CLOUDSTACK-8947 - Load Balancer not working with Isolated NetworksThis PR fixes the Load Balance feature by adding iptables rules for the public IP and port of the LB.
In order to cover the changes, I improved and executed the smoke/test_loadbalance.py. In addition, I also executed many other tests to make sure the main network/VM functionalities are working as expected.
Test report will follow.
* pr/931:
CLOUDSTACK-8947 - Do not rely on the machine hostname to verify the test
CLOUDSTACK-8947 - Fail fast!
CLOUDSTACK-8947 - Adding some logging to better understand whay is happening with the Processes
CLOUDSTACK-8947 - Adding some logging to better understand what's happening with the rules
CLOUDSTACK-8947 - Configure the firewall when the load balancer is setup
CLOUDSTACK-8947 - Avoid multiple entries in the FW_EGRESS_RULES table
CLOUDSTACK-8947 - Open the input chain to IP when loadbalancer is configured
CLOUDSTACK-8947 - FW_EGRESS should be added only to filter table
Signed-off-by: Remi Bergsma <github@remi.nl>
CLOUDSTACK-8934 - Default routes not configured for rVPC and RVRThis PR fixes the default routes for redundant VPCs and isolated networks. New tests were introduced in order to make sure that the routers are working properly.
During the tests, I found out that the Firewall Egress was not working properly when creating the network offering with default allow. The bug has been fixed and tests for redundant and non-redundant isolated networks were added.
Test reports will follow in a separate comment.
* pr/923:
CLOUDSTACK-8934 - Fix the AclIP class to make it configure the default FW policy
CLOUDSTACK-8934 - Fix default EGRESS rules for isolated networks
CLOUDSTACK-8934 - Adding tests to cover default routes on IsoNest and RVR nets
CLOUDSTACK-8934 - Add default gateway when the public interface is up again
Signed-off-by: Remi Bergsma <github@remi.nl>
Pr 906 912 bug zone wizard and adv search popup
* pr/915:
PR 906 (CLOUDSTACK-8930) and PR 912 combined. Bugs on localization buttons in zone wizard final step and Advanced search popup
CLOUDSTACK-8930: Showing blank screen when click 'Next' link in final step of Add Zone wizard.
Signed-off-by: Rajani Karuturi <rajanikaruturi@gmail.com>
- The default is Accept and will be changed based on the configuration of the offering.
CLOUDSTACK-8934 - The default egress is set as Deny in the router.
- We had to change it on the Java side in order to make the apply it once the default is defined as allowed on the net offering
CLOUDSTACK-8879: Depend in rados-java 0.2.0This should fix the CloudStack Agent from crashing when it has to
handle more then 16 RBD snapshots on one Volume.
* pr/889:
CLOUDSTACK-8879: Depend in rados-java 0.2.0
Signed-off-by: Remi Bergsma <github@remi.nl>
CLOUDSTACK-8915 - Cannot SSH into VMs deployed Redundant VPC routersIn order to reproduce the problem, I did the following
* Create a Redundant VPC
* Add a tier
* Add a new VM to the tier
* Add an ACL, open port 22 and associate the ACL with the tier
* Acquire a pub IP
* Add a PF rule to port 22 towards the VM
* Try to SSH to the VM through the Pub IP
It failed with "No route to host".
This PR contains the following:
* Fix for the keepalived (vrrp) configuration;
* Refactor the default router code for both isolated and [r]VPC routers
* Revert CsRedundant changes
* Add default route tests
* Add logging to tests - so we see what's happening during test execution.
* pr/908:
CLOUDSTACK-8915 - Making sure cleanup resources passes
CLOUDSTACK-8915 - Fix the assertion used for the default routes test
CLOUDSTACK-8915 - Copy the conntrackd configuration every time _redundant_on() function is called
CLOUDSTACK-8915 - This test is still under construction
CLOUDSTACK-8915 - Adding logging to tests
CLOUDSTACK-8915 - Improve routers tests
CLOUDSTACK-8915 - Reverting changes from commit id 1a02773b556a0efa277cf18cd099fc62a4e27706
CLOUDSTACK-8915 - Reverting changes from commit id 18dbc0c4cbe506ad698bc513c901dc2d0e48159f
CLOUDSTACK-8915 - VRRP needs a cidr in order to work properly
CLOUDSTACK-8915 - Rearrenging a bit the default route code in order to make it more clear
CLOUDSTACK-8915 - Add the default route only on address that have not been configured yet.
Signed-off-by: Remi Bergsma <github@remi.nl>
- Due to an issue with VPC routers (CLOUDSTACK-8935) we are not able to destroy networks before destroying the routers
- Added a forcestop/destroy routers inside the tearDown to make sure it passes. The issue will be addressed in a separate PR
- Make sure the routers list is cleaned after destroy_routers() is called
- Populate routers list after the router is recreated
- Add egress tests in order to check if VMs can reach the outside world
- Increase the wait when testing redundant routers: they fight to become master
- Make sure the clean up is done properly
- That's not the place to fix the default routes for redundant VPC,
- Adding tests to cover PF and FW in isolated networks
* Will still add some tests for egress as well
- The cidr was replaced by the single IP, which broke the feature.
- Wait during transition from master to backup otherwise the test fails due to wronge state
CLOUDSTACK-8848 ensure power state is up to date for missing PowerState handlingadded a null guard to @resmo's #885 A unit test or two would be nice as well but as this is a blocker I want to get it to review asap.
@koushik-das @wilderrodrigues @anshul1886 @karuturi @remibergsma you all commented on the original, please have a look. @bhaisaab welcome to comment as well.
* pr/909:
CLOUDSTACK-8848: added null pointer guard to new public method
CLOUDSTACK-8848: ensure power state is up to date when handling missing VMs in powerReport
Signed-off-by: Rajani Karuturi <rajani.karuturi@citrix.com>
CLOUDSTACK-8808: Successfully registered VHD template is downloaded again due to missing virtualsize property in template.propertiesWe have multiple file processors to process different types of image
formats. The processor interface has two methods getVirtualSize() and
process().
1. getVirtualSize() as the name says, returns the virtual size of
the file and is used at get the size while copying files from NFS to s3
2. process() returns FormatInfo struct which has fileType, size,
virutalSize, filename. on successfully downloading a template, each
file is passed to all the processors.process() and whichever returns a
FormatInfo, that will be used to create template.properties file. If
process() throws an InternalErrorException, template installation fails.
But, if process() returns null, template registration is successful with
template.properties missing some attributes like virtualSize, file
format etc. which results in this bug on restart of ssvm/cloud
service/management server.
failing the template download if virutalsize or some other properties
cannot be determined.
The following changes are done:
getVirtualSize() to always return size(if it can calculate, get virtual
size else return file size). This would mean the following changes
1. QCOW2Processor.getVirtualSize() to return file size if virtual
size calculation fails
2. VHDProcessor.getVirtualSize() to return file size if virtual size
calculation fails
process() to throw InternalErrorException if virtual size calculation
fails or any other exceptions occur. This would mean the following
changes
1. OVAProcessor to throw InternalErrorException if untar fails
2. QCOW2Processor to throw InternalErrorException if virtual size
calculation fails
3. VHDProcessor to throw InternalErrorException if virtual size
calculation fails
Testing:
added unittests for the changes in the file processors.
manual test:
setup: host xenserver 6.5, management server centos 6.7
template: disk created using the process specified by andy at https://issues.apache.org/jira/browse/CLOUDSTACK-8808?focusedCommentId=14933368
tried to register the template and it failed with an error. Template never moved to Ready state.
* pr/901:
CLOUDSTACK-8808: Successfully registered VHD template is downloaded again due to missing virtualsize property in template.properties
Signed-off-by: Remi Bergsma <github@remi.nl>
CLOUDSTACK-8924: Removed duplicate test from test_scale_vm.pyPlease go through CS-8924 for more details.
* pr/900:
CLOUDSTACK-8924: Removed duplicate test from test_scale_vm.py
Signed-off-by: Remi Bergsma <github@remi.nl>
again due to missing virtualsize property in template.properties
We have multiple file processors to process different types of image
formats. The processor interface has two methods getVirtualSize() and
process().
1. getVirtualSize() as the name says, returns the virtual size of
the file and is used at get the size while copying files from NFS to s3
2. process() returns FormatInfo struct which has fileType, size,
virutalSize, filename. on successfully downloading a template, each
file is passed to all the processors.process() and whichever returns a
FormatInfo, that will be used to create template.properties file. If
process() throws an InternalErrorException, template installation fails.
But, if process() returns null, template registration is successful with
template.properties missing some attributes like virtualSize, file
format etc. which results in this bug on restart of ssvm/cloud
service/management server.
failing the template download if virutalsize or some other properties
cannot be determined.
The following changes are done:
getVirtualSize() to always return size(if it can calculate, get virtual
size else return file size). This would mean the following changes
1. QCOW2Processor.getVirtualSize() to return file size if virtual
size calculation fails
2. VHDProcessor.getVirtualSize() to return file size if virtual size
calculation fails
process() to throw InternalErrorException if virtual size calculation
fails or any other exceptions occur. This would mean the following
changes
1. OVAProcessor to throw InternalErrorException if untar fails
2. QCOW2Processor to throw InternalErrorException if virtual size
calculation fails
3. VHDProcessor to throw InternalErrorException if virtual size
calculation fails
There 2 things which has been changed.
* We look on power_state_update_time instead of update_time. Didn't make sense to me at all to look at update_time.
* Due DB update optimisation, powerState will only be updated if < MAX_CONSECUTIVE_SAME_STATE_UPDATE_COUNT. That is why we can not rely on these information unless we make sure these are up to date.
[BLOCKER] Combined PRs that fix VR issuesTonight I worked with @wilderrodrigues to figure out what is wrong with the virtual router. As we couldn't test single PRs any more (because of other issues with them causing tests to fail) we added all VR related PRs in a separate branch and started testing from there.
We combined the following PRs into this PR:
#836#851#867#870#881#882#842
After that, one issue remains: the VPC does not get a default gateway. Which is strange, because we already solved it in PR #738. When I look back, it was fixed again in PR #784. It could very well be that either one fixed one specific case, but also breaking the other. We need to investigate this, and make sure there will be a fix that works both for VPCs and VRs.
When we manually add the default gateway on the VPC, most tests pass and also spinning up two VPCs with one tier each, having a VM and them using s2s to VPN them together works fine. See for more details the report Wilder sent earlier.
Tomorrow we'll try to figure out how to fix the default gateway and merge this. Then we should have a base to work from again. Any PR that fixes another blocker, should at least then be rebased against the fixed master so we can run the tests against the PR branch. I'm not saying everything is fixed, I'm just saying that we can spin up a cloud that has working VMs.
When, in the mean time, someone has the time to checkout this branch and make the default route work for both VPC and VR that would be awesome. After that we should double check and verify the test results.
Pinging @karuturi to let her know the current status.
Regards,
Wilder / Remi
* pr/887:
Fixing the index out of bounds error in the check_if_link_up() function
small cleanups
Fixing the defaut route for VPC routers
Formatting the get_gateway() method in the CsDatabag.py file
Fixing the dhcpsrvr iptables file
Formatting the router_proxy.sh script
CLOUDSTACK-8881: Fixed Static and PF configuration issue
CLOUDSTACK-8905: Fixed hooking egress rules
CLOUDSTACK-8891: Fixed default iptables rules on VR for guest traffic
Configured dnsmasq to listen on all interfaces so that vpn client gets dns
CLOUDSTACK-8864: Not able to add TCP port forwarding rule in VPN for specific ports
CLOUDSTACK-8863: VM doesn't reconnect to internet post VR RESTART/STOP-START/RECREATE
CLOUDSTACK-8843: Fixed issue in default iptables rules on shared network VR
Signed-off-by: Remi Bergsma <github@remi.nl>
- Instead of changing the router type in a local variable, lets have a dedicated file for the dhcpsrvr routers
- The file is called iptables-dhcpsrvr, just like we have iptables-vpcrouter and iptables-router
This reverts commit 6841ba61da5e407f7a16c4a575d1a4e8c8345970, reversing
changes made to 13b29bac5a1778e295df7e9fb21c502fcf017183.
Master is currently frozen, no merges without RM approval.
http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201509.mbox/browser
It also broke the build:
[INFO] Apache CloudStack Framework - Jobs ................ SUCCESS [3.448s]
[INFO] Apache CloudStack Cloud Engine Internal Components API SUCCESS [2.528s]
[INFO] Apache CloudStack Server .......................... FAILURE [24.769s]
[INFO] Apache CloudStack Usage Server .................... SKIPPED
Use java.io.tmpdir instead of hardcoded /tmpSmall fix to have the tests also work on other platforms
* pr/884:
Use java.io.tmpdir instead of hardcoded /tmp
Signed-off-by: Wido den Hollander <wido@widodh.nl>
