mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
apply network acls; acls items to pvt gw; vpc ip association
Conflicts: server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java server/src/com/cloud/network/rules/VirtualNetworkApplianceFactory.java server/src/org/apache/cloudstack/network/topology/BasicNetworkTopology.java
This commit is contained in:
Wilder Rodrigues
wilderrodrigues
parent
f23ba91ed1
commit
b97f2b05c7
@ -16,8 +16,6 @@
|
||||
// under the License.
|
||||
package com.cloud.network.element;
|
||||
|
||||
import com.cloud.host.dao.HostDao;
|
||||
import com.cloud.vm.dao.UserVmDao;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
@ -28,13 +26,15 @@ import javax.ejb.Local;
|
||||
import javax.inject.Inject;
|
||||
import javax.naming.ConfigurationException;
|
||||
|
||||
import org.apache.cloudstack.network.topology.NetworkTopology;
|
||||
import org.apache.cloudstack.network.topology.NetworkTopologyContext;
|
||||
import org.apache.log4j.Logger;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
|
||||
import com.cloud.agent.api.StartupCommand;
|
||||
import com.cloud.agent.api.StartupOvsCommand;
|
||||
import com.cloud.agent.api.to.LoadBalancerTO;
|
||||
import com.cloud.dc.DataCenterVO;
|
||||
import com.cloud.dc.dao.DataCenterDao;
|
||||
import com.cloud.deploy.DeployDestination;
|
||||
import com.cloud.exception.ConcurrentOperationException;
|
||||
import com.cloud.exception.InsufficientCapacityException;
|
||||
@ -42,10 +42,12 @@ import com.cloud.exception.InvalidParameterValueException;
|
||||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.host.Host;
|
||||
import com.cloud.host.HostVO;
|
||||
import com.cloud.host.dao.HostDao;
|
||||
import com.cloud.network.Network;
|
||||
import com.cloud.network.Network.Capability;
|
||||
import com.cloud.network.Network.Provider;
|
||||
import com.cloud.network.Network.Service;
|
||||
import com.cloud.network.NetworkMigrationResponder;
|
||||
import com.cloud.network.NetworkModel;
|
||||
import com.cloud.network.Networks;
|
||||
import com.cloud.network.Networks.BroadcastDomainType;
|
||||
@ -54,10 +56,8 @@ import com.cloud.network.PublicIpAddress;
|
||||
import com.cloud.network.dao.NetworkServiceMapDao;
|
||||
import com.cloud.network.lb.LoadBalancingRule;
|
||||
import com.cloud.network.lb.LoadBalancingRule.LbStickinessPolicy;
|
||||
import com.cloud.network.NetworkMigrationResponder;
|
||||
import com.cloud.network.ovs.OvsTunnelManager;
|
||||
import com.cloud.network.router.VirtualRouter.Role;
|
||||
import com.cloud.network.router.VpcVirtualNetworkApplianceManager;
|
||||
import com.cloud.network.rules.LbStickinessMethod;
|
||||
import com.cloud.network.rules.LbStickinessMethod.StickinessMethodType;
|
||||
import com.cloud.network.rules.LoadBalancerContainer;
|
||||
@ -74,9 +74,11 @@ import com.cloud.utils.exception.CloudRuntimeException;
|
||||
import com.cloud.vm.DomainRouterVO;
|
||||
import com.cloud.vm.NicProfile;
|
||||
import com.cloud.vm.ReservationContext;
|
||||
import com.cloud.vm.VirtualMachine;
|
||||
import com.cloud.vm.VirtualMachineProfile;
|
||||
import com.cloud.vm.dao.DomainRouterDao;
|
||||
import com.cloud.vm.VirtualMachine;
|
||||
import com.cloud.vm.dao.UserVmDao;
|
||||
import com.google.gson.Gson;
|
||||
|
||||
@Local(value = {NetworkElement.class, ConnectivityProvider.class,
|
||||
SourceNatServiceProvider.class, StaticNatServiceProvider.class,
|
||||
@ -96,11 +98,14 @@ StaticNatServiceProvider, IpDeployer {
|
||||
@Inject
|
||||
DomainRouterDao _routerDao;
|
||||
@Inject
|
||||
VpcVirtualNetworkApplianceManager _routerMgr;
|
||||
@Inject
|
||||
UserVmDao _userVmDao;
|
||||
@Inject
|
||||
HostDao _hostDao;
|
||||
@Inject
|
||||
DataCenterDao _dcDao;
|
||||
|
||||
@Inject
|
||||
NetworkTopologyContext _networkTopologyContext;
|
||||
|
||||
private static final Logger s_logger = Logger.getLogger(OvsElement.class);
|
||||
private static final Map<Service, Map<Capability, String>> capabilities = setCapabilities();
|
||||
@ -115,7 +120,7 @@ StaticNatServiceProvider, IpDeployer {
|
||||
return Provider.Ovs;
|
||||
}
|
||||
|
||||
protected boolean canHandle(Network network, Service service) {
|
||||
protected boolean canHandle(final Network network, final Service service) {
|
||||
s_logger.debug("Checking if OvsElement can handle service "
|
||||
+ service.getName() + " on network " + network.getDisplayText());
|
||||
if (network.getBroadcastDomainType() != BroadcastDomainType.Vswitch) {
|
||||
@ -139,7 +144,7 @@ StaticNatServiceProvider, IpDeployer {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean configure(String name, Map<String, Object> params)
|
||||
public boolean configure(final String name, final Map<String, Object> params)
|
||||
throws ConfigurationException {
|
||||
super.configure(name, params);
|
||||
_resourceMgr.registerResourceStateAdapter(name, this);
|
||||
@ -147,8 +152,8 @@ StaticNatServiceProvider, IpDeployer {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean implement(Network network, NetworkOffering offering,
|
||||
DeployDestination dest, ReservationContext context)
|
||||
public boolean implement(final Network network, final NetworkOffering offering,
|
||||
final DeployDestination dest, final ReservationContext context)
|
||||
throws ConcurrentOperationException, ResourceUnavailableException,
|
||||
InsufficientCapacityException {
|
||||
s_logger.debug("entering OvsElement implement function for network "
|
||||
@ -162,9 +167,9 @@ StaticNatServiceProvider, IpDeployer {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean prepare(Network network, NicProfile nic,
|
||||
VirtualMachineProfile vm,
|
||||
DeployDestination dest, ReservationContext context)
|
||||
public boolean prepare(final Network network, final NicProfile nic,
|
||||
final VirtualMachineProfile vm,
|
||||
final DeployDestination dest, final ReservationContext context)
|
||||
throws ConcurrentOperationException, ResourceUnavailableException,
|
||||
InsufficientCapacityException {
|
||||
if (!canHandle(network, Service.Connectivity)) {
|
||||
@ -190,9 +195,9 @@ StaticNatServiceProvider, IpDeployer {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean release(Network network, NicProfile nic,
|
||||
VirtualMachineProfile vm,
|
||||
ReservationContext context) throws ConcurrentOperationException,
|
||||
public boolean release(final Network network, final NicProfile nic,
|
||||
final VirtualMachineProfile vm,
|
||||
final ReservationContext context) throws ConcurrentOperationException,
|
||||
ResourceUnavailableException {
|
||||
if (!canHandle(network, Service.Connectivity)) {
|
||||
return false;
|
||||
@ -211,8 +216,8 @@ StaticNatServiceProvider, IpDeployer {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean shutdown(Network network, ReservationContext context,
|
||||
boolean cleanup) throws ConcurrentOperationException,
|
||||
public boolean shutdown(final Network network, final ReservationContext context,
|
||||
final boolean cleanup) throws ConcurrentOperationException,
|
||||
ResourceUnavailableException {
|
||||
if (!canHandle(network, Service.Connectivity)) {
|
||||
return false;
|
||||
@ -221,7 +226,7 @@ StaticNatServiceProvider, IpDeployer {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean destroy(Network network, ReservationContext context)
|
||||
public boolean destroy(final Network network, final ReservationContext context)
|
||||
throws ConcurrentOperationException, ResourceUnavailableException {
|
||||
if (!canHandle(network, Service.Connectivity)) {
|
||||
return false;
|
||||
@ -230,13 +235,13 @@ StaticNatServiceProvider, IpDeployer {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isReady(PhysicalNetworkServiceProvider provider) {
|
||||
public boolean isReady(final PhysicalNetworkServiceProvider provider) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean shutdownProviderInstances(
|
||||
PhysicalNetworkServiceProvider provider, ReservationContext context)
|
||||
final PhysicalNetworkServiceProvider provider, final ReservationContext context)
|
||||
throws ConcurrentOperationException, ResourceUnavailableException {
|
||||
return true;
|
||||
}
|
||||
@ -247,7 +252,7 @@ StaticNatServiceProvider, IpDeployer {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean verifyServicesCombination(Set<Service> services) {
|
||||
public boolean verifyServicesCombination(final Set<Service> services) {
|
||||
if (!services.contains(Service.Connectivity)) {
|
||||
s_logger.warn("Unable to provide services without Connectivity service enabled for this element");
|
||||
return false;
|
||||
@ -392,15 +397,15 @@ StaticNatServiceProvider, IpDeployer {
|
||||
}
|
||||
|
||||
@Override
|
||||
public HostVO createHostVOForConnectedAgent(HostVO host,
|
||||
StartupCommand[] cmd) {
|
||||
public HostVO createHostVOForConnectedAgent(final HostVO host,
|
||||
final StartupCommand[] cmd) {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public HostVO createHostVOForDirectConnectAgent(HostVO host,
|
||||
StartupCommand[] startup, ServerResource resource,
|
||||
Map<String, String> details, List<String> hostTags) {
|
||||
public HostVO createHostVOForDirectConnectAgent(final HostVO host,
|
||||
final StartupCommand[] startup, final ServerResource resource,
|
||||
final Map<String, String> details, final List<String> hostTags) {
|
||||
if (!(startup[0] instanceof StartupOvsCommand)) {
|
||||
return null;
|
||||
}
|
||||
@ -409,8 +414,8 @@ StaticNatServiceProvider, IpDeployer {
|
||||
}
|
||||
|
||||
@Override
|
||||
public DeleteHostAnswer deleteHost(HostVO host, boolean isForced,
|
||||
boolean isForceDeleteStorage) throws UnableDeleteHostException {
|
||||
public DeleteHostAnswer deleteHost(final HostVO host, final boolean isForced,
|
||||
final boolean isForceDeleteStorage) throws UnableDeleteHostException {
|
||||
if (!(host.getType() == Host.Type.L2Networking)) {
|
||||
return null;
|
||||
}
|
||||
@ -418,13 +423,13 @@ StaticNatServiceProvider, IpDeployer {
|
||||
}
|
||||
|
||||
@Override
|
||||
public IpDeployer getIpDeployer(Network network) {
|
||||
public IpDeployer getIpDeployer(final Network network) {
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean applyIps(Network network,
|
||||
List<? extends PublicIpAddress> ipAddress, Set<Service> services)
|
||||
public boolean applyIps(final Network network,
|
||||
final List<? extends PublicIpAddress> ipAddress, final Set<Service> services)
|
||||
throws ResourceUnavailableException {
|
||||
boolean canHandle = true;
|
||||
for (Service service : services) {
|
||||
@ -444,14 +449,17 @@ StaticNatServiceProvider, IpDeployer {
|
||||
return true;
|
||||
}
|
||||
|
||||
return _routerMgr.associatePublicIP(network, ipAddress, routers);
|
||||
DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId());
|
||||
NetworkTopology networkTopology = _networkTopologyContext.retrieveNetworkTopology(dcVO);
|
||||
|
||||
return networkTopology.associatePublicIP(network, ipAddress, routers);
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean applyStaticNats(Network network, List<? extends StaticNat> rules)
|
||||
public boolean applyStaticNats(final Network network, final List<? extends StaticNat> rules)
|
||||
throws ResourceUnavailableException {
|
||||
if (!canHandle(network, Service.StaticNat)) {
|
||||
return false;
|
||||
@ -464,11 +472,14 @@ StaticNatServiceProvider, IpDeployer {
|
||||
return true;
|
||||
}
|
||||
|
||||
return _routerMgr.applyStaticNats(network, rules, routers);
|
||||
DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId());
|
||||
NetworkTopology networkTopology = _networkTopologyContext.retrieveNetworkTopology(dcVO);
|
||||
|
||||
return networkTopology.applyStaticNats(network, rules, routers);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean applyPFRules(Network network, List<PortForwardingRule> rules)
|
||||
public boolean applyPFRules(final Network network, final List<PortForwardingRule> rules)
|
||||
throws ResourceUnavailableException {
|
||||
if (!canHandle(network, Service.PortForwarding)) {
|
||||
return false;
|
||||
@ -481,11 +492,14 @@ StaticNatServiceProvider, IpDeployer {
|
||||
return true;
|
||||
}
|
||||
|
||||
return _routerMgr.applyFirewallRules(network, rules, routers);
|
||||
DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId());
|
||||
NetworkTopology networkTopology = _networkTopologyContext.retrieveNetworkTopology(dcVO);
|
||||
|
||||
return networkTopology.applyFirewallRules(network, rules, routers);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean applyLBRules(Network network, List<LoadBalancingRule> rules)
|
||||
public boolean applyLBRules(final Network network, final List<LoadBalancingRule> rules)
|
||||
throws ResourceUnavailableException {
|
||||
if (canHandle(network, Service.Lb)) {
|
||||
if (!canHandleLbRules(rules)) {
|
||||
@ -501,7 +515,10 @@ StaticNatServiceProvider, IpDeployer {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!_routerMgr.applyLoadBalancingRules(network, rules, routers)) {
|
||||
DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId());
|
||||
NetworkTopology networkTopology = _networkTopologyContext.retrieveNetworkTopology(dcVO);
|
||||
|
||||
if (!networkTopology.applyLoadBalancingRules(network, rules, routers)) {
|
||||
throw new CloudRuntimeException(
|
||||
"Failed to apply load balancing rules in network "
|
||||
+ network.getId());
|
||||
@ -514,7 +531,7 @@ StaticNatServiceProvider, IpDeployer {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean validateLBRule(Network network, LoadBalancingRule rule) {
|
||||
public boolean validateLBRule(final Network network, final LoadBalancingRule rule) {
|
||||
List<LoadBalancingRule> rules = new ArrayList<LoadBalancingRule>();
|
||||
rules.add(rule);
|
||||
if (canHandle(network, Service.Lb) && canHandleLbRules(rules)) {
|
||||
@ -529,13 +546,13 @@ StaticNatServiceProvider, IpDeployer {
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<LoadBalancerTO> updateHealthChecks(Network network,
|
||||
List<LoadBalancingRule> lbrules) {
|
||||
public List<LoadBalancerTO> updateHealthChecks(final Network network,
|
||||
final List<LoadBalancingRule> lbrules) {
|
||||
// TODO Auto-generated method stub
|
||||
return null;
|
||||
}
|
||||
|
||||
private boolean canHandleLbRules(List<LoadBalancingRule> rules) {
|
||||
private boolean canHandleLbRules(final List<LoadBalancingRule> rules) {
|
||||
Map<Capability, String> lbCaps = getCapabilities().get(Service.Lb);
|
||||
if (!lbCaps.isEmpty()) {
|
||||
String schemeCaps = lbCaps.get(Capability.LbSchemes);
|
||||
@ -553,7 +570,7 @@ StaticNatServiceProvider, IpDeployer {
|
||||
return true;
|
||||
}
|
||||
|
||||
public static boolean validateHAProxyLBRule(LoadBalancingRule rule) {
|
||||
public static boolean validateHAProxyLBRule(final LoadBalancingRule rule) {
|
||||
String timeEndChar = "dhms";
|
||||
|
||||
for (LbStickinessPolicy stickinessPolicy : rule.getStickinessPolicies()) {
|
||||
@ -572,10 +589,12 @@ StaticNatServiceProvider, IpDeployer {
|
||||
for (Pair<String, String> paramKV : paramsList) {
|
||||
String key = paramKV.first();
|
||||
String value = paramKV.second();
|
||||
if ("tablesize".equalsIgnoreCase(key))
|
||||
if ("tablesize".equalsIgnoreCase(key)) {
|
||||
tablesize = value;
|
||||
if ("expire".equalsIgnoreCase(key))
|
||||
}
|
||||
if ("expire".equalsIgnoreCase(key)) {
|
||||
expire = value;
|
||||
}
|
||||
}
|
||||
if ((expire != null)
|
||||
&& !containsOnlyNumbers(expire, timeEndChar)) {
|
||||
@ -601,10 +620,12 @@ StaticNatServiceProvider, IpDeployer {
|
||||
for (Pair<String, String> paramKV : paramsList) {
|
||||
String key = paramKV.first();
|
||||
String value = paramKV.second();
|
||||
if ("length".equalsIgnoreCase(key))
|
||||
if ("length".equalsIgnoreCase(key)) {
|
||||
length = value;
|
||||
if ("holdtime".equalsIgnoreCase(key))
|
||||
}
|
||||
if ("holdtime".equalsIgnoreCase(key)) {
|
||||
holdTime = value;
|
||||
}
|
||||
}
|
||||
|
||||
if ((length != null) && (!containsOnlyNumbers(length, null))) {
|
||||
@ -631,15 +652,18 @@ StaticNatServiceProvider, IpDeployer {
|
||||
* like 12 2) time or tablesize like 12h, 34m, 45k, 54m , here last
|
||||
* character is non-digit but from known characters .
|
||||
*/
|
||||
private static boolean containsOnlyNumbers(String str, String endChar) {
|
||||
if (str == null)
|
||||
private static boolean containsOnlyNumbers(final String str, final String endChar) {
|
||||
if (str == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
String number = str;
|
||||
if (endChar != null) {
|
||||
boolean matchedEndChar = false;
|
||||
if (str.length() < 2)
|
||||
{
|
||||
return false; // atleast one numeric and one char. example:
|
||||
}
|
||||
// 3h
|
||||
char strEnd = str.toCharArray()[str.length() - 1];
|
||||
for (char c : endChar.toCharArray()) {
|
||||
@ -649,8 +673,9 @@ StaticNatServiceProvider, IpDeployer {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!matchedEndChar)
|
||||
if (!matchedEndChar) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
try {
|
||||
Integer.parseInt(number);
|
||||
@ -661,7 +686,7 @@ StaticNatServiceProvider, IpDeployer {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean prepareMigration(NicProfile nic, Network network, VirtualMachineProfile vm, DeployDestination dest, ReservationContext context) {
|
||||
public boolean prepareMigration(final NicProfile nic, final Network network, final VirtualMachineProfile vm, final DeployDestination dest, final ReservationContext context) {
|
||||
if (!canHandle(network, Service.Connectivity)) {
|
||||
return false;
|
||||
}
|
||||
@ -685,12 +710,12 @@ StaticNatServiceProvider, IpDeployer {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void rollbackMigration(NicProfile nic, Network network, VirtualMachineProfile vm, ReservationContext src, ReservationContext dst) {
|
||||
public void rollbackMigration(final NicProfile nic, final Network network, final VirtualMachineProfile vm, final ReservationContext src, final ReservationContext dst) {
|
||||
return;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void commitMigration(NicProfile nic, Network network, VirtualMachineProfile vm, ReservationContext src, ReservationContext dst) {
|
||||
public void commitMigration(final NicProfile nic, final Network network, final VirtualMachineProfile vm, final ReservationContext src, final ReservationContext dst) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
@ -446,30 +446,33 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc
|
||||
DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId());
|
||||
NetworkTopology networkTopology = networkTopologyContext.retrieveNetworkTopology(dcVO);
|
||||
|
||||
return _vpcRouterMgr.associatePublicIP(network, ipAddress, routers);
|
||||
return networkTopology.associatePublicIP(network, ipAddress, routers);
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean applyNetworkACLs(final Network config, final List<? extends NetworkACLItem> rules) throws ResourceUnavailableException {
|
||||
if (canHandle(config, Service.NetworkACL)) {
|
||||
List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(config.getId(), Role.VIRTUAL_ROUTER);
|
||||
public boolean applyNetworkACLs(final Network network, final List<? extends NetworkACLItem> rules) throws ResourceUnavailableException {
|
||||
if (canHandle(network, Service.NetworkACL)) {
|
||||
List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER);
|
||||
if (routers == null || routers.isEmpty()) {
|
||||
s_logger.debug("Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual " + "router doesn't exist in the network " +
|
||||
config.getId());
|
||||
network.getId());
|
||||
return true;
|
||||
}
|
||||
|
||||
DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId());
|
||||
NetworkTopology networkTopology = networkTopologyContext.retrieveNetworkTopology(dcVO);
|
||||
|
||||
try {
|
||||
if (!_vpcRouterMgr.applyNetworkACLs(config, rules, routers, false)) {
|
||||
if (!networkTopology.applyNetworkACLs(network, rules, routers, false)) {
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
} catch (Exception ex) {
|
||||
s_logger.debug("Failed to apply network acl in network " + config.getId());
|
||||
s_logger.debug("Failed to apply network acl in network " + network.getId());
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
@ -500,18 +503,21 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc
|
||||
|
||||
@Override
|
||||
public boolean applyACLItemsToPrivateGw(final PrivateGateway gateway, final List<? extends NetworkACLItem> rules) throws ResourceUnavailableException {
|
||||
Network config = _networkDao.findById(gateway.getNetworkId());
|
||||
Network network = _networkDao.findById(gateway.getNetworkId());
|
||||
boolean isPrivateGateway = true;
|
||||
|
||||
List<DomainRouterVO> routers = _vpcRouterMgr.getVpcRouters(gateway.getVpcId());
|
||||
if (routers == null || routers.isEmpty()) {
|
||||
s_logger.debug("Virtual router element doesn't need to apply network acl rules on the backend; virtual " + "router doesn't exist in the network " +
|
||||
config.getId());
|
||||
network.getId());
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!_vpcRouterMgr.applyNetworkACLs(config, rules, routers, isPrivateGateway)) {
|
||||
throw new CloudRuntimeException("Failed to apply network acl in network " + config.getId());
|
||||
DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId());
|
||||
NetworkTopology networkTopology = networkTopologyContext.retrieveNetworkTopology(dcVO);
|
||||
|
||||
if (!networkTopology.applyNetworkACLs(network, rules, routers, isPrivateGateway)) {
|
||||
throw new CloudRuntimeException("Failed to apply network acl in network " + network.getId());
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -25,13 +25,9 @@ import com.cloud.exception.AgentUnavailableException;
|
||||
import com.cloud.exception.ConcurrentOperationException;
|
||||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.Network;
|
||||
import com.cloud.network.PublicIpAddress;
|
||||
import com.cloud.network.RemoteAccessVpn;
|
||||
import com.cloud.network.VirtualNetworkApplianceService;
|
||||
import com.cloud.network.VpnUser;
|
||||
import com.cloud.network.lb.LoadBalancingRule;
|
||||
import com.cloud.network.rules.FirewallRule;
|
||||
import com.cloud.network.rules.StaticNat;
|
||||
import com.cloud.user.Account;
|
||||
import com.cloud.user.User;
|
||||
import com.cloud.utils.component.Manager;
|
||||
@ -53,15 +49,15 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA
|
||||
static final String RouterAlertsCheckIntervalCK = "router.alerts.check.interval";
|
||||
|
||||
static final ConfigKey<String> RouterTemplateXen = new ConfigKey<String>(String.class, RouterTemplateXenCK, "Advanced", "SystemVM Template (XenServer)",
|
||||
"Name of the default router template on Xenserver.", true, ConfigKey.Scope.Zone, null);
|
||||
"Name of the default router template on Xenserver.", true, ConfigKey.Scope.Zone, null);
|
||||
static final ConfigKey<String> RouterTemplateKvm = new ConfigKey<String>(String.class, RouterTemplateKvmCK, "Advanced", "SystemVM Template (KVM)",
|
||||
"Name of the default router template on KVM.", true, ConfigKey.Scope.Zone, null);
|
||||
"Name of the default router template on KVM.", true, ConfigKey.Scope.Zone, null);
|
||||
static final ConfigKey<String> RouterTemplateVmware = new ConfigKey<String>(String.class, RouterTemplateVmwareCK, "Advanced", "SystemVM Template (vSphere)",
|
||||
"Name of the default router template on Vmware.", true, ConfigKey.Scope.Zone, null);
|
||||
"Name of the default router template on Vmware.", true, ConfigKey.Scope.Zone, null);
|
||||
static final ConfigKey<String> RouterTemplateHyperV = new ConfigKey<String>(String.class, RouterTemplateHyperVCK, "Advanced", "SystemVM Template (HyperV)",
|
||||
"Name of the default router template on Hyperv.", true, ConfigKey.Scope.Zone, null);
|
||||
"Name of the default router template on Hyperv.", true, ConfigKey.Scope.Zone, null);
|
||||
static final ConfigKey<String> RouterTemplateLxc = new ConfigKey<String>(String.class, RouterTemplateLxcCK, "Advanced", "SystemVM Template (LXC)",
|
||||
"Name of the default router template on LXC.", true, ConfigKey.Scope.Zone, null);
|
||||
"Name of the default router template on LXC.", true, ConfigKey.Scope.Zone, null);
|
||||
|
||||
static final ConfigKey<String> SetServiceMonitor = new ConfigKey<String>(String.class, SetServiceMonitorCK, "Advanced", "true",
|
||||
"service monitoring in router enable/disable option, default true", true, ConfigKey.Scope.Zone, null);
|
||||
@ -82,29 +78,10 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA
|
||||
*/
|
||||
boolean sendSshKeysToHost(Long hostId, String pubKey, String prvKey);
|
||||
|
||||
/**
|
||||
* save a vm password on the router.
|
||||
* @param routers TODO
|
||||
*
|
||||
*/
|
||||
boolean savePasswordToRouter(Network network, NicProfile nic, VirtualMachineProfile profile, List<? extends VirtualRouter> routers)
|
||||
throws ResourceUnavailableException;
|
||||
|
||||
boolean saveSSHPublicKeyToRouter(Network network, NicProfile nic, VirtualMachineProfile profile, List<? extends VirtualRouter> routers, String sshPublicKey)
|
||||
throws ResourceUnavailableException;
|
||||
|
||||
boolean saveUserDataToRouter(Network network, NicProfile nic, VirtualMachineProfile profile, List<? extends VirtualRouter> routers)
|
||||
throws ResourceUnavailableException;
|
||||
|
||||
boolean startRemoteAccessVpn(Network network, RemoteAccessVpn vpn, List<? extends VirtualRouter> routers) throws ResourceUnavailableException;
|
||||
|
||||
boolean deleteRemoteAccessVpn(Network network, RemoteAccessVpn vpn, List<? extends VirtualRouter> routers) throws ResourceUnavailableException;
|
||||
|
||||
boolean associatePublicIP(Network network, final List<? extends PublicIpAddress> ipAddress, List<? extends VirtualRouter> routers)
|
||||
throws ResourceUnavailableException;
|
||||
|
||||
boolean applyFirewallRules(Network network, final List<? extends FirewallRule> rules, List<? extends VirtualRouter> routers) throws ResourceUnavailableException;
|
||||
|
||||
List<VirtualRouter> getRoutersForNetwork(long networkId);
|
||||
|
||||
String[] applyVpnUsers(Network network, List<? extends VpnUser> users, List<DomainRouterVO> routers) throws ResourceUnavailableException;
|
||||
@ -113,18 +90,8 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA
|
||||
|
||||
String getDnsBasicZoneUpdate();
|
||||
|
||||
boolean applyStaticNats(Network network, final List<? extends StaticNat> rules, List<? extends VirtualRouter> routers) throws ResourceUnavailableException;
|
||||
|
||||
boolean applyDhcpEntry(Network config, NicProfile nic, VirtualMachineProfile vm, DeployDestination dest, List<DomainRouterVO> routers)
|
||||
throws ResourceUnavailableException;
|
||||
|
||||
boolean applyUserData(Network config, NicProfile nic, VirtualMachineProfile vm, DeployDestination dest, List<DomainRouterVO> routers)
|
||||
throws ResourceUnavailableException;
|
||||
|
||||
boolean applyLoadBalancingRules(Network network, List<? extends LoadBalancingRule> rules, List<? extends VirtualRouter> routers) throws ResourceUnavailableException;
|
||||
|
||||
boolean configDhcpForSubnet(Network network, NicProfile nic, VirtualMachineProfile uservm, DeployDestination dest, List<DomainRouterVO> routers)
|
||||
throws ResourceUnavailableException;
|
||||
throws ResourceUnavailableException;
|
||||
|
||||
boolean removeDhcpSupportForSubnet(Network network, List<DomainRouterVO> routers) throws ResourceUnavailableException;
|
||||
|
||||
|
||||
@ -214,7 +214,6 @@ import com.cloud.service.ServiceOfferingVO;
|
||||
import com.cloud.service.dao.ServiceOfferingDao;
|
||||
import com.cloud.storage.GuestOSVO;
|
||||
import com.cloud.storage.Storage.ProvisioningType;
|
||||
import com.cloud.storage.VMTemplateVO;
|
||||
import com.cloud.storage.dao.GuestOSDao;
|
||||
import com.cloud.storage.dao.VMTemplateDao;
|
||||
import com.cloud.storage.dao.VolumeDao;
|
||||
@ -500,72 +499,8 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean savePasswordToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List<? extends VirtualRouter> routers)
|
||||
throws ResourceUnavailableException {
|
||||
_userVmDao.loadDetails((UserVmVO) profile.getVirtualMachine());
|
||||
|
||||
final VirtualMachineProfile updatedProfile = profile;
|
||||
|
||||
return applyRules(network, routers, "save password entry", false, null, false, new RuleApplier() {
|
||||
@Override
|
||||
public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
|
||||
// for basic zone, send vm data/password information only to the
|
||||
// router in the same pod
|
||||
final Commands cmds = new Commands(Command.OnError.Stop);
|
||||
final NicVO nicVo = _nicDao.findById(nic.getId());
|
||||
createPasswordCommand(router, updatedProfile, nicVo, cmds);
|
||||
return sendCommandsToRouter(router, cmds);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean saveSSHPublicKeyToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List<? extends VirtualRouter> routers,
|
||||
final String sshPublicKey) throws ResourceUnavailableException {
|
||||
final UserVmVO vm = _userVmDao.findById(profile.getVirtualMachine().getId());
|
||||
_userVmDao.loadDetails(vm);
|
||||
|
||||
final VirtualMachineProfile updatedProfile = profile;
|
||||
|
||||
return applyRules(network, routers, "save SSHkey entry", false, null, false, new RuleApplier() {
|
||||
@Override
|
||||
public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
|
||||
// for basic zone, send vm data/password information only to the
|
||||
// router in the same pod
|
||||
final Commands cmds = new Commands(Command.OnError.Stop);
|
||||
final NicVO nicVo = _nicDao.findById(nic.getId());
|
||||
final VMTemplateVO template = _templateDao.findByIdIncludingRemoved(updatedProfile.getTemplateId());
|
||||
if (template != null && template.getEnablePassword()) {
|
||||
createPasswordCommand(router, updatedProfile, nicVo, cmds);
|
||||
}
|
||||
createVmDataCommand(router, vm, nicVo, sshPublicKey, cmds);
|
||||
return sendCommandsToRouter(router, cmds);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean saveUserDataToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List<? extends VirtualRouter> routers)
|
||||
throws ResourceUnavailableException {
|
||||
final UserVmVO vm = _userVmDao.findById(profile.getVirtualMachine().getId());
|
||||
_userVmDao.loadDetails(vm);
|
||||
|
||||
return applyRules(network, routers, "save userdata entry", false, null, false, new RuleApplier() {
|
||||
@Override
|
||||
public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
|
||||
// for basic zone, send vm data/password information only to the
|
||||
// router in the same pod
|
||||
final Commands cmds = new Commands(Command.OnError.Stop);
|
||||
final NicVO nicVo = _nicDao.findById(nic.getId());
|
||||
createVmDataCommand(router, vm, nicVo, null, cmds);
|
||||
return sendCommandsToRouter(router, cmds);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@Override
|
||||
@ActionEvent(eventType = EventTypes.EVENT_ROUTER_STOP, eventDescription = "stopping router Vm", async = true)
|
||||
@Override
|
||||
public VirtualRouter stopRouter(final long routerId, final boolean forced) throws ResourceUnavailableException, ConcurrentOperationException {
|
||||
final CallContext context = CallContext.current();
|
||||
final Account account = context.getCallingAccount();
|
||||
@ -2478,45 +2413,6 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean applyDhcpEntry(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest,
|
||||
final List<DomainRouterVO> routers) throws ResourceUnavailableException {
|
||||
if (s_logger.isTraceEnabled()) {
|
||||
s_logger.trace("applyDhcpEntry(" + network.getCidr() + ", " + nic.getMacAddress() + ", " + profile.getUuid() + ", " + dest.getHost() + ", " + routers + ")");
|
||||
}
|
||||
final UserVmVO vm = _userVmDao.findById(profile.getId());
|
||||
_userVmDao.loadDetails(vm);
|
||||
|
||||
final VirtualMachineProfile updatedProfile = profile;
|
||||
final boolean isZoneBasic = dest.getDataCenter().getNetworkType() == NetworkType.Basic;
|
||||
final Long podId = isZoneBasic ? dest.getPod().getId() : null;
|
||||
|
||||
boolean podLevelException = false;
|
||||
// for user vm in Basic zone we should try to re-deploy vm in a diff pod
|
||||
// if it fails to deploy in original pod; so throwing exception with Pod
|
||||
// scope
|
||||
if (isZoneBasic && podId != null && updatedProfile.getVirtualMachine().getType() == VirtualMachine.Type.User && network.getTrafficType() == TrafficType.Guest
|
||||
&& network.getGuestType() == Network.GuestType.Shared) {
|
||||
podLevelException = true;
|
||||
}
|
||||
|
||||
return applyRules(network, routers, "dhcp entry", podLevelException, podId, true, new RuleApplier() {
|
||||
@Override
|
||||
public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
|
||||
// for basic zone, send dhcp/dns information to all routers in
|
||||
// the basic network only when _dnsBasicZoneUpdates is set to
|
||||
// "all" value
|
||||
final Commands cmds = new Commands(Command.OnError.Stop);
|
||||
if (!(isZoneBasic && router.getPodIdToDeployIn().longValue() != podId.longValue() && _dnsBasicZoneUpdates.equalsIgnoreCase("pod"))) {
|
||||
final NicVO nicVo = _nicDao.findById(nic.getId());
|
||||
createDhcpEntryCommand(router, vm, nicVo, cmds);
|
||||
return sendCommandsToRouter(router, cmds);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
private void createDeleteIpAliasCommand(final DomainRouterVO router, final List<IpAliasTO> deleteIpAliasTOs, final List<IpAliasTO> createIpAliasTos, final long networkId,
|
||||
final Commands cmds) {
|
||||
final String routerip = getRouterIpInNetwork(networkId, router.getId());
|
||||
@ -2561,42 +2457,6 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
|
||||
return defaultNic;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean applyUserData(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest, final List<DomainRouterVO> routers)
|
||||
throws ResourceUnavailableException {
|
||||
final UserVmVO vm = _userVmDao.findById(profile.getId());
|
||||
_userVmDao.loadDetails(vm);
|
||||
|
||||
final VirtualMachineProfile updatedProfile = profile;
|
||||
final boolean isZoneBasic = dest.getDataCenter().getNetworkType() == NetworkType.Basic;
|
||||
final Long podId = isZoneBasic ? dest.getPod().getId() : null;
|
||||
|
||||
boolean podLevelException = false;
|
||||
// for user vm in Basic zone we should try to re-deploy vm in a diff pod
|
||||
// if it fails to deploy in original pod; so throwing exception with Pod
|
||||
// scope
|
||||
if (isZoneBasic && podId != null && updatedProfile.getVirtualMachine().getType() == VirtualMachine.Type.User && network.getTrafficType() == TrafficType.Guest
|
||||
&& network.getGuestType() == Network.GuestType.Shared) {
|
||||
podLevelException = true;
|
||||
}
|
||||
|
||||
return applyRules(network, routers, "userdata and password entry", podLevelException, podId, false, new RuleApplier() {
|
||||
@Override
|
||||
public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
|
||||
// for basic zone, send vm data/password information only to the
|
||||
// router in the same pod
|
||||
final Commands cmds = new Commands(Command.OnError.Stop);
|
||||
if (!(isZoneBasic && router.getPodIdToDeployIn().longValue() != podId.longValue())) {
|
||||
final NicVO nicVo = _nicDao.findById(nic.getId());
|
||||
createPasswordCommand(router, updatedProfile, nicVo, cmds);
|
||||
createVmDataCommand(router, vm, nicVo, vm.getDetail("SSH.PublicKey"), cmds);
|
||||
return sendCommandsToRouter(router, cmds);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
protected void createApplyVpnUsersCommand(final List<? extends VpnUser> users, final VirtualRouter router, final Commands cmds) {
|
||||
final List<VpnUser> addUsers = new ArrayList<VpnUser>();
|
||||
final List<VpnUser> removeUsers = new ArrayList<VpnUser>();
|
||||
@ -3179,91 +3039,6 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean associatePublicIP(final Network network, final List<? extends PublicIpAddress> ipAddress, final List<? extends VirtualRouter> routers)
|
||||
throws ResourceUnavailableException {
|
||||
if (ipAddress == null || ipAddress.isEmpty()) {
|
||||
s_logger.debug("No ip association rules to be applied for network " + network.getId());
|
||||
return true;
|
||||
}
|
||||
return applyRules(network, routers, "ip association", false, null, false, new RuleApplier() {
|
||||
@Override
|
||||
public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
|
||||
final Commands cmds = new Commands(Command.OnError.Continue);
|
||||
createAssociateIPCommands(router, ipAddress, cmds, 0);
|
||||
return sendCommandsToRouter(router, cmds);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean applyFirewallRules(final Network network, final List<? extends FirewallRule> rules, final List<? extends VirtualRouter> routers)
|
||||
throws ResourceUnavailableException {
|
||||
if (rules == null || rules.isEmpty()) {
|
||||
s_logger.debug("No firewall rules to be applied for network " + network.getId());
|
||||
return true;
|
||||
}
|
||||
return applyRules(network, routers, "firewall rules", false, null, false, new RuleApplier() {
|
||||
@Override
|
||||
public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
|
||||
if (rules.get(0).getPurpose() == Purpose.LoadBalancing) {
|
||||
// for load balancer we have to resend all lb rules for the
|
||||
// network
|
||||
final List<LoadBalancerVO> lbs = _loadBalancerDao.listByNetworkIdAndScheme(network.getId(), Scheme.Public);
|
||||
final List<LoadBalancingRule> lbRules = new ArrayList<LoadBalancingRule>();
|
||||
for (final LoadBalancerVO lb : lbs) {
|
||||
final List<LbDestination> dstList = _lbMgr.getExistingDestinations(lb.getId());
|
||||
final List<LbStickinessPolicy> policyList = _lbMgr.getStickinessPolicies(lb.getId());
|
||||
final List<LbHealthCheckPolicy> hcPolicyList = _lbMgr.getHealthCheckPolicies(lb.getId());
|
||||
final LbSslCert sslCert = _lbMgr.getLbSslCert(lb.getId());
|
||||
final Ip sourceIp = _networkModel.getPublicIpAddress(lb.getSourceIpAddressId()).getAddress();
|
||||
final LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList, policyList, hcPolicyList, sourceIp, sslCert, lb.getLbProtocol());
|
||||
|
||||
lbRules.add(loadBalancing);
|
||||
}
|
||||
return sendLBRules(router, lbRules, network.getId());
|
||||
} else if (rules.get(0).getPurpose() == Purpose.PortForwarding) {
|
||||
return sendPortForwardingRules(router, (List<PortForwardingRule>) rules, network.getId());
|
||||
} else if (rules.get(0).getPurpose() == Purpose.StaticNat) {
|
||||
return sendStaticNatRules(router, (List<StaticNatRule>) rules, network.getId());
|
||||
} else if (rules.get(0).getPurpose() == Purpose.Firewall) {
|
||||
return sendFirewallRules(router, (List<FirewallRule>) rules, network.getId());
|
||||
} else {
|
||||
s_logger.warn("Unable to apply rules of purpose: " + rules.get(0).getPurpose());
|
||||
return false;
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean applyLoadBalancingRules(final Network network, final List<? extends LoadBalancingRule> rules, final List<? extends VirtualRouter> routers)
|
||||
throws ResourceUnavailableException {
|
||||
if (rules == null || rules.isEmpty()) {
|
||||
s_logger.debug("No lb rules to be applied for network " + network.getId());
|
||||
return true;
|
||||
}
|
||||
return applyRules(network, routers, "loadbalancing rules", false, null, false, new RuleApplier() {
|
||||
@Override
|
||||
public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
|
||||
// for load balancer we have to resend all lb rules for the
|
||||
// network
|
||||
final List<LoadBalancerVO> lbs = _loadBalancerDao.listByNetworkIdAndScheme(network.getId(), Scheme.Public);
|
||||
final List<LoadBalancingRule> lbRules = new ArrayList<LoadBalancingRule>();
|
||||
for (final LoadBalancerVO lb : lbs) {
|
||||
final List<LbDestination> dstList = _lbMgr.getExistingDestinations(lb.getId());
|
||||
final List<LbStickinessPolicy> policyList = _lbMgr.getStickinessPolicies(lb.getId());
|
||||
final List<LbHealthCheckPolicy> hcPolicyList = _lbMgr.getHealthCheckPolicies(lb.getId());
|
||||
final LbSslCert sslCert = _lbMgr.getLbSslCert(lb.getId());
|
||||
final Ip sourceIp = _networkModel.getPublicIpAddress(lb.getSourceIpAddressId()).getAddress();
|
||||
final LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList, policyList, hcPolicyList, sourceIp, sslCert, lb.getLbProtocol());
|
||||
lbRules.add(loadBalancing);
|
||||
}
|
||||
return sendLBRules(router, lbRules, network.getId());
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
protected boolean sendLBRules(final VirtualRouter router, final List<LoadBalancingRule> rules, final long guestNetworkId) throws ResourceUnavailableException {
|
||||
final Commands cmds = new Commands(Command.OnError.Continue);
|
||||
createApplyLoadBalancingRulesCommands(rules, router, cmds, guestNetworkId);
|
||||
@ -3433,20 +3208,6 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
|
||||
return result;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean applyStaticNats(final Network network, final List<? extends StaticNat> rules, final List<? extends VirtualRouter> routers) throws ResourceUnavailableException {
|
||||
if (rules == null || rules.isEmpty()) {
|
||||
s_logger.debug("No static nat rules to be applied for network " + network.getId());
|
||||
return true;
|
||||
}
|
||||
return applyRules(network, routers, "static nat rules", false, null, false, new RuleApplier() {
|
||||
@Override
|
||||
public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
|
||||
return applyStaticNat(router, rules, network.getId());
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
protected boolean applyStaticNat(final VirtualRouter router, final List<? extends StaticNat> rules, final long guestNetworkId) throws ResourceUnavailableException {
|
||||
final Commands cmds = new Commands(Command.OnError.Continue);
|
||||
createApplyStaticNatCommands(rules, router, cmds, guestNetworkId);
|
||||
@ -3817,5 +3578,4 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
|
||||
public boolean completeAggregatedExecution(final Network network, final List<DomainRouterVO> routers) throws AgentUnavailableException {
|
||||
return aggregationExecution(Action.Finish, network, routers);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -20,30 +20,16 @@ import java.util.List;
|
||||
|
||||
import com.cloud.exception.ConcurrentOperationException;
|
||||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.Network;
|
||||
import com.cloud.network.RemoteAccessVpn;
|
||||
import com.cloud.network.Site2SiteVpnConnection;
|
||||
import com.cloud.network.VpcVirtualNetworkApplianceService;
|
||||
import com.cloud.network.VpnUser;
|
||||
import com.cloud.network.vpc.NetworkACLItem;
|
||||
import com.cloud.network.vpc.PrivateGateway;
|
||||
import com.cloud.network.vpc.StaticRouteProfile;
|
||||
import com.cloud.vm.DomainRouterVO;
|
||||
|
||||
public interface VpcVirtualNetworkApplianceManager extends VirtualNetworkApplianceManager, VpcVirtualNetworkApplianceService {
|
||||
|
||||
/**
|
||||
*
|
||||
* @param network
|
||||
* @param rules
|
||||
* @param routers
|
||||
* @param privateGateway
|
||||
* @return
|
||||
* @throws ResourceUnavailableException
|
||||
*/
|
||||
boolean applyNetworkACLs(Network network, List<? extends NetworkACLItem> rules, List<? extends VirtualRouter> routers, boolean privateGateway)
|
||||
throws ResourceUnavailableException;
|
||||
|
||||
/**
|
||||
* @param gateway
|
||||
* @param router TODO
|
||||
|
||||
@ -23,7 +23,6 @@ import java.util.HashMap;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Map.Entry;
|
||||
|
||||
import javax.ejb.Local;
|
||||
import javax.inject.Inject;
|
||||
@ -62,7 +61,6 @@ import com.cloud.network.Network;
|
||||
import com.cloud.network.Network.Provider;
|
||||
import com.cloud.network.Network.Service;
|
||||
import com.cloud.network.Networks.BroadcastDomainType;
|
||||
import com.cloud.network.Networks.IsolationType;
|
||||
import com.cloud.network.Networks.TrafficType;
|
||||
import com.cloud.network.PublicIpAddress;
|
||||
import com.cloud.network.RemoteAccessVpn;
|
||||
@ -363,125 +361,6 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean associatePublicIP(final Network network, final List<? extends PublicIpAddress> ipAddress, final List<? extends VirtualRouter> routers)
|
||||
throws ResourceUnavailableException {
|
||||
if (ipAddress == null || ipAddress.isEmpty()) {
|
||||
s_logger.debug("No ip association rules to be applied for network " + network.getId());
|
||||
return true;
|
||||
}
|
||||
|
||||
//only one router is supported in VPC now
|
||||
VirtualRouter router = routers.get(0);
|
||||
|
||||
if (router.getVpcId() == null) {
|
||||
return super.associatePublicIP(network, ipAddress, routers);
|
||||
}
|
||||
|
||||
Pair<Map<String, PublicIpAddress>, Map<String, PublicIpAddress>> nicsToChange = getNicsToChangeOnRouter(ipAddress, router);
|
||||
Map<String, PublicIpAddress> nicsToPlug = nicsToChange.first();
|
||||
Map<String, PublicIpAddress> nicsToUnplug = nicsToChange.second();
|
||||
|
||||
//1) Unplug the nics
|
||||
for (Entry<String, PublicIpAddress> entry : nicsToUnplug.entrySet()) {
|
||||
Network publicNtwk = null;
|
||||
try {
|
||||
publicNtwk = _networkModel.getNetwork(entry.getValue().getNetworkId());
|
||||
URI broadcastUri = BroadcastDomainType.Vlan.toUri(entry.getKey());
|
||||
_itMgr.removeVmFromNetwork(router, publicNtwk, broadcastUri);
|
||||
} catch (ConcurrentOperationException e) {
|
||||
s_logger.warn("Failed to remove router " + router + " from vlan " + entry.getKey() + " in public network " + publicNtwk + " due to ", e);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
Commands netUsagecmds = new Commands(Command.OnError.Continue);
|
||||
VpcVO vpc = _vpcDao.findById(router.getVpcId());
|
||||
|
||||
//2) Plug the nics
|
||||
for (String vlanTag : nicsToPlug.keySet()) {
|
||||
PublicIpAddress ip = nicsToPlug.get(vlanTag);
|
||||
//have to plug the nic(s)
|
||||
NicProfile defaultNic = new NicProfile();
|
||||
if (ip.isSourceNat()) {
|
||||
defaultNic.setDefaultNic(true);
|
||||
}
|
||||
defaultNic.setIp4Address(ip.getAddress().addr());
|
||||
defaultNic.setGateway(ip.getGateway());
|
||||
defaultNic.setNetmask(ip.getNetmask());
|
||||
defaultNic.setMacAddress(ip.getMacAddress());
|
||||
defaultNic.setBroadcastType(BroadcastDomainType.Vlan);
|
||||
defaultNic.setBroadcastUri(BroadcastDomainType.Vlan.toUri(ip.getVlanTag()));
|
||||
defaultNic.setIsolationUri(IsolationType.Vlan.toUri(ip.getVlanTag()));
|
||||
|
||||
NicProfile publicNic = null;
|
||||
Network publicNtwk = null;
|
||||
try {
|
||||
publicNtwk = _networkModel.getNetwork(ip.getNetworkId());
|
||||
publicNic = _itMgr.addVmToNetwork(router, publicNtwk, defaultNic);
|
||||
} catch (ConcurrentOperationException e) {
|
||||
s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk + " due to ", e);
|
||||
} catch (InsufficientCapacityException e) {
|
||||
s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk + " due to ", e);
|
||||
} finally {
|
||||
if (publicNic == null) {
|
||||
s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
//Create network usage commands. Send commands to router after IPAssoc
|
||||
NetworkUsageCommand netUsageCmd =
|
||||
new NetworkUsageCommand(router.getPrivateIpAddress(), router.getInstanceName(), true, defaultNic.getIp4Address(), vpc.getCidr());
|
||||
netUsagecmds.addCommand(netUsageCmd);
|
||||
UserStatisticsVO stats =
|
||||
_userStatsDao.findBy(router.getAccountId(), router.getDataCenterId(), publicNtwk.getId(), publicNic.getIp4Address(), router.getId(), router.getType()
|
||||
.toString());
|
||||
if (stats == null) {
|
||||
stats =
|
||||
new UserStatisticsVO(router.getAccountId(), router.getDataCenterId(), publicNic.getIp4Address(), router.getId(), router.getType().toString(),
|
||||
publicNtwk.getId());
|
||||
_userStatsDao.persist(stats);
|
||||
}
|
||||
}
|
||||
|
||||
//3) apply the ips
|
||||
boolean result = applyRules(network, routers, "vpc ip association", false, null, false, new RuleApplier() {
|
||||
@Override
|
||||
public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
|
||||
Commands cmds = new Commands(Command.OnError.Continue);
|
||||
Map<String, String> vlanMacAddress = new HashMap<String, String>();
|
||||
List<PublicIpAddress> ipsToSend = new ArrayList<PublicIpAddress>();
|
||||
for (PublicIpAddress ipAddr : ipAddress) {
|
||||
String broadcastURI = BroadcastDomainType.Vlan.toUri(ipAddr.getVlanTag()).toString();
|
||||
Nic nic = _nicDao.findByNetworkIdInstanceIdAndBroadcastUri(ipAddr.getNetworkId(), router.getId(), broadcastURI);
|
||||
|
||||
String macAddress = null;
|
||||
if (nic == null) {
|
||||
if (ipAddr.getState() != IpAddress.State.Releasing) {
|
||||
throw new CloudRuntimeException("Unable to find the nic in network " + ipAddr.getNetworkId() + " to apply the ip address " + ipAddr + " for");
|
||||
}
|
||||
s_logger.debug("Not sending release for ip address " + ipAddr + " as its nic is already gone from VPC router " + router);
|
||||
} else {
|
||||
macAddress = nic.getMacAddress();
|
||||
vlanMacAddress.put(BroadcastDomainType.getValue(BroadcastDomainType.fromString(ipAddr.getVlanTag())), macAddress);
|
||||
ipsToSend.add(ipAddr);
|
||||
}
|
||||
}
|
||||
if (!ipsToSend.isEmpty()) {
|
||||
createVpcAssociatePublicIPCommands(router, ipsToSend, cmds, vlanMacAddress);
|
||||
return sendCommandsToRouter(router, cmds);
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
});
|
||||
if (result && netUsagecmds.size() > 0) {
|
||||
//After successful ipassoc, send commands to router
|
||||
sendCommandsToRouter(router, netUsagecmds);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile, final DeployDestination dest, final ReservationContext context) {
|
||||
DomainRouterVO vr = _routerDao.findById(profile.getId());
|
||||
@ -518,21 +397,6 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
|
||||
return super.finalizeVirtualMachineProfile(profile, dest, context);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean applyNetworkACLs(final Network network, final List<? extends NetworkACLItem> rules, final List<? extends VirtualRouter> routers, final boolean isPrivateGateway)
|
||||
throws ResourceUnavailableException {
|
||||
if (rules == null || rules.isEmpty()) {
|
||||
s_logger.debug("No network ACLs to be applied for network " + network.getId());
|
||||
return true;
|
||||
}
|
||||
return applyRules(network, routers, "network acls", false, null, false, new RuleApplier() {
|
||||
@Override
|
||||
public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
|
||||
return sendNetworkACLs(router, rules, network.getId(), isPrivateGateway);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
protected boolean sendNetworkACLs(final VirtualRouter router, final List<? extends NetworkACLItem> rules, final long guestNetworkId, final boolean isPrivateGateway)
|
||||
throws ResourceUnavailableException {
|
||||
Commands cmds = new Commands(Command.OnError.Continue);
|
||||
|
||||
@ -17,32 +17,77 @@
|
||||
|
||||
package com.cloud.network.rules;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.apache.cloudstack.network.topology.NetworkTopologyVisitor;
|
||||
|
||||
import com.cloud.agent.api.routing.NetworkElementCommand;
|
||||
import com.cloud.agent.api.routing.SetNetworkACLCommand;
|
||||
import com.cloud.agent.api.to.NetworkACLTO;
|
||||
import com.cloud.agent.manager.Commands;
|
||||
import com.cloud.dc.DataCenterVO;
|
||||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.Network;
|
||||
import com.cloud.network.Networks.BroadcastDomainType;
|
||||
import com.cloud.network.router.VirtualRouter;
|
||||
import com.cloud.network.vpc.NetworkACLItem;
|
||||
import com.cloud.network.vpc.VpcGateway;
|
||||
|
||||
public class NetworkAclsRules extends RuleApplier {
|
||||
|
||||
private final List<? extends NetworkACLItem> rules;
|
||||
private final List<? extends NetworkACLItem> _rules;
|
||||
private final boolean _isPrivateGateway;
|
||||
|
||||
public NetworkAclsRules(final Network network, final List<? extends NetworkACLItem> rules) {
|
||||
public NetworkAclsRules(final Network network, final List<? extends NetworkACLItem> rules, final boolean isPrivateGateway) {
|
||||
super(network);
|
||||
this.rules = rules;
|
||||
_rules = rules;
|
||||
_isPrivateGateway = isPrivateGateway;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean accept(final NetworkTopologyVisitor visitor, final VirtualRouter router) throws ResourceUnavailableException {
|
||||
this._router = router;
|
||||
_router = router;
|
||||
|
||||
return visitor.visit(this);
|
||||
}
|
||||
|
||||
public List<? extends NetworkACLItem> getRules() {
|
||||
return rules;
|
||||
return _rules;
|
||||
}
|
||||
|
||||
public boolean isPrivateGateway() {
|
||||
return _isPrivateGateway;
|
||||
}
|
||||
|
||||
public void createNetworkACLsCommands(final List<? extends NetworkACLItem> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId, final boolean privateGateway) {
|
||||
List<NetworkACLTO> rulesTO = new ArrayList<NetworkACLTO>();
|
||||
String guestVlan = null;
|
||||
Network guestNtwk = _networkDao.findById(guestNetworkId);
|
||||
URI uri = guestNtwk.getBroadcastUri();
|
||||
if (uri != null) {
|
||||
guestVlan = BroadcastDomainType.getValue(uri);
|
||||
}
|
||||
|
||||
if (rules != null) {
|
||||
for (NetworkACLItem rule : rules) {
|
||||
NetworkACLTO ruleTO = new NetworkACLTO(rule, guestVlan, rule.getTrafficType());
|
||||
rulesTO.add(ruleTO);
|
||||
}
|
||||
}
|
||||
|
||||
SetNetworkACLCommand cmd = new SetNetworkACLCommand(rulesTO, _networkHelper.getNicTO(router, guestNetworkId, null));
|
||||
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
|
||||
cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(guestNetworkId, router.getId()));
|
||||
cmd.setAccessDetail(NetworkElementCommand.GUEST_VLAN_TAG, guestVlan);
|
||||
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
|
||||
DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId());
|
||||
cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString());
|
||||
if (privateGateway) {
|
||||
cmd.setAccessDetail(NetworkElementCommand.VPC_PRIVATE_GATEWAY, String.valueOf(VpcGateway.Type.Private));
|
||||
}
|
||||
|
||||
cmds.addCommand(cmd);
|
||||
}
|
||||
}
|
||||
202
server/src/com/cloud/network/rules/NicPlugInOutRules.java
Normal file
202
server/src/com/cloud/network/rules/NicPlugInOutRules.java
Normal file
@ -0,0 +1,202 @@
|
||||
// Licensed to the Apache Software Foundation (ASF) under one
|
||||
// or more contributor license agreements. See the NOTICE file
|
||||
// distributed with this work for additional information
|
||||
// regarding copyright ownership. The ASF licenses this file
|
||||
// to you under the Apache License, Version 2.0 (the
|
||||
// "License"); you may not use this file except in compliance
|
||||
// with the License. You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing,
|
||||
// software distributed under the License is distributed on an
|
||||
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
// KIND, either express or implied. See the License for the
|
||||
// specific language governing permissions and limitations
|
||||
// under the License.
|
||||
|
||||
package com.cloud.network.rules;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Map.Entry;
|
||||
|
||||
import org.apache.cloudstack.network.topology.NetworkTopologyVisitor;
|
||||
import org.apache.log4j.Logger;
|
||||
|
||||
import com.cloud.agent.api.Command;
|
||||
import com.cloud.agent.api.NetworkUsageCommand;
|
||||
import com.cloud.agent.manager.Commands;
|
||||
import com.cloud.exception.ConcurrentOperationException;
|
||||
import com.cloud.exception.InsufficientCapacityException;
|
||||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.IpAddress;
|
||||
import com.cloud.network.Network;
|
||||
import com.cloud.network.Networks.BroadcastDomainType;
|
||||
import com.cloud.network.Networks.IsolationType;
|
||||
import com.cloud.network.PublicIpAddress;
|
||||
import com.cloud.network.router.VirtualRouter;
|
||||
import com.cloud.network.vpc.VpcVO;
|
||||
import com.cloud.user.UserStatisticsVO;
|
||||
import com.cloud.utils.Pair;
|
||||
import com.cloud.vm.Nic;
|
||||
import com.cloud.vm.NicProfile;
|
||||
import com.cloud.vm.NicVO;
|
||||
|
||||
public class NicPlugInOutRules extends RuleApplier {
|
||||
|
||||
private static final Logger s_logger = Logger.getLogger(NicPlugInOutRules.class);
|
||||
|
||||
private final List<? extends PublicIpAddress> _ipAddresses;
|
||||
|
||||
private Commands _netUsageCommands;
|
||||
|
||||
public NicPlugInOutRules(final Network network, final List<? extends PublicIpAddress> ipAddresses) {
|
||||
super(network);
|
||||
_ipAddresses = ipAddresses;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean accept(final NetworkTopologyVisitor visitor, final VirtualRouter router) throws ResourceUnavailableException {
|
||||
|
||||
Pair<Map<String, PublicIpAddress>, Map<String, PublicIpAddress>> nicsToChange = getNicsToChangeOnRouter(_ipAddresses, router);
|
||||
Map<String, PublicIpAddress> nicsToPlug = nicsToChange.first();
|
||||
Map<String, PublicIpAddress> nicsToUnplug = nicsToChange.second();
|
||||
|
||||
//1) Unplug the nics
|
||||
for (Entry<String, PublicIpAddress> entry : nicsToUnplug.entrySet()) {
|
||||
Network publicNtwk = null;
|
||||
try {
|
||||
publicNtwk = _networkModel.getNetwork(entry.getValue().getNetworkId());
|
||||
URI broadcastUri = BroadcastDomainType.Vlan.toUri(entry.getKey());
|
||||
_itMgr.removeVmFromNetwork(router, publicNtwk, broadcastUri);
|
||||
} catch (ConcurrentOperationException e) {
|
||||
s_logger.warn("Failed to remove router " + router + " from vlan " + entry.getKey() + " in public network " + publicNtwk + " due to ", e);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
_netUsageCommands = new Commands(Command.OnError.Continue);
|
||||
VpcVO vpc = _vpcDao.findById(router.getVpcId());
|
||||
|
||||
//2) Plug the nics
|
||||
for (String vlanTag : nicsToPlug.keySet()) {
|
||||
PublicIpAddress ip = nicsToPlug.get(vlanTag);
|
||||
//have to plug the nic(s)
|
||||
NicProfile defaultNic = new NicProfile();
|
||||
if (ip.isSourceNat()) {
|
||||
defaultNic.setDefaultNic(true);
|
||||
}
|
||||
defaultNic.setIp4Address(ip.getAddress().addr());
|
||||
defaultNic.setGateway(ip.getGateway());
|
||||
defaultNic.setNetmask(ip.getNetmask());
|
||||
defaultNic.setMacAddress(ip.getMacAddress());
|
||||
defaultNic.setBroadcastType(BroadcastDomainType.Vlan);
|
||||
defaultNic.setBroadcastUri(BroadcastDomainType.Vlan.toUri(ip.getVlanTag()));
|
||||
defaultNic.setIsolationUri(IsolationType.Vlan.toUri(ip.getVlanTag()));
|
||||
|
||||
NicProfile publicNic = null;
|
||||
Network publicNtwk = null;
|
||||
try {
|
||||
publicNtwk = _networkModel.getNetwork(ip.getNetworkId());
|
||||
publicNic = _itMgr.addVmToNetwork(router, publicNtwk, defaultNic);
|
||||
} catch (ConcurrentOperationException e) {
|
||||
s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk + " due to ", e);
|
||||
} catch (InsufficientCapacityException e) {
|
||||
s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk + " due to ", e);
|
||||
} finally {
|
||||
if (publicNic == null) {
|
||||
s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
//Create network usage commands. Send commands to router after IPAssoc
|
||||
NetworkUsageCommand netUsageCmd =
|
||||
new NetworkUsageCommand(router.getPrivateIpAddress(), router.getInstanceName(), true, defaultNic.getIp4Address(), vpc.getCidr());
|
||||
_netUsageCommands.addCommand(netUsageCmd);
|
||||
UserStatisticsVO stats =
|
||||
_userStatsDao.findBy(router.getAccountId(), router.getDataCenterId(), publicNtwk.getId(), publicNic.getIp4Address(), router.getId(), router.getType()
|
||||
.toString());
|
||||
if (stats == null) {
|
||||
stats =
|
||||
new UserStatisticsVO(router.getAccountId(), router.getDataCenterId(), publicNic.getIp4Address(), router.getId(), router.getType().toString(),
|
||||
publicNtwk.getId());
|
||||
_userStatsDao.persist(stats);
|
||||
}
|
||||
}
|
||||
|
||||
// Let the IpAssociationRule call the visitor fot the NicPlugInOutRule
|
||||
return true;
|
||||
}
|
||||
|
||||
public List<? extends PublicIpAddress> getIpAddresses() {
|
||||
return _ipAddresses;
|
||||
}
|
||||
|
||||
public Commands getNetUsageCommands() {
|
||||
return _netUsageCommands;
|
||||
}
|
||||
|
||||
private Pair<Map<String, PublicIpAddress>, Map<String, PublicIpAddress>> getNicsToChangeOnRouter(final List<? extends PublicIpAddress> publicIps,
|
||||
final VirtualRouter router) {
|
||||
//1) check which nics need to be plugged/unplugged and plug/unplug them
|
||||
|
||||
Map<String, PublicIpAddress> nicsToPlug = new HashMap<String, PublicIpAddress>();
|
||||
Map<String, PublicIpAddress> nicsToUnplug = new HashMap<String, PublicIpAddress>();
|
||||
|
||||
//find out nics to unplug
|
||||
for (PublicIpAddress ip : publicIps) {
|
||||
long publicNtwkId = ip.getNetworkId();
|
||||
|
||||
//if ip is not associated to any network, and there are no firewall rules, release it on the backend
|
||||
if (!_vpcMgr.isIpAllocatedToVpc(ip)) {
|
||||
ip.setState(IpAddress.State.Releasing);
|
||||
}
|
||||
|
||||
if (ip.getState() == IpAddress.State.Releasing) {
|
||||
Nic nic = _nicDao.findByIp4AddressAndNetworkIdAndInstanceId(publicNtwkId, router.getId(), ip.getAddress().addr());
|
||||
if (nic != null) {
|
||||
nicsToUnplug.put(ip.getVlanTag(), ip);
|
||||
s_logger.debug("Need to unplug the nic for ip=" + ip + "; vlan=" + ip.getVlanTag() + " in public network id =" + publicNtwkId);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//find out nics to plug
|
||||
for (PublicIpAddress ip : publicIps) {
|
||||
URI broadcastUri = BroadcastDomainType.Vlan.toUri(ip.getVlanTag());
|
||||
long publicNtwkId = ip.getNetworkId();
|
||||
|
||||
//if ip is not associated to any network, and there are no firewall rules, release it on the backend
|
||||
if (!_vpcMgr.isIpAllocatedToVpc(ip)) {
|
||||
ip.setState(IpAddress.State.Releasing);
|
||||
}
|
||||
|
||||
if (ip.getState() == IpAddress.State.Allocated || ip.getState() == IpAddress.State.Allocating) {
|
||||
//nic has to be plugged only when there are no nics for this vlan tag exist on VR
|
||||
Nic nic = _nicDao.findByNetworkIdInstanceIdAndBroadcastUri(publicNtwkId, router.getId(), broadcastUri.toString());
|
||||
|
||||
if (nic == null && nicsToPlug.get(ip.getVlanTag()) == null) {
|
||||
nicsToPlug.put(ip.getVlanTag(), ip);
|
||||
s_logger.debug("Need to plug the nic for ip=" + ip + "; vlan=" + ip.getVlanTag() + " in public network id =" + publicNtwkId);
|
||||
} else {
|
||||
PublicIpAddress nicToUnplug = nicsToUnplug.get(ip.getVlanTag());
|
||||
if (nicToUnplug != null) {
|
||||
NicVO nicVO = _nicDao.findByIp4AddressAndNetworkIdAndInstanceId(publicNtwkId, router.getId(), nicToUnplug.getAddress().addr());
|
||||
nicVO.setIp4Address(ip.getAddress().addr());
|
||||
_nicDao.update(nicVO.getId(), nicVO);
|
||||
s_logger.debug("Updated the nic " + nicVO + " with the new ip address " + ip.getAddress().addr());
|
||||
nicsToUnplug.remove(ip.getVlanTag());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Pair<Map<String, PublicIpAddress>, Map<String, PublicIpAddress>> nicsToChange =
|
||||
new Pair<Map<String, PublicIpAddress>, Map<String, PublicIpAddress>>(nicsToPlug, nicsToUnplug);
|
||||
|
||||
return nicsToChange;
|
||||
}
|
||||
}
|
||||
@ -34,11 +34,15 @@ import com.cloud.network.dao.LoadBalancerDao;
|
||||
import com.cloud.network.dao.NetworkDao;
|
||||
import com.cloud.network.lb.LoadBalancingRulesManager;
|
||||
import com.cloud.network.router.NEWVirtualNetworkApplianceManager;
|
||||
import com.cloud.network.router.NetworkGeneralHelper;
|
||||
import com.cloud.network.router.RouterControlHelper;
|
||||
import com.cloud.network.router.VirtualRouter;
|
||||
import com.cloud.network.vpc.VpcManager;
|
||||
import com.cloud.network.vpc.dao.VpcDao;
|
||||
import com.cloud.offerings.dao.NetworkOfferingDao;
|
||||
import com.cloud.service.dao.ServiceOfferingDao;
|
||||
import com.cloud.storage.dao.VMTemplateDao;
|
||||
import com.cloud.user.dao.UserStatisticsDao;
|
||||
import com.cloud.uservm.UserVm;
|
||||
import com.cloud.utils.StringUtils;
|
||||
import com.cloud.vm.NicVO;
|
||||
@ -77,6 +81,12 @@ public abstract class RuleApplier {
|
||||
|
||||
protected FirewallRulesDao _rulesDao;
|
||||
|
||||
protected UserStatisticsDao _userStatsDao;
|
||||
|
||||
protected VpcDao _vpcDao;
|
||||
|
||||
protected VpcManager _vpcMgr;
|
||||
|
||||
protected VirtualMachineManager _itMgr;
|
||||
|
||||
protected Network _network;
|
||||
@ -85,8 +95,10 @@ public abstract class RuleApplier {
|
||||
|
||||
protected RouterControlHelper _routerControlHelper;
|
||||
|
||||
protected NetworkGeneralHelper _networkHelper;
|
||||
|
||||
public RuleApplier(final Network network) {
|
||||
this._network = network;
|
||||
_network = network;
|
||||
}
|
||||
|
||||
public abstract boolean accept(NetworkTopologyVisitor visitor, VirtualRouter router) throws ResourceUnavailableException;
|
||||
|
||||
@ -80,7 +80,6 @@ public class SshKeyToRouterRules extends RuleApplier {
|
||||
|
||||
cmds.addCommand("password", cmd);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public VirtualMachineProfile getProfile() {
|
||||
|
||||
@ -33,10 +33,15 @@ import com.cloud.network.dao.LoadBalancerDao;
|
||||
import com.cloud.network.dao.NetworkDao;
|
||||
import com.cloud.network.lb.LoadBalancingRule;
|
||||
import com.cloud.network.lb.LoadBalancingRulesManager;
|
||||
import com.cloud.network.router.NetworkGeneralHelper;
|
||||
import com.cloud.network.router.RouterControlHelper;
|
||||
import com.cloud.network.vpc.NetworkACLItem;
|
||||
import com.cloud.network.vpc.VpcManager;
|
||||
import com.cloud.network.vpc.dao.VpcDao;
|
||||
import com.cloud.offerings.dao.NetworkOfferingDao;
|
||||
import com.cloud.service.dao.ServiceOfferingDao;
|
||||
import com.cloud.storage.dao.VMTemplateDao;
|
||||
import com.cloud.user.dao.UserStatisticsDao;
|
||||
import com.cloud.vm.NicProfile;
|
||||
import com.cloud.vm.VirtualMachineManager;
|
||||
import com.cloud.vm.VirtualMachineProfile;
|
||||
@ -73,6 +78,15 @@ public class VirtualNetworkApplianceFactory {
|
||||
@Inject
|
||||
protected UserVmDao _userVmDao;
|
||||
|
||||
@Inject
|
||||
protected UserStatisticsDao _userStatsDao;
|
||||
|
||||
@Inject
|
||||
protected VpcDao _vpcDao;
|
||||
|
||||
@Inject
|
||||
protected VpcManager _vpcMgr;
|
||||
|
||||
@Inject
|
||||
protected ServiceOfferingDao _serviceOfferingDao;
|
||||
|
||||
@ -91,6 +105,9 @@ public class VirtualNetworkApplianceFactory {
|
||||
@Inject
|
||||
protected RouterControlHelper _routerControlHelper;
|
||||
|
||||
@Inject
|
||||
protected NetworkGeneralHelper _networkHelper;
|
||||
|
||||
public LoadBalancingRules createLoadBalancingRules(final Network network, final List<LoadBalancingRule> rules) {
|
||||
LoadBalancingRules lbRules = new LoadBalancingRules(network, rules);
|
||||
|
||||
@ -141,6 +158,16 @@ public class VirtualNetworkApplianceFactory {
|
||||
return ipAssociationRules;
|
||||
}
|
||||
|
||||
public VpcIpAssociationRules createVpcIpAssociationRules(final Network network, final List<? extends PublicIpAddress> ipAddresses, final NicPlugInOutRules nicPlugInOutRules) {
|
||||
VpcIpAssociationRules ipAssociationRules = new VpcIpAssociationRules(network, ipAddresses, nicPlugInOutRules);
|
||||
|
||||
initBeans(ipAssociationRules);
|
||||
|
||||
ipAssociationRules._networkDao = _networkDao;
|
||||
|
||||
return ipAssociationRules;
|
||||
}
|
||||
|
||||
public VpnRules createVpnRules(final Network network, final List<? extends VpnUser> users) {
|
||||
VpnRules vpnRules = new VpnRules(network, users);
|
||||
|
||||
@ -205,4 +232,26 @@ public class VirtualNetworkApplianceFactory {
|
||||
|
||||
return dhcpRules;
|
||||
}
|
||||
|
||||
public NicPlugInOutRules createNicPluInOutRules(final Network network, final List<? extends PublicIpAddress> ipAddresses) {
|
||||
NicPlugInOutRules nicPlug = new NicPlugInOutRules(network, ipAddresses);
|
||||
|
||||
initBeans(nicPlug);
|
||||
|
||||
nicPlug._vpcDao = _vpcDao;
|
||||
nicPlug._userStatsDao = _userStatsDao;
|
||||
nicPlug._vpcMgr = _vpcMgr;
|
||||
|
||||
return nicPlug;
|
||||
}
|
||||
|
||||
public NetworkAclsRules createNetworkAclRules(final Network network, final List<? extends NetworkACLItem> rules, final boolean isPrivateGateway) {
|
||||
NetworkAclsRules networkAclsRules = new NetworkAclsRules(network, rules, isPrivateGateway);
|
||||
|
||||
initBeans(networkAclsRules);
|
||||
|
||||
networkAclsRules._networkHelper = _networkHelper;
|
||||
|
||||
return networkAclsRules;
|
||||
}
|
||||
}
|
||||
@ -17,32 +17,158 @@
|
||||
|
||||
package com.cloud.network.rules;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.cloudstack.network.topology.NetworkTopologyVisitor;
|
||||
import org.apache.log4j.Logger;
|
||||
|
||||
import com.cloud.agent.api.routing.IpAssocVpcCommand;
|
||||
import com.cloud.agent.api.routing.NetworkElementCommand;
|
||||
import com.cloud.agent.api.routing.SetSourceNatCommand;
|
||||
import com.cloud.agent.api.to.IpAddressTO;
|
||||
import com.cloud.agent.manager.Commands;
|
||||
import com.cloud.dc.DataCenterVO;
|
||||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.IpAddress;
|
||||
import com.cloud.network.Network;
|
||||
import com.cloud.network.Networks.BroadcastDomainType;
|
||||
import com.cloud.network.PublicIpAddress;
|
||||
import com.cloud.network.router.VirtualRouter;
|
||||
import com.cloud.utils.Pair;
|
||||
import com.cloud.utils.exception.CloudRuntimeException;
|
||||
import com.cloud.vm.Nic;
|
||||
|
||||
public class VpcIpAssociationRules extends RuleApplier {
|
||||
|
||||
private static final Logger s_logger = Logger.getLogger(VpcIpAssociationRules.class);
|
||||
|
||||
private final List<? extends PublicIpAddress> _ipAddresses;
|
||||
|
||||
public VpcIpAssociationRules(final Network network, final List<? extends PublicIpAddress> ipAddresses) {
|
||||
private final NicPlugInOutRules _nicPlugInOutRules;
|
||||
|
||||
private Map<String, String> _vlanMacAddress;
|
||||
|
||||
private List<PublicIpAddress> _ipsToSend;
|
||||
|
||||
public VpcIpAssociationRules(final Network network, final List<? extends PublicIpAddress> ipAddresses, final NicPlugInOutRules nicPlugInOutRules) {
|
||||
super(network);
|
||||
_ipAddresses = ipAddresses;
|
||||
_nicPlugInOutRules = nicPlugInOutRules;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean accept(final NetworkTopologyVisitor visitor, final VirtualRouter router) throws ResourceUnavailableException {
|
||||
_router = router;
|
||||
|
||||
_vlanMacAddress = new HashMap<String, String>();
|
||||
_ipsToSend = new ArrayList<PublicIpAddress>();
|
||||
|
||||
for (PublicIpAddress ipAddr : _ipAddresses) {
|
||||
String broadcastURI = BroadcastDomainType.Vlan.toUri(ipAddr.getVlanTag()).toString();
|
||||
Nic nic = _nicDao.findByNetworkIdInstanceIdAndBroadcastUri(ipAddr.getNetworkId(), router.getId(), broadcastURI);
|
||||
|
||||
String macAddress = null;
|
||||
if (nic == null) {
|
||||
if (ipAddr.getState() != IpAddress.State.Releasing) {
|
||||
throw new CloudRuntimeException("Unable to find the nic in network " + ipAddr.getNetworkId() + " to apply the ip address " + ipAddr + " for");
|
||||
}
|
||||
s_logger.debug("Not sending release for ip address " + ipAddr + " as its nic is already gone from VPC router " + router);
|
||||
} else {
|
||||
macAddress = nic.getMacAddress();
|
||||
_vlanMacAddress.put(BroadcastDomainType.getValue(BroadcastDomainType.fromString(ipAddr.getVlanTag())), macAddress);
|
||||
_ipsToSend.add(ipAddr);
|
||||
}
|
||||
}
|
||||
|
||||
return visitor.visit(this);
|
||||
}
|
||||
|
||||
public List<? extends PublicIpAddress> getIpAddresses() {
|
||||
return _ipAddresses;
|
||||
}
|
||||
|
||||
public NicPlugInOutRules getNicPlugInOutRules() {
|
||||
return _nicPlugInOutRules;
|
||||
}
|
||||
|
||||
public Map<String, String> getVlanMacAddress() {
|
||||
return _vlanMacAddress;
|
||||
}
|
||||
|
||||
public List<PublicIpAddress> getIpsToSend() {
|
||||
return _ipsToSend;
|
||||
}
|
||||
|
||||
public void createVpcAssociatePublicIPCommands(final VirtualRouter router, final List<? extends PublicIpAddress> ips, final Commands cmds,
|
||||
final Map<String, String> vlanMacAddress) {
|
||||
|
||||
Pair<IpAddressTO, Long> sourceNatIpAdd = null;
|
||||
Boolean addSourceNat = null;
|
||||
// Ensure that in multiple vlans case we first send all ip addresses of vlan1, then all ip addresses of vlan2, etc..
|
||||
Map<String, ArrayList<PublicIpAddress>> vlanIpMap = new HashMap<String, ArrayList<PublicIpAddress>>();
|
||||
for (final PublicIpAddress ipAddress : ips) {
|
||||
String vlanTag = ipAddress.getVlanTag();
|
||||
ArrayList<PublicIpAddress> ipList = vlanIpMap.get(vlanTag);
|
||||
if (ipList == null) {
|
||||
ipList = new ArrayList<PublicIpAddress>();
|
||||
}
|
||||
//VR doesn't support release for sourceNat IP address; so reset the state
|
||||
if (ipAddress.isSourceNat() && ipAddress.getState() == IpAddress.State.Releasing) {
|
||||
ipAddress.setState(IpAddress.State.Allocated);
|
||||
}
|
||||
ipList.add(ipAddress);
|
||||
vlanIpMap.put(vlanTag, ipList);
|
||||
}
|
||||
|
||||
for (Map.Entry<String, ArrayList<PublicIpAddress>> vlanAndIp : vlanIpMap.entrySet()) {
|
||||
List<PublicIpAddress> ipAddrList = vlanAndIp.getValue();
|
||||
|
||||
// Get network rate - required for IpAssoc
|
||||
Integer networkRate = _networkModel.getNetworkRate(ipAddrList.get(0).getNetworkId(), router.getId());
|
||||
Network network = _networkModel.getNetwork(ipAddrList.get(0).getNetworkId());
|
||||
|
||||
IpAddressTO[] ipsToSend = new IpAddressTO[ipAddrList.size()];
|
||||
int i = 0;
|
||||
|
||||
for (final PublicIpAddress ipAddr : ipAddrList) {
|
||||
boolean add = (ipAddr.getState() == IpAddress.State.Releasing ? false : true);
|
||||
|
||||
String macAddress = vlanMacAddress.get(BroadcastDomainType.getValue(BroadcastDomainType.fromString(ipAddr.getVlanTag())));
|
||||
|
||||
IpAddressTO ip =
|
||||
new IpAddressTO(ipAddr.getAccountId(), ipAddr.getAddress().addr(), add, false, ipAddr.isSourceNat(), ipAddr.getVlanTag(), ipAddr.getGateway(),
|
||||
ipAddr.getNetmask(), macAddress, networkRate, ipAddr.isOneToOneNat());
|
||||
|
||||
ip.setTrafficType(network.getTrafficType());
|
||||
ip.setNetworkName(_networkModel.getNetworkTag(router.getHypervisorType(), network));
|
||||
ipsToSend[i++] = ip;
|
||||
if (ipAddr.isSourceNat()) {
|
||||
sourceNatIpAdd = new Pair<IpAddressTO, Long>(ip, ipAddr.getNetworkId());
|
||||
addSourceNat = add;
|
||||
}
|
||||
}
|
||||
IpAssocVpcCommand cmd = new IpAssocVpcCommand(ipsToSend);
|
||||
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
|
||||
cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(ipAddrList.get(0).getNetworkId(), router.getId()));
|
||||
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
|
||||
DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId());
|
||||
cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString());
|
||||
|
||||
cmds.addCommand("IPAssocVpcCommand", cmd);
|
||||
}
|
||||
|
||||
//set source nat ip
|
||||
if (sourceNatIpAdd != null) {
|
||||
IpAddressTO sourceNatIp = sourceNatIpAdd.first();
|
||||
SetSourceNatCommand cmd = new SetSourceNatCommand(sourceNatIp, addSourceNat);
|
||||
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
|
||||
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
|
||||
DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId());
|
||||
cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString());
|
||||
cmds.addCommand("SetSourceNatCommand", cmd);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -27,10 +27,16 @@ import org.springframework.stereotype.Component;
|
||||
import com.cloud.deploy.DeployDestination;
|
||||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.Network;
|
||||
import com.cloud.network.PublicIpAddress;
|
||||
import com.cloud.network.router.VirtualRouter;
|
||||
import com.cloud.network.rules.DhcpEntryRules;
|
||||
import com.cloud.network.rules.NetworkAclsRules;
|
||||
import com.cloud.network.rules.NicPlugInOutRules;
|
||||
import com.cloud.network.rules.RuleApplier;
|
||||
import com.cloud.network.rules.RuleApplierWrapper;
|
||||
import com.cloud.network.rules.UserdataPwdRules;
|
||||
import com.cloud.network.rules.VpcIpAssociationRules;
|
||||
import com.cloud.network.vpc.NetworkACLItem;
|
||||
import com.cloud.vm.DomainRouterVO;
|
||||
import com.cloud.vm.NicProfile;
|
||||
import com.cloud.vm.VirtualMachineProfile;
|
||||
@ -48,7 +54,7 @@ public class AdvancedNetworkTopology extends BasicNetworkTopology {
|
||||
public boolean applyUserData(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest, final List<DomainRouterVO> routers)
|
||||
throws ResourceUnavailableException {
|
||||
|
||||
s_logger.debug("APPLYING USERDATA RULES");
|
||||
s_logger.debug("APPLYING VPC USERDATA RULES");
|
||||
|
||||
final String typeString = "userdata and password entry";
|
||||
final boolean isPodLevelException = false;
|
||||
@ -64,7 +70,7 @@ public class AdvancedNetworkTopology extends BasicNetworkTopology {
|
||||
public boolean applyDhcpEntry(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest,
|
||||
final List<DomainRouterVO> routers) throws ResourceUnavailableException {
|
||||
|
||||
s_logger.debug("APPLYING DHCP ENTRY RULES");
|
||||
s_logger.debug("APPLYING VPC DHCP ENTRY RULES");
|
||||
|
||||
final String typeString = "dhcp entry";
|
||||
final Long podId = null;
|
||||
@ -75,4 +81,48 @@ public class AdvancedNetworkTopology extends BasicNetworkTopology {
|
||||
|
||||
return applyRules(network, routers, typeString, isPodLevelException, podId, failWhenDisconnect, new RuleApplierWrapper<RuleApplier>(dhcpRules));
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean associatePublicIP(final Network network, final List<? extends PublicIpAddress> ipAddresses, final List<? extends VirtualRouter> routers)
|
||||
throws ResourceUnavailableException {
|
||||
if (ipAddresses == null || ipAddresses.isEmpty()) {
|
||||
s_logger.debug("No ip association rules to be applied for network " + network.getId());
|
||||
return true;
|
||||
}
|
||||
|
||||
//only one router is supported in VPC now
|
||||
VirtualRouter router = routers.get(0);
|
||||
|
||||
if (router.getVpcId() == null) {
|
||||
return super.associatePublicIP(network, ipAddresses, routers);
|
||||
}
|
||||
|
||||
s_logger.debug("APPLYING VPC IP RULES");
|
||||
|
||||
final String typeString = "vpc ip association";
|
||||
final boolean isPodLevelException = false;
|
||||
final boolean failWhenDisconnect = false;
|
||||
final Long podId = null;
|
||||
|
||||
NicPlugInOutRules nicPlugInOutRules = _virtualNetworkApplianceFactory.createNicPluInOutRules(network, ipAddresses);
|
||||
VpcIpAssociationRules ipAssociationRules = _virtualNetworkApplianceFactory.createVpcIpAssociationRules(network, ipAddresses, nicPlugInOutRules);
|
||||
|
||||
return applyRules(network, routers, typeString, isPodLevelException, podId, failWhenDisconnect, new RuleApplierWrapper<RuleApplier>(ipAssociationRules));
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean applyNetworkACLs(final Network network, final List<? extends NetworkACLItem> rules, final List<? extends VirtualRouter> routers, final boolean isPrivateGateway)
|
||||
throws ResourceUnavailableException {
|
||||
|
||||
s_logger.debug("APPLYING NETWORK ACLs RULES");
|
||||
|
||||
final String typeString = "network acls";
|
||||
final boolean isPodLevelException = false;
|
||||
final boolean failWhenDisconnect = false;
|
||||
final Long podId = null;
|
||||
|
||||
NetworkAclsRules aclsRules = _virtualNetworkApplianceFactory.createNetworkAclRules(network, rules, isPrivateGateway);
|
||||
|
||||
return applyRules(network, routers, typeString, isPodLevelException, podId, failWhenDisconnect, new RuleApplierWrapper<RuleApplier>(aclsRules));
|
||||
}
|
||||
}
|
||||
@ -17,21 +17,25 @@
|
||||
|
||||
package org.apache.cloudstack.network.topology;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import com.cloud.agent.api.Command;
|
||||
import com.cloud.agent.manager.Commands;
|
||||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.Network;
|
||||
import com.cloud.network.PublicIpAddress;
|
||||
import com.cloud.network.router.VirtualRouter;
|
||||
import com.cloud.network.rules.DhcpEntryRules;
|
||||
import com.cloud.network.rules.DhcpSubNetRules;
|
||||
import com.cloud.network.rules.NetworkAclsRules;
|
||||
import com.cloud.network.rules.PasswordToRouterRules;
|
||||
import com.cloud.network.rules.NicPlugInOutRules;
|
||||
import com.cloud.network.rules.PrivateGatewayRules;
|
||||
import com.cloud.network.rules.SshKeyToRouterRules;
|
||||
import com.cloud.network.rules.UserdataPwdRules;
|
||||
import com.cloud.network.rules.UserdataToRouterRules;
|
||||
import com.cloud.network.rules.VpcIpAssociationRules;
|
||||
import com.cloud.network.vpc.NetworkACLItem;
|
||||
import com.cloud.vm.NicVO;
|
||||
import com.cloud.vm.UserVmVO;
|
||||
import com.cloud.vm.VirtualMachineProfile;
|
||||
@ -68,28 +72,41 @@ public class AdvancedNetworkVisitor extends BasicNetworkVisitor {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean visit(final SshKeyToRouterRules sshkey) throws ResourceUnavailableException {
|
||||
return false;
|
||||
}
|
||||
public boolean visit(final NicPlugInOutRules nicPlugInOutRules) throws ResourceUnavailableException {
|
||||
final VirtualRouter router = nicPlugInOutRules.getRouter();
|
||||
|
||||
@Override
|
||||
public boolean visit(final PasswordToRouterRules pwd) throws ResourceUnavailableException {
|
||||
return false;
|
||||
final Commands commands = nicPlugInOutRules.getNetUsageCommands();
|
||||
|
||||
return _applianceManager.sendCommandsToRouter(router, commands);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean visit(final NetworkAclsRules acls) throws ResourceUnavailableException {
|
||||
return false;
|
||||
final VirtualRouter router = acls.getRouter();
|
||||
final Network network = acls.getNetwork();
|
||||
|
||||
Commands commands = new Commands(Command.OnError.Continue);
|
||||
List<? extends NetworkACLItem> rules = acls.getRules();
|
||||
acls.createNetworkACLsCommands(rules, router, commands, network.getId(), acls.isPrivateGateway());
|
||||
|
||||
return _applianceManager.sendCommandsToRouter(router, commands);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean visit(final VpcIpAssociationRules vpcip) throws ResourceUnavailableException {
|
||||
return false;
|
||||
}
|
||||
final VirtualRouter router = vpcip.getRouter();
|
||||
|
||||
@Override
|
||||
public boolean visit(final UserdataToRouterRules userdata) throws ResourceUnavailableException {
|
||||
return false;
|
||||
Commands cmds = new Commands(Command.OnError.Continue);
|
||||
Map<String, String> vlanMacAddress = vpcip.getVlanMacAddress();
|
||||
List<PublicIpAddress> ipsToSend = vpcip.getIpsToSend();
|
||||
|
||||
|
||||
if (!ipsToSend.isEmpty()) {
|
||||
vpcip.createVpcAssociatePublicIPCommands(router, ipsToSend, cmds, vlanMacAddress);
|
||||
return _applianceManager.sendCommandsToRouter(router, cmds);
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -42,6 +42,7 @@ import com.cloud.network.PublicIpAddress;
|
||||
import com.cloud.network.VpnUser;
|
||||
import com.cloud.network.lb.LoadBalancingRule;
|
||||
import com.cloud.network.router.VirtualRouter;
|
||||
import com.cloud.network.rules.DhcpEntryRules;
|
||||
import com.cloud.network.rules.FirewallRule;
|
||||
import com.cloud.network.rules.FirewallRules;
|
||||
import com.cloud.network.rules.IpAssociationRules;
|
||||
@ -56,6 +57,8 @@ import com.cloud.network.rules.UserdataPwdRules;
|
||||
import com.cloud.network.rules.UserdataToRouterRules;
|
||||
import com.cloud.network.rules.VirtualNetworkApplianceFactory;
|
||||
import com.cloud.network.rules.VpnRules;
|
||||
import com.cloud.network.vpc.NetworkACLItem;
|
||||
import com.cloud.utils.exception.CloudRuntimeException;
|
||||
import com.cloud.vm.DomainRouterVO;
|
||||
import com.cloud.vm.NicProfile;
|
||||
import com.cloud.vm.UserVmVO;
|
||||
@ -100,6 +103,12 @@ public class BasicNetworkTopology implements NetworkTopology {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean applyNetworkACLs(final Network network, final List<? extends NetworkACLItem> rules, final List<? extends VirtualRouter> routers, final boolean isPrivateGateway)
|
||||
throws ResourceUnavailableException {
|
||||
throw new CloudRuntimeException("applyNetworkACLs not implemented in Basic Network Topology.");
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean configDhcpForSubnet(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest,
|
||||
final List<DomainRouterVO> routers) throws ResourceUnavailableException {
|
||||
@ -109,9 +118,6 @@ public class BasicNetworkTopology implements NetworkTopology {
|
||||
@Override
|
||||
public boolean applyDhcpEntry(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest,
|
||||
final List<DomainRouterVO> routers) throws ResourceUnavailableException {
|
||||
<<<<<<< HEAD
|
||||
return false;
|
||||
=======
|
||||
|
||||
s_logger.debug("APPLYING DHCP ENTRY RULES");
|
||||
|
||||
@ -119,9 +125,11 @@ public class BasicNetworkTopology implements NetworkTopology {
|
||||
final Long podId = dest.getPod().getId();
|
||||
boolean isPodLevelException = false;
|
||||
|
||||
//for user vm in Basic zone we should try to re-deploy vm in a diff pod if it fails to deploy in original pod; so throwing exception with Pod scope
|
||||
if (podId != null && profile.getVirtualMachine().getType() == VirtualMachine.Type.User && network.getTrafficType() == TrafficType.Guest &&
|
||||
network.getGuestType() == Network.GuestType.Shared) {
|
||||
// for user vm in Basic zone we should try to re-deploy vm in a diff pod
|
||||
// if it fails to deploy in original pod; so throwing exception with Pod
|
||||
// scope
|
||||
if (podId != null && profile.getVirtualMachine().getType() == VirtualMachine.Type.User && network.getTrafficType() == TrafficType.Guest
|
||||
&& network.getGuestType() == Network.GuestType.Shared) {
|
||||
isPodLevelException = true;
|
||||
}
|
||||
|
||||
@ -130,7 +138,6 @@ public class BasicNetworkTopology implements NetworkTopology {
|
||||
DhcpEntryRules dhcpRules = _virtualNetworkApplianceFactory.createDhcpEntryRules(network, nic, profile, dest);
|
||||
|
||||
return applyRules(network, routers, typeString, isPodLevelException, podId, failWhenDisconnect, new RuleApplierWrapper<RuleApplier>(dhcpRules));
|
||||
>>>>>>> ee0389b... fixing import in virtual router element and checkstyle in dhcp entry related changes
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -40,6 +40,7 @@ import com.cloud.network.rules.FirewallRules;
|
||||
import com.cloud.network.rules.IpAssociationRules;
|
||||
import com.cloud.network.rules.LoadBalancingRules;
|
||||
import com.cloud.network.rules.NetworkAclsRules;
|
||||
import com.cloud.network.rules.NicPlugInOutRules;
|
||||
import com.cloud.network.rules.PasswordToRouterRules;
|
||||
import com.cloud.network.rules.PortForwardingRule;
|
||||
import com.cloud.network.rules.PrivateGatewayRules;
|
||||
@ -215,16 +216,6 @@ public class BasicNetworkVisitor extends NetworkTopologyVisitor {
|
||||
return _applianceManager.sendCommandsToRouter(router, cmds);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean visit(final NetworkAclsRules nat) throws ResourceUnavailableException {
|
||||
throw new CloudRuntimeException("NetworkAclsRules not implemented in Basic Network Topology.");
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean visit(final VpcIpAssociationRules nat) throws ResourceUnavailableException {
|
||||
throw new CloudRuntimeException("VpcIpAssociationRules not implemented in Basic Network Topology.");
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean visit(final UserdataToRouterRules userdata) throws ResourceUnavailableException {
|
||||
final VirtualRouter router = userdata.getRouter();
|
||||
@ -238,11 +229,6 @@ public class BasicNetworkVisitor extends NetworkTopologyVisitor {
|
||||
return _applianceManager.sendCommandsToRouter(router, commands);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean visit(final PrivateGatewayRules userdata) throws ResourceUnavailableException {
|
||||
throw new CloudRuntimeException("PrivateGatewayRules not implemented in Basic Network Topology.");
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean visit(final VpnRules vpn) throws ResourceUnavailableException {
|
||||
VirtualRouter router = vpn.getRouter();
|
||||
@ -263,4 +249,24 @@ public class BasicNetworkVisitor extends NetworkTopologyVisitor {
|
||||
public boolean visit(final VpnRules userdata) throws ResourceUnavailableException {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean visit(final NicPlugInOutRules nicPlugInOutRules) throws ResourceUnavailableException {
|
||||
throw new CloudRuntimeException("NicPlugInOutRules not implemented in Basic Network Topology.");
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean visit(final NetworkAclsRules nat) throws ResourceUnavailableException {
|
||||
throw new CloudRuntimeException("NetworkAclsRules not implemented in Basic Network Topology.");
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean visit(final VpcIpAssociationRules nat) throws ResourceUnavailableException {
|
||||
throw new CloudRuntimeException("VpcIpAssociationRules not implemented in Basic Network Topology.");
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean visit(final PrivateGatewayRules userdata) throws ResourceUnavailableException {
|
||||
throw new CloudRuntimeException("PrivateGatewayRules not implemented in Basic Network Topology.");
|
||||
}
|
||||
}
|
||||
@ -31,6 +31,7 @@ import com.cloud.network.rules.FirewallRule;
|
||||
import com.cloud.network.rules.RuleApplier;
|
||||
import com.cloud.network.rules.RuleApplierWrapper;
|
||||
import com.cloud.network.rules.StaticNat;
|
||||
import com.cloud.network.vpc.NetworkACLItem;
|
||||
import com.cloud.vm.DomainRouterVO;
|
||||
import com.cloud.vm.NicProfile;
|
||||
import com.cloud.vm.VirtualMachineProfile;
|
||||
@ -49,10 +50,12 @@ public interface NetworkTopology {
|
||||
boolean applyDhcpEntry(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest, final List<DomainRouterVO> routers)
|
||||
throws ResourceUnavailableException;
|
||||
|
||||
boolean applyRules(final Network network, final List<? extends VirtualRouter> routers, final String typeString, final boolean isPodLevelException, final Long podId,
|
||||
final boolean failWhenDisconnect, RuleApplierWrapper<RuleApplier> ruleApplier) throws ResourceUnavailableException;
|
||||
// ====== USER FOR VPC ONLY ====== //
|
||||
|
||||
// ====== USER FOR GUEST NETWORK ====== //
|
||||
boolean applyNetworkACLs(final Network network, final List<? extends NetworkACLItem> rules, final List<? extends VirtualRouter> routers, final boolean isPrivateGateway)
|
||||
throws ResourceUnavailableException;
|
||||
|
||||
// ====== USER FOR GUEST NETWORK AND VCP ====== //
|
||||
|
||||
boolean applyUserData(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest, final List<DomainRouterVO> routers)
|
||||
throws ResourceUnavailableException;
|
||||
@ -74,4 +77,7 @@ public interface NetworkTopology {
|
||||
|
||||
boolean saveUserDataToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List<? extends VirtualRouter> routers)
|
||||
throws ResourceUnavailableException;
|
||||
|
||||
boolean applyRules(final Network network, final List<? extends VirtualRouter> routers, final String typeString, final boolean isPodLevelException, final Long podId,
|
||||
final boolean failWhenDisconnect, RuleApplierWrapper<RuleApplier> ruleApplier) throws ResourceUnavailableException;
|
||||
}
|
||||
@ -23,6 +23,7 @@ import com.cloud.network.rules.FirewallRules;
|
||||
import com.cloud.network.rules.IpAssociationRules;
|
||||
import com.cloud.network.rules.LoadBalancingRules;
|
||||
import com.cloud.network.rules.NetworkAclsRules;
|
||||
import com.cloud.network.rules.NicPlugInOutRules;
|
||||
import com.cloud.network.rules.PasswordToRouterRules;
|
||||
import com.cloud.network.rules.PrivateGatewayRules;
|
||||
import com.cloud.network.rules.SshKeyToRouterRules;
|
||||
@ -69,4 +70,5 @@ public abstract class NetworkTopologyVisitor {
|
||||
public abstract boolean visit(DhcpPvlanRules vpn) throws ResourceUnavailableException;
|
||||
|
||||
public abstract boolean visit(DhcpSubNetRules vpn) throws ResourceUnavailableException;
|
||||
public abstract boolean visit(NicPlugInOutRules nicPlugInOutRules) throws ResourceUnavailableException;
|
||||
}
|
||||
@ -33,17 +33,12 @@ import com.cloud.exception.ConcurrentOperationException;
|
||||
import com.cloud.exception.InsufficientCapacityException;
|
||||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.Network;
|
||||
import com.cloud.network.PublicIpAddress;
|
||||
import com.cloud.network.RemoteAccessVpn;
|
||||
import com.cloud.network.Site2SiteVpnConnection;
|
||||
import com.cloud.network.VpcVirtualNetworkApplianceService;
|
||||
import com.cloud.network.VpnUser;
|
||||
import com.cloud.network.lb.LoadBalancingRule;
|
||||
import com.cloud.network.router.VirtualRouter;
|
||||
import com.cloud.network.router.VpcVirtualNetworkApplianceManager;
|
||||
import com.cloud.network.rules.FirewallRule;
|
||||
import com.cloud.network.rules.StaticNat;
|
||||
import com.cloud.network.vpc.NetworkACLItem;
|
||||
import com.cloud.network.vpc.PrivateGateway;
|
||||
import com.cloud.network.vpc.StaticRouteProfile;
|
||||
import com.cloud.user.Account;
|
||||
@ -66,32 +61,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement
|
||||
return false;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see com.cloud.network.router.VirtualNetworkApplianceManager#savePasswordToRouter(com.cloud.network.Network, com.cloud.vm.NicProfile, com.cloud.vm.VirtualMachineProfile, java.util.List)
|
||||
*/
|
||||
@Override
|
||||
public boolean savePasswordToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List<? extends VirtualRouter> routers)
|
||||
throws ResourceUnavailableException {
|
||||
// TODO Auto-generated method stub
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean saveSSHPublicKeyToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List<? extends VirtualRouter> routers, final String sshPublicKey)
|
||||
throws ResourceUnavailableException {
|
||||
return false; //To change body of implemented methods use File | Settings | File Templates.
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see com.cloud.network.router.VirtualNetworkApplianceManager#saveUserDataToRouter(com.cloud.network.Network, com.cloud.vm.NicProfile, com.cloud.vm.VirtualMachineProfile, java.util.List)
|
||||
*/
|
||||
@Override
|
||||
public boolean saveUserDataToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List<? extends VirtualRouter> routers)
|
||||
throws ResourceUnavailableException {
|
||||
// TODO Auto-generated method stub
|
||||
return false;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see com.cloud.network.router.VirtualNetworkApplianceManager#startRemoteAccessVpn(com.cloud.network.Network, com.cloud.network.RemoteAccessVpn, java.util.List)
|
||||
*/
|
||||
@ -110,25 +79,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement
|
||||
return false;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see com.cloud.network.router.VirtualNetworkApplianceManager#associatePublicIP(com.cloud.network.Network, java.util.List, java.util.List)
|
||||
*/
|
||||
@Override
|
||||
public boolean associatePublicIP(final Network network, final List<? extends PublicIpAddress> ipAddress, final List<? extends VirtualRouter> routers)
|
||||
throws ResourceUnavailableException {
|
||||
// TODO Auto-generated method stub
|
||||
return false;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see com.cloud.network.router.VirtualNetworkApplianceManager#applyFirewallRules(com.cloud.network.Network, java.util.List, java.util.List)
|
||||
*/
|
||||
@Override
|
||||
public boolean applyFirewallRules(final Network network, final List<? extends FirewallRule> rules, final List<? extends VirtualRouter> routers) throws ResourceUnavailableException {
|
||||
// TODO Auto-generated method stub
|
||||
return false;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see com.cloud.network.router.VirtualNetworkApplianceManager#getRoutersForNetwork(long)
|
||||
*/
|
||||
@ -152,7 +102,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement
|
||||
*/
|
||||
@Override
|
||||
public VirtualRouter stop(final VirtualRouter router, final boolean forced, final User callingUser, final Account callingAccount) throws ConcurrentOperationException,
|
||||
ResourceUnavailableException {
|
||||
// TODO Auto-generated method stub
|
||||
return null;
|
||||
}
|
||||
@ -166,38 +115,9 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement
|
||||
return null;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see com.cloud.network.router.VirtualNetworkApplianceManager#applyStaticNats(com.cloud.network.Network, java.util.List, java.util.List)
|
||||
*/
|
||||
@Override
|
||||
public boolean applyStaticNats(final Network network, final List<? extends StaticNat> rules, final List<? extends VirtualRouter> routers) throws ResourceUnavailableException {
|
||||
// TODO Auto-generated method stub
|
||||
return false;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see com.cloud.network.router.VirtualNetworkApplianceManager#applyDhcpEntry(com.cloud.network.Network, com.cloud.vm.NicProfile, com.cloud.vm.VirtualMachineProfile, com.cloud.deploy.DeployDestination, java.util.List)
|
||||
*/
|
||||
@Override
|
||||
public boolean applyDhcpEntry(final Network config, final NicProfile nic, final VirtualMachineProfile vm, final DeployDestination dest, final List<DomainRouterVO> routers)
|
||||
throws ResourceUnavailableException {
|
||||
// TODO Auto-generated method stub
|
||||
return false;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see com.cloud.network.router.VirtualNetworkApplianceManager#applyUserData(com.cloud.network.Network, com.cloud.vm.NicProfile, com.cloud.vm.VirtualMachineProfile, com.cloud.deploy.DeployDestination, java.util.List)
|
||||
*/
|
||||
@Override
|
||||
public boolean applyUserData(final Network config, final NicProfile nic, final VirtualMachineProfile vm, final DeployDestination dest, final List<DomainRouterVO> routers)
|
||||
throws ResourceUnavailableException {
|
||||
// TODO Auto-generated method stub
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean configDhcpForSubnet(final Network network, final NicProfile nic, final VirtualMachineProfile uservm, final DeployDestination dest, final List<DomainRouterVO> routers)
|
||||
throws ResourceUnavailableException {
|
||||
throws ResourceUnavailableException {
|
||||
return false; //To change body of implemented methods use File | Settings | File Templates.
|
||||
}
|
||||
|
||||
@ -211,7 +131,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement
|
||||
*/
|
||||
@Override
|
||||
public VirtualRouter startRouter(final long routerId, final boolean reprogramNetwork) throws ConcurrentOperationException, ResourceUnavailableException,
|
||||
InsufficientCapacityException {
|
||||
// TODO Auto-generated method stub
|
||||
return null;
|
||||
}
|
||||
@ -221,7 +140,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement
|
||||
*/
|
||||
@Override
|
||||
public VirtualRouter rebootRouter(final long routerId, final boolean reprogramNetwork) throws ConcurrentOperationException, ResourceUnavailableException,
|
||||
InsufficientCapacityException {
|
||||
// TODO Auto-generated method stub
|
||||
return null;
|
||||
}
|
||||
@ -312,17 +230,10 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement
|
||||
*/
|
||||
@Override
|
||||
public boolean removeVpcRouterFromGuestNetwork(final VirtualRouter router, final Network network, final boolean isRedundant) throws ConcurrentOperationException,
|
||||
ResourceUnavailableException {
|
||||
// TODO Auto-generated method stub
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean applyNetworkACLs(final Network network, final List<? extends NetworkACLItem> rules, final List<? extends VirtualRouter> routers, final boolean privateGateway)
|
||||
throws ResourceUnavailableException {
|
||||
return false; //To change body of implemented methods use File | Settings | File Templates.
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see com.cloud.network.router.VpcVirtualNetworkApplianceManager#setupPrivateGateway(com.cloud.network.vpc.PrivateGateway, com.cloud.network.router.VirtualRouter)
|
||||
*/
|
||||
@ -374,13 +285,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean applyLoadBalancingRules(final Network network, final List<? extends LoadBalancingRule> rules, final List<? extends VirtualRouter> routers)
|
||||
throws ResourceUnavailableException {
|
||||
// TODO Auto-generated method stub
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public VirtualRouter findRouter(final long routerId) {
|
||||
// TODO Auto-generated method stub
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user