Add optional fields: iprange and fordisplay to Marvin base.py class method Vpn.create
Add optional field: passive to Marvin base.py class method Vpn.createVpnConnection
CLOUDSTACK-8952 - The redundant routers are facing a race condition due to several KeepaliveD/ConntrackD restartsThis PR fixes the following issues:
* KeepAliveD being restarted for each action performed on the routers
* ConntrackD configuration being copied for each action performed on the routers, causing several restarts
* ACS Management Server relying in the JSON file to report which router is Master/Backup
* Public Interface on both routers are in UP state due to several places checking if the interface is UP/DOWN and trying to do KeepAliveD
* Removing all the sleeps from the test_vpc_redundant.py - those are no longer needed
* When KeepAliveD calls master.py during the election, update the cmdline.json to set the router in Backup mode: the election will take care of changing it afterwards.
* Add LB stats_rules to iptables INPUT chain
* The RVR public interface is set to eth2 instead of eth1 - as in the rVPC. Make sure the check works in both cases
Those fixes make all the routers very stable, with ACL, FW, PF and LB working just fine!
* pr/940:
CLOUDSTACK-8952 - Make the checkrouter.sh compatible with RVR as well
CLOUDSTACK-8952 - Make the tests rely on the interface state other than the json file
CLOUDSTACK-8952 - Reduce retried from 20 to 5
CLOUDSTACK-8952 - Do not rely in the router state on the json file to report back to ACS
CLOUDSTACK-8952 - Make the check for master more reliable
CLOUDSTACK-8952 - Restart dnsmasq everytime the configure.py runs
CLOUDSTACK-8952 - Make sure the calls to CsFile use the new logic of commit/is_changed methods
CLOUDSTACK-8952 - Make sure we restart dnsmasq if the configuration file changes
CLOUDSTACK-8952 - The public interface was comming UP in the Backup router
CLOUDSTACK-8952 - Do not restart conntrackd unless it's needed
CLOUDSTACK-8952 - Do not replace the conntrackd config file unless it's needed
CLOUDSTACK-8952 - Remove the '--vrrp' search criteria form the CsProcess constructor call
Signed-off-by: Remi Bergsma <github@remi.nl>
Marvin module depends on APIdoc moduleWhen building the developer tools, if the build is sequential then the marvin module always gets build after the apidoc module. However, it the build is parallelised (-Tn option in maven) it sometimes happens that maven tries to build the marvin module before building the apidoc module. That difference in the order makes it impossible to build marvin because it depends on the artefacts of the apidoc module.
This PR makes the dependency between marvin an apidoc explicit.
* pr/948:
Marvin module depends on APIdoc module
Signed-off-by: Remi Bergsma <github@remi.nl>
CLOUDSTACK-8888: Xenserver 6.0.2 host stuck in disconnected state aftXenserver 6.0.2 hosts are stuck in disconnected state after CS upgrade to 4.6. This is because xenserver602resource class is not there in 4.6 branch and existing hosts running on v6.0.2 are not handled properly.
* pr/861:
CLOUDSTACK-8888: Xenserver 6.0.2 host stuck in disconnected state after upgrade to 4.6
Signed-off-by: Remi Bergsma <github@remi.nl>
- If we stop/start a router, the state in the file will still say MASTER, when it is actually not
- Checking the state based on the interface (eth1) state
- Once master.py is called by keepalived, save the state in the json file to BACKUP just to make sure it's also written there
- Do not use the API call because it will read what is in the database, that might not have been updated yet
* Check the status in the router directly instead
- Remove all the sleeps
- It was working before because the Routers were restarting about 10 times for each operation
e.g. adding a VM to a network ot acquiring a new IP.
- Adding stat_rules of internal LB to iptables
We needed one extra rule in the INPUT chain
- With the keepalived fixed they should not be needed anymore. So first reducing them drasticaly
- I am now making a backup of the template file, write to the template file and compare it with the existing configuration
- The template file is recovered afer the process
- I also check if the process is running
- I fixed a bug in the compare method
- I am now updating the configuration variable once the file content is flushed to disk
CLOUDSTACK-8947 - Load Balancer not working with Isolated NetworksThis PR fixes the Load Balance feature by adding iptables rules for the public IP and port of the LB.
In order to cover the changes, I improved and executed the smoke/test_loadbalance.py. In addition, I also executed many other tests to make sure the main network/VM functionalities are working as expected.
Test report will follow.
* pr/931:
CLOUDSTACK-8947 - Do not rely on the machine hostname to verify the test
CLOUDSTACK-8947 - Fail fast!
CLOUDSTACK-8947 - Adding some logging to better understand whay is happening with the Processes
CLOUDSTACK-8947 - Adding some logging to better understand what's happening with the rules
CLOUDSTACK-8947 - Configure the firewall when the load balancer is setup
CLOUDSTACK-8947 - Avoid multiple entries in the FW_EGRESS_RULES table
CLOUDSTACK-8947 - Open the input chain to IP when loadbalancer is configured
CLOUDSTACK-8947 - FW_EGRESS should be added only to filter table
Signed-off-by: Remi Bergsma <github@remi.nl>
CLOUDSTACK-8934 - Default routes not configured for rVPC and RVRThis PR fixes the default routes for redundant VPCs and isolated networks. New tests were introduced in order to make sure that the routers are working properly.
During the tests, I found out that the Firewall Egress was not working properly when creating the network offering with default allow. The bug has been fixed and tests for redundant and non-redundant isolated networks were added.
Test reports will follow in a separate comment.
* pr/923:
CLOUDSTACK-8934 - Fix the AclIP class to make it configure the default FW policy
CLOUDSTACK-8934 - Fix default EGRESS rules for isolated networks
CLOUDSTACK-8934 - Adding tests to cover default routes on IsoNest and RVR nets
CLOUDSTACK-8934 - Add default gateway when the public interface is up again
Signed-off-by: Remi Bergsma <github@remi.nl>
Pr 906 912 bug zone wizard and adv search popup
* pr/915:
PR 906 (CLOUDSTACK-8930) and PR 912 combined. Bugs on localization buttons in zone wizard final step and Advanced search popup
CLOUDSTACK-8930: Showing blank screen when click 'Next' link in final step of Add Zone wizard.
Signed-off-by: Rajani Karuturi <rajanikaruturi@gmail.com>
- The default is Accept and will be changed based on the configuration of the offering.
CLOUDSTACK-8934 - The default egress is set as Deny in the router.
- We had to change it on the Java side in order to make the apply it once the default is defined as allowed on the net offering
CLOUDSTACK-8879: Depend in rados-java 0.2.0This should fix the CloudStack Agent from crashing when it has to
handle more then 16 RBD snapshots on one Volume.
* pr/889:
CLOUDSTACK-8879: Depend in rados-java 0.2.0
Signed-off-by: Remi Bergsma <github@remi.nl>
CLOUDSTACK-8915 - Cannot SSH into VMs deployed Redundant VPC routersIn order to reproduce the problem, I did the following
* Create a Redundant VPC
* Add a tier
* Add a new VM to the tier
* Add an ACL, open port 22 and associate the ACL with the tier
* Acquire a pub IP
* Add a PF rule to port 22 towards the VM
* Try to SSH to the VM through the Pub IP
It failed with "No route to host".
This PR contains the following:
* Fix for the keepalived (vrrp) configuration;
* Refactor the default router code for both isolated and [r]VPC routers
* Revert CsRedundant changes
* Add default route tests
* Add logging to tests - so we see what's happening during test execution.
* pr/908:
CLOUDSTACK-8915 - Making sure cleanup resources passes
CLOUDSTACK-8915 - Fix the assertion used for the default routes test
CLOUDSTACK-8915 - Copy the conntrackd configuration every time _redundant_on() function is called
CLOUDSTACK-8915 - This test is still under construction
CLOUDSTACK-8915 - Adding logging to tests
CLOUDSTACK-8915 - Improve routers tests
CLOUDSTACK-8915 - Reverting changes from commit id 1a02773b556a0efa277cf18cd099fc62a4e27706
CLOUDSTACK-8915 - Reverting changes from commit id 18dbc0c4cbe506ad698bc513c901dc2d0e48159f
CLOUDSTACK-8915 - VRRP needs a cidr in order to work properly
CLOUDSTACK-8915 - Rearrenging a bit the default route code in order to make it more clear
CLOUDSTACK-8915 - Add the default route only on address that have not been configured yet.
Signed-off-by: Remi Bergsma <github@remi.nl>
- Due to an issue with VPC routers (CLOUDSTACK-8935) we are not able to destroy networks before destroying the routers
- Added a forcestop/destroy routers inside the tearDown to make sure it passes. The issue will be addressed in a separate PR
- Make sure the routers list is cleaned after destroy_routers() is called
- Populate routers list after the router is recreated
- Add egress tests in order to check if VMs can reach the outside world
- Increase the wait when testing redundant routers: they fight to become master
- Make sure the clean up is done properly
- That's not the place to fix the default routes for redundant VPC,
- Adding tests to cover PF and FW in isolated networks
* Will still add some tests for egress as well
- The cidr was replaced by the single IP, which broke the feature.
- Wait during transition from master to backup otherwise the test fails due to wronge state
CLOUDSTACK-8848 ensure power state is up to date for missing PowerState handlingadded a null guard to @resmo's #885 A unit test or two would be nice as well but as this is a blocker I want to get it to review asap.
@koushik-das @wilderrodrigues @anshul1886 @karuturi @remibergsma you all commented on the original, please have a look. @bhaisaab welcome to comment as well.
* pr/909:
CLOUDSTACK-8848: added null pointer guard to new public method
CLOUDSTACK-8848: ensure power state is up to date when handling missing VMs in powerReport
Signed-off-by: Rajani Karuturi <rajani.karuturi@citrix.com>
