apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,163 Commits 304 Branches 324 Tags
Commit Graph

79 Commits

Author SHA1 Message Date
Abhishek Kumar
d42c0eeb11
systemvm: setup radvd correctly (#6343) 
* systemvm: setup radvd correctly

Fixes radvd setup on VR for isolated network

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* donot start radvd on startup

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* Revert "donot start radvd on startup"

This reverts commit 2a8f737f3cf548386f025a436da5e66f59af858b.

* ipv6: do not start radvd in common.sh

* ipv6: do not add radvd to enabled_svcs in CsRedundant.py

* systemvm: add radvd to /var/cache/cloud/enabled_svcs when enable radvd

* test: fix test_network_ipv6.py

Co-authored-by: Wei Zhou <weizhou@apache.org>
 2022-05-03 17:53:32 -03:00
Abhishek Kumar
e53ed9e350
network: fix event, acl, firewall for ipv6 nw (#6314) 
* add guest ipv6 cidr for fw rule

Signed-off-by: Abhishek Kumar <abhishek.kumar@shapeblue.com>

* fix fw, acl nft chains

Signed-off-by: Abhishek Kumar <abhishek.kumar@shapeblue.com>

* remove unnecessary log

Signed-off-by: Abhishek Kumar <abhishek.kumar@shapeblue.com>

* api response should return default internet protocol

Signed-off-by: Abhishek Kumar <abhishek.kumar@shapeblue.com>

* event resource fix for ipv6 firewall rule events

Signed-off-by: Abhishek Kumar <abhishek.kumar@shapeblue.com>

* fix radvd, restore ipv6 intf in vm type script

Signed-off-by: Abhishek Kumar <abhishek.kumar@shapeblue.com>

* fix dadfailed with rvr

Signed-off-by: Abhishek Kumar <abhishek.kumar@shapeblue.com>
 2022-04-26 23:30:44 -03:00
Abhishek Kumar
4a914aa88d
network: ipv6 static routes (#5786) 
* wip

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* IPv6: configure VR of isolated networks

* IPv6: add default IPv6 route in VR of isolated networks

* Reformat server/src/main/java/com/cloud/network/NetworkServiceImpl.java

* IPv6: update network to offering which support IPv6

* IPv6: update vm nic ipv6 address when update network to new offering

* IPv6: configure VPC VR to support multiple tiers with IPv6

* IPv6: add RDNSS in radvd.conf

* IPv6/UI: support ipv6 protocols in Network ACL

* wip

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* changes for diagnostics

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* more import fromo #5594

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* IPv6: fix wrong public ipv6 in VPC VR

* changes

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* Update server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java

Co-authored-by: dahn <daan.hoogland@gmail.com>

* ui: fix add ipv6 prefix labels, message

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* ui: label fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* logging fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* test fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* changes

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* minor ui refactor

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* ip6 events

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* ip6 usage

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* unused

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* slaac based public ip

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* remove unused

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* diagnostics fix for vr

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* firewall changes

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* alert and show ipv6 usage

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* change for network response

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* ipv6 network test

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* changes

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* ui: fix ipaddress listing

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* wip

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix simulator

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* changes

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* changes

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* test fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* test and fixes

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* test temp change revert

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fixes

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* use uuid

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* event syntax fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* wip

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* review comments

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* assign vlan public IP for dualstack only if both protocols present on same vlan

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* internetprotocol in networkofferingresponse

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* add tcp, udp

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* support vpc with ipv6 only on same vlan

- adds new internet protocol param to createVpcOffering API
- When DualStack internet protocol is selected for the VPC offering, tiers with network with or without IPv6 support can be deployed.
- When IPv4 internet protocol is used for the VPC offering, tiers with network with only IPv4 support can be deployed

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* change and fix

allow VPC with IPv4 protocol to deploy tiers with IPv6

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* test fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* ui fixes

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix multiple routes, network guest ipv6 gateway

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* address review comments

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* stop radvd on backup VR

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix router redundant status with ipv6

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* disable radvd for backup vr

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* correctly set ipv6 in redundant router case

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* remove unused code

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix connection

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* ui: don't show all protocol for egress

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix guest ipv6 for redundant VRs

Redundant VRs will not be assigned an IPv6 by ACS and guest netwrok gateway will be added as IPv6 for guest interface by systemvm scripts during setting redundant state of the VR.

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix missing ipv6 on redundant vr

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix syntax

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* ui: fix vpc tier redirect to show details

When redirecting to VPC tier, details tab should be active by default

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* restart radvd on primary redundant vr

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* check for ipv6 values

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* remove old ui change

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix condition

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* remove gateway from backup vr

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* network upgrade fail early

when IPv6 network cannot be allocated fail before shutting down the network

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix radvd not running on RVR

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* prepare radvd.conf once

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix job polling

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix RVR for vpc with ipv6

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix ipv6 network acls

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* Update CsConfig.py

* add check

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* test: vpc offering test

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* test: add negative tests for guest prefix, public range

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* add default ipv6 route for primary

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix dadfailed on vpc rvr

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* ui: fix add iprange form, dedicate action visibility

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix adding, deleting ipv6 range

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix failing test

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix missing destination cidr in ipv6 firewall

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix ipv6 nftables rules

Allow storing linger IPv6 CIDRs in DB
Specify all port range for TC{, UDP protocol rules withot ports
Fix adding nft rules by creating chains first

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix icmpv6 type, code

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix icmp type, code

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* test: add more for ipv6 network

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* add warning message for egress policy in ipv6 fw rule

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* ui,server: update ipv6 vlan range

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* subnet operations inside transaction

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* server: persistent public IPv6 for network

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* ui: fix action alignment

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix vpc acl for tiers

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix removing network placeholder nic

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix acl rules for ip version

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix placeholder nic and nd-neighbor block issue

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* test for redundant nw

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix ping

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* systemvm: uprgade to debian 11.3.0

* ipv6: enable ipv6 in sysctl config in bootstrap.sh

* VR: fix KeyError: 'nic_ip6_cidr'

* build fix for latest event changes

Signed-off-by: Abhishek Kumar <abhishek.kumar@shapeblue.com>

Co-authored-by: Wei Zhou <weizhou@apache.org>
Co-authored-by: dahn <daan.hoogland@gmail.com>
 2022-04-25 22:51:32 -03:00
Wei Zhou
c61ea9f96d
VR: Do not add iptables rules for the revoked ip addresses (#6189) 2022-04-06 00:16:47 -03:00
Wei Zhou
4568a68d83
CsDhcp.py: fix runtests.sh error (#5671) 
$ cd systemvm/test
$ bash -x runtests.sh
......
../debian/opt/cloud/bin/cs/CsDhcp.py:114:25: E266 too many leading '#' for block comment
+ '[' 1 -gt 0 ']'
+ echo 'pycodestyle failed, please check your code'
 2021-11-17 14:05:20 +01:00
Wei Zhou
9f5ac89c9a
VR: fix data-server if shared network has multiple ip ranges (#5530) 
* VR: fix data-server if shared network has multiple ip ranges

This fixes #5518

* Update PR #5530: fix nameserver in vm with IP in additional IP ranges

without this change
```
root@r-757-VM:~# cat /etc/dnsmasq.d/cloud.conf
listen-address=127.0.0.1,10.10.12.31,10.10.13.19
dhcp-range=set:interface-eth0-0,10.10.12.31,static
dhcp-option=tag:interface-eth0-0,15,cs1cloud.internal
dhcp-option=tag:interface-eth0-0,6,10.10.12.31,10.0.32.1,8.8.8.8
dhcp-option=tag:interface-eth0-0,3,10.10.12.254
dhcp-option=tag:interface-eth0-0,1,255.255.255.0
dhcp-range=set:interface-eth0-1,10.10.13.19,static
dhcp-option=tag:interface-eth0-1,15,cs1cloud.internal
dhcp-option=tag:interface-eth0-1,6,10.10.12.31,10.0.32.1,8.8.8.8 <<< nameserver 10.10.12.31
dhcp-option=tag:interface-eth0-1,3,10.10.13.254
dhcp-option=tag:interface-eth0-1,1,255.255.255.0
```

with this change
```
root@r-757-VM:~# cat /etc/dnsmasq.d/cloud.conf
listen-address=127.0.0.1,10.10.12.31,10.10.13.19
dhcp-range=set:interface-eth0-0,10.10.12.31,static
dhcp-option=tag:interface-eth0-0,15,cs1cloud.internal
dhcp-option=tag:interface-eth0-0,6,10.10.12.31,10.0.32.1,8.8.8.8
dhcp-option=tag:interface-eth0-0,3,10.10.12.254
dhcp-option=tag:interface-eth0-0,1,255.255.255.0
dhcp-range=set:interface-eth0-1,10.10.13.19,static
dhcp-option=tag:interface-eth0-1,15,cs1cloud.internal
dhcp-option=tag:interface-eth0-1,6,10.10.13.19,10.0.32.1,8.8.8.8 <<< nameserver 10.10.13.19
dhcp-option=tag:interface-eth0-1,3,10.10.13.254
dhcp-option=tag:interface-eth0-1,1,255.255.255.0
```

* Update #5530: add 'localise-queries' to /etc/dnsmasq.conf
 2021-10-04 11:40:25 +02:00
nicolas
6509f43edc Merge branch '4.15' into main 2021-08-25 01:24:58 -03:00
Wei Zhou
16e4de0c25
vr: reload dnsmasq when start vms (#5319) 
* vr: reload dnsmasq when start vms

* vr: fix pycodestyle check error

* vr: delete leases only when needed
 2021-08-24 22:47:34 -03:00
davidjumani
cb1078aa20
Merge remote-tracking branch 'apache/4.15' into main 2021-08-09 15:10:51 +05:30
Wei Zhou
05d1d568fb
vr: restart conntrackd instead of '/usr/sbin/conntrackd -d' (#5275) 
* vr: restart conntrackd instead of '/usr/sbin/conntrackd -d'

* vr: remove unused cmd

* Revert "vr: remove unused cmd"

This reverts commit b97cf469952fe0706d91af411eaffa62a06761a6.

* vr: remove unused cmd
 2021-08-09 13:35:45 +05:30
Suresh Kumar Anaparti
958182481e cloudstack: make code more inclusive 
Inclusivity changes for CloudStack

- Change default git branch name from 'master' to 'main' (post renaming/changing default git branch to 'main' in git repo)
- Rename some offensive words/terms as appropriate for inclusiveness.

This PR updates the default git branch to 'main', as part of #4887.

Signed-off-by: Suresh Kumar Anaparti <suresh.anaparti@shapeblue.com>
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2021-06-08 15:47:20 +05:30
Rohit Yadav
e824fdba20 Merge remote-tracking branch 'origin/4.14' into 4.15 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

Conflicts:
	server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
 2021-04-10 13:41:50 +05:30
Spaceman1984
4bab06a74b
systemvm: Restricting http access on VR to internal network (#4847) 
There is a potential security issue with having http access to the VR from anywhere.
This PR restricts http access to the VR to the internal network only.
 2021-04-10 13:19:31 +05:30
Rohit Yadav
43257f8300 Merge remote-tracking branch 'origin/4.14' into 4.15 2021-04-05 12:59:37 +05:30
aleskxyz
ca4669c4d4
systemvm: Add localized "data-server" records in /etc/hosts for VPC routers (#4873) 2021-04-05 12:34:10 +05:30
Wei Zhou
63c91c1458
server: Fix network statistics for vpc (#3944) 
This contains 3 main changes
(1) add NETWORK_STATS_ethX for all nics with public ips in VPC VRs (current: NETWORK_STATS_eth1)
(2) DO NOT create records in user_statistics for each VPC tier (only one record per public nic per VPC VR)
(3) send NetworkUsageCommand before unplugging a NIC with public IPs from VPC VR
 2021-04-01 12:43:06 +05:30
davidjumani
4d33e159f7
vr: Ensuring dnsmasq.leases file is populated (#4529) 2020-12-14 09:06:24 +00:00
Wei Zhou
8a68617eee bugfix #9 vpc vr: Add PREROUTING rule for vm with static nat to multiple private gateways 2020-11-25 08:40:16 +01:00
Wei Zhou
69c0f71cf7 bugfix #8 vpc: add rule for traffic between vm and private gateway 2020-11-25 08:40:16 +01:00
Wei Zhou
a8c9b4531b bugfix #7 vpc vr: allow servers in private gateway to reach internet via the VPC VR if it is gateway 2020-11-25 08:40:16 +01:00
Wei Zhou
8fb2efee1c bugfix #6 vpc vr: Add iptables rules for ACL of private gateway 2020-11-25 08:40:16 +01:00
Wei Zhou
81ac9f90ab
vr: fix python exception when configure VRs (#4489) 
before
```
root@r-27-VM:/var/cache/cloud# /opt/cloud/bin/configure.py monitor_service.json
ERROR:root:Command 'ip link show eth0 | grep 'state DOWN'' returned non-zero exit status 1
```

with this change
```
root@r-27-VM:/var/cache/cloud# /opt/cloud/bin/configure.py monitor_service.json
root@r-27-VM:/var/cache/cloud#
```
 2020-11-23 14:09:40 +05:30
Wei Zhou
75fdb07387
vpc: fix ips on wrong interfaces after rebooting vpc vrs (#4467) 
* vpc: fix ips on wrong interfaces after rebooting vpc vrs

* #4467: Rename to updateNicWithDeviceId

* CLSTACK-8923 vr: Force a restart of keepalived if conntrackd is not running or configuration has changed
 2020-11-20 21:02:53 +05:30
Wei Zhou
a368ba9def
VR: fix logging is not working and logs are not appended to /var/log/cloud.log (#4466) 2020-11-20 10:40:02 +00:00
Wei Zhou
ff8a84ee77
systemvm: fix proc.find in CsProcess.py (#4413) 
Co-authored-by: Wei Zhou <w.zhou@global.leaseweb.com>
 2020-10-21 19:21:54 +02:00
Rohit Yadav
766eab8cab Merge remote-tracking branch 'origin/4.13' into 4.14 2020-09-23 10:49:19 +05:30
Lucas Granet
ab02cf7078 router: adding "data-server" dns entry in /etc/hosts (#4319) 
The DNS entry "data-server" was not added in /etc/hosts.

Since the VR is now considered as a "dhcpsrvr" (?), we need to apply this commit to add this DNS entry.
/etc/hosts is fully rewritten by this script.

Fixes: #4308
(cherry picked from commit dc65f31f9f3cb47240946c8c1cced44a7ecf9640)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2020-09-23 10:48:44 +05:30
Rohit Yadav
3de5ca9871 Merge remote-tracking branch 'origin/4.13' into 4.14 
Fixes forward-merge lint issue

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2020-06-15 08:59:08 +05:30
havengit
60d7215a06
fix dhcp lease entry wrong hostname (#4064) 
When Guest VM add secondary nic,  will get wrong hostname "infiniteh" from dhcp server
infiniteh -->infinite
cat /etc/dhcphosts.txt
02:00:0b:ef:00:04,set:192_168_4_18,192.168.4.18,gumd-tes3,infiniteh
 2020-05-11 10:56:14 +02:00
Daan Hoogland
8e4be6dc60 Merge branch '4.13' 2020-04-16 15:27:52 +02:00
dahn
6a72e6e9f8 do not put in default accept rules for DNS and BOOTPS 2020-04-16 15:09:51 +02:00
Daan Hoogland
6f9890694d Merge release branch 4.13 to master 
* 4.13:
  vr: fix password server run with empty gateway in isolated netw… (#3943)
  Fix simulator docker db deploy issue (apache#3397) (#3651)
 2020-03-09 11:26:21 +01:00
Wei Zhou
7d0fd9fa3f
vr: fix password server run with empty gateway in isolated netw… (#3943) 2020-03-09 10:35:56 +01:00
Daan Hoogland
8c078b8849 Merge release branch 4.13 to master 
* 4.13:
  vrouter: reload keepalived instead of restart and fix password… (#3898)
  Allow port 80/8080 accessible only from guest network (#3907)
 2020-02-28 17:20:48 +01:00
Wei Zhou
3f8b2c369d
vrouter: reload keepalived instead of restart and fix password… (#3898) 2020-02-28 17:15:51 +01:00
Rakesh
faccec4142
Allow port 80/8080 accessible only from guest network (#3907) 2020-02-28 17:05:44 +01:00
Rohit Yadav
3ca5be40d4 Merge remote-tracking branch 'origin/4.13' 2020-02-28 15:03:12 +05:30
Andrija Panic
e8d418c091
router: Fix dhcp infinite lease time (#3913) 
The previous setup of many hours would not work, due to some internal dnsmasq issues - lease was set correclty, but dnsmasq was setting the dhcp-renew-time (and rebind time) to less than 2 years from the date the lease was issued.

Using "infinite" as the value (instead of the number) works as expected - and (atm) the renew date is set to year 2088, etc.

Co-authored-by: dahn <daan.hoogland@gmail.com>
 2020-02-28 14:27:09 +05:30
Anurag Awasthi
c0abfce8fa
Health check feature for virtual router (#3575) 2020-01-30 12:39:03 +01:00
Wei Zhou
521217c852
vr: fix vr in unknown state (more) (#3848) 
This fixes similar issue with #3465.

Meanwhile change log level of CsHelper.execute2 from DEBUG to INFO and fix some typo.
 2020-01-30 08:43:46 +05:30
Wei Zhou
be112a0220
vrouter: reload haproxy when cfg file is updated (#3726) 
since 4.11.3, haproxy is always restarted when add/delete a lb rule.
When haproxy is started, the processes are
```
root@r-854-VM:~# ps aux |grep haproxy
root     22272  0.0  0.2   4036   668 ?        Ss   07:52   0:00 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
haproxy  22274  0.0  2.3  38444  5856 ?        S    07:52   0:00 /usr/sbin/haproxy-master
haproxy  22275  0.0  0.3  38444   880 ?        Ss   07:52   0:00 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
```
When haproxy is reload, the processes are
```
root@r-854-VM:~# ps aux |grep haproxy
root     22272  0.0  0.2   4168   632 ?        Ss   07:52   0:00 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
haproxy  22283  0.0  2.3  38444  5884 ?        S    07:53   0:00 /usr/sbin/haproxy-master
haproxy  22286  0.0  0.3  38444   880 ?        Ss   07:53   0:00 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds -sf 22275
```

We need to change the pid file from /var/run/haproxy.pid to /run/haproxy.pid, so the haproxy will be reloaded instead of restarted.
 2020-01-29 16:01:19 +05:30
Wei Zhou
ff1c6e78f4 router: Set up metadata/password/dhcp server on gateway IP instead of guest IP in RVR (#3477) 
When we create a vm in the network with redundant VRs, the lease file in the vm (for example /var/lib/dhcp/dhclient.eth0.leases) shows the dhcp-server-identifier is the guest ip (not vip/gateway) of master VR. That's the ip ipaddress where the vm fetch password and metadata from.
if we stop the master VR (then backup will be master) or restart the network with cleanup (VRs will be created), the guest ip of master VR changes so vm are not able to get metadata/ssh-key using the ips in dhcp lease file.

Setting up metadata/password/dhcp server on gateway instead of guest IP in redundant VRs will fix the issues.

FIxes #3409
 2020-01-28 10:35:59 +05:30
Andrija Panic
2ffc0c5073 Increase DHCP lease time to infinite (#3662) 
* Increase lease time to infinite

Lease time set to effectively infinite (36000+ days) since we fully control VM lifecycle via CloudStack
Infinite time helps avoid some edge cases which could cause DHCPNAK being sent to VMs since
(RHEL) system lose routes when they receive DHCPNAK
When VM is expunged, it's active lease and DHCP/DNS config is properly removed from related files in VR.

* desc fix
 2020-01-03 15:18:40 +01:00
Rohit Yadav
ae61bfee76
systemvm: for ip route show command don't use the throw command (#3612) 
While searching for existing route, don't use the throw keyword when
using the cmd with `ip route show`.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2019-11-11 23:47:21 +05:30
Rohit Yadav
a2323e1425 Merge remote-tracking branch 'origin/4.11' into 4.12 2019-06-26 16:27:29 +05:30
ustcweizhou
e76266e39b systemvm: Fix hostname is localhost in some VRs (#3422) 
In some virtual routers, 'hostname -f' returns 'localhost'. The hostname is also 'localhost' in `/var/log/messages`. This change can fix the issue in new VRs.
 2019-06-26 16:26:05 +05:30
Rohit Yadav
ff23131701 Merge remote-tracking branch 'origin/4.11' into 4.12 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2019-06-05 10:00:45 +05:30
Rohit Yadav
8fb388e931
router: support multi-homed VMs in VPC (#3373) 
This does not remove VM entries in dbags when hostnames match. The
current codebase already removes entry when a VM is stopped/removed so
we don't need to handle lazy removal. This will allow a VM on
multiple-tiers in a VPC to get dns/dhcp rules as expected.

This also fixes the issue of dhcp_release based on a specific interface and
removes dhcp/dns entry when a nic is removed on a guest VM.

Fixes #3273

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2019-06-05 08:47:05 +05:30
Rohit Yadav
b2b99ca63e Merge remote-tracking branch 'origin/4.11' into 4.12 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2019-06-03 17:15:41 +05:30
Nicolas Vazquez
c9ce3e2344 router: Persistent DHCP leases file on VRs and cleanup /etc/hosts on VM deletion (#3351) 
Since the CloudStack virtual router was redesigned on version 4.6 it has been observed that the DHCP leases file is not persistent across network operations. This causes conflicts on guest VMs static IPs, causing these static IPs to not be renewed by the DHCP server running on isolated and VPC networks' virtual routers (dnsmasq). On stopping or destroying a VM, its dhcp/dns records are not removed from the virtual router causing ghost effects.

Fixes #3272
Fixes #3354

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2019-06-03 17:04:16 +05:30