You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2021/12/17 10:40:40 UTC
[GitHub] [cloudstack] shwstppr opened a new pull request #5786: network: ipv6 static routes
shwstppr opened a new pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786
### Description
TBA
https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+Support+in+Isolated+Network+and+VPC+with+Static+Routing
### Types of changes
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] Enhancement (improves an existing feature and functionality)
- [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
### Feature/Enhancement Scale or Bug Severity
#### Feature/Enhancement Scale
- [ ] Major
- [ ] Minor
#### Bug Severity
- [ ] BLOCKER
- [ ] Critical
- [ ] Major
- [ ] Minor
- [ ] Trivial
### Screenshots (if appropriate):
### How Has This Been Tested?
<!-- Please describe in detail how you tested your changes. -->
<!-- Include details of your testing environment, and the tests you ran to -->
<!-- see how your change affects other areas of the code, etc. -->
<!-- Please read the [CONTRIBUTING](https://github.com/apache/cloudstack/blob/main/CONTRIBUTING.md) document -->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1085825140
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r840404167
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateGuestNetworkIpv6PrefixCmd.java
##########
@@ -0,0 +1,115 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.api.command.admin.network;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiArgValidator;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.DataCenterGuestIpv6PrefixResponse;
+import org.apache.cloudstack.api.response.ZoneResponse;
+import org.apache.log4j.Logger;
+
+import com.cloud.dc.DataCenterGuestIpv6Prefix;
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+@APICommand(name = CreateGuestNetworkIpv6PrefixCmd.APINAME,
+ description = "Creates a guest network IPv6 prefix.",
+ responseObject = DataCenterGuestIpv6PrefixResponse.class,
+ since = "4.17.0.0",
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = false,
+ authorized = {RoleType.Admin})
+public class CreateGuestNetworkIpv6PrefixCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateGuestNetworkIpv6PrefixCmd.class);
+
+ public static final String APINAME = "createGuestNetworkIpv6Prefix";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+ @Parameter(name = ApiConstants.ZONE_ID,
+ type = CommandType.UUID,
+ entityType = ZoneResponse.class,
+ required = true,
+ description = "UUID of zone to which the IPv6 prefix belongs to.",
+ validations = {ApiArgValidator.PositiveNumber})
+ private Long zoneId;
+
+ @Parameter(name = ApiConstants.PREFIX,
+ type = CommandType.STRING,
+ required = true,
+ description = "The /56 or higher IPv6 CIDR for network prefix.")
+ private String prefix;
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getZoneId() {
+ return zoneId;
+ }
+
+ public String getPrefix() {
+ return prefix;
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_GUEST_IP6_PREFIX_CREATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "Creating guest IPv6 prefix " + getPrefix() + " for zone=" + getZoneId();
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException,
+ ResourceAllocationException {
+ DataCenterGuestIpv6Prefix result = _configService.createDataCenterGuestIpv6Prefix(this);
+ if (result != null) {
+ DataCenterGuestIpv6PrefixResponse response = _responseGenerator.createDataCenterGuestIpv6PrefixResponse(result);
+ response.setResponseName(getCommandName());
+ this.setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create zone guest IPv6 prefix.");
+ }
+ }
+
+ @Override
+ public String getCommandName() {
+ return APINAME.toLowerCase() + BaseAsyncCmd.RESPONSE_SUFFIX;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM;
+ }
+
+}
Review comment:
Thanks @jbampton, added change
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047469011
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047209044
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1084243870
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1084979604
@shwstppr a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1017393758
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1003311001
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 2052
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-998531001
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 1972
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r825881676
##########
File path: server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
##########
@@ -4067,21 +4166,21 @@ public Vlan createVlanAndPublicIpRange(final CreateVlanIpRangeCmd cmd) throws In
zoneId = network.getDataCenterId();
physicalNetworkId = network.getPhysicalNetworkId();
}
- } else if (ipv6) {
+ }/* else if (ipv6) {
throw new InvalidParameterValueException("Only support IPv6 on extending existed network");
- }
+ }*/
// Verify that zone exists
final DataCenterVO zone = _zoneDao.findById(zoneId);
if (zone == null) {
throw new InvalidParameterValueException("Unable to find zone by id " + zoneId);
}
- if (ipv6) {
- if (network.getGuestType() != GuestType.Shared || zone.isSecurityGroupEnabled()) {
- throw new InvalidParameterValueException("Only support IPv6 on extending existed share network without SG");
- }
- }
+// if (ipv6) {
Review comment:
@weizhouapache Offering creation was guarded behind global setting with suggestion from @DaanHoogland so the IPv6 offering doesn't get presented to normal user when the offering is created by mistake. Adding IPv6 range is again an admin only functionality and it will work only when admin will provide valid IPv6 range/prefix. Does it still need to be guarded with global setting?
Global setting can be renamed but `Ipv6NetworkEnabled` might be confusing with IPv6 shared networks functionality.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047520574
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 2680
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r829101094
##########
File path: ui/src/views/infra/network/IpRangesTabPublic.vue
##########
@@ -174,6 +186,19 @@
class="form"
>
+ <a-form-item name="iptype" ref="iptype" :label="$t('label.ip.range.type')" class="form__item">
+ <a-radio-group
+ v-model:value="form.iptype"
+ buttonStyle="solid"
+ @change="selected => { addFormIpType = selected.target.value }">
+ <a-radio-button value="">
+ {{ $t('label.ip.v4') }}
Review comment:
@weizhouapache should be fixed in the https://github.com/apache/cloudstack/pull/5786/commits/5b4b41af3bf2e4152b091e164e943fe72b16e471
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1070906730
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache removed a comment on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache removed a comment on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1070975758
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1077650525
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1077368562
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 2975
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1082972536
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 3020
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1082022960
@shwstppr a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1048098572
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr closed pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr closed pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1067057928
> @weizhouapache is it good idea to:
>
> * allow updating internet protocol for an exisiting VPC offering (probably simplest)
> * allow updating offering for an existing VPC
> * or a different approach altogether
@shwstppr
it will introduce a new feature: update vpc to another offering,might it be complicated ?
it looks easier to
(1) succeed to create a vpc tier, if there is an ipv6 address range available in same vlan as ipv4
(2) fail to create a vpc tier, if there is not an ipv6 address range available in same vlan as ipv4
as far as I remember, in the prototype, it worked if create a vpc tier with ipv6 in VPC without public ipv6 address ( an ipv6 address will be allocated and associated to eth0 in VPC VR when create the vpc tier).
public ipv6 address do not need to be pre-allocated in VPC.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1067200499
@shwstppr a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1032261551
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 2509
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r821575052
##########
File path: server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
##########
@@ -4067,21 +4166,21 @@ public Vlan createVlanAndPublicIpRange(final CreateVlanIpRangeCmd cmd) throws In
zoneId = network.getDataCenterId();
physicalNetworkId = network.getPhysicalNetworkId();
}
- } else if (ipv6) {
+ }/* else if (ipv6) {
throw new InvalidParameterValueException("Only support IPv6 on extending existed network");
- }
+ }*/
// Verify that zone exists
final DataCenterVO zone = _zoneDao.findById(zoneId);
if (zone == null) {
throw new InvalidParameterValueException("Unable to find zone by id " + zoneId);
}
- if (ipv6) {
- if (network.getGuestType() != GuestType.Shared || zone.isSecurityGroupEnabled()) {
- throw new InvalidParameterValueException("Only support IPv6 on extending existed share network without SG");
- }
- }
+// if (ipv6) {
Review comment:
@shwstppr
oh ,sorry my mistake, it should be global setting `Ipv6NetworkOfferingCreationEnabled`.
ps: would it better to rename the setting to `Ipv6NetworkEnabled` ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] nvazquez commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
nvazquez commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1059656667
Hi @shwstppr can you please fix the conflicts?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1065185595
@shwstppr a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r840908878
##########
File path: systemvm/debian/opt/cloud/bin/cs/CsRedundant.py
##########
@@ -471,6 +469,40 @@ def _remove_ipv6_to_interface(self, interface, ipv6):
logging.info("IPv6 address %s not present for %s" % (ipv6, dev))
return
+ def _enable_radvd(self, dev, ipv6, dns1, dns2):
Review comment:
@shwstppr
I think it is unnecessary to remove and regenerate `/etc/radvd.conf`.
for isolated networks, it is generated by /opt/cloud/bin/setup/common.sh
for vpc, it is generated by /opt/cloud/bin/cs/CsVpcGuestNetwork.py
we need to manage (start/stop) service `radvd` in CsRedundant.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r807841272
##########
File path: test/integration/smoke/test_network_ipv6.py
##########
@@ -0,0 +1,357 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+""" BVT tests for Network offerings"""
+
+#Import Local Modules
+from marvin.codes import FAILED
+from marvin.cloudstackTestCase import cloudstackTestCase
+from marvin.cloudstackAPI import (listNetworkOfferings,
+ listGuestNetworkIpv6Prefixes)
+from marvin.lib.utils import (isAlmostEqual,
+ cleanup_resources,
+ random_gen)
+from marvin.lib.base import (Domain,
+ NetworkOffering,
+ Account,
+ PublicIpRange,
+ Network,
+ Router,
+ ServiceOffering,
+ VirtualMachine,
+ NIC)
+from marvin.lib.common import (get_domain,
+ get_zone,
+ list_hosts,
+ get_test_template)
+from nose.plugins.attrib import attr
+
+import time
+from marvin.sshClient import SshClient
+from marvin.cloudstackException import CloudstackAPIException
+from marvin.lib.decoratorGenerators import skipTestIf
+
+
+_multiprocess_shared_ = True
+
+class TestCreateIpv6NetworkOffering(cloudstackTestCase):
+
+ def setUp(self):
+ self.services = self.testClient.getParsedTestDataConfig()
+ self.apiclient = self.testClient.getApiClient()
+ self.dbclient = self.testClient.getDbConnection()
+ self.cleanup = []
+ return
+
+ def tearDown(self):
+ try:
+ #Clean up, terminate the created templates
+ cleanup_resources(self.apiclient, self.cleanup)
+
+ except Exception as e:
+ raise Exception("Warning: Exception during cleanup : %s" % e)
+ return
+
+ @classmethod
+ def setUpClass(cls):
+ testClient = super(TestCreateIpv6NetworkOffering, cls).getClsTestClient()
+ cls.apiclient = testClient.getApiClient()
+ cls.services = testClient.getParsedTestDataConfig()
+ cls._cleanup = []
+ return
+
+ @classmethod
+ def tearDownClass(cls):
+ try:
+ cls.apiclient = super(
+ TestCreateIpv6NetworkOffering,
+ cls).getClsTestClient().getApiClient()
+ # Clean up, terminate the created templates
+ cleanup_resources(cls.apiclient, cls._cleanup)
+
+ except Exception as e:
+ raise Exception("Warning: Exception during class cleanup : %s" % e)
+
+ @attr(
+ tags=[
+ "advanced",
+ "basic",
+ "eip",
+ "sg",
+ "advancedns",
+ "smoke"],
+ required_hardware="false")
+ def test_01_create_ipv6_network_offering(self):
+ """Test to create network offering
+
+ # Validate the following:
+ # 1. createNetworkOfferings should return valid info for new offering
+ # 2. The Cloud Database contains the valid information
+ """
+ ipv6_service = self.services["network_offering"]
+ ipv6_service["internetprotocol"] = "dualstack"
+ network_offering = NetworkOffering.create(
+ self.apiclient,
+ ipv6_service
+ )
+ self.cleanup.append(network_offering)
+
+ self.debug("Created Network offering with ID: %s" % network_offering.id)
+
+ cmd = listNetworkOfferings.listNetworkOfferingsCmd()
+ cmd.id = network_offering.id
+ list_network_off_response = self.apiclient.listNetworkOfferings(cmd)
+ self.assertEqual(
+ isinstance(list_network_off_response, list),
+ True,
+ "Check list response returns a valid list"
+ )
+ self.assertNotEqual(
+ len(list_network_off_response),
+ 0,
+ "Check Network offering is created"
+ )
+ network_off_response = list_network_off_response[0]
+
+ self.assertEqual(
+ network_off_response.id,
+ network_offering.id,
+ "Check server id in createNetworkOffering"
+ )
+ self.assertEqual(
+ network_off_response.details.internetProtocol.lower(),
+ ipv6_service["internetprotocol"].lower(),
+ "Check internetprotocol in createNetworkOffering"
+ )
+ return
+
+class TestIpv6Network(cloudstackTestCase):
+
+ @classmethod
+ def setUpClass(cls):
+ testClient = super(TestIpv6Network, cls).getClsTestClient()
+ cls.services = testClient.getParsedTestDataConfig()
+ cls.apiclient = testClient.getApiClient()
+ cls.dbclient = testClient.getDbConnection()
+ cls._cleanup = []
+
+ cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests())
+ cls.services['mode'] = cls.zone.networktype
+ cls.ipv6NotSupported = False
+
+
+ cmd = listGuestNetworkIpv6Prefixes.listGuestNetworkIpv6PrefixesCmd()
Review comment:
@shwstppr
can you add test ipv6 ranges to test_data.py and create ipv6 range in this test ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1041359317
@shwstppr a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1032467484
Packaging result: :heavy_multiplication_x: el7 :heavy_multiplication_x: el8 :heavy_multiplication_x: debian :heavy_check_mark: suse15. SL-JID 2517
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] nvazquez commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
nvazquez commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1030739087
Thanks @shwstppr is this PR ready for review? Can you please fix the conflicts?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047469193
@shwstppr a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047498315
@shwstppr a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan removed a comment on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan removed a comment on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047469193
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1065939771
<b>Trillian test result (tid-3587)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 30876 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5786-t3587-kvm-centos7.zip
Smoke tests completed. 92 look OK, 1 have errors
Only failed tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
test_01_create_ipv6_guest_prefix | `Error` | 0.01 | test_network_ipv6.py
ContextSuite context=TestIpv6Network>:setup | `Error` | 0.03 | test_network_ipv6.py
test_01_create_ipv6_public_ip_range | `Error` | 0.00 | test_network_ipv6.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1067610267
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1070626742
@shwstppr
found few issues
(1) critical "IPv6 firewall" on UI does not work (maybe caused by vue3 upgrade)
(2) non-critical: The routes are displayed twice if there are redundant VRs.
Add upstream IPv6 routes
2022:2:2:1::/64 via fd00:10:11:51:1c00:eeff:fe00:6
2022:2:2:1::/64 via fd00:10:11:51:1c00:eeff:fe00:6
(3) non-critical: VPC details do not display the information of IPv6 routes (the details of vpc tiers do)
(4) probably critical: eth0 (guest nic) in network VR has ipv6 `inet6 2022:2:2::/64` which I think should be `inet6 2022:2:2::1/64` (::1)
(5) critical: eth0 (guest nic) in redudant VRs only has the VIP `inet6 2022:2:2::/64`. it should a private ipv6. the VIP are only assigned in the Primary VR, not in Backup VR.
(6) probably critical: `radvd` should only run in the Primary VR, not in Backup VR. (similar as dnsmasq)
to be added ...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1071191290
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r829101301
##########
File path: ui/src/views/infra/network/IpRangesTabPublic.vue
##########
@@ -186,22 +211,32 @@
<a-select-option v-for="pod in pods" :key="pod.id" :value="pod.id">{{ pod.name }}</a-select-option>
</a-select>
</a-form-item>
- <a-form-item name="gateway" ref="gateway" :label="$t('label.gateway')" class="form__item">
- <a-input v-model:value="form.gateway" />
- </a-form-item>
- <a-form-item name="netmask" ref="netmask" :label="$t('label.netmask')" class="form__item">
- <a-input v-model:value="form.netmask" />
- </a-form-item>
<a-form-item name="vlan" ref="vlan" :label="$t('label.vlan')" class="form__item" v-if="!basicGuestNetwork">
<a-input v-model:value="form.vlan" />
</a-form-item>
- <a-form-item name="startip" ref="startip" :label="$t('label.startip')" class="form__item">
- <a-input v-model:value="form.startip" />
- </a-form-item>
- <a-form-item name="endip" ref="endip" :label="$t('label.endip')" class="form__item">
- <a-input v-model:value="form.endip" />
- </a-form-item>
- <div class="form__item" v-if="!basicGuestNetwork">
+ <div v-if="addFormIpType==='ip6'">
+ <a-form-item name="ip6gateway" ref="ip6gateway" :label="$t('label.gateway')" class="form__item">
Review comment:
will do
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1077338849
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1017394363
@shwstppr a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1009644443
@sureshanaparti a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1003515265
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-997770781
@shwstppr a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-997667314
Packaging result: :heavy_multiplication_x: el7 :heavy_multiplication_x: el8 :heavy_multiplication_x: debian :heavy_multiplication_x: suse15. SL-JID 1954
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1065051634
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1066719213
@shwstppr a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1065218969
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 2850
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1066880897
@weizhouapache and I forgot to answer your question - currently it won't be possible to deploy IPv6 network tiers in an existing VPC
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1067554677
@shwstppr a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1067264162
Packaging result: :heavy_multiplication_x: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_multiplication_x: suse15. SL-JID 2873
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1079310962
<b>Trillian test result (tid-3715)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 32734 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5786-t3715-kvm-centos7.zip
Smoke tests completed. 93 look OK, 0 have errors
Only failed tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1082911646
@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with
SystemVM template(s). I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1084136475
@shwstppr a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1084978636
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1085670630
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 3049
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1041359126
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r811913338
##########
File path: server/src/main/java/com/cloud/network/Ipv6ServiceImpl.java
##########
@@ -0,0 +1,523 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package com.cloud.network;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
+
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.api.command.user.ipv6.CreateIpv6FirewallRuleCmd;
+import org.apache.cloudstack.api.command.user.ipv6.DeleteIpv6FirewallRuleCmd;
+import org.apache.cloudstack.api.command.user.ipv6.ListIpv6FirewallRulesCmd;
+import org.apache.cloudstack.api.command.user.ipv6.UpdateIpv6FirewallRuleCmd;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.config.ConfigKey;
+import org.apache.cloudstack.managed.context.ManagedContextRunnable;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
+
+import com.cloud.configuration.Resource;
+import com.cloud.dc.DataCenter;
+import com.cloud.dc.DataCenterGuestIpv6Prefix;
+import com.cloud.dc.DataCenterGuestIpv6PrefixVO;
+import com.cloud.dc.Vlan;
+import com.cloud.dc.VlanVO;
+import com.cloud.dc.dao.DataCenterGuestIpv6PrefixDao;
+import com.cloud.dc.dao.VlanDao;
+import com.cloud.event.ActionEvent;
+import com.cloud.event.ActionEventUtils;
+import com.cloud.event.EventTypes;
+import com.cloud.event.EventVO;
+import com.cloud.event.UsageEventUtils;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.network.dao.FirewallRulesDao;
+import com.cloud.network.dao.Ipv6GuestPrefixSubnetNetworkMapDao;
+import com.cloud.network.dao.NetworkDetailsDao;
+import com.cloud.network.firewall.FirewallService;
+import com.cloud.network.guru.PublicNetworkGuru;
+import com.cloud.network.rules.FirewallManager;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.FirewallRuleVO;
+import com.cloud.offerings.dao.NetworkOfferingDao;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
+import com.cloud.utils.Pair;
+import com.cloud.utils.component.ComponentLifecycleBase;
+import com.cloud.utils.concurrency.NamedThreadFactory;
+import com.cloud.utils.db.GlobalLock;
+import com.cloud.utils.db.Transaction;
+import com.cloud.utils.db.TransactionCallbackWithException;
+import com.cloud.utils.db.TransactionStatus;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.net.NetUtils;
+import com.cloud.vm.DomainRouterVO;
+import com.cloud.vm.NicProfile;
+import com.cloud.vm.NicVO;
+import com.cloud.vm.dao.DomainRouterDao;
+import com.cloud.vm.dao.NicDao;
+import com.googlecode.ipv6.IPv6Address;
+import com.googlecode.ipv6.IPv6Network;
+import com.googlecode.ipv6.IPv6NetworkMask;
+
+public class Ipv6ServiceImpl extends ComponentLifecycleBase implements Ipv6Service {
+
+ public static final Logger s_logger = Logger.getLogger(Ipv6ServiceImpl.class.getName());
+
+ ScheduledExecutorService _ipv6GuestPrefixSubnetNetworkMapStateScanner;
+
+ @Inject
+ NetworkOfferingDao networkOfferingDao;
+ @Inject
+ VlanDao vlanDao;
+ @Inject
+ DataCenterGuestIpv6PrefixDao dataCenterGuestIpv6PrefixDao;
+ @Inject
+ Ipv6GuestPrefixSubnetNetworkMapDao ipv6GuestPrefixSubnetNetworkMapDao;
+ @Inject
+ FirewallRulesDao firewallDao;
+ @Inject
+ FirewallService firewallService;
+ @Inject
+ NetworkDetailsDao networkDetailsDao;
+ @Inject
+ NicDao nicDao;
+ @Inject
+ DomainRouterDao domainRouterDao;
+ @Inject
+ AccountManager accountManager;
+ @Inject
+ NetworkModel networkModel;
+ @Inject
+ FirewallManager firewallManager;
+
+ protected void releaseIpv6Subnet(long subnetId) {
+ Ipv6GuestPrefixSubnetNetworkMapVO ipv6GuestPrefixSubnetNetworkMapVO = ipv6GuestPrefixSubnetNetworkMapDao.createForUpdate(subnetId);
+ ipv6GuestPrefixSubnetNetworkMapVO.setState(Ipv6GuestPrefixSubnetNetworkMap.State.Free);
+ ipv6GuestPrefixSubnetNetworkMapVO.setNetworkId(null);
+ ipv6GuestPrefixSubnetNetworkMapVO.setUpdated(new Date());
+ ipv6GuestPrefixSubnetNetworkMapDao.update(ipv6GuestPrefixSubnetNetworkMapVO.getId(), ipv6GuestPrefixSubnetNetworkMapVO);
+ }
+
+ @Override
+ public boolean start() {
+ _ipv6GuestPrefixSubnetNetworkMapStateScanner.scheduleWithFixedDelay(new Ipv6GuestPrefixSubnetNetworkMapStateScanner(), 300, 30*60, TimeUnit.SECONDS);
+ return true;
+ }
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ _name = name;
+ _configParams = params;
+ _ipv6GuestPrefixSubnetNetworkMapStateScanner = Executors.newScheduledThreadPool(1, new NamedThreadFactory("Ipv6GuestPrefixSubnet-State-Scanner"));
+
+ return true;
+ }
+
+ @Override
+ public List<Class<?>> getCommands() {
+ final List<Class<?>> cmdList = new ArrayList<Class<?>>();
+ cmdList.add(CreateIpv6FirewallRuleCmd.class);
+ cmdList.add(ListIpv6FirewallRulesCmd.class);
+ cmdList.add(UpdateIpv6FirewallRuleCmd.class);
+ cmdList.add(DeleteIpv6FirewallRuleCmd.class);
+ return cmdList;
+ }
+
+ @Override
+ public String getConfigComponentName() {
+ return Ipv6Service.class.getSimpleName();
+ }
+
+ @Override
+ public ConfigKey<?>[] getConfigKeys() {
+ return new ConfigKey<?>[] {
+ Ipv6NetworkOfferingCreationEnabled
+ };
+ }
+
+ @Override
+ public Pair<Integer, Integer> getUsedTotalIpv6SubnetForPrefix(DataCenterGuestIpv6Prefix prefix) {
+ List<Ipv6GuestPrefixSubnetNetworkMapVO> usedSubnets = ipv6GuestPrefixSubnetNetworkMapDao.listUsedByPrefix(prefix.getId());
+ final IPv6Network ip6Prefix = IPv6Network.fromString(prefix.getPrefix());
+ Iterator<IPv6Network> splits = ip6Prefix.split(IPv6NetworkMask.fromPrefixLength(IPV6_SLAAC_CIDR_NETMASK));
+ int total = 0;
Review comment:
@shwstppr
I have tested with `2022:2:2:2::/60`, it should have 16 subnets but this returns 15.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047180764
@shwstppr a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047180379
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1048099179
@shwstppr a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r808668930
##########
File path: test/integration/smoke/test_network_ipv6.py
##########
@@ -0,0 +1,357 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+""" BVT tests for Network offerings"""
+
+#Import Local Modules
+from marvin.codes import FAILED
+from marvin.cloudstackTestCase import cloudstackTestCase
+from marvin.cloudstackAPI import (listNetworkOfferings,
+ listGuestNetworkIpv6Prefixes)
+from marvin.lib.utils import (isAlmostEqual,
+ cleanup_resources,
+ random_gen)
+from marvin.lib.base import (Domain,
+ NetworkOffering,
+ Account,
+ PublicIpRange,
+ Network,
+ Router,
+ ServiceOffering,
+ VirtualMachine,
+ NIC)
+from marvin.lib.common import (get_domain,
+ get_zone,
+ list_hosts,
+ get_test_template)
+from nose.plugins.attrib import attr
+
+import time
+from marvin.sshClient import SshClient
+from marvin.cloudstackException import CloudstackAPIException
+from marvin.lib.decoratorGenerators import skipTestIf
+
+
+_multiprocess_shared_ = True
+
+class TestCreateIpv6NetworkOffering(cloudstackTestCase):
+
+ def setUp(self):
+ self.services = self.testClient.getParsedTestDataConfig()
+ self.apiclient = self.testClient.getApiClient()
+ self.dbclient = self.testClient.getDbConnection()
+ self.cleanup = []
+ return
+
+ def tearDown(self):
+ try:
+ #Clean up, terminate the created templates
+ cleanup_resources(self.apiclient, self.cleanup)
+
+ except Exception as e:
+ raise Exception("Warning: Exception during cleanup : %s" % e)
+ return
+
+ @classmethod
+ def setUpClass(cls):
+ testClient = super(TestCreateIpv6NetworkOffering, cls).getClsTestClient()
+ cls.apiclient = testClient.getApiClient()
+ cls.services = testClient.getParsedTestDataConfig()
+ cls._cleanup = []
+ return
+
+ @classmethod
+ def tearDownClass(cls):
+ try:
+ cls.apiclient = super(
+ TestCreateIpv6NetworkOffering,
+ cls).getClsTestClient().getApiClient()
+ # Clean up, terminate the created templates
+ cleanup_resources(cls.apiclient, cls._cleanup)
+
+ except Exception as e:
+ raise Exception("Warning: Exception during class cleanup : %s" % e)
+
+ @attr(
+ tags=[
+ "advanced",
+ "basic",
+ "eip",
+ "sg",
+ "advancedns",
+ "smoke"],
+ required_hardware="false")
+ def test_01_create_ipv6_network_offering(self):
+ """Test to create network offering
+
+ # Validate the following:
+ # 1. createNetworkOfferings should return valid info for new offering
+ # 2. The Cloud Database contains the valid information
+ """
+ ipv6_service = self.services["network_offering"]
+ ipv6_service["internetprotocol"] = "dualstack"
+ network_offering = NetworkOffering.create(
+ self.apiclient,
+ ipv6_service
+ )
+ self.cleanup.append(network_offering)
+
+ self.debug("Created Network offering with ID: %s" % network_offering.id)
+
+ cmd = listNetworkOfferings.listNetworkOfferingsCmd()
+ cmd.id = network_offering.id
+ list_network_off_response = self.apiclient.listNetworkOfferings(cmd)
+ self.assertEqual(
+ isinstance(list_network_off_response, list),
+ True,
+ "Check list response returns a valid list"
+ )
+ self.assertNotEqual(
+ len(list_network_off_response),
+ 0,
+ "Check Network offering is created"
+ )
+ network_off_response = list_network_off_response[0]
+
+ self.assertEqual(
+ network_off_response.id,
+ network_offering.id,
+ "Check server id in createNetworkOffering"
+ )
+ self.assertEqual(
+ network_off_response.details.internetProtocol.lower(),
+ ipv6_service["internetprotocol"].lower(),
+ "Check internetprotocol in createNetworkOffering"
+ )
+ return
+
+class TestIpv6Network(cloudstackTestCase):
+
+ @classmethod
+ def setUpClass(cls):
+ testClient = super(TestIpv6Network, cls).getClsTestClient()
+ cls.services = testClient.getParsedTestDataConfig()
+ cls.apiclient = testClient.getApiClient()
+ cls.dbclient = testClient.getDbConnection()
+ cls._cleanup = []
+
+ cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests())
+ cls.services['mode'] = cls.zone.networktype
+ cls.ipv6NotSupported = False
+
+
+ cmd = listGuestNetworkIpv6Prefixes.listGuestNetworkIpv6PrefixesCmd()
Review comment:
@weizhouapache sure, will add that
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1032424982
@shwstppr a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1032423923
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047521339
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1048033350
@shwstppr a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047205058
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 2675
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1017428055
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 2264
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1071191290
@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with
SystemVM template(s). I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r828851762
##########
File path: ui/src/views/infra/network/IpRangesTabPublic.vue
##########
@@ -174,6 +186,19 @@
class="form"
>
+ <a-form-item name="iptype" ref="iptype" :label="$t('label.ip.range.type')" class="form__item">
+ <a-radio-group
+ v-model:value="form.iptype"
+ buttonStyle="solid"
+ @change="selected => { addFormIpType = selected.target.value }">
+ <a-radio-button value="">
+ {{ $t('label.ip.v4') }}
Review comment:
@shwstppr
can IPv4 be set to default ?
##########
File path: ui/src/views/infra/network/IpRangesTabPublic.vue
##########
@@ -186,22 +211,32 @@
<a-select-option v-for="pod in pods" :key="pod.id" :value="pod.id">{{ pod.name }}</a-select-option>
</a-select>
</a-form-item>
- <a-form-item name="gateway" ref="gateway" :label="$t('label.gateway')" class="form__item">
- <a-input v-model:value="form.gateway" />
- </a-form-item>
- <a-form-item name="netmask" ref="netmask" :label="$t('label.netmask')" class="form__item">
- <a-input v-model:value="form.netmask" />
- </a-form-item>
<a-form-item name="vlan" ref="vlan" :label="$t('label.vlan')" class="form__item" v-if="!basicGuestNetwork">
<a-input v-model:value="form.vlan" />
</a-form-item>
- <a-form-item name="startip" ref="startip" :label="$t('label.startip')" class="form__item">
- <a-input v-model:value="form.startip" />
- </a-form-item>
- <a-form-item name="endip" ref="endip" :label="$t('label.endip')" class="form__item">
- <a-input v-model:value="form.endip" />
- </a-form-item>
- <div class="form__item" v-if="!basicGuestNetwork">
+ <div v-if="addFormIpType==='ip6'">
+ <a-form-item name="ip6gateway" ref="ip6gateway" :label="$t('label.gateway')" class="form__item">
Review comment:
@shwstppr
it looks better to use `label.ip6gateway` instead of `label.ipgateway`
and `label.ip6cidr` as well.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1067577265
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 2878
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1066874979
@weizhouapache is it good idea to:
- allow updating internet protocol for an exisiting VPC offering (probably simplest)
- allow updating offering for an existing VPC
- or a different approach altogether
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r821412144
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateNetworkOfferingCmd.java
##########
@@ -92,6 +92,12 @@
@Parameter(name = ApiConstants.GUEST_IP_TYPE, type = CommandType.STRING, required = true, description = "guest type of the network offering: Shared or Isolated")
private String guestIptype;
+ @Parameter(name = ApiConstants.INTERNET_PROTOCOL,
+ type = CommandType.STRING,
+ description = "The internet protocol of network offering. Options are ip4 and dualstack. Default is ipv4. dualstack will create a network offering that supports both IPv4 and IPv6",
Review comment:
done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r821463490
##########
File path: ui/src/views/infra/network/IpRangesTabPublic.vue
##########
@@ -34,6 +34,18 @@
:rowKey="record => record.id"
:pagination="false"
>
+ <template slot="gateway" slot-scope="record">
+ {{ record.gateway || record.ip6gateway }}
+ </template>
+ <template slot="cidr" slot-scope="record">
+ {{ record.netmask || record.ip6cidr }}
Review comment:
done
##########
File path: server/src/main/java/com/cloud/server/ManagementServerImpl.java
##########
@@ -3529,6 +3532,9 @@ public long getMemoryOrCpuCapacityByHost(final Long hostId, final short capacity
cmdList.add(AcquirePodIpCmdByAdmin.class);
cmdList.add(ReleasePodIpCmdByAdmin.class);
cmdList.add(CreateManagementNetworkIpRangeCmd.class);
+ cmdList.add(CreateGuestNetworkIpv6PrefixCmd.class);
Review comment:
done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r821467509
##########
File path: server/src/main/java/com/cloud/api/ApiResponseHelper.java
##########
@@ -792,6 +809,20 @@ public VlanIpRangeResponse createVlanIpRangeResponse(Class<? extends VlanIpRange
String[] range = ip6Range.split("-");
vlanResponse.setStartIpv6(range[0]);
vlanResponse.setEndIpv6(range[1]);
+
+ IPv6Address first = IPv6Address.fromString(range[0]);
Review comment:
this was junk code I forgot to remove it was just logging all IPAddresses for the range that is added
##########
File path: server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
##########
@@ -4024,6 +4116,13 @@ public Vlan createVlanAndPublicIpRange(final CreateVlanIpRangeCmd cmd) throws In
if (endIPv6 == null && startIPv6 != null) {
endIPv6 = startIPv6;
}
+
+ if (startIPv6 == null && endIPv6 == null) {
Review comment:
removed
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r821467690
##########
File path: server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
##########
@@ -4067,21 +4166,21 @@ public Vlan createVlanAndPublicIpRange(final CreateVlanIpRangeCmd cmd) throws In
zoneId = network.getDataCenterId();
physicalNetworkId = network.getPhysicalNetworkId();
}
- } else if (ipv6) {
+ }/* else if (ipv6) {
Review comment:
refactored
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan removed a comment on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan removed a comment on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-997667314
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1003515307
@shwstppr a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1082653154
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1085592878
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r821438759
##########
File path: server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
##########
@@ -1884,6 +1899,83 @@ private void checkIpRangeContainsTakenAddresses(final HostPodVO pod,final String
}
}
+ @Override
+ @DB
+ public DataCenterGuestIpv6Prefix createDataCenterGuestIpv6Prefix(final CreateGuestNetworkIpv6PrefixCmd cmd) throws ConcurrentOperationException {
+ final long zoneId = cmd.getZoneId();
+ final DataCenterVO zone = _zoneDao.findById(zoneId);
+ if (zone == null) {
+ throw new InvalidParameterValueException("Unable to find zone by id: " + zoneId);
+ }
+ final String prefix = cmd.getPrefix();
+ IPv6Network prefixNet = IPv6Network.fromString(prefix);
+ if (prefixNet.getNetmask().asPrefixLength() > Ipv6Service.IPV6_SLAAC_CIDR_NETMASK) {
+ throw new InvalidParameterValueException(String.format("IPv6 prefix must be /%d or less", Ipv6Service.IPV6_SLAAC_CIDR_NETMASK));
+ }
+ List<DataCenterGuestIpv6PrefixVO> existingPrefixes = dataCenterGuestIpv6PrefixDao.listByDataCenterId(zoneId);
+ for (DataCenterGuestIpv6PrefixVO existingPrefix : existingPrefixes) {
+ IPv6Network existingPrefixNet = IPv6Network.fromString(existingPrefix.getPrefix());
+ if (NetUtils.ipv6NetworksOverlap(existingPrefixNet, prefixNet)) {
+ throw new InvalidParameterValueException(String.format("IPv6 prefix %s overlaps with the existing IPv6 prefix %s", prefixNet, existingPrefixNet));
+ }
+ }
+ DataCenterGuestIpv6Prefix dataCenterGuestIpv6Prefix = null;
+ try {
+ dataCenterGuestIpv6Prefix = Transaction.execute(new TransactionCallback<DataCenterGuestIpv6Prefix>() {
+ @Override
+ public DataCenterGuestIpv6Prefix doInTransaction(TransactionStatus status) {
+ DataCenterGuestIpv6PrefixVO dataCenterGuestIpv6PrefixVO = new DataCenterGuestIpv6PrefixVO(zoneId, prefix);
+ dataCenterGuestIpv6PrefixDao.persist(dataCenterGuestIpv6PrefixVO);
+ return dataCenterGuestIpv6PrefixVO;
+ }
+ });
+ } catch (final Exception e) {
+ s_logger.error(String.format("Unable to add IPv6 prefix for zone: %s due to %s", zone, e.getMessage()), e);
+ throw new CloudRuntimeException(String.format("Unable to add IPv6 prefix for zone ID: %s. Please contact Cloud Support.", zone.getUuid()));
+ }
+ return dataCenterGuestIpv6Prefix;
+ }
+
+ @Override
+ public List<? extends DataCenterGuestIpv6Prefix> listDataCenterGuestIpv6Prefixes(final ListGuestNetworkIpv6PrefixesCmd cmd) throws ConcurrentOperationException {
+ final Long id = cmd.getId();
+ final Long zoneId = cmd.getZoneId();
+ if (id != null) {
+ DataCenterGuestIpv6PrefixVO prefix = dataCenterGuestIpv6PrefixDao.findById(id);
+ List<DataCenterGuestIpv6PrefixVO> prefixes = new ArrayList<>();
+ if (prefix != null) {
+ prefixes.add(prefix);
+ }
+ return prefixes;
+ }
+ if (zoneId != null) {
+ final DataCenterVO zone = _zoneDao.findById(zoneId);
+ if (zone == null) {
+ throw new InvalidParameterValueException("Unable to find zone by id: " + zoneId);
+ }
+ return dataCenterGuestIpv6PrefixDao.listByDataCenterId(zoneId);
+ }
+ return dataCenterGuestIpv6PrefixDao.listAll();
+ }
+
+ @Override
+ public boolean deleteDataCenterGuestIpv6Prefix(DeleteGuestNetworkIpv6PrefixCmd cmd) {
+ final long prefixId = cmd.getId();
+ final DataCenterGuestIpv6PrefixVO prefix = dataCenterGuestIpv6PrefixDao.findById(prefixId);
+ if (prefix == null) {
+ throw new InvalidParameterValueException("Unable to find guest network IPv6 prefix by id: " + prefixId);
+ }
+ List<Ipv6GuestPrefixSubnetNetworkMapVO> prefixSubnets = ipv6GuestPrefixSubnetNetworkMapDao.listUsedByPrefix(prefixId);
+ if (CollectionUtils.isNotEmpty(prefixSubnets)) {
+ List<String> usedSubnets = prefixSubnets.stream().map(Ipv6GuestPrefixSubnetNetworkMapVO::getSubnet).collect(Collectors.toList());
+ s_logger.error(String.format("Subnets for guest IPv6 prefix {ID: %s, %s} are in use: %s", prefix.getUuid(), prefix.getPrefix(), String.join(", ", usedSubnets)));
+ throw new CloudRuntimeException(String.format("Unable to delete guest network IPv6 prefix ID: %s. Prefix subnets are in use.", prefix.getUuid()));
+ }
+ ipv6GuestPrefixSubnetNetworkMapDao.deleteByPrefixId(prefixId);
Review comment:
@weizhouapache `prefixSubnets` holds the list of subnets in Allocated or Allocating state. Table may still contain entries with state=Free
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r821469989
##########
File path: server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
##########
@@ -4067,21 +4166,21 @@ public Vlan createVlanAndPublicIpRange(final CreateVlanIpRangeCmd cmd) throws In
zoneId = network.getDataCenterId();
physicalNetworkId = network.getPhysicalNetworkId();
}
- } else if (ipv6) {
+ }/* else if (ipv6) {
throw new InvalidParameterValueException("Only support IPv6 on extending existed network");
- }
+ }*/
// Verify that zone exists
final DataCenterVO zone = _zoneDao.findById(zoneId);
if (zone == null) {
throw new InvalidParameterValueException("Unable to find zone by id " + zoneId);
}
- if (ipv6) {
- if (network.getGuestType() != GuestType.Shared || zone.isSecurityGroupEnabled()) {
- throw new InvalidParameterValueException("Only support IPv6 on extending existed share network without SG");
- }
- }
+// if (ipv6) {
Review comment:
@weizhouapache `Ipv6SubnetCapacityThreshold` holds the threshold value for IPv6 subnets and this code adds public vlan (IPv6) range. Can you please elaborate the check that should be added?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1026672104
@shwstppr a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1084300366
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 3034
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r840910632
##########
File path: systemvm/debian/opt/cloud/bin/cs/CsRedundant.py
##########
@@ -471,6 +469,40 @@ def _remove_ipv6_to_interface(self, interface, ipv6):
logging.info("IPv6 address %s not present for %s" % (ipv6, dev))
return
+ def _enable_radvd(self, dev, ipv6, dns1, dns2):
Review comment:
@shwstppr
just my suggestion above.
I have tested a network with RVR, both VRs are BACKUP, no primary ...
however, `/opt/cloud/bin/configure_router.py --primary` in VR looks good.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1026706697
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 2416
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1026670953
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1077339577
@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1082681524
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 3014
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1082653847
@shwstppr a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1085594051
@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with
SystemVM template(s). I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1085625733
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 3048
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r841085533
##########
File path: systemvm/debian/opt/cloud/bin/cs/CsRedundant.py
##########
@@ -471,6 +469,40 @@ def _remove_ipv6_to_interface(self, interface, ipv6):
logging.info("IPv6 address %s not present for %s" % (ipv6, dev))
return
+ def _enable_radvd(self, dev, ipv6, dns1, dns2):
Review comment:
> @weizhouapache added this because setting up radvd from common.sh won't work in RVR case. As we discussed earlier, RVRs won't get an IPv6 in guest range from Java code. Therefore, eth0ip6 variable will be empty in common.sh and it won't setup radvd.
@shwstppr
you can get the values in /etc/cloudstack/cmdline.json which has the following
```
"guestcidr6size": "64",
...
"guestgw6": "2022:2:2:e::1",
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1085865580
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 3051
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1068370484
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1068679422
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1048068968
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 2688
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047489146
@shwstppr a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047488812
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan removed a comment on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan removed a comment on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047489146
@shwstppr a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047522054
@shwstppr a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1070975758
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1009250465
@shwstppr a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1041392129
Packaging result: :heavy_multiplication_x: el7 :heavy_multiplication_x: el8 :heavy_multiplication_x: debian :heavy_multiplication_x: suse15. SL-JID 2633
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r825877461
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/CreateIpv6FirewallRuleCmd.java
##########
@@ -0,0 +1,245 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.ipv6;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.FirewallResponse;
+import org.apache.cloudstack.api.response.FirewallRuleResponse;
+import org.apache.cloudstack.api.response.NetworkResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.Ipv6Service;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.user.Account;
+import com.cloud.utils.net.NetUtils;
+
+@APICommand(name = CreateIpv6FirewallRuleCmd.APINAME, description = "Creates an Ipv6 firewall rule in the given network (the network has to belong to VPC)", responseObject = FirewallRuleResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class CreateIpv6FirewallRuleCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateIpv6FirewallRuleCmd.class.getName());
+
+ public static final String APINAME = "createIpv6FirewallRule";
+
+ @Inject
+ Ipv6Service ipv6Service;
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, required = true, description = "the protocol for the Ipv6 firewall rule. Valid values are TCP/UDP/ICMP/ALL or valid protocol number")
+ private String protocol;
+
+ @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "the starting port of Ipv6 firewall rule")
+ private Integer publicStartPort;
+
+ @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "the ending port of Ipv6 firewall rule")
+ private Integer publicEndPort;
+
+ @Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the source CIDR list to allow traffic from. Multiple entries must be separated by a single comma character (,).")
+ private List<String> sourceCidrList;
+
+ @Parameter(name = ApiConstants.DEST_CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the destination CIDR list to allow traffic to. Multiple entries must be separated by a single comma character (,).")
+ private List<String> destinationCidrlist;
+
+ @Parameter(name = ApiConstants.ICMP_TYPE, type = CommandType.INTEGER, description = "type of the ICMP message being sent")
+ private Integer icmpType;
+
+ @Parameter(name = ApiConstants.ICMP_CODE, type = CommandType.INTEGER, description = "error code for this ICMP message")
+ private Integer icmpCode;
+
+ @Parameter(name = ApiConstants.NETWORK_ID, type = CommandType.UUID, entityType = NetworkResponse.class, description = "The network of the VM the Ipv6 firewall rule will be created for", required = true)
+ private Long networkId;
+
+ @Parameter(name = ApiConstants.TRAFFIC_TYPE, type = CommandType.STRING, description = "the traffic type for the Ipv6 firewall rule, can be ingress or egress, defaulted to ingress if not specified")
+ private String trafficType;
+
+ @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", authorized = {RoleType.Admin})
+ private Boolean display;
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public boolean isDisplay() {
+ if (display != null) {
+ return display;
+ } else {
+ return true;
+ }
+ }
+
+ public String getProtocol() {
+ String p = protocol.trim();
+ // Deal with ICMP(protocol number 1) specially because it need to be paired with icmp type and code
+ if (StringUtils.isNumeric(p)) {
Review comment:
Added
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan removed a comment on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan removed a comment on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1081849417
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr removed a comment on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr removed a comment on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1081848525
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r821465950
##########
File path: server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
##########
@@ -2583,6 +2598,21 @@ private void createDefaultEgressFirewallRule(final List<FirewallRule> rules, fin
}
}
+ private void createDefaultEgressIpv6FirewallRule(final List<FirewallRule> rules, final long networkId) {
+ final NetworkVO network = _networkDao.findById(networkId);
+ if(!_networkOfferingDao.isIpv6Supported(network.getNetworkOfferingId())) {
+ return;
+ }
+ // Since not all networks will IPv6 supported, add a system rule for IPv6 networks
+ final List<String> sourceCidr = new ArrayList<String>();
+ final List<String> destCidr = new ArrayList<String>();
+ sourceCidr.add(network.getIp6Cidr());
+ destCidr.add(NetUtils.ALL_IP6_CIDRS);
+ final FirewallRule rule = new FirewallRuleVO(null, null, null, null, "all", networkId, network.getAccountId(), network.getDomainId(), Purpose.Ipv6Firewall, sourceCidr,
Review comment:
All egress rules are not allowed by default. It would depend on network's egress policy.
A rule for `all` protocols is added here to make python script in router understand that it needs to configure IPv6 firewall for the network, allow or deny logic based on policy is present in `systemvm/debian/opt/cloud/bin/configure.py`
##########
File path: server/src/main/java/com/cloud/network/Ipv6ServiceImpl.java
##########
@@ -0,0 +1,517 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package com.cloud.network;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
+
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.api.command.user.ipv6.CreateIpv6FirewallRuleCmd;
+import org.apache.cloudstack.api.command.user.ipv6.DeleteIpv6FirewallRuleCmd;
+import org.apache.cloudstack.api.command.user.ipv6.ListIpv6FirewallRulesCmd;
+import org.apache.cloudstack.api.command.user.ipv6.UpdateIpv6FirewallRuleCmd;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.config.ConfigKey;
+import org.apache.cloudstack.managed.context.ManagedContextRunnable;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
+
+import com.cloud.configuration.Resource;
+import com.cloud.dc.DataCenter;
+import com.cloud.dc.DataCenterGuestIpv6Prefix;
+import com.cloud.dc.DataCenterGuestIpv6PrefixVO;
+import com.cloud.dc.Vlan;
+import com.cloud.dc.VlanVO;
+import com.cloud.dc.dao.DataCenterGuestIpv6PrefixDao;
+import com.cloud.dc.dao.VlanDao;
+import com.cloud.event.ActionEvent;
+import com.cloud.event.ActionEventUtils;
+import com.cloud.event.EventTypes;
+import com.cloud.event.EventVO;
+import com.cloud.event.UsageEventUtils;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.network.dao.FirewallRulesDao;
+import com.cloud.network.dao.Ipv6GuestPrefixSubnetNetworkMapDao;
+import com.cloud.network.dao.NetworkDetailsDao;
+import com.cloud.network.firewall.FirewallService;
+import com.cloud.network.guru.PublicNetworkGuru;
+import com.cloud.network.rules.FirewallManager;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.FirewallRuleVO;
+import com.cloud.offerings.dao.NetworkOfferingDao;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
+import com.cloud.utils.Pair;
+import com.cloud.utils.component.ComponentLifecycleBase;
+import com.cloud.utils.concurrency.NamedThreadFactory;
+import com.cloud.utils.db.GlobalLock;
+import com.cloud.utils.db.Transaction;
+import com.cloud.utils.db.TransactionCallbackWithException;
+import com.cloud.utils.db.TransactionStatus;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.net.NetUtils;
+import com.cloud.vm.DomainRouterVO;
+import com.cloud.vm.NicProfile;
+import com.cloud.vm.NicVO;
+import com.cloud.vm.dao.DomainRouterDao;
+import com.cloud.vm.dao.NicDao;
+import com.googlecode.ipv6.IPv6Address;
+import com.googlecode.ipv6.IPv6Network;
+import com.googlecode.ipv6.IPv6NetworkMask;
+
+public class Ipv6ServiceImpl extends ComponentLifecycleBase implements Ipv6Service {
+
+ public static final Logger s_logger = Logger.getLogger(Ipv6ServiceImpl.class.getName());
+
+ ScheduledExecutorService _ipv6GuestPrefixSubnetNetworkMapStateScanner;
+
+ @Inject
+ NetworkOfferingDao networkOfferingDao;
+ @Inject
+ VlanDao vlanDao;
+ @Inject
+ DataCenterGuestIpv6PrefixDao dataCenterGuestIpv6PrefixDao;
+ @Inject
+ Ipv6GuestPrefixSubnetNetworkMapDao ipv6GuestPrefixSubnetNetworkMapDao;
+ @Inject
+ FirewallRulesDao firewallDao;
+ @Inject
+ FirewallService firewallService;
+ @Inject
+ NetworkDetailsDao networkDetailsDao;
+ @Inject
+ NicDao nicDao;
+ @Inject
+ DomainRouterDao domainRouterDao;
+ @Inject
+ AccountManager accountManager;
+ @Inject
+ NetworkModel networkModel;
+ @Inject
+ FirewallManager firewallManager;
+
+ protected void releaseIpv6Subnet(long subnetId) {
+ Ipv6GuestPrefixSubnetNetworkMapVO ipv6GuestPrefixSubnetNetworkMapVO = ipv6GuestPrefixSubnetNetworkMapDao.createForUpdate(subnetId);
+ ipv6GuestPrefixSubnetNetworkMapVO.setState(Ipv6GuestPrefixSubnetNetworkMap.State.Free);
+ ipv6GuestPrefixSubnetNetworkMapVO.setNetworkId(null);
+ ipv6GuestPrefixSubnetNetworkMapVO.setUpdated(new Date());
+ ipv6GuestPrefixSubnetNetworkMapDao.update(ipv6GuestPrefixSubnetNetworkMapVO.getId(), ipv6GuestPrefixSubnetNetworkMapVO);
+ }
+
+ @Override
+ public boolean start() {
+ _ipv6GuestPrefixSubnetNetworkMapStateScanner.scheduleWithFixedDelay(new Ipv6GuestPrefixSubnetNetworkMapStateScanner(), 300, 30*60, TimeUnit.SECONDS);
+ return true;
+ }
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ _name = name;
+ _configParams = params;
+ _ipv6GuestPrefixSubnetNetworkMapStateScanner = Executors.newScheduledThreadPool(1, new NamedThreadFactory("Ipv6GuestPrefixSubnet-State-Scanner"));
+
+ return true;
+ }
+
+ @Override
+ public List<Class<?>> getCommands() {
+ final List<Class<?>> cmdList = new ArrayList<Class<?>>();
+ cmdList.add(CreateIpv6FirewallRuleCmd.class);
+ cmdList.add(ListIpv6FirewallRulesCmd.class);
+ cmdList.add(UpdateIpv6FirewallRuleCmd.class);
+ cmdList.add(DeleteIpv6FirewallRuleCmd.class);
+ return cmdList;
+ }
+
+ @Override
+ public String getConfigComponentName() {
+ return Ipv6Service.class.getSimpleName();
+ }
+
+ @Override
+ public ConfigKey<?>[] getConfigKeys() {
+ return new ConfigKey<?>[] {
+ Ipv6NetworkOfferingCreationEnabled
+ };
+ }
+
+ @Override
+ public Pair<Integer, Integer> getUsedTotalIpv6SubnetForPrefix(DataCenterGuestIpv6Prefix prefix) {
+ List<Ipv6GuestPrefixSubnetNetworkMapVO> usedSubnets = ipv6GuestPrefixSubnetNetworkMapDao.listUsedByPrefix(prefix.getId());
+ final IPv6Network ip6Prefix = IPv6Network.fromString(prefix.getPrefix());
+ Iterator<IPv6Network> splits = ip6Prefix.split(IPv6NetworkMask.fromPrefixLength(IPV6_SLAAC_CIDR_NETMASK));
+ int total = 0;
+ while(splits.hasNext()) {
+ total++;
+ splits.next();
+ }
+ return new Pair<>(usedSubnets.size(), total);
+ }
+
+ @Override
+ public Pair<Integer, Integer> getUsedTotalIpv6SubnetForZone(long zoneId) {
+ int used = 0;
+ int total = 0;
+ List<DataCenterGuestIpv6PrefixVO> prefixes = dataCenterGuestIpv6PrefixDao.listByDataCenterId(zoneId);
+ for (DataCenterGuestIpv6PrefixVO prefix : prefixes) {
+ Pair<Integer, Integer> usedTotal = getUsedTotalIpv6SubnetForPrefix(prefix);
+ used += usedTotal.first();
+ total += usedTotal.second();
+ }
+ return new Pair<>(used, total);
+ }
+
+ public Pair<String, String> preAllocateIpv6SubnetForNetwork(long zoneId) throws ResourceAllocationException {
+ List<DataCenterGuestIpv6PrefixVO> prefixes = dataCenterGuestIpv6PrefixDao.listByDataCenterId(zoneId);
+ if (CollectionUtils.isEmpty(prefixes)) {
+ s_logger.error(String.format("IPv6 prefixes not found for the zone ID: %d", zoneId));
+ throw new ResourceAllocationException("Unable to allocate IPv6 network", Resource.ResourceType.network);
+ }
+ Ipv6GuestPrefixSubnetNetworkMapVO ip6Subnet = null;
+ for (DataCenterGuestIpv6PrefixVO prefix : prefixes) {
+ ip6Subnet = ipv6GuestPrefixSubnetNetworkMapDao.findFirstAvailable(prefix.getId());
+ if (ip6Subnet == null) {
+ Ipv6GuestPrefixSubnetNetworkMapVO last = ipv6GuestPrefixSubnetNetworkMapDao.findLast(prefix.getId());
+ String lastUsedSubnet = last != null ? last.getSubnet() : null;
+ final IPv6Network ip6Prefix = IPv6Network.fromString(prefix.getPrefix());
+ Iterator<IPv6Network> splits = ip6Prefix.split(IPv6NetworkMask.fromPrefixLength(IPV6_SLAAC_CIDR_NETMASK));
+ while (splits.hasNext()) {
+ IPv6Network i = splits.next();
+ if (lastUsedSubnet == null) {
+ ip6Subnet = new Ipv6GuestPrefixSubnetNetworkMapVO(prefix.getId(), i.toString(), null, Ipv6GuestPrefixSubnetNetworkMap.State.Allocating);
+ break;
+ }
+ if (i.toString().equals(lastUsedSubnet)) {
+ lastUsedSubnet = null;
+ }
+ }
+ }
+ if (ip6Subnet != null) {
+ break;
+ }
+ }
+ if (ip6Subnet == null) {
+ throw new ResourceAllocationException("Unable to allocate IPv6 guest subnet for the network", Resource.ResourceType.network);
+ }
+ ip6Subnet.setUpdated(new Date());
+ if (Ipv6GuestPrefixSubnetNetworkMap.State.Free.equals(ip6Subnet.getState())) {
+ ip6Subnet.setState(Ipv6GuestPrefixSubnetNetworkMap.State.Allocating);
+ ipv6GuestPrefixSubnetNetworkMapDao.update(ip6Subnet.getId(), ip6Subnet);
+ } else {
+ ipv6GuestPrefixSubnetNetworkMapDao.persist(ip6Subnet);
+ }
+ IPv6Network network = IPv6Network.fromString(ip6Subnet.getSubnet());
+ return new Pair<>(network.getFirst().toString(), network.toString());
+ }
+
+ @Override
+ public void assignIpv6SubnetToNetwork(String subnet, long networkId) {
+ Ipv6GuestPrefixSubnetNetworkMapVO ipv6GuestPrefixSubnetNetworkMapVO = ipv6GuestPrefixSubnetNetworkMapDao.findBySubnet(subnet);
+ if (ipv6GuestPrefixSubnetNetworkMapVO != null) {
+ ipv6GuestPrefixSubnetNetworkMapVO = ipv6GuestPrefixSubnetNetworkMapDao.createForUpdate(ipv6GuestPrefixSubnetNetworkMapVO.getId());
+ ipv6GuestPrefixSubnetNetworkMapVO.setState(Ipv6GuestPrefixSubnetNetworkMap.State.Allocated);
+ ipv6GuestPrefixSubnetNetworkMapVO.setNetworkId(networkId);
+ ipv6GuestPrefixSubnetNetworkMapVO.setUpdated(new Date());
+ ipv6GuestPrefixSubnetNetworkMapDao.update(ipv6GuestPrefixSubnetNetworkMapVO.getId(), ipv6GuestPrefixSubnetNetworkMapVO);
+ }
+ }
+
+ @Override
+ public void releaseIpv6SubnetForNetwork(long networkId) {
+ Ipv6GuestPrefixSubnetNetworkMapVO ipv6GuestPrefixSubnetNetworkMapVO = ipv6GuestPrefixSubnetNetworkMapDao.findByNetworkId(networkId);
+ if (ipv6GuestPrefixSubnetNetworkMapVO != null) {
+ releaseIpv6Subnet(ipv6GuestPrefixSubnetNetworkMapVO.getId());
+ }
+ }
+
+ public Pair<String, ? extends Vlan> assignPublicIpv6ToNetwork(Network network, String nicMacAddress) {
+ final List<VlanVO> ranges = vlanDao.listVlansWithIpV6RangeByPhysicalNetworkId(network.getPhysicalNetworkId());
+ if (CollectionUtils.isEmpty(ranges)) {
+ s_logger.error(String.format("Unable to find IPv6 range for the zone ID: %d", network.getDataCenterId()));
+ throw new CloudRuntimeException(String.format("Cannot find IPv6 address for network %s", network.getName()));
+ }
+ Collections.shuffle(ranges);
+ VlanVO selectedVlan = ranges.get(0);
+ IPv6Network iPv6Network = IPv6Network.fromString(selectedVlan.getIp6Cidr());
+ if (iPv6Network.getNetmask().asPrefixLength() < IPV6_SLAAC_CIDR_NETMASK) {
+ Iterator<IPv6Network> splits = iPv6Network.split(IPv6NetworkMask.fromPrefixLength(IPV6_SLAAC_CIDR_NETMASK));
+ if (splits.hasNext()) {
+ splits.next();
+ }
+ if (splits.hasNext()) {
+ iPv6Network = splits.next();
+ }
+ }
+ IPv6Address ipv6Addr = NetUtils.EUI64Address(iPv6Network, nicMacAddress);
+ String event = EventTypes.EVENT_NET_IP6_ASSIGN;
+ String description = String.format("Assigned public IPv6 address: %s for network ID: %s", ipv6Addr, network.getUuid());
+ ActionEventUtils.onCompletedActionEvent(CallContext.current().getCallingUserId(), network.getAccountId(), EventVO.LEVEL_INFO, event, description, 0);
+ final boolean usageHidden = networkDetailsDao.isNetworkUsageHidden(network.getId());
+ final String guestType = selectedVlan.getVlanType().toString();
+ UsageEventUtils.publishUsageEvent(event, network.getAccountId(), network.getDataCenterId(), 0L,
+ ipv6Addr.toString(), false, guestType, false, usageHidden,
+ IPv6Network.class.getName(), null);
+ return new Pair<>(ipv6Addr.toString(), selectedVlan);
+ }
+
+ @Override
+ public void updateNicIpv6(NicProfile nic, DataCenter dc, Network network) {
+ boolean isIpv6Supported = networkOfferingDao.isIpv6Supported(network.getNetworkOfferingId());
+ if (nic.getIPv6Address() == null && isIpv6Supported) {
+ Pair<String, ? extends Vlan> publicIpv6AddressVlanPair = assignPublicIpv6ToNetwork(network, nic.getMacAddress());
+ final Vlan vlan = publicIpv6AddressVlanPair.second();
+ final String routerIpv6 = publicIpv6AddressVlanPair.first();
+ final String routerIpv6Gateway = vlan.getIp6Gateway();
+ final String routerIpv6Cidr = vlan.getIp6Cidr();
+ nic.setIPv6Address(routerIpv6);
+ nic.setIPv6Gateway(routerIpv6Gateway);
+ nic.setIPv6Cidr(routerIpv6Cidr);
+ if (nic.getIPv4Address() != null) {
+ nic.setFormat(Networks.AddressFormat.DualStack);
+ } else {
+ nic.setFormat(Networks.AddressFormat.Ip6);
+ }
+ nic.setIPv6Dns1(dc.getIp6Dns1());
+ nic.setIPv6Dns2(dc.getIp6Dns2());
+ }
+ }
+
+ @Override
+ public void releasePublicIpv6ForNic(Network network, String nicIpv6Address) {
+ String event = EventTypes.EVENT_NET_IP6_RELEASE;
+ String description = String.format("Releasing public IPv6 address: %s from network ID: %s", nicIpv6Address, network.getUuid());
+ ActionEventUtils.onCompletedActionEvent(CallContext.current().getCallingUserId(), network.getAccountId(), EventVO.LEVEL_INFO, event, description, 0);
+ final boolean usageHidden = networkDetailsDao.isNetworkUsageHidden(network.getId());
+ UsageEventUtils.publishUsageEvent(event, network.getAccountId(), network.getDataCenterId(), 0L,
+ nicIpv6Address, false, Vlan.VlanType.VirtualNetwork.toString(), false, usageHidden,
+ IPv6Address.class.getName(), null);
+ }
+
+ @Override
+ public List<String> getPublicIpv6AddressesForNetwork(Network network) {
+ List<String> addresses = new ArrayList<>();
+ List<DomainRouterVO> routers = domainRouterDao.findByNetwork(network.getId());
+ for (DomainRouterVO router : routers) {
+ List<NicVO> nics = nicDao.listByVmId(router.getId());
+ for (NicVO nic : nics) {
+ String address = nic.getIPv6Address();
+ if (!PublicNetworkGuru.class.getSimpleName().equals(nic.getReserver()) || StringUtils.isEmpty(address)) {
+ continue;
+ }
+ addresses.add(address);
+ }
+ }
+ return addresses;
+ }
+
+ @Override
+ public Pair<List<? extends FirewallRule>, Integer> listIpv6FirewallRules(ListIpv6FirewallRulesCmd listIpv6FirewallRulesCmd) {
+ return firewallService.listFirewallRules(listIpv6FirewallRulesCmd);
+ }
+
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_OPEN, eventDescription = "creating IPv6 firewall rule", create = true)
+ public FirewallRule createIpv6FirewallRule(CreateIpv6FirewallRuleCmd cmd) throws NetworkRuleConflictException {
+ final Account caller = CallContext.current().getCallingAccount();
+ final long networkId = cmd.getNetworkId();
+ final Integer portStart = cmd.getSourcePortStart();
+ final Integer portEnd = cmd.getSourcePortEnd();
+ final FirewallRule.TrafficType trafficType = cmd.getTrafficType();
+ final String protocol = cmd.getProtocol();
+ final Integer icmpCode = cmd.getIcmpCode();
+ final Integer icmpType = cmd.getIcmpType();
+ final boolean forDisplay = cmd.isDisplay();
+ final FirewallRule.FirewallRuleType type = FirewallRule.FirewallRuleType.User;
+ final List<String> sourceCidrList = cmd.getSourceCidrList();
+ final List<String> destinationCidrList = cmd.getDestinationCidrList();
+
+ if (portStart != null && !NetUtils.isValidPort(portStart)) {
+ throw new InvalidParameterValueException("publicPort is an invalid value: " + portStart);
+ }
+ if (portEnd != null && !NetUtils.isValidPort(portEnd)) {
+ throw new InvalidParameterValueException("Public port range is an invalid value: " + portEnd);
+ }
+
+ // start port can't be bigger than end port
+ if (portStart != null && portEnd != null && portStart > portEnd) {
+ throw new InvalidParameterValueException("Start port can't be bigger than end port");
+ }
+
+ Network network = networkModel.getNetwork(networkId);
+ assert network != null : "Can't create rule as network is null?";
+
+ final long accountId = network.getAccountId();
+ final long domainId = network.getDomainId();
+
+ if (FirewallRule.TrafficType.Egress.equals(trafficType)) {
+ accountManager.checkAccess(caller, null, true, network);
+ }
+
+ // Verify that the network guru supports the protocol specified
+ Map<Network.Capability, String> caps = networkModel.getNetworkServiceCapabilities(network.getId(), Network.Service.Firewall);
+
+ if (caps != null) {
+ String supportedProtocols;
+ String supportedTrafficTypes = null;
+ supportedTrafficTypes = caps.get(Network.Capability.SupportedTrafficDirection).toLowerCase();
+
+ if (trafficType == FirewallRule.TrafficType.Egress) {
+ supportedProtocols = caps.get(Network.Capability.SupportedEgressProtocols).toLowerCase();
+ } else {
+ supportedProtocols = caps.get(Network.Capability.SupportedProtocols).toLowerCase();
+ }
+
+ if (!supportedProtocols.contains(protocol.toLowerCase())) {
+ throw new InvalidParameterValueException(String.format("Protocol %s is not supported in zone", protocol));
+ } else if (!supportedTrafficTypes.contains(trafficType.toString().toLowerCase())) {
+ throw new InvalidParameterValueException("Traffic Type " + trafficType + " is currently supported by Firewall in network " + networkId);
+ }
+ }
+
+ // icmp code and icmp type can't be passed in for any other protocol rather than icmp
+ if (!protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO) && (icmpCode != null || icmpType != null)) {
+ throw new InvalidParameterValueException("Can specify icmpCode and icmpType for ICMP protocol only");
+ }
+
+ if (protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO) && (portStart != null || portEnd != null)) {
+ throw new InvalidParameterValueException("Can't specify start/end port when protocol is ICMP");
+ }
+
+ return Transaction.execute(new TransactionCallbackWithException<FirewallRuleVO, NetworkRuleConflictException>() {
+ @Override
+ public FirewallRuleVO doInTransaction(TransactionStatus status) throws NetworkRuleConflictException {
+ FirewallRuleVO newRule =
+ new FirewallRuleVO(null, null, portStart, portEnd, protocol.toLowerCase(), networkId, accountId, domainId, FirewallRule.Purpose.Ipv6Firewall,
+ sourceCidrList, destinationCidrList, icmpCode, icmpType, null, trafficType);
+ newRule.setType(type);
+ newRule.setDisplay(forDisplay);
+ newRule = firewallDao.persist(newRule);
+
+ if (FirewallRule.FirewallRuleType.User.equals(type)) {
+ firewallManager.detectRulesConflict(newRule);
+ }
+
+ if (!firewallDao.setStateToAdd(newRule)) {
+ throw new CloudRuntimeException("Unable to update the state to add for " + newRule);
+ }
+ CallContext.current().setEventDetails("Rule Id: " + newRule.getId());
+
+ return newRule;
+ }
+ });
+ }
+
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_CLOSE, eventDescription = "revoking IPv6 firewall rule", async = true)
+ public boolean revokeIpv6FirewallRule(Long id) {
+ FirewallRuleVO rule = firewallDao.findById(id);
+ if (rule == null) {
+ throw new InvalidParameterValueException(String.format("Unable to find IPv6 firewall rule with id %d", id));
+ }
+ if (FirewallRule.TrafficType.Ingress.equals(rule.getTrafficType())) {
+ return firewallManager.revokeIngressFirewallRule(rule.getId(), true);
+ }
+ return firewallManager.revokeEgressFirewallRule(rule.getId(), true);
+ }
+
+ @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_UPDATE, eventDescription = "updating IPv6 firewall rule", async = true)
+ public FirewallRule updateIpv6FirewallRule(UpdateIpv6FirewallRuleCmd cmd) {
+ final long id = cmd.getId();
+ final boolean forDisplay = cmd.isDisplay();
+ FirewallRuleVO rule = firewallDao.findById(id);
+ if (rule == null) {
+ throw new InvalidParameterValueException(String.format("Unable to find IPv6 firewall rule with id %d", id));
+ }
+ if (FirewallRule.TrafficType.Ingress.equals(rule.getTrafficType())) {
+ return firewallManager.updateIngressFirewallRule(rule.getId(), null, forDisplay);
+ }
+ return firewallManager.updateEgressFirewallRule(rule.getId(), null, forDisplay);
+ }
+
+ @Override
+ public FirewallRule getIpv6FirewallRule(Long entityId) {
+ return firewallDao.findById(entityId);
+ }
+
+ @Override
+ public boolean applyIpv6FirewallRule(long id) {
+ FirewallRuleVO rule = firewallDao.findById(id);
+ if (rule == null) {
+ s_logger.error(String.format("Unable to find IPv6 firewall rule with ID: %d", id));
+ return false;
+ }
+ if (!FirewallRule.Purpose.Ipv6Firewall.equals(rule.getPurpose())) {
+ s_logger.error(String.format("Cannot apply IPv6 firewall rule with ID: %d as purpose %s is not %s", id, rule.getPurpose(), FirewallRule.Purpose.Ipv6Firewall));
+ }
+ s_logger.debug(String.format("Applying IPv6 firewall rules for rule with ID: %s", rule.getUuid()));
+ List<FirewallRuleVO> rules = firewallDao.listByNetworkPurposeTrafficType(rule.getNetworkId(), rule.getPurpose(), FirewallRule.TrafficType.Egress);
+ rules.addAll(firewallDao.listByNetworkPurposeTrafficType(rule.getNetworkId(), FirewallRule.Purpose.Ipv6Firewall, FirewallRule.TrafficType.Ingress));
+ return firewallManager.applyFirewallRules(rules, false, CallContext.current().getCallingAccount());
+ }
+
+ public class Ipv6GuestPrefixSubnetNetworkMapStateScanner extends ManagedContextRunnable {
+ @Override
+ protected void runInContext() {
+ GlobalLock gcLock = GlobalLock.getInternLock("Ipv6GuestPrefixSubnetNetworkMap.State.Scanner.Lock");
+ try {
+ if (gcLock.lock(3)) {
+ try {
+ reallyRun();
+ } finally {
+ gcLock.unlock();
+ }
+ }
+ } finally {
+ gcLock.releaseRef();
+ }
+ }
+
+ public void reallyRun() {
+ try {
+ List<Ipv6GuestPrefixSubnetNetworkMapVO> subnets = ipv6GuestPrefixSubnetNetworkMapDao.findPrefixesInStates(Ipv6GuestPrefixSubnetNetworkMap.State.Allocating);
+ for (Ipv6GuestPrefixSubnetNetworkMapVO subnet : subnets) {
+ if (s_logger.isInfoEnabled()) {
+ s_logger.info(String.format("Running state scanned on Ipv6GuestPrefixSubnetNetworkMap : %s", subnet.getSubnet()));
+ }
+ try {
+ if ((new Date()).getTime() - subnet.getUpdated().getTime() < 30*60*1000) {
Review comment:
done
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/CreateIpv6FirewallRuleCmd.java
##########
@@ -0,0 +1,245 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.ipv6;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.FirewallResponse;
+import org.apache.cloudstack.api.response.FirewallRuleResponse;
+import org.apache.cloudstack.api.response.NetworkResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.Ipv6Service;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.user.Account;
+import com.cloud.utils.net.NetUtils;
+
+@APICommand(name = CreateIpv6FirewallRuleCmd.APINAME, description = "Creates an Ipv6 firewall rule in the given network (the network has to belong to VPC)", responseObject = FirewallRuleResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class CreateIpv6FirewallRuleCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateIpv6FirewallRuleCmd.class.getName());
+
+ public static final String APINAME = "createIpv6FirewallRule";
+
+ @Inject
+ Ipv6Service ipv6Service;
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, required = true, description = "the protocol for the Ipv6 firewall rule. Valid values are TCP/UDP/ICMP/ALL or valid protocol number")
+ private String protocol;
+
+ @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "the starting port of Ipv6 firewall rule")
+ private Integer publicStartPort;
+
+ @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "the ending port of Ipv6 firewall rule")
+ private Integer publicEndPort;
+
+ @Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the source CIDR list to allow traffic from. Multiple entries must be separated by a single comma character (,).")
+ private List<String> sourceCidrList;
+
+ @Parameter(name = ApiConstants.DEST_CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the destination CIDR list to allow traffic to. Multiple entries must be separated by a single comma character (,).")
+ private List<String> destinationCidrlist;
+
+ @Parameter(name = ApiConstants.ICMP_TYPE, type = CommandType.INTEGER, description = "type of the ICMP message being sent")
+ private Integer icmpType;
+
+ @Parameter(name = ApiConstants.ICMP_CODE, type = CommandType.INTEGER, description = "error code for this ICMP message")
+ private Integer icmpCode;
+
+ @Parameter(name = ApiConstants.NETWORK_ID, type = CommandType.UUID, entityType = NetworkResponse.class, description = "The network of the VM the Ipv6 firewall rule will be created for", required = true)
+ private Long networkId;
+
+ @Parameter(name = ApiConstants.TRAFFIC_TYPE, type = CommandType.STRING, description = "the traffic type for the Ipv6 firewall rule, can be ingress or egress, defaulted to ingress if not specified")
+ private String trafficType;
+
+ @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", authorized = {RoleType.Admin})
+ private Boolean display;
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public boolean isDisplay() {
+ if (display != null) {
+ return display;
+ } else {
+ return true;
+ }
+ }
+
+ public String getProtocol() {
+ String p = protocol.trim();
+ // Deal with ICMP(protocol number 1) specially because it need to be paired with icmp type and code
+ if (StringUtils.isNumeric(p)) {
+ int protoNumber = Integer.parseInt(p);
+ if (protoNumber == 1) {
+ p = "icmp";
+ }
+ }
+ return p;
+ }
+
+ public List<String> getSourceCidrList() {
+ if (sourceCidrList != null) {
+ return sourceCidrList;
+ } else {
+ List<String> oneCidrList = new ArrayList<String>();
+ oneCidrList.add(NetUtils.ALL_IP6_CIDRS);
+ return oneCidrList;
+ }
+ }
+
+ public List<String> getDestinationCidrList() {
+ if (destinationCidrlist != null) {
+ return destinationCidrlist;
+ } else {
+ List<String> oneCidrList = new ArrayList<String>();
+ oneCidrList.add(NetUtils.ALL_IP6_CIDRS);
+ return oneCidrList;
+ }
+ }
+
+ public FirewallRule.TrafficType getTrafficType() {
+ if (trafficType == null) {
+ return FirewallRule.TrafficType.Ingress;
+ }
+ for (FirewallRule.TrafficType type : FirewallRule.TrafficType.values()) {
+ if (type.toString().equalsIgnoreCase(trafficType)) {
+ return type;
+ }
+ }
+ throw new InvalidParameterValueException("Invalid traffic type " + trafficType);
+ }
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return APINAME.toLowerCase() + RESPONSE_SUFFIX;
+ }
+
+ public Integer getSourcePortStart() {
+ return publicStartPort;
+ }
+
+ public Integer getSourcePortEnd() {
+ if (publicEndPort == null) {
+ if (publicStartPort != null) {
+ return publicStartPort;
+ }
+ } else {
+ return publicEndPort;
+ }
+
+ return null;
+ }
+
+ public Long getNetworkId() {
+ return networkId;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Account caller = CallContext.current().getCallingAccount();
Review comment:
refactored
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1060627483
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1048458682
<b>Trillian test result (tid-3415)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 37186 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5786-t3415-kvm-centos7.zip
Smoke tests completed. 92 look OK, 1 have errors
Only failed tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
test_01_create_ipv6_guest_prefix | `Error` | 0.01 | test_network_ipv6.py
ContextSuite context=TestIpv6Network>:setup | `Error` | 0.03 | test_network_ipv6.py
test_01_create_ipv6_public_ip_range | `Error` | 0.00 | test_network_ipv6.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r829150357
##########
File path: ui/src/views/infra/network/IpRangesTabPublic.vue
##########
@@ -174,6 +186,19 @@
class="form"
>
+ <a-form-item name="iptype" ref="iptype" :label="$t('label.ip.range.type')" class="form__item">
+ <a-radio-group
+ v-model:value="form.iptype"
+ buttonStyle="solid"
+ @change="selected => { addFormIpType = selected.target.value }">
+ <a-radio-button value="">
+ {{ $t('label.ip.v4') }}
Review comment:
good, I will check , thanks @shwstppr
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1071189757
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] jbampton commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
jbampton commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r840282149
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateGuestNetworkIpv6PrefixCmd.java
##########
@@ -0,0 +1,115 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.api.command.admin.network;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiArgValidator;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.DataCenterGuestIpv6PrefixResponse;
+import org.apache.cloudstack.api.response.ZoneResponse;
+import org.apache.log4j.Logger;
+
+import com.cloud.dc.DataCenterGuestIpv6Prefix;
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+@APICommand(name = CreateGuestNetworkIpv6PrefixCmd.APINAME,
+ description = "Creates a guest network IPv6 prefix.",
+ responseObject = DataCenterGuestIpv6PrefixResponse.class,
+ since = "4.17.0.0",
+ requestHasSensitiveInfo = false,
+ responseHasSensitiveInfo = false,
+ authorized = {RoleType.Admin})
+public class CreateGuestNetworkIpv6PrefixCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateGuestNetworkIpv6PrefixCmd.class);
+
+ public static final String APINAME = "createGuestNetworkIpv6Prefix";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+ @Parameter(name = ApiConstants.ZONE_ID,
+ type = CommandType.UUID,
+ entityType = ZoneResponse.class,
+ required = true,
+ description = "UUID of zone to which the IPv6 prefix belongs to.",
+ validations = {ApiArgValidator.PositiveNumber})
+ private Long zoneId;
+
+ @Parameter(name = ApiConstants.PREFIX,
+ type = CommandType.STRING,
+ required = true,
+ description = "The /56 or higher IPv6 CIDR for network prefix.")
+ private String prefix;
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getZoneId() {
+ return zoneId;
+ }
+
+ public String getPrefix() {
+ return prefix;
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_GUEST_IP6_PREFIX_CREATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "Creating guest IPv6 prefix " + getPrefix() + " for zone=" + getZoneId();
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException,
+ ResourceAllocationException {
+ DataCenterGuestIpv6Prefix result = _configService.createDataCenterGuestIpv6Prefix(this);
+ if (result != null) {
+ DataCenterGuestIpv6PrefixResponse response = _responseGenerator.createDataCenterGuestIpv6PrefixResponse(result);
+ response.setResponseName(getCommandName());
+ this.setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create zone guest IPv6 prefix.");
+ }
+ }
+
+ @Override
+ public String getCommandName() {
+ return APINAME.toLowerCase() + BaseAsyncCmd.RESPONSE_SUFFIX;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM;
+ }
+
+}
Review comment:
```suggestion
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache removed a comment on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache removed a comment on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1070975758
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r828851762
##########
File path: ui/src/views/infra/network/IpRangesTabPublic.vue
##########
@@ -174,6 +186,19 @@
class="form"
>
+ <a-form-item name="iptype" ref="iptype" :label="$t('label.ip.range.type')" class="form__item">
+ <a-radio-group
+ v-model:value="form.iptype"
+ buttonStyle="solid"
+ @change="selected => { addFormIpType = selected.target.value }">
+ <a-radio-button value="">
+ {{ $t('label.ip.v4') }}
Review comment:
@shwstppr
can IPv4 be set to default ?
##########
File path: ui/src/views/infra/network/IpRangesTabPublic.vue
##########
@@ -186,22 +211,32 @@
<a-select-option v-for="pod in pods" :key="pod.id" :value="pod.id">{{ pod.name }}</a-select-option>
</a-select>
</a-form-item>
- <a-form-item name="gateway" ref="gateway" :label="$t('label.gateway')" class="form__item">
- <a-input v-model:value="form.gateway" />
- </a-form-item>
- <a-form-item name="netmask" ref="netmask" :label="$t('label.netmask')" class="form__item">
- <a-input v-model:value="form.netmask" />
- </a-form-item>
<a-form-item name="vlan" ref="vlan" :label="$t('label.vlan')" class="form__item" v-if="!basicGuestNetwork">
<a-input v-model:value="form.vlan" />
</a-form-item>
- <a-form-item name="startip" ref="startip" :label="$t('label.startip')" class="form__item">
- <a-input v-model:value="form.startip" />
- </a-form-item>
- <a-form-item name="endip" ref="endip" :label="$t('label.endip')" class="form__item">
- <a-input v-model:value="form.endip" />
- </a-form-item>
- <div class="form__item" v-if="!basicGuestNetwork">
+ <div v-if="addFormIpType==='ip6'">
+ <a-form-item name="ip6gateway" ref="ip6gateway" :label="$t('label.gateway')" class="form__item">
Review comment:
@shwstppr
it looks better to use `label.ip6gateway` instead of `label.ipgateway`
and `label.ip6cidr` as well.
##########
File path: ui/src/views/infra/network/IpRangesTabPublic.vue
##########
@@ -174,6 +186,19 @@
class="form"
>
+ <a-form-item name="iptype" ref="iptype" :label="$t('label.ip.range.type')" class="form__item">
+ <a-radio-group
+ v-model:value="form.iptype"
+ buttonStyle="solid"
+ @change="selected => { addFormIpType = selected.target.value }">
+ <a-radio-button value="">
+ {{ $t('label.ip.v4') }}
Review comment:
good, I will check , thanks @shwstppr
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1066741605
@shwstppr
since there is no way to update a vpc to another offering with ipv6 support, is it possible to add vpc tier with Ipv6 support if the vpc was created with offering without ipv6 support ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1066751366
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 2866
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1067199545
@weizhouapache made the change
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1065852424
@shwstppr a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1065852271
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr removed a comment on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr removed a comment on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047488812
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1068679569
@shwstppr a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-998735349
<b>Trillian Build Failed (tid-2707)<b/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-997654813
@shwstppr a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-998501652
@shwstppr a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sureshanaparti commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
sureshanaparti commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1004561748
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1078813341
Manual run of failed test ^^ looks okay. Restarting tests
```
[root@ref-trl-2752-v-M7-abhishek-kumar-marvin ~]# cat /marvin/MarvinLogs/test_vpc_vpn_M4A8IO/results.txt
Test Site 2 Site VPN Across redundant VPCs ... === TestName: test_01_redundant_vpc_site2site_vpn | Status : SUCCESS ===
ok
Test Site 2 Site VPN Across VPCs ... === TestName: test_01_vpc_site2site_vpn_multiple_options | Status : SUCCESS ===
ok
Test Remote Access VPN in VPC ... === TestName: test_01_vpc_remote_access_vpn | Status : SUCCESS ===
ok
Test Site 2 Site VPN Across VPCs ... === TestName: test_01_vpc_site2site_vpn | Status : SUCCESS ===
ok
----------------------------------------------------------------------
Ran 4 tests in 1712.169s
OK
```
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-998501255
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sureshanaparti commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
sureshanaparti commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-998733455
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1009249855
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1065185224
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047487062
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 2679
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047497955
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r811978341
##########
File path: server/src/main/java/com/cloud/network/Ipv6ServiceImpl.java
##########
@@ -0,0 +1,523 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package com.cloud.network;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
+
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.api.command.user.ipv6.CreateIpv6FirewallRuleCmd;
+import org.apache.cloudstack.api.command.user.ipv6.DeleteIpv6FirewallRuleCmd;
+import org.apache.cloudstack.api.command.user.ipv6.ListIpv6FirewallRulesCmd;
+import org.apache.cloudstack.api.command.user.ipv6.UpdateIpv6FirewallRuleCmd;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.config.ConfigKey;
+import org.apache.cloudstack.managed.context.ManagedContextRunnable;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
+
+import com.cloud.configuration.Resource;
+import com.cloud.dc.DataCenter;
+import com.cloud.dc.DataCenterGuestIpv6Prefix;
+import com.cloud.dc.DataCenterGuestIpv6PrefixVO;
+import com.cloud.dc.Vlan;
+import com.cloud.dc.VlanVO;
+import com.cloud.dc.dao.DataCenterGuestIpv6PrefixDao;
+import com.cloud.dc.dao.VlanDao;
+import com.cloud.event.ActionEvent;
+import com.cloud.event.ActionEventUtils;
+import com.cloud.event.EventTypes;
+import com.cloud.event.EventVO;
+import com.cloud.event.UsageEventUtils;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.network.dao.FirewallRulesDao;
+import com.cloud.network.dao.Ipv6GuestPrefixSubnetNetworkMapDao;
+import com.cloud.network.dao.NetworkDetailsDao;
+import com.cloud.network.firewall.FirewallService;
+import com.cloud.network.guru.PublicNetworkGuru;
+import com.cloud.network.rules.FirewallManager;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.FirewallRuleVO;
+import com.cloud.offerings.dao.NetworkOfferingDao;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
+import com.cloud.utils.Pair;
+import com.cloud.utils.component.ComponentLifecycleBase;
+import com.cloud.utils.concurrency.NamedThreadFactory;
+import com.cloud.utils.db.GlobalLock;
+import com.cloud.utils.db.Transaction;
+import com.cloud.utils.db.TransactionCallbackWithException;
+import com.cloud.utils.db.TransactionStatus;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.net.NetUtils;
+import com.cloud.vm.DomainRouterVO;
+import com.cloud.vm.NicProfile;
+import com.cloud.vm.NicVO;
+import com.cloud.vm.dao.DomainRouterDao;
+import com.cloud.vm.dao.NicDao;
+import com.googlecode.ipv6.IPv6Address;
+import com.googlecode.ipv6.IPv6Network;
+import com.googlecode.ipv6.IPv6NetworkMask;
+
+public class Ipv6ServiceImpl extends ComponentLifecycleBase implements Ipv6Service {
+
+ public static final Logger s_logger = Logger.getLogger(Ipv6ServiceImpl.class.getName());
+
+ ScheduledExecutorService _ipv6GuestPrefixSubnetNetworkMapStateScanner;
+
+ @Inject
+ NetworkOfferingDao networkOfferingDao;
+ @Inject
+ VlanDao vlanDao;
+ @Inject
+ DataCenterGuestIpv6PrefixDao dataCenterGuestIpv6PrefixDao;
+ @Inject
+ Ipv6GuestPrefixSubnetNetworkMapDao ipv6GuestPrefixSubnetNetworkMapDao;
+ @Inject
+ FirewallRulesDao firewallDao;
+ @Inject
+ FirewallService firewallService;
+ @Inject
+ NetworkDetailsDao networkDetailsDao;
+ @Inject
+ NicDao nicDao;
+ @Inject
+ DomainRouterDao domainRouterDao;
+ @Inject
+ AccountManager accountManager;
+ @Inject
+ NetworkModel networkModel;
+ @Inject
+ FirewallManager firewallManager;
+
+ protected void releaseIpv6Subnet(long subnetId) {
+ Ipv6GuestPrefixSubnetNetworkMapVO ipv6GuestPrefixSubnetNetworkMapVO = ipv6GuestPrefixSubnetNetworkMapDao.createForUpdate(subnetId);
+ ipv6GuestPrefixSubnetNetworkMapVO.setState(Ipv6GuestPrefixSubnetNetworkMap.State.Free);
+ ipv6GuestPrefixSubnetNetworkMapVO.setNetworkId(null);
+ ipv6GuestPrefixSubnetNetworkMapVO.setUpdated(new Date());
+ ipv6GuestPrefixSubnetNetworkMapDao.update(ipv6GuestPrefixSubnetNetworkMapVO.getId(), ipv6GuestPrefixSubnetNetworkMapVO);
+ }
+
+ @Override
+ public boolean start() {
+ _ipv6GuestPrefixSubnetNetworkMapStateScanner.scheduleWithFixedDelay(new Ipv6GuestPrefixSubnetNetworkMapStateScanner(), 300, 30*60, TimeUnit.SECONDS);
+ return true;
+ }
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ _name = name;
+ _configParams = params;
+ _ipv6GuestPrefixSubnetNetworkMapStateScanner = Executors.newScheduledThreadPool(1, new NamedThreadFactory("Ipv6GuestPrefixSubnet-State-Scanner"));
+
+ return true;
+ }
+
+ @Override
+ public List<Class<?>> getCommands() {
+ final List<Class<?>> cmdList = new ArrayList<Class<?>>();
+ cmdList.add(CreateIpv6FirewallRuleCmd.class);
+ cmdList.add(ListIpv6FirewallRulesCmd.class);
+ cmdList.add(UpdateIpv6FirewallRuleCmd.class);
+ cmdList.add(DeleteIpv6FirewallRuleCmd.class);
+ return cmdList;
+ }
+
+ @Override
+ public String getConfigComponentName() {
+ return Ipv6Service.class.getSimpleName();
+ }
+
+ @Override
+ public ConfigKey<?>[] getConfigKeys() {
+ return new ConfigKey<?>[] {
+ Ipv6NetworkOfferingCreationEnabled
+ };
+ }
+
+ @Override
+ public Pair<Integer, Integer> getUsedTotalIpv6SubnetForPrefix(DataCenterGuestIpv6Prefix prefix) {
+ List<Ipv6GuestPrefixSubnetNetworkMapVO> usedSubnets = ipv6GuestPrefixSubnetNetworkMapDao.listUsedByPrefix(prefix.getId());
+ final IPv6Network ip6Prefix = IPv6Network.fromString(prefix.getPrefix());
+ Iterator<IPv6Network> splits = ip6Prefix.split(IPv6NetworkMask.fromPrefixLength(IPV6_SLAAC_CIDR_NETMASK));
+ int total = 0;
Review comment:
@weizouapache this is my mistake. I was getting confused with the first subnet (2022:2:2:2::/64 in your prefix of 2022:2:2:2::/60) so I added code for skipping it. Will fix it
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1060655797
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 2783
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r821466791
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/DeleteIpv6FirewallRuleCmd.java
##########
@@ -0,0 +1,98 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.ipv6;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.FirewallRuleResponse;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.Ipv6Service;
+import com.cloud.user.Account;
+
+@APICommand(name = DeleteIpv6FirewallRuleCmd.APINAME, description = "Deletes a IPv6 firewall rule", responseObject = SuccessResponse.class,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class DeleteIpv6FirewallRuleCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(DeleteIpv6FirewallRuleCmd.class.getName());
+ public static final String APINAME = "deleteIpv6FirewallRule";
+
+ @Inject
+ Ipv6Service ipv6Service;
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = FirewallRuleResponse.class, required = true, description = "the ID of the IPv6 firewall rule")
+ private Long id;
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getId() {
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+ @Override
+ public String getCommandName() {
+ return APINAME.toLowerCase() + RESPONSE_SUFFIX;
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IPV6_FIREWALL_RULE_DELETE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return ("Deleting IPv6 firewall rule ID=" + id);
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Account caller = CallContext.current().getCallingAccount();
Review comment:
refactored
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/ListIpv6FirewallRulesCmd.java
##########
@@ -0,0 +1,137 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.ipv6;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.command.user.firewall.IListFirewallRulesCmd;
+import org.apache.cloudstack.api.response.FirewallResponse;
+import org.apache.cloudstack.api.response.FirewallRuleResponse;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.NetworkResponse;
+import org.apache.log4j.Logger;
+
+import com.cloud.network.Ipv6Service;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.utils.Pair;
+
+@APICommand(name = ListIpv6FirewallRulesCmd.APINAME, description = "Lists all IPv6 firewall rules", responseObject = FirewallRuleResponse.class,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class ListIpv6FirewallRulesCmd extends BaseListTaggedResourcesCmd implements IListFirewallRulesCmd {
+ public static final Logger s_logger = Logger.getLogger(ListIpv6FirewallRulesCmd.class.getName());
+
+ public static final String APINAME = "listIpv6FirewallRules";
+
+ @Inject
+ Ipv6Service ipv6Service;
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = FirewallRuleResponse.class,
+ description = "Lists ipv6 firewall rule with the specified ID")
+ private Long id;
+
+ @Parameter(name = ApiConstants.NETWORK_ID, type = CommandType.UUID, entityType = NetworkResponse.class, description = "list ipv6 firewall rules by network ID")
+ private Long networkId;
+
+ @Parameter(name = ApiConstants.TRAFFIC_TYPE, type = CommandType.STRING, description = "list ipv6 firewall rules by traffic type - ingress or egress")
+ private String trafficType;
+
+ @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, description = "list ipv6 firewall rules by protocol")
+ private String protocol;
+
+ @Parameter(name = ApiConstants.ACTION, type = CommandType.STRING, description = "list ipv6 firewall rules by action: allow or deny")
Review comment:
removed
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/CreateIpv6FirewallRuleCmd.java
##########
@@ -0,0 +1,245 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.ipv6;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.FirewallResponse;
+import org.apache.cloudstack.api.response.FirewallRuleResponse;
+import org.apache.cloudstack.api.response.NetworkResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.Ipv6Service;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.user.Account;
+import com.cloud.utils.net.NetUtils;
+
+@APICommand(name = CreateIpv6FirewallRuleCmd.APINAME, description = "Creates an Ipv6 firewall rule in the given network (the network has to belong to VPC)", responseObject = FirewallRuleResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class CreateIpv6FirewallRuleCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateIpv6FirewallRuleCmd.class.getName());
+
+ public static final String APINAME = "createIpv6FirewallRule";
+
+ @Inject
Review comment:
refactored
##########
File path: server/src/main/java/com/cloud/alert/AlertManagerImpl.java
##########
@@ -416,6 +422,35 @@ public void createOrUpdateIpCapacity(Long dcId, Long podId, short capacityType,
}
}
+ public void createOrUpdateIpv6Capacity(Long dcId, short capacityType, AllocationState capacityState) {
Review comment:
refactored
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r821572954
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/CreateIpv6FirewallRuleCmd.java
##########
@@ -0,0 +1,245 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.ipv6;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.FirewallResponse;
+import org.apache.cloudstack.api.response.FirewallRuleResponse;
+import org.apache.cloudstack.api.response.NetworkResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.Ipv6Service;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.user.Account;
+import com.cloud.utils.net.NetUtils;
+
+@APICommand(name = CreateIpv6FirewallRuleCmd.APINAME, description = "Creates an Ipv6 firewall rule in the given network (the network has to belong to VPC)", responseObject = FirewallRuleResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class CreateIpv6FirewallRuleCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateIpv6FirewallRuleCmd.class.getName());
+
+ public static final String APINAME = "createIpv6FirewallRule";
+
+ @Inject
+ Ipv6Service ipv6Service;
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, required = true, description = "the protocol for the Ipv6 firewall rule. Valid values are TCP/UDP/ICMP/ALL or valid protocol number")
+ private String protocol;
+
+ @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "the starting port of Ipv6 firewall rule")
+ private Integer publicStartPort;
+
+ @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "the ending port of Ipv6 firewall rule")
+ private Integer publicEndPort;
+
+ @Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the source CIDR list to allow traffic from. Multiple entries must be separated by a single comma character (,).")
+ private List<String> sourceCidrList;
+
+ @Parameter(name = ApiConstants.DEST_CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the destination CIDR list to allow traffic to. Multiple entries must be separated by a single comma character (,).")
+ private List<String> destinationCidrlist;
+
+ @Parameter(name = ApiConstants.ICMP_TYPE, type = CommandType.INTEGER, description = "type of the ICMP message being sent")
+ private Integer icmpType;
+
+ @Parameter(name = ApiConstants.ICMP_CODE, type = CommandType.INTEGER, description = "error code for this ICMP message")
+ private Integer icmpCode;
+
+ @Parameter(name = ApiConstants.NETWORK_ID, type = CommandType.UUID, entityType = NetworkResponse.class, description = "The network of the VM the Ipv6 firewall rule will be created for", required = true)
Review comment:
@shwstppr sorry, I did not see `required=true` at the end of the line. ..
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1066718481
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1067553985
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1078554263
<b>Trillian test result (tid-3712)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 33265 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5786-t3712-kvm-centos7.zip
Smoke tests completed. 92 look OK, 1 have errors
Only failed tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
test_01_redundant_vpc_site2site_vpn | `Failure` | 387.91 | test_vpc_vpn.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1082910722
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1085632265
@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with
SystemVM template(s). I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr removed a comment on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr removed a comment on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1085825140
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1085828377
@shwstppr a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1085827806
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1032214852
Packaging result: :heavy_multiplication_x: el7 :heavy_multiplication_x: el8 :heavy_multiplication_x: debian :heavy_multiplication_x: suse15. SL-JID 2505
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1042595584
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 2639
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047209248
@shwstppr a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047924506
<b>Trillian test result (tid-3408)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 26073 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5786-t3408-kvm-centos7.zip
Smoke tests completed. 70 look OK, 23 have errors
Only failed tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
test_01_create_redundant_VPC_2tiers_4VMs_4IPs_4PF_ACL | `Failure` | 69.40 | test_vpc_redundant.py
test_02_redundant_VPC_default_routes | `Failure` | 67.47 | test_vpc_redundant.py
test_03_create_redundant_VPC_1tier_2VMs_2IPs_2PF_ACL_reboot_routers | `Failure` | 70.76 | test_vpc_redundant.py
test_04_rvpc_network_garbage_collector_nics | `Failure` | 66.35 | test_vpc_redundant.py
test_05_rvpc_multi_tiers | `Failure` | 68.40 | test_vpc_redundant.py
ContextSuite context=TestDirectDownloadTemplates>:setup | `Error` | 0.00 | test_direct_download.py
ContextSuite context=TestNestedVirtualization>:setup | `Error` | 0.00 | test_nested_virtualization.py
ContextSuite context=TestPortablePublicIPAcquire>:setup | `Error` | 0.00 | test_portable_publicip.py
test_01_vpc_privategw_acl | `Failure` | 33.60 | test_privategw_acl.py
test_02_vpc_privategw_static_routes | `Failure` | 58.05 | test_privategw_acl.py
test_03_vpc_privategw_restart_vpc_cleanup | `Failure` | 58.14 | test_privategw_acl.py
test_04_rvpc_privategw_static_routes | `Failure` | 123.47 | test_privategw_acl.py
ContextSuite context=TestVMWareStoragePolicies>:setup | `Error` | 0.00 | test_storage_policy.py
ContextSuite context=TestIsolatedNetworksPasswdServer>:setup | `Error` | 0.00 | test_password_server.py
ContextSuite context=TestL2PersistentNetworks>:setup | `Error` | 0.00 | test_persistent_network.py
test_01_create_network_offering | `Error` | 0.03 | test_domain_network_offerings.py
ContextSuite context=TestDomainsNetworkOfferings>:setup | `Error` | 3.38 | test_domain_network_offerings.py
ContextSuite context=TestRouterDHCPHosts>:setup | `Error` | 0.00 | test_router_dhcphosts.py
ContextSuite context=TestRouterDHCPOpts>:setup | `Error` | 0.00 | test_router_dhcphosts.py
ContextSuite context=TestRouterDns>:setup | `Error` | 0.00 | test_router_dns.py
test_02_cancel_host_maintenace_with_migration_jobs | `Error` | 0.22 | test_host_maintenance.py
test_03_cancel_host_maintenace_with_migration_jobs_failure | `Error` | 0.24 | test_host_maintenance.py
ContextSuite context=TestHostMaintenanceAgents>:setup | `Error` | 0.39 | test_host_maintenance.py
ContextSuite context=TestRouterDnsService>:setup | `Error` | 0.00 | test_router_dnsservice.py
test_01_internallb_roundrobin_1VPC_3VM_HTTP_port80 | `Failure` | 2.21 | test_internal_lb.py
test_02_internallb_roundrobin_1RVPC_3VM_HTTP_port80 | `Failure` | 2.22 | test_internal_lb.py
test_03_vpc_internallb_haproxy_stats_on_all_interfaces | `Failure` | 2.28 | test_internal_lb.py
test_04_rvpc_internallb_haproxy_stats_on_all_interfaces | `Failure` | 2.30 | test_internal_lb.py
test_01_isolate_network_FW_PF_default_routes_egress_true | `Error` | 0.02 | test_routers_network_ops.py
test_02_isolate_network_FW_PF_default_routes_egress_false | `Error` | 0.02 | test_routers_network_ops.py
test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true | `Error` | 0.02 | test_routers_network_ops.py
test_02_RVR_Network_FW_PF_SSH_default_routes_egress_false | `Error` | 0.02 | test_routers_network_ops.py
test_03_RVR_Network_check_router_state | `Error` | 0.02 | test_routers_network_ops.py
ContextSuite context=TestNetworkMigration>:setup | `Error` | 0.00 | test_migration.py
ContextSuite context=TestL2Networks>:setup | `Error` | 160.21 | test_network.py
ContextSuite context=TestPublicIP>:setup | `Error` | 3.12 | test_network.py
ContextSuite context=TestSharedNetwork>:setup | `Error` | 45.35 | test_network.py
ContextSuite context=TestUnmanageVM>:setup | `Error` | 209.00 | test_vm_life_cycle.py
test_01_create_ipv6_guest_prefix | `Error` | 0.01 | test_network_ipv6.py
ContextSuite context=TestIpv6Network>:setup | `Error` | 0.04 | test_network_ipv6.py
test_01_create_ipv6_public_ip_range | `Error` | 0.01 | test_network_ipv6.py
test_01_nic | `Error` | 22.74 | test_nic.py
test_01_VPC_nics_after_destroy | `Failure` | 36.69 | test_vpc_router_nics.py
test_02_VPC_default_routes | `Failure` | 37.73 | test_vpc_router_nics.py
ContextSuite context=TestAdapterTypeForNic>:setup | `Error` | 0.00 | test_nic_adapter_type.py
test_01_single_VPC_iptables_policies | `Error` | 34.37 | test_routers_iptables_default_policy.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1003291237
@shwstppr a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1003291099
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1003575449
<b>Trillian test result (tid-2763)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 30752 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5786-t2763-kvm-centos7.zip
Smoke tests completed. 91 look OK, 0 have errors
Only failed tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1004562245
@sureshanaparti a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1004627353
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 2083
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-997654174
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-997853216
Packaging result: :heavy_multiplication_x: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_multiplication_x: suse15. SL-JID 1959
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] sureshanaparti commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
sureshanaparti commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1009644163
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r785751704
##########
File path: api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
##########
@@ -262,6 +263,7 @@
public static final String NEW_END_IP = "newendip";
public static final String NUM_RETRIES = "numretries";
public static final String OFFER_HA = "offerha";
+ public static final String ISO_ID = "isoid";
Review comment:
in case you moved these for the sake of alfabetical ordering; these 'I' items should be way up and not amitts 'O' items
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1060628653
@shwstppr a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r821576448
##########
File path: server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
##########
@@ -2583,6 +2598,21 @@ private void createDefaultEgressFirewallRule(final List<FirewallRule> rules, fin
}
}
+ private void createDefaultEgressIpv6FirewallRule(final List<FirewallRule> rules, final long networkId) {
+ final NetworkVO network = _networkDao.findById(networkId);
+ if(!_networkOfferingDao.isIpv6Supported(network.getNetworkOfferingId())) {
+ return;
+ }
+ // Since not all networks will IPv6 supported, add a system rule for IPv6 networks
+ final List<String> sourceCidr = new ArrayList<String>();
+ final List<String> destCidr = new ArrayList<String>();
+ sourceCidr.add(network.getIp6Cidr());
+ destCidr.add(NetUtils.ALL_IP6_CIDRS);
+ final FirewallRule rule = new FirewallRuleVO(null, null, null, null, "all", networkId, network.getAccountId(), network.getDomainId(), Purpose.Ipv6Firewall, sourceCidr,
Review comment:
@shwstppr
OK, that sounds good!
ps, 'all' can be replaced with `NetUtils.ALL_PROTO`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1084162948
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 3032
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1085631338
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1083067558
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1065052237
@shwstppr a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1067150071
> @weizhouapache yes, IPv6 is not pre-allocated in VPC. Even now it is assigned only when the first IPv6 tier is created. But **IPv4** gets allocated to a VPC as soon as it is created. In most cases this allocated IPv4 can be from a vlan range which does not have a corresponding IPv6 range.
@shwstppr
OK, so for now
(1) if internet protocol of vpc offering is dualstack, allocate an Ipv4 and ipv6 address when create first vpc tier
(2) if internal protocol of vpc offering is ipv4, allocate an ipv4 address when create first vpc tier.
My idea is, in case 2, when create a vpc tier (second tier) with ipv6, try to allocate an ipv6 address from same vlan as ipv4. if ok then all are good, if not then throw an exception like "unable to fetch public ipv6 address for this vpc, please contact admin to add an ipv6 range". it is much easier and more flexible .
updating vpc to another offering is an option. but the public Ipv4 address will be changed to another vlan range with both ipv4 and ipv6, which might cause some issues and is complicated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1067200953
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1067138185
@weizhouapache yes, IPv6 is not pre-allocated in VPC. Even now it is assigned only when the first IPv6 tier is created.
But **IPv4** gets allocated to a VPC as soon as it is created. In most cases this allocated IPv4 can be from a vlan range which does not have a corresponding IPv6 range.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1070906730
updating...
(7) ipv6 are allocated in different vlan as ipv4.
steps to reproduce the issue
* create isolated network
* acquire a ipv4 from the vlan range which do not have the public ipv6 range
* create a user vm in the network
* an public ipv6 address in other vlan is allocated to VR
expected result: fail (?)
(8) network VRs cannot reach each other via the public ipv6 addresses.
(to be confirmed...maybe an environment issue)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache edited a comment on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache edited a comment on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1070906730
updating...
(7) ipv6 are allocated in different vlan as ipv4.
steps to reproduce the issue
* create isolated network
* acquire a ipv4 from the vlan range which do not have the public ipv6 range
* create a user vm in the network
* an public ipv6 address in other vlan is allocated to VR
expected result: fail (?)
(8) network VRs cannot reach each other via the public ipv6 addresses.
(to be confirmed...maybe an environment issue)
(9) cloudstack always pick up the first free guest ipv6. it would be better to allocate /64 ipv6 in random order.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache edited a comment on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache edited a comment on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1070906730
updating...
(7) ipv6 are allocated in different vlan as ipv4.
steps to reproduce the issue
* create isolated network
* acquire a ipv4 from the vlan range which do not have the public ipv6 range
* create a user vm in the network
* an public ipv6 address in other vlan is allocated to VR
expected result: fail (?)
(8) network VRs cannot reach each other via the public ipv6 addresses.
(to be confirmed...maybe an environment issue)
(9) cloudstack always pick up the first free guest ipv6. it would be better to allocate /64 ipv6 in random order.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r829101094
##########
File path: ui/src/views/infra/network/IpRangesTabPublic.vue
##########
@@ -174,6 +186,19 @@
class="form"
>
+ <a-form-item name="iptype" ref="iptype" :label="$t('label.ip.range.type')" class="form__item">
+ <a-radio-group
+ v-model:value="form.iptype"
+ buttonStyle="solid"
+ @change="selected => { addFormIpType = selected.target.value }">
+ <a-radio-button value="">
+ {{ $t('label.ip.v4') }}
Review comment:
@weizhouapache should be fixed in the https://github.com/apache/cloudstack/pull/5786/commits/5b4b41af3bf2e4152b091e164e943fe72b16e471
##########
File path: ui/src/views/infra/network/IpRangesTabPublic.vue
##########
@@ -186,22 +211,32 @@
<a-select-option v-for="pod in pods" :key="pod.id" :value="pod.id">{{ pod.name }}</a-select-option>
</a-select>
</a-form-item>
- <a-form-item name="gateway" ref="gateway" :label="$t('label.gateway')" class="form__item">
- <a-input v-model:value="form.gateway" />
- </a-form-item>
- <a-form-item name="netmask" ref="netmask" :label="$t('label.netmask')" class="form__item">
- <a-input v-model:value="form.netmask" />
- </a-form-item>
<a-form-item name="vlan" ref="vlan" :label="$t('label.vlan')" class="form__item" v-if="!basicGuestNetwork">
<a-input v-model:value="form.vlan" />
</a-form-item>
- <a-form-item name="startip" ref="startip" :label="$t('label.startip')" class="form__item">
- <a-input v-model:value="form.startip" />
- </a-form-item>
- <a-form-item name="endip" ref="endip" :label="$t('label.endip')" class="form__item">
- <a-input v-model:value="form.endip" />
- </a-form-item>
- <div class="form__item" v-if="!basicGuestNetwork">
+ <div v-if="addFormIpType==='ip6'">
+ <a-form-item name="ip6gateway" ref="ip6gateway" :label="$t('label.gateway')" class="form__item">
Review comment:
will do
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1084135688
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r841066930
##########
File path: systemvm/debian/opt/cloud/bin/cs/CsRedundant.py
##########
@@ -471,6 +469,40 @@ def _remove_ipv6_to_interface(self, interface, ipv6):
logging.info("IPv6 address %s not present for %s" % (ipv6, dev))
return
+ def _enable_radvd(self, dev, ipv6, dns1, dns2):
Review comment:
> @shwstppr
> I think it is unnecessary to remove and regenerate `/etc/radvd.conf`.
>
> for isolated networks, it is generated by /opt/cloud/bin/setup/common.sh
> for vpc, it is generated by /opt/cloud/bin/cs/CsVpcGuestNetwork.py
>
> we need to manage (start/stop) service `radvd` in CsRedundant.py
@weizhouapache added this because setting up radvd from common.sh won't work in RVR case. As we discussed earlier, RVRs won't get an IPv6 in guest range from Java code. Therefore, eth0ip6 variable will be empty in common.sh and it won't setup radvd.
So, either we assign an IPv6 to RVRs in guest range to setup radvd with common.sh or change common.sh code to setup radvd based on guest gateway (but in that it won't know which VR is primary) or setup radvd for primary RVR in CsRedundant
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1084244516
@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1067201434
@shwstppr a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1071211787
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 2924
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr removed a comment on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr removed a comment on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1047469011
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1048032384
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1069076110
<b>Trillian test result (tid-3619)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 33035 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5786-t3619-kvm-centos7.zip
Smoke tests completed. 92 look OK, 1 have errors
Only failed tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
ContextSuite context=TestCreateIpv6NetworkOffering>:setup | `Error` | 0.00 | test_network_ipv6.py
test_01_create_ipv6_guest_prefix | `Error` | 0.05 | test_network_ipv6.py
ContextSuite context=TestIpv6Network>:setup | `Error` | 0.11 | test_network_ipv6.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1081904139
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 3008
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1082015207
@blueorangutan test
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1082374367
<b>Trillian test result (tid-3754)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 18652 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5786-t3754-kvm-centos7.zip
Smoke tests completed. 44 look OK, 49 have errors
Only failed tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
ContextSuite context=TestVmSnapshot>:setup | `Error` | 44.21 | test_vm_snapshots.py
ContextSuite context=TestCpuCapServiceOfferings>:setup | `Error` | 0.00 | test_service_offerings.py
ContextSuite context=TestServiceOfferings>:setup | `Error` | 35.13 | test_service_offerings.py
test_01_create_redundant_VPC_2tiers_4VMs_4IPs_4PF_ACL | `Error` | 39.65 | test_vpc_redundant.py
test_02_redundant_VPC_default_routes | `Error` | 37.84 | test_vpc_redundant.py
test_03_create_redundant_VPC_1tier_2VMs_2IPs_2PF_ACL_reboot_routers | `Error` | 37.75 | test_vpc_redundant.py
test_04_rvpc_network_garbage_collector_nics | `Error` | 31.59 | test_vpc_redundant.py
test_05_rvpc_multi_tiers | `Error` | 32.58 | test_vpc_redundant.py
ContextSuite context=TestAddVmToSubDomain>:setup | `Error` | 37.80 | test_accounts.py
test_DeleteDomain | `Error` | 52.55 | test_accounts.py
test_forceDeleteDomain | `Failure` | 55.77 | test_accounts.py
test_01_user_remove_VM_running | `Error` | 30.92 | test_accounts.py
ContextSuite context=TestRemoteDiagnostics>:setup | `Error` | 0.00 | test_diagnostics.py
test_DeployVmAffinityGroup | `Error` | 34.02 | test_affinity_groups.py
test_DeployVmAntiAffinityGroup | `Error` | 4.29 | test_affinity_groups.py
test_nic_secondaryip_add_remove | `Error` | 52.91 | test_multipleips_per_nic.py
test_DeployVmAntiAffinityGroup_in_project | `Error` | 28.83 | test_affinity_groups_projects.py
ContextSuite context=TestSnapshotRootDisk>:setup | `Error` | 0.00 | test_snapshots.py
ContextSuite context=TestIsolatedNetworksPasswdServer>:setup | `Error` | 0.00 | test_password_server.py
ContextSuite context=TestAnnotations>:setup | `Error` | 0.00 | test_annotations.py
test_query_async_job_result | `Error` | 55.21 | test_async_job.py
test_09_project_suspend | `Error` | 32.04 | test_projects.py
test_10_project_activation | `Error` | 5.31 | test_projects.py
test_01_add_primary_storage_disabled_host | `Error` | 93.43 | test_primary_storage.py
test_01_primary_storage_nfs | `Error` | 0.11 | test_primary_storage.py
ContextSuite context=TestStorageTags>:setup | `Error` | 0.19 | test_primary_storage.py
ContextSuite context=TestLoadBalance>:setup | `Error` | 0.00 | test_loadbalance.py
test_02_deploy_vm_with_extraconfig_kvm | `Error` | 38.13 | test_deploy_vm_extra_config_data.py
test_03_update_vm_with_extraconfig_kvm | `Error` | 6.40 | test_deploy_vm_extra_config_data.py
ContextSuite context=TestCreateVolume>:setup | `Error` | 0.00 | test_volumes.py
ContextSuite context=TestVolumes>:setup | `Error` | 0.00 | test_volumes.py
test_01_vpc_privategw_acl | `Failure` | 37.82 | test_privategw_acl.py
test_02_vpc_privategw_static_routes | `Failure` | 37.65 | test_privategw_acl.py
test_03_vpc_privategw_restart_vpc_cleanup | `Failure` | 38.94 | test_privategw_acl.py
test_04_rvpc_privategw_static_routes | `Failure` | 35.74 | test_privategw_acl.py
ContextSuite context=TestDeployVirtioSCSIVM>:setup | `Error` | 0.00 | test_deploy_virtio_scsi_vm.py
test_deploy_vm_from_iso | `Error` | 49.03 | test_deploy_vm_iso.py
test_02_deploy_vm_from_direct_download_template | `Error` | 28.85 | test_templates.py
ContextSuite context=TestTemplates>:setup | `Error` | 60.38 | test_templates.py
test_00_deploy_vm_root_resize | `Error` | 42.20 | test_deploy_vm_root_resize.py
test_deployvm_userdata | `Error` | 28.85 | test_deploy_vm_with_userdata.py
test_deployvm_userdata_post | `Error` | 5.34 | test_deploy_vm_with_userdata.py
test_deployvm_firstfit | `Error` | 27.90 | test_deploy_vms_with_varied_deploymentplanners.py
test_deployvm_userconcentrated | `Error` | 4.26 | test_deploy_vms_with_varied_deploymentplanners.py
test_deployvm_userdispersing | `Error` | 4.25 | test_deploy_vms_with_varied_deploymentplanners.py
ContextSuite context=TestResetVmOnReboot>:setup | `Error` | 0.00 | test_reset_vm_on_reboot.py
test_01_create_delete_portforwarding_fornonvpc | `Error` | 35.71 | test_portforwardingrules.py
test_03_deploy_vm_domain_service_offering | `Error` | 46.61 | test_domain_service_offerings.py
test_01_so_removal_resource_update | `Error` | 29.27 | test_resource_accounting.py
test_03_create_vpc_domain_vpc_offering | `Error` | 33.07 | test_domain_vpc_offerings.py
test_list_vms_metrics | `Error` | 35.12 | test_metrics_api.py
test_01_redundant_vpc_site2site_vpn | `Failure` | 35.21 | test_vpc_vpn.py
test_01_vpc_site2site_vpn_multiple_options | `Failure` | 28.96 | test_vpc_vpn.py
test_01_vpc_remote_access_vpn | `Failure` | 35.08 | test_vpc_vpn.py
test_01_vpc_site2site_vpn | `Failure` | 30.12 | test_vpc_vpn.py
ContextSuite context=TestRouterDHCPHosts>:setup | `Error` | 0.00 | test_router_dhcphosts.py
ContextSuite context=TestRouterDHCPOpts>:setup | `Error` | 0.00 | test_router_dhcphosts.py
ContextSuite context=TestRouterDns>:setup | `Error` | 0.00 | test_router_dns.py
ContextSuite context=TestRouterDnsService>:setup | `Error` | 0.00 | test_router_dnsservice.py
ContextSuite context=TestRouterServices>:setup | `Error` | 0.00 | test_routers.py
ContextSuite context=TestLBRuleUsage>:setup | `Error` | 34.69 | test_usage.py
ContextSuite context=TestNatRuleUsage>:setup | `Error` | 65.19 | test_usage.py
ContextSuite context=TestPublicIPUsage>:setup | `Error` | 94.67 | test_usage.py
ContextSuite context=TestSnapshotUsage>:setup | `Error` | 127.33 | test_usage.py
ContextSuite context=TestVmUsage>:setup | `Error` | 203.32 | test_usage.py
ContextSuite context=TestVolumeUsage>:setup | `Error` | 234.99 | test_usage.py
ContextSuite context=TestVpnUsage>:setup | `Error` | 266.69 | test_usage.py
test_01_internallb_roundrobin_1VPC_3VM_HTTP_port80 | `Failure` | 31.47 | test_internal_lb.py
test_02_internallb_roundrobin_1RVPC_3VM_HTTP_port80 | `Failure` | 37.48 | test_internal_lb.py
test_03_vpc_internallb_haproxy_stats_on_all_interfaces | `Failure` | 38.29 | test_internal_lb.py
test_04_rvpc_internallb_haproxy_stats_on_all_interfaces | `Failure` | 38.35 | test_internal_lb.py
test_01_isolate_network_FW_PF_default_routes_egress_true | `Error` | 37.16 | test_routers_network_ops.py
test_02_isolate_network_FW_PF_default_routes_egress_false | `Error` | 31.11 | test_routers_network_ops.py
test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true | `Error` | 5.62 | test_routers_network_ops.py
test_02_RVR_Network_FW_PF_SSH_default_routes_egress_false | `Error` | 5.99 | test_routers_network_ops.py
test_03_RVR_Network_check_router_state | `Error` | 6.00 | test_routers_network_ops.py
test_01_invalid_upgrade_kubernetes_cluster | `Failure` | 13.94 | test_kubernetes_clusters.py
test_02_upgrade_kubernetes_cluster | `Failure` | 31.14 | test_kubernetes_clusters.py
test_03_deploy_and_scale_kubernetes_cluster | `Failure` | 36.05 | test_kubernetes_clusters.py
test_04_autoscale_kubernetes_cluster | `Failure` | 39.06 | test_kubernetes_clusters.py
test_05_basic_lifecycle_kubernetes_cluster | `Failure` | 28.86 | test_kubernetes_clusters.py
test_06_delete_kubernetes_cluster | `Failure` | 29.86 | test_kubernetes_clusters.py
test_07_deploy_kubernetes_ha_cluster | `Failure` | 30.06 | test_kubernetes_clusters.py
test_08_upgrade_kubernetes_ha_cluster | `Failure` | 38.13 | test_kubernetes_clusters.py
test_09_delete_kubernetes_ha_cluster | `Failure` | 29.81 | test_kubernetes_clusters.py
ContextSuite context=TestKubernetesCluster>:teardown | `Error` | 173.33 | test_kubernetes_clusters.py
test_01_native_to_native_network_migration | `Error` | 51.74 | test_migration.py
test_02_native_to_native_vpc_migration | `Error` | 32.72 | test_migration.py
ContextSuite context=TestListIdsParams>:setup | `Error` | 0.00 | test_list_ids_parameter.py
test_delete_account | `Error` | 48.92 | test_network.py
ContextSuite context=TestPortForwarding>:setup | `Error` | 77.77 | test_network.py
ContextSuite context=TestPublicIP>:setup | `Error` | 32.31 | test_network.py
test_reboot_router | `Error` | 34.04 | test_network.py
test_releaseIP | `Error` | 33.72 | test_network.py
ContextSuite context=TestRouterRules>:setup | `Error` | 69.38 | test_network.py
test_01_deployVMInSharedNetwork | `Failure` | 32.11 | test_network.py
test_03_destroySharedNetwork | `Failure` | 1.07 | test_network.py
ContextSuite context=TestSharedNetwork>:teardown | `Error` | 2.17 | test_network.py
ContextSuite context=TestDeployVM>:setup | `Error` | 0.00 | test_vm_life_cycle.py
test_01_secure_vm_migration | `Error` | 108.53 | test_vm_life_cycle.py
test_02_unsecure_vm_migration | `Error` | 221.19 | test_vm_life_cycle.py
test_03_secured_to_nonsecured_vm_migration | `Error` | 149.41 | test_vm_life_cycle.py
test_04_nonsecured_to_secured_vm_migration | `Error` | 147.34 | test_vm_life_cycle.py
ContextSuite context=TestVMLifeCycle>:setup | `Error` | 32.96 | test_vm_life_cycle.py
test_network_acl | `Error` | 35.04 | test_network_acl.py
test_01_deploy_vm_on_specific_host | `Error` | 28.98 | test_vm_deployment_planner.py
test_02_deploy_vm_on_specific_cluster | `Error` | 3.33 | test_vm_deployment_planner.py
test_03_deploy_vm_on_specific_pod | `Error` | 4.48 | test_vm_deployment_planner.py
test_04_deploy_vm_on_host_override_pod_and_cluster | `Error` | 3.32 | test_vm_deployment_planner.py
test_05_deploy_vm_on_cluster_override_pod | `Error` | 3.35 | test_vm_deployment_planner.py
test_01_create_ipv6_guest_prefix | `Error` | 0.06 | test_network_ipv6.py
ContextSuite context=TestIpv6Network>:setup | `Error` | 50.19 | test_network_ipv6.py
test_01_nic | `Error` | 89.78 | test_nic.py
test_02_routervm_iptables_policies | `Error` | 28.08 | test_routers_iptables_default_policy.py
test_01_single_VPC_iptables_policies | `Error` | 27.96 | test_routers_iptables_default_policy.py
test_01_VPC_nics_after_destroy | `Error` | 42.06 | test_vpc_router_nics.py
test_02_VPC_default_routes | `Error` | 31.77 | test_vpc_router_nics.py
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r771301719
##########
File path: server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
##########
@@ -1765,8 +1765,8 @@ public DataCenterGuestIpv6Prefix createDataCenterGuestIpv6Prefix(final CreateGue
}
final String prefix = cmd.getPrefix();
IPv6Network prefixNet = IPv6Network.fromString(prefix);
- if (prefixNet.getNetmask().asPrefixLength() < 64) {
- throw new InvalidParameterValueException("IPv6 prefix must be /64 or higher");
+ if (prefixNet.getNetmask().asPrefixLength() > 64) {
+ throw new InvalidParameterValueException("IPv6 prefix must be /64 or lesser");
Review comment:
```suggestion
throw new InvalidParameterValueException("IPv6 prefix must be /64 or less");
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-998733603
@sureshanaparti a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr removed a comment on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr removed a comment on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-997654174
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-997770338
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] weizhouapache commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r814854410
##########
File path: utils/src/main/java/com/cloud/utils/net/NetUtils.java
##########
@@ -1681,7 +1681,7 @@ public static boolean isIpv4(String ipAddr) {
public static boolean ipv6NetworksOverlap(IPv6Network n1, IPv6Network n2) {
IPv6Network higher = n1;
IPv6Network lower = n2;
- if (lower.getNetmask().asPrefixLength() > higher.getNetmask().asPrefixLength()) {
+ if (lower.getNetmask().asPrefixLength() < higher.getNetmask().asPrefixLength()) {
Review comment:
@shwstppr good fix !
it works well now :1st_place_medal:
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateNetworkOfferingCmd.java
##########
@@ -92,6 +92,12 @@
@Parameter(name = ApiConstants.GUEST_IP_TYPE, type = CommandType.STRING, required = true, description = "guest type of the network offering: Shared or Isolated")
private String guestIptype;
+ @Parameter(name = ApiConstants.INTERNET_PROTOCOL,
+ type = CommandType.STRING,
+ description = "The internet protocol of network offering. Options are ip4 and dualstack. Default is ipv4. dualstack will create a network offering that supports both IPv4 and IPv6",
Review comment:
typo: `ipv4` not `ip4`
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/CreateIpv6FirewallRuleCmd.java
##########
@@ -0,0 +1,245 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.ipv6;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.FirewallResponse;
+import org.apache.cloudstack.api.response.FirewallRuleResponse;
+import org.apache.cloudstack.api.response.NetworkResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.Ipv6Service;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.user.Account;
+import com.cloud.utils.net.NetUtils;
+
+@APICommand(name = CreateIpv6FirewallRuleCmd.APINAME, description = "Creates an Ipv6 firewall rule in the given network (the network has to belong to VPC)", responseObject = FirewallRuleResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class CreateIpv6FirewallRuleCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateIpv6FirewallRuleCmd.class.getName());
+
+ public static final String APINAME = "createIpv6FirewallRule";
+
+ @Inject
+ Ipv6Service ipv6Service;
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, required = true, description = "the protocol for the Ipv6 firewall rule. Valid values are TCP/UDP/ICMP/ALL or valid protocol number")
+ private String protocol;
+
+ @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "the starting port of Ipv6 firewall rule")
+ private Integer publicStartPort;
+
+ @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "the ending port of Ipv6 firewall rule")
+ private Integer publicEndPort;
+
+ @Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the source CIDR list to allow traffic from. Multiple entries must be separated by a single comma character (,).")
+ private List<String> sourceCidrList;
+
+ @Parameter(name = ApiConstants.DEST_CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the destination CIDR list to allow traffic to. Multiple entries must be separated by a single comma character (,).")
+ private List<String> destinationCidrlist;
+
+ @Parameter(name = ApiConstants.ICMP_TYPE, type = CommandType.INTEGER, description = "type of the ICMP message being sent")
+ private Integer icmpType;
+
+ @Parameter(name = ApiConstants.ICMP_CODE, type = CommandType.INTEGER, description = "error code for this ICMP message")
+ private Integer icmpCode;
+
+ @Parameter(name = ApiConstants.NETWORK_ID, type = CommandType.UUID, entityType = NetworkResponse.class, description = "The network of the VM the Ipv6 firewall rule will be created for", required = true)
Review comment:
is `networkid` a required parameter ?
##########
File path: server/src/main/java/com/cloud/alert/AlertManagerImpl.java
##########
@@ -416,6 +422,35 @@ public void createOrUpdateIpCapacity(Long dcId, Long podId, short capacityType,
}
}
+ public void createOrUpdateIpv6Capacity(Long dcId, short capacityType, AllocationState capacityState) {
Review comment:
is capacityType fixed as CAPACITY_TYPE_VIRTUAL_NETWORK_IPV6_SUBNET ?
##########
File path: server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
##########
@@ -4067,21 +4166,21 @@ public Vlan createVlanAndPublicIpRange(final CreateVlanIpRangeCmd cmd) throws In
zoneId = network.getDataCenterId();
physicalNetworkId = network.getPhysicalNetworkId();
}
- } else if (ipv6) {
+ }/* else if (ipv6) {
Review comment:
this can be removed
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/DeleteIpv6FirewallRuleCmd.java
##########
@@ -0,0 +1,98 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.ipv6;
+
+import javax.inject.Inject;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.FirewallRuleResponse;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.Ipv6Service;
+import com.cloud.user.Account;
+
+@APICommand(name = DeleteIpv6FirewallRuleCmd.APINAME, description = "Deletes a IPv6 firewall rule", responseObject = SuccessResponse.class,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class DeleteIpv6FirewallRuleCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(DeleteIpv6FirewallRuleCmd.class.getName());
+ public static final String APINAME = "deleteIpv6FirewallRule";
+
+ @Inject
+ Ipv6Service ipv6Service;
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = FirewallRuleResponse.class, required = true, description = "the ID of the IPv6 firewall rule")
+ private Long id;
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getId() {
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+ @Override
+ public String getCommandName() {
+ return APINAME.toLowerCase() + RESPONSE_SUFFIX;
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_IPV6_FIREWALL_RULE_DELETE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return ("Deleting IPv6 firewall rule ID=" + id);
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Account caller = CallContext.current().getCallingAccount();
Review comment:
should owner be the owner of the fireawall rule ?
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/CreateIpv6FirewallRuleCmd.java
##########
@@ -0,0 +1,245 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.ipv6;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.FirewallResponse;
+import org.apache.cloudstack.api.response.FirewallRuleResponse;
+import org.apache.cloudstack.api.response.NetworkResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.Ipv6Service;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.user.Account;
+import com.cloud.utils.net.NetUtils;
+
+@APICommand(name = CreateIpv6FirewallRuleCmd.APINAME, description = "Creates an Ipv6 firewall rule in the given network (the network has to belong to VPC)", responseObject = FirewallRuleResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class CreateIpv6FirewallRuleCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateIpv6FirewallRuleCmd.class.getName());
+
+ public static final String APINAME = "createIpv6FirewallRule";
+
+ @Inject
+ Ipv6Service ipv6Service;
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, required = true, description = "the protocol for the Ipv6 firewall rule. Valid values are TCP/UDP/ICMP/ALL or valid protocol number")
+ private String protocol;
+
+ @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "the starting port of Ipv6 firewall rule")
+ private Integer publicStartPort;
+
+ @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "the ending port of Ipv6 firewall rule")
+ private Integer publicEndPort;
+
+ @Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the source CIDR list to allow traffic from. Multiple entries must be separated by a single comma character (,).")
+ private List<String> sourceCidrList;
+
+ @Parameter(name = ApiConstants.DEST_CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the destination CIDR list to allow traffic to. Multiple entries must be separated by a single comma character (,).")
+ private List<String> destinationCidrlist;
+
+ @Parameter(name = ApiConstants.ICMP_TYPE, type = CommandType.INTEGER, description = "type of the ICMP message being sent")
+ private Integer icmpType;
+
+ @Parameter(name = ApiConstants.ICMP_CODE, type = CommandType.INTEGER, description = "error code for this ICMP message")
+ private Integer icmpCode;
+
+ @Parameter(name = ApiConstants.NETWORK_ID, type = CommandType.UUID, entityType = NetworkResponse.class, description = "The network of the VM the Ipv6 firewall rule will be created for", required = true)
+ private Long networkId;
+
+ @Parameter(name = ApiConstants.TRAFFIC_TYPE, type = CommandType.STRING, description = "the traffic type for the Ipv6 firewall rule, can be ingress or egress, defaulted to ingress if not specified")
+ private String trafficType;
+
+ @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", authorized = {RoleType.Admin})
+ private Boolean display;
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public boolean isDisplay() {
+ if (display != null) {
+ return display;
+ } else {
+ return true;
+ }
+ }
+
+ public String getProtocol() {
+ String p = protocol.trim();
+ // Deal with ICMP(protocol number 1) specially because it need to be paired with icmp type and code
+ if (StringUtils.isNumeric(p)) {
Review comment:
what about 'tcp' and 'udp' ?
will other protocol numbers be supported also ?
see https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/ListIpv6FirewallRulesCmd.java
##########
@@ -0,0 +1,137 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.ipv6;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.command.user.firewall.IListFirewallRulesCmd;
+import org.apache.cloudstack.api.response.FirewallResponse;
+import org.apache.cloudstack.api.response.FirewallRuleResponse;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.NetworkResponse;
+import org.apache.log4j.Logger;
+
+import com.cloud.network.Ipv6Service;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.utils.Pair;
+
+@APICommand(name = ListIpv6FirewallRulesCmd.APINAME, description = "Lists all IPv6 firewall rules", responseObject = FirewallRuleResponse.class,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class ListIpv6FirewallRulesCmd extends BaseListTaggedResourcesCmd implements IListFirewallRulesCmd {
+ public static final Logger s_logger = Logger.getLogger(ListIpv6FirewallRulesCmd.class.getName());
+
+ public static final String APINAME = "listIpv6FirewallRules";
+
+ @Inject
+ Ipv6Service ipv6Service;
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = FirewallRuleResponse.class,
+ description = "Lists ipv6 firewall rule with the specified ID")
+ private Long id;
+
+ @Parameter(name = ApiConstants.NETWORK_ID, type = CommandType.UUID, entityType = NetworkResponse.class, description = "list ipv6 firewall rules by network ID")
+ private Long networkId;
+
+ @Parameter(name = ApiConstants.TRAFFIC_TYPE, type = CommandType.STRING, description = "list ipv6 firewall rules by traffic type - ingress or egress")
+ private String trafficType;
+
+ @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, description = "list ipv6 firewall rules by protocol")
+ private String protocol;
+
+ @Parameter(name = ApiConstants.ACTION, type = CommandType.STRING, description = "list ipv6 firewall rules by action: allow or deny")
Review comment:
if seems `action` is not used anywhere. if so, it can be removed.
##########
File path: server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
##########
@@ -4024,6 +4116,13 @@ public Vlan createVlanAndPublicIpRange(final CreateVlanIpRangeCmd cmd) throws In
if (endIPv6 == null && startIPv6 != null) {
endIPv6 = startIPv6;
}
+
+ if (startIPv6 == null && endIPv6 == null) {
Review comment:
is `if (startIPv6 == null && endIPv6 == null) {` check needed ?
##########
File path: server/src/main/java/com/cloud/api/ApiResponseHelper.java
##########
@@ -792,6 +809,20 @@ public VlanIpRangeResponse createVlanIpRangeResponse(Class<? extends VlanIpRange
String[] range = ip6Range.split("-");
vlanResponse.setStartIpv6(range[0]);
vlanResponse.setEndIpv6(range[1]);
+
+ IPv6Address first = IPv6Address.fromString(range[0]);
Review comment:
can this be extracted as a method ?
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/CreateIpv6FirewallRuleCmd.java
##########
@@ -0,0 +1,245 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.ipv6;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.FirewallResponse;
+import org.apache.cloudstack.api.response.FirewallRuleResponse;
+import org.apache.cloudstack.api.response.NetworkResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.Ipv6Service;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.user.Account;
+import com.cloud.utils.net.NetUtils;
+
+@APICommand(name = CreateIpv6FirewallRuleCmd.APINAME, description = "Creates an Ipv6 firewall rule in the given network (the network has to belong to VPC)", responseObject = FirewallRuleResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class CreateIpv6FirewallRuleCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateIpv6FirewallRuleCmd.class.getName());
+
+ public static final String APINAME = "createIpv6FirewallRule";
+
+ @Inject
Review comment:
``` @Inject
Ipv6Service ipv6Service;
```
can be moved to BaseCmd.java, so that it is not needed to inject in *Cmd.java
##########
File path: server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
##########
@@ -2583,6 +2598,21 @@ private void createDefaultEgressFirewallRule(final List<FirewallRule> rules, fin
}
}
+ private void createDefaultEgressIpv6FirewallRule(final List<FirewallRule> rules, final long networkId) {
+ final NetworkVO network = _networkDao.findById(networkId);
+ if(!_networkOfferingDao.isIpv6Supported(network.getNetworkOfferingId())) {
+ return;
+ }
+ // Since not all networks will IPv6 supported, add a system rule for IPv6 networks
+ final List<String> sourceCidr = new ArrayList<String>();
+ final List<String> destCidr = new ArrayList<String>();
+ sourceCidr.add(network.getIp6Cidr());
+ destCidr.add(NetUtils.ALL_IP6_CIDRS);
+ final FirewallRule rule = new FirewallRuleVO(null, null, null, null, "all", networkId, network.getAccountId(), network.getDomainId(), Purpose.Ipv6Firewall, sourceCidr,
Review comment:
OK. so by default, all egress rules are allowed, right ?
can you define a constant for 'all' ?
##########
File path: server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
##########
@@ -5644,6 +5751,16 @@ public NetworkOffering createNetworkOffering(final CreateNetworkOfferingCmd cmd)
throw new InvalidParameterValueException("Invalid \"type\" parameter is given; can have Shared and Isolated values");
}
+ if (internetProtocol != null) {
Review comment:
good this is fixed. I have encountered an issue here.
##########
File path: server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
##########
@@ -1884,6 +1899,83 @@ private void checkIpRangeContainsTakenAddresses(final HostPodVO pod,final String
}
}
+ @Override
+ @DB
+ public DataCenterGuestIpv6Prefix createDataCenterGuestIpv6Prefix(final CreateGuestNetworkIpv6PrefixCmd cmd) throws ConcurrentOperationException {
+ final long zoneId = cmd.getZoneId();
+ final DataCenterVO zone = _zoneDao.findById(zoneId);
+ if (zone == null) {
+ throw new InvalidParameterValueException("Unable to find zone by id: " + zoneId);
+ }
+ final String prefix = cmd.getPrefix();
+ IPv6Network prefixNet = IPv6Network.fromString(prefix);
+ if (prefixNet.getNetmask().asPrefixLength() > Ipv6Service.IPV6_SLAAC_CIDR_NETMASK) {
+ throw new InvalidParameterValueException(String.format("IPv6 prefix must be /%d or less", Ipv6Service.IPV6_SLAAC_CIDR_NETMASK));
+ }
+ List<DataCenterGuestIpv6PrefixVO> existingPrefixes = dataCenterGuestIpv6PrefixDao.listByDataCenterId(zoneId);
+ for (DataCenterGuestIpv6PrefixVO existingPrefix : existingPrefixes) {
+ IPv6Network existingPrefixNet = IPv6Network.fromString(existingPrefix.getPrefix());
+ if (NetUtils.ipv6NetworksOverlap(existingPrefixNet, prefixNet)) {
+ throw new InvalidParameterValueException(String.format("IPv6 prefix %s overlaps with the existing IPv6 prefix %s", prefixNet, existingPrefixNet));
+ }
+ }
+ DataCenterGuestIpv6Prefix dataCenterGuestIpv6Prefix = null;
+ try {
+ dataCenterGuestIpv6Prefix = Transaction.execute(new TransactionCallback<DataCenterGuestIpv6Prefix>() {
+ @Override
+ public DataCenterGuestIpv6Prefix doInTransaction(TransactionStatus status) {
+ DataCenterGuestIpv6PrefixVO dataCenterGuestIpv6PrefixVO = new DataCenterGuestIpv6PrefixVO(zoneId, prefix);
+ dataCenterGuestIpv6PrefixDao.persist(dataCenterGuestIpv6PrefixVO);
+ return dataCenterGuestIpv6PrefixVO;
+ }
+ });
+ } catch (final Exception e) {
+ s_logger.error(String.format("Unable to add IPv6 prefix for zone: %s due to %s", zone, e.getMessage()), e);
+ throw new CloudRuntimeException(String.format("Unable to add IPv6 prefix for zone ID: %s. Please contact Cloud Support.", zone.getUuid()));
+ }
+ return dataCenterGuestIpv6Prefix;
+ }
+
+ @Override
+ public List<? extends DataCenterGuestIpv6Prefix> listDataCenterGuestIpv6Prefixes(final ListGuestNetworkIpv6PrefixesCmd cmd) throws ConcurrentOperationException {
+ final Long id = cmd.getId();
+ final Long zoneId = cmd.getZoneId();
+ if (id != null) {
+ DataCenterGuestIpv6PrefixVO prefix = dataCenterGuestIpv6PrefixDao.findById(id);
+ List<DataCenterGuestIpv6PrefixVO> prefixes = new ArrayList<>();
+ if (prefix != null) {
+ prefixes.add(prefix);
+ }
+ return prefixes;
+ }
+ if (zoneId != null) {
+ final DataCenterVO zone = _zoneDao.findById(zoneId);
+ if (zone == null) {
+ throw new InvalidParameterValueException("Unable to find zone by id: " + zoneId);
+ }
+ return dataCenterGuestIpv6PrefixDao.listByDataCenterId(zoneId);
+ }
+ return dataCenterGuestIpv6PrefixDao.listAll();
+ }
+
+ @Override
+ public boolean deleteDataCenterGuestIpv6Prefix(DeleteGuestNetworkIpv6PrefixCmd cmd) {
+ final long prefixId = cmd.getId();
+ final DataCenterGuestIpv6PrefixVO prefix = dataCenterGuestIpv6PrefixDao.findById(prefixId);
+ if (prefix == null) {
+ throw new InvalidParameterValueException("Unable to find guest network IPv6 prefix by id: " + prefixId);
+ }
+ List<Ipv6GuestPrefixSubnetNetworkMapVO> prefixSubnets = ipv6GuestPrefixSubnetNetworkMapDao.listUsedByPrefix(prefixId);
+ if (CollectionUtils.isNotEmpty(prefixSubnets)) {
+ List<String> usedSubnets = prefixSubnets.stream().map(Ipv6GuestPrefixSubnetNetworkMapVO::getSubnet).collect(Collectors.toList());
+ s_logger.error(String.format("Subnets for guest IPv6 prefix {ID: %s, %s} are in use: %s", prefix.getUuid(), prefix.getPrefix(), String.join(", ", usedSubnets)));
+ throw new CloudRuntimeException(String.format("Unable to delete guest network IPv6 prefix ID: %s. Prefix subnets are in use.", prefix.getUuid()));
+ }
+ ipv6GuestPrefixSubnetNetworkMapDao.deleteByPrefixId(prefixId);
Review comment:
`prefixSubnets` is empty, is it needed to delete records by prefixid ?
##########
File path: server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
##########
@@ -4067,21 +4166,21 @@ public Vlan createVlanAndPublicIpRange(final CreateVlanIpRangeCmd cmd) throws In
zoneId = network.getDataCenterId();
physicalNetworkId = network.getPhysicalNetworkId();
}
- } else if (ipv6) {
+ }/* else if (ipv6) {
throw new InvalidParameterValueException("Only support IPv6 on extending existed network");
- }
+ }*/
// Verify that zone exists
final DataCenterVO zone = _zoneDao.findById(zoneId);
if (zone == null) {
throw new InvalidParameterValueException("Unable to find zone by id " + zoneId);
}
- if (ipv6) {
- if (network.getGuestType() != GuestType.Shared || zone.isSecurityGroupEnabled()) {
- throw new InvalidParameterValueException("Only support IPv6 on extending existed share network without SG");
- }
- }
+// if (ipv6) {
Review comment:
remove this, add check on global setting `Ipv6SubnetCapacityThreshold` here ?
##########
File path: server/src/main/java/com/cloud/server/ManagementServerImpl.java
##########
@@ -3529,6 +3532,9 @@ public long getMemoryOrCpuCapacityByHost(final Long hostId, final short capacity
cmdList.add(AcquirePodIpCmdByAdmin.class);
cmdList.add(ReleasePodIpCmdByAdmin.class);
cmdList.add(CreateManagementNetworkIpRangeCmd.class);
+ cmdList.add(CreateGuestNetworkIpv6PrefixCmd.class);
Review comment:
in Ipv6ServiceImpl.java ?
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/CreateIpv6FirewallRuleCmd.java
##########
@@ -0,0 +1,245 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.ipv6;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.FirewallResponse;
+import org.apache.cloudstack.api.response.FirewallRuleResponse;
+import org.apache.cloudstack.api.response.NetworkResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.Ipv6Service;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.user.Account;
+import com.cloud.utils.net.NetUtils;
+
+@APICommand(name = CreateIpv6FirewallRuleCmd.APINAME, description = "Creates an Ipv6 firewall rule in the given network (the network has to belong to VPC)", responseObject = FirewallRuleResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class CreateIpv6FirewallRuleCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateIpv6FirewallRuleCmd.class.getName());
+
+ public static final String APINAME = "createIpv6FirewallRule";
+
+ @Inject
+ Ipv6Service ipv6Service;
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, required = true, description = "the protocol for the Ipv6 firewall rule. Valid values are TCP/UDP/ICMP/ALL or valid protocol number")
+ private String protocol;
+
+ @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "the starting port of Ipv6 firewall rule")
+ private Integer publicStartPort;
+
+ @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "the ending port of Ipv6 firewall rule")
+ private Integer publicEndPort;
+
+ @Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the source CIDR list to allow traffic from. Multiple entries must be separated by a single comma character (,).")
+ private List<String> sourceCidrList;
+
+ @Parameter(name = ApiConstants.DEST_CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the destination CIDR list to allow traffic to. Multiple entries must be separated by a single comma character (,).")
+ private List<String> destinationCidrlist;
+
+ @Parameter(name = ApiConstants.ICMP_TYPE, type = CommandType.INTEGER, description = "type of the ICMP message being sent")
+ private Integer icmpType;
+
+ @Parameter(name = ApiConstants.ICMP_CODE, type = CommandType.INTEGER, description = "error code for this ICMP message")
+ private Integer icmpCode;
+
+ @Parameter(name = ApiConstants.NETWORK_ID, type = CommandType.UUID, entityType = NetworkResponse.class, description = "The network of the VM the Ipv6 firewall rule will be created for", required = true)
+ private Long networkId;
+
+ @Parameter(name = ApiConstants.TRAFFIC_TYPE, type = CommandType.STRING, description = "the traffic type for the Ipv6 firewall rule, can be ingress or egress, defaulted to ingress if not specified")
+ private String trafficType;
+
+ @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", authorized = {RoleType.Admin})
+ private Boolean display;
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public boolean isDisplay() {
+ if (display != null) {
+ return display;
+ } else {
+ return true;
+ }
+ }
+
+ public String getProtocol() {
+ String p = protocol.trim();
+ // Deal with ICMP(protocol number 1) specially because it need to be paired with icmp type and code
+ if (StringUtils.isNumeric(p)) {
+ int protoNumber = Integer.parseInt(p);
+ if (protoNumber == 1) {
+ p = "icmp";
+ }
+ }
+ return p;
+ }
+
+ public List<String> getSourceCidrList() {
+ if (sourceCidrList != null) {
+ return sourceCidrList;
+ } else {
+ List<String> oneCidrList = new ArrayList<String>();
+ oneCidrList.add(NetUtils.ALL_IP6_CIDRS);
+ return oneCidrList;
+ }
+ }
+
+ public List<String> getDestinationCidrList() {
+ if (destinationCidrlist != null) {
+ return destinationCidrlist;
+ } else {
+ List<String> oneCidrList = new ArrayList<String>();
+ oneCidrList.add(NetUtils.ALL_IP6_CIDRS);
+ return oneCidrList;
+ }
+ }
+
+ public FirewallRule.TrafficType getTrafficType() {
+ if (trafficType == null) {
+ return FirewallRule.TrafficType.Ingress;
+ }
+ for (FirewallRule.TrafficType type : FirewallRule.TrafficType.values()) {
+ if (type.toString().equalsIgnoreCase(trafficType)) {
+ return type;
+ }
+ }
+ throw new InvalidParameterValueException("Invalid traffic type " + trafficType);
+ }
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return APINAME.toLowerCase() + RESPONSE_SUFFIX;
+ }
+
+ public Integer getSourcePortStart() {
+ return publicStartPort;
+ }
+
+ public Integer getSourcePortEnd() {
+ if (publicEndPort == null) {
+ if (publicStartPort != null) {
+ return publicStartPort;
+ }
+ } else {
+ return publicEndPort;
+ }
+
+ return null;
+ }
+
+ public Long getNetworkId() {
+ return networkId;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Account caller = CallContext.current().getCallingAccount();
Review comment:
should entity owner be the owner of the network ?
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/UpdateIpv6FirewallRuleCmd.java
##########
@@ -0,0 +1,177 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.ipv6;
+
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCustomIdCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.FirewallResponse;
+import org.apache.cloudstack.api.response.FirewallRuleResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.log4j.Logger;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.Ipv6Service;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.user.Account;
+
+@APICommand(name = UpdateIpv6FirewallRuleCmd.APINAME, description = "Updates Ipv6 firewall rule with specified ID", responseObject = FirewallRuleResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class UpdateIpv6FirewallRuleCmd extends BaseAsyncCustomIdCmd {
+ public static final Logger s_logger = Logger.getLogger(UpdateIpv6FirewallRuleCmd.class.getName());
+
+ public static final String APINAME = "updateIpv6FirewallRule";
+
+ @Inject
+ Ipv6Service ipv6Service;
+
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = FirewallRuleResponse.class, required = true, description = "the ID of the ipv6 firewall rule")
+ private Long id;
+
+ @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, description = "the protocol for the Ipv6 firewall rule. Valid values are TCP/UDP/ICMP/ALL or valid protocol number")
+ private String protocol;
+
+ @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "the starting port of Ipv6 firewall rule")
+ private Integer publicStartPort;
+
+ @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "the ending port of Ipv6 firewall rule")
+ private Integer publicEndPort;
+
+ @Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the cidr list to allow traffic from/to. Multiple entries must be separated by a single comma character (,).")
+ private List<String> cidrlist;
+
+ @Parameter(name = ApiConstants.ICMP_TYPE, type = CommandType.INTEGER, description = "type of the ICMP message being sent")
+ private Integer icmpType;
+
+ @Parameter(name = ApiConstants.ICMP_CODE, type = CommandType.INTEGER, description = "error code for this ICMP message")
+ private Integer icmpCode;
+
+ @Parameter(name = ApiConstants.TRAFFIC_TYPE, type = CommandType.STRING, description = "the traffic type for the Ipv6 firewall rule, can be Ingress or Egress, defaulted to Ingress if not specified")
+ private String trafficType;
+
+ @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the Ipv6 firewall rule to the end user or not", since = "4.4", authorized = {
+ RoleType.Admin})
+ private Boolean display;
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public boolean isDisplay() {
+ if (display != null) {
+ return display;
+ } else {
+ return true;
+ }
+ }
+
+ public Long getId() {
+ return id;
+ }
+
+ public String getProtocol() {
+ if (protocol != null) {
+ return protocol.trim();
+ } else {
+ return null;
+ }
+ }
+
+ public List<String> getSourceCidrList() {
+ return cidrlist;
+ }
+
+ public FirewallRule.TrafficType getTrafficType() {
+ if (trafficType != null) {
+ for (FirewallRule.TrafficType type : FirewallRule.TrafficType.values()) {
+ if (type.toString().equalsIgnoreCase(trafficType)) {
+ return type;
+ }
+ }
+ }
+ return null;
+ }
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return APINAME.toLowerCase() + RESPONSE_SUFFIX;
+ }
+
+ public Integer getSourcePortStart() {
+ return publicStartPort;
+ }
+
+ public Integer getSourcePortEnd() {
+ return publicEndPort;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
Review comment:
owner of the firewall rule ?
##########
File path: server/src/main/java/com/cloud/network/Ipv6ServiceImpl.java
##########
@@ -0,0 +1,517 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package com.cloud.network;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
+
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.api.command.user.ipv6.CreateIpv6FirewallRuleCmd;
+import org.apache.cloudstack.api.command.user.ipv6.DeleteIpv6FirewallRuleCmd;
+import org.apache.cloudstack.api.command.user.ipv6.ListIpv6FirewallRulesCmd;
+import org.apache.cloudstack.api.command.user.ipv6.UpdateIpv6FirewallRuleCmd;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.config.ConfigKey;
+import org.apache.cloudstack.managed.context.ManagedContextRunnable;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
+
+import com.cloud.configuration.Resource;
+import com.cloud.dc.DataCenter;
+import com.cloud.dc.DataCenterGuestIpv6Prefix;
+import com.cloud.dc.DataCenterGuestIpv6PrefixVO;
+import com.cloud.dc.Vlan;
+import com.cloud.dc.VlanVO;
+import com.cloud.dc.dao.DataCenterGuestIpv6PrefixDao;
+import com.cloud.dc.dao.VlanDao;
+import com.cloud.event.ActionEvent;
+import com.cloud.event.ActionEventUtils;
+import com.cloud.event.EventTypes;
+import com.cloud.event.EventVO;
+import com.cloud.event.UsageEventUtils;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.network.dao.FirewallRulesDao;
+import com.cloud.network.dao.Ipv6GuestPrefixSubnetNetworkMapDao;
+import com.cloud.network.dao.NetworkDetailsDao;
+import com.cloud.network.firewall.FirewallService;
+import com.cloud.network.guru.PublicNetworkGuru;
+import com.cloud.network.rules.FirewallManager;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.FirewallRuleVO;
+import com.cloud.offerings.dao.NetworkOfferingDao;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
+import com.cloud.utils.Pair;
+import com.cloud.utils.component.ComponentLifecycleBase;
+import com.cloud.utils.concurrency.NamedThreadFactory;
+import com.cloud.utils.db.GlobalLock;
+import com.cloud.utils.db.Transaction;
+import com.cloud.utils.db.TransactionCallbackWithException;
+import com.cloud.utils.db.TransactionStatus;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.net.NetUtils;
+import com.cloud.vm.DomainRouterVO;
+import com.cloud.vm.NicProfile;
+import com.cloud.vm.NicVO;
+import com.cloud.vm.dao.DomainRouterDao;
+import com.cloud.vm.dao.NicDao;
+import com.googlecode.ipv6.IPv6Address;
+import com.googlecode.ipv6.IPv6Network;
+import com.googlecode.ipv6.IPv6NetworkMask;
+
+public class Ipv6ServiceImpl extends ComponentLifecycleBase implements Ipv6Service {
+
+ public static final Logger s_logger = Logger.getLogger(Ipv6ServiceImpl.class.getName());
+
+ ScheduledExecutorService _ipv6GuestPrefixSubnetNetworkMapStateScanner;
+
+ @Inject
+ NetworkOfferingDao networkOfferingDao;
+ @Inject
+ VlanDao vlanDao;
+ @Inject
+ DataCenterGuestIpv6PrefixDao dataCenterGuestIpv6PrefixDao;
+ @Inject
+ Ipv6GuestPrefixSubnetNetworkMapDao ipv6GuestPrefixSubnetNetworkMapDao;
+ @Inject
+ FirewallRulesDao firewallDao;
+ @Inject
+ FirewallService firewallService;
+ @Inject
+ NetworkDetailsDao networkDetailsDao;
+ @Inject
+ NicDao nicDao;
+ @Inject
+ DomainRouterDao domainRouterDao;
+ @Inject
+ AccountManager accountManager;
+ @Inject
+ NetworkModel networkModel;
+ @Inject
+ FirewallManager firewallManager;
+
+ protected void releaseIpv6Subnet(long subnetId) {
+ Ipv6GuestPrefixSubnetNetworkMapVO ipv6GuestPrefixSubnetNetworkMapVO = ipv6GuestPrefixSubnetNetworkMapDao.createForUpdate(subnetId);
+ ipv6GuestPrefixSubnetNetworkMapVO.setState(Ipv6GuestPrefixSubnetNetworkMap.State.Free);
+ ipv6GuestPrefixSubnetNetworkMapVO.setNetworkId(null);
+ ipv6GuestPrefixSubnetNetworkMapVO.setUpdated(new Date());
+ ipv6GuestPrefixSubnetNetworkMapDao.update(ipv6GuestPrefixSubnetNetworkMapVO.getId(), ipv6GuestPrefixSubnetNetworkMapVO);
+ }
+
+ @Override
+ public boolean start() {
+ _ipv6GuestPrefixSubnetNetworkMapStateScanner.scheduleWithFixedDelay(new Ipv6GuestPrefixSubnetNetworkMapStateScanner(), 300, 30*60, TimeUnit.SECONDS);
+ return true;
+ }
+
+ @Override
+ public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+ _name = name;
+ _configParams = params;
+ _ipv6GuestPrefixSubnetNetworkMapStateScanner = Executors.newScheduledThreadPool(1, new NamedThreadFactory("Ipv6GuestPrefixSubnet-State-Scanner"));
+
+ return true;
+ }
+
+ @Override
+ public List<Class<?>> getCommands() {
+ final List<Class<?>> cmdList = new ArrayList<Class<?>>();
+ cmdList.add(CreateIpv6FirewallRuleCmd.class);
+ cmdList.add(ListIpv6FirewallRulesCmd.class);
+ cmdList.add(UpdateIpv6FirewallRuleCmd.class);
+ cmdList.add(DeleteIpv6FirewallRuleCmd.class);
+ return cmdList;
+ }
+
+ @Override
+ public String getConfigComponentName() {
+ return Ipv6Service.class.getSimpleName();
+ }
+
+ @Override
+ public ConfigKey<?>[] getConfigKeys() {
+ return new ConfigKey<?>[] {
+ Ipv6NetworkOfferingCreationEnabled
+ };
+ }
+
+ @Override
+ public Pair<Integer, Integer> getUsedTotalIpv6SubnetForPrefix(DataCenterGuestIpv6Prefix prefix) {
+ List<Ipv6GuestPrefixSubnetNetworkMapVO> usedSubnets = ipv6GuestPrefixSubnetNetworkMapDao.listUsedByPrefix(prefix.getId());
+ final IPv6Network ip6Prefix = IPv6Network.fromString(prefix.getPrefix());
+ Iterator<IPv6Network> splits = ip6Prefix.split(IPv6NetworkMask.fromPrefixLength(IPV6_SLAAC_CIDR_NETMASK));
+ int total = 0;
+ while(splits.hasNext()) {
+ total++;
+ splits.next();
+ }
+ return new Pair<>(usedSubnets.size(), total);
+ }
+
+ @Override
+ public Pair<Integer, Integer> getUsedTotalIpv6SubnetForZone(long zoneId) {
+ int used = 0;
+ int total = 0;
+ List<DataCenterGuestIpv6PrefixVO> prefixes = dataCenterGuestIpv6PrefixDao.listByDataCenterId(zoneId);
+ for (DataCenterGuestIpv6PrefixVO prefix : prefixes) {
+ Pair<Integer, Integer> usedTotal = getUsedTotalIpv6SubnetForPrefix(prefix);
+ used += usedTotal.first();
+ total += usedTotal.second();
+ }
+ return new Pair<>(used, total);
+ }
+
+ public Pair<String, String> preAllocateIpv6SubnetForNetwork(long zoneId) throws ResourceAllocationException {
+ List<DataCenterGuestIpv6PrefixVO> prefixes = dataCenterGuestIpv6PrefixDao.listByDataCenterId(zoneId);
+ if (CollectionUtils.isEmpty(prefixes)) {
+ s_logger.error(String.format("IPv6 prefixes not found for the zone ID: %d", zoneId));
+ throw new ResourceAllocationException("Unable to allocate IPv6 network", Resource.ResourceType.network);
+ }
+ Ipv6GuestPrefixSubnetNetworkMapVO ip6Subnet = null;
+ for (DataCenterGuestIpv6PrefixVO prefix : prefixes) {
+ ip6Subnet = ipv6GuestPrefixSubnetNetworkMapDao.findFirstAvailable(prefix.getId());
+ if (ip6Subnet == null) {
+ Ipv6GuestPrefixSubnetNetworkMapVO last = ipv6GuestPrefixSubnetNetworkMapDao.findLast(prefix.getId());
+ String lastUsedSubnet = last != null ? last.getSubnet() : null;
+ final IPv6Network ip6Prefix = IPv6Network.fromString(prefix.getPrefix());
+ Iterator<IPv6Network> splits = ip6Prefix.split(IPv6NetworkMask.fromPrefixLength(IPV6_SLAAC_CIDR_NETMASK));
+ while (splits.hasNext()) {
+ IPv6Network i = splits.next();
+ if (lastUsedSubnet == null) {
+ ip6Subnet = new Ipv6GuestPrefixSubnetNetworkMapVO(prefix.getId(), i.toString(), null, Ipv6GuestPrefixSubnetNetworkMap.State.Allocating);
+ break;
+ }
+ if (i.toString().equals(lastUsedSubnet)) {
+ lastUsedSubnet = null;
+ }
+ }
+ }
+ if (ip6Subnet != null) {
+ break;
+ }
+ }
+ if (ip6Subnet == null) {
+ throw new ResourceAllocationException("Unable to allocate IPv6 guest subnet for the network", Resource.ResourceType.network);
+ }
+ ip6Subnet.setUpdated(new Date());
+ if (Ipv6GuestPrefixSubnetNetworkMap.State.Free.equals(ip6Subnet.getState())) {
+ ip6Subnet.setState(Ipv6GuestPrefixSubnetNetworkMap.State.Allocating);
+ ipv6GuestPrefixSubnetNetworkMapDao.update(ip6Subnet.getId(), ip6Subnet);
+ } else {
+ ipv6GuestPrefixSubnetNetworkMapDao.persist(ip6Subnet);
+ }
+ IPv6Network network = IPv6Network.fromString(ip6Subnet.getSubnet());
+ return new Pair<>(network.getFirst().toString(), network.toString());
+ }
+
+ @Override
+ public void assignIpv6SubnetToNetwork(String subnet, long networkId) {
+ Ipv6GuestPrefixSubnetNetworkMapVO ipv6GuestPrefixSubnetNetworkMapVO = ipv6GuestPrefixSubnetNetworkMapDao.findBySubnet(subnet);
+ if (ipv6GuestPrefixSubnetNetworkMapVO != null) {
+ ipv6GuestPrefixSubnetNetworkMapVO = ipv6GuestPrefixSubnetNetworkMapDao.createForUpdate(ipv6GuestPrefixSubnetNetworkMapVO.getId());
+ ipv6GuestPrefixSubnetNetworkMapVO.setState(Ipv6GuestPrefixSubnetNetworkMap.State.Allocated);
+ ipv6GuestPrefixSubnetNetworkMapVO.setNetworkId(networkId);
+ ipv6GuestPrefixSubnetNetworkMapVO.setUpdated(new Date());
+ ipv6GuestPrefixSubnetNetworkMapDao.update(ipv6GuestPrefixSubnetNetworkMapVO.getId(), ipv6GuestPrefixSubnetNetworkMapVO);
+ }
+ }
+
+ @Override
+ public void releaseIpv6SubnetForNetwork(long networkId) {
+ Ipv6GuestPrefixSubnetNetworkMapVO ipv6GuestPrefixSubnetNetworkMapVO = ipv6GuestPrefixSubnetNetworkMapDao.findByNetworkId(networkId);
+ if (ipv6GuestPrefixSubnetNetworkMapVO != null) {
+ releaseIpv6Subnet(ipv6GuestPrefixSubnetNetworkMapVO.getId());
+ }
+ }
+
+ public Pair<String, ? extends Vlan> assignPublicIpv6ToNetwork(Network network, String nicMacAddress) {
+ final List<VlanVO> ranges = vlanDao.listVlansWithIpV6RangeByPhysicalNetworkId(network.getPhysicalNetworkId());
+ if (CollectionUtils.isEmpty(ranges)) {
+ s_logger.error(String.format("Unable to find IPv6 range for the zone ID: %d", network.getDataCenterId()));
+ throw new CloudRuntimeException(String.format("Cannot find IPv6 address for network %s", network.getName()));
+ }
+ Collections.shuffle(ranges);
+ VlanVO selectedVlan = ranges.get(0);
+ IPv6Network iPv6Network = IPv6Network.fromString(selectedVlan.getIp6Cidr());
+ if (iPv6Network.getNetmask().asPrefixLength() < IPV6_SLAAC_CIDR_NETMASK) {
+ Iterator<IPv6Network> splits = iPv6Network.split(IPv6NetworkMask.fromPrefixLength(IPV6_SLAAC_CIDR_NETMASK));
+ if (splits.hasNext()) {
+ splits.next();
+ }
+ if (splits.hasNext()) {
+ iPv6Network = splits.next();
+ }
+ }
+ IPv6Address ipv6Addr = NetUtils.EUI64Address(iPv6Network, nicMacAddress);
+ String event = EventTypes.EVENT_NET_IP6_ASSIGN;
+ String description = String.format("Assigned public IPv6 address: %s for network ID: %s", ipv6Addr, network.getUuid());
+ ActionEventUtils.onCompletedActionEvent(CallContext.current().getCallingUserId(), network.getAccountId(), EventVO.LEVEL_INFO, event, description, 0);
+ final boolean usageHidden = networkDetailsDao.isNetworkUsageHidden(network.getId());
+ final String guestType = selectedVlan.getVlanType().toString();
+ UsageEventUtils.publishUsageEvent(event, network.getAccountId(), network.getDataCenterId(), 0L,
+ ipv6Addr.toString(), false, guestType, false, usageHidden,
+ IPv6Network.class.getName(), null);
+ return new Pair<>(ipv6Addr.toString(), selectedVlan);
+ }
+
+ @Override
+ public void updateNicIpv6(NicProfile nic, DataCenter dc, Network network) {
+ boolean isIpv6Supported = networkOfferingDao.isIpv6Supported(network.getNetworkOfferingId());
+ if (nic.getIPv6Address() == null && isIpv6Supported) {
+ Pair<String, ? extends Vlan> publicIpv6AddressVlanPair = assignPublicIpv6ToNetwork(network, nic.getMacAddress());
+ final Vlan vlan = publicIpv6AddressVlanPair.second();
+ final String routerIpv6 = publicIpv6AddressVlanPair.first();
+ final String routerIpv6Gateway = vlan.getIp6Gateway();
+ final String routerIpv6Cidr = vlan.getIp6Cidr();
+ nic.setIPv6Address(routerIpv6);
+ nic.setIPv6Gateway(routerIpv6Gateway);
+ nic.setIPv6Cidr(routerIpv6Cidr);
+ if (nic.getIPv4Address() != null) {
+ nic.setFormat(Networks.AddressFormat.DualStack);
+ } else {
+ nic.setFormat(Networks.AddressFormat.Ip6);
+ }
+ nic.setIPv6Dns1(dc.getIp6Dns1());
+ nic.setIPv6Dns2(dc.getIp6Dns2());
+ }
+ }
+
+ @Override
+ public void releasePublicIpv6ForNic(Network network, String nicIpv6Address) {
+ String event = EventTypes.EVENT_NET_IP6_RELEASE;
+ String description = String.format("Releasing public IPv6 address: %s from network ID: %s", nicIpv6Address, network.getUuid());
+ ActionEventUtils.onCompletedActionEvent(CallContext.current().getCallingUserId(), network.getAccountId(), EventVO.LEVEL_INFO, event, description, 0);
+ final boolean usageHidden = networkDetailsDao.isNetworkUsageHidden(network.getId());
+ UsageEventUtils.publishUsageEvent(event, network.getAccountId(), network.getDataCenterId(), 0L,
+ nicIpv6Address, false, Vlan.VlanType.VirtualNetwork.toString(), false, usageHidden,
+ IPv6Address.class.getName(), null);
+ }
+
+ @Override
+ public List<String> getPublicIpv6AddressesForNetwork(Network network) {
+ List<String> addresses = new ArrayList<>();
+ List<DomainRouterVO> routers = domainRouterDao.findByNetwork(network.getId());
+ for (DomainRouterVO router : routers) {
+ List<NicVO> nics = nicDao.listByVmId(router.getId());
+ for (NicVO nic : nics) {
+ String address = nic.getIPv6Address();
+ if (!PublicNetworkGuru.class.getSimpleName().equals(nic.getReserver()) || StringUtils.isEmpty(address)) {
+ continue;
+ }
+ addresses.add(address);
+ }
+ }
+ return addresses;
+ }
+
+ @Override
+ public Pair<List<? extends FirewallRule>, Integer> listIpv6FirewallRules(ListIpv6FirewallRulesCmd listIpv6FirewallRulesCmd) {
+ return firewallService.listFirewallRules(listIpv6FirewallRulesCmd);
+ }
+
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_OPEN, eventDescription = "creating IPv6 firewall rule", create = true)
+ public FirewallRule createIpv6FirewallRule(CreateIpv6FirewallRuleCmd cmd) throws NetworkRuleConflictException {
+ final Account caller = CallContext.current().getCallingAccount();
+ final long networkId = cmd.getNetworkId();
+ final Integer portStart = cmd.getSourcePortStart();
+ final Integer portEnd = cmd.getSourcePortEnd();
+ final FirewallRule.TrafficType trafficType = cmd.getTrafficType();
+ final String protocol = cmd.getProtocol();
+ final Integer icmpCode = cmd.getIcmpCode();
+ final Integer icmpType = cmd.getIcmpType();
+ final boolean forDisplay = cmd.isDisplay();
+ final FirewallRule.FirewallRuleType type = FirewallRule.FirewallRuleType.User;
+ final List<String> sourceCidrList = cmd.getSourceCidrList();
+ final List<String> destinationCidrList = cmd.getDestinationCidrList();
+
+ if (portStart != null && !NetUtils.isValidPort(portStart)) {
+ throw new InvalidParameterValueException("publicPort is an invalid value: " + portStart);
+ }
+ if (portEnd != null && !NetUtils.isValidPort(portEnd)) {
+ throw new InvalidParameterValueException("Public port range is an invalid value: " + portEnd);
+ }
+
+ // start port can't be bigger than end port
+ if (portStart != null && portEnd != null && portStart > portEnd) {
+ throw new InvalidParameterValueException("Start port can't be bigger than end port");
+ }
+
+ Network network = networkModel.getNetwork(networkId);
+ assert network != null : "Can't create rule as network is null?";
+
+ final long accountId = network.getAccountId();
+ final long domainId = network.getDomainId();
+
+ if (FirewallRule.TrafficType.Egress.equals(trafficType)) {
+ accountManager.checkAccess(caller, null, true, network);
+ }
+
+ // Verify that the network guru supports the protocol specified
+ Map<Network.Capability, String> caps = networkModel.getNetworkServiceCapabilities(network.getId(), Network.Service.Firewall);
+
+ if (caps != null) {
+ String supportedProtocols;
+ String supportedTrafficTypes = null;
+ supportedTrafficTypes = caps.get(Network.Capability.SupportedTrafficDirection).toLowerCase();
+
+ if (trafficType == FirewallRule.TrafficType.Egress) {
+ supportedProtocols = caps.get(Network.Capability.SupportedEgressProtocols).toLowerCase();
+ } else {
+ supportedProtocols = caps.get(Network.Capability.SupportedProtocols).toLowerCase();
+ }
+
+ if (!supportedProtocols.contains(protocol.toLowerCase())) {
+ throw new InvalidParameterValueException(String.format("Protocol %s is not supported in zone", protocol));
+ } else if (!supportedTrafficTypes.contains(trafficType.toString().toLowerCase())) {
+ throw new InvalidParameterValueException("Traffic Type " + trafficType + " is currently supported by Firewall in network " + networkId);
+ }
+ }
+
+ // icmp code and icmp type can't be passed in for any other protocol rather than icmp
+ if (!protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO) && (icmpCode != null || icmpType != null)) {
+ throw new InvalidParameterValueException("Can specify icmpCode and icmpType for ICMP protocol only");
+ }
+
+ if (protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO) && (portStart != null || portEnd != null)) {
+ throw new InvalidParameterValueException("Can't specify start/end port when protocol is ICMP");
+ }
+
+ return Transaction.execute(new TransactionCallbackWithException<FirewallRuleVO, NetworkRuleConflictException>() {
+ @Override
+ public FirewallRuleVO doInTransaction(TransactionStatus status) throws NetworkRuleConflictException {
+ FirewallRuleVO newRule =
+ new FirewallRuleVO(null, null, portStart, portEnd, protocol.toLowerCase(), networkId, accountId, domainId, FirewallRule.Purpose.Ipv6Firewall,
+ sourceCidrList, destinationCidrList, icmpCode, icmpType, null, trafficType);
+ newRule.setType(type);
+ newRule.setDisplay(forDisplay);
+ newRule = firewallDao.persist(newRule);
+
+ if (FirewallRule.FirewallRuleType.User.equals(type)) {
+ firewallManager.detectRulesConflict(newRule);
+ }
+
+ if (!firewallDao.setStateToAdd(newRule)) {
+ throw new CloudRuntimeException("Unable to update the state to add for " + newRule);
+ }
+ CallContext.current().setEventDetails("Rule Id: " + newRule.getId());
+
+ return newRule;
+ }
+ });
+ }
+
+ @Override
+ @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_CLOSE, eventDescription = "revoking IPv6 firewall rule", async = true)
+ public boolean revokeIpv6FirewallRule(Long id) {
+ FirewallRuleVO rule = firewallDao.findById(id);
+ if (rule == null) {
+ throw new InvalidParameterValueException(String.format("Unable to find IPv6 firewall rule with id %d", id));
+ }
+ if (FirewallRule.TrafficType.Ingress.equals(rule.getTrafficType())) {
+ return firewallManager.revokeIngressFirewallRule(rule.getId(), true);
+ }
+ return firewallManager.revokeEgressFirewallRule(rule.getId(), true);
+ }
+
+ @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_UPDATE, eventDescription = "updating IPv6 firewall rule", async = true)
+ public FirewallRule updateIpv6FirewallRule(UpdateIpv6FirewallRuleCmd cmd) {
+ final long id = cmd.getId();
+ final boolean forDisplay = cmd.isDisplay();
+ FirewallRuleVO rule = firewallDao.findById(id);
+ if (rule == null) {
+ throw new InvalidParameterValueException(String.format("Unable to find IPv6 firewall rule with id %d", id));
+ }
+ if (FirewallRule.TrafficType.Ingress.equals(rule.getTrafficType())) {
+ return firewallManager.updateIngressFirewallRule(rule.getId(), null, forDisplay);
+ }
+ return firewallManager.updateEgressFirewallRule(rule.getId(), null, forDisplay);
+ }
+
+ @Override
+ public FirewallRule getIpv6FirewallRule(Long entityId) {
+ return firewallDao.findById(entityId);
+ }
+
+ @Override
+ public boolean applyIpv6FirewallRule(long id) {
+ FirewallRuleVO rule = firewallDao.findById(id);
+ if (rule == null) {
+ s_logger.error(String.format("Unable to find IPv6 firewall rule with ID: %d", id));
+ return false;
+ }
+ if (!FirewallRule.Purpose.Ipv6Firewall.equals(rule.getPurpose())) {
+ s_logger.error(String.format("Cannot apply IPv6 firewall rule with ID: %d as purpose %s is not %s", id, rule.getPurpose(), FirewallRule.Purpose.Ipv6Firewall));
+ }
+ s_logger.debug(String.format("Applying IPv6 firewall rules for rule with ID: %s", rule.getUuid()));
+ List<FirewallRuleVO> rules = firewallDao.listByNetworkPurposeTrafficType(rule.getNetworkId(), rule.getPurpose(), FirewallRule.TrafficType.Egress);
+ rules.addAll(firewallDao.listByNetworkPurposeTrafficType(rule.getNetworkId(), FirewallRule.Purpose.Ipv6Firewall, FirewallRule.TrafficType.Ingress));
+ return firewallManager.applyFirewallRules(rules, false, CallContext.current().getCallingAccount());
+ }
+
+ public class Ipv6GuestPrefixSubnetNetworkMapStateScanner extends ManagedContextRunnable {
+ @Override
+ protected void runInContext() {
+ GlobalLock gcLock = GlobalLock.getInternLock("Ipv6GuestPrefixSubnetNetworkMap.State.Scanner.Lock");
+ try {
+ if (gcLock.lock(3)) {
+ try {
+ reallyRun();
+ } finally {
+ gcLock.unlock();
+ }
+ }
+ } finally {
+ gcLock.releaseRef();
+ }
+ }
+
+ public void reallyRun() {
+ try {
+ List<Ipv6GuestPrefixSubnetNetworkMapVO> subnets = ipv6GuestPrefixSubnetNetworkMapDao.findPrefixesInStates(Ipv6GuestPrefixSubnetNetworkMap.State.Allocating);
+ for (Ipv6GuestPrefixSubnetNetworkMapVO subnet : subnets) {
+ if (s_logger.isInfoEnabled()) {
+ s_logger.info(String.format("Running state scanned on Ipv6GuestPrefixSubnetNetworkMap : %s", subnet.getSubnet()));
+ }
+ try {
+ if ((new Date()).getTime() - subnet.getUpdated().getTime() < 30*60*1000) {
Review comment:
can this be configurable ?
##########
File path: ui/src/views/infra/network/IpRangesTabPublic.vue
##########
@@ -34,6 +34,18 @@
:rowKey="record => record.id"
:pagination="false"
>
+ <template slot="gateway" slot-scope="record">
+ {{ record.gateway || record.ip6gateway }}
+ </template>
+ <template slot="cidr" slot-scope="record">
+ {{ record.netmask || record.ip6cidr }}
Review comment:
use `record.cidr` instead of `record.netmask` ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan removed a comment on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan removed a comment on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1032214852
Packaging result: :heavy_multiplication_x: el7 :heavy_multiplication_x: el8 :heavy_multiplication_x: debian :heavy_multiplication_x: suse15. SL-JID 2505
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on a change in pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on a change in pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#discussion_r821412436
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/user/ipv6/CreateIpv6FirewallRuleCmd.java
##########
@@ -0,0 +1,245 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.ipv6;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.FirewallResponse;
+import org.apache.cloudstack.api.response.FirewallRuleResponse;
+import org.apache.cloudstack.api.response.NetworkResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.Ipv6Service;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.user.Account;
+import com.cloud.utils.net.NetUtils;
+
+@APICommand(name = CreateIpv6FirewallRuleCmd.APINAME, description = "Creates an Ipv6 firewall rule in the given network (the network has to belong to VPC)", responseObject = FirewallRuleResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class CreateIpv6FirewallRuleCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateIpv6FirewallRuleCmd.class.getName());
+
+ public static final String APINAME = "createIpv6FirewallRule";
+
+ @Inject
+ Ipv6Service ipv6Service;
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, required = true, description = "the protocol for the Ipv6 firewall rule. Valid values are TCP/UDP/ICMP/ALL or valid protocol number")
+ private String protocol;
+
+ @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "the starting port of Ipv6 firewall rule")
+ private Integer publicStartPort;
+
+ @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "the ending port of Ipv6 firewall rule")
+ private Integer publicEndPort;
+
+ @Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the source CIDR list to allow traffic from. Multiple entries must be separated by a single comma character (,).")
+ private List<String> sourceCidrList;
+
+ @Parameter(name = ApiConstants.DEST_CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the destination CIDR list to allow traffic to. Multiple entries must be separated by a single comma character (,).")
+ private List<String> destinationCidrlist;
+
+ @Parameter(name = ApiConstants.ICMP_TYPE, type = CommandType.INTEGER, description = "type of the ICMP message being sent")
+ private Integer icmpType;
+
+ @Parameter(name = ApiConstants.ICMP_CODE, type = CommandType.INTEGER, description = "error code for this ICMP message")
+ private Integer icmpCode;
+
+ @Parameter(name = ApiConstants.NETWORK_ID, type = CommandType.UUID, entityType = NetworkResponse.class, description = "The network of the VM the Ipv6 firewall rule will be created for", required = true)
Review comment:
@weizhouapache yes it is. Should it not be?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1081849417
@shwstppr a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] shwstppr commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
shwstppr commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1081848525
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1009289386
Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian :heavy_check_mark: suse15. SL-JID 2168
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] blueorangutan commented on pull request #5786: network: ipv6 static routes
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on pull request #5786:
URL: https://github.com/apache/cloudstack/pull/5786#issuecomment-1010097668
<b>Trillian test result (tid-2850)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 31480 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5786-t2850-kvm-centos7.zip
Smoke tests completed. 92 look OK, 0 have errors
Only failed tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org