restart, firewall rules dropped from iptables post restart
on VR restart, not all public IP's associated with the network are sent
with IpAssocCmd to VR. This fix will ensure all the ip's associated with
the network irrespective of the account are sent as part of
IpAssocCommand
Conflicts:
server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
1. Egress default policy rules is send to the firewall provider. It is up to the
provider to configure the rules.
2. The default policy rules are send for both allow and deny default policy.
3. On network shutdown rules for delete are send.
4. For VR and SRX, by default deny the traffic. So no default rule to deny traffic is required.
CLOUDSTACK-3437 In case of multiple physical network setup we see log message "can't get physical network"
CloudStack's control network is management network in case of VMware.
Processing management VLAN id provided in zone traffic label for management traffic.`
Signed-off-by: Sateesh Chodapuneedi <sateesh@apache.org>
only on first rule is created on the IP and last rule is revoked on the
IP
Current suboptima logic of IP Assoc
- On associate IP to GuestNetwork there is an IPAssoc command sent to
corresponding network service providers of the network
- On every rule apply on IP associated with the network send IP assoc
to the network service providers
- On every rule deletion on IP associated with a network sernd IP assoc
command to the network service providers
With this fix logic of IP assoc is changed as below which eliminates
executio of unnessary and expensive IpAssocCommand resource command
- On associate IP to GuestNetwork, associate IP only to the network,
Untill any service is associated with the IP dont send IP Assoc
- On creation of first rule on the IP send IPAssoc to corresponding
network service provider. Since IP is used for a service, IPAssoc
need to be sent to correpondign service provider
- On deletion of last rule on the IP send IPAssoc to corresponding
network service provider. When last rule is deleted, IP has no
service associated with it, so send IP assoc to service provider to
remove the IP association
in case of networks with external devices after GC
adding missing 'retrun false' for isNetworkReadyForGc for the networks
that use external network devices and has secondary IP's associated with
nics.
in case of networks with external devices after GC
add an exception for networks that use external networking devices and has
secondary guest IP's allocated. On network GC, when network goes through
implement phase a new vlan is allocated, based on the acquired VLAN id cidr
of the network is decided in case of external networking case. While NIC
uses reservation strategy 'Start' which ensures that new primary ip is
allocated for the NiC from the new CIDR. Secondary IP's have hardcoded
IP's in network rules. So prevent network GC.
The elements that deploy IP address are subclass of IpDeployingRequester
CloudRuntimeException will be raised for elements that is not implemeing
the interface at NetworkManagerImpl#applyIpAssociations.
for number of commands participating in Vm deployment process, as parallel deployment is supported on the hypervisor side.
The behavior is controlled by global config varirables:
"execute.in.sequence.hypervisor.commands" (false by default) sets/resets the synchronization for commands:
=========================
StartCommand
StopCommand
CreateCommand
CopyVolumeCommand
"execute.in.sequence.network.element.commands" (false by default) sets/resets the synchronization for commands:
==========================
DhcpEntryCommand
SavePasswordCommand
UserDataCommand
VmDataCommand
As a part of the fix, increased the global lock timeout to 30 mins in several VR scripts:
===========================
edithosts.sh
savepassword.sh
userdata.sh
to support situations when multiple concurrent calls to the script are being made.
platform
Use the Gson adapters to serialize/deserialize the NatRules
Switch the NiciraNvpApi to a single gson Object with the proper adapters
Fix missing order setting for static nat rules and portforwarding rules
Return an error when a port range is passed in a portforwarding rule
The serializer is not required
Fix a bug where an ip address could be released even if it was still in
use for SourceNat
Throw a json parse exception when the type is unknown to the adapter
For 'connectivity' network service current set of providers (MidoNet,
NiciraNcp) not necessarily part of OSS builds. So handle the case where
there are no providers for a service
1) Added comments to VPC/VPCService/VPCManager interfaces
2) Moved VPC offering related methods from VpcService to the new interface - VpcProvisioningService
3) Fixed static nat creation in the VPC - used to result in NPE due to invalid method referencing while obtaining VPC VR information
Currently, allPossibleIps return the Ip lists which include the gateway,
so we need to remove gateway ip from this list.
Now, for non-VPC network it works, because NetUtils.getAllIpsFromCidr
return the Ip lists which do not include the first IP of the network
(like 192.168.0.1).
We need too add the first IP into the returned Ip list, because it can
be used for VM if it is not the gateway IP (for example, VPC networks).
The corresponding patch for 4.0.1 has been posted on
https://reviews.apache.org/r/9923/
Signed-off-by: Chip Childers <chip.childers@gmail.com>
string.
This doesn't resolve the bug in question, but does fix the specific
message that was reported as the origin of the bug.
Signed-off-by: Chip Childers <chip.childers@gmail.com>
