Merge pull request #1276 from michaelandersen/fix/site2sitevpn

[4.7] FIX Site2SiteVPN on redundant VPCThis PR:
- fixes the inability to setup more than one Site2Site VPN connection from a VPC
- fixes starting of Site2Site VPN on redundant VPC
- fixes Site2Site VPN state checking on redundant VPC
- improves the vpc_vpn test to allow multple hypervisors
- adds an integration test for Site2Site VPN on redundant VPC

Tested it on 4.7 single Xen server zone:

command:
```
nosetests --with-marvin --marvin-config=/data/shared/marvin/mct-zone1-xen1.cfg -a tags=advanced,required_hardware=true /tmp/test_vpc_vpn.py
```

results:
```
Test Site 2 Site VPN Across redundant VPCs ... === TestName: test_01_redundant_vpc_site2site_vpn | Status : SUCCESS ===
ok
Test Remote Access VPN in VPC ... === TestName: test_01_vpc_remote_access_vpn | Status : SUCCESS ===
ok
Test Site 2 Site VPN Across VPCs ... === TestName: test_01_vpc_site2site_vpn | Status : SUCCESS ===
ok

----------------------------------------------------------------------
Ran 3 tests in 1490.076s

OK
```

also performed numerous manual inspections of state of VPN connections and connectivity between VPC's

* pr/1276:
  Fix unable to setup more than one Site2Site VPN Connection
  FIX S2S VPN rVPC: Check only redundant routers in state MASTER
  PEP8 of integration/smoke/test_vpc_vpn
  Add S2S VPN test for Redundant VPC
  Make integration/smoke/test_vpc_vpn Hypervisor independant
  FIX VPN: non-working ipsec commands

Signed-off-by: Remi Bergsma <github@remi.nl>

Author: remibergsma

server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java

@@ -907,6 +907,9 @@ protected void updateSite2SiteVpnConnectionState(final List<DomainRouterVO> rout
             if (conns == null || conns.isEmpty()) {
                 continue;
             }
+            if (router.getIsRedundantRouter() && router.getRedundantState() != RedundantState.MASTER){
+                continue;
+            }
             if (router.getState() != VirtualMachine.State.Running) {
                 for (final Site2SiteVpnConnectionVO conn : conns) {
                     if (conn.getState() != Site2SiteVpnConnection.State.Error) {

systemvm/patches/debian/config/opt/cloud/bin/configure.py

@@ -462,16 +462,20 @@ def process(self):
             if m:
                 self.confips.append(m.group(1))
 
-        for public_ip in self.dbag:
-            if public_ip == "id":
+        for vpn in self.dbag:
+            if vpn == "id":
                 continue
-            dev = CsHelper.get_device(public_ip)
+
+            local_ip = self.dbag[vpn]['local_public_ip']
+            dev = CsHelper.get_device(local_ip)
+
             if dev == "":
-                logging.error("Request for ipsec to %s not possible because ip is not configured", public_ip)
+                logging.error("Request for ipsec to %s not possible because ip is not configured", local_ip)
                 continue
+
             CsHelper.start_if_stopped("ipsec")
-            self.configure_iptables(dev, self.dbag[public_ip])
-            self.configure_ipsec(self.dbag[public_ip])
+            self.configure_iptables(dev, self.dbag[vpn])
+            self.configure_ipsec(self.dbag[vpn])
 
         # Delete vpns that are no longer in the configuration
         for ip in self.confips:

systemvm/patches/debian/config/opt/cloud/bin/cs_site2sitevpn.py

@@ -19,7 +19,7 @@
 
 
 def merge(dbag, vpn):
-    key = vpn['local_public_ip']
+    key = vpn['peer_gateway_ip']
     op = vpn['create']
     if key in dbag.keys() and not op:
         del(dbag[key])