bugfix #2 vpc vr: fix issue if static nat is disabled but still other IP used by lb/pf

Author: ustcweizhou

server/src/main/java/com/cloud/network/rules/NicPlugInOutRules.java

@@ -40,6 +40,7 @@
 import com.cloud.network.Networks.BroadcastDomainType;
 import com.cloud.network.Networks.IsolationType;
 import com.cloud.network.PublicIpAddress;
+import com.cloud.network.dao.FirewallRulesDao;
 import com.cloud.network.dao.IPAddressDao;
 import com.cloud.network.dao.IPAddressVO;
 import com.cloud.network.router.VirtualRouter;
@@ -189,6 +190,7 @@ private Pair<Map<String, PublicIpAddress>, Map<String, PublicIpAddress>> getNics
         VpcManager vpcMgr = visitor.getVirtualNetworkApplianceFactory().getVpcMgr();
         NicDao nicDao = visitor.getVirtualNetworkApplianceFactory().getNicDao();
         IPAddressDao ipAddressDao = visitor.getVirtualNetworkApplianceFactory().getIpAddressDao();
+        FirewallRulesDao rulesDao = visitor.getVirtualNetworkApplianceFactory().getFirewallRulesDao();
 
         // find out nics to unplug
         for (PublicIpAddress ip : _ipAddresses) {
@@ -206,7 +208,10 @@ private Pair<Map<String, PublicIpAddress>, Map<String, PublicIpAddress>> getNics
                     final List<IPAddressVO> allIps = ipAddressDao.listByAssociatedVpc(ip.getVpcId(), null);
                     boolean ipUpdated = false;
                     for (IPAddressVO allIp : allIps) {
-                        if (allIp.getId() != ip.getId() && allIp.getVlanId() == ip.getVlanId() && allIp.getVmIp() != null) {
+                        if (allIp.getId() != ip.getId() && allIp.getVlanId() == ip.getVlanId()
+                                && (allIp.isSourceNat()
+                                || rulesDao.countRulesByIpIdAndState(allIp.getId(), FirewallRule.State.Active) > 0
+                                || (allIp.isOneToOneNat() && allIp.getRuleState() == null))) {
                             s_logger.debug("Updating the nic " + nic + " with new ip address " + allIp.getAddress().addr());
                             nic.setIPv4Address(allIp.getAddress().addr());
                             nicDao.update(nic.getId(), nic);

server/src/main/java/com/cloud/network/rules/VirtualNetworkApplianceFactory.java

@@ -26,6 +26,7 @@
 import com.cloud.dc.dao.VlanDao;
 import com.cloud.network.IpAddressManager;
 import com.cloud.network.NetworkModel;
+import com.cloud.network.dao.FirewallRulesDao;
 import com.cloud.network.dao.IPAddressDao;
 import com.cloud.network.dao.LoadBalancerDao;
 import com.cloud.network.dao.NetworkDao;
@@ -85,6 +86,8 @@ public class VirtualNetworkApplianceFactory {
     private IpAddressManager _ipAddrMgr;
     @Inject
     private NetworkACLManager _networkACLMgr;
+    @Inject
+    private FirewallRulesDao _rulesDao;
 
     @Autowired
     @Qualifier("networkHelper")
@@ -183,4 +186,8 @@ public NicProfileHelper getNicProfileHelper() {
     public NetworkTopologyContext getNetworkTopologyContext() {
         return _networkTopologyContext;
     }
+
+    public FirewallRulesDao getFirewallRulesDao() {
+        return _rulesDao;
+    }
 }

test/integration/component/test_multiple_subnets_in_isolated_network.py

@@ -35,6 +35,7 @@
                              NetworkOffering,
                              VPC,
                              VpcOffering,
+                             StaticNATRule,
                              NATRule,
                              PublicIPAddress,
                              PublicIpRange)
@@ -247,7 +248,7 @@ def test_01_acquire_public_ips_in_isolated_network_with_single_vr(self):
         #   verify the IPs in VR. eth0 -> guest nic IP, eth2 -> source nat IP
 
         # 6. create new public ip range 1
-        # 7. get a free ip in new ip range, assign to network, and create port forwarding rules (ssh) to the vm
+        # 7. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm
         #   verify the available nics in VR should be "eth0,eth1,eth2,eth3"
         #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 1
         # 8. get a free ip in new ip range, assign to network, and create port forwarding rules (ssh) to the vm
@@ -395,7 +396,7 @@ def test_01_acquire_public_ips_in_isolated_network_with_single_vr(self):
         )
         self.cleanup.append(self.public_ip_range1)
 
-        # 7. get a free ip in new ip range, assign to network, and create port forwarding rules (ssh) to the vm
+        # 7. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm
         ip_address_1 = self.get_free_ipaddress(self.public_ip_range1.vlan.id)
         ipaddress_1 = PublicIPAddress.create(
             self.apiclient,
@@ -404,12 +405,11 @@ def test_01_acquire_public_ips_in_isolated_network_with_single_vr(self):
             ipaddress=ip_address_1
         )
 
-        nat_rule = NATRule.create(
+        StaticNATRule.enable(
             self.apiclient,
-            self.virtual_machine1,
-            self.services["natrule"],
+            virtualmachineid=self.virtual_machine1.id,
             ipaddressid=ipaddress_1.ipaddress.id,
-            openfirewall=True
+            networkid=self.network1.id
         )
 
         #   verify the available nics in VR should be "eth0,eth1,eth2,eth3"
@@ -544,12 +544,11 @@ def test_01_acquire_public_ips_in_isolated_network_with_single_vr(self):
             ipaddress=ip_address_4
         )
 
-        nat_rule = NATRule.create(
+        StaticNATRule.enable(
             self.apiclient,
-            self.virtual_machine1,
-            self.services["natrule"],
+            virtualmachineid=self.virtual_machine1.id,
             ipaddressid=ipaddress_4.ipaddress.id,
-            openfirewall=True
+            networkid=self.network1.id
         )
 
 

test/integration/component/test_multiple_subnets_in_isolated_network_rvr.py

@@ -35,6 +35,7 @@
                              NetworkOffering,
                              VPC,
                              VpcOffering,
+                             StaticNATRule,
                              NATRule,
                              PublicIPAddress,
                              PublicIpRange)
@@ -247,7 +248,7 @@ def test_02_acquire_public_ips_in_isolated_network_with_redundant_vrs(self):
         #   verify the IPs in VR. eth0 -> guest nic IP, eth2 -> source nat IP
 
         # 6. create new public ip range 1
-        # 7. get a free ip in new ip range, assign to network, and create port forwarding rules (ssh) to the vm
+        # 7. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm
         #   verify the available nics in VR should be "eth0,eth1,eth2,eth3"
         #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 1
         # 8. get a free ip in new ip range, assign to network, and create port forwarding rules (ssh) to the vm
@@ -395,7 +396,7 @@ def test_02_acquire_public_ips_in_isolated_network_with_redundant_vrs(self):
         )
         self.cleanup.append(self.public_ip_range1)
 
-        # 7. get a free ip in new ip range, assign to network, and create port forwarding rules (ssh) to the vm
+        # 7. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm
         ip_address_1 = self.get_free_ipaddress(self.public_ip_range1.vlan.id)
         ipaddress_1 = PublicIPAddress.create(
             self.apiclient,
@@ -404,12 +405,11 @@ def test_02_acquire_public_ips_in_isolated_network_with_redundant_vrs(self):
             ipaddress=ip_address_1
         )
 
-        nat_rule = NATRule.create(
+        StaticNATRule.enable(
             self.apiclient,
-            self.virtual_machine1,
-            self.services["natrule"],
+            virtualmachineid=self.virtual_machine1.id,
             ipaddressid=ipaddress_1.ipaddress.id,
-            openfirewall=True
+            networkid=self.network1.id
         )
 
         #   verify the available nics in VR should be "eth0,eth1,eth2,eth3"
@@ -544,12 +544,11 @@ def test_02_acquire_public_ips_in_isolated_network_with_redundant_vrs(self):
             ipaddress=ip_address_4
         )
 
-        nat_rule = NATRule.create(
+        StaticNATRule.enable(
             self.apiclient,
-            self.virtual_machine1,
-            self.services["natrule"],
+            virtualmachineid=self.virtual_machine1.id,
             ipaddressid=ipaddress_4.ipaddress.id,
-            openfirewall=True
+            networkid=self.network1.id
         )
 
 

test/integration/component/test_multiple_subnets_in_vpc.py

@@ -35,6 +35,7 @@
                              NetworkOffering,
                              VPC,
                              VpcOffering,
+                             StaticNATRule,
                              NATRule,
                              PublicIPAddress,
                              PublicIpRange)
@@ -272,7 +273,7 @@ def test_03_acquire_public_ips_in_vpc_with_single_vr(self):
         #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> tier 1, eth3 -> new ip 3, eth4 -> tier 2
 
         # 13. create new public ip range 2
-        # 14. get a free ip 4 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
+        # 14. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm 2 in tier 2
         #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,eth5,"
         #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> tier 1, eth3 -> new ip 3, eth4 -> tier 2, eth5 -> new ip 4
         # 15. get a free ip 5 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
@@ -451,10 +452,9 @@ def test_03_acquire_public_ips_in_vpc_with_single_vr(self):
             ipaddress=ip_address_1
         )
 
-        nat_rule = NATRule.create(
+        StaticNATRule.enable(
             self.apiclient,
-            self.virtual_machine1,
-            self.services["natrule"],
+            virtualmachineid=self.virtual_machine1.id,
             ipaddressid=ipaddress_1.ipaddress.id,
             networkid=vpc_tier_1.id
         )
@@ -581,7 +581,7 @@ def test_03_acquire_public_ips_in_vpc_with_single_vr(self):
         )
 
         try:
-            self.virtual_machine1 = VirtualMachine.create(
+            self.virtual_machine2 = VirtualMachine.create(
                 self.apiclient,
                 self.services["virtual_machine"],
                 accountid=self.account1.name,
@@ -621,7 +621,7 @@ def test_03_acquire_public_ips_in_vpc_with_single_vr(self):
         )
         self.cleanup.append(self.public_ip_range2)
 
-        # 14. get a free ip 4 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
+        # 14. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm 2 in tier 2
         #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,eth5,"
         #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> tier 1, eth3 -> new ip 3, eth4 -> tier 2, eth5 -> new ip 4
         ip_address_4 = self.get_free_ipaddress(self.public_ip_range2.vlan.id)
@@ -632,10 +632,9 @@ def test_03_acquire_public_ips_in_vpc_with_single_vr(self):
             ipaddress=ip_address_4
         )
 
-        nat_rule = NATRule.create(
+        StaticNATRule.enable(
             self.apiclient,
-            self.virtual_machine1,
-            self.services["natrule"],
+            virtualmachineid=self.virtual_machine2.id,
             ipaddressid=ipaddress_4.ipaddress.id,
             networkid=vpc_tier_2.id
         )
@@ -665,7 +664,7 @@ def test_03_acquire_public_ips_in_vpc_with_single_vr(self):
 
         nat_rule = NATRule.create(
             self.apiclient,
-            self.virtual_machine1,
+            self.virtual_machine2,
             self.services["natrule"],
             ipaddressid=ipaddress_5.ipaddress.id,
             networkid=vpc_tier_2.id
@@ -696,7 +695,7 @@ def test_03_acquire_public_ips_in_vpc_with_single_vr(self):
 
         nat_rule = NATRule.create(
             self.apiclient,
-            self.virtual_machine1,
+            self.virtual_machine2,
             self.services["natrule"],
             ipaddressid=ipaddress_6.ipaddress.id,
             networkid=vpc_tier_2.id

test/integration/component/test_multiple_subnets_in_vpc_rvr.py

@@ -35,6 +35,7 @@
                              NetworkOffering,
                              VPC,
                              VpcOffering,
+                             StaticNATRule,
                              NATRule,
                              PublicIPAddress,
                              PublicIpRange)
@@ -272,7 +273,7 @@ def test_04_acquire_public_ips_in_vpc_with_redundant_vrs(self):
         #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> tier 1, eth3 -> new ip 3, eth4 -> tier 2
 
         # 13. create new public ip range 2
-        # 14. get a free ip 4 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
+        # 14. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm 2 in tier 2
         #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,eth5,"
         #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> tier 1, eth3 -> new ip 3, eth4 -> tier 2, eth5 -> new ip 4
         # 15. get a free ip 5 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
@@ -451,10 +452,9 @@ def test_04_acquire_public_ips_in_vpc_with_redundant_vrs(self):
             ipaddress=ip_address_1
         )
 
-        nat_rule = NATRule.create(
+        StaticNATRule.enable(
             self.apiclient,
-            self.virtual_machine1,
-            self.services["natrule"],
+            virtualmachineid=self.virtual_machine1.id,
             ipaddressid=ipaddress_1.ipaddress.id,
             networkid=vpc_tier_1.id
         )
@@ -581,7 +581,7 @@ def test_04_acquire_public_ips_in_vpc_with_redundant_vrs(self):
         )
 
         try:
-            self.virtual_machine1 = VirtualMachine.create(
+            self.virtual_machine2 = VirtualMachine.create(
                 self.apiclient,
                 self.services["virtual_machine"],
                 accountid=self.account1.name,
@@ -621,7 +621,7 @@ def test_04_acquire_public_ips_in_vpc_with_redundant_vrs(self):
         )
         self.cleanup.append(self.public_ip_range2)
 
-        # 14. get a free ip 4 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
+        # 14. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm 2 in tier 2
         #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,eth5,"
         #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> tier 1, eth3 -> new ip 3, eth4 -> tier 2, eth5 -> new ip 4
         ip_address_4 = self.get_free_ipaddress(self.public_ip_range2.vlan.id)
@@ -632,10 +632,9 @@ def test_04_acquire_public_ips_in_vpc_with_redundant_vrs(self):
             ipaddress=ip_address_4
         )
 
-        nat_rule = NATRule.create(
+        StaticNATRule.enable(
             self.apiclient,
-            self.virtual_machine1,
-            self.services["natrule"],
+            virtualmachineid=self.virtual_machine2.id,
             ipaddressid=ipaddress_4.ipaddress.id,
             networkid=vpc_tier_2.id
         )
@@ -665,7 +664,7 @@ def test_04_acquire_public_ips_in_vpc_with_redundant_vrs(self):
 
         nat_rule = NATRule.create(
             self.apiclient,
-            self.virtual_machine1,
+            self.virtual_machine2,
             self.services["natrule"],
             ipaddressid=ipaddress_5.ipaddress.id,
             networkid=vpc_tier_2.id
@@ -696,7 +695,7 @@ def test_04_acquire_public_ips_in_vpc_with_redundant_vrs(self):
 
         nat_rule = NATRule.create(
             self.apiclient,
-            self.virtual_machine1,
+            self.virtual_machine2,
             self.services["natrule"],
             ipaddressid=ipaddress_6.ipaddress.id,
             networkid=vpc_tier_2.id