This patch adds a network plugin to support Palo Alto Networks firewall (their appliance and their VM series firewall).
More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
Features supported are:
- List/Add/Delete Palo Alto service provider
- List/Add/Delete Palo Alto network service offering
- List/Add/Delete Palo Alto network with above service offering
- Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
- List/Add/Delete Ingress Firewall rule
- List/Add/Delete Egress Firewall rule
- List/Add/Delete Port Forwarding rule
- List/Add/Delete Static Nat rule
- Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
- Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
Knowns limitations:
- Only supports one public IP range in CloudStack.
- Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
- Currently not tracking usage on Public IPs.
Signed-off-by: Sheng Yang <sheng.yang@citrix.com>
Rename 'socket info' title to 'hypervisors' to make it more generic, as
the dashboard section contains hypervisor host counts which are useful
in other contexts.
All of the code changes for the Spring Modularization will work in
a modularized context or a non-modularized context. This commit
is the final commit to turn modularization on. Revert this commit
to disable the modularization and go back to monolithic Spring
configuration.
Initial patch for VXLAN support.
Fully functional, hopefully, for GuestNetwork - AdvancedZone.
Patch Note:
in cloudstack-server
- Add isolation method VXLAN
- Add VxlanGuestNetworkGuru as plugin for VXLAN isolation
- Modify NetworkServiceImpl to handle extended vNet range for VXLAN isolation
- Add VXLAN isolation option in zoneWizard UI
in cloudstack-agent (kvm)
- Add modifyvxlan.sh script that handle bridge/vxlan interface manipulation script
-- Usage is exactly same to modifyvlan.sh
- BridgeVifDriver will call modifyvxlan.sh instead of modifyvlan.sh when VXLAN is used for isolation
Database changes:
- No change in database structure.
- VXLAN isolation uses same tables that VLAN uses to store vNet allocation status.
Known Issue and/or TODO:
- Some resource still says 'VLAN' in log even if VXLAN is used
- in UI, "Network - GuestNetworks" dosen't display VNI
-- VLAN ID field displays "N/A"
- Documentation!
Signed-off-by : Toshiaki Hatano <haeena@haeena.net>
Japanese properties file was broken, fixed manually.
We need to let the servlet container the encoding to use.
Signed-off-by: Hiroaki KAWAI <kawai@stratosphere.co.jp>
Update BigSwitch Plugin:
. UI support for adding BigSwitch controller as a network service provider
. Correct the message format between the plugin and the controller
. Add Health check API
Test to add a BigSwitch controller as a network service provider and view.
Test to implementation of guest network on the controller
Test to associate VM to its guest network
Detail: Adds UI element for resizing a volume
BUG-ID: CLOUDSTACK-644
Reported-by: hongtu_zang@tcloudcomputing.com
Signed-off-by: Marcus Sorensen <marcus@betterservers.com> 1360091087 -0700
- Fixed new join dao impls as spring components
- Fixed component context xml to load api rate limit checker
- Fixed root pom.xml for duplicate plugin
- Fixed list data centers method
- Fixed following conflicts:
api/src/org/apache/cloudstack/api/command/admin/network/CreateNetworkOfferingCmd.java
api/src/org/apache/cloudstack/api/command/user/offering/ListServiceOfferingsCmd.java
api/src/org/apache/cloudstack/api/command/user/template/DeleteTemplateCmd.java
api/src/org/apache/cloudstack/api/command/user/template/ExtractTemplateCmd.java
plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java
server/src/com/cloud/api/ApiDBUtils.java
server/src/com/cloud/api/ApiServer.java
server/src/com/cloud/api/query/QueryManagerImpl.java
server/src/com/cloud/configuration/DefaultComponentLibrary.java
server/src/com/cloud/server/ManagementServerImpl.java
server/src/com/cloud/storage/swift/SwiftManagerImpl.java
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
Fixes issue where global flag was sometimes causing the confirm
message to be incorrect for non-VPC acquire IP action.
Conflicts:
ui/scripts/network.js
This commit merges the nicira-l3support branch with master. This
effectively adds nicira nvp l3 support to master. The NiciraNVP Provider
can support the following services with this modification: Connectivity,
SourceNat, StaticNat and PortForwarding
Testing done:
Create, Delete network offerings with Nicira Element
Use Gui to add, modify, remove Nicira Element and Provider
Provision, deprovision SourceNat networks
Provision, deprovision Portforwarding and StaticNat rules
Tested with Nicira NVP release 2.1.0, 2.2.0 and 2.2.1 (2.2.x recommended)
For any list view that has a corresponding detail view, adds a tooltip
to display the compact overview of the detail view contents, including
all available actions. This avoids a user from having to click into a
new panel to see more details and actions for an item.
This will happen automatically for any list view with a 'detailView'
sub-option, and will append a new column to the end of each item
row. If 'noCompact: true' is specified in the detailView's options,
then the quick view will not be rendered.
** Note: This also removes the existing list actions for the instances
and zones tables.
Example, to show a quick view:
listView: {
detailView: {
// Specify noCompact: true to not render a quick view
//
// noCompact: true
...
},
...
}
Conflicts:
ui/scripts/ui/widgets/detailView.js
Support for local data disk. Currently enable/disable config is at zone level, in subsequent checkins it can be made more granular.
Following changes are made:
- Create disk offering API now takes an extra parameter to denote storage type (local or shared). This is similar to storage type in service offering.
- Create/delete of data volume on local storage
- Attach/detach for local data volumes. Re-attach is allowed as long as vm host and data volume storage pool host is same.
- Migration of VM instance is not supported if it uses local root or data volumes.
- Migrate is not supported for local volumes.
- Zone level config to enable/disable local storage usage for service and disk offerings.
- Local storage gets discovered when a host is added/reconnected if zone level config is enabled. When disabled existing local storages are not removed but any new local storage is not added.
- Deploy VM command validates service and disk offerings based on local storage config.
- Upgrade uses the global config 'use.local.storage' to set the zone level config for local storage.
(cherry picked from commit 62710aed37606168012a0ed255a876c8e7954010)
Mike Tutkowski
Will Stevens
chriscameronv
Brian Federle
Wei Zhou
Darren Shepherd
Chris Suich
ynojima
Wido den Hollander
Ian Duffy
Sanjay Tripathi
Isaac Chiang
Milamber
Pranav Saxena
Pranav Saxena
Brian Federle
Hiroaki KAWAI
Nitin Mehta
Kanzhe Jiang
Hugo Trippaers
Kelven Yang
Mice Xia
Channy Yun
Marcus Sorensen
Rohit Yadav
Alex Huang
John Kinsella
Edison Su
David Nalley
Kelven Yang
Hugo Trippaers
Koushik Das
Jessica Wang
olivier lamy