Added destination and source definition. Flag -S can be used
to ignore this. It's the new default as it is more secure
and does not impact the way things work (backwords compatible).
(cherry picked from commit ef3b4bb4e3)
If connecting the VPN takes some time, for example because
the other end is not (yet) up, CloudStack will delete
the VPN because the ipsectunnel.sh does not return in time.
The VPN connection then enters the Error state.
This change makes sure ipsectunnel.sh returns in time,
and lets ipsec connect in the background. If it all fails,
the connection enters Disconnected.
(cherry picked from commit 7f33f7c396)
Changed default to no, as the other side may not be up yet.
If this check fails, the VPN enters Error state and will not
work. It's safe to just let it connect on its own so it will
connect when it can.
(cherry picked from commit f8d718e3e3)
Changed 'auto=add' to 'auto=start' to make sure the tunnel starts.
When both sides are there they will connect. This resolves the
issue that there is only a small time frame in which the VPN
would connect.
(cherry picked from commit b95addd3ef)
Biglock breaks creating VPN's when other scripts run at the
same time that also use the same biglock. These other scripts
do nothing that could harm our deployment and even multiple
vpn's can safely be created simultaniously.
(cherry picked from commit 8b412ce194)
The last commit 513adab51b didn't fully fix it. Scenario #1 was not handled, only #2 was handled.
Fixed#1 as part of this commit.
1. If VM is in stopped state in CS due to 'PowerMissing' report from old host (hostId is null) and then there is a 'PowerOn' report from new host
2. If VM is in running state in CS and there is a 'PowerOn' report from new host
Added destination and source definition. Flag -S can be used
to ignore this. It's the new default as it is more secure
and does not impact the way things work (backwords compatible).
If connecting the VPN takes some time, for example because
the other end is not (yet) up, CloudStack will delete
the VPN because the ipsectunnel.sh does not return in time.
The VPN connection then enters the Error state.
This change makes sure ipsectunnel.sh returns in time,
and lets ipsec connect in the background. If it all fails,
the connection enters Disconnected.
Changed default to no, as the other side may not be up yet.
If this check fails, the VPN enters Error state and will not
work. It's safe to just let it connect on its own so it will
connect when it can.
Changed 'auto=add' to 'auto=start' to make sure the tunnel starts.
When both sides are there they will connect. This resolves the
issue that there is only a small time frame in which the VPN
would connect.
Biglock breaks creating VPN's when other scripts run at the
same time that also use the same biglock. These other scripts
do nothing that could harm our deployment and even multiple
vpn's can safely be created simultaniously.
- Increases the disable thresholds for developers
- Removes the use local storage for systemvms
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 314e2dacee)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
- Increases the disable thresholds for developers
- Removes the use local storage for systemvms
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 314e2dacee)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
added 3 new method to strip partition information from VirtualServer, LBPool, VLAN api response.
With BigIP V11.x VirtualServer, LBPool, VLAN api response has been modified.
Now BigIP returns resource name with user partition information
ex: if vlanname is vlan-100 then the get_list() will return /Common/vlan-100 (/Common -> Suer portition)
This method will strip the partition information and only returns a list with vlan name (vlan-100)
Signed-off-by: Rajani Karuturi <rajanikaruturi@gmail.com>
This fix alters table columns which are primary keys but don't have them
auto_increment such as region, domain_router, user_vm etc.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit a11ddf3077)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
`vm_instance` table's id column is unique but does not auto_increment like other
resource tables. The fix simply alter the table's id column to have it
auto_increment which may avoid id conflicts in a multi-master mysql setup.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit e1e5e12aaa)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
On default iptables rules are updated to add ACCEPT egress traffic.
If the network egress default policy is false, CS remove ACCEPT and adds the DROP rule which
is egress default rule when there are no other egress rules.
If the CS network egress default policy is true, CS won't configure any default rule for egress because
router already came up to accept egress traffic. If there are already egress rules for network then the
egress rules get applied on VR.
For isolated network with out firewall service, VR default allows egress traffic (guestnetwork --> public network)
Brian Federle
Gaurav Aradhye
Sateesh Chodapuneedi
Rohit Yadav
Jean-Francois Vincent
Daan Hoogland
Remi Bergsma
Koushik Das
Wei Zhou
Jessica Wang
Mike Tutkowski
Daan Hoogland
Axel Delahaye
Rajani Karuturi
Sudhansu
Jayapal
Nitin Mehta