Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cloudstack.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: tsp@apache.org
To: commits@cloudstack.apache.org
Date: Wed, 21 Aug 2013 09:50:38 -0000
Message-Id: <40aa24953b334eb782ebc98975785cae@git.apache.org>
Subject: [1/2] git commit: updated refs/heads/master to 7e36dd6

Updated Branches:
  refs/heads/master 69adeecc3 -> 7e36dd6be


CLOUDSTACK-4418: allow egress access to all networks for VMs on NAT

Tests doing operations within guests post VirtualMachine.create w. default
network offering fail since the egress policy with isolated networks and
sourcenat services is DENY.

Signed-off-by: Prasanna Santhanam <tsp@apache.org>
(cherry picked from commit 81b5146c8ed1a590b08b71a3e3421966974b74f9)


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/7e36dd6b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/7e36dd6b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/7e36dd6b

Branch: refs/heads/master
Commit: 7e36dd6be848a8d0d3a0480e43053bd759e3c9bf
Parents: eeb53d5
Author: Prasanna Santhanam <tsp@apache.org>
Authored: Wed Aug 21 13:02:27 2013 +0530
Committer: Prasanna Santhanam <tsp@apache.org>
Committed: Wed Aug 21 15:20:27 2013 +0530

----------------------------------------------------------------------
 tools/marvin/marvin/integration/lib/base.py | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7e36dd6b/tools/marvin/marvin/integration/lib/base.py
----------------------------------------------------------------------
diff --git a/tools/marvin/marvin/integration/lib/base.py b/tools/marvin/marvin/integration/lib/base.py
index b5d086b..91cfebd 100755
--- a/tools/marvin/marvin/integration/lib/base.py
+++ b/tools/marvin/marvin/integration/lib/base.py
@@ -269,7 +269,7 @@ class VirtualMachine:
                 cmd.securitygroupids = [basic_mode_security_group.id]
 
     @classmethod
-    def access_ssh_over_nat(cls, apiclient, services, virtual_machine):
+    def access_ssh_over_nat(cls, apiclient, services, virtual_machine, allow_egress=False):
         """
         Program NAT and PF rules to open up ssh access to deployed guest
         @return:
@@ -295,6 +295,13 @@ class VirtualMachine:
             services=services,
             ipaddressid=public_ip.ipaddress.id
         )
+        if allow_egress:
+            EgressFireWallRule.create(
+                apiclient=apiclient,
+                networkid=virtual_machine.nic[0].networkid,
+                protocol='All',
+                cidrlist='0.0.0.0/0'
+            )
         virtual_machine.ssh_ip = nat_rule.ipaddress
         virtual_machine.public_ip = nat_rule.ipaddress
 
@@ -339,6 +346,12 @@ class VirtualMachine:
             cmd.networkids = networkids
         elif "networkids" in services:
             cmd.networkids = services["networkids"]
+        else:
+            # When no networkids are passed, network
+            # is created using the "defaultOfferingWithSourceNAT"
+            # which has an egress policy of DENY. But guests in tests
+            # need access to test network connectivity
+            allow_egress = True
 
         if templateid:
             cmd.templateid = templateid
@@ -394,7 +407,7 @@ class VirtualMachine:
 
         #program ssh access over NAT via PF
         if mode.lower() == 'advanced':
-            cls.access_ssh_over_nat(apiclient, services, virtual_machine)
+            cls.access_ssh_over_nat(apiclient, services, virtual_machine, allow_egress=allow_egress)
         elif mode.lower() == 'basic':
             virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress
             virtual_machine.public_ip = virtual_machine.nic[0].ipaddress