bug 7380: SNAT rules when there are multiple public interfaces

bug 6854: port from 2.1.x

core/src/com/cloud/agent/api/CleanupNetworkRulesCmd.java

@@ -0,0 +1,46 @@
+/**
+ *  Copyright (C) 2010 Cloud.com.  All rights reserved.
+ *
+ * This software is licensed under the GNU General Public License v3 or later. 
+ *
+ * It is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or any later
+version.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package com.cloud.agent.api;
+
+import java.util.Random;
+
+
+public class CleanupNetworkRulesCmd extends Command implements CronCommand {
+
+    static private Random random = new Random();
+    private int interval = 10*60;
+    
+    @Override
+    public boolean executeInSequence() {
+        return false;
+    }
+
+
+    public CleanupNetworkRulesCmd() {
+        super();
+        interval = 8*60 +  random.nextInt(120);
+    }
+
+
+    @Override
+    public int getInterval() {
+        return interval;
+    }
+
+}

core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java

@@ -64,6 +64,7 @@ import com.cloud.agent.api.CheckOnHostAnswer;
 import com.cloud.agent.api.CheckOnHostCommand;
 import com.cloud.agent.api.CheckVirtualMachineAnswer;
 import com.cloud.agent.api.CheckVirtualMachineCommand;
+import com.cloud.agent.api.CleanupNetworkRulesCmd;
 import com.cloud.agent.api.Command;
 import com.cloud.agent.api.CreatePrivateTemplateFromSnapshotCommand;
 import com.cloud.agent.api.CreatePrivateTemplateFromVolumeCommand;
@@ -456,6 +457,8 @@ public abstract class CitrixResourceBase implements ServerResource {
         	return execute((OvsSetTagAndFlowCommand)cmd);
         } else if (cmd instanceof OvsDeleteFlowCommand) {
         	return execute((OvsDeleteFlowCommand)cmd);
+        } else if (cmd instanceof CleanupNetworkRulesCmd){
+            return execute((CleanupNetworkRulesCmd)cmd);
         } else {
             return Answer.createUnsupportedCommandAnswer(cmd);
         }
@@ -637,6 +640,7 @@ public abstract class CitrixResourceBase implements ServerResource {
         }
     }
     
+<<<<<<< HEAD
     protected VBD createVbd(Connection conn, VolumeTO volume, String vmName, VM vm, BootloaderType bootLoaderType) throws XmlRpcException, XenAPIException {
         VolumeType type = volume.getType();
         
@@ -5701,6 +5705,24 @@ public abstract class CitrixResourceBase implements ServerResource {
             return new Answer(cmd, false, msg);
         } 
     }
+    
+    private Answer execute(CleanupNetworkRulesCmd cmd) {
+        if (!_canBridgeFirewall) {
+            return new Answer(cmd, true, null);
+        }
+        String result = callHostPlugin("cleanup_rules");
+        int numCleaned = Integer.parseInt(result);
+        if (result == null || result.isEmpty() || (numCleaned < 0)) {
+            s_logger.warn("Failed to cleanup rules for host " + _host.ip);
+            return new Answer(cmd, false, result);
+        }
+        if (numCleaned > 0) {
+            s_logger.info("Cleaned up rules for " + result + " vms on host " + _host.ip);
+        }
+        return new Answer(cmd, true, result);
+    }
+
+    
 
     protected class Nic {
         public Network n;

scripts/vm/hypervisor/xenserver/vmops

@@ -862,7 +862,6 @@ def cleanup_rules(session, args):
     util.SMlog("Failed to cleanup rules !")
     return '-1';
 
-
 @echo
 def check_rule_log_for_vm(vmName, vmID, vmIP, domID, signature, seqno):
     vm_name = vmName;

server/src/com/cloud/network/security/SecurityGroupListener.java

@@ -28,10 +28,14 @@ import com.cloud.agent.Listener;
 import com.cloud.agent.api.AgentControlAnswer;
 import com.cloud.agent.api.AgentControlCommand;
 import com.cloud.agent.api.Answer;
+import com.cloud.agent.api.CleanupNetworkRulesCmd;
 import com.cloud.agent.api.Command;
 import com.cloud.agent.api.SecurityIngressRuleAnswer;
 import com.cloud.agent.api.PingRoutingWithNwGroupsCommand;
 import com.cloud.agent.api.StartupCommand;
+import com.cloud.agent.api.StartupRoutingCommand;
+import com.cloud.agent.manager.Commands;
+import com.cloud.exception.AgentUnavailableException;
 import com.cloud.host.HostVO;
 import com.cloud.host.Status;
 import com.cloud.network.security.SecurityGroupWorkVO.Step;
@@ -112,6 +116,23 @@ public class SecurityGroupListener implements Listener {
 
 	@Override
 	public void processConnect(HostVO host, StartupCommand cmd) {
+	    if(s_logger.isInfoEnabled())
+            s_logger.info("Received a host startup notification");
+        
+	    if (cmd instanceof StartupRoutingCommand) {
+	        //if (Boolean.toString(true).equals(host.getDetail("can_bridge_firewall"))) {
+	        try {
+	            CleanupNetworkRulesCmd cleanupCmd = new CleanupNetworkRulesCmd();
+	            Commands c = new Commands(cleanupCmd);
+	            _agentMgr.send(host.getId(), c,  this);
+	            if(s_logger.isInfoEnabled())
+	                s_logger.info("Scheduled network rules cleanup, interval=" + cleanupCmd.getInterval());
+	        } catch (AgentUnavailableException e) {
+	            s_logger.warn("Unable to schedule network rules cleanup");
+	        }
+
+	    }
+
 	}