From fa84270b3ea139b601ea862a4cd7cc14efa55484 Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Wed, 29 Dec 2010 18:13:48 -0800
Subject: [PATCH] bug 6854: add croncommand to periodically cleanup network
 rules

---
 .../agent/api/CleanupNetworkRulesCmd.java     | 46 +++++++++++++++++++
 .../xen/resource/CitrixResourceBase.java      | 21 +++++++++
 scripts/vm/hypervisor/xenserver/vmops         | 10 ++--
 .../security/NetworkGroupListener.java        | 28 +++++++++--
 4 files changed, 98 insertions(+), 7 deletions(-)
 create mode 100644 core/src/com/cloud/agent/api/CleanupNetworkRulesCmd.java

diff --git a/core/src/com/cloud/agent/api/CleanupNetworkRulesCmd.java b/core/src/com/cloud/agent/api/CleanupNetworkRulesCmd.java
new file mode 100644
index 00000000000..a82d6f8a0f3
--- /dev/null
+++ b/core/src/com/cloud/agent/api/CleanupNetworkRulesCmd.java
@@ -0,0 +1,46 @@
+/**
+ *  Copyright (C) 2010 Cloud.com.  All rights reserved.
+ *
+ * This software is licensed under the GNU General Public License v3 or later. 
+ *
+ * It is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or any later
+version.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package com.cloud.agent.api;
+
+import java.util.Random;
+
+
+public class CleanupNetworkRulesCmd extends Command implements CronCommand {
+
+    static private Random random = new Random();
+    private int interval = 10*60;
+    
+    @Override
+    public boolean executeInSequence() {
+        return false;
+    }
+
+
+    public CleanupNetworkRulesCmd() {
+        super();
+        interval = 8*60 +  random.nextInt(120);
+    }
+
+
+    @Override
+    public int getInterval() {
+        return interval;
+    }
+
+}
diff --git a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
index a1d54ae5531..8c7404bec75 100644
--- a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
+++ b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
@@ -66,6 +66,7 @@ import com.cloud.agent.api.CheckOnHostAnswer;
 import com.cloud.agent.api.CheckOnHostCommand;
 import com.cloud.agent.api.CheckVirtualMachineAnswer;
 import com.cloud.agent.api.CheckVirtualMachineCommand;
+import com.cloud.agent.api.CleanupNetworkRulesCmd;
 import com.cloud.agent.api.Command;
 import com.cloud.agent.api.CreatePrivateTemplateFromSnapshotCommand;
 import com.cloud.agent.api.CreateVolumeFromSnapshotAnswer;
@@ -621,6 +622,8 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR
             return execute((NetworkRulesSystemVmCommand) cmd);
         } else if (cmd instanceof PoolEjectCommand) {
             return execute((PoolEjectCommand) cmd);
+        } else if (cmd instanceof CleanupNetworkRulesCmd){
+            return execute((CleanupNetworkRulesCmd)cmd);
         } else {
             return Answer.createUnsupportedCommandAnswer(cmd);
         }
@@ -632,6 +635,22 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR
         return stdType;
     }
     
+    private Answer execute(CleanupNetworkRulesCmd cmd) {
+        if (!_canBridgeFirewall) {
+            return new Answer(cmd, true, null);
+        }
+        String result = callHostPlugin("cleanup_rules");
+        int numCleaned = Integer.parseInt(result);
+        if (result == null || result.isEmpty() || (numCleaned < 0)) {
+            s_logger.warn("Failed to cleanup rules for host " + _host.ip);
+            return new Answer(cmd, false, result);
+        }
+        if (numCleaned > 0) {
+            s_logger.info("Cleaned up rules for " + result + " vms on host " + _host.ip);
+        }
+        return new Answer(cmd, true, result);
+    }
+
     protected Answer execute(ModifySshKeysCommand cmd) {
         String publickey = cmd.getPubKey();
         String privatekey = cmd.getPrvKey();
@@ -6140,6 +6159,8 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR
         }
 
     }
+    
+    
 
     protected class Nic {
         public Network n;
diff --git a/scripts/vm/hypervisor/xenserver/vmops b/scripts/vm/hypervisor/xenserver/vmops
index a95a020931f..c7c2f2ee74a 100755
--- a/scripts/vm/hypervisor/xenserver/vmops
+++ b/scripts/vm/hypervisor/xenserver/vmops
@@ -1476,7 +1476,7 @@ def can_bridge_firewall(session, args):
         os.makedirs('/var/run/cloud')
  
     cleanup_rules_for_dead_vms()
-    cleanup_rules()
+    cleanup_rules(session, args)
     
     return result
 
@@ -1937,7 +1937,7 @@ def cleanup_rules_for_dead_vms():
 
 
 @echo
-def cleanup_rules():
+def cleanup_rules(session, args):
   try:
     session = get_xapi_session()
 
@@ -1966,9 +1966,11 @@ def cleanup_rules():
     for vmname in cleanup:
         destroy_network_rules_for_vm(session, {'vmName':vmname})
                     
-    util.SMlog("Cleaned up rules for " + str(len(cleanup)) + " chains")                
+    util.SMlog("Cleaned up rules for " + str(len(cleanup)) + " chains")
+    return str(len(cleanup))                
   except:
     util.SMlog("Failed to cleanup rules !")
+    return '-1';
 
 @echo
 def check_rule_log_for_vm(vmName, vmID, vmIP, domID, signature, seqno):
@@ -2152,5 +2154,5 @@ def getVhdParent(session, args):
 
 
 if __name__ == "__main__":
-    XenAPIPlugin.dispatch({"getVhdParent":getVhdParent, "pingtest": pingtest, "create_secondary_storage_folder":create_secondary_storage_folder, "setup_iscsi":setup_iscsi, "delete_secondary_storage_folder":delete_secondary_storage_folder, "post_create_private_template": post_create_private_template, "gethostvmstats": gethostvmstats, "getvncport": getvncport, "getgateway": getgateway, "getnetwork": getnetwork, "preparemigration": preparemigration, "setIptables": setIptables, "patchdomr": patchdomr, "pingdomr": pingdomr, "pingxenserver": pingxenserver,  "ipassoc": ipassoc, "vm_data": vm_data, "savePassword": savePassword, "saveDhcpEntry": saveDhcpEntry, "setFirewallRule": setFirewallRule, "setLoadBalancerRule": setLoadBalancerRule, "createFile": createFile, "deleteFile": deleteFile, "checkMount": checkMount, "checkIscsi": checkIscsi, "backupSnapshot": backupSnapshot, "deleteSnapshotBackup": deleteSnapshotBackup, "createVolumeFromSnapshot": createVolumeFromSnapshot, "networkUsage": networkUsage, "unmountSnapshotsDir": unmountSnapshotsDir, "deleteSnapshotsDir": deleteSnapshotsDir, "validatePreviousSnapshotBackup": validatePreviousSnapshotBackup, "validateSnapshot" : validateSnapshot, "network_rules":network_rules, "can_bridge_firewall":can_bridge_firewall, "default_network_rules":default_network_rules, "destroy_network_rules_for_vm":destroy_network_rules_for_vm, "default_network_rules_systemvm":default_network_rules_systemvm, "get_rule_logs_for_vms":get_rule_logs_for_vms, "setLinkLocalIP":setLinkLocalIP})
+    XenAPIPlugin.dispatch({"getVhdParent":getVhdParent, "pingtest": pingtest, "create_secondary_storage_folder":create_secondary_storage_folder, "setup_iscsi":setup_iscsi, "delete_secondary_storage_folder":delete_secondary_storage_folder, "post_create_private_template": post_create_private_template, "gethostvmstats": gethostvmstats, "getvncport": getvncport, "getgateway": getgateway, "getnetwork": getnetwork, "preparemigration": preparemigration, "setIptables": setIptables, "patchdomr": patchdomr, "pingdomr": pingdomr, "pingxenserver": pingxenserver,  "ipassoc": ipassoc, "vm_data": vm_data, "savePassword": savePassword, "saveDhcpEntry": saveDhcpEntry, "setFirewallRule": setFirewallRule, "setLoadBalancerRule": setLoadBalancerRule, "createFile": createFile, "deleteFile": deleteFile, "checkMount": checkMount, "checkIscsi": checkIscsi, "backupSnapshot": backupSnapshot, "deleteSnapshotBackup": deleteSnapshotBackup, "createVolumeFromSnapshot": createVolumeFromSnapshot, "networkUsage": networkUsage, "unmountSnapshotsDir": unmountSnapshotsDir, "deleteSnapshotsDir": deleteSnapshotsDir, "validatePreviousSnapshotBackup": validatePreviousSnapshotBackup, "validateSnapshot" : validateSnapshot, "network_rules":network_rules, "can_bridge_firewall":can_bridge_firewall, "default_network_rules":default_network_rules, "destroy_network_rules_for_vm":destroy_network_rules_for_vm, "default_network_rules_systemvm":default_network_rules_systemvm, "get_rule_logs_for_vms":get_rule_logs_for_vms, "setLinkLocalIP":setLinkLocalIP, "cleanup_rules":cleanup_rules})
 
diff --git a/server/src/com/cloud/network/security/NetworkGroupListener.java b/server/src/com/cloud/network/security/NetworkGroupListener.java
index b3a63aed351..fffb226b421 100644
--- a/server/src/com/cloud/network/security/NetworkGroupListener.java
+++ b/server/src/com/cloud/network/security/NetworkGroupListener.java
@@ -28,14 +28,20 @@ import com.cloud.agent.Listener;
 import com.cloud.agent.api.AgentControlAnswer;
 import com.cloud.agent.api.AgentControlCommand;
 import com.cloud.agent.api.Answer;
+import com.cloud.agent.api.CleanupNetworkRulesCmd;
 import com.cloud.agent.api.Command;
 import com.cloud.agent.api.NetworkIngressRuleAnswer;
 import com.cloud.agent.api.PingRoutingWithNwGroupsCommand;
 import com.cloud.agent.api.StartupCommand;
+import com.cloud.agent.api.StartupRoutingCommand;
+import com.cloud.agent.api.StartupStorageCommand;
+import com.cloud.exception.AgentUnavailableException;
 import com.cloud.host.HostVO;
 import com.cloud.host.Status;
+import com.cloud.host.Host.Type;
 import com.cloud.network.security.NetworkGroupWorkVO.Step;
 import com.cloud.network.security.dao.NetworkGroupWorkDao;
+import com.cloud.storage.Volume.StorageResourceType;
 
 /**
  * Listens for answers to ingress rules modification commands
@@ -66,7 +72,7 @@ public class NetworkGroupListener implements Listener {
 
 	@Override
 	public boolean isRecurring() {
-		return false;
+		return true;
 	}
 
 
@@ -112,8 +118,24 @@ public class NetworkGroupListener implements Listener {
 
 	@Override
 	public boolean processConnect(HostVO host, StartupCommand cmd) {
-		
-		return true;
+        if(s_logger.isInfoEnabled())
+            s_logger.info("Received a host startup notification");
+        
+        if (cmd instanceof StartupRoutingCommand) {
+            //if (Boolean.toString(true).equals(host.getDetail("can_bridge_firewall"))) {
+                try {
+                    CleanupNetworkRulesCmd cleanupCmd = new CleanupNetworkRulesCmd();
+                    _agentMgr.send(host.getId(), new Command[]{cleanupCmd}, false, this);
+                    if(s_logger.isInfoEnabled())
+                        s_logger.info("Scheduled network rules cleanup, interval=" + cleanupCmd.getInterval());
+                } catch (AgentUnavailableException e) {
+                    s_logger.warn("Unable to schedule network rules cleanup");
+                }
+                
+            //}
+        }
+
+        return true;
 	}