When snat is configured on a vm in a subnet then the source
ip should be taken from the same subnet rather than from
random other subnet.
Co-authored-by: Rakesh Venkatesh <rakeshv@apache.org>
* Change logrotate interval to hourly
The logrotate config says interval as hourly but it relies
on timer service to be invoked but in timer the frequency
is mentioned as 12h. So it wont be invoked every hour.
So change the frequency to hourly
* Add change to vpc router
This PR fixes#5058
when start a vm, the old entries in databag for the vm (with same mac addresses) should be removed then set again, to avoid duplicated records in dhcpentry databag and also /etc/dhcphosts.txt
Testing with Isolated networks:
(1) stop vm, change vm ip address, start vm
vm info is updated in /etc/dhcphosts.txt and /etc/cloudstack/dhcpentry.json
(2) stop vm, expunge vm.
vm is removed from /etc/dhcphosts.txt and /var/lib/misc/dnsmasq.leases
Testing with VPC:
(1) create vm in 2 vpc tiers
vm has 2 entries in /etc/dhcphosts.txt, and /etc/cloudstack/dhcpentry.json
(2) stop vm, change ip addresses, change nics order, start vm
entries are updated in /etc/dhcphosts.txt and /etc/cloudstack/dhcpentry.json
(3) remove a nic from vm (hot unplug)
vm nic is removed from /etc/dhcphosts.txt and /var/lib/misc/dnsmasq.leases
entry in /etc/cloudstack/dhcpentry.json is updated.
IKE version allows selecting ike (autoselect), ikev1, or ikev2.
Split connections gives an option of separating the first right subnet from the rest, and kicking out individual statements for each right subnet for better cross-compatibility.
Backported from PR: #4137
update per PR suggestion
Fixes#3138
Co-authored-by: Greg Goodrich <ggoodrich@ippathways.com>
Co-authored-by: Daan Hoogland <dahn@onecht.net>
Co-authored-by: Pearl Dsilva <pearl.dsilva@shapeblue.com>
There is a potential security issue with having http access to the VR from anywhere.
This PR restricts http access to the VR to the internal network only.
This contains 3 main changes
(1) add NETWORK_STATS_ethX for all nics with public ips in VPC VRs (current: NETWORK_STATS_eth1)
(2) DO NOT create records in user_statistics for each VPC tier (only one record per public nic per VPC VR)
(3) send NetworkUsageCommand before unplugging a NIC with public IPs from VPC VR
Steps to reproduce the issue
(1) create two vm wei-001 and wei-002, start them
(2) check /etc/cloudstack/dhcpentry.json and /etc/dhcphosts.txt in VR
They have entries for both of wei-001 and wei-002
(3) stop wei-002, and restart VR (or restart network with cleanup).
check /etc/cloudstack/dhcpentry.json and /etc/dhcphosts.txt in VR
They have entries for wei-001 only (as wei-002 is stopped)
(4) expunge wei-002. when it is done,
check /etc/cloudstack/dhcpentry.json and /etc/dhcphosts.txt in VR
They do not have entries for wei-001.
VR health check fails at dhcp_check.py and dns_check.py
before
```
root@r-27-VM:/var/cache/cloud# /opt/cloud/bin/configure.py monitor_service.json
ERROR:root:Command 'ip link show eth0 | grep 'state DOWN'' returned non-zero exit status 1
```
with this change
```
root@r-27-VM:/var/cache/cloud# /opt/cloud/bin/configure.py monitor_service.json
root@r-27-VM:/var/cache/cloud#
```
* vpc: fix ips on wrong interfaces after rebooting vpc vrs
* #4467: Rename to updateNicWithDeviceId
* CLSTACK-8923 vr: Force a restart of keepalived if conntrackd is not running or configuration has changed
The DNS entry "data-server" was not added in /etc/hosts.
Since the VR is now considered as a "dhcpsrvr" (?), we need to apply this commit to add this DNS entry.
/etc/hosts is fully rewritten by this script.
Fixes: #4308
(cherry picked from commit dc65f31f9f)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
As discussed in #3937 (comment)
a rule for port forwarding in VPC router might not be needed.
This fixes the failed result of health check for network VRs.
When Guest VM add secondary nic, will get wrong hostname "infiniteh" from dhcp server
infiniteh -->infinite
cat /etc/dhcphosts.txt
02:00:0b:ef:00:04,set:192_168_4_18,192.168.4.18,gumd-tes3,infiniteh
The previous setup of many hours would not work, due to some internal dnsmasq issues - lease was set correclty, but dnsmasq was setting the dhcp-renew-time (and rebind time) to less than 2 years from the date the lease was issued.
Using "infinite" as the value (instead of the number) works as expected - and (atm) the renew date is set to year 2088, etc.
Co-authored-by: dahn <daan.hoogland@gmail.com>
This adds support for JDK11 in CloudStack 4.14+:
- Fixes code to build against JDK11
- Bump to Debian 9 systemvmtemplate with openjdk-11
- Fix Travis to run smoketests against openjdk-11
- Use maven provided jdk11 compatible mysql-connector-java
- Remove old agent init.d scripts
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Rakesh
Wei Zhou
Wei Zhou
Pearl Dsilva
Rohit Yadav
Spaceman1984
aleskxyz
Wei Zhou
dahn
davidjumani
Lucas Granet
havengit
dahn
Andrija Panic
Anurag Awasthi