etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,061 Commits 323 Branches 325 Tags 836 MiB
Commit Graph

449 Commits

Author SHA1 Message Date
Anthony Xu a892f08280 fix licnese header for vpc_passwd_server 2012-09-28 10:18:01 -07:00
Anthony Xu e44d306dd9 VPC : password reset fix 2012-09-26 17:42:42 -07:00
Anthony Xu 1946a9a583 VPC : password reset, 
add console redirect
 2012-09-26 17:42:42 -07:00
Anthony Xu ddffdc9db7 CS-16393 
one typo fix
    make passwd service exitable
 2012-09-26 17:42:42 -07:00
Anthony Xu b59c3c8885 VPC : password server, start password server when guest network is created 2012-09-26 17:42:42 -07:00
Anthony Xu 946295b114 open port 3922 on correct eth device 2012-09-26 17:42:42 -07:00
Sheng Yang 0c6dcb4772 CS-15094: Fix multiply vlan of redundang router 
This fix would work because:
1. When booting up the router, there is possible that no ip information have
been set for the interface(CS would do it after confirm router is up), so the
interface isn't associate with any ip, then ifconfig cannot work. We have to use
ifup, this is especially true for the first router become master.

2. After booting up phase, the ip would be associated with interfaces, then we
can use ifconfig to bring them up.
 2012-09-26 16:28:33 -07:00
Sheng Yang 435e4f6868 CS-16400: Fix LB service using port 8080 
Also added license header for passwd_server_ip

Ported from:

commit 1072ec7ae3
Author: Sheng Yang <sheng.yang@citrix.com>
Date:   Wed Sep 12 11:15:33 2012 -0700

    CS-16318: Update the fix with some tweak

    1. The old fix run cloud-passwd-srvr twice because cloud-passwd-srvr is
still in the list of enabled_svcs

    2. The lock should be applied on serve_password.sh, which controlled the
accessing to the password. Applied on the MASTER/BACKUP switch is useless, two
instance of serve_password.sh would still able to access the password file at
the same time.

    3. Password service is a part of redundant router state transition process
now, so if the service failed to start, then the transition failed.

    4. Restart password service should be put before restart dnsmasq, which
would sent out DHCP offer to the user vms. If user VMs got the DHCP offer first
but failed to get password, there would be an issue.

    Reviewed-by: Anthony Xu

commit fa94da1140
Author: Jayapal Reddy <jayapalreddy.uradi@citrix.com>
Date:   Wed Sep 12 17:57:03 2012 +0530

    Bug:CS-16318 Starting password server on the both IPs in RRVM
    Reviewed-by: Abhi

Conflicts:

	patches/systemvm/debian/config/opt/cloud/bin/passwd_server
 2012-09-26 16:28:33 -07:00
Chiradeep Vittal 32feb9525c CLOUDSTACK-171 cleanroom version of ipsec.conf 2012-09-25 15:58:33 -07:00
Chiradeep Vittal 969f0651ae CLOUDSTACK-171 according to http://markmail.org/thread/hipzcgtc7qx2o7iz delete first 2012-09-25 15:57:06 -07:00
Edison Su c9a0cca604 remove the last vhd-util 2012-09-25 14:17:18 -07:00
Chip Childers 8435e72295 Corrected RAT mvn plugin to appropriate exclude things at the top level, and to also include subprojects. 2012-09-25 15:01:08 -04:00
Chip Childers e2730c91d9 Adding license headers and licensing details for patches folder. 2012-09-25 14:26:52 -04:00
Chip Childers f20bee3ca4 Adding patches module config for RAT. 2012-09-25 14:26:52 -04:00
Chiradeep Vittal 97a1ed2ecb CLOUDSTACK-143 vcpu hotplug is used whenever the number of vcpus are increased or decreased while the vm is online. so far this is never done in CloudStack for system vms. Also, no evidence that this file is copied to /etc/udev/rules.d where it would be needed 
CLOUDSTACK-144 xe-linux-distribution.init is used to communicate the distribution information to the xe toolset in dom0. No evidence that this file is copied to /etc/init.d where it would be needed. The right way to do it would be to install the xe-guest-utilities deb package from the xs-tools ISO distributed by Citrix XenServer
 2012-09-21 17:31:38 -07:00
Chiradeep Vittal 1ba030729d CLOUDSTACK-142 remove unneeded file 2012-09-21 15:37:41 -07:00
Chiradeep Vittal 6fe019e3cc CLOUDSTACK-148 logrotate.conf configuration was developed for CloudStack. Deleted comment and blank lines to show origin in a clearer fashion 2012-09-21 15:23:37 -07:00
Chiradeep Vittal df6fd4e644 CLOUDSTACK-168 remove unneeded file 2012-09-21 14:51:27 -07:00
Chiradeep Vittal 9a40415771 CLOUDSTACK-175 reduce config file to bare minimum by eliminating commented lines and whitespace 2012-09-21 14:47:32 -07:00
Chiradeep Vittal 8899180d7d CLOUDSTACK-170 remove unneeded secrets file 2012-09-21 14:44:49 -07:00
Chiradeep Vittal f27168291a CLOUDSTACK-170 remove unneeded file 2012-09-21 14:39:41 -07:00
Chiradeep Vittal feb77f3137 CLOUDSTACK-171 reduce config file to bare minimum by eliminating commented lines and whitespace 2012-09-21 14:35:08 -07:00
Chiradeep Vittal 3158e2fa16 CLOUDSTACK-174 remove unused file 2012-09-21 11:55:17 -07:00
Sheng Yang bbc78bab5d CLOUDSTACK-159: Clean the configuration file 
Now it's all written by myself.
 2012-09-21 11:47:58 -07:00
Anthony Xu 44e8938120 CLOUDSTACK-106: this issue seems be coverred by other issue somehow, when other issue is fixed, this issue shows up 2012-09-21 10:24:58 -07:00
Marcus Sorensen bf30dbc241 VPC - enable passwd server service 
There is currently no vpcrouter type defined in patchsystemvm.sh, which
controls our init scripts in the system vms. This patch allows the
services that would normally start on a router to start also on the VPC
router, in particular the password server was missing.

Signed-off-by: Edison Su <sudison@gmail.com>
 2012-09-20 15:44:51 -07:00
Marcus Sorensen 38457ee8ac CLOUDSTACK-131: KVM fails to copy authorized_keys to system vm now that iso is not 
mounted

Signed-off-by: Edison Su <sudison@gmail.com>
 2012-09-20 11:06:53 -07:00
Chip Childers 868bad8445 Adding license headers to CS authored ip tables config files 2012-09-14 13:19:17 -04:00
Chip Childers d1eb762b1e Adding license header 2012-09-14 13:19:17 -04:00
Chip Childers 763311c006 License header updates, and modification to root pom for exclusions. 2012-09-13 16:55:48 -04:00
Manikanta Kattamuri cfc2b85651 Removing eclipse .classpath and .project files as they are configured to ant build and adding the entries into .gitignore to stop further comitting of the files 
Signed-off-by: Chip Childers <chip.childers@gmail.com>
 2012-09-13 14:18:14 -04:00
anthony ba0522461d VPC : configure apache2 for each guest network 2012-09-07 18:10:42 -07:00
anthony 5756a2a73b VPC : clean up rt_table when stop domr 2012-09-07 17:48:23 -07:00
anthony 6c96e638be VPC : static route, add route table in cloud-early-config 2012-09-07 17:46:40 -07:00
Anthony Xu 4a0e645e28 CS-16254: 
passwd_server listen on every interface, but only guest interface is enabled for that port
 2012-09-07 17:10:54 -07:00
Anthony Xu 3cfe01d07c VPC : by default , outgoing traffic is allowed out, once egress rules are added, only traffic specified in those are allowed out, others are blocked 2012-09-07 17:03:12 -07:00
Edison Su 3db9736a07 CLOUDSTACK-29 
remove iptables/xe-guest/xt
 2012-09-06 11:05:09 -07:00
Edison Su 5ae15f8bbf first OSS build 2012-09-05 17:45:25 -07:00
Edison Su ea9121bc8f KVM initial VPC support 
Implements
SetupGuestNetworkCommand,SetNetworkACLCommand,SetSourceNatCommand,IpAssocVpcCommand,SetPortForwardingRulesVpcCommand.
Passes basic functionality, though I'm sure there may be some honing to
do.

Also fixes a few minor things found along the way:
 vpc_guestnw.sh wasn't successfully setting up apache due to default
listen IP of 10.1.1.1
 vpc_guestnw.sh was referencing a 'logger_it' function, replaced with
'logger -t cloud'
 system vms were running with OS type "Debian GNU/Linux 5.0(32-bit)",
which was not found in the KVMGuestOsMapper
 the Xen implementation of SetupGuestNetworkCommand had apparently
copied its catch message from UnPlug Nic, fixed string

Send-by: Marcus Sorensen
RB: https://reviews.apache.org/r/6883
 2012-09-04 11:45:59 -07:00
Hugo Trippaers 3054537182 Use maven to build the systemvm zip and iso 2012-09-03 14:09:19 +02:00
Gavin Lee 39a676c496 Correct license header mainly for patches folder 
Signed-off-by: Chip Childers <chip.childers@gmail.com>
I've assumed that Gavin's commit is appropriate, based
on an assumption that we will keep these files in the source
tree.  If https://issues.apache.org/jira/browse/LEGAL-146
results in a different opionion from the members, then we
will end up having to do something more drastic anyway.
 2012-08-31 10:50:46 -04:00
Rohit Yadav 2296dc4acc bug CS-15942: Fixes port forwarding issue for redundant routers 2012-08-28 12:11:55 +05:30
Rohit Yadav fd4a1a39c1 Bug CS-15970: Fixes Redundant router status when host is XenServer 2012-08-28 12:07:33 +05:30
kishan b42a813ff1 bug CS-16112: During unplug nic iptables rules are cleaned up in both cloud_nic.sh and vpc_netusage.sh. Consolidated this code in cloud_nic.sh 
status CS-16112: resolved fixed

Conflicts:
	patches/systemvm/debian/config/opt/cloud/bin/vpc_netusage.sh
 2012-08-22 12:00:02 +05:30
Sheng Yang 20ccb6c1cb S2S VPN: CS-16092: Add ESP rule to iptables 
Otherwise the other end cannot initiate connection.
 2012-08-20 17:28:46 -07:00
kishan 691be5c60e bug CS-15577: Added per gateway network usage for VPC and VPN usage. VPN usage uses 525 mark for outgoing traffic and 524 mark for incoming traffic 
status CS-15577: resolved fixed
 2012-08-17 17:07:13 +05:30
John Kinsella 6a41965b70 [ASFCS40] Updated version number to reflect 4.0.0 2012-08-14 22:54:44 -07:00
Sheng Yang e7efd0d95b S2S VPN: Don't consider VPN is down if IPsec SA still existed 
Because ISAKMP SA wouldn't be updated after expiration if IPsec SA is still in
affect.
 2012-08-10 16:20:52 -07:00
Sheng Yang 435480cb5a S2S VPN: CS-15641: Enable UDP port 4500 for NAT-T 2012-08-06 17:15:38 -07:00
Sheng Yang 4908adb3a1 S2S VPN: CS-15852: Add vpninmask for VPN network usage 2012-08-06 15:32:36 -07:00
Sheng Yang 6e7b4bc07b S2S VPN: CS-15642: Re-initiate the VPN connections after router reboot 
Conflicts:

	server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
 2012-08-06 15:32:18 -07:00
Sheng Yang 84a1a311f9 S2S VPN: CS-15511: Add PFS support for VPN connection 2012-08-06 15:27:13 -07:00
Sheng Yang 1b5103c501 S2S VPN: CS-15472: Separate IKE lifetime and ESP lifetime 2012-08-06 15:19:26 -07:00
anthony 9b43753399 VPC : handle Revoke rules for staticroute 2012-08-02 18:59:49 -07:00
anthony 0c9d5f5eb1 VPC : typo 2012-08-02 18:59:48 -07:00
Alena Prokharchyk 7706a9c32f Merge branch 'master' into vpc 
Conflicts:
	server/src/com/cloud/network/NetworkManagerImpl.java
	server/src/com/cloud/network/rules/RulesManagerImpl.java
 2012-07-31 13:37:28 -07:00
anthony f763f53c2d CS-15680 : set broadcast IP 2012-07-30 13:24:33 -07:00
anthony 3aae979967 CS-15708 : fix network cleanup 2012-07-30 13:24:10 -07:00
Hugo Trippaers 5d31b58c1b Disable IPv6 in the systemvm 2012-07-30 15:17:56 +02:00
Sheng Yang dd50bdf38e CS-15731: Make S2S VPN no-nat rule the top of POSTROUTING 2012-07-27 18:49:25 -07:00
Sheng Yang 8eee8f342e S2S VPN: CS-15650: Add connection status update to s2s vpn 2012-07-27 16:28:06 -07:00
anthony d5d6c9f5f4 VPC : this is default iptables for vpc route 2012-07-27 15:04:42 -07:00
anthony 0369fa3101 VCP : for each network, there will be a seperate config file deriving from this one 2012-07-27 15:04:42 -07:00
anthony 59937838e5 VPC : create/destroy static nat 2012-07-27 15:04:42 -07:00
anthony ae579c4cdd VPC : create/destroy static route 2012-07-27 15:04:42 -07:00
anthony 0d52ac205b VPC : create/destroy source NAT 2012-07-27 15:04:42 -07:00
anthony 9910176d76 VPC : create/destroy private Gateway 2012-07-27 15:04:41 -07:00
anthony f7da1772b0 VPC : portforwarding script 2012-07-27 15:04:41 -07:00
anthony 952da87e19 VPC : basic network usage per guest network 2012-07-27 15:04:41 -07:00
anthony 744bfdce5f VPC : vpc loadbalancer script 2012-07-27 15:04:41 -07:00
anthony 7dc4231ea6 VPC : vpc ip assocate fix 2012-07-27 15:04:41 -07:00
anthony 165a21c62a VPC : vpc_acl.sh is for VPC access control list 2012-07-27 15:04:40 -07:00
anthony 05dc92c02c VPC : remove all rules for a plugged nic device 2012-07-27 15:04:40 -07:00
anthony 599dcb49d5 VPC : add vpc_func.sh 2012-07-27 15:04:40 -07:00
anthony 5edb646be2 VPC : ipassoc.sh typo fix 2012-07-27 15:04:40 -07:00
anthony 7fd73fc5ab VPC : add vpc_guestnw.sh 2012-07-27 15:04:40 -07:00
Sheng Yang 4d42845853 S2S VPN: Add back pfs=no for ipsec.conf 
According to ipsec.conf manual:

pfs

whether Perfect Forward Secrecy of keys is desired on the connection's keying
channel (with PFS, penetration of the key-exchange protocol does not compromise
keys negotiated earlier); Since there is no reason to ever refuse PFS, Openswan
will allow a connection defined with pfs=no to use PFS anyway. Acceptable values
are yes (the default) and no.

Found removing the option would make it impossible to work with no PFS setting
router. It may related to CS-15511.
 2012-07-23 19:35:08 -07:00
Sheng Yang 27d82f683b S2S VPN: Support for multiply VPN connections per VPC/VPN gateway 2012-07-23 19:03:29 -07:00
Sheng Yang f1e2be7157 CS-15511: Fix parameter transfer in bash 
[Dropped Vmware support in this commit, due to lack of VMware support in VPC now]

Conflicts:

	plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
 2012-07-23 14:51:40 -07:00
Sheng Yang 7d68e33323 S2S VPN: Use source NAT ip address for VPN gateway 
Conflicts:

	api/src/com/cloud/api/commands/CreateVpnGatewayCmd.java
	server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
	server/src/com/cloud/network/vpc/VpcManagerImpl.java
 2012-07-23 14:44:05 -07:00
Sheng Yang d855dff7c2 CS-6840: Fix wrong path of check s2s vpn script 2012-07-23 14:35:32 -07:00
bfederle c8f72c9198 Merge branch 'master' into vpc 
Conflicts:
	ui/scripts/network.js
 2012-07-23 10:36:25 -07:00
David Nalley 67bc9c819a fixing some more license headers 2012-07-20 15:59:31 -04:00
Sheng Yang a1333649db CS-15536: Insert VPN mangle policy to FORWARD and OUTPUT 
In order to get traffic tagged while ACL chain involved in PREROUTING chain.

Also using more generic tag checking in nat table.
 2012-07-17 17:23:11 -07:00
Alena Prokharchyk 353423acec Merge branch 'master' into vpc 
Conflicts:
	api/src/com/cloud/api/commands/ListFirewallRulesCmd.java
	api/src/com/cloud/api/response/FirewallResponse.java
	api/src/com/cloud/api/response/IPAddressResponse.java
	server/src/com/cloud/api/ApiDBUtils.java
	server/src/com/cloud/network/NetworkManagerImpl.java
	server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java
	server/src/com/cloud/network/dao/NetworkDaoImpl.java
	server/src/com/cloud/server/ManagementServerImpl.java
 2012-07-06 12:04:10 -07:00
David Nalley ecf2cd57f9 fixing license headers in marvin 2012-07-04 18:45:08 -04:00
Sheng Yang 1d97af3abf CS-6840: Add status checking for site 2 site VPN 2012-07-02 16:29:23 -07:00
Sheng Yang cd9854336a CS-6840: Update ipsectunnel.sh 2012-07-02 16:27:38 -07:00
Clayton Weise df062f1fe8 CS-6840: Add ipsectunnel script 2012-07-02 16:27:35 -07:00
anthony 4707888363 VPC : revert dnsmasq.conf 2012-06-15 14:33:22 -07:00
anthony 2deba9bd86 VPC : add vpc_vpn_l2tp.sh 2012-06-15 14:32:56 -07:00
anthony 10a578db46 VPC : fix nic hot plug script 2012-06-15 14:32:31 -07:00
anthony d51e3443cb VPC : add nic hot plug script 2012-06-15 14:32:10 -07:00
anthony a7462bb232 VPC : vpc_ipassosc.sh 2012-06-15 14:30:50 -07:00
anthony 768463d113 VPC : add new dnsmasq.conf for VPC domr 2012-06-15 14:30:39 -07:00
anthony d49210e42b VPC : add new type vpcrouter in cloud-early-config 2012-06-15 14:30:31 -07:00
anthony c7e440a1de VPC : revert iptables-router 2012-06-15 14:30:23 -07:00
anthony fb7fc6fd91 VPC : revert change in cloud-early-config 2012-06-15 14:30:15 -07:00
anthony d80476b93e VPC : add new ipassoc.sh for vpc 2012-06-15 14:30:07 -07:00
anthony 0f5775d446 VPC : revert changes in ipassoc.sh 2012-06-15 14:29:56 -07:00