From 5ea07dc93799f28dd6c268b17514867d92dc53f7 Mon Sep 17 00:00:00 2001 From: Remi Bergsma Date: Wed, 20 Jan 2016 23:18:53 +0100 Subject: [PATCH 01/22] Updating pom.xml version numbers for release 4.7.1 Signed-off-by: Remi Bergsma --- agent/pom.xml | 2 +- api/pom.xml | 2 +- client/pom.xml | 2 +- core/pom.xml | 2 +- debian/changelog | 6 ++++++ developer/pom.xml | 2 +- engine/api/pom.xml | 2 +- engine/components-api/pom.xml | 2 +- engine/network/pom.xml | 2 +- engine/orchestration/pom.xml | 2 +- engine/pom.xml | 2 +- engine/schema/pom.xml | 2 +- engine/service/pom.xml | 2 +- engine/storage/cache/pom.xml | 2 +- engine/storage/datamotion/pom.xml | 2 +- engine/storage/image/pom.xml | 2 +- engine/storage/integration-test/pom.xml | 2 +- engine/storage/pom.xml | 2 +- engine/storage/snapshot/pom.xml | 2 +- engine/storage/volume/pom.xml | 2 +- framework/cluster/pom.xml | 2 +- framework/config/pom.xml | 2 +- framework/db/pom.xml | 2 +- framework/events/pom.xml | 2 +- framework/ipc/pom.xml | 2 +- framework/jobs/pom.xml | 2 +- framework/managed-context/pom.xml | 2 +- framework/pom.xml | 2 +- framework/quota/pom.xml | 2 +- framework/rest/pom.xml | 2 +- framework/security/pom.xml | 2 +- framework/spring/lifecycle/pom.xml | 2 +- framework/spring/module/pom.xml | 2 +- maven-standard/pom.xml | 2 +- plugins/acl/static-role-based/pom.xml | 2 +- .../affinity-group-processors/explicit-dedication/pom.xml | 2 +- .../affinity-group-processors/host-anti-affinity/pom.xml | 2 +- plugins/alert-handlers/snmp-alerts/pom.xml | 2 +- plugins/alert-handlers/syslog-alerts/pom.xml | 2 +- plugins/api/discovery/pom.xml | 2 +- plugins/api/rate-limit/pom.xml | 2 +- plugins/api/solidfire-intg-test/pom.xml | 2 +- plugins/database/mysql-ha/pom.xml | 2 +- plugins/database/quota/pom.xml | 2 +- plugins/dedicated-resources/pom.xml | 2 +- plugins/deployment-planners/implicit-dedication/pom.xml | 2 +- plugins/deployment-planners/user-concentrated-pod/pom.xml | 2 +- plugins/deployment-planners/user-dispersing/pom.xml | 2 +- plugins/event-bus/inmemory/pom.xml | 2 +- plugins/event-bus/kafka/pom.xml | 2 +- plugins/event-bus/rabbitmq/pom.xml | 2 +- plugins/file-systems/netapp/pom.xml | 2 +- plugins/ha-planners/skip-heurestics/pom.xml | 2 +- plugins/host-allocators/random/pom.xml | 2 +- plugins/hypervisors/baremetal/pom.xml | 2 +- plugins/hypervisors/hyperv/pom.xml | 2 +- plugins/hypervisors/kvm/pom.xml | 2 +- plugins/hypervisors/ovm/pom.xml | 2 +- plugins/hypervisors/ovm3/pom.xml | 2 +- plugins/hypervisors/simulator/pom.xml | 2 +- plugins/hypervisors/ucs/pom.xml | 2 +- plugins/hypervisors/vmware/pom.xml | 2 +- plugins/hypervisors/xenserver/pom.xml | 2 +- plugins/network-elements/bigswitch/pom.xml | 2 +- plugins/network-elements/brocade-vcs/pom.xml | 2 +- plugins/network-elements/cisco-vnmc/pom.xml | 2 +- plugins/network-elements/dns-notifier/pom.xml | 2 +- plugins/network-elements/elastic-loadbalancer/pom.xml | 2 +- plugins/network-elements/f5/pom.xml | 2 +- plugins/network-elements/globodns/pom.xml | 2 +- plugins/network-elements/internal-loadbalancer/pom.xml | 2 +- plugins/network-elements/juniper-contrail/pom.xml | 2 +- plugins/network-elements/juniper-srx/pom.xml | 2 +- plugins/network-elements/midonet/pom.xml | 2 +- plugins/network-elements/netscaler/pom.xml | 2 +- plugins/network-elements/nicira-nvp/pom.xml | 4 ++-- plugins/network-elements/nuage-vsp/pom.xml | 2 +- plugins/network-elements/opendaylight/pom.xml | 2 +- plugins/network-elements/ovs/pom.xml | 2 +- plugins/network-elements/palo-alto/pom.xml | 2 +- plugins/network-elements/stratosphere-ssp/pom.xml | 2 +- plugins/network-elements/vxlan/pom.xml | 2 +- plugins/pom.xml | 2 +- plugins/storage-allocators/random/pom.xml | 2 +- plugins/storage/image/default/pom.xml | 2 +- plugins/storage/image/s3/pom.xml | 2 +- plugins/storage/image/sample/pom.xml | 2 +- plugins/storage/image/swift/pom.xml | 2 +- plugins/storage/volume/cloudbyte/pom.xml | 2 +- plugins/storage/volume/default/pom.xml | 2 +- plugins/storage/volume/nexenta/pom.xml | 2 +- plugins/storage/volume/sample/pom.xml | 2 +- plugins/storage/volume/solidfire/pom.xml | 2 +- plugins/user-authenticators/ldap/pom.xml | 2 +- plugins/user-authenticators/md5/pom.xml | 2 +- plugins/user-authenticators/pbkdf2/pom.xml | 2 +- plugins/user-authenticators/plain-text/pom.xml | 2 +- plugins/user-authenticators/saml2/pom.xml | 2 +- plugins/user-authenticators/sha256salted/pom.xml | 2 +- pom.xml | 2 +- quickcloud/pom.xml | 2 +- server/pom.xml | 2 +- services/console-proxy-rdp/rdpconsole/pom.xml | 2 +- services/console-proxy/plugin/pom.xml | 2 +- services/console-proxy/pom.xml | 2 +- services/console-proxy/server/pom.xml | 2 +- services/iam/plugin/pom.xml | 2 +- services/iam/server/pom.xml | 2 +- services/pom.xml | 2 +- services/secondary-storage/controller/pom.xml | 2 +- services/secondary-storage/pom.xml | 2 +- services/secondary-storage/server/pom.xml | 2 +- systemvm/pom.xml | 2 +- test/pom.xml | 2 +- tools/apidoc/pom.xml | 2 +- tools/checkstyle/pom.xml | 2 +- tools/devcloud-kvm/pom.xml | 2 +- tools/devcloud/pom.xml | 2 +- tools/devcloud4/pom.xml | 2 +- tools/marvin/pom.xml | 2 +- tools/marvin/setup.py | 2 +- tools/pom.xml | 2 +- tools/wix-cloudstack-maven-plugin/pom.xml | 2 +- usage/pom.xml | 2 +- utils/pom.xml | 2 +- vmware-base/pom.xml | 2 +- 126 files changed, 132 insertions(+), 126 deletions(-) diff --git a/agent/pom.xml b/agent/pom.xml index 0489b34157..2d4c0a14e3 100644 --- a/agent/pom.xml +++ b/agent/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 diff --git a/api/pom.xml b/api/pom.xml index 289b17182e..401f6286a9 100644 --- a/api/pom.xml +++ b/api/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 diff --git a/client/pom.xml b/client/pom.xml index cb2917a221..d5021ac77c 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -17,7 +17,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 diff --git a/core/pom.xml b/core/pom.xml index 122f16c54e..a05bf60517 100644 --- a/core/pom.xml +++ b/core/pom.xml @@ -25,7 +25,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 diff --git a/debian/changelog b/debian/changelog index 85a2221cb1..1f12319f70 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +cloudstack (4.7.1) unstable; urgency=low + + * Update the version to 4.7.1 + + -- the Apache CloudStack project Wed, 20 Jan 2016 23:18:53 +0100 + cloudstack (4.7.1-SNAPSHOT) unstable; urgency=low * Update the version to 4.7.1-SNAPSHOT diff --git a/developer/pom.xml b/developer/pom.xml index 29ea79202d..603a95f193 100644 --- a/developer/pom.xml +++ b/developer/pom.xml @@ -18,7 +18,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 diff --git a/engine/api/pom.xml b/engine/api/pom.xml index 906fe6bc55..835675b84a 100644 --- a/engine/api/pom.xml +++ b/engine/api/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloud-engine - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/engine/components-api/pom.xml b/engine/components-api/pom.xml index 6849b873be..4776b500bd 100644 --- a/engine/components-api/pom.xml +++ b/engine/components-api/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloud-engine - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/engine/network/pom.xml b/engine/network/pom.xml index 34a31b16ce..517178c3af 100644 --- a/engine/network/pom.xml +++ b/engine/network/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloud-engine - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/engine/orchestration/pom.xml b/engine/orchestration/pom.xml index bc7a0f7bde..2ab5409c2d 100755 --- a/engine/orchestration/pom.xml +++ b/engine/orchestration/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloud-engine - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/engine/pom.xml b/engine/pom.xml index 436c661121..b9c9980ea3 100644 --- a/engine/pom.xml +++ b/engine/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/engine/schema/pom.xml b/engine/schema/pom.xml index a4cd98ea5e..0607dbf73d 100644 --- a/engine/schema/pom.xml +++ b/engine/schema/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloud-engine - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/engine/service/pom.xml b/engine/service/pom.xml index d1a6de02dc..9b205d38a5 100644 --- a/engine/service/pom.xml +++ b/engine/service/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloud-engine - 4.7.1-SNAPSHOT + 4.7.1 cloud-engine-service war diff --git a/engine/storage/cache/pom.xml b/engine/storage/cache/pom.xml index ae0df59ca2..d475feab88 100644 --- a/engine/storage/cache/pom.xml +++ b/engine/storage/cache/pom.xml @@ -15,7 +15,7 @@ org.apache.cloudstack cloud-engine - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/engine/storage/datamotion/pom.xml b/engine/storage/datamotion/pom.xml index bd9f14f3e1..250cba509e 100644 --- a/engine/storage/datamotion/pom.xml +++ b/engine/storage/datamotion/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloud-engine - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/engine/storage/image/pom.xml b/engine/storage/image/pom.xml index c6506a200f..60e6eccd19 100644 --- a/engine/storage/image/pom.xml +++ b/engine/storage/image/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloud-engine - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/engine/storage/integration-test/pom.xml b/engine/storage/integration-test/pom.xml index d42e1ba986..c19864f62e 100644 --- a/engine/storage/integration-test/pom.xml +++ b/engine/storage/integration-test/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloud-engine - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/engine/storage/pom.xml b/engine/storage/pom.xml index 2fedde9273..c875a0f42a 100644 --- a/engine/storage/pom.xml +++ b/engine/storage/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloud-engine - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/engine/storage/snapshot/pom.xml b/engine/storage/snapshot/pom.xml index bab9229210..a43fd5f64a 100644 --- a/engine/storage/snapshot/pom.xml +++ b/engine/storage/snapshot/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloud-engine - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/engine/storage/volume/pom.xml b/engine/storage/volume/pom.xml index 8cece2894c..f5433b5032 100644 --- a/engine/storage/volume/pom.xml +++ b/engine/storage/volume/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloud-engine - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/framework/cluster/pom.xml b/framework/cluster/pom.xml index 2f91aa3c5f..ea0cb3eb1b 100644 --- a/framework/cluster/pom.xml +++ b/framework/cluster/pom.xml @@ -15,7 +15,7 @@ org.apache.cloudstack cloudstack-framework - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/framework/config/pom.xml b/framework/config/pom.xml index 35236484a0..f7ab469e09 100644 --- a/framework/config/pom.xml +++ b/framework/config/pom.xml @@ -15,7 +15,7 @@ org.apache.cloudstack cloudstack-framework - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/framework/db/pom.xml b/framework/db/pom.xml index 2fc6b6dede..d9f84f162f 100644 --- a/framework/db/pom.xml +++ b/framework/db/pom.xml @@ -15,7 +15,7 @@ org.apache.cloudstack cloudstack-framework - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/framework/events/pom.xml b/framework/events/pom.xml index 9b49013714..881c42b6f1 100644 --- a/framework/events/pom.xml +++ b/framework/events/pom.xml @@ -15,7 +15,7 @@ org.apache.cloudstack cloudstack-framework - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/framework/ipc/pom.xml b/framework/ipc/pom.xml index 7bf6849562..0fd53aa86d 100644 --- a/framework/ipc/pom.xml +++ b/framework/ipc/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloudstack-framework - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/framework/jobs/pom.xml b/framework/jobs/pom.xml index 8fe1eb7102..5314ac276f 100644 --- a/framework/jobs/pom.xml +++ b/framework/jobs/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-framework - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/framework/managed-context/pom.xml b/framework/managed-context/pom.xml index a777521719..e6e49e1b04 100644 --- a/framework/managed-context/pom.xml +++ b/framework/managed-context/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloud-maven-standard - 4.7.1-SNAPSHOT + 4.7.1 ../../maven-standard/pom.xml diff --git a/framework/pom.xml b/framework/pom.xml index 7634438c8b..a705664e33 100644 --- a/framework/pom.xml +++ b/framework/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 install diff --git a/framework/quota/pom.xml b/framework/quota/pom.xml index 5dfc776585..21e836b2ab 100644 --- a/framework/quota/pom.xml +++ b/framework/quota/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-framework - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/framework/rest/pom.xml b/framework/rest/pom.xml index df6a38af64..405493fb66 100644 --- a/framework/rest/pom.xml +++ b/framework/rest/pom.xml @@ -22,7 +22,7 @@ org.apache.cloudstack cloudstack-framework - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml cloud-framework-rest diff --git a/framework/security/pom.xml b/framework/security/pom.xml index 77809d1305..aecc5458d7 100644 --- a/framework/security/pom.xml +++ b/framework/security/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-framework - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/framework/spring/lifecycle/pom.xml b/framework/spring/lifecycle/pom.xml index d7a2c10dc1..d0cad725d1 100644 --- a/framework/spring/lifecycle/pom.xml +++ b/framework/spring/lifecycle/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloud-maven-standard - 4.7.1-SNAPSHOT + 4.7.1 ../../../maven-standard/pom.xml diff --git a/framework/spring/module/pom.xml b/framework/spring/module/pom.xml index 3a5b59ea8f..61fdab250f 100644 --- a/framework/spring/module/pom.xml +++ b/framework/spring/module/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloud-maven-standard - 4.7.1-SNAPSHOT + 4.7.1 ../../../maven-standard/pom.xml diff --git a/maven-standard/pom.xml b/maven-standard/pom.xml index 7c609c3140..b124af687a 100644 --- a/maven-standard/pom.xml +++ b/maven-standard/pom.xml @@ -25,7 +25,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/plugins/acl/static-role-based/pom.xml b/plugins/acl/static-role-based/pom.xml index 42f1b2437f..da77fa0d88 100644 --- a/plugins/acl/static-role-based/pom.xml +++ b/plugins/acl/static-role-based/pom.xml @@ -26,7 +26,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/affinity-group-processors/explicit-dedication/pom.xml b/plugins/affinity-group-processors/explicit-dedication/pom.xml index c1121aefb9..1f4499f121 100644 --- a/plugins/affinity-group-processors/explicit-dedication/pom.xml +++ b/plugins/affinity-group-processors/explicit-dedication/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/affinity-group-processors/host-anti-affinity/pom.xml b/plugins/affinity-group-processors/host-anti-affinity/pom.xml index 42d7238eb1..584b40beca 100644 --- a/plugins/affinity-group-processors/host-anti-affinity/pom.xml +++ b/plugins/affinity-group-processors/host-anti-affinity/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/alert-handlers/snmp-alerts/pom.xml b/plugins/alert-handlers/snmp-alerts/pom.xml index 8adcb84b8e..162f81fb90 100644 --- a/plugins/alert-handlers/snmp-alerts/pom.xml +++ b/plugins/alert-handlers/snmp-alerts/pom.xml @@ -22,7 +22,7 @@ cloudstack-plugins org.apache.cloudstack - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml 4.0.0 diff --git a/plugins/alert-handlers/syslog-alerts/pom.xml b/plugins/alert-handlers/syslog-alerts/pom.xml index 5ba3d73fd4..f8f7dcf381 100644 --- a/plugins/alert-handlers/syslog-alerts/pom.xml +++ b/plugins/alert-handlers/syslog-alerts/pom.xml @@ -22,7 +22,7 @@ cloudstack-plugins org.apache.cloudstack - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml 4.0.0 diff --git a/plugins/api/discovery/pom.xml b/plugins/api/discovery/pom.xml index 5dc2844c06..be7faafe8a 100644 --- a/plugins/api/discovery/pom.xml +++ b/plugins/api/discovery/pom.xml @@ -26,7 +26,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/api/rate-limit/pom.xml b/plugins/api/rate-limit/pom.xml index 3686a6ac55..0691492a12 100644 --- a/plugins/api/rate-limit/pom.xml +++ b/plugins/api/rate-limit/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/api/solidfire-intg-test/pom.xml b/plugins/api/solidfire-intg-test/pom.xml index 9f5a9bcbe2..c21764c970 100644 --- a/plugins/api/solidfire-intg-test/pom.xml +++ b/plugins/api/solidfire-intg-test/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/database/mysql-ha/pom.xml b/plugins/database/mysql-ha/pom.xml index ea40dc510b..b92c26cc42 100644 --- a/plugins/database/mysql-ha/pom.xml +++ b/plugins/database/mysql-ha/pom.xml @@ -15,7 +15,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/database/quota/pom.xml b/plugins/database/quota/pom.xml index b1c25948bd..b9f3aa2b0f 100644 --- a/plugins/database/quota/pom.xml +++ b/plugins/database/quota/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/dedicated-resources/pom.xml b/plugins/dedicated-resources/pom.xml index 877c1389e2..dd8bbf49e9 100644 --- a/plugins/dedicated-resources/pom.xml +++ b/plugins/dedicated-resources/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/plugins/deployment-planners/implicit-dedication/pom.xml b/plugins/deployment-planners/implicit-dedication/pom.xml index d37b26899c..807c09fd00 100644 --- a/plugins/deployment-planners/implicit-dedication/pom.xml +++ b/plugins/deployment-planners/implicit-dedication/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/deployment-planners/user-concentrated-pod/pom.xml b/plugins/deployment-planners/user-concentrated-pod/pom.xml index 7e67317131..a4c1216103 100644 --- a/plugins/deployment-planners/user-concentrated-pod/pom.xml +++ b/plugins/deployment-planners/user-concentrated-pod/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/deployment-planners/user-dispersing/pom.xml b/plugins/deployment-planners/user-dispersing/pom.xml index 9543978210..17142c45b7 100644 --- a/plugins/deployment-planners/user-dispersing/pom.xml +++ b/plugins/deployment-planners/user-dispersing/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/event-bus/inmemory/pom.xml b/plugins/event-bus/inmemory/pom.xml index 5e4e10644b..d1f121abda 100644 --- a/plugins/event-bus/inmemory/pom.xml +++ b/plugins/event-bus/inmemory/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/event-bus/kafka/pom.xml b/plugins/event-bus/kafka/pom.xml index 6bec4e48d2..5872a09351 100644 --- a/plugins/event-bus/kafka/pom.xml +++ b/plugins/event-bus/kafka/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/event-bus/rabbitmq/pom.xml b/plugins/event-bus/rabbitmq/pom.xml index 8ece206803..13b9c113bb 100644 --- a/plugins/event-bus/rabbitmq/pom.xml +++ b/plugins/event-bus/rabbitmq/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/file-systems/netapp/pom.xml b/plugins/file-systems/netapp/pom.xml index 3c50ca799d..e0f0f3180d 100644 --- a/plugins/file-systems/netapp/pom.xml +++ b/plugins/file-systems/netapp/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/ha-planners/skip-heurestics/pom.xml b/plugins/ha-planners/skip-heurestics/pom.xml index 1f239e9a54..d632b30b1a 100644 --- a/plugins/ha-planners/skip-heurestics/pom.xml +++ b/plugins/ha-planners/skip-heurestics/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/host-allocators/random/pom.xml b/plugins/host-allocators/random/pom.xml index c5ca443269..19e61237e8 100644 --- a/plugins/host-allocators/random/pom.xml +++ b/plugins/host-allocators/random/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/hypervisors/baremetal/pom.xml b/plugins/hypervisors/baremetal/pom.xml index 3e67903e35..5e6c451246 100755 --- a/plugins/hypervisors/baremetal/pom.xml +++ b/plugins/hypervisors/baremetal/pom.xml @@ -21,7 +21,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml cloud-plugin-hypervisor-baremetal diff --git a/plugins/hypervisors/hyperv/pom.xml b/plugins/hypervisors/hyperv/pom.xml index 01613ba422..5b593974fb 100644 --- a/plugins/hypervisors/hyperv/pom.xml +++ b/plugins/hypervisors/hyperv/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/hypervisors/kvm/pom.xml b/plugins/hypervisors/kvm/pom.xml index eb8d9b9e1e..971e2103f8 100644 --- a/plugins/hypervisors/kvm/pom.xml +++ b/plugins/hypervisors/kvm/pom.xml @@ -15,7 +15,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/hypervisors/ovm/pom.xml b/plugins/hypervisors/ovm/pom.xml index 4ed8e001c1..04f4b22b87 100644 --- a/plugins/hypervisors/ovm/pom.xml +++ b/plugins/hypervisors/ovm/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/hypervisors/ovm3/pom.xml b/plugins/hypervisors/ovm3/pom.xml index 1f479e99e7..3d53dc2d0a 100644 --- a/plugins/hypervisors/ovm3/pom.xml +++ b/plugins/hypervisors/ovm3/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/hypervisors/simulator/pom.xml b/plugins/hypervisors/simulator/pom.xml index 569d8c919d..0d343399da 100644 --- a/plugins/hypervisors/simulator/pom.xml +++ b/plugins/hypervisors/simulator/pom.xml @@ -22,7 +22,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml cloud-plugin-hypervisor-simulator diff --git a/plugins/hypervisors/ucs/pom.xml b/plugins/hypervisors/ucs/pom.xml index 3d8b0bb620..dca3cefa00 100755 --- a/plugins/hypervisors/ucs/pom.xml +++ b/plugins/hypervisors/ucs/pom.xml @@ -15,7 +15,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml cloud-plugin-hypervisor-ucs diff --git a/plugins/hypervisors/vmware/pom.xml b/plugins/hypervisors/vmware/pom.xml index 93f03c2688..88afdddb69 100644 --- a/plugins/hypervisors/vmware/pom.xml +++ b/plugins/hypervisors/vmware/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/hypervisors/xenserver/pom.xml b/plugins/hypervisors/xenserver/pom.xml index 2f51e5ada5..39b4d44e80 100644 --- a/plugins/hypervisors/xenserver/pom.xml +++ b/plugins/hypervisors/xenserver/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/network-elements/bigswitch/pom.xml b/plugins/network-elements/bigswitch/pom.xml index 15ce4e64f8..4bec331900 100644 --- a/plugins/network-elements/bigswitch/pom.xml +++ b/plugins/network-elements/bigswitch/pom.xml @@ -25,7 +25,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/network-elements/brocade-vcs/pom.xml b/plugins/network-elements/brocade-vcs/pom.xml index d613ea398d..5483994b84 100644 --- a/plugins/network-elements/brocade-vcs/pom.xml +++ b/plugins/network-elements/brocade-vcs/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/network-elements/cisco-vnmc/pom.xml b/plugins/network-elements/cisco-vnmc/pom.xml index 373246ba2b..5cbb1ce160 100644 --- a/plugins/network-elements/cisco-vnmc/pom.xml +++ b/plugins/network-elements/cisco-vnmc/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/network-elements/dns-notifier/pom.xml b/plugins/network-elements/dns-notifier/pom.xml index 553d287096..c0398f36a4 100644 --- a/plugins/network-elements/dns-notifier/pom.xml +++ b/plugins/network-elements/dns-notifier/pom.xml @@ -22,7 +22,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml cloud-plugin-example-dns-notifier diff --git a/plugins/network-elements/elastic-loadbalancer/pom.xml b/plugins/network-elements/elastic-loadbalancer/pom.xml index f241aab127..983a3dccc4 100644 --- a/plugins/network-elements/elastic-loadbalancer/pom.xml +++ b/plugins/network-elements/elastic-loadbalancer/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/network-elements/f5/pom.xml b/plugins/network-elements/f5/pom.xml index 72888dde7a..3ea65eeeb7 100644 --- a/plugins/network-elements/f5/pom.xml +++ b/plugins/network-elements/f5/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/network-elements/globodns/pom.xml b/plugins/network-elements/globodns/pom.xml index a0095ead77..4f848d3432 100644 --- a/plugins/network-elements/globodns/pom.xml +++ b/plugins/network-elements/globodns/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/network-elements/internal-loadbalancer/pom.xml b/plugins/network-elements/internal-loadbalancer/pom.xml index f0afcb610c..df59c2fba4 100644 --- a/plugins/network-elements/internal-loadbalancer/pom.xml +++ b/plugins/network-elements/internal-loadbalancer/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/network-elements/juniper-contrail/pom.xml b/plugins/network-elements/juniper-contrail/pom.xml index c879d03b0f..c979152ab8 100644 --- a/plugins/network-elements/juniper-contrail/pom.xml +++ b/plugins/network-elements/juniper-contrail/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/network-elements/juniper-srx/pom.xml b/plugins/network-elements/juniper-srx/pom.xml index 56bd3f9c3e..27d9ed4894 100644 --- a/plugins/network-elements/juniper-srx/pom.xml +++ b/plugins/network-elements/juniper-srx/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/network-elements/midonet/pom.xml b/plugins/network-elements/midonet/pom.xml index c54a08c849..f81e79d8df 100644 --- a/plugins/network-elements/midonet/pom.xml +++ b/plugins/network-elements/midonet/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/network-elements/netscaler/pom.xml b/plugins/network-elements/netscaler/pom.xml index ffae0ff393..05eea47e54 100644 --- a/plugins/network-elements/netscaler/pom.xml +++ b/plugins/network-elements/netscaler/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/network-elements/nicira-nvp/pom.xml b/plugins/network-elements/nicira-nvp/pom.xml index 002b09757c..aeeff0ff3a 100644 --- a/plugins/network-elements/nicira-nvp/pom.xml +++ b/plugins/network-elements/nicira-nvp/pom.xml @@ -26,7 +26,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml @@ -34,7 +34,7 @@ org.apache.cloudstack cloud-utils - 4.7.1-SNAPSHOT + 4.7.1 test-jar test diff --git a/plugins/network-elements/nuage-vsp/pom.xml b/plugins/network-elements/nuage-vsp/pom.xml index 25505b4575..93e5dfeaf5 100644 --- a/plugins/network-elements/nuage-vsp/pom.xml +++ b/plugins/network-elements/nuage-vsp/pom.xml @@ -25,7 +25,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/network-elements/opendaylight/pom.xml b/plugins/network-elements/opendaylight/pom.xml index 6e78d488cf..fb5879daca 100644 --- a/plugins/network-elements/opendaylight/pom.xml +++ b/plugins/network-elements/opendaylight/pom.xml @@ -25,7 +25,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/network-elements/ovs/pom.xml b/plugins/network-elements/ovs/pom.xml index 575f931098..44c3d90873 100644 --- a/plugins/network-elements/ovs/pom.xml +++ b/plugins/network-elements/ovs/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/network-elements/palo-alto/pom.xml b/plugins/network-elements/palo-alto/pom.xml index cd1b615530..539622181d 100644 --- a/plugins/network-elements/palo-alto/pom.xml +++ b/plugins/network-elements/palo-alto/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/network-elements/stratosphere-ssp/pom.xml b/plugins/network-elements/stratosphere-ssp/pom.xml index 7f521dcdca..c6d8d7b9f8 100644 --- a/plugins/network-elements/stratosphere-ssp/pom.xml +++ b/plugins/network-elements/stratosphere-ssp/pom.xml @@ -25,7 +25,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/network-elements/vxlan/pom.xml b/plugins/network-elements/vxlan/pom.xml index 277c3a43a9..6c202ef4f5 100644 --- a/plugins/network-elements/vxlan/pom.xml +++ b/plugins/network-elements/vxlan/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/pom.xml b/plugins/pom.xml index 1a0992b0b6..cba8a10966 100755 --- a/plugins/pom.xml +++ b/plugins/pom.xml @@ -26,7 +26,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 diff --git a/plugins/storage-allocators/random/pom.xml b/plugins/storage-allocators/random/pom.xml index 18c6e93d08..a9e076998d 100644 --- a/plugins/storage-allocators/random/pom.xml +++ b/plugins/storage-allocators/random/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/storage/image/default/pom.xml b/plugins/storage/image/default/pom.xml index 1547778d6b..a9d3b71f17 100644 --- a/plugins/storage/image/default/pom.xml +++ b/plugins/storage/image/default/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../../pom.xml diff --git a/plugins/storage/image/s3/pom.xml b/plugins/storage/image/s3/pom.xml index da59d2dcd1..e11d3f7950 100644 --- a/plugins/storage/image/s3/pom.xml +++ b/plugins/storage/image/s3/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../../pom.xml diff --git a/plugins/storage/image/sample/pom.xml b/plugins/storage/image/sample/pom.xml index 0a3fb86617..8a4ed02415 100644 --- a/plugins/storage/image/sample/pom.xml +++ b/plugins/storage/image/sample/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../../pom.xml diff --git a/plugins/storage/image/swift/pom.xml b/plugins/storage/image/swift/pom.xml index cdeff3b2ff..a829452deb 100644 --- a/plugins/storage/image/swift/pom.xml +++ b/plugins/storage/image/swift/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../../pom.xml diff --git a/plugins/storage/volume/cloudbyte/pom.xml b/plugins/storage/volume/cloudbyte/pom.xml index bc7f403ac6..d5d3ccc417 100755 --- a/plugins/storage/volume/cloudbyte/pom.xml +++ b/plugins/storage/volume/cloudbyte/pom.xml @@ -26,7 +26,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../../pom.xml diff --git a/plugins/storage/volume/default/pom.xml b/plugins/storage/volume/default/pom.xml index 0aa4d494f7..4d860cda23 100644 --- a/plugins/storage/volume/default/pom.xml +++ b/plugins/storage/volume/default/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../../pom.xml diff --git a/plugins/storage/volume/nexenta/pom.xml b/plugins/storage/volume/nexenta/pom.xml index aac678e8ee..2eefaad5c1 100644 --- a/plugins/storage/volume/nexenta/pom.xml +++ b/plugins/storage/volume/nexenta/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../../pom.xml diff --git a/plugins/storage/volume/sample/pom.xml b/plugins/storage/volume/sample/pom.xml index 31b19d1ac3..3b35c71ba7 100644 --- a/plugins/storage/volume/sample/pom.xml +++ b/plugins/storage/volume/sample/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../../pom.xml diff --git a/plugins/storage/volume/solidfire/pom.xml b/plugins/storage/volume/solidfire/pom.xml index 1c6b4db9db..bf2c3fb37c 100644 --- a/plugins/storage/volume/solidfire/pom.xml +++ b/plugins/storage/volume/solidfire/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../../pom.xml diff --git a/plugins/user-authenticators/ldap/pom.xml b/plugins/user-authenticators/ldap/pom.xml index 04c212e5a4..492396c9d1 100644 --- a/plugins/user-authenticators/ldap/pom.xml +++ b/plugins/user-authenticators/ldap/pom.xml @@ -15,7 +15,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/user-authenticators/md5/pom.xml b/plugins/user-authenticators/md5/pom.xml index b769e3e2bf..a6cb93bcc2 100644 --- a/plugins/user-authenticators/md5/pom.xml +++ b/plugins/user-authenticators/md5/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/user-authenticators/pbkdf2/pom.xml b/plugins/user-authenticators/pbkdf2/pom.xml index 83635d110b..8a645d48f4 100644 --- a/plugins/user-authenticators/pbkdf2/pom.xml +++ b/plugins/user-authenticators/pbkdf2/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/user-authenticators/plain-text/pom.xml b/plugins/user-authenticators/plain-text/pom.xml index e0425d09db..140f2b73b0 100644 --- a/plugins/user-authenticators/plain-text/pom.xml +++ b/plugins/user-authenticators/plain-text/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/user-authenticators/saml2/pom.xml b/plugins/user-authenticators/saml2/pom.xml index 2fec087ac9..faaca622a1 100644 --- a/plugins/user-authenticators/saml2/pom.xml +++ b/plugins/user-authenticators/saml2/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/plugins/user-authenticators/sha256salted/pom.xml b/plugins/user-authenticators/sha256salted/pom.xml index 912fba94f9..c008781c68 100644 --- a/plugins/user-authenticators/sha256salted/pom.xml +++ b/plugins/user-authenticators/sha256salted/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-plugins - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/pom.xml b/pom.xml index 7bea7536e6..6ed461957f 100644 --- a/pom.xml +++ b/pom.xml @@ -30,7 +30,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 pom Apache CloudStack Apache CloudStack is an IaaS (“Infrastructure as a Service”) cloud orchestration platform. diff --git a/quickcloud/pom.xml b/quickcloud/pom.xml index f3cd5533eb..61a8567556 100644 --- a/quickcloud/pom.xml +++ b/quickcloud/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloud-maven-standard - 4.7.1-SNAPSHOT + 4.7.1 ../maven-standard/pom.xml diff --git a/server/pom.xml b/server/pom.xml index 8f0f57b627..b88a13f65d 100644 --- a/server/pom.xml +++ b/server/pom.xml @@ -15,7 +15,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 diff --git a/services/console-proxy-rdp/rdpconsole/pom.xml b/services/console-proxy-rdp/rdpconsole/pom.xml index db5d9060e7..b4b95af911 100755 --- a/services/console-proxy-rdp/rdpconsole/pom.xml +++ b/services/console-proxy-rdp/rdpconsole/pom.xml @@ -27,7 +27,7 @@ org.apache.cloudstack cloudstack-services - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/services/console-proxy/plugin/pom.xml b/services/console-proxy/plugin/pom.xml index 69534d7b26..0597ea057d 100644 --- a/services/console-proxy/plugin/pom.xml +++ b/services/console-proxy/plugin/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-service-console-proxy - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/services/console-proxy/pom.xml b/services/console-proxy/pom.xml index 9d56ad2263..baf14fc089 100644 --- a/services/console-proxy/pom.xml +++ b/services/console-proxy/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloudstack-services - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/services/console-proxy/server/pom.xml b/services/console-proxy/server/pom.xml index 227cb338bb..25a6cfe850 100644 --- a/services/console-proxy/server/pom.xml +++ b/services/console-proxy/server/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-service-console-proxy - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/services/iam/plugin/pom.xml b/services/iam/plugin/pom.xml index 20fff97bb4..3fb525987d 100644 --- a/services/iam/plugin/pom.xml +++ b/services/iam/plugin/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-service-iam - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/services/iam/server/pom.xml b/services/iam/server/pom.xml index 1df5f68d7a..958aebf5e5 100644 --- a/services/iam/server/pom.xml +++ b/services/iam/server/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-service-iam - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/services/pom.xml b/services/pom.xml index d37740ef58..b397bfe743 100644 --- a/services/pom.xml +++ b/services/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/services/secondary-storage/controller/pom.xml b/services/secondary-storage/controller/pom.xml index a2e329b04e..bf634ebe1b 100644 --- a/services/secondary-storage/controller/pom.xml +++ b/services/secondary-storage/controller/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-service-secondary-storage - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/services/secondary-storage/pom.xml b/services/secondary-storage/pom.xml index 2ca16230f7..b79fcaf1e1 100644 --- a/services/secondary-storage/pom.xml +++ b/services/secondary-storage/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloudstack-services - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/services/secondary-storage/server/pom.xml b/services/secondary-storage/server/pom.xml index 04c97d4dd4..2e9050503d 100644 --- a/services/secondary-storage/server/pom.xml +++ b/services/secondary-storage/server/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack-service-secondary-storage - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/systemvm/pom.xml b/systemvm/pom.xml index bcaf004285..1ae74508cc 100644 --- a/systemvm/pom.xml +++ b/systemvm/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/test/pom.xml b/test/pom.xml index 9f6d80735d..3c8cb0dc68 100644 --- a/test/pom.xml +++ b/test/pom.xml @@ -23,7 +23,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 diff --git a/tools/apidoc/pom.xml b/tools/apidoc/pom.xml index ddd04c3700..11f23e07ee 100644 --- a/tools/apidoc/pom.xml +++ b/tools/apidoc/pom.xml @@ -17,7 +17,7 @@ org.apache.cloudstack cloud-tools - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/tools/checkstyle/pom.xml b/tools/checkstyle/pom.xml index 88e1aea450..a151d20e5f 100644 --- a/tools/checkstyle/pom.xml +++ b/tools/checkstyle/pom.xml @@ -24,7 +24,7 @@ Apache CloudStack Developer Tools - Checkstyle Configuration org.apache.cloudstack checkstyle - 4.7.1-SNAPSHOT + 4.7.1 diff --git a/tools/devcloud-kvm/pom.xml b/tools/devcloud-kvm/pom.xml index 177fc009cd..ffc33f9c11 100644 --- a/tools/devcloud-kvm/pom.xml +++ b/tools/devcloud-kvm/pom.xml @@ -17,7 +17,7 @@ org.apache.cloudstack cloud-tools - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/tools/devcloud/pom.xml b/tools/devcloud/pom.xml index ba22c4de94..ddceed232b 100644 --- a/tools/devcloud/pom.xml +++ b/tools/devcloud/pom.xml @@ -17,7 +17,7 @@ org.apache.cloudstack cloud-tools - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/tools/devcloud4/pom.xml b/tools/devcloud4/pom.xml index 171bc3a52e..2abea02180 100644 --- a/tools/devcloud4/pom.xml +++ b/tools/devcloud4/pom.xml @@ -17,7 +17,7 @@ org.apache.cloudstack cloud-tools - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/tools/marvin/pom.xml b/tools/marvin/pom.xml index edbae3fae8..e2f47b1d11 100644 --- a/tools/marvin/pom.xml +++ b/tools/marvin/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloud-tools - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/tools/marvin/setup.py b/tools/marvin/setup.py index d3ed356fff..6d540a66b6 100644 --- a/tools/marvin/setup.py +++ b/tools/marvin/setup.py @@ -27,7 +27,7 @@ raise RuntimeError("python setuptools is required to build Marvin") -VERSION = "4.7.1-SNAPSHOT" +VERSION = "4.7.1" setup(name="Marvin", version=VERSION, diff --git a/tools/pom.xml b/tools/pom.xml index 8e1521ada9..b8c5b299cb 100644 --- a/tools/pom.xml +++ b/tools/pom.xml @@ -27,7 +27,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/tools/wix-cloudstack-maven-plugin/pom.xml b/tools/wix-cloudstack-maven-plugin/pom.xml index ddfc780f2d..ec3c5cbcab 100644 --- a/tools/wix-cloudstack-maven-plugin/pom.xml +++ b/tools/wix-cloudstack-maven-plugin/pom.xml @@ -16,7 +16,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 ../../pom.xml diff --git a/usage/pom.xml b/usage/pom.xml index c3624f9365..a4bbd14914 100644 --- a/usage/pom.xml +++ b/usage/pom.xml @@ -15,7 +15,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 diff --git a/utils/pom.xml b/utils/pom.xml index 5c686cb4d4..f22e61da99 100755 --- a/utils/pom.xml +++ b/utils/pom.xml @@ -26,7 +26,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 ../pom.xml diff --git a/vmware-base/pom.xml b/vmware-base/pom.xml index d09b2a6e21..c7aa54ef4b 100644 --- a/vmware-base/pom.xml +++ b/vmware-base/pom.xml @@ -24,7 +24,7 @@ org.apache.cloudstack cloudstack - 4.7.1-SNAPSHOT + 4.7.1 From 79b11cfd295f2eb0186c6e96c706b77d6846df5a Mon Sep 17 00:00:00 2001 From: Wei Zhou Date: Mon, 25 Jan 2016 15:32:29 +0100 Subject: [PATCH 02/22] Fix issue in scale VM to dynamic service offering This reverts commit 9c4162ac7f451fc3e2155418dcfff224c8c08a4a and 16baa1289b7de383e98d0070717b3f1873fa2db3 Before change: exception when change compute offering (to dynamic service offering) on UI After change: succeed --- .../api/command/user/vm/ScaleVMCmd.java | 21 +++++++++++++++++-- .../api/command/user/vm/UpgradeVMCmd.java | 16 +++++++++++++- 2 files changed, 34 insertions(+), 3 deletions(-) diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java index e4c2f7d633..661100b533 100644 --- a/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java @@ -16,6 +16,9 @@ // under the License. package org.apache.cloudstack.api.command.user.vm; +import java.util.Collection; +import java.util.HashMap; +import java.util.Iterator; import java.util.List; import java.util.Map; @@ -78,8 +81,22 @@ public Long getServiceOfferingId() { return serviceOfferingId; } + //instead of reading a map directly we are using collections. + //it is because details.values() cannot be cast to a map. + //it gives a exception public Map getDetails() { - return details; + Map customparameterMap = new HashMap(); + if (details != null && details.size() != 0) { + Collection parameterCollection = details.values(); + Iterator iter = parameterCollection.iterator(); + while (iter.hasNext()) { + HashMap value = (HashMap)iter.next(); + for (String key : value.keySet()) { + customparameterMap.put(key, value.get(key)); + } + } + } + return customparameterMap; } ///////////////////////////////////////////////////// @@ -142,4 +159,4 @@ public void execute() { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to scale vm"); } } -} +} \ No newline at end of file diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java index bc9c1c8596..b10555556b 100644 --- a/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java @@ -16,6 +16,9 @@ // under the License. package org.apache.cloudstack.api.command.user.vm; +import java.util.Collection; +import java.util.HashMap; +import java.util.Iterator; import java.util.Map; import org.apache.log4j.Logger; @@ -77,7 +80,18 @@ public Long getServiceOfferingId() { } public Map getDetails() { - return details; + Map customparameterMap = new HashMap(); + if (details != null && details.size() != 0) { + Collection parameterCollection = details.values(); + Iterator iter = parameterCollection.iterator(); + while (iter.hasNext()) { + HashMap value = (HashMap)iter.next(); + for (String key : value.keySet()) { + customparameterMap.put(key, value.get(key)); + } + } + } + return customparameterMap; } ///////////////////////////////////////////////////// From 77aa2e1bb79a1fb95bf7c878874374a0a8bc069d Mon Sep 17 00:00:00 2001 From: "dean.close" Date: Mon, 9 May 2016 11:34:47 +0100 Subject: [PATCH 03/22] CLOUDSTACK-6975: Prevent dnsmasq from starting on backup redundant RvR. --- systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py index 023b180cf2..3f102e6e28 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py @@ -54,7 +54,8 @@ def process(self): self.cloud.commit() # We restart DNSMASQ every time the configure.py is called in order to avoid lease problems. - CsHelper.service("dnsmasq", "restart") + if not self.cl.is_redundant() or self.cl.is_master(): + CsHelper.service("dnsmasq", "restart") def configure_server(self): # self.conf.addeq("dhcp-hostsfile=%s" % DHCP_HOSTS) From caed9f7f7f34cbdad947cc4bdcf734e9d4ae97b6 Mon Sep 17 00:00:00 2001 From: Remi Bergsma Date: Sat, 20 Feb 2016 20:05:48 +0100 Subject: [PATCH 04/22] 1363,1514 patches applied --- .../debian/config/opt/cloud/bin/configure.py | 4 ++ .../config/opt/cloud/bin/cs/CsRedundant.py | 10 +++-- .../config/opt/cloud/bin/cs/CsStaticRoutes.py | 42 +++++++++++++++++++ 3 files changed, 53 insertions(+), 3 deletions(-) create mode 100755 systemvm/patches/debian/config/opt/cloud/bin/cs/CsStaticRoutes.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index 8d00bdf141..0f54b73e51 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -42,6 +42,7 @@ from cs.CsLoadBalancer import CsLoadBalancer from cs.CsConfig import CsConfig from cs.CsProcess import CsProcess +from cs.CsStaticRoutes import CsStaticRoutes class CsPassword(CsDataBag): @@ -74,6 +75,7 @@ def __update(self, vm_ip, password): logging.debug("Update password server result ==> %s" % result) +<<<<<<< HEAD class CsStaticRoutes(CsDataBag): def process(self): @@ -95,6 +97,8 @@ def __update(self, route): result = CsHelper.execute(route_command) +======= +>>>>>>> b9feb39... apply static routes on change to master state class CsAcl(CsDataBag): """ Deal with Network acls diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py index 77d0a6b9cc..3434611e64 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py @@ -38,6 +38,7 @@ from CsApp import CsPasswdSvc from CsAddress import CsDevice from CsRoute import CsRoute +from CsStaticRoutes import CsStaticRoutes import socket from time import sleep @@ -298,9 +299,9 @@ def set_master(self): continue dev = ip.get_device() logging.info("Will proceed configuring device ==> %s" % dev) - cmd2 = "ip link set %s up" % dev + cmd = "ip link set %s up" % dev if CsDevice(dev, self.config).waitfordevice(): - CsHelper.execute(cmd2) + CsHelper.execute(cmd) logging.info("Bringing public interface %s up" % dev) try: @@ -312,7 +313,10 @@ def set_master(self): else: logging.error("Device %s was not ready could not bring it up" % dev) - # ip route add default via $gw table Table_$dev proto static + logging.debug("Configuring static routes") + static_routes = CsStaticRoutes("staticroutes", self.config) + static_routes.process() + cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -c" % cmd) CsHelper.execute("%s -f" % cmd) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsStaticRoutes.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsStaticRoutes.py new file mode 100755 index 0000000000..57b259aabc --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsStaticRoutes.py @@ -0,0 +1,42 @@ +#!/usr/bin/python +# -- coding: utf-8 -- +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +from CsDatabag import CsDataBag +from CsRedundant import * + + +class CsStaticRoutes(CsDataBag): + + def process(self): + logging.debug("Processing CsStaticRoutes file ==> %s" % self.dbag) + for item in self.dbag: + if item == "id": + continue + self.__update(self.dbag[item]) + + def __update(self, route): + if route['revoke']: + command = "ip route del %s via %s" % (route['network'], route['gateway']) + CsHelper.execute(command) + else: + command = "ip route show | grep %s | awk '{print $1, $3}'" % route['network'] + result = CsHelper.execute(command) + if not result: + route_command = "ip route add %s via %s" % (route['network'], route['gateway']) + CsHelper.execute(route_command) \ No newline at end of file From a8f45bee0f29c382f339f5fc23d7acba872f1ccf Mon Sep 17 00:00:00 2001 From: root Date: Tue, 9 Aug 2016 11:18:53 +0530 Subject: [PATCH 05/22] applied 1472 applied --- .../debian/config/opt/cloud/bin/configure.py | 75 ++++++------------- .../config/opt/cloud/bin/cs/CsStaticRoutes.py | 2 +- 2 files changed, 25 insertions(+), 52 deletions(-) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index 0f54b73e51..0f16b1bf80 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -75,30 +75,6 @@ def __update(self, vm_ip, password): logging.debug("Update password server result ==> %s" % result) -<<<<<<< HEAD -class CsStaticRoutes(CsDataBag): - - def process(self): - logging.debug("Processing CsStaticRoutes file ==> %s" % self.dbag) - for item in self.dbag: - if item == "id": - continue - self.__update(self.dbag[item]) - - def __update(self, route): - if route['revoke']: - command = "route del -net %s gw %s" % (route['network'], route['gateway']) - result = CsHelper.execute(command) - else: - command = "ip route show | grep %s | awk '{print $1, $3}'" % route['network'] - result = CsHelper.execute(command) - if not result: - route_command = "route add -net %s gw %s" % (route['network'], route['gateway']) - result = CsHelper.execute(route_command) - - -======= ->>>>>>> b9feb39... apply static routes on change to master state class CsAcl(CsDataBag): """ Deal with Network acls @@ -943,26 +919,6 @@ def main(argv): metadata = CsVmMetadata('vmdata', config) metadata.process() - # Always run both CsAcl().process() methods - # They fill the base rules in config.fw[] - acls = CsAcl('networkacl', config) - acls.process() - - acls = CsAcl('firewallrules', config) - acls.process() - - fwd = CsForwardingRules("forwardingrules", config) - fwd.process() - - vpns = CsSite2SiteVpn("site2sitevpn", config) - vpns.process() - - rvpn = CsRemoteAccessVpn("remoteaccessvpn", config) - rvpn.process() - - lb = CsLoadBalancer("loadbalancer", config) - lb.process() - if process_file in ["cmd_line.json", "network_acl.json"]: logging.debug("Configuring networkacl") iptables_change = True @@ -1004,10 +960,34 @@ def main(argv): # If iptable rules have changed, apply them. if iptables_change: + acls = CsAcl('networkacl', config) + acls.process() + + acls = CsAcl('firewallrules', config) + acls.process() + + fwd = CsForwardingRules("forwardingrules", config) + fwd.process() + + vpns = CsSite2SiteVpn("site2sitevpn", config) + vpns.process() + + rvpn = CsRemoteAccessVpn("remoteaccessvpn", config) + rvpn.process() + + lb = CsLoadBalancer("loadbalancer", config) + lb.process() + logging.debug("Configuring iptables rules") nf = CsNetfilters() nf.compare(config.get_fw()) + logging.debug("Configuring iptables rules done ...saving rules") + + # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local + CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4") + CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6") + red = CsRedundant(config) red.set() @@ -1016,12 +996,5 @@ def main(argv): static_routes = CsStaticRoutes("staticroutes", config) static_routes.process() - if iptables_change: - logging.debug("Configuring iptables rules done ...saving rules") - - # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local - CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4") - CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6") - if __name__ == "__main__": main(sys.argv) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsStaticRoutes.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsStaticRoutes.py index 57b259aabc..d5f2e0d151 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsStaticRoutes.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsStaticRoutes.py @@ -39,4 +39,4 @@ def __update(self, route): result = CsHelper.execute(command) if not result: route_command = "ip route add %s via %s" % (route['network'], route['gateway']) - CsHelper.execute(route_command) \ No newline at end of file + CsHelper.execute(route_command) From e7d40672707221ae62ce9ee8f4fb211289508eb1 Mon Sep 17 00:00:00 2001 From: kollyma Date: Mon, 11 Apr 2016 20:58:03 +0200 Subject: [PATCH 06/22] speedup iptables by prefetching the variables --- .../debian/config/opt/cloud/bin/configure.py | 37 +++++++++++-------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index 0f16b1bf80..fd88ff520d 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -755,41 +755,46 @@ def processForwardRule(self, rule): self.forward_vr(rule) def forward_vr(self, rule): + #prefetch iptables variables + public_fwinterface = self.getDeviceByIp(rule['public_ip']) + internal_fwinterface = self.getDeviceByIp(rule['internal_ip']) + public_fwports = self.portsToString(rule['public_ports'], ':') + internal_fwports = self.portsToString(rule['internal_ports'], '-') fw1 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \ ( rule['public_ip'], - self.getDeviceByIp(rule['public_ip']), + public_fwinterface, rule['protocol'], rule['protocol'], - self.portsToString(rule['public_ports'], ':'), + public_fwports, rule['internal_ip'], - self.portsToString(rule['internal_ports'], '-') + internal_fwports ) fw2 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \ ( rule['public_ip'], - self.getDeviceByIp(rule['internal_ip']), + internal_fwinterface, rule['protocol'], rule['protocol'], - self.portsToString(rule['public_ports'], ':'), + public_fwports, rule['internal_ip'], - self.portsToString(rule['internal_ports'], '-') + internal_fwports ) fw3 = "-A OUTPUT -d %s/32 -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \ ( rule['public_ip'], rule['protocol'], rule['protocol'], - self.portsToString(rule['public_ports'], ':'), + public_fwports, rule['internal_ip'], - self.portsToString(rule['internal_ports'], '-') + internal_fwports ) fw4 = "-j SNAT --to-source %s -A POSTROUTING -s %s -d %s/32 -o %s -p %s -m %s --dport %s" % \ ( self.getGuestIp(), self.getNetworkByIp(rule['internal_ip']), rule['internal_ip'], - self.getDeviceByIp(rule['internal_ip']), + internal_fwinterface, rule['protocol'], rule['protocol'], self.portsToString(rule['internal_ports'], ':') @@ -797,24 +802,24 @@ def forward_vr(self, rule): fw5 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j MARK --set-xmark %s/0xffffffff" % \ ( rule['public_ip'], - self.getDeviceByIp(rule['public_ip']), + public_fwinterface, rule['protocol'], rule['protocol'], - self.portsToString(rule['public_ports'], ':'), - hex(int(self.getDeviceByIp(rule['public_ip'])[3:])) + public_fwports, + hex(int(public_fwinterface[3:])) ) fw6 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % \ ( rule['public_ip'], - self.getDeviceByIp(rule['public_ip']), + public_fwinterface, rule['protocol'], rule['protocol'], - self.portsToString(rule['public_ports'], ':'), + public_fwports, ) fw7 = "-A FORWARD -i %s -o %s -p %s -m %s --dport %s -m state --state NEW,ESTABLISHED -j ACCEPT" % \ ( - self.getDeviceByIp(rule['public_ip']), - self.getDeviceByIp(rule['internal_ip']), + public_fwinterface, + internal_fwinterface, rule['protocol'], rule['protocol'], self.portsToString(rule['internal_ports'], ':') From 9e4d6b96c9d63cae88f0910fdf2601b24432bfbc Mon Sep 17 00:00:00 2001 From: Syed Date: Tue, 23 Feb 2016 10:14:33 -0500 Subject: [PATCH 07/22] [CLOUDSTACK-9296] Start ipsec for client VPN --- .../debian/config/opt/cloud/bin/configure.py | 1 + .../integration/component/test_vpn_service.py | 212 ++++++++++++++++++ 2 files changed, 213 insertions(+) create mode 100644 test/integration/component/test_vpn_service.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index fd88ff520d..93c2f35fb8 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -610,6 +610,7 @@ def process(self): #Enable remote access vpn if vpnconfig['create']: logging.debug("Enabling remote access vpn on "+ public_ip) + CsHelper.start_if_stopped("ipsec") self.configure_l2tpIpsec(public_ip, self.dbag[public_ip]) logging.debug("Remote accessvpn data bag %s", self.dbag) self.remoteaccessvpn_iptables(public_ip, self.dbag[public_ip]) diff --git a/test/integration/component/test_vpn_service.py b/test/integration/component/test_vpn_service.py new file mode 100644 index 0000000000..8d27624b76 --- /dev/null +++ b/test/integration/component/test_vpn_service.py @@ -0,0 +1,212 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +""" P1 tests for VPN service +""" +# Import Local Modules +from nose.plugins.attrib import attr +from marvin.cloudstackException import CloudstackAPIException +from marvin.cloudstackTestCase import cloudstackTestCase +from marvin.lib.base import ( + Account, + ServiceOffering, + VirtualMachine, + PublicIPAddress, + Vpn, + VpnUser, + Configurations, + NATRule + ) +from marvin.lib.common import (get_domain, + get_zone, + get_template + ) +from marvin.lib.utils import cleanup_resources + + +class Services: + """Test VPN Service + """ + + def __init__(self): + self.services = { + "account": { + "email": "test@test.com", + "firstname": "Test", + "lastname": "User", + "username": "test", + # Random characters are appended for unique + # username + "password": "password", + }, + "service_offering": { + "name": "Tiny Instance", + "displaytext": "Tiny Instance", + "cpunumber": 1, + "cpuspeed": 100, # in MHz + "memory": 128, # In MBs + }, + "disk_offering": { + "displaytext": "Small Disk Offering", + "name": "Small Disk Offering", + "disksize": 1 + }, + "virtual_machine": { + "displayname": "TestVM", + "username": "root", + "password": "password", + "ssh_port": 22, + "hypervisor": 'KVM', + "privateport": 22, + "publicport": 22, + "protocol": 'TCP', + }, + "vpn_user": { + "username": "test", + "password": "test", + }, + "natrule": { + "privateport": 1701, + "publicport": 1701, + "protocol": "UDP" + }, + "ostype": 'CentOS 5.5 (64-bit)', + "sleep": 60, + "timeout": 10, + # Networking mode: Advanced, Basic + } + + +class TestVPNService(cloudstackTestCase): + @classmethod + def setUpClass(cls): + cls.testClient = super(TestVPNService, cls).getClsTestClient() + cls.api_client = cls.testClient.getApiClient() + + cls.services = Services().services + # Get Zone, Domain and templates + cls.domain = get_domain(cls.api_client) + cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) + + cls.services["mode"] = cls.zone.networktype + + cls.template = get_template( + cls.api_client, + cls.zone.id, + cls.services["ostype"] + ) + + cls.services["virtual_machine"]["zoneid"] = cls.zone.id + cls.service_offering = ServiceOffering.create( + cls.api_client, + cls.services["service_offering"] + ) + + cls._cleanup = [cls.service_offering, ] + return + + @classmethod + def tearDownClass(cls): + try: + # Cleanup resources used + cleanup_resources(cls.api_client, cls._cleanup) + except Exception as e: + raise Exception("Warning: Exception during cleanup : %s" % e) + return + + def setUp(self): + try: + self.apiclient = self.testClient.getApiClient() + self.dbclient = self.testClient.getDbConnection() + self.account = Account.create( + self.apiclient, + self.services["account"], + domainid=self.domain.id + ) + self.cleanup = [ + self.account, + ] + self.virtual_machine = VirtualMachine.create( + self.apiclient, + self.services["virtual_machine"], + templateid=self.template.id, + accountid=self.account.name, + domainid=self.account.domainid, + serviceofferingid=self.service_offering.id + ) + self.public_ip = PublicIPAddress.create( + self.apiclient, + accountid=self.virtual_machine.account, + zoneid=self.virtual_machine.zoneid, + domainid=self.virtual_machine.domainid, + services=self.services["virtual_machine"] + ) + return + except CloudstackAPIException as e: + self.tearDown() + raise e + + def tearDown(self): + try: + # Clean up, terminate the created instance, volumes and snapshots + cleanup_resources(self.apiclient, self.cleanup) + except Exception as e: + raise Exception("Warning: Exception during cleanup : %s" % e) + return + + def create_VPN(self, public_ip): + """Creates VPN for the network""" + + self.debug("Creating VPN with public IP: %s" % public_ip.ipaddress.id) + try: + # Assign VPN to Public IP + vpn = Vpn.create(self.apiclient, + self.public_ip.ipaddress.id, + account=self.account.name, + domainid=self.account.domainid) + + self.debug("Verifying the remote VPN access") + vpns = Vpn.list(self.apiclient, + publicipid=public_ip.ipaddress.id, + listall=True) + self.assertEqual( + isinstance(vpns, list), + True, + "List VPNs shall return a valid response" + ) + return vpn + except Exception as e: + self.fail("Failed to create remote VPN access: %s" % e) + + + @attr(tags=["advanced", "advancedns"]) + def test_01_VPN_service(self): + """Tests if VPN service is running""" + + # Validate if IPSEC is running on the public + # IP by using ike-scan + + self.create_VPN(self.public_ip) + + cmd = ['ike-scan', self.public_ip, '-s', '4534'] # Random port + + stdout = subprocess.check_output(cmd) + + if "1 returned handshake" not in stdout: + self.fail("Unable to connect to VPN service") + + return From 9ad79208de355a0067c91233415c800d58d478be Mon Sep 17 00:00:00 2001 From: Wilder Rodrigues Date: Sat, 13 Feb 2016 12:59:20 +0100 Subject: [PATCH 08/22] CLOUDSTACK-9287 - Generate new mac address if router is redundant and nic profile exists --- .../src/com/cloud/network/router/NicProfileHelperImpl.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/server/src/com/cloud/network/router/NicProfileHelperImpl.java b/server/src/com/cloud/network/router/NicProfileHelperImpl.java index 4a0faa90ac..2fc5a42211 100644 --- a/server/src/com/cloud/network/router/NicProfileHelperImpl.java +++ b/server/src/com/cloud/network/router/NicProfileHelperImpl.java @@ -85,6 +85,11 @@ public NicProfile createPrivateNicProfileForGateway(final VpcGateway privateGate new NicProfile(privateNic, privateNetwork, privateNic.getBroadcastUri(), privateNic.getIsolationUri(), _networkModel.getNetworkRate( privateNetwork.getId(), router.getId()), _networkModel.isSecurityGroupSupportedInNetwork(privateNetwork), _networkModel.getNetworkTag( router.getHypervisorType(), privateNetwork)); + + if (router.getIsRedundantRouter()) { + String newMacAddress = NetUtils.long2Mac(NetUtils.createSequenceBasedMacAddress(ipVO.getMacAddress())); + privateNicProfile.setMacAddress(newMacAddress); + } } else { final String netmask = NetUtils.getCidrNetmask(privateNetwork.getCidr()); final PrivateIpAddress ip = From 44797e7c5b9bb925169244cbf0fb575ca12c816b Mon Sep 17 00:00:00 2001 From: Wilder Rodrigues Date: Sat, 13 Feb 2016 15:48:30 +0100 Subject: [PATCH 09/22] CLOUDSTACK-9287 - Put private gateway interface down on backup router --- .../config/opt/cloud/bin/cs/CsAddress.py | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py index 1b39b385d4..41b5e9a916 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py @@ -117,6 +117,7 @@ def process(self): else: logging.info( "Address %s on device %s not configured", ip.ip(), dev) + if CsDevice(dev, self.config).waitfordevice(): ip.configure(address) @@ -276,7 +277,7 @@ def configure(self, address): try: logging.info("Configuring address %s on device %s", self.ip(), self.dev) cmd = "ip addr add dev %s %s brd +" % (self.dev, self.ip()) - subprocess.call(cmd, shell=True) + CsHelper.execute(cmd) except Exception as e: logging.info("Exception occurred ==> %s" % e) @@ -317,6 +318,9 @@ def post_configure(self, address): def check_is_up(self): """ Ensure device is up """ + state_commands = {"router" : "ip addr | grep eth0 | grep inet | wc -l | xargs bash -c 'if [ $0 == 2 ]; then echo \"MASTER\"; else echo \"BACKUP\"; fi'", + "vpcrouter" : "ip addr | grep eth1 | grep state | awk '{print $9;}' | xargs bash -c 'if [ $0 == \"UP\" ]; then echo \"MASTER\"; else echo \"BACKUP\"; fi'"} + cmd = "ip link show %s | grep 'state DOWN'" % self.getDevice() for i in CsHelper.execute(cmd): if " DOWN " in i: @@ -324,10 +328,15 @@ def check_is_up(self): # If redundant only bring up public interfaces that are not eth1. # Reason: private gateways are public interfaces. # master.py and keepalived will deal with eth1 public interface. - if self.cl.is_redundant() and (not self.is_public() or self.getDevice() not in PUBLIC_INTERFACE): - CsHelper.execute(cmd2) - # if not redundant bring everything up - if not self.cl.is_redundant(): + + if self.cl.is_redundant() and self.is_public(): + state_cmd = state_commands[self.cl.get_type()] + logging.info("Check state command => %s" % state_cmd) + state = CsHelper.execute(state_cmd)[0] + logging.info("Route state => %s" % state) + if self.getDevice() not in PUBLIC_INTERFACE and state == "MASTER": + CsHelper.execute(cmd2) + else: CsHelper.execute(cmd2) def set_mark(self): From de3b5a34112348ebcfee37663c59d5fd3d417265 Mon Sep 17 00:00:00 2001 From: Wilder Rodrigues Date: Sat, 13 Feb 2016 17:29:14 +0100 Subject: [PATCH 10/22] CLOUDSTACK-9287 - Add integration test to cover the private gw interface/mac address issues --- test/integration/smoke/test_privategw_acl.py | 115 ++++++++++++++++++- 1 file changed, 113 insertions(+), 2 deletions(-) diff --git a/test/integration/smoke/test_privategw_acl.py b/test/integration/smoke/test_privategw_acl.py index 754738b192..56cc92365f 100644 --- a/test/integration/smoke/test_privategw_acl.py +++ b/test/integration/smoke/test_privategw_acl.py @@ -33,6 +33,13 @@ class Services: def __init__(self): self.services = { + "configurableData": { + "host": { + "password": "password", + "username": "root", + "port": 22 + } + }, "account": { "email": "test@test.com", "firstname": "Test", @@ -262,7 +269,7 @@ def test_03_vpc_privategw_restart_vpc_cleanup(self): self.logger.debug("Enabling the VPC offering created") vpc_off.update(self.apiclient, state='Enabled') - self.performVPCTests(vpc_off, True) + self.performVPCTests(vpc_off, restart_with_cleanup = True) @attr(tags=["advanced"], required_hardware="true") def test_04_rvpc_privategw_static_routes(self): @@ -276,6 +283,18 @@ def test_04_rvpc_privategw_static_routes(self): self.performVPCTests(vpc_off) + @attr(tags=["advanced"], required_hardware="true") + def test_05_rvpc_privategw_check_interface(self): + self.logger.debug("Creating a Redundant VPC offering..") + vpc_off = VpcOffering.create( + self.apiclient, + self.services["redundant_vpc_offering"]) + + self.logger.debug("Enabling the Redundant VPC offering created") + vpc_off.update(self.apiclient, state='Enabled') + + self.performPrivateGWInterfaceTests(vpc_off) + def performVPCTests(self, vpc_off, restart_with_cleanup = False): self.logger.debug("Creating VPCs with offering ID %s" % vpc_off.id) vpc_1 = self.createVPC(vpc_off, cidr = '10.0.1.0/24') @@ -331,6 +350,99 @@ def performVPCTests(self, vpc_off, restart_with_cleanup = False): self.check_pvt_gw_connectivity(vm1, public_ip_1, vm2.nic[0].ipaddress) self.check_pvt_gw_connectivity(vm2, public_ip_2, vm1.nic[0].ipaddress) + def performPrivateGWInterfaceTests(self, vpc_off): + self.logger.debug("Creating VPCs with offering ID %s" % vpc_off.id) + vpc_1 = self.createVPC(vpc_off, cidr = '10.0.1.0/24') + + self.cleanup = [vpc_1, vpc_off, self.account] + + physical_networks = get_physical_networks(self.apiclient, self.zone.id) + if not physical_networks: + self.fail("No Physical Networks found!") + + vlans = physical_networks[0].vlan.split('-') + vlan_1 = int(vlans[0]) + + network_1 = self.createNetwork(vpc_1, gateway = '10.0.1.1') + + vm1 = self.createVM(network_1) + + self.cleanup.insert(0, vm1) + + acl1 = self.createACL(vpc_1) + self.createACLItem(acl1.id, cidr = "0.0.0.0/0") + privateGw_1 = self.createPvtGw(vpc_1, "10.0.3.100", "10.0.3.101", acl1.id, vlan_1) + self.replacePvtGwACL(acl1.id, privateGw_1.id) + + self.replaceNetworkAcl(acl1.id, network_1) + + staticRoute_1 = self.createStaticRoute(privateGw_1.id, cidr = '10.0.2.0/24') + + public_ip_1 = self.acquire_publicip(vpc_1, network_1) + + nat_rule_1 = self.create_natrule(vpc_1, vm1, public_ip_1, network_1) + + routers = list_routers(self.apiclient, + account=self.account.name, + domainid=self.account.domainid) + + self.assertEqual(isinstance(routers, list), True, + "Check for list routers response return valid data") + + self.assertEqual(len(routers), 2, + "Check for list routers size returned '%s' instead of 2" % len(routers)) + + state_holder = {routers[0].linklocalip : {"state" : None, "mac" : None}, + routers[1].linklocalip : {"state" : None, "mac" : None}} + state = None + mac = None + for router in routers: + if router.isredundantrouter and router.vpcid: + hosts = list_hosts( + self.apiclient, + id=router.hostid) + self.assertEqual( + isinstance(hosts, list), + True, + "Check for list hosts response return valid data") + + host = hosts[0] + host.user = self.services["configurableData"]["host"]["username"] + host.passwd = self.services["configurableData"]["host"]["password"] + host.port = self.services["configurableData"]["host"]["port"] + + try: + state = get_process_status( + host.ipaddress, + host.port, + host.user, + host.passwd, + router.linklocalip, + "ip addr | grep eth3 | grep state | awk '{print $9;}'") + + mac = get_process_status( + host.ipaddress, + host.port, + host.user, + host.passwd, + router.linklocalip, + "ip addr | grep link/ether | awk '{print $2;}' | sed -n 4p") + except KeyError: + self.skipTest( + "Provide a marvin config file with host\ + credentials to run %s" % + self._testMethodName) + + self.logger.debug("Result from the Router on IP '%s' is -> state: '%s', mac: '%s'" % (router.linklocalip, state, mac)) + state_holder[router.linklocalip]["state"] = str(state) + state_holder[router.linklocalip]["mac"] = str(mac) + + check_state = state_holder[routers[0].linklocalip]["state"].count(state_holder[routers[1].linklocalip]["state"]) + check_mac = state_holder[routers[0].linklocalip]["mac"].count(state_holder[routers[1].linklocalip]["mac"]) + + self.assertTrue(check_state == 0, "Routers private gateway interface should not be on the same state!") + self.assertTrue(check_mac == 0, "Routers private gateway interface should not have the same mac address!") + def createVPC(self, vpc_offering, cidr = '10.1.1.1/16'): try: self.logger.debug("Creating a VPC network in the account: %s" % self.account.name) @@ -568,4 +680,3 @@ def reboot_vpc_with_cleanup(self, vpc, cleanup = True): cmd.cleanup = cleanup cmd.makeredundant = False self.api_client.restartVPC(cmd) - From 98037095237da9ed2a5112be38576ebdd5ee5f21 Mon Sep 17 00:00:00 2001 From: Remi Bergsma Date: Sun, 14 Feb 2016 14:39:53 +0100 Subject: [PATCH 11/22] CLOUDSTACK-9287 - Make sure private gw interface is not used for default gw --- .../patches/debian/config/opt/cloud/bin/cs/CsAddress.py | 2 +- .../patches/debian/config/opt/cloud/bin/cs/CsRedundant.py | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py index 41b5e9a916..f74ff47912 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py @@ -307,7 +307,7 @@ def post_configure(self, address): # The code looks redundant here, but we actually have to cater for routers and # VPC routers in a different manner. Please do not remove this block otherwise # The VPC default route will be broken. - if self.get_type() in ["public"]: + if self.get_type() in ["public"] and address["device"] in PUBLIC_INTERFACE: gateway = str(address["gateway"]) route.add_defaultroute(gateway) else: diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py index 3434611e64..e7dc73d374 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py @@ -42,6 +42,7 @@ import socket from time import sleep +PUBLIC_INTERFACE = ['eth0', 'eth1'] class CsRedundant(object): @@ -229,7 +230,7 @@ def set_fault(self): self.set_lock() logging.info("Router switched to fault mode") - ips = [ip for ip in self.address.get_ips() if ip.is_public()] + ips = [ip for ip in self.address.get_ips() if ip.is_public() and ip.get_device() in PUBLIC_INTERFACE] for ip in ips: CsHelper.execute("ifconfig %s down" % ip.get_device()) @@ -258,7 +259,7 @@ def set_backup(self): logging.debug("Setting router to backup") dev = '' - ips = [ip for ip in self.address.get_ips() if ip.is_public()] + ips = [ip for ip in self.address.get_ips() if ip.is_public() and ip.get_device() in PUBLIC_INTERFACE] for ip in ips: if dev == ip.get_device(): continue @@ -292,7 +293,7 @@ def set_master(self): logging.debug("Setting router to master") dev = '' - ips = [ip for ip in self.address.get_ips() if ip.is_public()] + ips = [ip for ip in self.address.get_ips() if ip.is_public() and ip.get_device() in PUBLIC_INTERFACE] route = CsRoute() for ip in ips: if dev == ip.get_device(): From 961b50ad07f85a03ee9138a4d178f9ee3a7481ab Mon Sep 17 00:00:00 2001 From: Remi Bergsma Date: Sun, 14 Feb 2016 18:09:03 +0100 Subject: [PATCH 12/22] CLOUDSTACK-9287 - Bring up the private gw interface on state change to master --- .../patches/debian/config/opt/cloud/bin/cs/CsRedundant.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py index e7dc73d374..ec068dd367 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py @@ -293,7 +293,7 @@ def set_master(self): logging.debug("Setting router to master") dev = '' - ips = [ip for ip in self.address.get_ips() if ip.is_public() and ip.get_device() in PUBLIC_INTERFACE] + ips = [ip for ip in self.address.get_ips() if ip.is_public()] route = CsRoute() for ip in ips: if dev == ip.get_device(): @@ -308,7 +308,8 @@ def set_master(self): try: gateway = ip.get_gateway() logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev)) - route.add_defaultroute(gateway) + if ip.get_device() in PUBLIC_INTERFACE: + route.add_defaultroute(gateway) except: logging.error("ERROR getting gateway from device %s" % dev) else: From a1f8debe45914fbee10485c7e462e2c4d76f2120 Mon Sep 17 00:00:00 2001 From: Wilder Rodrigues Date: Wed, 17 Feb 2016 07:16:23 +0100 Subject: [PATCH 13/22] =?UTF-8?q?CLOUDSTACK-9287=20-=20Check=20if=20the=20?= =?UTF-8?q?nic=20profile=20has=20already=20been=20removed=20f=E2=80=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../network/element/VirtualRouterElement.java | 26 +-- .../element/VpcVirtualRouterElement.java | 25 +-- .../network/router/CommandSetupHelper.java | 4 +- ...VpcVirtualNetworkApplianceManagerImpl.java | 14 +- .../network/vpc/NetworkACLManagerImpl.java | 149 +++++++++--------- .../topology/AdvancedNetworkTopology.java | 13 +- 6 files changed, 123 insertions(+), 108 deletions(-) diff --git a/server/src/com/cloud/network/element/VirtualRouterElement.java b/server/src/com/cloud/network/element/VirtualRouterElement.java index ef6c6f97f0..d802188e4c 100644 --- a/server/src/com/cloud/network/element/VirtualRouterElement.java +++ b/server/src/com/cloud/network/element/VirtualRouterElement.java @@ -24,18 +24,6 @@ import javax.inject.Inject; -import org.apache.cloudstack.api.command.admin.router.ConfigureOvsElementCmd; -import org.apache.cloudstack.api.command.admin.router.ConfigureVirtualRouterElementCmd; -import org.apache.cloudstack.api.command.admin.router.CreateVirtualRouterElementCmd; -import org.apache.cloudstack.api.command.admin.router.ListOvsElementsCmd; -import org.apache.cloudstack.api.command.admin.router.ListVirtualRouterElementsCmd; -import org.apache.cloudstack.framework.config.dao.ConfigurationDao; -import org.apache.cloudstack.network.topology.NetworkTopology; -import org.apache.cloudstack.network.topology.NetworkTopologyContext; -import org.apache.log4j.Logger; -import org.cloud.network.router.deployment.RouterDeploymentDefinition; -import org.cloud.network.router.deployment.RouterDeploymentDefinitionBuilder; - import com.cloud.agent.api.to.LoadBalancerTO; import com.cloud.configuration.ConfigurationManager; import com.cloud.dc.DataCenter; @@ -107,6 +95,18 @@ import com.cloud.vm.dao.UserVmDao; import com.google.gson.Gson; +import org.apache.cloudstack.api.command.admin.router.ConfigureOvsElementCmd; +import org.apache.cloudstack.api.command.admin.router.ConfigureVirtualRouterElementCmd; +import org.apache.cloudstack.api.command.admin.router.CreateVirtualRouterElementCmd; +import org.apache.cloudstack.api.command.admin.router.ListOvsElementsCmd; +import org.apache.cloudstack.api.command.admin.router.ListVirtualRouterElementsCmd; +import org.apache.cloudstack.framework.config.dao.ConfigurationDao; +import org.apache.cloudstack.network.topology.NetworkTopology; +import org.apache.cloudstack.network.topology.NetworkTopologyContext; +import org.apache.log4j.Logger; +import org.cloud.network.router.deployment.RouterDeploymentDefinition; +import org.cloud.network.router.deployment.RouterDeploymentDefinitionBuilder; + public class VirtualRouterElement extends AdapterBase implements VirtualRouterElementService, DhcpServiceProvider, UserDataServiceProvider, SourceNatServiceProvider, StaticNatServiceProvider, FirewallServiceProvider, LoadBalancingServiceProvider, PortForwardingServiceProvider, RemoteAccessVPNServiceProvider, IpDeployer, NetworkMigrationResponder, AggregatedCommandExecutor { @@ -153,6 +153,8 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl IPAddressDao _ipAddressDao; @Inject DataCenterDao _dcDao; + @Inject + NetworkModel _networkModel; @Inject NetworkTopologyContext networkTopologyContext; diff --git a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java index 6ef2ed36fa..9999ee62cb 100644 --- a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java +++ b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java @@ -25,13 +25,6 @@ import javax.inject.Inject; -import org.apache.cloudstack.network.topology.NetworkTopology; -import org.apache.log4j.Logger; -import org.cloud.network.router.deployment.RouterDeploymentDefinition; -import org.cloud.network.router.deployment.RouterDeploymentDefinitionBuilder; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; - import com.cloud.dc.DataCenter; import com.cloud.dc.DataCenterVO; import com.cloud.deploy.DeployDestination; @@ -79,6 +72,13 @@ import com.cloud.vm.VirtualMachineManager; import com.cloud.vm.VirtualMachineProfile; +import org.apache.cloudstack.network.topology.NetworkTopology; +import org.apache.log4j.Logger; +import org.cloud.network.router.deployment.RouterDeploymentDefinition; +import org.cloud.network.router.deployment.RouterDeploymentDefinitionBuilder; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; + public class VpcVirtualRouterElement extends VirtualRouterElement implements VpcProvider, Site2SiteVpnServiceProvider, NetworkACLServiceProvider { private static final Logger s_logger = Logger.getLogger(VpcVirtualRouterElement.class); @@ -466,7 +466,7 @@ public boolean deletePrivateGateway(final PrivateGateway gateway) throws Concurr } } - return result > 0 ? true : false; + return result == routers.size() ? true : false; } @Override @@ -559,9 +559,16 @@ public boolean applyACLItemsToPrivateGw(final PrivateGateway gateway, final List final DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId()); final NetworkTopology networkTopology = networkTopologyContext.retrieveNetworkTopology(dcVO); + final Network privateNetwork = _networkModel.getNetwork(gateway.getNetworkId()); + boolean result = true; for (final DomainRouterVO domainRouterVO : routers) { - result = result && networkTopology.applyNetworkACLs(network, rules, domainRouterVO, isPrivateGateway); + final NicProfile nicProfile = _networkModel.getNicProfile(domainRouterVO, privateNetwork.getId(), null); + if (nicProfile != null) { + result = result && networkTopology.applyNetworkACLs(network, rules, domainRouterVO, isPrivateGateway); + } else { + s_logger.warn("Nic Profile for router '" + domainRouterVO + "' has already been removed. Router is redundant = " + domainRouterVO.getIsRedundantRouter()); + } } return result; } diff --git a/server/src/com/cloud/network/router/CommandSetupHelper.java b/server/src/com/cloud/network/router/CommandSetupHelper.java index 04427baf74..7208b25681 100644 --- a/server/src/com/cloud/network/router/CommandSetupHelper.java +++ b/server/src/com/cloud/network/router/CommandSetupHelper.java @@ -58,6 +58,7 @@ import com.cloud.agent.api.to.IpAddressTO; import com.cloud.agent.api.to.LoadBalancerTO; import com.cloud.agent.api.to.NetworkACLTO; +import com.cloud.agent.api.to.NicTO; import com.cloud.agent.api.to.PortForwardingRuleTO; import com.cloud.agent.api.to.StaticNatRuleTO; import com.cloud.agent.manager.Commands; @@ -504,7 +505,8 @@ public void createNetworkACLsCommands(final List rules } } - final SetNetworkACLCommand cmd = new SetNetworkACLCommand(rulesTO, _networkHelper.getNicTO(router, guestNetworkId, null)); + NicTO nicTO = _networkHelper.getNicTO(router, guestNetworkId, null); + final SetNetworkACLCommand cmd = new SetNetworkACLCommand(rulesTO, nicTO); cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(guestNetworkId, router.getId())); cmd.setAccessDetail(NetworkElementCommand.GUEST_VLAN_TAG, guestVlan); diff --git a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java index 712c747239..5785e2a6b5 100644 --- a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java @@ -26,9 +26,6 @@ import javax.inject.Inject; import javax.naming.ConfigurationException; -import org.apache.log4j.Logger; -import org.springframework.stereotype.Component; - import com.cloud.agent.api.Answer; import com.cloud.agent.api.Command; import com.cloud.agent.api.Command.OnError; @@ -91,6 +88,9 @@ import com.cloud.vm.VirtualMachineProfile.Param; import com.cloud.vm.dao.VMInstanceDao; +import org.apache.log4j.Logger; +import org.springframework.stereotype.Component; + @Component public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplianceManagerImpl implements VpcVirtualNetworkApplianceManager { private static final Logger s_logger = Logger.getLogger(VpcVirtualNetworkApplianceManagerImpl.class); @@ -531,16 +531,18 @@ protected boolean setupVpcPrivateNetwork(final VirtualRouter router, final boole @Override public boolean destroyPrivateGateway(final PrivateGateway gateway, final VirtualRouter router) throws ConcurrentOperationException, ResourceUnavailableException { + boolean result = true; if (!_networkModel.isVmPartOfNetwork(router.getId(), gateway.getNetworkId())) { s_logger.debug("Router doesn't have nic for gateway " + gateway + " so no need to removed it"); - return true; + return result; } final Network privateNetwork = _networkModel.getNetwork(gateway.getNetworkId()); + final NicProfile nicProfile = _networkModel.getNicProfile(router, privateNetwork.getId(), null); s_logger.debug("Releasing private ip for gateway " + gateway + " from " + router); - boolean result = setupVpcPrivateNetwork(router, false, _networkModel.getNicProfile(router, privateNetwork.getId(), null)); + result = setupVpcPrivateNetwork(router, false, nicProfile); if (!result) { s_logger.warn("Failed to release private ip for gateway " + gateway + " on router " + router); return false; @@ -706,7 +708,7 @@ public boolean startRemoteAccessVpn(final RemoteAccessVpn vpn, final VirtualRout s_logger.error("Unable to start vpn: unable add users to vpn in zone " + router.getDataCenterId() + " for account " + vpn.getAccountId() + " on domR: " + router.getInstanceName() + " due to " + answer.getDetails()); throw new ResourceUnavailableException("Unable to start vpn: Unable to add users to vpn in zone " + router.getDataCenterId() + " for account " + vpn.getAccountId() - + " on domR: " + router.getInstanceName() + " due to " + answer.getDetails(), DataCenter.class, router.getDataCenterId()); + + " on domR: " + router.getInstanceName() + " due to " + answer.getDetails(), DataCenter.class, router.getDataCenterId()); } answer = cmds.getAnswer("startVpn"); if (!answer.getResult()) { diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java index fe0d7773df..c64a36b7c9 100644 --- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java +++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java @@ -21,11 +21,6 @@ import javax.inject.Inject; -import org.apache.cloudstack.context.CallContext; -import org.apache.cloudstack.framework.messagebus.MessageBus; -import org.apache.cloudstack.framework.messagebus.PublishScope; -import org.apache.log4j.Logger; - import com.cloud.configuration.ConfigurationManager; import com.cloud.event.ActionEvent; import com.cloud.event.EventTypes; @@ -52,6 +47,11 @@ import com.cloud.utils.db.TransactionStatus; import com.cloud.utils.exception.CloudRuntimeException; +import org.apache.cloudstack.context.CallContext; +import org.apache.cloudstack.framework.messagebus.MessageBus; +import org.apache.cloudstack.framework.messagebus.PublishScope; +import org.apache.log4j.Logger; + public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLManager { private static final Logger s_logger = Logger.getLogger(NetworkACLManagerImpl.class); @@ -86,8 +86,8 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana MessageBus _messageBus; @Override - public NetworkACL createNetworkACL(String name, String description, long vpcId, Boolean forDisplay) { - NetworkACLVO acl = new NetworkACLVO(name, description, vpcId); + public NetworkACL createNetworkACL(final String name, final String description, final long vpcId, final Boolean forDisplay) { + final NetworkACLVO acl = new NetworkACLVO(name, description, vpcId); if (forDisplay != null) { acl.setDisplay(forDisplay); } @@ -95,23 +95,23 @@ public NetworkACL createNetworkACL(String name, String description, long vpcId, } @Override - public boolean applyNetworkACL(long aclId) throws ResourceUnavailableException { + public boolean applyNetworkACL(final long aclId) throws ResourceUnavailableException { boolean handled = true; boolean aclApplyStatus = true; - List rules = _networkACLItemDao.listByACL(aclId); + final List rules = _networkACLItemDao.listByACL(aclId); //Find all networks using this ACL and apply the ACL - List networks = _networkDao.listByAclId(aclId); - for (NetworkVO network : networks) { + final List networks = _networkDao.listByAclId(aclId); + for (final NetworkVO network : networks) { if (!applyACLItemsToNetwork(network.getId(), rules)) { handled = false; break; } } - List vpcGateways = _vpcGatewayDao.listByAclIdAndType(aclId, VpcGateway.Type.Private); - for (VpcGatewayVO vpcGateway : vpcGateways) { - PrivateGateway privateGateway = _vpcSvc.getVpcPrivateGateway(vpcGateway.getId()); + final List vpcGateways = _vpcGatewayDao.listByAclIdAndType(aclId, VpcGateway.Type.Private); + for (final VpcGatewayVO vpcGateway : vpcGateways) { + final PrivateGateway privateGateway = _vpcSvc.getVpcPrivateGateway(vpcGateway.getId()); if (!applyACLToPrivateGw(privateGateway)) { aclApplyStatus = false; @@ -121,11 +121,11 @@ public boolean applyNetworkACL(long aclId) throws ResourceUnavailableException { } if (handled && aclApplyStatus) { - for (NetworkACLItem rule : rules) { + for (final NetworkACLItem rule : rules) { if (rule.getState() == NetworkACLItem.State.Revoke) { removeRule(rule); } else if (rule.getState() == NetworkACLItem.State.Add) { - NetworkACLItemVO ruleVO = _networkACLItemDao.findById(rule.getId()); + final NetworkACLItemVO ruleVO = _networkACLItemDao.findById(rule.getId()); ruleVO.setState(NetworkACLItem.State.Active); _networkACLItemDao.update(ruleVO.getId(), ruleVO); } @@ -135,35 +135,36 @@ public boolean applyNetworkACL(long aclId) throws ResourceUnavailableException { } @Override - public NetworkACL getNetworkACL(long id) { + public NetworkACL getNetworkACL(final long id) { return _networkACLDao.findById(id); } @Override - public boolean deleteNetworkACL(NetworkACL acl) { - List aclItems = _networkACLItemDao.listByACL(acl.getId()); - if (aclItems.size() > 0) { - throw new CloudRuntimeException("ACL is not empty. Cannot delete network ACL: " + acl.getUuid()); - } - - List networks = _networkDao.listByAclId(acl.getId()); + public boolean deleteNetworkACL(final NetworkACL acl) { + final long aclId = acl.getId(); + final List networks = _networkDao.listByAclId(aclId); if (networks != null && networks.size() > 0) { throw new CloudRuntimeException("ACL is still associated with " + networks.size() + " tier(s). Cannot delete network ACL: " + acl.getUuid()); } - List pvtGateways = _vpcGatewayDao.listByAclIdAndType(acl.getId(), VpcGateway.Type.Private); + final List pvtGateways = _vpcGatewayDao.listByAclIdAndType(aclId, VpcGateway.Type.Private); if (pvtGateways != null && pvtGateways.size() > 0) { throw new CloudRuntimeException("ACL is still associated with " + pvtGateways.size() + " private gateway(s). Cannot delete network ACL: " + acl.getUuid()); } - return _networkACLDao.remove(acl.getId()); + final List aclItems = _networkACLItemDao.listByACL(aclId); + for (final NetworkACLItemVO networkACLItem : aclItems) { + revokeNetworkACLItem(networkACLItem.getId()); + } + + return _networkACLDao.remove(aclId); } @Override - public boolean replaceNetworkACLForPrivateGw(NetworkACL acl, PrivateGateway gateway) throws ResourceUnavailableException { - VpcGatewayVO vpcGatewayVo = _vpcGatewayDao.findById(gateway.getId()); - List aclItems = _networkACLItemDao.listByACL(acl.getId()); + public boolean replaceNetworkACLForPrivateGw(final NetworkACL acl, final PrivateGateway gateway) throws ResourceUnavailableException { + final VpcGatewayVO vpcGatewayVo = _vpcGatewayDao.findById(gateway.getId()); + final List aclItems = _networkACLItemDao.listByACL(acl.getId()); if (aclItems == null || aclItems.isEmpty()) { //Revoke ACL Items of the existing ACL if the new network acl is empty //Other wise existing rules will not be removed on the router elelment @@ -182,9 +183,9 @@ public boolean replaceNetworkACLForPrivateGw(NetworkACL acl, PrivateGateway gate } @Override - public boolean replaceNetworkACL(NetworkACL acl, NetworkVO network) throws ResourceUnavailableException { + public boolean replaceNetworkACL(final NetworkACL acl, final NetworkVO network) throws ResourceUnavailableException { - NetworkOffering guestNtwkOff = _entityMgr.findById(NetworkOffering.class, network.getNetworkOfferingId()); + final NetworkOffering guestNtwkOff = _entityMgr.findById(NetworkOffering.class, network.getNetworkOfferingId()); if (guestNtwkOff == null) { throw new InvalidParameterValueException("Can't find network offering associated with network: " + network.getUuid()); @@ -198,7 +199,7 @@ public boolean replaceNetworkACL(NetworkACL acl, NetworkVO network) throws Resou if (network.getNetworkACLId() != null) { //Revoke ACL Items of the existing ACL if the new ACL is empty //Existing rules won't be removed otherwise - List aclItems = _networkACLItemDao.listByACL(acl.getId()); + final List aclItems = _networkACLItemDao.listByACL(acl.getId()); if (aclItems == null || aclItems.isEmpty()) { s_logger.debug("New network ACL is empty. Revoke existing rules before applying ACL"); if (!revokeACLItemsForNetwork(network.getId())) { @@ -212,7 +213,7 @@ public boolean replaceNetworkACL(NetworkACL acl, NetworkVO network) throws Resou if (_networkDao.update(network.getId(), network)) { s_logger.debug("Updated network: " + network.getId() + " with Network ACL Id: " + acl.getId() + ", Applying ACL items"); //Apply ACL to network - Boolean result = applyACLToNetwork(network.getId()); + final Boolean result = applyACLToNetwork(network.getId()); if (result) { // public message on message bus, so that network elements implementing distributed routing capability // can act on the event @@ -234,16 +235,16 @@ public NetworkACLItem createNetworkACLItem(final Integer portStart, final Intege } final Integer numberFinal = number; - NetworkACLItemVO newRule = Transaction.execute(new TransactionCallback() { + final NetworkACLItemVO newRule = Transaction.execute(new TransactionCallback() { @Override - public NetworkACLItemVO doInTransaction(TransactionStatus status) { + public NetworkACLItemVO doInTransaction(final TransactionStatus status) { NetworkACLItem.Action ruleAction = NetworkACLItem.Action.Allow; if ("deny".equalsIgnoreCase(action)) { ruleAction = NetworkACLItem.Action.Deny; } NetworkACLItemVO newRule = - new NetworkACLItemVO(portStart, portEnd, protocol.toLowerCase(), aclId, sourceCidrList, icmpCode, icmpType, trafficType, ruleAction, numberFinal); + new NetworkACLItemVO(portStart, portEnd, protocol.toLowerCase(), aclId, sourceCidrList, icmpCode, icmpType, trafficType, ruleAction, numberFinal); if (forDisplay != null) { newRule.setDisplay(forDisplay); @@ -264,14 +265,14 @@ public NetworkACLItemVO doInTransaction(TransactionStatus status) { } @Override - public NetworkACLItem getNetworkACLItem(long ruleId) { + public NetworkACLItem getNetworkACLItem(final long ruleId) { return _networkACLItemDao.findById(ruleId); } @Override - public boolean revokeNetworkACLItem(long ruleId) { + public boolean revokeNetworkACLItem(final long ruleId) { - NetworkACLItemVO rule = _networkACLItemDao.findById(ruleId); + final NetworkACLItemVO rule = _networkACLItemDao.findById(ruleId); revokeRule(rule); @@ -280,7 +281,7 @@ public boolean revokeNetworkACLItem(long ruleId) { try { applyNetworkACL(rule.getAclId()); success = true; - } catch (ResourceUnavailableException e) { + } catch (final ResourceUnavailableException e) { return false; } @@ -288,7 +289,7 @@ public boolean revokeNetworkACLItem(long ruleId) { } @DB - private void revokeRule(NetworkACLItemVO rule) { + private void revokeRule(final NetworkACLItemVO rule) { if (rule.getState() == State.Staged) { if (s_logger.isDebugEnabled()) { s_logger.debug("Found a rule that is still in stage state so just removing it: " + rule); @@ -301,12 +302,12 @@ private void revokeRule(NetworkACLItemVO rule) { } @Override - public boolean revokeACLItemsForNetwork(long networkId) throws ResourceUnavailableException { - Network network = _networkDao.findById(networkId); + public boolean revokeACLItemsForNetwork(final long networkId) throws ResourceUnavailableException { + final Network network = _networkDao.findById(networkId); if (network.getNetworkACLId() == null) { return true; } - List aclItems = _networkACLItemDao.listByACL(network.getNetworkACLId()); + final List aclItems = _networkACLItemDao.listByACL(network.getNetworkACLId()); if (aclItems.isEmpty()) { s_logger.debug("Found no network ACL Items for network id=" + networkId); return true; @@ -316,14 +317,14 @@ public boolean revokeACLItemsForNetwork(long networkId) throws ResourceUnavailab s_logger.debug("Releasing " + aclItems.size() + " Network ACL Items for network id=" + networkId); } - for (NetworkACLItemVO aclItem : aclItems) { + for (final NetworkACLItemVO aclItem : aclItems) { // Mark all Network ACLs rules as Revoke, but don't update in DB if (aclItem.getState() == State.Add || aclItem.getState() == State.Active) { aclItem.setState(State.Revoke); } } - boolean success = applyACLItemsToNetwork(network.getId(), aclItems); + final boolean success = applyACLItemsToNetwork(network.getId(), aclItems); if (s_logger.isDebugEnabled() && success) { s_logger.debug("Successfully released Network ACLs for network id=" + networkId + " and # of rules now = " + aclItems.size()); @@ -333,11 +334,11 @@ public boolean revokeACLItemsForNetwork(long networkId) throws ResourceUnavailab } @Override - public boolean revokeACLItemsForPrivateGw(PrivateGateway gateway) throws ResourceUnavailableException { - - List aclItems = _networkACLItemDao.listByACL(gateway.getNetworkACLId()); + public boolean revokeACLItemsForPrivateGw(final PrivateGateway gateway) throws ResourceUnavailableException { + final long networkACLId = gateway.getNetworkACLId(); + final List aclItems = _networkACLItemDao.listByACL(networkACLId); if (aclItems.isEmpty()) { - s_logger.debug("Found no network ACL Items for private gateway id=" + gateway.getId()); + s_logger.debug("Found no network ACL Items for private gateway 'id=" + gateway.getId() + "'"); return true; } @@ -345,14 +346,14 @@ public boolean revokeACLItemsForPrivateGw(PrivateGateway gateway) throws Resourc s_logger.debug("Releasing " + aclItems.size() + " Network ACL Items for private gateway id=" + gateway.getId()); } - for (NetworkACLItemVO aclItem : aclItems) { + for (final NetworkACLItemVO aclItem : aclItems) { // Mark all Network ACLs rules as Revoke, but don't update in DB if (aclItem.getState() == State.Add || aclItem.getState() == State.Active) { aclItem.setState(State.Revoke); } } - boolean success = applyACLToPrivateGw(gateway, aclItems); + final boolean success = applyACLToPrivateGw(gateway, aclItems); if (s_logger.isDebugEnabled() && success) { s_logger.debug("Successfully released Network ACLs for private gateway id=" + gateway.getId() + " and # of rules now = " + aclItems.size()); @@ -362,27 +363,27 @@ public boolean revokeACLItemsForPrivateGw(PrivateGateway gateway) throws Resourc } @Override - public List listNetworkACLItems(long guestNtwkId) { - Network network = _networkMgr.getNetwork(guestNtwkId); + public List listNetworkACLItems(final long guestNtwkId) { + final Network network = _networkMgr.getNetwork(guestNtwkId); if (network.getNetworkACLId() == null) { return null; } return _networkACLItemDao.listByACL(network.getNetworkACLId()); } - private void removeRule(NetworkACLItem rule) { + private void removeRule(final NetworkACLItem rule) { //remove the rule _networkACLItemDao.remove(rule.getId()); } @Override - public boolean applyACLToPrivateGw(PrivateGateway gateway) throws ResourceUnavailableException { - VpcGatewayVO vpcGatewayVO = _vpcGatewayDao.findById(gateway.getId()); - List rules = _networkACLItemDao.listByACL(vpcGatewayVO.getNetworkACLId()); + public boolean applyACLToPrivateGw(final PrivateGateway gateway) throws ResourceUnavailableException { + final VpcGatewayVO vpcGatewayVO = _vpcGatewayDao.findById(gateway.getId()); + final List rules = _networkACLItemDao.listByACL(vpcGatewayVO.getNetworkACLId()); return applyACLToPrivateGw(gateway, rules); } - private boolean applyACLToPrivateGw(PrivateGateway gateway, List rules) throws ResourceUnavailableException { + private boolean applyACLToPrivateGw(final PrivateGateway gateway, final List rules) throws ResourceUnavailableException { List vpcElements = null; vpcElements = new ArrayList(); vpcElements.add((VpcProvider)_ntwkModel.getElementImplementingProvider(Network.Provider.VPCVirtualRouter.getName())); @@ -392,29 +393,29 @@ private boolean applyACLToPrivateGw(PrivateGateway gateway, List rules = _networkACLItemDao.listByACL(network.getNetworkACLId()); + final List rules = _networkACLItemDao.listByACL(network.getNetworkACLId()); return applyACLItemsToNetwork(networkId, rules); } @Override - public NetworkACLItem updateNetworkACLItem(Long id, String protocol, List sourceCidrList, NetworkACLItem.TrafficType trafficType, String action, - Integer number, Integer sourcePortStart, Integer sourcePortEnd, Integer icmpCode, Integer icmpType, String customId, Boolean forDisplay) throws ResourceUnavailableException { - NetworkACLItemVO aclItem = _networkACLItemDao.findById(id); + public NetworkACLItem updateNetworkACLItem(final Long id, final String protocol, final List sourceCidrList, final NetworkACLItem.TrafficType trafficType, final String action, + final Integer number, final Integer sourcePortStart, final Integer sourcePortEnd, final Integer icmpCode, final Integer icmpType, final String customId, final Boolean forDisplay) throws ResourceUnavailableException { + final NetworkACLItemVO aclItem = _networkACLItemDao.findById(id); aclItem.setState(State.Add); if (protocol != null) { @@ -475,13 +476,13 @@ public NetworkACLItem updateNetworkACLItem(Long id, String protocol, List rules) throws ResourceUnavailableException { - Network network = _networkDao.findById(networkId); + public boolean applyACLItemsToNetwork(final long networkId, final List rules) throws ResourceUnavailableException { + final Network network = _networkDao.findById(networkId); boolean handled = false; boolean foundProvider = false; - for (NetworkACLServiceProvider element : _networkAclElements) { - Network.Provider provider = element.getProvider(); - boolean isAclProvider = _networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.NetworkACL, provider); + for (final NetworkACLServiceProvider element : _networkAclElements) { + final Network.Provider provider = element.getProvider(); + final boolean isAclProvider = _networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.NetworkACL, provider); if (!isAclProvider) { continue; } @@ -506,8 +507,8 @@ public List getNetworkAclElements() { } @Inject - public void setNetworkAclElements(List networkAclElements) { - this._networkAclElements = networkAclElements; + public void setNetworkAclElements(final List networkAclElements) { + _networkAclElements = networkAclElements; } } diff --git a/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkTopology.java b/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkTopology.java index e587c752c2..f456fcee17 100644 --- a/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkTopology.java +++ b/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkTopology.java @@ -19,11 +19,6 @@ import java.util.List; -import org.apache.log4j.Logger; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.stereotype.Component; - import com.cloud.dc.DataCenter; import com.cloud.deploy.DeployDestination; import com.cloud.exception.ConcurrentOperationException; @@ -52,6 +47,11 @@ import com.cloud.vm.VirtualMachine.State; import com.cloud.vm.VirtualMachineProfile; +import org.apache.log4j.Logger; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.stereotype.Component; + @Component public class AdvancedNetworkTopology extends BasicNetworkTopology { @@ -223,6 +223,7 @@ public boolean applyNetworkACLs(final Network network, final List(aclsRules)); + final boolean result = applyRules(network, router, typeString, isPodLevelException, podId, failWhenDisconnect, new RuleApplierWrapper(aclsRules)); + return result; } } \ No newline at end of file From 7816dcccdc5bd54179e43d943b54ac034a16b219 Mon Sep 17 00:00:00 2001 From: Wilder Rodrigues Date: Wed, 17 Feb 2016 07:31:39 +0100 Subject: [PATCH 14/22] CLOUDSTACK-9287 - Refactor the interface state configuration - This also refactors the CsAddress in order to offer better readability in a couple of methods. --- .../debian/config/opt/cloud/bin/configure.py | 30 +++---- .../config/opt/cloud/bin/cs/CsAddress.py | 63 +++++---------- .../config/opt/cloud/bin/cs/CsHelper.py | 24 ++++++ .../config/opt/cloud/bin/cs/CsRedundant.py | 80 +++++++++---------- 4 files changed, 99 insertions(+), 98 deletions(-) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index 93c2f35fb8..416431f57b 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -712,34 +712,34 @@ def process(self): #return the VR guest interface ip def getGuestIp(self): - ipr = [] + interfaces = [] ipAddr = None - for ip in self.config.address().get_ips(): - if ip.is_guest(): - ipr.append(ip) - if len(ipr) > 0: - ipAddr = sorted(ipr)[-1] + for interface in self.config.address().get_interfaces(): + if interface.is_guest(): + interfaces.append(interface) + if len(interfaces) > 0: + ipAddr = sorted(interfaces)[-1] if ipAddr: return ipAddr.get_ip() return None def getDeviceByIp(self, ipa): - for ip in self.config.address().get_ips(): - if ip.ip_in_subnet(ipa): - return ip.get_device() + for interface in self.config.address().get_interfaces(): + if interface.ip_in_subnet(ipa): + return interface.get_device() return None def getNetworkByIp(self, ipa): - for ip in self.config.address().get_ips(): - if ip.ip_in_subnet(ipa): - return ip.get_network() + for interface in self.config.address().get_interfaces(): + if interface.ip_in_subnet(ipa): + return interface.get_network() return None def getGatewayByIp(self, ipa): - for ip in self.config.address().get_ips(): - if ip.ip_in_subnet(ipa): - return ip.get_gateway() + for interface in self.config.address().get_interfaces(): + if interface.ip_in_subnet(ipa): + return interface.get_gateway() return None def portsToString(self, ports, delimiter): diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py index f74ff47912..8670cf1deb 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py @@ -28,7 +28,6 @@ from CsRule import CsRule VRRP_TYPES = ['guest'] -PUBLIC_INTERFACE = ['eth1'] class CsAddress(CsDataBag): @@ -37,14 +36,14 @@ def compare(self): ip = CsIP(dev, self.config) ip.compare(self.dbag) - def get_ips(self): - ret = [] + def get_interfaces(self): + interfaces = [] for dev in self.dbag: if dev == "id": continue for ip in self.dbag[dev]: - ret.append(CsInterface(ip, self.config)) - return ret + interfaces.append(CsInterface(ip, self.config)) + return interfaces def get_guest_if(self): """ @@ -52,13 +51,13 @@ def get_guest_if(self): """ guest_interface = None lowest_device = 1000 - for ip in self.get_ips(): - if ip.is_guest() and ip.is_added(): - device = ip.get_device() + for interface in self.get_interfaces(): + if interface.is_guest() and interface.is_added(): + device = interface.get_device() device_suffix = int(''.join([digit for digit in device if digit.isdigit()])) if device_suffix < lowest_device: lowest_device = device_suffix - guest_interface = ip + guest_interface = interface logging.debug("Guest interface will be set on device '%s' and IP '%s'" % (guest_interface.get_device(), guest_interface.get_ip())) return guest_interface @@ -94,9 +93,9 @@ def get_control_if(self): """ Return the address object that has the control interface """ - for ip in self.get_ips(): - if ip.is_control(): - return ip + for interface in self.get_interfaces(): + if interface.is_control(): + return interface return None def process(self): @@ -290,24 +289,27 @@ def post_configure(self, address): route = CsRoute() if not self.get_type() in ["control"]: route.add_table(self.dev) - + CsRule(self.dev).addMark() - self.check_is_up() + + interfaces = [CsInterface(address, self.config)] + CsHelper.reconfigure_interfaces(self.cl, interfaces) + self.set_mark() self.arpPing() - + CsRpsrfs(self.dev).enable() self.post_config_change("add") '''For isolated/redundant and dhcpsrvr routers, call this method after the post_config is complete ''' if not self.config.is_vpc(): self.setup_router_control() - + if self.config.is_vpc() or self.cl.is_redundant(): # The code looks redundant here, but we actually have to cater for routers and # VPC routers in a different manner. Please do not remove this block otherwise # The VPC default route will be broken. - if self.get_type() in ["public"] and address["device"] in PUBLIC_INTERFACE: + if self.get_type() in ["public"] and address["device"] == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]: gateway = str(address["gateway"]) route.add_defaultroute(gateway) else: @@ -316,29 +318,6 @@ def post_configure(self, address): if(self.cl.get_gateway()): route.add_defaultroute(self.cl.get_gateway()) - def check_is_up(self): - """ Ensure device is up """ - state_commands = {"router" : "ip addr | grep eth0 | grep inet | wc -l | xargs bash -c 'if [ $0 == 2 ]; then echo \"MASTER\"; else echo \"BACKUP\"; fi'", - "vpcrouter" : "ip addr | grep eth1 | grep state | awk '{print $9;}' | xargs bash -c 'if [ $0 == \"UP\" ]; then echo \"MASTER\"; else echo \"BACKUP\"; fi'"} - - cmd = "ip link show %s | grep 'state DOWN'" % self.getDevice() - for i in CsHelper.execute(cmd): - if " DOWN " in i: - cmd2 = "ip link set %s up" % self.getDevice() - # If redundant only bring up public interfaces that are not eth1. - # Reason: private gateways are public interfaces. - # master.py and keepalived will deal with eth1 public interface. - - if self.cl.is_redundant() and self.is_public(): - state_cmd = state_commands[self.cl.get_type()] - logging.info("Check state command => %s" % state_cmd) - state = CsHelper.execute(state_cmd)[0] - logging.info("Route state => %s" % state) - if self.getDevice() not in PUBLIC_INTERFACE and state == "MASTER": - CsHelper.execute(cmd2) - else: - CsHelper.execute(cmd2) - def set_mark(self): cmd = "-A PREROUTING -i %s -m state --state NEW -j CONNMARK --set-xmark %s/0xffffffff" % \ (self.getDevice(), self.dnum) @@ -365,12 +344,12 @@ def get_ip_address(self): def setup_router_control(self): if self.config.is_vpc(): return - + self.fw.append( ["filter", "", "-A FW_OUTBOUND -m state --state RELATED,ESTABLISHED -j ACCEPT"]) self.fw.append( ["filter", "", "-A INPUT -i eth1 -p tcp -m tcp --dport 3922 -m state --state NEW,ESTABLISHED -j ACCEPT"]) - + self.fw.append(["filter", "", "-P INPUT DROP"]) self.fw.append(["filter", "", "-P FORWARD DROP"]) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py index 9095558a55..9036527811 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py @@ -27,6 +27,30 @@ from netaddr import * from pprint import pprint +PUBLIC_INTERFACES = {"router" : "eth0", "vpcrouter" : "eth1"} + +STATE_COMMANDS = {"router" : "ip addr | grep eth0 | grep inet | wc -l | xargs bash -c 'if [ $0 == 2 ]; then echo \"MASTER\"; else echo \"BACKUP\"; fi'", + "vpcrouter" : "ip addr | grep eth1 | grep state | awk '{print $9;}' | xargs bash -c 'if [ $0 == \"UP\" ]; then echo \"MASTER\"; else echo \"BACKUP\"; fi'"} + +def reconfigure_interfaces(router_config, interfaces): + for interface in interfaces: + cmd = "ip link show %s | grep 'state DOWN'" % interface.get_device() + for device in execute(cmd): + if " DOWN " in device: + cmd = "ip link set %s up" % interface.get_device() + # If redundant only bring up public interfaces that are not eth1. + # Reason: private gateways are public interfaces. + # master.py and keepalived will deal with eth1 public interface. + + if router_config.is_redundant() and interface.is_public(): + state_cmd = STATE_COMMANDS[router_config.get_type()] + logging.info("Check state command => %s" % state_cmd) + state = execute(state_cmd)[0] + logging.info("Route state => %s" % state) + if interface.get_device() != PUBLIC_INTERFACES[router_config.get_type()] and state == "MASTER": + execute(cmd) + else: + execute(cmd) def is_mounted(name): for i in execute("mount"): diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py index ec068dd367..f1ab5f785d 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py @@ -42,8 +42,6 @@ import socket from time import sleep -PUBLIC_INTERFACE = ['eth0', 'eth1'] - class CsRedundant(object): CS_RAMDISK_DIR = "/ramdisk" @@ -90,7 +88,7 @@ def _redundant_on(self): self._redundant_off() return - interfaces = [interface for interface in self.address.get_ips() if interface.is_guest()] + interfaces = [interface for interface in self.address.get_interfaces() if interface.is_guest()] isDeviceReady = False dev = '' for interface in interfaces: @@ -230,9 +228,9 @@ def set_fault(self): self.set_lock() logging.info("Router switched to fault mode") - ips = [ip for ip in self.address.get_ips() if ip.is_public() and ip.get_device() in PUBLIC_INTERFACE] - for ip in ips: - CsHelper.execute("ifconfig %s down" % ip.get_device()) + interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()] + for interface in interfaces: + CsHelper.execute("ifconfig %s down" % interface.get_device()) cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -s" % cmd) @@ -240,15 +238,18 @@ def set_fault(self): CsHelper.service("xl2tpd", "stop") CsHelper.service("dnsmasq", "stop") - ips = [ip for ip in self.address.get_ips() if ip.needs_vrrp()] - for ip in ips: - CsPasswdSvc(ip.get_gateway()).stop() + interfaces = [interface for interface in self.address.get_interfaces() if interface.needs_vrrp()] + for interface in interfaces: + CsPasswdSvc(interface.get_gateway()).stop() self.cl.set_fault_state() self.cl.save() self.release_lock() logging.info("Router switched to fault mode") + interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()] + CsHelper.reconfigure_interfaces(self.cl, interfaces) + def set_backup(self): """ Set the current router to backup """ if not self.cl.is_redundant(): @@ -259,28 +260,31 @@ def set_backup(self): logging.debug("Setting router to backup") dev = '' - ips = [ip for ip in self.address.get_ips() if ip.is_public() and ip.get_device() in PUBLIC_INTERFACE] - for ip in ips: - if dev == ip.get_device(): + interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()] + for interface in interfaces: + if dev == interface.get_device(): continue - logging.info("Bringing public interface %s down" % ip.get_device()) - cmd2 = "ip link set %s down" % ip.get_device() + logging.info("Bringing public interface %s down" % interface.get_device()) + cmd2 = "ip link set %s down" % interface.get_device() CsHelper.execute(cmd2) - dev = ip.get_device() + dev = interface.get_device() cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -d" % cmd) CsHelper.service("ipsec", "stop") CsHelper.service("xl2tpd", "stop") - ips = [ip for ip in self.address.get_ips() if ip.needs_vrrp()] - for ip in ips: - CsPasswdSvc(ip.get_gateway()).stop() + interfaces = [interface for interface in self.address.get_interfaces() if interface.needs_vrrp()] + for interface in interfaces: + CsPasswdSvc(interface.get_gateway()).stop() CsHelper.service("dnsmasq", "stop") self.cl.set_master_state(False) self.cl.save() self.release_lock() + + interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()] + CsHelper.reconfigure_interfaces(self.cl, interfaces) logging.info("Router switched to backup mode") def set_master(self): @@ -293,12 +297,12 @@ def set_master(self): logging.debug("Setting router to master") dev = '' - ips = [ip for ip in self.address.get_ips() if ip.is_public()] + interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()] route = CsRoute() - for ip in ips: - if dev == ip.get_device(): + for interface in interfaces: + if dev == interface.get_device(): continue - dev = ip.get_device() + dev = interface.get_device() logging.info("Will proceed configuring device ==> %s" % dev) cmd = "ip link set %s up" % dev if CsDevice(dev, self.config).waitfordevice(): @@ -306,9 +310,9 @@ def set_master(self): logging.info("Bringing public interface %s up" % dev) try: - gateway = ip.get_gateway() + gateway = interface.get_gateway() logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev)) - if ip.get_device() in PUBLIC_INTERFACE: + if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]: route.add_defaultroute(gateway) except: logging.error("ERROR getting gateway from device %s" % dev) @@ -326,14 +330,17 @@ def set_master(self): CsHelper.execute("%s -B" % cmd) CsHelper.service("ipsec", "restart") CsHelper.service("xl2tpd", "restart") - ads = [o for o in self.address.get_ips() if o.needs_vrrp()] - for o in ads: - CsPasswdSvc(o.get_gateway()).restart() + interfaces = [interface for interface in self.address.get_interfaces() if interface.needs_vrrp()] + for interface in interfaces: + CsPasswdSvc(interface.get_gateway()).restart() CsHelper.service("dnsmasq", "restart") self.cl.set_master_state(True) self.cl.save() self.release_lock() + + interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()] + CsHelper.reconfigure_interfaces(self.cl, interfaces) logging.info("Router switched to master mode") def _collect_ignore_ips(self): @@ -359,23 +366,14 @@ def _collect_ips(self): that could function as a router and VPC router at the same time """ lines = [] - for ip in self.address.get_ips(): - if ip.needs_vrrp(): + for interface in self.address.get_interfaces(): + if interface.needs_vrrp(): cmdline=self.config.get_cmdline_instance() - if not ip.is_added(): + if not interface.is_added(): continue if(cmdline.get_type()=='router'): - str = " %s brd %s dev %s\n" % (cmdline.get_guest_gw(), ip.get_broadcast(), ip.get_device()) + str = " %s brd %s dev %s\n" % (cmdline.get_guest_gw(), interface.get_broadcast(), interface.get_device()) else: - str = " %s brd %s dev %s\n" % (ip.get_gateway_cidr(), ip.get_broadcast(), ip.get_device()) + str = " %s brd %s dev %s\n" % (interface.get_gateway_cidr(), interface.get_broadcast(), interface.get_device()) lines.append(str) return lines - - def check_is_up(self, device): - """ Ensure device is up """ - cmd = "ip link show %s | grep 'state DOWN'" % device - - for i in CsHelper.execute(cmd): - if " DOWN " in i: - cmd2 = "ip link set %s up" % device - CsHelper.execute(cmd2) From 147011b0561eb8a7086c4b40de78b7a6c5fa7add Mon Sep 17 00:00:00 2001 From: Wilder Rodrigues Date: Wed, 17 Feb 2016 07:33:48 +0100 Subject: [PATCH 15/22] CLOUDSTACK-9287 - Add integration test to cover the private gateway related changes --- test/integration/smoke/test_privategw_acl.py | 276 +++++++++++++------ 1 file changed, 188 insertions(+), 88 deletions(-) diff --git a/test/integration/smoke/test_privategw_acl.py b/test/integration/smoke/test_privategw_acl.py index 56cc92365f..ecf2614961 100644 --- a/test/integration/smoke/test_privategw_acl.py +++ b/test/integration/smoke/test_privategw_acl.py @@ -25,6 +25,7 @@ from marvin.lib.common import * from nose.plugins.attrib import attr +import time import logging class Services: @@ -231,9 +232,9 @@ def test_01_vpc_privategw_acl(self): vpc_off.update(self.apiclient, state='Enabled') vpc = self.createVPC(vpc_off) - + self.cleanup = [vpc, vpc_off, self.account] - + physical_networks = get_physical_networks(self.apiclient, self.zone.id) if not physical_networks: self.fail("No Physical Networks found!") @@ -317,7 +318,7 @@ def performVPCTests(self, vpc_off, restart_with_cleanup = False): self.cleanup.insert(0, vm1) self.cleanup.insert(0, vm2) - + acl1 = self.createACL(vpc_1) self.createACLItem(acl1.id, cidr = "0.0.0.0/0") privateGw_1 = self.createPvtGw(vpc_1, "10.0.3.100", "10.0.3.101", acl1.id, vlan_1) @@ -340,19 +341,17 @@ def performVPCTests(self, vpc_off, restart_with_cleanup = False): nat_rule_1 = self.create_natrule(vpc_1, vm1, public_ip_1, network_1) nat_rule_2 = self.create_natrule(vpc_2, vm2, public_ip_2, network_2) - self.check_pvt_gw_connectivity(vm1, public_ip_1, vm2.nic[0].ipaddress) - self.check_pvt_gw_connectivity(vm2, public_ip_2, vm1.nic[0].ipaddress) + self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, vm1.nic[0].ipaddress]) if restart_with_cleanup: self.reboot_vpc_with_cleanup(vpc_1, True) self.reboot_vpc_with_cleanup(vpc_2, True) - self.check_pvt_gw_connectivity(vm1, public_ip_1, vm2.nic[0].ipaddress) - self.check_pvt_gw_connectivity(vm2, public_ip_2, vm1.nic[0].ipaddress) + self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, vm1.nic[0].ipaddress]) def performPrivateGWInterfaceTests(self, vpc_off): self.logger.debug("Creating VPCs with offering ID %s" % vpc_off.id) - vpc_1 = self.createVPC(vpc_off, cidr = '10.0.1.0/24') + vpc_1 = self.createVPC(vpc_off, cidr = '10.0.0.0/16') self.cleanup = [vpc_1, vpc_off, self.account] @@ -363,85 +362,81 @@ def performPrivateGWInterfaceTests(self, vpc_off): vlans = physical_networks[0].vlan.split('-') vlan_1 = int(vlans[0]) - network_1 = self.createNetwork(vpc_1, gateway = '10.0.1.1') + net_offering_no_lb = "network_offering_no_lb" + + network_1 = self.createNetwork(vpc_1, gateway = '10.0.0.1') + network_2 = self.createNetwork(vpc_1, net_offering = net_offering_no_lb, gateway = '10.0.1.1') + network_3 = self.createNetwork(vpc_1, net_offering = net_offering_no_lb, gateway = '10.0.2.1') + network_4 = self.createNetwork(vpc_1, net_offering = net_offering_no_lb, gateway = '10.0.3.1') vm1 = self.createVM(network_1) + vm2 = self.createVM(network_2) + vm3 = self.createVM(network_3) + vm4 = self.createVM(network_4) self.cleanup.insert(0, vm1) - + self.cleanup.insert(0, vm2) + self.cleanup.insert(0, vm3) + self.cleanup.insert(0, vm4) + acl1 = self.createACL(vpc_1) self.createACLItem(acl1.id, cidr = "0.0.0.0/0") - privateGw_1 = self.createPvtGw(vpc_1, "10.0.3.100", "10.0.3.101", acl1.id, vlan_1) + privateGw_1 = self.createPvtGw(vpc_1, "10.1.0.100", "10.1.0.101", acl1.id, vlan_1) self.replacePvtGwACL(acl1.id, privateGw_1.id) self.replaceNetworkAcl(acl1.id, network_1) - - staticRoute_1 = self.createStaticRoute(privateGw_1.id, cidr = '10.0.2.0/24') + self.replaceNetworkAcl(acl1.id, network_2) + self.replaceNetworkAcl(acl1.id, network_3) + self.replaceNetworkAcl(acl1.id, network_4) public_ip_1 = self.acquire_publicip(vpc_1, network_1) - nat_rule_1 = self.create_natrule(vpc_1, vm1, public_ip_1, network_1) routers = list_routers(self.apiclient, - account=self.account.name, - domainid=self.account.domainid) - + account=self.account.name, + domainid=self.account.domainid) + self.assertEqual(isinstance(routers, list), True, "Check for list routers response return valid data") self.assertEqual(len(routers), 2, "Check for list routers size returned '%s' instead of 2" % len(routers)) - state_holder = {routers[0].linklocalip : {"state" : None, "mac" : None}, - routers[1].linklocalip : {"state" : None, "mac" : None}} - state = None - mac = None - for router in routers: - if router.isredundantrouter and router.vpcid: - hosts = list_hosts( - self.apiclient, - id=router.hostid) - self.assertEqual( - isinstance(hosts, list), - True, - "Check for list hosts response return valid data") + self.check_private_gateway_interfaces(routers) - host = hosts[0] - host.user = self.services["configurableData"]["host"]["username"] - host.passwd = self.services["configurableData"]["host"]["password"] - host.port = self.services["configurableData"]["host"]["port"] - - try: - state = get_process_status( - host.ipaddress, - host.port, - host.user, - host.passwd, - router.linklocalip, - "ip addr | grep eth3 | grep state | awk '{print $9;}'") - - mac = get_process_status( - host.ipaddress, - host.port, - host.user, - host.passwd, - router.linklocalip, - "ip addr | grep link/ether | awk '{print $2;}' | sed -n 4p") - except KeyError: - self.skipTest( - "Provide a marvin config file with host\ - credentials to run %s" % - self._testMethodName) - - self.logger.debug("Result from the Router on IP '%s' is -> state: '%s', mac: '%s'" % (router.linklocalip, state, mac)) - state_holder[router.linklocalip]["state"] = str(state) - state_holder[router.linklocalip]["mac"] = str(mac) + self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, vm3.nic[0].ipaddress, vm4.nic[0].ipaddress]) - check_state = state_holder[routers[0].linklocalip]["state"].count(state_holder[routers[1].linklocalip]["state"]) - check_mac = state_holder[routers[0].linklocalip]["mac"].count(state_holder[routers[1].linklocalip]["mac"]) + self.reboot_vpc_with_cleanup(vpc_1, True) - self.assertTrue(check_state == 0, "Routers private gateway interface should not be on the same state!") - self.assertTrue(check_mac == 0, "Routers private gateway interface should not have the same mac address!") + self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, vm3.nic[0].ipaddress, vm4.nic[0].ipaddress]) + + self.stop_router_by_type(routers, status_to_check = "MASTER") + self.check_routers_state(routers) + + self.check_private_gateway_interfaces(routers) + self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, vm3.nic[0].ipaddress, vm4.nic[0].ipaddress]) + + self.start_routers(routers) + self.check_routers_state(routers) + self.check_private_gateway_interfaces(routers) + self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, vm3.nic[0].ipaddress, vm4.nic[0].ipaddress]) + + def stop_router_by_type(self, type, routers): + self.logger.debug('Stopping %s router' % type) + for router in routers: + if router.redundantstate == type: + self.stop_router(router) + break + + def start_routers(self, routers): + self.logger.debug('Starting stopped routers') + for router in routers: + self.logger.debug('Router %s has state %s' % (router.id, router.state)) + if router.state == "Stopped": + self.logger.debug('Starting stopped router %s' % router.id) + cmd = startRouter.startRouterCmd() + cmd.id = router.id + self.apiclient.startRouter(cmd) def createVPC(self, vpc_offering, cidr = '10.1.1.1/16'): try: @@ -524,10 +519,10 @@ def createACLItem(self, aclId, cidr = "0.0.0.0/0"): except Exception, e: self.fail('Unable to create ACL Item due to %s ' % e) - def createNetwork(self, vpc, gateway = '10.1.1.1'): + def createNetwork(self, vpc, net_offering = "network_offering", gateway = '10.1.1.1'): try: self.logger.debug('Create NetworkOffering') - net_offerring = self.services["network_offering"] + net_offerring = self.services[net_offering] net_offerring["name"] = "NET_OFF-%s" % gateway nw_off = NetworkOffering.create( self.apiclient, @@ -584,7 +579,7 @@ def createPvtGw(self, vpc, ip_address, gateway, aclId, vlan): self.fail("Failed to create Private Gateway ==> %s" % e) self.assertIsNotNone(privateGw.id, "Failed to create ACL.") - + return privateGw def replaceNetworkAcl(self, aclId, network): @@ -643,33 +638,36 @@ def create_natrule(self, vpc, virtual_machine, public_ip, network): traffictype='Ingress' ) self.logger.debug('nwacl_nat=%s' % nwacl_nat.__dict__) - + return nat_rule - def check_pvt_gw_connectivity(self, virtual_machine, public_ip, vm_ip): - ssh_command = "ping -c 3 %s" % vm_ip + def check_pvt_gw_connectivity(self, virtual_machine, public_ip, vms_ips): + for vm_ip in vms_ips: + ssh_command = "ping -c 3 %s" % vm_ip - # Should be able to SSH VM - result = 'failed' - try: - self.logger.debug("SSH into VM: %s" % public_ip.ipaddress.ipaddress) - - ssh = virtual_machine.get_ssh_client(ipaddress=public_ip.ipaddress.ipaddress) + # Should be able to SSH VM + result = 'failed' + try: + self.logger.debug("SSH into VM: %s" % public_ip.ipaddress.ipaddress) - self.logger.debug("Ping to VM inside another VPC") - result = str(ssh.execute(ssh_command)) + ssh = virtual_machine.get_ssh_client(ipaddress=public_ip.ipaddress.ipaddress) - self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("3 packets received"))) - except Exception as e: - self.fail("SSH Access failed for %s: %s" % \ - (vmObj.get_ip(), e) - ) + self.logger.debug("Ping to VM inside another Network Tier") + result = str(ssh.execute(ssh_command)) - self.assertEqual( - result.count("3 packets received"), - 1, - "Ping to outside world from VM should be successful" - ) + self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("3 packets received"))) + except Exception as e: + self.fail("SSH Access failed for %s: %s" % \ + (vmObj.get_ip(), e) + ) + + self.assertEqual( + result.count("3 packets received"), + 1, + "Ping to VM on Network Tier N from VM in Network Tier A should be successful" + ) + + time.sleep(5) def reboot_vpc_with_cleanup(self, vpc, cleanup = True): self.logger.debug("Restarting VPC %s with cleanup" % vpc.id) @@ -680,3 +678,105 @@ def reboot_vpc_with_cleanup(self, vpc, cleanup = True): cmd.cleanup = cleanup cmd.makeredundant = False self.api_client.restartVPC(cmd) + + def check_private_gateway_interfaces(self, routers): + state_holder = {routers[0].linklocalip : {"state" : None, "mac" : None}, + routers[1].linklocalip : {"state" : None, "mac" : None}} + state = None + mac = None + for router in routers: + hosts = list_hosts(self.apiclient, id=router.hostid) + + self.assertEqual( + isinstance(hosts, list), + True, + "Check for list hosts response return valid data") + + host = hosts[0] + host.user = self.services["configurableData"]["host"]["username"] + host.passwd = self.services["configurableData"]["host"]["password"] + host.port = self.services["configurableData"]["host"]["port"] + + try: + state = get_process_status( + host.ipaddress, + host.port, + host.user, + host.passwd, + router.linklocalip, + "ip addr | grep eth6 | grep state | awk '{print $9;}'") + + mac = get_process_status( + host.ipaddress, + host.port, + host.user, + host.passwd, + router.linklocalip, + "ip addr | grep link/ether | awk '{print $2;}' | sed -n 7p") + except KeyError: + self.skipTest("Provide a marvin config file with host credentials to run %s" % self._testMethodName) + + self.logger.debug("Result from the Router on IP '%s' is -> state: '%s', mac: '%s'" % (router.linklocalip, state, mac)) + state_holder[router.linklocalip]["state"] = str(state) + state_holder[router.linklocalip]["mac"] = str(mac) + + check_state = state_holder[routers[0].linklocalip]["state"].count(state_holder[routers[1].linklocalip]["state"]) + check_mac = state_holder[routers[0].linklocalip]["mac"].count(state_holder[routers[1].linklocalip]["mac"]) + + self.assertTrue(check_state == 0, "Routers private gateway interface should not be on the same state!") + self.assertTrue(check_mac == 0, "Routers private gateway interface should not have the same mac address!") + + def check_routers_state(self, routers, status_to_check="MASTER", expected_count=1): + vals = ["MASTER", "BACKUP", "UNKNOWN"] + cnts = [0, 0, 0] + + result = "UNKNOWN" + for router in routers: + if router.state == "Running": + hosts = list_hosts( + self.apiclient, + zoneid=router.zoneid, + type='Routing', + state='Up', + id=router.hostid + ) + self.assertEqual( + isinstance(hosts, list), + True, + "Check list host returns a valid list" + ) + host = hosts[0] + + if self.hypervisor.lower() in ('vmware', 'hyperv'): + result = str(get_process_status( + self.apiclient.connection.mgtSvr, + 22, + self.apiclient.connection.user, + self.apiclient.connection.passwd, + router.linklocalip, + "sh /opt/cloud/bin/checkrouter.sh ", + hypervisor=self.hypervisor + )) + else: + try: + host.user, host.passwd = get_host_credentials( + self.config, host.ipaddress) + result = str(get_process_status( + host.ipaddress, + 22, + host.user, + host.passwd, + router.linklocalip, + "sh /opt/cloud/bin/checkrouter.sh " + )) + + except KeyError: + self.skipTest( + "Marvin configuration has no host credentials to\ + check router services") + + if result.count(status_to_check) == 1: + cnts[vals.index(status_to_check)] += 1 + + if cnts[vals.index(status_to_check)] != expected_count: + self.fail("Expected '%s' routers at state '%s', but found '%s'!" % (expected_count, status_to_check, cnts[vals.index(status_to_check)])) From 27a632826cbd558c27534b9d84fa154262b86cbc Mon Sep 17 00:00:00 2001 From: Wilder Rodrigues Date: Wed, 17 Feb 2016 16:07:34 +0100 Subject: [PATCH 16/22] CLOUDSTACK-9287 - Fix RVR public interface --- systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py index 9036527811..48edf122c1 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py @@ -27,7 +27,7 @@ from netaddr import * from pprint import pprint -PUBLIC_INTERFACES = {"router" : "eth0", "vpcrouter" : "eth1"} +PUBLIC_INTERFACES = {"router" : "eth2", "vpcrouter" : "eth1"} STATE_COMMANDS = {"router" : "ip addr | grep eth0 | grep inet | wc -l | xargs bash -c 'if [ $0 == 2 ]; then echo \"MASTER\"; else echo \"BACKUP\"; fi'", "vpcrouter" : "ip addr | grep eth1 | grep state | awk '{print $9;}' | xargs bash -c 'if [ $0 == \"UP\" ]; then echo \"MASTER\"; else echo \"BACKUP\"; fi'"} From c4f4d7793cf0eb3506a1754d26256f183b740635 Mon Sep 17 00:00:00 2001 From: Wilder Rodrigues Date: Wed, 17 Feb 2016 16:43:16 +0100 Subject: [PATCH 17/22] CLOUDSTACK-9287 - Improve test by checking if pvt gw is removed and fix typos --- test/integration/smoke/test_privategw_acl.py | 135 +++++++++++++------ 1 file changed, 93 insertions(+), 42 deletions(-) diff --git a/test/integration/smoke/test_privategw_acl.py b/test/integration/smoke/test_privategw_acl.py index ecf2614961..d2e08f57d3 100644 --- a/test/integration/smoke/test_privategw_acl.py +++ b/test/integration/smoke/test_privategw_acl.py @@ -195,7 +195,8 @@ def tearDownClass(cls): def setUp(self): self.apiclient = self.testClient.getApiClient() - + self.hypervisor = self.testClient.getHypervisorInfo() + self.logger.debug("Creating Admin Account for Domain ID ==> %s" % self.domain.id) self.account = Account.create( self.apiclient, @@ -285,7 +286,7 @@ def test_04_rvpc_privategw_static_routes(self): self.performVPCTests(vpc_off) @attr(tags=["advanced"], required_hardware="true") - def test_05_rvpc_privategw_check_interface(self): + def _test_05_rvpc_privategw_check_interface(self): self.logger.debug("Creating a Redundant VPC offering..") vpc_off = VpcOffering.create( self.apiclient, @@ -344,8 +345,8 @@ def performVPCTests(self, vpc_off, restart_with_cleanup = False): self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, vm1.nic[0].ipaddress]) if restart_with_cleanup: - self.reboot_vpc_with_cleanup(vpc_1, True) - self.reboot_vpc_with_cleanup(vpc_2, True) + self.reboot_vpc_with_cleanup(vpc_1, cleanup = restart_with_cleanup) + self.reboot_vpc_with_cleanup(vpc_2, cleanup = restart_with_cleanup) self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, vm1.nic[0].ipaddress]) @@ -391,45 +392,54 @@ def performPrivateGWInterfaceTests(self, vpc_off): public_ip_1 = self.acquire_publicip(vpc_1, network_1) nat_rule_1 = self.create_natrule(vpc_1, vm1, public_ip_1, network_1) + + self.check_private_gateway_interfaces() - routers = list_routers(self.apiclient, - account=self.account.name, - domainid=self.account.domainid) + self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, vm3.nic[0].ipaddress, vm4.nic[0].ipaddress]) - self.assertEqual(isinstance(routers, list), True, - "Check for list routers response return valid data") + self.reboot_vpc_with_cleanup(vpc_1, cleanup = True) + self.check_routers_state() - self.assertEqual(len(routers), 2, - "Check for list routers size returned '%s' instead of 2" % len(routers)) + self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, vm3.nic[0].ipaddress, vm4.nic[0].ipaddress]) - self.check_private_gateway_interfaces(routers) + self.stop_router_by_type("MASTER") + self.check_routers_state() + self.check_private_gateway_interfaces() self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, vm3.nic[0].ipaddress, vm4.nic[0].ipaddress]) - self.reboot_vpc_with_cleanup(vpc_1, True) - + self.start_routers() + self.check_routers_state() + self.check_private_gateway_interfaces() self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, vm3.nic[0].ipaddress, vm4.nic[0].ipaddress]) - self.stop_router_by_type(routers, status_to_check = "MASTER") - self.check_routers_state(routers) + self.deletePvtGw(privateGw_1.id) + self.check_private_gateway_interfaces(status_to_check = "DOWN") - self.check_private_gateway_interfaces(routers) - self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, vm3.nic[0].ipaddress, vm4.nic[0].ipaddress]) + def query_routers(self): + routers = list_routers(self.apiclient, + account=self.account.name, + domainid=self.account.domainid) - self.start_routers(routers) - self.check_routers_state(routers) - self.check_private_gateway_interfaces(routers) - self.check_pvt_gw_connectivity(vm1, public_ip_1, [vm2.nic[0].ipaddress, vm3.nic[0].ipaddress, vm4.nic[0].ipaddress]) + self.assertEqual(isinstance(routers, list), True, + "Check for list routers response return valid data") + + self.assertEqual(len(routers), 2, + "Check for list routers size returned '%s' instead of 2" % len(routers)) + + return routers - def stop_router_by_type(self, type, routers): - self.logger.debug('Stopping %s router' % type) + def stop_router_by_type(self, redundant_state): + self.logger.debug('Stopping %s router' % redundant_state) + routers = self.query_routers() for router in routers: - if router.redundantstate == type: + if router.redundantstate == redundant_state: self.stop_router(router) break - def start_routers(self, routers): + def start_routers(self): self.logger.debug('Starting stopped routers') + routers = self.query_routers() for router in routers: self.logger.debug('Router %s has state %s' % (router.id, router.state)) if router.state == "Stopped": @@ -438,6 +448,12 @@ def start_routers(self, routers): cmd.id = router.id self.apiclient.startRouter(cmd) + def stop_router(self, router): + self.logger.debug('Stopping router %s' % router.id) + cmd = stopRouter.stopRouterCmd() + cmd.id = router.id + self.apiclient.stopRouter(cmd) + def createVPC(self, vpc_offering, cidr = '10.1.1.1/16'): try: self.logger.debug("Creating a VPC network in the account: %s" % self.account.name) @@ -574,14 +590,27 @@ def createPvtGw(self, vpc, ip_address, gateway, aclId, vlan): createPrivateGatewayCmd.aclid = aclId try: - privateGw = self.apiclient.createPrivateGateway(createPrivateGatewayCmd) + privateGw = self.apiclient.createPrivateGateway(createPrivateGatewayCmd) except Exception as e: self.fail("Failed to create Private Gateway ==> %s" % e) - self.assertIsNotNone(privateGw.id, "Failed to create ACL.") + self.assertIsNotNone(privateGw.id, "Failed to create Private Gateway.") return privateGw + def deletePvtGw(self, private_gw_id): + deletePrivateGatewayCmd = deletePrivateGateway.deletePrivateGatewayCmd() + deletePrivateGatewayCmd.id = private_gw_id + + privateGwResponse = None + try: + privateGwResponse = self.apiclient.deletePrivateGateway(deletePrivateGatewayCmd) + except Exception as e: + self.fail("Failed to create Private Gateway ==> %s" % e) + + self.assertIsNotNone(privateGwResponse, "Failed to Delete Private Gateway.") + self.assertTrue(privateGwResponse.success, "Failed to Delete Private Gateway.") + def replaceNetworkAcl(self, aclId, network): self.logger.debug("Replacing Network ACL with ACL ID ==> %s" % aclId) @@ -642,6 +671,9 @@ def create_natrule(self, vpc, virtual_machine, public_ip, network): return nat_rule def check_pvt_gw_connectivity(self, virtual_machine, public_ip, vms_ips): + sleep_time = 5 + succeeded_pings = 0 + minimum_vms_to_pass = 2 for vm_ip in vms_ips: ssh_command = "ping -c 3 %s" % vm_ip @@ -652,22 +684,25 @@ def check_pvt_gw_connectivity(self, virtual_machine, public_ip, vms_ips): ssh = virtual_machine.get_ssh_client(ipaddress=public_ip.ipaddress.ipaddress) + self.logger.debug("Sleeping for %s seconds in order to get the firewall applied..." % sleep_time) + time.sleep(sleep_time) + sleep_time += sleep_time + self.logger.debug("Ping to VM inside another Network Tier") result = str(ssh.execute(ssh_command)) self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("3 packets received"))) except Exception as e: self.fail("SSH Access failed for %s: %s" % \ - (vmObj.get_ip(), e) + (virtual_machine, e) ) - self.assertEqual( - result.count("3 packets received"), - 1, - "Ping to VM on Network Tier N from VM in Network Tier A should be successful" - ) + succeeded_pings += result.count("3 packets received") + - time.sleep(5) + self.assertTrue(succeeded_pings >= minimum_vms_to_pass, + "Ping to VM on Network Tier N from VM in Network Tier A should be successful at least for 2 out of 3 VMs" + ) def reboot_vpc_with_cleanup(self, vpc, cleanup = True): self.logger.debug("Restarting VPC %s with cleanup" % vpc.id) @@ -679,13 +714,20 @@ def reboot_vpc_with_cleanup(self, vpc, cleanup = True): cmd.makeredundant = False self.api_client.restartVPC(cmd) - def check_private_gateway_interfaces(self, routers): + def check_private_gateway_interfaces(self, status_to_check = "UP"): + routers = self.query_routers() + state_holder = {routers[0].linklocalip : {"state" : None, "mac" : None}, routers[1].linklocalip : {"state" : None, "mac" : None}} state = None mac = None for router in routers: - hosts = list_hosts(self.apiclient, id=router.hostid) + hosts = list_hosts( + self.apiclient, + zoneid=router.zoneid, + type='Routing', + state='Up', + id=router.hostid) self.assertEqual( isinstance(hosts, list), @@ -716,17 +758,26 @@ def check_private_gateway_interfaces(self, routers): except KeyError: self.skipTest("Provide a marvin config file with host credentials to run %s" % self._testMethodName) + state = str(state[0]) + mac = str(mac[0]) + self.logger.debug("Result from the Router on IP '%s' is -> state: '%s', mac: '%s'" % (router.linklocalip, state, mac)) state_holder[router.linklocalip]["state"] = str(state) state_holder[router.linklocalip]["mac"] = str(mac) - check_state = state_holder[routers[0].linklocalip]["state"].count(state_holder[routers[1].linklocalip]["state"]) - check_mac = state_holder[routers[0].linklocalip]["mac"].count(state_holder[routers[1].linklocalip]["mac"]) - self.assertTrue(check_state == 0, "Routers private gateway interface should not be on the same state!") - self.assertTrue(check_mac == 0, "Routers private gateway interface should not have the same mac address!") + if status_to_check == "UP": + check_state = state_holder[routers[0].linklocalip]["state"].count(state_holder[routers[1].linklocalip]["state"]) + check_mac = state_holder[routers[0].linklocalip]["mac"].count(state_holder[routers[1].linklocalip]["mac"]) + + self.assertTrue(check_state == 0, "Routers private gateway interface should not be on the same state!") + self.assertTrue(check_mac == 0, "Routers private gateway interface should not have the same mac address!") + else: + self.assertTrue(check_state == 1, "Routers private gateway interface should should have been removed!") + + def check_routers_state(self, status_to_check="MASTER", expected_count=1): + routers = self.query_routers() - def check_routers_state(self, routers, status_to_check="MASTER", expected_count=1): vals = ["MASTER", "BACKUP", "UNKNOWN"] cnts = [0, 0, 0] From 976d18f535fceef2201100ccca7a3e2eb74be660 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 9 Aug 2016 12:36:41 +0530 Subject: [PATCH 18/22] Cloudstack 9339: Virtual Routers do not handle Multiple Public Interfaces #1519 --- .../debian/config/opt/cloud/bin/configure.py | 4 + .../config/opt/cloud/bin/cs/CsAddress.py | 93 ++++++++++++------- .../config/opt/cloud/bin/cs/CsRedundant.py | 87 ++++++++++++----- 3 files changed, 126 insertions(+), 58 deletions(-) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index 416431f57b..d34e52e3ad 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -870,6 +870,10 @@ def processStaticNatRule(self, rule): device = self.getDeviceByIp(rule["public_ip"]) if device is None: raise Exception("Ip address %s has no device in the ips databag" % rule["public_ip"]) + self.fw.append(["mangle", "","-A PREROUTING -s %s/32 -m state --state NEW -j MARK --set-xmark 0x%s/0xffffffff" % \ + (rule["internal_ip"], device[len("eth"):])]) + self.fw.append(["mangle", "","-A PREROUTING -s %s/32 -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % \ + rule["internal_ip"]]) self.fw.append(["nat", "front", "-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])]) self.fw.append(["nat", "front", diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py index 8670cf1deb..b23e6466ee 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py @@ -28,6 +28,8 @@ from CsRule import CsRule VRRP_TYPES = ['guest'] +VPC_PUBLIC_INTERFACE = ['eth1'] +NETWORK_PUBLIC_INTERFACE = ['eth2'] class CsAddress(CsDataBag): @@ -288,14 +290,14 @@ def post_configure(self, address): """ The steps that must be done after a device is configured """ route = CsRoute() if not self.get_type() in ["control"]: - route.add_table(self.dev) - - CsRule(self.dev).addMark() - + if self.dev != 'eth0': + route.add_table(self.dev) + CsRule(self.dev).addMark() + self.set_mark() interfaces = [CsInterface(address, self.config)] CsHelper.reconfigure_interfaces(self.cl, interfaces) - self.set_mark() + self.check_is_up() self.arpPing() CsRpsrfs(self.dev).enable() @@ -305,23 +307,45 @@ def post_configure(self, address): if not self.config.is_vpc(): self.setup_router_control() - if self.config.is_vpc() or self.cl.is_redundant(): - # The code looks redundant here, but we actually have to cater for routers and - # VPC routers in a different manner. Please do not remove this block otherwise - # The VPC default route will be broken. - if self.get_type() in ["public"] and address["device"] == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]: - gateway = str(address["gateway"]) - route.add_defaultroute(gateway) + try: + if str(address["gateway"]) == "None": + raise ValueError + except (KeyError, ValueError): + logging.debug("IP %s was not provided with a gateway." % self.ip()) else: - # once we start processing public ip's we need to verify there - # is a default route and add if needed - if(self.cl.get_gateway()): - route.add_defaultroute(self.cl.get_gateway()) + if self.get_type() in ["public"]: + if self.config.is_vpc(): + main_public_nic = VPC_PUBLIC_INTERFACE + else: + main_public_nic = NETWORK_PUBLIC_INTERFACE + + if self.dev in main_public_nic: + logging.debug("IP %s has the gateway %s that should be in the main routing table." % \ + (self.ip(), address["gateway"])) + route.add_defaultroute(address["gateway"]) + else: + logging.debug("IP %s has the gateway %s that is not intended for the main routing table." % \ + (self.ip(), address["gateway"])) + + + def check_is_up(self): + """ Ensure device is up """ + cmd = "ip link show %s | grep 'state DOWN'" % self.getDevice() + for i in CsHelper.execute(cmd): + if " DOWN " in i: + cmd2 = "ip link set %s up" % self.getDevice() + # All interfaces should be up on non-redundant or master routers + if not self.cl.is_redundant() or self.cl.is_master(): + CsHelper.execute(cmd2) + # only bring up non-public interfaces on backup redundant routers + elif not self.is_public(): + CsHelper.execute(cmd2) def set_mark(self): - cmd = "-A PREROUTING -i %s -m state --state NEW -j CONNMARK --set-xmark %s/0xffffffff" % \ - (self.getDevice(), self.dnum) - self.fw.append(["mangle", "", cmd]) + if self.get_type() in ['public']: + cmd = "-A PREROUTING -i %s -m state --state NEW -j CONNMARK --set-xmark %s/0xffffffff" % \ + (self.getDevice(), self.dnum) + self.fw.append(["mangle", "", cmd]) def get_type(self): """ Return the type of the IP @@ -357,10 +381,11 @@ def setup_router_control(self): def fw_router(self): if self.config.is_vpc(): return - self.fw.append(["mangle", "front", "-A PREROUTING " + + restore_mark = ["mangle", "front", "-A PREROUTING " + "-m state --state RELATED,ESTABLISHED " + - "-j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff"]) - + "-j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff"] + if restore_mark not in self.fw: + self.fw.append(restore_mark) if self.get_type() in ["public"]: self.fw.append(["mangle", "front", "-A PREROUTING " + @@ -387,7 +412,10 @@ def fw_router(self): "-j CONNMARK --set-xmark %s/0xffffffff" % self.dnum]) self.fw.append( ["mangle", "", "-A FIREWALL_%s -j DROP" % self.address['public_ip']]) - + self.fw.append( + ["filter", "", "-A FORWARD -i %s -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT" % self.dev]) + self.fw.append( + ["filter", "", "-A FORWARD -i eth0 -o %s -j FW_OUTBOUND" % self.dev]) self.fw.append(["filter", "", "-A INPUT -d 224.0.0.18/32 -j ACCEPT"]) self.fw.append(["filter", "", "-A INPUT -d 225.0.0.50/32 -j ACCEPT"]) self.fw.append(["filter", "", "-A INPUT -i %s -m state --state RELATED,ESTABLISHED -j ACCEPT" % @@ -410,23 +438,16 @@ def fw_router(self): ["filter", "", "-A FORWARD -i %s -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT" % self.dev]) self.fw.append( ["filter", "", "-A FORWARD -i %s -o %s -m state --state NEW -j ACCEPT" % (self.dev, self.dev)]) - self.fw.append( - ["filter", "", "-A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT"]) self.fw.append( ["filter", "", "-A FORWARD -i eth0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT"]) - self.fw.append( - ["filter", "", "-A FORWARD -i eth0 -o eth2 -j FW_OUTBOUND"]) - self.fw.append(["mangle", "", - "-A PREROUTING -i %s -m state --state NEW " % self.dev + - "-j CONNMARK --set-xmark %s/0xffffffff" % self.dnum]) - + self.fw.append(['', 'front', '-A FORWARD -j NETWORK_STATS']) self.fw.append(['', 'front', '-A INPUT -j NETWORK_STATS']) self.fw.append(['', 'front', '-A OUTPUT -j NETWORK_STATS']) - self.fw.append(['', '', '-A NETWORK_STATS -i eth0 -o eth2']) - self.fw.append(['', '', '-A NETWORK_STATS -i eth2 -o eth0']) - self.fw.append(['', '', '-A NETWORK_STATS -o eth2 ! -i eth0 -p tcp']) - self.fw.append(['', '', '-A NETWORK_STATS -i eth2 ! -o eth0 -p tcp']) + self.fw.append(['', '', '-A NETWORK_STATS -i eth0 -o %s' % self.dev]) + self.fw.append(['', '', '-A NETWORK_STATS -i %s -o eth0' % self.dev]) + self.fw.append(['', '', '-A NETWORK_STATS -o %s ! -i eth0 -p tcp' % self.dev]) + self.fw.append(['', '', '-A NETWORK_STATS -i %s ! -o eth0 -p tcp' % self.dev]) def fw_vpcrouter(self): if not self.config.is_vpc(): @@ -507,6 +528,8 @@ def post_config_change(self, method): route = CsRoute() if method == "add": route.add_table(self.dev) + if "gateway" in self.address and self.address["gateway"] != "None": + route.add_route(self.dev, "default via %s" % self.address["gateway"]) route.add_route(self.dev, str(self.address["network"])) elif method == "delete": logging.warn("delete route not implemented") diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py index f1ab5f785d..547ff2b6e7 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py @@ -36,7 +36,7 @@ from CsFile import CsFile from CsProcess import CsProcess from CsApp import CsPasswdSvc -from CsAddress import CsDevice +from CsAddress import CsDevice, VPC_PUBLIC_INTERFACE, NETWORK_PUBLIC_INTERFACE from CsRoute import CsRoute from CsStaticRoutes import CsStaticRoutes import socket @@ -296,28 +296,7 @@ def set_master(self): self.set_lock() logging.debug("Setting router to master") - dev = '' - interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()] - route = CsRoute() - for interface in interfaces: - if dev == interface.get_device(): - continue - dev = interface.get_device() - logging.info("Will proceed configuring device ==> %s" % dev) - cmd = "ip link set %s up" % dev - if CsDevice(dev, self.config).waitfordevice(): - CsHelper.execute(cmd) - logging.info("Bringing public interface %s up" % dev) - - try: - gateway = interface.get_gateway() - logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev)) - if dev == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]: - route.add_defaultroute(gateway) - except: - logging.error("ERROR getting gateway from device %s" % dev) - else: - logging.error("Device %s was not ready could not bring it up" % dev) + self._bring_public_interfaces_up() logging.debug("Configuring static routes") static_routes = CsStaticRoutes("staticroutes", self.config) @@ -342,6 +321,68 @@ def set_master(self): interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()] CsHelper.reconfigure_interfaces(self.cl, interfaces) logging.info("Router switched to master mode") + + def _bring_public_interfaces_up(self): + '''Brings up all public interfaces and adds routes to the + relevant routing tables. + ''' + + up = [] # devices we've already brought up + routes = [] # routes to be added + + is_link_up = "ip link show %s | grep 'state UP'" + set_link_up = "ip link set %s up" + add_route = "ip route add %s" + arping = "arping -c 1 -U %s -I %s" + + if self.config.is_vpc(): + default_gateway = VPC_PUBLIC_INTERFACE + else: + default_gateway = NETWORK_PUBLIC_INTERFACE + + public_ips = [ip for ip in self.address.get_ips() if ip.is_public()] + + for ip in public_ips: + address = ip.get_ip() + device = ip.get_device() + gateway = ip.get_gateway() + + logging.debug("Configuring device %s for IP %s" % (device, address)) + + if device in up: + logging.debug("Device %s already configured. Skipping..." % device) + continue + + if not CsDevice(device, self.config).waitfordevice(): + logging.error("Device %s was not ready could not bring it up." % device) + continue + + if CsHelper.execute(is_link_up % device): + logging.warn("Device %s was found already up. Assuming routes need configuring.") + up.append(device) + else: + logging.info("Bringing public interface %s up" % device) + CsHelper.execute(set_link_up % device) + + logging.debug("Collecting routes for interface %s" % device) + routes.append("default via %s dev %s table Table_%s" % (gateway, device, device)) + + if device in default_gateway: + logging.debug("Determined that the gateway for %s should be in the main routing table." % device) + routes.insert(0, "default via %s dev %s" % (gateway, device)) + + up.append(device) + + logging.info("Adding all collected routes.") + for route in routes: + CsHelper.execute(add_route % route) + + logging.info("Sending gratuitous ARP for each Public IP...") + for ip in public_ips: + address = ip.get_ip() + device = ip.get_device() + CsHelper.execute(arping % (address, device)) + def _collect_ignore_ips(self): """ From 4f999d7d6d9fda4ed061bcdcfc1a7e5b0c3ed7ac Mon Sep 17 00:00:00 2001 From: David Amorim Faria Date: Wed, 10 Feb 2016 16:46:03 +0100 Subject: [PATCH 19/22] CLOUDSTACK-9283: add pid to java arguments in systemd/cloudstack-usage.service --- packaging/systemd/cloudstack-usage.service | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packaging/systemd/cloudstack-usage.service b/packaging/systemd/cloudstack-usage.service index 9a1827da61..d80aba6f6f 100644 --- a/packaging/systemd/cloudstack-usage.service +++ b/packaging/systemd/cloudstack-usage.service @@ -27,10 +27,11 @@ Environment=JAVA_HOME=/usr/lib/jvm/jre Environment=JAVA_HEAP_INITIAL=256m Environment=JAVA_HEAP_MAX=2048m Environment=JAVA_CLASS=com.cloud.usage.UsageServer +Environment=JAVA_PID=$$ ExecStart=/bin/sh -ec '\ export UCP=`ls /usr/share/cloudstack-usage/cloud-usage-*.jar /usr/share/cloudstack-usage/lib/*.jar | tr "\\n" ":"`; \ export CLASSPATH="$UCP:/etc/cloudstack/usage:/usr/share/java/mysql-connector-java.jar"; \ - ${JAVA_HOME}/bin/java -Xms${JAVA_HEAP_INITIAL} -Xmx${JAVA_HEAP_MAX} -cp "$CLASSPATH" $JAVA_CLASS' + ${JAVA_HOME}/bin/java -Dpid=${JAVA_PID} -Xms${JAVA_HEAP_INITIAL} -Xmx${JAVA_HEAP_MAX} -cp "$CLASSPATH" $JAVA_CLASS' Restart=always RestartSec=10s From db9a36975ab6e739fdf7ebb307a3d49a4b8c908e Mon Sep 17 00:00:00 2001 From: Olivier Lemasle Date: Wed, 20 Apr 2016 15:25:17 +0200 Subject: [PATCH 20/22] CLOUDSTACK-9358: StringIndexOutOfBoundsException on events #1503 --- server/src/com/cloud/api/ApiServer.java | 336 ++++++++++++------------ 1 file changed, 170 insertions(+), 166 deletions(-) diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index e5ae09725b..ad75d98b24 100644 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -16,45 +16,45 @@ // under the License. package com.cloud.api; -import com.cloud.api.dispatch.DispatchChainFactory; -import com.cloud.api.dispatch.DispatchTask; -import com.cloud.api.response.ApiResponseSerializer; -import com.cloud.configuration.Config; -import com.cloud.domain.Domain; -import com.cloud.domain.DomainVO; -import com.cloud.domain.dao.DomainDao; -import com.cloud.event.ActionEventUtils; -import com.cloud.event.EventCategory; -import com.cloud.event.EventTypes; -import com.cloud.exception.AccountLimitException; -import com.cloud.exception.CloudAuthenticationException; -import com.cloud.exception.InsufficientCapacityException; -import com.cloud.exception.InvalidParameterValueException; -import com.cloud.exception.PermissionDeniedException; -import com.cloud.exception.RequestLimitException; -import com.cloud.exception.ResourceAllocationException; -import com.cloud.exception.ResourceUnavailableException; -import com.cloud.user.Account; -import com.cloud.user.AccountManager; -import com.cloud.user.DomainManager; -import com.cloud.user.User; -import com.cloud.user.UserAccount; -import com.cloud.user.UserVO; -import com.cloud.utils.ConstantTimeComparator; -import com.cloud.utils.HttpUtils; -import com.cloud.utils.NumbersUtil; -import com.cloud.utils.Pair; -import com.cloud.utils.StringUtils; -import com.cloud.utils.component.ComponentContext; -import com.cloud.utils.component.ManagerBase; -import com.cloud.utils.component.PluggableService; -import com.cloud.utils.concurrency.NamedThreadFactory; -import com.cloud.utils.db.EntityManager; -import com.cloud.utils.db.SearchCriteria; -import com.cloud.utils.db.TransactionLegacy; -import com.cloud.utils.db.UUIDManager; -import com.cloud.utils.exception.CloudRuntimeException; -import com.cloud.utils.exception.ExceptionProxyObject; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InterruptedIOException; +import java.lang.reflect.Type; +import java.net.InetAddress; +import java.net.ServerSocket; +import java.net.Socket; +import java.net.URI; +import java.net.URISyntaxException; +import java.net.URLEncoder; +import java.security.SecureRandom; +import java.text.DateFormat; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.TimeZone; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.LinkedBlockingQueue; +import java.util.concurrent.ThreadPoolExecutor; +import java.util.concurrent.TimeUnit; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.crypto.Mac; +import javax.crypto.spec.SecretKeySpec; +import javax.inject.Inject; +import javax.naming.ConfigurationException; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + import org.apache.cloudstack.acl.APIChecker; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; @@ -138,83 +138,88 @@ import org.springframework.beans.factory.NoSuchBeanDefinitionException; import org.springframework.stereotype.Component; -import javax.crypto.Mac; -import javax.crypto.spec.SecretKeySpec; -import javax.inject.Inject; -import javax.naming.ConfigurationException; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InterruptedIOException; -import java.net.InetAddress; -import java.net.ServerSocket; -import java.net.Socket; -import java.net.URI; -import java.net.URISyntaxException; -import java.net.URLEncoder; -import java.security.SecureRandom; -import java.text.DateFormat; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.TimeZone; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.LinkedBlockingQueue; -import java.util.concurrent.ThreadPoolExecutor; -import java.util.concurrent.TimeUnit; -import java.util.regex.Matcher; -import java.util.regex.Pattern; +import com.cloud.api.dispatch.DispatchChainFactory; +import com.cloud.api.dispatch.DispatchTask; +import com.cloud.api.response.ApiResponseSerializer; +import com.cloud.configuration.Config; +import com.cloud.domain.Domain; +import com.cloud.domain.DomainVO; +import com.cloud.domain.dao.DomainDao; +import com.cloud.event.ActionEventUtils; +import com.cloud.event.EventCategory; +import com.cloud.event.EventTypes; +import com.cloud.exception.AccountLimitException; +import com.cloud.exception.CloudAuthenticationException; +import com.cloud.exception.InsufficientCapacityException; +import com.cloud.exception.InvalidParameterValueException; +import com.cloud.exception.PermissionDeniedException; +import com.cloud.exception.RequestLimitException; +import com.cloud.exception.ResourceAllocationException; +import com.cloud.exception.ResourceUnavailableException; +import com.cloud.user.Account; +import com.cloud.user.AccountManager; +import com.cloud.user.DomainManager; +import com.cloud.user.User; +import com.cloud.user.UserAccount; +import com.cloud.user.UserVO; +import com.cloud.utils.ConstantTimeComparator; +import com.cloud.utils.HttpUtils; +import com.cloud.utils.NumbersUtil; +import com.cloud.utils.Pair; +import com.cloud.utils.StringUtils; +import com.cloud.utils.component.ComponentContext; +import com.cloud.utils.component.ManagerBase; +import com.cloud.utils.component.PluggableService; +import com.cloud.utils.concurrency.NamedThreadFactory; +import com.cloud.utils.db.EntityManager; +import com.cloud.utils.db.SearchCriteria; +import com.cloud.utils.db.TransactionLegacy; +import com.cloud.utils.db.UUIDManager; +import com.cloud.utils.exception.CloudRuntimeException; +import com.cloud.utils.exception.ExceptionProxyObject; +import com.google.gson.reflect.TypeToken; @Component public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiServerService { private static final Logger s_logger = Logger.getLogger(ApiServer.class.getName()); private static final Logger s_accessLogger = Logger.getLogger("apiserver." + ApiServer.class.getName()); - public static boolean encodeApiResponse = false; - public static boolean s_enableSecureCookie = false; - public static String s_jsonContentType = HttpUtils.JSON_CONTENT_TYPE; + private static boolean encodeApiResponse = false; + private boolean enableSecureCookie = false; + private String jsonContentType = HttpUtils.JSON_CONTENT_TYPE; /** * Non-printable ASCII characters - numbers 0 to 31 and 127 decimal */ - public static final String CONTROL_CHARACTERS = "[\000-\011\013-\014\016-\037\177]"; + private static final String CONTROL_CHARACTERS = "[\000-\011\013-\014\016-\037\177]"; @Inject - protected ApiDispatcher _dispatcher; + private ApiDispatcher dispatcher; @Inject - protected DispatchChainFactory dispatchChainFactory; + private DispatchChainFactory dispatchChainFactory; @Inject - private AccountManager _accountMgr; + private AccountManager accountMgr; @Inject - private DomainManager _domainMgr; + private DomainManager domainMgr; @Inject - private DomainDao _domainDao; + private DomainDao domainDao; @Inject - private UUIDManager _uuidMgr; + private UUIDManager uuidMgr; @Inject - private AsyncJobManager _asyncMgr; + private AsyncJobManager asyncMgr; @Inject - private ConfigurationDao _configDao; + private ConfigurationDao configDao; @Inject - private EntityManager _entityMgr; + private EntityManager entityMgr; @Inject - APIAuthenticationManager _authManager; + private APIAuthenticationManager authManager; + + private List pluggableServices; - List _pluggableServices; - List _apiAccessCheckers; + private List apiAccessCheckers; @Inject - protected ApiAsyncJobDispatcher _asyncDispatcher; + private ApiAsyncJobDispatcher asyncDispatcher; private static int s_workerCount = 0; private static final DateFormat DateFormatToUse = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ"); @@ -223,19 +228,16 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer private static ExecutorService s_executor = new ThreadPoolExecutor(10, 150, 60, TimeUnit.SECONDS, new LinkedBlockingQueue(), new NamedThreadFactory( "ApiServer")); @Inject - MessageBus _messageBus; - - public ApiServer() { - } + private MessageBus messageBus; @Override public boolean configure(final String name, final Map params) throws ConfigurationException { - _messageBus.subscribe(AsyncJob.Topics.JOB_EVENT_PUBLISH, MessageDispatcher.getDispatcher(this)); + messageBus.subscribe(AsyncJob.Topics.JOB_EVENT_PUBLISH, MessageDispatcher.getDispatcher(this)); return true; } @MessageHandler(topic = AsyncJob.Topics.JOB_EVENT_PUBLISH) - private void handleAsyncJobPublishEvent(String subject, String senderAddress, Object args) { + public void handleAsyncJobPublishEvent(String subject, String senderAddress, Object args) { assert (args != null); @SuppressWarnings("unchecked") @@ -257,17 +259,18 @@ private void handleAsyncJobPublishEvent(String subject, String senderAddress, Ob return; } - User userJobOwner = _accountMgr.getUserIncludingRemoved(job.getUserId()); - Account jobOwner = _accountMgr.getAccount(userJobOwner.getAccountId()); + User userJobOwner = accountMgr.getUserIncludingRemoved(job.getUserId()); + Account jobOwner = accountMgr.getAccount(userJobOwner.getAccountId()); // Get the event type from the cmdInfo json string String info = job.getCmdInfo(); String cmdEventType = "unknown"; if (info != null) { - String marker = "\"cmdEventType\""; - int begin = info.indexOf(marker); - if (begin >= 0) { - cmdEventType = info.substring(begin + marker.length() + 2, info.indexOf(",", begin) - 1); + Type type = new TypeToken>(){}.getType(); + Map cmdInfo = ApiGsonHelper.getBuilder().create().fromJson(info, type); + String eventTypeObj = cmdInfo.get("cmdEventType"); + if (eventTypeObj != null) { + cmdEventType = eventTypeObj; if (s_logger.isDebugEnabled()) s_logger.debug("Retrieved cmdEventType from job info: " + cmdEventType); @@ -296,9 +299,9 @@ private void handleAsyncJobPublishEvent(String subject, String senderAddress, Ob eventDescription.put("cmdInfo", job.getCmdInfo()); eventDescription.put("status", "" + job.getStatus() ); // If the event.accountinfo boolean value is set, get the human readable value for the username / domainname - Map configs = _configDao.getConfiguration("management-server", new HashMap()); + Map configs = configDao.getConfiguration("management-server", new HashMap()); if (Boolean.valueOf(configs.get("event.accountinfo"))) { - DomainVO domain = _domainDao.findById(jobOwner.getDomainId()); + DomainVO domain = domainDao.findById(jobOwner.getDomainId()); eventDescription.put("username", userJobOwner.getUsername()); eventDescription.put("accountname", jobOwner.getAccountName()); eventDescription.put("domainname", domain.getName()); @@ -316,9 +319,9 @@ private void handleAsyncJobPublishEvent(String subject, String senderAddress, Ob @Override public boolean start() { Integer apiPort = null; // api port, null by default - final SearchCriteria sc = _configDao.createSearchCriteria(); + final SearchCriteria sc = configDao.createSearchCriteria(); sc.addAnd("name", SearchCriteria.Op.EQ, Config.IntegrationAPIPort.key()); - final List values = _configDao.search(sc, null); + final List values = configDao.search(sc, null); if ((values != null) && (values.size() > 0)) { final ConfigurationVO apiPortConfig = values.get(0); if (apiPortConfig.getValue() != null) { @@ -326,19 +329,19 @@ public boolean start() { } } - final Map configs = _configDao.getConfiguration(); + final Map configs = configDao.getConfiguration(); final String strSnapshotLimit = configs.get(Config.ConcurrentSnapshotsThresholdPerHost.key()); if (strSnapshotLimit != null) { final Long snapshotLimit = NumbersUtil.parseLong(strSnapshotLimit, 1L); if (snapshotLimit.longValue() <= 0) { s_logger.debug("Global config parameter " + Config.ConcurrentSnapshotsThresholdPerHost.toString() + " is less or equal 0; defaulting to unlimited"); } else { - _dispatcher.setCreateSnapshotQueueSizeLimit(snapshotLimit); + dispatcher.setCreateSnapshotQueueSizeLimit(snapshotLimit); } } final Set> cmdClasses = new HashSet>(); - for (final PluggableService pluggableService : _pluggableServices) { + for (final PluggableService pluggableService : pluggableServices) { cmdClasses.addAll(pluggableService.getCommands()); if (s_logger.isDebugEnabled()) { s_logger.debug("Discovered plugin " + pluggableService.getClass().getSimpleName()); @@ -361,14 +364,14 @@ public boolean start() { } - setEncodeApiResponse(Boolean.valueOf(_configDao.getValue(Config.EncodeApiResponse.key()))); - final String jsonType = _configDao.getValue(Config.JSONDefaultContentType.key()); + setEncodeApiResponse(Boolean.valueOf(configDao.getValue(Config.EncodeApiResponse.key()))); + final String jsonType = configDao.getValue(Config.JSONDefaultContentType.key()); if (jsonType != null) { - s_jsonContentType = jsonType; + jsonContentType = jsonType; } - final Boolean enableSecureSessionCookie = Boolean.valueOf(_configDao.getValue(Config.EnableSecureSessionCookie.key())); + final Boolean enableSecureSessionCookie = Boolean.valueOf(configDao.getValue(Config.EnableSecureSessionCookie.key())); if (enableSecureSessionCookie != null) { - s_enableSecureCookie = enableSecureSessionCookie; + enableSecureCookie = enableSecureSessionCookie; } if (apiPort != null) { @@ -429,7 +432,7 @@ public void handle(final HttpRequest request, final HttpResponse response, final try { // always trust commands from API port, user context will always be UID_SYSTEM/ACCOUNT_ID_SYSTEM - CallContext.register(_accountMgr.getSystemUser(), _accountMgr.getSystemAccount()); + CallContext.register(accountMgr.getSystemUser(), accountMgr.getSystemAccount()); sb.insert(0, "(userId=" + User.UID_SYSTEM + " accountId=" + Account.ACCOUNT_ID_SYSTEM + " sessionId=" + null + ") "); final String responseText = handleRequest(parameterMap, responseType, sb); sb.append(" 200 " + ((responseText == null) ? 0 : responseText.length())); @@ -494,7 +497,7 @@ public String handleRequest(final Map params, final String responseType, final S throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, "Invalid request, no command sent"); } else { // Don't allow Login/Logout APIs to go past this point - if (_authManager.getAPIAuthenticator(command[0]) != null) { + if (authManager.getAPIAuthenticator(command[0]) != null) { return null; } final Map paramMap = new HashMap(); @@ -562,7 +565,7 @@ public String handleRequest(final Map params, final String responseType, final S } catch (final InsufficientCapacityException ex) { s_logger.info(ex.getMessage()); String errorMsg = ex.getMessage(); - if (!_accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())) { + if (!accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())) { // hide internal details to non-admin user for security reason errorMsg = BaseCmd.USER_ERROR_MESSAGE; } @@ -573,7 +576,7 @@ public String handleRequest(final Map params, final String responseType, final S } catch (final ResourceUnavailableException ex) { s_logger.info(ex.getMessage()); String errorMsg = ex.getMessage(); - if (!_accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())) { + if (!accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())) { // hide internal details to non-admin user for security reason errorMsg = BaseCmd.USER_ERROR_MESSAGE; } @@ -584,7 +587,7 @@ public String handleRequest(final Map params, final String responseType, final S } catch (final Exception ex) { s_logger.error("unhandled exception executing api command: " + ((command == null) ? "null" : command), ex); String errorMsg = ex.getMessage(); - if (!_accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())) { + if (!accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())) { // hide internal details to non-admin user for security reason errorMsg = BaseCmd.USER_ERROR_MESSAGE; } @@ -597,7 +600,7 @@ public String handleRequest(final Map params, final String responseType, final S private String getBaseAsyncResponse(final long jobId, final BaseAsyncCmd cmd) { final AsyncJobResponse response = new AsyncJobResponse(); - final AsyncJob job = _entityMgr.findById(AsyncJob.class, jobId); + final AsyncJob job = entityMgr.findById(AsyncJob.class, jobId); response.setJobId(job.getUuid()); response.setResponseName(cmd.getCommandName()); return ApiResponseSerializer.toSerializedString(response, cmd.getResponseType()); @@ -605,7 +608,7 @@ private String getBaseAsyncResponse(final long jobId, final BaseAsyncCmd cmd) { private String getBaseAsyncCreateResponse(final long jobId, final BaseAsyncCreateCmd cmd, final String objectUuid) { final CreateCmdResponse response = new CreateCmdResponse(); - final AsyncJob job = _entityMgr.findById(AsyncJob.class, jobId); + final AsyncJob job = entityMgr.findById(AsyncJob.class, jobId); response.setJobId(job.getUuid()); response.setId(objectUuid); response.setResponseName(cmd.getCommandName()); @@ -626,7 +629,7 @@ private String queueCommand(final BaseCmd cmdObj, final Map para String objectUuid = null; if (cmdObj instanceof BaseAsyncCreateCmd) { final BaseAsyncCreateCmd createCmd = (BaseAsyncCreateCmd)cmdObj; - _dispatcher.dispatchCreateCmd(createCmd, params); + dispatcher.dispatchCreateCmd(createCmd, params); objectId = createCmd.getEntityId(); objectUuid = createCmd.getEntityUuid(); params.put("id", objectId.toString()); @@ -671,31 +674,38 @@ private String queueCommand(final BaseCmd cmdObj, final Map para // users can provide the job id they want to use, so log as it is a uuid and is unique String injectedJobId = asyncCmd.getInjectedJobId(); - _uuidMgr.checkUuidSimple(injectedJobId, AsyncJob.class); + uuidMgr.checkUuidSimple(injectedJobId, AsyncJob.class); AsyncJobVO job = new AsyncJobVO("", callerUserId, caller.getId(), cmdObj.getClass().getName(), ApiGsonHelper.getBuilder().create().toJson(params), instanceId, asyncCmd.getInstanceType() != null ? asyncCmd.getInstanceType().toString() : null, - injectedJobId); - job.setDispatcher(_asyncDispatcher.getName()); + injectedJobId); + job.setDispatcher(asyncDispatcher.getName()); - final long jobId = _asyncMgr.submitAsyncJob(job); + final long jobId = asyncMgr.submitAsyncJob(job); if (jobId == 0L) { final String errorMsg = "Unable to schedule async job for command " + job.getCmd(); s_logger.warn(errorMsg); throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, errorMsg); } - + final String response; if (objectId != null) { final String objUuid = (objectUuid == null) ? objectId.toString() : objectUuid; - return getBaseAsyncCreateResponse(jobId, (BaseAsyncCreateCmd)asyncCmd, objUuid); + response = getBaseAsyncCreateResponse(jobId, (BaseAsyncCreateCmd)asyncCmd, objUuid); } else { SerializationContext.current().setUuidTranslation(true); - return getBaseAsyncResponse(jobId, asyncCmd); + response = getBaseAsyncResponse(jobId, asyncCmd); } + // Always log response for async for now, I don't think any sensitive data will be in here. + // It might be nice to send this through scrubbing similar to how + // ApiResponseSerializer.toSerializedStringWithSecureLogs works. For now, this gets jobid's + // in the api logs. + log.append(response); + return response; + } else { - _dispatcher.dispatch(cmdObj, params, false); + dispatcher.dispatch(cmdObj, params, false); // if the command is of the listXXXCommand, we will need to also return the // the job id and status if possible @@ -723,10 +733,10 @@ private void buildAsyncListResponse(final BaseListCmd command, final Account acc List jobs = null; // list all jobs for ROOT admin - if (_accountMgr.isRootAdmin(account.getId())) { - jobs = _asyncMgr.findInstancePendingAsyncJobs(command.getInstanceType().toString(), null); + if (accountMgr.isRootAdmin(account.getId())) { + jobs = asyncMgr.findInstancePendingAsyncJobs(command.getInstanceType().toString(), null); } else { - jobs = _asyncMgr.findInstancePendingAsyncJobs(command.getInstanceType().toString(), account.getId()); + jobs = asyncMgr.findInstancePendingAsyncJobs(command.getInstanceType().toString(), account.getId()); } if (jobs.size() == 0) { @@ -871,7 +881,7 @@ public boolean verifyRequest(final Map requestParameters, fina txn.close(); User user = null; // verify there is a user with this api key - final Pair userAcctPair = _accountMgr.findUserByApiKey(apiKey); + final Pair userAcctPair = accountMgr.findUserByApiKey(apiKey); if (userAcctPair == null) { s_logger.debug("apiKey does not map to a valid user -- ignoring request, apiKey: " + apiKey); return false; @@ -931,7 +941,7 @@ public boolean verifyRequest(final Map requestParameters, fina @Override public Long fetchDomainId(final String domainUUID) { - final Domain domain = _domainMgr.getDomain(domainUUID); + final Domain domain = domainMgr.getDomain(domainUUID); if (domain != null) return domain.getId(); else @@ -997,7 +1007,7 @@ public ResponseObject loginUser(final HttpSession session, final String username if (domainPath == null || domainPath.trim().length() == 0) { domainId = Domain.ROOT_DOMAIN; } else { - final Domain domainObj = _domainMgr.findDomainByPath(domainPath); + final Domain domainObj = domainMgr.findDomainByPath(domainPath); if (domainObj != null) { domainId = domainObj.getId(); } else { // if an unknown path is passed in, fail the login call @@ -1006,7 +1016,7 @@ public ResponseObject loginUser(final HttpSession session, final String username } } - final UserAccount userAcct = _accountMgr.authenticateUser(username, password, domainId, loginIpAddress, requestParameters); + final UserAccount userAcct = accountMgr.authenticateUser(username, password, domainId, loginIpAddress, requestParameters); if (userAcct != null) { final String timezone = userAcct.getTimezone(); float offsetInHrs = 0f; @@ -1021,11 +1031,11 @@ public ResponseObject loginUser(final HttpSession session, final String username s_logger.info("Timezone offset from UTC is: " + offsetInHrs); } - final Account account = _accountMgr.getAccount(userAcct.getAccountId()); + final Account account = accountMgr.getAccount(userAcct.getAccountId()); // set the userId and account object for everyone session.setAttribute("userid", userAcct.getId()); - final UserVO user = (UserVO)_accountMgr.getActiveUser(userAcct.getId()); + final UserVO user = (UserVO)accountMgr.getActiveUser(userAcct.getId()); if (user.getUuid() != null) { session.setAttribute("user_UUID", user.getUuid()); } @@ -1037,7 +1047,7 @@ public ResponseObject loginUser(final HttpSession session, final String username session.setAttribute("account", account.getAccountName()); session.setAttribute("domainid", account.getDomainId()); - final DomainVO domain = (DomainVO)_domainMgr.getDomain(account.getDomainId()); + final DomainVO domain = (DomainVO)domainMgr.getDomain(account.getDomainId()); if (domain.getUuid() != null) { session.setAttribute("domain_UUID", domain.getUuid()); } @@ -1066,16 +1076,16 @@ public ResponseObject loginUser(final HttpSession session, final String username @Override public void logoutUser(final long userId) { - _accountMgr.logoutUser(userId); + accountMgr.logoutUser(userId); return; } @Override public boolean verifyUser(final Long userId) { - final User user = _accountMgr.getUserIncludingRemoved(userId); + final User user = accountMgr.getUserIncludingRemoved(userId); Account account = null; if (user != null) { - account = _accountMgr.getAccount(user.getAccountId()); + account = accountMgr.getAccount(user.getAccountId()); } if ((user == null) || (user.getRemoved() != null) || !user.getState().equals(Account.State.enabled) || (account == null) || @@ -1091,7 +1101,7 @@ private void checkCommandAvailable(final User user, final String commandName) th throw new PermissionDeniedException("User is null for role based API access check for command" + commandName); } - for (final APIChecker apiChecker : _apiAccessCheckers) { + for (final APIChecker apiChecker : apiAccessCheckers) { apiChecker.checkAccess(user, commandName); } } @@ -1107,7 +1117,7 @@ else if (cmdList.size() == 1) // determine the cmd class based on calling context ResponseView view = ResponseView.Restricted; if (CallContext.current() != null - && _accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())) { + && accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())) { view = ResponseView.Full; } for (Class cmdClass : cmdList) { @@ -1175,10 +1185,10 @@ public ListenerThread(final ApiServer requestHandler, final int port) { _params = new BasicHttpParams(); _params.setIntParameter(CoreConnectionPNames.SO_TIMEOUT, 30000) - .setIntParameter(CoreConnectionPNames.SOCKET_BUFFER_SIZE, 8 * 1024) - .setBooleanParameter(CoreConnectionPNames.STALE_CONNECTION_CHECK, false) - .setBooleanParameter(CoreConnectionPNames.TCP_NODELAY, true) - .setParameter(CoreProtocolPNames.ORIGIN_SERVER, "HttpComponents/1.1"); + .setIntParameter(CoreConnectionPNames.SOCKET_BUFFER_SIZE, 8 * 1024) + .setBooleanParameter(CoreConnectionPNames.STALE_CONNECTION_CHECK, false) + .setBooleanParameter(CoreConnectionPNames.TCP_NODELAY, true) + .setParameter(CoreProtocolPNames.ORIGIN_SERVER, "HttpComponents/1.1"); // Set up the HTTP protocol processor final BasicHttpProcessor httpproc = new BasicHttpProcessor(); @@ -1340,37 +1350,31 @@ public String getSerializedApiError(final ServerApiException ex, final Map getPluggableServices() { - return _pluggableServices; - } - @Inject public void setPluggableServices(final List pluggableServices) { - _pluggableServices = pluggableServices; - } - - public List getApiAccessCheckers() { - return _apiAccessCheckers; + this.pluggableServices = pluggableServices; } @Inject public void setApiAccessCheckers(final List apiAccessCheckers) { - _apiAccessCheckers = apiAccessCheckers; + this.apiAccessCheckers = apiAccessCheckers; } public static boolean isEncodeApiResponse() { - return encodeApiResponse; + return ApiServer.encodeApiResponse; } private static void setEncodeApiResponse(final boolean encodeApiResponse) { ApiServer.encodeApiResponse = encodeApiResponse; } - public static boolean isSecureSessionCookieEnabled() { - return s_enableSecureCookie; + @Override + public boolean isSecureSessionCookieEnabled() { + return enableSecureCookie; } - public static String getJSONContentType() { - return s_jsonContentType; + @Override + public String getJSONContentType() { + return jsonContentType; } } From 446a8b89b5cb51698cddc01d41f3e265691813d0 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 27 Sep 2016 16:32:11 +0530 Subject: [PATCH 21/22] client RVR update done --- .../config/opt/cloud/bin/cs/CsRedundant.py | 165 ++++++++++-------- 1 file changed, 95 insertions(+), 70 deletions(-) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py index 547ff2b6e7..b60fd4acfa 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py @@ -238,9 +238,7 @@ def set_fault(self): CsHelper.service("xl2tpd", "stop") CsHelper.service("dnsmasq", "stop") - interfaces = [interface for interface in self.address.get_interfaces() if interface.needs_vrrp()] - for interface in interfaces: - CsPasswdSvc(interface.get_gateway()).stop() + self._restart_password_server() self.cl.set_fault_state() self.cl.save() @@ -273,12 +271,10 @@ def set_backup(self): CsHelper.execute("%s -d" % cmd) CsHelper.service("ipsec", "stop") CsHelper.service("xl2tpd", "stop") - - interfaces = [interface for interface in self.address.get_interfaces() if interface.needs_vrrp()] - for interface in interfaces: - CsPasswdSvc(interface.get_gateway()).stop() CsHelper.service("dnsmasq", "stop") + self._restart_password_server() + self.cl.set_master_state(False) self.cl.save() self.release_lock() @@ -309,11 +305,10 @@ def set_master(self): CsHelper.execute("%s -B" % cmd) CsHelper.service("ipsec", "restart") CsHelper.service("xl2tpd", "restart") - interfaces = [interface for interface in self.address.get_interfaces() if interface.needs_vrrp()] - for interface in interfaces: - CsPasswdSvc(interface.get_gateway()).restart() - CsHelper.service("dnsmasq", "restart") + + self._restart_password_server() + self.cl.set_master_state(True) self.cl.save() self.release_lock() @@ -321,68 +316,98 @@ def set_master(self): interfaces = [interface for interface in self.address.get_interfaces() if interface.is_public()] CsHelper.reconfigure_interfaces(self.cl, interfaces) logging.info("Router switched to master mode") - + + def _bring_public_interfaces_up(self): '''Brings up all public interfaces and adds routes to the relevant routing tables. - ''' - - up = [] # devices we've already brought up - routes = [] # routes to be added - - is_link_up = "ip link show %s | grep 'state UP'" - set_link_up = "ip link set %s up" - add_route = "ip route add %s" - arping = "arping -c 1 -U %s -I %s" - - if self.config.is_vpc(): - default_gateway = VPC_PUBLIC_INTERFACE - else: - default_gateway = NETWORK_PUBLIC_INTERFACE - - public_ips = [ip for ip in self.address.get_ips() if ip.is_public()] - - for ip in public_ips: - address = ip.get_ip() - device = ip.get_device() - gateway = ip.get_gateway() - - logging.debug("Configuring device %s for IP %s" % (device, address)) - - if device in up: - logging.debug("Device %s already configured. Skipping..." % device) - continue - - if not CsDevice(device, self.config).waitfordevice(): - logging.error("Device %s was not ready could not bring it up." % device) - continue - - if CsHelper.execute(is_link_up % device): - logging.warn("Device %s was found already up. Assuming routes need configuring.") - up.append(device) - else: - logging.info("Bringing public interface %s up" % device) - CsHelper.execute(set_link_up % device) - - logging.debug("Collecting routes for interface %s" % device) - routes.append("default via %s dev %s table Table_%s" % (gateway, device, device)) - - if device in default_gateway: - logging.debug("Determined that the gateway for %s should be in the main routing table." % device) - routes.insert(0, "default via %s dev %s" % (gateway, device)) - - up.append(device) - - logging.info("Adding all collected routes.") - for route in routes: - CsHelper.execute(add_route % route) - - logging.info("Sending gratuitous ARP for each Public IP...") - for ip in public_ips: - address = ip.get_ip() - device = ip.get_device() - CsHelper.execute(arping % (address, device)) - + ''' + + up = [] # devices we've already brought up + routes = [] # routes to be added + + is_link_up = "ip link show %s | grep 'state UP'" + set_link_up = "ip link set %s up" + add_route = "ip route add %s" + arping = "arping -c 1 -U %s -I %s" + + guestIps = [ip for ip in self.address.get_interfaces() if ip.is_guest()] + guestDevs = [] + for guestIp in guestIps: + guestDevs.append(guestIp.get_device()) + csroute = CsRoute() + + if self.config.is_vpc(): + default_gateway = VPC_PUBLIC_INTERFACE + else: + default_gateway = NETWORK_PUBLIC_INTERFACE + + public_ips = [ip for ip in self.address.get_interfaces() if ip.is_public()] + + for ip in public_ips: + address = ip.get_ip() + device = ip.get_device() + gateway = ip.get_gateway() + + logging.debug("Configuring device %s for IP %s" % (device, address)) + + if device in up: + logging.debug("Device %s already configured. Skipping..." % device) + continue + + if not CsDevice(device, self.config).waitfordevice(): + logging.error("Device %s was not ready could not bring it up." % device) + continue + + if CsHelper.execute(is_link_up % device): + logging.warn("Device %s was found already up. Assuming routes need configuring.") + up.append(device) + else: + logging.info("Bringing public interface %s up" % device) + CsHelper.execute(set_link_up % device) + + logging.debug("Collecting routes for interface %s" % device) + routes.append("default via %s dev %s table Table_%s" % (gateway, device, device)) + + if device in default_gateway: + logging.debug("Determined that the gateway for %s should be in the main routing table." % device) + routes.insert(0, "default via %s dev %s" % (gateway, device)) + + up.append(device) + + logging.info("Adding all collected routes.") + for route in routes: + CsHelper.execute(add_route % route) + + logging.info("Sending gratuitous ARP for each Public IP...") + for ip in public_ips: + address = ip.get_ip() + device = ip.get_device() + # copy ip router for guest devs to all public devs + csroute.copy_routes_from_main([device], guestDevs) + CsHelper.execute(arping % (address, device)) + + + + + + def _restart_password_server(self): + ''' + CLOUDSTACK-9385 + Redundant virtual routers should have the password server running. + ''' + if self.config.is_vpc(): + vrrp_addresses = [address for address in self.address.get_interfaces() if address.needs_vrrp()] + + for address in vrrp_addresses: + CsPasswdSvc(address.get_gateway()).restart() + CsPasswdSvc(address.get_ip()).restart() + else: + guest_addresses = [address for address in self.address.get_interfaces() if address.is_guest()] + + for address in guest_addresses: + CsPasswdSvc(address.get_ip()).restart() + def _collect_ignore_ips(self): """ From 587696da3fd6d5388f97354ca9d2951bde9fa8dc Mon Sep 17 00:00:00 2001 From: root Date: Wed, 28 Sep 2016 11:45:47 +0530 Subject: [PATCH 22/22] all patches applied as production ACS --- .../cloudstack/api/ApiServerService.java | 4 ++++ server/src/com/cloud/api/ApiServlet.java | 18 +++++++++--------- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/api/src/org/apache/cloudstack/api/ApiServerService.java b/api/src/org/apache/cloudstack/api/ApiServerService.java index 61474080d7..95ed5c6115 100644 --- a/api/src/org/apache/cloudstack/api/ApiServerService.java +++ b/api/src/org/apache/cloudstack/api/ApiServerService.java @@ -40,4 +40,8 @@ public ResponseObject loginUser(HttpSession session, String username, String pas public String handleRequest(Map params, String responseType, StringBuilder auditTrailSb) throws ServerApiException; public Class getCmdClass(String cmdName); + + public String getJSONContentType(); + + public boolean isSecureSessionCookieEnabled(); } diff --git a/server/src/com/cloud/api/ApiServlet.java b/server/src/com/cloud/api/ApiServlet.java index 51827daf1d..d89e916ca4 100644 --- a/server/src/com/cloud/api/ApiServlet.java +++ b/server/src/com/cloud/api/ApiServlet.java @@ -156,7 +156,7 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp try { if (HttpUtils.RESPONSE_TYPE_JSON.equalsIgnoreCase(responseType)) { - resp.setContentType(ApiServer.getJSONContentType()); + resp.setContentType(_apiServer.getJSONContentType()); } else if (HttpUtils.RESPONSE_TYPE_XML.equalsIgnoreCase(responseType)){ resp.setContentType(HttpUtils.XML_CONTENT_TYPE); } @@ -187,7 +187,7 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp } } session = req.getSession(true); - if (ApiServer.isSecureSessionCookieEnabled()) { + if (_apiServer.isSecureSessionCookieEnabled()) { resp.setHeader("SET-COOKIE", String.format("JSESSIONID=%s;Secure;HttpOnly;Path=/client", session.getId())); if (s_logger.isDebugEnabled()) { if (s_logger.isDebugEnabled()) { @@ -229,7 +229,7 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp sessionKeyCookie.setMaxAge(0); resp.addCookie(sessionKeyCookie); } - HttpUtils.writeHttpResponse(resp, responseString, httpResponseCode, responseType, ApiServer.getJSONContentType()); + HttpUtils.writeHttpResponse(resp, responseString, httpResponseCode, responseType, _apiServer.getJSONContentType()); return; } } @@ -254,7 +254,7 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp auditTrailSb.append(" " + HttpServletResponse.SC_UNAUTHORIZED + " " + "unable to verify user credentials"); final String serializedResponse = _apiServer.getSerializedApiError(HttpServletResponse.SC_UNAUTHORIZED, "unable to verify user credentials", params, responseType); - HttpUtils.writeHttpResponse(resp, serializedResponse, HttpServletResponse.SC_UNAUTHORIZED, responseType, ApiServer.getJSONContentType()); + HttpUtils.writeHttpResponse(resp, serializedResponse, HttpServletResponse.SC_UNAUTHORIZED, responseType, _apiServer.getJSONContentType()); return; } @@ -265,7 +265,7 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp s_logger.info("missing command, ignoring request..."); auditTrailSb.append(" " + HttpServletResponse.SC_BAD_REQUEST + " " + "no command specified"); final String serializedResponse = _apiServer.getSerializedApiError(HttpServletResponse.SC_BAD_REQUEST, "no command specified", params, responseType); - HttpUtils.writeHttpResponse(resp, serializedResponse, HttpServletResponse.SC_BAD_REQUEST, responseType, ApiServer.getJSONContentType()); + HttpUtils.writeHttpResponse(resp, serializedResponse, HttpServletResponse.SC_BAD_REQUEST, responseType, _apiServer.getJSONContentType()); return; } final User user = _entityMgr.findById(User.class, userId); @@ -281,7 +281,7 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp auditTrailSb.append(" " + HttpServletResponse.SC_UNAUTHORIZED + " " + "unable to verify user credentials"); final String serializedResponse = _apiServer.getSerializedApiError(HttpServletResponse.SC_UNAUTHORIZED, "unable to verify user credentials", params, responseType); - HttpUtils.writeHttpResponse(resp, serializedResponse, HttpServletResponse.SC_UNAUTHORIZED, responseType, ApiServer.getJSONContentType()); + HttpUtils.writeHttpResponse(resp, serializedResponse, HttpServletResponse.SC_UNAUTHORIZED, responseType, _apiServer.getJSONContentType()); return; } } else { @@ -295,7 +295,7 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp // Add the HTTP method (GET/POST/PUT/DELETE) as well into the params map. params.put("httpmethod", new String[] {req.getMethod()}); final String response = _apiServer.handleRequest(params, responseType, auditTrailSb); - HttpUtils.writeHttpResponse(resp, response != null ? response : "", HttpServletResponse.SC_OK, responseType, ApiServer.getJSONContentType()); + HttpUtils.writeHttpResponse(resp, response != null ? response : "", HttpServletResponse.SC_OK, responseType, _apiServer.getJSONContentType()); } else { if (session != null) { try { @@ -308,13 +308,13 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp final String serializedResponse = _apiServer.getSerializedApiError(HttpServletResponse.SC_UNAUTHORIZED, "unable to verify user credentials and/or request signature", params, responseType); - HttpUtils.writeHttpResponse(resp, serializedResponse, HttpServletResponse.SC_UNAUTHORIZED, responseType, ApiServer.getJSONContentType()); + HttpUtils.writeHttpResponse(resp, serializedResponse, HttpServletResponse.SC_UNAUTHORIZED, responseType, _apiServer.getJSONContentType()); } } catch (final ServerApiException se) { final String serializedResponseText = _apiServer.getSerializedApiError(se, params, responseType); resp.setHeader("X-Description", se.getDescription()); - HttpUtils.writeHttpResponse(resp, serializedResponseText, se.getErrorCode().getHttpCode(), responseType, ApiServer.getJSONContentType()); + HttpUtils.writeHttpResponse(resp, serializedResponseText, se.getErrorCode().getHttpCode(), responseType, _apiServer.getJSONContentType()); auditTrailSb.append(" " + se.getErrorCode() + " " + se.getDescription()); } catch (final Exception ex) { s_logger.error("unknown exception writing api response", ex);