CLOUDSTACK-9266: Make deleting static routes in private gw work #1386

remibergsma · 2016-01-30T05:34:53Z

The to-be-deleted static routes were removed from the json file, instead of putting them there with revoke=true. The script that parses the json now doesn't find it and thus does not delete it.

Example after adding/removing some:

root@r-3-VM:/var/cache/cloud# cat /etc/cloudstack/staticroutes.json 
{
    "1.2.3.0/24": {
        "gateway": "172.16.0.1", 
        "ip_address": "172.16.0.2", 
        "network": "1.2.3.0/24", 
        "revoke": true
    }, 
    "1.2.3.4/32": {
        "gateway": "172.16.0.1", 
        "ip_address": "172.16.0.2", 
        "network": "1.2.3.4/32", 
        "revoke": true
    }, 
    "1.2.33.3/32": {
        "gateway": "172.16.0.1", 
        "ip_address": "172.16.0.2", 
        "network": "1.2.33.3/32", 
        "revoke": true
    }, 
    "1.22.2.2/32": {
        "gateway": "172.16.0.1", 
        "ip_address": "172.16.0.2", 
        "network": "1.22.2.2/32", 
        "revoke": true
    }, 
    "10.1.2.1/32": {
        "gateway": "172.16.0.1", 
        "ip_address": "172.16.0.2", 
        "network": "10.1.2.1/32", 
        "revoke": true
    }, 
    "10.1.200.0/25": {
        "gateway": "172.16.0.1", 
        "ip_address": "172.16.0.2", 
        "network": "10.1.200.0/25", 
        "revoke": true
    }, 
    "10.11.12.13/32": {
        "gateway": "172.16.0.1", 
        "ip_address": "172.16.0.2", 
        "network": "10.11.12.13/32", 
        "revoke": true
    }, 
    "172.16.1.3/32": {
        "gateway": "172.16.0.1", 
        "ip_address": "172.16.0.2", 
        "network": "172.16.1.3/32", 
        "revoke": true
    }, 
    "172.16.15.14/32": {
        "gateway": "172.16.0.1", 
        "ip_address": "172.16.0.2", 
        "network": "172.16.15.14/32", 
        "revoke": false
    }, 
    "172.16.17.0/25": {
        "gateway": "172.16.0.1", 
        "ip_address": "172.16.0.2", 
        "network": "172.16.17.0/25", 
        "revoke": false
    }, 
    "id": "staticroutes"
}

This results in:

root@r-3-VM:/var/cache/cloud# ip route show
default via 192.168.23.1 dev eth1 
169.254.0.0/16 dev eth0  proto kernel  scope link  src 169.254.1.67 
172.16.0.0/24 dev eth2  proto kernel  scope link  src 172.16.0.2 
172.16.15.14 via 172.16.0.1 dev eth2 
172.16.17.0/25 via 172.16.0.1 dev eth2 
192.168.23.0/24 dev eth1  proto kernel  scope link  src 192.168.23.4

Two static routes left, the rest deleted:

172.16.15.14 via 172.16.0.1 dev eth2 
172.16.17.0/25 via 172.16.0.1 dev eth2

That also matches the UI:

borisroman · 2016-02-01T16:51:32Z

LGTM 👍 based on code review

Already running in PROD at SBP.

DaanHoogland · 2016-02-01T20:05:05Z

makes sense looks good, was it put in production without test?

remibergsma · 2016-02-04T08:10:20Z

Test results, tested together with #1383:

nosetests --with-marvin --marvin-config=${marvinCfg} -s -a tags=advanced,required_hardware=true \
component/test_vpc_redundant.py \
component/test_routers_iptables_default_policy.py \
component/test_routers_network_ops.py \
component/test_vpc_router_nics.py \
smoke/test_loadbalance.py \
smoke/test_internal_lb.py \
smoke/test_ssvm.py \
smoke/test_network.py

Result:

Check the password file in the Router VM ... === TestName: test_isolate_network_password_server | Status : SUCCESS ===
ok
Create a redundant VPC with two networks with two VMs in each network ... === TestName: test_01_create_redundant_VPC_2tiers_4VMs_4IPs_4PF_ACL | Status : SUCCESS ===
ok
Create a redundant VPC with two networks with two VMs in each network and check default routes ... === TestName: test_02_redundant_VPC_default_routes | Status : SUCCESS ===
ok
Create a redundant VPC with two networks with two VMs in each network ... === TestName: test_03_create_redundant_VPC_1tier_2VMs_2IPs_2PF_ACL_reboot_routers | Status : SUCCESS ===
ok
Create a redundant VPC with 1 Tier, 1 VM, 1 ACL, 1 PF and test Network GC Nics ... === TestName: test_04_rvpc_network_garbage_collector_nics | Status : SUCCESS ===
ok
Create a redundant VPC with 1 Tier, 1 VM, 1 ACL, 1 PF and test Network GC Nics ... === TestName: test_05_rvpc_multi_tiers | Status : SUCCESS ===
ok
Test iptables default INPUT/FORWARD policy on RouterVM ... === TestName: test_02_routervm_iptables_policies | Status : SUCCESS ===
ok
Test iptables default INPUT/FORWARD policies on VPC router ... === TestName: test_01_single_VPC_iptables_policies | Status : SUCCESS ===
ok
Test redundant router internals ... === TestName: test_01_isolate_network_FW_PF_default_routes_egress_true | Status : SUCCESS ===
ok
Test redundant router internals ... === TestName: test_02_isolate_network_FW_PF_default_routes_egress_false | Status : SUCCESS ===
ok
Test redundant router internals ... === TestName: test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true | Status : SUCCESS ===
ok
Test redundant router internals ... === TestName: test_02_RVR_Network_FW_PF_SSH_default_routes_egress_false | Status : SUCCESS ===
ok
Test redundant router internals ... === TestName: test_03_RVR_Network_check_router_state | Status : SUCCESS ===
ok
Create a VPC with two networks with one VM in each network and test nics after destroy ... === TestName: test_01_VPC_nics_after_destroy | Status : SUCCESS ===
ok
Create a VPC with two networks with one VM in each network and test default routes ... === TestName: test_02_VPC_default_routes | Status : SUCCESS ===
ok
Check that the /etc/dhcphosts.txt doesn't contain duplicate IPs ... === TestName: test_router_dhcphosts | Status : SUCCESS ===
ok
Test to create Load balancing rule with source NAT ... === TestName: test_01_create_lb_rule_src_nat | Status : SUCCESS ===
ok
Test to create Load balancing rule with non source NAT ... === TestName: test_02_create_lb_rule_non_nat | Status : SUCCESS ===
ok
Test for assign & removing load balancing rule ... === TestName: test_assign_and_removal_lb | Status : SUCCESS ===
ok
Test create, assign, remove of an Internal LB with roundrobin http traffic to 3 vm's in a Single VPC ... === TestName: test_01_internallb_roundrobin_1VPC_3VM_HTTP_port80 | Status : SUCCESS ===
ok
Test create, assign, remove of an Internal LB with roundrobin http traffic to 3 vm's in a Redundant VPC ... === TestName: test_02_internallb_roundrobin_1RVPC_3VM_HTTP_port80 | Status : SUCCESS ===
ok
Test to verify access to loadbalancer haproxy admin stats page ... === TestName: test_03_vpc_internallb_haproxy_stats_on_all_interfaces | Status : SUCCESS ===
ok
Test to verify access to loadbalancer haproxy admin stats page ... === TestName: test_04_rvpc_internallb_haproxy_stats_on_all_interfaces | Status : SUCCESS ===
ok
Test SSVM Internals ... === TestName: test_03_ssvm_internals | Status : SUCCESS ===
ok
Test CPVM Internals ... === TestName: test_04_cpvm_internals | Status : SUCCESS ===
ok
Test stop SSVM ... === TestName: test_05_stop_ssvm | Status : SUCCESS ===
ok
Test stop CPVM ... === TestName: test_06_stop_cpvm | Status : SUCCESS ===
ok
Test reboot SSVM ... === TestName: test_07_reboot_ssvm | Status : SUCCESS ===
ok
Test reboot CPVM ... === TestName: test_08_reboot_cpvm | Status : SUCCESS ===
ok
Test destroy SSVM ... === TestName: test_09_destroy_ssvm | Status : SUCCESS ===
ok
Test destroy CPVM ... === TestName: test_10_destroy_cpvm | Status : SUCCESS ===
ok
Test Site 2 Site VPN Across redundant VPCs ... === TestName: test_01_redundant_vpc_site2site_vpn | Status : SUCCESS ===
ok
Test Remote Access VPN in VPC ... === TestName: test_01_vpc_remote_access_vpn | Status : SUCCESS ===
ok
Test Site 2 Site VPN Across VPCs ... === TestName: test_01_vpc_site2site_vpn | Status : SUCCESS ===
ok
test_01_vpc_privategw_acl (integration.smoke.test_privategw_acl.TestPrivateGwACL) ... === TestName: test_01_vpc_privategw_acl | Status : SUCCESS ===
ok
test_02_vpc_privategw_static_routes (integration.smoke.test_privategw_acl.TestPrivateGwACL) ... === TestName: test_02_vpc_privategw_static_routes | Status : SUCCESS ===
ok
test_03_vpc_privategw_restart_vpc_cleanup (integration.smoke.test_privategw_acl.TestPrivateGwACL) ... === TestName: test_03_vpc_privategw_restart_vpc_cleanup | Status : SUCCESS ===
ok
test_04_rvpc_privategw_static_routes (integration.smoke.test_privategw_acl.TestPrivateGwACL) ... === TestName: test_04_rvpc_privategw_static_routes | Status : SUCCESS ===
ok
Test for port forwarding on source NAT ... === TestName: test_01_port_fwd_on_src_nat | Status : SUCCESS ===
ok
Test for port forwarding on non source NAT ... === TestName: test_02_port_fwd_on_non_src_nat | Status : SUCCESS ===
ok
Test for reboot router ... === TestName: test_reboot_router | Status : SUCCESS ===
ok
Test for Router rules for network rules on acquired public IP ... === TestName: test_network_rules_acquired_public_ip_1_static_nat_rule | Status : SUCCESS ===
ok
Test for Router rules for network rules on acquired public IP ... === TestName: test_network_rules_acquired_public_ip_2_nat_rule | Status : SUCCESS ===
ok
Test for Router rules for network rules on acquired public IP ... === TestName: test_network_rules_acquired_public_ip_3_Load_Balancer_Rule | Status : SUCCESS ===
ok

Ran 44 tests in 23424.180s

OK

And:

nosetests --with-marvin --marvin-config=${marvinCfg} -s -a tags=advanced,required_hardware=false \
smoke/test_routers.py \
smoke/test_network_acl.py \
smoke/test_privategw_acl.py \
smoke/test_reset_vm_on_reboot.py \
smoke/test_vm_life_cycle.py \
smoke/test_vpc_vpn.py \
smoke/test_service_offerings.py \
component/test_vpc_offerings.py \
component/test_vpc_routers.py

Result:

Test router internal advanced zone ... === TestName: test_02_router_internal_adv | Status : SUCCESS ===
ok
Test restart network ... === TestName: test_03_restart_network_cleanup | Status : SUCCESS ===
ok
Test router basic setup ... === TestName: test_05_router_basic | Status : SUCCESS ===
ok
Test router advanced setup ... === TestName: test_06_router_advanced | Status : SUCCESS ===
ok
Test stop router ... === TestName: test_07_stop_router | Status : SUCCESS ===
ok
Test start router ... === TestName: test_08_start_router | Status : SUCCESS ===
ok
Test reboot router ... === TestName: test_09_reboot_router | Status : SUCCESS ===
ok
Test reset virtual machine on reboot ... === TestName: test_01_reset_vm_on_reboot | Status : SUCCESS ===
ok
Test advanced zone virtual router ... === TestName: test_advZoneVirtualRouter | Status : SUCCESS ===
ok
Test Deploy Virtual Machine ... === TestName: test_deploy_vm | Status : SUCCESS ===
ok
Test Multiple Deploy Virtual Machine ... === TestName: test_deploy_vm_multiple | Status : SUCCESS ===
ok
Test Stop Virtual Machine ... === TestName: test_01_stop_vm | Status : SUCCESS ===
ok
Test Start Virtual Machine ... === TestName: test_02_start_vm | Status : SUCCESS ===
ok
Test Reboot Virtual Machine ... === TestName: test_03_reboot_vm | Status : SUCCESS ===
ok
Test destroy Virtual Machine ... === TestName: test_06_destroy_vm | Status : SUCCESS ===
ok
Test recover Virtual Machine ... === TestName: test_07_restore_vm | Status : SUCCESS ===
ok
Test migrate VM ... === TestName: test_08_migrate_vm | Status : SUCCESS ===
ok
Test destroy(expunge) Virtual Machine ... === TestName: test_09_expunge_vm | Status : SUCCESS ===
ok
Test to create service offering ... === TestName: test_01_create_service_offering | Status : SUCCESS ===
ok
Test to update existing service offering ... === TestName: test_02_edit_service_offering | Status : SUCCESS ===
ok
Test to delete service offering ... === TestName: test_03_delete_service_offering | Status : SUCCESS ===
ok
Test for delete account ... === TestName: test_delete_account | Status : SUCCESS ===
ok
Test for Associate/Disassociate public IP address for admin account ... === TestName: test_public_ip_admin_account | Status : SUCCESS ===
ok
Test for Associate/Disassociate public IP address for user account ... === TestName: test_public_ip_user_account | Status : SUCCESS ===
ok
Test for release public IP address ... === TestName: test_releaseIP | Status : SUCCESS ===
ok
Test create VPC offering ... === TestName: test_01_create_vpc_offering | Status : SUCCESS ===
ok
Test VPC offering without load balancing service ... === TestName: test_03_vpc_off_without_lb | Status : SUCCESS ===
ok
Test VPC offering without static NAT service ... === TestName: test_04_vpc_off_without_static_nat | Status : SUCCESS ===
ok
Test VPC offering without port forwarding service ... === TestName: test_05_vpc_off_without_pf | Status : SUCCESS ===
ok
Test VPC offering with invalid services ... === TestName: test_06_vpc_off_invalid_services | Status : SUCCESS ===
ok
Test update VPC offering ... === TestName: test_07_update_vpc_off | Status : SUCCESS ===
ok
Test list VPC offering ... === TestName: test_08_list_vpc_off | Status : SUCCESS ===
ok
test_09_create_redundant_vpc_offering (integration.component.test_vpc_offerings.TestVPCOffering) ... === TestName: test_09_create_redundant_vpc_offering | Status : SUCCESS ===
ok
Test start/stop of router after addition of one guest network ... === TestName: test_01_start_stop_router_after_addition_of_one_guest_network | Status : SUCCESS ===
ok
Test reboot of router after addition of one guest network ... === TestName: test_02_reboot_router_after_addition_of_one_guest_network | Status : SUCCESS ===
ok
Test to change service offering of router after addition of one guest network ... === TestName: test_04_chg_srv_off_router_after_addition_of_one_guest_network | Status : SUCCESS ===
ok
Test destroy of router after addition of one guest network ... === TestName: test_05_destroy_router_after_addition_of_one_guest_network | Status : SUCCESS ===
ok
Test to stop and start router after creation of VPC ... === TestName: test_01_stop_start_router_after_creating_vpc | Status : SUCCESS ===
ok
Test to reboot the router after creating a VPC ... === TestName: test_02_reboot_router_after_creating_vpc | Status : SUCCESS ===
ok
Tests to change service offering of the Router after ... === TestName: test_04_change_service_offerring_vpc | Status : SUCCESS ===
ok
Test to destroy the router after creating a VPC ... === TestName: test_05_destroy_router_after_creating_vpc | Status : SUCCESS ===
ok

----------------------------------------------------------------------
Ran 41 tests in 7358.161s

OK

This means nothing else broke. The manual tests above test the actual feature.

CLOUDSTACK-9266: Make deleting static routes in private gw workThe to-be-deleted static routes were removed from the json file, instead of putting them there with revoke=true. The script that parses the json now doesn't find it and thus does not delete it. Example after adding/removing some: ``` root@r-3-VM:/var/cache/cloud# cat /etc/cloudstack/staticroutes.json { "1.2.3.0/24": { "gateway": "172.16.0.1", "ip_address": "172.16.0.2", "network": "1.2.3.0/24", "revoke": true }, "1.2.3.4/32": { "gateway": "172.16.0.1", "ip_address": "172.16.0.2", "network": "1.2.3.4/32", "revoke": true }, "1.2.33.3/32": { "gateway": "172.16.0.1", "ip_address": "172.16.0.2", "network": "1.2.33.3/32", "revoke": true }, "1.22.2.2/32": { "gateway": "172.16.0.1", "ip_address": "172.16.0.2", "network": "1.22.2.2/32", "revoke": true }, "10.1.2.1/32": { "gateway": "172.16.0.1", "ip_address": "172.16.0.2", "network": "10.1.2.1/32", "revoke": true }, "10.1.200.0/25": { "gateway": "172.16.0.1", "ip_address": "172.16.0.2", "network": "10.1.200.0/25", "revoke": true }, "10.11.12.13/32": { "gateway": "172.16.0.1", "ip_address": "172.16.0.2", "network": "10.11.12.13/32", "revoke": true }, "172.16.1.3/32": { "gateway": "172.16.0.1", "ip_address": "172.16.0.2", "network": "172.16.1.3/32", "revoke": true }, "172.16.15.14/32": { "gateway": "172.16.0.1", "ip_address": "172.16.0.2", "network": "172.16.15.14/32", "revoke": false }, "172.16.17.0/25": { "gateway": "172.16.0.1", "ip_address": "172.16.0.2", "network": "172.16.17.0/25", "revoke": false }, "id": "staticroutes" } ``` This results in: ``` root@r-3-VM:/var/cache/cloud# ip route show default via 192.168.23.1 dev eth1 169.254.0.0/16 dev eth0 proto kernel scope link src 169.254.1.67 172.16.0.0/24 dev eth2 proto kernel scope link src 172.16.0.2 172.16.15.14 via 172.16.0.1 dev eth2 172.16.17.0/25 via 172.16.0.1 dev eth2 192.168.23.0/24 dev eth1 proto kernel scope link src 192.168.23.4 ``` Two static routes left, the rest deleted: ``` 172.16.15.14 via 172.16.0.1 dev eth2 172.16.17.0/25 via 172.16.0.1 dev eth2 ``` That also matches the UI: <img width="1327" alt="screen shot 2016-01-30 at 06 34 06" src="https://cloud.githubusercontent.com/assets/1630096/12693933/83e67d80-c71b-11e5-9241-9f478522b7a4.png"> * pr/1386: CLOUDSTACK-9266: Make deleting static routes in private gw work Signed-off-by: Remi Bergsma <github@remi.nl>

CLOUDSTACK-9266: Make deleting static routes in private gw work

a404156

remibergsma mentioned this pull request Feb 4, 2016

CLOUDSTACK-9264: Make /32 static routes for private gw work #1383

Merged

asfgit merged commit a404156 into apache:4.7 Feb 4, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CLOUDSTACK-9266: Make deleting static routes in private gw work #1386

CLOUDSTACK-9266: Make deleting static routes in private gw work #1386

Uh oh!

remibergsma commented Jan 30, 2016

Uh oh!

borisroman commented Feb 1, 2016

Uh oh!

DaanHoogland commented Feb 1, 2016

Uh oh!

remibergsma commented Feb 4, 2016

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

CLOUDSTACK-9266: Make deleting static routes in private gw work #1386

CLOUDSTACK-9266: Make deleting static routes in private gw work #1386

Uh oh!

Conversation

remibergsma commented Jan 30, 2016

Uh oh!

borisroman commented Feb 1, 2016

Uh oh!

DaanHoogland commented Feb 1, 2016

Uh oh!

remibergsma commented Feb 4, 2016

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants