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java +++ b/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java @@ -171,6 +171,8 @@ public class VirtualRoutingResource implements Manager { String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP); String[] results = new String[cmd.getRules().length]; int i = 0; + + boolean endResult = true; for (PortForwardingRuleTO rule : cmd.getRules()) { String result = null; final Script command = new Script(_firewallPath, _timeout, s_logger); @@ -183,10 +185,15 @@ public class VirtualRoutingResource implements Manager { command.add("-r ", rule.getDstIp()); command.add("-d ", rule.getStringDstPortRange()); result = command.execute(); - results[i++] = (!(result == null || result.isEmpty())) ? "Failed" : null; + if (result == null || result.isEmpty()) { + results[i++] = "Failed"; + endResult = false; + } else { + results[i++] = null; + } } - return new SetPortForwardingRulesAnswer(cmd, results); + return new SetPortForwardingRulesAnswer(cmd, results, endResult); } private Answer execute(SetStaticNatRulesCommand cmd) { diff --git a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java index 7926a616c80..14e44c152fd 100644 --- a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java +++ b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java @@ -1244,6 +1244,8 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP); String[] results = new String[cmd.getRules().length]; int i = 0; + + boolean endResult = true; for (PortForwardingRuleTO rule : cmd.getRules()) { StringBuilder args = new StringBuilder(); args.append(routerIp); @@ -1256,10 +1258,15 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe String result = callHostPlugin(conn, "vmops", "setFirewallRule", "args", args.toString()); - results[i++] = (result == null || result.isEmpty()) ? "Failed" : null; + if (result == null || result.isEmpty()) { + results[i++] = "Failed"; + endResult = false; + } else { + results[i++] = null; + } } - return new SetPortForwardingRulesAnswer(cmd, results); + return new SetPortForwardingRulesAnswer(cmd, results, endResult); } protected SetStaticNatRulesAnswer execute(SetStaticNatRulesCommand cmd) { From 9253860347b98196f466ed1de1d5f35ee57e3b44 Mon Sep 17 00:00:00 2001 From: alena Date: Fri, 12 Aug 2011 18:16:21 -0700 Subject: [PATCH 21/65] Fixed error message --- server/src/com/cloud/network/NetworkManagerImpl.java | 2 +- server/src/com/cloud/network/firewall/FirewallManagerImpl.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index f4a50f22cb2..78330fff998 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -2641,7 +2641,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag @Override public String getIpInNetwork(long vmId, long networkId) { Nic guestNic = getNicInNetwork(vmId, networkId); - assert (guestNic != null && guestNic.getIp4Address() != null) : "Vm doesn't belong to network associated with ipAddress or ip4 address is null...how is it possible?"; + assert (guestNic != null && guestNic.getIp4Address() != null) : "Vm doesn't belong to network associated with ipAddress or ip4 address is null?"; return guestNic.getIp4Address(); } diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java index 877f8d5acf7..cac974a9a0a 100644 --- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java @@ -288,7 +288,7 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma } Network network = _networkMgr.getNetwork(networkId); - assert network != null : "Can't create port forwarding rule as network associated with public ip address is null...how is it possible?"; + assert network != null : "Can't create port forwarding rule as network associated with public ip address is null?"; if (portStart != null && !NetUtils.isValidPort(portStart)) { throw new InvalidParameterValueException("publicPort is an invalid value: " + portStart); From 98386a6c00630fcd3d61a49eff1037e47c684598 Mon Sep 17 00:00:00 2001 From: frank Date: Fri, 12 Aug 2011 18:15:31 -0700 Subject: [PATCH 22/65] Fix typo in cloud-management script --- .../centos/SYSCONFDIR/rc.d/init.d/cloud-management.in | 6 +++--- .../fedora/SYSCONFDIR/rc.d/init.d/cloud-management.in | 6 +++--- .../distro/rhel/SYSCONFDIR/rc.d/init.d/cloud-management.in | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/client/distro/centos/SYSCONFDIR/rc.d/init.d/cloud-management.in b/client/distro/centos/SYSCONFDIR/rc.d/init.d/cloud-management.in index 41dec4692a3..bee8e0608b0 100755 --- a/client/distro/centos/SYSCONFDIR/rc.d/init.d/cloud-management.in +++ b/client/distro/centos/SYSCONFDIR/rc.d/init.d/cloud-management.in @@ -40,13 +40,13 @@ stop() { let count="${count}+1" done if [ "$(ps --pid $pid | grep -c $pid)" -eq "0" ]; then - log_success_msg "Stopping Cloud-management" + log_success_msg "Stopping cloud-management:" else - log_failure_msg "Stopping Cloud-management" + log_failure_msg "Stopping cloud-management:" fi else echo "Cannot find PID file of Cloud-management" - log_failure_msg "Stopping Cloud-management" + log_failure_msg "Stopping cloud-management:" fi } diff --git a/client/distro/fedora/SYSCONFDIR/rc.d/init.d/cloud-management.in b/client/distro/fedora/SYSCONFDIR/rc.d/init.d/cloud-management.in index 3cb10bcac66..4c59e256008 100755 --- a/client/distro/fedora/SYSCONFDIR/rc.d/init.d/cloud-management.in +++ b/client/distro/fedora/SYSCONFDIR/rc.d/init.d/cloud-management.in @@ -49,13 +49,13 @@ stop() { let count="${count}+1" done if [ "$(ps --pid $pid | grep -c $pid)" -eq "0" ]; then - log_success_msg "Stopping Cloud-management" + log_success_msg "Stopping cloud-management:" else - log_failure_msg "Stopping Cloud-management" + log_failure_msg "Stopping cloud-management:" fi else echo "Cannot find PID file of Cloud-management" - log_failure_msg "Stopping Cloud-management" + log_failure_msg "Stopping cloud-management:" fi } diff --git a/client/distro/rhel/SYSCONFDIR/rc.d/init.d/cloud-management.in b/client/distro/rhel/SYSCONFDIR/rc.d/init.d/cloud-management.in index 41dec4692a3..bee8e0608b0 100644 --- a/client/distro/rhel/SYSCONFDIR/rc.d/init.d/cloud-management.in +++ b/client/distro/rhel/SYSCONFDIR/rc.d/init.d/cloud-management.in @@ -40,13 +40,13 @@ stop() { let count="${count}+1" done if [ "$(ps --pid $pid | grep -c $pid)" -eq "0" ]; then - log_success_msg "Stopping Cloud-management" + log_success_msg "Stopping cloud-management:" else - log_failure_msg "Stopping Cloud-management" + log_failure_msg "Stopping cloud-management:" fi else echo "Cannot find PID file of Cloud-management" - log_failure_msg "Stopping Cloud-management" + log_failure_msg "Stopping cloud-management:" fi } From e76a8d7f8a447d7d18176e6211a030bfcf9f931f Mon Sep 17 00:00:00 2001 From: alena Date: Fri, 12 Aug 2011 19:10:23 -0700 Subject: [PATCH 23/65] bug 11114: when release static nat as a part of vm expunge, do searchIncludingRemoved in nics table as the nics are marked as Removed before static nat is released status 11114: resolved fixed --- server/src/com/cloud/network/NetworkManager.java | 2 ++ server/src/com/cloud/network/NetworkManagerImpl.java | 9 ++++++++- server/src/com/cloud/network/rules/RulesManagerImpl.java | 9 ++++++++- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java index 09fa13e6c56..59be681a169 100644 --- a/server/src/com/cloud/network/NetworkManager.java +++ b/server/src/com/cloud/network/NetworkManager.java @@ -215,4 +215,6 @@ public interface NetworkManager extends NetworkService { boolean applyStaticNats(List staticNats, boolean continueOnError) throws ResourceUnavailableException; String getIpInNetwork(long vmId, long networkId); + + String getIpInNetworkIncludingRemoved(long vmId, long networkId); } diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 78330fff998..39b803fcbba 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -2641,7 +2641,14 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag @Override public String getIpInNetwork(long vmId, long networkId) { Nic guestNic = getNicInNetwork(vmId, networkId); - assert (guestNic != null && guestNic.getIp4Address() != null) : "Vm doesn't belong to network associated with ipAddress or ip4 address is null?"; + assert (guestNic != null && guestNic.getIp4Address() != null) : "Vm doesn't belong to network associated with ipAddress or ip4 address is null"; + return guestNic.getIp4Address(); + } + + @Override + public String getIpInNetworkIncludingRemoved(long vmId, long networkId) { + Nic guestNic = getNicInNetworkIncludingRemoved(vmId, networkId); + assert (guestNic != null && guestNic.getIp4Address() != null) : "Vm doesn't belong to network associated with ipAddress or ip4 address is null"; return guestNic.getIp4Address(); } diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index 57cd1db9f3e..f08c67be578 100755 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -1096,7 +1096,14 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { //create new static nat rule // Get nic IP4 address - String dstIp = _networkMgr.getIpInNetwork(sourceIp.getAssociatedWithVmId(), networkId); + + String dstIp; + if (forRevoke) { + dstIp = _networkMgr.getIpInNetworkIncludingRemoved(sourceIp.getAssociatedWithVmId(), networkId); + } else { + dstIp = _networkMgr.getIpInNetwork(sourceIp.getAssociatedWithVmId(), networkId); + } + StaticNatImpl staticNat = new StaticNatImpl(sourceIp.getAccountId(), sourceIp.getDomainId(), networkId, sourceIpId, dstIp, forRevoke); staticNats.add(staticNat); From 20e28d67bf3d613c123f6a4195c8cc3b15c772e8 Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Fri, 12 Aug 2011 13:46:07 -0700 Subject: [PATCH 24/65] Fix ping in cloud-early-config The old ping don't have -w option --- .../systemvm/debian/config/etc/init.d/cloud-early-config | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config index c732f693f04..d7f607712bb 100755 --- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config +++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config @@ -250,10 +250,14 @@ setup_common() { fi # a hacking way to activate vSwitch under VMware - ping -n -c 3 -w 5 $GW + ping -n -c 3 $GW & + sleep 3 + pkill ping if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] then - ping -n -c 3 -w 5 $LOCAL_GW + ping -n -c 3 $LOCAL_GW & + sleep 3 + pkill ping fi } From 70be9c6ed199c86d828f92daa5db52c20adaa1fc Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Fri, 12 Aug 2011 19:10:15 -0700 Subject: [PATCH 25/65] bug 11105: Fix router with disconnected host We keep the stopped router there, but continue with the ones we can use. status bug 11105: resolved fixed --- .../router/VirtualNetworkApplianceManagerImpl.java | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 6393947a4a0..b7cc90b7b95 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -1053,11 +1053,14 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian } for (DomainRouterVO router : routers) { - State state = router.getState(); - if (state != State.Running) { - router = startVirtualRouter(router, _accountService.getSystemUser(), _accountService.getSystemAccount(), params); + HostVO host = _hostDao.findById(router.getHostId()); + if (host != null && host.getStatus() == Status.Up) { + State state = router.getState(); + if (state != State.Running) { + router = startVirtualRouter(router, _accountService.getSystemUser(), _accountService.getSystemAccount(), params); + } + runningRouters.add(router); } - runningRouters.add(router); } return runningRouters; } From 1b799a2792fee52f8016a5b31fb69b0f2168c063 Mon Sep 17 00:00:00 2001 From: alena Date: Fri, 12 Aug 2011 19:29:14 -0700 Subject: [PATCH 26/65] Fixed db upgrade issue for 229-2210 firewall rules --- server/src/com/cloud/upgrade/dao/Upgrade229to2210.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/server/src/com/cloud/upgrade/dao/Upgrade229to2210.java b/server/src/com/cloud/upgrade/dao/Upgrade229to2210.java index 0e8b74187cd..40e1fca18d7 100644 --- a/server/src/com/cloud/upgrade/dao/Upgrade229to2210.java +++ b/server/src/com/cloud/upgrade/dao/Upgrade229to2210.java @@ -104,10 +104,12 @@ public class Upgrade229to2210 implements DbUpgrade { pstmt.executeUpdate(); //get new FirewallRule update - pstmt = conn.prepareStatement("SELECT id from firewall_rules where purpose='Firewall' and start_port=? and end_port=? and protocol=?"); + pstmt = conn.prepareStatement("SELECT id from firewall_rules where purpose='Firewall' and start_port=? and end_port=? and protocol=? and ip_address_id=? and network_id=?"); pstmt.setInt(1, startPort); pstmt.setInt(2, endPort); pstmt.setString(3, protocol); + pstmt.setLong(4, ipId); + pstmt.setLong(5, networkId); ResultSet rs1 = pstmt.executeQuery(); From b9217f85e42d74034b95d6990b1c6af4dbf78360 Mon Sep 17 00:00:00 2001 From: alena Date: Fri, 12 Aug 2011 22:52:50 -0700 Subject: [PATCH 27/65] bug 11120: elb/load balancer config values should be the part of 229 to 2210 db upgrade, not 228 to 229 status 11120: resolved fixed --- setup/db/db/schema-229to2210.sql | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/setup/db/db/schema-229to2210.sql b/setup/db/db/schema-229to2210.sql index be9ebf80609..04699face49 100644 --- a/setup/db/db/schema-229to2210.sql +++ b/setup/db/db/schema-229to2210.sql @@ -30,3 +30,31 @@ ALTER TABLE `cloud`.`firewall_rules` MODIFY `end_port` int(10) COMMENT 'end port INSERT IGNORE INTO `cloud`.`configuration` (category, instance, name, value, description) VALUES ('Network', 'DEFAULT', 'firewall.rule.ui.enabled', 'true', 'enable/disable UI that separates firewall rules from NAT/LB rules'); + +INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'management-server', 'agent.load.threshold', '0.70', 'Percentage (as a value between 0 and 1) of connected agents after which agent load balancing will start happening'); +INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-server', 'network.loadbalancer.haproxy.stats.visibility', 'global', 'Load Balancer(haproxy) stats visibilty, it can be global,guest-network,disabled'); +INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-server', 'network.loadbalancer.haproxy.stats.uri','/admin?stats','Load Balancer(haproxy) uri.'); +INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-server', 'network.loadbalancer.haproxy.stats.auth','admin1:AdMiN123','Load Balancer(haproxy) authetication string in the format username:password'); +INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-server', 'network.loadbalancer.haproxy.stats.port','8081','Load Balancer(haproxy) stats port number.'); +INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'NetworkManager', 'use.external.dns', 'false', 'Bypass the cloudstack DHCP/DNS server vm name service, use zone external dns1 and dns2'); +INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'management-server', 'network.loadbalancer.basiczone.elb.enabled', 'false', 'Whether the load balancing service is enabled for basic zones'); +INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'management-server', 'network.loadbalancer.basiczone.elb.gc.interval.minutes', '120', 'Garbage collection interval to destroy unused ELB vms in minutes. Minimum of 5'); +INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'management-server', 'network.loadbalancer.basiczone.elb.network', 'guest', 'Whether the elastic load balancing service public ips are taken from the public or guest network'); +INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'management-server', 'network.loadbalancer.basiczone.elb.vm.cpu.mhz', '128', 'CPU speed for the elastic load balancer vm'); +INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'management-server', 'network.loadbalancer.basiczone.elb.vm.ram.size', '128', 'Memory in MB for the elastic load balancer vm'); +INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'management-server', 'network.loadbalancer.basiczone.elb.vm.vcpu.num', '1', 'Number of VCPU for the elastic load balancer vm'); + + +CREATE TABLE IF NOT exists `cloud`.`elastic_lb_vm_map` ( + `id` bigint unsigned NOT NULL auto_increment, + `ip_addr_id` bigint unsigned NOT NULL, + `elb_vm_id` bigint unsigned NOT NULL, + `lb_id` bigint unsigned, + PRIMARY KEY (`id`), + CONSTRAINT `fk_elastic_lb_vm_map__ip_id` FOREIGN KEY `fk_elastic_lb_vm_map__ip_id` (`ip_addr_id`) REFERENCES `user_ip_address` (`id`) ON DELETE CASCADE, + CONSTRAINT `fk_elastic_lb_vm_map__elb_vm_id` FOREIGN KEY `fk_elastic_lb_vm_map__elb_vm_id` (`elb_vm_id`) REFERENCES `vm_instance` (`id`) ON DELETE CASCADE, + CONSTRAINT `fk_elastic_lb_vm_map__lb_id` FOREIGN KEY `fk_elastic_lb_vm_map__lb_id` (`lb_id`) REFERENCES `load_balancing_rules` (`id`) ON DELETE CASCADE +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +UPDATE `cloud`.`network_offerings` SET lb_service=1 where unique_name='System-Guest-Network'; + From d4990c82ca03c227fe3b8b355f13782087d4da5b Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Sat, 13 Aug 2011 00:08:21 -0700 Subject: [PATCH 28/65] bug 11122: Fix router startup The new created router got hostId = 0. status 11122: resolved fixed --- .../cloud/network/element/VirtualRouterElement.java | 3 +++ .../router/VirtualNetworkApplianceManagerImpl.java | 10 ++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/server/src/com/cloud/network/element/VirtualRouterElement.java b/server/src/com/cloud/network/element/VirtualRouterElement.java index f7fe4354b53..c6862261354 100644 --- a/server/src/com/cloud/network/element/VirtualRouterElement.java +++ b/server/src/com/cloud/network/element/VirtualRouterElement.java @@ -123,6 +123,9 @@ public class VirtualRouterElement extends DhcpElement implements NetworkElement, @SuppressWarnings("unchecked") VirtualMachineProfile uservm = (VirtualMachineProfile)vm; List routers = _routerMgr.deployVirtualRouter(network, dest, _accountMgr.getAccount(network.getAccountId()), uservm.getParameters(), isRedundant); + if ((routers == null) || (routers.size() == 0)) { + throw new ResourceUnavailableException("Can't find at least one running router!", this.getClass(), 0); + } List rets = _routerMgr.addVirtualMachineIntoNetwork(network, nic, uservm, dest, context, routers); return (rets != null) && (!rets.isEmpty()); } else { diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index b7cc90b7b95..de765267380 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -1053,8 +1053,14 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian } for (DomainRouterVO router : routers) { - HostVO host = _hostDao.findById(router.getHostId()); - if (host != null && host.getStatus() == Status.Up) { + boolean skip = false; + if (router.getHostId() != null) { + HostVO host = _hostDao.findById(router.getHostId()); + if (host == null || host.getStatus() != Status.Up) { + skip = true; + } + } + if (!skip) { State state = router.getState(); if (state != State.Running) { router = startVirtualRouter(router, _accountService.getSystemUser(), _accountService.getSystemAccount(), params); From 829ee7b241b76c2e60c8555c9fbefadd4ff77073 Mon Sep 17 00:00:00 2001 From: alena Date: Sat, 13 Aug 2011 00:53:06 -0700 Subject: [PATCH 29/65] Improved logging in 229 to 2210 upgrade --- server/src/com/cloud/upgrade/dao/Upgrade229to2210.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/com/cloud/upgrade/dao/Upgrade229to2210.java b/server/src/com/cloud/upgrade/dao/Upgrade229to2210.java index 40e1fca18d7..2b985fb0aa8 100644 --- a/server/src/com/cloud/upgrade/dao/Upgrade229to2210.java +++ b/server/src/com/cloud/upgrade/dao/Upgrade229to2210.java @@ -116,7 +116,7 @@ public class Upgrade229to2210 implements DbUpgrade { if (rs1.next()) { firewallRuleId = rs1.getLong(1); } else { - throw new CloudRuntimeException("Unable to find just inserted firewall rule for ptocol " + protocol + ", start_port " + startPort + " and end_port " + endPort); + throw new CloudRuntimeException("Unable to find just inserted firewall rule for ptocol " + protocol + ", start_port " + startPort + " and end_port " + endPort + " and ip address id=" + ipId); } pstmt = conn.prepareStatement("select id from firewall_rules_cidrs where firewall_rule_id=?"); From 0b11a835afb029c3b25675a04fdca09bd219cdb2 Mon Sep 17 00:00:00 2001 From: alena Date: Mon, 15 Aug 2011 10:41:31 -0700 Subject: [PATCH 30/65] Fixed the bug in allocator where cluster was added to avoid set as pod --- .../manager/allocator/impl/FirstFitAllocator.java | 12 ++---------- server/src/com/cloud/deploy/FirstFitPlanner.java | 2 +- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/server/src/com/cloud/agent/manager/allocator/impl/FirstFitAllocator.java b/server/src/com/cloud/agent/manager/allocator/impl/FirstFitAllocator.java index a6f4915c5bc..880b4fc6823 100755 --- a/server/src/com/cloud/agent/manager/allocator/impl/FirstFitAllocator.java +++ b/server/src/com/cloud/agent/manager/allocator/impl/FirstFitAllocator.java @@ -19,10 +19,8 @@ package com.cloud.agent.manager.allocator.impl; import java.util.ArrayList; import java.util.Collections; -import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.Set; import javax.ejb.Local; import javax.naming.ConfigurationException; @@ -30,17 +28,16 @@ import javax.naming.ConfigurationException; import org.apache.log4j.Logger; import com.cloud.agent.manager.allocator.HostAllocator; +import com.cloud.capacity.CapacityManager; import com.cloud.configuration.dao.ConfigurationDao; -import com.cloud.dc.DataCenterVO; -import com.cloud.dc.HostPodVO; import com.cloud.deploy.DeploymentPlan; import com.cloud.deploy.DeploymentPlanner.ExcludeList; import com.cloud.host.DetailVO; import com.cloud.host.Host; import com.cloud.host.Host.Type; import com.cloud.host.HostVO; -import com.cloud.host.dao.HostDetailsDao; import com.cloud.host.dao.HostDao; +import com.cloud.host.dao.HostDetailsDao; import com.cloud.offering.ServiceOffering; import com.cloud.service.dao.ServiceOfferingDao; import com.cloud.storage.GuestOSCategoryVO; @@ -52,17 +49,12 @@ import com.cloud.uservm.UserVm; import com.cloud.utils.NumbersUtil; import com.cloud.utils.component.ComponentLocator; import com.cloud.utils.component.Inject; -import com.cloud.vm.ConsoleProxyVO; -import com.cloud.vm.DomainRouterVO; -import com.cloud.vm.SecondaryStorageVmVO; -import com.cloud.vm.UserVmVO; import com.cloud.vm.VirtualMachine; import com.cloud.vm.VirtualMachineProfile; import com.cloud.vm.dao.ConsoleProxyDao; import com.cloud.vm.dao.DomainRouterDao; import com.cloud.vm.dao.SecondaryStorageVmDao; import com.cloud.vm.dao.UserVmDao; -import com.cloud.capacity.CapacityManager; /** * An allocator that tries to find a fit on a computing host. This allocator does not care whether or not the host supports routing. diff --git a/server/src/com/cloud/deploy/FirstFitPlanner.java b/server/src/com/cloud/deploy/FirstFitPlanner.java index 405562f7e0b..a2de4031266 100644 --- a/server/src/com/cloud/deploy/FirstFitPlanner.java +++ b/server/src/com/cloud/deploy/FirstFitPlanner.java @@ -235,7 +235,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner { return checkClustersforDestination(clusterList, vmProfile, plan, avoid, dc, _allocationAlgorithm); }else{ s_logger.debug("The specified cluster cannot be found, returning."); - avoid.addPod(plan.getClusterId()); + avoid.addCluster(plan.getClusterId()); return null; } }else if (plan.getPodId() != null) { From 87cde3e73c9b2282b7d9eb1a454aad642b5389a0 Mon Sep 17 00:00:00 2001 From: alena Date: Mon, 15 Aug 2011 11:17:30 -0700 Subject: [PATCH 31/65] bug 10567: In Basic zone, throw an exception with Pod scope when vm failed to be added to the network - so we retry to start it in a different pod --- .../VirtualNetworkApplianceManagerImpl.java | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index de765267380..39eee8c71a6 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -76,6 +76,7 @@ import com.cloud.dc.DataCenter; import com.cloud.dc.DataCenter.NetworkType; import com.cloud.dc.DataCenterVO; import com.cloud.dc.HostPodVO; +import com.cloud.dc.Pod; import com.cloud.dc.dao.AccountVlanMapDao; import com.cloud.dc.dao.DataCenterDao; import com.cloud.dc.dao.HostPodDao; @@ -1657,9 +1658,9 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian //for basic zone: //1) send vm data/password information only to the dhcp in the same pod //2) send dhcp/dns information to all routers in the cloudstack only when _dnsBasicZoneUpdates is set to "all" value - + Long podId = null; if (isZoneBasic) { - Long podId = dest.getPod().getId(); + podId = dest.getPod().getId(); if (router.getPodIdToDeployIn().longValue() != podId.longValue()) { sendPasswordAndVmData = false; if (_dnsBasicZoneUpdates.equalsIgnoreCase("pod")) { @@ -1716,6 +1717,11 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian } if (cmds.size() > 0) { + boolean podLevelException = false; + //for user vm in Basic zone we should try to re-deploy vm in a diff pod if it fails to deploy in original pod; so throwing exception with Pod scope + if (isZoneBasic && podId != null && profile.getVirtualMachine().getType() == VirtualMachine.Type.User && network.getTrafficType() == TrafficType.Guest && network.getGuestType() == GuestIpType.Direct) { + podLevelException = true; + } try { _agentMgr.send(router.getHostId(), cmds); } catch (OperationTimedoutException e) { @@ -1725,18 +1731,27 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian Answer answer = cmds.getAnswer("dhcp"); if (!answer.getResult()) { s_logger.error("Unable to set dhcp entry for " + profile + " on domR: " + router.getHostName() + " due to " + answer.getDetails()); + if (podLevelException) { + throw new ResourceUnavailableException("Unable to set dhcp entry for " + profile + " due to " + answer.getDetails(), Pod.class, podId); + } throw new ResourceUnavailableException("Unable to set dhcp entry for " + profile + " due to " + answer.getDetails(), DataCenter.class, router.getDataCenterIdToDeployIn()); } answer = cmds.getAnswer("password"); if (answer != null && !answer.getResult()) { s_logger.error("Unable to set password for " + profile + " due to " + answer.getDetails()); + if (podLevelException) { + throw new ResourceUnavailableException("Unable to set password due to " + answer.getDetails(), Pod.class, podId); + } throw new ResourceUnavailableException("Unable to set password due to " + answer.getDetails(), DataCenter.class, router.getDataCenterIdToDeployIn()); } answer = cmds.getAnswer("vmdata"); if (answer != null && !answer.getResult()) { s_logger.error("Unable to set VM data for " + profile + " due to " + answer.getDetails()); + if (podLevelException) { + throw new ResourceUnavailableException("Unable to set VM data due to " + answer.getDetails(), Pod.class, podId); + } throw new ResourceUnavailableException("Unable to set VM data due to " + answer.getDetails(), DataCenter.class, router.getDataCenterIdToDeployIn()); } } From 63219277ecd4a048227b93650c35544b0f23aa79 Mon Sep 17 00:00:00 2001 From: anthony Date: Mon, 15 Aug 2011 13:53:29 -0700 Subject: [PATCH 32/65] VLAN patch for XenServer 5.6 --- .../xenserver/xenserver56/InterfaceReconfigure.py | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/scripts/vm/hypervisor/xenserver/xenserver56/InterfaceReconfigure.py b/scripts/vm/hypervisor/xenserver/xenserver56/InterfaceReconfigure.py index 9723c6617eb..229ff765e59 100755 --- a/scripts/vm/hypervisor/xenserver/xenserver56/InterfaceReconfigure.py +++ b/scripts/vm/hypervisor/xenserver/xenserver56/InterfaceReconfigure.py @@ -375,8 +375,7 @@ class DatabaseCache(object): def __get_vlan_records_from_xapi(self, session): self.__vlans = {} - for v in session.xenapi.VLAN.get_all(): - rec = session.xenapi.VLAN.get_record(v) + for (v,rec) in session.xenapi.VLAN.get_all_records().items(): if not self.__pif_on_host(rec['untagged_PIF']): continue self.__vlans[v] = {} @@ -385,8 +384,7 @@ class DatabaseCache(object): def __get_bond_records_from_xapi(self, session): self.__bonds = {} - for b in session.xenapi.Bond.get_all(): - rec = session.xenapi.Bond.get_record(b) + for (b,rec) in session.xenapi.Bond.get_all_records().items(): if not self.__pif_on_host(rec['master']): continue self.__bonds[b] = {} @@ -395,8 +393,7 @@ class DatabaseCache(object): def __get_network_records_from_xapi(self, session): self.__networks = {} - for n in session.xenapi.network.get_all(): - rec = session.xenapi.network.get_record(n) + for (n,rec) in session.xenapi.network.get_all_records().items(): self.__networks[n] = {} for f in _NETWORK_ATTRS: if f == "PIFs": From de3662405b4c8f502996eeb412e3e4d455110d93 Mon Sep 17 00:00:00 2001 From: alena Date: Mon, 15 Aug 2011 14:23:43 -0700 Subject: [PATCH 33/65] Added missing license headers --- .../api/commands/CreateFirewallRuleCmd.java | 2 +- .../api/commands/DeleteFirewallRuleCmd.java | 2 +- .../api/commands/ListFirewallRulesCmd.java | 2 +- .../network/firewall/FirewallManagerImpl.java | 18 ++++++++++++++++++ .../cloud/network/rules/FirewallManager.java | 17 +++++++++++++++++ 5 files changed, 38 insertions(+), 3 deletions(-) diff --git a/api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java b/api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java index 0594a5c5108..9e9ada6f9b4 100644 --- a/api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java @@ -1,5 +1,5 @@ /** - * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * Copyright (C) 2011 Citrix Systems, Inc. All rights reserved * * This software is licensed under the GNU General Public License v3 or later. * diff --git a/api/src/com/cloud/api/commands/DeleteFirewallRuleCmd.java b/api/src/com/cloud/api/commands/DeleteFirewallRuleCmd.java index 17e67f9a49a..4433fb23e7c 100644 --- a/api/src/com/cloud/api/commands/DeleteFirewallRuleCmd.java +++ b/api/src/com/cloud/api/commands/DeleteFirewallRuleCmd.java @@ -1,5 +1,5 @@ /** - * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * Copyright (C) 2011 Citrix Systems, Inc. All rights reserved * * This software is licensed under the GNU General Public License v3 or later. * diff --git a/api/src/com/cloud/api/commands/ListFirewallRulesCmd.java b/api/src/com/cloud/api/commands/ListFirewallRulesCmd.java index 5b08b9815f8..e72eba210d6 100644 --- a/api/src/com/cloud/api/commands/ListFirewallRulesCmd.java +++ b/api/src/com/cloud/api/commands/ListFirewallRulesCmd.java @@ -1,5 +1,5 @@ /** - * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * Copyright (C) 2011 Citrix Systems, Inc. All rights reserved * * This software is licensed under the GNU General Public License v3 or later. * diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java index cac974a9a0a..2cc9bd014d5 100644 --- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java @@ -1,3 +1,21 @@ +/** + * Copyright (C) 2011 Citrix Systems, Inc. All rights reserved + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + package com.cloud.network.firewall; import java.util.ArrayList; diff --git a/server/src/com/cloud/network/rules/FirewallManager.java b/server/src/com/cloud/network/rules/FirewallManager.java index a3827eac978..21d80b57010 100644 --- a/server/src/com/cloud/network/rules/FirewallManager.java +++ b/server/src/com/cloud/network/rules/FirewallManager.java @@ -1,3 +1,20 @@ +/** + * Copyright (C) 2011 Citrix Systems, Inc. All rights reserved + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ package com.cloud.network.rules; import java.util.List; From 73c642ec597463aaa49e755f7bf47ef12e095cd0 Mon Sep 17 00:00:00 2001 From: Kelven Yang Date: Mon, 15 Aug 2011 16:58:54 -0700 Subject: [PATCH 34/65] re-enable HA logic on VM state synchronization for VMware --- .../src/com/cloud/ha/HighAvailabilityManagerImpl.java | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/server/src/com/cloud/ha/HighAvailabilityManagerImpl.java b/server/src/com/cloud/ha/HighAvailabilityManagerImpl.java index a4210a5c13b..854abd2c239 100644 --- a/server/src/com/cloud/ha/HighAvailabilityManagerImpl.java +++ b/server/src/com/cloud/ha/HighAvailabilityManagerImpl.java @@ -187,11 +187,6 @@ public class HighAvailabilityManagerImpl implements HighAvailabilityManager, Clu return; } - if(host.getHypervisorType() == HypervisorType.VMware) { - s_logger.warn("Skip HA for VMware host " + host.getId()); - return; - } - s_logger.warn("Scheduling restart for VMs on host " + host.getId()); final List vms = _instanceDao.listByHostId(host.getId()); @@ -275,11 +270,6 @@ public class HighAvailabilityManagerImpl implements HighAvailabilityManager, Clu return; } - if(vm.getHypervisorType() == HypervisorType.VMware) { - s_logger.info("Skip HA for VMware VM " + vm.getInstanceName()); - return; - } - if (!investigate) { if (s_logger.isDebugEnabled()) { s_logger.debug("VM does not require investigation so I'm marking it as Stopped: " + vm.toString()); From ba5dd131db51c98c266e71138b5ca8fb40dd5b52 Mon Sep 17 00:00:00 2001 From: Kelven Yang Date: Mon, 15 Aug 2011 18:56:15 -0700 Subject: [PATCH 35/65] bug 11137: don't start HTTP listen if it is already started --- .../consoleproxy/ConsoleProxyResource.java | 59 ++++++++++--------- 1 file changed, 31 insertions(+), 28 deletions(-) diff --git a/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java b/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java index 54739feb106..943a2020f38 100644 --- a/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java +++ b/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java @@ -318,38 +318,41 @@ public class ConsoleProxyResource extends ServerResourceBase implements ServerRe private void launchConsoleProxy(final byte[] ksBits, final String ksPassword) { final Object resource = this; - - _consoleProxyMain = new Thread(new Runnable() { - public void run() { - try { - Class consoleProxyClazz = Class.forName("com.cloud.consoleproxy.ConsoleProxy"); + if(_consoleProxyMain == null) { + _consoleProxyMain = new Thread(new Runnable() { + public void run() { try { - Method method = consoleProxyClazz.getMethod("startWithContext", Properties.class, Object.class, byte[].class, String.class); - method.invoke(null, _properties, resource, ksBits, ksPassword); - } catch (SecurityException e) { - s_logger.error("Unable to launch console proxy due to SecurityException"); - System.exit(ExitStatus.Error.value()); - } catch (NoSuchMethodException e) { - s_logger.error("Unable to launch console proxy due to NoSuchMethodException"); - System.exit(ExitStatus.Error.value()); - } catch (IllegalArgumentException e) { - s_logger.error("Unable to launch console proxy due to IllegalArgumentException"); - System.exit(ExitStatus.Error.value()); - } catch (IllegalAccessException e) { - s_logger.error("Unable to launch console proxy due to IllegalAccessException"); - System.exit(ExitStatus.Error.value()); - } catch (InvocationTargetException e) { - s_logger.error("Unable to launch console proxy due to InvocationTargetException"); + Class consoleProxyClazz = Class.forName("com.cloud.consoleproxy.ConsoleProxy"); + try { + Method method = consoleProxyClazz.getMethod("startWithContext", Properties.class, Object.class, byte[].class, String.class); + method.invoke(null, _properties, resource, ksBits, ksPassword); + } catch (SecurityException e) { + s_logger.error("Unable to launch console proxy due to SecurityException"); + System.exit(ExitStatus.Error.value()); + } catch (NoSuchMethodException e) { + s_logger.error("Unable to launch console proxy due to NoSuchMethodException"); + System.exit(ExitStatus.Error.value()); + } catch (IllegalArgumentException e) { + s_logger.error("Unable to launch console proxy due to IllegalArgumentException"); + System.exit(ExitStatus.Error.value()); + } catch (IllegalAccessException e) { + s_logger.error("Unable to launch console proxy due to IllegalAccessException"); + System.exit(ExitStatus.Error.value()); + } catch (InvocationTargetException e) { + s_logger.error("Unable to launch console proxy due to InvocationTargetException"); + System.exit(ExitStatus.Error.value()); + } + } catch (final ClassNotFoundException e) { + s_logger.error("Unable to launch console proxy due to ClassNotFoundException"); System.exit(ExitStatus.Error.value()); } - } catch (final ClassNotFoundException e) { - s_logger.error("Unable to launch console proxy due to ClassNotFoundException"); - System.exit(ExitStatus.Error.value()); } - } - }, "Console-Proxy-Main"); - _consoleProxyMain.setDaemon(true); - _consoleProxyMain.start(); + }, "Console-Proxy-Main"); + _consoleProxyMain.setDaemon(true); + _consoleProxyMain.start(); + } else { + s_logger.error("com.cloud.consoleproxy.ConsoleProxy is already running"); + } } public boolean authenticateConsoleAccess(String host, String port, String vmId, String sid, String ticket) { From ee724fc12f9ade391a9353338b9893062580a92f Mon Sep 17 00:00:00 2001 From: kishan Date: Tue, 16 Aug 2011 19:41:59 +0530 Subject: [PATCH 36/65] Added sql queries and script to update new template and restart networks --- setup/bindir/cloud-sysvmadm.in | 93 ++++++++++++++++++++++++++++++-- setup/db/db/schema-229to2210.sql | 11 +++- 2 files changed, 100 insertions(+), 4 deletions(-) diff --git a/setup/bindir/cloud-sysvmadm.in b/setup/bindir/cloud-sysvmadm.in index 70f186deac4..64006e3ae7f 100755 --- a/setup/bindir/cloud-sysvmadm.in +++ b/setup/bindir/cloud-sysvmadm.in @@ -5,7 +5,7 @@ #set -x usage() { - printf "\nThe tool stopping/starting running system vms and domain routers \n\nUsage: %s: [-d] [-u] [-p] [-m] [-s] [-r] [-a] [-t]\n\n -d - cloud DB server ip address, defaulted to localhost if not specified \n -u - user name to access cloud DB, defaulted to "root" if not specified \n -p - cloud DB user password, defaulted to no password if not specified \n\n -m - the ip address of management server, defaulted to localhost if not specified\n\n -s - stop then start all running SSVMs and Console Proxies \n -r - stop then start all running Virtual Routers\n -a - stop then start all running SSVMs, Console Proxies, and Virtual Routers \n -t - number of parallel threads used for stopping Domain Routers. Default is 5.\n -l - log file location. Default is cloud.log under current directory.\n\n" $(basename $0) >&2 + printf "\nThe tool stopping/starting running system vms and domain routers \n\nUsage: %s: [-d] [-u] [-p] [-m] [-s] [-r] [-a] [-t] [-e]\n\n -d - cloud DB server ip address, defaulted to localhost if not specified \n -u - user name to access cloud DB, defaulted to "root" if not specified \n -p - cloud DB user password, defaulted to no password if not specified \n\n -m - the ip address of management server, defaulted to localhost if not specified\n\n -s - stop then start all running SSVMs and Console Proxies \n -r - stop then start all running Virtual Routers\n -a - stop then start all running SSVMs, Console Proxies, and Virtual Routers \n -e - restart all Guest networks \n -t - number of parallel threads used for stopping Domain Routers. Default is 5.\n -l - log file location. Default is cloud.log under current directory.\n\n" $(basename $0) >&2 } @@ -21,13 +21,15 @@ maxthreads=5 LOGFILE=cloud.log -while getopts 'sarhd:m:u:p:t:l:' OPTION +while getopts 'sarhnd:m:u:p:t:l:' OPTION do case $OPTION in s) system=1 ;; r) router=1 ;; + n) redundant=1 + ;; a) all=1 ;; d) db="$OPTARG" @@ -195,6 +197,86 @@ reboot_router(){ } +restart_networks(){ + networks=(`mysql -h $db --user=$user --password=$password --skip-column-names -U cloud -e "select n.id from networks n, network_offerings no where n.network_offering_id = no.id and no.system_only = 0 and n.removed is null"`) + length_networks=(${#networks[@]}) + + echo -e "\nRestarting networks... " + echo -e "Restarting networks... " >>$LOGFILE + + #Spawn restart network in parallel - run commands in chunks - number of threads is configurable + + pids=() + for d in "${networks[@]}"; do + + restart_network $d & + + pids=( "${pids[@]}" $! ) + + length_pids=(${#pids[@]}) + unfinishedPids=(${#pids[@]}) + + if [ $maxthreads -gt $length_networks ]; then + maxthreads=$length_networks + fi + + if [ $length_pids -ge $maxthreads ]; then + while [ $unfinishedPids -gt 0 ]; do + sleep 10 + count=0 + for (( i = 0 ; i < $length_pids; i++ )); do + if ! ps ax | grep -v grep | grep ${pids[$i]} > /dev/null; then + count=`expr $count + 1` + fi + done + + if [ $count -eq $unfinishedPids ]; then + unfinishedPids=0 + fi + + done + + #remove all elements from pids + if [ $unfinishedPids -eq 0 ]; then + pids=() + length_pids=(${#pids[@]}) + fi + + fi + + done + + + if [ "$length_networks" == "0" ];then + echo -e "No networks found \n" >>$LOGFILE + else + while [ $unfinishedPids -gt 0 ]; do + sleep 10 + done + + echo -e "Done restarting networks. \n" + echo -e "Done restarting networks. \n" >>$LOGFILE + + fi +} + +restart_network(){ + jobid=`curl -sS "http://$ms:8096/?command=restartNetwork&id=$1&response=json" | sed 's/\"//g' | sed 's/ //g' | sed 's/{//g' | sed 's/}//g' | awk -F: {'print $3'}` + if [ "$jobid" == "" ]; then + echo "ERROR: Failed to restart network with id $1" >>$LOGFILE + echo 2 + return + fi + + jobresult=$(query_async_job_result $jobid) + + if [ "$jobresult" != "1" ]; then + echo "ERROR: Failed to restart network with id $1" >>$LOGFILE + else + echo "INFO: Successfully restarted network with id $1" >>$LOGFILE + fi + +} query_async_job_result() { while [ 1 ] @@ -208,7 +290,7 @@ sleep 5 done } -if [ "$system$router$all$help" == "" ] +if [ "$system$router$all$help$redundant" == "" ] then usage exit @@ -235,3 +317,8 @@ if [ "$router" == "1" ] then stop_start_router fi + +if [ "$redundant" == "1" ] +then + restart_networks +fi diff --git a/setup/db/db/schema-229to2210.sql b/setup/db/db/schema-229to2210.sql index 04699face49..dab13dbff8f 100644 --- a/setup/db/db/schema-229to2210.sql +++ b/setup/db/db/schema-229to2210.sql @@ -19,7 +19,6 @@ INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-serve INSERT IGNORE INTO configuration VALUES ('Storage', 'DEFAULT', 'management-server', 'storage.pool.max.waitseconds', '3600', 'Timeout (in seconds) to synchronize storage pool operations.'); INSERT IGNORE INTO configuration VALUES ('Storage', 'DEFAULT', 'management-server', 'storage.template.cleanup.enabled', 'true', 'Enable/disable template cleanup activity, only take effect when overall storage cleanup is enabled'); - ALTER TABLE `cloud`.`firewall_rules` ADD COLUMN `icmp_code` int(10) COMMENT 'The ICMP code (if protocol=ICMP). A value of -1 means all codes for the given ICMP type.'; ALTER TABLE `cloud`.`firewall_rules` ADD COLUMN `icmp_type` int(10) COMMENT 'The ICMP type (if protocol=ICMP). A value of -1 means all types.'; ALTER TABLE `cloud`.`firewall_rules` ADD COLUMN `related` bigint unsigned COMMENT 'related to what other firewall rule'; @@ -58,3 +57,13 @@ CREATE TABLE IF NOT exists `cloud`.`elastic_lb_vm_map` ( UPDATE `cloud`.`network_offerings` SET lb_service=1 where unique_name='System-Guest-Network'; +UPDATE `cloud`.`vm_template` SET type='SYSTEM' WHERE name='systemvm-xenserver-2.2.10'; +UPDATE `cloud`.`vm_template` SET type='SYSTEM' WHERE name='systemvm-kvm-2.2.10'; +UPDATE `cloud`.`vm_template` SET type='SYSTEM' WHERE name='systemvm-vSphere-2.2.10'; + +UPDATE vm_instance SET vm_template_id=(SELECT id FROM vm_template WHERE name='systemvm-xenserver-2.2.10' AND removed IS NULL) where vm_template_id=1; +UPDATE vm_instance SET vm_template_id=(SELECT id FROM vm_template WHERE name='systemvm-kvm-2.2.10' AND removed IS NULL) where vm_template_id=3; +UPDATE vm_instance SET vm_template_id=(SELECT id FROM vm_template WHERE name='systemvm-vSphere-2.2.10' AND removed IS NULL) where vm_template_id=8; + +-- Update system Vms using systemvm-xenserver-2.2.4 template; +UPDATE vm_instance SET vm_template_id=(SELECT id FROM vm_template WHERE name='systemvm-xenserver-2.2.10' AND removed IS NULL) where vm_template_id=(SELECT id FROM vm_template WHERE name='systemvm-xenserver-2.2.4' AND removed IS NULL); From bc8c78f102a2eeeb184a1d350f6e08997058cdd3 Mon Sep 17 00:00:00 2001 From: alena Date: Tue, 16 Aug 2011 09:51:31 -0700 Subject: [PATCH 37/65] Fixed spelling mistake --- server/src/com/cloud/vm/UserVmManagerImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index 9866e252e80..9a48add3c31 100755 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -2252,7 +2252,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager } } else if (defaultNetworks.size() > 1) { - throw new InvalidParameterValueException("More than 1 default network is found for accoun " + owner); + throw new InvalidParameterValueException("More than 1 default network is found for account " + owner); } else { defaultNetwork = defaultNetworks.get(0); } From 898051ecff5c10540ea9a0933a0df3f752d87826 Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Tue, 16 Aug 2011 11:41:59 -0700 Subject: [PATCH 38/65] Fix NPE when a router is fail to start Also enforce the check for restartNetworkCommand --- .../cloud/network/element/VirtualRouterElement.java | 12 +++++++++--- .../router/VirtualNetworkApplianceManagerImpl.java | 4 +++- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/server/src/com/cloud/network/element/VirtualRouterElement.java b/server/src/com/cloud/network/element/VirtualRouterElement.java index c6862261354..4cfc3fccbaa 100644 --- a/server/src/com/cloud/network/element/VirtualRouterElement.java +++ b/server/src/com/cloud/network/element/VirtualRouterElement.java @@ -63,6 +63,7 @@ import com.cloud.vm.ReservationContext; import com.cloud.vm.UserVmManager; import com.cloud.vm.VirtualMachine; import com.cloud.vm.VirtualMachineProfile; +import com.cloud.vm.VirtualMachine.State; import com.cloud.vm.dao.DomainRouterDao; import com.cloud.vm.dao.UserVmDao; @@ -153,17 +154,22 @@ public class VirtualRouterElement extends DhcpElement implements NetworkElement, } /* Get the host_id in order to find the cluster */ - long host_id = 0; + Long host_id = new Long(0); for (DomainRouterVO router : routers) { - host_id = router.getHostId(); + if (host_id == null || host_id == 0) { + host_id = (router.getHostId() != null ? router.getHostId() : router.getLastHostId()); + } /* FIXME it's not completely safe to ignore these failure, but we would try to push on now */ - if (_routerMgr.stopRouter(router.getId(), false) == null) { + if (router.getState() != State.Stopped || _routerMgr.stopRouter(router.getId(), false) == null) { s_logger.warn("Failed to stop virtual router element " + router + " as a part of network " + network + " restart"); } if (!_routerMgr.destroyRouter(router.getId())) { s_logger.warn("Failed to destroy virtual router element " + router + " as a part of network " + network + " restart"); } } + if (host_id == null || host_id == 0) { + throw new ResourceUnavailableException("Fail to locate virtual router element in network " + network.getId(), this.getClass(), 0); + } /* The cluster here is only used to determine hypervisor type, not the real deployment */ Cluster cluster = _configMgr.getCluster(_hostDao.findById(host_id).getClusterId()); diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 39eee8c71a6..85e7236a4bb 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -1066,7 +1066,9 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian if (state != State.Running) { router = startVirtualRouter(router, _accountService.getSystemUser(), _accountService.getSystemAccount(), params); } - runningRouters.add(router); + if (router != null) { + runningRouters.add(router); + } } } return runningRouters; From 5d66603813e4e6ac10f74c4731acc46b1fc427fe Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Tue, 16 Aug 2011 14:07:50 -0700 Subject: [PATCH 39/65] Copy missed getRouterStatus.sh to XenServer FP1 host --- scripts/vm/hypervisor/xenserver/xenserver56fp1/patch | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/vm/hypervisor/xenserver/xenserver56fp1/patch b/scripts/vm/hypervisor/xenserver/xenserver56fp1/patch index 887ff6a77e7..9b18f2f456a 100644 --- a/scripts/vm/hypervisor/xenserver/xenserver56fp1/patch +++ b/scripts/vm/hypervisor/xenserver/xenserver56fp1/patch @@ -45,3 +45,4 @@ create_privatetemplate_from_snapshot.sh=..,0755,/opt/xensource/bin upgrade_snapshot.sh=..,0755,/opt/xensource/bin cloud-clean-vlan.sh=..,0755,/opt/xensource/bin cloud-prepare-upgrade.sh=..,0755,/opt/xensource/bin +getRouterStatus.sh=../../../../network/domr/,0755,/opt/xensource/bin From 0c8dfb2dc36fb8db9935fdc9bf8b343e51128c01 Mon Sep 17 00:00:00 2001 From: alena Date: Tue, 16 Aug 2011 14:13:11 -0700 Subject: [PATCH 40/65] bug 11133: field size should be declared in VO object explicitly if it's greater than 255 status 11133: resolved fixed --- core/src/com/cloud/user/SSHKeyPairVO.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/src/com/cloud/user/SSHKeyPairVO.java b/core/src/com/cloud/user/SSHKeyPairVO.java index 56ad8a250b3..5cdd8a87146 100644 --- a/core/src/com/cloud/user/SSHKeyPairVO.java +++ b/core/src/com/cloud/user/SSHKeyPairVO.java @@ -47,7 +47,7 @@ public class SSHKeyPairVO implements SSHKeyPair { @Column(name="fingerprint") private String fingerprint; - @Column(name="public_key") + @Column(name="public_key", length=5120) private String publicKey; @Transient From 64732eaa2ce6151f21ff4a80f705cec763a831bb Mon Sep 17 00:00:00 2001 From: Kelven Yang Date: Tue, 16 Aug 2011 15:21:59 -0700 Subject: [PATCH 41/65] bug 11099: Let VM sync to cooperate with migration process --- .../com/cloud/vm/VirtualMachineManagerImpl.java | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java index 11c02b2cc44..b5aa27c8648 100755 --- a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java +++ b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java @@ -1556,6 +1556,12 @@ public class VirtualMachineManagerImpl implements VirtualMachineManager, Listene "Virtual Machine " + vm.getInstanceName() + " (id: " + vm.getId() + ") running on host [" + vm.getHostId() + "] stopped due to storage failure."); } + // during VM migration time, don't sync state will agent status update + if (serverState == State.Migrating) { + s_logger.debug("Skipping vm in migrating state: " + vm); + return null; + } + if(trackExternalChange) { if(serverState == State.Starting) { if(vm.getHostId() != null && vm.getHostId() != hostId) { @@ -1573,11 +1579,6 @@ public class VirtualMachineManagerImpl implements VirtualMachineManager, Listene } } - // if (serverState == State.Migrating) { - // s_logger.debug("Skipping vm in migrating state: " + vm); - // return null; - // } - if (agentState == serverState) { if (s_logger.isDebugEnabled()) { s_logger.debug("Both states are " + agentState + " for " + vm); @@ -1650,8 +1651,10 @@ public class VirtualMachineManagerImpl implements VirtualMachineManager, Listene s_logger.debug("Scheduling a stop command for " + vm); _haMgr.scheduleStop(vm, hostId, WorkType.Stop); } else { - s_logger.debug("VM state is in stopped so stopping it on the agent"); - command = cleanup(agentName); + s_logger.debug("server VM state " + serverState + " does not meet expectation of a running VM report from agent"); + + // just be careful not to stop VM for things we don't handle + // command = cleanup(agentName); } } return command; From 3ce06fabb7c89a00e60136b3032da7f06d97747a Mon Sep 17 00:00:00 2001 From: Murali Reddy Date: Wed, 17 Aug 2011 18:06:30 +0530 Subject: [PATCH 42/65] bug 11148: VMs that got stopped during Host Maintenance have host_id associated with them status 11148: resolved fixed enabled vm stop, if the host is last valid host in cluster --- server/src/com/cloud/agent/manager/AgentManagerImpl.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/server/src/com/cloud/agent/manager/AgentManagerImpl.java b/server/src/com/cloud/agent/manager/AgentManagerImpl.java index 754ea856e12..fe6eb004b2d 100755 --- a/server/src/com/cloud/agent/manager/AgentManagerImpl.java +++ b/server/src/com/cloud/agent/manager/AgentManagerImpl.java @@ -1646,10 +1646,10 @@ public class AgentManagerImpl implements AgentManager, HandlerFactory, Manager { } List hosts = _hostDao.listBy(host.getClusterId(), host.getPodId(), host.getDataCenterId()); - + List upHosts = _hostDao.listBy( host.getDataCenterId(), host.getPodId(), host.getClusterId(), Host.Type.Routing, Status.Up); for (final VMInstanceVO vm : vms) { - if (hosts == null || hosts.size() <= 1 || !answer.getMigrate()) { - // for the last host in this cluster, stop all the VMs + if (hosts == null || hosts.size() <= 1 || !answer.getMigrate() || upHosts == null || upHosts.size() == 0) { + // for the last valid host in this cluster, stop all the VMs _haMgr.scheduleStop(vm, hostId, WorkType.ForceStop); } else { _haMgr.scheduleMigration(vm); From 4c35ece9132b171afd7db10e342ae5e41474bee2 Mon Sep 17 00:00:00 2001 From: Abhinandan Prateek Date: Wed, 17 Aug 2011 19:15:30 +0530 Subject: [PATCH 43/65] fixed execptions while adding second host --- server/src/com/cloud/vm/VirtualMachineManagerImpl.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java index b5aa27c8648..99e272a9eba 100755 --- a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java +++ b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java @@ -1726,12 +1726,12 @@ public class VirtualMachineManagerImpl implements VirtualMachineManager, Listene continue; } hId = host.getId(); - } - HypervisorGuru hvGuru = _hvGuruMgr.getGuru(castedVm.getHypervisorType()); + HypervisorGuru hvGuru = _hvGuruMgr.getGuru(castedVm.getHypervisorType()); - Command command = compareState(hId, castedVm, info, true, hvGuru.trackVmHostChange()); - if (command != null) { - commands.addCommand(command); + Command command = compareState(hId, castedVm, info, true, hvGuru.trackVmHostChange()); + if (command != null) { + commands.addCommand(command); + } } } for (final AgentVmInfo left : infos.values()) { From ed963d63b407b2b29e1589243828948f92889a5e Mon Sep 17 00:00:00 2001 From: alena Date: Wed, 17 Aug 2011 12:02:47 -0700 Subject: [PATCH 44/65] bug 11154: host can go in Maintenance state only after all vms are migrated from it status 11154: resolved fixed --- server/src/com/cloud/agent/manager/AgentMonitor.java | 3 ++- server/src/com/cloud/vm/dao/VMInstanceDao.java | 3 ++- server/src/com/cloud/vm/dao/VMInstanceDaoImpl.java | 8 ++++++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/server/src/com/cloud/agent/manager/AgentMonitor.java b/server/src/com/cloud/agent/manager/AgentMonitor.java index f6bc737562d..6e58cbdd195 100755 --- a/server/src/com/cloud/agent/manager/AgentMonitor.java +++ b/server/src/com/cloud/agent/manager/AgentMonitor.java @@ -139,7 +139,8 @@ public class AgentMonitor extends Thread implements Listener { if (host.getType() != Host.Type.Storage) { List vos = _vmDao.listByHostId(hostId); - if (vos.size() == 0) { + List vosMigrating = _vmDao.listVmsMigratingFromHost(hostId); + if (vos.isEmpty() && vosMigrating.isEmpty()) { _alertMgr.sendAlert(AlertManager.ALERT_TYPE_HOST, host.getDataCenterId(), host.getPodId(), "Migration Complete for host " + hostDesc, "Host [" + hostDesc + "] is ready for maintenance"); _hostDao.updateStatus(host, Event.PreparationComplete, _msId); } diff --git a/server/src/com/cloud/vm/dao/VMInstanceDao.java b/server/src/com/cloud/vm/dao/VMInstanceDao.java index 5c50d5692c0..80440bc15bf 100644 --- a/server/src/com/cloud/vm/dao/VMInstanceDao.java +++ b/server/src/com/cloud/vm/dao/VMInstanceDao.java @@ -81,5 +81,6 @@ public interface VMInstanceDao extends GenericDao, StateDao< List listByAccountId(long accountId); public Long countAllocatedVirtualRoutersForAccount(long accountId); - List listByClusterId(long clusterId); + List listByClusterId(long clusterId); + List listVmsMigratingFromHost(Long hostId); } diff --git a/server/src/com/cloud/vm/dao/VMInstanceDaoImpl.java b/server/src/com/cloud/vm/dao/VMInstanceDaoImpl.java index d25a394feb7..ef721783433 100644 --- a/server/src/com/cloud/vm/dao/VMInstanceDaoImpl.java +++ b/server/src/com/cloud/vm/dao/VMInstanceDaoImpl.java @@ -329,4 +329,12 @@ public class VMInstanceDaoImpl extends GenericDaoBase implem sc.setParameters("state", new Object[] {State.Destroyed, State.Error, State.Expunging}); return customSearch(sc, null).get(0); } + + @Override + public List listVmsMigratingFromHost(Long hostId) { + SearchCriteria sc = AllFieldsSearch.create(); + sc.setParameters("lastHost", hostId); + sc.setParameters("state", State.Migrating); + return listBy(sc); + } } From 35c779d0ae45e63f82df60df8fbf7c17d2ca7e70 Mon Sep 17 00:00:00 2001 From: alena Date: Wed, 17 Aug 2011 15:08:22 -0700 Subject: [PATCH 45/65] Defined missing length field for VO classes --- core/src/com/cloud/alert/AlertVO.java | 2 +- core/src/com/cloud/configuration/ConfigurationVO.java | 4 ++-- core/src/com/cloud/event/EventVO.java | 4 ++-- core/src/com/cloud/storage/DiskOfferingVO.java | 4 ++-- core/src/com/cloud/storage/VMTemplateVO.java | 2 +- core/src/com/cloud/vm/UserVmDetailVO.java | 2 +- server/src/com/cloud/network/LoadBalancerVO.java | 4 +--- server/src/com/cloud/network/NetworkVO.java | 2 +- server/src/com/cloud/offerings/NetworkOfferingVO.java | 2 +- 9 files changed, 12 insertions(+), 14 deletions(-) diff --git a/core/src/com/cloud/alert/AlertVO.java b/core/src/com/cloud/alert/AlertVO.java index d8d45d0c809..aae1d06a90e 100644 --- a/core/src/com/cloud/alert/AlertVO.java +++ b/core/src/com/cloud/alert/AlertVO.java @@ -48,7 +48,7 @@ public class AlertVO implements Alert{ @Column(name="data_center_id") private long dataCenterId = 0; - @Column(name="subject") + @Column(name="subject", length=999) private String subject; @Column(name="sent_count") diff --git a/core/src/com/cloud/configuration/ConfigurationVO.java b/core/src/com/cloud/configuration/ConfigurationVO.java index a9897f5d13c..500f1ea701e 100644 --- a/core/src/com/cloud/configuration/ConfigurationVO.java +++ b/core/src/com/cloud/configuration/ConfigurationVO.java @@ -36,10 +36,10 @@ public class ConfigurationVO implements Configuration{ @Column(name="name") private String name; - @Column(name="value") + @Column(name="value", length=4095) private String value; - @Column(name="description") + @Column(name="description", length=1024) private String description; @Column(name="category") diff --git a/core/src/com/cloud/event/EventVO.java b/core/src/com/cloud/event/EventVO.java index 4efd8f1c8db..236c66a54a2 100644 --- a/core/src/com/cloud/event/EventVO.java +++ b/core/src/com/cloud/event/EventVO.java @@ -51,7 +51,7 @@ public class EventVO implements Event { @Column(name="state") private State state = State.Completed; - @Column(name="description") + @Column(name="description", length=1024) private String description; @Column(name=GenericDao.CREATED_COLUMN) @@ -78,7 +78,7 @@ public class EventVO implements Event { @Column(name="start_id") private long startId; - @Column(name="parameters") + @Column(name="parameters", length=1024) private String parameters; @Transient diff --git a/core/src/com/cloud/storage/DiskOfferingVO.java b/core/src/com/cloud/storage/DiskOfferingVO.java index 07d026d09e7..c8cf7420b16 100644 --- a/core/src/com/cloud/storage/DiskOfferingVO.java +++ b/core/src/com/cloud/storage/DiskOfferingVO.java @@ -62,13 +62,13 @@ public class DiskOfferingVO implements DiskOffering { @Column(name="name") private String name = null; - @Column(name="display_text") + @Column(name="display_text", length=4096) private String displayText = null; @Column(name="disk_size") long diskSize; - @Column(name="tags") + @Column(name="tags", length=4096) String tags; @Column(name="type") diff --git a/core/src/com/cloud/storage/VMTemplateVO.java b/core/src/com/cloud/storage/VMTemplateVO.java index f15f346e9c7..c7de111a494 100755 --- a/core/src/com/cloud/storage/VMTemplateVO.java +++ b/core/src/com/cloud/storage/VMTemplateVO.java @@ -87,7 +87,7 @@ public class VMTemplateVO implements VirtualMachineTemplate { @Column(name="checksum") private String checksum; - @Column(name="display_text") + @Column(name="display_text", length=4096) private String displayText; @Column(name="enable_password") diff --git a/core/src/com/cloud/vm/UserVmDetailVO.java b/core/src/com/cloud/vm/UserVmDetailVO.java index 9c383b5d1a1..cc4a78343f9 100644 --- a/core/src/com/cloud/vm/UserVmDetailVO.java +++ b/core/src/com/cloud/vm/UserVmDetailVO.java @@ -39,7 +39,7 @@ public class UserVmDetailVO { @Column(name="name") private String name; - @Column(name="value") + @Column(name="value", length=1024) private String value; public UserVmDetailVO() {} diff --git a/server/src/com/cloud/network/LoadBalancerVO.java b/server/src/com/cloud/network/LoadBalancerVO.java index c8c517a2c0d..3892edb7a6c 100644 --- a/server/src/com/cloud/network/LoadBalancerVO.java +++ b/server/src/com/cloud/network/LoadBalancerVO.java @@ -18,8 +18,6 @@ package com.cloud.network; -import java.util.List; - import javax.persistence.Column; import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; @@ -39,7 +37,7 @@ public class LoadBalancerVO extends FirewallRuleVO implements LoadBalancer { @Column(name="name") private String name; - @Column(name="description") + @Column(name="description", length=4096) private String description; @Column(name="algorithm") diff --git a/server/src/com/cloud/network/NetworkVO.java b/server/src/com/cloud/network/NetworkVO.java index b98a188b49c..8110941ae66 100644 --- a/server/src/com/cloud/network/NetworkVO.java +++ b/server/src/com/cloud/network/NetworkVO.java @@ -116,7 +116,7 @@ public class NetworkVO implements Network { @Transient long macAddress = 1; - @Column(name="guru_data") + @Column(name="guru_data", length=1024) String guruData; @Column(name="dns2") diff --git a/server/src/com/cloud/offerings/NetworkOfferingVO.java b/server/src/com/cloud/offerings/NetworkOfferingVO.java index daf6a718261..84a7e050c65 100644 --- a/server/src/com/cloud/offerings/NetworkOfferingVO.java +++ b/server/src/com/cloud/offerings/NetworkOfferingVO.java @@ -73,7 +73,7 @@ public class NetworkOfferingVO implements NetworkOffering { @Column(name="service_offering_id") Long serviceOfferingId; - @Column(name="tags") + @Column(name="tags", length=4096) String tags; @Column(name="default") From 87796378a783529d5b2bee92a1c8dfcca91077c8 Mon Sep 17 00:00:00 2001 From: Kelven Yang Date: Wed, 17 Aug 2011 18:07:52 -0700 Subject: [PATCH 46/65] bug 10834: when VMware host is down, don't try to restat VMs on other host. VMware prohibits VM relocation when host is down --- server/src/com/cloud/ha/HighAvailabilityManagerImpl.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/server/src/com/cloud/ha/HighAvailabilityManagerImpl.java b/server/src/com/cloud/ha/HighAvailabilityManagerImpl.java index 854abd2c239..67c93d9bfb9 100644 --- a/server/src/com/cloud/ha/HighAvailabilityManagerImpl.java +++ b/server/src/com/cloud/ha/HighAvailabilityManagerImpl.java @@ -187,6 +187,11 @@ public class HighAvailabilityManagerImpl implements HighAvailabilityManager, Clu return; } + if(host.getHypervisorType() == HypervisorType.VMware) { + s_logger.info("Don't restart for VMs on host " + host.getId() + " as the host is VMware host"); + return; + } + s_logger.warn("Scheduling restart for VMs on host " + host.getId()); final List vms = _instanceDao.listByHostId(host.getId()); From a37573b842f10b61a5c95c5c6af1dcc6c79275a5 Mon Sep 17 00:00:00 2001 From: frank Date: Thu, 18 Aug 2011 10:11:51 -0700 Subject: [PATCH 47/65] Fix baremetal planner reply to non-baremetal VM when migration --- server/src/com/cloud/vm/VirtualMachineManagerImpl.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java index 99e272a9eba..d62d98f7a0a 100755 --- a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java +++ b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java @@ -1300,7 +1300,12 @@ public class VirtualMachineManagerImpl implements VirtualMachineManager, Listene DeployDestination dest = null; while (true) { for (DeploymentPlanner planner : _planners) { - dest = planner.plan(profile, plan, excludes); + if (planner.canHandle(profile, plan, excludes)) { + dest = planner.plan(profile, plan, excludes); + } else { + continue; + } + if (dest != null) { if (s_logger.isDebugEnabled()) { s_logger.debug("Planner " + planner + " found " + dest + " for migrating to."); From b36241690c76f93b333bcb5d80ec4445d5e071f5 Mon Sep 17 00:00:00 2001 From: alena Date: Thu, 18 Aug 2011 10:13:03 -0700 Subject: [PATCH 48/65] bug 11167: no need to lock account when create security group to ensure that the group name is unique for account. If group already exists in the db, and we try to persist it again, mysql constraint (groupName, accountId) will fail and exception will be thrown. status 11167: resolved fixed --- .../security/SecurityGroupManagerImpl.java | 29 +++++-------------- .../com/cloud/user/AccountManagerImpl.java | 14 ++++----- 2 files changed, 14 insertions(+), 29 deletions(-) diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java index 8b40666833a..e1c99130ce8 100755 --- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java +++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java @@ -764,33 +764,18 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG return createSecurityGroup(cmd.getSecurityGroupName(), cmd.getDescription(), owner.getDomainId(), owner.getAccountId(), owner.getAccountName()); } - @DB @Override public SecurityGroupVO createSecurityGroup(String name, String description, Long domainId, Long accountId, String accountName) { - final Transaction txn = Transaction.currentTxn(); - AccountVO account = null; - txn.start(); - try { - account = _accountDao.acquireInLockTable(accountId); // to ensure duplicate group names are not created. - if (account == null) { - s_logger.warn("Failed to acquire lock on account"); - return null; - } - SecurityGroupVO group = _securityGroupDao.findByAccountAndName(accountId, name); - if (group == null) { - group = new SecurityGroupVO(name, description, domainId, accountId); - group = _securityGroupDao.persist(group); - } - + SecurityGroupVO group = _securityGroupDao.findByAccountAndName(accountId, name); + if (group == null) { + group = new SecurityGroupVO(name, description, domainId, accountId); + group = _securityGroupDao.persist(group); s_logger.debug("Created security group " + group + " for account id=" + accountId); - return group; - } finally { - if (account != null) { - _accountDao.releaseFromLockTable(accountId); - } - txn.commit(); + } else { + s_logger.debug("Returning existing security group " + group + " for account id=" + accountId); } + return group; } @Override diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index 7c6f0e5dd2e..48cdcfe655a 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -54,10 +54,9 @@ import com.cloud.api.commands.UpdateResourceLimitCmd; import com.cloud.api.commands.UpdateUserCmd; import com.cloud.configuration.Config; import com.cloud.configuration.ConfigurationManager; -import com.cloud.configuration.ResourceCount; +import com.cloud.configuration.ResourceCount.ResourceType; import com.cloud.configuration.ResourceCountVO; import com.cloud.configuration.ResourceLimitVO; -import com.cloud.configuration.ResourceCount.ResourceType; import com.cloud.configuration.dao.ConfigurationDao; import com.cloud.configuration.dao.ResourceCountDao; import com.cloud.configuration.dao.ResourceLimitDao; @@ -68,11 +67,9 @@ import com.cloud.domain.DomainVO; import com.cloud.domain.dao.DomainDao; import com.cloud.event.ActionEvent; import com.cloud.event.EventTypes; -import com.cloud.event.UsageEventVO; import com.cloud.event.dao.UsageEventDao; import com.cloud.exception.AgentUnavailableException; import com.cloud.exception.ConcurrentOperationException; -import com.cloud.exception.InsufficientCapacityException; import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.OperationTimedoutException; import com.cloud.exception.PermissionDeniedException; @@ -109,6 +106,7 @@ import com.cloud.utils.component.ComponentLocator; import com.cloud.utils.component.Inject; import com.cloud.utils.component.Manager; import com.cloud.utils.concurrency.NamedThreadFactory; +import com.cloud.utils.db.DB; import com.cloud.utils.db.Filter; import com.cloud.utils.db.GlobalLock; import com.cloud.utils.db.SearchBuilder; @@ -122,7 +120,6 @@ import com.cloud.vm.ReservationContextImpl; import com.cloud.vm.UserVmManager; import com.cloud.vm.UserVmVO; import com.cloud.vm.VMInstanceVO; -import com.cloud.vm.VirtualMachine; import com.cloud.vm.VirtualMachineManager; import com.cloud.vm.dao.InstanceGroupDao; import com.cloud.vm.dao.UserVmDao; @@ -1223,6 +1220,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag @Override @ActionEvent(eventType = EventTypes.EVENT_ACCOUNT_CREATE, eventDescription = "creating Account") + @DB public UserAccount createAccount(CreateAccountCmd cmd) { Long accountId = null; String username = cmd.getUsername(); @@ -1327,10 +1325,12 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag if (s_logger.isDebugEnabled()) { s_logger.debug("Creating user: " + username + ", account: " + accountName + " (id:" + accountId + "), domain: " + domainId + " timezone:" + timezone); } - + + Transaction txn = Transaction.currentTxn(); + txn.start(); UserVO dbUser = _userDao.persist(user); - _networkGroupMgr.createDefaultSecurityGroup(accountId); + txn.commit(); if (!user.getPassword().equals(dbUser.getPassword())) { throw new CloudRuntimeException("The user " + username + " being creating is using a password that is different than what's in the db"); From e9c879fbb8dc85f48d9d1bdc30069336aa78b89d Mon Sep 17 00:00:00 2001 From: Kelven Yang Date: Thu, 18 Aug 2011 10:40:44 -0700 Subject: [PATCH 49/65] Use row lock instead of global lock when creating a new domain --- .../com/cloud/domain/dao/DomainDaoImpl.java | 53 +++++++++---------- 1 file changed, 24 insertions(+), 29 deletions(-) diff --git a/server/src/com/cloud/domain/dao/DomainDaoImpl.java b/server/src/com/cloud/domain/dao/DomainDaoImpl.java index f8cdc981c4b..69cc7b56634 100644 --- a/server/src/com/cloud/domain/dao/DomainDaoImpl.java +++ b/server/src/com/cloud/domain/dao/DomainDaoImpl.java @@ -99,36 +99,31 @@ public class DomainDaoImpl extends GenericDaoBase implements Dom return null; } - GlobalLock lock = GlobalLock.getInternLock("lock.domain." + parent); - if(!lock.lock(3600)) { - // wait up to 1 hour, if it comes up to here, something is wrong - s_logger.error("Unable to lock parent domain: " + parent); + Transaction txn = Transaction.currentTxn(); + try { + txn.start(); + + parentDomain = this.lockRow(parent, true); + if(parentDomain == null) { + s_logger.error("Unable to lock parent domain: " + parent); + return null; + } + + domain.setPath(allocPath(parentDomain, domain.getName())); + domain.setLevel(parentDomain.getLevel() + 1); + + parentDomain.setNextChildSeq(parentDomain.getNextChildSeq() + 1); // FIXME: remove sequence number? + parentDomain.setChildCount(parentDomain.getChildCount() + 1); + persist(domain); + update(parentDomain.getId(), parentDomain); + + txn.commit(); + return domain; + } catch(Exception e) { + s_logger.error("Unable to create domain due to " + e.getMessage(), e); + txn.rollback(); return null; - } - - try { - Transaction txn = Transaction.currentTxn(); - try { - txn.start(); - - domain.setPath(allocPath(parentDomain, domain.getName())); - domain.setLevel(parentDomain.getLevel() + 1); - - parentDomain.setNextChildSeq(parentDomain.getNextChildSeq() + 1); // FIXME: remove sequence number? - parentDomain.setChildCount(parentDomain.getChildCount() + 1); - persist(domain); - update(parentDomain.getId(), parentDomain); - - txn.commit(); - return domain; - } catch(Exception e) { - s_logger.error("Unable to create domain due to " + e.getMessage(), e); - txn.rollback(); - return null; - } - } finally { - lock.unlock(); - } + } } @Override From b34750c6ff549cf6f5cc45cb44018150a0028b9e Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Thu, 18 Aug 2011 22:49:51 -0700 Subject: [PATCH 50/65] Update redundant router status even router is down We need to update the status to UNKNOWN if router is down(also ensure we can't contact the router if the state is Stopped in our database). --- .../router/VirtualNetworkApplianceManagerImpl.java | 4 ++-- server/src/com/cloud/vm/dao/DomainRouterDao.java | 9 +++++++++ server/src/com/cloud/vm/dao/DomainRouterDaoImpl.java | 10 ++++++++++ 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 85e7236a4bb..1d518e79e02 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -846,8 +846,8 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian @Override public void run() { try { - final List routers = _routerDao.listVirtualUpByHostId(null); - s_logger.debug("Found " + routers.size() + " running routers. "); + final List routers = _routerDao.listVirtualByHostId(null); + s_logger.debug("Found " + routers.size() + " routers. "); updateRoutersRedundantState(routers); diff --git a/server/src/com/cloud/vm/dao/DomainRouterDao.java b/server/src/com/cloud/vm/dao/DomainRouterDao.java index e6d8f8ec852..62e748221af 100755 --- a/server/src/com/cloud/vm/dao/DomainRouterDao.java +++ b/server/src/com/cloud/vm/dao/DomainRouterDao.java @@ -62,6 +62,15 @@ public interface DomainRouterDao extends GenericDao { public List listByHostId(Long hostId); public List listByLastHostId(Long hostId); + /** + * list virtual machine routers by host id. + * pass in null to get all + * virtual machine routers. + * @param hostId id of the host. null if to get all. + * @return list of DomainRouterVO + */ + public List listVirtualByHostId(Long hostId); + /** * list virtual machine routers by host id. exclude destroyed, stopped, expunging VM, * pass in null to get all diff --git a/server/src/com/cloud/vm/dao/DomainRouterDaoImpl.java b/server/src/com/cloud/vm/dao/DomainRouterDaoImpl.java index a8a5cc9b606..fd350173f59 100755 --- a/server/src/com/cloud/vm/dao/DomainRouterDaoImpl.java +++ b/server/src/com/cloud/vm/dao/DomainRouterDaoImpl.java @@ -144,6 +144,16 @@ public class DomainRouterDaoImpl extends GenericDaoBase im return listBy(sc); } + @Override + public List listVirtualByHostId(Long hostId) { + SearchCriteria sc = HostUpSearch.create(); + if (hostId != null) { + sc.setParameters("host", hostId); + } + sc.setJoinParameters("network", "guestType", GuestIpType.Virtual); + return listBy(sc); + } + @Override public List listVirtualUpByHostId(Long hostId) { SearchCriteria sc = HostUpSearch.create(); From a9b02d8895d6724c8c438c33e1093736515db0cd Mon Sep 17 00:00:00 2001 From: Jessica Wang Date: Fri, 19 Aug 2011 11:08:43 -0700 Subject: [PATCH 51/65] bug 11175: cloudStack - IP address page - fix the logic of showing/hiding Firewall tab. --- ui/scripts/cloud.core.ipaddress.js | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/ui/scripts/cloud.core.ipaddress.js b/ui/scripts/cloud.core.ipaddress.js index a453abff675..d5817a48248 100644 --- a/ui/scripts/cloud.core.ipaddress.js +++ b/ui/scripts/cloud.core.ipaddress.js @@ -66,12 +66,13 @@ function ipGetSearchParams() { } function afterLoadIpJSP() { - //***** switch between different tabs (begin) ******************************************************************** + // switch between different tabs var tabArray = [$("#tab_details"), $("#tab_firewall"), $("#tab_port_range"), $("#tab_port_forwarding"), $("#tab_load_balancer"), $("#tab_vpn")]; var tabContentArray = [$("#tab_content_details"), $("#tab_content_firewall"), $("#tab_content_port_range"), $("#tab_content_port_forwarding"), $("#tab_content_load_balancer"), $("#tab_content_vpn")]; var afterSwitchFnArray = [ipJsonToDetailsTab, ipJsonToFirewallTab, ipJsonToPortRangeTab, ipJsonToPortForwardingTab, ipJsonToLoadBalancerTab, ipJsonToVPNTab]; switchBetweenDifferentTabs(tabArray, tabContentArray, afterSwitchFnArray); - //***** switch between different tabs (end) ********************************************************************** + + //****** Basic Zone, support Elastic Load Balancer (begin) ***************************************************************************************** if(g_supportELB == "guest" || g_supportELB == "public") { $("#tab_details,#tab_firewall,#tab_port_range,#tab_port_forwarding,#tab_load_balancer,#tab_vpn").hide(); @@ -208,7 +209,15 @@ function afterLoadIpJSP() { return false; }); } - else { + //****** Basic Zone, support Elastic Load Balancer (end) ***************************************************************************************** + + //****** Advanced Zone (begin) ******************************************************************************************************************* + else { + if(g_firewallRuleUiEnabled == true) + $("#tab_firewall").show(); + else + $("#tab_firewall").hide(); + $("#tab_details,#tab_content_details").show(); //dialogs @@ -770,7 +779,8 @@ function afterLoadIpJSP() { return false; }); - //*** Load Balancer tab (end) *** + //*** Load Balancer tab (end) *** + //****** Advanced Zone (end) ******************************************************************************************************************* } function ipGetMidmenuId(jsonObj) { @@ -847,8 +857,8 @@ function ipToRightPanel($midmenuItem1) { } else { //ipObj.isstaticnat == false $("#tab_port_range").hide(); - if(ipObj.forvirtualnetwork == true) { //(public network) - if(isIpManageable(ipObj.domainid, ipObj.account) == true) { + if(ipObj.forvirtualnetwork == true) { // Public network + if(isIpManageable(ipObj.domainid, ipObj.account) == true) { // IP is managable if(g_firewallRuleUiEnabled == true) $("#tab_firewall").show(); else @@ -915,11 +925,11 @@ function ipToRightPanel($midmenuItem1) { $("#tab_vpn").hide(); } } - else { + else { // IP is not managable $("#tab_firewall, #tab_port_forwarding, #tab_load_balancer, #tab_vpn").hide(); } } - else { //ipObj.forvirtualnetwork == false (direct network) + else { // Direct Network (ipObj.forvirtualnetwork == false) $("#tab_firewall, #tab_port_forwarding, #tab_load_balancer, #tab_vpn").hide(); } } From abce057d7e064f87102de980d07a79d681b495bb Mon Sep 17 00:00:00 2001 From: Jessica Wang Date: Fri, 19 Aug 2011 11:30:07 -0700 Subject: [PATCH 52/65] bug 11175: cloudStack - IP address page - fix the logic of showing/hiding Firewall tab for Static NAT IP. --- ui/scripts/cloud.core.ipaddress.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ui/scripts/cloud.core.ipaddress.js b/ui/scripts/cloud.core.ipaddress.js index d5817a48248..78c130d3a4f 100644 --- a/ui/scripts/cloud.core.ipaddress.js +++ b/ui/scripts/cloud.core.ipaddress.js @@ -848,9 +848,11 @@ function ipToRightPanel($midmenuItem1) { if(ipObj.isstaticnat == true) { if(g_firewallRuleUiEnabled == true) { + $("#tab_firewall").show(); $("#tab_port_range").hide(); } else { + $("#tab_firewall").hide(); $("#tab_port_range").show(); } $("#tab_port_forwarding, #tab_load_balancer, #tab_vpn").hide(); From 3822192879087cbdb464d5b278f3fc554b0ef3bf Mon Sep 17 00:00:00 2001 From: Jessica Wang Date: Fri, 19 Aug 2011 13:13:21 -0700 Subject: [PATCH 53/65] bug 11176: cloudStack - IP Address page - Firewall tab - add firewall rule - (1) Hide ICMP Type, ICMP Code when protocol TCP or UDP is selected. (2) Hide Start Port, End Port when protocol ICMP is selected. --- ui/jsp/ipaddress.jsp | 106 ++++++++++++++--------------- ui/scripts/cloud.core.ipaddress.js | 24 +++---- 2 files changed, 65 insertions(+), 65 deletions(-) diff --git a/ui/jsp/ipaddress.jsp b/ui/jsp/ipaddress.jsp index 88424a0fab0..5ea52ec3050 100644 --- a/ui/jsp/ipaddress.jsp +++ b/ui/jsp/ipaddress.jsp @@ -233,61 +233,61 @@ dictionary = {
-
+
+
+
+
+
-
+
-
+
-
-
-
-
-
-
+
+
-
+
-
+
-
+
- -
-
- - -
-
- - -
-
+ +
+
-
-
- - +
+
+ +
-
- - +
+ + +
+
+ +
-
+
+ + +
+
@@ -336,11 +336,11 @@ dictionary = {
- +
- +
- + - - +
- + - - +
  • - +
    • @@ -238,20 +238,25 @@ dictionary = {
  • - +
  • - +
  • - + -
    • + +
  • + + + +