From 7d0df32560baba55e9adfaae296b6e4311a40d17 Mon Sep 17 00:00:00 2001 From: Ian Southam Date: Wed, 26 Nov 2014 19:44:06 +0100 Subject: [PATCH] Lots of fixes from the testing firewallrules implemented sperately from networkacl (ugly but best that can be done ATM) Some refactoring in CsDHCP as it made no sense to do it that way anymore processmonitoring implemented Domain not correctly sourced in VR --- .../facade/AbstractConfigItemFacade.java | 7 ++- .../debian/config/opt/cloud/bin/configure.py | 14 +++--- .../config/opt/cloud/bin/cs/CsAddress.py | 1 + .../config/opt/cloud/bin/cs/CsConfig.py | 3 ++ .../config/opt/cloud/bin/cs/CsDatabag.py | 6 +++ .../debian/config/opt/cloud/bin/cs/CsDhcp.py | 18 ++++---- .../config/opt/cloud/bin/cs/CsGuestNetwork.py | 5 ++- .../config/opt/cloud/bin/cs/CsMonitor.py | 43 +++++++++++++++++++ .../config/opt/cloud/bin/cs_monitorservice.py | 26 +++++++++++ .../debian/config/opt/cloud/bin/merge.py | 6 +++ systemvm/test/python/TestCsDhcp.py | 8 ++-- systemvm/test/python/TestCsGuestNetwork.py | 2 +- 12 files changed, 116 insertions(+), 23 deletions(-) create mode 100644 systemvm/patches/debian/config/opt/cloud/bin/cs/CsMonitor.py create mode 100644 systemvm/patches/debian/config/opt/cloud/bin/cs_monitorservice.py diff --git a/core/src/com/cloud/agent/resource/virtualnetwork/facade/AbstractConfigItemFacade.java b/core/src/com/cloud/agent/resource/virtualnetwork/facade/AbstractConfigItemFacade.java index 94e7af32d39..f017384b63c 100644 --- a/core/src/com/cloud/agent/resource/virtualnetwork/facade/AbstractConfigItemFacade.java +++ b/core/src/com/cloud/agent/resource/virtualnetwork/facade/AbstractConfigItemFacade.java @@ -63,7 +63,10 @@ public abstract class AbstractConfigItemFacade { private static Hashtable, AbstractConfigItemFacade> flyweight = new Hashtable, AbstractConfigItemFacade>(); static { - gson = new GsonBuilder().setFieldNamingPolicy(FieldNamingPolicy.LOWER_CASE_WITH_UNDERSCORES).create(); + gson = new GsonBuilder() + .setFieldNamingPolicy(FieldNamingPolicy.LOWER_CASE_WITH_UNDERSCORES) + .disableHtmlEscaping() + .create(); flyweight.put(SetPortForwardingRulesVpcCommand.class, new SetPortForwardingRulesVpcConfigItem()); flyweight.put(SetPortForwardingRulesCommand.class, new SetPortForwardingRulesConfigItem()); @@ -114,4 +117,4 @@ public abstract class AbstractConfigItemFacade { } public abstract List generateConfig(NetworkElementCommand cmd); -} \ No newline at end of file +} diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index 5e857de46e0..a67731b1853 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -37,6 +37,7 @@ from cs.CsRedundant import * from cs.CsFile import CsFile from cs.CsAddress import CsAddress from cs.CsApp import CsApache, CsPasswdSvc, CsDnsmasq +from cs.CsMonitor import CsMonitor class CsPassword(CsDataBag): @@ -87,10 +88,7 @@ class CsAcl(CsDataBag): def create(self): for cidr in self.rule['cidr']: - self.add_rule() - if self.ip != '': - # Always append default drop - self.fw.append(["mangle", "", "-A FIREWALL_%s -j DROP" % self.ip]) + self.add_rule(cidr) def add_rule(self, cidr): icmp_type = '' @@ -567,8 +565,12 @@ def main(argv): nf = CsNetfilters() nf.compare(config.get_fw()) - dh = CsDataBag("dhcpentry") - dhcp = CsDhcp(dh.get_bag(), config.get_cmdline()) + dhcp = CsDhcp("dhcpentry", config) + dhcp.process() + + mon = CsMonitor("monitorservice", config) + mon.process() + if __name__ == "__main__": main(sys.argv) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py index 2842009d33c..81fab787868 100644 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py @@ -300,6 +300,7 @@ class CsIP: self.fw.append(["mangle", "", "-A PREROUTING -i %s -m state --state NEW " % self.dev + "-j CONNMARK --set-xmark 0x%s/0xffffffff" % self.dnum]) + self.fw.append(["mangle", "", "-A FIREWALL_%s -j DROP" % self.address['public_ip']]) self.fw.append(["filter", "", "-A INPUT -d 224.0.0.18/32 -j ACCEPT"]) self.fw.append(["filter", "", "-A INPUT -d 225.0.0.50/32 -j ACCEPT"]) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsConfig.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsConfig.py index ded83a0cc70..93e10849613 100644 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsConfig.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsConfig.py @@ -51,6 +51,9 @@ class CsConfig(object): def is_vpc(self): return self.cl.get_type() == "vpcrouter" + def get_domain(self): + return self.cl.get_domain() + def get_format(self): return self.__LOG_FORMAT diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py index 97f3075c665..b752b1b3667 100644 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py @@ -68,6 +68,12 @@ class CsCmdLine(CsDataBag): else: return "unknown" + def get_domain(self): + if "domain" in self.dbag['config']: + return self.dbag['config']['domain'] + else: + return "cloudnine.internal" + def get_vpccidr(self): if "vpccidr" in self.dbag['config']: return self.dbag['config']['vpccidr'] diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py index c8c93869508..c26bc8bf4b4 100644 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py @@ -18,6 +18,7 @@ import CsHelper import logging from netaddr import * from CsGuestNetwork import CsGuestNetwork +from cs.CsDatabag import CsDataBag NO_PRELOAD = False LEASES = "/var/lib/misc/dnsmasq.leases" @@ -27,16 +28,16 @@ DNSMASQ_CONF = "/etc/dnsmasq.conf" CLOUD_CONF = "/etc/dnsmasq.d/cloud.conf" -class CsDhcp(object): +class CsDhcp(CsDataBag): """ Manage dhcp entries """ - def __init__(self, dbag, cl): - dnsmasq = CsDnsMasq() - for item in dbag: + def process(self): + dnsmasq = CsDnsMasq(self.config) + for item in self.dbag: if item == "id": continue - dnsmasq.add(dbag[item]) - dnsmasqb4 = CsDnsMasq(NO_PRELOAD) + dnsmasq.add(self.dbag[item]) + dnsmasqb4 = CsDnsMasq(self.config, NO_PRELOAD) dnsmasqb4.parse_hosts() dnsmasqb4.parse_dnsmasq() if not dnsmasq.compare_hosts(dnsmasqb4): @@ -55,10 +56,11 @@ class CsDhcp(object): class CsDnsMasq(object): - def __init__(self, preload=True): + def __init__(self, config, preload=True): self.list = [] self.hosts = [] self.leases = [] + self.config = config self.updated = False self.devinfo = CsHelper.get_device_info() self.devs = [] @@ -108,7 +110,7 @@ class CsDnsMasq(object): self.updated = self.updated | CsHelper.addifmissing(CLOUD_CONF, line) # Next add the domain # if this is a guest network get it there otherwise use the value in resolv.conf - gn = CsGuestNetwork(device) + gn = CsGuestNetwork(device, self.cl) line = "dhcp-option=tag:interface-%s,15,%s" % (device, gn.get_domain()) self.updated = self.updated | CsHelper.addifmissing(CLOUD_CONF, line) if self.updated: diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsGuestNetwork.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsGuestNetwork.py index 17d67487b46..2ee99b92597 100644 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsGuestNetwork.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsGuestNetwork.py @@ -19,13 +19,14 @@ import CsHelper class CsGuestNetwork: - def __init__(self, device): + def __init__(self, device, config): self.data = {} self.guest = True db = DataBag() db.setKey("guestnetwork") db.load() dbag = db.getDataBag() + self.config = config if device in dbag.keys() and len(dbag[device]) != 0: self.data = dbag[device][0] else: @@ -37,7 +38,7 @@ class CsGuestNetwork: def get_domain(self): domain = "cloudnine.internal" if not self.guest: - return CsHelper.get_domain() + return self.config.get_domain() if 'domain_name' in self.data: return self.data['domain_name'] diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsMonitor.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsMonitor.py new file mode 100644 index 00000000000..6b194238b1a --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsMonitor.py @@ -0,0 +1,43 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +import logging +from cs.CsDatabag import CsDataBag +from CsFile import CsFile + +MON_CONFIG = "/etc/monitor.conf" + + +class CsMonitor(CsDataBag): + """ Manage dhcp entries """ + + def process(self): + if "config" not in self.dbag: + return + procs = [x.strip() for x in self.dbag['config'].split(',')] + file = CsFile(MON_CONFIG) + for proc in procs: + bits = [x for x in proc.split(':')] + if len(bits) < 5: + continue + for i in range(0, 4): + file.add(bits[i], -1) + file.commit() + cron = CsFile("/etc/cron.d/process") + cron.add("SHELL=/bin/bash", 0) + cron.add("PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1) + cron.add("*/3 * * * * root /usr/bin/python /root/monitorServices.py", -1) + cron.commit() diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_monitorservice.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_monitorservice.py new file mode 100644 index 00000000000..c8b63265c85 --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs_monitorservice.py @@ -0,0 +1,26 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +from pprint import pprint +from netaddr import * + + +def merge(dbag, data): + + if "config" in data: + dbag['config'] = data["config"] + return dbag diff --git a/systemvm/patches/debian/config/opt/cloud/bin/merge.py b/systemvm/patches/debian/config/opt/cloud/bin/merge.py index 510c58e26ac..36c543a2ceb 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/merge.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/merge.py @@ -26,6 +26,7 @@ import cs_cmdline import cs_vmp import cs_network_acl import cs_firewallrules +import cs_monitorservice import cs_vmdata import cs_dhcp import cs_forwardingrules @@ -105,6 +106,8 @@ class updateDataBag: dbag = self.process_network_acl(self.db.getDataBag()) elif self.qFile.type == 'firewallrules': dbag = self.process_firewallrules(self.db.getDataBag()) + elif self.qFile.type == 'monitorservice': + dbag = self.process_monitorservice(self.db.getDataBag()) elif self.qFile.type == 'vmdata': dbag = self.processVmData(self.db.getDataBag()) elif self.qFile.type == 'dhcpentry': @@ -147,6 +150,9 @@ class updateDataBag: def process_firewallrules(self, dbag): return cs_firewallrules.merge(dbag, self.qFile.data) + def process_monitorservice(self, dbag): + return cs_monitorservice.merge(dbag, self.qFile.data) + def processVMpassword(self, dbag): return cs_vmp.merge(dbag, self.qFile.data) diff --git a/systemvm/test/python/TestCsDhcp.py b/systemvm/test/python/TestCsDhcp.py index b96eefb852b..6477ad502f9 100644 --- a/systemvm/test/python/TestCsDhcp.py +++ b/systemvm/test/python/TestCsDhcp.py @@ -10,10 +10,10 @@ class TestCsDhcp(unittest.TestCase): def setUp(self): merge.DataBag.DPATH = "." - @mock.patch('cs.CsDhcp.CsHelper') - @mock.patch('cs.CsDhcp.CsDnsMasq') - def test_init(self, mock_cshelper, mock_dnsmasq): - csdhcp = CsDhcp({}, None) + # @mock.patch('cs.CsDhcp.CsHelper') + # @mock.patch('cs.CsDhcp.CsDnsMasq') + def test_init(self): + csdhcp = CsDhcp("dhcpentry", {}) self.assertTrue(csdhcp is not None) if __name__ == '__main__': diff --git a/systemvm/test/python/TestCsGuestNetwork.py b/systemvm/test/python/TestCsGuestNetwork.py index 38f403e2093..34dd329a2bc 100644 --- a/systemvm/test/python/TestCsGuestNetwork.py +++ b/systemvm/test/python/TestCsGuestNetwork.py @@ -9,7 +9,7 @@ class TestCsGuestNetwork(unittest.TestCase): merge.DataBag.DPATH = "." def test_init(self): - csguestnetwork = CsGuestNetwork({}) + csguestnetwork = CsGuestNetwork({}, {}) self.assertTrue(csguestnetwork is not None) if __name__ == '__main__':