diff --git a/plugins/network-elements/ovs/src/com/cloud/network/element/OvsElement.java b/plugins/network-elements/ovs/src/com/cloud/network/element/OvsElement.java index faf58fcfa82..5ce4d935389 100644 --- a/plugins/network-elements/ovs/src/com/cloud/network/element/OvsElement.java +++ b/plugins/network-elements/ovs/src/com/cloud/network/element/OvsElement.java @@ -16,8 +16,6 @@ // under the License. package com.cloud.network.element; -import com.cloud.host.dao.HostDao; -import com.cloud.vm.dao.UserVmDao; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -28,13 +26,15 @@ import javax.ejb.Local; import javax.inject.Inject; import javax.naming.ConfigurationException; +import org.apache.cloudstack.network.topology.NetworkTopology; +import org.apache.cloudstack.network.topology.NetworkTopologyContext; import org.apache.log4j.Logger; -import com.google.gson.Gson; - import com.cloud.agent.api.StartupCommand; import com.cloud.agent.api.StartupOvsCommand; import com.cloud.agent.api.to.LoadBalancerTO; +import com.cloud.dc.DataCenterVO; +import com.cloud.dc.dao.DataCenterDao; import com.cloud.deploy.DeployDestination; import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.InsufficientCapacityException; @@ -42,10 +42,12 @@ import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.host.Host; import com.cloud.host.HostVO; +import com.cloud.host.dao.HostDao; import com.cloud.network.Network; import com.cloud.network.Network.Capability; import com.cloud.network.Network.Provider; import com.cloud.network.Network.Service; +import com.cloud.network.NetworkMigrationResponder; import com.cloud.network.NetworkModel; import com.cloud.network.Networks; import com.cloud.network.Networks.BroadcastDomainType; @@ -54,10 +56,8 @@ import com.cloud.network.PublicIpAddress; import com.cloud.network.dao.NetworkServiceMapDao; import com.cloud.network.lb.LoadBalancingRule; import com.cloud.network.lb.LoadBalancingRule.LbStickinessPolicy; -import com.cloud.network.NetworkMigrationResponder; import com.cloud.network.ovs.OvsTunnelManager; import com.cloud.network.router.VirtualRouter.Role; -import com.cloud.network.router.VpcVirtualNetworkApplianceManager; import com.cloud.network.rules.LbStickinessMethod; import com.cloud.network.rules.LbStickinessMethod.StickinessMethodType; import com.cloud.network.rules.LoadBalancerContainer; @@ -74,9 +74,11 @@ import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.vm.DomainRouterVO; import com.cloud.vm.NicProfile; import com.cloud.vm.ReservationContext; +import com.cloud.vm.VirtualMachine; import com.cloud.vm.VirtualMachineProfile; import com.cloud.vm.dao.DomainRouterDao; -import com.cloud.vm.VirtualMachine; +import com.cloud.vm.dao.UserVmDao; +import com.google.gson.Gson; @Local(value = {NetworkElement.class, ConnectivityProvider.class, SourceNatServiceProvider.class, StaticNatServiceProvider.class, @@ -96,11 +98,14 @@ StaticNatServiceProvider, IpDeployer { @Inject DomainRouterDao _routerDao; @Inject - VpcVirtualNetworkApplianceManager _routerMgr; - @Inject UserVmDao _userVmDao; @Inject HostDao _hostDao; + @Inject + DataCenterDao _dcDao; + + @Inject + NetworkTopologyContext _networkTopologyContext; private static final Logger s_logger = Logger.getLogger(OvsElement.class); private static final Map> capabilities = setCapabilities(); @@ -115,7 +120,7 @@ StaticNatServiceProvider, IpDeployer { return Provider.Ovs; } - protected boolean canHandle(Network network, Service service) { + protected boolean canHandle(final Network network, final Service service) { s_logger.debug("Checking if OvsElement can handle service " + service.getName() + " on network " + network.getDisplayText()); if (network.getBroadcastDomainType() != BroadcastDomainType.Vswitch) { @@ -139,7 +144,7 @@ StaticNatServiceProvider, IpDeployer { } @Override - public boolean configure(String name, Map params) + public boolean configure(final String name, final Map params) throws ConfigurationException { super.configure(name, params); _resourceMgr.registerResourceStateAdapter(name, this); @@ -147,8 +152,8 @@ StaticNatServiceProvider, IpDeployer { } @Override - public boolean implement(Network network, NetworkOffering offering, - DeployDestination dest, ReservationContext context) + public boolean implement(final Network network, final NetworkOffering offering, + final DeployDestination dest, final ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException { s_logger.debug("entering OvsElement implement function for network " @@ -162,9 +167,9 @@ StaticNatServiceProvider, IpDeployer { } @Override - public boolean prepare(Network network, NicProfile nic, - VirtualMachineProfile vm, - DeployDestination dest, ReservationContext context) + public boolean prepare(final Network network, final NicProfile nic, + final VirtualMachineProfile vm, + final DeployDestination dest, final ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException { if (!canHandle(network, Service.Connectivity)) { @@ -190,9 +195,9 @@ StaticNatServiceProvider, IpDeployer { } @Override - public boolean release(Network network, NicProfile nic, - VirtualMachineProfile vm, - ReservationContext context) throws ConcurrentOperationException, + public boolean release(final Network network, final NicProfile nic, + final VirtualMachineProfile vm, + final ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { if (!canHandle(network, Service.Connectivity)) { return false; @@ -211,8 +216,8 @@ StaticNatServiceProvider, IpDeployer { } @Override - public boolean shutdown(Network network, ReservationContext context, - boolean cleanup) throws ConcurrentOperationException, + public boolean shutdown(final Network network, final ReservationContext context, + final boolean cleanup) throws ConcurrentOperationException, ResourceUnavailableException { if (!canHandle(network, Service.Connectivity)) { return false; @@ -221,7 +226,7 @@ StaticNatServiceProvider, IpDeployer { } @Override - public boolean destroy(Network network, ReservationContext context) + public boolean destroy(final Network network, final ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { if (!canHandle(network, Service.Connectivity)) { return false; @@ -230,13 +235,13 @@ StaticNatServiceProvider, IpDeployer { } @Override - public boolean isReady(PhysicalNetworkServiceProvider provider) { + public boolean isReady(final PhysicalNetworkServiceProvider provider) { return true; } @Override public boolean shutdownProviderInstances( - PhysicalNetworkServiceProvider provider, ReservationContext context) + final PhysicalNetworkServiceProvider provider, final ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { return true; } @@ -247,7 +252,7 @@ StaticNatServiceProvider, IpDeployer { } @Override - public boolean verifyServicesCombination(Set services) { + public boolean verifyServicesCombination(final Set services) { if (!services.contains(Service.Connectivity)) { s_logger.warn("Unable to provide services without Connectivity service enabled for this element"); return false; @@ -392,15 +397,15 @@ StaticNatServiceProvider, IpDeployer { } @Override - public HostVO createHostVOForConnectedAgent(HostVO host, - StartupCommand[] cmd) { + public HostVO createHostVOForConnectedAgent(final HostVO host, + final StartupCommand[] cmd) { return null; } @Override - public HostVO createHostVOForDirectConnectAgent(HostVO host, - StartupCommand[] startup, ServerResource resource, - Map details, List hostTags) { + public HostVO createHostVOForDirectConnectAgent(final HostVO host, + final StartupCommand[] startup, final ServerResource resource, + final Map details, final List hostTags) { if (!(startup[0] instanceof StartupOvsCommand)) { return null; } @@ -409,8 +414,8 @@ StaticNatServiceProvider, IpDeployer { } @Override - public DeleteHostAnswer deleteHost(HostVO host, boolean isForced, - boolean isForceDeleteStorage) throws UnableDeleteHostException { + public DeleteHostAnswer deleteHost(final HostVO host, final boolean isForced, + final boolean isForceDeleteStorage) throws UnableDeleteHostException { if (!(host.getType() == Host.Type.L2Networking)) { return null; } @@ -418,13 +423,13 @@ StaticNatServiceProvider, IpDeployer { } @Override - public IpDeployer getIpDeployer(Network network) { + public IpDeployer getIpDeployer(final Network network) { return this; } @Override - public boolean applyIps(Network network, - List ipAddress, Set services) + public boolean applyIps(final Network network, + final List ipAddress, final Set services) throws ResourceUnavailableException { boolean canHandle = true; for (Service service : services) { @@ -444,14 +449,17 @@ StaticNatServiceProvider, IpDeployer { return true; } - return _routerMgr.associatePublicIP(network, ipAddress, routers); + DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId()); + NetworkTopology networkTopology = _networkTopologyContext.retrieveNetworkTopology(dcVO); + + return networkTopology.associatePublicIP(network, ipAddress, routers); } else { return false; } } @Override - public boolean applyStaticNats(Network network, List rules) + public boolean applyStaticNats(final Network network, final List rules) throws ResourceUnavailableException { if (!canHandle(network, Service.StaticNat)) { return false; @@ -464,11 +472,14 @@ StaticNatServiceProvider, IpDeployer { return true; } - return _routerMgr.applyStaticNats(network, rules, routers); + DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId()); + NetworkTopology networkTopology = _networkTopologyContext.retrieveNetworkTopology(dcVO); + + return networkTopology.applyStaticNats(network, rules, routers); } @Override - public boolean applyPFRules(Network network, List rules) + public boolean applyPFRules(final Network network, final List rules) throws ResourceUnavailableException { if (!canHandle(network, Service.PortForwarding)) { return false; @@ -481,11 +492,14 @@ StaticNatServiceProvider, IpDeployer { return true; } - return _routerMgr.applyFirewallRules(network, rules, routers); + DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId()); + NetworkTopology networkTopology = _networkTopologyContext.retrieveNetworkTopology(dcVO); + + return networkTopology.applyFirewallRules(network, rules, routers); } @Override - public boolean applyLBRules(Network network, List rules) + public boolean applyLBRules(final Network network, final List rules) throws ResourceUnavailableException { if (canHandle(network, Service.Lb)) { if (!canHandleLbRules(rules)) { @@ -501,7 +515,10 @@ StaticNatServiceProvider, IpDeployer { return true; } - if (!_routerMgr.applyLoadBalancingRules(network, rules, routers)) { + DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId()); + NetworkTopology networkTopology = _networkTopologyContext.retrieveNetworkTopology(dcVO); + + if (!networkTopology.applyLoadBalancingRules(network, rules, routers)) { throw new CloudRuntimeException( "Failed to apply load balancing rules in network " + network.getId()); @@ -514,7 +531,7 @@ StaticNatServiceProvider, IpDeployer { } @Override - public boolean validateLBRule(Network network, LoadBalancingRule rule) { + public boolean validateLBRule(final Network network, final LoadBalancingRule rule) { List rules = new ArrayList(); rules.add(rule); if (canHandle(network, Service.Lb) && canHandleLbRules(rules)) { @@ -529,13 +546,13 @@ StaticNatServiceProvider, IpDeployer { } @Override - public List updateHealthChecks(Network network, - List lbrules) { + public List updateHealthChecks(final Network network, + final List lbrules) { // TODO Auto-generated method stub return null; } - private boolean canHandleLbRules(List rules) { + private boolean canHandleLbRules(final List rules) { Map lbCaps = getCapabilities().get(Service.Lb); if (!lbCaps.isEmpty()) { String schemeCaps = lbCaps.get(Capability.LbSchemes); @@ -553,7 +570,7 @@ StaticNatServiceProvider, IpDeployer { return true; } - public static boolean validateHAProxyLBRule(LoadBalancingRule rule) { + public static boolean validateHAProxyLBRule(final LoadBalancingRule rule) { String timeEndChar = "dhms"; for (LbStickinessPolicy stickinessPolicy : rule.getStickinessPolicies()) { @@ -572,10 +589,12 @@ StaticNatServiceProvider, IpDeployer { for (Pair paramKV : paramsList) { String key = paramKV.first(); String value = paramKV.second(); - if ("tablesize".equalsIgnoreCase(key)) + if ("tablesize".equalsIgnoreCase(key)) { tablesize = value; - if ("expire".equalsIgnoreCase(key)) + } + if ("expire".equalsIgnoreCase(key)) { expire = value; + } } if ((expire != null) && !containsOnlyNumbers(expire, timeEndChar)) { @@ -601,10 +620,12 @@ StaticNatServiceProvider, IpDeployer { for (Pair paramKV : paramsList) { String key = paramKV.first(); String value = paramKV.second(); - if ("length".equalsIgnoreCase(key)) + if ("length".equalsIgnoreCase(key)) { length = value; - if ("holdtime".equalsIgnoreCase(key)) + } + if ("holdtime".equalsIgnoreCase(key)) { holdTime = value; + } } if ((length != null) && (!containsOnlyNumbers(length, null))) { @@ -631,15 +652,18 @@ StaticNatServiceProvider, IpDeployer { * like 12 2) time or tablesize like 12h, 34m, 45k, 54m , here last * character is non-digit but from known characters . */ - private static boolean containsOnlyNumbers(String str, String endChar) { - if (str == null) + private static boolean containsOnlyNumbers(final String str, final String endChar) { + if (str == null) { return false; + } String number = str; if (endChar != null) { boolean matchedEndChar = false; if (str.length() < 2) + { return false; // atleast one numeric and one char. example: + } // 3h char strEnd = str.toCharArray()[str.length() - 1]; for (char c : endChar.toCharArray()) { @@ -649,8 +673,9 @@ StaticNatServiceProvider, IpDeployer { break; } } - if (!matchedEndChar) + if (!matchedEndChar) { return false; + } } try { Integer.parseInt(number); @@ -661,7 +686,7 @@ StaticNatServiceProvider, IpDeployer { } @Override - public boolean prepareMigration(NicProfile nic, Network network, VirtualMachineProfile vm, DeployDestination dest, ReservationContext context) { + public boolean prepareMigration(final NicProfile nic, final Network network, final VirtualMachineProfile vm, final DeployDestination dest, final ReservationContext context) { if (!canHandle(network, Service.Connectivity)) { return false; } @@ -685,12 +710,12 @@ StaticNatServiceProvider, IpDeployer { } @Override - public void rollbackMigration(NicProfile nic, Network network, VirtualMachineProfile vm, ReservationContext src, ReservationContext dst) { + public void rollbackMigration(final NicProfile nic, final Network network, final VirtualMachineProfile vm, final ReservationContext src, final ReservationContext dst) { return; } @Override - public void commitMigration(NicProfile nic, Network network, VirtualMachineProfile vm, ReservationContext src, ReservationContext dst) { + public void commitMigration(final NicProfile nic, final Network network, final VirtualMachineProfile vm, final ReservationContext src, final ReservationContext dst) { return; } } diff --git a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java index c1bfb9f1d2c..5bc62c00139 100644 --- a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java +++ b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java @@ -446,30 +446,33 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId()); NetworkTopology networkTopology = networkTopologyContext.retrieveNetworkTopology(dcVO); - return _vpcRouterMgr.associatePublicIP(network, ipAddress, routers); + return networkTopology.associatePublicIP(network, ipAddress, routers); } else { return false; } } @Override - public boolean applyNetworkACLs(final Network config, final List rules) throws ResourceUnavailableException { - if (canHandle(config, Service.NetworkACL)) { - List routers = _routerDao.listByNetworkAndRole(config.getId(), Role.VIRTUAL_ROUTER); + public boolean applyNetworkACLs(final Network network, final List rules) throws ResourceUnavailableException { + if (canHandle(network, Service.NetworkACL)) { + List routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER); if (routers == null || routers.isEmpty()) { s_logger.debug("Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual " + "router doesn't exist in the network " + - config.getId()); + network.getId()); return true; } + DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId()); + NetworkTopology networkTopology = networkTopologyContext.retrieveNetworkTopology(dcVO); + try { - if (!_vpcRouterMgr.applyNetworkACLs(config, rules, routers, false)) { + if (!networkTopology.applyNetworkACLs(network, rules, routers, false)) { return false; } else { return true; } } catch (Exception ex) { - s_logger.debug("Failed to apply network acl in network " + config.getId()); + s_logger.debug("Failed to apply network acl in network " + network.getId()); return false; } } else { @@ -500,18 +503,21 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc @Override public boolean applyACLItemsToPrivateGw(final PrivateGateway gateway, final List rules) throws ResourceUnavailableException { - Network config = _networkDao.findById(gateway.getNetworkId()); + Network network = _networkDao.findById(gateway.getNetworkId()); boolean isPrivateGateway = true; List routers = _vpcRouterMgr.getVpcRouters(gateway.getVpcId()); if (routers == null || routers.isEmpty()) { s_logger.debug("Virtual router element doesn't need to apply network acl rules on the backend; virtual " + "router doesn't exist in the network " + - config.getId()); + network.getId()); return true; } - if (!_vpcRouterMgr.applyNetworkACLs(config, rules, routers, isPrivateGateway)) { - throw new CloudRuntimeException("Failed to apply network acl in network " + config.getId()); + DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId()); + NetworkTopology networkTopology = networkTopologyContext.retrieveNetworkTopology(dcVO); + + if (!networkTopology.applyNetworkACLs(network, rules, routers, isPrivateGateway)) { + throw new CloudRuntimeException("Failed to apply network acl in network " + network.getId()); } else { return true; } diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java index 2b9228844d9..857cfe90e7b 100644 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java @@ -25,13 +25,9 @@ import com.cloud.exception.AgentUnavailableException; import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.Network; -import com.cloud.network.PublicIpAddress; import com.cloud.network.RemoteAccessVpn; import com.cloud.network.VirtualNetworkApplianceService; import com.cloud.network.VpnUser; -import com.cloud.network.lb.LoadBalancingRule; -import com.cloud.network.rules.FirewallRule; -import com.cloud.network.rules.StaticNat; import com.cloud.user.Account; import com.cloud.user.User; import com.cloud.utils.component.Manager; @@ -53,15 +49,15 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA static final String RouterAlertsCheckIntervalCK = "router.alerts.check.interval"; static final ConfigKey RouterTemplateXen = new ConfigKey(String.class, RouterTemplateXenCK, "Advanced", "SystemVM Template (XenServer)", - "Name of the default router template on Xenserver.", true, ConfigKey.Scope.Zone, null); + "Name of the default router template on Xenserver.", true, ConfigKey.Scope.Zone, null); static final ConfigKey RouterTemplateKvm = new ConfigKey(String.class, RouterTemplateKvmCK, "Advanced", "SystemVM Template (KVM)", - "Name of the default router template on KVM.", true, ConfigKey.Scope.Zone, null); + "Name of the default router template on KVM.", true, ConfigKey.Scope.Zone, null); static final ConfigKey RouterTemplateVmware = new ConfigKey(String.class, RouterTemplateVmwareCK, "Advanced", "SystemVM Template (vSphere)", - "Name of the default router template on Vmware.", true, ConfigKey.Scope.Zone, null); + "Name of the default router template on Vmware.", true, ConfigKey.Scope.Zone, null); static final ConfigKey RouterTemplateHyperV = new ConfigKey(String.class, RouterTemplateHyperVCK, "Advanced", "SystemVM Template (HyperV)", - "Name of the default router template on Hyperv.", true, ConfigKey.Scope.Zone, null); + "Name of the default router template on Hyperv.", true, ConfigKey.Scope.Zone, null); static final ConfigKey RouterTemplateLxc = new ConfigKey(String.class, RouterTemplateLxcCK, "Advanced", "SystemVM Template (LXC)", - "Name of the default router template on LXC.", true, ConfigKey.Scope.Zone, null); + "Name of the default router template on LXC.", true, ConfigKey.Scope.Zone, null); static final ConfigKey SetServiceMonitor = new ConfigKey(String.class, SetServiceMonitorCK, "Advanced", "true", "service monitoring in router enable/disable option, default true", true, ConfigKey.Scope.Zone, null); @@ -82,29 +78,10 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA */ boolean sendSshKeysToHost(Long hostId, String pubKey, String prvKey); - /** - * save a vm password on the router. - * @param routers TODO - * - */ - boolean savePasswordToRouter(Network network, NicProfile nic, VirtualMachineProfile profile, List routers) - throws ResourceUnavailableException; - - boolean saveSSHPublicKeyToRouter(Network network, NicProfile nic, VirtualMachineProfile profile, List routers, String sshPublicKey) - throws ResourceUnavailableException; - - boolean saveUserDataToRouter(Network network, NicProfile nic, VirtualMachineProfile profile, List routers) - throws ResourceUnavailableException; - boolean startRemoteAccessVpn(Network network, RemoteAccessVpn vpn, List routers) throws ResourceUnavailableException; boolean deleteRemoteAccessVpn(Network network, RemoteAccessVpn vpn, List routers) throws ResourceUnavailableException; - boolean associatePublicIP(Network network, final List ipAddress, List routers) - throws ResourceUnavailableException; - - boolean applyFirewallRules(Network network, final List rules, List routers) throws ResourceUnavailableException; - List getRoutersForNetwork(long networkId); String[] applyVpnUsers(Network network, List users, List routers) throws ResourceUnavailableException; @@ -113,18 +90,8 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA String getDnsBasicZoneUpdate(); - boolean applyStaticNats(Network network, final List rules, List routers) throws ResourceUnavailableException; - - boolean applyDhcpEntry(Network config, NicProfile nic, VirtualMachineProfile vm, DeployDestination dest, List routers) - throws ResourceUnavailableException; - - boolean applyUserData(Network config, NicProfile nic, VirtualMachineProfile vm, DeployDestination dest, List routers) - throws ResourceUnavailableException; - - boolean applyLoadBalancingRules(Network network, List rules, List routers) throws ResourceUnavailableException; - boolean configDhcpForSubnet(Network network, NicProfile nic, VirtualMachineProfile uservm, DeployDestination dest, List routers) - throws ResourceUnavailableException; + throws ResourceUnavailableException; boolean removeDhcpSupportForSubnet(Network network, List routers) throws ResourceUnavailableException; diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 1fd8e5abd37..cea7118e4ff 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -214,7 +214,6 @@ import com.cloud.service.ServiceOfferingVO; import com.cloud.service.dao.ServiceOfferingDao; import com.cloud.storage.GuestOSVO; import com.cloud.storage.Storage.ProvisioningType; -import com.cloud.storage.VMTemplateVO; import com.cloud.storage.dao.GuestOSDao; import com.cloud.storage.dao.VMTemplateDao; import com.cloud.storage.dao.VolumeDao; @@ -500,72 +499,8 @@ Configurable, StateListener { } - @Override - public boolean savePasswordToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List routers) - throws ResourceUnavailableException { - _userVmDao.loadDetails((UserVmVO) profile.getVirtualMachine()); - - final VirtualMachineProfile updatedProfile = profile; - - return applyRules(network, routers, "save password entry", false, null, false, new RuleApplier() { - @Override - public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException { - // for basic zone, send vm data/password information only to the - // router in the same pod - final Commands cmds = new Commands(Command.OnError.Stop); - final NicVO nicVo = _nicDao.findById(nic.getId()); - createPasswordCommand(router, updatedProfile, nicVo, cmds); - return sendCommandsToRouter(router, cmds); - } - }); - } - - @Override - public boolean saveSSHPublicKeyToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List routers, - final String sshPublicKey) throws ResourceUnavailableException { - final UserVmVO vm = _userVmDao.findById(profile.getVirtualMachine().getId()); - _userVmDao.loadDetails(vm); - - final VirtualMachineProfile updatedProfile = profile; - - return applyRules(network, routers, "save SSHkey entry", false, null, false, new RuleApplier() { - @Override - public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException { - // for basic zone, send vm data/password information only to the - // router in the same pod - final Commands cmds = new Commands(Command.OnError.Stop); - final NicVO nicVo = _nicDao.findById(nic.getId()); - final VMTemplateVO template = _templateDao.findByIdIncludingRemoved(updatedProfile.getTemplateId()); - if (template != null && template.getEnablePassword()) { - createPasswordCommand(router, updatedProfile, nicVo, cmds); - } - createVmDataCommand(router, vm, nicVo, sshPublicKey, cmds); - return sendCommandsToRouter(router, cmds); - } - }); - } - - @Override - public boolean saveUserDataToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List routers) - throws ResourceUnavailableException { - final UserVmVO vm = _userVmDao.findById(profile.getVirtualMachine().getId()); - _userVmDao.loadDetails(vm); - - return applyRules(network, routers, "save userdata entry", false, null, false, new RuleApplier() { - @Override - public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException { - // for basic zone, send vm data/password information only to the - // router in the same pod - final Commands cmds = new Commands(Command.OnError.Stop); - final NicVO nicVo = _nicDao.findById(nic.getId()); - createVmDataCommand(router, vm, nicVo, null, cmds); - return sendCommandsToRouter(router, cmds); - } - }); - } - - @Override @ActionEvent(eventType = EventTypes.EVENT_ROUTER_STOP, eventDescription = "stopping router Vm", async = true) + @Override public VirtualRouter stopRouter(final long routerId, final boolean forced) throws ResourceUnavailableException, ConcurrentOperationException { final CallContext context = CallContext.current(); final Account account = context.getCallingAccount(); @@ -2478,45 +2413,6 @@ Configurable, StateListener { return false; } - @Override - public boolean applyDhcpEntry(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest, - final List routers) throws ResourceUnavailableException { - if (s_logger.isTraceEnabled()) { - s_logger.trace("applyDhcpEntry(" + network.getCidr() + ", " + nic.getMacAddress() + ", " + profile.getUuid() + ", " + dest.getHost() + ", " + routers + ")"); - } - final UserVmVO vm = _userVmDao.findById(profile.getId()); - _userVmDao.loadDetails(vm); - - final VirtualMachineProfile updatedProfile = profile; - final boolean isZoneBasic = dest.getDataCenter().getNetworkType() == NetworkType.Basic; - final Long podId = isZoneBasic ? dest.getPod().getId() : null; - - boolean podLevelException = false; - // for user vm in Basic zone we should try to re-deploy vm in a diff pod - // if it fails to deploy in original pod; so throwing exception with Pod - // scope - if (isZoneBasic && podId != null && updatedProfile.getVirtualMachine().getType() == VirtualMachine.Type.User && network.getTrafficType() == TrafficType.Guest - && network.getGuestType() == Network.GuestType.Shared) { - podLevelException = true; - } - - return applyRules(network, routers, "dhcp entry", podLevelException, podId, true, new RuleApplier() { - @Override - public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException { - // for basic zone, send dhcp/dns information to all routers in - // the basic network only when _dnsBasicZoneUpdates is set to - // "all" value - final Commands cmds = new Commands(Command.OnError.Stop); - if (!(isZoneBasic && router.getPodIdToDeployIn().longValue() != podId.longValue() && _dnsBasicZoneUpdates.equalsIgnoreCase("pod"))) { - final NicVO nicVo = _nicDao.findById(nic.getId()); - createDhcpEntryCommand(router, vm, nicVo, cmds); - return sendCommandsToRouter(router, cmds); - } - return true; - } - }); - } - private void createDeleteIpAliasCommand(final DomainRouterVO router, final List deleteIpAliasTOs, final List createIpAliasTos, final long networkId, final Commands cmds) { final String routerip = getRouterIpInNetwork(networkId, router.getId()); @@ -2561,42 +2457,6 @@ Configurable, StateListener { return defaultNic; } - @Override - public boolean applyUserData(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest, final List routers) - throws ResourceUnavailableException { - final UserVmVO vm = _userVmDao.findById(profile.getId()); - _userVmDao.loadDetails(vm); - - final VirtualMachineProfile updatedProfile = profile; - final boolean isZoneBasic = dest.getDataCenter().getNetworkType() == NetworkType.Basic; - final Long podId = isZoneBasic ? dest.getPod().getId() : null; - - boolean podLevelException = false; - // for user vm in Basic zone we should try to re-deploy vm in a diff pod - // if it fails to deploy in original pod; so throwing exception with Pod - // scope - if (isZoneBasic && podId != null && updatedProfile.getVirtualMachine().getType() == VirtualMachine.Type.User && network.getTrafficType() == TrafficType.Guest - && network.getGuestType() == Network.GuestType.Shared) { - podLevelException = true; - } - - return applyRules(network, routers, "userdata and password entry", podLevelException, podId, false, new RuleApplier() { - @Override - public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException { - // for basic zone, send vm data/password information only to the - // router in the same pod - final Commands cmds = new Commands(Command.OnError.Stop); - if (!(isZoneBasic && router.getPodIdToDeployIn().longValue() != podId.longValue())) { - final NicVO nicVo = _nicDao.findById(nic.getId()); - createPasswordCommand(router, updatedProfile, nicVo, cmds); - createVmDataCommand(router, vm, nicVo, vm.getDetail("SSH.PublicKey"), cmds); - return sendCommandsToRouter(router, cmds); - } - return true; - } - }); - } - protected void createApplyVpnUsersCommand(final List users, final VirtualRouter router, final Commands cmds) { final List addUsers = new ArrayList(); final List removeUsers = new ArrayList(); @@ -3179,91 +3039,6 @@ Configurable, StateListener { } } - @Override - public boolean associatePublicIP(final Network network, final List ipAddress, final List routers) - throws ResourceUnavailableException { - if (ipAddress == null || ipAddress.isEmpty()) { - s_logger.debug("No ip association rules to be applied for network " + network.getId()); - return true; - } - return applyRules(network, routers, "ip association", false, null, false, new RuleApplier() { - @Override - public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException { - final Commands cmds = new Commands(Command.OnError.Continue); - createAssociateIPCommands(router, ipAddress, cmds, 0); - return sendCommandsToRouter(router, cmds); - } - }); - } - - @Override - public boolean applyFirewallRules(final Network network, final List rules, final List routers) - throws ResourceUnavailableException { - if (rules == null || rules.isEmpty()) { - s_logger.debug("No firewall rules to be applied for network " + network.getId()); - return true; - } - return applyRules(network, routers, "firewall rules", false, null, false, new RuleApplier() { - @Override - public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException { - if (rules.get(0).getPurpose() == Purpose.LoadBalancing) { - // for load balancer we have to resend all lb rules for the - // network - final List lbs = _loadBalancerDao.listByNetworkIdAndScheme(network.getId(), Scheme.Public); - final List lbRules = new ArrayList(); - for (final LoadBalancerVO lb : lbs) { - final List dstList = _lbMgr.getExistingDestinations(lb.getId()); - final List policyList = _lbMgr.getStickinessPolicies(lb.getId()); - final List hcPolicyList = _lbMgr.getHealthCheckPolicies(lb.getId()); - final LbSslCert sslCert = _lbMgr.getLbSslCert(lb.getId()); - final Ip sourceIp = _networkModel.getPublicIpAddress(lb.getSourceIpAddressId()).getAddress(); - final LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList, policyList, hcPolicyList, sourceIp, sslCert, lb.getLbProtocol()); - - lbRules.add(loadBalancing); - } - return sendLBRules(router, lbRules, network.getId()); - } else if (rules.get(0).getPurpose() == Purpose.PortForwarding) { - return sendPortForwardingRules(router, (List) rules, network.getId()); - } else if (rules.get(0).getPurpose() == Purpose.StaticNat) { - return sendStaticNatRules(router, (List) rules, network.getId()); - } else if (rules.get(0).getPurpose() == Purpose.Firewall) { - return sendFirewallRules(router, (List) rules, network.getId()); - } else { - s_logger.warn("Unable to apply rules of purpose: " + rules.get(0).getPurpose()); - return false; - } - } - }); - } - - @Override - public boolean applyLoadBalancingRules(final Network network, final List rules, final List routers) - throws ResourceUnavailableException { - if (rules == null || rules.isEmpty()) { - s_logger.debug("No lb rules to be applied for network " + network.getId()); - return true; - } - return applyRules(network, routers, "loadbalancing rules", false, null, false, new RuleApplier() { - @Override - public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException { - // for load balancer we have to resend all lb rules for the - // network - final List lbs = _loadBalancerDao.listByNetworkIdAndScheme(network.getId(), Scheme.Public); - final List lbRules = new ArrayList(); - for (final LoadBalancerVO lb : lbs) { - final List dstList = _lbMgr.getExistingDestinations(lb.getId()); - final List policyList = _lbMgr.getStickinessPolicies(lb.getId()); - final List hcPolicyList = _lbMgr.getHealthCheckPolicies(lb.getId()); - final LbSslCert sslCert = _lbMgr.getLbSslCert(lb.getId()); - final Ip sourceIp = _networkModel.getPublicIpAddress(lb.getSourceIpAddressId()).getAddress(); - final LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList, policyList, hcPolicyList, sourceIp, sslCert, lb.getLbProtocol()); - lbRules.add(loadBalancing); - } - return sendLBRules(router, lbRules, network.getId()); - } - }); - } - protected boolean sendLBRules(final VirtualRouter router, final List rules, final long guestNetworkId) throws ResourceUnavailableException { final Commands cmds = new Commands(Command.OnError.Continue); createApplyLoadBalancingRulesCommands(rules, router, cmds, guestNetworkId); @@ -3433,20 +3208,6 @@ Configurable, StateListener { return result; } - @Override - public boolean applyStaticNats(final Network network, final List rules, final List routers) throws ResourceUnavailableException { - if (rules == null || rules.isEmpty()) { - s_logger.debug("No static nat rules to be applied for network " + network.getId()); - return true; - } - return applyRules(network, routers, "static nat rules", false, null, false, new RuleApplier() { - @Override - public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException { - return applyStaticNat(router, rules, network.getId()); - } - }); - } - protected boolean applyStaticNat(final VirtualRouter router, final List rules, final long guestNetworkId) throws ResourceUnavailableException { final Commands cmds = new Commands(Command.OnError.Continue); createApplyStaticNatCommands(rules, router, cmds, guestNetworkId); @@ -3817,5 +3578,4 @@ Configurable, StateListener { public boolean completeAggregatedExecution(final Network network, final List routers) throws AgentUnavailableException { return aggregationExecution(Action.Finish, network, routers); } - } diff --git a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManager.java b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManager.java index ab94d02f8c0..db8a1dca282 100644 --- a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManager.java +++ b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManager.java @@ -20,30 +20,16 @@ import java.util.List; import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.ResourceUnavailableException; -import com.cloud.network.Network; import com.cloud.network.RemoteAccessVpn; import com.cloud.network.Site2SiteVpnConnection; import com.cloud.network.VpcVirtualNetworkApplianceService; import com.cloud.network.VpnUser; -import com.cloud.network.vpc.NetworkACLItem; import com.cloud.network.vpc.PrivateGateway; import com.cloud.network.vpc.StaticRouteProfile; import com.cloud.vm.DomainRouterVO; public interface VpcVirtualNetworkApplianceManager extends VirtualNetworkApplianceManager, VpcVirtualNetworkApplianceService { - /** - * - * @param network - * @param rules - * @param routers - * @param privateGateway - * @return - * @throws ResourceUnavailableException - */ - boolean applyNetworkACLs(Network network, List rules, List routers, boolean privateGateway) - throws ResourceUnavailableException; - /** * @param gateway * @param router TODO diff --git a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java index 5635b782dd8..d2f6f5d4c85 100644 --- a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java @@ -23,7 +23,6 @@ import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.Map.Entry; import javax.ejb.Local; import javax.inject.Inject; @@ -62,7 +61,6 @@ import com.cloud.network.Network; import com.cloud.network.Network.Provider; import com.cloud.network.Network.Service; import com.cloud.network.Networks.BroadcastDomainType; -import com.cloud.network.Networks.IsolationType; import com.cloud.network.Networks.TrafficType; import com.cloud.network.PublicIpAddress; import com.cloud.network.RemoteAccessVpn; @@ -363,125 +361,6 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian } } - @Override - public boolean associatePublicIP(final Network network, final List ipAddress, final List routers) - throws ResourceUnavailableException { - if (ipAddress == null || ipAddress.isEmpty()) { - s_logger.debug("No ip association rules to be applied for network " + network.getId()); - return true; - } - - //only one router is supported in VPC now - VirtualRouter router = routers.get(0); - - if (router.getVpcId() == null) { - return super.associatePublicIP(network, ipAddress, routers); - } - - Pair, Map> nicsToChange = getNicsToChangeOnRouter(ipAddress, router); - Map nicsToPlug = nicsToChange.first(); - Map nicsToUnplug = nicsToChange.second(); - - //1) Unplug the nics - for (Entry entry : nicsToUnplug.entrySet()) { - Network publicNtwk = null; - try { - publicNtwk = _networkModel.getNetwork(entry.getValue().getNetworkId()); - URI broadcastUri = BroadcastDomainType.Vlan.toUri(entry.getKey()); - _itMgr.removeVmFromNetwork(router, publicNtwk, broadcastUri); - } catch (ConcurrentOperationException e) { - s_logger.warn("Failed to remove router " + router + " from vlan " + entry.getKey() + " in public network " + publicNtwk + " due to ", e); - return false; - } - } - - Commands netUsagecmds = new Commands(Command.OnError.Continue); - VpcVO vpc = _vpcDao.findById(router.getVpcId()); - - //2) Plug the nics - for (String vlanTag : nicsToPlug.keySet()) { - PublicIpAddress ip = nicsToPlug.get(vlanTag); - //have to plug the nic(s) - NicProfile defaultNic = new NicProfile(); - if (ip.isSourceNat()) { - defaultNic.setDefaultNic(true); - } - defaultNic.setIp4Address(ip.getAddress().addr()); - defaultNic.setGateway(ip.getGateway()); - defaultNic.setNetmask(ip.getNetmask()); - defaultNic.setMacAddress(ip.getMacAddress()); - defaultNic.setBroadcastType(BroadcastDomainType.Vlan); - defaultNic.setBroadcastUri(BroadcastDomainType.Vlan.toUri(ip.getVlanTag())); - defaultNic.setIsolationUri(IsolationType.Vlan.toUri(ip.getVlanTag())); - - NicProfile publicNic = null; - Network publicNtwk = null; - try { - publicNtwk = _networkModel.getNetwork(ip.getNetworkId()); - publicNic = _itMgr.addVmToNetwork(router, publicNtwk, defaultNic); - } catch (ConcurrentOperationException e) { - s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk + " due to ", e); - } catch (InsufficientCapacityException e) { - s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk + " due to ", e); - } finally { - if (publicNic == null) { - s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk); - return false; - } - } - //Create network usage commands. Send commands to router after IPAssoc - NetworkUsageCommand netUsageCmd = - new NetworkUsageCommand(router.getPrivateIpAddress(), router.getInstanceName(), true, defaultNic.getIp4Address(), vpc.getCidr()); - netUsagecmds.addCommand(netUsageCmd); - UserStatisticsVO stats = - _userStatsDao.findBy(router.getAccountId(), router.getDataCenterId(), publicNtwk.getId(), publicNic.getIp4Address(), router.getId(), router.getType() - .toString()); - if (stats == null) { - stats = - new UserStatisticsVO(router.getAccountId(), router.getDataCenterId(), publicNic.getIp4Address(), router.getId(), router.getType().toString(), - publicNtwk.getId()); - _userStatsDao.persist(stats); - } - } - - //3) apply the ips - boolean result = applyRules(network, routers, "vpc ip association", false, null, false, new RuleApplier() { - @Override - public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException { - Commands cmds = new Commands(Command.OnError.Continue); - Map vlanMacAddress = new HashMap(); - List ipsToSend = new ArrayList(); - for (PublicIpAddress ipAddr : ipAddress) { - String broadcastURI = BroadcastDomainType.Vlan.toUri(ipAddr.getVlanTag()).toString(); - Nic nic = _nicDao.findByNetworkIdInstanceIdAndBroadcastUri(ipAddr.getNetworkId(), router.getId(), broadcastURI); - - String macAddress = null; - if (nic == null) { - if (ipAddr.getState() != IpAddress.State.Releasing) { - throw new CloudRuntimeException("Unable to find the nic in network " + ipAddr.getNetworkId() + " to apply the ip address " + ipAddr + " for"); - } - s_logger.debug("Not sending release for ip address " + ipAddr + " as its nic is already gone from VPC router " + router); - } else { - macAddress = nic.getMacAddress(); - vlanMacAddress.put(BroadcastDomainType.getValue(BroadcastDomainType.fromString(ipAddr.getVlanTag())), macAddress); - ipsToSend.add(ipAddr); - } - } - if (!ipsToSend.isEmpty()) { - createVpcAssociatePublicIPCommands(router, ipsToSend, cmds, vlanMacAddress); - return sendCommandsToRouter(router, cmds); - } else { - return true; - } - } - }); - if (result && netUsagecmds.size() > 0) { - //After successful ipassoc, send commands to router - sendCommandsToRouter(router, netUsagecmds); - } - return result; - } - @Override public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile, final DeployDestination dest, final ReservationContext context) { DomainRouterVO vr = _routerDao.findById(profile.getId()); @@ -518,21 +397,6 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian return super.finalizeVirtualMachineProfile(profile, dest, context); } - @Override - public boolean applyNetworkACLs(final Network network, final List rules, final List routers, final boolean isPrivateGateway) - throws ResourceUnavailableException { - if (rules == null || rules.isEmpty()) { - s_logger.debug("No network ACLs to be applied for network " + network.getId()); - return true; - } - return applyRules(network, routers, "network acls", false, null, false, new RuleApplier() { - @Override - public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException { - return sendNetworkACLs(router, rules, network.getId(), isPrivateGateway); - } - }); - } - protected boolean sendNetworkACLs(final VirtualRouter router, final List rules, final long guestNetworkId, final boolean isPrivateGateway) throws ResourceUnavailableException { Commands cmds = new Commands(Command.OnError.Continue); diff --git a/server/src/com/cloud/network/rules/NetworkAclsRules.java b/server/src/com/cloud/network/rules/NetworkAclsRules.java index 3680fc066e0..4c0c71a8760 100644 --- a/server/src/com/cloud/network/rules/NetworkAclsRules.java +++ b/server/src/com/cloud/network/rules/NetworkAclsRules.java @@ -17,32 +17,77 @@ package com.cloud.network.rules; +import java.net.URI; +import java.util.ArrayList; import java.util.List; import org.apache.cloudstack.network.topology.NetworkTopologyVisitor; +import com.cloud.agent.api.routing.NetworkElementCommand; +import com.cloud.agent.api.routing.SetNetworkACLCommand; +import com.cloud.agent.api.to.NetworkACLTO; +import com.cloud.agent.manager.Commands; +import com.cloud.dc.DataCenterVO; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.Network; +import com.cloud.network.Networks.BroadcastDomainType; import com.cloud.network.router.VirtualRouter; import com.cloud.network.vpc.NetworkACLItem; +import com.cloud.network.vpc.VpcGateway; public class NetworkAclsRules extends RuleApplier { - private final List rules; + private final List _rules; + private final boolean _isPrivateGateway; - public NetworkAclsRules(final Network network, final List rules) { + public NetworkAclsRules(final Network network, final List rules, final boolean isPrivateGateway) { super(network); - this.rules = rules; + _rules = rules; + _isPrivateGateway = isPrivateGateway; } @Override public boolean accept(final NetworkTopologyVisitor visitor, final VirtualRouter router) throws ResourceUnavailableException { - this._router = router; + _router = router; return visitor.visit(this); } public List getRules() { - return rules; + return _rules; + } + + public boolean isPrivateGateway() { + return _isPrivateGateway; + } + + public void createNetworkACLsCommands(final List rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId, final boolean privateGateway) { + List rulesTO = new ArrayList(); + String guestVlan = null; + Network guestNtwk = _networkDao.findById(guestNetworkId); + URI uri = guestNtwk.getBroadcastUri(); + if (uri != null) { + guestVlan = BroadcastDomainType.getValue(uri); + } + + if (rules != null) { + for (NetworkACLItem rule : rules) { + NetworkACLTO ruleTO = new NetworkACLTO(rule, guestVlan, rule.getTrafficType()); + rulesTO.add(ruleTO); + } + } + + SetNetworkACLCommand cmd = new SetNetworkACLCommand(rulesTO, _networkHelper.getNicTO(router, guestNetworkId, null)); + cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId())); + cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(guestNetworkId, router.getId())); + cmd.setAccessDetail(NetworkElementCommand.GUEST_VLAN_TAG, guestVlan); + cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName()); + DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId()); + cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString()); + if (privateGateway) { + cmd.setAccessDetail(NetworkElementCommand.VPC_PRIVATE_GATEWAY, String.valueOf(VpcGateway.Type.Private)); + } + + cmds.addCommand(cmd); } } \ No newline at end of file diff --git a/server/src/com/cloud/network/rules/NicPlugInOutRules.java b/server/src/com/cloud/network/rules/NicPlugInOutRules.java new file mode 100644 index 00000000000..f4be96f6f68 --- /dev/null +++ b/server/src/com/cloud/network/rules/NicPlugInOutRules.java @@ -0,0 +1,202 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package com.cloud.network.rules; + +import java.net.URI; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import org.apache.cloudstack.network.topology.NetworkTopologyVisitor; +import org.apache.log4j.Logger; + +import com.cloud.agent.api.Command; +import com.cloud.agent.api.NetworkUsageCommand; +import com.cloud.agent.manager.Commands; +import com.cloud.exception.ConcurrentOperationException; +import com.cloud.exception.InsufficientCapacityException; +import com.cloud.exception.ResourceUnavailableException; +import com.cloud.network.IpAddress; +import com.cloud.network.Network; +import com.cloud.network.Networks.BroadcastDomainType; +import com.cloud.network.Networks.IsolationType; +import com.cloud.network.PublicIpAddress; +import com.cloud.network.router.VirtualRouter; +import com.cloud.network.vpc.VpcVO; +import com.cloud.user.UserStatisticsVO; +import com.cloud.utils.Pair; +import com.cloud.vm.Nic; +import com.cloud.vm.NicProfile; +import com.cloud.vm.NicVO; + +public class NicPlugInOutRules extends RuleApplier { + + private static final Logger s_logger = Logger.getLogger(NicPlugInOutRules.class); + + private final List _ipAddresses; + + private Commands _netUsageCommands; + + public NicPlugInOutRules(final Network network, final List ipAddresses) { + super(network); + _ipAddresses = ipAddresses; + } + + @Override + public boolean accept(final NetworkTopologyVisitor visitor, final VirtualRouter router) throws ResourceUnavailableException { + + Pair, Map> nicsToChange = getNicsToChangeOnRouter(_ipAddresses, router); + Map nicsToPlug = nicsToChange.first(); + Map nicsToUnplug = nicsToChange.second(); + + //1) Unplug the nics + for (Entry entry : nicsToUnplug.entrySet()) { + Network publicNtwk = null; + try { + publicNtwk = _networkModel.getNetwork(entry.getValue().getNetworkId()); + URI broadcastUri = BroadcastDomainType.Vlan.toUri(entry.getKey()); + _itMgr.removeVmFromNetwork(router, publicNtwk, broadcastUri); + } catch (ConcurrentOperationException e) { + s_logger.warn("Failed to remove router " + router + " from vlan " + entry.getKey() + " in public network " + publicNtwk + " due to ", e); + return false; + } + } + + _netUsageCommands = new Commands(Command.OnError.Continue); + VpcVO vpc = _vpcDao.findById(router.getVpcId()); + + //2) Plug the nics + for (String vlanTag : nicsToPlug.keySet()) { + PublicIpAddress ip = nicsToPlug.get(vlanTag); + //have to plug the nic(s) + NicProfile defaultNic = new NicProfile(); + if (ip.isSourceNat()) { + defaultNic.setDefaultNic(true); + } + defaultNic.setIp4Address(ip.getAddress().addr()); + defaultNic.setGateway(ip.getGateway()); + defaultNic.setNetmask(ip.getNetmask()); + defaultNic.setMacAddress(ip.getMacAddress()); + defaultNic.setBroadcastType(BroadcastDomainType.Vlan); + defaultNic.setBroadcastUri(BroadcastDomainType.Vlan.toUri(ip.getVlanTag())); + defaultNic.setIsolationUri(IsolationType.Vlan.toUri(ip.getVlanTag())); + + NicProfile publicNic = null; + Network publicNtwk = null; + try { + publicNtwk = _networkModel.getNetwork(ip.getNetworkId()); + publicNic = _itMgr.addVmToNetwork(router, publicNtwk, defaultNic); + } catch (ConcurrentOperationException e) { + s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk + " due to ", e); + } catch (InsufficientCapacityException e) { + s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk + " due to ", e); + } finally { + if (publicNic == null) { + s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk); + return false; + } + } + //Create network usage commands. Send commands to router after IPAssoc + NetworkUsageCommand netUsageCmd = + new NetworkUsageCommand(router.getPrivateIpAddress(), router.getInstanceName(), true, defaultNic.getIp4Address(), vpc.getCidr()); + _netUsageCommands.addCommand(netUsageCmd); + UserStatisticsVO stats = + _userStatsDao.findBy(router.getAccountId(), router.getDataCenterId(), publicNtwk.getId(), publicNic.getIp4Address(), router.getId(), router.getType() + .toString()); + if (stats == null) { + stats = + new UserStatisticsVO(router.getAccountId(), router.getDataCenterId(), publicNic.getIp4Address(), router.getId(), router.getType().toString(), + publicNtwk.getId()); + _userStatsDao.persist(stats); + } + } + + // Let the IpAssociationRule call the visitor fot the NicPlugInOutRule + return true; + } + + public List getIpAddresses() { + return _ipAddresses; + } + + public Commands getNetUsageCommands() { + return _netUsageCommands; + } + + private Pair, Map> getNicsToChangeOnRouter(final List publicIps, + final VirtualRouter router) { + //1) check which nics need to be plugged/unplugged and plug/unplug them + + Map nicsToPlug = new HashMap(); + Map nicsToUnplug = new HashMap(); + + //find out nics to unplug + for (PublicIpAddress ip : publicIps) { + long publicNtwkId = ip.getNetworkId(); + + //if ip is not associated to any network, and there are no firewall rules, release it on the backend + if (!_vpcMgr.isIpAllocatedToVpc(ip)) { + ip.setState(IpAddress.State.Releasing); + } + + if (ip.getState() == IpAddress.State.Releasing) { + Nic nic = _nicDao.findByIp4AddressAndNetworkIdAndInstanceId(publicNtwkId, router.getId(), ip.getAddress().addr()); + if (nic != null) { + nicsToUnplug.put(ip.getVlanTag(), ip); + s_logger.debug("Need to unplug the nic for ip=" + ip + "; vlan=" + ip.getVlanTag() + " in public network id =" + publicNtwkId); + } + } + } + + //find out nics to plug + for (PublicIpAddress ip : publicIps) { + URI broadcastUri = BroadcastDomainType.Vlan.toUri(ip.getVlanTag()); + long publicNtwkId = ip.getNetworkId(); + + //if ip is not associated to any network, and there are no firewall rules, release it on the backend + if (!_vpcMgr.isIpAllocatedToVpc(ip)) { + ip.setState(IpAddress.State.Releasing); + } + + if (ip.getState() == IpAddress.State.Allocated || ip.getState() == IpAddress.State.Allocating) { + //nic has to be plugged only when there are no nics for this vlan tag exist on VR + Nic nic = _nicDao.findByNetworkIdInstanceIdAndBroadcastUri(publicNtwkId, router.getId(), broadcastUri.toString()); + + if (nic == null && nicsToPlug.get(ip.getVlanTag()) == null) { + nicsToPlug.put(ip.getVlanTag(), ip); + s_logger.debug("Need to plug the nic for ip=" + ip + "; vlan=" + ip.getVlanTag() + " in public network id =" + publicNtwkId); + } else { + PublicIpAddress nicToUnplug = nicsToUnplug.get(ip.getVlanTag()); + if (nicToUnplug != null) { + NicVO nicVO = _nicDao.findByIp4AddressAndNetworkIdAndInstanceId(publicNtwkId, router.getId(), nicToUnplug.getAddress().addr()); + nicVO.setIp4Address(ip.getAddress().addr()); + _nicDao.update(nicVO.getId(), nicVO); + s_logger.debug("Updated the nic " + nicVO + " with the new ip address " + ip.getAddress().addr()); + nicsToUnplug.remove(ip.getVlanTag()); + } + } + } + } + + Pair, Map> nicsToChange = + new Pair, Map>(nicsToPlug, nicsToUnplug); + + return nicsToChange; + } +} \ No newline at end of file diff --git a/server/src/com/cloud/network/rules/RuleApplier.java b/server/src/com/cloud/network/rules/RuleApplier.java index e101a5bc5bc..cc29461406c 100644 --- a/server/src/com/cloud/network/rules/RuleApplier.java +++ b/server/src/com/cloud/network/rules/RuleApplier.java @@ -34,11 +34,15 @@ import com.cloud.network.dao.LoadBalancerDao; import com.cloud.network.dao.NetworkDao; import com.cloud.network.lb.LoadBalancingRulesManager; import com.cloud.network.router.NEWVirtualNetworkApplianceManager; +import com.cloud.network.router.NetworkGeneralHelper; import com.cloud.network.router.RouterControlHelper; import com.cloud.network.router.VirtualRouter; +import com.cloud.network.vpc.VpcManager; +import com.cloud.network.vpc.dao.VpcDao; import com.cloud.offerings.dao.NetworkOfferingDao; import com.cloud.service.dao.ServiceOfferingDao; import com.cloud.storage.dao.VMTemplateDao; +import com.cloud.user.dao.UserStatisticsDao; import com.cloud.uservm.UserVm; import com.cloud.utils.StringUtils; import com.cloud.vm.NicVO; @@ -77,6 +81,12 @@ public abstract class RuleApplier { protected FirewallRulesDao _rulesDao; + protected UserStatisticsDao _userStatsDao; + + protected VpcDao _vpcDao; + + protected VpcManager _vpcMgr; + protected VirtualMachineManager _itMgr; protected Network _network; @@ -85,8 +95,10 @@ public abstract class RuleApplier { protected RouterControlHelper _routerControlHelper; + protected NetworkGeneralHelper _networkHelper; + public RuleApplier(final Network network) { - this._network = network; + _network = network; } public abstract boolean accept(NetworkTopologyVisitor visitor, VirtualRouter router) throws ResourceUnavailableException; diff --git a/server/src/com/cloud/network/rules/SshKeyToRouterRules.java b/server/src/com/cloud/network/rules/SshKeyToRouterRules.java index 14acabaf315..c88827a1ea1 100644 --- a/server/src/com/cloud/network/rules/SshKeyToRouterRules.java +++ b/server/src/com/cloud/network/rules/SshKeyToRouterRules.java @@ -80,7 +80,6 @@ public class SshKeyToRouterRules extends RuleApplier { cmds.addCommand("password", cmd); } - } public VirtualMachineProfile getProfile() { diff --git a/server/src/com/cloud/network/rules/VirtualNetworkApplianceFactory.java b/server/src/com/cloud/network/rules/VirtualNetworkApplianceFactory.java index f38ea4f18d7..32f61ce1dc1 100644 --- a/server/src/com/cloud/network/rules/VirtualNetworkApplianceFactory.java +++ b/server/src/com/cloud/network/rules/VirtualNetworkApplianceFactory.java @@ -33,10 +33,15 @@ import com.cloud.network.dao.LoadBalancerDao; import com.cloud.network.dao.NetworkDao; import com.cloud.network.lb.LoadBalancingRule; import com.cloud.network.lb.LoadBalancingRulesManager; +import com.cloud.network.router.NetworkGeneralHelper; import com.cloud.network.router.RouterControlHelper; +import com.cloud.network.vpc.NetworkACLItem; +import com.cloud.network.vpc.VpcManager; +import com.cloud.network.vpc.dao.VpcDao; import com.cloud.offerings.dao.NetworkOfferingDao; import com.cloud.service.dao.ServiceOfferingDao; import com.cloud.storage.dao.VMTemplateDao; +import com.cloud.user.dao.UserStatisticsDao; import com.cloud.vm.NicProfile; import com.cloud.vm.VirtualMachineManager; import com.cloud.vm.VirtualMachineProfile; @@ -73,6 +78,15 @@ public class VirtualNetworkApplianceFactory { @Inject protected UserVmDao _userVmDao; + @Inject + protected UserStatisticsDao _userStatsDao; + + @Inject + protected VpcDao _vpcDao; + + @Inject + protected VpcManager _vpcMgr; + @Inject protected ServiceOfferingDao _serviceOfferingDao; @@ -91,6 +105,9 @@ public class VirtualNetworkApplianceFactory { @Inject protected RouterControlHelper _routerControlHelper; + @Inject + protected NetworkGeneralHelper _networkHelper; + public LoadBalancingRules createLoadBalancingRules(final Network network, final List rules) { LoadBalancingRules lbRules = new LoadBalancingRules(network, rules); @@ -141,6 +158,16 @@ public class VirtualNetworkApplianceFactory { return ipAssociationRules; } + public VpcIpAssociationRules createVpcIpAssociationRules(final Network network, final List ipAddresses, final NicPlugInOutRules nicPlugInOutRules) { + VpcIpAssociationRules ipAssociationRules = new VpcIpAssociationRules(network, ipAddresses, nicPlugInOutRules); + + initBeans(ipAssociationRules); + + ipAssociationRules._networkDao = _networkDao; + + return ipAssociationRules; + } + public VpnRules createVpnRules(final Network network, final List users) { VpnRules vpnRules = new VpnRules(network, users); @@ -205,4 +232,26 @@ public class VirtualNetworkApplianceFactory { return dhcpRules; } + + public NicPlugInOutRules createNicPluInOutRules(final Network network, final List ipAddresses) { + NicPlugInOutRules nicPlug = new NicPlugInOutRules(network, ipAddresses); + + initBeans(nicPlug); + + nicPlug._vpcDao = _vpcDao; + nicPlug._userStatsDao = _userStatsDao; + nicPlug._vpcMgr = _vpcMgr; + + return nicPlug; + } + + public NetworkAclsRules createNetworkAclRules(final Network network, final List rules, final boolean isPrivateGateway) { + NetworkAclsRules networkAclsRules = new NetworkAclsRules(network, rules, isPrivateGateway); + + initBeans(networkAclsRules); + + networkAclsRules._networkHelper = _networkHelper; + + return networkAclsRules; + } } \ No newline at end of file diff --git a/server/src/com/cloud/network/rules/VpcIpAssociationRules.java b/server/src/com/cloud/network/rules/VpcIpAssociationRules.java index 5c0d6fe2aa3..bcda3603bb4 100644 --- a/server/src/com/cloud/network/rules/VpcIpAssociationRules.java +++ b/server/src/com/cloud/network/rules/VpcIpAssociationRules.java @@ -17,32 +17,158 @@ package com.cloud.network.rules; +import java.util.ArrayList; +import java.util.HashMap; import java.util.List; +import java.util.Map; import org.apache.cloudstack.network.topology.NetworkTopologyVisitor; +import org.apache.log4j.Logger; +import com.cloud.agent.api.routing.IpAssocVpcCommand; +import com.cloud.agent.api.routing.NetworkElementCommand; +import com.cloud.agent.api.routing.SetSourceNatCommand; +import com.cloud.agent.api.to.IpAddressTO; +import com.cloud.agent.manager.Commands; +import com.cloud.dc.DataCenterVO; import com.cloud.exception.ResourceUnavailableException; +import com.cloud.network.IpAddress; import com.cloud.network.Network; +import com.cloud.network.Networks.BroadcastDomainType; import com.cloud.network.PublicIpAddress; import com.cloud.network.router.VirtualRouter; +import com.cloud.utils.Pair; +import com.cloud.utils.exception.CloudRuntimeException; +import com.cloud.vm.Nic; public class VpcIpAssociationRules extends RuleApplier { + private static final Logger s_logger = Logger.getLogger(VpcIpAssociationRules.class); + private final List _ipAddresses; - public VpcIpAssociationRules(final Network network, final List ipAddresses) { + private final NicPlugInOutRules _nicPlugInOutRules; + + private Map _vlanMacAddress; + + private List _ipsToSend; + + public VpcIpAssociationRules(final Network network, final List ipAddresses, final NicPlugInOutRules nicPlugInOutRules) { super(network); _ipAddresses = ipAddresses; + _nicPlugInOutRules = nicPlugInOutRules; } @Override public boolean accept(final NetworkTopologyVisitor visitor, final VirtualRouter router) throws ResourceUnavailableException { _router = router; + _vlanMacAddress = new HashMap(); + _ipsToSend = new ArrayList(); + + for (PublicIpAddress ipAddr : _ipAddresses) { + String broadcastURI = BroadcastDomainType.Vlan.toUri(ipAddr.getVlanTag()).toString(); + Nic nic = _nicDao.findByNetworkIdInstanceIdAndBroadcastUri(ipAddr.getNetworkId(), router.getId(), broadcastURI); + + String macAddress = null; + if (nic == null) { + if (ipAddr.getState() != IpAddress.State.Releasing) { + throw new CloudRuntimeException("Unable to find the nic in network " + ipAddr.getNetworkId() + " to apply the ip address " + ipAddr + " for"); + } + s_logger.debug("Not sending release for ip address " + ipAddr + " as its nic is already gone from VPC router " + router); + } else { + macAddress = nic.getMacAddress(); + _vlanMacAddress.put(BroadcastDomainType.getValue(BroadcastDomainType.fromString(ipAddr.getVlanTag())), macAddress); + _ipsToSend.add(ipAddr); + } + } + return visitor.visit(this); } public List getIpAddresses() { return _ipAddresses; } + + public NicPlugInOutRules getNicPlugInOutRules() { + return _nicPlugInOutRules; + } + + public Map getVlanMacAddress() { + return _vlanMacAddress; + } + + public List getIpsToSend() { + return _ipsToSend; + } + + public void createVpcAssociatePublicIPCommands(final VirtualRouter router, final List ips, final Commands cmds, + final Map vlanMacAddress) { + + Pair sourceNatIpAdd = null; + Boolean addSourceNat = null; + // Ensure that in multiple vlans case we first send all ip addresses of vlan1, then all ip addresses of vlan2, etc.. + Map> vlanIpMap = new HashMap>(); + for (final PublicIpAddress ipAddress : ips) { + String vlanTag = ipAddress.getVlanTag(); + ArrayList ipList = vlanIpMap.get(vlanTag); + if (ipList == null) { + ipList = new ArrayList(); + } + //VR doesn't support release for sourceNat IP address; so reset the state + if (ipAddress.isSourceNat() && ipAddress.getState() == IpAddress.State.Releasing) { + ipAddress.setState(IpAddress.State.Allocated); + } + ipList.add(ipAddress); + vlanIpMap.put(vlanTag, ipList); + } + + for (Map.Entry> vlanAndIp : vlanIpMap.entrySet()) { + List ipAddrList = vlanAndIp.getValue(); + + // Get network rate - required for IpAssoc + Integer networkRate = _networkModel.getNetworkRate(ipAddrList.get(0).getNetworkId(), router.getId()); + Network network = _networkModel.getNetwork(ipAddrList.get(0).getNetworkId()); + + IpAddressTO[] ipsToSend = new IpAddressTO[ipAddrList.size()]; + int i = 0; + + for (final PublicIpAddress ipAddr : ipAddrList) { + boolean add = (ipAddr.getState() == IpAddress.State.Releasing ? false : true); + + String macAddress = vlanMacAddress.get(BroadcastDomainType.getValue(BroadcastDomainType.fromString(ipAddr.getVlanTag()))); + + IpAddressTO ip = + new IpAddressTO(ipAddr.getAccountId(), ipAddr.getAddress().addr(), add, false, ipAddr.isSourceNat(), ipAddr.getVlanTag(), ipAddr.getGateway(), + ipAddr.getNetmask(), macAddress, networkRate, ipAddr.isOneToOneNat()); + + ip.setTrafficType(network.getTrafficType()); + ip.setNetworkName(_networkModel.getNetworkTag(router.getHypervisorType(), network)); + ipsToSend[i++] = ip; + if (ipAddr.isSourceNat()) { + sourceNatIpAdd = new Pair(ip, ipAddr.getNetworkId()); + addSourceNat = add; + } + } + IpAssocVpcCommand cmd = new IpAssocVpcCommand(ipsToSend); + cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId())); + cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(ipAddrList.get(0).getNetworkId(), router.getId())); + cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName()); + DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId()); + cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString()); + + cmds.addCommand("IPAssocVpcCommand", cmd); + } + + //set source nat ip + if (sourceNatIpAdd != null) { + IpAddressTO sourceNatIp = sourceNatIpAdd.first(); + SetSourceNatCommand cmd = new SetSourceNatCommand(sourceNatIp, addSourceNat); + cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId())); + cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName()); + DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId()); + cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString()); + cmds.addCommand("SetSourceNatCommand", cmd); + } + } } \ No newline at end of file diff --git a/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkTopology.java b/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkTopology.java index 794ed4c5833..05ad17ffbc1 100644 --- a/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkTopology.java +++ b/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkTopology.java @@ -27,10 +27,16 @@ import org.springframework.stereotype.Component; import com.cloud.deploy.DeployDestination; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.Network; +import com.cloud.network.PublicIpAddress; +import com.cloud.network.router.VirtualRouter; import com.cloud.network.rules.DhcpEntryRules; +import com.cloud.network.rules.NetworkAclsRules; +import com.cloud.network.rules.NicPlugInOutRules; import com.cloud.network.rules.RuleApplier; import com.cloud.network.rules.RuleApplierWrapper; import com.cloud.network.rules.UserdataPwdRules; +import com.cloud.network.rules.VpcIpAssociationRules; +import com.cloud.network.vpc.NetworkACLItem; import com.cloud.vm.DomainRouterVO; import com.cloud.vm.NicProfile; import com.cloud.vm.VirtualMachineProfile; @@ -48,7 +54,7 @@ public class AdvancedNetworkTopology extends BasicNetworkTopology { public boolean applyUserData(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest, final List routers) throws ResourceUnavailableException { - s_logger.debug("APPLYING USERDATA RULES"); + s_logger.debug("APPLYING VPC USERDATA RULES"); final String typeString = "userdata and password entry"; final boolean isPodLevelException = false; @@ -64,7 +70,7 @@ public class AdvancedNetworkTopology extends BasicNetworkTopology { public boolean applyDhcpEntry(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest, final List routers) throws ResourceUnavailableException { - s_logger.debug("APPLYING DHCP ENTRY RULES"); + s_logger.debug("APPLYING VPC DHCP ENTRY RULES"); final String typeString = "dhcp entry"; final Long podId = null; @@ -75,4 +81,48 @@ public class AdvancedNetworkTopology extends BasicNetworkTopology { return applyRules(network, routers, typeString, isPodLevelException, podId, failWhenDisconnect, new RuleApplierWrapper(dhcpRules)); } + + @Override + public boolean associatePublicIP(final Network network, final List ipAddresses, final List routers) + throws ResourceUnavailableException { + if (ipAddresses == null || ipAddresses.isEmpty()) { + s_logger.debug("No ip association rules to be applied for network " + network.getId()); + return true; + } + + //only one router is supported in VPC now + VirtualRouter router = routers.get(0); + + if (router.getVpcId() == null) { + return super.associatePublicIP(network, ipAddresses, routers); + } + + s_logger.debug("APPLYING VPC IP RULES"); + + final String typeString = "vpc ip association"; + final boolean isPodLevelException = false; + final boolean failWhenDisconnect = false; + final Long podId = null; + + NicPlugInOutRules nicPlugInOutRules = _virtualNetworkApplianceFactory.createNicPluInOutRules(network, ipAddresses); + VpcIpAssociationRules ipAssociationRules = _virtualNetworkApplianceFactory.createVpcIpAssociationRules(network, ipAddresses, nicPlugInOutRules); + + return applyRules(network, routers, typeString, isPodLevelException, podId, failWhenDisconnect, new RuleApplierWrapper(ipAssociationRules)); + } + + @Override + public boolean applyNetworkACLs(final Network network, final List rules, final List routers, final boolean isPrivateGateway) + throws ResourceUnavailableException { + + s_logger.debug("APPLYING NETWORK ACLs RULES"); + + final String typeString = "network acls"; + final boolean isPodLevelException = false; + final boolean failWhenDisconnect = false; + final Long podId = null; + + NetworkAclsRules aclsRules = _virtualNetworkApplianceFactory.createNetworkAclRules(network, rules, isPrivateGateway); + + return applyRules(network, routers, typeString, isPodLevelException, podId, failWhenDisconnect, new RuleApplierWrapper(aclsRules)); + } } \ No newline at end of file diff --git a/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkVisitor.java b/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkVisitor.java index ae5951faa53..35c1755b98f 100644 --- a/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkVisitor.java +++ b/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkVisitor.java @@ -17,21 +17,25 @@ package org.apache.cloudstack.network.topology; +import java.util.List; +import java.util.Map; + import org.springframework.stereotype.Component; import com.cloud.agent.api.Command; import com.cloud.agent.manager.Commands; import com.cloud.exception.ResourceUnavailableException; +import com.cloud.network.Network; +import com.cloud.network.PublicIpAddress; import com.cloud.network.router.VirtualRouter; import com.cloud.network.rules.DhcpEntryRules; import com.cloud.network.rules.DhcpSubNetRules; import com.cloud.network.rules.NetworkAclsRules; -import com.cloud.network.rules.PasswordToRouterRules; +import com.cloud.network.rules.NicPlugInOutRules; import com.cloud.network.rules.PrivateGatewayRules; -import com.cloud.network.rules.SshKeyToRouterRules; import com.cloud.network.rules.UserdataPwdRules; -import com.cloud.network.rules.UserdataToRouterRules; import com.cloud.network.rules.VpcIpAssociationRules; +import com.cloud.network.vpc.NetworkACLItem; import com.cloud.vm.NicVO; import com.cloud.vm.UserVmVO; import com.cloud.vm.VirtualMachineProfile; @@ -68,28 +72,41 @@ public class AdvancedNetworkVisitor extends BasicNetworkVisitor { } @Override - public boolean visit(final SshKeyToRouterRules sshkey) throws ResourceUnavailableException { - return false; - } + public boolean visit(final NicPlugInOutRules nicPlugInOutRules) throws ResourceUnavailableException { + final VirtualRouter router = nicPlugInOutRules.getRouter(); - @Override - public boolean visit(final PasswordToRouterRules pwd) throws ResourceUnavailableException { - return false; + final Commands commands = nicPlugInOutRules.getNetUsageCommands(); + + return _applianceManager.sendCommandsToRouter(router, commands); } @Override public boolean visit(final NetworkAclsRules acls) throws ResourceUnavailableException { - return false; + final VirtualRouter router = acls.getRouter(); + final Network network = acls.getNetwork(); + + Commands commands = new Commands(Command.OnError.Continue); + List rules = acls.getRules(); + acls.createNetworkACLsCommands(rules, router, commands, network.getId(), acls.isPrivateGateway()); + + return _applianceManager.sendCommandsToRouter(router, commands); } @Override public boolean visit(final VpcIpAssociationRules vpcip) throws ResourceUnavailableException { - return false; - } + final VirtualRouter router = vpcip.getRouter(); - @Override - public boolean visit(final UserdataToRouterRules userdata) throws ResourceUnavailableException { - return false; + Commands cmds = new Commands(Command.OnError.Continue); + Map vlanMacAddress = vpcip.getVlanMacAddress(); + List ipsToSend = vpcip.getIpsToSend(); + + + if (!ipsToSend.isEmpty()) { + vpcip.createVpcAssociatePublicIPCommands(router, ipsToSend, cmds, vlanMacAddress); + return _applianceManager.sendCommandsToRouter(router, cmds); + } else { + return true; + } } @Override diff --git a/server/src/org/apache/cloudstack/network/topology/BasicNetworkTopology.java b/server/src/org/apache/cloudstack/network/topology/BasicNetworkTopology.java index 63b937666b2..318f7e2563e 100644 --- a/server/src/org/apache/cloudstack/network/topology/BasicNetworkTopology.java +++ b/server/src/org/apache/cloudstack/network/topology/BasicNetworkTopology.java @@ -42,6 +42,7 @@ import com.cloud.network.PublicIpAddress; import com.cloud.network.VpnUser; import com.cloud.network.lb.LoadBalancingRule; import com.cloud.network.router.VirtualRouter; +import com.cloud.network.rules.DhcpEntryRules; import com.cloud.network.rules.FirewallRule; import com.cloud.network.rules.FirewallRules; import com.cloud.network.rules.IpAssociationRules; @@ -56,6 +57,8 @@ import com.cloud.network.rules.UserdataPwdRules; import com.cloud.network.rules.UserdataToRouterRules; import com.cloud.network.rules.VirtualNetworkApplianceFactory; import com.cloud.network.rules.VpnRules; +import com.cloud.network.vpc.NetworkACLItem; +import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.vm.DomainRouterVO; import com.cloud.vm.NicProfile; import com.cloud.vm.UserVmVO; @@ -100,6 +103,12 @@ public class BasicNetworkTopology implements NetworkTopology { return null; } + @Override + public boolean applyNetworkACLs(final Network network, final List rules, final List routers, final boolean isPrivateGateway) + throws ResourceUnavailableException { + throw new CloudRuntimeException("applyNetworkACLs not implemented in Basic Network Topology."); + } + @Override public boolean configDhcpForSubnet(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest, final List routers) throws ResourceUnavailableException { @@ -109,9 +118,6 @@ public class BasicNetworkTopology implements NetworkTopology { @Override public boolean applyDhcpEntry(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest, final List routers) throws ResourceUnavailableException { -<<<<<<< HEAD - return false; -======= s_logger.debug("APPLYING DHCP ENTRY RULES"); @@ -119,9 +125,11 @@ public class BasicNetworkTopology implements NetworkTopology { final Long podId = dest.getPod().getId(); boolean isPodLevelException = false; - //for user vm in Basic zone we should try to re-deploy vm in a diff pod if it fails to deploy in original pod; so throwing exception with Pod scope - if (podId != null && profile.getVirtualMachine().getType() == VirtualMachine.Type.User && network.getTrafficType() == TrafficType.Guest && - network.getGuestType() == Network.GuestType.Shared) { + // for user vm in Basic zone we should try to re-deploy vm in a diff pod + // if it fails to deploy in original pod; so throwing exception with Pod + // scope + if (podId != null && profile.getVirtualMachine().getType() == VirtualMachine.Type.User && network.getTrafficType() == TrafficType.Guest + && network.getGuestType() == Network.GuestType.Shared) { isPodLevelException = true; } @@ -130,7 +138,6 @@ public class BasicNetworkTopology implements NetworkTopology { DhcpEntryRules dhcpRules = _virtualNetworkApplianceFactory.createDhcpEntryRules(network, nic, profile, dest); return applyRules(network, routers, typeString, isPodLevelException, podId, failWhenDisconnect, new RuleApplierWrapper(dhcpRules)); ->>>>>>> ee0389b... fixing import in virtual router element and checkstyle in dhcp entry related changes } @Override diff --git a/server/src/org/apache/cloudstack/network/topology/BasicNetworkVisitor.java b/server/src/org/apache/cloudstack/network/topology/BasicNetworkVisitor.java index 430ce868d7f..d95ca0364db 100644 --- a/server/src/org/apache/cloudstack/network/topology/BasicNetworkVisitor.java +++ b/server/src/org/apache/cloudstack/network/topology/BasicNetworkVisitor.java @@ -40,6 +40,7 @@ import com.cloud.network.rules.FirewallRules; import com.cloud.network.rules.IpAssociationRules; import com.cloud.network.rules.LoadBalancingRules; import com.cloud.network.rules.NetworkAclsRules; +import com.cloud.network.rules.NicPlugInOutRules; import com.cloud.network.rules.PasswordToRouterRules; import com.cloud.network.rules.PortForwardingRule; import com.cloud.network.rules.PrivateGatewayRules; @@ -215,16 +216,6 @@ public class BasicNetworkVisitor extends NetworkTopologyVisitor { return _applianceManager.sendCommandsToRouter(router, cmds); } - @Override - public boolean visit(final NetworkAclsRules nat) throws ResourceUnavailableException { - throw new CloudRuntimeException("NetworkAclsRules not implemented in Basic Network Topology."); - } - - @Override - public boolean visit(final VpcIpAssociationRules nat) throws ResourceUnavailableException { - throw new CloudRuntimeException("VpcIpAssociationRules not implemented in Basic Network Topology."); - } - @Override public boolean visit(final UserdataToRouterRules userdata) throws ResourceUnavailableException { final VirtualRouter router = userdata.getRouter(); @@ -238,11 +229,6 @@ public class BasicNetworkVisitor extends NetworkTopologyVisitor { return _applianceManager.sendCommandsToRouter(router, commands); } - @Override - public boolean visit(final PrivateGatewayRules userdata) throws ResourceUnavailableException { - throw new CloudRuntimeException("PrivateGatewayRules not implemented in Basic Network Topology."); - } - @Override public boolean visit(final VpnRules vpn) throws ResourceUnavailableException { VirtualRouter router = vpn.getRouter(); @@ -263,4 +249,24 @@ public class BasicNetworkVisitor extends NetworkTopologyVisitor { public boolean visit(final VpnRules userdata) throws ResourceUnavailableException { return false; } + + @Override + public boolean visit(final NicPlugInOutRules nicPlugInOutRules) throws ResourceUnavailableException { + throw new CloudRuntimeException("NicPlugInOutRules not implemented in Basic Network Topology."); + } + + @Override + public boolean visit(final NetworkAclsRules nat) throws ResourceUnavailableException { + throw new CloudRuntimeException("NetworkAclsRules not implemented in Basic Network Topology."); + } + + @Override + public boolean visit(final VpcIpAssociationRules nat) throws ResourceUnavailableException { + throw new CloudRuntimeException("VpcIpAssociationRules not implemented in Basic Network Topology."); + } + + @Override + public boolean visit(final PrivateGatewayRules userdata) throws ResourceUnavailableException { + throw new CloudRuntimeException("PrivateGatewayRules not implemented in Basic Network Topology."); + } } \ No newline at end of file diff --git a/server/src/org/apache/cloudstack/network/topology/NetworkTopology.java b/server/src/org/apache/cloudstack/network/topology/NetworkTopology.java index 42d61979038..d61de3762e6 100644 --- a/server/src/org/apache/cloudstack/network/topology/NetworkTopology.java +++ b/server/src/org/apache/cloudstack/network/topology/NetworkTopology.java @@ -31,6 +31,7 @@ import com.cloud.network.rules.FirewallRule; import com.cloud.network.rules.RuleApplier; import com.cloud.network.rules.RuleApplierWrapper; import com.cloud.network.rules.StaticNat; +import com.cloud.network.vpc.NetworkACLItem; import com.cloud.vm.DomainRouterVO; import com.cloud.vm.NicProfile; import com.cloud.vm.VirtualMachineProfile; @@ -49,10 +50,12 @@ public interface NetworkTopology { boolean applyDhcpEntry(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest, final List routers) throws ResourceUnavailableException; - boolean applyRules(final Network network, final List routers, final String typeString, final boolean isPodLevelException, final Long podId, - final boolean failWhenDisconnect, RuleApplierWrapper ruleApplier) throws ResourceUnavailableException; + // ====== USER FOR VPC ONLY ====== // - // ====== USER FOR GUEST NETWORK ====== // + boolean applyNetworkACLs(final Network network, final List rules, final List routers, final boolean isPrivateGateway) + throws ResourceUnavailableException; + + // ====== USER FOR GUEST NETWORK AND VCP ====== // boolean applyUserData(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest, final List routers) throws ResourceUnavailableException; @@ -74,4 +77,7 @@ public interface NetworkTopology { boolean saveUserDataToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List routers) throws ResourceUnavailableException; + + boolean applyRules(final Network network, final List routers, final String typeString, final boolean isPodLevelException, final Long podId, + final boolean failWhenDisconnect, RuleApplierWrapper ruleApplier) throws ResourceUnavailableException; } \ No newline at end of file diff --git a/server/src/org/apache/cloudstack/network/topology/NetworkTopologyVisitor.java b/server/src/org/apache/cloudstack/network/topology/NetworkTopologyVisitor.java index d925f16d699..e284ac5cc79 100644 --- a/server/src/org/apache/cloudstack/network/topology/NetworkTopologyVisitor.java +++ b/server/src/org/apache/cloudstack/network/topology/NetworkTopologyVisitor.java @@ -23,6 +23,7 @@ import com.cloud.network.rules.FirewallRules; import com.cloud.network.rules.IpAssociationRules; import com.cloud.network.rules.LoadBalancingRules; import com.cloud.network.rules.NetworkAclsRules; +import com.cloud.network.rules.NicPlugInOutRules; import com.cloud.network.rules.PasswordToRouterRules; import com.cloud.network.rules.PrivateGatewayRules; import com.cloud.network.rules.SshKeyToRouterRules; @@ -69,4 +70,5 @@ public abstract class NetworkTopologyVisitor { public abstract boolean visit(DhcpPvlanRules vpn) throws ResourceUnavailableException; public abstract boolean visit(DhcpSubNetRules vpn) throws ResourceUnavailableException; + public abstract boolean visit(NicPlugInOutRules nicPlugInOutRules) throws ResourceUnavailableException; } \ No newline at end of file diff --git a/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java b/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java index fc98db6a4a1..d24951e9e67 100644 --- a/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java +++ b/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java @@ -33,17 +33,12 @@ import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.InsufficientCapacityException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.Network; -import com.cloud.network.PublicIpAddress; import com.cloud.network.RemoteAccessVpn; import com.cloud.network.Site2SiteVpnConnection; import com.cloud.network.VpcVirtualNetworkApplianceService; import com.cloud.network.VpnUser; -import com.cloud.network.lb.LoadBalancingRule; import com.cloud.network.router.VirtualRouter; import com.cloud.network.router.VpcVirtualNetworkApplianceManager; -import com.cloud.network.rules.FirewallRule; -import com.cloud.network.rules.StaticNat; -import com.cloud.network.vpc.NetworkACLItem; import com.cloud.network.vpc.PrivateGateway; import com.cloud.network.vpc.StaticRouteProfile; import com.cloud.user.Account; @@ -66,32 +61,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement return false; } - /* (non-Javadoc) - * @see com.cloud.network.router.VirtualNetworkApplianceManager#savePasswordToRouter(com.cloud.network.Network, com.cloud.vm.NicProfile, com.cloud.vm.VirtualMachineProfile, java.util.List) - */ - @Override - public boolean savePasswordToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List routers) - throws ResourceUnavailableException { - // TODO Auto-generated method stub - return false; - } - - @Override - public boolean saveSSHPublicKeyToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List routers, final String sshPublicKey) - throws ResourceUnavailableException { - return false; //To change body of implemented methods use File | Settings | File Templates. - } - - /* (non-Javadoc) - * @see com.cloud.network.router.VirtualNetworkApplianceManager#saveUserDataToRouter(com.cloud.network.Network, com.cloud.vm.NicProfile, com.cloud.vm.VirtualMachineProfile, java.util.List) - */ - @Override - public boolean saveUserDataToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List routers) - throws ResourceUnavailableException { - // TODO Auto-generated method stub - return false; - } - /* (non-Javadoc) * @see com.cloud.network.router.VirtualNetworkApplianceManager#startRemoteAccessVpn(com.cloud.network.Network, com.cloud.network.RemoteAccessVpn, java.util.List) */ @@ -110,25 +79,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement return false; } - /* (non-Javadoc) - * @see com.cloud.network.router.VirtualNetworkApplianceManager#associatePublicIP(com.cloud.network.Network, java.util.List, java.util.List) - */ - @Override - public boolean associatePublicIP(final Network network, final List ipAddress, final List routers) - throws ResourceUnavailableException { - // TODO Auto-generated method stub - return false; - } - - /* (non-Javadoc) - * @see com.cloud.network.router.VirtualNetworkApplianceManager#applyFirewallRules(com.cloud.network.Network, java.util.List, java.util.List) - */ - @Override - public boolean applyFirewallRules(final Network network, final List rules, final List routers) throws ResourceUnavailableException { - // TODO Auto-generated method stub - return false; - } - /* (non-Javadoc) * @see com.cloud.network.router.VirtualNetworkApplianceManager#getRoutersForNetwork(long) */ @@ -152,7 +102,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement */ @Override public VirtualRouter stop(final VirtualRouter router, final boolean forced, final User callingUser, final Account callingAccount) throws ConcurrentOperationException, - ResourceUnavailableException { // TODO Auto-generated method stub return null; } @@ -166,38 +115,9 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement return null; } - /* (non-Javadoc) - * @see com.cloud.network.router.VirtualNetworkApplianceManager#applyStaticNats(com.cloud.network.Network, java.util.List, java.util.List) - */ - @Override - public boolean applyStaticNats(final Network network, final List rules, final List routers) throws ResourceUnavailableException { - // TODO Auto-generated method stub - return false; - } - - /* (non-Javadoc) - * @see com.cloud.network.router.VirtualNetworkApplianceManager#applyDhcpEntry(com.cloud.network.Network, com.cloud.vm.NicProfile, com.cloud.vm.VirtualMachineProfile, com.cloud.deploy.DeployDestination, java.util.List) - */ - @Override - public boolean applyDhcpEntry(final Network config, final NicProfile nic, final VirtualMachineProfile vm, final DeployDestination dest, final List routers) - throws ResourceUnavailableException { - // TODO Auto-generated method stub - return false; - } - - /* (non-Javadoc) - * @see com.cloud.network.router.VirtualNetworkApplianceManager#applyUserData(com.cloud.network.Network, com.cloud.vm.NicProfile, com.cloud.vm.VirtualMachineProfile, com.cloud.deploy.DeployDestination, java.util.List) - */ - @Override - public boolean applyUserData(final Network config, final NicProfile nic, final VirtualMachineProfile vm, final DeployDestination dest, final List routers) - throws ResourceUnavailableException { - // TODO Auto-generated method stub - return false; - } - @Override public boolean configDhcpForSubnet(final Network network, final NicProfile nic, final VirtualMachineProfile uservm, final DeployDestination dest, final List routers) - throws ResourceUnavailableException { + throws ResourceUnavailableException { return false; //To change body of implemented methods use File | Settings | File Templates. } @@ -211,7 +131,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement */ @Override public VirtualRouter startRouter(final long routerId, final boolean reprogramNetwork) throws ConcurrentOperationException, ResourceUnavailableException, - InsufficientCapacityException { // TODO Auto-generated method stub return null; } @@ -221,7 +140,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement */ @Override public VirtualRouter rebootRouter(final long routerId, final boolean reprogramNetwork) throws ConcurrentOperationException, ResourceUnavailableException, - InsufficientCapacityException { // TODO Auto-generated method stub return null; } @@ -312,17 +230,10 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement */ @Override public boolean removeVpcRouterFromGuestNetwork(final VirtualRouter router, final Network network, final boolean isRedundant) throws ConcurrentOperationException, - ResourceUnavailableException { // TODO Auto-generated method stub return false; } - @Override - public boolean applyNetworkACLs(final Network network, final List rules, final List routers, final boolean privateGateway) - throws ResourceUnavailableException { - return false; //To change body of implemented methods use File | Settings | File Templates. - } - /* (non-Javadoc) * @see com.cloud.network.router.VpcVirtualNetworkApplianceManager#setupPrivateGateway(com.cloud.network.vpc.PrivateGateway, com.cloud.network.router.VirtualRouter) */ @@ -374,13 +285,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement return null; } - @Override - public boolean applyLoadBalancingRules(final Network network, final List rules, final List routers) - throws ResourceUnavailableException { - // TODO Auto-generated method stub - return false; - } - @Override public VirtualRouter findRouter(final long routerId) { // TODO Auto-generated method stub @@ -425,4 +329,4 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement // TODO Auto-generated method stub return null; } -} +} \ No newline at end of file