You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bf...@apache.org on 2013/04/10 23:44:10 UTC
[01/11] git commit: updated refs/heads/ui-mixed-zone-management to
fa8b835
Updated Branches:
refs/heads/ui-mixed-zone-management 4b853ccdc -> fa8b83581
CLOUDSTACK-1867: Comment vmware-tools installation, use open-vm-tools
Signed-off-by: Rohit Yadav <bh...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ed79b8bf
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ed79b8bf
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ed79b8bf
Branch: refs/heads/ui-mixed-zone-management
Commit: ed79b8bf140196a169a89021a4d02747d5312ad8
Parents: 7efbcfa
Author: Rohit Yadav <bh...@apache.org>
Authored: Wed Apr 10 23:10:29 2013 +0530
Committer: Rohit Yadav <bh...@apache.org>
Committed: Wed Apr 10 23:14:50 2013 +0530
----------------------------------------------------------------------
.../definitions/systemvmtemplate/postinstall.sh | 27 ++++++++-------
.../definitions/systemvmtemplate/preseed.cfg | 8 ++--
.../definitions/systemvmtemplate64/postinstall.sh | 27 ++++++++-------
.../definitions/systemvmtemplate64/preseed.cfg | 8 ++--
4 files changed, 36 insertions(+), 34 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ed79b8bf/tools/appliance/definitions/systemvmtemplate/postinstall.sh
----------------------------------------------------------------------
diff --git a/tools/appliance/definitions/systemvmtemplate/postinstall.sh b/tools/appliance/definitions/systemvmtemplate/postinstall.sh
index 176c93f..ae8f1ad 100644
--- a/tools/appliance/definitions/systemvmtemplate/postinstall.sh
+++ b/tools/appliance/definitions/systemvmtemplate/postinstall.sh
@@ -65,18 +65,19 @@ install_packages() {
# vmware tools
apt-get --no-install-recommends -q -y --force-yes install open-vm-tools
- apt-get --no-install-recommends -q -y --force-yes install build-essential linux-headers-`uname -r`
- df -h
- PREVDIR=$PWD
- cd /opt
- wget http://people.apache.org/~bhaisaab/cloudstack/VMwareTools-9.2.1-818201.tar.gz
- tar xzf VMwareTools-9.2.1-818201.tar.gz
- rm VMwareTools-*.tar.gz
- cd vmware-tools-distrib
- ./vmware-install.pl -d
- cd $PREV
- rm -fr /opt/vmware-tools-distrib
- apt-get -q -y --force-yes purge build-essential
+ # commented installaion of vmware-tools as we are using the opensource open-vm-tools:
+ # apt-get --no-install-recommends -q -y --force-yes install build-essential linux-headers-`uname -r`
+ # df -h
+ # PREVDIR=$PWD
+ # cd /opt
+ # wget http://people.apache.org/~bhaisaab/cloudstack/VMwareTools-9.2.1-818201.tar.gz
+ # tar xzf VMwareTools-9.2.1-818201.tar.gz
+ # rm VMwareTools-*.tar.gz
+ # cd vmware-tools-distrib
+ # ./vmware-install.pl -d
+ # cd $PREV
+ # rm -fr /opt/vmware-tools-distrib
+ # apt-get -q -y --force-yes purge build-essential
}
setup_accounts() {
@@ -184,7 +185,7 @@ configure_services() {
snapshot_url="https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=snapshot;h=HEAD;sf=tgz"
snapshot_dir="/opt/cloudstack*"
cd /opt
- wget $snapshot_url -O cloudstack.tar.gz
+ wget --no-check-certificate $snapshot_url -O cloudstack.tar.gz
tar -zxvf cloudstack.tar.gz
cp -rv $snapshot_dir/patches/systemvm/debian/config/* /
cp -rv $snapshot_dir/patches/systemvm/debian/vpn/* /
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ed79b8bf/tools/appliance/definitions/systemvmtemplate/preseed.cfg
----------------------------------------------------------------------
diff --git a/tools/appliance/definitions/systemvmtemplate/preseed.cfg b/tools/appliance/definitions/systemvmtemplate/preseed.cfg
index d456256..79349f6 100644
--- a/tools/appliance/definitions/systemvmtemplate/preseed.cfg
+++ b/tools/appliance/definitions/systemvmtemplate/preseed.cfg
@@ -136,7 +136,7 @@ d-i partman-auto/expert_recipe string \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /boot } \
. \
- 250 40 400 ext4 \
+ 300 40 400 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ / } \
@@ -146,17 +146,17 @@ d-i partman-auto/expert_recipe string \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /home } \
. \
- 900 20 1100 ext4 \
+ 700 20 1100 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /usr } \
. \
- 300 40 500 ext4 \
+ 400 40 500 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /opt } \
. \
- 450 60 1000 ext4 \
+ 500 60 1000 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /var } \
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ed79b8bf/tools/appliance/definitions/systemvmtemplate64/postinstall.sh
----------------------------------------------------------------------
diff --git a/tools/appliance/definitions/systemvmtemplate64/postinstall.sh b/tools/appliance/definitions/systemvmtemplate64/postinstall.sh
index 176c93f..ae8f1ad 100644
--- a/tools/appliance/definitions/systemvmtemplate64/postinstall.sh
+++ b/tools/appliance/definitions/systemvmtemplate64/postinstall.sh
@@ -65,18 +65,19 @@ install_packages() {
# vmware tools
apt-get --no-install-recommends -q -y --force-yes install open-vm-tools
- apt-get --no-install-recommends -q -y --force-yes install build-essential linux-headers-`uname -r`
- df -h
- PREVDIR=$PWD
- cd /opt
- wget http://people.apache.org/~bhaisaab/cloudstack/VMwareTools-9.2.1-818201.tar.gz
- tar xzf VMwareTools-9.2.1-818201.tar.gz
- rm VMwareTools-*.tar.gz
- cd vmware-tools-distrib
- ./vmware-install.pl -d
- cd $PREV
- rm -fr /opt/vmware-tools-distrib
- apt-get -q -y --force-yes purge build-essential
+ # commented installaion of vmware-tools as we are using the opensource open-vm-tools:
+ # apt-get --no-install-recommends -q -y --force-yes install build-essential linux-headers-`uname -r`
+ # df -h
+ # PREVDIR=$PWD
+ # cd /opt
+ # wget http://people.apache.org/~bhaisaab/cloudstack/VMwareTools-9.2.1-818201.tar.gz
+ # tar xzf VMwareTools-9.2.1-818201.tar.gz
+ # rm VMwareTools-*.tar.gz
+ # cd vmware-tools-distrib
+ # ./vmware-install.pl -d
+ # cd $PREV
+ # rm -fr /opt/vmware-tools-distrib
+ # apt-get -q -y --force-yes purge build-essential
}
setup_accounts() {
@@ -184,7 +185,7 @@ configure_services() {
snapshot_url="https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=snapshot;h=HEAD;sf=tgz"
snapshot_dir="/opt/cloudstack*"
cd /opt
- wget $snapshot_url -O cloudstack.tar.gz
+ wget --no-check-certificate $snapshot_url -O cloudstack.tar.gz
tar -zxvf cloudstack.tar.gz
cp -rv $snapshot_dir/patches/systemvm/debian/config/* /
cp -rv $snapshot_dir/patches/systemvm/debian/vpn/* /
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ed79b8bf/tools/appliance/definitions/systemvmtemplate64/preseed.cfg
----------------------------------------------------------------------
diff --git a/tools/appliance/definitions/systemvmtemplate64/preseed.cfg b/tools/appliance/definitions/systemvmtemplate64/preseed.cfg
index d456256..79349f6 100644
--- a/tools/appliance/definitions/systemvmtemplate64/preseed.cfg
+++ b/tools/appliance/definitions/systemvmtemplate64/preseed.cfg
@@ -136,7 +136,7 @@ d-i partman-auto/expert_recipe string \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /boot } \
. \
- 250 40 400 ext4 \
+ 300 40 400 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ / } \
@@ -146,17 +146,17 @@ d-i partman-auto/expert_recipe string \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /home } \
. \
- 900 20 1100 ext4 \
+ 700 20 1100 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /usr } \
. \
- 300 40 500 ext4 \
+ 400 40 500 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /opt } \
. \
- 450 60 1000 ext4 \
+ 500 60 1000 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /var } \
[05/11] git commit: updated refs/heads/ui-mixed-zone-management to
fa8b835
Posted by bf...@apache.org.
appliance: Fix preseed, sum of partitions should be 2000M
Signed-off-by: Rohit Yadav <bh...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/09542ce7
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/09542ce7
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/09542ce7
Branch: refs/heads/ui-mixed-zone-management
Commit: 09542ce70af8b2fc5ef71726d309337d48660264
Parents: 9670553
Author: Rohit Yadav <bh...@apache.org>
Authored: Thu Apr 11 00:08:35 2013 +0530
Committer: Rohit Yadav <bh...@apache.org>
Committed: Thu Apr 11 00:09:12 2013 +0530
----------------------------------------------------------------------
.../definitions/systemvmtemplate/preseed.cfg | 6 +++---
.../definitions/systemvmtemplate64/preseed.cfg | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/09542ce7/tools/appliance/definitions/systemvmtemplate/preseed.cfg
----------------------------------------------------------------------
diff --git a/tools/appliance/definitions/systemvmtemplate/preseed.cfg b/tools/appliance/definitions/systemvmtemplate/preseed.cfg
index 79349f6..6996565 100644
--- a/tools/appliance/definitions/systemvmtemplate/preseed.cfg
+++ b/tools/appliance/definitions/systemvmtemplate/preseed.cfg
@@ -146,7 +146,7 @@ d-i partman-auto/expert_recipe string \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /home } \
. \
- 700 20 1100 ext4 \
+ 650 20 1100 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /usr } \
@@ -156,7 +156,7 @@ d-i partman-auto/expert_recipe string \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /opt } \
. \
- 500 60 1000 ext4 \
+ 450 60 1000 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /var } \
@@ -166,7 +166,7 @@ d-i partman-auto/expert_recipe string \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /tmp } \
. \
- 50 512 300% linux-swap \
+ 70 512 300% linux-swap \
method{ swap } format{ } \
.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/09542ce7/tools/appliance/definitions/systemvmtemplate64/preseed.cfg
----------------------------------------------------------------------
diff --git a/tools/appliance/definitions/systemvmtemplate64/preseed.cfg b/tools/appliance/definitions/systemvmtemplate64/preseed.cfg
index 79349f6..6996565 100644
--- a/tools/appliance/definitions/systemvmtemplate64/preseed.cfg
+++ b/tools/appliance/definitions/systemvmtemplate64/preseed.cfg
@@ -146,7 +146,7 @@ d-i partman-auto/expert_recipe string \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /home } \
. \
- 700 20 1100 ext4 \
+ 650 20 1100 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /usr } \
@@ -156,7 +156,7 @@ d-i partman-auto/expert_recipe string \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /opt } \
. \
- 500 60 1000 ext4 \
+ 450 60 1000 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /var } \
@@ -166,7 +166,7 @@ d-i partman-auto/expert_recipe string \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /tmp } \
. \
- 50 512 300% linux-swap \
+ 70 512 300% linux-swap \
method{ swap } format{ } \
.
[03/11] git commit: updated refs/heads/ui-mixed-zone-management to
fa8b835
Posted by bf...@apache.org.
CLOUDSTACK-779 Egress firewall rules support for Juniper SRX
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/a4a059c0
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/a4a059c0
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/a4a059c0
Branch: refs/heads/ui-mixed-zone-management
Commit: a4a059c0430eabf30bd96261c71aa700e62cca0c
Parents: ee0a91d
Author: Jayapal <ja...@citrix.com>
Authored: Wed Apr 10 18:04:02 2013 +0530
Committer: Sheng Yang <sh...@citrix.com>
Committed: Wed Apr 10 10:54:04 2013 -0700
----------------------------------------------------------------------
api/src/com/cloud/agent/api/to/FirewallRuleTO.java | 6 +
.../element/JuniperSRXExternalFirewallElement.java | 2 +-
.../cloud/network/resource/JuniperSrxResource.java | 322 +++++++++++----
scripts/network/juniper/application-add.xml | 2 +-
scripts/network/juniper/security-policy-add.xml | 4 +-
.../network/ExternalFirewallDeviceManagerImpl.java | 12 +-
.../src/com/cloud/upgrade/dao/Upgrade410to420.java | 60 +++
7 files changed, 328 insertions(+), 80 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a4a059c0/api/src/com/cloud/agent/api/to/FirewallRuleTO.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/agent/api/to/FirewallRuleTO.java b/api/src/com/cloud/agent/api/to/FirewallRuleTO.java
index 7f77936..f296aa4 100644
--- a/api/src/com/cloud/agent/api/to/FirewallRuleTO.java
+++ b/api/src/com/cloud/agent/api/to/FirewallRuleTO.java
@@ -23,6 +23,7 @@ import org.apache.cloudstack.api.InternalIdentity;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.FirewallRule.State;
+import com.cloud.network.rules.FirewallRule.TrafficType;
import com.cloud.utils.net.NetUtils;
/**
@@ -109,6 +110,11 @@ public class FirewallRuleTO implements InternalIdentity {
this(rule.getId(),srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), revokeState, alreadyAdded, purpose,rule.getSourceCidrList(),rule.getIcmpType(),rule.getIcmpCode());
}
+ public FirewallRuleTO(FirewallRule rule, String guestVlanTag, FirewallRule.TrafficType trafficType) {
+ this(rule.getId(), guestVlanTag, null, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState()==State.Revoke, rule.getState()==State.Active, rule.getPurpose(), rule.getSourceCidrList(), rule.getIcmpType(), rule.getIcmpCode());
+ this.trafficType = trafficType;
+ }
+
public FirewallRule.TrafficType getTrafficType(){
return trafficType;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a4a059c0/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java b/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
index af0912a..64b0f5a 100644
--- a/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
+++ b/plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
@@ -274,7 +274,7 @@ PortForwardingServiceProvider, RemoteAccessVPNServiceProvider, IpDeployer, Junip
firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp");
firewallCapabilities.put(Capability.MultipleIps, "true");
firewallCapabilities.put(Capability.TrafficStatistics, "per public ip");
- firewallCapabilities.put(Capability.SupportedTrafficDirection, "ingress");
+ firewallCapabilities.put(Capability.SupportedTrafficDirection, "ingress, egress");
capabilities.put(Service.Firewall, firewallCapabilities);
// Disabling VPN for Juniper in Acton as it 1) Was never tested 2) probably just doesn't work
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a4a059c0/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java b/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java
index 8482168..a0068c3 100644
--- a/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java
+++ b/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java
@@ -303,7 +303,7 @@ public class JuniperSrxResource implements ServerResource {
}
private enum Protocol {
- tcp, udp, icmp, any;
+ tcp, udp, icmp, all, any;
}
private enum RuleMatchCondition {
@@ -320,7 +320,8 @@ public class JuniperSrxResource implements ServerResource {
private enum SecurityPolicyType {
STATIC_NAT("staticnat"),
DESTINATION_NAT("destnat"),
- VPN("vpn");
+ VPN("vpn"),
+ SECURITYPOLICY_EGRESS("egress");
private String identifier;
@@ -776,6 +777,43 @@ public class JuniperSrxResource implements ServerResource {
s_logger.debug(msg);
}
+ private Map<String, ArrayList<FirewallRuleTO>> getActiveFirewallEgressRules(FirewallRuleTO[] allRules) {
+ Map<String, ArrayList<FirewallRuleTO>> activeRules = new HashMap<String, ArrayList<FirewallRuleTO>>();
+
+ for (FirewallRuleTO rule : allRules) {
+ String guestVlan;
+ guestVlan = rule.getSrcVlanTag();
+
+ ArrayList<FirewallRuleTO> activeRulesForNetwork = activeRules.get(guestVlan);
+
+ if (activeRulesForNetwork == null) {
+ activeRulesForNetwork = new ArrayList<FirewallRuleTO>();
+ }
+
+ if (!rule.revoked() || rule.isAlreadyAdded()) {
+ activeRulesForNetwork.add(rule);
+ }
+
+ activeRules.put(guestVlan, activeRulesForNetwork);
+ }
+
+ return activeRules;
+ }
+
+ private List<String> extractCidrs(List<FirewallRuleTO> rules) throws ExecutionException {
+ List<String> allCidrs = new ArrayList<String>();
+ List<String> cidrs = new ArrayList<String>();
+
+ for (FirewallRuleTO rule : rules) {
+ cidrs = (rule.getSourceCidrList());
+ for (String cidr: cidrs) {
+ if (!allCidrs.contains(cidr)) {
+ allCidrs.add(cidr);
+ }
+ }
+ }
+ return allCidrs;
+ }
/* security policies */
private synchronized Answer execute(SetFirewallRulesCommand cmd) {
@@ -787,24 +825,39 @@ public class JuniperSrxResource implements ServerResource {
FirewallRuleTO[] rules = cmd.getRules();
try {
openConfiguration();
+ if (rules[0].getTrafficType() == FirewallRule.TrafficType.Egress) {
+ Map<String, ArrayList<FirewallRuleTO>> activeRules = getActiveFirewallEgressRules(rules);
+ Set<String> guestVlans = activeRules.keySet();
+ List<String> cidrs = new ArrayList();
- for (FirewallRuleTO rule : rules) {
- int startPort = 0, endPort = 0;
- if (rule.getSrcPortRange() != null) {
- startPort = rule.getSrcPortRange()[0];
- endPort = rule.getSrcPortRange()[1];
+ for (String guestVlan : guestVlans) {
+ List<FirewallRuleTO> activeRulesForGuestNw = activeRules.get(guestVlan);
+
+ removeEgressSecurityPolicyAndApplications(SecurityPolicyType.SECURITYPOLICY_EGRESS, guestVlan, extractCidrs(activeRulesForGuestNw));
+ if (activeRulesForGuestNw.size() > 0) {
+ addEgressSecurityPolicyAndApplications(SecurityPolicyType.SECURITYPOLICY_EGRESS, guestVlan, extractApplications(activeRulesForGuestNw), extractCidrs(activeRulesForGuestNw));
+ }
}
- FirewallFilterTerm term = new FirewallFilterTerm(genIpIdentifier(rule.getSrcIp()) + "-" + String.valueOf(rule.getId()), rule.getSourceCidrList(),
- rule.getSrcIp(), rule.getProtocol(), startPort, endPort,
- rule.getIcmpType(), rule.getIcmpCode(), genIpIdentifier(rule.getSrcIp()) + _usageFilterIPInput.getCounterIdentifier());
- if (!rule.revoked()) {
- manageFirewallFilter(SrxCommand.ADD, term, _publicZoneInputFilterName);
- } else {
- manageFirewallFilter(SrxCommand.DELETE, term, _publicZoneInputFilterName);
+ commitConfiguration();
+ } else {
+ for (FirewallRuleTO rule : rules) {
+ int startPort = 0, endPort = 0;
+ if (rule.getSrcPortRange() != null) {
+ startPort = rule.getSrcPortRange()[0];
+ endPort = rule.getSrcPortRange()[1];
+ FirewallFilterTerm term = new FirewallFilterTerm(genIpIdentifier(rule.getSrcIp()) + "-" + String.valueOf(rule.getId()), rule.getSourceCidrList(),
+ rule.getSrcIp(), rule.getProtocol(), startPort, endPort,
+ rule.getIcmpType(), rule.getIcmpCode(), genIpIdentifier(rule.getSrcIp()) + _usageFilterIPInput.getCounterIdentifier());
+ if (!rule.revoked()) {
+ manageFirewallFilter(SrxCommand.ADD, term, _publicZoneInputFilterName);
+ } else {
+ manageFirewallFilter(SrxCommand.DELETE, term, _publicZoneInputFilterName);
+ }
+ }
+ commitConfiguration();
}
}
- commitConfiguration();
return new Answer(cmd);
} catch (ExecutionException e) {
s_logger.error(e);
@@ -992,7 +1045,7 @@ public class JuniperSrxResource implements ServerResource {
// Delete all security policies
for (String securityPolicyName : getVpnObjectNames(SrxXml.SECURITY_POLICY_GETALL, accountId)) {
- manageSecurityPolicy(SecurityPolicyType.VPN, SrxCommand.DELETE, accountId, null, null, null, securityPolicyName);
+ manageSecurityPolicy(SecurityPolicyType.VPN, SrxCommand.DELETE, accountId, null, null, null, null, securityPolicyName);
}
// Delete all address book entries
@@ -1064,7 +1117,7 @@ public class JuniperSrxResource implements ServerResource {
manageAddressBookEntry(srxCmd, _privateZone , guestNetworkCidr, ipsecVpnName);
// Security policy
- manageSecurityPolicy(SecurityPolicyType.VPN, srxCmd, null, null, guestNetworkCidr, null, ipsecVpnName);
+ manageSecurityPolicy(SecurityPolicyType.VPN, srxCmd, null, null, guestNetworkCidr, null, null, ipsecVpnName);
}
commitConfiguration();
@@ -2455,38 +2508,44 @@ public class JuniperSrxResource implements ServerResource {
* Applications
*/
- private String genApplicationName(Protocol protocol, int startPort, int endPort) {
+ private String genApplicationName(SecurityPolicyType type, Protocol protocol, int startPort, int endPort) {
if (protocol.equals(Protocol.any)) {
return Protocol.any.toString();
} else {
- return genObjectName(protocol.toString(), String.valueOf(startPort), String.valueOf(endPort));
+ if (type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS)) {
+ return genObjectName(type.getIdentifier(), protocol.toString(), String.valueOf(startPort), String.valueOf(endPort));
+ } else {
+ return genObjectName(protocol.toString(), String.valueOf(startPort), String.valueOf(endPort));
+ }
}
}
- private Object[] parseApplicationName(String applicationName) throws ExecutionException {
+ private Object[] parseApplicationName(SecurityPolicyType type, String applicationName) throws ExecutionException {
String errorMsg = "Invalid application: " + applicationName;
String[] applicationComponents = applicationName.split("-");
Protocol protocol;
Integer startPort;
Integer endPort;
+ int offset = 0;
try {
- protocol = getProtocol(applicationComponents[0]);
- startPort = Integer.parseInt(applicationComponents[1]);
- endPort = Integer.parseInt(applicationComponents[2]);
- } catch (Exception e) {
+ offset = type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS) ? 1 : 0;
+ protocol = getProtocol(applicationComponents[offset + 0]);
+ startPort = Integer.parseInt(applicationComponents[offset + 1]);
+ endPort = Integer.parseInt(applicationComponents[offset + 2]);
+ } catch (Exception e) {
throw new ExecutionException(errorMsg);
}
return new Object[]{protocol, startPort, endPort};
}
- private boolean manageApplication(SrxCommand command, Protocol protocol, int startPort, int endPort) throws ExecutionException {
+ private boolean manageApplication(SecurityPolicyType type, SrxCommand command, Protocol protocol, int startPort, int endPort) throws ExecutionException {
if (protocol.equals(Protocol.any)) {
return true;
}
- String applicationName = genApplicationName(protocol, startPort, endPort);
+ String applicationName = genApplicationName(type, protocol, startPort, endPort);
String xml;
switch (command) {
@@ -2498,23 +2557,28 @@ public class JuniperSrxResource implements ServerResource {
return sendRequestAndCheckResponse(command, xml, "name", applicationName);
case ADD:
- if (manageApplication(SrxCommand.CHECK_IF_EXISTS, protocol, startPort, endPort)) {
+ if (manageApplication(type, SrxCommand.CHECK_IF_EXISTS, protocol, startPort, endPort)) {
return true;
}
-
+ String icmpOrDestPort;
xml = SrxXml.APPLICATION_ADD.getXml();
xml = replaceXmlValue(xml, "name", applicationName);
xml = replaceXmlValue(xml, "protocol", protocol.toString());
-
- String destPort;
- if (startPort == endPort) {
- destPort = String.valueOf(startPort);
+ if (protocol.toString() == Protocol.icmp.toString()) {
+ icmpOrDestPort = "<icmp-type>" + startPort + "</icmp-type>";
+ icmpOrDestPort += "<icmp-code>" + endPort + "</icmp-code>";
} else {
- destPort = startPort + "-" + endPort;
- }
+ String destPort;
- xml = replaceXmlValue(xml, "dest-port", destPort);
+ if (startPort == endPort) {
+ destPort = String.valueOf(startPort);
+ } else {
+ destPort = startPort + "-" + endPort;
+ }
+ icmpOrDestPort = "<destination-port>" + destPort + "</destination-port>";
+ }
+ xml = replaceXmlValue(xml, "dest-port-icmp", icmpOrDestPort);
if (!sendRequestAndCheckResponse(command, xml)) {
throw new ExecutionException("Failed to add application " + applicationName);
} else {
@@ -2522,7 +2586,7 @@ public class JuniperSrxResource implements ServerResource {
}
case DELETE:
- if (!manageApplication(SrxCommand.CHECK_IF_EXISTS, protocol, startPort, endPort)) {
+ if (!manageApplication(type, SrxCommand.CHECK_IF_EXISTS, protocol, startPort, endPort)) {
return true;
}
@@ -2543,13 +2607,13 @@ public class JuniperSrxResource implements ServerResource {
}
- private List<String> getUnusedApplications(List<String> applications) throws ExecutionException {
+ private List<String> getUnusedApplications(List<String> applications, String fromZone, String toZone) throws ExecutionException {
List<String> unusedApplications = new ArrayList<String>();
// Check if any of the applications are unused by existing security policies
String xml = SrxXml.SECURITY_POLICY_GETALL.getXml();
- xml = replaceXmlValue(xml, "from-zone", _publicZone);
- xml = replaceXmlValue(xml, "to-zone", _privateZone);
+ xml = replaceXmlValue(xml, "from-zone", fromZone);
+ xml = replaceXmlValue(xml, "to-zone", toZone);
String allPolicies = sendRequest(xml);
for (String application : applications) {
@@ -2560,10 +2624,7 @@ public class JuniperSrxResource implements ServerResource {
return unusedApplications;
}
-
- private List<String> getApplicationsForSecurityPolicy(SecurityPolicyType type, String privateIp) throws ExecutionException {
- String fromZone = _publicZone;
- String toZone = _privateZone;
+ private List<String> getApplicationsForSecurityPolicy(SecurityPolicyType type, String privateIp, String fromZone, String toZone) throws ExecutionException {
String policyName = genSecurityPolicyName(type, null, null, fromZone, toZone, privateIp);
String xml = SrxXml.SECURITY_POLICY_GETONE.getXml();
xml = setDelete(xml, false);
@@ -2591,8 +2652,31 @@ public class JuniperSrxResource implements ServerResource {
for (FirewallRuleTO rule : rules) {
Object[] application = new Object[3];
application[0] = getProtocol(rule.getProtocol());
- application[1] = rule.getSrcPortRange()[0];
- application[2] = rule.getSrcPortRange()[1];
+ if (application[0] == Protocol.icmp) {
+ if (rule.getIcmpType() == -1) {
+ application[1] = 255;
+ } else {
+ application[1] = rule.getIcmpType();
+ }
+
+ if (rule.getIcmpCode() == -1) {
+ application[2] = 255;
+ } else {
+ application[2] = rule.getIcmpCode();
+ }
+ } else if (application[0] == Protocol.tcp || application[0] == Protocol.udp) {
+ if (rule.getSrcPortRange() != null) {
+ application[1] = rule.getSrcPortRange()[0];
+ application[2] = rule.getSrcPortRange()[1];
+ } else {
+ application[1] = 0;
+ application[2] = 65535;
+ }
+ } else if (application[0] == Protocol.all) {
+ application[1] = 0;
+ application[2] = 65535;
+ }
+
applications.add(application);
}
@@ -2611,16 +2695,20 @@ public class JuniperSrxResource implements ServerResource {
}
}
- private boolean manageSecurityPolicy(SecurityPolicyType type, SrxCommand command, Long accountId, String username, String privateIp, List<String> applicationNames, String ipsecVpnName) throws ExecutionException {
+ private boolean manageSecurityPolicy(SecurityPolicyType type, SrxCommand command, Long accountId, String username, String privateIp, List<String> applicationNames, List<String> cidrs, String ipsecVpnName) throws ExecutionException {
String fromZone = _publicZone;
String toZone = _privateZone;
String securityPolicyName;
- String addressBookEntryName;
-
+ String addressBookEntryName = null;
+
if (type.equals(SecurityPolicyType.VPN) && ipsecVpnName != null) {
- securityPolicyName = ipsecVpnName;
- addressBookEntryName = ipsecVpnName;
+ securityPolicyName = ipsecVpnName;
+ addressBookEntryName = ipsecVpnName;
+ } else if (type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS)) {
+ fromZone = _privateZone;
+ toZone = _publicZone;
+ securityPolicyName = genSecurityPolicyName(type, accountId, username, fromZone, toZone, privateIp);
} else {
securityPolicyName = genSecurityPolicyName(type, accountId, username, fromZone, toZone, privateIp);
addressBookEntryName = genAddressBookEntryName(privateIp);
@@ -2661,17 +2749,38 @@ public class JuniperSrxResource implements ServerResource {
return false;
case ADD:
- if (!manageAddressBookEntry(SrxCommand.CHECK_IF_EXISTS, toZone, privateIp, ipsecVpnName)) {
- throw new ExecutionException("No address book entry for policy: " + securityPolicyName);
+ if (!type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS)) {
+ if (!manageAddressBookEntry(SrxCommand.CHECK_IF_EXISTS, toZone, privateIp, addressBookEntryName)) {
+ throw new ExecutionException("No address book entry for policy: " + securityPolicyName);
+ }
+ }
+
+ String srcAddrs = "";
+ String dstAddrs = "";
+ xml = SrxXml.SECURITY_POLICY_ADD.getXml();
+ xml = replaceXmlValue(xml, "policy-name", securityPolicyName);
+ if (type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS)) {
+ xml = replaceXmlValue(xml, "from-zone", _privateZone);
+ xml = replaceXmlValue(xml, "to-zone", _publicZone);
+ if (cidrs == null) {
+ srcAddrs = "<source-address>any</source-address>";
+ } else {
+ for (String cidr : cidrs) {
+ srcAddrs += "<source-address>" + genAddressBookEntryName(cidr) + "</source-address>";
+ }
+ }
+ xml = replaceXmlValue(xml, "src-address", srcAddrs);
+ dstAddrs = "<destination-address>any</destination-address>";
+ xml = replaceXmlValue(xml, "dst-address", dstAddrs);
+ } else {
+ xml = replaceXmlValue(xml, "from-zone", fromZone);
+ xml = replaceXmlValue(xml, "to-zone", toZone);
+ srcAddrs = "<source-address>any</source-address>";
+ xml = replaceXmlValue(xml, "src-address", srcAddrs);
+ dstAddrs = "<destination-address>" + addressBookEntryName + "</destination-address>";
+ xml = replaceXmlValue(xml, "dst-address", dstAddrs);
}
- xml = SrxXml.SECURITY_POLICY_ADD.getXml();
- xml = replaceXmlValue(xml, "from-zone", fromZone);
- xml = replaceXmlValue(xml, "to-zone", toZone);
- xml = replaceXmlValue(xml, "policy-name", securityPolicyName);
- xml = replaceXmlValue(xml, "src-address", "any");
- xml = replaceXmlValue(xml, "dest-address", addressBookEntryName);
-
if (type.equals(SecurityPolicyType.VPN) && ipsecVpnName != null) {
xml = replaceXmlValue(xml, "tunnel", "<tunnel><ipsec-vpn>" + ipsecVpnName + "</ipsec-vpn></tunnel>");
} else {
@@ -2679,7 +2788,7 @@ public class JuniperSrxResource implements ServerResource {
}
String applications;
- if (applicationNames == null) {
+ if (applicationNames == null || applicationNames.size() == 0) {
applications = "<application>any</application>";
} else {
applications = "";
@@ -2697,11 +2806,11 @@ public class JuniperSrxResource implements ServerResource {
}
case DELETE:
- if (!manageSecurityPolicy(type, SrxCommand.CHECK_IF_EXISTS, null, null, privateIp, applicationNames, ipsecVpnName)) {
+ if (!manageSecurityPolicy(type, SrxCommand.CHECK_IF_EXISTS, null, null, privateIp, applicationNames, cidrs, ipsecVpnName)) {
return true;
}
- if (manageSecurityPolicy(type, SrxCommand.CHECK_IF_IN_USE, null, null, privateIp, applicationNames, ipsecVpnName)) {
+ if (manageSecurityPolicy(type, SrxCommand.CHECK_IF_IN_USE, null, null, privateIp, applicationNames, cidrs, ipsecVpnName)) {
return true;
}
@@ -2757,42 +2866,77 @@ public class JuniperSrxResource implements ServerResource {
int startPort = application[1] != null ? ((Integer) application[1]) : -1;
int endPort = application[2] != null ? ((Integer) application[2]) : -1;
- String applicationName = genApplicationName(protocol, startPort, endPort);
+ String applicationName = genApplicationName(type, protocol, startPort, endPort);
if (!applicationNames.contains(applicationName)) {
applicationNames.add(applicationName);
}
- manageApplication(SrxCommand.ADD, protocol, startPort, endPort);
+ manageApplication(type, SrxCommand.ADD, protocol, startPort, endPort);
}
// Add a new security policy
- manageSecurityPolicy(type, SrxCommand.ADD, null, null, privateIp, applicationNames, null);
+ manageSecurityPolicy(type, SrxCommand.ADD, null, null, privateIp, applicationNames, null, null);
return true;
}
private boolean removeSecurityPolicyAndApplications(SecurityPolicyType type, String privateIp) throws ExecutionException {
- if (!manageSecurityPolicy(type, SrxCommand.CHECK_IF_EXISTS, null, null, privateIp, null, null)) {
+ if (!manageSecurityPolicy(type, SrxCommand.CHECK_IF_EXISTS, null, null, privateIp, null,null, null)) {
return true;
}
- if (manageSecurityPolicy(type, SrxCommand.CHECK_IF_IN_USE, null, null, privateIp, null, null)) {
+ if (manageSecurityPolicy(type, SrxCommand.CHECK_IF_IN_USE, null, null, privateIp, null, null, null)) {
return true;
}
// Get a list of applications for this security policy
- List<String> applications = getApplicationsForSecurityPolicy(type, privateIp);
+ List<String> applications = getApplicationsForSecurityPolicy(type, privateIp, _publicZone, _privateZone);
+
+ // Remove the security policy
+ manageSecurityPolicy(type, SrxCommand.DELETE, null, null, privateIp, null, null, null);
+
+ // Remove any applications for the removed security policy that are no longer in use
+ List<String> unusedApplications = getUnusedApplications(applications, _publicZone, _privateZone);
+ for (String application : unusedApplications) {
+ Object[] applicationComponents;
+
+ try {
+ applicationComponents = parseApplicationName(type, application);
+ } catch (ExecutionException e) {
+ s_logger.error("Found an invalid application: " + application + ". Not attempting to clean up.");
+ continue;
+ }
+
+ Protocol protocol = (Protocol) applicationComponents[0];
+ Integer startPort = (Integer) applicationComponents[1];
+ Integer endPort = (Integer) applicationComponents[2];
+ manageApplication(type, SrxCommand.DELETE, protocol, startPort, endPort);
+ }
+
+ return true;
+ }
+
+
+ private boolean removeEgressSecurityPolicyAndApplications(SecurityPolicyType type, String guestVlan, List <String> cidrs) throws ExecutionException {
+ if (!manageSecurityPolicy(type, SrxCommand.CHECK_IF_EXISTS, null, null, guestVlan, null, cidrs, null)) {
+ return true;
+ }
+ // Get a list of applications for this security policy
+ List<String> applications;
+ applications = getApplicationsForSecurityPolicy(type, guestVlan, _privateZone, _publicZone);
- // Remove the security policy
- manageSecurityPolicy(type, SrxCommand.DELETE, null, null, privateIp, null, null);
+ // Remove the security policy even if it is in use
+ manageSecurityPolicy(type, SrxCommand.DELETE, null, null, guestVlan, null, cidrs, null);
// Remove any applications for the removed security policy that are no longer in use
- List<String> unusedApplications = getUnusedApplications(applications);
+ List<String> unusedApplications;
+ unusedApplications = getUnusedApplications(applications, _privateZone, _publicZone);
+
for (String application : unusedApplications) {
Object[] applicationComponents;
try {
- applicationComponents = parseApplicationName(application);
+ applicationComponents = parseApplicationName(type, application);
} catch (ExecutionException e) {
s_logger.error("Found an invalid application: " + application + ". Not attempting to clean up.");
continue;
@@ -2800,13 +2944,43 @@ public class JuniperSrxResource implements ServerResource {
Protocol protocol = (Protocol) applicationComponents[0];
Integer startPort = (Integer) applicationComponents[1];
- Integer endPort = (Integer) applicationComponents[2];
- manageApplication(SrxCommand.DELETE, protocol, startPort, endPort);
+ Integer endPort = (Integer) applicationComponents[2];
+ manageApplication(type, SrxCommand.DELETE, protocol, startPort, endPort);
}
+ for (String cidr: cidrs) {
+ manageAddressBookEntry(SrxCommand.DELETE, _publicZone, cidr, null);
+ }
return true;
}
+ private boolean addEgressSecurityPolicyAndApplications(SecurityPolicyType type, String guestVlan, List<Object[]> applications, List <String> cidrs) throws ExecutionException {
+ // Add all necessary applications
+ List<String> applicationNames = new ArrayList<String>();
+ for (Object[] application : applications) {
+ Protocol protocol = (Protocol) application[0];
+ if (!protocol.equals(Protocol.all)) {
+ int startPort = application[1] != null ? ((Integer) application[1]) : 0;
+ int endPort = application[2] != null ? ((Integer) application[2]) : 65535;
+
+ String applicationName = genApplicationName(type, protocol, startPort, endPort);
+ if (!applicationNames.contains(applicationName)) {
+ applicationNames.add(applicationName);
+ }
+ manageApplication(type, SrxCommand.ADD, protocol, startPort, endPort);
+ }
+ }
+
+ for (String cidr: cidrs) {
+ manageAddressBookEntry(SrxCommand.ADD, _privateZone, cidr, null);
+ }
+
+ // Add a new security policy
+ manageSecurityPolicy(type, SrxCommand.ADD, null, null, guestVlan, applicationNames, cidrs, null);
+ s_logger.debug("Added Egress firewall rule for guest network " + guestVlan);
+ return true;
+ }
+
/*
* Filter terms
*/
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a4a059c0/scripts/network/juniper/application-add.xml
----------------------------------------------------------------------
diff --git a/scripts/network/juniper/application-add.xml b/scripts/network/juniper/application-add.xml
index 6603850..177329a 100644
--- a/scripts/network/juniper/application-add.xml
+++ b/scripts/network/juniper/application-add.xml
@@ -23,7 +23,7 @@ under the License.
<application>
<name>%name%</name>
<protocol>%protocol%</protocol>
-<destination-port>%dest-port%</destination-port>
+%dest-port-icmp%
</application>
</applications>
</configuration>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a4a059c0/scripts/network/juniper/security-policy-add.xml
----------------------------------------------------------------------
diff --git a/scripts/network/juniper/security-policy-add.xml b/scripts/network/juniper/security-policy-add.xml
index 632a17d..595e026 100644
--- a/scripts/network/juniper/security-policy-add.xml
+++ b/scripts/network/juniper/security-policy-add.xml
@@ -27,8 +27,8 @@ under the License.
<policy>
<name>%policy-name%</name>
<match>
-<source-address>%src-address%</source-address>
-<destination-address>%dest-address%</destination-address>
+%src-address%
+%dst-address%
%applications%
</match>
<then>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a4a059c0/server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java b/server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java
index 1fc32d0..c2038e5 100644
--- a/server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java
+++ b/server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java
@@ -1,3 +1,4 @@
+
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
@@ -541,8 +542,15 @@ public abstract class ExternalFirewallDeviceManagerImpl extends AdapterBase impl
if (rule.getSourceCidrList() == null && (rule.getPurpose() == Purpose.Firewall || rule.getPurpose() == Purpose.NetworkACL)) {
_fwRulesDao.loadSourceCidrs((FirewallRuleVO)rule);
}
- IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
- FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr());
+ FirewallRuleTO ruleTO;
+ if (rule.getPurpose() == Purpose.Firewall && rule.getTrafficType() == FirewallRule.TrafficType.Egress) {
+ String guestVlanTag = network.getBroadcastUri().getHost();
+ String guestCidr = network.getCidr();
+ ruleTO = new FirewallRuleTO(rule, guestVlanTag, rule.getTrafficType());
+ } else {
+ IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
+ ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr());
+ }
rulesTO.add(ruleTO);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a4a059c0/server/src/com/cloud/upgrade/dao/Upgrade410to420.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/upgrade/dao/Upgrade410to420.java b/server/src/com/cloud/upgrade/dao/Upgrade410to420.java
index f39038f..b43e494 100644
--- a/server/src/com/cloud/upgrade/dao/Upgrade410to420.java
+++ b/server/src/com/cloud/upgrade/dao/Upgrade410to420.java
@@ -65,6 +65,7 @@ public class Upgrade410to420 implements DbUpgrade {
updateSystemVmTemplates(conn);
updateCluster_details(conn);
updatePrimaryStore(conn);
+ addEgressFwRulesForSRXGuestNw(conn);
}
private void updateSystemVmTemplates(Connection conn) {
@@ -305,4 +306,63 @@ public class Upgrade410to420 implements DbUpgrade {
}
}
}
+ private void addEgressFwRulesForSRXGuestNw(Connection conn) {
+ PreparedStatement pstmt = null;
+ ResultSet rs = null;
+ ResultSet rsId = null;
+ ResultSet rsNw = null;
+ try {
+ pstmt = conn.prepareStatement("select network_id FROM `cloud`.`ntwk_service_map` where service='Firewall' and provider='JuniperSRX' ");
+ rs = pstmt.executeQuery();
+ while (rs.next()) {
+ long netId = rs.getLong(1);
+ //checking for Isolated OR Virtual
+ pstmt = conn.prepareStatement("select account_id, domain_id FROM `cloud`.`networks` where (guest_type='Isolated' OR guest_type='Virtual') and traffic_type='Guest' and vpc_id is NULL and (state='implemented' OR state='Shutdown') and id=? ");
+ pstmt.setLong(1, netId);
+ s_logger.debug("Getting account_id, domain_id from networks table: " + pstmt);
+ rsNw = pstmt.executeQuery();
+
+ if(rsNw.next()) {
+ long accountId = rsNw.getLong(1);
+ long domainId = rsNw.getLong(2);
+
+ //Add new rule for the existing networks
+ s_logger.debug("Adding default egress firewall rule for network " + netId);
+ pstmt = conn.prepareStatement("INSERT INTO firewall_rules (uuid, state, protocol, purpose, account_id, domain_id, network_id, xid, created, traffic_type) VALUES (?, 'Active', 'all', 'Firewall', ?, ?, ?, ?, now(), 'Egress')");
+ pstmt.setString(1, UUID.randomUUID().toString());
+ pstmt.setLong(2, accountId);
+ pstmt.setLong(3, domainId);
+ pstmt.setLong(4, netId);
+ pstmt.setString(5, UUID.randomUUID().toString());
+ s_logger.debug("Inserting default egress firewall rule " + pstmt);
+ pstmt.executeUpdate();
+
+ pstmt = conn.prepareStatement("select id from firewall_rules where protocol='all' and network_id=?");
+ pstmt.setLong(1, netId);
+ rsId = pstmt.executeQuery();
+
+ long firewallRuleId;
+ if(rsId.next()) {
+ firewallRuleId = rsId.getLong(1);
+ pstmt = conn.prepareStatement("insert into firewall_rules_cidrs (firewall_rule_id,source_cidr) values (?, '0.0.0.0/0')");
+ pstmt.setLong(1, firewallRuleId);
+ s_logger.debug("Inserting rule for cidr 0.0.0.0/0 for the new Firewall rule id=" + firewallRuleId + " with statement " + pstmt);
+ pstmt.executeUpdate();
+ }
+ }
+ }
+ } catch (SQLException e) {
+ throw new CloudRuntimeException("Unable to set egress firewall rules ", e);
+ } finally {
+ try {
+ if (rs != null) {
+ rs.close();
+ }
+ if (pstmt != null) {
+ pstmt.close();
+ }
+ } catch (SQLException e) {
+ }
+ }
+ }
}
[02/11] git commit: updated refs/heads/ui-mixed-zone-management to
fa8b835
Posted by bf...@apache.org.
Fixed the issue - VM deployment for local service offering for Root and with data disk(shared), was deploying data disk to local disk too. Currently there is no way to let the planner know multiple pool information, hence letting the planner search for a pool always during VM deployment.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ee0a91d1
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ee0a91d1
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ee0a91d1
Branch: refs/heads/ui-mixed-zone-management
Commit: ee0a91d111349b981d5f97fa69c97c34d9f15268
Parents: ed79b8b
Author: Prachi Damle <pr...@cloud.com>
Authored: Wed Apr 10 10:46:53 2013 -0700
Committer: Prachi Damle <pr...@cloud.com>
Committed: Wed Apr 10 10:47:50 2013 -0700
----------------------------------------------------------------------
.../cloud/entity/api/VMEntityManagerImpl.java | 2 +-
server/src/com/cloud/deploy/FirstFitPlanner.java | 39 ++++++++-------
2 files changed, 21 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ee0a91d1/engine/orchestration/src/org/apache/cloudstack/engine/cloud/entity/api/VMEntityManagerImpl.java
----------------------------------------------------------------------
diff --git a/engine/orchestration/src/org/apache/cloudstack/engine/cloud/entity/api/VMEntityManagerImpl.java b/engine/orchestration/src/org/apache/cloudstack/engine/cloud/entity/api/VMEntityManagerImpl.java
index 8b9b100..0359db9 100755
--- a/engine/orchestration/src/org/apache/cloudstack/engine/cloud/entity/api/VMEntityManagerImpl.java
+++ b/engine/orchestration/src/org/apache/cloudstack/engine/cloud/entity/api/VMEntityManagerImpl.java
@@ -207,7 +207,7 @@ public class VMEntityManagerImpl implements VMEntityManager {
}
DataCenterDeployment plan = new DataCenterDeployment(vm.getDataCenterId(), vmReservation.getPodId(), vmReservation.getClusterId(),
- vmReservation.getHostId(), poolId , null);
+ vmReservation.getHostId(), null , null);
VMInstanceVO vmDeployed = _itMgr.start(vm, params, _userDao.findById(new Long(caller)), _accountDao.findById(vm.getAccountId()), plan);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ee0a91d1/server/src/com/cloud/deploy/FirstFitPlanner.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/deploy/FirstFitPlanner.java b/server/src/com/cloud/deploy/FirstFitPlanner.java
index 012d160..2dffe70 100755
--- a/server/src/com/cloud/deploy/FirstFitPlanner.java
+++ b/server/src/com/cloud/deploy/FirstFitPlanner.java
@@ -102,7 +102,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
@Inject protected StorageManager _storageMgr;
@Inject DataStoreManager dataStoreMgr;
@Inject protected ClusterDetailsDao _clusterDetailsDao;
-
+
protected List<StoragePoolAllocator> _storagePoolAllocators;
public List<StoragePoolAllocator> getStoragePoolAllocators() {
return _storagePoolAllocators;
@@ -157,7 +157,8 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
if(plan.getHostId() != null && haVmTag == null){
Long hostIdSpecified = plan.getHostId();
if (s_logger.isDebugEnabled()){
- s_logger.debug("DeploymentPlan has host_id specified, making no checks on this host, looks like admin test: "+hostIdSpecified);
+ s_logger.debug("DeploymentPlan has host_id specified, choosing this host and making no checks on this host: "
+ + hostIdSpecified);
}
HostVO host = _hostDao.findById(hostIdSpecified);
if (s_logger.isDebugEnabled()) {
@@ -407,9 +408,9 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
}
/**
- * This method should reorder the given list of Cluster Ids by applying any necessary heuristic
+ * This method should reorder the given list of Cluster Ids by applying any necessary heuristic
* for this planner
- * For FirstFitPlanner there is no specific heuristic to be applied
+ * For FirstFitPlanner there is no specific heuristic to be applied
* other than the capacity based ordering which is done by default.
* @return List<Long> ordered list of Cluster Ids
*/
@@ -419,9 +420,9 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
}
/**
- * This method should reorder the given list of Pod Ids by applying any necessary heuristic
+ * This method should reorder the given list of Pod Ids by applying any necessary heuristic
* for this planner
- * For FirstFitPlanner there is no specific heuristic to be applied
+ * For FirstFitPlanner there is no specific heuristic to be applied
* other than the capacity based ordering which is done by default.
* @return List<Long> ordered list of Pod Ids
*/
@@ -443,7 +444,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
private List<Long> listDisabledPods(long zoneId){
List<Long> disabledPods = _podDao.listDisabledPods(zoneId);
return disabledPods;
- }
+ }
private Map<Short,Float> getCapacityThresholdMap(){
// Lets build this real time so that the admin wont have to restart MS if he changes these values
@@ -461,9 +462,9 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
}
private List<Short> getCapacitiesForCheckingThreshold(){
- List<Short> capacityList = new ArrayList<Short>();
+ List<Short> capacityList = new ArrayList<Short>();
capacityList.add(Capacity.CAPACITY_TYPE_CPU);
- capacityList.add(Capacity.CAPACITY_TYPE_MEMORY);
+ capacityList.add(Capacity.CAPACITY_TYPE_MEMORY);
return capacityList;
}
@@ -479,7 +480,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
// For each capacity get the cluster list crossing the threshold and remove it from the clusterList that will be used for vm allocation.
for(short capacity : capacityList){
-
+
if (clusterListForVmAllocation == null || clusterListForVmAllocation.size() == 0){
return;
}
@@ -492,17 +493,17 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
capacityThresholdMap.get(capacity), ram_requested );
}
-
+
if (clustersCrossingThreshold != null && clustersCrossingThreshold.size() != 0){
// addToAvoid Set
avoid.addClusterList(clustersCrossingThreshold);
// Remove clusters crossing disabled threshold
clusterListForVmAllocation.removeAll(clustersCrossingThreshold);
-
+
s_logger.debug("Cannot allocate cluster list " + clustersCrossingThreshold.toString() + " for vm creation since their allocated percentage" +
" crosses the disable capacity threshold: " + capacityThresholdMap.get(capacity) + " for capacity Type : " + capacity + ", skipping these clusters");
}
-
+
}
}
@@ -652,7 +653,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
public int compare(Volume v1, Volume v2) {
if(v1.getSize() < v2.getSize())
return 1;
- else
+ else
return -1;
}
});
@@ -749,7 +750,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
}else{
pool = (StoragePool)this.dataStoreMgr.getPrimaryDataStore(plan.getPoolId());
}
-
+
if(!pool.isInMaintenance()){
if(!avoid.shouldAvoid(pool)){
long exstPoolDcId = pool.getDataCenterId();
@@ -781,13 +782,13 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
if(!isRootAdmin(plan.getReservationContext())){
if(!isEnabledForAllocation(plan.getDataCenterId(), plan.getPodId(), plan.getClusterId())){
if(s_logger.isDebugEnabled()){
- s_logger.debug("Cannot allocate new storagepool for this volume in this cluster, allocation state is disabled");
+ s_logger.debug("Cannot allocate new storagepool for this volume in this cluster, allocation state is disabled");
s_logger.debug("Cannot deploy to this specified plan, allocation state is disabled, returning.");
}
- //Cannot find suitable storage pools under this cluster for this volume since allocation_state is disabled.
+ //Cannot find suitable storage pools under this cluster for this volume since allocation_state is disabled.
//- remove any suitable pools found for other volumes.
//All volumes should get suitable pools under this cluster; else we cant use this cluster.
- suitableVolumeStoragePools.clear();
+ suitableVolumeStoragePools.clear();
break;
}
}
@@ -877,7 +878,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
super.configure(name, params);
_allocationAlgorithm = _configDao.getValue(Config.VmAllocationAlgorithm.key());
return true;
- }
+ }
private boolean isEnabledForAllocation(long zoneId, Long podId, Long clusterId){
// Check if the zone exists in the system
[09/11] git commit: updated refs/heads/ui-mixed-zone-management to
fa8b835
Posted by bf...@apache.org.
Merge branch 'ui-new-project-switcher' into ui-mixed-zone-management
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/f51ccfcf
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/f51ccfcf
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/f51ccfcf
Branch: refs/heads/ui-mixed-zone-management
Commit: f51ccfcfb900a29a7c2f4c52620a493446e39925
Parents: 3fef24d aa5ed0a
Author: Brian Federle <br...@citrix.com>
Authored: Wed Apr 10 13:36:20 2013 -0700
Committer: Brian Federle <br...@citrix.com>
Committed: Wed Apr 10 13:36:20 2013 -0700
----------------------------------------------------------------------
ui/css/cloudstack3.css | 27 ++++++++++++++++++++---
ui/index.jsp | 3 +-
ui/scripts/ui-custom/projectSelect.js | 31 ++++++++++++++++++++++++++++
3 files changed, 56 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f51ccfcf/ui/index.jsp
----------------------------------------------------------------------
[06/11] git commit: updated refs/heads/ui-mixed-zone-management to
fa8b835
Posted by bf...@apache.org.
Send only \n rather than \r\n to agent socket when sending cmdline
to system VMS
BUG-ID: CLOUDSTACK-1732
Signed-off-by: Marcus Sorensen <ma...@betterservers.com> 1365622030 -0600
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/f66b9b57
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/f66b9b57
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/f66b9b57
Branch: refs/heads/ui-mixed-zone-management
Commit: f66b9b570f2acb35acfda2d159dcde6fa62390d5
Parents: 09542ce
Author: Marcus Sorensen <ma...@betterservers.com>
Authored: Wed Apr 10 13:27:10 2013 -0600
Committer: Marcus Sorensen <ma...@betterservers.com>
Committed: Wed Apr 10 13:27:10 2013 -0600
----------------------------------------------------------------------
scripts/vm/hypervisor/kvm/patchviasocket.pl | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f66b9b57/scripts/vm/hypervisor/kvm/patchviasocket.pl
----------------------------------------------------------------------
diff --git a/scripts/vm/hypervisor/kvm/patchviasocket.pl b/scripts/vm/hypervisor/kvm/patchviasocket.pl
index 443d6e4..7bcd245 100644
--- a/scripts/vm/hypervisor/kvm/patchviasocket.pl
+++ b/scripts/vm/hypervisor/kvm/patchviasocket.pl
@@ -53,6 +53,6 @@ my $msg = "pubkey:" . $key . "\ncmdline:" . $cmdline;
my $socket = IO::Socket::UNIX->new(Peer=>$sockfile,Type=>SOCK_STREAM)
or die "ERROR: unable to connect to $sockfile - $^E\n";
-print $socket "$msg\r\n";
+print $socket "$msg\n";
close $socket;
[04/11] git commit: updated refs/heads/ui-mixed-zone-management to
fa8b835
Posted by bf...@apache.org.
In system vm, wait for interface to be available before configuring gateway.
Previous patch to this only did so for system vms with a $3 interface, usually
eth2. System VMs that only provide DNS wouldn't get a gateway, for example.
BUG-ID: CLOUDSTACK-1565
Signed-off-by: Marcus Sorensen <ma...@betterservers.com> 1365617851 -0600
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/9670553e
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/9670553e
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/9670553e
Branch: refs/heads/ui-mixed-zone-management
Commit: 9670553ea85d6593046425f2c040cc08d2e61733
Parents: a4a059c
Author: Marcus Sorensen <ma...@betterservers.com>
Authored: Wed Apr 10 12:17:31 2013 -0600
Committer: Marcus Sorensen <ma...@betterservers.com>
Committed: Wed Apr 10 12:17:31 2013 -0600
----------------------------------------------------------------------
.../debian/config/etc/init.d/cloud-early-config | 54 ++++++++-------
1 files changed, 30 insertions(+), 24 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9670553e/patches/systemvm/debian/config/etc/init.d/cloud-early-config
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
index 514c0b0..3faa1bd 100755
--- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config
+++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
@@ -386,33 +386,39 @@ setup_common() {
ip route delete default
if [ "$RROUTER" != "1" ]
then
- if [ -z "$3" ]
+ gwdev=$3
+ if [ -z "$gwdev" ]
+ then
+ gwdev="eth0"
+ fi
+
+ timer=0
+ #default route add fails if we run before interface configured with ip
+ log_it "checking that $gwdev has IP before setting default route to $GW"
+ echo "checking that $gwdev has IP before setting default route to $GW"
+ while true
+ do
+ ip=$(ifconfig $gwdev | grep "inet addr:" | awk '{print $2}' | awk -F: '{print $2}')
+ if [ -z $ip ]
then
- ip route add default via $GW dev eth0
+ sleep 1;
+ #waiting for the interface to setup with ip
+ log_it "waiting for $gwdev interface setup with ip"
+ echo "waiting for $gwdev interface setup with ip"
else
- timer=0
- #default route add fails if we run before interface configured with ip
- while true
- do
- ip=$(ifconfig $3 | grep "inet addr:" | awk '{print $2}' | awk -F: '{print $2}')
- if [ -z $ip ]
- then
- sleep 1;
- #waiting for the interface to setup with ip
- echo "waiting for $3 interface setup with ip"
- else
- ip route add default via $GW dev $3
- break
- fi
-
- if [ $timer -gt 5 ]
- then
- echo "interface $3 is not set up with ip... configuring default route failed"
- break
- fi
- timer=`expr $timer + 1`
- done
+ ip route add default via $GW dev $gwdev
+ break
fi
+
+ if [ $timer -gt 15 ]
+ then
+ log_it "interface $gwdev is not set up with ip... configuring default route failed";
+ echo "interface $gwdev is not set up with ip... configuring default route failed"
+ break
+ fi
+ timer=`expr $timer + 1`
+ done
+
fi
# a hacking way to activate vSwitch under VMware
[08/11] git commit: updated refs/heads/ui-mixed-zone-management to
fa8b835
Posted by bf...@apache.org.
Merge branch 'master' into ui-mixed-zone-management
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/3fef24d3
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/3fef24d3
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/3fef24d3
Branch: refs/heads/ui-mixed-zone-management
Commit: 3fef24d3e86b18ef03ca67179f03d00661e1e7cc
Parents: 4b853cc f66b9b5
Author: Brian Federle <br...@citrix.com>
Authored: Wed Apr 10 13:36:13 2013 -0700
Committer: Brian Federle <br...@citrix.com>
Committed: Wed Apr 10 13:36:13 2013 -0700
----------------------------------------------------------------------
api/src/com/cloud/agent/api/to/FirewallRuleTO.java | 6 +
.../cloud/entity/api/VMEntityManagerImpl.java | 2 +-
.../debian/config/etc/init.d/cloud-early-config | 54 ++--
.../element/JuniperSRXExternalFirewallElement.java | 2 +-
.../cloud/network/resource/JuniperSrxResource.java | 322 +++++++++++----
scripts/network/juniper/application-add.xml | 2 +-
scripts/network/juniper/security-policy-add.xml | 4 +-
scripts/vm/hypervisor/kvm/patchviasocket.pl | 2 +-
server/src/com/cloud/deploy/FirstFitPlanner.java | 39 +-
.../network/ExternalFirewallDeviceManagerImpl.java | 12 +-
.../src/com/cloud/upgrade/dao/Upgrade410to420.java | 60 +++
.../definitions/systemvmtemplate/postinstall.sh | 27 +-
.../definitions/systemvmtemplate/preseed.cfg | 8 +-
.../definitions/systemvmtemplate64/postinstall.sh | 27 +-
.../definitions/systemvmtemplate64/preseed.cfg | 8 +-
15 files changed, 416 insertions(+), 159 deletions(-)
----------------------------------------------------------------------
[11/11] git commit: updated refs/heads/ui-mixed-zone-management to
fa8b835
Posted by bf...@apache.org.
Zone type switcher: Style, add functionality
- Add top label to zone switcher, add more styling
- Implement zone switching functionality, which on change sets
cloudStack.context.zoneType to the relevant filter option, or null
for 'All' zone types
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/fa8b8358
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/fa8b8358
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/fa8b8358
Branch: refs/heads/ui-mixed-zone-management
Commit: fa8b83581bd39230f98806ed43f4103bb5454469
Parents: 5014073
Author: Brian Federle <br...@citrix.com>
Authored: Wed Apr 10 14:43:42 2013 -0700
Committer: Brian Federle <br...@citrix.com>
Committed: Wed Apr 10 14:43:42 2013 -0700
----------------------------------------------------------------------
ui/css/cloudstack3.css | 30 ++++++++++++++++++++++++++++++
ui/index.jsp | 2 +-
ui/scripts/ui-custom/zoneFilter.js | 16 ++++++++++++----
3 files changed, 43 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/fa8b8358/ui/css/cloudstack3.css
----------------------------------------------------------------------
diff --git a/ui/css/cloudstack3.css b/ui/css/cloudstack3.css
index 61e5ab4..3211130 100644
--- a/ui/css/cloudstack3.css
+++ b/ui/css/cloudstack3.css
@@ -2277,6 +2277,34 @@ div.detail-group.actions td {
top: 13px;
}
+/** Zone filter (mixed zone management)*/
+#header .zone-filter {
+ float: left;
+ width: 111px;
+ margin: 9px 20px 0 2px;
+}
+
+#header .zone-filter label {
+ position: absolute;
+ top: -3px;
+ color: #FFFFFF;
+ font-size: 11px;
+}
+
+#header .zone-filter select {
+ width: 100%;
+ font-size: 12px;
+ border: 1px solid #000000;
+ border-bottom: #FFFFFF;
+ /*+border-radius:4px;*/
+ -moz-border-radius: 4px;
+ -webkit-border-radius: 4px;
+ -khtml-border-radius: 4px;
+ border-radius: 4px;
+ background: #ECECEC;
+ margin-top: 2px;
+}
+
/*Navigation*/
#navigation,
#browser {
@@ -8930,6 +8958,8 @@ div.ui-dialog div.multi-edit-add-list div.view div.data-table table.body tbody t
-webkit-border-radius: 4px;
-khtml-border-radius: 4px;
border-radius: 4px;
+ background: #ECECEC;
+ margin-top: 2px;
}
/*** Select project*/
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/fa8b8358/ui/index.jsp
----------------------------------------------------------------------
diff --git a/ui/index.jsp b/ui/index.jsp
index 5b3ef3a..6b7d431 100644
--- a/ui/index.jsp
+++ b/ui/index.jsp
@@ -1659,7 +1659,6 @@ under the License.
<script type="text/javascript" src="scripts/events.js?t=<%=now%>"></script>
<script type="text/javascript" src="scripts/regions.js?t=<%=now%>"></script>
<script type="text/javascript" src="scripts/ui-custom/regions.js?t=<%=now%>"></script>
- <script type="text/javascript" src="scripts/ui-custom/zoneFilter.js?t=<%=now%>"></script>
<script type="text/javascript" src="scripts/ui-custom/ipRules.js?t=<%=now%>"></script>
<script type="text/javascript" src="scripts/ui-custom/enableStaticNAT.js?t=<%=now%>"></script>
<script type="text/javascript" src="scripts/ui-custom/securityRules.js?t=<%=now%>"></script>
@@ -1681,6 +1680,7 @@ under the License.
<script type="text/javascript" src="scripts/docs.js?t=<%=now%>"></script>
<script type="text/javascript" src="scripts/vm_snapshots.js?t=<%=now%>"></script>
<script type="text/javascript" src="scripts/ui-custom/projectSelect.js?t=<%=now%>"></script>
+ <script type="text/javascript" src="scripts/ui-custom/zoneFilter.js?t=<%=now%>"></script>
<!-- Plugins -->
<script type="text/javascript" src="scripts/ui-custom/plugins.js?t=<%=now%>"></script>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/fa8b8358/ui/scripts/ui-custom/zoneFilter.js
----------------------------------------------------------------------
diff --git a/ui/scripts/ui-custom/zoneFilter.js b/ui/scripts/ui-custom/zoneFilter.js
index d298e4f..9e6a493 100644
--- a/ui/scripts/ui-custom/zoneFilter.js
+++ b/ui/scripts/ui-custom/zoneFilter.js
@@ -20,12 +20,20 @@
var $header = $('#header .controls');
var $zoneFilter = $('<div>').addClass('zone-filter');
var $zoneTypeSelect = $('<select>').append(
- $('<option>').attr('value', 'basic').html(_l('Basic')),
- $('<option>').attr('value', 'advanced').html(_l('Advanced'))
+ $('<option>').attr('value', '').html(_l('All zones')),
+ $('<option>').attr('value', 'Basic').html(_l('Basic')),
+ $('<option>').attr('value', 'Advanced').html(_l('Advanced'))
);
+ var $label = $('<label>').html('Zone type:');
- $zoneTypeSelect.appendTo($zoneFilter);
- $zoneFilter.insertAfter($header.find('#user'));
+ $zoneFilter.append($label, $zoneTypeSelect);
+ $zoneFilter.insertAfter($header.find('.project-switcher'));
+ $zoneTypeSelect.change(function() {
+ cloudStack.context.zoneType = $zoneTypeSelect.val();
+
+ // Go to default/start page (dashboard)
+ $('#breadcrumbs .home').click();
+ });
});
}(jQuery, cloudStack));
[07/11] git commit: updated refs/heads/ui-mixed-zone-management to
fa8b835
Posted by bf...@apache.org.
Layout new project selector (only dummy data for now)
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/aa5ed0a0
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/aa5ed0a0
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/aa5ed0a0
Branch: refs/heads/ui-mixed-zone-management
Commit: aa5ed0a0fb3878bb6cf04d0770cd456dafcd9f4b
Parents: f66b9b5
Author: Brian Federle <br...@citrix.com>
Authored: Wed Apr 10 13:34:25 2013 -0700
Committer: Brian Federle <br...@citrix.com>
Committed: Wed Apr 10 13:34:25 2013 -0700
----------------------------------------------------------------------
ui/css/cloudstack3.css | 27 ++++++++++++++++++++---
ui/index.jsp | 3 +-
ui/scripts/ui-custom/projectSelect.js | 31 ++++++++++++++++++++++++++++
3 files changed, 56 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aa5ed0a0/ui/css/cloudstack3.css
----------------------------------------------------------------------
diff --git a/ui/css/cloudstack3.css b/ui/css/cloudstack3.css
index 7ebda9b..bf3cfb5 100644
--- a/ui/css/cloudstack3.css
+++ b/ui/css/cloudstack3.css
@@ -8839,6 +8839,7 @@ div.ui-dialog div.multi-edit-add-list div.view div.data-table table.body tbody t
left: 0px;
top: -10px;
margin-right: 9px;
+ display: none;
}
#header div.view-switcher.alt {
@@ -8905,6 +8906,25 @@ div.ui-dialog div.multi-edit-add-list div.view div.data-table table.body tbody t
padding: 3px 0 4px;
}
+/*** View switcher (drop-down)*/
+.project-switcher {
+ float: left;
+ width: 141px;
+ padding: 9px 17px 0 0;
+}
+
+.project-switcher select {
+ width: 100%;
+ font-size: 12px;
+ border: 1px solid #000000;
+ border-bottom: #FFFFFF;
+ /*+border-radius:4px;*/
+ -moz-border-radius: 4px;
+ -webkit-border-radius: 4px;
+ -khtml-border-radius: 4px;
+ border-radius: 4px;
+}
+
/*** Select project*/
.project-selector {
display: inline-block;
@@ -11761,12 +11781,11 @@ div.ui-dialog div.autoscaler div.field-group div.form-container form div.form-it
.updateResourceLimits:hover .icon {
background-position: -100px -614px;
}
-
+
.addVlanRange .icon {
background-position: -168px -31px;
}
-
.addVlanRange:hover .icon {
background-position: -168px -613px;
}
@@ -11796,8 +11815,8 @@ div.ui-dialog div.autoscaler div.field-group div.form-container form div.form-it
background-position: -168px -31px;
}
-.reset .icon ,
-.scaleUp .icon{
+.reset .icon,
+.scaleUp .icon {
background-position: -168px -31px;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aa5ed0a0/ui/index.jsp
----------------------------------------------------------------------
diff --git a/ui/index.jsp b/ui/index.jsp
index 3b8f378..fcc3d69 100644
--- a/ui/index.jsp
+++ b/ui/index.jsp
@@ -1678,7 +1678,8 @@ under the License.
<script type="text/javascript" src="scripts/system.js?t=<%=now%>"></script>
<script type="text/javascript" src="scripts/domains.js?t=<%=now%>"></script>
<script type="text/javascript" src="scripts/docs.js?t=<%=now%>"></script>
- <script type="text/javascript" src="scripts/vm_snapshots.js?t=<%=now%>"></script>
+ <script type="text/javascript" src="scripts/vm_snapshots.js?t=<%=now%>"></script>
+ <script type="text/javascript" src="scripts/ui-custom/projectSelect.js?t=<%=now%>"></script>
<!-- Plugins -->
<script type="text/javascript" src="scripts/ui-custom/plugins.js?t=<%=now%>"></script>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aa5ed0a0/ui/scripts/ui-custom/projectSelect.js
----------------------------------------------------------------------
diff --git a/ui/scripts/ui-custom/projectSelect.js b/ui/scripts/ui-custom/projectSelect.js
new file mode 100644
index 0000000..ae3d8f9
--- /dev/null
+++ b/ui/scripts/ui-custom/projectSelect.js
@@ -0,0 +1,31 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+(function($, cloudStack) {
+ $(window).bind('cloudStack.ready', function() {
+ var $header = $('#header .controls');
+ var $projectSwitcher = $('<div>').addClass('project-switcher');
+ var $projectSelect = $('<select>').append(
+ $('<option>').attr('value', 'basic').html(_l('Project 1')),
+ $('<option>').attr('value', 'advanced').html(_l('Project 2'))
+ );
+
+ $projectSelect.appendTo($projectSwitcher);
+ $projectSwitcher.insertBefore($header.find('.region-switcher'));
+ });
+}(jQuery, cloudStack));
+
[10/11] git commit: updated refs/heads/ui-mixed-zone-management to
fa8b835
Posted by bf...@apache.org.
Project switcher: Add label
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/50140735
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/50140735
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/50140735
Branch: refs/heads/ui-mixed-zone-management
Commit: 50140735c7cc584b052105df1d16f861bc080475
Parents: f51ccfc
Author: Brian Federle <br...@citrix.com>
Authored: Wed Apr 10 14:42:22 2013 -0700
Committer: Brian Federle <br...@citrix.com>
Committed: Wed Apr 10 14:42:22 2013 -0700
----------------------------------------------------------------------
ui/css/cloudstack3.css | 9 ++++++++-
ui/scripts/ui-custom/projectSelect.js | 3 ++-
2 files changed, 10 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/50140735/ui/css/cloudstack3.css
----------------------------------------------------------------------
diff --git a/ui/css/cloudstack3.css b/ui/css/cloudstack3.css
index bf3cfb5..61e5ab4 100644
--- a/ui/css/cloudstack3.css
+++ b/ui/css/cloudstack3.css
@@ -8913,6 +8913,13 @@ div.ui-dialog div.multi-edit-add-list div.view div.data-table table.body tbody t
padding: 9px 17px 0 0;
}
+.project-switcher label {
+ position: absolute;
+ top: -2px;
+ color: #FFFFFF;
+ font-size: 11px;
+}
+
.project-switcher select {
width: 100%;
font-size: 12px;
@@ -11390,7 +11397,7 @@ div.ui-dialog div.autoscaler div.field-group div.form-container form div.form-it
border-bottom: 1px solid #FFFFFF;
height: 28px;
float: left;
- margin: 4px 13px 0 0;
+ margin: 5px 13px 0 0;
cursor: pointer;
/*+box-shadow:inset 0px 1px 1px #000000;*/
-moz-box-shadow: inset 0px 1px 1px #000000;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/50140735/ui/scripts/ui-custom/projectSelect.js
----------------------------------------------------------------------
diff --git a/ui/scripts/ui-custom/projectSelect.js b/ui/scripts/ui-custom/projectSelect.js
index ae3d8f9..f93fefc 100644
--- a/ui/scripts/ui-custom/projectSelect.js
+++ b/ui/scripts/ui-custom/projectSelect.js
@@ -23,8 +23,9 @@
$('<option>').attr('value', 'basic').html(_l('Project 1')),
$('<option>').attr('value', 'advanced').html(_l('Project 2'))
);
+ var $label = $('<label>').html('Project:');
- $projectSelect.appendTo($projectSwitcher);
+ $projectSwitcher.append($label, $projectSelect);
$projectSwitcher.insertBefore($header.find('.region-switcher'));
});
}(jQuery, cloudStack));