You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by sw...@apache.org on 2016/07/25 20:38:05 UTC
[1/4] git commit: updated refs/heads/master to 818063c
Repository: cloudstack
Updated Branches:
refs/heads/master 46a6530e7 -> 818063c8e
CLOUDSTACK-9436: Release network resources on expunge command
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/148e9744
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/148e9744
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/148e9744
Branch: refs/heads/master
Commit: 148e9744828cd7dd3efe9487fc5be303b21b58d3
Parents: 46a6530
Author: nvazquez <ni...@gmail.com>
Authored: Mon Jun 6 11:47:45 2016 -0300
Committer: nvazquez <ni...@gmail.com>
Committed: Thu Jul 21 12:25:22 2016 -0300
----------------------------------------------------------------------
server/src/com/cloud/vm/UserVmManagerImpl.java | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/148e9744/server/src/com/cloud/vm/UserVmManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
index 9eddf6d..dd7e817 100644
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -2046,6 +2046,9 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
return false;
}
try {
+
+ releaseNetworkResourcesOnExpunge(vm.getId());
+
List<VolumeVO> rootVol = _volsDao.findByInstanceAndType(vm.getId(), Volume.Type.ROOT);
// expunge the vm
_itMgr.advanceExpunge(vm.getUuid());
@@ -2086,6 +2089,23 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
}
}
+ /**
+ * Release network resources, it was done on vm stop previously.
+ * @param id vm id
+ * @throws ConcurrentOperationException
+ * @throws ResourceUnavailableException
+ */
+ private void releaseNetworkResourcesOnExpunge(long id) throws ConcurrentOperationException, ResourceUnavailableException {
+ final VMInstanceVO vmInstance = _vmDao.findById(id);
+ if (vmInstance != null){
+ final VirtualMachineProfile profile = new VirtualMachineProfileImpl(vmInstance);
+ _networkMgr.release(profile, false);
+ }
+ else {
+ s_logger.error("Couldn't find vm with id = " + id + ", unable to release network resources");
+ }
+ }
+
private boolean cleanupVmResources(long vmId) {
boolean success = true;
// Remove vm from security groups
[2/4] git commit: updated refs/heads/master to 818063c
Posted by sw...@apache.org.
Added missing rules on router config, fixed ordering of multiple rules, removed duplicate rules, added fix for network stats, added a check for b64 decoding (to pad incorrect b64). Also added a catch exception to be logged on the configure main.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/9ab67620
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/9ab67620
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/9ab67620
Branch: refs/heads/master
Commit: 9ab676206a5bfe94aad8d03345c8804d520b0488
Parents: 9be93c6
Author: Patrick Dube <pd...@cloudops.com>
Authored: Fri Jul 22 15:32:20 2016 -0400
Committer: Patrick Dube <pd...@cloudops.com>
Committed: Fri Jul 22 15:32:20 2016 -0400
----------------------------------------------------------------------
.../debian/config/opt/cloud/bin/configure.py | 201 ++++++++++---------
.../debian/config/opt/cloud/bin/cs/CsAddress.py | 17 +-
.../config/opt/cloud/bin/cs/CsNetfilter.py | 14 +-
3 files changed, 126 insertions(+), 106 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9ab67620/systemvm/patches/debian/config/opt/cloud/bin/configure.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index 59a8e9d..35ac3f2 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -313,6 +313,9 @@ class CsVmMetadata(CsDataBag):
# base64 decode userdata
if folder == "userdata" or folder == "user-data":
if data is not None:
+ # need to pad data if it is not valid base 64
+ if len(data) % 4 != 0:
+ data += (4-(len(data) % 4)) * "="
data = base64.b64decode(data)
fh = open(dest, "w")
@@ -908,104 +911,106 @@ def main(argv):
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
-
- # Load stored ip adresses from disk to CsConfig()
- config.set_address()
-
- logging.debug("Configuring ip addresses")
- config.address().compare()
- config.address().process()
-
- if process_file in ["cmd_line.json", "guest_network.json"]:
- logging.debug("Configuring Guest Network")
- iptables_change = True
-
- if process_file in ["cmd_line.json", "vm_password.json"]:
- logging.debug("Configuring vmpassword")
- password = CsPassword("vmpassword", config)
- password.process()
-
- if process_file in ["cmd_line.json", "vm_metadata.json"]:
- logging.debug("Configuring vmdata")
- metadata = CsVmMetadata('vmdata', config)
- metadata.process()
-
- if process_file in ["cmd_line.json", "network_acl.json"]:
- logging.debug("Configuring networkacl")
- iptables_change = True
-
- if process_file in ["cmd_line.json", "firewall_rules.json"]:
- logging.debug("Configuring firewall rules")
- iptables_change = True
-
- if process_file in ["cmd_line.json", "forwarding_rules.json", "staticnat_rules.json"]:
- logging.debug("Configuring PF rules")
- iptables_change = True
-
- if process_file in ["cmd_line.json", "site_2_site_vpn.json"]:
- logging.debug("Configuring s2s vpn")
- iptables_change = True
-
- if process_file in ["cmd_line.json", "remote_access_vpn.json"]:
- logging.debug("Configuring remote access vpn")
- iptables_change = True
-
- if process_file in ["cmd_line.json", "vpn_user_list.json"]:
- logging.debug("Configuring vpn users list")
- vpnuser = CsVpnUser("vpnuserlist", config)
- vpnuser.process()
-
- if process_file in ["cmd_line.json", "vm_dhcp_entry.json", "dhcp.json"]:
- logging.debug("Configuring dhcp entry")
- dhcp = CsDhcp("dhcpentry", config)
- dhcp.process()
-
- if process_file in ["cmd_line.json", "load_balancer.json"]:
- logging.debug("Configuring load balancer")
- iptables_change = True
-
- if process_file in ["cmd_line.json", "monitor_service.json"]:
- logging.debug("Configuring monitor service")
- mon = CsMonitor("monitorservice", config)
- mon.process()
-
- # If iptable rules have changed, apply them.
- if iptables_change:
- acls = CsAcl('networkacl', config)
- acls.process()
-
- acls = CsAcl('firewallrules', config)
- acls.process()
-
- fwd = CsForwardingRules("forwardingrules", config)
- fwd.process()
-
- vpns = CsSite2SiteVpn("site2sitevpn", config)
- vpns.process()
-
- rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
- rvpn.process()
-
- lb = CsLoadBalancer("loadbalancer", config)
- lb.process()
-
- logging.debug("Configuring iptables rules")
- nf = CsNetfilters()
- nf.compare(config.get_fw())
-
- logging.debug("Configuring iptables rules done ...saving rules")
-
- # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
- CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
- CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")
-
- red = CsRedundant(config)
- red.set()
-
- if process_file in ["cmd_line.json", "static_routes.json"]:
- logging.debug("Configuring static routes")
- static_routes = CsStaticRoutes("staticroutes", config)
- static_routes.process()
+ try:
+ # Load stored ip adresses from disk to CsConfig()
+ config.set_address()
+
+ logging.debug("Configuring ip addresses")
+ config.address().compare()
+ config.address().process()
+
+ if process_file in ["cmd_line.json", "guest_network.json"]:
+ logging.debug("Configuring Guest Network")
+ iptables_change = True
+
+ if process_file in ["cmd_line.json", "vm_password.json"]:
+ logging.debug("Configuring vmpassword")
+ password = CsPassword("vmpassword", config)
+ password.process()
+
+ if process_file in ["cmd_line.json", "vm_metadata.json"]:
+ logging.debug("Configuring vmdata")
+ metadata = CsVmMetadata('vmdata', config)
+ metadata.process()
+
+ if process_file in ["cmd_line.json", "network_acl.json"]:
+ logging.debug("Configuring networkacl")
+ iptables_change = True
+
+ if process_file in ["cmd_line.json", "firewall_rules.json"]:
+ logging.debug("Configuring firewall rules")
+ iptables_change = True
+
+ if process_file in ["cmd_line.json", "forwarding_rules.json", "staticnat_rules.json"]:
+ logging.debug("Configuring PF rules")
+ iptables_change = True
+
+ if process_file in ["cmd_line.json", "site_2_site_vpn.json"]:
+ logging.debug("Configuring s2s vpn")
+ iptables_change = True
+
+ if process_file in ["cmd_line.json", "remote_access_vpn.json"]:
+ logging.debug("Configuring remote access vpn")
+ iptables_change = True
+
+ if process_file in ["cmd_line.json", "vpn_user_list.json"]:
+ logging.debug("Configuring vpn users list")
+ vpnuser = CsVpnUser("vpnuserlist", config)
+ vpnuser.process()
+
+ if process_file in ["cmd_line.json", "vm_dhcp_entry.json", "dhcp.json"]:
+ logging.debug("Configuring dhcp entry")
+ dhcp = CsDhcp("dhcpentry", config)
+ dhcp.process()
+
+ if process_file in ["cmd_line.json", "load_balancer.json"]:
+ logging.debug("Configuring load balancer")
+ iptables_change = True
+
+ if process_file in ["cmd_line.json", "monitor_service.json"]:
+ logging.debug("Configuring monitor service")
+ mon = CsMonitor("monitorservice", config)
+ mon.process()
+
+ # If iptable rules have changed, apply them.
+ if iptables_change:
+ acls = CsAcl('networkacl', config)
+ acls.process()
+
+ acls = CsAcl('firewallrules', config)
+ acls.process()
+
+ fwd = CsForwardingRules("forwardingrules", config)
+ fwd.process()
+
+ vpns = CsSite2SiteVpn("site2sitevpn", config)
+ vpns.process()
+
+ rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
+ rvpn.process()
+
+ lb = CsLoadBalancer("loadbalancer", config)
+ lb.process()
+
+ logging.debug("Configuring iptables rules")
+ nf = CsNetfilters()
+ nf.compare(config.get_fw())
+
+ logging.debug("Configuring iptables rules done ...saving rules")
+
+ # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
+ CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
+ CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")
+
+ red = CsRedundant(config)
+ red.set()
+
+ if process_file in ["cmd_line.json", "static_routes.json"]:
+ logging.debug("Configuring static routes")
+ static_routes = CsStaticRoutes("staticroutes", config)
+ static_routes.process()
+ except Exception:
+ logging.exception("Exception while configuring router")
if __name__ == "__main__":
main(sys.argv)
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9ab67620/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
index efcb94f..f78ec4c 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
@@ -432,6 +432,9 @@ class CsIP:
self.fw.append(["mangle", "front", "-A PREROUTING " +
"-m state --state RELATED,ESTABLISHED " +
"-j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff"])
+
+ self.fw.append(["filter", "", "-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT"])
+
if self.get_type() in ["guest"]:
self.fw.append(["filter", "", "-A FORWARD -d %s -o %s -j ACL_INBOUND_%s" %
(self.address['network'], self.dev, self.dev)])
@@ -440,6 +443,9 @@ class CsIP:
self.fw.append(
["filter", "front", "-A ACL_INBOUND_%s -d 225.0.0.50/32 -j ACCEPT" % self.dev])
self.fw.append(
+ ["filter", "", "-A ACL_INBOUND_%s -j DROP" % self.dev])
+
+ self.fw.append(
["mangle", "front", "-A ACL_OUTBOUND_%s -d 225.0.0.50/32 -j ACCEPT" % self.dev])
self.fw.append(
["mangle", "front", "-A ACL_OUTBOUND_%s -d 224.0.0.18/32 -j ACCEPT" % self.dev])
@@ -459,10 +465,12 @@ class CsIP:
(self.dev, self.address[
'network'], self.address['gateway'], self.dev)
])
- self.fw.append(["", "front", "-A NETWORK_STATS_%s -o %s -s %s" %
+
+ self.fw.append(["", "front", "-A NETWORK_STATS_%s -i %s -d %s" %
("eth1", "eth1", self.address['network'])])
- self.fw.append(["", "front", "-A NETWORK_STATS_%s -o %s -d %s" %
+ self.fw.append(["", "front", "-A NETWORK_STATS_%s -o %s -s %s" %
("eth1", "eth1", self.address['network'])])
+
self.fw.append(["nat", "front",
"-A POSTROUTING -s %s -o %s -j SNAT --to-source %s" %
(self.address['network'], self.dev,
@@ -496,7 +504,10 @@ class CsIP:
self.fw.append(["filter", "", "-A INPUT -d 225.0.0.50/32 -j ACCEPT"])
self.fw.append(["filter", "", "-A INPUT -p icmp -j ACCEPT"])
+ self.fw.append(["filter", "", "-A INPUT -i lo -j ACCEPT"])
+
self.fw.append(["filter", "", "-A INPUT -i eth0 -p tcp -m tcp --dport 3922 -m state --state NEW,ESTABLISHED -j ACCEPT"])
+ self.fw.append(["filter", "", "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT"])
self.fw.append(["filter", "", "-P INPUT DROP"])
self.fw.append(["filter", "", "-P FORWARD DROP"])
@@ -536,7 +547,7 @@ class CsIP:
if self.address["source_nat"]:
vpccidr = cmdline.get_vpccidr()
self.fw.append(
- ["filter", "", "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)])
+ ["filter", 3, "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)])
self.fw.append(
["nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip'])])
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9ab67620/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py
index 39f184b..3ee5174 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py
@@ -133,18 +133,21 @@ class CsNetfilters(object):
def compare(self, list):
""" Compare reality with what is needed """
- for c in self.chain.get("filter"):
- # Ensure all inbound/outbound chains have a default drop rule
- if c.startswith("ACL_INBOUND") or c.startswith("ACL_OUTBOUND"):
- list.append(["filter", "", "-A %s -j DROP" % c])
# PASS 1: Ensure all chains are present
for fw in list:
new_rule = CsNetfilter()
new_rule.parse(fw[2])
new_rule.set_table(fw[0])
self.add_chain(new_rule)
+
+ ruleSet = set()
# PASS 2: Create rules
for fw in list:
+ tupledFw = tuple(fw)
+ if tupledFw in ruleSet :
+ logging.debug("Already processed : %s", tupledFw)
+ continue
+
new_rule = CsNetfilter()
new_rule.parse(fw[2])
new_rule.set_table(fw[0])
@@ -165,12 +168,13 @@ class CsNetfilters(object):
cpy = cpy.replace('-A', '-I')
if isinstance(fw[1], int):
# if the rule is for ACLs, we want to insert them in order, right before the DROP all
- if rule_chain.startswith("ACL_INBOUND") or rule_chain.startswith("ACL_OUTBOUND"):
+ if rule_chain.startswith("ACL_INBOUND"):
rule_count = self.chain.get_count(rule_chain)
cpy = cpy.replace("-A %s" % new_rule.get_chain(), '-I %s %s' % (new_rule.get_chain(), rule_count))
else:
cpy = cpy.replace("-A %s" % new_rule.get_chain(), '-I %s %s' % (new_rule.get_chain(), fw[1]))
CsHelper.execute("iptables -t %s %s" % (new_rule.get_table(), cpy))
+ ruleSet.add(tupledFw)
self.chain.add_rule(rule_chain)
self.del_standard()
self.get_unseen()
[4/4] git commit: updated refs/heads/master to 818063c
Posted by sw...@apache.org.
Merge pull request #1616 from pdube/4.9-vr-iptables-fixes
Added missing rules on router config, fixed ordering of multiple rules, removed duplicate rules, added fix for network stats, added a check for b64 decoding (to pad incorrect b64). Also added a catch exception to be logged on the configure main.
https://issues.apache.org/jira/browse/CLOUDSTACK-9430
https://issues.apache.org/jira/browse/CLOUDSTACK-9431
https://issues.apache.org/jira/browse/CLOUDSTACK-9435
https://issues.apache.org/jira/browse/CLOUDSTACK-9440
* pr/1616:
Added missing rules on router config, fixed ordering of multiple rules, removed duplicate rules, added fix for network stats, added a check for b64 decoding (to pad incorrect b64). Also added a catch exception to be logged on the configure main.
Signed-off-by: Will Stevens <wi...@gmail.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/818063c8
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/818063c8
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/818063c8
Branch: refs/heads/master
Commit: 818063c8eefc66e60070089c29001a8b9caedabf
Parents: 0a0839e 9ab6762
Author: Will Stevens <wi...@gmail.com>
Authored: Mon Jul 25 16:37:37 2016 -0400
Committer: Will Stevens <wi...@gmail.com>
Committed: Mon Jul 25 16:37:38 2016 -0400
----------------------------------------------------------------------
.../debian/config/opt/cloud/bin/configure.py | 201 ++++++++++---------
.../debian/config/opt/cloud/bin/cs/CsAddress.py | 17 +-
.../config/opt/cloud/bin/cs/CsNetfilter.py | 14 +-
3 files changed, 126 insertions(+), 106 deletions(-)
----------------------------------------------------------------------
[3/4] git commit: updated refs/heads/master to 818063c
Posted by sw...@apache.org.
Merge pull request #1613 from nvazquez/vmnetworkmapissue
CLOUDSTACK-9436: vm_network_map table cleanup, release network resources on expunge commandJIRA TICKET: https://issues.apache.org/jira/browse/CLOUDSTACK-9436
This PR replaces #1594
Due to error on `test/integration/smoke/test_vpc_redundant.py` it was found out that `vm_network_map` table should be less aggresive on vm stop
* pr/1613:
CLOUDSTACK-9436: Release network resources on expunge command
Signed-off-by: Will Stevens <wi...@gmail.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0a0839ea
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0a0839ea
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0a0839ea
Branch: refs/heads/master
Commit: 0a0839ea2d01c1806534a4fab2fc4c384e650633
Parents: 46a6530 148e974
Author: Will Stevens <wi...@gmail.com>
Authored: Mon Jul 25 16:37:18 2016 -0400
Committer: Will Stevens <wi...@gmail.com>
Committed: Mon Jul 25 16:37:18 2016 -0400
----------------------------------------------------------------------
server/src/com/cloud/vm/UserVmManagerImpl.java | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
----------------------------------------------------------------------