apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

LOUDSTACK-751: changed the way the code retrieves the blacklisted.routes config. Now it always reads it from the DB while before we used to load it only on the management server start, and the update happened only after MS restart

Browse Source
This commit is contained in:
Alena Prokharchyk 2013-04-23 12:19:14 -07:00
parent 2712ddda26
commit ba4b8f1705
2 changed files with 22 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
server/src/com/cloud/configuration/ConfigurationManagerImpl.java
View File

@ -590,7 +590,8 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
if (route != null) { if (route != null) {
String routeToVerify = route.trim(); String routeToVerify = route.trim();
if (!NetUtils.isValidCIDR(routeToVerify)) { if (!NetUtils.isValidCIDR(routeToVerify)) {
throw new InvalidParameterValueException("Invalid value for blacklisted route: " + route); throw new InvalidParameterValueException("Invalid value for blacklisted route: " + route + ". Valid format is list" +
" of cidrs separated by coma. Example: 10.1.1.0/24,192.168.0.0/24");
} }
} }
} }

53
server/src/com/cloud/network/vpc/VpcManagerImpl.java
View File

@ -39,11 +39,9 @@ import org.springframework.stereotype.Component;
import com.cloud.configuration.Config; import com.cloud.configuration.Config;
import com.cloud.configuration.ConfigurationManager; import com.cloud.configuration.ConfigurationManager;
import com.cloud.configuration.ConfigurationVO;
import com.cloud.configuration.Resource.ResourceType; import com.cloud.configuration.Resource.ResourceType;
import com.cloud.configuration.dao.ConfigurationDao; import com.cloud.configuration.dao.ConfigurationDao;
import com.cloud.dc.DataCenter; import com.cloud.dc.DataCenter;
import com.cloud.dc.DataCenterVO;
import com.cloud.dc.Vlan.VlanType; import com.cloud.dc.Vlan.VlanType;
import com.cloud.dc.VlanVO; import com.cloud.dc.VlanVO;
import com.cloud.dc.dao.DataCenterDao; import com.cloud.dc.dao.DataCenterDao;
@ -187,9 +185,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
private List<VpcProvider> vpcElements = null; private List<VpcProvider> vpcElements = null;
private final List<Service> nonSupportedServices = Arrays.asList(Service.SecurityGroup, Service.Firewall); private final List<Service> nonSupportedServices = Arrays.asList(Service.SecurityGroup, Service.Firewall);
private final List<Provider> supportedProviders = Arrays.asList(Provider.VPCVirtualRouter, Provider.NiciraNvp); private final List<Provider> supportedProviders = Arrays.asList(Provider.VPCVirtualRouter, Provider.NiciraNvp);
private Map<Long, Set<String>> zoneBlackListedRoutes;
int _cleanupInterval; int _cleanupInterval;
int _maxNetworks; int _maxNetworks;
SearchBuilder<IPAddressVO> IpAddressSearch; SearchBuilder<IPAddressVO> IpAddressSearch;
@ -240,26 +236,6 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
IpAddressSearch.join("virtualNetworkVlanSB", virtualNetworkVlanSB, IpAddressSearch.entity().getVlanId(), virtualNetworkVlanSB.entity().getId(), JoinBuilder.JoinType.INNER); IpAddressSearch.join("virtualNetworkVlanSB", virtualNetworkVlanSB, IpAddressSearch.entity().getVlanId(), virtualNetworkVlanSB.entity().getId(), JoinBuilder.JoinType.INNER);
IpAddressSearch.done(); IpAddressSearch.done();
//populate blacklisted routes
List<DataCenterVO> zones = _dcDao.listAllZones();
zoneBlackListedRoutes = new HashMap<Long, Set<String>>();
for (DataCenterVO zone : zones) {
List<ConfigurationVO> confs = _configServer.getConfigListByScope(Config.ConfigurationParameterScope.zone.toString(), zone.getId());
for (ConfigurationVO conf : confs) {
String routeStr = conf.getValue();
if (conf.getName().equalsIgnoreCase(Config.BlacklistedRoutes.key()) && routeStr != null && !routeStr.isEmpty()) {
String[] routes = routeStr.split(",");
Set<String> cidrs = new HashSet<String>();
for (String route : routes) {
cidrs.add(route);
}
zoneBlackListedRoutes.put(zone.getId(), cidrs);
break;
}
}
}
return true; return true;
} }
@ -1684,14 +1660,8 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
} }
//3) Verify against blacklisted routes //3) Verify against blacklisted routes
Set<String> cidrBlackList = zoneBlackListedRoutes.get(vpc.getZoneId()); if (isCidrBlacklisted(cidr, vpc.getZoneId())) {
throw new InvalidParameterValueException("The static gateway cidr overlaps with one of the blacklisted routes of the zone the VPC belongs to");
if (cidrBlackList != null && !cidrBlackList.isEmpty()) {
for (String blackListedRoute : cidrBlackList) {
if (NetUtils.isNetworksOverlap(blackListedRoute, cidr)) {
throw new InvalidParameterValueException("The static gateway cidr overlaps with one of the blacklisted routes of the VPC zone");
}
}
} }
Transaction txn = Transaction.currentTxn(); Transaction txn = Transaction.currentTxn();
@ -1713,6 +1683,23 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
return newRoute; return newRoute;
} }
protected boolean isCidrBlacklisted(String cidr, long zoneId) {
String routesStr = _configServer.getConfigValue(Config.BlacklistedRoutes.key(), Config.ConfigurationParameterScope.zone.toString(), zoneId);
if (routesStr != null && !routesStr.isEmpty()) {
String[] cidrBlackList = routesStr.split(",");
if (cidrBlackList != null && cidrBlackList.length > 0) {
for (String blackListedRoute : cidrBlackList) {
if (NetUtils.isNetworksOverlap(blackListedRoute, cidr)) {
return true;
}
}
}
}
return false;
}
@Override @Override
public Pair<List<? extends StaticRoute>, Integer> listStaticRoutes(ListStaticRoutesCmd cmd) { public Pair<List<? extends StaticRoute>, Integer> listStaticRoutes(ListStaticRoutesCmd cmd) {
Long id = cmd.getId(); Long id = cmd.getId();