diff --git a/api/src/org/apache/cloudstack/api/command/admin/account/LockAccountCmd.java b/api/src/org/apache/cloudstack/api/command/admin/account/LockAccountCmd.java index 3c185e41bdd..05b370abda5 100644 --- a/api/src/org/apache/cloudstack/api/command/admin/account/LockAccountCmd.java +++ b/api/src/org/apache/cloudstack/api/command/admin/account/LockAccountCmd.java @@ -16,7 +16,7 @@ // under the License. package org.apache.cloudstack.api.command.admin.account; -import org.apache.log4j.Logger; +import java.util.logging.Logger; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; @@ -26,9 +26,14 @@ import org.apache.cloudstack.api.response.AccountResponse; import org.apache.cloudstack.api.response.DomainResponse; import com.cloud.user.Account; +import com.cloud.utils.exception.CloudRuntimeException; -@APICommand(name = "lockAccount", description = "Locks an account", responseObject = AccountResponse.class, entityType = {Account.class}, - requestHasSensitiveInfo = false, responseHasSensitiveInfo = true) +@APICommand(name = "lockAccount", + description = "This deprecated function used to locks an account. Look for the API DisableAccount instead", + responseObject = AccountResponse.class, + entityType = {Account.class}, + requestHasSensitiveInfo = false, + responseHasSensitiveInfo = true) public class LockAccountCmd extends BaseCmd { public static final Logger s_logger = Logger.getLogger(LockAccountCmd.class.getName()); @@ -71,7 +76,7 @@ public class LockAccountCmd extends BaseCmd { @Override public long getEntityOwnerId() { - Account account = _accountService.getActiveAccountByName(getAccountName(), getDomainId()); + final Account account = _accountService.getActiveAccountByName(getAccountName(), getDomainId()); if (account != null) { return account.getAccountId(); } @@ -81,14 +86,6 @@ public class LockAccountCmd extends BaseCmd { @Override public void execute() { -// Account result = null; - //result = _accountService.lockAccount(this); -// if (result != null){ -// AccountResponse response = _responseGenerator.createAccountResponse(result); -// response.setResponseName(getCommandName()); -// this.setResponseObject(response); -// } else { -// throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to lock account"); -// } + throw new CloudRuntimeException("LockAccount does not lock accounts. Its implementation is disabled. Use DisableAccount instead"); } } diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-early-config b/systemvm/patches/debian/config/etc/init.d/cloud-early-config index 07963d0c6b5..5d456616657 100755 --- a/systemvm/patches/debian/config/etc/init.d/cloud-early-config +++ b/systemvm/patches/debian/config/etc/init.d/cloud-early-config @@ -1166,6 +1166,7 @@ setup_storage_network() { } setup_system_rfc1918_internal() { + public_ip=`getPublicIp` echo "$public_ip" | grep -E "^((127\.)|(10\.)|(172\.1[6-9]\.)|(172\.2[0-9]\.)|(172\.3[0-1]\.)|(192\.168\.))" if [ "$?" == "0" ]; then log_it "Not setting up route of RFC1918 space to $LOCAL_GW befause $public_ip is RFC1918." @@ -1180,6 +1181,12 @@ setup_system_rfc1918_internal() { fi } +getPublicIp() { + public_ip=$ETH2_IP + [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP + echo $public_ip +} + setup_secstorage() { log_it "Setting up secondary storage system vm" sysctl vm.min_free_kbytes=8192 @@ -1188,8 +1195,7 @@ setup_secstorage() { setup_storage_network setup_system_rfc1918_internal sed -i /gateway/d /etc/hosts - public_ip=$ETH2_IP - [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP + public_ip=`getPublicIp` echo "$public_ip $NAME" >> /etc/hosts cp /etc/iptables/iptables-secstorage /etc/iptables/rules.v4 @@ -1246,8 +1252,7 @@ setup_console_proxy() { local hyp=$1 setup_common eth0 eth1 eth2 setup_system_rfc1918_internal - public_ip=$ETH2_IP - [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP + public_ip=`getPublicIp` sed -i /gateway/d /etc/hosts echo "$public_ip $NAME" >> /etc/hosts cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules.v4 diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index 8f469d394f6..8d00bdf1414 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -288,7 +288,7 @@ class CsAcl(CsDataBag): if item == "id": continue if self.config.is_vpc(): - dev_obj = self.AclDevice(self.dbag[item], self.config).create() + self.AclDevice(self.dbag[item], self.config).create() else: self.AclIP(self.dbag[item], self.config).create() @@ -901,79 +901,123 @@ class CsForwardingRules(CsDataBag): def main(argv): + # The file we are currently processing, if it is "cmd_line.json" everything will be processed. + process_file = argv[1] + + # process_file can be None, if so assume cmd_line.json + if process_file is None: + process_file = "cmd_line.json" + + # Track if changes need to be committed to NetFilter + iptables_change = False + + # The "GLOBAL" Configuration object config = CsConfig() + logging.basicConfig(filename=config.get_logger(), level=config.get_level(), format=config.get_format()) + + # Load stored ip adresses from disk to CsConfig() config.set_address() logging.debug("Configuring ip addresses") - # IP configuration config.address().compare() config.address().process() - logging.debug("Configuring vmpassword") - password = CsPassword("vmpassword", config) - password.process() + if process_file in ["cmd_line.json", "guest_network.json"]: + logging.debug("Configuring Guest Network") + iptables_change = True - logging.debug("Configuring vmdata") - metadata = CsVmMetadata('vmdata', config) - metadata.process() + if process_file in ["cmd_line.json", "vm_password.json"]: + logging.debug("Configuring vmpassword") + password = CsPassword("vmpassword", config) + password.process() - logging.debug("Configuring networkacl") + if process_file in ["cmd_line.json", "vm_metadata.json"]: + logging.debug("Configuring vmdata") + metadata = CsVmMetadata('vmdata', config) + metadata.process() + + # Always run both CsAcl().process() methods + # They fill the base rules in config.fw[] acls = CsAcl('networkacl', config) acls.process() - logging.debug("Configuring firewall rules") acls = CsAcl('firewallrules', config) acls.process() - logging.debug("Configuring PF rules") fwd = CsForwardingRules("forwardingrules", config) fwd.process() - logging.debug("Configuring s2s vpn") vpns = CsSite2SiteVpn("site2sitevpn", config) vpns.process() - logging.debug("Configuring remote access vpn") - #remote access vpn rvpn = CsRemoteAccessVpn("remoteaccessvpn", config) rvpn.process() - logging.debug("Configuring vpn users list") - #remote access vpn users - vpnuser = CsVpnUser("vpnuserlist", config) - vpnuser.process() - - logging.debug("Configuring dhcp entry") - dhcp = CsDhcp("dhcpentry", config) - dhcp.process() - - logging.debug("Configuring load balancer") lb = CsLoadBalancer("loadbalancer", config) lb.process() - logging.debug("Configuring monitor service") - mon = CsMonitor("monitorservice", config) - mon.process() + if process_file in ["cmd_line.json", "network_acl.json"]: + logging.debug("Configuring networkacl") + iptables_change = True - logging.debug("Configuring iptables rules") - nf = CsNetfilters() - nf.compare(config.get_fw()) + if process_file in ["cmd_line.json", "firewall_rules.json"]: + logging.debug("Configuring firewall rules") + iptables_change = True + + if process_file in ["cmd_line.json", "forwarding_rules.json", "staticnat_rules.json"]: + logging.debug("Configuring PF rules") + iptables_change = True + + if process_file in ["cmd_line.json", "site_2_site_vpn.json"]: + logging.debug("Configuring s2s vpn") + iptables_change = True + + if process_file in ["cmd_line.json", "remote_access_vpn.json"]: + logging.debug("Configuring remote access vpn") + iptables_change = True + + if process_file in ["cmd_line.json", "vpn_user_list.json"]: + logging.debug("Configuring vpn users list") + vpnuser = CsVpnUser("vpnuserlist", config) + vpnuser.process() + + if process_file in ["cmd_line.json", "vm_dhcp_entry.json", "dhcp.json"]: + logging.debug("Configuring dhcp entry") + dhcp = CsDhcp("dhcpentry", config) + dhcp.process() + + if process_file in ["cmd_line.json", "load_balancer.json"]: + logging.debug("Configuring load balancer") + iptables_change = True + + if process_file in ["cmd_line.json", "monitor_service.json"]: + logging.debug("Configuring monitor service") + mon = CsMonitor("monitorservice", config) + mon.process() + + # If iptable rules have changed, apply them. + if iptables_change: + logging.debug("Configuring iptables rules") + nf = CsNetfilters() + nf.compare(config.get_fw()) red = CsRedundant(config) red.set() - logging.debug("Configuring static routes") - static_routes = CsStaticRoutes("staticroutes", config) - static_routes.process() + if process_file in ["cmd_line.json", "static_routes.json"]: + logging.debug("Configuring static routes") + static_routes = CsStaticRoutes("staticroutes", config) + static_routes.process() - logging.debug("Configuring iptables rules done ...saving rules") + if iptables_change: + logging.debug("Configuring iptables rules done ...saving rules") - # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local - CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4") - CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6") + # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local + CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4") + CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6") if __name__ == "__main__": main(sys.argv) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py index 4c99f2e07dd..023b180cf27 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py @@ -50,12 +50,12 @@ class CsDhcp(CsDataBag): self.configure_server() - # We restart DNSMASQ every time the configure.py is called in order to avoid lease problems. - CsHelper.service("dnsmasq", "restart") - self.conf.commit() self.cloud.commit() + # We restart DNSMASQ every time the configure.py is called in order to avoid lease problems. + CsHelper.service("dnsmasq", "restart") + def configure_server(self): # self.conf.addeq("dhcp-hostsfile=%s" % DHCP_HOSTS) for i in self.devinfo: @@ -96,29 +96,8 @@ class CsDhcp(CsDataBag): self.conf.search(sline, line) def delete_leases(self): - changed = [] - leases = [] try: - for line in open(LEASES): - bits = line.strip().split(' ') - to = {"device": bits[0], - "mac": bits[1], - "ip": bits[2], - "host": bits[3:], - "del": False - } - changed.append(to) - - for v in changed: - if v['mac'] == to['mac'] or v['ip'] == to['ip'] or v['host'] == to['host']: - to['del'] = True - leases.append(to) - - for o in leases: - if o['del']: - cmd = "dhcp_release eth%s %s %s" % (o['device'], o['ip'], o['mac']) - logging.info(cmd) - CsHelper.execute(cmd) + open(LEASES, 'w').close() except IOError: return diff --git a/systemvm/patches/debian/config/opt/cloud/bin/update_config.py b/systemvm/patches/debian/config/opt/cloud/bin/update_config.py index 35a5cde363c..dddd0c8e3c0 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/update_config.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/update_config.py @@ -41,7 +41,7 @@ currentGuestNetConfig = "/etc/cloudstack/guestnetwork.json" def finish_config(): # Converge - returncode = configure.main([]) + returncode = configure.main(sys.argv) sys.exit(returncode) diff --git a/ui/scripts/network.js b/ui/scripts/network.js index 9f327833766..d96dbbc5240 100755 --- a/ui/scripts/network.js +++ b/ui/scripts/network.js @@ -3620,7 +3620,37 @@ requireValidation: true, buttonLabel: 'Configure', action: cloudStack.uiCustom.healthCheck() - + }, + isHidden: function(args) { + if (!('vpc' in args.context)) { //From Guest Network section + var lbProviderIsNetscaler = false; + $.ajax({ + url: createURL('listNetworkOfferings'), + data: { + id: args.context.networks[0].networkofferingid + }, + async: false, + success: function(json) { + var networkOffering = json.listnetworkofferingsresponse.networkoffering[0]; + var services = networkOffering.service; + lbProviderIsNetscaler = checkIfNetScalerProviderIsEnabled(services); + } + }); + if (lbProviderIsNetscaler == true) { //Health-Check is only supported on Netscaler (but not on any other provider) + return false; //Show Health-Check button + } else { + return 2; //Hide Health-Check button (Both Header and Form) + } + } else { //From VPC section + var lbProviderIsNetscaler; + var services = args.context.vpc[0].service; + lbProviderIsNetscaler = checkIfNetScalerProviderIsEnabled(services); + if (lbProviderIsNetscaler == true) { //Health-Check is only supported on Netscaler (but not on any other provider) + return false; //Show Health-Check button + } else { + return 2; //Hide Health-Check button (both Header and Form) + } + } } }, @@ -6545,6 +6575,26 @@ } }; + function checkIfNetScalerProviderIsEnabled(services) { + if (services != null) { + for (var i = 0; i < services.length; i++) { + if (services[i].name == 'Lb') { + var providers = services[i].provider; + if (providers != null) { + for (var k = 0; k < providers.length; k++) { + if (providers[k].name == 'Netscaler') { + return true; + } + } + } + return false; + } + } + } + + return false; + } + function getExtaPropertiesForIpObj(ipObj, args) { if (!('vpc' in args.context)) { //***** Guest Network section > Guest Network page > IP Address page ***** var services = args.context.networks[0].service;