network: fix dhcp/password/metadata issues on shared networks with multiple subnets (apache#5013)

weizhouapache · web-flow · commit 1b28ea1ebb81 · 2021-05-13T14:31:47.000+05:30
* apache#4943: apply iptables for password and metadata * apache#4943: fix wrong ip alias * apache#4943: revert previous change and add ip_aliases Co-authored-by: Wei Zhou <weizhouapache@gmail.com>
diff --git a/engine/components-api/src/main/java/com/cloud/network/IpAddressManager.java b/engine/components-api/src/main/java/com/cloud/network/IpAddressManager.java
@@ -185,7 +185,7 @@ PublicIp assignDedicateIpAddress(Account owner, Long guestNtwkId, Long vpcId, lo
     IpAddress allocateIp(Account ipOwner, boolean isSystem, Account caller, long callerId, DataCenter zone, Boolean displayIp, String ipaddress)
             throws ConcurrentOperationException, ResourceAllocationException, InsufficientAddressCapacityException;
 
-    PublicIp assignPublicIpAddressFromVlans(long dcId, Long podId, Account owner, VlanType type, List<Long> vlanDbIds, Long networkId, String requestedIp, boolean isSystem)
+    PublicIp assignPublicIpAddressFromVlans(long dcId, Long podId, Account owner, VlanType type, List<Long> vlanDbIds, Long networkId, String requestedIp, String requestedGateway, boolean isSystem)
             throws InsufficientAddressCapacityException;
 
     PublicIp getAvailablePublicIpAddressFromVlans(long dcId, Long podId, Account owner, VlanType type, List<Long> vlanDbIds, Long networkId, String requestedIp, boolean isSystem)
@@ -219,6 +219,7 @@ List<IPAddressVO> listAvailablePublicIps(final long dcId,
                                              final boolean assign,
                                              final boolean allocate,
                                              final String requestedIp,
+                                             final String requestedGateway,
                                              final boolean isSystem,
                                              final Long vpcId,
                                              final Boolean displayIp,
diff --git a/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java b/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java
@@ -476,6 +476,7 @@ public boolean configure(String name, Map<String, Object> params) {
         SearchBuilder<VlanVO> vlanSearch = _vlanDao.createSearchBuilder();
         vlanSearch.and("type", vlanSearch.entity().getVlanType(), Op.EQ);
         vlanSearch.and("networkId", vlanSearch.entity().getNetworkId(), Op.EQ);
+        vlanSearch.and("vlanGateway", vlanSearch.entity().getVlanGateway(), Op.EQ);
         AssignIpAddressSearch.join("vlan", vlanSearch, vlanSearch.entity().getId(), AssignIpAddressSearch.entity().getVlanId(), JoinType.INNER);
         AssignIpAddressSearch.done();
 
@@ -487,6 +488,7 @@ public boolean configure(String name, Map<String, Object> params) {
         SearchBuilder<VlanVO> podVlanSearch = _vlanDao.createSearchBuilder();
         podVlanSearch.and("type", podVlanSearch.entity().getVlanType(), Op.EQ);
         podVlanSearch.and("networkId", podVlanSearch.entity().getNetworkId(), Op.EQ);
+        podVlanSearch.and("vlanGateway", podVlanSearch.entity().getVlanGateway(), Op.EQ);
         SearchBuilder<PodVlanMapVO> podVlanMapSB = _podVlanMapDao.createSearchBuilder();
         podVlanMapSB.and("podId", podVlanMapSB.entity().getPodId(), Op.EQ);
         AssignIpAddressFromPodVlanSearch.join("podVlanMapSB", podVlanMapSB, podVlanMapSB.entity().getVlanDbId(), AssignIpAddressFromPodVlanSearch.entity().getVlanId(),
@@ -755,34 +757,34 @@ public Boolean doInTransaction(TransactionStatus status) {
     @Override
     public PublicIp assignPublicIpAddress(long dcId, Long podId, Account owner, VlanType type, Long networkId, String requestedIp, boolean isSystem, boolean forSystemVms)
             throws InsufficientAddressCapacityException {
-        return fetchNewPublicIp(dcId, podId, null, owner, type, networkId, false, true, requestedIp, isSystem, null, null, forSystemVms);
+        return fetchNewPublicIp(dcId, podId, null, owner, type, networkId, false, true, requestedIp, null, isSystem, null, null, forSystemVms);
     }
 
     @Override
-    public PublicIp assignPublicIpAddressFromVlans(long dcId, Long podId, Account owner, VlanType type, List<Long> vlanDbIds, Long networkId, String requestedIp, boolean isSystem)
+    public PublicIp assignPublicIpAddressFromVlans(long dcId, Long podId, Account owner, VlanType type, List<Long> vlanDbIds, Long networkId, String requestedIp, String requestedGateway, boolean isSystem)
             throws InsufficientAddressCapacityException {
-        return fetchNewPublicIp(dcId, podId, vlanDbIds, owner, type, networkId, false, true, requestedIp, isSystem, null, null, false);
+        return fetchNewPublicIp(dcId, podId, vlanDbIds, owner, type, networkId, false, true, requestedIp, requestedGateway, isSystem, null, null, false);
     }
 
     @Override
     public PublicIp getAvailablePublicIpAddressFromVlans(long dcId, Long podId, Account owner, VlanType type, List<Long> vlanDbIds, Long networkId, String requestedIp, boolean isSystem)
             throws InsufficientAddressCapacityException {
-        return fetchNewPublicIp(dcId, podId, vlanDbIds, owner, type, networkId, false, false, false, requestedIp, isSystem, null, null, false);
+        return fetchNewPublicIp(dcId, podId, vlanDbIds, owner, type, networkId, false, false, false, requestedIp, null, isSystem, null, null, false);
     }
 
     @DB
     public PublicIp fetchNewPublicIp(final long dcId, final Long podId, final List<Long> vlanDbIds, final Account owner, final VlanType vlanUse, final Long guestNetworkId,
-                                     final boolean sourceNat, final boolean allocate, final String requestedIp, final boolean isSystem, final Long vpcId, final Boolean displayIp, final boolean forSystemVms)
+                                     final boolean sourceNat, final boolean allocate, final String requestedIp, final String requestedGateway, final boolean isSystem, final Long vpcId, final Boolean displayIp, final boolean forSystemVms)
             throws InsufficientAddressCapacityException {
         return fetchNewPublicIp(dcId, podId, vlanDbIds, owner, vlanUse, guestNetworkId,
-                sourceNat, true, allocate, requestedIp, isSystem, vpcId, displayIp, forSystemVms);
+                sourceNat, true, allocate, requestedIp, requestedGateway, isSystem, vpcId, displayIp, forSystemVms);
     }
 
     @DB
     public PublicIp fetchNewPublicIp(final long dcId, final Long podId, final List<Long> vlanDbIds, final Account owner, final VlanType vlanUse, final Long guestNetworkId,
-            final boolean sourceNat, final boolean assign, final boolean allocate, final String requestedIp, final boolean isSystem, final Long vpcId, final Boolean displayIp, final boolean forSystemVms)
+            final boolean sourceNat, final boolean assign, final boolean allocate, final String requestedIp, final String requestedGateway, final boolean isSystem, final Long vpcId, final Boolean displayIp, final boolean forSystemVms)
                     throws InsufficientAddressCapacityException {
-        List<IPAddressVO> addrs = listAvailablePublicIps(dcId, podId, vlanDbIds, owner, vlanUse, guestNetworkId, sourceNat, assign, allocate, requestedIp, isSystem, vpcId, displayIp, forSystemVms, true);
+        List<IPAddressVO> addrs = listAvailablePublicIps(dcId, podId, vlanDbIds, owner, vlanUse, guestNetworkId, sourceNat, assign, allocate, requestedIp, requestedGateway, isSystem, vpcId, displayIp, forSystemVms, true);
         IPAddressVO addr = addrs.get(0);
         if (vlanUse == VlanType.VirtualNetwork) {
             _firewallMgr.addSystemFirewallRules(addr, owner);
@@ -793,7 +795,7 @@ public PublicIp fetchNewPublicIp(final long dcId, final Long podId, final List<L
 
     @Override
     public List<IPAddressVO> listAvailablePublicIps(final long dcId, final Long podId, final List<Long> vlanDbIds, final Account owner, final VlanType vlanUse, final Long guestNetworkId,
-                                                    final boolean sourceNat, final boolean assign, final boolean allocate, final String requestedIp, final boolean isSystem,
+                                                    final boolean sourceNat, final boolean assign, final boolean allocate, final String requestedIp, final String requestedGateway, final boolean isSystem,
                                                     final Long vpcId, final Boolean displayIp, final boolean forSystemVms, final boolean lockOneRow) throws InsufficientAddressCapacityException {
         return Transaction.execute(new TransactionCallbackWithException<List<IPAddressVO>, InsufficientAddressCapacityException>() {
             @Override
@@ -864,6 +866,10 @@ public List<IPAddressVO> doInTransaction(TransactionStatus status) throws Insuff
                     sc.setJoinParameters("vlan", "networkId", guestNetworkId);
                     errorMessage.append(", network id=" + guestNetworkId);
                 }
+                if (requestedGateway != null) {
+                    sc.setJoinParameters("vlan", "vlanGateway", requestedGateway);
+                    errorMessage.append(", requested gateway=" + requestedGateway);
+                }
                 sc.setJoinParameters("vlan", "type", vlanUse);
 
                 if (requestedIp != null) {
@@ -1023,7 +1029,7 @@ public PublicIp doInTransaction(TransactionStatus status) throws InsufficientAdd
                         VpcVO vpc = _vpcDao.findById(vpcId);
                         displayIp = vpc.isDisplay();
                     }
-                    return fetchNewPublicIp(dcId, null, null, owner, VlanType.VirtualNetwork, guestNtwkId, isSourceNat, true, null, false, vpcId, displayIp, false);
+                    return fetchNewPublicIp(dcId, null, null, owner, VlanType.VirtualNetwork, guestNtwkId, isSourceNat, true, null, null, false, vpcId, displayIp, false);
                 }
             });
             if (ip.getState() != State.Allocated) {
@@ -1219,7 +1225,7 @@ public IpAddress allocateIp(final Account ipOwner, final boolean isSystem, Accou
             ip = Transaction.execute(new TransactionCallbackWithException<PublicIp, InsufficientAddressCapacityException>() {
                 @Override
                 public PublicIp doInTransaction(TransactionStatus status) throws InsufficientAddressCapacityException {
-                    PublicIp ip = fetchNewPublicIp(zone.getId(), null, null, ipOwner, vlanType, null, false, assign, ipaddress, isSystem, null, displayIp, false);
+                    PublicIp ip = fetchNewPublicIp(zone.getId(), null, null, ipOwner, vlanType, null, false, assign, ipaddress, null, isSystem, null, displayIp, false);
 
                     if (ip == null) {
                         InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Unable to find available public IP addresses", DataCenter.class, zone
diff --git a/server/src/main/java/com/cloud/network/rules/DhcpSubNetRules.java b/server/src/main/java/com/cloud/network/rules/DhcpSubNetRules.java
@@ -123,10 +123,10 @@ public boolean accept(final NetworkTopologyVisitor visitor, final VirtualRouter
                         IpAddressManager ipAddrMgr = visitor.getVirtualNetworkApplianceFactory().getIpAddrMgr();
                         if (dc.getNetworkType() == NetworkType.Basic) {
                             routerPublicIP = ipAddrMgr.assignPublicIpAddressFromVlans(_router.getDataCenterId(), vm.getPodIdToDeployIn(), caller, Vlan.VlanType.DirectAttached,
-                                    vlanDbIdList, _nic.getNetworkId(), null, false);
+                                    vlanDbIdList, _nic.getNetworkId(), null, _nic.getIPv4Gateway(), false);
                         } else {
                             routerPublicIP = ipAddrMgr.assignPublicIpAddressFromVlans(_router.getDataCenterId(), null, caller, Vlan.VlanType.DirectAttached, vlanDbIdList,
-                                    _nic.getNetworkId(), null, false);
+                                    _nic.getNetworkId(), null, _nic.getIPv4Gateway(), false);
                         }
 
                         _routerAliasIp = routerPublicIP.getAddress().addr();
@@ -171,4 +171,4 @@ public NicIpAliasVO getNicAlias() {
     public String getRouterAliasIp() {
         return _routerAliasIp;
     }
-}
+}
diff --git a/server/src/main/java/com/cloud/server/ManagementServerImpl.java b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
@@ -2178,7 +2178,7 @@ public Pair<List<? extends IpAddress>, Integer> searchForIPAddresses(final ListP
                 long dcId = dc.getId();
                 try {
                     freeAddrs.addAll(_ipAddressMgr.listAvailablePublicIps(dcId, null, vlanDbIds, owner, VlanType.VirtualNetwork, associatedNetworkId,
-                            false, false, false, null, false, cmd.getVpcId(), cmd.isDisplay(), false, false)); // Free
+                            false, false, false, null, null, false, cmd.getVpcId(), cmd.isDisplay(), false, false)); // Free
                 } catch (InsufficientAddressCapacityException e) {
                     s_logger.warn("no free address is found in zone " + dcId);
                 }
diff --git a/systemvm/debian/opt/cloud/bin/configure.py b/systemvm/debian/opt/cloud/bin/configure.py
@@ -1070,6 +1070,7 @@ def main(argv):
     config.address().process()
 
     databag_map = OrderedDict([("guest_network",     {"process_iptables": True,  "executor": []}),
+                               ("ip_aliases",        {"process_iptables": True,  "executor": []}),
                                ("vm_password",       {"process_iptables": False, "executor": [CsPassword("vmpassword", config)]}),
                                ("vm_metadata",       {"process_iptables": False, "executor": [CsVmMetadata('vmdata', config)]}),
                                ("network_acl",       {"process_iptables": True,  "executor": []}),

Original file line number	Diff line number	Diff line change
`@@ -2178,7 +2178,7 @@ public Pair<List<? extends IpAddress>, Integer> searchForIPAddresses(final ListP`
`2178`	`2178`	`long dcId = dc.getId();`
`2179`	`2179`	`try {`
`2180`	`2180`	`freeAddrs.addAll(_ipAddressMgr.listAvailablePublicIps(dcId, null, vlanDbIds, owner, VlanType.VirtualNetwork, associatedNetworkId,`
`2181`		`- false, false, false, null, false, cmd.getVpcId(), cmd.isDisplay(), false, false)); // Free`
	`2181`	`+ false, false, false, null, null, false, cmd.getVpcId(), cmd.isDisplay(), false, false)); // Free`
`2182`	`2182`	`} catch (InsufficientAddressCapacityException e) {`
`2183`	`2183`	`s_logger.warn("no free address is found in zone " + dcId);`
`2184`	`2184`	`}`