NetworkManager's exclusive focus is now
- handling plugins during orchestration, and
- to deal with ip address allocation.
Those classes that used to refer to NetworkManager to get access to the datamodel now refer to NetworkModel
Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
Author: Likitha Shetty <likitha.shetty@citrix.com>
Date: Wed Jan 9 11:54:25 2013 +0530
CLOUDSTACK-614: ListTemplates API is not returning "Enable SSH Key" attribute for any given template. Update the TemplateResponse by adding 'sshkeyenabled' attribute to it. This attribute is set to the value that the user passes as input for parameter 'sshkeyenabled' while registering the template.
Signed-off-by: Min Chen <min.chen@citrix.com>
- Introduces api/discovery plugin that helps discover apis on the mgmt server
- It's a pluggable service, therefore has it's own api-discovery_commands.properties
where the discovery api, listApi can be blacklisted (by removing it), or it's
role mask can be changed
- By default its response has all the apis
- Changes in other parts of the code to make it work, viz. components.xml, pom.xml,
and in ApiServer where it is used as an adapter to get apiname, cmd mappings
The ApiDiscoveryService interface is a contract that the implementing class will
provide:
1. A means to get all the apis as a list of response, plugin is free to implement
the response class, as long as it extends on the BaseResponse:
ListResponse<? extends BaseResponse> listApis();
2. Provides a map of apiname as the key and cmd class as the value:
Map<String, Class<?>> getApiNameCmdClassMapping();
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
Incorrect params are silently ignored in 4.0 and before. The fix would log the error
in debug log, but will continue processing. In case of an issue with uuid or param
an empty response is sent, for ex. in case of deleted entities as well.
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
- Allow both uuid and id in param for pre 3.x apis
- Enforce uuid as param for all >= 3.x apis
- Use regex to better match uuid param
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
Entities correlated to the Identity and carry a uuid and those
correlated to InternalIdentity carry an id. Those entities that carry
both will correlated to Identity and InternalIdentity.
This refactors entities wherever possible to ensure the VO only
implements the first class entity.
Signed-off-by: Prasanna Santhanam <tsp@apache.org>
- Renames to @EntityReference as @Entity is too general and used in javax's pkg
- Remove redundant imports
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
- Add new interface method to getId
- Fix method definition in AsyncJob
- Get rid of mechanism to getId using reflect, use Identity interface
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
- Fix jobid serialization issue that broke the UI
- Fix AsyncJob Result and Response
- Get rid of getUuid(), setUuid(), just use getId, setId for uuid...
- All uuids from over the wire are UUIDs
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
For some apis, the param=-1 is used to evaluate conditionals. Allow -1 to be passed
for now. This is a APITODO/FIXME to fix stuff in service layer and then only get rid of it.
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
IdentityProxy is only referenced in CreateCmdResponse, which involves
some async job logic change. Since it is not impacting list performance,
will leave it there for now.
Signed-off-by: Min Chen <min.chen@citrix.com>
- Use @Parameter's entityType and type annotation fields
- Use @Entity annotation in Reponse class to get table info for Dao
- Use findByXId to process all entities and translate UUID to ID
- Handle error in reflection method invoking
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
Author: Min Chen <min.chen@citrix.com>
Date: Mon Dec 17 17:42:30 2012 -0800
Remove IdentityProxy from AlertResponse and AsyncJobResponse.
Signed-off-by: Min Chen <min.chen@citrix.com>
As noted in the bug, several of the API command in question
are async calls. I've added a simple regex-based string cleaning
function, and have the request and response strings running through
it prior to being appended to the audit log.
Unit tests added for the new cleaning function as well.
The call to skip logging the createSSHKeyPair response remains intact
for now, although it should probably be scrubbed similarly to the
password fields.
Signed-off-by: Chip Childers <chip.childers@gmail.com>
- All id params are now uuids, basically for documentation
- Use injections and not component locator
- Remove resourceType field checking, it's now called entityType
- Fix indents
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
Reverting commit as we don't want the daos to move to cloud-api.
We'll eventually breakout cloud-server and create cloud-api-server for the standalone
api server.
This reverts commit 7597a38f7a.
- Refactor common code to get classname from apiname
- Fix search mechanism within api access checker adapter to:
* check permissions
* get class name for an apiname
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
- Instantiate apiserver by injection, so all its entities are also created and injected
- Make the constructor protected
Thanks to Alex for helping out on this one.
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
- ApiServer instance assumes cloudstartup servlet will initialize it
- Check and log if initialization fails
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
This is part 1 of list API refactoring. Commands covered:
listVmsCmd, listRoutersCmd Response covered:
UserVmResponse, DomainRouterResponse. DB views created:
user_vm_view, domain_router_view.
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
- Remove a lot of junk
- Fix commands.prop.
- Move apis from cloud-server to cloud-api
- Rename with org.apache.cloudstack namespace
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
- Refactor VPN and VM APIs to admin and user pkgs
- Names space, org.apache.cloudstack
- Fix refactored apis in commands*.in
- Fix comments etc.
- Expand tabs, remove trailing whitespace
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
As a part of the commit, also checking deleteSshKeyPair name - admin was unable to delete the key on behalf of another user
Conflicts:
server/src/com/cloud/api/ApiDBUtils.java
Support for local data disk. Currently enable/disable config is at zone level, in subsequent checkins it can be made more granular.
Following changes are made:
- Create disk offering API now takes an extra parameter to denote storage type (local or shared). This is similar to storage type in service offering.
- Create/delete of data volume on local storage
- Attach/detach for local data volumes. Re-attach is allowed as long as vm host and data volume storage pool host is same.
- Migration of VM instance is not supported if it uses local root or data volumes.
- Migrate is not supported for local volumes.
- Zone level config to enable/disable local storage usage for service and disk offerings.
- Local storage gets discovered when a host is added/reconnected if zone level config is enabled. When disabled existing local storages are not removed but any new local storage is not added.
- Deploy VM command validates service and disk offerings based on local storage config.
- Upgrade uses the global config 'use.local.storage' to set the zone level config for local storage.
(cherry picked from commit 62710aed37606168012a0ed255a876c8e7954010)
2) Added new parameter to listNetworks command - canUseForDeploy(boolean). When true, list only networks that can be used for vm deployment (networks have enough ip addresses to allocate from for the vm)
Conflicts:
api/src/com/cloud/api/ApiConstants.java
server/src/com/cloud/api/ApiDBUtils.java
server/src/com/cloud/api/ApiResponseHelper.java
server/src/com/cloud/network/NetworkManagerImpl.java
server/src/com/cloud/network/dao/IPAddressDao.java
2) Don't allow to add new networks/implement existing ones for VPC in Disabled state. Disabled state indicates that there was unsuccessful attempt to remove the VPC, and the further cleanup will be taken care of by cleanup thread.
Conflicts:
server/src/com/cloud/network/dao/IPAddressDao.java
server/src/com/cloud/server/ManagementServerImpl.java
1) Added API frameworks for the feature. New commands:
* CreateVPCCmd
* ListVPCsCmd
* DeleteVPCCmd
* UpdateVPCCmd
* CreateVPCOfferingCmd
* UpdateVPCOfferingCmd
* DeleteVPCOfferingCmd
* ListVPCOfferingsCmd
2) New db tables:
* `cloud`.`vpc`
* `cloud`.`vpc_offerings`
* `cloud`.`vpc_offering_service_map`
and corresponding VO/Dao objects.
Added vpc_id field to `cloud.`networks` table - not null when network belongs to VPC
3) New Manager and Service interfaces- VpcManager/VpcService
4) Automatically create new VpcOffering (if doesn't exist) on system start
5) New Action events:
* VPC.CREATE
* VPC.UPDATE
* VPC.DELETE
* VPC.OFFERING.CREATE
* VPC.OFFERING.UPDATE
* VPC.OFFERING.DELETE
Conflicts:
api/src/com/cloud/api/ApiConstants.java
client/tomcatconf/commands.properties.in
server/src/com/cloud/api/ApiDBUtils.java
server/src/com/cloud/network/NetworkManagerImpl.java
setup/db/create-schema.sql
Description:
Incorporating more changes from Alena's review.
Modified the Nexus Enable and Disable commands
to return CiscoNexusVSMResponse instead of
SuccessResponse.
Put event annotations for enable/disable functions
that the enable/disable nexus commands cal into.
Description:
Incorporating more changes post review by Alena.
1. Renamed the ListCiscoVSMDetailsCmd command
to ListCiscoNexusVSMsCmd. The command will
return a list of VSMs always, depending on
what parameter is passed to it. If a clusterId
is passed to it, it will return the VSM
associated to that cluster, if present. If
a zoneId is passed in, it will return a list
of all VSMs configured for any clusters of
type VMware within that zone. If neither is
passed, it will return a list of all VSMs
configured in the management server. If no
VSMs are found, it will return an exception
response.
2. Cleaned up miscellaneous code.
Conflicts:
client/tomcatconf/cisconexusvsm_commands.properties.in
server/src/com/cloud/server/ManagementServerImpl.java
Description:
More changes incorporating Alena's review comments:
1. Changed id to clusterId for better naming.
2. Changed the name of GetCiscoVSMByClusterIdCmd
to ListCiscoVSMDetailsCmd.
3. Removed the GetCiscoVSMDetailsCmd command.
4. Removed catch{} blocks in each of the Nexus
related APIs since the exceptions raised in
the API implementations will be caught in the
command dispatcher.
5. Added ActionEvent annotation to
deleteCiscoNexusVSM() function.
6. Modified each Nexus API command's
getEntityOwnerId() to return
Account.ACCOUNT_ID_SYSTEM.
Description:
Putting in code changes as per Alena's reviews:
Replaced references to CiscoNexusVSMDeviceVO
in GetCiscoVSMByClusterIdCmd to work with an
interface that CiscoNexusVSMDeviceVO instead,
since VO objects should not be directly accessed
in APIs.
Made associated changes in other files.
More commits incorporating Alena's review comments
will follow.
Description:
Modified the following commands to be Async:
a. EnableCiscoNexusVSM
b. DisableCiscoNexusVSM
c. DeleteCiscoNexusVSM
Cleaned up miscellaneous code.
Description:
Removed the AddCiscoNexusVSMCmd command, and all
references to it. From now on, we shall support
adding a Nexus VSM only when the cluster is being
created. The VSM ipaddress, username, password,
the vCenter DC Name and vCenter Ipaddress that it
serves and connects to respectively can be passed
to the addClusterCmd command optionally. To support
these new parameters, parameters have been added
to the addClusterCmd command.
Added a debug statement in the code that runs checks
when attempting to delete a VSM.
Description:
Added a new API GetCiscoVSMDetailsCmd. This
API gets all details of a VSM when provided
with the VSM ID.
Resolved Conflicts:
client/tomcatconf/cisconexusvsm_commands.properties.in
Conflicts:
client/tomcatconf/cisconexusvsm_commands.properties.in
Description:
Missed out a file in previous commit when adding
the new API getCiscoVSMByClusterId. Stub file was
added by Sateesh to prevent breakage. Putting the
file in in this commit plus better exception
handling.
Description:
1. Added the PortProfile infrastructure:
a. PortProfileVO : The VO class to represent a db
record of the table port_profile. Each db record
represents one port profile.
b. PortProfileDao: The interface that declares search
functions on the port_profile table.
c. PortProfileDaoImpl: The class that defines the
interfaces declared in PortProfileDao.
d. PortProfileManagerImpl: The class that contains
routines that will add or delete db records from
the port_profile table. If you want to create/delete
a portprofile, call functions from this class.
e. Changes to create-schema.sql to create the port_profile
table.
2. Cleaned up code:
a. Removed a number of unused Dao and Manager objects in
CiscoNexusVSMDeviceManagerImpl.
b. Removed the ListCiscoNexusVSMNetworksCmd command.
c. Removed a bunch of import statements in a few files.
Description:
1. Modify addCiscoNexusVSMCmd to enable a VSM
by default, when it is added to a cluster.
2. Put in two new APIs exposed to the user -
a. EnableCiscoNexusVSMCmd
b. DisableCiscoNexusVSMCmd
Disabling a VSM does not delete it. It only
prevents the Management Server from using that
VSM. This is useful if the VSM is in
maintenance mode.
Description:
1. Put in invocation to the deleteCiscoNexusVSM()
function in the deleteCiscoNexusVSM command
chain.
2. Put in additional check for physical servers
present in a cluster that still is tied to a
VSM. The previous check would query for all
hosts in a cluster, causing the check to see
if a cluster has any physical servers in it
to always fail and thus block the VSM from
getting deleted. By putting in a check to see
if a host if of type "Routing", we refine this
search to only hypervisors.
3. Other miscallaneous code + cleanup.
Description:
1. Changed AddCiscoNexusVSMCmd to:
a. Extend BaseCmd instead of BaseAsyncCmd.
b. Take in more required parameters (viz
vCenterDCName and vCenterIpAddress)
1a. Changed DeleteCiscoNexusVSMCmd to also
extend BaseCmd.
2. Put in changes that will ensure that
When a VSM is added, it is disabled by default.
3. Fixed code that was leading to exceptions
related to DB reads/writes to VSM related tables.
4. Added new API Constants in ApiConstants.java.
NOTE - Always initialize new attributes in
ApiConstants.java to values in small case.
Never put in upper case there. Also regardless
of what names you give attributes in the
*Cmd.java's class, you pass in parameters via
API calls by specifying <key>=<value> where the
<key> is taken from the value you specified in
ApiConstants.java.
5. Modified the addCiscoNexusVSM() function in
CiscoNexusVSMDeviceManagerImpl.java to write VSM
records to the db.
Description:
1. Missed replacing older table name for VSMs in a few
files (changed the name from
external_virtual_switch_management_devices to
virtual_supervisor_module). Fixed that in this commit.
2. Missed adding the new Dao ClusterVSMMapDao in the Dao
loading in DefaultComponentLibrary. Fixed.
3. Fixed wrong searchbuilder options passed to ipaddrSearch
in CiscoNexusVSMDeviceDaoImpl.
Description:
This is work in progress. This set of changes will not
compile. Checking in for team wide code sync up.
Changes are underway to test if VMWareResource can be
leveraged to talk to the VSM, instead of creating a
new resource for the VSM, like we've been doing up
until now.
Reviewed by: Sateesh Chodapuneedi, Devdeep Singh
Description:
This is the first in a series of commits for integrating the
Cloudstack Management Server with the Nexus 1000v Virtual
Supervisor Module.
These changes introduce the necessary API command interfaces
to work with a Cisco N1KV VSM. The backend logic is still to
be put in and will be incorporated in subsequent commits.
Please do not attempt to use these APIs until then. Also,
these are not yet filled in into commands.xml, so they are
not currently exposed.
Additional APIs would be added if required.
These changes will not break any current management server
functionality.
Given below is a description of the changes put in here:
Added Cisco N1KV commands to core/api:
These are the added commands -
AddCiscoNexusVSMCmd
DeleteCiscoNexusVSMCmd
ConfigureCiscoNexusVSMCmd
ListCiscoNexusVSMCmd
ListCiscoNexusVSMNetworksCmd
Added a Network Element service file for Cisco N1KV.
Declared the interface functions that we'll need for
the N1KV VSM.
Defined a DeviceVO file for the Cisco Nexus Element.
Created a response file for Cisco Nexus VSM.
Created new event types for external Switching Management devices.
Put in logic to call interface methods in ListCiscoNexusVSMNetworksCmd
and ListCiscoNexusVSMCmd
NOT VSM RELATED:
Fixed minor typo in some of the event types for external load balancers.
Added properties of a VSM in the VSM VO class.
Replaced the "url" input parameter by "ipaddress"
in the AddCiscoNexusVSMCmd API.
Added a new file - CiscoNexusVSMElement.java to
contain the implementation of the functions
declared in the VSMElementService interface, and
put in implementations of the functions for the
Nexus VSM API commands. These functions are
defined in the CiscoNexusVSMElement class.
Added a class for Port Profiles (PortProfile.java).
The fields in this class are still not correctly
declared as of now. We'll make the required changes
going forward.
Added CiscoNexusVSMDeviceManagerImpl class.
Added CiscoNexusVSMResource class.
Created a new class to provide a package to
connect to Cisco Nexus VSMs. This will be a
set of Java wrapper functions that allow us
to connect/disconnect and send commands and
receive the results of those commands via
XML-RPC. These functions are yet to be
implemented, and will be checked in in future
commits.
Added two new classes, VSMCommand and
VSMResponse, to encapsulate XML-RPCcommands
and responses to and from a Ciscon Nexus VSM.
Put in the following function stubs inside the
CiscoNexusVSMService class:
connectToVSM()
disconnectFromVSM()
executeVSMCommand()
Added new field in the Type enum of the "Host"
interface, for Cisco Nexus VSMs.
Added two parameters to AddCiscoNexusVSMCommand
vsmName
zoneId
Modified the CiscoNexusVSMDeviceVO constructor to
take in an zoneId as a parameter when creating
the VO object.
Added new interface and class for the DeviceDao
implementation for Cisco Nexus VSM devices:
CiscoNexusVSMDeviceDao
CiscoNexusVSMDeviceDaoImpl
Removed the vsmvCenterDomainId property, since it's
going to the same as vsmDomainId, which is the VSM's
switch Domain Id.
Have started putting in the following query functions
in the CiscoNexusVSMDeviceDao interface:
Put in DAO implementations of some of the above functions in the CiscoNexusVSMDeviceDaoImpl class.
Added a vsmName parameter to the CiscoNexusVSMDeviceVO class.
This fix will enable support for multiple NetScaler devices providing EIP service in same zone.
- Introduced global setting "eip.use.multiple.netscalers" to turn multiple netscaler support
- Enhanced configureNetscalerLoadBalancer API to take the PBR setup between the POD's subnet
and NetScaler device
- logic to pick a NetScaler (based on the guest IP and corresponding pod) while configuring INAT rule
Fixed issues with vif scripts on 5.6FP1
Fixed ipv6 issue on 5.6FP1
Plus other various fixes and improvements
Starting to remove debug code
NOTE: Network is configured correctly but instances do not start. Possibly indefinite wait occuring on some commands
Changes done:
- Provide UUID for userid and domainid only while constructing the login response. Session will hold the DB id's as before, to ensure other parts keep working.
- This reverts commit de28aa3ddde5b601f2f234f2eccef871fbaf1a06.
Description:
Incorrectly removed part of the XML serializer that serialized
the IdentityProxy object in normal responses, when putting in
support for serialization of lists of IdentityProxy objects in
exception responses as part of the code changes put in for bug
13217, resulting in this bug. Putting it back in place.
Bug 13127: API error text refer to database ids instead of uuids
Code-Reviewers: Ewan Mellor, Kelven Yang
Description:
1. A new class CSExceptionErrorCode has been added to utils.
It contains a list of error codes for each type of
Exception class. Use fully qualified package paths for
Exceptions in CSExceptionErrorCode. We log any exception
name not found in the list of error codes for exceptions.
2. Whenever we throw an exception exobj anywhere in the
CS code, the CSErrorCode is set in the base class
constructor.
3. We add a new field csErrorCode in classes CloudException,
RuntimeCloudException, ExecutionException and
ExceptionResponse.
4. Two places in ApiServer.java were wrongly modified when
putting in changes for bug 13127 to not throw an exception.
This has been corrected in this commit.
Description:
Modified the IdentityTypeAdapter's custom serializer to
identify whether this is an exception response that is being
serialized, by checking if the idFieldName is set. If so,
serialize both uuid and the uuidProperty (for eg, zoneId and
"zoneId" (string)) and pass back the json representation of that.
Modified XML serializer also to build a list of uuids+fieldnames.
Introduced a new field "cserrorcode" in ExceptionResponse. This
refers to an error code that can be according to the specific
Exception being thrown. This will be serialized as usual. There
shouldn't be any need to do a db lookup for conversion for these
error codes.
Description:
Modify Exception handling to enable addition of multiple
uuids in a single exception thrown by API functions. Both
XML and JSON outputs will store all uuids and Fieldnames.
This will make it easier to provide more information when
an exception occurs - for example, a zone id, a cluster id,
host id, and then a specific property id.
Description:
Added a field name for the db id in the IdentityProxy class, and
modified setProxyObject() to take an additional id name parameter.
This will let us know the name of the uuid that we are returning.
E.g.- domainId, zoneId, etc. The client can view this field in
the json/xml output. Modified the JSON/XML serialization routines
to append this new parameter to the serialized output for Exception
Responses.
Description:
1) Put in an IdentityProxy object in the ExceptionResponse class.
This allows us to copy over the IdentityProxy object contained
in the exception caught by handlerequest() when thrown by the
command's execute() method, into the Response object that is
prepared to return an exception response to the calling API
invocation.
2) Modified the GSON serialization method to conver the entire
exception object into JSON format and not just the error text.
3) Modify the updateDomain API to populate the exception it throws
upon detecting a duplicate domain to include the tablename and
domain db id in the exception's IdentityProxy object.
NOTE:
1) We can modify the base exception classes and the ExceptionResponse
class to contain a list of IdentityProxy objects rather than a
single one.
2) We will need to modify all commands such that wherever applicable
(wherever a db id is involved), they populate the IdentityProxy
object(s) before throwing an exception.
Description:
1) Added a setProxyObject() method to CloudException and RuntimeCloudException
2) Modified a bunch of throw exceptions in NetworkManagerImpl.java to call setProxyObject() before throwing an exception.
3) Changed scope of ProxyIdentity attribute to protected.
4) Added routines to ServerApiException to get/set IdentityProxy object, and
routine in RuntimeCloudException to get the Idproxy object.
5) Modified the exception handling around the dispatcher and handlerequest()
to copy over the IdentityProxy information before rethrowing an exception
eventually back to handle().
6) Removed duplicate IdentityProxy object in ServerApiException.
It was extending RuntimeCloudException which already had an
IdentityProxy object.
Description:
1) Adding two new classes, CloudException and RunTimeCloudException.
The former extends Exception and the latter RunTimeException.
These will be used by classes that formerly directly extended
Exception and RuntimeException. These two classes have an attribute
of type IdentityProxy to enable exceptions fill in db ids in separate
attribute fields rather than in a string. Doing so will allow the
serialization module (GSON for JSON and other for XML) to kick in
and convert this db id to a uuid in ApiServer.java just before the
JSON/XML responses are sent out.
2) Moving IdentityProxy.java from api/ to utils/ since
both CloudException and RuntimeCloudException refer to it.
3) Changing references to IdentityProxy class from api/ to utils/.
4) While rebasing to master, a new file was added, merging
api/src/com/cloud/api/response/IsoVmResponse.java to this diff.
Revert "bug 10837: rename api related to netapp"
This reverts commit 5db6b500dd1bbb96bfddbd7eda6cf1f616e2e0f9.
Conflicts:
api/src/com/cloud/api/commands/MigrateVolumeCmd.java
client/tomcatconf/commands-ext.properties.in
This reverts commit 150f9c62ce381099a27bc084007c7b947117f47c.
Confirmed with Will - we shouldn't return accountId info for shared networks as these types of networks belong to system and available for everyone in the domain/zone
As per the new design following would be done.
(a) any ISO-derived disk can be extracted
(b) there will be a global config to disable extraction of ISO based volumes.
That way people concerned about (a) can just use (b) to fix it.
Reviewed by : Kishan.
status 11811: resolved fixed
listSupportedNetworkServiceProviders returs list of services with providers and capabilities of each service.
It supports 2 parameters:
-service : list providers and capabilities of this service
-provider: list services of this provider
- if none is specified, lists all services supported
-made Netscaler, SRX, F5 network elements as pluggable service
-added abstract load balancer device manager ExternaLoadBalancerDeviceManager
-made both F5 and Netscaler pluggable service to extend ExternaLoadBalancerDeviceManager
-added abstract firewall device manager ExternalFirewallDeviceManager
-made SRX pluugable service to extende ExternalFirewallDeviceManager
-added API's to configure and manage netscaler devices
only owner of the network can access it; if it's domain - all accounts in the domain and domain children can have an access.
* aclType replaces 2 old fields: isShared and isDomainSpecific.
* All 2.2.x account specific networks will have aclType=Account; 2.2.x Domain specific networks - aclType=domain; 2.2.x Zone level networks - aclType=Domain with domainId = Root domain id
- ListSupportedNetworkServiceProvidersCmd will now return Providers along with its element's services and boolean 'canEnableIndividualServices' that indicates if for this Provider services can be enabled/disabled
- add & update NetworkServiceProvider changed to take in the list of services to enable. While adding a provider, if list is null then all services supported by the element are enabled by default.
- ListNetworkServices enhanced to take in a provider name and returns services of that specific provider.
2)Re-apply all existing firewall rules as a part of implement call. TODO: Cleanup all existing rules from the backend (leave them in the DB) as a part of shutdown call
-Bringing add/delete/list of all external network devices under one unified API's (addNetworkDevice, deleteNetworkDevice, listNetworkDevice)
-Refactoring External network manager to work from both sets of API's add/delete/list NetworkDevice and add/delete/list External Firewall/LoadBalancer
- Create Zone changes and changes to data_center table to remove vlan, securityGroup fields
- Physical Network lifecycle APIs
- Physical Network Service Provider APIs
- DB schema changes
* moved all services to the separate table, map them to the network_offering+provider.
* added state/securityGroupEnabled properties for the networkOffering
* added ability to list by state/securityGroupEnabled in listNetworkOfferings api command
2) New service: SourceNat
Changes:
- Added a new interface 'PluggableService'
- Any component that can be packaged separately from cloudstack, can implement this interface and provide its own property file listing the API commands the component supports
- As an example have made VirtualNetworkApplianceService pluggable and a new configureRouter command is added
- ComponentLocator reads all the pluggable service from componentLibrary or from components.xml and instantiates the services.
- As an example, DefaultComponentLibrary adds the pluggable service 'VirtualNetworkApplianceService'
- Also components.xml.in has an entry to show how a pluggable service can be added, but it is commented out.
- APIServer now reads the commands for each pluggable service and when a command for such a service is called, APIServer sets the required instance of the pluggable service in the coomand.
- To do this a new annotation '@PlugService' is added that is processed by APIServer. This eliminates the dependency on the BaseCmd to instantiate the service instances.
Since we would introduce a way to specify each service provider in the network
offering, it's better for redundant virtual router as a separate service
provider.
Also isRedundant() flag in the network offering would be removed. Redundant
virtual router temporality won't work from now. Until we're able to add
different network elements/service providers in network_offering.
Changes:
- Added a new API 'migrateSystemVm' backed by MigrateSystemVMCmd.java to migrate system VMs (SSVM, consoleproxy, domain routers(router, LB, DHCP))
- This is Admin only action
- The existing API 'migratevirtualmachine' is only for user VMs
1) Introduce new managers - ProjectManager and DomainManager. Moved all domain related code from AccountManager to DomainManager.
2) Moved some code from ManagementServerImpl to the correct managers.
3) New resource limit for Domain - Project
status 11036: resolved fixed
1) Use row locks instead of global lock when update resource_count table. When update resource_count for account, make sure that we lock account+all related domains
2) Insert resource_count records for account/domain at the moment when account/domain is created.
3) As a part of DB upgrade, insert missing resource_count records for all non-removed accounts/domains
Conflicts:
core/src/com/cloud/alert/AlertManager.java
server/test/com/cloud/agent/MockAgentManagerImpl.java
Changes :
- Fixing API doc +response name + errorMessage
- Adding seperate events to Egress rules
- Egress rules Using the same database table as that of ingress with new column type.
Pending Tasks:
- db upgrade
- database table rename from security_ingress_rule to generic name, renaming some of the jave class from ingress to generic name.
- Retesting on kvm
Changes:
- Adding a new table 'hypervisor_capabilities' that will record capabilities for each hypervisor version. Added db schema changes for this.
- Currently a few capabilities have been added, namely, 'max_guests_limit' and 'security_group_enabled'
- Added a new column 'hypervisor_version' to host table. StartupRouting command now takes in this parameter. It should be set when a host connects.
- If a host's hypervisor version is not present, we find all the capabilities rows for that hypervisor type and use the first record.
- 'max_guests_limit' is the maximum number of running guest Vms that a host can have for the given hypervisor.
- Host Allocators use this limit and skip a host if the number of running VMs on that host exceeds this limit.
Description :
API's:
- Two new api's authorizeSecurityGroupEgress,revokeSecurityGroupEgressCmd are added. These two API's are similer to ingress rule API's.
- authorizeSecurityGroupEgress :Authorizes a particular egress rule for this security group . Usageof API is very similer to that of authorizeSecurityGroupIngress except that instead of source cidr there will be destination cidr. By default like ingress, all the outgoing flows are blocked.
- revokeSecurityGroupEgress : It is similer to revokeSecurityGroupIngress api, It removes the egress rule.
- listSecurityGroup API's response changed. It include's egress list apart from the existing ingress rules in the output of the API.
Hypervisors :
- It is implemented in Xen and KVM.
Pending Tasks : Blocking using destination security groups.
Previous commits: c9fda641673df7701f44963ef27e1d488f121219 , 24e4e44b8f0712a37147a3777833de3f9e24829e
Changes:
- CreateTemplate and RegisterTemplate now support adding a template tag. It is a string value. This is root-admin only action - only admin can add template tags.
- ListTemplates will return the template tag in response.
- HostAllocator changed to use template tag along with the existing tag on service offering. If both tags are present, allocator now finds hosts satisfying both tags. If no hosts have both tags, allocation will fail.
- DB changes to add new column to vm_template table.
- DB upgrade changes for upgrade from 2.2.10 to 2.2.11
previous commit: c9fda641673df7701f44963ef27e1d488f121219 ( this under bug 1067, typing error)
changes: 1) partially implemented listing of egress rules along with ingress rules.
2) partially implemneted egress rules for KVM
1) Added new apis: createFirewallRule, deleteFirewallRule, listFirewallRules
2) Modified existing apis - added boolean openFirewall parameter to createPortForwardingRule/createIpForwardingRule/createRemoteAccessVpn. If parameter is set to true, open firewall on the domR before creating an actual PF rule there
Modified backend calls appropriately.
3) Schema changes for firewall_rules table:
* startPort/endPort can be null now
* added icmp_type, icmp_code fields (can be not null only when protocol is icmp)
4) Added new manager - FirewallManagerImpl
Conflicts:
api/src/com/cloud/api/BaseCmd.java
client/tomcatconf/commands.properties.in
server/src/com/cloud/api/ApiResponseHelper.java
server/src/com/cloud/configuration/DefaultComponentLibrary.java
server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
server/src/com/cloud/network/rules/RulesManagerImpl.java
1) Added new apis: createFirewallRule, deleteFirewallRule, listFirewallRules
2) Modified existing apis - added boolean openFirewall parameter to createPortForwardingRule/createIpForwardingRule/createRemoteAccessVpn. If parameter is set to true, open firewall on the domR before creating an actual PF rule there
Modified backend calls appropriately.
3) Schema changes for firewall_rules table:
* startPort/endPort can be null now
* added icmp_type, icmp_code fields (can be not null only when protocol is icmp)
4) Added new manager - FirewallManagerImpl
Load non-routing resource in ClusteredAgentManager includes External DHCP, PxeServer, ExternalFirewall, ExternalLoadBalancer
Bug 9887 - baremetal: support for image operation (create template from guest disk) (edit)
changes in line with UI
Load non-routing resource in ClusteredAgentManager includes External DHCP, PxeServer, ExternalFirewall, ExternalLoadBalancer
Bug 9887 - baremetal: support for image operation (create template from guest disk) (edit)
changes in line with UI
The step to upgrade xenserver,
1. put cluster in Unmanaged state through UI , then MS will not talk to hosts in the cluster
2. upgrade xenserver according to XenServer upgrade guide.
3. put cluster in Managed state through UI, then MS will reconnect hosts
TODO,
1. UI
2. vm pool sync , leveraged from kelven's work
The step to upgrade xenserver,
1. put cluster in Unmanaged state through UI , then MS will not talk to hosts in the cluster
2. upgrade xenserver according to XenServer upgrade guide.
3. put cluster in Managed state through UI, then MS will reconnect hosts
TODO,
1. UI
2. vm pool sync , leveraged from kelven's work
Part 2
commit 797839360c65cd348d2eb20630521177ab0919de
bug 9154: redundant virtual router
commit 8ff7f230204d4d3a7a4adee75523a9a84f4276fe
bug 9154: Replace domain_router.is_master with domain_router.redundant_state in DB
commit 230b99e9e0b152648f1dd2a5eab6f22315b8e7b4
bug 9154: Add redundant state to DomainRouterResponse
commit ccefb5ff5e83d713798a347c99bce1a0d04b4317
bug 9154: Add router fault state report
commit 7a3090378f9785caecf741b70554f6ea17c41764
bug 9154: Send alert if found two virtual routers in master state
commit 66831056e4bf27665871bccd24e6159071564847
bug 9154: Code clean up
commit bf3f58a85741fa7118bd848a42d8b21baa4478d4
bug 9154: Add isRedundantRouter to DomainRouterResponse
merge createtemplateresponse and createteisoresponse
on UI template
only show template corresponding hypervisor exists
Conflicts:
api/src/com/cloud/api/ResponseGenerator.java
server/src/com/cloud/storage/StorageManager.java
status 10305: resolved fixed
While creating a system vm offering specify the type. If no type specified the default to domainrouter.
While requesting a set of system offering specify the paramter systemvmtype.
status 10305: resolved fixed
While creating a system vm offering specify the type. If no type specified the default to domainrouter.
While requesting a set of system offering specify the paramter systemvmtype.
status 9697: resolved fixed
Do encoding for ASCII chars only (done to eliminate problems with multiple language support)
To disable encoding, set "encode.api.response" to false
status 9697: resolved fixed
Do encoding for ASCII chars only (done to eliminate problems with multiple language support)
To disable encoding, set "encode.api.response" to false
Block update only in these cases:
* when DNS capability AllowDnsSuffixModification is false for the network
* when target network has running network elements (dhcps or domRs)
Conflicts:
server/src/com/cloud/vm/dao/DomainRouterDao.java
server/src/com/cloud/vm/dao/DomainRouterDaoImpl.java
Block update only in these cases:
* when DNS capability AllowDnsSuffixModification is false for the network
* when target network has running network elements (dhcps or domRs)
This patch enable redundant virtual routers.
1. To enable this feature, db need to be updated using follow SQL by now(we
would get a UI way later):
UPDATE network_offerings SET redundant_router=1 WHERE guest_type="Virtual" AND
system_only=0;
2. System would try to start up two routers at different hosts. But if there is
only one host in the zone, system would start up two routers on it.
3. The failover part is using keepalived, and connection tracking part is using
conntrackd. There would be one master router and one backup router. The status
of router(master or backup) can be query from the database table domain_router
now. Management server would update the status every 30s by default.
4. The routers for the same zone would use same external NIC(same ip and mac).
The script used for fail-over would ensure only one external NIC present in the
network at any time.
5. Currently management server don't got the ability to stop one of router is
both of them reported as master. The feature is in the todo list.
After two routers start up, disconnect anyone of them, the guest network
shouldn't be affected, and established connection(http, ssh, etc.) should still
works. The fail-over on gateway part should be 3~4 seconds.
Currently the patch works with KVM. Would deal with vmware and XenServer soon.
status 9873: resolved fixed
Following fixes were made as a part of the checkin:
* When deploy user vm and SG doesn't exist in the DB, create it automatically.
* SecurityGroup enabled use vm start: if map to default group is not present in security_group_vm_map table, create one.
* Added "name" (securityGroupName) parameter back to deleteSecurityGroup/authorizeSecurityGroupIngress/deployVm. Mutually exclusive with security group id parameter.
Conflicts:
api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java
api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java
api/src/com/cloud/api/commands/DeployVMCmd.java
server/src/com/cloud/api/ApiDBUtils.java
server/src/com/cloud/vm/UserVmManagerImpl.java
Changes:
- Added a new column `source_template_id` to vm_template table to carry the parent/source template ID from which the tempalte was created
- Added the column in db upgrade 224 to 225
- Changed code to save the source_template_id if there is one associated to the volume/ volume from which the snapshot was taken
- API response returns the sourcetemplateid field, if set, in all template usecases.
- CreateZone API creates a zoneToken, inserts in DB and returns it in the
response
- UpdateZone API takes in 'details' map that is loaded to data_center_details
Changes:
- Changed host allocators/planner to use cpu.overprovisioning.factor
- Removed following: while adding a new host, we were setting the total_cpu in op_host_capacity to be actual_cpu * cpu.overprovisioning.factor. Now we set it to actual_cpu.
- ListCapacities response now calculates the total CPU as actual * cpu.overprovisioning.factor (This change does not add anything new - listCapacities was pulling total CPU from op_host_capacity DB earlier which had the cpu.overprovisioning.factor applied already. Now we need to apply it over the DB entry.)
- HostResponse has a new field: 'cpuWithOverprovisioning' that returns the cpu after applying the cpu.overprovisioning.factor
- Db Upgrade 222 to 224 now updates the total_cpu in op_host_capacity to be the actual_cpu for each Routing host.
status 9336: resolved fixed
Following changes were made:
* deleteSecurityGroup/authorizeSecurityGroupIngress - removed account/domainId parameters as SG is uniquely identified by id now
* removed account_name field from securityGroup DB table; removed allowed_security_group/allowed_sec_grp_acct from security_ingress_rule.
These values were used for api response generation only for performance purposes; added caching on API level to improve performance
* Added missing security checks for securityGroups/ingressRules
Changes:
- Cluster entry is not removed from the table when a cluster is deleted because there are some foreign key constraints failing if the row delete is attempted. Instead the cluster is marked as 'removed'
- While deleting the pod changed the check to see if pod has any clusters - we now check that there are no clusters with removed column null.
- Also pod entry cannot be deleted from the db due to foreign key constraints. So added 'removed' column to Pod table host_pod_ref
- Now on deleting a pod, the pod will be marked as removed and pod name is set to null.
Also changed 'RegisterTemplate' to take in a new optional parameter 'checksum'.
The value set to it is stored as-is in the DB in vm_template table, 'checksum' column.
status 7704: resolved fixed
For user vm:
* for default network, take limit from the corresponding service offering
* for all additional networks, take limit from the network offerings
For domainRouter/SSVM/CPVM:
* get info from the network offering
Added new config parameter: "vm.network.throttling.rate". If nw_rate is NULL for serviceOffering, this parameter would be used for default vm's network
1) No longer do multiple searches involving "domain" table; only one join with domain is being done.
2) Do join with domain table only when command is executed by domainAdmin
3) Added index for "path" field in "domain" table
4) No longer do joins with account table as account_id is already present in vm_instance table.
Don't ask secondary storage VM to download baremetal template.
Immediately make baremetal template ready after registerTemplateCmd
as well as listTemplateCmd
Use zone id instead of secondary storage VM id to identify baremetal
template in template_host_ref table
- Added a new flag 'allocation_state' to zone,pod,cluster and host
- The possible values for this flag are 'Enabled' or 'Disabled'
- When a new zone,pod,cluster or host is added, allocation_state is 'Disabled' by default.
- For existing zone,pod,cluster or host, the state is 'Enabled'.
- All Add/Update/List commands for each of zone,pod,cluster or host can now take a new parameter 'allocationstate'
- If 'allocation_state' is 'Disabled', Allocators skip that zone or pod or cluster or pod.
- For a root admin, ListZones lists all zones including the 'Disabled' zones. But for any other user, the 'Disabled' zones are not included in the response.
- For any usecase that creates/deploys/adds/registers a resource and takes in zone as parameter, now we check if the Zone is 'Disabled'. If yes then the operation cannot be performed by a user other than root-admin. Add volume, snapshot, templates are examples of this usecase.
- To enable the root admin to test a particular pod/cluster/host, deployVM command takes in 'host_id' parameter that can be passed in only by root admin.
If this parameter is passed in by the admin, allocators do not search for hosts and use that host only. StoragePools are searched in the cluster of that host.
If VM cannot be deployed to that host, allocators and deployVM fails without retrying
Bug 7723 - merge or re-write host tagging into master / 2.2
Bug 7627 - Need more logging for Allocators
Bug 8317 - Add better resource allocation failure messages
Changes for Deployment Planner to use host and storagePool allocators to find deployment destination.
Also has the changes for host tag feature.
Improved the logging for allocators.
2) Set traffic Type to be Guest for Direct/Virtual non-system default network offerings. Use this guestIpType during the network creation/implementation
Alex Huang
Min Chen
Kelven Yang
Rohit Yadav
Chiradeep Vittal
Kishan Kavala
Sheng Yang
Prasanna Santhanam
Isaac Chiang
Chip Childers
Edison Su
Prachi Damle
Vijay Venkatachalam
Alena Prokharchyk
Koushik Das
Jessica Wang
Likitha Shetty
Pranav Saxena
Murali reddy
David Nalley
Deepti Dohare
unknown
saksham
Vijayendra Bhamidipati
Sateesh Chodapuneedi
Nitin Mehta
Salvatore Orlando
frank
Kelven Yang
U-CITRITE\vijayendra1
Sheng Yang
Abhinandan Prateek
anthony
Murali Reddy
Naredula Janardhana Reddy
Abhinandan Prateek
Alena
alena
Nitin
root
Edison Su
Chiradeep Vittal
Edison Su
frank
Alex Huang
will
Jessica Wang
abhishek