Midonet Plugin bugfixes

* Updated SQL upgrade scripts to include midonet configs. * Fixed bug where default ICMP allow rule was missing on static NAT creation, keeping VMs from being able to ping the gateway. * Changed the filter in the MidoNetElement callbacks to allow calls when Midonet is configured. Signed-off-by: Hugo Trippaers <htrippaers@schubergphilis.com>
2025-10-26 08:42:29 +01:00 · 2013-05-15 17:47:58 +09:00 · 2013-05-15 17:47:58 +09:00 · 21cb2c67b2
commit 21cb2c67b2
parent 56e8da7890
5 changed files with 107 additions and 61 deletions
--- a/plugins/network-elements/midonet/src/com/cloud/network/element/MidoNetElement.java
+++ b/plugins/network-elements/midonet/src/com/cloud/network/element/MidoNetElement.java
@ -36,7 +36,6 @@ import com.cloud.network.NetworkModel;
 import com.cloud.network.Networks;
 import com.cloud.network.PhysicalNetworkServiceProvider;
 import com.cloud.network.PublicIpAddress;
 import com.cloud.network.dao.NetworkServiceMapDao;
 import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.PortForwardingRule;
 import com.cloud.network.rules.StaticNat;
@ -47,6 +46,8 @@ import com.cloud.utils.Pair;
 import com.cloud.utils.component.AdapterBase;
 import com.cloud.utils.component.PluggableService;
 import com.cloud.utils.net.NetUtils;
 import com.cloud.user.AccountVO;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.vm.NicProfile;
 import com.cloud.vm.NicVO;
 import com.cloud.vm.ReservationContext;
@ -131,14 +132,14 @@ public class MidoNetElement extends AdapterBase implements
    @Inject
    AccountManager _accountMgr;
    @Inject
-    NetworkServiceMapDao _ntwkSrvcDao;
+    AccountDao _accountDao;
    public void setMidonetApi(MidonetApi api) {
        this.api = api;
    }
-    public void setNtwkSrvcDao(NetworkServiceMapDao ntwkSrvcDao){
+    public void setAccountDao(AccountDao aDao) {
-        this._ntwkSrvcDao = ntwkSrvcDao;
+        this._accountDao = aDao;
    }
    @Override
@ -172,10 +173,13 @@ public class MidoNetElement extends AdapterBase implements
    }
    public boolean midoInNetwork(Network network) {
-        for (String pname : _ntwkSrvcDao.getDistinctProviders(network.getId())) {
+        if((network.getTrafficType() == Networks.TrafficType.Public) &&
-            if (pname.equals(getProvider().getName())) {
+           (network.getBroadcastDomainType() == Networks.BroadcastDomainType.Mido)){
            return true;
        }
        if((network.getTrafficType() == Networks.TrafficType.Guest) &&
           (network.getBroadcastDomainType() == Networks.BroadcastDomainType.Mido)){
            return true;
        }
        return false;
    }
@ -280,6 +284,11 @@ public class MidoNetElement extends AdapterBase implements
        post.addRule().type(DtoRule.RevDNAT).flowAction(DtoRule.Accept).create();
    }
    public String getAccountUuid(Network network) {
        AccountVO acc = _accountDao.findById(network.getAccountId());
        return acc.getUuid();
    }
    public boolean associatePublicIP(Network network, final List<? extends PublicIpAddress> ipAddress)
        throws ResourceUnavailableException {
@ -316,7 +325,7 @@ public class MidoNetElement extends AdapterBase implements
                    tenantUplink = ports[0];
                    providerDownlink = ports[1];
-                    accountIdStr = String.valueOf(network.getAccountId());
+                    accountIdStr = getAccountUuid(network);
                    boolean isVpc = getIsVpc(network);
                    long id = getRouterId(network, isVpc);
                    routerName = getRouterName(isVpc, id);
@ -611,7 +620,7 @@ public class MidoNetElement extends AdapterBase implements
        RuleChain preNat = null;
        RuleChain post = null;
-        String accountIdStr = String.valueOf(network.getAccountId());
+        String accountIdStr = getAccountUuid(network);
        String networkUUIDStr = String.valueOf(network.getId());
        for (StaticNat rule : rules) {
@ -659,7 +668,7 @@ public class MidoNetElement extends AdapterBase implements
            return false;
        }
        if (canHandle(config, Service.Firewall)) {
-            String accountIdStr = String.valueOf(config.getAccountId());
+            String accountIdStr = getAccountUuid(config);
            String networkUUIDStr = String.valueOf(config.getId());
            RuleChain preFilter = getChain(accountIdStr, networkUUIDStr, RuleChainCode.TR_PREFILTER);
            RuleChain preNat = getChain(accountIdStr, networkUUIDStr, RuleChainCode.TR_PRENAT);
@ -947,7 +956,7 @@ public class MidoNetElement extends AdapterBase implements
            return false;
        }
-        String accountIdStr = String.valueOf(network.getAccountId());
+        String accountIdStr = getAccountUuid(network);
        String networkUUIDStr = String.valueOf(network.getId());
        RuleChain preNat = getChain(accountIdStr, networkUUIDStr, RuleChainCode.TR_PRENAT);
        RuleChain postNat = getChain(accountIdStr, networkUUIDStr, RuleChainCode.TR_POST);
@ -1170,16 +1179,16 @@ public class MidoNetElement extends AdapterBase implements
        return routerName + "-tenantrouter-" + chain;
    }
-    protected RuleChain getChain(String accountID, String routerName, RuleChainCode chainCode){
+    protected RuleChain getChain(String accountUuid, String routerName, RuleChainCode chainCode){
-        return getChain("", accountID, routerName, chainCode);
+        return getChain("", accountUuid, routerName, chainCode);
    }
-    protected RuleChain getChain(String networkId, String accountID,
+    protected RuleChain getChain(String networkId, String accountUuid,
                               String routerName, RuleChainCode chainCode){
        String chainName = getChainName(networkId, routerName, chainCode);
        MultivaluedMap findChain = new MultivaluedMapImpl();
-        findChain.add("tenant_id", accountID);
+        findChain.add("tenant_id", accountUuid);
        ResourceCollection<RuleChain> ruleChains = api.getChains(findChain);
@ -1303,7 +1312,7 @@ public class MidoNetElement extends AdapterBase implements
        String routerName = getRouterName(isVpc, id);
        RuleChain egressChain = getChain(String.valueOf(network.getId()),
-                                         String.valueOf(network.getAccountId()),
+                                         getAccountUuid(network),
                                         routerName,
                                         RuleChainCode.ACL_EGRESS);
@ -1325,7 +1334,7 @@ public class MidoNetElement extends AdapterBase implements
        String routerName = getRouterName(isVpc, id);
        RuleChain egressChain = getChain(String.valueOf(network.getId()),
-                                         String.valueOf(network.getAccountId()),
+                                         getAccountUuid(network),
                                         routerName,
                                         RuleChainCode.ACL_EGRESS);
@ -1355,6 +1364,14 @@ public class MidoNetElement extends AdapterBase implements
            .position(pos++)
            .create();
        // If it is ICMP to the router, accept that
        egressChain.addRule().type(DtoRule.Accept)
            .nwProto(SimpleFirewallRule.stringToProtocolNumber("icmp"))
            .nwDstAddress(network.getGateway())
            .nwDstLength(32)
            .position(pos++)
            .create();
        // Everything else gets dropped
        egressChain.addRule()
            .type(DtoRule.Drop)
@ -1369,7 +1386,7 @@ public class MidoNetElement extends AdapterBase implements
        boolean isVpc = getIsVpc(network);
        long id = getRouterId(network, isVpc);
        String routerName = getRouterName(isVpc, id);
-        String accountIdStr = String.valueOf(network.getAccountId());
+        String accountIdStr = getAccountUuid(network);
        // Add interior port on bridge side
        BridgePort bridgePort = netBridge.addInteriorPort().create();
@ -1406,6 +1423,14 @@ public class MidoNetElement extends AdapterBase implements
                         .position(pos++)
                         .create();
            // If it is ICMP to the router, accept that
            inc.addRule().type(DtoRule.Accept)
                   .nwProto(SimpleFirewallRule.stringToProtocolNumber("icmp"))
                         .nwDstAddress(network.getGateway())
                         .nwDstLength(32)
                         .position(pos++)
                         .create();
            // If it is connection tracked, accept that as well
            inc.addRule().type(DtoRule.Accept)
                         .matchReturnFlow(true)
@ -1449,27 +1474,25 @@ public class MidoNetElement extends AdapterBase implements
    private Bridge getOrCreateNetworkBridge(Network network){
        // Find the single bridge for this network, create if doesn't exist
-        return getOrCreateNetworkBridge(network.getId(), network.getAccountId());
+        return getOrCreateNetworkBridge(network.getId(), getAccountUuid(network));
    }
-    private Bridge getOrCreateNetworkBridge(long networkID, long accountID){
+    private Bridge getOrCreateNetworkBridge(long networkID, String accountUuid){
-        Bridge netBridge = getNetworkBridge(networkID, accountID);
+        Bridge netBridge = getNetworkBridge(networkID, accountUuid);
        if(netBridge == null){
            String accountIdStr = String.valueOf(accountID);
            String networkUUIDStr = String.valueOf(networkID);
-            netBridge = api.addBridge().tenantId(accountIdStr).name(networkUUIDStr).create();
+            netBridge = api.addBridge().tenantId(accountUuid).name(networkUUIDStr).create();
        }
        return netBridge;
    }
-    private Bridge getNetworkBridge(long networkID, long accountID){
+    private Bridge getNetworkBridge(long networkID, String accountUuid){
        MultivaluedMap qNetBridge = new MultivaluedMapImpl();
        String accountIdStr = String.valueOf(accountID);
        String networkUUIDStr = String.valueOf(networkID);
-        qNetBridge.add("tenant_id", accountIdStr);
+        qNetBridge.add("tenant_id", accountUuid);
        for (Bridge b : this. api.getBridges(qNetBridge)) {
            if(b.getName().equals(networkUUIDStr)){
@ -1497,7 +1520,7 @@ public class MidoNetElement extends AdapterBase implements
        boolean isVpc = getIsVpc(network);
        long id = getRouterId(network, isVpc);
-        return getOrCreateGuestNetworkRouter(id, network.getAccountId(), isVpc);
+        return getOrCreateGuestNetworkRouter(id, getAccountUuid(network), isVpc);
    }
@ -1509,29 +1532,28 @@ public class MidoNetElement extends AdapterBase implements
        }
    }
-    protected Router createRouter(long id, long accountID, boolean isVpc) {
+    protected Router createRouter(long id, String accountUuid, boolean isVpc) {
        String accountIdStr = String.valueOf(accountID);
        String routerName = getRouterName(isVpc, id);
        //Set up rule chains
        RuleChain pre = api.addChain()
                            .name(getChainName(routerName, RuleChainCode.TR_PRE))
-                            .tenantId(accountIdStr)
+                            .tenantId(accountUuid)
                            .create();
        RuleChain post = api.addChain()
                            .name(getChainName(routerName, RuleChainCode.TR_POST))
-                            .tenantId(accountIdStr)
+                            .tenantId(accountUuid)
                            .create();
        // Set up NAT and filter chains for pre-routing
        RuleChain preFilter = api.addChain()
                                  .name(getChainName(routerName, RuleChainCode.TR_PREFILTER))
-                                  .tenantId(accountIdStr)
+                                  .tenantId(accountUuid)
                                  .create();
        RuleChain preNat = api.addChain()
                                  .name(getChainName(routerName, RuleChainCode.TR_PRENAT))
-                                  .tenantId(accountIdStr)
+                                  .tenantId(accountUuid)
                                  .create();
        // Hook the chains in - first jump to Filter chain, then jump to Nat chain
@ -1545,28 +1567,27 @@ public class MidoNetElement extends AdapterBase implements
                     .create();
        return api.addRouter()
-                   .tenantId(accountIdStr)
+                   .tenantId(accountUuid)
                   .name(routerName)
                   .inboundFilterId(pre.getId())
                   .outboundFilterId(post.getId())
                   .create();
    }
-    private Router getOrCreateGuestNetworkRouter(long id, long accountID, boolean isVpc) {
+    private Router getOrCreateGuestNetworkRouter(long id, String accountUuid, boolean isVpc) {
-        Router tenantRouter = getGuestNetworkRouter(id, accountID, isVpc);
+        Router tenantRouter = getGuestNetworkRouter(id, accountUuid, isVpc);
        if(tenantRouter == null){
-            tenantRouter = createRouter(id, accountID, isVpc);
+            tenantRouter = createRouter(id, accountUuid, isVpc);
        }
        return tenantRouter;
    }
-    private Router getGuestNetworkRouter(long id, long accountID, boolean isVpc){
+    private Router getGuestNetworkRouter(long id, String accountUuid, boolean isVpc){
        MultivaluedMap qNetRouter = new MultivaluedMapImpl();
        String accountIdStr = String.valueOf(accountID);
        String routerName = getRouterName(isVpc, id);
-        qNetRouter.add("tenant_id", accountIdStr);
+        qNetRouter.add("tenant_id", accountUuid);
        for (Router router : api.getRouters(qNetRouter)) {
            if(router.getName().equals(routerName)){
@ -1613,10 +1634,10 @@ public class MidoNetElement extends AdapterBase implements
    }
    private void deleteNetworkBridges(Network network){
-        long accountID = network.getAccountId();
+        String accountUuid = getAccountUuid(network);
        long networkID = network.getId();
-        Bridge netBridge = getNetworkBridge(networkID, accountID);
+        Bridge netBridge = getNetworkBridge(networkID, accountUuid);
        if(netBridge != null){
            cleanBridge(netBridge);
@ -1632,11 +1653,11 @@ public class MidoNetElement extends AdapterBase implements
    }
    private void deleteGuestNetworkRouters(Network network){
-        long accountID = network.getAccountId();
+        String accountUuid = getAccountUuid(network);
        boolean isVpc = getIsVpc(network);
        long id = getRouterId(network, isVpc);
-        Router tenantRouter = getGuestNetworkRouter(id, accountID, isVpc);
+        Router tenantRouter = getGuestNetworkRouter(id, accountUuid, isVpc);
        // Delete any peer ports corresponding to this router
        for(Port peerPort : tenantRouter.getPeerPorts((new MultivaluedMapImpl()))){
@ -1677,7 +1698,7 @@ public class MidoNetElement extends AdapterBase implements
            }
            // Remove inbound and outbound filter chains
-            String accountIdStr = String.valueOf(accountID);
+            String accountIdStr = String.valueOf(accountUuid);
            String routerName = getRouterName(isVpc, id);
            RuleChain pre = api.getChain(tenantRouter.getInboundFilterId());
--- a/plugins/network-elements/midonet/src/com/cloud/network/guru/MidoNetGuestNetworkGuru.java
+++ b/plugins/network-elements/midonet/src/com/cloud/network/guru/MidoNetGuestNetworkGuru.java
@ -30,6 +30,8 @@ import com.cloud.network.*;
 import com.cloud.network.PhysicalNetwork;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.user.Account;
 import com.cloud.user.AccountVO;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.vm.*;
 import com.midokura.midonet.client.resource.Bridge;
 import com.cloud.utils.net.NetUtils;
@ -46,12 +48,16 @@ import com.cloud.vm.Nic.ReservationStrategy;
 import javax.ejb.Local;
 import java.util.UUID;
 import javax.inject.Inject;
@Component
@Local(value = NetworkGuru.class)
 public class MidoNetGuestNetworkGuru extends GuestNetworkGuru {
    private static final Logger s_logger = Logger.getLogger(MidoNetGuestNetworkGuru.class);
    @Inject
    AccountDao _accountDao;
    public MidoNetGuestNetworkGuru() {
        super();
        _isolationMethods = new PhysicalNetwork.IsolationMethod[] { PhysicalNetwork.IsolationMethod.MIDO };
@ -118,7 +124,8 @@ public class MidoNetGuestNetworkGuru extends GuestNetworkGuru {
            implemented.setCidr(network.getCidr());
        }
-        String accountIdStr = String.valueOf(network.getAccountId());
+        AccountVO acc = _accountDao.findById(network.getAccountId());
        String accountUUIDStr = acc.getUuid();
        String routerName = "";
        if (network.getVpcId() != null) {
            routerName = "VPC" + String.valueOf(network.getVpcId());
@ -126,7 +133,9 @@ public class MidoNetGuestNetworkGuru extends GuestNetworkGuru {
            routerName = String.valueOf(network.getId());
        }
-        String broadcastUriStr = accountIdStr + "." + String.valueOf(network.getId()) + ":" + routerName;
+        String broadcastUriStr = accountUUIDStr + "."
                                 + String.valueOf(network.getId())
                                 + ":" + routerName;
        implemented.setBroadcastUri(Networks.BroadcastDomainType.Mido.toUri(broadcastUriStr));
        s_logger.debug("Broadcast URI set to " + broadcastUriStr);
--- a/plugins/network-elements/midonet/src/com/cloud/network/guru/MidoNetPublicNetworkGuru.java
+++ b/plugins/network-elements/midonet/src/com/cloud/network/guru/MidoNetPublicNetworkGuru.java
@ -34,6 +34,8 @@ import com.cloud.utils.db.DB;
 import com.cloud.utils.db.Transaction;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.net.NetUtils;
 import com.cloud.user.AccountVO;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.network.dao.NetworkVO;
 import com.cloud.network.dao.IPAddressVO;
 import com.cloud.vm.*;
@ -50,6 +52,8 @@ public class MidoNetPublicNetworkGuru extends PublicNetworkGuru {
    // Inject any stuff we need to use (DAOs etc)
    @Inject
    NetworkModel _networkModel;
    @Inject
    AccountDao _accountDao;
    // Don't need to change traffic type stuff, public is fine
@ -228,9 +232,10 @@ public class MidoNetPublicNetworkGuru extends PublicNetworkGuru {
    }
    private URI generateBroadcastUri(Network network){
-        String accountIdStr = String.valueOf(network.getAccountId());
+        AccountVO acc = _accountDao.findById(network.getAccountId());
        String accountUUIDStr = acc.getUuid();
        String networkUUIDStr = String.valueOf(network.getId());
-        return Networks.BroadcastDomainType.Mido.toUri(accountIdStr +
+        return Networks.BroadcastDomainType.Mido.toUri(accountUUIDStr +
                                                       "." +
                                                       networkUUIDStr +
                                                       ":" +
--- a/plugins/network-elements/midonet/test/com/cloud/network/element/MidoNetElementTest.java
+++ b/plugins/network-elements/midonet/test/com/cloud/network/element/MidoNetElementTest.java
@ -18,12 +18,13 @@
 */
 import com.cloud.network.element.MidoNetElement;
 import com.cloud.user.AccountVO;
 import com.cloud.user.dao.AccountDao;
 import junit.framework.TestCase;
 import static org.junit.Assert.assertEquals;
 import static org.mockito.Mockito.*;
 import com.midokura.midonet.client.MidonetApi;
 import com.midokura.midonet.client.resource.*;
 import com.cloud.network.dao.NetworkServiceMapDao;
 import com.sun.jersey.core.util.MultivaluedMapImpl;
 import com.cloud.network.*;
 import com.cloud.vm.*;
@ -46,10 +47,6 @@ public class MidoNetElementTest extends TestCase {
        //mockMgmt
        MidonetApi api = mock(MidonetApi.class, RETURNS_DEEP_STUBS);
        ArrayList<String> arr = new ArrayList<String>();
        arr.add("MidoNet");
        NetworkServiceMapDao mockNSMD = mock(NetworkServiceMapDao.class);
        when(mockNSMD.getDistinctProviders(anyLong())).thenReturn(arr);
        //mockDhcpHost
        DhcpHost mockDhcpHost = mock(DhcpHost.class);
@ -82,6 +79,14 @@ public class MidoNetElementTest extends TestCase {
        when(mockNetwork.getGateway()).thenReturn("1.2.3.4");
        when(mockNetwork.getCidr()).thenReturn("1.2.3.0/24");
        when(mockNetwork.getId()).thenReturn((long)2);
        when(mockNetwork.getBroadcastDomainType()).thenReturn(Networks.BroadcastDomainType.Mido);
        when(mockNetwork.getTrafficType()).thenReturn(Networks.TrafficType.Guest);
        //mockAccountDao
        AccountDao mockAccountDao = mock(AccountDao.class);
        AccountVO mockAccountVO = mock(AccountVO.class);
        when(mockAccountDao.findById(anyLong())).thenReturn(mockAccountVO);
        when(mockAccountVO.getUuid()).thenReturn("1");
        //mockNic
        NicProfile mockNic = mock(NicProfile.class);
@ -96,8 +101,8 @@ public class MidoNetElementTest extends TestCase {
        when(mockVm.getType()).thenReturn(VirtualMachine.Type.User);
        MidoNetElement elem = new MidoNetElement();
        elem.setNtwkSrvcDao(mockNSMD);
        elem.setMidonetApi(api);
        elem.setAccountDao(mockAccountDao);
        boolean result = false;
        try {
@ -119,14 +124,16 @@ public class MidoNetElementTest extends TestCase {
    public void testImplement() {
        //mock
        MidonetApi api = mock(MidonetApi.class, RETURNS_DEEP_STUBS);
        ArrayList<String> arr = new ArrayList<String>();
        arr.add("MidoNet");
        NetworkServiceMapDao mockNSMD = mock(NetworkServiceMapDao.class);
        when(mockNSMD.getDistinctProviders(anyLong())).thenReturn(arr);
        //mockAccountDao
        AccountDao mockAccountDao = mock(AccountDao.class);
        AccountVO mockAccountVO = mock(AccountVO.class);
        when(mockAccountDao.findById(anyLong())).thenReturn(mockAccountVO);
        when(mockAccountVO.getUuid()).thenReturn("1");
        MidoNetElement elem = new MidoNetElement();
-        elem.setNtwkSrvcDao(mockNSMD);
+
        elem.setMidonetApi(api);
        elem.setAccountDao(mockAccountDao);
        //mockRPort
        RouterPort mockRPort = mock(RouterPort.class);
@ -161,6 +168,8 @@ public class MidoNetElementTest extends TestCase {
        when(mockNetwork.getGateway()).thenReturn("1.2.3.4");
        when(mockNetwork.getCidr()).thenReturn("1.2.3.0/24");
        when(mockNetwork.getId()).thenReturn((long)2);
        when(mockNetwork.getBroadcastDomainType()).thenReturn(Networks.BroadcastDomainType.Mido);
        when(mockNetwork.getTrafficType()).thenReturn(Networks.TrafficType.Public);
        boolean result = false;
        try {
--- a/setup/db/db/schema-410to420.sql
+++ b/setup/db/db/schema-410to420.sql
@ -29,6 +29,8 @@ INSERT IGNORE INTO `cloud`.`hypervisor_capabilities`(hypervisor_type, hypervisor
 INSERT IGNORE INTO `cloud`.`hypervisor_capabilities`(hypervisor_type, hypervisor_version, max_guests_limit, security_group_enabled, max_hosts_per_cluster) VALUES ('VMware', '5.1', 128, 0, 32);
 DELETE FROM `cloud`.`configuration` where name='vmware.percluster.host.max';
 INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'AgentManager', 'xen.nics.max', '7', 'Maximum allowed nics for Vms created on Xen');
 INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Network', 'DEFAULT', 'management-server', 'midonet.apiserver.address', 'http://localhost:8081', 'Specify the address at which the Midonet API server can be contacted (if using Midonet)');
 INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Network', 'DEFAULT', 'management-server', 'midonet.providerrouter.id', 'd7c5e6a3-e2f4-426b-b728-b7ce6a0448e5', 'Specifies the UUID of the Midonet provider router (if using Midonet)');
 ALTER TABLE `cloud`.`load_balancer_vm_map` ADD state VARCHAR(40) NULL COMMENT 'service status updated by LB healthcheck manager';
 alter table storage_pool change storage_provider_id storage_provider_name varchar(255);