bug 10557: implemented the TODO - opening the stats port using iptable

api/src/com/cloud/agent/api/routing/LoadBalancerConfigCommand.java

@@ -27,7 +27,8 @@ public class LoadBalancerConfigCommand extends NetworkElementCommand {
     LoadBalancerTO[] loadBalancers;
     public String lbStatsVisibility;
     public String lbStatsIp; /* load balancer listen on this ip for stats */
-    public String lbStatsPort = "8081"; /*TODO: need to open the firewall port, load balancer listen on this port for stats */
+    public String lbStatsPort = "8081"; /*load balancer listen on this port for stats */
+    public String lbStatsSrcCidrs = "0/0" ; /* TODO : currently there is no filtering based on the source ip */
     public String lbStatsAuth = "admin1:AdMiN123";
     public String lbStatsUri = "/admin?stats";  
     

core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java

@@ -201,6 +201,7 @@ public class VirtualRoutingResource implements Manager {
             final String result = setLoadBalancerConfig(cfgFilePath,
                     rules[LoadBalancerConfigurator.ADD],
                     rules[LoadBalancerConfigurator.REMOVE],
+                    rules[LoadBalancerConfigurator.STATS],
                     routerIp);
 
             return new Answer(cmd, result == null, result);
@@ -294,7 +295,7 @@ public class VirtualRoutingResource implements Manager {
     }
 
     private String setLoadBalancerConfig(final String cfgFile,
-            final String[] addRules, final String[] removeRules, String routerIp) {
+            final String[] addRules, final String[] removeRules, final String[] statsRules,String routerIp) {
 
         if (routerIp == null) {
             routerIp = "none";
@@ -321,6 +322,14 @@ public class VirtualRoutingResource implements Manager {
             command.add("-d", sb.toString());
         }
 
+        sb = new StringBuilder();
+        if (statsRules.length > 0) {
+            for (int i=0; i< statsRules.length; i++) {
+                sb.append(statsRules[i]).append(',');
+            }
+            command.add("-s", sb.toString());
+        }
+        
         return command.execute();
     }
 

core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java

@@ -1303,7 +1303,8 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
 
         String[] addRules = rules[LoadBalancerConfigurator.ADD];
         String[] removeRules = rules[LoadBalancerConfigurator.REMOVE];
-
+        String[] statRules = rules[LoadBalancerConfigurator.STATS];
+        
         String args = "";
         args += "-i " + routerIp;
         args += " -f " + tmpCfgFilePath;
@@ -1325,7 +1326,16 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
 
             args += " -d " + sb.toString();
         }
+        
+        sb = new StringBuilder();
+        if (statRules.length > 0) {
+            for (int i = 0; i < statRules.length; i++) {
+                sb.append(statRules[i]).append(',');
+            }
 
+            args += " -s " + sb.toString();
+        }
+        
         result = callHostPlugin(conn, "vmops", "setLoadBalancerRule", "args", args);
 
         if (result == null || result.isEmpty()) {

core/src/com/cloud/network/HAProxyConfigurator.java

@@ -244,9 +244,10 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator {
 
 	@Override
 	public String[][] generateFwRules(LoadBalancerConfigCommand lbCmd) {
-		String [][] result = new String [2][];
+		String [][] result = new String [3][];
 		Set<String> toAdd = new HashSet<String>();
 		Set<String> toRemove = new HashSet<String>();
+		Set<String> toStats = new HashSet<String>();
 		
 		for (LoadBalancerTO lbTO: lbCmd.getLoadBalancers()) {
 			
@@ -266,9 +267,12 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator {
 				toRemove.add(lbRuleEntry);
 			}
 		}
+		StringBuilder sb = new StringBuilder(lbCmd.lbStatsIp).append(":").append(lbCmd.lbStatsPort).append(":").append(lbCmd.lbStatsSrcCidrs).append(":,");
+		toStats.add(sb.toString());
 		toRemove.removeAll(toAdd);
 		result[ADD] = toAdd.toArray(new String[toAdd.size()]);
 		result[REMOVE] = toRemove.toArray(new String[toRemove.size()]);
+		result[STATS] = toStats.toArray(new String[toStats.size()]);
 
 		return result;
 	}

core/src/com/cloud/network/LoadBalancerConfigurator.java

@@ -30,6 +30,7 @@ import com.cloud.agent.api.to.PortForwardingRuleTO;
 public interface LoadBalancerConfigurator {
 	public final static int ADD = 0;
 	public final static int REMOVE = 1;
+	public final static int STATS = 2;
 	
 	public String [] generateConfiguration(List<PortForwardingRuleTO> fwRules);
 	

patches/systemvm/debian/config/root/loadbalancer.sh

@@ -27,7 +27,7 @@
 # @VERSION@
 
 usage() {
-  printf "Usage: %s:  -i <domR eth1 ip>  -a <added public ip address> -d <removed> -f <load balancer config> \n" $(basename $0) >&2
+  printf "Usage: %s:  -i <domR eth1 ip>  -a <added public ip address> -d <removed> -f <load balancer config> -s <stats guest ip address> \n" $(basename $0) >&2
 }
 
 # set -x
@@ -48,6 +48,9 @@ fw_remove_backup() {
     iptables -D INPUT -i $vif -p tcp  -j back_load_balancer_$vif 2> /dev/null
     iptables -X back_load_balancer_$vif 2> /dev/null
   done
+  iptables -F back_lb_stats 2> /dev/null
+  iptables -D INPUT -i $STAT_IF -p tcp  -j back_lb_stats 2> /dev/null
+  iptables -X back_lb_stats 2> /dev/null
 }
 fw_restore() {
   for vif in $VIF_LIST; do 
@@ -56,11 +59,16 @@ fw_restore() {
     iptables -X load_balancer_$vif 2> /dev/null
     iptables -E back_load_balancer_$vif load_balancer_$vif 2> /dev/null
   done
+  iptables -F lb_stats 2> /dev/null
+  iptables -D INPUT -i $STAT_IF -p tcp  -j lb_stats 2> /dev/null
+  iptables -X lb_stats 2> /dev/null
+  iptables -E back_lb_stats lb_stats 2> /dev/null
 }
 # firewall entry to ensure that haproxy can receive on specified port
 fw_entry() {
   local added=$1
   local removed=$2
+  local stats=$3
   
   if [ "$added" == "none" ]
   then
@@ -81,6 +89,9 @@ fw_entry() {
     iptables -N load_balancer_$vif 2> /dev/null
     iptables -A INPUT -i $vif -p tcp  -j load_balancer_$vif
   done
+  iptables -E lb_stats back_lb_stats 2> /dev/null
+  iptables -N lb_stats 2> /dev/null
+  iptables -A INPUT -i $STAT_IF -p tcp  -j lb_stats
 
   for i in $a
   do
@@ -97,6 +108,10 @@ fw_entry() {
       fi
     done      
   done
+  local pubIp=$(echo $stats | cut -d: -f1)
+  local dport=$(echo $stats | cut -d: -f2)    
+  local cidrs=$(echo $stats | cut -d: -f3 | sed 's/-/,/')
+  iptables -A lb_stats -s $cidrs -p tcp -m state --state NEW -d $pubIp --dport $dport -j ACCEPT
   
   return 0
 }
@@ -137,8 +152,9 @@ iflag=
 aflag=
 dflag=
 fflag=
+sflag=
 
-while getopts 'i:a:d:f:' OPTION
+while getopts 'i:a:d:f:s:' OPTION
 do
   case $OPTION in
   i)	iflag=1
@@ -153,6 +169,9 @@ do
   f)	fflag=1
 		cfgfile="$OPTARG"
 		;;
+  s)	sflag=1
+		statsIp="$OPTARG"
+		;;
   ?)	usage
 		exit 2
 		;;
@@ -160,6 +179,8 @@ do
 done
 
 VIF_LIST=$(get_vif_list)
+# TODO make the stat interface generic
+STAT_IF="eth0"
 
 # hot reconfigure haproxy
 reconfig_lb $cfgfile
@@ -181,7 +202,7 @@ then
 fi
 
 # iptables entry to ensure that haproxy receives traffic
-fw_entry $addedIps $removedIps
+fw_entry $addedIps $removedIps $statsIp
   	
 if [ $? -gt 0 ]
 then

scripts/network/domr/call_loadbalancer.sh

@@ -26,7 +26,7 @@
 #
 
 usage() {
-  printf "Usage: %s:  -i <domR eth1 ip>  -a <added public ip address> -d <removed> -f <load balancer config> \n" $(basename $0) >&2
+  printf "Usage: %s:  -i <domR eth1 ip>  -a <added public ip address> -d <removed> -f <load balancer config> -s <stats guest ip >\n" $(basename $0) >&2
 }
 
 set -x
@@ -55,8 +55,9 @@ iflag=
 aflag=
 dflag=
 fflag=
+sflag=
 
-while getopts 'i:a:d:f:' OPTION
+while getopts 'i:a:d:f:s:' OPTION
 do
   case $OPTION in
   i)	iflag=1
@@ -71,6 +72,9 @@ do
   f)	fflag=1
 		cfgfile="$OPTARG"
 		;;
+  s)	sflag=1
+		statsIps="$OPTARG"
+		;;
   ?)	usage
 		exit 2
 		;;