GitHub user wilderrodrigues opened a pull request:
https://github.com/apache/cloudstack/pull/773
CLOUDSTACK-8759 - Destroying VPC router results in a new unusable VPC router
Steps we reproduced to find the problem:
1. Stop/Destroy the VPC router
2. Add a virtual machine to one of the VPC tier - it will trigger a VPC
router creation
3. Router is created, but the NICs are not configured
How to recover without this fix:
1. Stop/destroy the VPC router and restart the VPC
Side effects: private gateways could be misconfigured.
Root cause:
In the VpcNetworkHelperImpl.configureDefaultNics() method, the guest
network nic was added in the map prior to the control and public NICs. The
order in the map should not matter, however in the
LibvirtComputingResource.createVifs() method, there is a logic that relies on
the device index - the array index - in order to create the control nic. I
advise a refactor on the data model in order to be able to identify the NIC
type instead of relying in the array index.
An integration test was added to cover the fix:
* test_vpc_router_nics.py
Environment:
Management Server running on CentOS 7.1
KVM host running on CentOS 7.1
CloudStack Agent/Common 4.6.0-SNAPSHOT
Executing the test:
```
nosetests --with-marvin
--marvin-config=/data/shared/marvin/mct-zone2-kvm2-ISOLATED.cfg -s -a
tags=advanced,required_hardware=true component/test_vpc_router_nics.py
```
Remark: during the SSH there might be stack traces on the console due to
the connection retry. It takes some time to get the PF rules in place and reach
the VMs. So, just let the test run until the end.
```
Test results:
Create a vpc with two networks with two vms in each network ... ===
TestName: test_01_VPC_nics_after_destroy | Status : SUCCESS ===
ok
----------------------------------------------------------------------
Ran 1 test in 774.020s
OK
/tmp//MarvinLogs/test_vpc_router_nics_VH6E9S/results.txt (END)
```
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/ekholabs/cloudstack
fix/vpc_nic-CLOUDSTACK-8759
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cloudstack/pull/773.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #773
----
commit 21df0ffe898530e69db48b2c16f34b3bb0a17c14
Author: wilderrodrigues <[email protected]>
Date: 2015-09-01T12:31:49Z
CLOUDSTACK-8759 - The guest nic has to be added after the control nic
- The was an issue introduced on 4.5 with the VPC refactor.
- Adding a VM to a VPC with no router would create a broken VPC router,
with no nics
commit 23d0f3fedaa136a0cd562e9617355ab33e2f1ea0
Author: wilderrodrigues <[email protected]>
Date: 2015-09-02T07:27:39Z
CLOUDSTACK-8759 - Adding a marvin test in order to cover the fix
- The test will create a VPC, add 2 tier, 2 VMs, ACL, PF and SSH into
the VM
- Then it will stop the router, destroy the router, add another VM to 1
tier and check that we can reach all the VMs
commit 53c9bb4d387ddc298744879526a40d1d2ca4e394
Author: wilderrodrigues <[email protected]>
Date: 2015-09-03T07:38:56Z
CLOUDSTACK-8759 - Fix guets nic allocation
- When stopping/detroying a VPC router and creating a new one via the
addition os a VM, the networks are no plugged correctly
- The ETH1 ends up with the IP of the guest nic, which remains down.
This causes routes problems and the VMs are not reachable via the pub IPs
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
