Fixes for VirtualRouters in Basic Networking, especially with mutliple ranges in VLANsDuring the last few modifications on the SystemVM scripts, it turns out quite a lot of stuff broke in our setups.
This PR fixes a number of things:
* Multiple IP's per VLAN interface are now supported & working again, including DNS, DHCP ranges, password and metadata services
* `useextdns` fixed (I had a small merge conflict with an attempt to fix this at 4.7, but these fixes are more comprehensive)
* CLOUDSTACK-8303
* Apache configs better in line with best-practices and distro-expected locations
* Added a few more helper functions & getters & setters for utility
* some minor cleanup & fixes
* pr/1547:
Remove /etc/apache2/sites-enabled/000-default in cloud-early-config
SysVM various fixes to previous refactorings * make CORS include a regular glob-matched one * fix NameVirtualHost in CsApp.py as well * even moar cleanups
SysVM: Cleanup and removal of old (and dangerous) config files * ports.conf * default & default-ssl sites * SSL config in httpd.conf * deprecated & dead setup_redundant_router in cloud-early-config
SysVM cloud-early-config: Intermediate fix for SecStore & CORS * Take setup from vhost.template rather than default(-ssl) * should move into Python CS code as well * Move CORS setup to separate conf * Modify vhost template to Optionally include the cors file * Add NameVirtualHost to vhost template for feature parity with ports.conf * Take setup from vhost.template rather than default(-ssl)
VR cloud-early-config: Commonize Apache2 common setup
VR cloud-early-config: Fix Apache2 alias cleanup
VR: consistent SSL setup, vhost is not an example, but a template
VR CsConfig: reintroduce old get_dns() behaviour for redundant non-VPC's
VR CsAddress fixes: * cleanup imports, * fix to_str(), * improve & fix service post_config logic * don't arpPing when there's no gateway
VR CsApp: Expose config to classes, move vhost confs to proper location, allow for multiple IP's per intf, sanitize servername, don't open port 53 if no DNS is foreseen
VR CsConfig: Add is_router(), is_dns(), has_dns(), has_metadata(), use_extdns(), fix get_dns() with use_extdns()
VR CsDhcp: allow multiple ranges & finite lease time (fixes CLOUDSTACK-8303)
VR CsGuestNetwork obey useextdns
VR merge.py ipalias fix & dhcpconfig stub notification
Signed-off-by: Will Stevens <williamstevens@gmail.com>
* 4.8:
CLOUDSTACK-9353: [XenServer] Fixed VM migration with storage
Added ASF license to unit test file
Added unit test to verify ordering
Fixed ordering of network ACL rules being sent to the VR. The comparator was inverted
* 4.7:
CLOUDSTACK-9353: [XenServer] Fixed VM migration with storage
Added ASF license to unit test file
Added unit test to verify ordering
Fixed ordering of network ACL rules being sent to the VR. The comparator was inverted
CLOUDSTACK-9353: [XenServer] Fixed VM migration with storageIn turn this also fixes VM migration with local storage
This PR is created against 4.7 and can be forward merged to future branches also.
* pr/1596:
CLOUDSTACK-9353: [XenServer] Fixed VM migration with storage
Signed-off-by: Will Stevens <williamstevens@gmail.com>
CLOUDSTACK-9404 Fixed ordering of network ACL rules being sent to the VR. The comparator was inverted.
Issue: https://issues.apache.org/jira/browse/CLOUDSTACK-9404
In this example, I created rules with the port numbers the same as the rule numbers.
Chain ACL_INBOUND_eth2 (1 references)
target prot opt source destination
ACCEPT all -- anywhere 225.0.0.50
ACCEPT all -- anywhere vrrp.mcast.net
DROP tcp -- anywhere anywhere tcp dpt:netstat
DROP tcp -- anywhere anywhere tcp dpt:10
DROP tcp -- anywhere anywhere tcp dpt:5
DROP tcp -- anywhere anywhere tcp dpt:3
DROP tcp -- anywhere anywhere tcp dpt:2
DROP all -- anywhere anywhere
We can see above that the rules are inverted.
After the fix:
Chain ACL_INBOUND_eth2 (1 references)
target prot opt source destination
ACCEPT all -- anywhere 225.0.0.50
ACCEPT all -- anywhere vrrp.mcast.net
DROP tcp -- anywhere anywhere tcp dpt:2
DROP tcp -- anywhere anywhere tcp dpt:3
DROP tcp -- anywhere anywhere tcp dpt:5
DROP tcp -- anywhere anywhere tcp dpt:10
DROP tcp -- anywhere anywhere tcp dpt:netstat
DROP all -- anywhere anywhere
* pr/1581:
Added ASF license to unit test file
Added unit test to verify ordering
Fixed ordering of network ACL rules being sent to the VR. The comparator was inverted
Signed-off-by: Will Stevens <williamstevens@gmail.com>
CLOUDSTACK-9399 : NPE during deletion of host when clusterId is nullIn most network plugins, there's a Resource class which will handle the communication with the actual device / underlaying client / ... They're configured as a host, so ACS is able to send commands towards it.
When they're configured as a host, the clusterId is not filled in since it's not relevant. Hence, the NPE while deleting this host because of ```long clusterId = host.getClusterId();```
* pr/1585:
Nuage VSP : Enhancing Marvin test coverage
CLOUDSTACK-9399 : Marvin test coverage for Nuage VSP device CRUD operations
CLOUDSTACK-9399 : NPE during deletion of host when clusterId is null
Signed-off-by: Will Stevens <williamstevens@gmail.com>
[BLOCKER][FIX] CLOUDSTACK-9409: Add role_id to cloud_usage.accountAdds role_id column to cloud_usage.account, fixes UsageDaoImpl to insert
Accounts with role_id from account table. Without the fix, usage server fails to work.
This fixes a *blocker* for 4.9.0 reported by @nvazquez (thanks!)
/cc @swill @nvazquez for review and merge thanks.
* pr/1584:
CLOUDSTACK-9409: Add role_id to cloud_usage.account
Signed-off-by: Will Stevens <williamstevens@gmail.com>
Adds role_id column to cloud_usage.account, fixes UsageDaoImpl to insert
Accounts with role_id from account table.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
* Take setup from vhost.template rather than default(-ssl)
* should move into Python CS code as well
* Move CORS setup to separate conf
* Modify vhost template to Optionally include the cors file
* Add NameVirtualHost to vhost template for feature parity with ports.conf
* Take setup from vhost.template rather than default(-ssl)
Make sure that the DB drivers are loaded before creating connectionsI've digged deeper, and found out that Tomcat is really specific in how it loads the JDBC drivers apparently.
If we would be using the standard JDBC connection pooling of Tomcat (tomcat-jdbc) instead of commons-dbcp, we would have the option to specify a "driverClassName" when creating our connection.
This is not the case for commons-dbcp, which we are using within ACS.
If you check an official example of Tomcat :
https://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#Plain_Ol'_Java
or
https://tomcat.apache.org/tomcat-7.0-doc/jdbc-pool.html#As_a_Resource
As you can see in the above examples, both of them specify the driverClassName.
In the underlying implementation of Tomcat, Tomcat will do ```Class.forName(driverClassName)``` which will trigger the auto-registration of the Driver.
Tomcat code :
```java
if (driver==null) {
if (log.isDebugEnabled()) {
log.debug("Instantiating driver using class: "+poolProperties.getDriverClassName()+" [url="+poolProperties.getUrl()+"]");
}
driver = (java.sql.Driver) Class.forName(poolProperties.getDriverClassName(),
true, PooledConnection.class.getClassLoader()
).newInstance();
}
```
* pr/1574:
Make sure that the DB drivers are loaded before initiating connections
Signed-off-by: Will Stevens <williamstevens@gmail.com>
travis: use ipmitool from ubuntu repository@swill @pdion891 please review, merge this once Travis is green. The packages.shapeblue.com server is unreachable which is causing a wget command to fail. This fixes this by installing `ipmitool` from ubuntu repositories.
* pr/1570:
travis: add one more smoke test
travis: use ipmitool from ubuntu repository
Signed-off-by: Will Stevens <williamstevens@gmail.com>
fix noredist build because of missing maven dependency of vmware 6.0 libfix noredist build for new vmware lib
* pr/1569:
fix noredist build because of missing maven dependency of vmware 6.0 lib
Signed-off-by: Will Stevens <williamstevens@gmail.com>
[CLOUDSTACK-9296] Start ipsec for client VPNThis fix starts the IPSEC daemon when enabling client side vpn
* pr/1423:
[CLOUDSTACK-9296] Start ipsec for client VPN
Signed-off-by: Will Stevens <williamstevens@gmail.com>
CLOUDSTACK-9180: Optimize concurrent VM deployment operation on same network
Check if VR needs to be allocated for a given network and only acquire lock if required
Refer to the bug for details.
* pr/1251:
CLOUDSTACK-9180: Optimize concurrent VM deployment operation on same network Check if VR needs to be allocated for a given network and only acquire lock if required
Signed-off-by: Will Stevens <williamstevens@gmail.com>
CLOUDSTACK-9238: Fix URL length to 2048 for all url fields in VOI will update the PR to add max field length in the API commands too
* pr/1567:
API: update url field max length
not needed on host table
Fix URL length to 2048 for all url fields in VO
Signed-off-by: Will Stevens <williamstevens@gmail.com>
* 4.7:
CLOUDSTACK-9376: Restrict listTemplates API with filter=all for root admin
CLOUDSTACK-9369: Restrict default login to ldap/native users
Add lsb-release dependency to mgmt server and agent on Debian/Ubuntu.
Emit template UUID and class type over event bus when deleting templates.
Add lsb-release dependency to mgmt server and agent on Debian/Ubuntu.New version of #1412, based on the 4.7 branch.
* pr/1565:
Add lsb-release dependency to mgmt server and agent on Debian/Ubuntu.
Signed-off-by: Will Stevens <williamstevens@gmail.com>
Emit template UUID and class type over event bus when deleting templatesNew version of #1378 for the 4.7b branch instead of 4.6.
* pr/1564:
Emit template UUID and class type over event bus when deleting templates.
Signed-off-by: Will Stevens <williamstevens@gmail.com>
- Restricts default login auth handler to ldap and native-cloudstack users
- Refactors and create re-usable method to find domain by id/path
- Adds unit test for refactored method in DomainManagerImpl
- Adds smoke test for login handler
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Manfred Touron
Will Stevens
Anshul Gangwar
Prashanth Manthena
Nick Livens
Rohit Yadav
Wido den Hollander
Ronald van Zantvoort
Patrick Dube
Pierre-Luc Dion
Marc-Aurèle Brothier