Merge release branch 4.13 to master

* 4.13:
  vr: add missing rule for port forwarding rule in vpc (#3857)
  vpc: set traffic type of private gateway IP to Public to fix ke… (#3851)

Author: DaanHoogland

engine/schema/src/main/java/com/cloud/network/vpc/dao/VpcGatewayDao.java

@@ -32,4 +32,6 @@ public interface VpcGatewayDao extends GenericDao<VpcGatewayVO, Long> {
     List<VpcGatewayVO> listByAclIdAndType(long aclId, VpcGateway.Type type);
 
     List<VpcGatewayVO> listByVpcId(long vpcId);
+
+    VpcGatewayVO getVpcGatewayByNetworkId(long networkId);
 }

engine/schema/src/main/java/com/cloud/network/vpc/dao/VpcGatewayDaoImpl.java

@@ -89,4 +89,11 @@ public List<VpcGatewayVO> listByVpcId(long vpcId) {
         sc.setParameters("vpcId", vpcId);
         return listBy(sc);
     }
+
+    @Override
+    public VpcGatewayVO getVpcGatewayByNetworkId(long networkId) {
+        SearchCriteria<VpcGatewayVO> sc = AllFieldsSearch.create();
+        sc.setParameters("networkid", networkId);
+        return findOneBy(sc);
+    }
 }

server/src/main/java/com/cloud/network/NetworkModelImpl.java

@@ -94,7 +94,9 @@
 import com.cloud.network.rules.FirewallRule.Purpose;
 import com.cloud.network.rules.FirewallRuleVO;
 import com.cloud.network.rules.dao.PortForwardingRulesDao;
+import com.cloud.network.vpc.VpcGatewayVO;
 import com.cloud.network.vpc.dao.PrivateIpDao;
+import com.cloud.network.vpc.dao.VpcGatewayDao;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offering.NetworkOffering.Detail;
 import com.cloud.offerings.NetworkOfferingServiceMapVO;
@@ -158,6 +160,8 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel, Confi
     NicDao _nicDao = null;
     @Inject
     PodVlanMapDao _podVlanMapDao;
+    @Inject
+    VpcGatewayDao _vpcGatewayDao;
 
     private List<NetworkElement> networkElements;
 
@@ -1780,8 +1784,8 @@ public List<? extends PhysicalNetwork> getPhysicalNtwksSupportingTrafficType(lon
 
     @Override
     public boolean isPrivateGateway(long ntwkId) {
-        Network network = getNetwork(ntwkId);
-        if (network.getTrafficType() != TrafficType.Guest || network.getNetworkOfferingId() != s_privateOfferingId.longValue()) {
+        final VpcGatewayVO gateway = _vpcGatewayDao.getVpcGatewayByNetworkId(ntwkId);
+        if (gateway == null) {
             return false;
         }
         return true;

server/src/main/java/com/cloud/network/router/CommandSetupHelper.java

@@ -104,7 +104,9 @@
 import com.cloud.network.vpc.StaticRouteProfile;
 import com.cloud.network.vpc.Vpc;
 import com.cloud.network.vpc.VpcGateway;
+import com.cloud.network.vpc.VpcGatewayVO;
 import com.cloud.network.vpc.dao.VpcDao;
+import com.cloud.network.vpc.dao.VpcGatewayDao;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offerings.NetworkOfferingVO;
 import com.cloud.offerings.dao.NetworkOfferingDao;
@@ -170,6 +172,8 @@ public class CommandSetupHelper {
     @Inject
     private VpcDao _vpcDao;
     @Inject
+    private VpcGatewayDao _vpcGatewayDao;
+    @Inject
     private VlanDao _vlanDao;
     @Inject
     private IPAddressDao _ipAddressDao;
@@ -707,7 +711,7 @@ public int compare(final PublicIpAddress o1, final PublicIpAddress o2) {
                 final IpAddressTO ip = new IpAddressTO(ipAddr.getAccountId(), ipAddr.getAddress().addr(), add, firstIP, sourceNat, BroadcastDomainType.fromString(ipAddr.getVlanTag()).toString(), ipAddr.getGateway(),
                         ipAddr.getNetmask(), macAddress, networkRate, ipAddr.isOneToOneNat());
 
-                ip.setTrafficType(network.getTrafficType());
+                ip.setTrafficType(getNetworkTrafficType(network));
                 ip.setNetworkName(_networkModel.getNetworkTag(router.getHypervisorType(), network));
                 ipsToSend[i++] = ip;
                 if (ipAddr.isSourceNat()) {
@@ -823,7 +827,7 @@ public int compare(final PublicIpAddress o1, final PublicIpAddress o2) {
                 final IpAddressTO ip = new IpAddressTO(ipAddr.getAccountId(), ipAddr.getAddress().addr(), add, firstIP, sourceNat, vlanId, vlanGateway, vlanNetmask,
                         vifMacAddress, networkRate, ipAddr.isOneToOneNat());
 
-                ip.setTrafficType(network.getTrafficType());
+                ip.setTrafficType(getNetworkTrafficType(network));
                 ip.setNetworkName(_networkModel.getNetworkTag(router.getHypervisorType(), network));
                 ipsToSend[i++] = ip;
                 /*
@@ -948,7 +952,7 @@ public void createVpcAssociatePrivateIPCommands(final VirtualRouter router, fina
                 final IpAddressTO ip = new IpAddressTO(Account.ACCOUNT_ID_SYSTEM, ipAddr.getIpAddress(), add, false, ipAddr.getSourceNat(), ipAddr.getBroadcastUri(),
                         ipAddr.getGateway(), ipAddr.getNetmask(), ipAddr.getMacAddress(), null, false);
 
-                ip.setTrafficType(network.getTrafficType());
+                ip.setTrafficType(getNetworkTrafficType(network));
                 ip.setNetworkName(_networkModel.getNetworkTag(router.getHypervisorType(), network));
                 ipsToSend[i++] = ip;
 
@@ -1101,4 +1105,14 @@ protected String getGuestDhcpRange(final NicProfile guestNic, final Network gues
         }
         return dhcpRange;
     }
+
+    private TrafficType getNetworkTrafficType(Network network) {
+        final VpcGatewayVO gateway = _vpcGatewayDao.getVpcGatewayByNetworkId(network.getId());
+        if (gateway != null) {
+            s_logger.debug("network " + network.getId() + " (name: " + network.getName() + " ) is a vpc private gateway, set traffic type to Public");
+            return TrafficType.Public;
+        } else {
+            return network.getTrafficType();
+        }
+    }
 }

systemvm/debian/opt/cloud/bin/configure.py

@@ -793,6 +793,12 @@ def getGuestIp(self):
 
         return None
 
+    def getGuestIpByIp(self, ipa):
+        for interface in self.config.address().get_interfaces():
+            if interface.ip_in_subnet(ipa):
+                return interface.get_ip()
+        return None
+
     def getDeviceByIp(self, ipa):
         for interface in self.config.address().get_interfaces():
             if interface.ip_in_subnet(ipa):
@@ -930,8 +936,20 @@ def forward_vpc(self, rule):
         if not rule["internal_ports"] == "any":
             fw_output_rule += ":" + self.portsToString(rule["internal_ports"], "-")
 
+        fw_postrout_rule2 = "-j SNAT --to-source %s -A POSTROUTING -s %s -d %s/32 -o %s -p %s -m %s --dport %s" % \
+            (
+                self.getGuestIpByIp(rule['internal_ip']),
+                self.getNetworkByIp(rule['internal_ip']),
+                rule['internal_ip'],
+                self.getDeviceByIp(rule['internal_ip']),
+                rule['protocol'],
+                rule['protocol'],
+                self.portsToString(rule['internal_ports'], ':')
+            )
+
         self.fw.append(["nat", "", fw_prerout_rule])
         self.fw.append(["nat", "", fw_postrout_rule])
+        self.fw.append(["nat", "", fw_postrout_rule2])
         self.fw.append(["nat", "", fw_output_rule])
 
     def processStaticNatRule(self, rule):