You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ek...@apache.org on 2015/04/08 16:05:23 UTC

git commit: updated refs/heads/master to cb2b9e8

Repository: cloudstack
Updated Branches:
  refs/heads/master aada8fe1d -> cb2b9e870


Fixing the communication with VM via Public IP

   - Pub IP port forwarding and static NAT fixed for single VPCs
   - Pub IP port forwarding fixed for redundant VPCs

[wip] fix static NAT for redundant VPCs

This closes #150


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/cb2b9e87
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/cb2b9e87
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/cb2b9e87

Branch: refs/heads/master
Commit: cb2b9e870b36ee0a069b61ab64f041370c9b8bdd
Parents: aada8fe
Author: wilderrodrigues <wr...@schubergphilis.com>
Authored: Wed Apr 8 15:46:32 2015 +0200
Committer: wilderrodrigues <wr...@schubergphilis.com>
Committed: Wed Apr 8 16:04:55 2015 +0200

----------------------------------------------------------------------
 .../debian/config/opt/cloud/bin/configure.py    | 37 ++++++++++++++++----
 .../debian/config/opt/cloud/bin/cs/CsAddress.py |  9 ++---
 .../opt/cloud/templates/keepalived.conf.templ   |  7 ----
 3 files changed, 35 insertions(+), 18 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/cb2b9e87/systemvm/patches/debian/config/opt/cloud/bin/configure.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index 246c995..b03928b 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -414,7 +414,7 @@ class CsSite2SiteVpn(CsDataBag):
             self.deletevpn(ip)
 
     def deletevpn(self, ip):
-        logging.info("Removinf VPN configuration for %s", ip)
+        logging.info("Removing VPN configuration for %s", ip)
         CsHelper.execute("ipsec auto --down vpn-%s" % ip)
         CsHelper.execute("ipsec auto --delete vpn-%s" % ip)
         vpnconffile = "%s/ipsec.vpn-%s.conf" % (self.VPNCONFDIR, ip)
@@ -586,15 +586,36 @@ class CsForwardingRules(CsDataBag):
         self.fw.append(["nat", "", fw6])
 
     def forward_vpc(self, rule):
-        fwrule = "-A PREROUTING -d %s/32" % rule["public_ip"]
+        fw_prerout_rule = "-A PREROUTING -d %s/32 -i %s" % (rule["public_ip"], self.getDeviceByIp(rule['public_ip']))
         if not rule["protocol"] == "any":
-            fwrule += " -m %s -p %s" % (rule["protocol"], rule["protocol"])
+            fw_prerout_rule += " -m %s -p %s" % (rule["protocol"], rule["protocol"])
         if not rule["public_ports"] == "any":
-            fwrule += " --dport %s" % self.portsToString(rule["public_ports"], ":")
-        fwrule += " -j DNAT --to-destination %s" % rule["internal_ip"]
+            fw_prerout_rule += " --dport %s" % self.portsToString(rule["public_ports"], ":")
+        fw_prerout_rule += " -j DNAT --to-destination %s" % rule["internal_ip"]
         if not rule["internal_ports"] == "any":
-            fwrule += ":" + self.portsToString(rule["internal_ports"], "-")
-        self.fw.append(["nat", "", fwrule])
+            fw_prerout_rule += ":" + self.portsToString(rule["internal_ports"], "-")
+        
+        fw_postrout_rule = "-A POSTROUTING -d %s/32 " % rule["public_ip"]
+        if not rule["protocol"] == "any":
+            fw_postrout_rule += " -m %s -p %s" % (rule["protocol"], rule["protocol"])
+        if not rule["public_ports"] == "any":
+            fw_postrout_rule += " --dport %s" % self.portsToString(rule["public_ports"], ":")
+        fw_postrout_rule += " -j SNAT --to-source %s" % rule["internal_ip"]
+        if not rule["internal_ports"] == "any":
+            fw_postrout_rule += ":" + self.portsToString(rule["internal_ports"], "-")
+        
+        fw_output_rule = "-A OUTPUT -d %s/32" % rule["public_ip"]
+        if not rule["protocol"] == "any":
+            fw_output_rule += " -m %s -p %s" % (rule["protocol"], rule["protocol"])
+        if not rule["public_ports"] == "any":
+            fw_output_rule += " --dport %s" % self.portsToString(rule["public_ports"], ":")
+        fw_output_rule += " -j DNAT --to-destination %s" % rule["internal_ip"]
+        if not rule["internal_ports"] == "any":
+            fw_output_rule += ":" + self.portsToString(rule["internal_ports"], "-")
+        
+        self.fw.append(["nat", "", fw_prerout_rule])
+        self.fw.append(["nat", "", fw_postrout_rule])
+        self.fw.append(["nat", "", fw_output_rule])
 
     def processStaticNatRule(self, rule):
         # FIXME this needs ordering with the VPN no nat rule
@@ -605,6 +626,8 @@ class CsForwardingRules(CsDataBag):
                         "-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])])
         self.fw.append(["nat", "front",
                         "-A POSTROUTING -o %s -s %s/32 -j SNAT --to-source %s" % (device, rule["internal_ip"], rule["public_ip"])])
+        self.fw.append(["nat", "front",
+                        "-A OUTPUT -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])])
 
 
 def main(argv):

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/cb2b9e87/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
index 7dc357b..0c8f013 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
@@ -129,10 +129,11 @@ class CsInterface:
         if self.config.is_vpc():
             return self.get_attr("gateway")
         else:
-            if self.config.cmdline().is_redundant():
-                return self.config.cmdline().get_guest_gw()
-            else:
-                return self.get_ip()
+            return self.config.cmdline().get_guest_gw()
+#             if self.config.cmdline().is_redundant():
+#                 return self.config.cmdline().get_guest_gw()
+#             else:
+#                 return self.get_ip()
 
     def ip_in_subnet(self, ip):
         ipo = IPAddress(ip)

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/cb2b9e87/systemvm/patches/debian/config/opt/cloud/templates/keepalived.conf.templ
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/templates/keepalived.conf.templ b/systemvm/patches/debian/config/opt/cloud/templates/keepalived.conf.templ
index f494df0..0e64a7e 100644
--- a/systemvm/patches/debian/config/opt/cloud/templates/keepalived.conf.templ
+++ b/systemvm/patches/debian/config/opt/cloud/templates/keepalived.conf.templ
@@ -19,12 +19,6 @@ global_defs {
    router_id [ROUTER_ID]
 }
 
-!vrrp_script check_bumpup {
-    !script "[RROUTER_BIN_PATH]/check_bumpup.sh"
-    !interval 5
-    !weight [DELTA]
-!}
-
 vrrp_script heartbeat {
     script "[RROUTER_BIN_PATH]/heartbeat.sh"
     interval 10
@@ -48,7 +42,6 @@ vrrp_instance inside_network {
     }
 
     track_script {
-        !check_bumpup
         heartbeat
     }