vpc vr: plugin nics by this order: public/private/guest

ustcweizhou · DaanHoogland · commit 03e65a1266e8 · 2020-12-03T15:10:43.000+01:00
diff --git a/server/src/main/java/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java b/server/src/main/java/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
@@ -314,14 +314,19 @@ public boolean finalizeCommandsOnStart(final Commands cmds, final VirtualMachine
             // 2) FORM PLUG NIC COMMANDS
             final List<Pair<Nic, Network>> guestNics = new ArrayList<Pair<Nic, Network>>();
             final List<Pair<Nic, Network>> publicNics = new ArrayList<Pair<Nic, Network>>();
+            final List<Pair<Nic, Network>> privateGatewayNics = new ArrayList<Pair<Nic, Network>>();
             final Map<String, String> vlanMacAddress = new HashMap<String, String>();
 
             final List<? extends Nic> routerNics = _nicDao.listByVmIdOrderByDeviceId(profile.getId());
             for (final Nic routerNic : routerNics) {
                 final Network network = _networkModel.getNetwork(routerNic.getNetworkId());
                 if (network.getTrafficType() == TrafficType.Guest) {
                     final Pair<Nic, Network> guestNic = new Pair<Nic, Network>(routerNic, network);
-                    guestNics.add(guestNic);
+                    if (_networkModel.isPrivateGateway(routerNic.getNetworkId())) {
+                        privateGatewayNics.add(guestNic);
+                    } else {
+                        guestNics.add(guestNic);
+                    }
                 } else if (network.getTrafficType() == TrafficType.Public) {
                     final Pair<Nic, Network> publicNic = new Pair<Nic, Network>(routerNic, network);
                     publicNics.add(publicNic);
@@ -375,43 +380,48 @@ public boolean finalizeCommandsOnStart(final Commands cmds, final VirtualMachine
                     _commandSetupHelper.createVpcAssociatePublicIPCommands(domainRouterVO, sourceNat, cmds, vlanMacAddress);
                 }
 
+                // add VPC router to private gateway networks
+                for (final Pair<Nic, Network> nicNtwk : privateGatewayNics) {
+                    final Nic guestNic = updateNicWithDeviceId(nicNtwk.first().getId(), deviceId);
+                    deviceId ++;
+                    // plug guest nic
+                    final PlugNicCommand plugNicCmd = new PlugNicCommand(_nwHelper.getNicTO(domainRouterVO, guestNic.getNetworkId(), null), domainRouterVO.getInstanceName(), domainRouterVO.getType(), details);
+                    cmds.addCommand(plugNicCmd);
+                    // set private network
+                    final PrivateIpVO ipVO = _privateIpDao.findByIpAndSourceNetworkId(guestNic.getNetworkId(), guestNic.getIPv4Address());
+                    final Network network = _networkDao.findById(guestNic.getNetworkId());
+                    BroadcastDomainType.getValue(network.getBroadcastUri());
+                    final String netmask = NetUtils.getCidrNetmask(network.getCidr());
+                    final PrivateIpAddress ip = new PrivateIpAddress(ipVO, network.getBroadcastUri().toString(), network.getGateway(), netmask, guestNic.getMacAddress());
+
+                    final List<PrivateIpAddress> privateIps = new ArrayList<PrivateIpAddress>(1);
+                    privateIps.add(ip);
+                    _commandSetupHelper.createVpcAssociatePrivateIPCommands(domainRouterVO, privateIps, cmds, true);
+
+                    final Long privateGwAclId = _vpcGatewayDao.getNetworkAclIdForPrivateIp(ipVO.getVpcId(), ipVO.getNetworkId(), ipVO.getIpAddress());
+
+                    if (privateGwAclId != null) {
+                        // set network acl on private gateway
+                        final List<NetworkACLItemVO> networkACLs = _networkACLItemDao.listByACL(privateGwAclId);
+                        s_logger.debug("Found " + networkACLs.size() + " network ACLs to apply as a part of VPC VR " + domainRouterVO + " start for private gateway ip = "
+                                + ipVO.getIpAddress());
+
+                        _commandSetupHelper.createNetworkACLsCommands(networkACLs, domainRouterVO, cmds, ipVO.getNetworkId(), true);
+                    }
+                }
+
                 // add VPC router to guest networks
                 for (final Pair<Nic, Network> nicNtwk : guestNics) {
                     final Nic guestNic = updateNicWithDeviceId(nicNtwk.first().getId(), deviceId);
                     deviceId ++;
                     // plug guest nic
                     final PlugNicCommand plugNicCmd = new PlugNicCommand(_nwHelper.getNicTO(domainRouterVO, guestNic.getNetworkId(), null), domainRouterVO.getInstanceName(), domainRouterVO.getType(), details);
                     cmds.addCommand(plugNicCmd);
-                    if (!_networkModel.isPrivateGateway(guestNic.getNetworkId())) {
-                        // set guest network
-                        final VirtualMachine vm = _vmDao.findById(domainRouterVO.getId());
-                        final NicProfile nicProfile = _networkModel.getNicProfile(vm, guestNic.getNetworkId(), null);
-                        final SetupGuestNetworkCommand setupCmd = _commandSetupHelper.createSetupGuestNetworkCommand(domainRouterVO, true, nicProfile);
-                        cmds.addCommand(setupCmd);
-                    } else {
-
-                        // set private network
-                        final PrivateIpVO ipVO = _privateIpDao.findByIpAndSourceNetworkId(guestNic.getNetworkId(), guestNic.getIPv4Address());
-                        final Network network = _networkDao.findById(guestNic.getNetworkId());
-                        BroadcastDomainType.getValue(network.getBroadcastUri());
-                        final String netmask = NetUtils.getCidrNetmask(network.getCidr());
-                        final PrivateIpAddress ip = new PrivateIpAddress(ipVO, network.getBroadcastUri().toString(), network.getGateway(), netmask, guestNic.getMacAddress());
-
-                        final List<PrivateIpAddress> privateIps = new ArrayList<PrivateIpAddress>(1);
-                        privateIps.add(ip);
-                        _commandSetupHelper.createVpcAssociatePrivateIPCommands(domainRouterVO, privateIps, cmds, true);
-
-                        final Long privateGwAclId = _vpcGatewayDao.getNetworkAclIdForPrivateIp(ipVO.getVpcId(), ipVO.getNetworkId(), ipVO.getIpAddress());
-
-                        if (privateGwAclId != null) {
-                            // set network acl on private gateway
-                            final List<NetworkACLItemVO> networkACLs = _networkACLItemDao.listByACL(privateGwAclId);
-                            s_logger.debug("Found " + networkACLs.size() + " network ACLs to apply as a part of VPC VR " + domainRouterVO + " start for private gateway ip = "
-                                    + ipVO.getIpAddress());
-
-                            _commandSetupHelper.createNetworkACLsCommands(networkACLs, domainRouterVO, cmds, ipVO.getNetworkId(), true);
-                        }
-                    }
+                    // set guest network
+                    final VirtualMachine vm = _vmDao.findById(domainRouterVO.getId());
+                    final NicProfile nicProfile = _networkModel.getNicProfile(vm, guestNic.getNetworkId(), null);
+                    final SetupGuestNetworkCommand setupCmd = _commandSetupHelper.createSetupGuestNetworkCommand(domainRouterVO, true, nicProfile);
+                    cmds.addCommand(setupCmd);
                 }
             } catch (final Exception ex) {
                 s_logger.warn("Failed to add router " + domainRouterVO + " to network due to exception ", ex);
diff --git a/test/integration/component/test_multiple_subnets_in_isolated_network.py b/test/integration/component/test_multiple_subnets_in_isolated_network.py
@@ -429,7 +429,7 @@ def test_01_acquire_public_ips_in_isolated_network_with_single_vr(self):
         # 6. create new public ip range 1
         self.services["publiciprange"]["zoneid"] = self.zone.id
         self.services["publiciprange"]["forvirtualnetwork"] = "true"
-        random_subnet_number = random.randrange(10,20)
+        random_subnet_number = random.randrange(10,50)
         self.services["publiciprange"]["vlan"] = get_free_vlan(
             self.apiclient,
             self.zone.id)[1]
diff --git a/test/integration/component/test_multiple_subnets_in_isolated_network_rvr.py b/test/integration/component/test_multiple_subnets_in_isolated_network_rvr.py
@@ -429,7 +429,7 @@ def test_02_acquire_public_ips_in_isolated_network_with_redundant_vrs(self):
         # 6. create new public ip range 1
         self.services["publiciprange"]["zoneid"] = self.zone.id
         self.services["publiciprange"]["forvirtualnetwork"] = "true"
-        random_subnet_number = random.randrange(10,20)
+        random_subnet_number = random.randrange(10,50)
         self.services["publiciprange"]["vlan"] = get_free_vlan(
             self.apiclient,
             self.zone.id)[1]
diff --git a/test/integration/component/test_multiple_subnets_in_vpc.py b/test/integration/component/test_multiple_subnets_in_vpc.py
@@ -328,13 +328,13 @@ def test_03_acquire_public_ips_in_vpc_with_single_vr(self):
         #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> tier 1, eth4 -> tier 2, eth5 -> new ip 6, eth3-> private gateway
         # 24. reboot router
         #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,eth5,"
-        #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> new ip 6, eth3 -> tier 1, eth4 -> private gateway, eth5 -> tier 2
+        #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> new ip 6, eth3 -> private gateway, eth4 -> tier 1, eth5 -> tier 2
         # 25. restart VPC with cleanup
         #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,eth5,"
-        #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> new ip 6, eth3 -> tier 1, eth4 -> private gateway, eth5 -> tier 2
+        #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> new ip 6, eth3 -> private gateway, eth4 -> tier 1, eth5 -> tier 2
         # 26. restart VPC with cleanup, makeredundant=true
         #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,eth5,"
-        #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> new ip 6, eth3 -> tier 1, eth4 -> private gateway, eth5 -> tier 2
+        #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> new ip 6, eth3 -> private gateway, eth4 -> tier 1, eth5 -> tier 2
         """
 
         # Create new domain1
@@ -479,7 +479,7 @@ def test_03_acquire_public_ips_in_vpc_with_single_vr(self):
         # 6. create new public ip range 1
         self.services["publiciprange"]["zoneid"] = self.zone.id
         self.services["publiciprange"]["forvirtualnetwork"] = "true"
-        random_subnet_number = random.randrange(10,20)
+        random_subnet_number = random.randrange(10,50)
         self.services["publiciprange"]["vlan"] = get_free_vlan(
             self.apiclient,
             self.zone.id)[1]
@@ -900,7 +900,7 @@ def test_03_acquire_public_ips_in_vpc_with_single_vr(self):
 
         # 24. reboot router
         #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,eth5,"
-        #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> new ip 6, eth3 -> tier 1, eth4 -> private gateway, eth5 -> tier 2
+        #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> new ip 6, eth3 -> private gateway, eth4 -> tier 1, eth5 -> tier 2
         routers = self.get_vpc_routers(self.vpc1.id)
         if len(routers) > 0:
             router = routers[0]
@@ -914,14 +914,14 @@ def test_03_acquire_public_ips_in_vpc_with_single_vr(self):
             self.verify_ip_address_in_router(router, host, controlIp, "eth0", True)
             self.verify_ip_address_in_router(router, host, sourcenatIp, "eth1", True)
             self.verify_ip_address_in_router(router, host, ipaddress_6.ipaddress.ipaddress, "eth2", True)
-            self.verify_ip_address_in_router(router, host, tier1_Ip, "eth3", True)
-            self.verify_ip_address_in_router(router, host, private_gateway_ip, "eth4", True)
+            self.verify_ip_address_in_router(router, host, private_gateway_ip, "eth3", True)
+            self.verify_ip_address_in_router(router, host, tier1_Ip, "eth4", True)
             self.verify_ip_address_in_router(router, host, tier2_Ip, "eth5", True)
-            self.verify_router_publicnic_state(router, host, "eth1|eth2|eth4")
+            self.verify_router_publicnic_state(router, host, "eth1|eth2|eth3")
 
         # 25. restart VPC with cleanup
         #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,eth5,"
-        #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> new ip 6, eth3 -> tier 1, eth4 -> private gateway, eth5 -> tier 2
+        #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> new ip 6, eth3 -> private gateway, eth4 -> tier 1, eth5 -> tier 2
         self.vpc1.restart(self.apiclient, cleanup=True)
         routers = self.get_vpc_routers(self.vpc1.id)
         for router in routers:
@@ -931,14 +931,14 @@ def test_03_acquire_public_ips_in_vpc_with_single_vr(self):
             self.verify_ip_address_in_router(router, host, controlIp, "eth0", True)
             self.verify_ip_address_in_router(router, host, sourcenatIp, "eth1", True)
             self.verify_ip_address_in_router(router, host, ipaddress_6.ipaddress.ipaddress, "eth2", True)
-            self.verify_ip_address_in_router(router, host, tier1_Ip, "eth3", True)
-            self.verify_ip_address_in_router(router, host, private_gateway_ip, "eth4", True)
+            self.verify_ip_address_in_router(router, host, private_gateway_ip, "eth3", True)
+            self.verify_ip_address_in_router(router, host, tier1_Ip, "eth4", True)
             self.verify_ip_address_in_router(router, host, tier2_Ip, "eth5", True)
-            self.verify_router_publicnic_state(router, host, "eth1|eth2|eth4")
+            self.verify_router_publicnic_state(router, host, "eth1|eth2|eth3")
 
         # 26. restart VPC with cleanup, makeredundant=true
         #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,eth5,"
-        #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> new ip 6, eth3 -> tier 1, eth4 -> private gateway, eth5 -> tier 2
+        #   verify the IPs in VR. eth1 -> source nat IP, eth2 -> new ip 6, eth3 -> private gateway, eth4 -> tier 1, eth5 -> tier 2
         self.vpc1.restart(self.apiclient, cleanup=True, makeredundant=True)
         routers = self.get_vpc_routers(self.vpc1.id)
         for router in routers:
@@ -948,7 +948,7 @@ def test_03_acquire_public_ips_in_vpc_with_single_vr(self):
             self.verify_ip_address_in_router(router, host, controlIp, "eth0", True)
             self.verify_ip_address_in_router(router, host, sourcenatIp, "eth1", True)
             self.verify_ip_address_in_router(router, host, ipaddress_6.ipaddress.ipaddress, "eth2", True)
-            self.verify_ip_address_in_router(router, host, tier1_Ip, "eth3", True)
-            self.verify_ip_address_in_router(router, host, private_gateway_ip, "eth4", True)
+            self.verify_ip_address_in_router(router, host, private_gateway_ip, "eth3", True)
+            self.verify_ip_address_in_router(router, host, tier1_Ip, "eth4", True)
             self.verify_ip_address_in_router(router, host, tier2_Ip, "eth5", True)
-            self.verify_router_publicnic_state(router, host, "eth1|eth2|eth4")
+            self.verify_router_publicnic_state(router, host, "eth1|eth2|eth3")
diff --git a/test/integration/component/test_multiple_subnets_in_vpc_rvr.py b/test/integration/component/test_multiple_subnets_in_vpc_rvr.py
