[31/50] git commit: updated refs/heads/feature/systemvm-persistent-config to 921f6e2

Mon, 16 Feb 2015 08:42:06 -0800 

Fixed rules for dhcp towards v,
Fixed fw rules for a bunch of things
Bring public interface up if no tier has been defined


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/4fe7264b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/4fe7264b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/4fe7264b

Branch: refs/heads/feature/systemvm-persistent-config
Commit: 4fe7264b67594f96a8891a1bcda92b694eca64e1
Parents: 1b1d5bb
Author: Ian Southam <[email protected]>
Authored: Wed Feb 4 17:44:05 2015 +0100
Committer: wilderrodrigues <[email protected]>
Committed: Wed Feb 4 18:50:09 2015 +0100

----------------------------------------------------------------------
 .../debian/config/opt/cloud/bin/cs/CsAddress.py | 92 +++++++++-----------
 .../debian/config/opt/cloud/bin/cs/CsDatabag.py |  4 +-
 .../config/opt/cloud/bin/cs/CsRedundant.py      |  8 +-
 3 files changed, 49 insertions(+), 55 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/4fe7264b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py 
b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
index 9e4e687..54a40a1 100644
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
@@ -96,7 +96,6 @@ class CsAddress(CsDataBag):
             if dev == "id":
                 continue
             ip = CsIP(dev, self.config)
-            addcnt = 0
             for address in self.dbag[dev]:
                 if not address["nw_type"] == "control":
                     CsRoute(dev).add(address)
@@ -108,37 +107,6 @@ class CsAddress(CsDataBag):
                     logging.info("Address %s on device %s not configured", 
ip.ip(), dev)
                     if CsDevice(dev, self.config).waitfordevice():
                         ip.configure()
-                # This could go one level up but the ip type is stored in the
-                # ip address object and not in the device object
-                # Call only once
-                if addcnt == 0:
-                    self.add_netstats(address)
-                addcnt += 1
-
-    def add_netstats(self, address):
-        # add in the network stats iptables rules
-        dev = "eth%s" % address['nic_dev_id']
-        if address["nw_type"] == "public":
-            self.fw.append(["", "front", "-A FORWARD -j NETWORK_STATS"])
-            self.fw.append(["", "front", "-A INPUT -j NETWORK_STATS"])
-            self.fw.append(["", "front", "-A OUTPUT -j NETWORK_STATS"])
-            # it is not possible to calculate these devices
-            # When the vrouter and the vpc router are combined this silliness 
can go
-            self.fw.append(["", "", "-A NETWORK_STATS -i %s -o eth0 -p tcp" % 
dev])
-            self.fw.append(["", "", "-A NETWORK_STATS -o %s -i eth0 -p tcp" % 
dev])
-            self.fw.append(["", "", "-A NETWORK_STATS -o %s ! -i eth0 -p tcp" 
% dev])
-            self.fw.append(["", "", "-A NETWORK_STATS -i %s ! -o eth0 -p tcp" 
% dev])
-
-        # Netstats per interface only used on VPC
-        if address["nw_type"] == "guest" and self.config.is_vpc():
-            self.fw.append(["", "front", "-A FORWARD -j NETWORK_STATS_%s" % 
dev])
-            self.fw.append(["", "front", "-A NETWORK_STATS_%s -o %s -s %s" % 
(dev, dev, address['network'])])
-            self.fw.append(["", "front", "-A NETWORK_STATS_%s -o %s -d %s" % 
(dev, dev, address['network'])])
-            # Only relevant if there is a VPN configured so will have to move
-            # at some stage
-            self.fw.append(["mangle", "", "-A FORWARD -j VPN_STATS_%s" % dev])
-            self.fw.append(["mangle", "", "-A VPN_STATS_%s -o %s -m mark 
--set-xmark 0x525/0xffffffff" % (dev, dev)])
-            self.fw.append(["mangle", "", "-A VPN_STATS_%s -i %s -m mark 
--set-xmark 0x524/0xffffffff" % (dev, dev)])
 
 
 class CsInterface:
@@ -298,7 +266,7 @@ class CsIP:
         for i in CsHelper.execute(cmd):
             if " DOWN " in i:
                 cmd2 = "ip link set %s up" % self.getDevice()
-                # If redundant do not bring up public interfaces 
+                # If redundant do not bring up public interfaces
                 # master.py and keepalived deal with tham
                 if self.config.cmdline().is_redundant() and not 
self.is_public():
                     CsHelper.execute(cmd2)
@@ -392,7 +360,46 @@ class CsIP:
     def fw_vpcrouter(self):
         if not self.config.is_vpc():
             return
-        # TODO seperate out vpc rules
+        self.fw.append(["mangle", "front", "-A PREROUTING " +
+                        "-m state --state RELATED,ESTABLISHED " +
+                        "-j CONNMARK --restore-mark --nfmask 0xffffffff 
--ctmask 0xffffffff"])
+        if self.get_type() in ["guest"]:
+            self.fw.append(["filter", "", "-A INPUT -i %s -p udp -m udp 
--dport 67 -j ACCEPT" % self.dev])
+            self.fw.append(["filter", "", "-A INPUT -i %s -p udp -m udp 
--dport 53 -j ACCEPT" % self.dev])
+            self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp 
--dport 53 -j ACCEPT" % self.dev])
+            self.fw.append(["mangle", "",
+                            "-A PREROUTING -m state --state NEW -i %s -s %s ! 
-d %s/32 -j ACL_OUTBOUND_%s" %
+                            (self.dev, self.address['network'], 
self.address['gateway'], self.dev)
+                            ])
+            self.fw.append(["", "front", "-A NETWORK_STATS_%s -o %s -s %s" % 
("eth1", "eth1", self.address['network'])])
+            self.fw.append(["", "front", "-A NETWORK_STATS_%s -o %s -d %s" % 
("eth1", "eth1", self.address['network'])])
+
+        if self.get_type() in ["public"]:
+            self.fw.append(["nat", "front",
+                            "-A POSTROUTING -o %s -j SNAT --to-source %s" %
+                           (self.dev, self.address['public_ip'])
+                            ])
+            self.fw.append(["nat", "front",
+                            "-A POSTROUTING -s %s -o %s -j SNAT --to-source 
%s" %
+                           (self.address['network'], self.dev,
+                            self.address['public_ip'])
+                            ])
+            self.fw.append(["", "front",
+                            "-A FORWARD -o %s -d %s -j ACL_INBOUND_%s" % 
(self.dev, self.address['network'], self.dev)
+                            ])
+            self.fw.append(["mangle", "", "-A FORWARD -j VPN_STATS_%s" % 
self.dev])
+            self.fw.append(["mangle", "", "-A VPN_STATS_%s -o %s -m mark 
--mark 0x525/0xffffffff" % (self.dev, self.dev)])
+            self.fw.append(["mangle", "", "-A VPN_STATS_%s -i %s -m mark 
--mark 0x524/0xffffffff" % (self.dev, self.dev)])
+            self.fw.append(["", "front", "-A FORWARD -j NETWORK_STATS_%s" % 
self.dev])
+
+        self.fw.append(["", "front", "-A FORWARD -j NETWORK_STATS"])
+        self.fw.append(["", "front", "-A INPUT -j NETWORK_STATS"])
+        self.fw.append(["", "front", "-A OUTPUT -j NETWORK_STATS"])
+
+        self.fw.append(["", "", "-A NETWORK_STATS -i eth0 -o eth2 -p tcp"])
+        self.fw.append(["", "", "-A NETWORK_STATS -i eth2 -o eth0 -p tcp"])
+        self.fw.append(["", "", "-A NETWORK_STATS ! -i eth0 -o eth2 -p tcp"])
+        self.fw.append(["", "", "-A NETWORK_STATS -i eth2 ! -o eth0 -p tcp"])
 
     def post_config_change(self, method):
         route = CsRoute(self.dev)
@@ -402,24 +409,9 @@ class CsIP:
         self.fw_vpcrouter()
         # On deletion nw_type will no longer be known
         if self.get_type() in ["guest"] and self.config.is_vpc():
-            devChain = self.config.get_ingress_chain(self.dev, 
self.address['public_ip'])
-            CsDevice(self.dev, self.config).configure_rp()
 
-            self.fw.append(["nat", "front",
-                            "-A POSTROUTING -s %s -o %s -j SNAT --to-source 
%s" %
-                           (self.address['network'], self.dev,
-                            self.address['public_ip'])
-                            ])
-            self.fw.append(["mangle", "front", "-A %s -j ACCEPT" % devChain])
+            CsDevice(self.dev, self.config).configure_rp()
 
-            self.fw.append(["", "front",
-                            "-A FORWARD -o %s -d %s -j %s" % (self.dev, 
self.address['network'], devChain)
-                            ])
-            self.fw.append(["", "", "-A %s -j DROP" % devChain])
-            self.fw.append(["mangle", "",
-                            "-A PREROUTING -m state --state NEW -i %s -s %s ! 
-d %s/32 -j %s" %
-                            (self.dev, self.address['network'], 
self.address['public_ip'], devChain)
-                            ])
             logging.error("Not able to setup sourcenat for a regular router 
yet")
             dns = CsDnsmasq(self)
             dns.add_firewall_rules()

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/4fe7264b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py 
b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py
index e6ad6e5..4ace7bb 100644
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py
@@ -114,8 +114,8 @@ class CsCmdLine(CsDataBag):
     def is_master(self):
         if not self.is_redundant():
             return False
-        if "redundant_master" in self.idata():
-            return self.idata()['redundant_master'] == "true"
+        if "redundant_state" in self.idata():
+            return self.idata()['redundant_state'] == "MASTER"
         return False
 
     def get_state(self):

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/4fe7264b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py 
b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py
index 7e4dcab..56902f0 100644
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py
@@ -82,6 +82,11 @@ class CsRedundant(object):
         # No redundancy if there is no guest network
         if guest is None:
             self._redundant_off()
+            # Bring up the public Interface(s)
+            if self.cl.is_master():
+                for obj in [o for o in self.address.get_ips() if 
o.is_public()]:
+                    print obj.get_device()
+                    self.check_is_up(obj.get_device())
             return
         CsHelper.mkdir(self.CS_RAMDISK_DIR, 0755, False)
         CsHelper.mount_tmpfs(self.CS_RAMDISK_DIR)
@@ -113,8 +118,6 @@ class CsRedundant(object):
         file.search(" router_id ", "    router_id %s" % self.cl.get_name())
         file.search(" priority ", "    priority %s" % self.cl.get_priority())
         file.search(" interface ", "    interface %s" % guest.get_device())
-        #file.search(" weight ", "    weight %s" % 2)
-        # file.search(" state ", "    state %s" % self.cl.get_state())
         file.search(" state ", "    state %s" % "EQUAL")
         file.search(" virtual_router_id ", "    virtual_router_id %s" % 
self.cl.get_router_id())
         file.greplace("[RROUTER_BIN_PATH]", self.CS_ROUTER_DIR)
@@ -255,7 +258,6 @@ class CsRedundant(object):
             if o.needs_vrrp():
                 str = "        %s brd %s dev %s\n" % (o.get_gateway_cidr(), 
o.get_broadcast(), o.get_device())
                 lines.append(str)
-                # This is wrong set_master and set_backup need to do this
                 self.check_is_up(o.get_device())
         return lines

Reply via email to