vcloud-edge_gateway 0.4.0 → 0.5.0

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.5.0 (2014-05-15)
+
+Bugfixes:
+
+  - Don't set a load balancer healthcheck URI for healthchecks using protocols other than HTTP
+
 ## 0.4.0 (2014-05-12)
 
 Features:

data/README.md

@@ -360,6 +360,34 @@ service_profiles:
   https: { }  # port defaults to 443
 ```
 
+Limited session persistence configurations can be defined in the virtual_server
+service_profiles section, if it is required that traffic 'stick' to the backend
+member that it originally was destined for. The available persistence mechanisms
+change based on which service is being handled:
+
+For the 'http' service_profile, we can use Cookie based persistence:
+
+```
+  http:
+    port: 8080
+    persistence:
+      method: COOKIE
+      cookie_name: JSESSIONID # can be any cookie name string
+      cookie_method: APP      # can be one of INSERT, PREFIX, or APP
+```
+
+
+For the 'https' service_profile, we can use SSL Session ID based persistence:
+
+```
+  https:
+    port: 8443
+    persistence:
+      method: SSL_SESSION_ID
+```
+
+There is no persistence option for 'tcp' service_profiles.
+
 See [the vCloud Director Admin Guide](http://pubs.vmware.com/vcd-51/topic/com.vmware.vcloud.admin.doc_51/GUID-EC5EE5F9-1A2C-4609-9347-4C3143727704.html)
 for more details on configuring VirtualServer entries.
 

data/bin/vcloud-configure-edge

@@ -9,10 +9,11 @@ class App
 
   main do |config_file|
     if options['template-vars']
-      Vcloud::EdgeGatewayServices.new.update(config_file, options['template-vars'])
+      vse = Vcloud::EdgeGateway::Configure.new(config_file, options['template-vars'])
     else
-      Vcloud::EdgeGatewayServices.new.update(config_file)
+      vse = Vcloud::EdgeGateway::Configure.new(config_file)
     end
+    vse.update
   end
 
   arg :config_file

data/lib/vcloud/edge_gateway.rb

@@ -3,13 +3,12 @@ require 'vcloud/edge_gateway/version'
 require 'vcloud/core'
 require 'vcloud/fog'
 
-require 'vcloud/edge_gateway_services'
-
-require 'vcloud/schema/nat_service'
-require 'vcloud/schema/firewall_service'
-require 'vcloud/schema/load_balancer_service'
-require 'vcloud/schema/edge_gateway'
+require 'vcloud/edge_gateway/schema/nat_service'
+require 'vcloud/edge_gateway/schema/firewall_service'
+require 'vcloud/edge_gateway/schema/load_balancer_service'
+require 'vcloud/edge_gateway/schema/edge_gateway'
 
+require 'vcloud/edge_gateway/configure'
 require 'vcloud/edge_gateway/configuration_generator/id_ranges'
 require 'vcloud/edge_gateway/configuration_generator/firewall_service'
 require 'vcloud/edge_gateway/configuration_generator/nat_service'

data/lib/vcloud/edge_gateway/configuration_generator/load_balancer_service.rb

@@ -168,9 +168,9 @@ module Vcloud
             if input_pool_service_port.key?(:algorithm)
               vcloud_pool_service_port[:Algorithm] = input_pool_service_port[:algorithm]
             end
-            vcloud_pool_service_port[:Port] =
-              input_pool_service_port.key?(:port) ?
-                input_pool_service_port[:port].to_s : default_port(mode)
+            if input_pool_service_port.key?(:port)
+              vcloud_pool_service_port[:Port] = input_pool_service_port[:port].to_s
+            end
             if input_pool_service_port[:health_check]
               vcloud_pool_service_port[:HealthCheckPort] =
                 input_pool_service_port[:health_check].fetch(:port, '').to_s
@@ -182,11 +182,9 @@ module Vcloud
         end
 
         def generate_pool_healthcheck(protocol, input_pool_healthcheck_entry = nil)
-          default_mode = ( protocol == :https ) ? 'SSL' : protocol.to_s.upcase
-          vcloud_pool_healthcheck_entry = {
-            Mode: default_mode,
-          }
-          vcloud_pool_healthcheck_entry[:Uri] = '/'
+          vcloud_pool_healthcheck_entry = {}
+          vcloud_pool_healthcheck_entry[:Mode] = ( protocol == :https ) ? 'SSL' : protocol.to_s.upcase
+          vcloud_pool_healthcheck_entry[:Uri] = ( protocol == :http ) ? '/' : ''
           vcloud_pool_healthcheck_entry[:HealthThreshold] = '2'
           vcloud_pool_healthcheck_entry[:UnhealthThreshold] = '3'
           vcloud_pool_healthcheck_entry[:Interval] = '5'
@@ -196,8 +194,14 @@ module Vcloud
             if input_pool_healthcheck_entry.key?(:protocol)
               vcloud_pool_healthcheck_entry[:Mode] = input_pool_healthcheck_entry[:protocol]
             end
-            if input_pool_healthcheck_entry.key?(:uri) and protocol == :http
-              vcloud_pool_healthcheck_entry[:Uri]  = input_pool_healthcheck_entry[:uri]
+            if input_pool_healthcheck_entry.key?(:uri)
+              if vcloud_pool_healthcheck_entry[:Mode] == 'HTTP'
+                vcloud_pool_healthcheck_entry[:Uri] = input_pool_healthcheck_entry[:uri]
+              else
+                raise "vCloud Director does not support healthcheck URI on protocols other than HTTP"
+              end
+            elsif vcloud_pool_healthcheck_entry[:Mode] != 'HTTP'
+                vcloud_pool_healthcheck_entry[:Uri] = ''
             end
             if input_pool_healthcheck_entry.key?(:health_threshold)
               vcloud_pool_healthcheck_entry[:HealthThreshold] =

data/lib/vcloud/edge_gateway/configure.rb

@@ -0,0 +1,32 @@
+require 'hashdiff'
+
+module Vcloud
+  module EdgeGateway
+    class Configure
+
+      def initialize(config_file = nil, vars_file = nil)
+        config_loader = Vcloud::Core::ConfigLoader.new
+        @local_config = config_loader.load_config(config_file, Vcloud::EdgeGateway::Schema::EDGE_GATEWAY_SERVICES, vars_file)
+      end
+
+      def update
+        edge_gateway = Vcloud::Core::EdgeGateway.get_by_name @local_config[:gateway]
+        remote_config = edge_gateway.vcloud_attributes[:Configuration][:EdgeGatewayServiceConfiguration]
+        edge_gateway_interface_list = edge_gateway.interfaces
+
+        proposed_config = Vcloud::EdgeGateway::EdgeGatewayConfiguration.new(
+          @local_config,
+          remote_config,
+          edge_gateway_interface_list
+        )
+
+        if proposed_config.update_required?
+          edge_gateway.update_configuration proposed_config.config
+        else
+          Vcloud::Core.logger.info("EdgeGateway::Configure.update: Configuration is already up to date. Skipping.")
+        end
+      end
+
+    end
+  end
+end

data/lib/vcloud/edge_gateway/schema/edge_gateway.rb

@@ -0,0 +1,18 @@
+module Vcloud
+  module EdgeGateway
+    module Schema
+
+      EDGE_GATEWAY_SERVICES = {
+          type: 'hash',
+          allowed_empty: false,
+          internals: {
+              gateway: { type: 'string' },
+              firewall_service: FIREWALL_SERVICE,
+              nat_service: NAT_SERVICE,
+              load_balancer_service: LOAD_BALANCER_SERVICE,
+          }
+      }
+
+    end
+  end
+end

data/lib/vcloud/edge_gateway/schema/firewall_service.rb

@@ -0,0 +1,41 @@
+module Vcloud
+  module EdgeGateway
+    module Schema
+
+      FIREWALL_RULE = {
+          type: Hash,
+          internals: {
+              id: { type: 'string_or_number', required: false},
+              enabled: { type: 'boolean', required: false},
+              match_on_translate: { type: 'boolean', required: false},
+              description: { type: 'string', required: false, allowed_empty: true},
+              policy: { type: 'enum', required: false, acceptable_values: ['allow', 'drop'] },
+              source_ip: { type: 'ip_address_range', required: true },
+              destination_ip: { type: 'ip_address_range', required: true },
+              source_port_range: { type: 'string', required: false },
+              destination_port_range: { type: 'string', required: false },
+              enable_logging: { type: 'boolean', required: false },
+              protocols: { type: 'enum', required: false, acceptable_values: ['tcp', 'udp', 'icmp', 'tcp+udp', 'any']},
+          }
+      }
+
+      FIREWALL_SERVICE = {
+          type: Hash,
+          allowed_empty: true,
+          required: false,
+          internals: {
+              enabled: { type: 'boolean', required: false},
+              policy: { type: 'enum', required: false, acceptable_values: ['allow', 'drop'] },
+              log_default_action: { type: 'boolean', required: false},
+              firewall_rules: {
+                  type: Array,
+                  required: false,
+                  allowed_empty: true,
+                  each_element_is: FIREWALL_RULE
+              }
+          }
+      }
+
+    end
+  end
+end

data/lib/vcloud/edge_gateway/schema/load_balancer_service.rb

@@ -0,0 +1,183 @@
+module Vcloud
+  module EdgeGateway
+    module Schema
+
+      POOL_MEMBER_SERVICE_PORT_ENTRY = {
+        type: Hash,
+        required: false,
+        internals: {
+          port: { type: 'string_or_number', required: false },
+          health_check_port: { type: 'string_or_number', required: false },
+        }
+      }
+
+      LOAD_BALANCER_MEMBER_ENTRY = {
+        type: Hash,
+        internals: {
+          ip_address: { type: 'ip_address', required: true },
+          weight:     { type: 'string_or_number', required: false },
+          service_port: {
+            type: 'hash',
+            required: false,
+            internals: {
+              http:  POOL_MEMBER_SERVICE_PORT_ENTRY,
+              https: POOL_MEMBER_SERVICE_PORT_ENTRY,
+              tcp:   POOL_MEMBER_SERVICE_PORT_ENTRY,
+            },
+          },
+        },
+      }
+
+      POOL_SERVICE_SECTION = {
+        type: Hash,
+        required: false,
+        allowed_empty: true,
+        internals: {
+          enabled: { type: 'boolean', required: false },
+          port:    { type: 'string_or_number', required: false },
+          algorithm: { type: 'enum', required: false,
+            acceptable_values: [ 'ROUND_ROBIN', 'IP_HASH', 'URI', 'LEAST_CONNECTED' ]},
+          health_check: {
+            type: 'hash',
+            required: false,
+            internals: {
+              port: { type: 'string_or_number', required: false },
+              uri: { type: 'string', required: false },
+              protocol: { type: 'enum', required: false,
+                acceptable_values: [ 'HTTP', 'SSL', 'TCP' ] },
+              health_threshold: { type: 'string_or_number', required: false },
+              unhealth_threshold: { type: 'string_or_number', required: false },
+              interval: { type: 'string_or_number', required: false },
+              timeout: { type: 'string_or_number', required: false },
+            },
+          },
+        }
+      }
+
+      LOAD_BALANCER_POOL_ENTRY = {
+        type: Hash,
+        internals: {
+          name: { type: 'string', required: true },
+          description: { type: 'string', required: false },
+          service: {
+            type: 'hash',
+            required: false,
+            internals: {
+              http:  POOL_SERVICE_SECTION,
+              https: POOL_SERVICE_SECTION,
+              tcp:   POOL_SERVICE_SECTION,
+            }
+          },
+          members: {
+            type: Array,
+            required: true,
+            allowed_empty: false,
+            each_element_is: LOAD_BALANCER_MEMBER_ENTRY,
+          }
+        }
+      }
+
+      VIRTUAL_SERVER_SERVICE_PROFILE_TCP_ENTRY = {
+        type: Hash,
+        required: false,
+        allowed_empty: true,
+        internals: {
+          enabled: { type: 'boolean', required: false },
+          port: { type: 'string_or_number', required: false },
+        }
+      }
+
+      VIRTUAL_SERVER_SERVICE_PROFILE_HTTPS_ENTRY = {
+        type: Hash,
+        required: false,
+        allowed_empty: true,
+        internals: {
+          enabled: { type: 'boolean', required: false },
+          port: { type: 'string_or_number', required: false },
+          persistence: {
+            type: 'hash',
+            required: false,
+            internals: {
+              method: {
+                type: 'enum',
+                required: false,
+                acceptable_values: [ 'SSL_SESSION_ID' ],
+              },
+            },
+          },
+        }
+      }
+
+      VIRTUAL_SERVER_SERVICE_PROFILE_HTTP_ENTRY = {
+        type: Hash,
+        required: false,
+        allowed_empty: true,
+        internals: {
+          enabled: { type: 'boolean', required: false },
+          port: { type: 'string_or_number', required: false },
+          persistence: {
+            type: 'hash',
+            required: false,
+            internals: {
+              method: {
+                type: 'enum',
+                required: false,
+                acceptable_values: [ 'COOKIE' ],
+              },
+              cookie_name: { type: 'string', required: true },
+              cookie_mode: {
+                type: 'enum',
+                required: true,
+                acceptable_values: [ 'APP', 'PREFIX', 'INSERT' ]
+              },
+            },
+          },
+        }
+      }
+
+      LOAD_BALANCER_VIRTUAL_SERVER_ENTRY = {
+        type: Hash,
+        internals: {
+          enabled: { type: 'boolean', required: false },
+          name:    { type: 'string', required: true },
+          description: { type: 'string', required: false },
+          ip_address: { type: 'ip_address', required: true },
+          network: { type: 'string', required: true },
+          pool: { type: 'string', required: true },
+          logging: { type: 'boolean', required: false },
+          service_profiles: {
+            type: 'hash',
+            required: false,
+            internals: {
+              http:  VIRTUAL_SERVER_SERVICE_PROFILE_HTTP_ENTRY,
+              https: VIRTUAL_SERVER_SERVICE_PROFILE_HTTPS_ENTRY,
+              tcp:   VIRTUAL_SERVER_SERVICE_PROFILE_TCP_ENTRY,
+            },
+          },
+        }
+      }
+
+      LOAD_BALANCER_SERVICE = {
+        type: Hash,
+        allowed_empty: true,
+        required: false,
+        internals: {
+          enabled: { type: 'boolean', required: false },
+          pools: {
+            type: Array,
+            required: false,
+            allowed_empty: true,
+            each_element_is: LOAD_BALANCER_POOL_ENTRY,
+          },
+          virtual_servers: {
+            type: Array,
+            required: false,
+            allowed_empty: true,
+            each_element_is: LOAD_BALANCER_VIRTUAL_SERVER_ENTRY,
+          },
+        }
+      }
+
+    end
+  end
+end

data/lib/vcloud/edge_gateway/schema/nat_service.rb

@@ -0,0 +1,38 @@
+module Vcloud
+  module EdgeGateway
+    module Schema
+
+      NAT_RULE = {
+        type: Hash,
+        internals: {
+          id: {type: 'string_or_number', required: false},
+          enabled: {type: 'boolean', required: false},
+          rule_type: { type: 'enum', required: true, acceptable_values: ['SNAT', 'DNAT' ]},
+          description: {type: 'string', required: false, allowed_empty: true},
+          network_id: {type: 'string', required: true},
+          original_ip: {type: 'ip_address_range', required: true},
+          original_port: {type: 'string', required: false},
+          translated_ip: {type: 'ip_address_range', required: true},
+          translated_port: {type: 'string', required: false},
+          protocol: {type: 'enum', required: false, acceptable_values: ['tcp', 'udp', 'icmp', 'tcp+udp', 'any']},
+        }
+      }
+
+      NAT_SERVICE = {
+        type: Hash,
+        allowed_empty: true,
+        required: false,
+        internals: {
+          enabled: {type: 'boolean', required: false},
+          nat_rules: {
+            type: Array,
+            required: false,
+            allowed_empty: true,
+            each_element_is: NAT_RULE
+          }
+        }
+      }
+
+    end
+  end
+end

data/lib/vcloud/edge_gateway/version.rb

@@ -1,6 +1,6 @@
 module Vcloud
   module EdgeGateway
-    VERSION = '0.4.0'
+    VERSION = '0.5.0'
   end
 end