Skip to content

Feature/systemvm persistent config 4 #75

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Feb 11, 2015
Merged

Feature/systemvm persistent config 4 #75

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a12193a
Fix state of isolated redundant network router
wilderrodrigues Feb 7, 2015
3527946
A tab got in there somehow!
Feb 9, 2015
9ade49e
{ip: hosts} syntax goes wrong if ip contains 1::
Feb 9, 2015
e913eb6
Utterley stupid
Feb 10, 2015
a4eb234
generate random password for redundant VPC
wilderrodrigues Feb 10, 2015
4a012dd
No hardcoded passwords.
wilderrodrigues Feb 10, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 26 additions & 1 deletion server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@

package com.cloud.network.router;

import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
Expand Down Expand Up @@ -177,6 +180,8 @@
import com.cloud.network.rules.StaticNatImpl;
import com.cloud.network.rules.StaticNatRule;
import com.cloud.network.rules.dao.PortForwardingRulesDao;
import com.cloud.network.vpc.Vpc;
import com.cloud.network.vpc.dao.VpcDao;
import com.cloud.network.vpn.Site2SiteVpnManager;
import com.cloud.offering.NetworkOffering;
import com.cloud.offering.ServiceOffering;
Expand Down Expand Up @@ -356,6 +361,8 @@ public class VirtualNetworkApplianceManagerImpl extends ManagerBase implements V
@Inject
AsyncJobManager _asyncMgr;
@Inject
protected VpcDao _vpcDao;
@Inject
protected ApiAsyncJobDispatcher _asyncDispatcher;
@Inject
OpRouterMonitorServiceDao _opRouterMonitorServiceDao;
Expand Down Expand Up @@ -1173,7 +1180,8 @@ protected void runInContext() {
} else {
router = router1;
}
if (router.getHostId() == null) {
// && router.getState() == State.Stopped
if (router.getHostId() == null && router.getState() == State.Running) {
s_logger.debug("Skip router pair (" + router0.getInstanceName() + "," + router1.getInstanceName() + ") due to can't find host");
continue;
}
Expand Down Expand Up @@ -1622,6 +1630,23 @@ protected StringBuilder createRedundantRouterArgs(final NicProfile nic, DomainRo
// For a redundant VPC router, both shall have the same router id. It will be used by the VRRP virtural_router_id attribute.
// So we use the VPC id to avoid group problems.
buf.append(" router_id=").append(vpcId);

// Will build the routers password based on the VPC ID and UUID.
final Vpc vpc = _vpcDao.findById(vpcId);

try {
final MessageDigest digest = MessageDigest.getInstance("SHA-512");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's make a ticket to make this configurable later on

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Which part should be configurable?

final byte [] rawDigest = vpc.getUuid().getBytes();
digest.update(rawDigest);

final BigInteger password = new BigInteger(1, digest.digest());
buf.append(" router_password=").append(password);

} catch (final NoSuchAlgorithmException e) {
s_logger.error("Failed to pssword! Will use the plan B instead.");
buf.append(" router_password=").append(vpc.getUuid());
}

} else {
routers = _routerDao.listByNetworkAndRole(nic.getNetworkId(), Role.VIRTUAL_ROUTER);
}
Expand Down
3 changes: 0 additions & 3 deletions server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,6 @@
import com.cloud.network.vpc.VpcVO;
import com.cloud.network.vpc.dao.PrivateIpDao;
import com.cloud.network.vpc.dao.StaticRouteDao;
import com.cloud.network.vpc.dao.VpcDao;
import com.cloud.network.vpc.dao.VpcGatewayDao;
import com.cloud.network.vpn.Site2SiteVpnManager;
import com.cloud.user.UserStatisticsVO;
Expand All @@ -99,8 +98,6 @@
public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplianceManagerImpl implements VpcVirtualNetworkApplianceManager {
private static final Logger s_logger = Logger.getLogger(VpcVirtualNetworkApplianceManagerImpl.class);

@Inject
private VpcDao _vpcDao;
@Inject
private NetworkACLManager _networkACLMgr;
@Inject
Expand Down
15 changes: 8 additions & 7 deletions systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -355,13 +355,13 @@ def fw_router(self):
if self.get_type() in ["control"]:
self.fw.append(["filter", "", "-A FW_OUTBOUND -m state --state RELATED,ESTABLISHED -j ACCEPT"])
self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 3922 -m state --state NEW -j ACCEPT" % self.dev])
self.fw.append(['', 'front', '-A FORWARD -j NETWORK_STATS'])
self.fw.append(['', 'front', '-A INPUT -j NETWORK_STATS'])
self.fw.append(['', 'front', '-A OUTPUT -j NETWORK_STATS'])
self.fw.append(['', '', '-A NETWORK_STATS -i eth0 -o eth2'])
self.fw.append(['', '', '-A NETWORK_STATS -i eth2 -o eth0'])
self.fw.append(['', '', '-A NETWORK_STATS -o eth2 ! -i eth0 -p tcp'])
self.fw.append(['', '', '-A NETWORK_STATS -i eth2 ! -o eth0 -p tcp'])
self.fw.append(['', 'front', '-A FORWARD -j NETWORK_STATS'])
self.fw.append(['', 'front', '-A INPUT -j NETWORK_STATS'])
self.fw.append(['', 'front', '-A OUTPUT -j NETWORK_STATS'])
self.fw.append(['', '', '-A NETWORK_STATS -i eth0 -o eth2'])
self.fw.append(['', '', '-A NETWORK_STATS -i eth2 -o eth0'])
self.fw.append(['', '', '-A NETWORK_STATS -o eth2 ! -i eth0 -p tcp'])
self.fw.append(['', '', '-A NETWORK_STATS -i eth2 ! -o eth0 -p tcp'])

def fw_vpcrouter(self):
if not self.config.is_vpc():
Expand All @@ -370,6 +370,7 @@ def fw_vpcrouter(self):
"-m state --state RELATED,ESTABLISHED " +
"-j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff"])
if self.get_type() in ["guest"]:
self.fw.append(["filter", "", "-A FORWARD -d %s -o %s -j ACL_INBOUND_%s" % (self.address['network'], self.dev, self.dev)])
self.fw.append(["filter", "", "-A INPUT -i %s -p udp -m udp --dport 67 -j ACCEPT" % self.dev])
self.fw.append(["filter", "", "-A INPUT -i %s -p udp -m udp --dport 53 -j ACCEPT" % self.dev])
self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 53 -j ACCEPT" % self.dev])
Expand Down
16 changes: 16 additions & 0 deletions systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
import hashlib
from merge import DataBag


Expand Down Expand Up @@ -127,3 +128,18 @@ def get_router_id(self):
if "router_id" in self.idata():
return self.idata()['router_id']
return 1

def get_router_password(self):
if "router_password" in self.idata():
return self.idata()['router_password']

'''
Generate a password based on the router id just to avoid hard-coded passwd.
Remark: if for some reason 1 router gets configured, the other one will have a different password.
This is slightly difficult to happen, but if it does, destroy the router with the password generated with the
code below and restart the VPC with out the clean up option.
'''
passwd = "%s-%s" % (self.get_vpccidr, self.get_router_id())
md5 = hashlib.md5()
md5.update(passwd)
return md5.hexdigest()
4 changes: 2 additions & 2 deletions systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ def preseed(self):
def write_hosts(self):
file = CsFile("/etc/hosts")
for ip in self.hosts:
file.search("%s" % ip, "%s\t%s" % (ip, self.hosts[ip]))
file.search("^%s" % ip, "%s\t%s" % (ip, self.hosts[ip]))
file.commit()
if file.is_changed():
logging.info("Updated hosts file")
Expand All @@ -155,4 +155,4 @@ def add(self, entry):
v['gateway'] = entry['default_gateway']

def add_host(self, ip, hosts):
self.hosts.update({ip: hosts})
self.hosts[ip] = hosts
1 change: 1 addition & 0 deletions systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,7 @@ def _redundant_on(self):
file.search(" state ", " state %s" % "EQUAL")
file.search(" virtual_router_id ", " virtual_router_id %s" % self.cl.get_router_id())
file.greplace("[RROUTER_BIN_PATH]", self.CS_ROUTER_DIR)
file.section("authentication {", "}", [ " auth_type AH \n", " auth_pass %s\n" % self.cl.get_router_password()] )
file.section("virtual_ipaddress {", "}", self._collect_ips())
file.commit()

Expand Down
2 changes: 1 addition & 1 deletion systemvm/patches/debian/config/opt/cloud/templates/keepalived.conf.templ
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ vrrp_instance inside_network {
advert_int 1
authentication {
auth_type AH
auth_pass k33p@live
auth_pass PASS
}

virtual_ipaddress {
Expand Down