VR Port Forward rule check on Non-VPC Isolated networks

core/src/main/java/com/cloud/agent/api/routing/NetworkElementCommand.java

@@ -39,6 +39,7 @@ public abstract class NetworkElementCommand extends Command {
     public static final String VPC_PRIVATE_GATEWAY = "vpc.gateway.private";
     public static final String FIREWALL_EGRESS_DEFAULT = "firewall.egress.default";
     public static final String NETWORK_PUB_LAST_IP = "network.public.last.ip";
+    public static final String IS_VPC = "is.vpc";
 
     private String routerAccessIp;
 

core/src/main/java/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java

@@ -312,6 +312,7 @@ private GetRouterMonitorResultsAnswer parseLinesForHealthChecks(GetRouterMonitor
     private GetRouterMonitorResultsAnswer execute(GetRouterMonitorResultsCommand cmd) {
         String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
         String args = cmd.shouldPerformFreshChecks() ? "true" : "false";
+        args = args + (" " + cmd.getAccessDetail(NetworkElementCommand.IS_VPC));
         s_logger.info("Fetching health check result for " + routerIp + " and executing fresh checks: " + args);
         ExecutionResult result = _vrDeployer.executeInVR(routerIp, VRScripts.ROUTER_MONITOR_RESULTS, args);
 

server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java

@@ -1540,11 +1540,13 @@ private GetRouterMonitorResultsAnswer fetchAndUpdateRouterHealthChecks(DomainRou
             return null;
         }
 
+        Long vpcId = router.getVpcId();
         String controlIP = getRouterControlIP(router);
         if (StringUtils.isNotBlank(controlIP) && !controlIP.equals("0.0.0.0")) {
             final GetRouterMonitorResultsCommand command = new GetRouterMonitorResultsCommand(performFreshChecks);
             command.setAccessDetail(NetworkElementCommand.ROUTER_IP, controlIP);
             command.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
+            command.setAccessDetail(NetworkElementCommand.IS_VPC, ( vpcId != null  ? "true" : "false"));
             try {
                 final Answer answer = _agentMgr.easySend(router.getHostId(), command);
 

systemvm/debian/opt/cloud/bin/cs/CsMonitor.py

@@ -16,6 +16,7 @@
 # under the License.
 import logging
 from cs.CsDatabag import CsDataBag
+from cs.CsConfig import CsConfig
 from CsFile import CsFile
 import json
 
@@ -45,16 +46,18 @@ def setupMonitorConfigFile(self):
             file.commit()
 
     def setupHealthCheckCronJobs(self):
+        config = CsConfig()
+        is_vpc = str(config.is_vpc()).lower()
         cron_rep_basic = self.get_basic_check_interval()
         cron_rep_advanced = self.get_advanced_check_interval()
         cron = CsFile("/etc/cron.d/process")
         cron.deleteLine("root /usr/bin/python /root/monitorServices.py")
         cron.add("SHELL=/bin/bash", 0)
         cron.add("PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin", 1)
         if cron_rep_basic > 0:
-            cron.add("*/" + str(cron_rep_basic) + " * * * * root /usr/bin/python /root/monitorServices.py basic", -1)
+            cron.add("*/" + str(cron_rep_basic) + " * * * * root /usr/bin/python /root/monitorServices.py " + is_vpc + " basic", -1)
         if cron_rep_advanced > 0:
-            cron.add("*/" + str(cron_rep_advanced) + " * * * * root /usr/bin/python /root/monitorServices.py advanced", -1)
+            cron.add("*/" + str(cron_rep_advanced) + " * * * * root /usr/bin/python /root/monitorServices.py " + is_vpc + " advanced", -1)
         cron.commit()
 
     def setupHealthChecksConfigFile(self):

systemvm/debian/opt/cloud/bin/getRouterMonitorResults.sh

@@ -20,7 +20,7 @@
 
 if [ "$1" == "true" ]
 then
-    python /root/monitorServices.py > /dev/null
+    python /root/monitorServices.py $2 > /dev/null
 fi
 
 printf "FAILING CHECKS:\n"

systemvm/debian/root/health_checks/iptables_check.py

@@ -21,23 +21,25 @@
 from utility import getHealthChecksData, formatPort
 
 
-def main():
+def main(isVpcRouter):
     portForwards = getHealthChecksData("portForwarding")
     if portForwards is None or len(portForwards) == 0:
         print "No portforwarding rules provided to check, skipping"
         exit(0)
 
     failedCheck = False
+    algorithms = [["PREROUTING", "--to-destination"],
+                  ["OUTPUT", "--to-destination"]]
+    if isVpcRouter == 'true':
+        algorithms.extend([["POSTROUTING", "--to-source"]])
     failureMessage = "Missing port forwarding rules in Iptables-\n "
     for portForward in portForwards:
         entriesExpected = []
         destIp = portForward["destIp"]
         srcIpText = "-d " + portForward["sourceIp"]
         srcPortText = "--dport " + formatPort(portForward["sourcePortStart"], portForward["sourcePortEnd"], ":")
         dstText = destIp + ":" + formatPort(portForward["destPortStart"], portForward["destPortEnd"], "-")
-        for algo in [["PREROUTING", "--to-destination"],
-                     ["OUTPUT", "--to-destination"],
-                     ["POSTROUTING", "--to-source"]]:
+        for algo in algorithms:
             entriesExpected.append([algo[0], srcIpText, srcPortText, algo[1] + " " + dstText])
 
         fetchIpTableEntriesCmd = "iptables-save | grep " + destIp
@@ -77,5 +79,5 @@ def main():
 
 
 if __name__ == "__main__":
-    if len(sys.argv) == 2 and sys.argv[1] == "advanced":
-        main()
+    if len(sys.argv) == 3 and sys.argv[1] == "advanced":
+        main(sys.argv[2])

systemvm/debian/root/monitorServices.py

@@ -289,9 +289,11 @@ def monitProcess( processes_info ):
     return service_status, failing_services
 
 
-def execute(script, checkType = "basic"):
+def execute(script, isVpcRouter, checkType = "basic"):
     checkStartTime = time.time()
     cmd = "./" + script + " " + checkType
+    if script == Config.HEALTH_CHECKS_DIR+"/iptables_check.py":
+        cmd += " "+isVpcRouter
     printd ("Executing health check script command: " + cmd)
 
     pout = Popen(cmd, shell=True, stdout=PIPE)
@@ -318,7 +320,7 @@ def execute(script, checkType = "basic"):
             "message": output
         }
 
-def main(checkType = "basic"):
+def main(isVpcRouter, checkType = "basic"):
     startTime = time.time()
     '''
     Step1 : Get Services Config
@@ -346,7 +348,7 @@ def main(checkType = "basic"):
                 continue
             fpath = path.join(Config.HEALTH_CHECKS_DIR, f)
             if path.isfile(fpath) and os.access(fpath, os.X_OK):
-                ret = execute(fpath, checkType)
+                ret = execute(fpath, isVpcRouter, checkType)
                 if len(ret) == 0:
                     continue
                 if "success" in ret and ret["success"].lower() == "false":
@@ -380,13 +382,14 @@ def main(checkType = "basic"):
 
 if __name__ == "__main__":
     checkType = "basic"
-    if len(sys.argv) == 2:
-        if sys.argv[1] == "advanced":
-            main("advanced")
-        elif sys.argv[1] == "basic":
-            main("basic")
+    isVpcRouter = sys.argv[1]
+    if len(sys.argv) == 3:
+        if sys.argv[2] == "advanced":
+            main(isVpcRouter, "advanced")
+        elif sys.argv[2] == "basic":
+            main(isVpcRouter, "basic")
         else:
-            printd("Error: Unknown type of test: " + sys.argv)
+            printd("Error: Unknown type of test: " + ' '.join(map(str, sys.argv)))
     else:
-        main("basic")
-        main("advanced")
+        main(isVpcRouter, "basic")
+        main(isVpcRouter, "advanced")