From bf9c71430b648f1e8a025084cbb8b737557aad8c Mon Sep 17 00:00:00 2001 From: Wei Zhou Date: Mon, 14 Aug 2023 10:02:20 +0200 Subject: [PATCH 1/5] CKS: check access when get kubernetescluster config (#7854) --- .../cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java index 0c07268b82f..f0fa335d22c 100644 --- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java +++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java @@ -1285,6 +1285,8 @@ public class KubernetesClusterManagerImpl extends ManagerBase implements Kuberne if (kubernetesCluster == null) { throw new InvalidParameterValueException("Invalid Kubernetes cluster ID specified"); } + Account caller = CallContext.current().getCallingAccount(); + accountManager.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, false, kubernetesCluster); KubernetesClusterConfigResponse response = new KubernetesClusterConfigResponse(); response.setId(kubernetesCluster.getUuid()); response.setName(kubernetesCluster.getName()); From 2c6072273b87ea862b1a1441eada0703b86b3b1e Mon Sep 17 00:00:00 2001 From: Fabricio Duarte Date: Mon, 14 Aug 2023 05:20:33 -0300 Subject: [PATCH 2/5] VMware: Fix casting exception during backup NIC synchronization (#7831) --- .../src/main/java/com/cloud/hypervisor/guru/VMwareGuru.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/hypervisors/vmware/src/main/java/com/cloud/hypervisor/guru/VMwareGuru.java b/plugins/hypervisors/vmware/src/main/java/com/cloud/hypervisor/guru/VMwareGuru.java index fe35d565088..f148a16473e 100644 --- a/plugins/hypervisors/vmware/src/main/java/com/cloud/hypervisor/guru/VMwareGuru.java +++ b/plugins/hypervisors/vmware/src/main/java/com/cloud/hypervisor/guru/VMwareGuru.java @@ -148,7 +148,7 @@ import com.vmware.vim25.VirtualDeviceBackingInfo; import com.vmware.vim25.VirtualDeviceConnectInfo; import com.vmware.vim25.VirtualDisk; import com.vmware.vim25.VirtualDiskFlatVer2BackingInfo; -import com.vmware.vim25.VirtualE1000; +import com.vmware.vim25.VirtualEthernetCard; import com.vmware.vim25.VirtualEthernetCardNetworkBackingInfo; import com.vmware.vim25.VirtualMachineConfigSummary; import com.vmware.vim25.VirtualMachineRuntimeInfo; @@ -901,7 +901,7 @@ public class VMwareGuru extends HypervisorGuruBase implements HypervisorGuru, Co /** * Get network MO from VM NIC */ - private NetworkMO getNetworkMO(VirtualE1000 nic, VmwareContext context) { + private NetworkMO getNetworkMO(VirtualEthernetCard nic, VmwareContext context) { VirtualDeviceConnectInfo connectable = nic.getConnectable(); VirtualEthernetCardNetworkBackingInfo info = (VirtualEthernetCardNetworkBackingInfo)nic.getBacking(); ManagedObjectReference networkMor = info.getNetwork(); @@ -912,7 +912,7 @@ public class VMwareGuru extends HypervisorGuruBase implements HypervisorGuru, Co } private Pair getNicMacAddressAndNetworkName(VirtualDevice nicDevice, VmwareContext context) throws Exception { - VirtualE1000 nic = (VirtualE1000)nicDevice; + VirtualEthernetCard nic = (VirtualEthernetCard)nicDevice; String macAddress = nic.getMacAddress(); NetworkMO networkMO = getNetworkMO(nic, context); String networkName = networkMO.getName(); From 72e3491cefa1e51d2c884dfe36a637a25adbfba4 Mon Sep 17 00:00:00 2001 From: Fabricio Duarte Date: Mon, 14 Aug 2023 05:33:29 -0300 Subject: [PATCH 3/5] server: Fix allocation of more public IPs than the account's limit (#7832) --- .../cloud/network/IpAddressManagerImpl.java | 37 ++++++++---- .../cloud/network/IpAddressManagerTest.java | 59 +++++++++++++++++++ 2 files changed, 86 insertions(+), 10 deletions(-) diff --git a/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java b/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java index b690acd7dd9..5436dd6acb1 100644 --- a/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java +++ b/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java @@ -991,7 +991,8 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage Account owner = _accountMgr.getAccount(addr.getAllocatedToAccountId()); if (_ipAddressDao.lockRow(addr.getId(), true) != null) { final IPAddressVO userIp = _ipAddressDao.findById(addr.getId()); - if (userIp.getState() == IpAddress.State.Allocating || addr.getState() == IpAddress.State.Free) { + if (userIp.getState() == IpAddress.State.Allocating || addr.getState() == IpAddress.State.Free || addr.getState() == IpAddress.State.Reserved) { + boolean shouldUpdateIpResourceCount = checkIfIpResourceCountShouldBeUpdated(addr); addr.setState(IpAddress.State.Allocated); if (_ipAddressDao.update(addr.getId(), addr)) { // Save usage event @@ -1004,7 +1005,7 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage addr.getAddress().toString(), addr.isSourceNat(), guestType, addr.getSystem(), usageHidden, addr.getClass().getName(), addr.getUuid()); } - if (updateIpResourceCount(addr)) { + if (shouldUpdateIpResourceCount) { _resourceLimitMgr.incrementResourceCount(owner.getId(), ResourceType.public_ip); } } @@ -1020,7 +1021,7 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage } } - private boolean isIpDedicated(IPAddressVO addr) { + protected boolean isIpDedicated(IPAddressVO addr) { List maps = _accountVlanMapDao.listAccountVlanMapsByVlan(addr.getVlanId()); if (maps != null && !maps.isEmpty()) return true; @@ -1113,7 +1114,7 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage // rule is applied. Similarly when last rule on the acquired IP is revoked, IP is not associated with any provider // but still be associated with the account. At this point just mark IP as allocated or released. for (IPAddressVO addr : userIps) { - if (addr.getState() == IpAddress.State.Allocating) { + if (addr.getState() == IpAddress.State.Allocating || addr.getState() == IpAddress.State.Reserved) { addr.setAssociatedWithNetworkId(network.getId()); markPublicIpAsAllocated(addr); } else if (addr.getState() == IpAddress.State.Releasing) { @@ -1510,7 +1511,6 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage IPAddressVO ip = _ipAddressDao.findById(ipId); //update ip address with networkId - ip.setState(State.Allocated); ip.setAssociatedWithNetworkId(networkId); ip.setSourceNat(isSourceNat); _ipAddressDao.update(ipId, ip); @@ -1523,7 +1523,7 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage } else { s_logger.warn("Failed to associate ip address " + ip.getAddress().addr() + " to network " + network); } - return ip; + return _ipAddressDao.findById(ipId); } finally { if (!success && releaseOnFailure) { if (ip != null) { @@ -1919,7 +1919,7 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage return Transaction.execute(new TransactionCallback() { @Override public IPAddressVO doInTransaction(TransactionStatus status) { - if (updateIpResourceCount(ip)) { + if (checkIfIpResourceCountShouldBeUpdated(ip)) { _resourceLimitMgr.decrementResourceCount(_ipAddressDao.findById(addrId).getAllocatedToAccountId(), ResourceType.public_ip); } @@ -1944,9 +1944,26 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage return ip; } - protected boolean updateIpResourceCount(IPAddressVO ip) { - // don't increment resource count for direct and dedicated ip addresses - return (ip.getAssociatedWithNetworkId() != null || ip.getVpcId() != null) && !isIpDedicated(ip); + protected boolean checkIfIpResourceCountShouldBeUpdated(IPAddressVO ip) { + boolean isDirectIp = ip.getAssociatedWithNetworkId() == null && ip.getVpcId() == null; + if (isDirectIp) { + s_logger.debug(String.format("IP address [%s] is direct; therefore, the resource count should not be updated.", ip)); + return false; + } + + if (isIpDedicated(ip)) { + s_logger.debug(String.format("IP address [%s] is dedicated; therefore, the resource count should not be updated.", ip)); + return false; + } + + boolean isReservedIp = ip.getState() == IpAddress.State.Reserved; + if (isReservedIp) { + s_logger.debug(String.format("IP address [%s] is reserved; therefore, the resource count should not be updated.", ip)); + return false; + } + + s_logger.debug(String.format("IP address [%s] is not direct, dedicated or reserved; therefore, the resource count should be updated.", ip)); + return true; } @Override diff --git a/server/src/test/java/com/cloud/network/IpAddressManagerTest.java b/server/src/test/java/com/cloud/network/IpAddressManagerTest.java index 50ad62e0543..94974572267 100644 --- a/server/src/test/java/com/cloud/network/IpAddressManagerTest.java +++ b/server/src/test/java/com/cloud/network/IpAddressManagerTest.java @@ -65,6 +65,9 @@ public class IpAddressManagerTest { @Mock NetworkOfferingDao networkOfferingDao; + @Mock + IPAddressVO ipAddressVoMock; + @Spy @InjectMocks IpAddressManagerImpl ipAddressManager; @@ -230,4 +233,60 @@ public class IpAddressManagerTest { return network; } + private void prepareForCheckIfIpResourceCountShouldBeUpdatedTests() { + Mockito.when(ipAddressVoMock.getAssociatedWithNetworkId()).thenReturn(1L); + Mockito.when(ipAddressVoMock.getVpcId()).thenReturn(1L); + doReturn(false).when(ipAddressManager).isIpDedicated(Mockito.any()); + Mockito.when(ipAddressVoMock.getState()).thenReturn(IpAddress.State.Allocating); + } + + @Test + public void checkIfIpResourceCountShouldBeUpdatedTestIpIsDirectReturnFalse() { + prepareForCheckIfIpResourceCountShouldBeUpdatedTests(); + Mockito.when(ipAddressVoMock.getAssociatedWithNetworkId()).thenReturn(null); + Mockito.when(ipAddressVoMock.getVpcId()).thenReturn(null); + + boolean result = ipAddressManager.checkIfIpResourceCountShouldBeUpdated(ipAddressVoMock); + + Assert.assertFalse(result); + } + + @Test + public void checkIfIpResourceCountShouldBeUpdatedTestIpIsDedicatedReturnFalse() { + prepareForCheckIfIpResourceCountShouldBeUpdatedTests(); + doReturn(true).when(ipAddressManager).isIpDedicated(Mockito.any()); + + boolean result = ipAddressManager.checkIfIpResourceCountShouldBeUpdated(ipAddressVoMock); + + Assert.assertFalse(result); + } + + @Test + public void checkIfIpResourceCountShouldBeUpdatedTestIpIsReservedReturnFalse() { + prepareForCheckIfIpResourceCountShouldBeUpdatedTests(); + Mockito.when(ipAddressVoMock.getState()).thenReturn(IpAddress.State.Reserved); + + boolean result = ipAddressManager.checkIfIpResourceCountShouldBeUpdated(ipAddressVoMock); + + Assert.assertFalse(result); + } + + @Test + public void checkIfIpResourceCountShouldBeUpdatedTestIpIsAssociatedToNetworkAndNotDedicatedAndNotReservedReturnTrue() { + prepareForCheckIfIpResourceCountShouldBeUpdatedTests(); + + boolean result = ipAddressManager.checkIfIpResourceCountShouldBeUpdated(ipAddressVoMock); + + Assert.assertTrue(result); + } + + @Test + public void checkIfIpResourceCountShouldBeUpdatedTestIpIsAssociatedToVpcAndNotDedicatedAndNotReservedReturnTrue() { + prepareForCheckIfIpResourceCountShouldBeUpdatedTests(); + Mockito.when(ipAddressVoMock.getAssociatedWithNetworkId()).thenReturn(null); + + boolean result = ipAddressManager.checkIfIpResourceCountShouldBeUpdated(ipAddressVoMock); + + Assert.assertTrue(result); + } } From a47a4f4ad4f5b882cf83ac8cea9b92ca6dcc5903 Mon Sep 17 00:00:00 2001 From: Alexandru Bagu Date: Mon, 14 Aug 2023 16:45:04 +0300 Subject: [PATCH 4/5] CPVM: fix cpu usage for console vm when using vnc over websockets (#6970) Co-authored-by: Alexandru Bagu --- .../java/com/cloud/consoleproxy/ConsoleProxyNoVncClient.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxyNoVncClient.java b/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxyNoVncClient.java index 6434dd6e42e..2dfea2251fb 100644 --- a/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxyNoVncClient.java +++ b/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxyNoVncClient.java @@ -114,6 +114,11 @@ public class ConsoleProxyNoVncClient implements ConsoleProxyClient { updateFrontEndActivityTime(); } connectionAlive = client.isVncOverWebSocketConnectionAlive(); + try { + Thread.sleep(1); + } catch (Exception e) { + s_logger.warn("Error on sleep for vnc over websocket", e); + } } else if (client.isVncOverNioSocket()) { byte[] bytesArr; int nextBytes = client.getNextBytes(); From aa02d9b3c15e93a99371d8ca3be0d72f2162384c Mon Sep 17 00:00:00 2001 From: Wei Zhou Date: Tue, 15 Aug 2023 08:39:18 +0200 Subject: [PATCH 5/5] test: skip live storage migration on CentOS 7 (#7862) since #7570, The detail 'Host.OS' of centos7 host is changed from 'CentOS' to 'CentOS Linux' --- test/integration/smoke/test_vm_life_cycle.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/smoke/test_vm_life_cycle.py b/test/integration/smoke/test_vm_life_cycle.py index 5c8f5609998..a9a554e19ad 100644 --- a/test/integration/smoke/test_vm_life_cycle.py +++ b/test/integration/smoke/test_vm_life_cycle.py @@ -1556,7 +1556,7 @@ class TestKVMLiveMigration(cloudstackTestCase): self.skipTest("Requires at least two hosts for performing migration related tests") for host in self.hosts: - if host.details['Host.OS'] in ['CentOS']: + if host.details['Host.OS'] and host.details['Host.OS'].startswith('CentOS'): self.skipTest("live migration is not stabily supported on CentOS") def tearDown(self):