Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Remove the validation of the amount of acquired public IPs when enabling static NAT, adding PF and LB rules on VPC public IPs #10568

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 22, 2025
Merged

Remove the validation of the amount of acquired public IPs when enabling static NAT, adding PF and LB rules on VPC public IPs #10568

merged 2 commits into from
Apr 22, 2025

Conversation

bernardodemarco
Copy link
Collaborator

Description

Currently, when enabling static NAT or adding PF and LB rules to VPC public IPs, Apache CloudStack wrongly validates whether the account reached the limit of consumed public IPs. As a consequence of that, accounts that are with their public IP quota completely used, for example, are unable to execute such operations on VPCs public IPs.

This PR fixes this bug by removing the validation of the amount of acquired public IPs when performing the above-mentioned operations. This validation has been moved to the method com.cloud.network.IpAddressManagerImpl#markPublicIpAsAllocated, in which the increment of resource count for public IPs is effectively performed.

Fixes #10566

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)
  • build/CI
  • test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Bug Severity

  • BLOCKER
  • Critical
  • Major
  • Minor
  • Trivial

Screenshots (if appropriate):

How Has This Been Tested?

  1. Created an User account, called u1.
  2. Configured its limit of public IP addresses to 2.
  3. Created a VPC with the u1 account, created a tier and deployed a VM on it.
  4. Acquired one additional public IP for the VPC. As a consequence of that, the u1 account reached its limit of acquired public IPs.
  5. Before applying the PR changes, verified that it was not possible to enable static NAT and apply PF and LB rules to the VPC IP.
  6. After applying the PR changes, verified that it was possible to perform such operations.
  7. Executed the following scripts to verify that race conditions were not happening: 
    #!/bin/bash
for i in 15 16 17 18 19 20 21 22 23
do
cmk associate ipaddress zoneid=9bf00732-3355-4d81-aa0c-2206498db84a domainid=6b5335fb-4b6f-11ef-87b4-cec422422af1 account=u1 networkid=d2e3c74c-c47f-4a29-9dcb-92ee2a30c1bb ipaddress=192.168.122.$i & 
done
    #!/bin/bash
for i in 16 17 18 19 20 21 22 23
do
cmk associate ipaddress zoneid=9bf00732-3355-4d81-aa0c-2206498db84a domainid=6b5335fb-4b6f-11ef-87b4-cec422422af1 account=u1 vpcid=503ebaa3-002d-42c2-8e53-49bc5b899625 ipaddress=192.168.122.$i & 
done

@bernardodemarco bernardodemarco added this to the 4.19.3 milestone Mar 13, 2025
@bernardodemarco
Copy link
Collaborator Author

@blueorangutan package

@blueorangutan
Copy link

@bernardodemarco a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@codecov Codecov
Copy link

codecov bot commented Mar 13, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 55 lines in your changes missing coverage. Please review.

Project coverage is 15.16%. Comparing base (95c2481) to head (c6b55bd).
Report is 26 commits behind head on 4.19.

Files with missing lines Patch % Lines
...n/java/com/cloud/network/IpAddressManagerImpl.java 0.00% 45 Missing ⚠️
...ain/java/com/cloud/network/vpc/VpcManagerImpl.java 0.00% 10 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff            @@
##               4.19   #10568   +/-   ##
=========================================
  Coverage     15.16%   15.16%           
- Complexity    11326    11329    +3     
=========================================
  Files          5414     5414           
  Lines        474804   474816   +12     
  Branches      57909    57909           
=========================================
+ Hits          72002    72019   +17     
+ Misses       394749   394743    -6     
- Partials       8053     8054    +1
Flag Coverage Δ
uitests 4.28% <ø> (ø)
unittests 15.89% <0.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@blueorangutan
Copy link

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 12774

@Pearl1594
Copy link
Contributor

@blueorangutan test

@blueorangutan
Copy link

@Pearl1594 a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

@Pearl1594 Pearl1594 linked an issue Mar 13, 2025 that may be closed by this pull request
Issue enabling Static NAT on VPC Network When Public IP Quota is 100% used. #10566
Closed
@blueorangutan
Copy link

[SF] Trillian test result (tid-12687)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 44632 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr10568-t12687-kvm-ol8.zip
Smoke tests completed. 133 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test Result Time (s) Test File

@Pearl1594 Pearl1594 moved this to In Progress in ACS 4.20.1 Mar 17, 2025
weizhouapache
weizhouapache approved these changes Apr 16, 2025
View reviewed changes
Copy link
Member

@weizhouapache weizhouapache left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code lgtm

@weizhouapache
Copy link
Member

I can reproduce the issue

PF/LB:
image

Static NAT:
image

I will verify it

weizhouapache
weizhouapache approved these changes Apr 17, 2025
View reviewed changes
Copy link
Member

@weizhouapache weizhouapache left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

verified ok

dnat/pf/lb work with this change

acquire new ip failed as expected
image

DaanHoogland
DaanHoogland approved these changes Apr 17, 2025
View reviewed changes
Copy link
Contributor

@DaanHoogland DaanHoogland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code looks good but could do with some more modularisation.

@bernardodemarco
Copy link
Collaborator Author

@weizhouapache, thanks for testing it!

@bernardodemarco
Copy link
Collaborator Author

code looks good but could do with some more modularisation.

@DaanHoogland, yes, I agree, I'll work on that

@Pearl1594 Pearl1594 merged commit 4a1d80d into apache:4.19 Apr 22, 2025
25 of 26 checks passed
@github-project-automation github-project-automation bot moved this from In Progress to Done in ACS 4.20.1 Apr 22, 2025
@DaanHoogland DaanHoogland mentioned this pull request Apr 25, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DaanHoogland DaanHoogland DaanHoogland approved these changes

@weizhouapache weizhouapache weizhouapache approved these changes

@vishesh92 vishesh92 Awaiting requested review from vishesh92

Assignees
No one assigned
Labels
component:networking component:vpc
Projects
ACS 4.20.1
Status: Done
Milestone
4.19.3
Development

Successfully merging this pull request may close these issues.

Issue enabling Static NAT on VPC Network When Public IP Quota is 100% used.
5 participants
@bernardodemarco @blueorangutan @Pearl1594 @weizhouapache @DaanHoogland