From abb39a25affbbc6144a1becce252f1a836af0434 Mon Sep 17 00:00:00 2001
From: Rakesh <rakeshv.com@gmail.com>
Date: Fri, 28 Feb 2020 07:30:16 +0100
Subject: [PATCH 1/3] server: send VM password to all Running VRs in
 network/vpc (#3903)

Currently, the cloudstack sends VM password only to the first
router in the network even if its the backup and return the result.

In some cases the first router will be back up and the second will be master.
Since password server is not running in backup, when the user resets the password,
it is sent to the first router which can be backup.
In that case, the new password is not stored in the password server and users cant log in with a new password.

This change ensures that we send the password to both the routers instead
of the first router so that a new password is stored in the master router.
---
 .../network/element/VirtualRouterElement.java | 26 ++++++++++++++-----
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/server/src/main/java/com/cloud/network/element/VirtualRouterElement.java b/server/src/main/java/com/cloud/network/element/VirtualRouterElement.java
index 97a26d4f68d..da066f0d938 100644
--- a/server/src/main/java/com/cloud/network/element/VirtualRouterElement.java
+++ b/server/src/main/java/com/cloud/network/element/VirtualRouterElement.java
@@ -702,18 +702,32 @@ NetworkMigrationResponder, AggregatedCommandExecutor, RedundantResource, DnsServ
 
         // If any router is running then send save password command otherwise
         // save the password in DB
+        boolean savePasswordResult = true;
+        boolean isVrRunning = false;
         for (final VirtualRouter router : routers) {
             if (router.getState() == State.Running) {
                 final boolean result = networkTopology.savePasswordToRouter(network, nic, uservm, router);
-                if (result) {
-                    // Explicit password reset, while VM hasn't generated a password yet.
-                    final UserVmVO userVmVO = _userVmDao.findById(vm.getId());
-                    userVmVO.setUpdateParameters(false);
-                    _userVmDao.update(userVmVO.getId(), userVmVO);
+                if (!result) {
+                    s_logger.error("Unable to save password for VM " + vm.getInstanceName() +
+                            " on router " + router.getInstanceName());
+                    return false;
                 }
-                return result;
+                isVrRunning = true;
+                savePasswordResult = savePasswordResult && result;
             }
         }
+
+        // return the result only if one of the vr is running
+        if (isVrRunning) {
+            if (savePasswordResult) {
+                // Explicit password reset, while VM hasn't generated a password yet.
+                final UserVmVO userVmVO = _userVmDao.findById(vm.getId());
+                userVmVO.setUpdateParameters(false);
+                _userVmDao.update(userVmVO.getId(), userVmVO);
+            }
+            return savePasswordResult;
+        }
+
         final String password = (String) uservm.getParameter(VirtualMachineProfile.Param.VmPassword);
         final String password_encrypted = DBEncryptionUtil.encrypt(password);
         final UserVmVO userVmVO = _userVmDao.findById(vm.getId());

From 7e30e3d141fb5b5096022c4c56246acfa1d3d505 Mon Sep 17 00:00:00 2001
From: Rakesh <rakeshv.com@gmail.com>
Date: Fri, 28 Feb 2020 09:54:12 +0100
Subject: [PATCH 2/3] router: Avoid duplicate alerts when router state changes
 (#3904)

When both routers of VPC is in MASTER state
then multiple alerts are sent equally to the number of tiers in the VPC.
If the VPC has 3 tiers then 6 alerts will be sent. This is not good
if VPC has more than 10 networks in it.

Instead of checking the router status for all the tiers in the VPC,
just check the status of the router for one tier in a VPC so that
multiple duplicate alerts can be avoided
---
 .../VirtualNetworkApplianceManagerImpl.java       | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index 2fad41ed6da..b58f505213f 100644
--- a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -1075,7 +1075,9 @@ Configurable, StateListener<VirtualMachine.State, VirtualMachine.Event, VirtualM
             for (final DomainRouterVO router : routers) {
                 final List<Long> routerGuestNtwkIds = _routerDao.getRouterNetworks(router.getId());
 
-                for (final Long routerGuestNtwkId : routerGuestNtwkIds) {
+                final Long vpcId = router.getVpcId();
+                if (vpcId != null || routerGuestNtwkIds.size() > 0) {
+                    Long routerGuestNtwkId = vpcId != null ? vpcId : routerGuestNtwkIds.get(0);
                     if (router.getRedundantState() == RedundantState.MASTER) {
                         if (networkRouterMaps.containsKey(routerGuestNtwkId)) {
                             final DomainRouterVO dupRouter = networkRouterMaps.get(routerGuestNtwkId);
@@ -1084,7 +1086,6 @@ Configurable, StateListener<VirtualMachine.State, VirtualMachine.Event, VirtualM
                             final String context = "Virtual router (name: " + router.getHostName() + ", id: " + router.getId() + " and router (name: " + dupRouter.getHostName()
                                     + ", id: " + router.getId() + ") are both in MASTER state! If the problem persist, restart both of routers. ";
                             _alertMgr.sendAlert(AlertManager.AlertType.ALERT_TYPE_DOMAIN_ROUTER, router.getDataCenterId(), router.getPodIdToDeployIn(), title, context);
-                            _alertMgr.sendAlert(AlertManager.AlertType.ALERT_TYPE_DOMAIN_ROUTER, dupRouter.getDataCenterId(), dupRouter.getPodIdToDeployIn(), title, context);
                             s_logger.warn(context);
                         } else {
                             networkRouterMaps.put(routerGuestNtwkId, router);
@@ -1168,8 +1169,14 @@ Configurable, StateListener<VirtualMachine.State, VirtualMachine.Event, VirtualM
 
                 updateSite2SiteVpnConnectionState(routers);
 
-                List<NetworkVO> networks = _networkDao.listVpcNetworks();
-                s_logger.debug("Found " + networks.size() + " VPC networks to update Redundant State. ");
+                List<NetworkVO> networks = new ArrayList<>();
+                for (Vpc vpc : _vpcDao.listAll()) {
+                    List<NetworkVO> vpcNetworks = _networkDao.listByVpc(vpc.getId());
+                    if (vpcNetworks.size() > 0) {
+                        networks.add(vpcNetworks.get(0));
+                    }
+                }
+                s_logger.debug("Found " + networks.size() + " VPC's to update Redundant State. ");
                 pushToUpdateQueue(networks);
 
                 networks = _networkDao.listRedundantNetworks();

From e8d418c0917875d304cd68a0bff3f5efb49c16da Mon Sep 17 00:00:00 2001
From: Andrija Panic <45762285+andrijapanicsb@users.noreply.github.com>
Date: Fri, 28 Feb 2020 09:57:09 +0100
Subject: [PATCH 3/3] router: Fix dhcp infinite lease time (#3913)

The previous setup of many hours would not work, due to some internal dnsmasq issues - lease was set correclty, but dnsmasq was setting the dhcp-renew-time (and rebind time) to less than 2 years from the date the lease was issued.

Using "infinite" as the value (instead of the number) works as expected - and (atm) the renew date is set to year 2088, etc.

Co-authored-by: dahn <daan.hoogland@gmail.com>
---
 systemvm/debian/opt/cloud/bin/cs/CsDhcp.py | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py b/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
index d0b40e52de5..75863726238 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
@@ -174,21 +174,18 @@ class CsDhcp(CsDataBag):
 
     def add(self, entry):
         self.add_host(entry['ipv4_address'], entry['host_name'])
-        # Lease time set to effectively infinite (36000+ days) since we properly control all DHCP/DNS config via CloudStack.
+        # Lease time set to "infinite" since we properly control all DHCP/DNS config via CloudStack.
         # Infinite time helps avoid some edge cases which could cause DHCPNAK being sent to VMs since
         # (RHEL) system lose routes when they receive DHCPNAK.
         # When VM is expunged, its active lease and DHCP/DNS config is properly removed from related files in VR,
         # so the infinite duration of lease does not cause any issues or garbage.
-        # There will be soon a PR which also regenerates the /var/lib/misc/dnsmasq.leases (active lease DB file)
-        # in the new VR (when restarting network with cleanup), which will help around RHEL edge cases (described above)
-        # for the VMs who are already running in productions systems with 30d lease time.
-        lease = randint(870000, 870010)
+        lease = 'infinite'
 
         if entry['default_entry']:
-            self.cloud.add("%s,%s,%s,%sh" % (entry['mac_address'],
-                                             entry['ipv4_address'],
-                                             entry['host_name'],
-                                             lease))
+            self.cloud.add("%s,%s,%s,%s" % (entry['mac_address'],
+                                            entry['ipv4_address'],
+                                            entry['host_name'],
+                                            lease))
         else:
             tag = entry['ipv4_address'].replace(".", "_")
             self.cloud.add("%s,set:%s,%s,%s,%sh" % (entry['mac_address'],