You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/03/17 11:26:30 UTC
[28/50] git commit: updated refs/heads/master to 3c429ee
Fixed password server, fixed more firewall issues
Fixed issues with real IP and not virtual (gateway) IP being opened on the firewall
DNS now works on the vms
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/57d3ffae
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/57d3ffae
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/57d3ffae
Branch: refs/heads/master
Commit: 57d3ffaef893e00bf751fa0a516fb210bf4b478c
Parents: e6b3ee3
Author: Ian Southam <is...@schubergphilis.com>
Authored: Fri Feb 6 13:53:08 2015 +0100
Committer: wilderrodrigues <wr...@schubergphilis.com>
Committed: Mon Mar 16 11:40:03 2015 +0100
----------------------------------------------------------------------
.../debian/config/opt/cloud/bin/configure.py | 2 +-
.../debian/config/opt/cloud/bin/cs/CsAddress.py | 10 ++++---
.../debian/config/opt/cloud/bin/cs/CsApp.py | 28 +++++++++++++-------
.../debian/config/opt/cloud/bin/cs/CsProcess.py | 10 +++++++
.../config/opt/cloud/bin/cs/CsRedundant.py | 15 ++++++++---
.../config/opt/cloud/bin/passwd_server_ip | 1 +
6 files changed, 49 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/57d3ffae/systemvm/patches/debian/config/opt/cloud/bin/configure.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index b693477..43b01b6 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -36,7 +36,7 @@ from cs.CsNetfilter import CsNetfilters
from cs.CsDhcp import CsDhcp
from cs.CsRedundant import *
from cs.CsFile import CsFile
-from cs.CsApp import CsApache, CsPasswdSvc, CsDnsmasq
+from cs.CsApp import CsApache, CsDnsmasq
from cs.CsMonitor import CsMonitor
from cs.CsLoadBalancer import CsLoadBalancer
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/57d3ffae/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
index 54a40a1..df6fdc7 100644
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
@@ -341,9 +341,8 @@ class CsIP:
self.fw.append(["filter", "", "-A INPUT -i %s -p udp -m udp --dport 67 -j ACCEPT" % self.dev])
self.fw.append(["filter", "", "-A INPUT -i %s -p udp -m udp --dport 53 -j ACCEPT" % self.dev])
self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 53 -j ACCEPT" % self.dev])
- self.fw.append(["filter", "",
- "-A INPUT -s %s -i %s -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT" % (self.address['network'], self.dev)])
self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT" % self.dev])
+ self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT" % self.dev])
self.fw.append(["filter", "", "-A FORWARD -i %s -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT" % self.dev])
self.fw.append(["filter", "", "-A FORWARD -i %s -o %s -m state --state NEW -j ACCEPT" % (self.dev, self.dev)])
self.fw.append(["filter", "", "-A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT"])
@@ -367,6 +366,8 @@ class CsIP:
self.fw.append(["filter", "", "-A INPUT -i %s -p udp -m udp --dport 67 -j ACCEPT" % self.dev])
self.fw.append(["filter", "", "-A INPUT -i %s -p udp -m udp --dport 53 -j ACCEPT" % self.dev])
self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 53 -j ACCEPT" % self.dev])
+ self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT" % self.dev])
+ self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT" % self.dev])
self.fw.append(["mangle", "",
"-A PREROUTING -m state --state NEW -i %s -s %s ! -d %s/32 -j ACL_OUTBOUND_%s" %
(self.dev, self.address['network'], self.address['gateway'], self.dev)
@@ -417,7 +418,10 @@ class CsIP:
dns.add_firewall_rules()
app = CsApache(self)
app.setup()
- pwdsvc = CsPasswdSvc(self).setup()
+
+ # If redundant then this is dealt with by the master backup functions
+ if self.get_type() in ["guest"] and not self.config.cl.is_redundant():
+ pwdsvc = CsPasswdSvc(self.address['public_ip']).start()
if self.get_type() == "public" and self.config.is_vpc():
if self.address["source_nat"]:
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/57d3ffae/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py
index d680bde..cceb464 100644
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py
@@ -59,19 +59,29 @@ class CsApache(CsApp):
])
-class CsPasswdSvc(CsApp):
+class CsPasswdSvc():
"""
nohup bash /opt/cloud/bin/vpc_passwd_server $ip >/dev/null 2>&1 &
"""
- def setup(self):
- self.fw.append(["", "front",
- "-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 8080 -j ACCEPT" % (self.dev, self.ip)
- ])
-
- proc = CsProcess(['/opt/cloud/bin/vpc_passwd_server', self.ip])
- if not proc.find():
- proc.start("/usr/bin/nohup", ">/dev/null 2>&1 &")
+ def __init__(self, ip):
+ self.ip = ip
+
+ def start(self):
+ proc = CsProcess(["dummy"])
+ if proc.grep("passwd_service %s" % self.ip) == -1:
+ proc.start("/opt/cloud/bin/passwd_server_ip %s >> /var/log/cloud.log 2>&1" % self.ip, "&")
+
+ def stop(self):
+ proc = CsProcess(["Password Service"])
+ pid = proc.grep("passwd_server_ip %s" % self.ip)
+ proc.kill(pid)
+ pid = proc.grep("8080,reuseaddr,fork,crnl,bind=%s" % self.ip)
+ proc.kill(pid)
+
+ def restart(self):
+ self.stop()
+ self.start()
class CsDnsmasq(CsApp):
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/57d3ffae/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py
index afa6310..19d030b 100644
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py
@@ -51,3 +51,13 @@ class CsProcess(object):
def find(self):
has_pid = len(self.find_pid()) > 0
return has_pid
+
+ def kill(self, pid):
+ if pid > 1:
+ CsHelper.execute("kill -9 %s" % pid)
+
+ def grep(self, str):
+ for i in CsHelper.execute("ps aux"):
+ if i.find(str) != -1:
+ return re.split("\s+", i)[1]
+ return -1
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/57d3ffae/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py
index 56902f0..5054f76 100644
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py
@@ -39,6 +39,7 @@ import CsHelper
from CsFile import CsFile
from CsConfig import CsConfig
from CsProcess import CsProcess
+from CsApp import CsPasswdSvc
class CsRedundant(object):
@@ -161,15 +162,17 @@ class CsRedundant(object):
logging.error("Set fault called on non-redundant router")
return
logging.info("Router switched to fault mode")
- ads = [o for o in self.address.get_ips() if o.needs_vrrp()]
+ ads = [o for o in self.address.get_ips() if o.is_public()]
for o in ads:
CsHelper.execute("ifconfig %s down" % o.get_device())
cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF)
CsHelper.execute("%s -s" % cmd)
CsHelper.service("ipsec", "stop")
CsHelper.service("xl2tpd", "stop")
- CsHelper.service("cloud-passwd-srvr", "stop")
CsHelper.service("dnsmasq", "stop")
+ ads = [o for o in self.address.get_ips() if o.needs_vrrp()]
+ for o in ads:
+ pwdsvc = CsPasswdSvc(o.get_gateway()).stop()
cl.dbag['config']['redundant_master'] = "false"
cl.save()
logging.info("Router switched to fault mode")
@@ -192,7 +195,9 @@ class CsRedundant(object):
CsHelper.execute("%s -d" % cmd)
CsHelper.service("ipsec", "stop")
CsHelper.service("xl2tpd", "stop")
- CsHelper.service("cloud-passwd-srvr", "stop")
+ ads = [o for o in self.address.get_ips() if o.needs_vrrp()]
+ for o in ads:
+ pwdsvc = CsPasswdSvc(o.get_gateway()).stop()
CsHelper.service("dnsmasq", "stop")
# self._set_priority(self.CS_PRIO_DOWN)
self.cl.dbag['config']['redundant_master'] = "false"
@@ -225,7 +230,9 @@ class CsRedundant(object):
CsHelper.execute("%s -B" % cmd)
CsHelper.service("ipsec", "restart")
CsHelper.service("xl2tpd", "restart")
- CsHelper.service("cloud-passwd-srvr", "restart")
+ ads = [o for o in self.address.get_ips() if o.needs_vrrp()]
+ for o in ads:
+ pwdsvc = CsPasswdSvc(o.get_gateway()).restart()
CsHelper.service("dnsmasq", "restart")
self.cl.dbag['config']['redundant_master'] = "true"
self.cl.save()
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/57d3ffae/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip b/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip
index 5e15a19..a408a1e 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip
+++ b/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip
@@ -18,6 +18,7 @@
. /etc/default/cloud-passwd-srvr
addr=$1;
+ENABLED=1
while [ "$ENABLED" == "1" ]
do
python /opt/cloud/bin/passwd_server_ip.py $addr >/dev/null 2>/dev/null