mirror of
https://github.com/apache/cloudstack.git
synced 2025-11-02 11:52:28 +01:00
bug 8617: Disable firewall/lb/vpn service for Direct network offering, so when user tries to create PF/LB rule for direct IP address, it fails.
status 8617: resolved fixed
This commit is contained in:
alena
parent
d9e9c6cb40
commit
8978839d96
@ -30,6 +30,7 @@ import com.cloud.api.ServerApiException;
|
||||
import com.cloud.api.response.FirewallRuleResponse;
|
||||
import com.cloud.api.response.IpForwardingRuleResponse;
|
||||
import com.cloud.event.EventTypes;
|
||||
import com.cloud.exception.InvalidParameterValueException;
|
||||
import com.cloud.exception.NetworkRuleConflictException;
|
||||
import com.cloud.network.IpAddress;
|
||||
import com.cloud.network.rules.FirewallRule;
|
||||
@ -144,7 +145,12 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Sta
|
||||
}
|
||||
|
||||
private long getVirtualMachineId() {
|
||||
return _networkService.getIp(ipAddressId).getAssociatedWithVmId();
|
||||
Long vmId = _networkService.getIp(ipAddressId).getAssociatedWithVmId();
|
||||
|
||||
if (vmId == null) {
|
||||
throw new InvalidParameterValueException("Ip address is not associated with any network, unable to create static nat rule");
|
||||
}
|
||||
return vmId;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -18,6 +18,7 @@
|
||||
package com.cloud.network;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import com.cloud.api.commands.AssociateIPAddrCmd;
|
||||
import com.cloud.api.commands.CreateNetworkCmd;
|
||||
@ -31,6 +32,8 @@ import com.cloud.exception.InvalidParameterValueException;
|
||||
import com.cloud.exception.PermissionDeniedException;
|
||||
import com.cloud.exception.ResourceAllocationException;
|
||||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.Network.Capability;
|
||||
import com.cloud.network.Network.Service;
|
||||
import com.cloud.offering.NetworkOffering;
|
||||
|
||||
|
||||
@ -64,4 +67,8 @@ public interface NetworkService {
|
||||
|
||||
NetworkProfile getNetworkProfile(long networkId);
|
||||
|
||||
Map<Service, Map<Capability, String>> getZoneCapabilities(long zoneId);
|
||||
|
||||
Map<Service, Map<Capability, String>> getNetworkCapabilities(long networkId);
|
||||
|
||||
}
|
||||
|
||||
@ -28,14 +28,6 @@ import com.cloud.utils.exception.CloudRuntimeException;
|
||||
*/
|
||||
public class Networks {
|
||||
|
||||
public enum Service {
|
||||
Dhcp,
|
||||
Dns,
|
||||
Gateway,
|
||||
LoadBalancer,
|
||||
Firewall
|
||||
}
|
||||
|
||||
public enum RouterPrivateIpStrategy {
|
||||
None,
|
||||
DcGlobal, //global to data center
|
||||
|
||||
@ -516,8 +516,8 @@ public class ApiDBUtils {
|
||||
return _networkDao.findById(id);
|
||||
}
|
||||
|
||||
public static Map<Service, Map<Capability, String>> getZoneCapabilities(long zoneId) {
|
||||
return _networkMgr.getZoneCapabilities(zoneId);
|
||||
public static Map<Service, Map<Capability, String>> getNetworkCapabilities(long networkId) {
|
||||
return _networkMgr.getNetworkCapabilities(networkId);
|
||||
}
|
||||
|
||||
public static long getPublicNetworkIdByZone(long zoneId) {
|
||||
|
||||
@ -2302,7 +2302,7 @@ public class ApiResponseHelper implements ResponseGenerator {
|
||||
response.setDns2(profile.getDns2());
|
||||
|
||||
//populate capability
|
||||
Map<Service, Map<Capability, String>> serviceCapabilitiesMap = ApiDBUtils.getZoneCapabilities(network.getDataCenterId());
|
||||
Map<Service, Map<Capability, String>> serviceCapabilitiesMap = ApiDBUtils.getNetworkCapabilities(network.getId());
|
||||
List<ServiceResponse> serviceResponses = new ArrayList<ServiceResponse>();
|
||||
if (serviceCapabilitiesMap != null) {
|
||||
for (Service service : serviceCapabilitiesMap.keySet()) {
|
||||
|
||||
@ -2434,7 +2434,20 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
||||
int networkRate = ((networkRateStr == null) ? 200 : Integer.parseInt(networkRateStr));
|
||||
int multicastRate = ((multicastRateStr == null) ? 10 : Integer.parseInt(multicastRateStr));
|
||||
tags = cleanupTags(tags);
|
||||
NetworkOfferingVO offering = new NetworkOfferingVO(name, displayText, trafficType, false, specifyVlan, networkRate, multicastRate, maxConnections, false, availability, false, false, false, false, false, false, false);
|
||||
|
||||
boolean firewallService = false;
|
||||
boolean lbService = false;
|
||||
boolean vpnService = false;
|
||||
boolean gatewayService = false;
|
||||
|
||||
if (trafficType == TrafficType.Guest) {
|
||||
firewallService = true;
|
||||
lbService = true;
|
||||
vpnService = true;
|
||||
gatewayService = true;
|
||||
}
|
||||
|
||||
NetworkOfferingVO offering = new NetworkOfferingVO(name, displayText, trafficType, false, specifyVlan, networkRate, multicastRate, maxConnections, false, availability, true, true, true, gatewayService, firewallService, lbService, vpnService);
|
||||
|
||||
if ((offering = _networkOfferingDao.persist(offering)) != null) {
|
||||
return offering;
|
||||
|
||||
@ -125,8 +125,6 @@ public interface NetworkManager extends NetworkService {
|
||||
|
||||
boolean applyRules(List<? extends FirewallRule> rules, boolean continueOnError) throws ResourceUnavailableException;
|
||||
|
||||
Map<Service, Map<Capability, String>> getZoneCapabilities(long zoneId);
|
||||
|
||||
Network getSystemNetworkByZoneAndTrafficType(long zoneId, TrafficType trafficType);
|
||||
|
||||
List<? extends RemoteAccessVpnElement> getRemoteAccessVpnElements();
|
||||
@ -178,5 +176,7 @@ public interface NetworkManager extends NetworkService {
|
||||
boolean applyIpAssociations(Network network, boolean continueOnError) throws ResourceUnavailableException;
|
||||
|
||||
boolean deleteNetworkInternal(long networkId, long userId);
|
||||
|
||||
boolean isServiceSupported(long networkId, Network.Service service);
|
||||
|
||||
}
|
||||
|
||||
@ -677,15 +677,50 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
NetworkOfferingVO storageNetworkOffering = new NetworkOfferingVO(NetworkOfferingVO.SystemStorageNetwork, TrafficType.Storage);
|
||||
storageNetworkOffering = _networkOfferingDao.persistDefaultNetworkOffering(storageNetworkOffering);
|
||||
_systemNetworks.put(NetworkOfferingVO.SystemStorageNetwork, storageNetworkOffering);
|
||||
NetworkOfferingVO guestNetworkOffering = new NetworkOfferingVO(NetworkOfferingVO.SystemGuestNetwork, TrafficType.Guest);
|
||||
NetworkOfferingVO guestNetworkOffering = new NetworkOfferingVO(
|
||||
NetworkOffering.SystemGuestNetwork,
|
||||
"System Offering for System-Guest-Network",
|
||||
TrafficType.Guest,
|
||||
true,
|
||||
false,
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
true,
|
||||
Availability.Required,
|
||||
//services - all true except for firewall/lb/vpn and gateway services
|
||||
true, true, true, false, false,false, false);
|
||||
guestNetworkOffering = _networkOfferingDao.persistDefaultNetworkOffering(guestNetworkOffering);
|
||||
_systemNetworks.put(NetworkOfferingVO.SystemGuestNetwork, guestNetworkOffering);
|
||||
|
||||
NetworkOfferingVO defaultGuestNetworkOffering = new NetworkOfferingVO(NetworkOffering.DefaultVirtualizedNetworkOffering, "Virtual Vlan", TrafficType.Guest, false, false, null, null, null, true, Availability.Required, false, false, false, false,
|
||||
false, false, false);
|
||||
NetworkOfferingVO defaultGuestNetworkOffering = new NetworkOfferingVO(
|
||||
NetworkOffering.DefaultVirtualizedNetworkOffering,
|
||||
"Virtual Vlan",
|
||||
TrafficType.Guest,
|
||||
false,
|
||||
false,
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
true,
|
||||
Availability.Required,
|
||||
//services
|
||||
true, true, true, true,true, true, true);
|
||||
|
||||
defaultGuestNetworkOffering = _networkOfferingDao.persistDefaultNetworkOffering(defaultGuestNetworkOffering);
|
||||
NetworkOfferingVO defaultGuestDirectNetworkOffering = new NetworkOfferingVO(NetworkOffering.DefaultDirectNetworkOffering, "Direct", TrafficType.Public, false, false, null, null, null, true, Availability.Required, false, false, false, false, false,
|
||||
false, false);
|
||||
NetworkOfferingVO defaultGuestDirectNetworkOffering = new NetworkOfferingVO(
|
||||
NetworkOffering.DefaultDirectNetworkOffering,
|
||||
"Direct",
|
||||
TrafficType.Public,
|
||||
false,
|
||||
false,
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
true,
|
||||
Availability.Required,
|
||||
//services - all true except for firewall/lb/vpn and gateway services
|
||||
true, true, true, false, false,false, false);
|
||||
defaultGuestDirectNetworkOffering = _networkOfferingDao.persistDefaultNetworkOffering(defaultGuestDirectNetworkOffering);
|
||||
|
||||
AccountsUsingNetworkSearch = _accountDao.createSearchBuilder();
|
||||
@ -2009,7 +2044,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
providers.put(Service.UserData, dc.getUserDataProvider());
|
||||
providers.put(Service.Dhcp, dc.getDhcpProvider());
|
||||
|
||||
Map<Service, Map<Capability, String>> networkCapabilities = new HashMap<Service, Map<Capability, String>>();
|
||||
Map<Service, Map<Capability, String>> zoneCapabilities = new HashMap<Service, Map<Capability, String>>();
|
||||
|
||||
for (NetworkElement element : _networkElements) {
|
||||
if (providers.isEmpty()) {
|
||||
@ -2031,7 +2066,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
assert (service.containsCapability(capability)) : "Capability " + capability.getName() + " is not supported by the service " + service.getName();
|
||||
}
|
||||
}
|
||||
networkCapabilities.put(service, capabilities);
|
||||
zoneCapabilities.put(service, capabilities);
|
||||
it.remove();
|
||||
}
|
||||
}
|
||||
@ -2039,6 +2074,26 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
}
|
||||
}
|
||||
}
|
||||
return zoneCapabilities;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public Map<Service, Map<Capability, String>> getNetworkCapabilities(long networkId) {
|
||||
Network network = getNetwork(networkId);
|
||||
if (network == null) {
|
||||
throw new InvalidParameterValueException("Unable to find network by id " + networkId);
|
||||
}
|
||||
|
||||
Map<Service, Map<Capability, String>> zoneCapabilities = getZoneCapabilities(network.getDataCenterId());
|
||||
Map<Service, Map<Capability, String>> networkCapabilities = new HashMap<Service, Map<Capability, String>>();
|
||||
|
||||
for (Service service : zoneCapabilities.keySet()) {
|
||||
if (isServiceSupported(networkId, service)) {
|
||||
networkCapabilities.put(service, zoneCapabilities.get(service));
|
||||
}
|
||||
}
|
||||
|
||||
return networkCapabilities;
|
||||
}
|
||||
|
||||
@ -2239,4 +2294,27 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
Network.Provider.F5BigIp.getName()));
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isServiceSupported(long networkId, Network.Service service) {
|
||||
Network network = getNetwork(networkId);
|
||||
NetworkOffering offering = _configMgr.getNetworkOffering(network.getNetworkOfferingId());
|
||||
if (service == Service.Lb) {
|
||||
return offering.isLbService();
|
||||
} else if (service == Service.Dhcp) {
|
||||
return offering.isDhcpService();
|
||||
} else if (service == Service.Dns) {
|
||||
return offering.isDnsService();
|
||||
} else if (service == Service.Firewall) {
|
||||
return offering.isFirewallService();
|
||||
} else if (service == Service.UserData) {
|
||||
return offering.isUserdataService();
|
||||
} else if (service == Service.Vpn) {
|
||||
return offering.isVpnService();
|
||||
} else if (service == Service.Gateway) {
|
||||
return offering.isGatewayService();
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@ -49,6 +49,7 @@ import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.IPAddressVO;
|
||||
import com.cloud.network.LoadBalancerVMMapVO;
|
||||
import com.cloud.network.LoadBalancerVO;
|
||||
import com.cloud.network.Network.Service;
|
||||
import com.cloud.network.NetworkManager;
|
||||
import com.cloud.network.dao.FirewallRulesDao;
|
||||
import com.cloud.network.dao.IPAddressDao;
|
||||
@ -355,11 +356,19 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
|
||||
throw new InvalidParameterValueException("Invalid algorithm: " + lb.getAlgorithm());
|
||||
}
|
||||
|
||||
Long networkId = lb.getNetworkId();
|
||||
if (networkId == -1 ) {
|
||||
networkId = ipAddr.getAssociatedWithNetworkId();
|
||||
Long networkId = ipAddr.getAssociatedWithNetworkId();
|
||||
if (networkId == null) {
|
||||
throw new InvalidParameterValueException("Unable to create load balancer rule ; ip id=" + ipId + " is not associated with any network");
|
||||
|
||||
}
|
||||
|
||||
_accountMgr.checkAccess(caller.getCaller(), ipAddr);
|
||||
|
||||
//verify that lb service is supported by the network
|
||||
if (!_networkMgr.isServiceSupported(networkId, Service.Lb)) {
|
||||
throw new InvalidParameterValueException("LB service is not supported in network id=" + networkId);
|
||||
}
|
||||
|
||||
LoadBalancerVO newRule = new LoadBalancerVO(lb.getXid(), lb.getName(), lb.getDescription(), lb.getSourceIpAddressId(), lb.getSourcePortEnd(),
|
||||
lb.getDefaultPortStart(), lb.getAlgorithm(), networkId, ipAddr.getAccountId(), ipAddr.getDomainId());
|
||||
|
||||
|
||||
@ -179,6 +179,9 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
public PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId) throws NetworkRuleConflictException {
|
||||
UserContext ctx = UserContext.current();
|
||||
Account caller = ctx.getCaller();
|
||||
Long networkId = null;
|
||||
Long accountId = null;
|
||||
Long domainId = null;
|
||||
|
||||
Long ipAddrId = rule.getSourceIpAddressId();
|
||||
|
||||
@ -189,42 +192,31 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
throw new InvalidParameterValueException("Unable to create port forwarding rule; ip id=" + ipAddrId + " doesn't exist in the system");
|
||||
} else if (ipAddress.isOneToOneNat()) {
|
||||
throw new InvalidParameterValueException("Unable to create port forwarding rule; ip id=" + ipAddrId + " has static nat enabled");
|
||||
}else {
|
||||
_accountMgr.checkAccess(caller, ipAddress);
|
||||
}
|
||||
|
||||
Ip dstIp = rule.getDestinationIpAddress();
|
||||
long networkId;
|
||||
UserVmVO vm = null;
|
||||
Network network = null;
|
||||
if (vmId != null) {
|
||||
// validate user VM exists
|
||||
vm = _vmDao.findById(vmId);
|
||||
if (vm == null) {
|
||||
throw new InvalidParameterValueException("Unable to create port forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + vmId + ").");
|
||||
} else {
|
||||
checkRuleAndUserVm(rule, vm, caller);
|
||||
}
|
||||
|
||||
Pair<Network, Ip> guestNic = getUserVmGuestIpAddress(vm, false);
|
||||
dstIp = guestNic.second();
|
||||
network = guestNic.first();
|
||||
|
||||
if (network == null) {
|
||||
throw new CloudRuntimeException("Unable to find ip address to map to in vm id=" + vmId);
|
||||
}
|
||||
} else {
|
||||
network = _networkMgr.getNetwork(rule.getNetworkId());
|
||||
if (network == null) {
|
||||
throw new InvalidParameterValueException("Unable to get the network " + rule.getNetworkId());
|
||||
}
|
||||
}
|
||||
_accountMgr.checkAccess(caller, ipAddress);
|
||||
|
||||
networkId = ipAddress.getAssociatedWithNetworkId();
|
||||
if (networkId == null) {
|
||||
throw new InvalidParameterValueException("Unable to create port forwarding rule ; ip id=" + ipAddrId + " is not associated with any network");
|
||||
|
||||
_accountMgr.checkAccess(caller, network);
|
||||
}
|
||||
//get account/domain info from the ip address (can't get it from the network as the network can be shared between accounts)
|
||||
accountId = ipAddress.getAccountId();
|
||||
domainId = ipAddress.getDomainId();
|
||||
}
|
||||
|
||||
networkId = network.getId();
|
||||
long accountId = network.getAccountId();
|
||||
long domainId = network.getDomainId();
|
||||
//start port can't be bigger than end port
|
||||
if (rule.getDestinationPortStart() > rule.getDestinationPortEnd() || rule.getSourcePortStart() > rule.getSourcePortEnd()) {
|
||||
throw new InvalidParameterValueException("Start port can't be bigger than end port");
|
||||
}
|
||||
|
||||
Network network = _networkMgr.getNetwork(networkId);
|
||||
assert network != null : "Can't create port forwarding rule as network associated with public ip address is null...how is it possible?";
|
||||
|
||||
//verify that firewall service is supported by the network
|
||||
if (!_networkMgr.isServiceSupported(networkId, Service.Firewall)) {
|
||||
throw new InvalidParameterValueException("Firewall service is not supported in network id=" + networkId);
|
||||
}
|
||||
|
||||
//Verify that the network guru supports the protocol specified
|
||||
Map<Network.Capability, String> firewallCapability = _networkMgr.getServiceCapability(network.getDataCenterId(), Service.Firewall);
|
||||
@ -233,9 +225,21 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
throw new InvalidParameterValueException("Protocol " + rule.getProtocol() + " is not supported in zone " + network.getDataCenterId());
|
||||
}
|
||||
|
||||
//start port can't be bigger than end port
|
||||
if (rule.getDestinationPortStart() > rule.getDestinationPortEnd() || rule.getSourcePortStart() > rule.getSourcePortEnd()) {
|
||||
throw new InvalidParameterValueException("Start port can't be bigger than end port");
|
||||
// validate user VM exists
|
||||
UserVm vm = _vmDao.findById(vmId);
|
||||
if (vm == null) {
|
||||
throw new InvalidParameterValueException("Unable to create port forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + vmId + ").");
|
||||
} else {
|
||||
checkRuleAndUserVm(rule, vm, caller);
|
||||
}
|
||||
|
||||
//Verify that vm has nic in the network
|
||||
Ip dstIp = rule.getDestinationIpAddress();
|
||||
Nic guestNic = _networkMgr.getNicInNetwork(vmId, networkId);
|
||||
if (guestNic == null || guestNic.getIp4Address() == null) {
|
||||
throw new InvalidParameterValueException("Vm doesn't belong to network associated with ipAddress");
|
||||
} else {
|
||||
dstIp = new Ip(guestNic.getIp4Address());
|
||||
}
|
||||
|
||||
PortForwardingRuleVO newRule =
|
||||
@ -270,12 +274,12 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
@Override @ActionEvent (eventType=EventTypes.EVENT_NET_RULE_ADD, eventDescription="creating static nat rule", create=true)
|
||||
public StaticNatRule createStaticNatRule(StaticNatRule rule) throws NetworkRuleConflictException {
|
||||
UserContext ctx = UserContext.current();
|
||||
Account caller = ctx.getCaller();
|
||||
Account caller = UserContext.current().getCaller();
|
||||
Long networkId = null;
|
||||
Long accountId = null;
|
||||
Long domainId = null;
|
||||
|
||||
Long ipAddrId = rule.getSourceIpAddressId();
|
||||
|
||||
@ -286,39 +290,49 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
throw new InvalidParameterValueException("Unable to create static nat rule; ip id=" + ipAddrId + " doesn't exist in the system");
|
||||
} else if (ipAddress.isSourceNat() || !ipAddress.isOneToOneNat() || ipAddress.getAssociatedWithVmId() == null) {
|
||||
throw new NetworkRuleConflictException("Can't do static nat on ip address: " + ipAddress.getAddress());
|
||||
}else {
|
||||
} else {
|
||||
_accountMgr.checkAccess(caller, ipAddress);
|
||||
|
||||
networkId = ipAddress.getAssociatedWithNetworkId();
|
||||
if (networkId == null) {
|
||||
throw new InvalidParameterValueException("Unable to create static nat rule ; ip id=" + ipAddrId + " is not associated with any network");
|
||||
|
||||
}
|
||||
//get account/domain info from the ip address (can't get it from the network as the network can be shared between accounts)
|
||||
accountId = ipAddress.getAccountId();
|
||||
domainId = ipAddress.getDomainId();
|
||||
}
|
||||
|
||||
//Get vm information and verify it
|
||||
long vmId = ipAddress.getAssociatedWithVmId();
|
||||
|
||||
// validate user VM exists
|
||||
UserVmVO vm = _vmDao.findById(vmId);
|
||||
Network network = _networkMgr.getNetwork(networkId);
|
||||
assert network != null : "Can't create static nat rule as network associated with public ip address is null...how is it possible?";
|
||||
|
||||
//Validate user vm information
|
||||
UserVmVO vm = _vmDao.findById(ipAddress.getAssociatedWithVmId());
|
||||
if (vm == null) {
|
||||
throw new InvalidParameterValueException("Unable to create ip forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + vmId + ").");
|
||||
throw new InvalidParameterValueException("Unable to create ip forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + vm.getId() + ").");
|
||||
} else {
|
||||
checkRuleAndUserVm(rule, vm, caller);
|
||||
}
|
||||
|
||||
Pair<Network, Ip> guestNic = getUserVmGuestIpAddress(vm, false);
|
||||
Ip dstIp = guestNic.second();
|
||||
Network guestNetwork = guestNic.first();
|
||||
|
||||
if (guestNetwork == null) {
|
||||
throw new CloudRuntimeException("Unable to find ip address to map to in vm id=" + vmId);
|
||||
//Verify that vm has nic in the network
|
||||
String dstIp = rule.getDestIpAddress();
|
||||
Nic guestNic = _networkMgr.getNicInNetwork(vm.getId(), networkId);
|
||||
if (guestNic == null || guestNic.getIp4Address() == null) {
|
||||
throw new InvalidParameterValueException("Vm doesn't belong to network associated with ipAddress");
|
||||
} else {
|
||||
dstIp = guestNic.getIp4Address();
|
||||
}
|
||||
|
||||
_accountMgr.checkAccess(caller, guestNetwork);
|
||||
|
||||
long accountId = guestNetwork.getAccountId();
|
||||
long domainId = guestNetwork.getDomainId();
|
||||
//verify that firewall service is supported by the network
|
||||
if (!_networkMgr.isServiceSupported(networkId, Service.Firewall)) {
|
||||
throw new InvalidParameterValueException("Firewall service is not supported in network id=" + networkId);
|
||||
}
|
||||
|
||||
//Verify that the network guru supports the protocol specified
|
||||
Map<Network.Capability, String> firewallCapability = _networkMgr.getServiceCapability(guestNetwork.getDataCenterId(), Service.Firewall);
|
||||
Map<Network.Capability, String> firewallCapability = _networkMgr.getServiceCapability(network.getDataCenterId(), Service.Firewall);
|
||||
String supportedProtocols = firewallCapability.get(Capability.SupportedProtocols).toLowerCase();
|
||||
if (!supportedProtocols.contains(rule.getProtocol().toLowerCase())) {
|
||||
throw new InvalidParameterValueException("Protocol " + rule.getProtocol() + " is not supported in zone " + guestNetwork.getDataCenterId());
|
||||
throw new InvalidParameterValueException("Protocol " + rule.getProtocol() + " is not supported in zone " + network.getDataCenterId());
|
||||
}
|
||||
|
||||
//start port can't be bigger than end port
|
||||
@ -332,7 +346,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
rule.getSourcePortStart(),
|
||||
rule.getSourcePortEnd(),
|
||||
rule.getProtocol().toLowerCase(),
|
||||
guestNetwork.getId(),
|
||||
networkId,
|
||||
accountId,
|
||||
domainId,
|
||||
rule.getPurpose());
|
||||
@ -347,7 +361,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_NET_RULE_ADD, newRule.getAccountId(), 0, newRule.getId(), null);
|
||||
_usageEventDao.persist(usageEvent);
|
||||
|
||||
StaticNatRule staticNatRule = new StaticNatRuleImpl(newRule, dstIp.addr());
|
||||
StaticNatRule staticNatRule = new StaticNatRuleImpl(newRule, dstIp);
|
||||
|
||||
return staticNatRule;
|
||||
} catch (Exception e) {
|
||||
@ -362,21 +376,38 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
|
||||
@Override
|
||||
public boolean enableOneToOneNat(long ipId, long vmId) throws NetworkRuleConflictException{
|
||||
IPAddressVO ipAddress = _ipAddressDao.findById(ipId);
|
||||
|
||||
Account caller = UserContext.current().getCaller();
|
||||
|
||||
UserVmVO vm = null;
|
||||
vm = _vmDao.findById(vmId);
|
||||
//Verify input parameters
|
||||
UserVmVO vm = _vmDao.findById(vmId);
|
||||
if (vm == null) {
|
||||
throw new InvalidParameterValueException("Can't enable static nat for the address " + ipAddress + ", invalid virtual machine id specified (" + vmId + ").");
|
||||
throw new InvalidParameterValueException("Can't enable static nat for the address id=" + ipId + ", invalid virtual machine id specified (" + vmId + ").");
|
||||
}
|
||||
|
||||
IPAddressVO ipAddress = _ipAddressDao.findById(ipId);
|
||||
if (ipAddress == null) {
|
||||
throw new InvalidParameterValueException("Unable to find ip address by id " + ipId);
|
||||
}
|
||||
|
||||
//Check permissions
|
||||
checkIpAndUserVm(ipAddress, vm, caller);
|
||||
|
||||
//Verify that the ip is associated with the network and firewallService is supported for the network
|
||||
Long networkId = ipAddress.getAssociatedWithNetworkId();
|
||||
if (networkId == null) {
|
||||
throw new InvalidParameterValueException("Unable to enable static nat for the ipAddress id=" + ipId + " as ip is not associated with any network");
|
||||
}
|
||||
|
||||
if (!_networkMgr.isServiceSupported(networkId, Service.Firewall)) {
|
||||
throw new InvalidParameterValueException("Unable to create static nat rule; Firewall service is not supported in network id=" + networkId);
|
||||
}
|
||||
|
||||
//Verify ip address parameter
|
||||
if (ipAddress.isSourceNat()) {
|
||||
throw new InvalidParameterValueException("Can't enable static, ip address id=" + ipId + " is a sourceNat ip address");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if (!ipAddress.isOneToOneNat()) {
|
||||
List<FirewallRuleVO> rules = _firewallDao.listByIpAndNotRevoked(ipId, Purpose.PortForwarding);
|
||||
if (rules != null && !rules.isEmpty()) {
|
||||
@ -394,7 +425,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
if (!ips.isEmpty()) {
|
||||
throw new InvalidParameterValueException("Failed to enable static nat for the ip address id=" + ipId + " as vm id=" + " is already associated with ip id=" + ips.get(0).getId());
|
||||
}
|
||||
|
||||
|
||||
ipAddress.setOneToOneNat(true);
|
||||
ipAddress.setAssociatedWithVmId(vmId);
|
||||
return _ipAddressDao.update(ipAddress.getId(), ipAddress);
|
||||
@ -448,8 +479,6 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
|
||||
private boolean revokePortForwardingRuleInternal(long ruleId, Account caller, long userId, boolean apply) {
|
||||
PortForwardingRuleVO rule = _forwardingDao.findById(ruleId);
|
||||
|
||||
long ownerId = rule.getAccountId();
|
||||
|
||||
revokeRule(rule, caller, userId);
|
||||
|
||||
@ -461,7 +490,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
success = true;
|
||||
}
|
||||
if(success){
|
||||
UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_NET_RULE_DELETE, ownerId, 0, ruleId, null);
|
||||
UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_NET_RULE_DELETE, rule.getAccountId(), 0, ruleId, null);
|
||||
_usageEventDao.persist(usageEvent);
|
||||
}
|
||||
return success;
|
||||
@ -649,17 +678,21 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
|
||||
UserVmVO vm = _vmDao.findById(sourceIp.getAssociatedWithVmId());
|
||||
|
||||
Pair<Network, Ip> guestNic = getUserVmGuestIpAddress(vm, true);
|
||||
Ip dstIp = guestNic.second();
|
||||
Network network = guestNic.first();
|
||||
Long networkId = sourceIp.getAssociatedWithNetworkId();
|
||||
if (networkId == null) {
|
||||
throw new CloudRuntimeException("Ip address is not associated with any network");
|
||||
}
|
||||
|
||||
Network network = _networkMgr.getNetwork(networkId);
|
||||
|
||||
if (network == null) {
|
||||
throw new CloudRuntimeException("Unable to find ip address to map to in vm id=" + vm.getId());
|
||||
}
|
||||
|
||||
Nic guestNic = _networkMgr.getNicInNetwork(vm.getId(), networkId);
|
||||
FirewallRuleVO ruleVO = _firewallDao.findById(rule.getId());
|
||||
|
||||
staticNatRules.add(new StaticNatRuleImpl(ruleVO, dstIp.addr()));
|
||||
staticNatRules.add(new StaticNatRuleImpl(ruleVO, guestNic.getIp4Address()));
|
||||
}
|
||||
|
||||
if (caller != null) {
|
||||
@ -722,15 +755,10 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
|
||||
UserVmVO vm = _vmDao.findById(sourceIp.getAssociatedWithVmId());
|
||||
|
||||
Pair<Network, Ip> guestNic = getUserVmGuestIpAddress(vm, true);
|
||||
Ip dstIp = guestNic.second();
|
||||
Network network = guestNic.first();
|
||||
Nic guestNic = _networkMgr.getNicInNetwork(vm.getId(), networkId);
|
||||
String dstIp = guestNic.getIp4Address();
|
||||
|
||||
if (network == null) {
|
||||
throw new CloudRuntimeException("Unable to find ip address to map to in vm id=" + vm.getId());
|
||||
}
|
||||
|
||||
staticNatRules.add(new StaticNatRuleImpl(rule, dstIp.addr()));
|
||||
staticNatRules.add(new StaticNatRuleImpl(rule, dstIp));
|
||||
}
|
||||
|
||||
try {
|
||||
@ -1055,20 +1083,13 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
|
||||
IpAddress ip = _ipAddressDao.findById(rule.getSourceIpAddressId());
|
||||
FirewallRuleVO ruleVO = _firewallDao.findById(rule.getId());
|
||||
|
||||
if (ip == null || !ip.isOneToOneNat()) {
|
||||
if (ip == null || !ip.isOneToOneNat() || ip.getAssociatedWithVmId() == null) {
|
||||
throw new InvalidParameterValueException("Source ip address of the rule id=" + rule.getId() + " is not static nat enabled");
|
||||
}
|
||||
|
||||
UserVm vm = _vmDao.findById(ip.getAssociatedWithVmId());
|
||||
Nic guestNic = _networkMgr.getNicInNetwork(ip.getAssociatedWithVmId(), rule.getNetworkId());
|
||||
|
||||
if (vm == null) {
|
||||
throw new InvalidParameterValueException("Static nat rule id=" + rule.getId() + " doesn't have vm assocaited with it");
|
||||
}
|
||||
|
||||
Pair<Network, Ip> guestNic = getUserVmGuestIpAddress(vm, false);
|
||||
Ip dstIp = guestNic.second();
|
||||
|
||||
return new StaticNatRuleImpl(ruleVO, dstIp.addr());
|
||||
return new StaticNatRuleImpl(ruleVO, guestNic.getIp4Address());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -37,6 +37,7 @@ import com.cloud.exception.InvalidParameterValueException;
|
||||
import com.cloud.exception.NetworkRuleConflictException;
|
||||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.Network;
|
||||
import com.cloud.network.Network.Service;
|
||||
import com.cloud.network.NetworkManager;
|
||||
import com.cloud.network.PublicIpAddress;
|
||||
import com.cloud.network.RemoteAccessVpn;
|
||||
@ -128,6 +129,11 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag
|
||||
}
|
||||
throw new InvalidParameterValueException("A Remote Access VPN already exists for this account");
|
||||
}
|
||||
|
||||
//Verify that vpn service is enabled for the network
|
||||
if (!_networkMgr.isServiceSupported(ipAddr.getAssociatedWithNetworkId(), Service.Vpn)) {
|
||||
throw new InvalidParameterValueException("Vpn service is not supported in network id=" + ipAddr.getAssociatedWithNetworkId());
|
||||
}
|
||||
|
||||
if (ipRange == null) {
|
||||
ipRange = _clientIpRange;
|
||||
|
||||
@ -293,7 +293,7 @@ public class NetworkOfferingVO implements NetworkOffering {
|
||||
this.dhcpService = dhcpService;
|
||||
}
|
||||
|
||||
public NetworkOfferingVO(String name, String displayText, TrafficType trafficType, boolean systemOnly, boolean specifyVlan, Integer rateMbps, Integer multicastRateMbps, Integer concurrentConnections, boolean isDefault, Availability availability, boolean lbService, boolean gatewayService, boolean dhcpService, boolean firewallService, boolean dnsService, boolean userDataService, boolean vpnService) {
|
||||
public NetworkOfferingVO(String name, String displayText, TrafficType trafficType, boolean systemOnly, boolean specifyVlan, Integer rateMbps, Integer multicastRateMbps, Integer concurrentConnections, boolean isDefault, Availability availability, boolean dhcpService, boolean dnsService, boolean userDataService, boolean gatewayService, boolean firewallService, boolean lbService, boolean vpnService) {
|
||||
this.name = name;
|
||||
this.displayText = displayText;
|
||||
this.rateMbps = rateMbps;
|
||||
@ -304,13 +304,13 @@ public class NetworkOfferingVO implements NetworkOffering {
|
||||
this.specifyVlan = specifyVlan;
|
||||
this.isDefault = isDefault;
|
||||
this.availability = availability;
|
||||
this.gatewayService = gatewayService;
|
||||
this.lbService = lbService;
|
||||
this.dnsService = dnsService;
|
||||
this.dhcpService = dhcpService;
|
||||
this.userdataService = userDataService;
|
||||
this.gatewayService = gatewayService;
|
||||
this.firewallService = firewallService;
|
||||
this.vpnService = vpnService;
|
||||
this.userdataService = userDataService;
|
||||
this.lbService = lbService;
|
||||
this.vpnService = vpnService;
|
||||
}
|
||||
|
||||
public NetworkOfferingVO(ServiceOfferingVO offering) {
|
||||
|
||||
@ -729,12 +729,34 @@ public class ConfigurationServerImpl implements ConfigurationServer {
|
||||
controlNetworkOffering = _networkOfferingDao.persistDefaultNetworkOffering(controlNetworkOffering);
|
||||
NetworkOfferingVO storageNetworkOffering = new NetworkOfferingVO(NetworkOfferingVO.SystemStorageNetwork, TrafficType.Storage);
|
||||
storageNetworkOffering = _networkOfferingDao.persistDefaultNetworkOffering(storageNetworkOffering);
|
||||
NetworkOfferingVO guestNetworkOffering = new NetworkOfferingVO(NetworkOfferingVO.SystemGuestNetwork, TrafficType.Guest);
|
||||
NetworkOfferingVO guestNetworkOffering = new NetworkOfferingVO(
|
||||
NetworkOffering.SystemGuestNetwork,
|
||||
"System-Guest-Network",
|
||||
TrafficType.Guest,
|
||||
true, false, null, null, null, true,
|
||||
Availability.Required,
|
||||
true, true, true, //services - all true except for firewall/lb/vpn and gateway
|
||||
false, false, false, false);
|
||||
|
||||
guestNetworkOffering = _networkOfferingDao.persistDefaultNetworkOffering(guestNetworkOffering);
|
||||
|
||||
NetworkOfferingVO defaultGuestNetworkOffering = new NetworkOfferingVO(NetworkOffering.DefaultVirtualizedNetworkOffering, "Virtual Vlan", TrafficType.Guest, false, false, null, null, null, true, Availability.Required, false, false, false, false, false, false, false);
|
||||
NetworkOfferingVO defaultGuestNetworkOffering = new NetworkOfferingVO(
|
||||
NetworkOffering.DefaultVirtualizedNetworkOffering,
|
||||
"Virtual Vlan",
|
||||
TrafficType.Guest,
|
||||
false, false, null, null, null, true,
|
||||
Availability.Required,
|
||||
true, true, true, //services
|
||||
true, true, true, true);
|
||||
defaultGuestNetworkOffering = _networkOfferingDao.persistDefaultNetworkOffering(defaultGuestNetworkOffering);
|
||||
NetworkOfferingVO defaultGuestDirectNetworkOffering = new NetworkOfferingVO(NetworkOffering.DefaultDirectNetworkOffering, "Direct", TrafficType.Public, false, false, null, null, null, true, Availability.Required, false, false, false, false, false, false, false);
|
||||
NetworkOfferingVO defaultGuestDirectNetworkOffering = new NetworkOfferingVO(
|
||||
NetworkOffering.DefaultDirectNetworkOffering,
|
||||
"Direct",
|
||||
TrafficType.Public,
|
||||
false, false, null, null, null, true,
|
||||
Availability.Required,
|
||||
true, true, true, //services - all true except for firewall/lb/vpn and gateway
|
||||
false, false, false, false);
|
||||
defaultGuestNetworkOffering = _networkOfferingDao.persistDefaultNetworkOffering(defaultGuestDirectNetworkOffering);
|
||||
}
|
||||
|
||||
|
||||
@ -950,19 +950,19 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
|
||||
|
||||
//if account is removed, return error
|
||||
if(accountHandle!=null && accountHandle.getRemoved() != null) {
|
||||
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "The account " + accountHandle.getId()+" is removed");
|
||||
throw new InvalidParameterValueException("The account " + accountHandle.getId()+" is removed");
|
||||
}
|
||||
|
||||
// Verify input parameters
|
||||
UserVmVO vm = _vmDao.findById(vmId.longValue());
|
||||
|
||||
if (vm == null) {
|
||||
throw new ServerApiException(BaseCmd.PARAM_ERROR, "unable to find a virtual machine with id " + vmId);
|
||||
throw new InvalidParameterValueException("unable to find a virtual machine with id " + vmId);
|
||||
}
|
||||
|
||||
if ((accountHandle != null) && !_domainDao.isChildDomain(accountHandle.getDomainId(), vm.getDomainId())) {
|
||||
// the domain in which the VM lives is not in the admin's domain tree
|
||||
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to recover virtual machine with id " + vmId + ", invalid id given.");
|
||||
throw new InvalidParameterValueException("Unable to recover virtual machine with id " + vmId + ", invalid id given.");
|
||||
}
|
||||
|
||||
if (vm.getRemoved() != null) {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user