Remove firewall rule along with pf/staticNat/lb rule if the pf/staticNat/lb failed to create due to network rule conflict

2025-10-26 08:42:29 +01:00 · 2011-08-12 16:19:09 -07:00 · 2011-08-12 16:19:09 -07:00 · d8a9612ef7
commit d8a9612ef7
parent eb18d6dd55
2 changed files with 22 additions and 3 deletions
--- a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
+++ b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
@ -53,8 +53,8 @@ import com.cloud.network.LoadBalancerVMMapVO;
 import com.cloud.network.LoadBalancerVO;
 import com.cloud.network.Network.Service;
 import com.cloud.network.NetworkManager;
-import com.cloud.network.dao.FirewallRulesCidrsDao;
 import com.cloud.network.NetworkVO;
+import com.cloud.network.dao.FirewallRulesCidrsDao;
 import com.cloud.network.dao.FirewallRulesDao;
 import com.cloud.network.dao.IPAddressDao;
 import com.cloud.network.dao.LoadBalancerDao;
@ -73,7 +73,6 @@ import com.cloud.user.UserContext;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.uservm.UserVm;
 import com.cloud.utils.Pair;
-import com.cloud.utils.component.Adapters;
 import com.cloud.utils.component.Inject;
 import com.cloud.utils.component.Manager;
 import com.cloud.utils.db.DB;
@ -132,6 +131,8 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
    ElasticLoadBalancerManager _elbMgr;
    @Inject
    NetworkDao _networkDao;
+    @Inject
+    FirewallRulesDao _firewallDao;
    
    
    @Override
@ -453,6 +454,12 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
            throw new CloudRuntimeException("Unable to add rule for ip address id=" + newRule.getSourceIpAddressId(), e);
        } finally {
            if (!success) {
+                
+                txn.start();
+                _firewallDao.remove(_firewallDao.findByRelatedId(newRule.getId()).getId());
+                _lbDao.remove(newRule.getId());
+                txn.commit();
+                
                _lbDao.remove(newRule.getId());
            }
        }
--- a/server/src/com/cloud/network/rules/RulesManagerImpl.java
+++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java
@ -221,7 +221,14 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
            txn.commit();
            return newRule;
        } catch (Exception e) {
+            
+            txn.start();
+            
+            _firewallDao.remove(_firewallDao.findByRelatedId(newRule.getId()).getId());
            _forwardingDao.remove(newRule.getId());
+            
+            txn.commit();
+            
            if (e instanceof NetworkRuleConflictException) {
                throw (NetworkRuleConflictException) e;
            }
@ -280,7 +287,12 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {

            return staticNatRule;
        } catch (Exception e) {
-            _forwardingDao.remove(newRule.getId());
+            
+            txn.start();
+            _firewallDao.remove(_firewallDao.findByRelatedId(newRule.getId()).getId());
+            _forwardingDao.remove(newRule.getId()); 
+            txn.commit();
+            
            if (e instanceof NetworkRuleConflictException) {
                throw (NetworkRuleConflictException) e;
            }