Fixed password server, fixed more firewall issues Fixed issues with real IP and not virtual (gateway) IP being opened on the firewall DNS now works on the vms
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/57d3ffae Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/57d3ffae Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/57d3ffae Branch: refs/heads/master Commit: 57d3ffaef893e00bf751fa0a516fb210bf4b478c Parents: e6b3ee3 Author: Ian Southam <isout...@schubergphilis.com> Authored: Fri Feb 6 13:53:08 2015 +0100 Committer: wilderrodrigues <wrodrig...@schubergphilis.com> Committed: Mon Mar 16 11:40:03 2015 +0100 ---------------------------------------------------------------------- .../debian/config/opt/cloud/bin/configure.py | 2 +- .../debian/config/opt/cloud/bin/cs/CsAddress.py | 10 ++++--- .../debian/config/opt/cloud/bin/cs/CsApp.py | 28 +++++++++++++------- .../debian/config/opt/cloud/bin/cs/CsProcess.py | 10 +++++++ .../config/opt/cloud/bin/cs/CsRedundant.py | 15 ++++++++--- .../config/opt/cloud/bin/passwd_server_ip | 1 + 6 files changed, 49 insertions(+), 17 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/57d3ffae/systemvm/patches/debian/config/opt/cloud/bin/configure.py ---------------------------------------------------------------------- diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index b693477..43b01b6 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -36,7 +36,7 @@ from cs.CsNetfilter import CsNetfilters from cs.CsDhcp import CsDhcp from cs.CsRedundant import * from cs.CsFile import CsFile -from cs.CsApp import CsApache, CsPasswdSvc, CsDnsmasq +from cs.CsApp import CsApache, CsDnsmasq from cs.CsMonitor import CsMonitor from cs.CsLoadBalancer import CsLoadBalancer http://git-wip-us.apache.org/repos/asf/cloudstack/blob/57d3ffae/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py ---------------------------------------------------------------------- diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py index 54a40a1..df6fdc7 100644 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py @@ -341,9 +341,8 @@ class CsIP: self.fw.append(["filter", "", "-A INPUT -i %s -p udp -m udp --dport 67 -j ACCEPT" % self.dev]) self.fw.append(["filter", "", "-A INPUT -i %s -p udp -m udp --dport 53 -j ACCEPT" % self.dev]) self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 53 -j ACCEPT" % self.dev]) - self.fw.append(["filter", "", - "-A INPUT -s %s -i %s -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT" % (self.address['network'], self.dev)]) self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT" % self.dev]) + self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT" % self.dev]) self.fw.append(["filter", "", "-A FORWARD -i %s -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT" % self.dev]) self.fw.append(["filter", "", "-A FORWARD -i %s -o %s -m state --state NEW -j ACCEPT" % (self.dev, self.dev)]) self.fw.append(["filter", "", "-A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT"]) @@ -367,6 +366,8 @@ class CsIP: self.fw.append(["filter", "", "-A INPUT -i %s -p udp -m udp --dport 67 -j ACCEPT" % self.dev]) self.fw.append(["filter", "", "-A INPUT -i %s -p udp -m udp --dport 53 -j ACCEPT" % self.dev]) self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 53 -j ACCEPT" % self.dev]) + self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT" % self.dev]) + self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT" % self.dev]) self.fw.append(["mangle", "", "-A PREROUTING -m state --state NEW -i %s -s %s ! -d %s/32 -j ACL_OUTBOUND_%s" % (self.dev, self.address['network'], self.address['gateway'], self.dev) @@ -417,7 +418,10 @@ class CsIP: dns.add_firewall_rules() app = CsApache(self) app.setup() - pwdsvc = CsPasswdSvc(self).setup() + + # If redundant then this is dealt with by the master backup functions + if self.get_type() in ["guest"] and not self.config.cl.is_redundant(): + pwdsvc = CsPasswdSvc(self.address['public_ip']).start() if self.get_type() == "public" and self.config.is_vpc(): if self.address["source_nat"]: http://git-wip-us.apache.org/repos/asf/cloudstack/blob/57d3ffae/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py ---------------------------------------------------------------------- diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py index d680bde..cceb464 100644 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py @@ -59,19 +59,29 @@ class CsApache(CsApp): ]) -class CsPasswdSvc(CsApp): +class CsPasswdSvc(): """ nohup bash /opt/cloud/bin/vpc_passwd_server $ip >/dev/null 2>&1 & """ - def setup(self): - self.fw.append(["", "front", - "-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 8080 -j ACCEPT" % (self.dev, self.ip) - ]) - - proc = CsProcess(['/opt/cloud/bin/vpc_passwd_server', self.ip]) - if not proc.find(): - proc.start("/usr/bin/nohup", ">/dev/null 2>&1 &") + def __init__(self, ip): + self.ip = ip + + def start(self): + proc = CsProcess(["dummy"]) + if proc.grep("passwd_service %s" % self.ip) == -1: + proc.start("/opt/cloud/bin/passwd_server_ip %s >> /var/log/cloud.log 2>&1" % self.ip, "&") + + def stop(self): + proc = CsProcess(["Password Service"]) + pid = proc.grep("passwd_server_ip %s" % self.ip) + proc.kill(pid) + pid = proc.grep("8080,reuseaddr,fork,crnl,bind=%s" % self.ip) + proc.kill(pid) + + def restart(self): + self.stop() + self.start() class CsDnsmasq(CsApp): http://git-wip-us.apache.org/repos/asf/cloudstack/blob/57d3ffae/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py ---------------------------------------------------------------------- diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py index afa6310..19d030b 100644 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py @@ -51,3 +51,13 @@ class CsProcess(object): def find(self): has_pid = len(self.find_pid()) > 0 return has_pid + + def kill(self, pid): + if pid > 1: + CsHelper.execute("kill -9 %s" % pid) + + def grep(self, str): + for i in CsHelper.execute("ps aux"): + if i.find(str) != -1: + return re.split("\s+", i)[1] + return -1 http://git-wip-us.apache.org/repos/asf/cloudstack/blob/57d3ffae/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py ---------------------------------------------------------------------- diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py index 56902f0..5054f76 100644 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py @@ -39,6 +39,7 @@ import CsHelper from CsFile import CsFile from CsConfig import CsConfig from CsProcess import CsProcess +from CsApp import CsPasswdSvc class CsRedundant(object): @@ -161,15 +162,17 @@ class CsRedundant(object): logging.error("Set fault called on non-redundant router") return logging.info("Router switched to fault mode") - ads = [o for o in self.address.get_ips() if o.needs_vrrp()] + ads = [o for o in self.address.get_ips() if o.is_public()] for o in ads: CsHelper.execute("ifconfig %s down" % o.get_device()) cmd = "%s -C %s" % (self.CONNTRACKD_BIN, self.CONNTRACKD_CONF) CsHelper.execute("%s -s" % cmd) CsHelper.service("ipsec", "stop") CsHelper.service("xl2tpd", "stop") - CsHelper.service("cloud-passwd-srvr", "stop") CsHelper.service("dnsmasq", "stop") + ads = [o for o in self.address.get_ips() if o.needs_vrrp()] + for o in ads: + pwdsvc = CsPasswdSvc(o.get_gateway()).stop() cl.dbag['config']['redundant_master'] = "false" cl.save() logging.info("Router switched to fault mode") @@ -192,7 +195,9 @@ class CsRedundant(object): CsHelper.execute("%s -d" % cmd) CsHelper.service("ipsec", "stop") CsHelper.service("xl2tpd", "stop") - CsHelper.service("cloud-passwd-srvr", "stop") + ads = [o for o in self.address.get_ips() if o.needs_vrrp()] + for o in ads: + pwdsvc = CsPasswdSvc(o.get_gateway()).stop() CsHelper.service("dnsmasq", "stop") # self._set_priority(self.CS_PRIO_DOWN) self.cl.dbag['config']['redundant_master'] = "false" @@ -225,7 +230,9 @@ class CsRedundant(object): CsHelper.execute("%s -B" % cmd) CsHelper.service("ipsec", "restart") CsHelper.service("xl2tpd", "restart") - CsHelper.service("cloud-passwd-srvr", "restart") + ads = [o for o in self.address.get_ips() if o.needs_vrrp()] + for o in ads: + pwdsvc = CsPasswdSvc(o.get_gateway()).restart() CsHelper.service("dnsmasq", "restart") self.cl.dbag['config']['redundant_master'] = "true" self.cl.save() http://git-wip-us.apache.org/repos/asf/cloudstack/blob/57d3ffae/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip ---------------------------------------------------------------------- diff --git a/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip b/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip index 5e15a19..a408a1e 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip +++ b/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip @@ -18,6 +18,7 @@ . /etc/default/cloud-passwd-srvr addr=$1; +ENABLED=1 while [ "$ENABLED" == "1" ] do python /opt/cloud/bin/passwd_server_ip.py $addr >/dev/null 2>/dev/null
