Fixed issues with vif scripts on 5.6FP1
Fixed ipv6 issue on 5.6FP1
Plus other various fixes and improvements
Starting to remove debug code
NOTE: Network is configured correctly but instances do not start. Possibly indefinite wait occuring on some commands
Description:
Fixing two other scenarios apart from the reported one
where we were not passing in database IDs for translation
into uuids, in the exception.
Only DHCP entry need to know if no one apply the entries(when VM is starting
up), other rules should be safe when return true anyway.
status 14470: resolved fixed
Reviewed-By: Sheng Yang
Changes:
Added 'removed' column to physical_network_service_providers to avoid the Foreign Key constraint error.
Conflicts:
setup/db/db/schema-30to301.sql
It's not a elegant fix. The status for firewall rules should remain unchanged
before/after ip association/disassociation. But the related change is tricky
than this fix, may not get enough test for 3.0.1. So we would apply existed
firewall rules again, which would work, just result in some unnecessary
commands.
status 14484: resolved fixed
Reviewed-by: Edison Su
Changes:
Fixed as described in the bug.
* CreateVlanIpRangeCmd still accept account/domainId info
* if account owns:
- one Isolated network with source nat service enabled, use this network
- more than one Isolated network with source nat service enabled - error out
- none Isolated networks with source nat service enabled, create it only in
case when there is an Isolated network offering with Availability=Required and
source nat service enabled.
The routing table with two nics may be messed up, due to we sent same
router(gateway) information from different DHCP server, in order to specify
default gateway. E.g.
Network A: 192.168.1.0/24, gw 192.168.1.1
Network B: 192.168.2.0/24, gw 192.168.2.1
User VM: Nic 1 connect to network A, get ip 192.168.1.10; nic 2 connect to
network B, get ip 192.168.2.10.
Set network A as the default network of user VM.
Currently we would send this information to user VM through DHCP offer:
In network A: dhcp-option:router 192.168.1.1
In network B: dhcp-option:router 192.168.1.1
So both NIC in the guest VM would receive 192.168.1.1 as router(gateway).
But, in CentOS 5.6, dhclient-scripts try to tell if the gateway is reachable
for current subnet.
So when we try to enable nic 2(eth1) of user VM, dhclient would receive:
IP: 192.168.2.10
Mask: 255.255.255.0
Router: 192.168.1.1
Then it would found that the specified gateway(router) is not within its own
subnet(192.168.2.0/24). But since we send out this ip(192.168.1.1) as the
gateway for it, dhclient thought that it should got someway to access the
network through this IP. So it would execute:
ip route add 192.168.1.1 dev eth1
ip route replace default via 192.168.1.1 dev eth1
But it can never reach 192.168.1.1(which is in the eth0's subnet and the
gateway of eth0) by go through eth1 interface. So it is messed up.
We've tested Windows 2008 R2, CentOS 5.3, CentOS 5.6 and Ubuntu 10.04. Windows
and Ubuntu are fine with above policy.
To solve this, we send different dhcp:router option according to the guest OS
type now.
We may need expand this list later, but for now we only know that CentOS and
RHEL would behavior in this way.
status 14042: resolved fixed
Description:
Adding overloaded addProxyObject() function to CloudException
and RuntimeCloudException classes and using this function
to stuff exceptions with IDs, to reduce code footprint.
Description:
Modifying the API functions' exception handling to call
addProxyObject() wherever applicable, and removing some
wrong calls to addProxyObject() that were put in in an
earlier commit for this bug.
With this commit, we cover many API functions to use the
new exception handling code, but some pieces may still be
left out. These will be covered as work in progress, when
making changes to the CS API code.
Description:
Removed some wrong invocations to addProxyObject() when
throwing exceptions in NetworkManagerImpl.java.
Replaced db ids with uuids in various points in the code
of NetworkManagerImpl.java, where exceptions are thrown.
Bug 13127: API error text refer to database ids instead of uuids
Code-Reviewers: Ewan Mellor, Kelven Yang
Description:
1. A new class CSExceptionErrorCode has been added to utils.
It contains a list of error codes for each type of
Exception class. Use fully qualified package paths for
Exceptions in CSExceptionErrorCode. We log any exception
name not found in the list of error codes for exceptions.
2. Whenever we throw an exception exobj anywhere in the
CS code, the CSErrorCode is set in the base class
constructor.
3. We add a new field csErrorCode in classes CloudException,
RuntimeCloudException, ExecutionException and
ExceptionResponse.
4. Two places in ApiServer.java were wrongly modified when
putting in changes for bug 13127 to not throw an exception.
This has been corrected in this commit.
Description:
Modify Exception handling to enable addition of multiple
uuids in a single exception thrown by API functions. Both
XML and JSON outputs will store all uuids and Fieldnames.
This will make it easier to provide more information when
an exception occurs - for example, a zone id, a cluster id,
host id, and then a specific property id.
Description:
Added a field name for the db id in the IdentityProxy class, and
modified setProxyObject() to take an additional id name parameter.
This will let us know the name of the uuid that we are returning.
E.g.- domainId, zoneId, etc. The client can view this field in
the json/xml output. Modified the JSON/XML serialization routines
to append this new parameter to the serialized output for Exception
Responses.
Description:
1) Added a setProxyObject() method to CloudException and RuntimeCloudException
2) Modified a bunch of throw exceptions in NetworkManagerImpl.java to call setProxyObject() before throwing an exception.
3) Changed scope of ProxyIdentity attribute to protected.
4) Added routines to ServerApiException to get/set IdentityProxy object, and
routine in RuntimeCloudException to get the Idproxy object.
5) Modified the exception handling around the dispatcher and handlerequest()
to copy over the IdentityProxy information before rethrowing an exception
eventually back to handle().
6) Removed duplicate IdentityProxy object in ServerApiException.
It was extending RuntimeCloudException which already had an
IdentityProxy object.
Description:
1) Moved RuntimeCloudException from api/ to utils/.
Added simple constructor to RuntimeCloudException.
Modified all classes that extended RuntimeException
to extend RuntimeCloudException. These classes
are listed below:
ServerApiException
CloudAuthenticationException
CloudExecutionException
AsyncCommandQueued
HypervisorVersionChangedException
RuntimeCloudException
2) Added overloaded constructed to CloudException.
Modified all classes that extend Exception to extend CloudException instead.
These classes are listed below:
ConcurrentOperationException
ConflictingNetworkSettingsException
ConnectionException
DiscoveryException
InsufficientCapacityException
ManagementServerException
ResourceUnavailableException
VirtualMachineMigrationException
AgentControlChannelException
OperationTimedoutException.java
UnsupportedVersionException.java
UsageServerException.java
UnableDeleteHostException.java
AgentAuthnException.java
HttpCallException.java
ActiveFencingException.java
ClusterInvalidSessionException.java
GreTunnelException.java
OvsVlanExhaustedException.java
Reviewed-by: Kishan
Changes:
- Separated out the External Network Usage task from the ExternalLBDeviceMgr because ExternalLbDeviceMgrImpl :: start() was getting multiple times during management server satrtup. The reason for this is that this is the baseclass for F5 and NetScalarElement.
- This caused us to schedule the ExternalNetworkUsageTask multiple times
- Also we have LBRulesMgr calling this ExternalLbDeviceMgrImpl by creating an instance of this class which is declared abstract
- Hence having a separate implementation to manage the network usage stats should solve this.
- configuring unique persistence profile for each LB rule with sticky method applied
- removing source based sticky method for source based LB method which is not supported by F5
And per Alex's request, add default value directly into the database, rather
than using it at last minute of implemention.
status 13829: resolved fixed
Reviewed-by: Alex
We expect user to use following sequence when update virtual router provided
network offering to external firewall devices offering:
1. Shutdown all the user VMs.
2. Modify network to new offering.
3. Click "Allow CIDR change" in the pop-up dialog, which would pass
changeCidr=true to the updateNetwork API.
We would shutdown guest network before we update the network for new
offering(with changeCidr = true), in order to re-implement the network.
status 13715: resolved fixed
Reviewed-by: Alex
Bug 13641 - OVM add host to OVM cluster results in host remaining in state: Alert
Bug 13652 - OVM add primary storage to OVM cluster FAIL
making Ovm work on Acton
status 13662: resolved fixed
status 13641: resolved fixed
status 13652: resolved fixed
reviewed-by: edison
The ExternalGuestNetworkGuru need to respect some of existed IP assignment,
especially router. Otherwise router can't get correct IP address(gateway IP).
status 13643: resolved fixed
Reviewed-by: Alex
Summary of changes:
- applyLoadBalancerConfig(long lbRuleId) method applies only one rule if it is Netscalar otherwise applies all the rules in add/revoke state.
CIDR may be different after update to a service offering contained external
network element, user is required to acknowledge this, otherwise the update
won't process
- converted all mandatory params to optional, and internally fill with default value before sending to haproxy. default value is available through description.
- accept holdtime without units.
Changes:
- We do not need these global setting anymore. These will be hidden since 3.0
- The default traffic label will be picked from the global setting which is null by default. When traffic label is null it means the resource uses tag on the default gateway
- Changes to invoke discoverer to reload the resource object on host connection
- Since a zone can have many physical networks, there can be multiple guest, public networks. Only the zone wide storage and management traffic label will be stored in host_details henceforth.
- If traffic labels are updated, discoverer should update the host_details
Summary of changes: Database changes will be rollbacked while applying the LB rule to the Netscaler device.
- Database changes will be rollbacked to previous state during the following Lb API's:
1) assignVM to LB rule
2) remove VM from LB rule
3) updateLb rule
4) deleteLb rule
5) create/attach sticky policy to Lb rule
6) delete sticky policy from Lb rule
- Database changes of the Lb rule will be not be rolledback during:
1) Removing IP
2) removing VM
Reviewed-by: Kishan
Changes:
- When an LB rule is deleted or the IP address having an LB rule configured is released, ExternalNetworkUsageCommand is fired to gather the usage
accumulated on that IP after the last run of the ExternalNetworkUsage job.
Summary of Changes:
- created a generic way for LB rule validations, so as LB device(like Haproxy) specific validations can be done syncronously.
- Removed asyncronous validations from Haproxy and done syncronously.
Summary of changes :
- Added a new flag -s to ipassoc command to carry if the ip address is
used for SNAT or not.
- SNAT is completly decoupled from the first flag. first flag is used
to decide if the ip address is first ip address of the interface.
- -s and -f are independent, SNAT can be enabled on the non-first ip
also.
Reviewed-By: Kishan
Changes:
- Added local cache to store the usage answer per LB device per zone
- Also there can be multiple domainRouters for an account. We can avoid processing the same account for usage by maintaining accounts already processed.
Changes:
- After deployment of Router failed, we did not throw out the error inorder to retry the start using another hypervisorType.
- But there is no other hypervisor to try, causing the failed and expunged router to be passed on further leading to an NPE later
- So in case there are no more hypervisors to retry the router start, we should throw out the original error.
When elb capability is enabled on the network offering, we:
1) on each createLB command:
* associate ip address to the LB rule owner
* create LB rule
2) on each deleteLb command:
* delete the rule
* disassociate ip address
The rule belongs to the owner, so proper usage events are generated
2) Added elasticIp and elasticLb network capabilities. Provided support to create network offering with these capabilities.
3) Added one more default network offering having elasticip and elasticlb
4) Public network support to Basic zone. You can associate/disassociate IP addresses now
I haven't figure out why the code can NPE, and in my test the clean up of basic
zone is prevent from API as expected. Anyway, I add this check before cleanup to
ensure even API check failed, no NPE would be throwed.
status 13041: resolved fixed.
The original method of testing source nat didn't consider the situation that
multiply source nat ip can be passed into the function because they belonged to
the different networks.
status 13100: resolved fixed
Admin can either configure system.vm.default.hypervisor which is a global configuration for all zones, or call updatezone add defaultSystemVMHypervisorType
status 12139: resolved fixed
Introduce the concept of Ip Deployer. The IP deployer would be responible for
apply IP to the element. Most element's IP deployer is itself, but it can be
someone else if we want to implement inline mode in the future.
Conserve mode means, we can use same IP for different purposes, in order to
"conserve" ip resources. But in this offering, all the service providers should
be the same, and the network created from this offering may be prohibited from
update to different network offering whose services are provided by different
service providers - because different service providers would need different IPs
for different services.
If user want to update the "conserve mode" network with the network offering
that has different service providers, each public IP should have only one usage,
only them the update is allowed.
- fixed bug in the destroying the VPX instance on SDX
- added method to acuire priavate IP from the zone, needed for the management IP of provisioned LB appliane
We can use the restartNetwork mechanism to recover the disconnected redundant
router.
Also disable HA for redundant router. Admin would take responsibilty to recover
the failure router, because redundant routers themselves are one layer HA.
status 12608: resolved fixed
bug 12318: NaaS: Dynamic CIDR for virtual router
This patch in fact use ExternalGuestNetworkGuru to replace GuestNetworkGuru. The
problem is the virtual router would normally use 10.1.1.0/8 as CIDR, but when we
want to upgrade to external firewall e.g. Netscaler, the CIDR would need to be
changed to different value e.g. 10.x.x.0/24 based on VLAN, because the external
firewall can not support one CIDR for multiply VLAN right now. So we have to use
the same policy for virtual router.
This patch also add one field "specified_cidr" to the networks table. If this
field is true, then it means user specify the CIDR of this network, thus we can
not granutee the CIDR after upgrade is valid, so we would like to prohibit the
upgrade of network offering.
This should also fix bug 12318. The reason for bug 12318 is the pre-set gateway
address of domR is overrided by ExternalGuestNetworkGuru. After this patch,
ExternalGuestNetworkGuru would respect the existed value in Nic, rather than
simply wiping it out. It would do calcuation to get the relevant address after
VLAN changed.
More clean up can be done in the future, when we proved that this policy change
doesn't break...
status 12234: resolved fixed
status 12318: resolved fixed
We do not set the default network labels as 'cloud-private' anymore. Instead it is set to the values set in global config variable. This should avoid the host connect failures requiring the network labels to be setup.
If virtual router provide DHCP but not DNS service, the DHCP response would
contained DNS server address rather than domr itself's address. Then user VM
would use specified DNS server directly.
-made Netscaler, SRX, F5 network elements as pluggable service
-added abstract load balancer device manager ExternaLoadBalancerDeviceManager
-made both F5 and Netscaler pluggable service to extend ExternaLoadBalancerDeviceManager
-added abstract firewall device manager ExternalFirewallDeviceManager
-made SRX pluugable service to extende ExternalFirewallDeviceManager
-added API's to configure and manage netscaler devices
- not use includingRemoved while listing networks
- Processing checkNetworkCommand dummy method to avoid failures connecting to Vmware and hyperv resource
* update network with new networkOfferingId only after the network is shutdown
* fixed NPE happenining when updateNetwork with the networkOffering w/o soucrceNat service in Advance zone
only owner of the network can access it; if it's domain - all accounts in the domain and domain children can have an access.
* aclType replaces 2 old fields: isShared and isDomainSpecific.
* All 2.2.x account specific networks will have aclType=Account; 2.2.x Domain specific networks - aclType=domain; 2.2.x Zone level networks - aclType=Domain with domainId = Root domain id
reviewed-by: Abhi
Summary of Changes:
while adding a primary address to the domR interface, previous primaray addresses(ip) are removed and added as with 32-bit netmask.
This is to avoid two same ip's with different netmask attached to the interface.
Salvatore Orlando
unknown
Alena Prokharchyk
Vijayendra Bhamidipati
Sheng Yang
David Nalley
frank
prachi
kishan
Sheng Yang
Murali reddy
Kelven Yang
Edison Su
Naredula Janardhana Reddy
Alex Huang
anthony
Murali Reddy
Prasanna Santhanam
Murali Reddy
alena