Move global setting from api to engine/components-api

Author: ustcweizhou

api/src/main/java/org/apache/cloudstack/network/lb/LoadBalancerConfigKey.java

@@ -20,13 +20,10 @@
 import java.util.LinkedHashMap;
 import java.util.Map;
 
-import com.cloud.network.rules.LoadBalancer;
 import com.cloud.network.rules.LoadBalancerConfig.Scope;
 import com.cloud.utils.Pair;
-import org.apache.cloudstack.framework.config.ConfigKey;
-import org.apache.cloudstack.framework.config.Configurable;
 
-public enum LoadBalancerConfigKey implements Configurable {
+public enum LoadBalancerConfigKey {
 
     LbStatsEnable(Category.Stats, "lb.stats.enable", "LB stats enable", Boolean.class, "true", "Enable statistics reporting with default settings, default is 'true'", Scope.Network, Scope.Vpc),
 
@@ -66,22 +63,7 @@ public enum LoadBalancerConfigKey implements Configurable {
 
     LbServerMaxQueue(Category.LoadBalancer, "lb.server.maxqueue", "Max conn wait in queue per server", Long.class, "<0 means unlimited in haproxy>", "Maximum number of connections which will wait in queue for this server, default is ''", Scope.LoadBalancerRule),
 
-    LbSslConfiguration(Category.LoadBalancer, "lb.ssl.configuration", "SSL configuration, could be 'none', 'old' or 'intermediate'", String.class, "none" , "if 'none', no SSL configurations will be added, if 'old', refer to https://ssl-config.mozilla.org/#server=haproxy&server-version=1.8.17&config=old&openssl-version=1.0.2l if 'intermediate', refer to https://ssl-config.mozilla.org/#server=haproxy&server-version=1.8.17&config=intermediate&openssl-version=1.0.2l default value is 'none'", Scope.LoadBalancerRule);
-
-    private static final String DefaultValueOfSSLCustomizationCK = "default.value.of.ssl.customization";
-
-    private static final ConfigKey<String> DefaultValueOfSALCustomization = new ConfigKey<>("Advanced", String.class, DefaultValueOfSSLCustomizationCK, "none",
-            "Control default value of load balancer ssl customization", true, ConfigKey.Scope.Global);
-
-    @Override
-    public String getConfigComponentName() {
-        return LoadBalancerConfigKey.class.getSimpleName();
-    }
-
-    @Override
-    public ConfigKey<?>[] getConfigKeys() {
-        return new ConfigKey[]{DefaultValueOfSALCustomization};
-    }
+    LbSslConfiguration(Category.LoadBalancer, "lb.ssl.configuration", "SSL configuration, could be 'none', 'old' or 'intermediate'", String.class, "Inherited from global setting" , "if 'none', no SSL configurations will be added, if 'old', refer to https://ssl-config.mozilla.org/#server=haproxy&server-version=1.8.17&config=old&openssl-version=1.0.2l if 'intermediate', refer to https://ssl-config.mozilla.org/#server=haproxy&server-version=1.8.17&config=intermediate&openssl-version=1.0.2l default value is 'none'", Scope.LoadBalancerRule);
 
     public static enum Category {
         General, Advanced, Stats, LoadBalancer
@@ -122,8 +104,6 @@ public String displayText() {
     }
 
     public String defaultValue() {
-        if(key().equals("lb.ssl.configuration"))
-            return DefaultValueOfSALCustomization.value();
         return _defaultValue;
     }
 
@@ -220,8 +200,8 @@ public static Pair<LoadBalancerConfigKey, String> validate(Scope scope, String k
             }
         }
 
-        if(key.equals("lb.ssl.configuration")){
-            if ( !("none".equalsIgnoreCase(value) || "old".equalsIgnoreCase(value) || "intermediate".equalsIgnoreCase(value)) ){
+        if (LbSslConfiguration.key().equals(key)) {
+            if (! "none".equalsIgnoreCase(value) && ! "old".equalsIgnoreCase(value) && ! "intermediate".equalsIgnoreCase(value)) {
                 return new Pair<>(null, "Please enter either 'none', 'old' or 'intermediate' for parameter " + key);
             }
         }

core/src/main/java/com/cloud/agent/api/routing/LoadBalancerConfigCommand.java

@@ -43,6 +43,7 @@ public class LoadBalancerConfigCommand extends NetworkElementCommand {
     public String lbStatsUri = "/admin?stats";
     public String maxconn = "";
     public String lbProtocol;
+    public String lbSslConfiguration = "";
     public boolean keepAliveEnabled = false;
     NicTO nic;
     Long vpcId;

core/src/main/java/com/cloud/network/HAProxyConfigurator.java

@@ -483,8 +483,11 @@ private String getLbSubRuleForStickiness(final LoadBalancerTO lbTO) {
         return sb.toString();
     }
 
-    private String getCustomizedSslConfigs(HashMap<String, String> lbConfigsMap){
+    private String getCustomizedSslConfigs(HashMap<String, String> lbConfigsMap, final LoadBalancerConfigCommand lbCmd){
         String lbSslConfiguration = lbConfigsMap.get(LoadBalancerConfigKey.LbSslConfiguration.key());
+        if (lbSslConfiguration == null) {
+            lbSslConfiguration = lbCmd.lbSslConfiguration;
+        }
         if ("old".equalsIgnoreCase(lbSslConfiguration)) {
             return sslConfigurationOld;
         } else if ("intermediate".equalsIgnoreCase(lbSslConfiguration)) {
@@ -493,7 +496,7 @@ private String getCustomizedSslConfigs(HashMap<String, String> lbConfigsMap){
         return "";
     }
 
-    private List<String> getRulesForPool(final LoadBalancerTO lbTO, boolean keepAliveEnabled, final String networkCidr, HashMap<String, String> networkLbConfigsMap) {
+    private List<String> getRulesForPool(final LoadBalancerTO lbTO, final LoadBalancerConfigCommand lbCmd, HashMap<String, String> networkLbConfigsMap) {
         StringBuilder sb = new StringBuilder();
         final String poolName = sb.append(lbTO.getSrcIp().replace(".", "_")).append('-').append(lbTO.getSrcPort()).toString();
         final String publicIP = lbTO.getSrcIp();
@@ -533,7 +536,7 @@ private List<String> getRulesForPool(final LoadBalancerTO lbTO, boolean keepAliv
                 sb.append(" alpn h2,http/1.1");
             }
 
-            sb.append(getCustomizedSslConfigs(lbConfigsMap));
+            sb.append(getCustomizedSslConfigs(lbConfigsMap, lbCmd));
 
             sb.append("\n\thttp-request add-header X-Forwarded-Proto https");
         }
@@ -604,8 +607,9 @@ private List<String> getRulesForPool(final LoadBalancerTO lbTO, boolean keepAliv
                 sb.append(" check");
             }
 
-            sb.append(getCustomizedSslConfigs(lbConfigsMap));
-
+            if (sslOffloading) {
+                sb.append(getCustomizedSslConfigs(lbConfigsMap, lbCmd));
+            }
 
             if (lbConfigsMap.get(LoadBalancerConfigKey.LbServerMaxConn.key()) != null) {
                 long maxConnEach = Long.parseLong(lbConfigsMap.get(LoadBalancerConfigKey.LbServerMaxConn.key()));
@@ -668,6 +672,7 @@ private List<String> getRulesForPool(final LoadBalancerTO lbTO, boolean keepAliv
             http = true;
         }
 
+        boolean keepAliveEnabled = lbCmd.keepAliveEnabled;
         String cfgLbHttpKeepalive = lbConfigsMap.get(LoadBalancerConfigKey.LbHttpKeepalive.key());
         if (cfgLbHttpKeepalive != null && cfgLbHttpKeepalive.equalsIgnoreCase("true")) {
             keepAliveEnabled = true;
@@ -699,7 +704,7 @@ private List<String> getRulesForPool(final LoadBalancerTO lbTO, boolean keepAliv
             result.add(sb.toString());
             result.addAll(frontendConfigs);
             sb = new StringBuilder();
-            sb.append("\tacl local_subnet src ").append(networkCidr);
+            sb.append("\tacl local_subnet src ").append(lbCmd.getNetworkCidr());
             sb.append("\n\tuse_backend ").append(poolName).append("-backend-local if local_subnet");
             sb.append("\n\tdefault_backend ").append(poolName).append("-backend");
             sb.append("\n\n");
@@ -864,7 +869,7 @@ public String[] generateConfiguration(final LoadBalancerConfigCommand lbCmd) {
             if (lbTO.isRevoked()) {
                 continue;
             }
-            final List<String> poolRules = getRulesForPool(lbTO, lbCmd.keepAliveEnabled, lbCmd.getNetworkCidr(), networkLbConfigsMap);
+            final List<String> poolRules = getRulesForPool(lbTO, lbCmd, networkLbConfigsMap);
             result.addAll(poolRules);
             has_listener = true;
         }

engine/components-api/src/main/java/com/cloud/network/lb/LoadBalancerConfigManager.java

@@ -19,8 +19,17 @@
 import java.util.List;
 
 import com.cloud.network.rules.LoadBalancerConfig;
+import org.apache.cloudstack.framework.config.ConfigKey;
+import org.apache.cloudstack.framework.config.Configurable;
 
-public interface LoadBalancerConfigManager {
+public interface LoadBalancerConfigManager extends Configurable {
+
+    static final String DefaultLbSSLConfigurationCK = "default.lb.ssl.configuration";
+
+    static final ConfigKey<String> DefaultLbSSLConfiguration = new ConfigKey<>("Advanced", String.class,
+            DefaultLbSSLConfigurationCK, "none",
+            "Default value of load balancer ssl configuration, could be 'none', 'old' or 'intermediate'",
+            true, ConfigKey.Scope.Global);
 
     List<? extends LoadBalancerConfig> getNetworkLbConfigs(Long networkId);
 

server/src/main/java/com/cloud/network/lb/LoadBalancerConfigManagerImpl.java

@@ -52,6 +52,7 @@
 import org.apache.cloudstack.api.command.user.loadbalancer.ReplaceLoadBalancerConfigsCmd;
 import org.apache.cloudstack.api.command.user.loadbalancer.UpdateLoadBalancerConfigCmd;
 import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.config.ConfigKey;
 import org.apache.cloudstack.network.lb.LoadBalancerConfigKey;
 import org.apache.log4j.Logger;
 
@@ -384,4 +385,15 @@ private boolean applyLbConfigsForNetwork(Long networkId) {
             throw new CloudRuntimeException("Failed to apply LB configs in virtual router on network: " + networkId);
         }
     }
+
+    @Override
+    public String getConfigComponentName() {
+        return LoadBalancerConfigManager.class.getSimpleName();
+    }
+
+    @Override
+    public ConfigKey<?>[] getConfigKeys() {
+        return new ConfigKey[]{ DefaultLbSSLConfiguration };
+    }
+
 }

server/src/main/java/com/cloud/network/router/CommandSetupHelper.java

@@ -366,6 +366,7 @@ public void createApplyLoadBalancingRulesCommands(final List<LoadBalancingRule>
         cmd.lbStatsUri = _configDao.getValue(Config.NetworkLBHaproxyStatsUri.key());
         cmd.lbStatsAuth = _configDao.getValue(Config.NetworkLBHaproxyStatsAuth.key());
         cmd.lbStatsPort = _configDao.getValue(Config.NetworkLBHaproxyStatsPort.key());
+        cmd.lbSslConfiguration = _configDao.getValue("default.lb.ssl.configuration");
 
         cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
         cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(guestNetworkId, router.getId()));