When enable static nat in a vpc on UI, it only lists the primary and secondary ips of first nic of a vm, no matter which vpc tier is selected. The same issue happens when add a vm to load balancer.
Fixes#3334
* Fix XenServer Security Groups 'vmops' script
- fix tokens = line.split(':') to tokens = line.split(';')
- fix expected tokens size from 5 to 4
- enhance logs
- remove unused vmops script. The XCP patch points to the vmops script
on the parent folder [1]. Thus, all XenServer versions are considering
the vmops script located at [2].
- fix UI ipv4/ipv6 cidr validator to allow a list of cidirs.
Fixing issue: #3192 Security Group rules not applied at all for
XenServer 6.5 / Advanced Zone
https://github.com/apache/cloudstack/issues/3192
* Update security group rules after VM migration
Add security group rules on target host
Cause: vmops script expected secondary IPs as "0;" but received "0:"
Remove security group network rules on source host.
Cause: destroy_network_rules_for_vm function on vmops script was not
called when migrating VM
* Add unit tests and address reviewers
* Update jquery, jquery ui, jquery validate and flot to current versions
update jquery to 3.3.1
update jqueryui to 1.12.1
update jquery validate to 1.17.0
update jquery flot to 0.8.3
* Replace deprecated removed jquery functions
* Fix initial tab content loading in detailView
* Fix logout for new jquery version
* Fix tooltip detail displaying for new JQuery version
* Fix view all trigger in detailView for new JQuery version
* Fix breadcrumb click event handler for JQuery update
* Fix displaying of preselected zone in instanceWizard for new jQuery verion
This introduces a rolling restart of VRs when networks are restarted
with cleanup option for isolated and VPC networks. A make redundant option is
shown for isolated networks now in UI.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This fixes test failures around VMware with the new systemvmtemplate.
In addition:
- Does not skip rVR related test cases for VMware
- Removes rc.local
- Processes unprocessed cmd_line.json
- Fixed NPEs around VMware tests/code
- On VMware, use udevadm to reconfigure nic/mac address than rebooting
- Fix proper acpi shutdown script for faster systemvm shutdowns
- Give at least 256MB of swap for VRs to avoid OOM on VMware
- Fixes smoke tests for environment related failures
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
- Fixes timezone issue where dates show up as nvalid in UI
- Introduces new event timeline listing/filtering of events
- Several UI improvements to add columns in list views
- Bulk operations support in instance list view to shutdown and destroy
multiple-selected VMs (limitation: after operation, redundant entries
may show up in the list view, refreshing VM list view fixes that)
- Align table thead/tbody to avoid splitting of tables
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This feature allows CloudStack administrators to create layer 2 networks on CloudStack. As these networks are purely layer 2, they don't require IP addresses or Virtual Router, only VLAN is necessary (provided by administrator or assigned by CloudStack). Also, network services should be handled externally, e.g. DNS, DHCP, as they are not provided by L2 networks.
As a consequence, a new Guest Network type is created within CloudStack: L2
Description:
Network offerings and networks support new guest type: L2.
L2 Network offering creation allows administrator to select Specify VLAN or let CloudStack assign it dynamically.
L2 Network creation allows administrator to specify VLAN tag (if network offerings allows it) or simply create network.
VM deployments on L2 networks:
VMs should not IP addresses or any network service
No Virtual Router deployed on network
If Specify VLAN = true for network offering, network gets implemented using a dynamically assigned VLAN
UI changes
A new button is added on Networks tab, available for admins, to allow L2 networks creation
The listNuageVspDomainTemplat cmd was called by the ui when the create vpc dialog was opened. This command failed when no nuage vsp device was present. As a consequence the ui did not show the dialog. So currently it's not possible to create a vpc through the UI with a native CloudStack deployment. This bugfix, adds robustness to the ui that in case the cmd fails the dialog will appear nonetheless . Furthermore I also changed the listNuageVspDomainTemplateCmd to always return an empty result when there is no nuage zone.
Supports following viewing and navigation/filtering:
- Networks -> view instances (instances that have nics on this network)
- Infra-> VRs -> view instances (attached to the VR's guest network id),
view owner account (if not system, or project), view instances
- Infra -> VRs -> list of VPC redundant VRs will have redundant state in
parenthesis in the list
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
A simple if-statement would fail if either the type or code were 0
as that if-statement failed them.
By checking if they are defined and casting them to a String afterwards
this makes the if-statement properly resolve and show the rule as it should.
Signed-off-by: Wido den Hollander <wido@widodh.nl>
The current VPN users are added in the VPN tab inside the public IP after the VPN is enabled. For each network(for which VPN is supported and enabled), the VPN users are shared. As the Cloudstack doc says “ The account owner can create and manage users for their VPN. CloudStack does not use its account database for this purpose but uses a separate table. The VPN user database is shared across all the VPNs created by the account owner. All VPN users get access to all VPNs created by the account owner.”
The current implementation of going inside each network and adding VPN users give the first feel as if the users are network based. To fix this, Shifted the VPN users to networks tab view.
CLOUDSTACK-9669:egress destination cidr VR python script changes
CLOUDSTACK-9669:egress destination API and orchestration changes
CLOUDSTACK-9669: Added the ipset package in systemvm template
CLOUDSTACK-9669:Added licence header for new files
CLOUDSTACK-9669: replacing 0.0.0.0/0 with the network cidr
ipset member add with 0.0.0.0/0 fails. So 0.0.0.0/0 replaced with the network cidr.
In source cidr 0.0.0.0/0 is nothing but network cidr.
updated the default egress all cidr with network cidr
* 4.9:
CLOUDSTACK-9857: With this change if agent dies the systemd will catch it properly and show process as exited
CLOUDSTACK-9805: Display VR list in network details
CLOUDSTACK-9356: FIX Cannot add users in VPC VPN
Displays a VR tab that lists VRs for the network in the detail views for
isolated networks, shared networks and for VPCs.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
CLOUDSTACK-9228: Network update with mistmatch in services require forced option# Steps to reproduce:
1.Bring up CloudStack in advanced zone
2.Create isolated network with sourcenat, pf, lb, firewall services
3.Deploy a VM in the above network
4.Create another network offering with sourcenat, pf, firewall services
5.Try to update the network with offering created in step4
# Result:
The new offering:DefaultIsolatedNetworkOfferingForVpcNetworksNoLB will remove the following services [Lb]along with all the related configuration currently in use. will not proceed with the network update.set forced parameter to true for forcing an update."
# Workaround:
Use api with forced=true
# Fix:
Added a confirmation dialog box to check whether to make force update or not.
The dialog appears only for the Admin. Only admin can make force update.
The new dialog appears after the first CIDR unchanged confirmation dialog.
* pr/1333:
CLOUDSTACK-9228: Network update with mistmatch in services require forced option
Signed-off-by: Rajani Karuturi <rajani.karuturi@accelerite.com>
Added a confirmation dialog box to check whether to make force update or not.
The dialog appears only for the Admin. Only admin can make force update.
The new dialog appears after the first CIDR unchanged confirmation dialog.
The "Add Load Balancer" functionality is redundant.
The above is used to create LB rule without any public IP.
This commit removes the tab from network page.
This commit implements Ingress and Egress filtering for IPv6 in
Basic Networking.
It allows for opening and closing ports just as can be done with IPv4.
Rules have to be specified twice, once for IPv4 and once for IPv6, for
example:
- 22 until 22: 0.0.0.0/0
- 22 until 22: ::/0
Egress filtering works the same as with IPv4. When no rule is applied all
traffic is allowed. Otherwise only the specified traffic (with DNS being
the exception) is allowed.
Signed-off-by: Wido den Hollander <wido@widodh.nl>
The field we use most are now on the top:
- name
- state
- hypervisor
- link local ip
- redundant state
The other fields are nice, but not needed most of the time.
This is displayed on Infra tab and it's annoying that on the VPC
page only the link local is mentioned and not the hostname. That is
now corrected, so you have the correct details to login to the
router straight away.
CLOUDSTACK-9235: Autoscale button is missing in VPCAutoscale button is missing. This should not be the case since we are able to add NS as the external LB provider in VPC.
Steps:
=====
1. Create a VPC offering with NS as the external LB provider
2. Create a VPC and configure the public tier with the above offering
3. Acquire an IP address and try to configure Load Balancing rule
Result:
======
Autoscale option is not visible at all for the LB.
Expected Result:
=============
Autoscale option should be available and should work exactly like the way it works for a normal isolated network with NS. If we choose NS as service provider for LB, autoscale should also be visible. If VR is chosen, only then we should not display autoscale.
Fix:
===
In case of VPC, it checks the services available.
If LB is there, It checks the provider is Netscaler then it shows the button or hides it.
* pr/1337:
CLOUDSTACK-9235: Autoscale button is missing in VPC
Signed-off-by: Remi Bergsma <github@remi.nl>
CLOUDSTACK-9236: Load Balancing Health Check button displayed when non-NetScaler offering is usedLoad balancing health check option / button should only be displayed when a NetScaler based networking offering is being used.
If you try to use the health check option when NetScaler is not being used as the load balancing technology the UI throws an error stating that the health check option is not supported.
This button / option should be removed from the UI if NetScaler is not included in the network offering as customers will be confused.
Fix:
===
This button will be shown only when the load balancer is NetScaler.
Otherwise it is hidden.
* pr/1338:
CLOUDSTACK-9236: Load Balancing Health Check button displayed when non-NetScaler offering is used
Signed-off-by: Remi Bergsma <github@remi.nl>
CLOUDSTACK-9192: UpdateVpnCustomerGateway is failingReproducible Steps:
================
1.Create a customer gateway for a VPC.
2.Edit it using UI(API call is UpdateVpnCustomerGateway).
3.When we try to update the customer vpn gateway with connection state is not in "Error", we see the API error but that won't be reflected to the user in UI.
Actual Behaviour:
==============
The API throws error. But UI doesn't show it to user.
Expected Behaviour:
================
The UI should show the error to user.
Fix:
===
TypeError: json.updatecustomergatewayresponse is undefined
The response name was wrong so corrected it.
It should be json.updatevpncustomergatewayresponse.
Added the error function.
* pr/1300:
CLOUDSTACK-9192: UpdateVpnCustomerGateway is failing
Signed-off-by: Remi Bergsma <github@remi.nl>
[4.7] ADD Force UDP encapsulation option to Site2Site VPNThis PR adds the option to enable forced UDP encapsulation of ESP packets during a setup of a site2site vpn. This options enforces the 'forceencaps' option in the openswan ipsec config:
https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
* pr/1317:
[UI] MADNESS
[DB] Add force_encap field to s2s_customer_gateway table
[ROUTER] Add forceencaps field to python router ipsec config method
[TEST] unittest needs rework
[MARVIN] Add forceencap field to VpnCustomerGateway class in marvin base
[CORE] Add Force UDP Encapsulation option to Site2Site VPN
Signed-off-by: Remi Bergsma <github@remi.nl>
