apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-02 20:02:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup firewall/pf/lb/vpn rules as a part of networkShutdown

Browse Source
This commit is contained in:
alena 2011-10-26 17:59:37 -07:00
parent a48ee9c568
commit 95bac58076
6 changed files with 278 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/src/com/cloud/network/lb/LoadBalancingRule.java
View File

@ -152,6 +152,10 @@ public class LoadBalancingRule implements FirewallRule, LoadBalancer{
public boolean isRevoked() {
return revoked;
}
public void setRevoked(boolean revoked) {
this.revoked = revoked;
}
}
@Override

341
server/src/com/cloud/network/NetworkManagerImpl.java
View File

@ -97,6 +97,7 @@ import com.cloud.network.PhysicalNetwork.BroadcastDomainRange;
import com.cloud.network.addr.PublicIp;
import com.cloud.network.dao.FirewallRulesDao;
import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.dao.LoadBalancerDao;
import com.cloud.network.dao.NetworkDao;
import com.cloud.network.dao.NetworkDomainDao;
import com.cloud.network.dao.PhysicalNetworkDao;
@ -110,13 +111,19 @@ import com.cloud.network.element.RemoteAccessVPNServiceProvider;
import com.cloud.network.element.SourceNATServiceProvider;
import com.cloud.network.element.StaticNATServiceProvider;
import com.cloud.network.guru.NetworkGuru;
import com.cloud.network.lb.LoadBalancingRule;
import com.cloud.network.lb.LoadBalancingRule.LbDestination;
import com.cloud.network.lb.LoadBalancingRulesManager;
import com.cloud.network.rules.FirewallManager;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.FirewallRule.Purpose;
import com.cloud.network.rules.FirewallRuleVO;
import com.cloud.network.rules.PortForwardingRuleVO;
import com.cloud.network.rules.RulesManager;
import com.cloud.network.rules.StaticNat;
import com.cloud.network.rules.StaticNatRule;
import com.cloud.network.rules.StaticNatRuleImpl;
import com.cloud.network.rules.dao.PortForwardingRulesDao;
import com.cloud.network.vpn.RemoteAccessVpnService;
import com.cloud.offering.NetworkOffering;
import com.cloud.offering.NetworkOffering.Availability;
@ -244,6 +251,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
@Inject NetworkOfferingServiceMapDao _ntwkOfferingSrvcDao;
@Inject PhysicalNetworkDao _physicalNetworkDao;
@Inject PhysicalNetworkServiceProviderDao _pNSPDao;
@Inject PortForwardingRulesDao _portForwardingRulesDao;
@Inject LoadBalancerDao _lbDao;
private final HashMap<String, NetworkOfferingVO> _systemNetworks = new HashMap<String, NetworkOfferingVO>(5);
@ -511,6 +520,32 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
}
}
boolean success = applyIpAssociations(network, continueOnError, publicIps);
if (success) {
for (IPAddressVO addr : userIps) {
if (addr.getState() == IpAddress.State.Allocating) {
addr.setAssociatedWithNetworkId(network.getId());
markPublicIpAsAllocated(addr);
} else if (addr.getState() == IpAddress.State.Releasing) {
// Cleanup all the resources for ip address if there are any, and only then un-assign ip in the system
if (cleanupIpResources(addr.getId(), Account.ACCOUNT_ID_SYSTEM, _accountMgr.getSystemAccount())) {
_ipAddressDao.unassignIpAddress(addr.getId());
} else {
success = false;
s_logger.warn("Failed to release resources for ip address id=" + addr.getId());
}
}
}
}
return success;
}
protected boolean applyIpAssociations(Network network, boolean continueOnError, List<PublicIp> publicIps) throws ResourceUnavailableException {
boolean success = true;
int found = 0;
for (NetworkElement element : _networkElements) {
@ -531,29 +566,10 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
}
}
}
if (success) {
for (IPAddressVO addr : userIps) {
if (addr.getState() == IpAddress.State.Allocating) {
addr.setAssociatedWithNetworkId(network.getId());
markPublicIpAsAllocated(addr);
} else if (addr.getState() == IpAddress.State.Releasing) {
// Cleanup all the resources for ip address if there are any, and only then unassign ip in the system
if (cleanupIpResources(addr.getId(), Account.ACCOUNT_ID_SYSTEM, _accountMgr.getSystemAccount())) {
_ipAddressDao.unassignIpAddress(addr.getId());
} else {
success = false;
s_logger.warn("Failed to release resources for ip address id=" + addr.getId());
}
}
}
}
return success;
}
@Override
public List<? extends Network> getIsolatedNetworksOwnedByAccountInZone(long zoneId, Account owner) {
@ -1287,7 +1303,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
// reapply all the firewall/staticNat/lb rules
s_logger.debug("Reprogramming network " + network + " as a part of network implement");
if (!reprogramNetwork(networkId, UserContext.current().getCaller(), network)) {
if (!reprogramNetworkRules(networkId, UserContext.current().getCaller(), network)) {
s_logger.warn("Failed to re-program the network as a part of network " + network + " implement");
throw new ResourceUnavailableException("Unable to apply network rules as a part of network " + network + " implement", DataCenter.class, network.getDataCenterId());
}
@ -2151,7 +2167,17 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
_networksDao.update(network.getId(), network);
txn.commit();
//1) FIXME - Cleanup all the rules for the network
//1) Cleanup all the rules for the network. If it fails, just log the failure and proceed with shutting down the elements
boolean cleanupResult = true;
try {
cleanupResult = shutdownNetworkResources(networkId, context.getAccount(), context.getCaller().getId());
} catch (Exception ex) {
s_logger.warn("shutdownNetworkRules failed during the network " + network + " shutdown due to ", ex);
} finally {
if (!cleanupResult) {
s_logger.warn("Failed to cleanup network id=" + networkId + " resources as a part of shutdownNetwork");
}
}
//2) Shutdown all the network elements
boolean success = true;
@ -2285,66 +2311,6 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
return success;
}
private boolean cleanupNetworkResources(long networkId, Account caller, long callerUserId) {
boolean success = true;
Network network = getNetwork(networkId);
// remove all PF/Static Nat rules for the network
try {
if (_rulesMgr.revokeAllPFStaticNatRulesForNetwork(networkId, callerUserId, caller)) {
s_logger.debug("Successfully cleaned up portForwarding/staticNat rules for network id=" + networkId);
} else {
success = false;
s_logger.warn("Failed to release portForwarding/StaticNat rules as a part of network id=" + networkId + " cleanup");
}
} catch (ResourceUnavailableException ex) {
success = false;
// shouldn't even come here as network is being cleaned up after all network elements are shutdown
s_logger.warn("Failed to release portForwarding/StaticNat rules as a part of network id=" + networkId + " cleanup due to resourceUnavailable ", ex);
}
// remove all LB rules for the network
if (_lbMgr.removeAllLoadBalanacersForNetwork(networkId, caller, callerUserId)) {
s_logger.debug("Successfully cleaned up load balancing rules for network id=" + networkId);
} else {
// shouldn't even come here as network is being cleaned up after all network elements are shutdown
success = false;
s_logger.warn("Failed to cleanup LB rules as a part of network id=" + networkId + " cleanup");
}
//revoke all firewall rules for the network
try {
if (_firewallMgr.revokeAllFirewallRulesForNetwork(networkId, callerUserId, caller)) {
s_logger.debug("Successfully cleaned up firewallRules rules for network id=" + networkId);
} else {
success = false;
s_logger.warn("Failed to cleanup Firewall rules as a part of network id=" + networkId + " cleanup");
}
} catch (ResourceUnavailableException ex) {
success = false;
// shouldn't even come here as network is being cleaned up after all network elements are shutdown
s_logger.warn("Failed to cleanup Firewall rules as a part of network id=" + networkId + " cleanup due to resourceUnavailable ", ex);
}
// release all ip addresses
List<IPAddressVO> ipsToRelease = _ipAddressDao.listByAssociatedNetwork(networkId, null);
for (IPAddressVO ipToRelease : ipsToRelease) {
IPAddressVO ip = markIpAsUnavailable(ipToRelease.getId());
assert (ip != null) : "Unable to mark the ip address id=" + ipToRelease.getId() + " as unavailable.";
}
try {
if (!applyIpAssociations(network, true)) {
s_logger.warn("Unable to apply ip address associations for " + network);
success = false;
}
} catch (ResourceUnavailableException e) {
throw new CloudRuntimeException("We should never get to here because we used true when applyIpAssociations", e);
}
return success;
}
private boolean deleteVlansInNetwork(long networkId, long userId) {
List<VlanVO> vlans = _vlanDao.listVlansByNetworkId(networkId);
boolean result = true;
@ -2456,8 +2422,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
// This method restarts all network elements belonging to the network and re-applies all the rules
Long networkId = cmd.getNetworkId();
User caller = _accountMgr.getActiveUser(UserContext.current().getCallerUserId());
Account callerAccount = _accountMgr.getActiveAccountById(caller.getAccountId());
User callerUser = _accountMgr.getActiveUser(UserContext.current().getCallerUserId());
Account callerAccount = _accountMgr.getActiveAccountById(callerUser.getAccountId());
// Check if network exists
NetworkVO network = _networksDao.findById(networkId);
@ -2472,7 +2438,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
_accountMgr.checkAccess(callerAccount, null, network);
boolean success = restartNetwork(networkId, callerAccount, null, cleanup);
boolean success = restartNetwork(networkId, callerAccount, callerUser, null, cleanup);
if (success) {
s_logger.debug("Network id=" + networkId + " is restarted successfully.");
@ -2503,14 +2469,14 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
}
}
private boolean restartNetwork(long networkId, Account caller, Long newNetworkOfferingId, boolean cleanup) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException {
private boolean restartNetwork(long networkId, Account callerAccount, User callerUser, Long newNetworkOfferingId, boolean cleanup) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException {
NetworkVO network = _networksDao.findById(networkId);
s_logger.debug("Restarting network " + networkId + "...");
//shutdown the network
ReservationContext context = new ReservationContextImpl(null, null, null, caller);
ReservationContext context = new ReservationContextImpl(null, null, callerUser, callerAccount);
s_logger.debug("Shutting down the network id=" + networkId + " as a part of network restart");
shutdownNetwork(networkId, context, cleanup);
@ -2544,7 +2510,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
//This method re-programs the rules/ips for existing network
protected boolean reprogramNetwork(long networkId, Account caller, NetworkVO network) throws ResourceUnavailableException {
protected boolean reprogramNetworkRules(long networkId, Account caller, NetworkVO network) throws ResourceUnavailableException {
boolean success = true;
// associate all ip addresses
if (!applyIpAssociations(network, false)) {
@ -3199,7 +3165,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
s_logger.info("Restarting network " + network + " as a part of update network call");
try {
success = restartNetwork(networkId, caller, networkOfferingId, true);
success = restartNetwork(networkId, caller, null, networkOfferingId, true);
} catch (Exception e) {
success = false;
}
@ -3960,8 +3926,6 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
return pNtwks.get(0);
}
@Override
public List<Long> listNetworkOfferingsForUpgrade(long networkId) {
@ -3971,5 +3935,198 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
return offerings;
}
private boolean cleanupNetworkResources(long networkId, Account caller, long callerUserId) {
boolean success = true;
Network network = getNetwork(networkId);
// remove all PF/Static Nat rules for the network
try {
if (_rulesMgr.revokeAllPFStaticNatRulesForNetwork(networkId, callerUserId, caller)) {
s_logger.debug("Successfully cleaned up portForwarding/staticNat rules for network id=" + networkId);
} else {
success = false;
s_logger.warn("Failed to release portForwarding/StaticNat rules as a part of network id=" + networkId + " cleanup");
}
} catch (ResourceUnavailableException ex) {
success = false;
// shouldn't even come here as network is being cleaned up after all network elements are shutdown
s_logger.warn("Failed to release portForwarding/StaticNat rules as a part of network id=" + networkId + " cleanup due to resourceUnavailable ", ex);
}
// remove all LB rules for the network
if (_lbMgr.removeAllLoadBalanacersForNetwork(networkId, caller, callerUserId)) {
s_logger.debug("Successfully cleaned up load balancing rules for network id=" + networkId);
} else {
// shouldn't even come here as network is being cleaned up after all network elements are shutdown
success = false;
s_logger.warn("Failed to cleanup LB rules as a part of network id=" + networkId + " cleanup");
}
//revoke all firewall rules for the network
try {
if (_firewallMgr.revokeAllFirewallRulesForNetwork(networkId, callerUserId, caller)) {
s_logger.debug("Successfully cleaned up firewallRules rules for network id=" + networkId);
} else {
success = false;
s_logger.warn("Failed to cleanup Firewall rules as a part of network id=" + networkId + " cleanup");
}
} catch (ResourceUnavailableException ex) {
success = false;
// shouldn't even come here as network is being cleaned up after all network elements are shutdown
s_logger.warn("Failed to cleanup Firewall rules as a part of network id=" + networkId + " cleanup due to resourceUnavailable ", ex);
}
// release all ip addresses
List<IPAddressVO> ipsToRelease = _ipAddressDao.listByAssociatedNetwork(networkId, null);
for (IPAddressVO ipToRelease : ipsToRelease) {
IPAddressVO ip = markIpAsUnavailable(ipToRelease.getId());
assert (ip != null) : "Unable to mark the ip address id=" + ipToRelease.getId() + " as unavailable.";
}
try {
if (!applyIpAssociations(network, true)) {
s_logger.warn("Unable to apply ip address associations for " + network);
success = false;
}
} catch (ResourceUnavailableException e) {
throw new CloudRuntimeException("We should never get to here because we used true when applyIpAssociations", e);
}
return success;
}
private boolean shutdownNetworkResources(long networkId, Account caller, long callerUserId) {
//This method cleans up network rules on the backend w/o touching them in the DB
boolean success = true;
// Mark all PF rules as revoked and apply them on the backend (not in the DB)
List<PortForwardingRuleVO> pfRules = _portForwardingRulesDao.listByNetwork(networkId);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Releasing " + pfRules.size() + " port forwarding rules for network id=" + networkId + " as a part of shutdownNetworkRules");
}
for (PortForwardingRuleVO pfRule : pfRules) {
s_logger.trace("Marking pf rule " + pfRule + " with Revoke state");
pfRule.setState(FirewallRule.State.Revoke);
}
try {
if (!_firewallMgr.applyRules(pfRules, true, false)) {
s_logger.warn("Failed to cleanup pf rules as a part of shutdownNetworkRules");
success = false;
}
} catch (ResourceUnavailableException ex) {
s_logger.warn("Failed to cleanup pf rules as a part of shutdownNetworkRules due to ", ex);
success = false;
}
// Mark all static rules as revoked and apply them on the backend (not in the DB)
List<FirewallRuleVO> firewallStaticNatRules = _firewallDao.listByNetworkAndPurpose(networkId, Purpose.StaticNat);
List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>();
if (s_logger.isDebugEnabled()) {
s_logger.debug("Releasing " + firewallStaticNatRules.size() + " static nat rules for network id=" + networkId + " as a part of shutdownNetworkRules");
}
for (FirewallRuleVO firewallStaticNatRule : firewallStaticNatRules) {
s_logger.trace("Marking static nat rule " + firewallStaticNatRule + " with Revoke state");
IpAddress ip = _ipAddressDao.findById(firewallStaticNatRule.getSourceIpAddressId());
FirewallRuleVO ruleVO = _firewallDao.findById(firewallStaticNatRule.getId());
if (ip == null || !ip.isOneToOneNat() || ip.getAssociatedWithVmId() == null) {
throw new InvalidParameterValueException("Source ip address of the rule id=" + firewallStaticNatRule.getId() + " is not static nat enabled");
}
String dstIp = getIpInNetwork(ip.getAssociatedWithVmId(), firewallStaticNatRule.getNetworkId());
ruleVO.setState(FirewallRule.State.Revoke);
staticNatRules.add(new StaticNatRuleImpl(ruleVO, dstIp));
}
try {
if (!_firewallMgr.applyRules(staticNatRules, true, false)) {
s_logger.warn("Failed to cleanup static nat rules as a part of shutdownNetworkRules");
success = false;
}
} catch (ResourceUnavailableException ex) {
s_logger.warn("Failed to cleanup static nat rules as a part of shutdownNetworkRules due to ", ex);
success = false;
}
// remove all LB rules for the network
List<LoadBalancerVO> lbs = _lbDao.listByNetworkId(networkId);
List<LoadBalancingRule> lbRules = new ArrayList<LoadBalancingRule>();
for (LoadBalancerVO lb : lbs) {
s_logger.trace("Marking lb rule " + lb + " with Revoke state");
lb.setState(FirewallRule.State.Revoke);
List<LbDestination> dstList = _lbMgr.getExistingDestinations(lb.getId());
//mark all destination with revoke state
for (LbDestination dst : dstList) {
s_logger.trace("Marking lb destination " + dst + " with Revoke state");
dst.setRevoked(true);
}
LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList);
lbRules.add(loadBalancing);
}
try {
if (!_firewallMgr.applyRules(lbRules, true, false)) {
s_logger.warn("Failed to cleanup lb rules as a part of shutdownNetworkRules");
success = false;
}
} catch (ResourceUnavailableException ex) {
s_logger.warn("Failed to cleanup lb rules as a part of shutdownNetworkRules due to ", ex);
success = false;
}
//revoke all firewall rules for the network w/o applying them on the DB
List<FirewallRuleVO> firewallRules = _firewallDao.listByNetworkAndPurpose(networkId, Purpose.Firewall);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Releasing " + firewallRules.size() + " firewall rules for network id=" + networkId + " as a part of shutdownNetworkRules");
}
for (FirewallRuleVO firewallRule : firewallRules) {
s_logger.trace("Marking firewall rule " + firewallRule + " with Revoke state");
firewallRule.setState(FirewallRule.State.Revoke);
}
try {
if (!_firewallMgr.applyRules(firewallRules, true, false)) {
s_logger.warn("Failed to cleanup firewall rules as a part of shutdownNetworkRules");
success = false;
}
} catch (ResourceUnavailableException ex) {
s_logger.warn("Failed to cleanup firewall rules as a part of shutdownNetworkRules due to ", ex);
success = false;
}
// Get all ip addresses, mark as releasing and release them on the backend (except for source nat) - DONE
Network network = getNetwork(networkId);
List<IPAddressVO> userIps = _ipAddressDao.listByAssociatedNetwork(networkId, null);
List<PublicIp> publicIpsToRelease = new ArrayList<PublicIp>();
if (userIps != null && !userIps.isEmpty()) {
for (IPAddressVO userIp : userIps) {
if (!userIp.isSourceNat()) {
userIp.setState(State.Releasing);
}
PublicIp publicIp = new PublicIp(userIp, _vlanDao.findById(userIp.getVlanId()), NetUtils.createSequenceBasedMacAddress(userIp.getMacAddress()));
publicIpsToRelease.add(publicIp);
}
}
try {
if (!applyIpAssociations(network, true, publicIpsToRelease)) {
s_logger.warn("Unable to apply ip address associations for " + network + " as a part of shutdownNetworkRules");
success = false;
}
} catch (ResourceUnavailableException e) {
throw new CloudRuntimeException("We should never get to here because we used true when applyIpAssociations", e);
}
return success;
}
}

4
server/src/com/cloud/network/element/RedundantVirtualRouterElement.java
View File

@ -43,9 +43,9 @@ public class RedundantVirtualRouterElement extends VirtualRouterElement implemen
}
private boolean canHandle(Type networkType, long offeringId) {
boolean result = (networkType == Network.Type.Isolated && _networkMgr.isProviderSupported(offeringId, Service.Gateway, Provider.VirtualRouter));
boolean result = (networkType == Network.Type.Isolated && _networkMgr.isProviderSupported(offeringId, Service.Gateway, getProvider()));
if (!result) {
s_logger.trace("Virtual router element only takes care of networktype " + Network.Type.Isolated + " for provider " + Provider.VirtualRouter.getName());
s_logger.trace("Virtual router element only takes care of networktype " + Network.Type.Isolated + " for provider " + getProvider().getName());
}
return result;
}

5
server/src/com/cloud/network/element/VirtualRouterElement.java
View File

@ -91,9 +91,9 @@ public class VirtualRouterElement extends DhcpElement implements VirtualRouterEl
@Inject VirtualRouterElementsDao _vrElementsDao;
private boolean canHandle(Type networkType, long offeringId) {
boolean result = (networkType == Network.Type.Isolated && _networkMgr.isProviderSupported(offeringId, Service.Gateway, Provider.VirtualRouter));
boolean result = (networkType == Network.Type.Isolated && _networkMgr.isProviderSupported(offeringId, Service.Gateway, getProvider()));
if (!result) {
s_logger.trace("Virtual router element only takes care of type " + Network.Type.Isolated + " for provider " + Provider.VirtualRouter.getName());
s_logger.trace("Virtual router element only takes care of type " + Network.Type.Isolated + " for provider " + getProvider().getName());
}
return result;
}
@ -251,7 +251,6 @@ public class VirtualRouterElement extends DhcpElement implements VirtualRouterEl
@Override
public boolean applyIps(Network network, List<? extends PublicIpAddress> ipAddress) throws ResourceUnavailableException {
DataCenter dc = _configMgr.getZone(network.getDataCenterId());
if (canHandle(network.getType(), network.getNetworkOfferingId())) {
List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(network.getId(), Role.DHCP_FIREWALL_LB_PASSWD_USERDATA);

10
server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
View File

@ -2524,15 +2524,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
if (rules != null && !rules.isEmpty()) {
try {
if (rules.get(0).getPurpose() == Purpose.LoadBalancing) {
// for load balancer we have to resend all lb rules for the network
List<LoadBalancerVO> lbs = _loadBalancerDao.listByNetworkId(network.getId());
List<LoadBalancingRule> lbRules = new ArrayList<LoadBalancingRule>();
for (LoadBalancerVO lb : lbs) {
List<LbDestination> dstList = _lbMgr.getExistingDestinations(lb.getId());
LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList);
lbRules.add(loadBalancing);
}
result = result && applyLBRules(router, lbRules);
result = result && applyLBRules(router, (List<LoadBalancingRule>)rules);
} else if (rules.get(0).getPurpose() == Purpose.PortForwarding) {
result = result && applyPortForwardingRules(router, (List<PortForwardingRule>) rules);
} else if (rules.get(0).getPurpose() == Purpose.StaticNat) {

58
server/src/com/cloud/network/rules/RulesManagerImpl.java
View File

@ -78,7 +78,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
String _name;
@Inject
PortForwardingRulesDao _forwardingDao;
PortForwardingRulesDao _portForwardingDao;
@Inject
FirewallRulesCidrsDao _firewallCidrsDao;
@Inject
@ -204,7 +204,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
PortForwardingRuleVO newRule = new PortForwardingRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), dstIp, rule.getDestinationPortStart(),
rule.getDestinationPortEnd(), rule.getProtocol().toLowerCase(), networkId, accountId, domainId, vmId);
newRule = _forwardingDao.persist(newRule);
newRule = _portForwardingDao.persist(newRule);
//create firewallRule for 0.0.0.0/0 cidr
if (openFirewall) {
@ -229,7 +229,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
txn.start();
//no need to apply the rule as it wasn't programmed on the backend yet
_firewallMgr.revokeRelatedFirewallRule(newRule.getId(), false);
_forwardingDao.remove(newRule.getId());
_portForwardingDao.remove(newRule.getId());
txn.commit();
}
@ -300,7 +300,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
txn.start();
//no need to apply the rule as it wasn't programmed on the backend yet
_firewallMgr.revokeRelatedFirewallRule(newRule.getId(), false);
_forwardingDao.remove(newRule.getId());
_portForwardingDao.remove(newRule.getId());
txn.commit();
}
@ -398,7 +398,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
UserContext ctx = UserContext.current();
Account caller = ctx.getCaller();
PortForwardingRuleVO rule = _forwardingDao.findById(ruleId);
PortForwardingRuleVO rule = _portForwardingDao.findById(ruleId);
if (rule == null) {
throw new InvalidParameterValueException("Unable to find " + ruleId);
}
@ -409,7 +409,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
private boolean revokePortForwardingRuleInternal(long ruleId, Account caller, long userId, boolean apply) {
PortForwardingRuleVO rule = _forwardingDao.findById(ruleId);
PortForwardingRuleVO rule = _portForwardingDao.findById(ruleId);
_firewallMgr.revokeRule(rule, caller, userId, true);
@ -464,7 +464,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
return false;
}
List<PortForwardingRuleVO> rules = _forwardingDao.listByVm(vmId);
List<PortForwardingRuleVO> rules = _portForwardingDao.listByVm(vmId);
Set<Long> ipsToReprogram = new HashSet<Long>();
if (rules == null || rules.isEmpty()) {
@ -527,7 +527,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
@Override
public List<? extends PortForwardingRule> listPortForwardingRulesForApplication(long ipId) {
return _forwardingDao.listForApplication(ipId);
return _portForwardingDao.listForApplication(ipId);
}
@Override
@ -555,7 +555,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
Filter filter = new Filter(PortForwardingRuleVO.class, "id", false, cmd.getStartIndex(), cmd.getPageSizeVal());
SearchBuilder<PortForwardingRuleVO> sb = _forwardingDao.createSearchBuilder();
SearchBuilder<PortForwardingRuleVO> sb = _portForwardingDao.createSearchBuilder();
sb.and("id", sb.entity().getId(), Op.EQ);
sb.and("ip", sb.entity().getSourceIpAddressId(), Op.EQ);
sb.and("accountId", sb.entity().getAccountId(), Op.IN);
@ -593,7 +593,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
sc.setJoinParameters("domainSearch", "path", path + "%");
}
return _forwardingDao.search(sc, filter);
return _portForwardingDao.search(sc, filter);
}
@Override
@ -603,7 +603,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
@Override
public boolean applyPortForwardingRules(long ipId, boolean continueOnError, Account caller) {
List<PortForwardingRuleVO> rules = _forwardingDao.listForApplication(ipId);
List<PortForwardingRuleVO> rules = _portForwardingDao.listForApplication(ipId);
if (rules.size() == 0) {
s_logger.debug("There are no firwall rules to apply for ip id=" + ipId);
@ -638,25 +638,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
for (FirewallRule rule : rules) {
IpAddress sourceIp = _ipAddressDao.findById(rule.getSourceIpAddressId());
UserVmVO vm = _vmDao.findById(sourceIp.getAssociatedWithVmId());
Long networkId = sourceIp.getAssociatedWithNetworkId();
if (networkId == null) {
throw new CloudRuntimeException("Ip address is not associated with any network");
}
Network network = _networkMgr.getNetwork(networkId);
if (network == null) {
throw new CloudRuntimeException("Unable to find ip address to map to in vm id=" + vm.getId());
}
Nic guestNic = _networkMgr.getNicInNetworkIncludingRemoved(vm.getId(), networkId);
FirewallRuleVO ruleVO = _firewallDao.findById(rule.getId());
staticNatRules.add(new StaticNatRuleImpl(ruleVO, guestNic.getIp4Address()));
staticNatRules.add(buildStaticNatRule(rule));
}
if (caller != null) {
@ -852,7 +834,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
public boolean revokeAllPFAndStaticNatRulesForIp(long ipId, long userId, Account caller) throws ResourceUnavailableException {
List<FirewallRule> rules = new ArrayList<FirewallRule>();
List<PortForwardingRuleVO> pfRules = _forwardingDao.listByIpAndNotRevoked(ipId);
List<PortForwardingRuleVO> pfRules = _portForwardingDao.listByIpAndNotRevoked(ipId);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Releasing " + pfRules.size() + " port forwarding rules for ip id=" + ipId);
}
@ -883,7 +865,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
applyStaticNatRules(ipId, true, caller);
// Now we check again in case more rules have been inserted.
rules.addAll(_forwardingDao.listByIpAndNotRevoked(ipId));
rules.addAll(_portForwardingDao.listByIpAndNotRevoked(ipId));
rules.addAll(_firewallDao.listByIpAndPurposeAndNotRevoked(ipId, Purpose.StaticNat));
if (s_logger.isDebugEnabled()) {
@ -897,7 +879,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
public boolean revokeAllPFStaticNatRulesForNetwork(long networkId, long userId, Account caller) throws ResourceUnavailableException {
List<FirewallRule> rules = new ArrayList<FirewallRule>();
List<PortForwardingRuleVO> pfRules = _forwardingDao.listByNetwork(networkId);
List<PortForwardingRuleVO> pfRules = _portForwardingDao.listByNetwork(networkId);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Releasing " + pfRules.size() + " port forwarding rules for network id=" + networkId);
}
@ -925,7 +907,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
success = success && applyStaticNatRulesForNetwork(networkId, true, caller);
// Now we check again in case more rules have been inserted.
rules.addAll(_forwardingDao.listByNetworkAndNotRevoked(networkId));
rules.addAll(_portForwardingDao.listByNetworkAndNotRevoked(networkId));
rules.addAll(_firewallDao.listByNetworkAndPurposeAndNotRevoked(networkId, Purpose.StaticNat));
if (s_logger.isDebugEnabled()) {
@ -996,7 +978,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
txn.start();
for (FirewallRuleVO newRule : rules) {
_forwardingDao.remove(newRule.getId());
_portForwardingDao.remove(newRule.getId());
}
txn.commit();
}
@ -1014,7 +996,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
continue;
}
allRules.addAll(_forwardingDao.listForApplication(addr.getId()));
allRules.addAll(_portForwardingDao.listForApplication(addr.getId()));
}
if (s_logger.isDebugEnabled()) {
@ -1026,7 +1008,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
@Override
public List<PortForwardingRuleVO> listByNetworkId(long networkId) {
return _forwardingDao.listByNetwork(networkId);
return _portForwardingDao.listByNetwork(networkId);
}
@Override
@ -1060,7 +1042,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
@Override
public PortForwardingRule getPortForwardigRule(long ruleId) {
return _forwardingDao.findById(ruleId);
return _portForwardingDao.findById(ruleId);
}
@Override