2) Added new parameter to listNetworks command - canUseForDeploy(boolean). When true, list only networks that can be used for vm deployment (networks have enough ip addresses to allocate from for the vm)
Conflicts:
api/src/com/cloud/api/ApiConstants.java
server/src/com/cloud/api/ApiDBUtils.java
server/src/com/cloud/api/ApiResponseHelper.java
server/src/com/cloud/network/NetworkManagerImpl.java
server/src/com/cloud/network/dao/IPAddressDao.java
When the last rule is removed for vpc ip, networkId is set to null
Conflicts:
api/src/com/cloud/api/commands/AssociateIPAddrCmd.java
api/src/com/cloud/api/commands/EnableStaticNatCmd.java
api/src/com/cloud/network/NetworkService.java
api/src/com/cloud/network/rules/RulesService.java
server/src/com/cloud/network/NetworkManagerImpl.java
server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
server/src/com/cloud/network/rules/RulesManagerImpl.java
server/test/com/cloud/network/MockNetworkManagerImpl.java
2) Don't allow to add new networks/implement existing ones for VPC in Disabled state. Disabled state indicates that there was unsuccessful attempt to remove the VPC, and the further cleanup will be taken care of by cleanup thread.
Conflicts:
server/src/com/cloud/network/dao/IPAddressDao.java
server/src/com/cloud/server/ManagementServerImpl.java
2) Added services api support for plugging/unplugging the nics to VpcElement
Conflicts:
api/src/com/cloud/network/NetworkService.java
core/src/com/cloud/vm/VMInstanceVO.java
server/src/com/cloud/network/NetworkManagerImpl.java
server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
server/test/com/cloud/network/MockNetworkManagerImpl.java
1) Added API frameworks for the feature. New commands:
* CreateVPCCmd
* ListVPCsCmd
* DeleteVPCCmd
* UpdateVPCCmd
* CreateVPCOfferingCmd
* UpdateVPCOfferingCmd
* DeleteVPCOfferingCmd
* ListVPCOfferingsCmd
2) New db tables:
* `cloud`.`vpc`
* `cloud`.`vpc_offerings`
* `cloud`.`vpc_offering_service_map`
and corresponding VO/Dao objects.
Added vpc_id field to `cloud.`networks` table - not null when network belongs to VPC
3) New Manager and Service interfaces- VpcManager/VpcService
4) Automatically create new VpcOffering (if doesn't exist) on system start
5) New Action events:
* VPC.CREATE
* VPC.UPDATE
* VPC.DELETE
* VPC.OFFERING.CREATE
* VPC.OFFERING.UPDATE
* VPC.OFFERING.DELETE
Conflicts:
api/src/com/cloud/api/ApiConstants.java
client/tomcatconf/commands.properties.in
server/src/com/cloud/api/ApiDBUtils.java
server/src/com/cloud/network/NetworkManagerImpl.java
setup/db/create-schema.sql
Description:
Removed the vcenter_dc_name and vcenter_ipaddr
fields from the virtual_supervisor_module
table, the CiscoNexusVSMDeviceVO, addClusterCmd,
and all other references to these two fields.
Fixing null pointer exceptions when checking
for nexus related global parameter values in
addClusterCmd.
Conflicts:
api/src/com/cloud/api/commands/AddClusterCmd.java
Description:
Putting in code changes as per Alena's reviews:
Replaced references to CiscoNexusVSMDeviceVO
in GetCiscoVSMByClusterIdCmd to work with an
interface that CiscoNexusVSMDeviceVO instead,
since VO objects should not be directly accessed
in APIs.
Made associated changes in other files.
More commits incorporating Alena's review comments
will follow.
Description:
1. Added the PortProfile infrastructure:
a. PortProfileVO : The VO class to represent a db
record of the table port_profile. Each db record
represents one port profile.
b. PortProfileDao: The interface that declares search
functions on the port_profile table.
c. PortProfileDaoImpl: The class that defines the
interfaces declared in PortProfileDao.
d. PortProfileManagerImpl: The class that contains
routines that will add or delete db records from
the port_profile table. If you want to create/delete
a portprofile, call functions from this class.
e. Changes to create-schema.sql to create the port_profile
table.
2. Cleaned up code:
a. Removed a number of unused Dao and Manager objects in
CiscoNexusVSMDeviceManagerImpl.
b. Removed the ListCiscoNexusVSMNetworksCmd command.
c. Removed a bunch of import statements in a few files.
Reviewed by: Sateesh Chodapuneedi, Devdeep Singh
Description:
This is the first in a series of commits for integrating the
Cloudstack Management Server with the Nexus 1000v Virtual
Supervisor Module.
These changes introduce the necessary API command interfaces
to work with a Cisco N1KV VSM. The backend logic is still to
be put in and will be incorporated in subsequent commits.
Please do not attempt to use these APIs until then. Also,
these are not yet filled in into commands.xml, so they are
not currently exposed.
Additional APIs would be added if required.
These changes will not break any current management server
functionality.
Given below is a description of the changes put in here:
Added Cisco N1KV commands to core/api:
These are the added commands -
AddCiscoNexusVSMCmd
DeleteCiscoNexusVSMCmd
ConfigureCiscoNexusVSMCmd
ListCiscoNexusVSMCmd
ListCiscoNexusVSMNetworksCmd
Added a Network Element service file for Cisco N1KV.
Declared the interface functions that we'll need for
the N1KV VSM.
Defined a DeviceVO file for the Cisco Nexus Element.
Created a response file for Cisco Nexus VSM.
Created new event types for external Switching Management devices.
Put in logic to call interface methods in ListCiscoNexusVSMNetworksCmd
and ListCiscoNexusVSMCmd
NOT VSM RELATED:
Fixed minor typo in some of the event types for external load balancers.
Added properties of a VSM in the VSM VO class.
Replaced the "url" input parameter by "ipaddress"
in the AddCiscoNexusVSMCmd API.
Added a new file - CiscoNexusVSMElement.java to
contain the implementation of the functions
declared in the VSMElementService interface, and
put in implementations of the functions for the
Nexus VSM API commands. These functions are
defined in the CiscoNexusVSMElement class.
Added a class for Port Profiles (PortProfile.java).
The fields in this class are still not correctly
declared as of now. We'll make the required changes
going forward.
Added CiscoNexusVSMDeviceManagerImpl class.
Added CiscoNexusVSMResource class.
Created a new class to provide a package to
connect to Cisco Nexus VSMs. This will be a
set of Java wrapper functions that allow us
to connect/disconnect and send commands and
receive the results of those commands via
XML-RPC. These functions are yet to be
implemented, and will be checked in in future
commits.
Added two new classes, VSMCommand and
VSMResponse, to encapsulate XML-RPCcommands
and responses to and from a Ciscon Nexus VSM.
Put in the following function stubs inside the
CiscoNexusVSMService class:
connectToVSM()
disconnectFromVSM()
executeVSMCommand()
Added new field in the Type enum of the "Host"
interface, for Cisco Nexus VSMs.
Added two parameters to AddCiscoNexusVSMCommand
vsmName
zoneId
Modified the CiscoNexusVSMDeviceVO constructor to
take in an zoneId as a parameter when creating
the VO object.
Added new interface and class for the DeviceDao
implementation for Cisco Nexus VSM devices:
CiscoNexusVSMDeviceDao
CiscoNexusVSMDeviceDaoImpl
Removed the vsmvCenterDomainId property, since it's
going to the same as vsmDomainId, which is the VSM's
switch Domain Id.
Have started putting in the following query functions
in the CiscoNexusVSMDeviceDao interface:
Put in DAO implementations of some of the above functions in the CiscoNexusVSMDeviceDaoImpl class.
Added a vsmName parameter to the CiscoNexusVSMDeviceVO class.
With this fix both SSVM and CPVM will get public IP's in case of basic zone with EIP service.
A static NAT rule is implicitly configured on the EIP service provider to map public IP to a
guest IP address associated with SSVM/CPVM
Fixed issues with vif scripts on 5.6FP1
Fixed ipv6 issue on 5.6FP1
Plus other various fixes and improvements
Starting to remove debug code
NOTE: Network is configured correctly but instances do not start. Possibly indefinite wait occuring on some commands
Fixed issues with vif scripts on 5.6FP1
Fixed ipv6 issue on 5.6FP1
Plus other various fixes and improvements
Starting to remove debug code
NOTE: Network is configured correctly but instances do not start. Possibly indefinite wait occuring on some commands
Changes:
Fixed as described in the bug.
* CreateVlanIpRangeCmd still accept account/domainId info
* if account owns:
- one Isolated network with source nat service enabled, use this network
- more than one Isolated network with source nat service enabled - error out
- none Isolated networks with source nat service enabled, create it only in
case when there is an Isolated network offering with Availability=Required and
source nat service enabled.
CIDR may be different after update to a service offering contained external
network element, user is required to acknowledge this, otherwise the update
won't process
Summary of changes: Database changes will be rollbacked while applying the LB rule to the Netscaler device.
- Database changes will be rollbacked to previous state during the following Lb API's:
1) assignVM to LB rule
2) remove VM from LB rule
3) updateLb rule
4) deleteLb rule
5) create/attach sticky policy to Lb rule
6) delete sticky policy from Lb rule
- Database changes of the Lb rule will be not be rolledback during:
1) Removing IP
2) removing VM
Summary of Changes:
- created a generic way for LB rule validations, so as LB device(like Haproxy) specific validations can be done syncronously.
- Removed asyncronous validations from Haproxy and done syncronously.
When elb capability is enabled on the network offering, we:
1) on each createLB command:
* associate ip address to the LB rule owner
* create LB rule
2) on each deleteLb command:
* delete the rule
* disassociate ip address
The rule belongs to the owner, so proper usage events are generated
2) Added elasticIp and elasticLb network capabilities. Provided support to create network offering with these capabilities.
3) Added one more default network offering having elasticip and elasticlb
4) Public network support to Basic zone. You can associate/disassociate IP addresses now
Introduce the concept of Ip Deployer. The IP deployer would be responible for
apply IP to the element. Most element's IP deployer is itself, but it can be
someone else if we want to implement inline mode in the future.
only owner of the network can access it; if it's domain - all accounts in the domain and domain children can have an access.
* aclType replaces 2 old fields: isShared and isDomainSpecific.
* All 2.2.x account specific networks will have aclType=Account; 2.2.x Domain specific networks - aclType=domain; 2.2.x Zone level networks - aclType=Domain with domainId = Root domain id
- Create Default physicalnetwork and add traffic types while creating a zone
- DeleteProvider should error out if there are networks using the provider.
- Other validations
- ListSupportedNetworkServiceProvidersCmd will now return Providers along with its element's services and boolean 'canEnableIndividualServices' that indicates if for this Provider services can be enabled/disabled
- add & update NetworkServiceProvider changed to take in the list of services to enable. While adding a provider, if list is null then all services supported by the element are enabled by default.
- ListNetworkServices enhanced to take in a provider name and returns services of that specific provider.
* can be specified for Shared network only
* if not specified for the Shared networks, try to locate it based on the zoneId and tags. If tags is not null, pick up first physicalNetwork from the zone that has matching tags. If tags is null, and there are none/more than 1 physical netwroks in the zone, error out.
As DhcpElement/VirtualRouterElement/RedundantVirtualRouterElement is decided to
be the service provider of the physical network, this API should be called to
add a new element, with correlated network service provider ID.
Then e.g. ConfigureVirtualRouterElementCmd should be called to configure and
enable the element.
Added PortForwardingServiceProvider, StaticNatServiceProvider, rename
PasswordServiceProvider to UserDataServiceProvider(may rename to a better name
later).
Add related function for service providers.
DHCP range, domain name, etc. are the property of network, not virtual router
specific.
The focus of virtual router configuration would on separate enable/disable each
service it provided.
2)Re-apply all existing firewall rules as a part of implement call. TODO: Cleanup all existing rules from the backend (leave them in the DB) as a part of shutdown call
TODO:
- Still leaving the provider columns in data_center schema as-is for CloudKit and BareMetal
- ExternalNetworkDeviceMgrImpl still needs to fix the dataCenter.setProviders calls and externalNetworkApplicance usage checks to see if zone has external networking.
Limitations:
* can't upgrade to the network offering with lesser number of services
* can upgrade only when the service provider of the original offering is not external (domR, dhcp, elb) to the external type of the provider
-Bringing add/delete/list of all external network devices under one unified API's (addNetworkDevice, deleteNetworkDevice, listNetworkDevice)
-Refactoring External network manager to work from both sets of API's add/delete/list NetworkDevice and add/delete/list External Firewall/LoadBalancer
- Make all API commands Async and add events
- Make BroadcatsDomainRange case insensitive
- Process all _networkElements to build the Service -> Provider map during NetworkMgr::configure()
Add configure command for these virtual router based elements. The commands
should be different for different elements.
The context of configuration would be added later.
- Create Zone changes and changes to data_center table to remove vlan, securityGroup fields
- Physical Network lifecycle APIs
- Physical Network Service Provider APIs
- DB schema changes
* moved all services to the separate table, map them to the network_offering+provider.
* added state/securityGroupEnabled properties for the networkOffering
* added ability to list by state/securityGroupEnabled in listNetworkOfferings api command
2) New service: SourceNat
Changes:
- Added a new interface 'PluggableService'
- Any component that can be packaged separately from cloudstack, can implement this interface and provide its own property file listing the API commands the component supports
- As an example have made VirtualNetworkApplianceService pluggable and a new configureRouter command is added
- ComponentLocator reads all the pluggable service from componentLibrary or from components.xml and instantiates the services.
- As an example, DefaultComponentLibrary adds the pluggable service 'VirtualNetworkApplianceService'
- Also components.xml.in has an entry to show how a pluggable service can be added, but it is commented out.
- APIServer now reads the commands for each pluggable service and when a command for such a service is called, APIServer sets the required instance of the pluggable service in the coomand.
- To do this a new annotation '@PlugService' is added that is processed by APIServer. This eliminates the dependency on the BaseCmd to instantiate the service instances.
In the past, the NetworkElement would cover almost all the functionality that
e.g. virtual router can cover: firewall, source NAT, static NAT, password,
VPN... So anyone want to implement the NetworkElement would have to implement
these service's specific methods, even it wouldn't support it. Also, if we want
to find a e.g. FirewallServiceProvider, we have to proceed all the current
network service providers, to call a method to know if it support such service.
That's neither elegant nor scaling way to do it.
As the first step, this patch separates each ServiceProvider from NetworkElement
(there are some interface already out of NetworkElement, so this patch slightly
modifies them too), and only the class would implement the correlated interface, would
have the ability to do these services.
Force stop the router would release all the resources it used, but router may
still running. Add a column "stop_pending" in the database, and stop it when the
router come back.
Admin would able to choose to force destroy such router, then recover the
network using restartNetwork command with cleanup=false.
clean up tests for security group manager v2
move interval to listener -- allows it to be configurable if needed
fix mocks
Enhanced logging for security group manager (from zucchini)
fix merge issues
merge issues
Changes :
- Fixing API doc +response name + errorMessage
- Adding seperate events to Egress rules
- Egress rules Using the same database table as that of ingress with new column type.
Pending Tasks:
- db upgrade
- database table rename from security_ingress_rule to generic name, renaming some of the jave class from ingress to generic name.
- Retesting on kvm
- adding supprt for Netscaler VPX & MPX load blancers
- implemented for virtual networking
- works only with new fetched public IP, inline support is not added yet
status 11029: resolved fixed
Commit also includes the following:
* map firewall rule to pf/lb/staticNat/vpn when the firewall rule is created as a part of pf/lb/staticNat/vpn rule creation
* when delete firewall rules, also delete related firewall rule
1) On enableStaticNat command we actually send the command to the backend (we used to just upgrade the DB in the past). The backend command carries sourceIp and destIp, and creates IP to IP mapping on the domR.
2) On disableStaticNat for the Ip address in addition to cleaning up port ranges, we also delete IP to IP mapping on the domR.
1) Added new apis: createFirewallRule, deleteFirewallRule, listFirewallRules
2) Modified existing apis - added boolean openFirewall parameter to createPortForwardingRule/createIpForwardingRule/createRemoteAccessVpn. If parameter is set to true, open firewall on the domR before creating an actual PF rule there
Modified backend calls appropriately.
3) Schema changes for firewall_rules table:
* startPort/endPort can be null now
* added icmp_type, icmp_code fields (can be not null only when protocol is icmp)
4) Added new manager - FirewallManagerImpl
Conflicts:
api/src/com/cloud/api/BaseCmd.java
client/tomcatconf/commands.properties.in
server/src/com/cloud/api/ApiResponseHelper.java
server/src/com/cloud/configuration/DefaultComponentLibrary.java
server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
server/src/com/cloud/network/rules/RulesManagerImpl.java
1) Added new apis: createFirewallRule, deleteFirewallRule, listFirewallRules
2) Modified existing apis - added boolean openFirewall parameter to createPortForwardingRule/createIpForwardingRule/createRemoteAccessVpn. If parameter is set to true, open firewall on the domR before creating an actual PF rule there
Modified backend calls appropriately.
3) Schema changes for firewall_rules table:
* startPort/endPort can be null now
* added icmp_type, icmp_code fields (can be not null only when protocol is icmp)
4) Added new manager - FirewallManagerImpl
Part 2
commit 797839360c65cd348d2eb20630521177ab0919de
bug 9154: redundant virtual router
commit 8ff7f230204d4d3a7a4adee75523a9a84f4276fe
bug 9154: Replace domain_router.is_master with domain_router.redundant_state in DB
commit 230b99e9e0b152648f1dd2a5eab6f22315b8e7b4
bug 9154: Add redundant state to DomainRouterResponse
commit ccefb5ff5e83d713798a347c99bce1a0d04b4317
bug 9154: Add router fault state report
commit 7a3090378f9785caecf741b70554f6ea17c41764
bug 9154: Send alert if found two virtual routers in master state
commit 66831056e4bf27665871bccd24e6159071564847
bug 9154: Code clean up
commit bf3f58a85741fa7118bd848a42d8b21baa4478d4
bug 9154: Add isRedundantRouter to DomainRouterResponse
Block update only in these cases:
* when DNS capability AllowDnsSuffixModification is false for the network
* when target network has running network elements (dhcps or domRs)
Conflicts:
server/src/com/cloud/vm/dao/DomainRouterDao.java
server/src/com/cloud/vm/dao/DomainRouterDaoImpl.java
Block update only in these cases:
* when DNS capability AllowDnsSuffixModification is false for the network
* when target network has running network elements (dhcps or domRs)
Created a table for source cidrs list.
Created necessary Daos and VOs.
Updated PortForwardingRulesDao to persist/update non null list of cidrs.
For deletion depending on ON DELETE CASCADE.
status 9336: resolved fixed
Following changes were made:
* deleteSecurityGroup/authorizeSecurityGroupIngress - removed account/domainId parameters as SG is uniquely identified by id now
* removed account_name field from securityGroup DB table; removed allowed_security_group/allowed_sec_grp_acct from security_ingress_rule.
These values were used for api response generation only for performance purposes; added caching on API level to improve performance
* Added missing security checks for securityGroups/ingressRules
status 7704: resolved fixed
For user vm:
* for default network, take limit from the corresponding service offering
* for all additional networks, take limit from the network offerings
For domainRouter/SSVM/CPVM:
* get info from the network offering
Added new config parameter: "vm.network.throttling.rate". If nw_rate is NULL for serviceOffering, this parameter would be used for default vm's network
Following was done as a part of checkin:
1) NetworkOffering/Network:
* add PF service support for default Guest network offering.
* Add one more additional network - Public.
* Allow to enable external firewall in Basic zone.
2) Don't allow to deployVm in Public Network.
3) Allow to add vlan ip ranges to Public networks in Basic zone.
4) Associate IP - allow to associate with Direct vms.
5) Allow to create PF/Static nat rules. Rules are being sent to External Firewall Rule only.
6) Add PF support to External Firewall element.
Fixed couple of other problems along:
* when expunge PF/Static nat rules as a part of vmExpunge/IpRelease process, first mark all rules as Revoke, and then send commands to the backend. Group commands by Ip address.
Before we used to do Revoke/Send per rule basis.
* When release source nat rule, make sure that corresponding vpn (if exists) is being expunged.
* to enable 1-1 nat for ip/vm use enalbeOneToOneNat api
* to open port range (or multiple port ranges) use createIpForwardingRule api.
* to delete one port range use deleteIpForwardingRule api.
* to disable 1-1 nat use disableOneToOneNat api.
* added new fields to createIpForwardingRule api: startPort/protocol - required, endPort is optional
* updated "firewall_rules" table with a new field "is_one_to_one_nat" (being set when new rule is created)
* API requires network id to be passed in (it was optional before)
* restartNetwork calls restart() method of all network elements in the system, and it's up to the element to decide which actions to take on the restart (for example, for Virtual Router it's IPAssoc/applyPF/applyLBRules).
Alena Prokharchyk
Murali reddy
David Nalley
Vijayendra Bhamidipati
Salvatore Orlando
frank
prachi
Sheng Yang
Sheng Yang
Naredula Janardhana Reddy
Alex Huang
Prasanna Santhanam
Edison Su
Murali Reddy
alena
Chiradeep Vittal
Alex Huang
Abhinandan Prateek
keshav
kishan
Frank
Edison Su