Fixing the communication with VM via Public IP

wilderrodrigues · wilderrodrigues · commit cb2b9e870b36 · 2015-04-08T16:04:55.000+02:00
- Pub IP port forwarding and static NAT fixed for single VPCs - Pub IP port forwarding fixed for redundant VPCs [wip] fix static NAT for redundant VPCs This closes apache#150
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -414,7 +414,7 @@ def process(self):
             self.deletevpn(ip)
 
     def deletevpn(self, ip):
-        logging.info("Removinf VPN configuration for %s", ip)
+        logging.info("Removing VPN configuration for %s", ip)
         CsHelper.execute("ipsec auto --down vpn-%s" % ip)
         CsHelper.execute("ipsec auto --delete vpn-%s" % ip)
         vpnconffile = "%s/ipsec.vpn-%s.conf" % (self.VPNCONFDIR, ip)
@@ -586,15 +586,36 @@ def forward_vr(self, rule):
         self.fw.append(["nat", "", fw6])
 
     def forward_vpc(self, rule):
-        fwrule = "-A PREROUTING -d %s/32" % rule["public_ip"]
+        fw_prerout_rule = "-A PREROUTING -d %s/32 -i %s" % (rule["public_ip"], self.getDeviceByIp(rule['public_ip']))
         if not rule["protocol"] == "any":
-            fwrule += " -m %s -p %s" % (rule["protocol"], rule["protocol"])
+            fw_prerout_rule += " -m %s -p %s" % (rule["protocol"], rule["protocol"])
         if not rule["public_ports"] == "any":
-            fwrule += " --dport %s" % self.portsToString(rule["public_ports"], ":")
-        fwrule += " -j DNAT --to-destination %s" % rule["internal_ip"]
+            fw_prerout_rule += " --dport %s" % self.portsToString(rule["public_ports"], ":")
+        fw_prerout_rule += " -j DNAT --to-destination %s" % rule["internal_ip"]
         if not rule["internal_ports"] == "any":
-            fwrule += ":" + self.portsToString(rule["internal_ports"], "-")
-        self.fw.append(["nat", "", fwrule])
+            fw_prerout_rule += ":" + self.portsToString(rule["internal_ports"], "-")
+        
+        fw_postrout_rule = "-A POSTROUTING -d %s/32 " % rule["public_ip"]
+        if not rule["protocol"] == "any":
+            fw_postrout_rule += " -m %s -p %s" % (rule["protocol"], rule["protocol"])
+        if not rule["public_ports"] == "any":
+            fw_postrout_rule += " --dport %s" % self.portsToString(rule["public_ports"], ":")
+        fw_postrout_rule += " -j SNAT --to-source %s" % rule["internal_ip"]
+        if not rule["internal_ports"] == "any":
+            fw_postrout_rule += ":" + self.portsToString(rule["internal_ports"], "-")
+        
+        fw_output_rule = "-A OUTPUT -d %s/32" % rule["public_ip"]
+        if not rule["protocol"] == "any":
+            fw_output_rule += " -m %s -p %s" % (rule["protocol"], rule["protocol"])
+        if not rule["public_ports"] == "any":
+            fw_output_rule += " --dport %s" % self.portsToString(rule["public_ports"], ":")
+        fw_output_rule += " -j DNAT --to-destination %s" % rule["internal_ip"]
+        if not rule["internal_ports"] == "any":
+            fw_output_rule += ":" + self.portsToString(rule["internal_ports"], "-")
+        
+        self.fw.append(["nat", "", fw_prerout_rule])
+        self.fw.append(["nat", "", fw_postrout_rule])
+        self.fw.append(["nat", "", fw_output_rule])
 
     def processStaticNatRule(self, rule):
         # FIXME this needs ordering with the VPN no nat rule
@@ -605,6 +626,8 @@ def processStaticNatRule(self, rule):
                         "-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])])
         self.fw.append(["nat", "front",
                         "-A POSTROUTING -o %s -s %s/32 -j SNAT --to-source %s" % (device, rule["internal_ip"], rule["public_ip"])])
+        self.fw.append(["nat", "front",
+                        "-A OUTPUT -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])])
 
 
 def main(argv):
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
@@ -129,10 +129,11 @@ def get_gateway(self):
         if self.config.is_vpc():
             return self.get_attr("gateway")
         else:
-            if self.config.cmdline().is_redundant():
-                return self.config.cmdline().get_guest_gw()
-            else:
-                return self.get_ip()
+            return self.config.cmdline().get_guest_gw()
+#             if self.config.cmdline().is_redundant():
+#                 return self.config.cmdline().get_guest_gw()
+#             else:
+#                 return self.get_ip()
 
     def ip_in_subnet(self, ip):
         ipo = IPAddress(ip)
diff --git a/systemvm/patches/debian/config/opt/cloud/templates/keepalived.conf.templ b/systemvm/patches/debian/config/opt/cloud/templates/keepalived.conf.templ
@@ -19,12 +19,6 @@ global_defs {
    router_id [ROUTER_ID]
 }
 
-!vrrp_script check_bumpup {
-    !script "[RROUTER_BIN_PATH]/check_bumpup.sh"
-    !interval 5
-    !weight [DELTA]
-!}
-
 vrrp_script heartbeat {
     script "[RROUTER_BIN_PATH]/heartbeat.sh"
     interval 10
@@ -48,7 +42,6 @@ vrrp_instance inside_network {
     }
 
     track_script {
-        !check_bumpup
         heartbeat
     }
 

Original file line number	Diff line number	Diff line change
`@@ -19,12 +19,6 @@ global_defs {`
`19`	`19`	`router_id [ROUTER_ID]`
`20`	`20`	`}`
`21`	`21`
`22`		`-!vrrp_script check_bumpup {`
`23`		`- !script "[RROUTER_BIN_PATH]/check_bumpup.sh"`
`24`		`- !interval 5`
`25`		`- !weight [DELTA]`
`26`		`-!}`
`27`		`-`
`28`	`22`	`vrrp_script heartbeat {`
`29`	`23`	`script "[RROUTER_BIN_PATH]/heartbeat.sh"`
`30`	`24`	`interval 10`
`@@ -48,7 +42,6 @@ vrrp_instance inside_network {`
`48`	`42`	`}`
`49`	`43`
`50`	`44`	`track_script {`
`51`		`- !check_bumpup`
`52`	`45`	`heartbeat`
`53`	`46`	`}`
`54`	`47`