apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

refactor security group in advanced network mode: use direct tagged network instead of public network

Browse Source
This commit is contained in:
Edison Su 2011-02-24 19:20:50 -05:00
parent 3308c514f5
commit 8a40371288
14 changed files with 62 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
api/src/com/cloud/api/commands/CreateNetworkCmd.java
View File

@ -81,9 +81,6 @@ public class CreateNetworkCmd extends BaseCmd {
@Parameter(name=ApiConstants.NETWORK_DOMAIN, type=CommandType.STRING, description="network domain")
private String networkDomain;
@Parameter(name=ApiConstants.SECURITY_GROUP_EANBLED, type=CommandType.BOOLEAN, description="true if network is security group enabled, false otherwise")
private Boolean is_security_group_enabled;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
@ -144,9 +141,6 @@ public class CreateNetworkCmd extends BaseCmd {
return networkDomain;
}
public boolean isSecurityGroupEnabled() {
return is_security_group_enabled == null ? false : true;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////

2
api/src/com/cloud/api/commands/CreateZoneCmd.java
View File

@ -115,7 +115,7 @@ public class CreateZoneCmd extends BaseCmd {
return networkType;
}
public boolean isSecurityGroupEnabled() {
public Boolean isSecurityGroupEnabled() {
if (securitygroupenabled == null) {
return false;
}

3
api/src/com/cloud/dc/DataCenter.java
View File

@ -11,7 +11,7 @@ import com.cloud.org.Grouping;
public interface DataCenter extends Grouping {
public enum NetworkType {
Basic,
Advanced
Advanced,
}
long getId();
String getDns1();
@ -33,5 +33,6 @@ public interface DataCenter extends Grouping {
String getLoadBalancerProvider();
String getUserDataProvider();
String getVpnProvider();
boolean isSecurityGroupEnabled();
}

22
server/src/com/cloud/configuration/ConfigurationManagerImpl.java
View File

@ -1125,7 +1125,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
try {
txn.start();
// Create the new zone in the database
DataCenterVO zone = new DataCenterVO(zoneName, null, dns1, dns2, internalDns1, internalDns2, vnetRange, guestCidr, domain, domainId, zoneType);
DataCenterVO zone = new DataCenterVO(zoneName, null, dns1, dns2, internalDns1, internalDns2, vnetRange, guestCidr, domain, domainId, zoneType, isSecurityGroupEnabled);
zone = _zoneDao.persist(zone);
// Add vnet entries for the new zone if zone type is Advanced
@ -1170,11 +1170,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
} else if (offering.getTrafficType() == TrafficType.Control) {
broadcastDomainType = BroadcastDomainType.LinkLocal;
} else if (offering.getTrafficType() == TrafficType.Public) {
if (zone.getNetworkType() == NetworkType.Advanced) {
if (isSecurityGroupEnabled) {
isNetworkDefault = true;
userNetwork.setSecurityGroupEnabled(isSecurityGroupEnabled);
}
if (zone.getNetworkType() == NetworkType.Advanced && !zone.isSecurityGroupEnabled()) {
broadcastDomainType = BroadcastDomainType.Vlan;
} else {
continue;
@ -1184,6 +1180,9 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
isNetworkDefault = true;
broadcastDomainType = BroadcastDomainType.Native;
userNetwork.setSecurityGroupEnabled(isSecurityGroupEnabled);
} else if (offering.getGuestType() == GuestIpType.Direct && isSecurityGroupEnabled) {
isNetworkDefault = true;
userNetwork.setSecurityGroupEnabled(isSecurityGroupEnabled);
} else {
continue;
}
@ -1216,7 +1215,9 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
isBasic = true;
}
Boolean securityGroupEnabled = cmd.isSecurityGroupEnabled();
NetworkType zoneType = isBasic ? NetworkType.Basic : NetworkType.Advanced;
//Guest cidr is required for Advanced zone creation; error out when the parameter specified for Basic zone
@ -1241,7 +1242,6 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
vnetRange = null;
}
boolean securityGroupEnabled = cmd.isSecurityGroupEnabled();
if (zoneType == NetworkType.Basic) {
securityGroupEnabled = true;
}
@ -1588,6 +1588,10 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
throw new InvalidParameterValueException("Unable to find zone by id " + zoneId);
}
if (zone.isSecurityGroupEnabled() && forVirtualNetwork) {
throw new InvalidParameterValueException("Can't add virtual network into a zone with security group enabled");
}
//If networkId is not specified, and vlan is Virtual or Direct Untagged, try to locate default networks
if (forVirtualNetwork){
if (network == null) {
@ -1724,7 +1728,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
}
//Allow adding untagged direct vlan only for Basic zone
if (zone.getNetworkType() == NetworkType.Advanced && vlanId.equals(Vlan.UNTAGGED) && !forVirtualNetwork) {
if (zone.getNetworkType() == NetworkType.Advanced && vlanId.equals(Vlan.UNTAGGED) && (!forVirtualNetwork || zone.isSecurityGroupEnabled())) {
throw new InvalidParameterValueException("Direct untagged network is not supported for the zone " + zone.getId() + " of type " + zone.getNetworkType());
} else if (zone.getNetworkType() == NetworkType.Basic && !(vlanId.equals(Vlan.UNTAGGED) && !forVirtualNetwork)) {
throw new InvalidParameterValueException("Only direct untagged network is supported in the zone " + zone.getId() + " of type " + zone.getNetworkType());

4
server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
View File

@ -563,9 +563,9 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx
Account systemAcct = _accountMgr.getSystemAccount();
DataCenterDeployment plan = new DataCenterDeployment(dataCenterId);
List<NetworkOfferingVO> defaultOffering = _networkMgr.getSystemAccountNetworkOfferings(NetworkOfferingVO.SystemPublicNetwork);
if (dc.getNetworkType() == NetworkType.Basic) {
if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) {
defaultOffering = _networkMgr.getSystemAccountNetworkOfferings(NetworkOfferingVO.SystemGuestNetwork);
}

18
server/src/com/cloud/dc/DataCenterVO.java
View File

@ -97,6 +97,9 @@ public class DataCenterVO implements DataCenter {
@Column(name="firewall_provider")
private String firewallProvider;
@Column(name="is_security_group_enabled")
boolean securityGroupEnabled;
@Column(name="mac_address", updatable = false, nullable=false)
@TableGenerator(name="mac_address_sq", table="data_center", pkColumnName="id", valueColumnName="mac_address", allocationSize=1)
private long macAddress = 1;
@ -147,11 +150,11 @@ public class DataCenterVO implements DataCenter {
}
public DataCenterVO(long id, String name, String description, String dns1, String dns2, String dns3, String dns4, String vnet, String guestCidr, String domain, Long domainId, NetworkType zoneType) {
this(name, description, dns1, dns2, dns3, dns4, vnet, guestCidr, domain, domainId, zoneType);
this(name, description, dns1, dns2, dns3, dns4, vnet, guestCidr, domain, domainId, zoneType, false);
this.id = id;
}
public DataCenterVO(String name, String description, String dns1, String dns2, String dns3, String dns4, String vnet, String guestCidr, String domain, Long domainId, NetworkType zoneType) {
public DataCenterVO(String name, String description, String dns1, String dns2, String dns3, String dns4, String vnet, String guestCidr, String domain, Long domainId, NetworkType zoneType, boolean securityGroupEnabled) {
this.name = name;
this.description = description;
this.dns1 = dns1;
@ -163,6 +166,7 @@ public class DataCenterVO implements DataCenter {
this.domain = domain;
this.domainId = domainId;
this.networkType = zoneType;
this.securityGroupEnabled = securityGroupEnabled;
loadBalancerProvider = Provider.VirtualRouter.getName();
firewallProvider = Provider.VirtualRouter.getName();
dhcpProvider = Provider.VirtualRouter.getName();
@ -302,5 +306,13 @@ public class DataCenterVO implements DataCenter {
public NetworkType getNetworkType() {
return networkType;
}
@Override
public boolean isSecurityGroupEnabled() {
return securityGroupEnabled;
}
public void setSecurityGroupEnabled(boolean enabled) {
this.securityGroupEnabled = enabled;
}
}

5
server/src/com/cloud/network/NetworkManagerImpl.java
View File

@ -1489,6 +1489,9 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
throw new InvalidParameterValueException("Network creation is not allowed in zone with network type " + NetworkType.Basic);
}
if (zone.isSecurityGroupEnabled() && networkOffering.getGuestType() == GuestIpType.Virtual) {
throw new InvalidParameterValueException("Virtual Network creation is not allowd if zone is security group enabled");
}
//If one of the following parameters are defined (starIP/endIP/netmask/gateway), all the rest should be defined too
ArrayList<String> networkConfigs = new ArrayList<String>();
@ -1552,7 +1555,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
}
txn.start();
Network network = createNetwork(networkOfferingId, name, displayText, isShared, isDefault, zoneId, gateway, cidr, vlanId, networkDomain, owner, cmd.isSecurityGroupEnabled());
Network network = createNetwork(networkOfferingId, name, displayText, isShared, isDefault, zoneId, gateway, cidr, vlanId, networkDomain, owner, false);
// Don't pass owner to create vlan when network offering is of type Direct - done to prevent accountVlanMap entry
// creation when vlan is mapped to network

2
server/src/com/cloud/network/NetworkVO.java
View File

@ -135,7 +135,7 @@ public class NetworkVO implements Network {
boolean isDefault;
@Column(name="is_security_group_enabled")
boolean securityGroupEnabled = false;
boolean securityGroupEnabled;
public NetworkVO() {
}

11
server/src/com/cloud/network/guru/DirectNetworkGuru.java
View File

@ -69,8 +69,13 @@ public class DirectNetworkGuru extends AdapterBase implements NetworkGuru {
protected boolean canHandle(NetworkOffering offering, DataCenter dc) {
//this guru handles only non-system network with guestIpType = Direct
if (dc.getNetworkType() == NetworkType.Advanced && offering.getGuestType() == GuestIpType.Direct && offering.getTrafficType() == TrafficType.Guest && !offering.isSystemOnly()) {
return true;
if (dc.getNetworkType() == NetworkType.Advanced && offering.getGuestType() == GuestIpType.Direct && offering.getTrafficType() == TrafficType.Guest) {
if (dc.isSecurityGroupEnabled()) {
return true;
} else if (!offering.isSystemOnly()) {
return true;
}
return false;
} else {
s_logger.trace("We only take care of Guest Direct networks");
return false;
@ -98,6 +103,8 @@ public class DirectNetworkGuru extends AdapterBase implements NetworkGuru {
throw new InvalidParameterValueException("cidr and gateway must be specified together.");
}
config.setSecurityGroupEnabled(userSpecified.isSecurityGroupEnabled());
if (userSpecified.getCidr() != null) {
config.setCidr(userSpecified.getCidr());
config.setGateway(userSpecified.getGateway());

9
server/src/com/cloud/network/guru/PublicNetworkGuru.java
View File

@ -54,7 +54,7 @@ public class PublicNetworkGuru extends AdapterBase implements NetworkGuru {
protected boolean canHandle(NetworkOffering offering, DataCenter dc) {
if (dc.getNetworkType() == NetworkType.Advanced && offering.getTrafficType() == TrafficType.Public && offering.isSystemOnly()) {
if (dc.getNetworkType() == NetworkType.Advanced && offering.getTrafficType() == TrafficType.Public && offering.isSystemOnly() && !dc.isSecurityGroupEnabled()) {
return true;
} else {
s_logger.trace("We only take care of System only Public Virtual Network");
@ -71,12 +71,7 @@ public class PublicNetworkGuru extends AdapterBase implements NetworkGuru {
}
if (offering.getTrafficType() == TrafficType.Public) {
GuestIpType type = null;
if (network.isSecurityGroupEnabled()) {
type = GuestIpType.Direct;
}
NetworkVO ntwk = new NetworkVO(offering.getTrafficType(), type, Mode.Static, BroadcastDomainType.Vlan, offering.getId(), plan.getDataCenterId(), State.Setup);
NetworkVO ntwk = new NetworkVO(offering.getTrafficType(), null, Mode.Static, BroadcastDomainType.Vlan, offering.getId(), plan.getDataCenterId(), State.Setup);
return ntwk;
} else {
return null;

2
server/src/com/cloud/server/ConfigurationServerImpl.java
View File

@ -610,7 +610,7 @@ public class ConfigurationServerImpl implements ConfigurationServer {
}
}
// Create the new zone in the database
DataCenterVO zone = new DataCenterVO(zoneName, null, dns1, dns2, internalDns1, internalDns2, vnetRange, guestCidr, domain, domainId, zoneType);
DataCenterVO zone = new DataCenterVO(zoneName, null, dns1, dns2, internalDns1, internalDns2, vnetRange, guestCidr, domain, domainId, zoneType, false);
zone = _zoneDao.persist(zone);
// Add vnet entries for the new zone

3
server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
View File

@ -380,7 +380,8 @@ public class SecondaryStorageManagerImpl implements SecondaryStorageVmManager, V
DataCenter dc = _dcDao.findById(plan.getDataCenterId());
List<NetworkOfferingVO> defaultOffering = _networkMgr.getSystemAccountNetworkOfferings(NetworkOfferingVO.SystemPublicNetwork);
if (dc.getNetworkType() == NetworkType.Basic) {
if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) {
defaultOffering = _networkMgr.getSystemAccountNetworkOfferings(NetworkOfferingVO.SystemGuestNetwork);
}

15
server/src/com/cloud/vm/UserVmManagerImpl.java
View File

@ -104,6 +104,7 @@ import com.cloud.ha.HighAvailabilityManager;
import com.cloud.host.HostVO;
import com.cloud.host.dao.DetailsDao;
import com.cloud.host.dao.HostDao;
import com.cloud.hypervisor.Hypervisor;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.network.IPAddressVO;
import com.cloud.network.Network;
@ -2706,13 +2707,13 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
@Override
public boolean isVmSecurityGroupEnabled(Long vmId) {
List<NicVO> nics = _nicDao.listByVmId(vmId);
for (NicVO nic : nics) {
Network network = _networkDao.findById(nic.getNetworkId());
if (network != null && network.isSecurityGroupEnabled()) {
return true;
}
}
UserVmVO userVM = _vmDao.findById(vmId);
if (userVM != null) {
DataCenterVO dataCenter = _dcDao.findById(userVM.getDataCenterId());
if (dataCenter != null && dataCenter.isSecurityGroupEnabled() && userVM.getHypervisorType() != Hypervisor.HypervisorType.VMware) {
return true;
}
}
return false;
}
}

3
setup/db/create-schema.sql
View File

@ -179,7 +179,7 @@ CREATE TABLE `cloud`.`networks` (
`is_default` int(1) unsigned NOT NULL DEFAULT 0 COMMENT '1 if network is default',
`created` datetime NOT NULL COMMENT 'date created',
`removed` datetime COMMENT 'date removed if not null',
`is_security_group_enabled` smallint(1) NOT NULL COMMENT '1: enabled, 0: not',
`is_security_group_enabled` tinyint NOT NULL DEFAULT 0 COMMENT '1: enabled, 0: not',
PRIMARY KEY (`id`),
CONSTRAINT `fk_networks__network_offering_id` FOREIGN KEY (`network_offering_id`) REFERENCES `network_offerings`(`id`),
CONSTRAINT `fk_networks__data_center_id` FOREIGN KEY (`data_center_id`) REFERENCES `data_center`(`id`),
@ -474,6 +474,7 @@ CREATE TABLE `cloud`.`data_center` (
`vpn_provider` char(64) DEFAULT 'VirtualRouter',
`userdata_provider` char(64) DEFAULT 'VirtualRouter',
`enable` tinyint NOT NULL DEFAULT 1 COMMENT 'Is this data center enabled for activities',
`is_security_group_enabled` tinyint NOT NULL DEFAULT 0 COMMENT '1: enabled, 0: not',
PRIMARY KEY (`id`),
CONSTRAINT `fk_data_center__domain_id` FOREIGN KEY (`domain_id`) REFERENCES `domain`(`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;