You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by re...@apache.org on 2015/10/13 22:39:15 UTC
[1/5] git commit: updated refs/heads/master to be41921
Repository: cloudstack
Updated Branches:
refs/heads/master f0cd632d5 -> be419211e
CLOUDSTACK-8934 - Add default gateway when the public interface is up again
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/45642b83
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/45642b83
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/45642b83
Branch: refs/heads/master
Commit: 45642b83821ce0ecd6d4cddb76a77a2481e54d9a
Parents: ca9e934
Author: Wilder Rodrigues <wr...@schubergphilis.com>
Authored: Thu Oct 8 14:19:26 2015 +0200
Committer: Wilder Rodrigues <wr...@schubergphilis.com>
Committed: Sun Oct 11 14:57:12 2015 +0200
----------------------------------------------------------------------
.../debian/config/opt/cloud/bin/cs/CsAddress.py | 8 +++---
.../config/opt/cloud/bin/cs/CsRedundant.py | 21 +++++++++++----
.../patches/debian/config/opt/cloud/bin/ian.py | 27 --------------------
.../integration/component/test_vpc_redundant.py | 5 ++--
4 files changed, 23 insertions(+), 38 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/45642b83/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
index 78ccb3a..074a63f 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
@@ -155,7 +155,7 @@ class CsInterface:
return self.get_attr("netmask")
def get_gateway(self):
- if self.config.is_vpc():
+ if self.config.is_vpc() or self.config.cmdline().is_redundant():
return self.get_attr("gateway")
else:
return self.config.cmdline().get_guest_gw()
@@ -308,7 +308,7 @@ class CsIP:
if not self.config.is_vpc():
self.setup_router_control()
- if self.config.is_vpc():
+ if self.config.is_vpc() or self.cl.is_redundant():
# The code looks redundant here, but we actually have to cater for routers and
# VPC routers in a different manner. Please do not remove this block otherwise
# The VPC default route will be broken.
@@ -329,10 +329,10 @@ class CsIP:
cmd2 = "ip link set %s up" % self.getDevice()
# If redundant do not bring up public interfaces
# master.py and keepalived deal with tham
- if self.config.cmdline().is_redundant() and not self.is_public():
+ if self.cl.is_redundant() and not self.is_public():
CsHelper.execute(cmd2)
# if not redundant bring everything up
- if not self.config.cmdline().is_redundant():
+ if not self.cl.is_redundant():
CsHelper.execute(cmd2)
def set_mark(self):
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/45642b83/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py
index 0f71673..abe997c 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py
@@ -37,6 +37,7 @@ from CsFile import CsFile
from CsProcess import CsProcess
from CsApp import CsPasswdSvc
from CsAddress import CsDevice
+from CsRoute import CsRoute
import socket
from time import sleep
@@ -267,16 +268,26 @@ class CsRedundant(object):
ads = [o for o in self.address.get_ips() if o.is_public()]
dev = ''
+ route = CsRoute()
for o in ads:
if dev == o.get_device():
continue
- cmd2 = "ip link set %s up" % o.get_device()
- if CsDevice(o.get_device(), self.config).waitfordevice():
+ dev = o.get_device()
+ logging.info("Will proceed configuring device ==> %s" % dev)
+ cmd2 = "ip link set %s up" % dev
+ if CsDevice(dev, self.config).waitfordevice():
CsHelper.execute(cmd2)
- dev = o.get_device()
- logging.info("Bringing public interface %s up" % o.get_device())
+ logging.info("Bringing public interface %s up" % dev)
+
+ try:
+ gateway = o.get_gateway()
+ logging.info("Adding gateway ==> %s to device ==> %s" % (gateway, dev))
+ route.add_defaultroute(gateway)
+ except:
+ logging.error("ERROR getting gateway from device %s" % dev)
+
else:
- logging.error("Device %s was not ready could not bring it up" % o.get_device())
+ logging.error("Device %s was not ready could not bring it up" % dev)
# ip route add default via $gw table Table_$dev proto static
cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/45642b83/systemvm/patches/debian/config/opt/cloud/bin/ian.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/ian.py b/systemvm/patches/debian/config/opt/cloud/bin/ian.py
deleted file mode 100644
index 186c594..0000000
--- a/systemvm/patches/debian/config/opt/cloud/bin/ian.py
+++ /dev/null
@@ -1,27 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-from cs.CsGuestNetwork import CsGuestNetwork
-import merge
-
-merge.DataBag.DPATH = "."
-csguestnetwork = CsGuestNetwork({}, {})
-csguestnetwork.guest = True
-csguestnetwork.set_dns("1.1.1.1,2.2.2.2")
-csguestnetwork.set_router("3.3.3.3")
-dns = csguestnetwork.get_dns()
-print dns
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/45642b83/test/integration/component/test_vpc_redundant.py
----------------------------------------------------------------------
diff --git a/test/integration/component/test_vpc_redundant.py b/test/integration/component/test_vpc_redundant.py
index 11fabf6..6f82aec 100644
--- a/test/integration/component/test_vpc_redundant.py
+++ b/test/integration/component/test_vpc_redundant.py
@@ -462,7 +462,8 @@ class TestVPCRedundancy(cloudstackTestCase):
self.check_master_status(2)
self.add_nat_rules()
self.do_vpc_test(False)
-
+ time.sleep(30)
+
self.stop_router_by_type("MASTER")
# wait for the backup router to transit to master state
time.sleep(30)
@@ -476,7 +477,7 @@ class TestVPCRedundancy(cloudstackTestCase):
self.start_routers()
self.add_nat_rules()
- time.sleep(45)
+ time.sleep(30)
self.check_master_status(2)
self.do_vpc_test(False)
[5/5] git commit: updated refs/heads/master to be41921
Posted by re...@apache.org.
Merge pull request #923 from ekholabs/fix/default_routes_CLOUDSTACK-8934
CLOUDSTACK-8934 - Default routes not configured for rVPC and RVRThis PR fixes the default routes for redundant VPCs and isolated networks. New tests were introduced in order to make sure that the routers are working properly.
During the tests, I found out that the Firewall Egress was not working properly when creating the network offering with default allow. The bug has been fixed and tests for redundant and non-redundant isolated networks were added.
Test reports will follow in a separate comment.
* pr/923:
CLOUDSTACK-8934 - Fix the AclIP class to make it configure the default FW policy
CLOUDSTACK-8934 - Fix default EGRESS rules for isolated networks
CLOUDSTACK-8934 - Adding tests to cover default routes on IsoNest and RVR nets
CLOUDSTACK-8934 - Add default gateway when the public interface is up again
Signed-off-by: Remi Bergsma <gi...@remi.nl>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/be419211
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/be419211
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/be419211
Branch: refs/heads/master
Commit: be419211ecc090ef0beb4b3923679a50fe9357c3
Parents: f0cd632 cd8c3e9
Author: Remi Bergsma <gi...@remi.nl>
Authored: Tue Oct 13 22:38:34 2015 +0200
Committer: Remi Bergsma <gi...@remi.nl>
Committed: Tue Oct 13 22:38:34 2015 +0200
----------------------------------------------------------------------
.../VirtualNetworkApplianceManagerImpl.java | 26 +-
.../debian/config/opt/cloud/bin/configure.py | 19 +-
.../debian/config/opt/cloud/bin/cs/CsAddress.py | 8 +-
.../config/opt/cloud/bin/cs/CsRedundant.py | 21 +-
.../patches/debian/config/opt/cloud/bin/ian.py | 27 -
.../component/test_routers_network_ops.py | 686 ++++++-------------
.../integration/component/test_vpc_redundant.py | 5 +-
7 files changed, 255 insertions(+), 537 deletions(-)
----------------------------------------------------------------------
[2/5] git commit: updated refs/heads/master to be41921
Posted by re...@apache.org.
CLOUDSTACK-8934 - Adding tests to cover default routes on IsoNest and RVR nets
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/5d1cdc64
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/5d1cdc64
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/5d1cdc64
Branch: refs/heads/master
Commit: 5d1cdc64409caed239f6814a8f73266c8e5eb6fe
Parents: 45642b8
Author: Wilder Rodrigues <wr...@schubergphilis.com>
Authored: Fri Oct 9 13:31:32 2015 +0200
Committer: Wilder Rodrigues <wr...@schubergphilis.com>
Committed: Sun Oct 11 14:57:31 2015 +0200
----------------------------------------------------------------------
.../component/test_routers_network_ops.py | 705 ++++++-------------
1 file changed, 218 insertions(+), 487 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5d1cdc64/test/integration/component/test_routers_network_ops.py
----------------------------------------------------------------------
diff --git a/test/integration/component/test_routers_network_ops.py b/test/integration/component/test_routers_network_ops.py
index 7f1e4aa..95ede49 100644
--- a/test/integration/component/test_routers_network_ops.py
+++ b/test/integration/component/test_routers_network_ops.py
@@ -26,9 +26,13 @@ from marvin.lib.utils import (cleanup_resources,
from marvin.lib.base import (ServiceOffering,
VirtualMachine,
Account,
- LoadBalancerRule,
+ ServiceOffering,
+ NATRule,
+ NetworkACL,
FireWallRule,
- NATRule)
+ PublicIPAddress,
+ NetworkOffering,
+ Network)
from marvin.lib.common import (get_zone,
get_template,
get_domain,
@@ -38,7 +42,6 @@ from marvin.lib.common import (get_zone,
list_routers,
list_nat_rules,
list_publicIP,
- list_lb_rules,
list_firewall_rules,
list_hosts)
@@ -46,12 +49,12 @@ from marvin.lib.common import (get_zone,
import time
import logging
-class TestCreatePFOnStoppedRouter(cloudstackTestCase):
+class TestRedundantIsolateNetworks(cloudstackTestCase):
@classmethod
def setUpClass(cls):
- cls.testClient = super(TestCreatePFOnStoppedRouter, cls).getClsTestClient()
+ cls.testClient = super(TestRedundantIsolateNetworks, cls).getClsTestClient()
cls.api_client = cls.testClient.getApiClient()
cls.services = cls.testClient.getParsedTestDataConfig()
@@ -77,20 +80,22 @@ class TestCreatePFOnStoppedRouter(cloudstackTestCase):
cls.api_client,
cls.services["service_offering"]
)
- cls.vm_1 = VirtualMachine.create(
- cls.api_client,
- cls.services["virtual_machine"],
- templateid=template.id,
- accountid=cls.account.name,
- domainid=cls.account.domainid,
- serviceofferingid=cls.service_offering.id
- )
+
+ cls.services["nw_off_persistent_RVR"]["egress_policy"] = "true"
+
+ cls.network_offering = NetworkOffering.create(
+ cls.api_client,
+ cls.services["nw_off_persistent_RVR"],
+ conservemode=True
+ )
+ cls.network_offering.update(cls.api_client, state='Enabled')
+
cls._cleanup = [
- cls.account,
- cls.service_offering
- ]
+ cls.service_offering,
+ cls.network_offering,
+ ]
- cls.logger = logging.getLogger('TestCreatePFOnStoppedRouter')
+ cls.logger = logging.getLogger('TestRedundantIsolateNetworks')
cls.stream_handler = logging.StreamHandler()
cls.logger.setLevel(logging.DEBUG)
cls.logger.addHandler(cls.stream_handler)
@@ -100,93 +105,136 @@ class TestCreatePFOnStoppedRouter(cloudstackTestCase):
@classmethod
def tearDownClass(cls):
try:
- cls.api_client = super(
- TestCreatePFOnStoppedRouter,
- cls).getClsTestClient().getApiClient()
- # Clean up, terminate the created resources
cleanup_resources(cls.api_client, cls._cleanup)
-
except Exception as e:
raise Exception("Warning: Exception during cleanup : %s" % e)
return
def setUp(self):
self.apiclient = self.testClient.getApiClient()
+ self.account = Account.create(
+ self.apiclient,
+ self.services["account"],
+ admin=True,
+ domainid=self.domain.id
+ )
self.cleanup = []
+ self.cleanup.insert(0, self.account)
return
def tearDown(self):
try:
- # Clean up, terminate the created resources
- cleanup_resources(self.apiclient, self.cleanup)
+ cleanup_resources(self.api_client, self.cleanup)
except Exception as e:
raise Exception("Warning: Exception during cleanup : %s" % e)
return
-
- @attr(tags=["advanced", "advancedns"], required_hardware="true")
- def test_01_CreatePFOnStoppedRouter(self):
- """Stop existing router, add a PF rule and check we can access the VM """
-
- # Get router details associated for that account
- routers = list_routers(
- self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid
- )
-
+ @attr(tags=["advanced", "advancedns", "ssh"], required_hardware="true")
+ def test_RVR_Network_FW_PF_SSH_default_routes(self):
+ """ Test redundant router internals """
+ self.logger.debug("Starting test_RVR_Network_FW_PF_SSH_default_routes...")
+
+ self.logger.debug("Creating network with network offering: %s" % self.network_offering.id)
+ network = Network.create(
+ self.apiclient,
+ self.services["network"],
+ accountid=self.account.name,
+ domainid=self.account.domainid,
+ networkofferingid=self.network_offering.id,
+ zoneid=self.zone.id
+ )
+ self.logger.debug("Created network with ID: %s" % network.id)
+
+ networks = Network.list(
+ self.apiclient,
+ id=network.id,
+ listall=True
+ )
self.assertEqual(
- isinstance(routers, list),
+ isinstance(networks, list),
True,
- "Check for list routers response return valid data"
- )
- self.assertNotEqual(
- len(routers),
- 0,
- "Check list router response"
- )
- router = routers[0]
-
- self.logger.debug("Stopping router ID: %s" % router.id)
+ "List networks should return a valid response for created network"
+ )
+ nw_response = networks[0]
- # Stop the router
- cmd = stopRouter.stopRouterCmd()
- cmd.id = router.id
- self.apiclient.stopRouter(cmd)
-
- routers = list_routers(
- self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid
- )
+ self.logger.debug("Network state: %s" % nw_response.state)
self.assertEqual(
- isinstance(routers, list),
- True,
- "Check for list routers response return valid data"
- )
- router = routers[0]
-
+ nw_response.state,
+ "Allocated",
+ "The network should be in allocated state after creation"
+ )
+
+ self.logger.debug("Listing routers for network: %s" % network.name)
+ routers = Router.list(
+ self.apiclient,
+ networkid=network.id,
+ listall=True
+ )
self.assertEqual(
- router.state,
- 'Stopped',
- "Check list router response for router state"
- )
+ routers,
+ None,
+ "Routers should not be spawned when network is in allocated state"
+ )
- public_ips = list_publicIP(
- self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid,
- zoneid=self.zone.id
- )
+ self.logger.debug("Deploying VM in account: %s" % self.account.name)
+ virtual_machine = VirtualMachine.create(
+ self.apiclient,
+ self.services["virtual_machine"],
+ accountid=self.account.name,
+ domainid=self.account.domainid,
+ serviceofferingid=self.service_offering.id,
+ networkids=[str(network.id)]
+ )
+ self.logger.debug("Deployed VM in network: %s" % network.id)
+
+ vms = VirtualMachine.list(
+ self.apiclient,
+ id=virtual_machine.id,
+ listall=True
+ )
self.assertEqual(
- isinstance(public_ips, list),
- True,
- "Check for list public IPs response return valid data"
- )
-
- public_ip = public_ips[0]
-
- # Open up firewall port for SSH
+ isinstance(vms, list),
+ True,
+ "List Vms should return a valid list"
+ )
+ vm = vms[0]
+ self.assertEqual(
+ vm.state,
+ "Running",
+ "VM should be in running state after deployment"
+ )
+
+ self.logger.debug("Listing routers for network: %s" % network.name)
+ routers = Router.list(
+ self.apiclient,
+ networkid=network.id,
+ listall=True
+ )
+ self.assertEqual(
+ isinstance(routers, list),
+ True,
+ "list router should return Master and backup routers"
+ )
+ self.assertEqual(
+ len(routers),
+ 2,
+ "Length of the list router should be 2 (Backup & master)"
+ )
+
+ self.logger.debug("Associating public IP for network: %s" % network.name)
+ public_ip = PublicIPAddress.create(
+ self.apiclient,
+ accountid=self.account.name,
+ zoneid=self.zone.id,
+ domainid=self.account.domainid,
+ networkid=network.id
+ )
+ self.logger.debug("Associated %s with network %s" % (
+ public_ip.ipaddress.ipaddress,
+ network.id
+ ))
+
+ self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
@@ -196,75 +244,43 @@ class TestCreatePFOnStoppedRouter(cloudstackTestCase):
endport=self.services["natrule"]["publicport"]
)
- self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
- # Create NAT rule
+ self.logger.debug("Creating NAT rule for VM ID: %s" % virtual_machine.id)
nat_rule = NATRule.create(
self.apiclient,
- self.vm_1,
+ virtual_machine,
self.services["natrule"],
public_ip.id
)
- self.logger.debug("Starting router ID: %s" % router.id)
- # Start the router
- cmd = startRouter.startRouterCmd()
- cmd.id = router.id
- self.apiclient.startRouter(cmd)
+ self.cleanup.insert(0, network)
+ self.cleanup.insert(0, virtual_machine)
- routers = list_routers(
- self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid,
- zoneid=self.zone.id
- )
- self.assertEqual(
- isinstance(routers, list),
- True,
- "Check for list routers response return valid data"
- )
- router = routers[0]
-
- self.assertEqual(
- router.state,
- 'Running',
- "Check list router response for router state"
- )
- # NAT Rule should be in Active state after router start
- nat_rules = list_nat_rules(
- self.apiclient,
- id=nat_rule.id
- )
- self.assertEqual(
- isinstance(nat_rules, list),
- True,
- "Check for list NAT rules response return valid data"
- )
- self.assertEqual(
- nat_rules[0].state,
- 'Active',
- "Check list port forwarding rules"
- )
+ result = 'failed'
try:
+ ssh_command = "ping -c 3 8.8.8.8"
+ ssh = virtual_machine.get_ssh_client(ipaddress=public_ip.ipaddress.ipaddress, retries=5)
+ self.logger.debug("Ping to google.com from VM")
- self.logger.debug("SSH into VM with ID: %s" % nat_rule.ipaddress)
+ result = str(ssh.execute(ssh_command))
+ self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("3 packets received")))
+ except:
+ self.fail("Failed to SSH into VM - %s" % (public_ip.ipaddress.ipaddress))
+
+ self.assertEqual(
+ result.count("3 packets received"),
+ 1,
+ "Ping to outside world from VM should be successful"
+ )
- self.vm_1.get_ssh_client(
- ipaddress=nat_rule.ipaddress,
- port=self.services["natrule"]["publicport"])
- except Exception as e:
- self.fail(
- "SSH Access failed for %s: %s" %
- (nat_rule.ipaddress, e)
- )
return
-class TestCreateLBOnStoppedRouter(cloudstackTestCase):
+class TestIsolatedNetworks(cloudstackTestCase):
@classmethod
def setUpClass(cls):
- cls.testClient = super(TestCreateLBOnStoppedRouter, cls).getClsTestClient()
+ cls.testClient = super(TestIsolatedNetworks, cls).getClsTestClient()
cls.api_client = cls.testClient.getApiClient()
cls.services = cls.testClient.getParsedTestDataConfig()
@@ -290,20 +306,39 @@ class TestCreateLBOnStoppedRouter(cloudstackTestCase):
cls.api_client,
cls.services["service_offering"]
)
- cls.vm_1 = VirtualMachine.create(
- cls.api_client,
- cls.services["virtual_machine"],
- templateid=template.id,
- accountid=cls.account.name,
- domainid=cls.account.domainid,
- serviceofferingid=cls.service_offering.id
- )
+
+ cls.services["network_offering"]["egress_policy"] = "true"
+
+ cls.network_offering = NetworkOffering.create(cls.api_client,
+ cls.services["network_offering"],
+ conservemode=True)
+
+ cls.network_offering.update(cls.api_client, state='Enabled')
+
+ cls.network = Network.create(cls.api_client,
+ cls.services["network"],
+ accountid=cls.account.name,
+ domainid=cls.account.domainid,
+ networkofferingid=cls.network_offering.id,
+ zoneid=cls.zone.id)
+
+ cls.vm_1 = VirtualMachine.create(cls.api_client,
+ cls.services["virtual_machine"],
+ templateid=template.id,
+ accountid=cls.account.name,
+ domainid=cls.domain.id,
+ serviceofferingid=cls.service_offering.id,
+ networkids=[str(cls.network.id)])
+
cls._cleanup = [
- cls.account,
- cls.service_offering
+ cls.vm_1,
+ cls.network,
+ cls.network_offering,
+ cls.service_offering,
+ cls.account
]
-
- cls.logger = logging.getLogger('TestCreateLBOnStoppedRouter')
+
+ cls.logger = logging.getLogger('TestIsolatedNetworks')
cls.stream_handler = logging.StreamHandler()
cls.logger.setLevel(logging.DEBUG)
cls.logger.addHandler(cls.stream_handler)
@@ -313,33 +348,20 @@ class TestCreateLBOnStoppedRouter(cloudstackTestCase):
@classmethod
def tearDownClass(cls):
try:
- cls.api_client = super(
- TestCreateLBOnStoppedRouter,
- cls).getClsTestClient().getApiClient()
- # Clean up, terminate the created resources
cleanup_resources(cls.api_client, cls._cleanup)
-
except Exception as e:
raise Exception("Warning: Exception during cleanup : %s" % e)
return
def setUp(self):
self.apiclient = self.testClient.getApiClient()
- self.cleanup = []
- return
-
- def tearDown(self):
- try:
- cleanup_resources(self.apiclient, self.cleanup)
- except Exception as e:
- raise Exception("Warning: Exception during cleanup : %s" % e)
return
- @attr(tags=["advanced", "advancedns"], required_hardware="true")
- def test_01_CreateLBOnStoppedRouter(self):
- """Stop existing Router, add LB rule and check we can reach the VM"""
+ @attr(tags=["advanced", "advancedns", "ssh"], required_hardware="true")
+ def test_isolate_network_FW_PF_default_routes(self):
+ """Stop existing router, add a PF rule and check we can access the VM """
- # Get router details associated for that account
+ self.logger.debug("Starting test_isolate_network_FW_PF_default_routes...")
routers = list_routers(
self.apiclient,
account=self.account.name,
@@ -360,366 +382,75 @@ class TestCreateLBOnStoppedRouter(cloudstackTestCase):
router = routers[0]
- self.logger.debug("Stopping router with ID: %s" % router.id)
- # Stop the router
- cmd = stopRouter.stopRouterCmd()
- cmd.id = router.id
- self.apiclient.stopRouter(cmd)
-
- routers = list_routers(
- self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid
- )
- self.assertEqual(
- isinstance(routers, list),
- True,
- "Check for list routers response return valid data"
- )
- router = routers[0]
-
self.assertEqual(
router.state,
- 'Stopped',
+ 'Running',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
- domainid=self.account.domainid
+ domainid=self.account.domainid,
+ zoneid=self.zone.id
)
+
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
+
public_ip = public_ips[0]
- # Open up firewall port for SSH
+ self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
- protocol=self.services["lbrule"]["protocol"],
+ protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
- startport=self.services["lbrule"]["publicport"],
- endport=self.services["lbrule"]["publicport"]
- )
- self.logger.debug("Creating LB rule for public IP: %s" % public_ip.id)
- # Create Load Balancer rule and assign VMs to rule
- lb_rule = LoadBalancerRule.create(
- self.apiclient,
- self.services["lbrule"],
- public_ip.id,
- accountid=self.account.name
+ startport=self.services["natrule"]["publicport"],
+ endport=self.services["natrule"]["publicport"]
)
- self.logger.debug("Assigning VM %s to LB rule: %s" % (
- self.vm_1.id,
- lb_rule.id
- ))
- lb_rule.assign(self.apiclient, [self.vm_1])
-
- # Start the router
- cmd = startRouter.startRouterCmd()
- cmd.id = router.id
- self.apiclient.startRouter(cmd)
- routers = list_routers(
+ self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
+ # Create NAT rule
+ nat_rule = NATRule.create(
self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid
- )
- self.assertEqual(
- isinstance(routers, list),
- True,
- "Check for list routers response return valid data"
+ self.vm_1,
+ self.services["natrule"],
+ public_ip.id
)
- router = routers[0]
- self.assertEqual(
- router.state,
- 'Running',
- "Check list router response for router state"
- )
- # After router start, LB RUle should be in Active state
- lb_rules = list_lb_rules(
+ nat_rules = list_nat_rules(
self.apiclient,
- id=lb_rule.id
+ id=nat_rule.id
)
self.assertEqual(
- isinstance(lb_rules, list),
+ isinstance(nat_rules, list),
True,
- "Check for list LB rules response return valid data"
+ "Check for list NAT rules response return valid data"
)
self.assertEqual(
- lb_rules[0].state,
+ nat_rules[0].state,
'Active',
- "Check list load balancing rules"
- )
- self.assertEqual(
- lb_rules[0].publicport,
- str(self.services["lbrule"]["publicport"]),
- "Check list load balancing rules"
- )
-
- try:
- self.logger.debug("SSH into VM with IP: %s" % public_ip.ipaddress)
- self.vm_1.ssh_port = self.services["lbrule"]["publicport"]
- self.vm_1.get_ssh_client(public_ip.ipaddress)
- except Exception as e:
- self.fail(
- "SSH Access failed for %s: %s" %
- (self.vm_1.ipaddress, e)
- )
- return
-
-
-class TestCreateFWOnStoppedRouter(cloudstackTestCase):
-
- @classmethod
- def setUpClass(cls):
-
- cls.testClient = super(TestCreateFWOnStoppedRouter, cls).getClsTestClient()
- cls.api_client = cls.testClient.getApiClient()
-
- cls.services = cls.testClient.getParsedTestDataConfig()
- # Get Zone, Domain and templates
- cls.domain = get_domain(cls.api_client)
- cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests())
- cls.services['mode'] = cls.zone.networktype
- template = get_template(
- cls.api_client,
- cls.zone.id,
- cls.services["ostype"]
- )
- cls.services["virtual_machine"]["zoneid"] = cls.zone.id
-
- # Create an account, network, VM and IP addresses
- cls.account = Account.create(
- cls.api_client,
- cls.services["account"],
- domainid=cls.domain.id
- )
- cls.service_offering = ServiceOffering.create(
- cls.api_client,
- cls.services["service_offering"]
- )
- cls.vm_1 = VirtualMachine.create(
- cls.api_client,
- cls.services["virtual_machine"],
- templateid=template.id,
- accountid=cls.account.name,
- domainid=cls.account.domainid,
- serviceofferingid=cls.service_offering.id
+ "Check list port forwarding rules"
)
- cls._cleanup = [
- cls.account,
- cls.service_offering
- ]
-
- cls.logger = logging.getLogger('TestCreateFWOnStoppedRouter')
- cls.stream_handler = logging.StreamHandler()
- cls.logger.setLevel(logging.DEBUG)
- cls.logger.addHandler(cls.stream_handler)
-
- return
-
- @classmethod
- def tearDownClass(cls):
- try:
- cls.api_client = super(
- TestCreateFWOnStoppedRouter,
- cls).getClsTestClient().getApiClient()
- # Clean up, terminate the created templates
- cleanup_resources(cls.api_client, cls._cleanup)
-
- except Exception as e:
- raise Exception("Warning: Exception during cleanup : %s" % e)
- return
-
- def tearDown(self):
+
+ result = 'failed'
try:
- cleanup_resources(self.apiclient, self.cleanup)
- except Exception as e:
- raise Exception("Warning: Exception during cleanup : %s" % e)
- return
-
- def setUp(self):
- self.apiclient = self.testClient.getApiClient()
- self.hypervisor = self.testClient.getHypervisorInfo()
- self.cleanup = []
- return
-
- @attr(tags=["advanced", "advancedns"], required_hardware="true")
- def test_01_CreateFWOnStoppedRouter(self):
- """Stop existing Router, create Firewall rules and check that the rules are applied to the router"""
-
- # Get the router details associated with account
- routers = list_routers(
- self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid
- )
-
- self.assertEqual(
- isinstance(routers, list),
- True,
- "Check for list routers response return valid data"
- )
-
- self.assertNotEqual(
- len(routers),
- 0,
- "Check list router response"
- )
-
- router = routers[0]
-
- self.logger.debug("Stopping the router: %s" % router.id)
- # Stop the router
- cmd = stopRouter.stopRouterCmd()
- cmd.id = router.id
- self.apiclient.stopRouter(cmd)
-
- routers = list_routers(
- self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid
- )
- self.assertEqual(
- isinstance(routers, list),
- True,
- "Check for list routers response return valid data"
- )
- router = routers[0]
-
- self.assertEqual(
- router.state,
- 'Stopped',
- "Check list router response for router state"
- )
-
- public_ips = list_publicIP(
- self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid
- )
- self.assertEqual(
- isinstance(public_ips, list),
- True,
- "Check for list public IP response return valid data"
- )
- public_ip = public_ips[0]
-
- # Create Firewall rule with configurations from settings file
- fw_rule = FireWallRule.create(
- self.apiclient,
- ipaddressid=public_ip.id,
- protocol='TCP',
- cidrlist=[self.services["fwrule"]["cidr"]],
- startport=self.services["fwrule"]["startport"],
- endport=self.services["fwrule"]["endport"]
- )
- self.logger.debug("Created firewall rule: %s" % fw_rule.id)
-
- self.logger.debug("Starting the router: %s" % router.id)
- # Start the router
- cmd = startRouter.startRouterCmd()
- cmd.id = router.id
- self.apiclient.startRouter(cmd)
-
- routers = list_routers(
- self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid
- )
- self.assertEqual(
- isinstance(routers, list),
- True,
- "Check for list routers response return valid data"
- )
-
- router = routers[0]
-
- self.assertEqual(
- router.state,
- 'Running',
- "Check list router response for router state"
- )
- # After Router start, FW rule should be in Active state
- fw_rules = list_firewall_rules(
- self.apiclient,
- id=fw_rule.id,
- )
- self.assertEqual(
- isinstance(fw_rules, list),
- True,
- "Check for list FW rules response return valid data"
- )
+ ssh_command = "ping -c 3 8.8.8.8"
+ self.logger.debug("SSH into VM with ID: %s" % nat_rule.ipaddress)
- self.assertEqual(
- fw_rules[0].state,
- 'Active',
- "Check list load balancing rules"
- )
- self.assertEqual(
- fw_rules[0].startport,
- str(self.services["fwrule"]["startport"]),
- "Check start port of firewall rule"
- )
+ ssh = self.vm_1.get_ssh_client(ipaddress=nat_rule.ipaddress, port=self.services["natrule"]["publicport"], retries=5)
+ result = str(ssh.execute(ssh_command))
+ self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("3 packets received")))
+ except:
+ self.fail("Failed to SSH into VM - %s" % (public_ip.ipaddress.ipaddress))
self.assertEqual(
- fw_rules[0].endport,
- str(self.services["fwrule"]["endport"]),
- "Check end port of firewall rule"
- )
- # For DNS and DHCP check 'dnsmasq' process status
- if (self.hypervisor.lower() == 'vmware'
- or self.hypervisor.lower() == 'hyperv'):
- result = get_process_status(
- self.apiclient.connection.mgtSvr,
- 22,
- self.apiclient.connection.user,
- self.apiclient.connection.passwd,
- router.linklocalip,
- 'iptables -t nat -L',
- hypervisor=self.hypervisor
- )
- else:
- hosts = list_hosts(
- self.apiclient,
- id=router.hostid,
- )
- self.assertEqual(
- isinstance(hosts, list),
- True,
- "Check for list hosts response return valid data"
- )
- host = hosts[0]
- host.user = self.services["configurableData"]["host"]["username"]
- host.passwd = self.services["configurableData"]["host"]["password"]
- try:
- result = get_process_status(
- host.ipaddress,
- 22,
- host.user,
- host.passwd,
- router.linklocalip,
- 'iptables -t nat -L'
- )
- except KeyError:
- self.skipTest(
- "Provide a marvin config file with host\
- credentials to run %s" %
- self._testMethodName)
-
- self.logger.debug("iptables -t nat -L: %s" % result)
- self.logger.debug("Public IP: %s" % public_ip.ipaddress)
- res = str(result)
- self.assertEqual(
- res.count(str(public_ip.ipaddress)),
- 1,
- "Check public IP address"
- )
-
+ result.count("3 packets received"),
+ 1,
+ "Ping to outside world from VM should be successful"
+ )
return
[4/5] git commit: updated refs/heads/master to be41921
Posted by re...@apache.org.
CLOUDSTACK-8934 - Fix the AclIP class to make it configure the default FW policy
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/cd8c3e97
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/cd8c3e97
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/cd8c3e97
Branch: refs/heads/master
Commit: cd8c3e97f594639292075d9a704dc7c382a103ca
Parents: b4dc392
Author: Wilder Rodrigues <wr...@schubergphilis.com>
Authored: Sat Oct 10 12:02:47 2015 +0200
Committer: Wilder Rodrigues <wr...@schubergphilis.com>
Committed: Sun Oct 11 14:57:33 2015 +0200
----------------------------------------------------------------------
.../VirtualNetworkApplianceManagerImpl.java | 2 +-
.../debian/config/opt/cloud/bin/configure.py | 8 +++-
.../component/test_routers_network_ops.py | 45 ++++++++++----------
3 files changed, 30 insertions(+), 25 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/cd8c3e97/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index 9eda2a2..f0e5f09 100644
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -1975,7 +1975,7 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
final Boolean defaultEgressPolicy = offering.getEgressDefaultPolicy();
- // The default on the router is set to Deny all. So, if the default configuration in the offering is set to treu (Allow), we change the Egress here
+ // The default on the router is set to Deny all. So, if the default configuration in the offering is set to true (Allow), we change the Egress here
if (defaultEgressPolicy) {
final List<String> sourceCidr = new ArrayList<String>();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/cd8c3e97/systemvm/patches/debian/config/opt/cloud/bin/configure.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index c3c4cae..55a4b94 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -86,8 +86,14 @@ class CsAcl(CsDataBag):
self.rule['first_port'] = obj['src_port_range'][0]
self.rule['last_port'] = obj['src_port_range'][1]
self.rule['allowed'] = True
- self.rule['cidr'] = obj['source_cidr_list']
+
+ if self.rule['type'] == 'all' and not obj['source_cidr_list']:
+ self.rule['cidr'] = ['0.0.0.0/0']
+ else:
+ self.rule['cidr'] = obj['source_cidr_list']
+
self.rule['action'] = "ACCEPT"
+ logging.debug("AclIP created for rule ==> %s", self.rule)
def create(self):
for cidr in self.rule['cidr']:
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/cd8c3e97/test/integration/component/test_routers_network_ops.py
----------------------------------------------------------------------
diff --git a/test/integration/component/test_routers_network_ops.py b/test/integration/component/test_routers_network_ops.py
index 95ede49..ba3e5e4 100644
--- a/test/integration/component/test_routers_network_ops.py
+++ b/test/integration/component/test_routers_network_ops.py
@@ -32,7 +32,8 @@ from marvin.lib.base import (ServiceOffering,
FireWallRule,
PublicIPAddress,
NetworkOffering,
- Network)
+ Network,
+ Router)
from marvin.lib.common import (get_zone,
get_template,
get_domain,
@@ -62,7 +63,7 @@ class TestRedundantIsolateNetworks(cloudstackTestCase):
cls.domain = get_domain(cls.api_client)
cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests())
cls.services['mode'] = cls.zone.networktype
- template = get_template(
+ cls.template = get_template(
cls.api_client,
cls.zone.id,
cls.services["ostype"]
@@ -157,34 +158,17 @@ class TestRedundantIsolateNetworks(cloudstackTestCase):
)
nw_response = networks[0]
- self.logger.debug("Network state: %s" % nw_response.state)
- self.assertEqual(
- nw_response.state,
- "Allocated",
- "The network should be in allocated state after creation"
- )
-
- self.logger.debug("Listing routers for network: %s" % network.name)
- routers = Router.list(
- self.apiclient,
- networkid=network.id,
- listall=True
- )
- self.assertEqual(
- routers,
- None,
- "Routers should not be spawned when network is in allocated state"
- )
-
self.logger.debug("Deploying VM in account: %s" % self.account.name)
virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
+ templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(network.id)]
)
+
self.logger.debug("Deployed VM in network: %s" % network.id)
vms = VirtualMachine.list(
@@ -234,10 +218,25 @@ class TestRedundantIsolateNetworks(cloudstackTestCase):
network.id
))
+ public_ips = list_publicIP(
+ self.apiclient,
+ account=self.account.name,
+ domainid=self.account.domainid,
+ zoneid=self.zone.id
+ )
+
+ self.assertEqual(
+ isinstance(public_ips, list),
+ True,
+ "Check for list public IPs response return valid data"
+ )
+
+ public_ip_1 = public_ips[0]
+
self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id)
FireWallRule.create(
self.apiclient,
- ipaddressid=public_ip.id,
+ ipaddressid=public_ip_1.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
@@ -249,7 +248,7 @@ class TestRedundantIsolateNetworks(cloudstackTestCase):
self.apiclient,
virtual_machine,
self.services["natrule"],
- public_ip.id
+ public_ip_1.id
)
self.cleanup.insert(0, network)
[3/5] git commit: updated refs/heads/master to be41921
Posted by re...@apache.org.
CLOUDSTACK-8934 - Fix default EGRESS rules for isolated networks
- The default is Accept and will be changed based on the configuration of the offering.
CLOUDSTACK-8934 - The default egress is set as Deny in the router.
- We had to change it on the Java side in order to make the apply it once the default is defined as allowed on the net offering
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b4dc392b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b4dc392b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b4dc392b
Branch: refs/heads/master
Commit: b4dc392bfdf4fb93e1652203b7d4027651cca5ac
Parents: 5d1cdc6
Author: Wilder Rodrigues <wr...@schubergphilis.com>
Authored: Fri Oct 9 14:32:35 2015 +0200
Committer: Wilder Rodrigues <wr...@schubergphilis.com>
Committed: Sun Oct 11 14:57:32 2015 +0200
----------------------------------------------------------------------
.../VirtualNetworkApplianceManagerImpl.java | 26 +++++++-------------
.../debian/config/opt/cloud/bin/configure.py | 11 ++++++---
2 files changed, 17 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b4dc392b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index c32aeba..9eda2a2 100644
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -629,7 +629,7 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
_agentMgr.registerForHostEvents(new SshKeysDistriMonitor(_agentMgr, _hostDao, _configDao), true, false, false);
- List<ServiceOfferingVO> offerings = _serviceOfferingDao.createSystemServiceOfferings("System Offering For Software Router",
+ final List<ServiceOfferingVO> offerings = _serviceOfferingDao.createSystemServiceOfferings("System Offering For Software Router",
ServiceOffering.routerDefaultOffUniqueName, 1, _routerRamSize, _routerCpuMHz, null,
null, true, null, ProvisioningType.THIN, true, null, true, VirtualMachine.Type.DomainRouter, true);
// this can sometimes happen, if DB is manually or programmatically manipulated
@@ -1971,18 +1971,12 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
}
private void createDefaultEgressFirewallRule(final List<FirewallRule> rules, final long networkId) {
- String systemRule = null;
-
- Boolean defaultEgressPolicy = false;
final NetworkVO network = _networkDao.findById(networkId);
final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
- defaultEgressPolicy = offering.getEgressDefaultPolicy();
-
-
- // construct rule when egress policy is true. In true case for VR we default allow rule need to be added
- if (!defaultEgressPolicy) {
- systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
+ final Boolean defaultEgressPolicy = offering.getEgressDefaultPolicy();
+ // The default on the router is set to Deny all. So, if the default configuration in the offering is set to treu (Allow), we change the Egress here
+ if (defaultEgressPolicy) {
final List<String> sourceCidr = new ArrayList<String>();
sourceCidr.add(NetUtils.ALL_CIDRS);
@@ -1991,12 +1985,10 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
rules.add(rule);
} else {
- s_logger.debug(" Egress policy for the Network "+ networkId +" is "+defaultEgressPolicy + " So no need"+
- " of default rule is needed. ");
+ s_logger.debug("Egress policy for the Network " + networkId + " is already defined as Deny. So, no need to default the rule to Allow. ");
}
}
-
private void removeRevokedIpAliasFromDb(final List<NicIpAliasVO> revokedIpAliasVOs) {
for (final NicIpAliasVO ipalias : revokedIpAliasVOs) {
_nicIpAliasDao.expunge(ipalias.getId());
@@ -2616,10 +2608,10 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
final State newState = transition.getToState();
final VirtualMachine.Event event = transition.getEvent();
if (vo.getType() == VirtualMachine.Type.DomainRouter &&
- event == VirtualMachine.Event.FollowAgentPowerOnReport &&
- newState == State.Running &&
- isOutOfBandMigrated(opaque)) {
- s_logger.debug("Virtual router " + vo.getInstanceName() + " is powered-on out-of-band");
+ event == VirtualMachine.Event.FollowAgentPowerOnReport &&
+ newState == State.Running &&
+ isOutOfBandMigrated(opaque)) {
+ s_logger.debug("Virtual router " + vo.getInstanceName() + " is powered-on out-of-band");
}
return true;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b4dc392b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index ae24ac5..c3c4cae 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -123,24 +123,29 @@ class CsAcl(CsDataBag):
" -p %s " % rule['protocol'] +
" -m %s " % rule['protocol'] +
" --dport %s -j RETURN" % rnge])
+
+ logging.debug("Current ACL IP direction is ==> %s", self.direction)
if self.direction == 'egress':
- self.fw.append(["filter", "", " -A FW_OUTBOUND -j FIREWALL_EGRESS_RULES"])
+ self.fw.append(["filter", "", " -A FW_OUTBOUND -j FW_EGRESS_RULES"])
if rule['protocol'] == "icmp":
self.fw.append(["filter", "front",
- " -A FIREWALL_EGRESS_RULES" +
+ " -A FW_EGRESS_RULES" +
" -s %s " % cidr +
" -p %s " % rule['protocol'] +
" -m %s " % rule['protocol'] +
" --icmp-type %s -j %s" % (icmp_type, self.rule['action'])])
else:
- fwr = " -A FIREWALL_EGRESS_RULES" + \
+ fwr = " -A FW_EGRESS_RULES" + \
" -s %s " % cidr
if rule['protocol'] != "all":
fwr += "-p %s " % rule['protocol'] + \
" -m %s " % rule['protocol'] + \
" --dport %s" % rnge
+
self.fw.append(["filter", "front", "%s -j %s" % (fwr, rule['action'])])
+ logging.debug("EGRESS rule configured for protocol ==> %s, action ==> %s", rule['protocol'], rule['action'])
+
class AclDevice():
""" A little class for each list of acls per device """