use of com.cloud.hypervisor.kvm.resource.LibvirtVmDef.InterfaceDef in project cloudstack by apache.
the class LibvirtComputingResourceTest method testSecurityGroupRulesCmdTrue.
@Test
public void testSecurityGroupRulesCmdTrue() {
final String guestIp = "127.0.0.1";
final String guestIp6 = "2001:db8::cad:40ff:fefd:75c4";
final String guestMac = "00:00:00:00";
final String vmName = "Test";
final Long vmId = 1l;
final String signature = "signature";
final Long seqNum = 1l;
final IpPortAndProto[] ingressRuleSet = new IpPortAndProto[] { Mockito.mock(IpPortAndProto.class) };
final IpPortAndProto[] egressRuleSet = new IpPortAndProto[] { Mockito.mock(IpPortAndProto.class) };
final List<String> secIps = new Vector<String>();
final List<String> cidrs = new Vector<String>();
cidrs.add("0.0.0.0/0");
final SecurityGroupRulesCmd command = new SecurityGroupRulesCmd(guestIp, guestIp6, guestMac, vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet, secIps);
final LibvirtUtilitiesHelper libvirtUtilitiesHelper = Mockito.mock(LibvirtUtilitiesHelper.class);
final Connect conn = Mockito.mock(Connect.class);
final List<InterfaceDef> nics = new ArrayList<InterfaceDef>();
final InterfaceDef interfaceDef = Mockito.mock(InterfaceDef.class);
nics.add(interfaceDef);
when(libvirtComputingResource.getLibvirtUtilitiesHelper()).thenReturn(libvirtUtilitiesHelper);
when(libvirtComputingResource.getInterfaces(conn, command.getVmName())).thenReturn(nics);
try {
when(libvirtUtilitiesHelper.getConnectionByVmName(command.getVmName())).thenReturn(conn);
} catch (final LibvirtException e) {
fail(e.getMessage());
}
when(interfaceDef.getDevName()).thenReturn("eth0");
when(interfaceDef.getBrName()).thenReturn("br0");
final String vif = nics.get(0).getDevName();
final String brname = nics.get(0).getBrName();
when(ingressRuleSet[0].getProto()).thenReturn("tcp");
when(ingressRuleSet[0].getStartPort()).thenReturn(22);
when(ingressRuleSet[0].getEndPort()).thenReturn(22);
when(ingressRuleSet[0].getAllowedCidrs()).thenReturn(cidrs);
when(egressRuleSet[0].getProto()).thenReturn("tcp");
when(egressRuleSet[0].getStartPort()).thenReturn(22);
when(egressRuleSet[0].getEndPort()).thenReturn(22);
when(egressRuleSet[0].getAllowedCidrs()).thenReturn(cidrs);
when(libvirtComputingResource.addNetworkRules(command.getVmName(), Long.toString(command.getVmId()), command.getGuestIp(), command.getGuestIp6(), command.getSignature(), Long.toString(command.getSeqNum()), command.getGuestMac(), command.stringifyRules(), vif, brname, command.getSecIpsString())).thenReturn(true);
final LibvirtRequestWrapper wrapper = LibvirtRequestWrapper.getInstance();
assertNotNull(wrapper);
final Answer answer = wrapper.execute(command, libvirtComputingResource);
assertTrue(answer.getResult());
verify(libvirtComputingResource, times(1)).getLibvirtUtilitiesHelper();
try {
verify(libvirtUtilitiesHelper, times(1)).getConnectionByVmName(command.getVmName());
} catch (final LibvirtException e) {
fail(e.getMessage());
}
}
use of com.cloud.hypervisor.kvm.resource.LibvirtVmDef.InterfaceDef in project cloudstack by apache.
the class LibvirtComputingResourceTest method testUnPlugNicCommandNoNics.
@Test
public void testUnPlugNicCommandNoNics() {
final NicTO nic = Mockito.mock(NicTO.class);
final String instanceName = "Test";
final UnPlugNicCommand command = new UnPlugNicCommand(nic, instanceName);
final LibvirtUtilitiesHelper libvirtUtilitiesHelper = Mockito.mock(LibvirtUtilitiesHelper.class);
final Connect conn = Mockito.mock(Connect.class);
final Domain vm = Mockito.mock(Domain.class);
final List<InterfaceDef> nics = new ArrayList<InterfaceDef>();
final VifDriver vifDriver = Mockito.mock(VifDriver.class);
final List<VifDriver> drivers = new ArrayList<VifDriver>();
drivers.add(vifDriver);
when(libvirtComputingResource.getLibvirtUtilitiesHelper()).thenReturn(libvirtUtilitiesHelper);
when(libvirtComputingResource.getInterfaces(conn, command.getVmName())).thenReturn(nics);
try {
when(libvirtUtilitiesHelper.getConnectionByVmName(command.getVmName())).thenReturn(conn);
when(libvirtComputingResource.getDomain(conn, instanceName)).thenReturn(vm);
} catch (final LibvirtException e) {
fail(e.getMessage());
}
final LibvirtRequestWrapper wrapper = LibvirtRequestWrapper.getInstance();
assertNotNull(wrapper);
final Answer answer = wrapper.execute(command, libvirtComputingResource);
assertTrue(answer.getResult());
verify(libvirtComputingResource, times(1)).getLibvirtUtilitiesHelper();
try {
verify(libvirtUtilitiesHelper, times(1)).getConnectionByVmName(command.getVmName());
verify(libvirtComputingResource, times(1)).getDomain(conn, instanceName);
} catch (final LibvirtException e) {
fail(e.getMessage());
}
}
use of com.cloud.hypervisor.kvm.resource.LibvirtVmDef.InterfaceDef in project cloudstack by apache.
the class LibvirtComputingResourceTest method testSecurityGroupRulesCmdFalse.
@Test
public void testSecurityGroupRulesCmdFalse() {
final String guestIp = "127.0.0.1";
final String guestIp6 = "2001:db8::cad:40ff:fefd:75c4";
final String guestMac = "00:00:00:00";
final String vmName = "Test";
final Long vmId = 1l;
final String signature = "signature";
final Long seqNum = 1l;
final IpPortAndProto[] ingressRuleSet = new IpPortAndProto[] { Mockito.mock(IpPortAndProto.class) };
final IpPortAndProto[] egressRuleSet = new IpPortAndProto[] { Mockito.mock(IpPortAndProto.class) };
final List<String> secIps = new Vector<String>();
final List<String> cidrs = new Vector<String>();
cidrs.add("0.0.0.0/0");
final SecurityGroupRulesCmd command = new SecurityGroupRulesCmd(guestIp, guestIp6, guestMac, vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet, secIps);
final LibvirtUtilitiesHelper libvirtUtilitiesHelper = Mockito.mock(LibvirtUtilitiesHelper.class);
final Connect conn = Mockito.mock(Connect.class);
final List<InterfaceDef> nics = new ArrayList<InterfaceDef>();
final InterfaceDef interfaceDef = Mockito.mock(InterfaceDef.class);
nics.add(interfaceDef);
when(libvirtComputingResource.getLibvirtUtilitiesHelper()).thenReturn(libvirtUtilitiesHelper);
when(libvirtComputingResource.getInterfaces(conn, command.getVmName())).thenReturn(nics);
try {
when(libvirtUtilitiesHelper.getConnectionByVmName(command.getVmName())).thenReturn(conn);
} catch (final LibvirtException e) {
fail(e.getMessage());
}
when(ingressRuleSet[0].getProto()).thenReturn("tcp");
when(ingressRuleSet[0].getStartPort()).thenReturn(22);
when(ingressRuleSet[0].getEndPort()).thenReturn(22);
when(ingressRuleSet[0].getAllowedCidrs()).thenReturn(cidrs);
when(egressRuleSet[0].getProto()).thenReturn("tcp");
when(egressRuleSet[0].getStartPort()).thenReturn(22);
when(egressRuleSet[0].getEndPort()).thenReturn(22);
when(egressRuleSet[0].getAllowedCidrs()).thenReturn(cidrs);
final LibvirtRequestWrapper wrapper = LibvirtRequestWrapper.getInstance();
assertNotNull(wrapper);
final Answer answer = wrapper.execute(command, libvirtComputingResource);
assertFalse(answer.getResult());
verify(libvirtComputingResource, times(1)).getLibvirtUtilitiesHelper();
try {
verify(libvirtUtilitiesHelper, times(1)).getConnectionByVmName(command.getVmName());
} catch (final LibvirtException e) {
fail(e.getMessage());
}
}
use of com.cloud.hypervisor.kvm.resource.LibvirtVmDef.InterfaceDef in project cloudstack by apache.
the class LibvirtComputingResource method prepareNetworkElementCommand.
protected ExecutionResult prepareNetworkElementCommand(final IpAssocVpcCommand cmd) {
Connect conn;
final String routerName = cmd.getAccessDetail(NetworkElementCommand.ROUTER_NAME);
try {
conn = LibvirtConnection.getConnectionByVmName(routerName);
final IpAddressTO[] ips = cmd.getIpAddresses();
Integer devNum = 0;
final Map<String, Integer> broadcastUriToNicNum = new HashMap<String, Integer>();
final List<InterfaceDef> pluggedNics = getInterfaces(conn, routerName);
for (final InterfaceDef pluggedNic : pluggedNics) {
final String pluggedVlan = pluggedNic.getBrName();
if (pluggedVlan.equalsIgnoreCase(_linkLocalBridgeName)) {
broadcastUriToNicNum.put("LinkLocal", devNum);
} else if (pluggedVlan.equalsIgnoreCase(_publicBridgeName) || pluggedVlan.equalsIgnoreCase(_privBridgeName) || pluggedVlan.equalsIgnoreCase(_guestBridgeName)) {
broadcastUriToNicNum.put(BroadcastDomainType.Vlan.toUri(Vlan.UNTAGGED).toString(), devNum);
} else {
broadcastUriToNicNum.put(getBroadcastUriFromBridge(pluggedVlan), devNum);
}
devNum++;
}
for (final IpAddressTO ip : ips) {
ip.setNicDevId(broadcastUriToNicNum.get(ip.getBroadcastUri()));
}
return new ExecutionResult(true, null);
} catch (final LibvirtException e) {
s_logger.error("Ip Assoc failure on applying one ip due to exception: ", e);
return new ExecutionResult(false, e.getMessage());
}
}
use of com.cloud.hypervisor.kvm.resource.LibvirtVmDef.InterfaceDef in project cloudstack by apache.
the class LibvirtMigrateCommandWrapper method execute.
@Override
public Answer execute(final MigrateCommand command, final LibvirtComputingResource libvirtComputingResource) {
final String vmName = command.getVmName();
String result = null;
List<InterfaceDef> ifaces = null;
List<DiskDef> disks = null;
Domain dm = null;
Connect dconn = null;
Domain destDomain = null;
Connect conn = null;
String xmlDesc = null;
List<Ternary<String, Boolean, String>> vmsnapshots = null;
try {
final LibvirtUtilitiesHelper libvirtUtilitiesHelper = libvirtComputingResource.getLibvirtUtilitiesHelper();
conn = libvirtUtilitiesHelper.getConnectionByVmName(vmName);
ifaces = libvirtComputingResource.getInterfaces(conn, vmName);
disks = libvirtComputingResource.getDisks(conn, vmName);
dm = conn.domainLookupByName(vmName);
/*
We replace the private IP address with the address of the destination host.
This is because the VNC listens on the private IP address of the hypervisor,
but that address is ofcourse different on the target host.
MigrateCommand.getDestinationIp() returns the private IP address of the target
hypervisor. So it's safe to use.
The Domain.migrate method from libvirt supports passing a different XML
description for the instance to be used on the target host.
This is supported by libvirt-java from version 0.50.0
CVE-2015-3252: Get XML with sensitive information suitable for migration by using
VIR_DOMAIN_XML_MIGRATABLE flag (value = 8)
https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainXMLFlags
Use VIR_DOMAIN_XML_SECURE (value = 1) prior to v1.0.0.
*/
// 1000000 equals v1.0.0
final int xmlFlag = conn.getLibVirVersion() >= 1000000 ? 8 : 1;
final String target = command.getDestinationIp();
xmlDesc = dm.getXMLDesc(xmlFlag);
xmlDesc = replaceIpForVNCInDescFile(xmlDesc, target);
// delete the metadata of vm snapshots before migration
vmsnapshots = libvirtComputingResource.cleanVMSnapshotMetadata(dm);
dconn = libvirtUtilitiesHelper.retrieveQemuConnection("qemu+tcp://" + command.getDestinationIp() + "/system");
//run migration in thread so we can monitor it
s_logger.info("Live migration of instance " + vmName + " initiated");
final ExecutorService executor = Executors.newFixedThreadPool(1);
final Callable<Domain> worker = new MigrateKVMAsync(libvirtComputingResource, dm, dconn, xmlDesc, vmName, command.getDestinationIp());
final Future<Domain> migrateThread = executor.submit(worker);
executor.shutdown();
long sleeptime = 0;
while (!executor.isTerminated()) {
Thread.sleep(100);
sleeptime += 100;
if (sleeptime == 1000) {
// wait 1s before attempting to set downtime on migration, since I don't know of a VIR_DOMAIN_MIGRATING state
final int migrateDowntime = libvirtComputingResource.getMigrateDowntime();
if (migrateDowntime > 0) {
try {
final int setDowntime = dm.migrateSetMaxDowntime(migrateDowntime);
if (setDowntime == 0) {
s_logger.debug("Set max downtime for migration of " + vmName + " to " + String.valueOf(migrateDowntime) + "ms");
}
} catch (final LibvirtException e) {
s_logger.debug("Failed to set max downtime for migration, perhaps migration completed? Error: " + e.getMessage());
}
}
}
if (sleeptime % 1000 == 0) {
s_logger.info("Waiting for migration of " + vmName + " to complete, waited " + sleeptime + "ms");
}
// pause vm if we meet the vm.migrate.pauseafter threshold and not already paused
final int migratePauseAfter = libvirtComputingResource.getMigratePauseAfter();
if (migratePauseAfter > 0 && sleeptime > migratePauseAfter && dm.getInfo().state == DomainState.VIR_DOMAIN_RUNNING) {
s_logger.info("Pausing VM " + vmName + " due to property vm.migrate.pauseafter setting to " + migratePauseAfter + "ms to complete migration");
try {
dm.suspend();
} catch (final LibvirtException e) {
// pause could be racy if it attempts to pause right when vm is finished, simply warn
s_logger.info("Failed to pause vm " + vmName + " : " + e.getMessage());
}
}
}
s_logger.info("Migration thread for " + vmName + " is done");
destDomain = migrateThread.get(10, TimeUnit.SECONDS);
if (destDomain != null) {
for (final DiskDef disk : disks) {
libvirtComputingResource.cleanupDisk(disk);
}
}
} catch (final LibvirtException e) {
s_logger.debug("Can't migrate domain: " + e.getMessage());
result = e.getMessage();
} catch (final InterruptedException e) {
s_logger.debug("Interrupted while migrating domain: " + e.getMessage());
result = e.getMessage();
} catch (final ExecutionException e) {
s_logger.debug("Failed to execute while migrating domain: " + e.getMessage());
result = e.getMessage();
} catch (final TimeoutException e) {
s_logger.debug("Timed out while migrating domain: " + e.getMessage());
result = e.getMessage();
} finally {
try {
if (dm != null && result != null) {
// restore vm snapshots in case of failed migration
if (vmsnapshots != null) {
libvirtComputingResource.restoreVMSnapshotMetadata(dm, vmName, vmsnapshots);
}
}
if (dm != null) {
if (dm.isPersistent() == 1) {
dm.undefine();
}
dm.free();
}
if (dconn != null) {
dconn.close();
}
if (destDomain != null) {
destDomain.free();
}
} catch (final LibvirtException e) {
s_logger.trace("Ignoring libvirt error.", e);
}
}
if (result != null) {
} else {
libvirtComputingResource.destroyNetworkRulesForVM(conn, vmName);
for (final InterfaceDef iface : ifaces) {
// We don't know which "traffic type" is associated with
// each interface at this point, so inform all vif drivers
final List<VifDriver> allVifDrivers = libvirtComputingResource.getAllVifDrivers();
for (final VifDriver vifDriver : allVifDrivers) {
vifDriver.unplug(iface);
}
}
}
return new MigrateAnswer(command, result == null, result, null);
}
Aggregations