Skip to content

CLOUDSTACK-10003 automatic configure juniper srx/vsrx nat loopback,#2184

Merged
yadvr merged 2 commits intoapache:masterfrom
ming416:4.8
Dec 16, 2017
Merged

CLOUDSTACK-10003 automatic configure juniper srx/vsrx nat loopback,#2184
yadvr merged 2 commits intoapache:masterfrom
ming416:4.8

Conversation

@ming416
Copy link
Contributor

@ming416 ming416 commented Jul 14, 2017

automatic configure juniper srx/vsrx nat loopback,

constraint condition that manual configure source nat in juniper srx,allowed vm vist public network :
zone : trust to {trust,untrust}
rule : source address {0.0.0.0/0},destination address{0.0.0.0/0} ,do source nat with pool {public network getway ip}.

code change for trust to trust destination or static nat:

  1. add srxCommand :CHECK_PRIVATE_IF_EXISTS. for add/delete rule to detect whether exist or not contain DestinationNatRule or StaticNatRule (ruleName_private) in trust zone .
  2. add DestinationNatRule (ruleName_private) to trust zone when ADD DestinationNatRule to untrust .
  3. delete DestinationNatRule (ruleName_private) from trust zone when DELETE DestinationNatRule from untrust.
  4. add StaticNatRule (ruleName_private) to trust zone when ADD StaticNatRule to untrust .
  5. delete StaticNatRule (ruleName_private) from trust zone when DELETE StaticNatRule from untrust.

ming416 added 2 commits July 14, 2017 13:42
@ming416
automatic configure juniper srx/vsrx nat loopback,
cfe12d0 
automatic configure juniper srx/vsrx nat loopback,

constraint condition that manual configure source nat in juniper srx,allowed vm vist public network :
zone : trust to {trust,untrust}
rule : source address {0.0.0.0/0},destination address{0.0.0.0/0} ,do source nat with pool {public network getway ip}.

code change for trust to trust destination or static nat:

1. add srxCommand :CHECK_PRIVATE_IF_EXISTS. for add/delete rule to detect whether exist or not contain DestinationNatRule or StaticNatRule (ruleName_private) in trust zone .
2. add DestinationNatRule  (ruleName_private) to trust zone when ADD DestinationNatRule to untrust .
3. delete DestinationNatRule  (ruleName_private) from trust zone when DELETE DestinationNatRule from untrust.
4. add StaticNatRule (ruleName_private) to trust zone when ADD  StaticNatRule to untrust .
5. delete  StaticNatRule (ruleName_private) from trust zone when DELETE  StaticNatRule from untrust.
@ming416
check private
8a61403 
check private if exist
borisstoyanov
borisstoyanov reviewed Jul 14, 2017
View reviewed changes
Copy link
Contributor

@borisstoyanov borisstoyanov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ming416 can you please add JIRA itema in the title of the PR, same as other PRs

@ming416 ming416 changed the title automatic configure juniper srx/vsrx nat loopback, CLOUDSTACK-10003 automatic configure juniper srx/vsrx nat loopback, Jul 15, 2017
@cloudmonger
Copy link

cloudmonger commented Jul 16, 2017

ACS CI BVT Run

Sumarry:
Build Number 972
Hypervisor xenserver
NetworkType Advanced
Passed=107
Failed=6
Skipped=12

Link to logs Folder (search by build_no): https://www.dropbox.com/sh/r2si930m8xxzavs/AAAzNrnoF1fC3auFrvsKo_8-a?dl=0

Failed tests:

  • test_deploy_vm_iso.py

  • test_deploy_vm_from_iso Failing since 30 runs

  • test_vm_life_cycle.py

  • test_10_attachAndDetach_iso Failing since 30 runs

  • test_routers_network_ops.py

  • test_01_isolate_network_FW_PF_default_routes_egress_true Failing since 63 runs

  • test_02_isolate_network_FW_PF_default_routes_egress_false Failing since 63 runs

  • test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true Failing since 62 runs

  • test_02_RVR_Network_FW_PF_SSH_default_routes_egress_false Failing since 62 runs

Skipped tests:
test_vm_nic_adapter_vmxnet3
test_01_verify_libvirt
test_02_verify_libvirt_after_restart
test_03_verify_libvirt_attach_disk
test_04_verify_guest_lspci
test_05_change_vm_ostype_restart
test_06_verify_guest_lspci_again
test_static_role_account_acls
test_11_ss_nfs_version_on_ssvm
test_nested_virtualization_vmware
test_3d_gpu_support
test_deploy_vgpu_enabled_vm

Passed test suits:
test_deploy_vm_with_userdata.py
test_affinity_groups_projects.py
test_portable_publicip.py
test_vm_snapshots.py
test_over_provisioning.py
test_global_settings.py
test_scale_vm.py
test_service_offerings.py
test_routers_iptables_default_policy.py
test_loadbalance.py
test_routers.py
test_reset_vm_on_reboot.py
test_deploy_vms_with_varied_deploymentplanners.py
test_network.py
test_router_dns.py
test_non_contigiousvlan.py
test_login.py
test_list_ids_parameter.py
test_public_ip_range.py
test_multipleips_per_nic.py
test_metrics_api.py
test_regions.py
test_affinity_groups.py
test_network_acl.py
test_pvlan.py
test_volumes.py
test_nic.py
test_deploy_vm_root_resize.py
test_resource_detail.py
test_secondary_storage.py
test_disk_offerings.py

@DaanHoogland
Copy link
Contributor

DaanHoogland commented Jul 19, 2017

@blueorangutan package

@blueorangutan
Copy link

blueorangutan commented Jul 19, 2017

@DaanHoogland a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

@blueorangutan
Copy link

blueorangutan commented Jul 19, 2017

Packaging result: ✔centos6 ✔centos7 ✔debian. JID-804

@DaanHoogland
Copy link
Contributor

DaanHoogland commented Jul 19, 2017

@blueorangutan test

@blueorangutan
Copy link

blueorangutan commented Jul 19, 2017

@DaanHoogland a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

@yadvr yadvr added this to the 4.11 milestone Dec 10, 2017
@yadvr
Copy link
Member

yadvr commented Dec 15, 2017

@blueorangutan package

@blueorangutan
Copy link

blueorangutan commented Dec 15, 2017

@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

@blueorangutan
Copy link

blueorangutan commented Dec 15, 2017

Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1381

@yadvr
Copy link
Member

yadvr commented Dec 15, 2017

We don't have srx infra to test this, but we'll run regression tests and accept if they pass.
@blueorangutan test

@blueorangutan
Copy link

blueorangutan commented Dec 15, 2017

@rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

@blueorangutan
Copy link

blueorangutan commented Dec 16, 2017

Trillian test result (tid-1793)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 26969 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2184-t1793-kvm-centos7.zip
Test completed. Failed tests results shown below:

Test Result Time (s) Test File
ContextSuite context=TestStorageTags>:teardown Error 111.30 test_primary_storage.py
test_01_vpc_privategw_acl Failure 41.26 test_privategw_acl.py
test_02_vpc_privategw_static_routes Failure 127.00 test_privategw_acl.py
test_03_vpc_privategw_restart_vpc_cleanup Failure 162.20 test_privategw_acl.py
test_04_rvpc_privategw_static_routes Failure 287.84 test_privategw_acl.py
test_02_create_template_with_checksum_sha1 Error 5.16 test_templates.py
test_03_create_template_with_checksum_sha256 Error 5.15 test_templates.py
test_04_create_template_with_checksum_md5 Error 5.16 test_templates.py
test_01_vpc_remote_access_vpn Failure 70.73 test_vpc_vpn.py

@yadvr
Copy link
Member

yadvr commented Dec 16, 2017

LGTM based on tests, given we don't have srx to test against I'll merge this based on test results (ignoring known failures).

@yadvr yadvr merged commit 973a9c1 into apache:master Dec 16, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@borisstoyanov borisstoyanov borisstoyanov left review comments

Assignees

No one assigned

Labels

type:enhancement

Projects

None yet

Milestone

4.11.0.0

Development

Successfully merging this pull request may close these issues.

7 participants

@ming416 @cloudmonger @DaanHoogland @blueorangutan @yadvr @borisstoyanov @kiwiflyer