VR/server: configure default gateway and RA/S2S VPN on the IP/interface with minimum network_id (apache#43)

* server: fix NPE when deploy vm on isolated network

* vpn: fix s2s vpn status is not updated

Prior to this fix
```
java.lang.IllegalArgumentException: Class com.cloud.agent.api.CheckS2SVpnConnectionsAnswer declares multiple JSON fields named 'details'; conflict is caused by fields com.cloud.agent.api.CheckS2SVpnConnectionsAnswer#details and com.cloud.agent.api.Answer#details
	at com.cloud.agent.transport.ResponseTest.testCheckS2SVpnConnectionsAnswer(ResponseTest.java:42)
```

* test: fix test_01_vpn_usage as now it is only possible to create VPN on Source NAT if it uses VR

* VR: fix unable to create remote access VPN on regular isolated network

the error is
```
  File "/opt/cloud/bin/configure.py", line 1242, in process
    self.remoteaccessvpn_iptables(self.dbag['public_interface'], public_ip, self.dbag[public_ip])
                                  ~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
KeyError: 'public_interface'
```

* VR/server: configure default gateway and RA/S2S VPN on the IP/interface with minimum network_id

Author: weizhouapache

core/src/main/java/com/cloud/agent/api/SetupGuestNetworkCommand.java

@@ -36,6 +36,7 @@ public class SetupGuestNetworkCommand extends NetworkElementCommand {
     String routerIpv6Gateway = null;
     String routerIpv6Cidr = null;
     boolean isVrGuestGateway = false;
+    long networkId;
 
     public NicTO getNic() {
         return nic;
@@ -123,4 +124,12 @@ public boolean isVrGuestGateway() {
     public void setVrGuestGateway(boolean vrGuestGateway) {
         isVrGuestGateway = vrGuestGateway;
     }
+
+    public long getNetworkId() {
+        return networkId;
+    }
+
+    public void setNetworkId(long networkId) {
+        this.networkId = networkId;
+    }
 }

core/src/main/java/com/cloud/agent/resource/virtualnetwork/facade/SetGuestNetworkConfigItem.java

@@ -76,6 +76,7 @@ public List<ConfigItem> generateConfig(final NetworkElementCommand cmd) {
         guestNetwork.setRouterIp6Gateway(command.getRouterIpv6Gateway());
         guestNetwork.setRouterIp6Cidr(command.getRouterIpv6Cidr());
         guestNetwork.setVrGuestGateway(command.isVrGuestGateway());
+        guestNetwork.setNetworkId(command.getNetworkId());
 
         return generateConfigItems(guestNetwork);
     }

core/src/main/java/com/cloud/agent/resource/virtualnetwork/model/GuestNetwork.java

@@ -38,6 +38,7 @@ public class GuestNetwork extends ConfigBase {
     private String routerIp6Gateway;
     private String routerIp6Cidr;
     private boolean isVrGuestGateway;
+    long networkId;
 
     private Integer mtu;
 
@@ -211,4 +212,12 @@ public boolean isVrGuestGateway() {
     public void setVrGuestGateway(boolean vrGuestGateway) {
         isVrGuestGateway = vrGuestGateway;
     }
+
+    public long getNetworkId() {
+        return networkId;
+    }
+
+    public void setNetworkId(long networkId) {
+        this.networkId = networkId;
+    }
 }

server/src/main/java/com/cloud/network/router/CommandSetupHelper.java

@@ -1221,6 +1221,7 @@ public SetupGuestNetworkCommand createSetupGuestNetworkCommand(final DomainRoute
 
         boolean isVrGuestGateway = _networkModel.isAnyServiceSupportedInNetwork(network.getId(), Provider.VPCVirtualRouter, Service.SourceNat, Service.Gateway);
         setupCmd.setVrGuestGateway(isVrGuestGateway);
+        setupCmd.setNetworkId(network.getId());
 
         NicVO publicNic = _nicDao.findDefaultNicForVM(router.getId());
         if (publicNic != null) {

systemvm/debian/opt/cloud/bin/configure.py

@@ -1022,11 +1022,10 @@ def process(self):
             dev = CsHelper.get_device(local_ip)
 
             if not self.config.has_public_network():
-                for interface in self.config.address().get_interfaces():
-                    if interface.is_guest() and interface.is_added():
-                        dev = interface.get_device()
-                        local_ip = interface.get_ip()
-                        break
+                interface = self.config.address().get_guest_if_by_network_id()
+                if interface:
+                    dev = interface.get_device()
+                    local_ip = interface.get_ip()
 
             if dev == "":
                 logging.error("Request for ipsec to %s not possible because ip is not configured", local_ip)
@@ -1232,11 +1231,10 @@ def process(self):
 
                 logging.debug("Remote accessvpn  data bag %s",  self.dbag)
                 if not self.config.has_public_network():
-                    for interface in self.config.address().get_interfaces():
-                        if interface.is_guest() and interface.is_added():
-                            self.configure_l2tpIpsec(interface.get_ip(), self.dbag[public_ip])
-                            self.remoteaccessvpn_iptables(interface.get_device(), interface.get_ip(), self.dbag[public_ip])
-                            break
+                    interface = self.config.address().get_guest_if_by_network_id()
+                    if interface:
+                        self.configure_l2tpIpsec(interface.get_ip(), self.dbag[public_ip])
+                        self.remoteaccessvpn_iptables(interface.get_device(), interface.get_ip(), self.dbag[public_ip])
                 else:
                     self.configure_l2tpIpsec(public_ip, self.dbag[public_ip])
                     self.remoteaccessvpn_iptables(self.dbag[public_ip]['public_interface'], public_ip, self.dbag[public_ip])

systemvm/debian/opt/cloud/bin/cs/CsAddress.py

@@ -44,6 +44,19 @@ def get_interfaces(self):
                 interfaces.append(CsInterface(ip, self.config))
         return interfaces
 
+    def get_guest_if_by_network_id(self):
+        guest_interface = None
+        lowest_network_id = 1000
+        for interface in self.get_interfaces():
+            if interface.is_guest() and interface.is_added():
+                if not self.config.is_vpc():
+                    return interface
+                network_id = self.config.guestnetwork().get_network_id(interface.get_device())
+                if network_id and network_id < lowest_network_id:
+                    lowest_network_id = network_id
+                    guest_interface = interface
+        return guest_interface
+
     def get_guest_if(self):
         """
         Return CsInterface object for the lowest in use guest interface
@@ -261,12 +274,15 @@ def __init__(self, dev, config):
         self.fw = config.get_fw()
         self.cl = config.cmdline()
 
-    def configure_rp(self):
+    def configure_rp(self, enable=True):
         """
         Configure Reverse Path Filtering
         """
         filename = "/proc/sys/net/ipv4/conf/%s/rp_filter" % self.dev
-        CsHelper.updatefile(filename, "1\n", "w")
+        if enable:
+            CsHelper.updatefile(filename, "1\n", "w")
+        else:
+            CsHelper.updatefile(filename, "0\n", "w")
 
     def buildlist(self):
         """
@@ -361,12 +377,11 @@ def post_configure(self, address):
             # VPC routers in a different manner. Please do not remove this block otherwise
             # The VPC default route will be broken.
             if not self.config.has_public_network():
-                for interface in self.config.address().get_interfaces():
-                    if interface.is_guest() and interface.is_added() and interface.get_device() == self.dev:
-                        gateway = interface.get_gateway()
-                        route.add_defaultroute(gateway)
-                        CsHelper.execute("sudo echo 0 > /proc/sys/net/ipv4/conf/%s/rp_filter" % interface.get_device())
-                        break
+                interface = self.config.address().get_guest_if_by_network_id()
+                if interface:
+                    gateway = interface.get_gateway()
+                    route.add_or_change_defaultroute(gateway)
+                    CsDevice(self.dev, self.config).configure_rp(False)
             elif self.get_type() in ["public"] and address["device"] == CsHelper.PUBLIC_INTERFACES[self.cl.get_type()]:
                 gateway = str(address["gateway"])
                 route.add_defaultroute(gateway)

systemvm/debian/opt/cloud/bin/cs/CsDatabag.py

@@ -257,3 +257,10 @@ def get_router_ip6gateway(self, devname=None):
                 if ip6gateway:
                     return ip6gateway
         return False
+
+    def get_network_id(self, devname):
+        nw = self.get_dev_data(devname)
+        networkidkey = "network_id"
+        if networkidkey not in nw:
+            return False
+        return nw[networkidkey]

systemvm/debian/opt/cloud/bin/cs/CsRoute.py

@@ -85,6 +85,9 @@ def set_route(self, cmd, method="add"):
         if not found and method == "add":
             logging.info("Add " + cmd)
             cmd = "ip route add " + cmd
+        elif not found and method == "change":
+            logging.info("Change " + cmd)
+            cmd = "ip route change " + cmd
         elif found and method == "delete":
             logging.info("Delete " + cmd)
             cmd = "ip route delete " + cmd
@@ -122,6 +125,24 @@ def defaultroute_exists(self):
             logging.warn("No default route found!")
             return False
 
+    def add_or_change_defaultroute(self, gateway):
+        """  Add a default route if not found, or change the default route if found
+        :param str gateway
+        :return: bool
+        """
+        if not gateway:
+            raise Exception("Gateway cannot be None.")
+
+        cmd = "default via " + gateway
+        if self.defaultroute_exists():
+            logging.info("Changing default route")
+            self.set_route(cmd, method="change")
+            return True
+        else:
+            logging.info("Adding default route")
+            self.set_route(cmd)
+            return True
+
     def findRule(self, rule):
         for i in CsHelper.execute("ip rule show"):
             if rule in i.strip():