vcloud-edge_gateway 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. data/CHANGELOG.md +6 -0
  2. data/README.md +28 -0
  3. data/bin/vcloud-configure-edge +3 -2
  4. data/lib/vcloud/edge_gateway.rb +5 -6
  5. data/lib/vcloud/edge_gateway/configuration_generator/load_balancer_service.rb +14 -10
  6. data/lib/vcloud/edge_gateway/configure.rb +32 -0
  7. data/lib/vcloud/edge_gateway/schema/edge_gateway.rb +18 -0
  8. data/lib/vcloud/edge_gateway/schema/firewall_service.rb +41 -0
  9. data/lib/vcloud/edge_gateway/schema/load_balancer_service.rb +183 -0
  10. data/lib/vcloud/edge_gateway/schema/nat_service.rb +38 -0
  11. data/lib/vcloud/edge_gateway/version.rb +1 -1
  12. data/spec/integration/edge_gateway/data/load_balancer_config.yaml.mustache +4 -0
  13. data/spec/integration/edge_gateway/edge_gateway_services_spec.rb +6 -6
  14. data/spec/integration/edge_gateway/firewall_service_spec.rb +9 -9
  15. data/spec/integration/edge_gateway/load_balancer_service_spec.rb +10 -10
  16. data/spec/integration/edge_gateway/nat_service_spec.rb +10 -10
  17. data/spec/vcloud/edge_gateway/configuration_generator/data/load_balancer_http-input.yaml +1 -1
  18. data/spec/vcloud/edge_gateway/configuration_generator/data/load_balancer_http-output.yaml +2 -2
  19. data/spec/vcloud/edge_gateway/configuration_generator/data/load_balancer_http-tcp-healthcheck-input.yaml +41 -0
  20. data/spec/vcloud/edge_gateway/configuration_generator/data/load_balancer_http-tcp-healthcheck-with-uri-input.yaml +42 -0
  21. data/spec/vcloud/edge_gateway/configuration_generator/data/load_balancer_https-healthcheck-uri-input.yaml +42 -0
  22. data/spec/vcloud/edge_gateway/configuration_generator/data/load_balancer_https-output.yaml +2 -2
  23. data/spec/vcloud/edge_gateway/configuration_generator/data/load_balancer_mixed_complex-output.yaml +3 -3
  24. data/spec/vcloud/edge_gateway/configuration_generator/load_balancer_service_spec.rb +64 -3
  25. data/spec/vcloud/edge_gateway/edge_gateway_configuration_spec.rb +6 -6
  26. data/spec/vcloud/edge_gateway/firewall_schema_validation_spec.rb +2 -2
  27. data/spec/vcloud/edge_gateway/load_balancer_schema_validation_spec.rb +123 -7
  28. data/spec/vcloud/edge_gateway/nat_schema_validation_spec.rb +4 -4
  29. metadata +14 -18
  30. data/lib/vcloud/edge_gateway_services.rb +0 -31
  31. data/lib/vcloud/schema/edge_gateway.rb +0 -16
  32. data/lib/vcloud/schema/firewall_service.rb +0 -39
  33. data/lib/vcloud/schema/load_balancer_service.rb +0 -132
  34. data/lib/vcloud/schema/nat_service.rb +0 -35
  35. data/spec/vcloud/data/basic_preamble_test.erb +0 -8
  36. data/spec/vcloud/data/basic_preamble_test.erb.OUT +0 -8
  37. data/spec/vcloud/data/working.json +0 -21
  38. data/spec/vcloud/data/working.yaml +0 -22
  39. data/spec/vcloud/data/working_with_defaults.yaml +0 -25
data/CHANGELOG.md CHANGED
@@ -1,3 +1,9 @@
1
+ ## 0.5.0 (2014-05-15)
2
+
3
+ Bugfixes:
4
+
5
+ - Don't set a load balancer healthcheck URI for healthchecks using protocols other than HTTP
6
+
1
7
  ## 0.4.0 (2014-05-12)
2
8
 
3
9
  Features:
data/README.md CHANGED
@@ -360,6 +360,34 @@ service_profiles:
360
360
  https: { } # port defaults to 443
361
361
  ```
362
362
 
363
+ Limited session persistence configurations can be defined in the virtual_server
364
+ service_profiles section, if it is required that traffic 'stick' to the backend
365
+ member that it originally was destined for. The available persistence mechanisms
366
+ change based on which service is being handled:
367
+
368
+ For the 'http' service_profile, we can use Cookie based persistence:
369
+
370
+ ```
371
+ http:
372
+ port: 8080
373
+ persistence:
374
+ method: COOKIE
375
+ cookie_name: JSESSIONID # can be any cookie name string
376
+ cookie_method: APP # can be one of INSERT, PREFIX, or APP
377
+ ```
378
+
379
+
380
+ For the 'https' service_profile, we can use SSL Session ID based persistence:
381
+
382
+ ```
383
+ https:
384
+ port: 8443
385
+ persistence:
386
+ method: SSL_SESSION_ID
387
+ ```
388
+
389
+ There is no persistence option for 'tcp' service_profiles.
390
+
363
391
  See [the vCloud Director Admin Guide](http://pubs.vmware.com/vcd-51/topic/com.vmware.vcloud.admin.doc_51/GUID-EC5EE5F9-1A2C-4609-9347-4C3143727704.html)
364
392
  for more details on configuring VirtualServer entries.
365
393
 
@@ -9,10 +9,11 @@ class App
9
9
 
10
10
  main do |config_file|
11
11
  if options['template-vars']
12
- Vcloud::EdgeGatewayServices.new.update(config_file, options['template-vars'])
12
+ vse = Vcloud::EdgeGateway::Configure.new(config_file, options['template-vars'])
13
13
  else
14
- Vcloud::EdgeGatewayServices.new.update(config_file)
14
+ vse = Vcloud::EdgeGateway::Configure.new(config_file)
15
15
  end
16
+ vse.update
16
17
  end
17
18
 
18
19
  arg :config_file
@@ -3,13 +3,12 @@ require 'vcloud/edge_gateway/version'
3
3
  require 'vcloud/core'
4
4
  require 'vcloud/fog'
5
5
 
6
- require 'vcloud/edge_gateway_services'
7
-
8
- require 'vcloud/schema/nat_service'
9
- require 'vcloud/schema/firewall_service'
10
- require 'vcloud/schema/load_balancer_service'
11
- require 'vcloud/schema/edge_gateway'
6
+ require 'vcloud/edge_gateway/schema/nat_service'
7
+ require 'vcloud/edge_gateway/schema/firewall_service'
8
+ require 'vcloud/edge_gateway/schema/load_balancer_service'
9
+ require 'vcloud/edge_gateway/schema/edge_gateway'
12
10
 
11
+ require 'vcloud/edge_gateway/configure'
13
12
  require 'vcloud/edge_gateway/configuration_generator/id_ranges'
14
13
  require 'vcloud/edge_gateway/configuration_generator/firewall_service'
15
14
  require 'vcloud/edge_gateway/configuration_generator/nat_service'
@@ -168,9 +168,9 @@ module Vcloud
168
168
  if input_pool_service_port.key?(:algorithm)
169
169
  vcloud_pool_service_port[:Algorithm] = input_pool_service_port[:algorithm]
170
170
  end
171
- vcloud_pool_service_port[:Port] =
172
- input_pool_service_port.key?(:port) ?
173
- input_pool_service_port[:port].to_s : default_port(mode)
171
+ if input_pool_service_port.key?(:port)
172
+ vcloud_pool_service_port[:Port] = input_pool_service_port[:port].to_s
173
+ end
174
174
  if input_pool_service_port[:health_check]
175
175
  vcloud_pool_service_port[:HealthCheckPort] =
176
176
  input_pool_service_port[:health_check].fetch(:port, '').to_s
@@ -182,11 +182,9 @@ module Vcloud
182
182
  end
183
183
 
184
184
  def generate_pool_healthcheck(protocol, input_pool_healthcheck_entry = nil)
185
- default_mode = ( protocol == :https ) ? 'SSL' : protocol.to_s.upcase
186
- vcloud_pool_healthcheck_entry = {
187
- Mode: default_mode,
188
- }
189
- vcloud_pool_healthcheck_entry[:Uri] = '/'
185
+ vcloud_pool_healthcheck_entry = {}
186
+ vcloud_pool_healthcheck_entry[:Mode] = ( protocol == :https ) ? 'SSL' : protocol.to_s.upcase
187
+ vcloud_pool_healthcheck_entry[:Uri] = ( protocol == :http ) ? '/' : ''
190
188
  vcloud_pool_healthcheck_entry[:HealthThreshold] = '2'
191
189
  vcloud_pool_healthcheck_entry[:UnhealthThreshold] = '3'
192
190
  vcloud_pool_healthcheck_entry[:Interval] = '5'
@@ -196,8 +194,14 @@ module Vcloud
196
194
  if input_pool_healthcheck_entry.key?(:protocol)
197
195
  vcloud_pool_healthcheck_entry[:Mode] = input_pool_healthcheck_entry[:protocol]
198
196
  end
199
- if input_pool_healthcheck_entry.key?(:uri) and protocol == :http
200
- vcloud_pool_healthcheck_entry[:Uri] = input_pool_healthcheck_entry[:uri]
197
+ if input_pool_healthcheck_entry.key?(:uri)
198
+ if vcloud_pool_healthcheck_entry[:Mode] == 'HTTP'
199
+ vcloud_pool_healthcheck_entry[:Uri] = input_pool_healthcheck_entry[:uri]
200
+ else
201
+ raise "vCloud Director does not support healthcheck URI on protocols other than HTTP"
202
+ end
203
+ elsif vcloud_pool_healthcheck_entry[:Mode] != 'HTTP'
204
+ vcloud_pool_healthcheck_entry[:Uri] = ''
201
205
  end
202
206
  if input_pool_healthcheck_entry.key?(:health_threshold)
203
207
  vcloud_pool_healthcheck_entry[:HealthThreshold] =
@@ -0,0 +1,32 @@
1
+ require 'hashdiff'
2
+
3
+ module Vcloud
4
+ module EdgeGateway
5
+ class Configure
6
+
7
+ def initialize(config_file = nil, vars_file = nil)
8
+ config_loader = Vcloud::Core::ConfigLoader.new
9
+ @local_config = config_loader.load_config(config_file, Vcloud::EdgeGateway::Schema::EDGE_GATEWAY_SERVICES, vars_file)
10
+ end
11
+
12
+ def update
13
+ edge_gateway = Vcloud::Core::EdgeGateway.get_by_name @local_config[:gateway]
14
+ remote_config = edge_gateway.vcloud_attributes[:Configuration][:EdgeGatewayServiceConfiguration]
15
+ edge_gateway_interface_list = edge_gateway.interfaces
16
+
17
+ proposed_config = Vcloud::EdgeGateway::EdgeGatewayConfiguration.new(
18
+ @local_config,
19
+ remote_config,
20
+ edge_gateway_interface_list
21
+ )
22
+
23
+ if proposed_config.update_required?
24
+ edge_gateway.update_configuration proposed_config.config
25
+ else
26
+ Vcloud::Core.logger.info("EdgeGateway::Configure.update: Configuration is already up to date. Skipping.")
27
+ end
28
+ end
29
+
30
+ end
31
+ end
32
+ end
@@ -0,0 +1,18 @@
1
+ module Vcloud
2
+ module EdgeGateway
3
+ module Schema
4
+
5
+ EDGE_GATEWAY_SERVICES = {
6
+ type: 'hash',
7
+ allowed_empty: false,
8
+ internals: {
9
+ gateway: { type: 'string' },
10
+ firewall_service: FIREWALL_SERVICE,
11
+ nat_service: NAT_SERVICE,
12
+ load_balancer_service: LOAD_BALANCER_SERVICE,
13
+ }
14
+ }
15
+
16
+ end
17
+ end
18
+ end
@@ -0,0 +1,41 @@
1
+ module Vcloud
2
+ module EdgeGateway
3
+ module Schema
4
+
5
+ FIREWALL_RULE = {
6
+ type: Hash,
7
+ internals: {
8
+ id: { type: 'string_or_number', required: false},
9
+ enabled: { type: 'boolean', required: false},
10
+ match_on_translate: { type: 'boolean', required: false},
11
+ description: { type: 'string', required: false, allowed_empty: true},
12
+ policy: { type: 'enum', required: false, acceptable_values: ['allow', 'drop'] },
13
+ source_ip: { type: 'ip_address_range', required: true },
14
+ destination_ip: { type: 'ip_address_range', required: true },
15
+ source_port_range: { type: 'string', required: false },
16
+ destination_port_range: { type: 'string', required: false },
17
+ enable_logging: { type: 'boolean', required: false },
18
+ protocols: { type: 'enum', required: false, acceptable_values: ['tcp', 'udp', 'icmp', 'tcp+udp', 'any']},
19
+ }
20
+ }
21
+
22
+ FIREWALL_SERVICE = {
23
+ type: Hash,
24
+ allowed_empty: true,
25
+ required: false,
26
+ internals: {
27
+ enabled: { type: 'boolean', required: false},
28
+ policy: { type: 'enum', required: false, acceptable_values: ['allow', 'drop'] },
29
+ log_default_action: { type: 'boolean', required: false},
30
+ firewall_rules: {
31
+ type: Array,
32
+ required: false,
33
+ allowed_empty: true,
34
+ each_element_is: FIREWALL_RULE
35
+ }
36
+ }
37
+ }
38
+
39
+ end
40
+ end
41
+ end
@@ -0,0 +1,183 @@
1
+ module Vcloud
2
+ module EdgeGateway
3
+ module Schema
4
+
5
+ POOL_MEMBER_SERVICE_PORT_ENTRY = {
6
+ type: Hash,
7
+ required: false,
8
+ internals: {
9
+ port: { type: 'string_or_number', required: false },
10
+ health_check_port: { type: 'string_or_number', required: false },
11
+ }
12
+ }
13
+
14
+ LOAD_BALANCER_MEMBER_ENTRY = {
15
+ type: Hash,
16
+ internals: {
17
+ ip_address: { type: 'ip_address', required: true },
18
+ weight: { type: 'string_or_number', required: false },
19
+ service_port: {
20
+ type: 'hash',
21
+ required: false,
22
+ internals: {
23
+ http: POOL_MEMBER_SERVICE_PORT_ENTRY,
24
+ https: POOL_MEMBER_SERVICE_PORT_ENTRY,
25
+ tcp: POOL_MEMBER_SERVICE_PORT_ENTRY,
26
+ },
27
+ },
28
+ },
29
+ }
30
+
31
+ POOL_SERVICE_SECTION = {
32
+ type: Hash,
33
+ required: false,
34
+ allowed_empty: true,
35
+ internals: {
36
+ enabled: { type: 'boolean', required: false },
37
+ port: { type: 'string_or_number', required: false },
38
+ algorithm: { type: 'enum', required: false,
39
+ acceptable_values: [ 'ROUND_ROBIN', 'IP_HASH', 'URI', 'LEAST_CONNECTED' ]},
40
+ health_check: {
41
+ type: 'hash',
42
+ required: false,
43
+ internals: {
44
+ port: { type: 'string_or_number', required: false },
45
+ uri: { type: 'string', required: false },
46
+ protocol: { type: 'enum', required: false,
47
+ acceptable_values: [ 'HTTP', 'SSL', 'TCP' ] },
48
+ health_threshold: { type: 'string_or_number', required: false },
49
+ unhealth_threshold: { type: 'string_or_number', required: false },
50
+ interval: { type: 'string_or_number', required: false },
51
+ timeout: { type: 'string_or_number', required: false },
52
+ },
53
+ },
54
+ }
55
+ }
56
+
57
+ LOAD_BALANCER_POOL_ENTRY = {
58
+ type: Hash,
59
+ internals: {
60
+ name: { type: 'string', required: true },
61
+ description: { type: 'string', required: false },
62
+ service: {
63
+ type: 'hash',
64
+ required: false,
65
+ internals: {
66
+ http: POOL_SERVICE_SECTION,
67
+ https: POOL_SERVICE_SECTION,
68
+ tcp: POOL_SERVICE_SECTION,
69
+ }
70
+ },
71
+ members: {
72
+ type: Array,
73
+ required: true,
74
+ allowed_empty: false,
75
+ each_element_is: LOAD_BALANCER_MEMBER_ENTRY,
76
+ }
77
+ }
78
+ }
79
+
80
+ VIRTUAL_SERVER_SERVICE_PROFILE_TCP_ENTRY = {
81
+ type: Hash,
82
+ required: false,
83
+ allowed_empty: true,
84
+ internals: {
85
+ enabled: { type: 'boolean', required: false },
86
+ port: { type: 'string_or_number', required: false },
87
+ }
88
+ }
89
+
90
+ VIRTUAL_SERVER_SERVICE_PROFILE_HTTPS_ENTRY = {
91
+ type: Hash,
92
+ required: false,
93
+ allowed_empty: true,
94
+ internals: {
95
+ enabled: { type: 'boolean', required: false },
96
+ port: { type: 'string_or_number', required: false },
97
+ persistence: {
98
+ type: 'hash',
99
+ required: false,
100
+ internals: {
101
+ method: {
102
+ type: 'enum',
103
+ required: false,
104
+ acceptable_values: [ 'SSL_SESSION_ID' ],
105
+ },
106
+ },
107
+ },
108
+ }
109
+ }
110
+
111
+ VIRTUAL_SERVER_SERVICE_PROFILE_HTTP_ENTRY = {
112
+ type: Hash,
113
+ required: false,
114
+ allowed_empty: true,
115
+ internals: {
116
+ enabled: { type: 'boolean', required: false },
117
+ port: { type: 'string_or_number', required: false },
118
+ persistence: {
119
+ type: 'hash',
120
+ required: false,
121
+ internals: {
122
+ method: {
123
+ type: 'enum',
124
+ required: false,
125
+ acceptable_values: [ 'COOKIE' ],
126
+ },
127
+ cookie_name: { type: 'string', required: true },
128
+ cookie_mode: {
129
+ type: 'enum',
130
+ required: true,
131
+ acceptable_values: [ 'APP', 'PREFIX', 'INSERT' ]
132
+ },
133
+ },
134
+ },
135
+ }
136
+ }
137
+
138
+ LOAD_BALANCER_VIRTUAL_SERVER_ENTRY = {
139
+ type: Hash,
140
+ internals: {
141
+ enabled: { type: 'boolean', required: false },
142
+ name: { type: 'string', required: true },
143
+ description: { type: 'string', required: false },
144
+ ip_address: { type: 'ip_address', required: true },
145
+ network: { type: 'string', required: true },
146
+ pool: { type: 'string', required: true },
147
+ logging: { type: 'boolean', required: false },
148
+ service_profiles: {
149
+ type: 'hash',
150
+ required: false,
151
+ internals: {
152
+ http: VIRTUAL_SERVER_SERVICE_PROFILE_HTTP_ENTRY,
153
+ https: VIRTUAL_SERVER_SERVICE_PROFILE_HTTPS_ENTRY,
154
+ tcp: VIRTUAL_SERVER_SERVICE_PROFILE_TCP_ENTRY,
155
+ },
156
+ },
157
+ }
158
+ }
159
+
160
+ LOAD_BALANCER_SERVICE = {
161
+ type: Hash,
162
+ allowed_empty: true,
163
+ required: false,
164
+ internals: {
165
+ enabled: { type: 'boolean', required: false },
166
+ pools: {
167
+ type: Array,
168
+ required: false,
169
+ allowed_empty: true,
170
+ each_element_is: LOAD_BALANCER_POOL_ENTRY,
171
+ },
172
+ virtual_servers: {
173
+ type: Array,
174
+ required: false,
175
+ allowed_empty: true,
176
+ each_element_is: LOAD_BALANCER_VIRTUAL_SERVER_ENTRY,
177
+ },
178
+ }
179
+ }
180
+
181
+ end
182
+ end
183
+ end
@@ -0,0 +1,38 @@
1
+ module Vcloud
2
+ module EdgeGateway
3
+ module Schema
4
+
5
+ NAT_RULE = {
6
+ type: Hash,
7
+ internals: {
8
+ id: {type: 'string_or_number', required: false},
9
+ enabled: {type: 'boolean', required: false},
10
+ rule_type: { type: 'enum', required: true, acceptable_values: ['SNAT', 'DNAT' ]},
11
+ description: {type: 'string', required: false, allowed_empty: true},
12
+ network_id: {type: 'string', required: true},
13
+ original_ip: {type: 'ip_address_range', required: true},
14
+ original_port: {type: 'string', required: false},
15
+ translated_ip: {type: 'ip_address_range', required: true},
16
+ translated_port: {type: 'string', required: false},
17
+ protocol: {type: 'enum', required: false, acceptable_values: ['tcp', 'udp', 'icmp', 'tcp+udp', 'any']},
18
+ }
19
+ }
20
+
21
+ NAT_SERVICE = {
22
+ type: Hash,
23
+ allowed_empty: true,
24
+ required: false,
25
+ internals: {
26
+ enabled: {type: 'boolean', required: false},
27
+ nat_rules: {
28
+ type: Array,
29
+ required: false,
30
+ allowed_empty: true,
31
+ each_element_is: NAT_RULE
32
+ }
33
+ }
34
+ }
35
+
36
+ end
37
+ end
38
+ end
@@ -1,6 +1,6 @@
1
1
  module Vcloud
2
2
  module EdgeGateway
3
- VERSION = '0.4.0'
3
+ VERSION = '0.5.0'
4
4
  end
5
5
  end
6
6