[43/43] git commit: updated refs/heads/internallb to c773d20

Wed, 01 May 2013 13:40:50 -0700 

Internal LB: if we detect that we are inside an internal lb vm, call out to the 
ilb script to perform LB configuration

Signed-off-by: Chiradeep Vittal <[email protected]>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/c773d204
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/c773d204
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/c773d204

Branch: refs/heads/internallb
Commit: c773d204c8e3b4715b3466f732bdff3100f58cfe
Parents: 8c8845b
Author: Chiradeep Vittal <[email protected]>
Authored: Wed May 1 13:21:52 2013 -0700
Committer: Alena Prokharchyk <[email protected]>
Committed: Wed May 1 13:25:19 2013 -0700

----------------------------------------------------------------------
 .../debian/config/etc/init.d/cloud-early-config    |    3 +
 .../systemvm/debian/config/opt/cloud/bin/ilb.sh    |  211 +++++++++++++++
 .../config/opt/cloud/bin/vpc_loadbalancer.sh       |   23 ++
 3 files changed, 237 insertions(+), 0 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c773d204/patches/systemvm/debian/config/etc/init.d/cloud-early-config
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config 
b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
index c95d400..b7bdb27 100755
--- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config
+++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
@@ -904,6 +904,9 @@ setup_ilbvm() {
   setup_common eth0 eth1
   #eth0 = guest network, eth1=control network
 
+  sed -i  /$NAME/d /etc/hosts
+  echo "$ETH0_IP $NAME" >> /etc/hosts
+
   cp /etc/iptables/iptables-ilbvm /etc/iptables/rules.v4
   cp /etc/iptables/iptables-ilbvm /etc/iptables/rules
   setup_sshd $ETH1_IP "eth1"

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c773d204/patches/systemvm/debian/config/opt/cloud/bin/ilb.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/ilb.sh 
b/patches/systemvm/debian/config/opt/cloud/bin/ilb.sh
new file mode 100755
index 0000000..2a29892
--- /dev/null
+++ b/patches/systemvm/debian/config/opt/cloud/bin/ilb.sh
@@ -0,0 +1,211 @@
+#!/usr/bin/env bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+source /root/func.sh
+
+lock="biglock"
+locked=$(getLockFile $lock)
+if [ "$locked" != "1" ]
+then
+    exit 1
+fi
+
+usage() {
+  printf "Usage: %s:  -a <added public ip address ip:port> -d <removed 
ip:port> -f <load balancer config> -s <stats ip ip:port:cidr>  \n" $(basename 
$0) >&2
+}
+
+#set -x
+
+fw_remove_backup() {
+  logger -t cloud "$(basename $0): Entering fw_remove_backup"
+  local lb_vif_list=eth0
+  for vif in $lb_vif_list; do 
+    sudo iptables -F back_load_balancer_$vif 2> /dev/null
+    sudo iptables -D INPUT -i $vif -p tcp  -j back_load_balancer_$vif 2> 
/dev/null
+    sudo iptables -X back_load_balancer_$vif 2> /dev/null
+  done
+  sudo iptables -F back_lb_stats 2> /dev/null
+  sudo iptables -D INPUT -p tcp  -j back_lb_stats 2> /dev/null
+  sudo iptables -X back_lb_stats 2> /dev/null
+}
+
+fw_restore() {
+  logger -t cloud "$(basename $0): Entering fw_restore"
+  local lb_vif_list="eth0"
+  for vif in $lb_vif_list; do 
+    sudo iptables -F load_balancer_$vif 2> /dev/null
+    sudo iptables -D INPUT -i $vif -p tcp  -j load_balancer_$vif 2> /dev/null
+    sudo iptables -X load_balancer_$vif 2> /dev/null
+    sudo iptables -E back_load_balancer_$vif load_balancer_$vif 2> /dev/null
+  done
+  sudo iptables -F lb_stats 2> /dev/null
+  sudo iptables -D INPUT -p tcp  -j lb_stats 2> /dev/null
+  sudo iptables -X lb_stats 2> /dev/null
+  sudo iptables -E back_lb_stats lb_stats 2> /dev/null
+}
+
+# firewall entry to ensure that haproxy can receive on specified port
+fw_entry() {
+  logger -t cloud "$(basename $0): Entering fw_entry"
+  local added=$1
+  local removed=$2
+  local stats=$3
+  
+  if [ "$added" == "none" ]
+  then
+       added=""
+  fi
+  
+  if [ "$removed" == "none" ]
+  then
+       removed=""
+  fi
+  
+  local a=$(echo $added | cut -d, -f1- --output-delimiter=" ")
+  local r=$(echo $removed | cut -d, -f1- --output-delimiter=" ")
+
+# back up the iptable rules by renaming before creating new. 
+  local lb_vif_list=eth0
+  for vif in $lb_vif_list; do 
+    sudo iptables -E load_balancer_$vif back_load_balancer_$vif 2> /dev/null
+    sudo iptables -N load_balancer_$vif 2> /dev/null
+    sudo iptables -A INPUT -i $vif -p tcp  -j load_balancer_$vif
+  done
+  sudo iptables -E lb_stats back_lb_stats 2> /dev/null
+  sudo iptables -N lb_stats 2> /dev/null
+  sudo iptables -A INPUT  -p tcp  -j lb_stats
+
+  for i in $a
+  do
+    local pubIp=$(echo $i | cut -d: -f1)
+    local dport=$(echo $i | cut -d: -f2)    
+    local lb_vif_list="eth0"
+    for vif in $lb_vif_list; do 
+      sudo iptables -A load_balancer_$vif  -p tcp -d $pubIp --dport $dport -j 
ACCEPT
+      if [ $? -gt 0 ]
+      then
+        return 1
+      fi
+    done      
+  done
+  local pubIp=$(echo $stats | cut -d: -f1)
+  local dport=$(echo $stats | cut -d: -f2)    
+  local cidrs=$(echo $stats | cut -d: -f3 | sed 's/-/,/')
+  sudo iptables -A lb_stats -s $cidrs -p tcp -m state --state NEW -d $pubIp 
--dport $dport -j ACCEPT
+ 
+  return 0
+}
+
+#Hot reconfigure HA Proxy in the routing domain
+reconfig_lb() {
+  /root/reconfigLB.sh
+  return $?
+}
+
+# Restore the HA Proxy to its previous state, and revert iptables rules on 
loadbalancer
+restore_lb() {
+  logger -t cloud "Restoring HA Proxy to previous state"
+  # Copy the old version of haproxy.cfg into the file that reconfigLB.sh uses
+  cp /etc/haproxy/haproxy.cfg.old /etc/haproxy/haproxy.cfg.new
+   
+  if [ $? -eq 0 ]
+  then
+    # Run reconfigLB.sh again
+    /root/reconfigLB.sh
+  fi
+}
+
+
+logger -t cloud "$(basename $0): Entering $(dirname $0)/$(basename $0)"
+
+iflag=
+aflag=
+dflag=
+sflag=
+
+while getopts 'i:a:d:s:' OPTION
+do
+  case $OPTION in
+  i)   iflag=1
+               domRIp="$OPTARG" #unused but passed in
+               ;;
+  a)   aflag=1
+               addedIps="$OPTARG"
+               ;;
+  d)   dflag=1
+               removedIps="$OPTARG"
+               ;;
+
+  s)   sflag=1
+               statsIp="$OPTARG"
+               ;;
+  ?)   usage
+                unlock_exit 2 $lock $locked
+               ;;
+  esac
+done
+
+if [[ "$aflag$dflag" != "1" && "$aflag$dflag" != "11" ]]
+then
+   usage
+   unlock_exit 2 $lock $locked
+fi
+
+if [ "$addedIps" == "" ]
+then
+  addedIps="none"
+fi
+
+
+if [ "$removedIps" == "" ]
+then
+  removedIps="none"
+fi
+
+
+# hot reconfigure haproxy
+reconfig_lb $cfgfile
+
+if [ $? -gt 0 ]
+then
+  logger -t cloud "Reconfiguring ilb failed"
+  unlock_exit 1 $lock $locked
+fi
+
+logger -t cloud "HAProxy reconfigured successfully, configuring firewall"
+
+# iptables entry to ensure that haproxy receives traffic
+fw_entry $addedIps $removedIps $statsIp
+       
+if [ $? -gt 0 ]
+then
+  logger -t cloud "Failed to apply firewall rules for internal load balancing, 
reverting HA Proxy config"
+  # Restore the LB
+  restore_lb
+
+  logger -t cloud "Reverting firewall config"
+  fw_restore
+
+  unlock_exit 1 $lock $locked
+else
+  # Remove backedup iptable rules
+  logger -t cloud "Firewall configured successfully, deleting backup firewall 
config"
+  fw_remove_backup
+fi
+ 
+unlock_exit 0 $lock $locked

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c773d204/patches/systemvm/debian/config/opt/cloud/bin/vpc_loadbalancer.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_loadbalancer.sh 
b/patches/systemvm/debian/config/opt/cloud/bin/vpc_loadbalancer.sh
index 334c617..36a2347 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_loadbalancer.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_loadbalancer.sh
@@ -18,6 +18,29 @@
 
 # @VERSION@
 
+do_ilb_if_ilb () {
+  local typ=""
+  local pattern="type=(.*)"
+
+  for keyval in $(cat /var/cache/cloud/cmdline)
+  do    
+     if [[ $keyval =~ $pattern ]]; then      
+        typ=${BASH_REMATCH[1]}; 
+     fi 
+  done
+  if [ "$typ" == "ilbvm" ]
+  then
+     logger -t cloud "$(basename $0): Detected that we are running in an 
internal load balancer vm"
+     $(dirname $0)/ilb.sh "$@"
+     exit $?
+  fi
+
+}
+
+logger -t cloud "$(basename $0): Entering $(dirname $0)/$(basename $0)"
+
+do_ilb_if_ilb "$@"
+
 source /root/func.sh
 source /opt/cloud/bin/vpc_func.sh

Reply via email to