From 8df22456dc31a9f7ffa04cc8dfc439bef97a4fbf Mon Sep 17 00:00:00 2001 From: Wei Zhou Date: Mon, 9 Dec 2024 10:01:25 +0100 Subject: [PATCH] Static Routes: fix check on wrong global configuration --- .../orchestration/service/NetworkOrchestrationService.java | 3 +++ .../cloudstack/engine/orchestration/NetworkOrchestrator.java | 2 +- .../src/main/java/com/cloud/network/vpc/VpcManagerImpl.java | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/engine/api/src/main/java/org/apache/cloudstack/engine/orchestration/service/NetworkOrchestrationService.java b/engine/api/src/main/java/org/apache/cloudstack/engine/orchestration/service/NetworkOrchestrationService.java index 2005b70b4394..953727f9b347 100644 --- a/engine/api/src/main/java/org/apache/cloudstack/engine/orchestration/service/NetworkOrchestrationService.java +++ b/engine/api/src/main/java/org/apache/cloudstack/engine/orchestration/service/NetworkOrchestrationService.java @@ -81,6 +81,9 @@ public interface NetworkOrchestrationService { ConfigKey NetworkLockTimeout = new ConfigKey(Integer.class, NetworkLockTimeoutCK, "Network", "600", "Lock wait timeout (seconds) while implementing network", true, Scope.Global, null); + ConfigKey DeniedRoutes = new ConfigKey(String.class, "denied.routes", "Network", "", + "Routes that are denied, can not be used for Static Routes creation for the VPC Private Gateway", true, ConfigKey.Scope.Zone, null); + ConfigKey GuestDomainSuffix = new ConfigKey(String.class, GuestDomainSuffixCK, "Network", "cloud.internal", "Default domain name for vms inside virtualized networks fronted by router", true, ConfigKey.Scope.Zone, null); diff --git a/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java b/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java index 0232e3aeb9c3..26b63d2d728b 100644 --- a/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java +++ b/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java @@ -4792,7 +4792,7 @@ public String getConfigComponentName() { @Override public ConfigKey[] getConfigKeys() { - return new ConfigKey[]{NetworkGcWait, NetworkGcInterval, NetworkLockTimeout, + return new ConfigKey[]{NetworkGcWait, NetworkGcInterval, NetworkLockTimeout, DeniedRoutes, GuestDomainSuffix, NetworkThrottlingRate, MinVRVersion, PromiscuousMode, MacAddressChanges, ForgedTransmits, MacLearning, RollingRestartEnabled, TUNGSTEN_ENABLED }; diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java index ce3f083135e4..300d6c0109b0 100644 --- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java +++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java @@ -2710,7 +2710,7 @@ public StaticRoute createStaticRoute(final long gatewayId, final String cidr) th } // 2) CIDR should be outside of link-local cidr - if (NetUtils.isNetworksOverlap(vpc.getCidr(), NetUtils.getLinkLocalCIDR())) { + if (NetUtils.isNetworksOverlap(cidr, NetUtils.getLinkLocalCIDR())) { throw new InvalidParameterValueException("CIDR should be outside of link local cidr " + NetUtils.getLinkLocalCIDR()); } @@ -2739,7 +2739,7 @@ public StaticRouteVO doInTransaction(final TransactionStatus status) throws Netw } protected boolean isCidrDenylisted(final String cidr, final long zoneId) { - final String routesStr = NetworkOrchestrationService.GuestDomainSuffix.valueIn(zoneId); + final String routesStr = NetworkOrchestrationService.DeniedRoutes.valueIn(zoneId); if (routesStr != null && !routesStr.isEmpty()) { final String[] cidrDenyList = routesStr.split(",");