KVM initial VPC support

Implements
SetupGuestNetworkCommand,SetNetworkACLCommand,SetSourceNatCommand,IpAssocVpcCommand,SetPortForwardingRulesVpcCommand.
Passes basic functionality, though I'm sure there may be some honing to
do.

Also fixes a few minor things found along the way:
 vpc_guestnw.sh wasn't successfully setting up apache due to default
listen IP of 10.1.1.1
 vpc_guestnw.sh was referencing a 'logger_it' function, replaced with
'logger -t cloud'
 system vms were running with OS type "Debian GNU/Linux 5.0(32-bit)",
which was not found in the KVMGuestOsMapper
 the Xen implementation of SetupGuestNetworkCommand had apparently
copied its catch message from UnPlug Nic, fixed string

Send-by: Marcus Sorensen
RB: https://reviews.apache.org/r/6883
This commit is contained in:
Edison Su 2012-09-04 11:40:51 -07:00
parent f509efe2d8
commit ea9121bc8f
5 changed files with 376 additions and 16 deletions

View File

@ -61,14 +61,18 @@ import com.cloud.agent.api.routing.SetFirewallRulesAnswer;
import com.cloud.agent.api.routing.SetFirewallRulesCommand;
import com.cloud.agent.api.routing.SetPortForwardingRulesAnswer;
import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
import com.cloud.agent.api.routing.SetPortForwardingRulesVpcCommand;
import com.cloud.agent.api.routing.SetStaticNatRulesAnswer;
import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
import com.cloud.agent.api.routing.SetStaticRouteAnswer;
import com.cloud.agent.api.routing.SetStaticRouteCommand;
import com.cloud.agent.api.routing.Site2SiteVpnCfgCommand;
import com.cloud.agent.api.routing.VmDataCommand;
import com.cloud.agent.api.routing.VpnUsersCfgCommand;
import com.cloud.agent.api.to.IpAddressTO;
import com.cloud.agent.api.to.PortForwardingRuleTO;
import com.cloud.agent.api.to.StaticNatRuleTO;
import com.cloud.exception.InternalErrorException;
import com.cloud.network.HAProxyConfigurator;
import com.cloud.network.LoadBalancerConfigurator;
import com.cloud.utils.NumbersUtil;
@ -109,11 +113,15 @@ public class VirtualRoutingResource implements Manager {
public Answer executeRequest(final Command cmd) {
try {
if (cmd instanceof SetPortForwardingRulesCommand ) {
if (cmd instanceof SetPortForwardingRulesVpcCommand ) {
return execute((SetPortForwardingRulesVpcCommand)cmd);
} else if (cmd instanceof SetPortForwardingRulesCommand){
return execute((SetPortForwardingRulesCommand)cmd);
} else if (cmd instanceof SetStaticRouteCommand){
return execute((SetStaticRouteCommand)cmd);
} else if (cmd instanceof SetStaticNatRulesCommand){
return execute((SetStaticNatRulesCommand)cmd);
}else if (cmd instanceof LoadBalancerConfigCommand) {
} else if (cmd instanceof LoadBalancerConfigCommand) {
return execute((LoadBalancerConfigCommand)cmd);
} else if (cmd instanceof IpAssocCommand) {
return execute((IpAssocCommand)cmd);
@ -232,7 +240,6 @@ public class VirtualRoutingResource implements Manager {
String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
String[] results = new String[cmd.getRules().length];
int i = 0;
boolean endResult = true;
for (PortForwardingRuleTO rule : cmd.getRules()) {
String result = null;
@ -674,6 +681,132 @@ public class VirtualRoutingResource implements Manager {
return command.execute();
}
public String assignGuestNetwork(final String dev, final String routerIP,
final String routerGIP, final String gateway, final String cidr,
final String netmask, final String dns, final String domainName){
String args = " -C";
args += " -d " + dev;
args += " -i " + routerGIP;
args += " -g " + gateway;
args += " -m " + cidr;
args += " -n " + netmask;
if ( dns != null && !dns.isEmpty() ) {
args += " -s " + dns;
}
if ( domainName != null && !domainName.isEmpty() ) {
args += " -e " + domainName;
}
return routerProxy("vpc_guestnw.sh", routerIP, args);
}
public String assignNetworkACL(final String routerIP, final String dev,
final String routerGIP, final String netmask, final String rule){
String args = " -d " + dev;
args += " -i " + routerGIP;
args += " -m " + netmask;
args += " -a " + rule;
return routerProxy("vpc_acl.sh", routerIP, args);
}
public String assignSourceNat(final String routerIP, final String pubIP, final String dev) {
String args = " -A ";
args += " -l ";
args += pubIP;
args += " -c ";
args += dev;
return routerProxy("vpc_snat.sh", routerIP, args);
}
private SetPortForwardingRulesAnswer execute(SetPortForwardingRulesVpcCommand cmd) {
String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
String[] results = new String[cmd.getRules().length];
int i = 0;
boolean endResult = true;
for (PortForwardingRuleTO rule : cmd.getRules()) {
String args = rule.revoked() ? " -D" : " -A";
args += " -P " + rule.getProtocol().toLowerCase();
args += " -l " + rule.getSrcIp();
args += " -p " + rule.getStringSrcPortRange();
args += " -r " + rule.getDstIp();
args += " -d " + rule.getStringDstPortRange().replace(":", "-");
String result = routerProxy("vpc_portforwarding.sh", routerIp, args);
if (result != null) {
results[i++] = "Failed";
endResult = false;
} else {
results[i++] = null;
}
}
return new SetPortForwardingRulesAnswer(cmd, results, endResult);
}
public void assignVpcIpToRouter(final String routerIP, final boolean add, final String pubIP,
final String nicname, final String gateway, final String netmask, final String subnet) throws Exception {
try {
String args = "";
if (add) {
args += " -A ";
} else {
args += " -D ";
}
args += " -l ";
args += pubIP;
args += " -c ";
args += nicname;
args += " -g ";
args += gateway;
args += " -m ";
args += netmask;
args += " -n ";
args += subnet;
String result = routerProxy("vpc_ipassoc.sh", routerIP, args);
if (result != null) {
throw new InternalErrorException("KVM plugin \"vpc_ipassoc\" failed:"+result);
}
} catch (Exception e) {
String msg = "Unable to assign public IP address due to " + e.toString();
s_logger.warn(msg, e);
throw new Exception(msg);
}
}
private SetStaticRouteAnswer execute(SetStaticRouteCommand cmd) {
String routerIP = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
try {
String[] results = new String[cmd.getStaticRoutes().length];
String [][] rules = cmd.generateSRouteRules();
StringBuilder sb = new StringBuilder();
String[] srRules = rules[0];
for (int i = 0; i < srRules.length; i++) {
sb.append(srRules[i]).append(',');
}
String args = " -a " + sb.toString();
String result = routerProxy("vpc_staticroute.sh", routerIP, args);
if (result != null) {
for (int i=0; i < results.length; i++) {
results[i] = "Failed";
}
return new SetStaticRouteAnswer(cmd, false, results);
}
return new SetStaticRouteAnswer(cmd, true, results);
} catch (Exception e) {
String msg = "SetStaticRoute failed due to " + e.toString();
s_logger.error(msg, e);
return new SetStaticRouteAnswer(cmd, false, null);
}
}
public String assignPublicIpAddress(final String vmName,
final String privateIpAddress, final String publicIpAddress,

View File

@ -58,19 +58,31 @@ create_acl_chain() {
setup_apache2() {
logger_it "Setting up apache web server for $dev"
logger -t cloud "Setting up apache web server for $dev"
cp /etc/apache2/vhostexample.conf /etc/apache2/conf.d/vhost$dev.conf
sed -i -e "s/<VirtualHost.*:80>/<VirtualHost $ip:80>/" /etc/apache2/conf.d/vhost$dev.conf
sed -i -e "s/<VirtualHost.*:443>/<VirtualHost $ip:443>/" /etc/apache2/conf.d/vhost$dev.conf
sed -i -e "s/\tServerName.*/\tServerName vhost$dev.cloudinternal.com/" /etc/apache2/conf.d/vhost$dev.conf
sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/conf.d/vhost$dev.conf
sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/conf.d/vhost$dev.conf
if [ -e "/etc/apache2/sites-enabled/000-default" ]
then
sed -i -e "s/^#*/#/g" /etc/apache2/sites-enabled/000-default
fi
if [ -e "/etc/apache2/sites-enabled/default-ssl" ]
then
sed -i -e "s/^#*/#/g" /etc/apache2/sites-enabled/default-ssl
fi
if [ -e "/etc/apache2/ports.conf" ]
then
sed -i -e "s/^#*/#/g" /etc/apache2/ports.conf
fi
service apache2 restart
sudo iptables -A INPUT -i $dev -d $ip -p tcp -m state --state NEW --dport 80 -j ACCEPT
}
desetup_apache2() {
logger_it "Desetting up apache web server for $dev"
logger -t cloud "Desetting up apache web server for $dev"
rm -f /etc/apache2/conf.d/vhost$dev.conf
service apache2 restart
sudo iptables -D INPUT -i $dev -d $ip -p tcp -m state --state NEW --dport 80 -j ACCEPT

View File

@ -105,6 +105,7 @@ public class KVMGuestOsMapper {
s_mapper.put("Ubuntu 8.04 (64-bit)", "Other Linux");
s_mapper.put("Debian GNU/Linux 5(32-bit)", "Debian GNU/Linux 5");
s_mapper.put("Debian GNU/Linux 5(64-bit)", "Debian GNU/Linux 5");
s_mapper.put("Debian GNU/Linux 5.0(32-bit)", "Debian GNU/Linux 5");
s_mapper.put("Debian GNU/Linux 4(32-bit)", "Debian GNU/Linux 4");
s_mapper.put("Debian GNU/Linux 4(64-bit)", "Debian GNU/Linux 4");
s_mapper.put("Debian GNU/Linux 6(64-bit)", "Debian GNU/Linux 6");

View File

@ -126,6 +126,8 @@ import com.cloud.agent.api.RebootCommand;
import com.cloud.agent.api.RebootRouterCommand;
import com.cloud.agent.api.SecurityGroupRuleAnswer;
import com.cloud.agent.api.SecurityGroupRulesCmd;
import com.cloud.agent.api.SetupGuestNetworkAnswer;
import com.cloud.agent.api.SetupGuestNetworkCommand;
import com.cloud.agent.api.StartAnswer;
import com.cloud.agent.api.StartCommand;
import com.cloud.agent.api.StartupCommand;
@ -144,7 +146,12 @@ import com.cloud.agent.api.proxy.ConsoleProxyLoadAnswer;
import com.cloud.agent.api.proxy.WatchConsoleProxyLoadCommand;
import com.cloud.agent.api.routing.IpAssocAnswer;
import com.cloud.agent.api.routing.IpAssocCommand;
import com.cloud.agent.api.routing.IpAssocVpcCommand;
import com.cloud.agent.api.routing.NetworkElementCommand;
import com.cloud.agent.api.routing.SetNetworkACLAnswer;
import com.cloud.agent.api.routing.SetNetworkACLCommand;
import com.cloud.agent.api.routing.SetSourceNatAnswer;
import com.cloud.agent.api.routing.SetSourceNatCommand;
import com.cloud.agent.api.storage.CopyVolumeAnswer;
import com.cloud.agent.api.storage.CopyVolumeCommand;
import com.cloud.agent.api.storage.CreateAnswer;
@ -1028,6 +1035,14 @@ public class LibvirtComputingResource extends ServerResourceBase implements
return execute((PlugNicCommand) cmd);
} else if (cmd instanceof UnPlugNicCommand) {
return execute((UnPlugNicCommand) cmd);
} else if (cmd instanceof SetupGuestNetworkCommand) {
return execute((SetupGuestNetworkCommand) cmd);
} else if (cmd instanceof SetNetworkACLCommand) {
return execute((SetNetworkACLCommand) cmd);
} else if (cmd instanceof SetSourceNatCommand) {
return execute((SetSourceNatCommand) cmd);
} else if (cmd instanceof IpAssocVpcCommand) {
return execute((IpAssocVpcCommand) cmd);
} else if (cmd instanceof IpAssocCommand) {
return execute((IpAssocCommand) cmd);
} else if (cmd instanceof NetworkElementCommand) {
@ -1239,7 +1254,7 @@ public class LibvirtComputingResource extends ServerResourceBase implements
}
Domain vm = getDomain(conn, vmName);
vm.attachDevice(_vifDriver.plug(nicTO, "Other PV").toString());
vm.attachDevice(_vifDriver.plug(nicTO, "Other PV (32-bit)").toString());
}
private PlugNicAnswer execute(PlugNicCommand cmd) {
@ -1249,7 +1264,16 @@ public class LibvirtComputingResource extends ServerResourceBase implements
try {
conn = LibvirtConnection.getConnection();
Domain vm = getDomain(conn, vmName);
vm.attachDevice(_vifDriver.plug(nic, "Other PV").toString());
List<InterfaceDef> pluggedNics = getInterfaces(conn, vmName);
Integer nicnum = 0;
for (InterfaceDef pluggedNic : pluggedNics) {
if (pluggedNic.getMacAddress().equalsIgnoreCase(nic.getMac())) {
s_logger.debug("found existing nic for mac "+ pluggedNic.getMacAddress() + " at index "+nicnum);
return new PlugNicAnswer(cmd, true, "success");
}
nicnum++;
}
vm.attachDevice(_vifDriver.plug(nic, "Other PV (32-bit)").toString());
return new PlugNicAnswer(cmd, true, "success");
} catch (Exception e) {
String msg = " Plug Nic failed due to " + e.toString();
@ -1280,6 +1304,194 @@ public class LibvirtComputingResource extends ServerResourceBase implements
}
}
private SetupGuestNetworkAnswer execute(SetupGuestNetworkCommand cmd) {
Connect conn;
NicTO nic = cmd.getNic();
String routerIP = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
String routerGIP = cmd.getAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP);
String routerName = cmd.getAccessDetail(NetworkElementCommand.ROUTER_NAME);
String gateway = cmd.getAccessDetail(NetworkElementCommand.GUEST_NETWORK_GATEWAY);
String cidr = Long.toString(NetUtils.getCidrSize(nic.getNetmask()));;
String domainName = cmd.getNetworkDomain();
String dns = cmd.getDefaultDns1();
if (dns == null || dns.isEmpty()) {
dns = cmd.getDefaultDns2();
} else {
String dns2= cmd.getDefaultDns2();
if ( dns2 != null && !dns2.isEmpty()) {
dns += "," + dns2;
}
}
try {
conn = LibvirtConnection.getConnection();
Domain vm = getDomain(conn, routerName);
List<InterfaceDef> pluggedNics = getInterfaces(conn, routerName);
InterfaceDef routerNic = null;
for (InterfaceDef pluggedNic : pluggedNics) {
if (pluggedNic.getMacAddress().equalsIgnoreCase(nic.getMac())) {
routerNic = pluggedNic;
break;
}
}
if ( routerNic == null ) {
return new SetupGuestNetworkAnswer(cmd, false, "Can not find nic with mac " + nic.getMac() + " for VM " + routerName);
}
String args = "vpc_guestnw.sh " + routerIP + " -C";
String dev = "eth" + nic.getDeviceId();
String netmask = NetUtils.getSubNet(routerGIP, nic.getNetmask());
String result = _virtRouterResource.assignGuestNetwork(dev, routerIP,
routerGIP, gateway, cidr, netmask, dns, domainName );
if (result != null) {
return new SetupGuestNetworkAnswer(cmd, false, "Creating guest network failed due to " + result);
}
return new SetupGuestNetworkAnswer(cmd, true, "success");
} catch (Exception e) {
String msg = "Creating guest network failed due to " + e.toString();
s_logger.warn(msg, e);
return new SetupGuestNetworkAnswer(cmd, false, msg);
}
}
private SetNetworkACLAnswer execute(SetNetworkACLCommand cmd) {
String[] results = new String[cmd.getRules().length];
String callResult;
Connect conn;
String routerName = cmd.getAccessDetail(NetworkElementCommand.ROUTER_NAME);
String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
try {
conn = LibvirtConnection.getConnection();
Domain vm = getDomain(conn, routerName);
String [][] rules = cmd.generateFwRules();
String[] aclRules = rules[0];
NicTO nic = cmd.getNic();
String dev = "eth" + nic.getDeviceId();
String netmask = Long.toString(NetUtils.getCidrSize(nic.getNetmask()));
StringBuilder sb = new StringBuilder();
for (int i = 0; i < aclRules.length; i++) {
sb.append(aclRules[i]).append(',');
}
String rule = sb.toString();
String result = _virtRouterResource.assignNetworkACL(routerIp,
dev, nic.getIp(), netmask, rule);
if (result != null) {
for (int i=0; i < results.length; i++) {
results[i] = "Failed";
}
return new SetNetworkACLAnswer(cmd, false, results);
}
return new SetNetworkACLAnswer(cmd, true, results);
} catch (Exception e) {
String msg = "SetNetworkACL failed due to " + e.toString();
s_logger.error(msg, e);
return new SetNetworkACLAnswer(cmd, false, results);
}
}
protected SetSourceNatAnswer execute(SetSourceNatCommand cmd) {
Connect conn;
String routerName = cmd.getAccessDetail(NetworkElementCommand.ROUTER_NAME);
String routerIP = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
IpAddressTO pubIP = cmd.getIpAddress();
try {
conn = LibvirtConnection.getConnection();
Domain vm = getDomain(conn, routerName);
Integer devNum = 0;
String pubVlan = pubIP.getVlanId();
List<InterfaceDef> pluggedNics = getInterfaces(conn, routerName);
for (InterfaceDef pluggedNic : pluggedNics) {
String pluggedVlanBr = pluggedNic.getBrName();
String pluggedVlanId = getVlanIdFromBridge(pluggedVlanBr);
if (pubVlan.equalsIgnoreCase(Vlan.UNTAGGED)
&& pluggedVlanBr.equalsIgnoreCase(_publicBridgeName)) {
break;
} else if (pluggedVlanBr.equalsIgnoreCase(_linkLocalBridgeName)){
/*skip over, no physical bridge device exists*/
} else if (pluggedVlanId == null) {
/*this should only be true in the case of link local bridge*/
return new SetSourceNatAnswer(cmd, false, "unable to find the vlan id for bridge "+pluggedVlanBr+
" when attempting to set up" + pubVlan + " on router " + routerName);
} else if (pluggedVlanId.equals(pubVlan)) {
break;
}
devNum++;
}
String dev = "eth" + devNum;
String result = _virtRouterResource.assignSourceNat(routerIP, pubIP.getPublicIp(), dev);
if (result != null) {
return new SetSourceNatAnswer(cmd, false, "KVM plugin \"vpc_snat\" failed:"+result);
}
return new SetSourceNatAnswer(cmd, true, "success");
} catch (Exception e) {
String msg = "Ip SNAT failure due to " + e.toString();
s_logger.error(msg, e);
return new SetSourceNatAnswer(cmd, false, msg);
}
}
protected IpAssocAnswer execute(IpAssocVpcCommand cmd) {
Connect conn;
String[] results = new String[cmd.getIpAddresses().length];
int i = 0;
String routerName = cmd.getAccessDetail(NetworkElementCommand.ROUTER_NAME);
String routerIP = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
try {
conn = LibvirtConnection.getConnection();
IpAddressTO[] ips = cmd.getIpAddresses();
Domain vm = getDomain(conn, routerName);
Integer devNum = 0;
Map<String, Integer> vlanToNicNum = new HashMap<String, Integer>();
List<InterfaceDef> pluggedNics = getInterfaces(conn, routerName);
for (InterfaceDef pluggedNic : pluggedNics) {
String pluggedVlan = pluggedNic.getBrName();
if (pluggedVlan.equalsIgnoreCase(_linkLocalBridgeName)) {
vlanToNicNum.put("LinkLocal",devNum);
}
else if (pluggedVlan.equalsIgnoreCase(_publicBridgeName)
|| pluggedVlan.equalsIgnoreCase(_privBridgeName)
|| pluggedVlan.equalsIgnoreCase(_guestBridgeName)) {
vlanToNicNum.put(Vlan.UNTAGGED,devNum);
}
else {
vlanToNicNum.put(getVlanIdFromBridge(pluggedVlan),devNum);
}
devNum++;
}
for (IpAddressTO ip : ips) {
String ipVlan = ip.getVlanId();
String nicName = "eth" + vlanToNicNum.get(ip.getVlanId());
String netmask = Long.toString(NetUtils.getCidrSize(ip.getVlanNetmask()));
String subnet = NetUtils.getSubNet(ip.getPublicIp(), ip.getVlanNetmask());
_virtRouterResource.assignVpcIpToRouter(routerIP, ip.isAdd(), ip.getPublicIp(),
nicName, ip.getVlanGateway(), netmask, subnet);
results[i++] = ip.getPublicIp() + " - success";
}
} catch (Exception e) {
s_logger.error("Ip Assoc failure on applying one ip due to exception: ", e);
results[i++] = IpAssocAnswer.errorResult;
}
return new IpAssocAnswer(cmd, results);
}
public Answer execute(IpAssocCommand cmd) {
String routerName = cmd
.getAccessDetail(NetworkElementCommand.ROUTER_NAME);
@ -1295,7 +1507,9 @@ public class LibvirtComputingResource extends ServerResourceBase implements
if (nic.getBrName().equalsIgnoreCase(_linkLocalBridgeName)) {
vlanAllocatedToVM.put("LinkLocal", nicPos);
} else {
if (nic.getBrName().equalsIgnoreCase(_publicBridgeName) || nic.getBrName().equalsIgnoreCase(_privBridgeName) || nic.getBrName().equalsIgnoreCase(_guestBridgeName)) {
if (nic.getBrName().equalsIgnoreCase(_publicBridgeName)
|| nic.getBrName().equalsIgnoreCase(_privBridgeName)
|| nic.getBrName().equalsIgnoreCase(_guestBridgeName)) {
vlanAllocatedToVM.put(Vlan.UNTAGGED, nicPos);
} else {
String vlanId = getVlanIdFromBridge(nic.getBrName());

View File

@ -7378,7 +7378,7 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
}
return new SetupGuestNetworkAnswer(cmd, true, "success");
} catch (Exception e) {
String msg = " UnPlug Nic failed due to " + e.toString();
String msg = "Creating guest network failed due to " + e.toString();
s_logger.warn(msg, e);
return new SetupGuestNetworkAnswer(cmd, false, msg);
}