apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Midonet Plugin bugfixes

Browse Source 
* Updated SQL upgrade scripts to include midonet configs.
* Fixed bug where default ICMP allow rule was missing
  on static NAT creation, keeping VMs from being able
  to ping the gateway.
* Changed the filter in the MidoNetElement callbacks to allow
  calls when Midonet is configured.

Signed-off-by: Hugo Trippaers <htrippaers@schubergphilis.com>
This commit is contained in:
Joe Mills 2013-05-15 17:47:58 +09:00 committed by Hugo Trippaers
parent 36a312d4b2
commit 987c3427dd
5 changed files with 107 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
plugins/network-elements/midonet/src/com/cloud/network/element/MidoNetElement.java
View File

@ -36,7 +36,6 @@ import com.cloud.network.NetworkModel;
import com.cloud.network.Networks;
import com.cloud.network.PhysicalNetworkServiceProvider;
import com.cloud.network.PublicIpAddress;
import com.cloud.network.dao.NetworkServiceMapDao;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.rules.StaticNat;
@ -47,6 +46,8 @@ import com.cloud.utils.Pair;
import com.cloud.utils.component.AdapterBase;
import com.cloud.utils.component.PluggableService;
import com.cloud.utils.net.NetUtils;
import com.cloud.user.AccountVO;
import com.cloud.user.dao.AccountDao;
import com.cloud.vm.NicProfile;
import com.cloud.vm.NicVO;
import com.cloud.vm.ReservationContext;
@ -131,14 +132,14 @@ public class MidoNetElement extends AdapterBase implements
@Inject
AccountManager _accountMgr;
@Inject
NetworkServiceMapDao _ntwkSrvcDao;
AccountDao _accountDao;
public void setMidonetApi(MidonetApi api) {
this.api = api;
}
public void setNtwkSrvcDao(NetworkServiceMapDao ntwkSrvcDao){
this._ntwkSrvcDao = ntwkSrvcDao;
public void setAccountDao(AccountDao aDao) {
this._accountDao = aDao;
}
@Override
@ -172,10 +173,13 @@ public class MidoNetElement extends AdapterBase implements
}
public boolean midoInNetwork(Network network) {
for (String pname : _ntwkSrvcDao.getDistinctProviders(network.getId())) {
if (pname.equals(getProvider().getName())) {
return true;
}
if((network.getTrafficType() == Networks.TrafficType.Public) &&
(network.getBroadcastDomainType() == Networks.BroadcastDomainType.Mido)){
return true;
}
if((network.getTrafficType() == Networks.TrafficType.Guest) &&
(network.getBroadcastDomainType() == Networks.BroadcastDomainType.Mido)){
return true;
}
return false;
}
@ -280,6 +284,11 @@ public class MidoNetElement extends AdapterBase implements
post.addRule().type(DtoRule.RevDNAT).flowAction(DtoRule.Accept).create();
}
public String getAccountUuid(Network network) {
AccountVO acc = _accountDao.findById(network.getAccountId());
return acc.getUuid();
}
public boolean associatePublicIP(Network network, final List<? extends PublicIpAddress> ipAddress)
throws ResourceUnavailableException {
@ -316,7 +325,7 @@ public class MidoNetElement extends AdapterBase implements
tenantUplink = ports[0];
providerDownlink = ports[1];
accountIdStr = String.valueOf(network.getAccountId());
accountIdStr = getAccountUuid(network);
boolean isVpc = getIsVpc(network);
long id = getRouterId(network, isVpc);
routerName = getRouterName(isVpc, id);
@ -611,7 +620,7 @@ public class MidoNetElement extends AdapterBase implements
RuleChain preNat = null;
RuleChain post = null;
String accountIdStr = String.valueOf(network.getAccountId());
String accountIdStr = getAccountUuid(network);
String networkUUIDStr = String.valueOf(network.getId());
for (StaticNat rule : rules) {
@ -659,7 +668,7 @@ public class MidoNetElement extends AdapterBase implements
return false;
}
if (canHandle(config, Service.Firewall)) {
String accountIdStr = String.valueOf(config.getAccountId());
String accountIdStr = getAccountUuid(config);
String networkUUIDStr = String.valueOf(config.getId());
RuleChain preFilter = getChain(accountIdStr, networkUUIDStr, RuleChainCode.TR_PREFILTER);
RuleChain preNat = getChain(accountIdStr, networkUUIDStr, RuleChainCode.TR_PRENAT);
@ -947,7 +956,7 @@ public class MidoNetElement extends AdapterBase implements
return false;
}
String accountIdStr = String.valueOf(network.getAccountId());
String accountIdStr = getAccountUuid(network);
String networkUUIDStr = String.valueOf(network.getId());
RuleChain preNat = getChain(accountIdStr, networkUUIDStr, RuleChainCode.TR_PRENAT);
RuleChain postNat = getChain(accountIdStr, networkUUIDStr, RuleChainCode.TR_POST);
@ -1170,16 +1179,16 @@ public class MidoNetElement extends AdapterBase implements
return routerName + "-tenantrouter-" + chain;
}
protected RuleChain getChain(String accountID, String routerName, RuleChainCode chainCode){
return getChain("", accountID, routerName, chainCode);
protected RuleChain getChain(String accountUuid, String routerName, RuleChainCode chainCode){
return getChain("", accountUuid, routerName, chainCode);
}
protected RuleChain getChain(String networkId, String accountID,
protected RuleChain getChain(String networkId, String accountUuid,
String routerName, RuleChainCode chainCode){
String chainName = getChainName(networkId, routerName, chainCode);
MultivaluedMap findChain = new MultivaluedMapImpl();
findChain.add("tenant_id", accountID);
findChain.add("tenant_id", accountUuid);
ResourceCollection<RuleChain> ruleChains = api.getChains(findChain);
@ -1303,7 +1312,7 @@ public class MidoNetElement extends AdapterBase implements
String routerName = getRouterName(isVpc, id);
RuleChain egressChain = getChain(String.valueOf(network.getId()),
String.valueOf(network.getAccountId()),
getAccountUuid(network),
routerName,
RuleChainCode.ACL_EGRESS);
@ -1325,7 +1334,7 @@ public class MidoNetElement extends AdapterBase implements
String routerName = getRouterName(isVpc, id);
RuleChain egressChain = getChain(String.valueOf(network.getId()),
String.valueOf(network.getAccountId()),
getAccountUuid(network),
routerName,
RuleChainCode.ACL_EGRESS);
@ -1355,6 +1364,14 @@ public class MidoNetElement extends AdapterBase implements
.position(pos++)
.create();
// If it is ICMP to the router, accept that
egressChain.addRule().type(DtoRule.Accept)
.nwProto(SimpleFirewallRule.stringToProtocolNumber("icmp"))
.nwDstAddress(network.getGateway())
.nwDstLength(32)
.position(pos++)
.create();
// Everything else gets dropped
egressChain.addRule()
.type(DtoRule.Drop)
@ -1369,7 +1386,7 @@ public class MidoNetElement extends AdapterBase implements
boolean isVpc = getIsVpc(network);
long id = getRouterId(network, isVpc);
String routerName = getRouterName(isVpc, id);
String accountIdStr = String.valueOf(network.getAccountId());
String accountIdStr = getAccountUuid(network);
// Add interior port on bridge side
BridgePort bridgePort = netBridge.addInteriorPort().create();
@ -1406,6 +1423,14 @@ public class MidoNetElement extends AdapterBase implements
.position(pos++)
.create();
// If it is ICMP to the router, accept that
inc.addRule().type(DtoRule.Accept)
.nwProto(SimpleFirewallRule.stringToProtocolNumber("icmp"))
.nwDstAddress(network.getGateway())
.nwDstLength(32)
.position(pos++)
.create();
// If it is connection tracked, accept that as well
inc.addRule().type(DtoRule.Accept)
.matchReturnFlow(true)
@ -1449,27 +1474,25 @@ public class MidoNetElement extends AdapterBase implements
private Bridge getOrCreateNetworkBridge(Network network){
// Find the single bridge for this network, create if doesn't exist
return getOrCreateNetworkBridge(network.getId(), network.getAccountId());
return getOrCreateNetworkBridge(network.getId(), getAccountUuid(network));
}
private Bridge getOrCreateNetworkBridge(long networkID, long accountID){
Bridge netBridge = getNetworkBridge(networkID, accountID);
private Bridge getOrCreateNetworkBridge(long networkID, String accountUuid){
Bridge netBridge = getNetworkBridge(networkID, accountUuid);
if(netBridge == null){
String accountIdStr = String.valueOf(accountID);
String networkUUIDStr = String.valueOf(networkID);
netBridge = api.addBridge().tenantId(accountIdStr).name(networkUUIDStr).create();
netBridge = api.addBridge().tenantId(accountUuid).name(networkUUIDStr).create();
}
return netBridge;
}
private Bridge getNetworkBridge(long networkID, long accountID){
private Bridge getNetworkBridge(long networkID, String accountUuid){
MultivaluedMap qNetBridge = new MultivaluedMapImpl();
String accountIdStr = String.valueOf(accountID);
String networkUUIDStr = String.valueOf(networkID);
qNetBridge.add("tenant_id", accountIdStr);
qNetBridge.add("tenant_id", accountUuid);
for (Bridge b : this. api.getBridges(qNetBridge)) {
if(b.getName().equals(networkUUIDStr)){
@ -1497,7 +1520,7 @@ public class MidoNetElement extends AdapterBase implements
boolean isVpc = getIsVpc(network);
long id = getRouterId(network, isVpc);
return getOrCreateGuestNetworkRouter(id, network.getAccountId(), isVpc);
return getOrCreateGuestNetworkRouter(id, getAccountUuid(network), isVpc);
}
@ -1509,29 +1532,28 @@ public class MidoNetElement extends AdapterBase implements
}
}
protected Router createRouter(long id, long accountID, boolean isVpc) {
protected Router createRouter(long id, String accountUuid, boolean isVpc) {
String accountIdStr = String.valueOf(accountID);
String routerName = getRouterName(isVpc, id);
//Set up rule chains
RuleChain pre = api.addChain()
.name(getChainName(routerName, RuleChainCode.TR_PRE))
.tenantId(accountIdStr)
.tenantId(accountUuid)
.create();
RuleChain post = api.addChain()
.name(getChainName(routerName, RuleChainCode.TR_POST))
.tenantId(accountIdStr)
.tenantId(accountUuid)
.create();
// Set up NAT and filter chains for pre-routing
RuleChain preFilter = api.addChain()
.name(getChainName(routerName, RuleChainCode.TR_PREFILTER))
.tenantId(accountIdStr)
.tenantId(accountUuid)
.create();
RuleChain preNat = api.addChain()
.name(getChainName(routerName, RuleChainCode.TR_PRENAT))
.tenantId(accountIdStr)
.tenantId(accountUuid)
.create();
// Hook the chains in - first jump to Filter chain, then jump to Nat chain
@ -1545,28 +1567,27 @@ public class MidoNetElement extends AdapterBase implements
.create();
return api.addRouter()
.tenantId(accountIdStr)
.tenantId(accountUuid)
.name(routerName)
.inboundFilterId(pre.getId())
.outboundFilterId(post.getId())
.create();
}
private Router getOrCreateGuestNetworkRouter(long id, long accountID, boolean isVpc) {
Router tenantRouter = getGuestNetworkRouter(id, accountID, isVpc);
private Router getOrCreateGuestNetworkRouter(long id, String accountUuid, boolean isVpc) {
Router tenantRouter = getGuestNetworkRouter(id, accountUuid, isVpc);
if(tenantRouter == null){
tenantRouter = createRouter(id, accountID, isVpc);
tenantRouter = createRouter(id, accountUuid, isVpc);
}
return tenantRouter;
}
private Router getGuestNetworkRouter(long id, long accountID, boolean isVpc){
private Router getGuestNetworkRouter(long id, String accountUuid, boolean isVpc){
MultivaluedMap qNetRouter = new MultivaluedMapImpl();
String accountIdStr = String.valueOf(accountID);
String routerName = getRouterName(isVpc, id);
qNetRouter.add("tenant_id", accountIdStr);
qNetRouter.add("tenant_id", accountUuid);
for (Router router : api.getRouters(qNetRouter)) {
if(router.getName().equals(routerName)){
@ -1613,10 +1634,10 @@ public class MidoNetElement extends AdapterBase implements
}
private void deleteNetworkBridges(Network network){
long accountID = network.getAccountId();
String accountUuid = getAccountUuid(network);
long networkID = network.getId();
Bridge netBridge = getNetworkBridge(networkID, accountID);
Bridge netBridge = getNetworkBridge(networkID, accountUuid);
if(netBridge != null){
cleanBridge(netBridge);
@ -1632,11 +1653,11 @@ public class MidoNetElement extends AdapterBase implements
}
private void deleteGuestNetworkRouters(Network network){
long accountID = network.getAccountId();
String accountUuid = getAccountUuid(network);
boolean isVpc = getIsVpc(network);
long id = getRouterId(network, isVpc);
Router tenantRouter = getGuestNetworkRouter(id, accountID, isVpc);
Router tenantRouter = getGuestNetworkRouter(id, accountUuid, isVpc);
// Delete any peer ports corresponding to this router
for(Port peerPort : tenantRouter.getPeerPorts((new MultivaluedMapImpl()))){
@ -1677,7 +1698,7 @@ public class MidoNetElement extends AdapterBase implements
}
// Remove inbound and outbound filter chains
String accountIdStr = String.valueOf(accountID);
String accountIdStr = String.valueOf(accountUuid);
String routerName = getRouterName(isVpc, id);
RuleChain pre = api.getChain(tenantRouter.getInboundFilterId());

13
plugins/network-elements/midonet/src/com/cloud/network/guru/MidoNetGuestNetworkGuru.java
View File

@ -30,6 +30,8 @@ import com.cloud.network.*;
import com.cloud.network.PhysicalNetwork;
import com.cloud.offering.NetworkOffering;
import com.cloud.user.Account;
import com.cloud.user.AccountVO;
import com.cloud.user.dao.AccountDao;
import com.cloud.vm.*;
import com.midokura.midonet.client.resource.Bridge;
import com.cloud.utils.net.NetUtils;
@ -46,12 +48,16 @@ import com.cloud.vm.Nic.ReservationStrategy;
import javax.ejb.Local;
import java.util.UUID;
import javax.inject.Inject;
@Component
@Local(value = NetworkGuru.class)
public class MidoNetGuestNetworkGuru extends GuestNetworkGuru {
private static final Logger s_logger = Logger.getLogger(MidoNetGuestNetworkGuru.class);
@Inject
AccountDao _accountDao;
public MidoNetGuestNetworkGuru() {
super();
_isolationMethods = new PhysicalNetwork.IsolationMethod[] { PhysicalNetwork.IsolationMethod.MIDO };
@ -118,7 +124,8 @@ public class MidoNetGuestNetworkGuru extends GuestNetworkGuru {
implemented.setCidr(network.getCidr());
}
String accountIdStr = String.valueOf(network.getAccountId());
AccountVO acc = _accountDao.findById(network.getAccountId());
String accountUUIDStr = acc.getUuid();
String routerName = "";
if (network.getVpcId() != null) {
routerName = "VPC" + String.valueOf(network.getVpcId());
@ -126,7 +133,9 @@ public class MidoNetGuestNetworkGuru extends GuestNetworkGuru {
routerName = String.valueOf(network.getId());
}
String broadcastUriStr = accountIdStr + "." + String.valueOf(network.getId()) + ":" + routerName;
String broadcastUriStr = accountUUIDStr + "."
+ String.valueOf(network.getId())
+ ":" + routerName;
implemented.setBroadcastUri(Networks.BroadcastDomainType.Mido.toUri(broadcastUriStr));
s_logger.debug("Broadcast URI set to " + broadcastUriStr);

9
plugins/network-elements/midonet/src/com/cloud/network/guru/MidoNetPublicNetworkGuru.java
View File

@ -34,6 +34,8 @@ import com.cloud.utils.db.DB;
import com.cloud.utils.db.Transaction;
import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.utils.net.NetUtils;
import com.cloud.user.AccountVO;
import com.cloud.user.dao.AccountDao;
import com.cloud.network.dao.NetworkVO;
import com.cloud.network.dao.IPAddressVO;
import com.cloud.vm.*;
@ -50,6 +52,8 @@ public class MidoNetPublicNetworkGuru extends PublicNetworkGuru {
// Inject any stuff we need to use (DAOs etc)
@Inject
NetworkModel _networkModel;
@Inject
AccountDao _accountDao;
// Don't need to change traffic type stuff, public is fine
@ -228,9 +232,10 @@ public class MidoNetPublicNetworkGuru extends PublicNetworkGuru {
}
private URI generateBroadcastUri(Network network){
String accountIdStr = String.valueOf(network.getAccountId());
AccountVO acc = _accountDao.findById(network.getAccountId());
String accountUUIDStr = acc.getUuid();
String networkUUIDStr = String.valueOf(network.getId());
return Networks.BroadcastDomainType.Mido.toUri(accountIdStr +
return Networks.BroadcastDomainType.Mido.toUri(accountUUIDStr +
"." +
networkUUIDStr +
":" +

31
plugins/network-elements/midonet/test/com/cloud/network/element/MidoNetElementTest.java
View File

@ -18,12 +18,13 @@
*/
import com.cloud.network.element.MidoNetElement;
import com.cloud.user.AccountVO;
import com.cloud.user.dao.AccountDao;
import junit.framework.TestCase;
import static org.junit.Assert.assertEquals;
import static org.mockito.Mockito.*;
import com.midokura.midonet.client.MidonetApi;
import com.midokura.midonet.client.resource.*;
import com.cloud.network.dao.NetworkServiceMapDao;
import com.sun.jersey.core.util.MultivaluedMapImpl;
import com.cloud.network.*;
import com.cloud.vm.*;
@ -46,10 +47,6 @@ public class MidoNetElementTest extends TestCase {
//mockMgmt
MidonetApi api = mock(MidonetApi.class, RETURNS_DEEP_STUBS);
ArrayList<String> arr = new ArrayList<String>();
arr.add("MidoNet");
NetworkServiceMapDao mockNSMD = mock(NetworkServiceMapDao.class);
when(mockNSMD.getDistinctProviders(anyLong())).thenReturn(arr);
//mockDhcpHost
DhcpHost mockDhcpHost = mock(DhcpHost.class);
@ -82,6 +79,14 @@ public class MidoNetElementTest extends TestCase {
when(mockNetwork.getGateway()).thenReturn("1.2.3.4");
when(mockNetwork.getCidr()).thenReturn("1.2.3.0/24");
when(mockNetwork.getId()).thenReturn((long)2);
when(mockNetwork.getBroadcastDomainType()).thenReturn(Networks.BroadcastDomainType.Mido);
when(mockNetwork.getTrafficType()).thenReturn(Networks.TrafficType.Guest);
//mockAccountDao
AccountDao mockAccountDao = mock(AccountDao.class);
AccountVO mockAccountVO = mock(AccountVO.class);
when(mockAccountDao.findById(anyLong())).thenReturn(mockAccountVO);
when(mockAccountVO.getUuid()).thenReturn("1");
//mockNic
NicProfile mockNic = mock(NicProfile.class);
@ -96,8 +101,8 @@ public class MidoNetElementTest extends TestCase {
when(mockVm.getType()).thenReturn(VirtualMachine.Type.User);
MidoNetElement elem = new MidoNetElement();
elem.setNtwkSrvcDao(mockNSMD);
elem.setMidonetApi(api);
elem.setAccountDao(mockAccountDao);
boolean result = false;
try {
@ -119,14 +124,16 @@ public class MidoNetElementTest extends TestCase {
public void testImplement() {
//mock
MidonetApi api = mock(MidonetApi.class, RETURNS_DEEP_STUBS);
ArrayList<String> arr = new ArrayList<String>();
arr.add("MidoNet");
NetworkServiceMapDao mockNSMD = mock(NetworkServiceMapDao.class);
when(mockNSMD.getDistinctProviders(anyLong())).thenReturn(arr);
//mockAccountDao
AccountDao mockAccountDao = mock(AccountDao.class);
AccountVO mockAccountVO = mock(AccountVO.class);
when(mockAccountDao.findById(anyLong())).thenReturn(mockAccountVO);
when(mockAccountVO.getUuid()).thenReturn("1");
MidoNetElement elem = new MidoNetElement();
elem.setNtwkSrvcDao(mockNSMD);
elem.setMidonetApi(api);
elem.setAccountDao(mockAccountDao);
//mockRPort
RouterPort mockRPort = mock(RouterPort.class);
@ -161,6 +168,8 @@ public class MidoNetElementTest extends TestCase {
when(mockNetwork.getGateway()).thenReturn("1.2.3.4");
when(mockNetwork.getCidr()).thenReturn("1.2.3.0/24");
when(mockNetwork.getId()).thenReturn((long)2);
when(mockNetwork.getBroadcastDomainType()).thenReturn(Networks.BroadcastDomainType.Mido);
when(mockNetwork.getTrafficType()).thenReturn(Networks.TrafficType.Public);
boolean result = false;
try {

2
setup/db/db/schema-410to420.sql
View File

@ -29,6 +29,8 @@ INSERT IGNORE INTO `cloud`.`hypervisor_capabilities`(hypervisor_type, hypervisor
INSERT IGNORE INTO `cloud`.`hypervisor_capabilities`(hypervisor_type, hypervisor_version, max_guests_limit, security_group_enabled, max_hosts_per_cluster) VALUES ('VMware', '5.1', 128, 0, 32);
DELETE FROM `cloud`.`configuration` where name='vmware.percluster.host.max';
INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'AgentManager', 'xen.nics.max', '7', 'Maximum allowed nics for Vms created on Xen');
INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Network', 'DEFAULT', 'management-server', 'midonet.apiserver.address', 'http://localhost:8081', 'Specify the address at which the Midonet API server can be contacted (if using Midonet)');
INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Network', 'DEFAULT', 'management-server', 'midonet.providerrouter.id', 'd7c5e6a3-e2f4-426b-b728-b7ce6a0448e5', 'Specifies the UUID of the Midonet provider router (if using Midonet)');
ALTER TABLE `cloud`.`load_balancer_vm_map` ADD state VARCHAR(40) NULL COMMENT 'service status updated by LB healthcheck manager';
alter table storage_pool change storage_provider_id storage_provider_name varchar(255);