mirror of
https://github.com/apache/cloudstack.git
synced 2025-11-02 20:02:29 +01:00
Merge branch 'master' into ui-mixed-zone-management
This commit is contained in:
Brian Federle
commit
3fef24d3e8
@ -23,6 +23,7 @@ import org.apache.cloudstack.api.InternalIdentity;
|
||||
|
||||
import com.cloud.network.rules.FirewallRule;
|
||||
import com.cloud.network.rules.FirewallRule.State;
|
||||
import com.cloud.network.rules.FirewallRule.TrafficType;
|
||||
import com.cloud.utils.net.NetUtils;
|
||||
|
||||
/**
|
||||
@ -109,6 +110,11 @@ public class FirewallRuleTO implements InternalIdentity {
|
||||
this(rule.getId(),srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), revokeState, alreadyAdded, purpose,rule.getSourceCidrList(),rule.getIcmpType(),rule.getIcmpCode());
|
||||
}
|
||||
|
||||
public FirewallRuleTO(FirewallRule rule, String guestVlanTag, FirewallRule.TrafficType trafficType) {
|
||||
this(rule.getId(), guestVlanTag, null, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState()==State.Revoke, rule.getState()==State.Active, rule.getPurpose(), rule.getSourceCidrList(), rule.getIcmpType(), rule.getIcmpCode());
|
||||
this.trafficType = trafficType;
|
||||
}
|
||||
|
||||
public FirewallRule.TrafficType getTrafficType(){
|
||||
return trafficType;
|
||||
}
|
||||
|
||||
@ -207,7 +207,7 @@ public class VMEntityManagerImpl implements VMEntityManager {
|
||||
}
|
||||
|
||||
DataCenterDeployment plan = new DataCenterDeployment(vm.getDataCenterId(), vmReservation.getPodId(), vmReservation.getClusterId(),
|
||||
vmReservation.getHostId(), poolId , null);
|
||||
vmReservation.getHostId(), null , null);
|
||||
|
||||
VMInstanceVO vmDeployed = _itMgr.start(vm, params, _userDao.findById(new Long(caller)), _accountDao.findById(vm.getAccountId()), plan);
|
||||
|
||||
|
||||
@ -386,33 +386,39 @@ setup_common() {
|
||||
ip route delete default
|
||||
if [ "$RROUTER" != "1" ]
|
||||
then
|
||||
if [ -z "$3" ]
|
||||
gwdev=$3
|
||||
if [ -z "$gwdev" ]
|
||||
then
|
||||
gwdev="eth0"
|
||||
fi
|
||||
|
||||
timer=0
|
||||
#default route add fails if we run before interface configured with ip
|
||||
log_it "checking that $gwdev has IP before setting default route to $GW"
|
||||
echo "checking that $gwdev has IP before setting default route to $GW"
|
||||
while true
|
||||
do
|
||||
ip=$(ifconfig $gwdev | grep "inet addr:" | awk '{print $2}' | awk -F: '{print $2}')
|
||||
if [ -z $ip ]
|
||||
then
|
||||
ip route add default via $GW dev eth0
|
||||
sleep 1;
|
||||
#waiting for the interface to setup with ip
|
||||
log_it "waiting for $gwdev interface setup with ip"
|
||||
echo "waiting for $gwdev interface setup with ip"
|
||||
else
|
||||
timer=0
|
||||
#default route add fails if we run before interface configured with ip
|
||||
while true
|
||||
do
|
||||
ip=$(ifconfig $3 | grep "inet addr:" | awk '{print $2}' | awk -F: '{print $2}')
|
||||
if [ -z $ip ]
|
||||
then
|
||||
sleep 1;
|
||||
#waiting for the interface to setup with ip
|
||||
echo "waiting for $3 interface setup with ip"
|
||||
else
|
||||
ip route add default via $GW dev $3
|
||||
break
|
||||
fi
|
||||
|
||||
if [ $timer -gt 5 ]
|
||||
then
|
||||
echo "interface $3 is not set up with ip... configuring default route failed"
|
||||
break
|
||||
fi
|
||||
timer=`expr $timer + 1`
|
||||
done
|
||||
ip route add default via $GW dev $gwdev
|
||||
break
|
||||
fi
|
||||
|
||||
if [ $timer -gt 15 ]
|
||||
then
|
||||
log_it "interface $gwdev is not set up with ip... configuring default route failed";
|
||||
echo "interface $gwdev is not set up with ip... configuring default route failed"
|
||||
break
|
||||
fi
|
||||
timer=`expr $timer + 1`
|
||||
done
|
||||
|
||||
fi
|
||||
|
||||
# a hacking way to activate vSwitch under VMware
|
||||
|
||||
@ -274,7 +274,7 @@ PortForwardingServiceProvider, RemoteAccessVPNServiceProvider, IpDeployer, Junip
|
||||
firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp");
|
||||
firewallCapabilities.put(Capability.MultipleIps, "true");
|
||||
firewallCapabilities.put(Capability.TrafficStatistics, "per public ip");
|
||||
firewallCapabilities.put(Capability.SupportedTrafficDirection, "ingress");
|
||||
firewallCapabilities.put(Capability.SupportedTrafficDirection, "ingress, egress");
|
||||
capabilities.put(Service.Firewall, firewallCapabilities);
|
||||
|
||||
// Disabling VPN for Juniper in Acton as it 1) Was never tested 2) probably just doesn't work
|
||||
|
||||
@ -303,7 +303,7 @@ public class JuniperSrxResource implements ServerResource {
|
||||
}
|
||||
|
||||
private enum Protocol {
|
||||
tcp, udp, icmp, any;
|
||||
tcp, udp, icmp, all, any;
|
||||
}
|
||||
|
||||
private enum RuleMatchCondition {
|
||||
@ -320,7 +320,8 @@ public class JuniperSrxResource implements ServerResource {
|
||||
private enum SecurityPolicyType {
|
||||
STATIC_NAT("staticnat"),
|
||||
DESTINATION_NAT("destnat"),
|
||||
VPN("vpn");
|
||||
VPN("vpn"),
|
||||
SECURITYPOLICY_EGRESS("egress");
|
||||
|
||||
private String identifier;
|
||||
|
||||
@ -776,6 +777,43 @@ public class JuniperSrxResource implements ServerResource {
|
||||
s_logger.debug(msg);
|
||||
}
|
||||
|
||||
private Map<String, ArrayList<FirewallRuleTO>> getActiveFirewallEgressRules(FirewallRuleTO[] allRules) {
|
||||
Map<String, ArrayList<FirewallRuleTO>> activeRules = new HashMap<String, ArrayList<FirewallRuleTO>>();
|
||||
|
||||
for (FirewallRuleTO rule : allRules) {
|
||||
String guestVlan;
|
||||
guestVlan = rule.getSrcVlanTag();
|
||||
|
||||
ArrayList<FirewallRuleTO> activeRulesForNetwork = activeRules.get(guestVlan);
|
||||
|
||||
if (activeRulesForNetwork == null) {
|
||||
activeRulesForNetwork = new ArrayList<FirewallRuleTO>();
|
||||
}
|
||||
|
||||
if (!rule.revoked() || rule.isAlreadyAdded()) {
|
||||
activeRulesForNetwork.add(rule);
|
||||
}
|
||||
|
||||
activeRules.put(guestVlan, activeRulesForNetwork);
|
||||
}
|
||||
|
||||
return activeRules;
|
||||
}
|
||||
|
||||
private List<String> extractCidrs(List<FirewallRuleTO> rules) throws ExecutionException {
|
||||
List<String> allCidrs = new ArrayList<String>();
|
||||
List<String> cidrs = new ArrayList<String>();
|
||||
|
||||
for (FirewallRuleTO rule : rules) {
|
||||
cidrs = (rule.getSourceCidrList());
|
||||
for (String cidr: cidrs) {
|
||||
if (!allCidrs.contains(cidr)) {
|
||||
allCidrs.add(cidr);
|
||||
}
|
||||
}
|
||||
}
|
||||
return allCidrs;
|
||||
}
|
||||
|
||||
/* security policies */
|
||||
private synchronized Answer execute(SetFirewallRulesCommand cmd) {
|
||||
@ -787,24 +825,39 @@ public class JuniperSrxResource implements ServerResource {
|
||||
FirewallRuleTO[] rules = cmd.getRules();
|
||||
try {
|
||||
openConfiguration();
|
||||
if (rules[0].getTrafficType() == FirewallRule.TrafficType.Egress) {
|
||||
Map<String, ArrayList<FirewallRuleTO>> activeRules = getActiveFirewallEgressRules(rules);
|
||||
Set<String> guestVlans = activeRules.keySet();
|
||||
List<String> cidrs = new ArrayList();
|
||||
|
||||
for (FirewallRuleTO rule : rules) {
|
||||
int startPort = 0, endPort = 0;
|
||||
if (rule.getSrcPortRange() != null) {
|
||||
startPort = rule.getSrcPortRange()[0];
|
||||
endPort = rule.getSrcPortRange()[1];
|
||||
for (String guestVlan : guestVlans) {
|
||||
List<FirewallRuleTO> activeRulesForGuestNw = activeRules.get(guestVlan);
|
||||
|
||||
removeEgressSecurityPolicyAndApplications(SecurityPolicyType.SECURITYPOLICY_EGRESS, guestVlan, extractCidrs(activeRulesForGuestNw));
|
||||
if (activeRulesForGuestNw.size() > 0) {
|
||||
addEgressSecurityPolicyAndApplications(SecurityPolicyType.SECURITYPOLICY_EGRESS, guestVlan, extractApplications(activeRulesForGuestNw), extractCidrs(activeRulesForGuestNw));
|
||||
}
|
||||
}
|
||||
FirewallFilterTerm term = new FirewallFilterTerm(genIpIdentifier(rule.getSrcIp()) + "-" + String.valueOf(rule.getId()), rule.getSourceCidrList(),
|
||||
rule.getSrcIp(), rule.getProtocol(), startPort, endPort,
|
||||
rule.getIcmpType(), rule.getIcmpCode(), genIpIdentifier(rule.getSrcIp()) + _usageFilterIPInput.getCounterIdentifier());
|
||||
if (!rule.revoked()) {
|
||||
manageFirewallFilter(SrxCommand.ADD, term, _publicZoneInputFilterName);
|
||||
} else {
|
||||
manageFirewallFilter(SrxCommand.DELETE, term, _publicZoneInputFilterName);
|
||||
commitConfiguration();
|
||||
} else {
|
||||
for (FirewallRuleTO rule : rules) {
|
||||
int startPort = 0, endPort = 0;
|
||||
if (rule.getSrcPortRange() != null) {
|
||||
startPort = rule.getSrcPortRange()[0];
|
||||
endPort = rule.getSrcPortRange()[1];
|
||||
FirewallFilterTerm term = new FirewallFilterTerm(genIpIdentifier(rule.getSrcIp()) + "-" + String.valueOf(rule.getId()), rule.getSourceCidrList(),
|
||||
rule.getSrcIp(), rule.getProtocol(), startPort, endPort,
|
||||
rule.getIcmpType(), rule.getIcmpCode(), genIpIdentifier(rule.getSrcIp()) + _usageFilterIPInput.getCounterIdentifier());
|
||||
if (!rule.revoked()) {
|
||||
manageFirewallFilter(SrxCommand.ADD, term, _publicZoneInputFilterName);
|
||||
} else {
|
||||
manageFirewallFilter(SrxCommand.DELETE, term, _publicZoneInputFilterName);
|
||||
}
|
||||
}
|
||||
commitConfiguration();
|
||||
}
|
||||
}
|
||||
|
||||
commitConfiguration();
|
||||
return new Answer(cmd);
|
||||
} catch (ExecutionException e) {
|
||||
s_logger.error(e);
|
||||
@ -992,7 +1045,7 @@ public class JuniperSrxResource implements ServerResource {
|
||||
|
||||
// Delete all security policies
|
||||
for (String securityPolicyName : getVpnObjectNames(SrxXml.SECURITY_POLICY_GETALL, accountId)) {
|
||||
manageSecurityPolicy(SecurityPolicyType.VPN, SrxCommand.DELETE, accountId, null, null, null, securityPolicyName);
|
||||
manageSecurityPolicy(SecurityPolicyType.VPN, SrxCommand.DELETE, accountId, null, null, null, null, securityPolicyName);
|
||||
}
|
||||
|
||||
// Delete all address book entries
|
||||
@ -1064,7 +1117,7 @@ public class JuniperSrxResource implements ServerResource {
|
||||
manageAddressBookEntry(srxCmd, _privateZone , guestNetworkCidr, ipsecVpnName);
|
||||
|
||||
// Security policy
|
||||
manageSecurityPolicy(SecurityPolicyType.VPN, srxCmd, null, null, guestNetworkCidr, null, ipsecVpnName);
|
||||
manageSecurityPolicy(SecurityPolicyType.VPN, srxCmd, null, null, guestNetworkCidr, null, null, ipsecVpnName);
|
||||
}
|
||||
|
||||
commitConfiguration();
|
||||
@ -2455,38 +2508,44 @@ public class JuniperSrxResource implements ServerResource {
|
||||
* Applications
|
||||
*/
|
||||
|
||||
private String genApplicationName(Protocol protocol, int startPort, int endPort) {
|
||||
private String genApplicationName(SecurityPolicyType type, Protocol protocol, int startPort, int endPort) {
|
||||
if (protocol.equals(Protocol.any)) {
|
||||
return Protocol.any.toString();
|
||||
} else {
|
||||
return genObjectName(protocol.toString(), String.valueOf(startPort), String.valueOf(endPort));
|
||||
if (type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS)) {
|
||||
return genObjectName(type.getIdentifier(), protocol.toString(), String.valueOf(startPort), String.valueOf(endPort));
|
||||
} else {
|
||||
return genObjectName(protocol.toString(), String.valueOf(startPort), String.valueOf(endPort));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private Object[] parseApplicationName(String applicationName) throws ExecutionException {
|
||||
private Object[] parseApplicationName(SecurityPolicyType type, String applicationName) throws ExecutionException {
|
||||
String errorMsg = "Invalid application: " + applicationName;
|
||||
String[] applicationComponents = applicationName.split("-");
|
||||
|
||||
Protocol protocol;
|
||||
Integer startPort;
|
||||
Integer endPort;
|
||||
int offset = 0;
|
||||
try {
|
||||
protocol = getProtocol(applicationComponents[0]);
|
||||
startPort = Integer.parseInt(applicationComponents[1]);
|
||||
endPort = Integer.parseInt(applicationComponents[2]);
|
||||
} catch (Exception e) {
|
||||
offset = type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS) ? 1 : 0;
|
||||
protocol = getProtocol(applicationComponents[offset + 0]);
|
||||
startPort = Integer.parseInt(applicationComponents[offset + 1]);
|
||||
endPort = Integer.parseInt(applicationComponents[offset + 2]);
|
||||
} catch (Exception e) {
|
||||
throw new ExecutionException(errorMsg);
|
||||
}
|
||||
|
||||
return new Object[]{protocol, startPort, endPort};
|
||||
}
|
||||
|
||||
private boolean manageApplication(SrxCommand command, Protocol protocol, int startPort, int endPort) throws ExecutionException {
|
||||
private boolean manageApplication(SecurityPolicyType type, SrxCommand command, Protocol protocol, int startPort, int endPort) throws ExecutionException {
|
||||
if (protocol.equals(Protocol.any)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
String applicationName = genApplicationName(protocol, startPort, endPort);
|
||||
String applicationName = genApplicationName(type, protocol, startPort, endPort);
|
||||
String xml;
|
||||
|
||||
switch (command) {
|
||||
@ -2498,23 +2557,28 @@ public class JuniperSrxResource implements ServerResource {
|
||||
return sendRequestAndCheckResponse(command, xml, "name", applicationName);
|
||||
|
||||
case ADD:
|
||||
if (manageApplication(SrxCommand.CHECK_IF_EXISTS, protocol, startPort, endPort)) {
|
||||
if (manageApplication(type, SrxCommand.CHECK_IF_EXISTS, protocol, startPort, endPort)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
String icmpOrDestPort;
|
||||
xml = SrxXml.APPLICATION_ADD.getXml();
|
||||
xml = replaceXmlValue(xml, "name", applicationName);
|
||||
xml = replaceXmlValue(xml, "protocol", protocol.toString());
|
||||
|
||||
String destPort;
|
||||
if (startPort == endPort) {
|
||||
destPort = String.valueOf(startPort);
|
||||
if (protocol.toString() == Protocol.icmp.toString()) {
|
||||
icmpOrDestPort = "<icmp-type>" + startPort + "</icmp-type>";
|
||||
icmpOrDestPort += "<icmp-code>" + endPort + "</icmp-code>";
|
||||
} else {
|
||||
destPort = startPort + "-" + endPort;
|
||||
String destPort;
|
||||
|
||||
if (startPort == endPort) {
|
||||
destPort = String.valueOf(startPort);
|
||||
} else {
|
||||
destPort = startPort + "-" + endPort;
|
||||
}
|
||||
icmpOrDestPort = "<destination-port>" + destPort + "</destination-port>";
|
||||
}
|
||||
|
||||
xml = replaceXmlValue(xml, "dest-port", destPort);
|
||||
|
||||
xml = replaceXmlValue(xml, "dest-port-icmp", icmpOrDestPort);
|
||||
if (!sendRequestAndCheckResponse(command, xml)) {
|
||||
throw new ExecutionException("Failed to add application " + applicationName);
|
||||
} else {
|
||||
@ -2522,7 +2586,7 @@ public class JuniperSrxResource implements ServerResource {
|
||||
}
|
||||
|
||||
case DELETE:
|
||||
if (!manageApplication(SrxCommand.CHECK_IF_EXISTS, protocol, startPort, endPort)) {
|
||||
if (!manageApplication(type, SrxCommand.CHECK_IF_EXISTS, protocol, startPort, endPort)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -2543,13 +2607,13 @@ public class JuniperSrxResource implements ServerResource {
|
||||
|
||||
}
|
||||
|
||||
private List<String> getUnusedApplications(List<String> applications) throws ExecutionException {
|
||||
private List<String> getUnusedApplications(List<String> applications, String fromZone, String toZone) throws ExecutionException {
|
||||
List<String> unusedApplications = new ArrayList<String>();
|
||||
|
||||
// Check if any of the applications are unused by existing security policies
|
||||
String xml = SrxXml.SECURITY_POLICY_GETALL.getXml();
|
||||
xml = replaceXmlValue(xml, "from-zone", _publicZone);
|
||||
xml = replaceXmlValue(xml, "to-zone", _privateZone);
|
||||
xml = replaceXmlValue(xml, "from-zone", fromZone);
|
||||
xml = replaceXmlValue(xml, "to-zone", toZone);
|
||||
String allPolicies = sendRequest(xml);
|
||||
|
||||
for (String application : applications) {
|
||||
@ -2560,10 +2624,7 @@ public class JuniperSrxResource implements ServerResource {
|
||||
|
||||
return unusedApplications;
|
||||
}
|
||||
|
||||
private List<String> getApplicationsForSecurityPolicy(SecurityPolicyType type, String privateIp) throws ExecutionException {
|
||||
String fromZone = _publicZone;
|
||||
String toZone = _privateZone;
|
||||
private List<String> getApplicationsForSecurityPolicy(SecurityPolicyType type, String privateIp, String fromZone, String toZone) throws ExecutionException {
|
||||
String policyName = genSecurityPolicyName(type, null, null, fromZone, toZone, privateIp);
|
||||
String xml = SrxXml.SECURITY_POLICY_GETONE.getXml();
|
||||
xml = setDelete(xml, false);
|
||||
@ -2591,8 +2652,31 @@ public class JuniperSrxResource implements ServerResource {
|
||||
for (FirewallRuleTO rule : rules) {
|
||||
Object[] application = new Object[3];
|
||||
application[0] = getProtocol(rule.getProtocol());
|
||||
application[1] = rule.getSrcPortRange()[0];
|
||||
application[2] = rule.getSrcPortRange()[1];
|
||||
if (application[0] == Protocol.icmp) {
|
||||
if (rule.getIcmpType() == -1) {
|
||||
application[1] = 255;
|
||||
} else {
|
||||
application[1] = rule.getIcmpType();
|
||||
}
|
||||
|
||||
if (rule.getIcmpCode() == -1) {
|
||||
application[2] = 255;
|
||||
} else {
|
||||
application[2] = rule.getIcmpCode();
|
||||
}
|
||||
} else if (application[0] == Protocol.tcp || application[0] == Protocol.udp) {
|
||||
if (rule.getSrcPortRange() != null) {
|
||||
application[1] = rule.getSrcPortRange()[0];
|
||||
application[2] = rule.getSrcPortRange()[1];
|
||||
} else {
|
||||
application[1] = 0;
|
||||
application[2] = 65535;
|
||||
}
|
||||
} else if (application[0] == Protocol.all) {
|
||||
application[1] = 0;
|
||||
application[2] = 65535;
|
||||
}
|
||||
|
||||
applications.add(application);
|
||||
}
|
||||
|
||||
@ -2611,16 +2695,20 @@ public class JuniperSrxResource implements ServerResource {
|
||||
}
|
||||
}
|
||||
|
||||
private boolean manageSecurityPolicy(SecurityPolicyType type, SrxCommand command, Long accountId, String username, String privateIp, List<String> applicationNames, String ipsecVpnName) throws ExecutionException {
|
||||
private boolean manageSecurityPolicy(SecurityPolicyType type, SrxCommand command, Long accountId, String username, String privateIp, List<String> applicationNames, List<String> cidrs, String ipsecVpnName) throws ExecutionException {
|
||||
String fromZone = _publicZone;
|
||||
String toZone = _privateZone;
|
||||
|
||||
String securityPolicyName;
|
||||
String addressBookEntryName;
|
||||
|
||||
String addressBookEntryName = null;
|
||||
|
||||
if (type.equals(SecurityPolicyType.VPN) && ipsecVpnName != null) {
|
||||
securityPolicyName = ipsecVpnName;
|
||||
addressBookEntryName = ipsecVpnName;
|
||||
securityPolicyName = ipsecVpnName;
|
||||
addressBookEntryName = ipsecVpnName;
|
||||
} else if (type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS)) {
|
||||
fromZone = _privateZone;
|
||||
toZone = _publicZone;
|
||||
securityPolicyName = genSecurityPolicyName(type, accountId, username, fromZone, toZone, privateIp);
|
||||
} else {
|
||||
securityPolicyName = genSecurityPolicyName(type, accountId, username, fromZone, toZone, privateIp);
|
||||
addressBookEntryName = genAddressBookEntryName(privateIp);
|
||||
@ -2661,17 +2749,38 @@ public class JuniperSrxResource implements ServerResource {
|
||||
return false;
|
||||
|
||||
case ADD:
|
||||
if (!manageAddressBookEntry(SrxCommand.CHECK_IF_EXISTS, toZone, privateIp, ipsecVpnName)) {
|
||||
throw new ExecutionException("No address book entry for policy: " + securityPolicyName);
|
||||
if (!type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS)) {
|
||||
if (!manageAddressBookEntry(SrxCommand.CHECK_IF_EXISTS, toZone, privateIp, addressBookEntryName)) {
|
||||
throw new ExecutionException("No address book entry for policy: " + securityPolicyName);
|
||||
}
|
||||
}
|
||||
|
||||
String srcAddrs = "";
|
||||
String dstAddrs = "";
|
||||
xml = SrxXml.SECURITY_POLICY_ADD.getXml();
|
||||
xml = replaceXmlValue(xml, "policy-name", securityPolicyName);
|
||||
if (type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS)) {
|
||||
xml = replaceXmlValue(xml, "from-zone", _privateZone);
|
||||
xml = replaceXmlValue(xml, "to-zone", _publicZone);
|
||||
if (cidrs == null) {
|
||||
srcAddrs = "<source-address>any</source-address>";
|
||||
} else {
|
||||
for (String cidr : cidrs) {
|
||||
srcAddrs += "<source-address>" + genAddressBookEntryName(cidr) + "</source-address>";
|
||||
}
|
||||
}
|
||||
xml = replaceXmlValue(xml, "src-address", srcAddrs);
|
||||
dstAddrs = "<destination-address>any</destination-address>";
|
||||
xml = replaceXmlValue(xml, "dst-address", dstAddrs);
|
||||
} else {
|
||||
xml = replaceXmlValue(xml, "from-zone", fromZone);
|
||||
xml = replaceXmlValue(xml, "to-zone", toZone);
|
||||
srcAddrs = "<source-address>any</source-address>";
|
||||
xml = replaceXmlValue(xml, "src-address", srcAddrs);
|
||||
dstAddrs = "<destination-address>" + addressBookEntryName + "</destination-address>";
|
||||
xml = replaceXmlValue(xml, "dst-address", dstAddrs);
|
||||
}
|
||||
|
||||
xml = SrxXml.SECURITY_POLICY_ADD.getXml();
|
||||
xml = replaceXmlValue(xml, "from-zone", fromZone);
|
||||
xml = replaceXmlValue(xml, "to-zone", toZone);
|
||||
xml = replaceXmlValue(xml, "policy-name", securityPolicyName);
|
||||
xml = replaceXmlValue(xml, "src-address", "any");
|
||||
xml = replaceXmlValue(xml, "dest-address", addressBookEntryName);
|
||||
|
||||
if (type.equals(SecurityPolicyType.VPN) && ipsecVpnName != null) {
|
||||
xml = replaceXmlValue(xml, "tunnel", "<tunnel><ipsec-vpn>" + ipsecVpnName + "</ipsec-vpn></tunnel>");
|
||||
} else {
|
||||
@ -2679,7 +2788,7 @@ public class JuniperSrxResource implements ServerResource {
|
||||
}
|
||||
|
||||
String applications;
|
||||
if (applicationNames == null) {
|
||||
if (applicationNames == null || applicationNames.size() == 0) {
|
||||
applications = "<application>any</application>";
|
||||
} else {
|
||||
applications = "";
|
||||
@ -2697,11 +2806,11 @@ public class JuniperSrxResource implements ServerResource {
|
||||
}
|
||||
|
||||
case DELETE:
|
||||
if (!manageSecurityPolicy(type, SrxCommand.CHECK_IF_EXISTS, null, null, privateIp, applicationNames, ipsecVpnName)) {
|
||||
if (!manageSecurityPolicy(type, SrxCommand.CHECK_IF_EXISTS, null, null, privateIp, applicationNames, cidrs, ipsecVpnName)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (manageSecurityPolicy(type, SrxCommand.CHECK_IF_IN_USE, null, null, privateIp, applicationNames, ipsecVpnName)) {
|
||||
if (manageSecurityPolicy(type, SrxCommand.CHECK_IF_IN_USE, null, null, privateIp, applicationNames, cidrs, ipsecVpnName)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -2757,42 +2866,42 @@ public class JuniperSrxResource implements ServerResource {
|
||||
int startPort = application[1] != null ? ((Integer) application[1]) : -1;
|
||||
int endPort = application[2] != null ? ((Integer) application[2]) : -1;
|
||||
|
||||
String applicationName = genApplicationName(protocol, startPort, endPort);
|
||||
String applicationName = genApplicationName(type, protocol, startPort, endPort);
|
||||
if (!applicationNames.contains(applicationName)) {
|
||||
applicationNames.add(applicationName);
|
||||
}
|
||||
|
||||
manageApplication(SrxCommand.ADD, protocol, startPort, endPort);
|
||||
manageApplication(type, SrxCommand.ADD, protocol, startPort, endPort);
|
||||
}
|
||||
|
||||
// Add a new security policy
|
||||
manageSecurityPolicy(type, SrxCommand.ADD, null, null, privateIp, applicationNames, null);
|
||||
manageSecurityPolicy(type, SrxCommand.ADD, null, null, privateIp, applicationNames, null, null);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
private boolean removeSecurityPolicyAndApplications(SecurityPolicyType type, String privateIp) throws ExecutionException {
|
||||
if (!manageSecurityPolicy(type, SrxCommand.CHECK_IF_EXISTS, null, null, privateIp, null, null)) {
|
||||
if (!manageSecurityPolicy(type, SrxCommand.CHECK_IF_EXISTS, null, null, privateIp, null,null, null)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (manageSecurityPolicy(type, SrxCommand.CHECK_IF_IN_USE, null, null, privateIp, null, null)) {
|
||||
if (manageSecurityPolicy(type, SrxCommand.CHECK_IF_IN_USE, null, null, privateIp, null, null, null)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Get a list of applications for this security policy
|
||||
List<String> applications = getApplicationsForSecurityPolicy(type, privateIp);
|
||||
List<String> applications = getApplicationsForSecurityPolicy(type, privateIp, _publicZone, _privateZone);
|
||||
|
||||
// Remove the security policy
|
||||
manageSecurityPolicy(type, SrxCommand.DELETE, null, null, privateIp, null, null);
|
||||
// Remove the security policy
|
||||
manageSecurityPolicy(type, SrxCommand.DELETE, null, null, privateIp, null, null, null);
|
||||
|
||||
// Remove any applications for the removed security policy that are no longer in use
|
||||
List<String> unusedApplications = getUnusedApplications(applications);
|
||||
List<String> unusedApplications = getUnusedApplications(applications, _publicZone, _privateZone);
|
||||
for (String application : unusedApplications) {
|
||||
Object[] applicationComponents;
|
||||
|
||||
try {
|
||||
applicationComponents = parseApplicationName(application);
|
||||
applicationComponents = parseApplicationName(type, application);
|
||||
} catch (ExecutionException e) {
|
||||
s_logger.error("Found an invalid application: " + application + ". Not attempting to clean up.");
|
||||
continue;
|
||||
@ -2800,13 +2909,78 @@ public class JuniperSrxResource implements ServerResource {
|
||||
|
||||
Protocol protocol = (Protocol) applicationComponents[0];
|
||||
Integer startPort = (Integer) applicationComponents[1];
|
||||
Integer endPort = (Integer) applicationComponents[2];
|
||||
manageApplication(SrxCommand.DELETE, protocol, startPort, endPort);
|
||||
Integer endPort = (Integer) applicationComponents[2];
|
||||
manageApplication(type, SrxCommand.DELETE, protocol, startPort, endPort);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
private boolean removeEgressSecurityPolicyAndApplications(SecurityPolicyType type, String guestVlan, List <String> cidrs) throws ExecutionException {
|
||||
if (!manageSecurityPolicy(type, SrxCommand.CHECK_IF_EXISTS, null, null, guestVlan, null, cidrs, null)) {
|
||||
return true;
|
||||
}
|
||||
// Get a list of applications for this security policy
|
||||
List<String> applications;
|
||||
applications = getApplicationsForSecurityPolicy(type, guestVlan, _privateZone, _publicZone);
|
||||
|
||||
// Remove the security policy even if it is in use
|
||||
manageSecurityPolicy(type, SrxCommand.DELETE, null, null, guestVlan, null, cidrs, null);
|
||||
|
||||
// Remove any applications for the removed security policy that are no longer in use
|
||||
List<String> unusedApplications;
|
||||
unusedApplications = getUnusedApplications(applications, _privateZone, _publicZone);
|
||||
|
||||
for (String application : unusedApplications) {
|
||||
Object[] applicationComponents;
|
||||
|
||||
try {
|
||||
applicationComponents = parseApplicationName(type, application);
|
||||
} catch (ExecutionException e) {
|
||||
s_logger.error("Found an invalid application: " + application + ". Not attempting to clean up.");
|
||||
continue;
|
||||
}
|
||||
|
||||
Protocol protocol = (Protocol) applicationComponents[0];
|
||||
Integer startPort = (Integer) applicationComponents[1];
|
||||
Integer endPort = (Integer) applicationComponents[2];
|
||||
manageApplication(type, SrxCommand.DELETE, protocol, startPort, endPort);
|
||||
}
|
||||
for (String cidr: cidrs) {
|
||||
manageAddressBookEntry(SrxCommand.DELETE, _publicZone, cidr, null);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
private boolean addEgressSecurityPolicyAndApplications(SecurityPolicyType type, String guestVlan, List<Object[]> applications, List <String> cidrs) throws ExecutionException {
|
||||
// Add all necessary applications
|
||||
List<String> applicationNames = new ArrayList<String>();
|
||||
for (Object[] application : applications) {
|
||||
Protocol protocol = (Protocol) application[0];
|
||||
if (!protocol.equals(Protocol.all)) {
|
||||
int startPort = application[1] != null ? ((Integer) application[1]) : 0;
|
||||
int endPort = application[2] != null ? ((Integer) application[2]) : 65535;
|
||||
|
||||
String applicationName = genApplicationName(type, protocol, startPort, endPort);
|
||||
if (!applicationNames.contains(applicationName)) {
|
||||
applicationNames.add(applicationName);
|
||||
}
|
||||
manageApplication(type, SrxCommand.ADD, protocol, startPort, endPort);
|
||||
}
|
||||
}
|
||||
|
||||
for (String cidr: cidrs) {
|
||||
manageAddressBookEntry(SrxCommand.ADD, _privateZone, cidr, null);
|
||||
}
|
||||
|
||||
// Add a new security policy
|
||||
manageSecurityPolicy(type, SrxCommand.ADD, null, null, guestVlan, applicationNames, cidrs, null);
|
||||
s_logger.debug("Added Egress firewall rule for guest network " + guestVlan);
|
||||
return true;
|
||||
}
|
||||
|
||||
/*
|
||||
* Filter terms
|
||||
*/
|
||||
|
||||
@ -23,7 +23,7 @@ under the License.
|
||||
<application>
|
||||
<name>%name%</name>
|
||||
<protocol>%protocol%</protocol>
|
||||
<destination-port>%dest-port%</destination-port>
|
||||
%dest-port-icmp%
|
||||
</application>
|
||||
</applications>
|
||||
</configuration>
|
||||
|
||||
@ -27,8 +27,8 @@ under the License.
|
||||
<policy>
|
||||
<name>%policy-name%</name>
|
||||
<match>
|
||||
<source-address>%src-address%</source-address>
|
||||
<destination-address>%dest-address%</destination-address>
|
||||
%src-address%
|
||||
%dst-address%
|
||||
%applications%
|
||||
</match>
|
||||
<then>
|
||||
|
||||
@ -53,6 +53,6 @@ my $msg = "pubkey:" . $key . "\ncmdline:" . $cmdline;
|
||||
|
||||
my $socket = IO::Socket::UNIX->new(Peer=>$sockfile,Type=>SOCK_STREAM)
|
||||
or die "ERROR: unable to connect to $sockfile - $^E\n";
|
||||
print $socket "$msg\r\n";
|
||||
print $socket "$msg\n";
|
||||
close $socket;
|
||||
|
||||
|
||||
@ -102,7 +102,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
|
||||
@Inject protected StorageManager _storageMgr;
|
||||
@Inject DataStoreManager dataStoreMgr;
|
||||
@Inject protected ClusterDetailsDao _clusterDetailsDao;
|
||||
|
||||
|
||||
protected List<StoragePoolAllocator> _storagePoolAllocators;
|
||||
public List<StoragePoolAllocator> getStoragePoolAllocators() {
|
||||
return _storagePoolAllocators;
|
||||
@ -157,7 +157,8 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
|
||||
if(plan.getHostId() != null && haVmTag == null){
|
||||
Long hostIdSpecified = plan.getHostId();
|
||||
if (s_logger.isDebugEnabled()){
|
||||
s_logger.debug("DeploymentPlan has host_id specified, making no checks on this host, looks like admin test: "+hostIdSpecified);
|
||||
s_logger.debug("DeploymentPlan has host_id specified, choosing this host and making no checks on this host: "
|
||||
+ hostIdSpecified);
|
||||
}
|
||||
HostVO host = _hostDao.findById(hostIdSpecified);
|
||||
if (s_logger.isDebugEnabled()) {
|
||||
@ -407,9 +408,9 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
|
||||
}
|
||||
|
||||
/**
|
||||
* This method should reorder the given list of Cluster Ids by applying any necessary heuristic
|
||||
* This method should reorder the given list of Cluster Ids by applying any necessary heuristic
|
||||
* for this planner
|
||||
* For FirstFitPlanner there is no specific heuristic to be applied
|
||||
* For FirstFitPlanner there is no specific heuristic to be applied
|
||||
* other than the capacity based ordering which is done by default.
|
||||
* @return List<Long> ordered list of Cluster Ids
|
||||
*/
|
||||
@ -419,9 +420,9 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
|
||||
}
|
||||
|
||||
/**
|
||||
* This method should reorder the given list of Pod Ids by applying any necessary heuristic
|
||||
* This method should reorder the given list of Pod Ids by applying any necessary heuristic
|
||||
* for this planner
|
||||
* For FirstFitPlanner there is no specific heuristic to be applied
|
||||
* For FirstFitPlanner there is no specific heuristic to be applied
|
||||
* other than the capacity based ordering which is done by default.
|
||||
* @return List<Long> ordered list of Pod Ids
|
||||
*/
|
||||
@ -443,7 +444,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
|
||||
private List<Long> listDisabledPods(long zoneId){
|
||||
List<Long> disabledPods = _podDao.listDisabledPods(zoneId);
|
||||
return disabledPods;
|
||||
}
|
||||
}
|
||||
|
||||
private Map<Short,Float> getCapacityThresholdMap(){
|
||||
// Lets build this real time so that the admin wont have to restart MS if he changes these values
|
||||
@ -461,9 +462,9 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
|
||||
}
|
||||
|
||||
private List<Short> getCapacitiesForCheckingThreshold(){
|
||||
List<Short> capacityList = new ArrayList<Short>();
|
||||
List<Short> capacityList = new ArrayList<Short>();
|
||||
capacityList.add(Capacity.CAPACITY_TYPE_CPU);
|
||||
capacityList.add(Capacity.CAPACITY_TYPE_MEMORY);
|
||||
capacityList.add(Capacity.CAPACITY_TYPE_MEMORY);
|
||||
return capacityList;
|
||||
}
|
||||
|
||||
@ -479,7 +480,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
|
||||
|
||||
// For each capacity get the cluster list crossing the threshold and remove it from the clusterList that will be used for vm allocation.
|
||||
for(short capacity : capacityList){
|
||||
|
||||
|
||||
if (clusterListForVmAllocation == null || clusterListForVmAllocation.size() == 0){
|
||||
return;
|
||||
}
|
||||
@ -492,17 +493,17 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
|
||||
capacityThresholdMap.get(capacity), ram_requested );
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (clustersCrossingThreshold != null && clustersCrossingThreshold.size() != 0){
|
||||
// addToAvoid Set
|
||||
avoid.addClusterList(clustersCrossingThreshold);
|
||||
// Remove clusters crossing disabled threshold
|
||||
clusterListForVmAllocation.removeAll(clustersCrossingThreshold);
|
||||
|
||||
|
||||
s_logger.debug("Cannot allocate cluster list " + clustersCrossingThreshold.toString() + " for vm creation since their allocated percentage" +
|
||||
" crosses the disable capacity threshold: " + capacityThresholdMap.get(capacity) + " for capacity Type : " + capacity + ", skipping these clusters");
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@ -652,7 +653,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
|
||||
public int compare(Volume v1, Volume v2) {
|
||||
if(v1.getSize() < v2.getSize())
|
||||
return 1;
|
||||
else
|
||||
else
|
||||
return -1;
|
||||
}
|
||||
});
|
||||
@ -749,7 +750,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
|
||||
}else{
|
||||
pool = (StoragePool)this.dataStoreMgr.getPrimaryDataStore(plan.getPoolId());
|
||||
}
|
||||
|
||||
|
||||
if(!pool.isInMaintenance()){
|
||||
if(!avoid.shouldAvoid(pool)){
|
||||
long exstPoolDcId = pool.getDataCenterId();
|
||||
@ -781,13 +782,13 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
|
||||
if(!isRootAdmin(plan.getReservationContext())){
|
||||
if(!isEnabledForAllocation(plan.getDataCenterId(), plan.getPodId(), plan.getClusterId())){
|
||||
if(s_logger.isDebugEnabled()){
|
||||
s_logger.debug("Cannot allocate new storagepool for this volume in this cluster, allocation state is disabled");
|
||||
s_logger.debug("Cannot allocate new storagepool for this volume in this cluster, allocation state is disabled");
|
||||
s_logger.debug("Cannot deploy to this specified plan, allocation state is disabled, returning.");
|
||||
}
|
||||
//Cannot find suitable storage pools under this cluster for this volume since allocation_state is disabled.
|
||||
//Cannot find suitable storage pools under this cluster for this volume since allocation_state is disabled.
|
||||
//- remove any suitable pools found for other volumes.
|
||||
//All volumes should get suitable pools under this cluster; else we cant use this cluster.
|
||||
suitableVolumeStoragePools.clear();
|
||||
suitableVolumeStoragePools.clear();
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -877,7 +878,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentPlanner {
|
||||
super.configure(name, params);
|
||||
_allocationAlgorithm = _configDao.getValue(Config.VmAllocationAlgorithm.key());
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
private boolean isEnabledForAllocation(long zoneId, Long podId, Long clusterId){
|
||||
// Check if the zone exists in the system
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
|
||||
// Licensed to the Apache Software Foundation (ASF) under one
|
||||
// or more contributor license agreements. See the NOTICE file
|
||||
// distributed with this work for additional information
|
||||
@ -541,8 +542,15 @@ public abstract class ExternalFirewallDeviceManagerImpl extends AdapterBase impl
|
||||
if (rule.getSourceCidrList() == null && (rule.getPurpose() == Purpose.Firewall || rule.getPurpose() == Purpose.NetworkACL)) {
|
||||
_fwRulesDao.loadSourceCidrs((FirewallRuleVO)rule);
|
||||
}
|
||||
IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
|
||||
FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr());
|
||||
FirewallRuleTO ruleTO;
|
||||
if (rule.getPurpose() == Purpose.Firewall && rule.getTrafficType() == FirewallRule.TrafficType.Egress) {
|
||||
String guestVlanTag = network.getBroadcastUri().getHost();
|
||||
String guestCidr = network.getCidr();
|
||||
ruleTO = new FirewallRuleTO(rule, guestVlanTag, rule.getTrafficType());
|
||||
} else {
|
||||
IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
|
||||
ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr());
|
||||
}
|
||||
rulesTO.add(ruleTO);
|
||||
}
|
||||
|
||||
|
||||
@ -65,6 +65,7 @@ public class Upgrade410to420 implements DbUpgrade {
|
||||
updateSystemVmTemplates(conn);
|
||||
updateCluster_details(conn);
|
||||
updatePrimaryStore(conn);
|
||||
addEgressFwRulesForSRXGuestNw(conn);
|
||||
}
|
||||
|
||||
private void updateSystemVmTemplates(Connection conn) {
|
||||
@ -305,4 +306,63 @@ public class Upgrade410to420 implements DbUpgrade {
|
||||
}
|
||||
}
|
||||
}
|
||||
private void addEgressFwRulesForSRXGuestNw(Connection conn) {
|
||||
PreparedStatement pstmt = null;
|
||||
ResultSet rs = null;
|
||||
ResultSet rsId = null;
|
||||
ResultSet rsNw = null;
|
||||
try {
|
||||
pstmt = conn.prepareStatement("select network_id FROM `cloud`.`ntwk_service_map` where service='Firewall' and provider='JuniperSRX' ");
|
||||
rs = pstmt.executeQuery();
|
||||
while (rs.next()) {
|
||||
long netId = rs.getLong(1);
|
||||
//checking for Isolated OR Virtual
|
||||
pstmt = conn.prepareStatement("select account_id, domain_id FROM `cloud`.`networks` where (guest_type='Isolated' OR guest_type='Virtual') and traffic_type='Guest' and vpc_id is NULL and (state='implemented' OR state='Shutdown') and id=? ");
|
||||
pstmt.setLong(1, netId);
|
||||
s_logger.debug("Getting account_id, domain_id from networks table: " + pstmt);
|
||||
rsNw = pstmt.executeQuery();
|
||||
|
||||
if(rsNw.next()) {
|
||||
long accountId = rsNw.getLong(1);
|
||||
long domainId = rsNw.getLong(2);
|
||||
|
||||
//Add new rule for the existing networks
|
||||
s_logger.debug("Adding default egress firewall rule for network " + netId);
|
||||
pstmt = conn.prepareStatement("INSERT INTO firewall_rules (uuid, state, protocol, purpose, account_id, domain_id, network_id, xid, created, traffic_type) VALUES (?, 'Active', 'all', 'Firewall', ?, ?, ?, ?, now(), 'Egress')");
|
||||
pstmt.setString(1, UUID.randomUUID().toString());
|
||||
pstmt.setLong(2, accountId);
|
||||
pstmt.setLong(3, domainId);
|
||||
pstmt.setLong(4, netId);
|
||||
pstmt.setString(5, UUID.randomUUID().toString());
|
||||
s_logger.debug("Inserting default egress firewall rule " + pstmt);
|
||||
pstmt.executeUpdate();
|
||||
|
||||
pstmt = conn.prepareStatement("select id from firewall_rules where protocol='all' and network_id=?");
|
||||
pstmt.setLong(1, netId);
|
||||
rsId = pstmt.executeQuery();
|
||||
|
||||
long firewallRuleId;
|
||||
if(rsId.next()) {
|
||||
firewallRuleId = rsId.getLong(1);
|
||||
pstmt = conn.prepareStatement("insert into firewall_rules_cidrs (firewall_rule_id,source_cidr) values (?, '0.0.0.0/0')");
|
||||
pstmt.setLong(1, firewallRuleId);
|
||||
s_logger.debug("Inserting rule for cidr 0.0.0.0/0 for the new Firewall rule id=" + firewallRuleId + " with statement " + pstmt);
|
||||
pstmt.executeUpdate();
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch (SQLException e) {
|
||||
throw new CloudRuntimeException("Unable to set egress firewall rules ", e);
|
||||
} finally {
|
||||
try {
|
||||
if (rs != null) {
|
||||
rs.close();
|
||||
}
|
||||
if (pstmt != null) {
|
||||
pstmt.close();
|
||||
}
|
||||
} catch (SQLException e) {
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -65,18 +65,19 @@ install_packages() {
|
||||
|
||||
# vmware tools
|
||||
apt-get --no-install-recommends -q -y --force-yes install open-vm-tools
|
||||
apt-get --no-install-recommends -q -y --force-yes install build-essential linux-headers-`uname -r`
|
||||
df -h
|
||||
PREVDIR=$PWD
|
||||
cd /opt
|
||||
wget http://people.apache.org/~bhaisaab/cloudstack/VMwareTools-9.2.1-818201.tar.gz
|
||||
tar xzf VMwareTools-9.2.1-818201.tar.gz
|
||||
rm VMwareTools-*.tar.gz
|
||||
cd vmware-tools-distrib
|
||||
./vmware-install.pl -d
|
||||
cd $PREV
|
||||
rm -fr /opt/vmware-tools-distrib
|
||||
apt-get -q -y --force-yes purge build-essential
|
||||
# commented installaion of vmware-tools as we are using the opensource open-vm-tools:
|
||||
# apt-get --no-install-recommends -q -y --force-yes install build-essential linux-headers-`uname -r`
|
||||
# df -h
|
||||
# PREVDIR=$PWD
|
||||
# cd /opt
|
||||
# wget http://people.apache.org/~bhaisaab/cloudstack/VMwareTools-9.2.1-818201.tar.gz
|
||||
# tar xzf VMwareTools-9.2.1-818201.tar.gz
|
||||
# rm VMwareTools-*.tar.gz
|
||||
# cd vmware-tools-distrib
|
||||
# ./vmware-install.pl -d
|
||||
# cd $PREV
|
||||
# rm -fr /opt/vmware-tools-distrib
|
||||
# apt-get -q -y --force-yes purge build-essential
|
||||
}
|
||||
|
||||
setup_accounts() {
|
||||
@ -184,7 +185,7 @@ configure_services() {
|
||||
snapshot_url="https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=snapshot;h=HEAD;sf=tgz"
|
||||
snapshot_dir="/opt/cloudstack*"
|
||||
cd /opt
|
||||
wget $snapshot_url -O cloudstack.tar.gz
|
||||
wget --no-check-certificate $snapshot_url -O cloudstack.tar.gz
|
||||
tar -zxvf cloudstack.tar.gz
|
||||
cp -rv $snapshot_dir/patches/systemvm/debian/config/* /
|
||||
cp -rv $snapshot_dir/patches/systemvm/debian/vpn/* /
|
||||
|
||||
@ -136,7 +136,7 @@ d-i partman-auto/expert_recipe string \
|
||||
use_filesystem{ } filesystem{ ext4 } \
|
||||
mountpoint{ /boot } \
|
||||
. \
|
||||
250 40 400 ext4 \
|
||||
300 40 400 ext4 \
|
||||
method{ format } format{ } \
|
||||
use_filesystem{ } filesystem{ ext4 } \
|
||||
mountpoint{ / } \
|
||||
@ -146,12 +146,12 @@ d-i partman-auto/expert_recipe string \
|
||||
use_filesystem{ } filesystem{ ext4 } \
|
||||
mountpoint{ /home } \
|
||||
. \
|
||||
900 20 1100 ext4 \
|
||||
650 20 1100 ext4 \
|
||||
method{ format } format{ } \
|
||||
use_filesystem{ } filesystem{ ext4 } \
|
||||
mountpoint{ /usr } \
|
||||
. \
|
||||
300 40 500 ext4 \
|
||||
400 40 500 ext4 \
|
||||
method{ format } format{ } \
|
||||
use_filesystem{ } filesystem{ ext4 } \
|
||||
mountpoint{ /opt } \
|
||||
@ -166,7 +166,7 @@ d-i partman-auto/expert_recipe string \
|
||||
use_filesystem{ } filesystem{ ext4 } \
|
||||
mountpoint{ /tmp } \
|
||||
. \
|
||||
50 512 300% linux-swap \
|
||||
70 512 300% linux-swap \
|
||||
method{ swap } format{ } \
|
||||
.
|
||||
|
||||
|
||||
@ -65,18 +65,19 @@ install_packages() {
|
||||
|
||||
# vmware tools
|
||||
apt-get --no-install-recommends -q -y --force-yes install open-vm-tools
|
||||
apt-get --no-install-recommends -q -y --force-yes install build-essential linux-headers-`uname -r`
|
||||
df -h
|
||||
PREVDIR=$PWD
|
||||
cd /opt
|
||||
wget http://people.apache.org/~bhaisaab/cloudstack/VMwareTools-9.2.1-818201.tar.gz
|
||||
tar xzf VMwareTools-9.2.1-818201.tar.gz
|
||||
rm VMwareTools-*.tar.gz
|
||||
cd vmware-tools-distrib
|
||||
./vmware-install.pl -d
|
||||
cd $PREV
|
||||
rm -fr /opt/vmware-tools-distrib
|
||||
apt-get -q -y --force-yes purge build-essential
|
||||
# commented installaion of vmware-tools as we are using the opensource open-vm-tools:
|
||||
# apt-get --no-install-recommends -q -y --force-yes install build-essential linux-headers-`uname -r`
|
||||
# df -h
|
||||
# PREVDIR=$PWD
|
||||
# cd /opt
|
||||
# wget http://people.apache.org/~bhaisaab/cloudstack/VMwareTools-9.2.1-818201.tar.gz
|
||||
# tar xzf VMwareTools-9.2.1-818201.tar.gz
|
||||
# rm VMwareTools-*.tar.gz
|
||||
# cd vmware-tools-distrib
|
||||
# ./vmware-install.pl -d
|
||||
# cd $PREV
|
||||
# rm -fr /opt/vmware-tools-distrib
|
||||
# apt-get -q -y --force-yes purge build-essential
|
||||
}
|
||||
|
||||
setup_accounts() {
|
||||
@ -184,7 +185,7 @@ configure_services() {
|
||||
snapshot_url="https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=snapshot;h=HEAD;sf=tgz"
|
||||
snapshot_dir="/opt/cloudstack*"
|
||||
cd /opt
|
||||
wget $snapshot_url -O cloudstack.tar.gz
|
||||
wget --no-check-certificate $snapshot_url -O cloudstack.tar.gz
|
||||
tar -zxvf cloudstack.tar.gz
|
||||
cp -rv $snapshot_dir/patches/systemvm/debian/config/* /
|
||||
cp -rv $snapshot_dir/patches/systemvm/debian/vpn/* /
|
||||
|
||||
@ -136,7 +136,7 @@ d-i partman-auto/expert_recipe string \
|
||||
use_filesystem{ } filesystem{ ext4 } \
|
||||
mountpoint{ /boot } \
|
||||
. \
|
||||
250 40 400 ext4 \
|
||||
300 40 400 ext4 \
|
||||
method{ format } format{ } \
|
||||
use_filesystem{ } filesystem{ ext4 } \
|
||||
mountpoint{ / } \
|
||||
@ -146,12 +146,12 @@ d-i partman-auto/expert_recipe string \
|
||||
use_filesystem{ } filesystem{ ext4 } \
|
||||
mountpoint{ /home } \
|
||||
. \
|
||||
900 20 1100 ext4 \
|
||||
650 20 1100 ext4 \
|
||||
method{ format } format{ } \
|
||||
use_filesystem{ } filesystem{ ext4 } \
|
||||
mountpoint{ /usr } \
|
||||
. \
|
||||
300 40 500 ext4 \
|
||||
400 40 500 ext4 \
|
||||
method{ format } format{ } \
|
||||
use_filesystem{ } filesystem{ ext4 } \
|
||||
mountpoint{ /opt } \
|
||||
@ -166,7 +166,7 @@ d-i partman-auto/expert_recipe string \
|
||||
use_filesystem{ } filesystem{ ext4 } \
|
||||
mountpoint{ /tmp } \
|
||||
. \
|
||||
50 512 300% linux-swap \
|
||||
70 512 300% linux-swap \
|
||||
method{ swap } format{ } \
|
||||
.
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user