Previous patch to this only did so for system vms with a $3 interface, usually
eth2. System VMs that only provide DNS wouldn't get a gateway, for example.
BUG-ID: CLOUDSTACK-1565
Signed-off-by: Marcus Sorensen <marcus@betterservers.com> 1365617851 -0600
auto start like we should. cloud-early-config sets 'auto lo $1', but we don't
pass $1 in vpc router scenario like we do in others for some reason. eth0 is
always link local in vpc router, so setting it to that.
Signed-off-by: Marcus Sorensen <marcus@betterservers.com> 1365546368 -0600
This signal will force the dnsmasq daemon to reload the configuration directly. This is much faster than restarting the daemon, which result in a much smaller window during which no dns server is available.
Tested by using the replaced version of edithosts.sh on a running vrouter causing dns problems.
The interval between keepalived.ts and keepalived.ts2 should be >= 60 seconds in
normal condition, because every 10 seconds keepalived.ts would be updated, and
at least every 60 seconds, keepalived.ts would be copy to keepalived.ts2.
If the interval is less than 60 seconds, then keepalived process failed to
update keepalived.ts every 10 seconds.
Take some delay of updating into consideration, check_heartbeat.sh would use 30
seconds as a way to tell keepalived process is alive or not.
This is an encryption optimization for VPN/SSL, with upto 10x advertised speed.
The patch check for the aesni_intel module if aes is available on the cpu, this
will be true for HVMs.
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
Detail: This gets rid of the patchdisk method of passing cmdline and
authorized_keys to KVM system VMs. It instead passes them to a virtio socket,
which the KVM guest reads from the character device /dev/vport0p1 during
cloud-early-config. Tested to work on CentOS 6.3 and Ubuntu 12.04. Should
work with even older versions of libvirt.
Signed-off-by: Marcus Sorensen <marcus@betterservers.com> 1362691685 -0700
Detail: CLOUDSTACK-1452, CLOUDSTACK-1523 - When rebooting VPC routers, ip addr
assignment was inconsistent, sometimes the assignment would be attempted while
router was still setting up nic device. This adds a watch for the nic to show
up before attempting to add an ip to a nic.
Signed-off-by: Marcus Sorensen <marcus@betterservers.com> 1362521453 -0700
In the previous version it would take at least 1 seconds for arping, and it
would be big if the VR has more than 30 IPs - our biglock default timeout is 30
seconds.
Fix it by send out two arping immediately, and then sleep 1 second for router to
update arp cache.
commands send to virtual router, instead of keeping silence.
Test:
Before change:
(1) Acquire IP. always in "Allocating" state.
(2) EnableStaticNat, the result is success(it is incorrect).
(3) DisableStaticNat, will get error message.. This is correct.
(4) Add Firewalls. always in "Adding" state.
(5) The AgentManager report statistics every 60 minutes(normally it
should be router.stats.interval=5 minutes).
After change:
(1) Acquire IP, will get error message.
(2) EnableStaticNat, will get error message.
(3) DisableStaticNat, will get error message.
(4) Add Firewalls, will get error message. But the firewall rules are
saved in database.
(5) The AgentManager report statistics every 5 minutes, except the
network with read-only FS virtual router.
Detail: VPC router was being treated like normal VR, which was an issue because
normally the VR has an eth0,1,2 which are isolated, linklocal, and public
networks respectively. rp_filter is turned on for eth0,1 and off for 2
(hardcoded). VPC however comes up with eth0,1 as public, linklocal, and no other
interfaces until new isolated networks are added, so the process doesn't work.
This change turns on rp_filter as new isolated networks are added to the VR.
BUG-ID: CLOUDSTACK-938
Bugfix-for: 4.0.2
Signed-off-by: Marcus Sorensen <marcus@betterservers.com> 1358451991 -0700
If something got wrong with passwd_server_ip script, it would output to
keepalived.log, thus cause other scripts malfunctional.
Also make savepassword.sh using the same lock as serve_password.sh.
The already deleted same hostname is not deleted from /etc/hosts of
vRouter.
vRouter's /etc/hosts format:
$ip $host
This patch fixes deletion logic below.
sed -i /"$host "/d $HOSTS
Signed-off-by: Prasanna Santhanam <tsp@apache.org>
Detail: TCP is occasionally used for certain DNS query types
BUG-ID: CLOUDSTACK-535
Bugfix-for: 4.0.1
Reported-by: Tamas Monos
Signed-off-by: Marcus Sorensen <marcus@betterservers.com> 1353946670 -0700
Detail: This adjusts cloud-early-config to properly set the host entry for a
vpc router. We were previously using the hostname command prior to the actual
hostname being set, now we use the NAME variable passed to us.
BUG-ID: CLOUDSTACK-502
Bugfix-for: 4.0.1
Signed-off-by: Marcus Sorensen <marcus@betterservers.com> 1353083661 -0700
Fixing some dependency issues, console-proxy only depends on agent (and
the core,api,utils via agent) and patches depends on nothing as its just
creating an achive with scripts
Detail: Make change in 95df86e1e030ab955ac09f145df37f3aef606c05 be specific
to VPC.
BUG-ID : NONE
Reviewed-by: Marcus Sorensen
Reported-by: Marcus Sorensen
Signed-off-by: Marcus Sorensen <marcus@betterservers.com> 1351695701 -0600
Detail: Several virtual router configuration commands, such as iptables
commands, run slowly due to attempting to do a name lookup on the virtual
router's hostname and having to time out. This is seen in the agent logs when
a virtual router command is run, as "unable to resolve host r-410-VM" or
similar. This can make for very slow router configuration, especially as the
number of network rules grows. This change simply sets the router's name to
the localhost IP in /etc/hosts
BUG-ID : NONE
Reviewed-by: Marcus Sorensen
Reported-by: Marcus Sorensen
Signed-off-by: Marcus Sorensen <shadowsor@gmail.com> 1351659441 -0600
By default do not enable port 8080 in iptables-router. Since, the socat
server which serves the password is in an infinite loop, any incorrect
attempt is returned bad_request and passwd-srvr won't break.
When /etc/init.d/cloud-passwd-srvr is started:
- It finds and removes any old rules on port 8080, eth0
- It applies iptables rule that accepts only traffic from private cidr.
When cloud-passwd-srvr is stopped:
- It removes iptables rules on port 8080, eth0
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
