Multiple networks support for vms in advanced zone with security group (and kvm support) #3639
Conversation
|
@rakgenius @wido @GabrielBrascher @rhtyd We have tested with ipv4 addresses. We have also some other codes in integration test to test if the primary and secondary ips are reachable from virtual router. However, it requires sshpass and a script in vm to configure the ips, so I removed them from integration test. |
wido
left a comment
wido
left a comment
There was a problem hiding this comment.
Looking good! Left a few comments
...ypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
Outdated
Show resolved
Hide resolved
...ypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
Outdated
Show resolved
Hide resolved
...ypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
Outdated
Show resolved
Hide resolved
...vm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtPlugNicCommandWrapper.java
Outdated
Show resolved
Hide resolved
|
@wido Thanks for review ! |
|
Hi guys @wido @weizhouapache , any change to progress on this one for the 4.14 (and solve the conflict) ? |
|
@ustcweizhou can you fix the merge conflict? |
ustcweizhou
force-pushed
the
4.14.0.0-multipleips
branch
from
9c64276 to
7294729
Compare
|
@rhtyd rebased with latest master |
|
@blueorangutan package |
|
@weizhouapache a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
|
Packaging result: ✖centos6 ✔centos7 ✔debian. JID-711 |
|
@blueorangutan test |
|
@DaanHoogland a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
|
Trillian test result (tid-855)
|
|
@wido Are all your concerns met? Will you guys test this? |
|
@GabrielBrascher interested to test this one perhaps? |
|
@andrijapanicsb sure, going to test it soon! |
|
@ustcweizhou can you address merge conflict? |
|
@blueorangutan package |
|
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
|
Packaging result: ✖centos6 ✔centos7 ✔debian. JID-871 |
@GabrielBrascher kindly ping if any updates on testing. thx! |
|
@blueorangutan package |
|
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
|
Packaging result: ✖centos6 ✔centos7 ✔debian. JID-886 |
|
@blueorangutan test |
|
@DaanHoogland a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
|
Trillian test result (tid-1014)
|
|
@andrijapanicsb got delayed with other tasks, just finishing to build it for a staging environment. I will be able to test it today. |
GabrielBrascher
left a comment
GabrielBrascher
left a comment
There was a problem hiding this comment.
Tested and it works 👍
Overall code looks good, just added a few minor observations.
Test env: KVM on Ubuntu 18.04, advanced network with security groups.
| private static final String CIDR_LENGTH_SEPARATOR = "/"; | ||
| private static final char RULE_TARGET_SEPARATOR = ','; | ||
| private static final char RULE_COMMAND_SEPARATOR = ';'; | ||
| public static final char RULE_TARGET_SEPARATOR = ','; |
There was a problem hiding this comment.
I see that RULE_TARGET_SEPARATOR is not being used outside this class. Is that correct? If it is indeed the case, this should be set back to private.
| * @param conn | ||
| * @param vm | ||
| * @param checkBeforeApply | ||
| * @return |
There was a problem hiding this comment.
Thanks for adding documentation.
Just a note: I don't think that @param adds much info when it holds only the parameter name, normally I would vote to remove them, or add some description on each param.
| @Inject | ||
| private NetworkDetailsDao networkDetailsDao; | ||
| @Inject | ||
| private SecurityGroupManager _securityGroupManager; |
There was a problem hiding this comment.
Java Naming Conventions does not recommend using _ (underscore) before variable name. Can you please remove it?
DaanHoogland
left a comment
DaanHoogland
left a comment
There was a problem hiding this comment.
code lgtm, not tested
GabrielBrascher
left a comment
GabrielBrascher
left a comment
There was a problem hiding this comment.
Based on code review and tests, it LGTM.
Regression tests failed on :
test_02_vpc_privategw_static_routes Failure 223.58 test_privategw_acl.py
test_03_vpc_privategw_restart_vpc_cleanup Failure 221.55 test_privategw_acl.py
test_04_rvpc_privategw_static_routes Failure 334.08 test_privategw_acl.py
But not necessarily related with this PR (afaik). Issue #3859 was created to tackle it.
9 participants
Description
In advanced zone with security groups, there can be multiple shared networks with security groups enabled. However, it is only possible to create vm with only one network. When we try to create vm with multiple networks, it gives error "Only support one network per VM if security group enabled".
Operations succeed if we create a vm with one network and add other networks to the vm. However, the new nics do not work as there are no network rules for them applied on hypervisor.
This PR will enable the functionality on KVM hypervisors, including the support on
(1) API to support vm with multiple networks for KVM
(2) UI to create vm with multiple networks for KVM
(3) network rules applied on all nics (when create a vm, and add/remove nics)
(4) network rules for all secondary ips on all nics
This PR includes the other two bug fixes: #3635 and #3636
This PR also included a script file for integration test.
Fixes: #3045 #3568
Types of changes
Screenshots (if appropriate):
How Has This Been Tested?
environment:
ubuntu 18.04 / python2
advanced zone with security groups
check network rules for vm (eg i-10-20-VM)
vm actions: