apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'sg-in-advanced-zone'

Browse Source 
Conflicts:
	server/src/com/cloud/network/NetworkManagerImpl.java
	server/src/com/cloud/vm/UserVmManagerImpl.java
This commit is contained in:
anthony 2013-02-07 15:19:41 -08:00
commit 951cba92bb
7 changed files with 83 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
server/src/com/cloud/configuration/ConfigurationManagerImpl.java
View File

@ -1523,13 +1523,11 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
// check if zone has necessary trafficTypes before enabling // check if zone has necessary trafficTypes before enabling
try { try {
PhysicalNetwork mgmtPhyNetwork; PhysicalNetwork mgmtPhyNetwork;
if (NetworkType.Advanced == zone.getNetworkType()) { // zone should have a physical network with management traffiType
// zone should have a physical network with public and management traffiType mgmtPhyNetwork = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Management);
if (NetworkType.Advanced == zone.getNetworkType() && ! zone.isSecurityGroupEnabled() ) {
// advanced zone without SG should have a physical network with public Thpe
_networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Public); _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Public);
mgmtPhyNetwork = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Management);
} else {
// zone should have a physical network with management traffiType
mgmtPhyNetwork = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Management);
} }
try { try {

31
server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
View File

@ -756,19 +756,28 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
DataCenterDeployment plan = new DataCenterDeployment(dataCenterId); DataCenterDeployment plan = new DataCenterDeployment(dataCenterId);
TrafficType defaultTrafficType = TrafficType.Public; NetworkVO defaultNetwork = null;
if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) { if (dc.getNetworkType() == NetworkType.Advanced && dc.isSecurityGroupEnabled()) {
defaultTrafficType = TrafficType.Guest; List<NetworkVO> networks = _networkDao.listByZoneSecurityGroup(dataCenterId);
if (networks == null || networks.size() == 0) {
throw new CloudRuntimeException("Can not found security enabled network in SG Zone " + dc);
}
defaultNetwork = networks.get(0);
} else {
TrafficType defaultTrafficType = TrafficType.Public;
if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) {
defaultTrafficType = TrafficType.Guest;
}
List<NetworkVO> defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType);
// api should never allow this situation to happen
if (defaultNetworks.size() != 1) {
throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type "
+ defaultTrafficType + " when expect to find 1");
}
defaultNetwork = defaultNetworks.get(0);
} }
List<NetworkVO> defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType);
if (defaultNetworks.size() != 1) {
throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type " + defaultTrafficType + " when expect to find 1");
}
NetworkVO defaultNetwork = defaultNetworks.get(0);
List<? extends NetworkOffering> offerings = _networkModel.getSystemAccountNetworkOfferings(NetworkOffering.SystemControlNetwork, NetworkOffering.SystemManagementNetwork); List<? extends NetworkOffering> offerings = _networkModel.getSystemAccountNetworkOfferings(NetworkOffering.SystemControlNetwork, NetworkOffering.SystemManagementNetwork);
List<Pair<NetworkVO, NicProfile>> networks = new ArrayList<Pair<NetworkVO, NicProfile>>(offerings.size() + 1); List<Pair<NetworkVO, NicProfile>> networks = new ArrayList<Pair<NetworkVO, NicProfile>>(offerings.size() + 1);
NicProfile defaultNic = new NicProfile(); NicProfile defaultNic = new NicProfile();

13
server/src/com/cloud/network/NetworkManagerImpl.java
View File

@ -1859,11 +1859,14 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager, L
} }
// Only Account specific Isolated network with sourceNat service disabled are allowed in security group // Only Account specific Isolated network with sourceNat service disabled are allowed in security group
// enabled zone // enabled zone
boolean allowCreation = (ntwkOff.getGuestType() == GuestType.Isolated if ( ntwkOff.getGuestType() != GuestType.Shared ){
&& !_networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat)); throw new InvalidParameterValueException("Only shared guest network can be created in security group enabled zone");
if (!allowCreation) { }
throw new InvalidParameterValueException("Only Account specific Isolated network with sourceNat " + if ( _networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat)) {
"service disabled are allowed in security group enabled zone"); throw new InvalidParameterValueException("Service SourceNat is not allowed in security group enabled zone");
}
if ( ! _networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SecurityGroup)) {
throw new InvalidParameterValueException("network must have SecurityGroup provider in security group enabled zone");
} }
} }

6
server/src/com/cloud/resource/ResourceManagerImpl.java
View File

@ -427,6 +427,12 @@ public class ResourceManagerImpl extends ManagerBase implements ResourceManager,
+ cmd.getHypervisor() + " to a supported "); + cmd.getHypervisor() + " to a supported ");
} }
if (zone.isSecurityGroupEnabled()) {
if( hypervisorType != HypervisorType.KVM && hypervisorType != HypervisorType.XenServer ) {
throw new InvalidParameterValueException("Don't support hypervisor type " + hypervisorType + " in advanced security enabled zone");
}
}
Cluster.ClusterType clusterType = null; Cluster.ClusterType clusterType = null;
if (cmd.getClusterType() != null && !cmd.getClusterType().isEmpty()) { if (cmd.getClusterType() != null && !cmd.getClusterType().isEmpty()) {
clusterType = Cluster.ClusterType.valueOf(cmd.getClusterType()); clusterType = Cluster.ClusterType.valueOf(cmd.getClusterType());

32
server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
View File

@ -540,19 +540,27 @@ public class SecondaryStorageManagerImpl extends ManagerBase implements Secondar
DataCenterDeployment plan = new DataCenterDeployment(dataCenterId); DataCenterDeployment plan = new DataCenterDeployment(dataCenterId);
DataCenter dc = _dcDao.findById(plan.getDataCenterId()); DataCenter dc = _dcDao.findById(plan.getDataCenterId());
TrafficType defaultTrafficType = TrafficType.Public; NetworkVO defaultNetwork = null;
if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) { if (dc.getNetworkType() == NetworkType.Advanced && dc.isSecurityGroupEnabled()) {
defaultTrafficType = TrafficType.Guest; List<NetworkVO> networks = _networkDao.listByZoneSecurityGroup(dataCenterId);
if (networks == null || networks.size() == 0) {
throw new CloudRuntimeException("Can not found security enabled network in SG Zone " + dc);
}
defaultNetwork = networks.get(0);
} else {
TrafficType defaultTrafficType = TrafficType.Public;
if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) {
defaultTrafficType = TrafficType.Guest;
}
List<NetworkVO> defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType);
// api should never allow this situation to happen
if (defaultNetworks.size() != 1) {
throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type "
+ defaultTrafficType + " when expect to find 1");
}
defaultNetwork = defaultNetworks.get(0);
} }
List<NetworkVO> defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType);
//api should never allow this situation to happen
if (defaultNetworks.size() != 1) {
throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type " + defaultTrafficType + " when expect to find 1");
}
NetworkVO defaultNetwork = defaultNetworks.get(0);
List<? extends NetworkOffering> offerings = _networkModel.getSystemAccountNetworkOfferings(NetworkOfferingVO.SystemControlNetwork, NetworkOfferingVO.SystemManagementNetwork, NetworkOfferingVO.SystemStorageNetwork); List<? extends NetworkOffering> offerings = _networkModel.getSystemAccountNetworkOfferings(NetworkOfferingVO.SystemControlNetwork, NetworkOfferingVO.SystemManagementNetwork, NetworkOfferingVO.SystemStorageNetwork);
List<Pair<NetworkVO, NicProfile>> networks = new ArrayList<Pair<NetworkVO, NicProfile>>(offerings.size() + 1); List<Pair<NetworkVO, NicProfile>> networks = new ArrayList<Pair<NetworkVO, NicProfile>>(offerings.size() + 1);

98
server/src/com/cloud/vm/UserVmManagerImpl.java
View File

@ -2867,94 +2867,47 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Use
Account caller = UserContext.current().getCaller(); Account caller = UserContext.current().getCaller();
List<NetworkVO> networkList = new ArrayList<NetworkVO>(); List<NetworkVO> networkList = new ArrayList<NetworkVO>();
boolean isSecurityGroupEnabledNetworkUsed = false;
boolean isVmWare = (template.getHypervisorType() == HypervisorType.VMware || (hypervisor != null && hypervisor == HypervisorType.VMware)); boolean isVmWare = (template.getHypervisorType() == HypervisorType.VMware || (hypervisor != null && hypervisor == HypervisorType.VMware));
if (isVmWare) {
throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor");
}
// Verify that caller can perform actions in behalf of vm owner // Verify that caller can perform actions in behalf of vm owner
_accountMgr.checkAccess(caller, null, true, owner); _accountMgr.checkAccess(caller, null, true, owner);
// If no network is specified, find system security group enabled
// network
if (networkIdList == null || networkIdList.isEmpty()) { if (networkIdList == null || networkIdList.isEmpty()) {
Network networkWithSecurityGroup = _networkModel.getNetworkWithSecurityGroupEnabled(zone.getId()); throw new InvalidParameterValueException("need to specify networkIDs");
if (networkWithSecurityGroup == null) { }
throw new InvalidParameterValueException( if (networkIdList.size() > 1 ) {
"No network with security enabled is found in zone id=" throw new InvalidParameterValueException("VM can only be on one network in Zone with Security group enabled zone");
+ zone.getId()); }
} // Verify that all the networks are Shared/Guest; can't create combination of SG enabled and disabled networks
for (Long networkId : networkIdList) {
networkList.add(_networkDao.findById(networkWithSecurityGroup.getId())); NetworkVO network = _networkDao.findById(networkId);
isSecurityGroupEnabledNetworkUsed = true;
} else if (securityGroupIdList != null
&& !securityGroupIdList.isEmpty()) {
if (isVmWare) {
throw new InvalidParameterValueException(
"Security group feature is not supported for vmWare hypervisor");
}
// Only one network can be specified, and it should be security
// group enabled
if (networkIdList.size() > 1) {
throw new InvalidParameterValueException(
"Only support one network per VM if security group enabled");
}
NetworkVO network = _networkDao.findById(networkIdList.get(0)
.longValue());
if (network == null) { if (network == null) {
throw new InvalidParameterValueException( throw new InvalidParameterValueException(
"Unable to find network by id " "Unable to find network by id "
+ networkIdList.get(0).longValue()); + networkIdList.get(0).longValue());
} }
if (!_networkModel.isSecurityGroupSupportedInNetwork(network)) { boolean isSecurityGroupEnabled = _networkModel.isSecurityGroupSupportedInNetwork(network);
throw new InvalidParameterValueException("Network is not security group enabled: " + network.getId()); if ( ! isSecurityGroupEnabled) {
} throw new InvalidParameterValueException("Only support Security Group enabled networks in Security enabled zone, network " + network.getUuid() + " doesn't support security group ");
}
networkList.add(network); if (!(network.getTrafficType() == TrafficType.Guest && network.getGuestType() == Network.GuestType.Shared)) {
isSecurityGroupEnabledNetworkUsed = true; throw new InvalidParameterValueException("Can specify only Shared Guest networks when" +
} else {
// Verify that all the networks are Shared/Guest; can't create combination of SG enabled and disabled networks
for (Long networkId : networkIdList) {
NetworkVO network = _networkDao.findById(networkId);
if (network == null) {
throw new InvalidParameterValueException(
"Unable to find network by id "
+ networkIdList.get(0).longValue());
}
boolean isSecurityGroupEnabled = _networkModel.isSecurityGroupSupportedInNetwork(network);
if (isSecurityGroupEnabled) {
if (networkIdList.size() > 1) {
throw new InvalidParameterValueException("Can't create a vm with multiple networks one of" +
" which is Security Group enabled");
}
isSecurityGroupEnabledNetworkUsed = true;
}
if (!(network.getTrafficType() == TrafficType.Guest && network.getGuestType() == Network.GuestType.Shared)) {
throw new InvalidParameterValueException("Can specify only Shared Guest networks when" +
" deploy vm in Advance Security Group enabled zone"); " deploy vm in Advance Security Group enabled zone");
}
// Perform account permission check
if (network.getAclType() == ACLType.Account) {
_accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
}
networkList.add(network);
} }
}
// Perform account permission check
if (network.getAclType() == ACLType.Account) {
_accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
}
networkList.add(network);
}
// if network is security group enabled, and no security group is specified, then add the default security group automatically // if network is security group enabled, and no security group is specified, then add the default security group automatically
if (isSecurityGroupEnabledNetworkUsed && !isVmWare && _networkModel.canAddDefaultSecurityGroup()) { if ( _networkModel.canAddDefaultSecurityGroup()) {
if(securityGroupIdList == null || securityGroupIdList.isEmpty()){
// add the default securityGroup only if no security group is
// specified
if (securityGroupIdList == null || securityGroupIdList.isEmpty()) {
if (securityGroupIdList == null) { if (securityGroupIdList == null) {
securityGroupIdList = new ArrayList<Long>(); securityGroupIdList = new ArrayList<Long>();
} }
@ -2978,7 +2931,6 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Use
} }
} }
} }
return createVirtualMachine(zone, serviceOffering, template, hostName, displayName, owner, diskOfferingId, return createVirtualMachine(zone, serviceOffering, template, hostName, displayName, owner, diskOfferingId,
diskSize, networkList, securityGroupIdList, group, userData, sshKeyPair, hypervisor, caller, requestedIps, defaultIps, keyboard); diskSize, networkList, securityGroupIdList, group, userData, sshKeyPair, hypervisor, caller, requestedIps, defaultIps, keyboard);
} }

1
ui/scripts/zoneWizard.js
View File

@ -373,7 +373,6 @@
var nonSupportedHypervisors = {}; var nonSupportedHypervisors = {};
if(args.context.zones[0]['network-model'] == "Advanced" && args.context.zones[0]['zone-advanced-sg-enabled'] == "on") { if(args.context.zones[0]['network-model'] == "Advanced" && args.context.zones[0]['zone-advanced-sg-enabled'] == "on") {
firstOption = "KVM"; firstOption = "KVM";
nonSupportedHypervisors["XenServer"] = 1; //to developers: comment this line if you need to test Advanced SG-enabled zone with XenServer hypervisor
nonSupportedHypervisors["VMware"] = 1; nonSupportedHypervisors["VMware"] = 1;
nonSupportedHypervisors["BareMetal"] = 1; nonSupportedHypervisors["BareMetal"] = 1;
nonSupportedHypervisors["Ovm"] = 1; nonSupportedHypervisors["Ovm"] = 1;