diff --git a/engine/components-api/src/com/cloud/network/IpAddressManager.java b/engine/components-api/src/com/cloud/network/IpAddressManager.java index 1df23baca8e..0ab5cccb78b 100644 --- a/engine/components-api/src/com/cloud/network/IpAddressManager.java +++ b/engine/components-api/src/com/cloud/network/IpAddressManager.java @@ -43,6 +43,9 @@ public interface IpAddressManager { "If true, when account has dedicated public ip range(s), once the ips dedicated to the account have been consumed ips will be acquired from the system pool", true, ConfigKey.Scope.Account); + static final ConfigKey RulesContinueOnError = new ConfigKey("Advanced", Boolean.class, "network.rule.delete.ignoreerror", "true", + "When true, ip address delete (ipassoc) failures are ignored", true); + /** * Assigns a new public ip address. * diff --git a/server/src/com/cloud/network/IpAddressManagerImpl.java b/server/src/com/cloud/network/IpAddressManagerImpl.java index 2af596a6f7e..9f3cecca667 100644 --- a/server/src/com/cloud/network/IpAddressManagerImpl.java +++ b/server/src/com/cloud/network/IpAddressManagerImpl.java @@ -282,6 +282,8 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage SearchBuilder AssignIpAddressSearch; SearchBuilder AssignIpAddressFromPodVlanSearch; + static Boolean rulesContinueOnErrFlag = true; + @Override public boolean configure(String name, Map params) { // populate providers @@ -403,7 +405,11 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage Network.State.getStateMachine().registerListener(new NetworkStateListener(_configDao)); - s_logger.info("Network Manager is configured."); + if (RulesContinueOnError.value() != null) { + rulesContinueOnErrFlag = RulesContinueOnError.value(); + } + + s_logger.info("IPAddress Manager is configured."); return true; } @@ -601,7 +607,7 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage if (ip.getAssociatedWithNetworkId() != null) { Network network = _networksDao.findById(ip.getAssociatedWithNetworkId()); try { - if (!applyIpAssociations(network, true)) { + if (!applyIpAssociations(network, rulesContinueOnErrFlag)) { s_logger.warn("Unable to apply ip address associations for " + network); success = false; } @@ -2026,6 +2032,6 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage @Override public ConfigKey[] getConfigKeys() { - return new ConfigKey[] {UseSystemPublicIps}; + return new ConfigKey[] {UseSystemPublicIps, RulesContinueOnError}; } } diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java index d633a8ba869..2905fc38eb2 100644 --- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java @@ -143,12 +143,16 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, IpAddressManager _ipAddrMgr; private boolean _elbEnabled = false; + static Boolean rulesContinueOnErrFlag = true; @Override public boolean configure(String name, Map params) throws ConfigurationException { _name = name; String elbEnabledString = _configDao.getValue(Config.ElasticLoadBalancerEnabled.key()); _elbEnabled = Boolean.parseBoolean(elbEnabledString); + if (_ipAddrMgr.RulesContinueOnError.value() != null) { + rulesContinueOnErrFlag = _ipAddrMgr.RulesContinueOnError.value(); + } return true; } @@ -851,8 +855,12 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, // now send everything to the backend List rulesToApply = _firewallDao.listByIpAndPurpose(ipId, Purpose.Firewall); - applyFirewallRules(rulesToApply, true, caller); - + //apply rules + if (!applyFirewallRules(rulesToApply, rulesContinueOnErrFlag, caller)) { + if (!rulesContinueOnErrFlag) { + return false; + } + } // Now we check again in case more rules have been inserted. rules.addAll(_firewallDao.listByIpAndPurposeAndNotRevoked(ipId, Purpose.Firewall)); diff --git a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java index ddc6b0baba9..5e19ad7b1b9 100644 --- a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java +++ b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java @@ -2001,7 +2001,10 @@ public class LoadBalancingRulesManagerImpl extends ManagerBase implements @Override public boolean removeAllLoadBalanacersForIp(long ipId, Account caller, long callerUserId) { - List rules = _firewallDao.listByIpAndPurposeAndNotRevoked(ipId, Purpose.LoadBalancing); + + //Included revoked rules to remove the rules of ips which are in revoke state + List rules = _firewallDao.listByIpAndPurpose(ipId, Purpose.LoadBalancing); + if (rules != null) { s_logger.debug("Found " + rules.size() + " lb rules to cleanup"); for (FirewallRule rule : rules) { diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index a9595448294..97f3d9483d9 100644 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -1845,7 +1845,15 @@ Configurable, StateListener