apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Squashed commit of the following:

Browse Source 
commit 7ce45ea1087407b87ff14d0f9ae5a7647c3f3ccc
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 15 18:36:33 2013 +0530

    Fixed indentation and line ending

commit 0232048f904b850700899d65ded089d8d7e7ab83
Merge: 735c4c8 97911e9
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 15 17:05:59 2013 +0530

    Merge branch 'master' into cisco-vnmc-api-integration

    Conflicts:
    	api/src/org/apache/cloudstack/api/ApiConstants.java
    	client/tomcatconf/commands.properties.in
    	setup/db/db/schema-410to420.sql
    	tools/marvin/marvin/integration/lib/base.py

commit 735c4c895515a7d3acd59c97d98de95cc5935353
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 15 15:20:37 2013 +0530

    Fixed unit tests based on recent changes in the Vnmc resource code

commit f166f2d0bf9e341316c74ef8de4b52b3d5e14f4d
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 15 14:50:25 2013 +0530

    added tests to register vnmc and asa appliance in cloudstack

commit f38be4810e2e1349260ee262b85db81f60252d9e
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 8 18:42:06 2013 +0530

    Removed unwanted files

commit 902ce426c1ebba2d826744123edd971819f73763
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 8 17:59:30 2013 +0530

    Fixed auto-wiring of components for Cisco Vnmc

commit 08467ee30709268b536e649b24ad029db792934c
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 8 16:04:54 2013 +0530

    Fixed compilation issues, incorrect merges from last commit

commit 67f11d46ad8c13f371fe94c57fb287cb9d6005d1
Merge: 3422cee c9c68e1
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 8 15:11:10 2013 +0530

    Merge branch 'master' into cisco-vnmc-api-integration

commit 3422ceefb6d1f5a92ec0868c1261a22e2cfbc54e
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 8 14:42:32 2013 +0530

    Correctly associating nat, acl policy sets to edge security profile in VNMC

commit 9c1e193fca6f5e7687634fe27a98616362267fbf
Author: Koushik Das <koushik.das@citrix.com>
Date:   Sun Apr 7 21:22:22 2013 +0530

    Passing correct subnet mask while creating edge firewall in VNMC

commit 05e3d04b55549ef098a769509171b24ca4a62957
Author: Koushik Das <koushik.das@citrix.com>
Date:   Tue Apr 2 17:50:57 2013 +0530

    Added changes related to icmp

commit bcecb589de84caa570754c246565dfaa1cb1c2bf
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 1 13:57:21 2013 +0530

    Some xml file renames

commit 9c1ee93f2e74ea785ca06cb25f62fad4ad10c69e
Author: Koushik Das <koushik.das@citrix.com>
Date:   Sat Mar 30 15:54:25 2013 +0530

    Fixed PF and static NAT rule creation in VNMC

commit 7e6159fa054ec13c8f70fb58af2fdae2f55a0c70
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 27 18:53:49 2013 +0530

    Added more unit tests for Cisco Vnmc element

commit fc0ed9adb6eaecbe5abbce1088eb80b98953f5cf
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 27 16:48:28 2013 +0530

    Cleaning up VNMC config as part of network shutdown

commit 5a427d48e20f50260b80c57f6e4c3bc6d9057c3f
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 27 02:22:54 2013 +0530

    Added unit test for Vnmc network element implement() method

commit 48cbf34d3bf44a5601842fa8bbc41be6beea3b07
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 27 02:20:45 2013 +0530

    Passing correct gateway ip while creating vservice node and guest port profile in Nexus

commit 2c386c61ef48a7cf9b282952152ecb7cedd21977
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 22 13:50:52 2013 +0530

    Nexus 1000v fix

commit 4d2168bfa980f1fa4b8a0d10aaf4bdd2395de7cf
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 22 00:30:01 2013 +0530

    Egress firewall rule

commit e81ab3a2f443cf0c032a1fae6ed8e0697865b69e
Author: Koushik Das <koushik.das@citrix.com>
Date:   Thu Mar 21 10:50:29 2013 +0530

    More tests for VnmcResource class

commit 9e9c179212e8c0896972c1f19a3327f97832697e
Author: Koushik Das <koushik.das@citrix.com>
Date:   Thu Mar 21 00:25:10 2013 +0530

    Fixed build issue from master merge

commit f0c1af2b5c037bf49bfc2775108600e2fbdc720f
Merge: 4f305c2 873ec27
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 20 16:20:10 2013 +0530

    Merge branch 'master' into cisco-vnmc-api-integration

    Conflicts:
    	api/src/com/cloud/network/Network.java
    	api/src/org/apache/cloudstack/api/ApiConstants.java
    	client/tomcatconf/components-nonoss.xml.in
    	client/tomcatconf/nonossComponentContext.xml.in
    	plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/manager/VmwareManagerImpl.java
    	plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
    	setup/db/db/schema-410to420.sql
    	vmware-base/src/com/cloud/hypervisor/vmware/mo/HypervisorHostHelper.java

commit 4f305c2beb02f836b5ece4e897bf812cd1e03751
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 20 15:09:34 2013 +0530

    Initial set of tests, will add more in subsequent commits

commit 50bfcc1f752e9ca9b8330d2c4e3b8c5c9dd33155
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 20 15:02:14 2013 +0530

    Updated pom to copy xmls to target location during build

commit 45bc92b8262e715fdead9411666cbe3274d3ee02
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 20 14:58:59 2013 +0530

    Fixed cpmpilation issue as missed out adding this file

commit 2ce7cdc756bd43adec006b877cb41da6f3e9dd57
Author: Koushik Das <koushik.das@citrix.com>
Date:   Sun Mar 17 17:02:25 2013 +0530

    Creating vservice node and associating it with port profile in nexus for guest VMs

commit 387545caff60541bda5eb67e7fd91e61df5fde3e
Author: Koushik Das <koushik.das@citrix.com>
Date:   Sat Mar 16 11:14:43 2013 +0530

    Added license headers to XML files

commit 43e29974215a73788b249f246d7e62825cf8b4e6
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 13 11:51:59 2013 +0530

    Changes related to instantiating the dao components

commit 99e88ecbf9980abe86fce89807b089a8c1a1a549
Author: Koushik Das <koushik.das@citrix.com>
Date:   Tue Mar 12 23:40:35 2013 +0530

    Fix build errors after merge from master

commit 7c20b120c294fec4456a7052b630207eb0383458
Author: Koushik Das <koushik.das@citrix.com>
Date:   Tue Mar 12 23:31:46 2013 +0530

    Fixing poms and other xmls

commit ee868759a8817ec66364ddd9f87b37b3fb8efd08
Merge: 9c94b6d a1b33ca
Author: Koushik Das <koushik.das@citrix.com>
Date:   Tue Mar 12 14:44:59 2013 +0530

    Merge branch 'master' into cisco-vnmc-api-integration

    Conflicts:
    	api/src/com/cloud/network/Network.java
    	api/src/org/apache/cloudstack/api/ApiConstants.java
    	plugins/pom.xml
    	setup/db/create-schema.sql

commit 9c94b6d231d851c24e6605b6645931f39caff548
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 8 22:20:23 2013 +0530

    Fixed XML to create static route in VNMC correctly

commit ef069b33235c9d9864749fcfec878c2c255b8c10
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 8 15:26:26 2013 +0530

    Added logic for revoking ACL, PF and Static NAT rules

commit 4c65b70668bf994adc8c55096dfefde98eb18180
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 8 13:51:37 2013 +0530

    Renamed delete-acl-rule -> delete-rule

commit aa94eca516836949da40f1c0672c0aad9699c759
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 8 00:38:52 2013 +0530

    - Creating static routes in VNMC as part of edge firewall configuration
    - Passing order parameter while creating rules so that they are evaluated in a specific order
    - Added methods in VnmcResource for listing acl policies and rules belonging to variouos policies. This is used to compute order while creation of various rules in VNMC

commit cc824e8585dc011843125f070f9bbf8dbf985384
Author: Koushik Das <koushik.das@citrix.com>
Date:   Thu Mar 7 12:16:29 2013 +0530

    Adding appropriate ACL rules for PF and static NAT

commit fb23c503655b29d33c6206dbf4df1ed7f64ff5e2
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 1 17:21:45 2013 +0530

    Added logic for deleting various VNMC artifacts. Added/updated relevant xmls as well.

commit 970c21a9a335a86c495553db3e1f86c3379bdb8e
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 1 01:54:10 2013 +0530

    Added implementation for delete of asa and vnmc apis

commit 22e1455142690acd7d5c5faed443cfb263d09dd9
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 1 01:19:43 2013 +0530

    List asa api to return guest network if associated. From this it can be inferred if asa is available or not

commit 32223736c9a52a73a3e401c301cf7dc3534639d2
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 1 00:50:55 2013 +0530

    Added Vmware cluster info along with asa1kv appliance.
    This is used to select the correct n1kv vsm for configuring the guest network

commit deed3cc9510fee58a02d4f485e3625335f038a57
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Feb 25 18:03:59 2013 +0530

    Added support for static NAT rules.
    - Xmls for creating static nat rules in VNMC
    - applyStaticNats implementation in VNMC network element
    - handler for static nat in resource class

commit 681f0b7b509446d32fb326cd425cd6a8618fc45d
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Feb 25 10:44:13 2013 +0530

    Added implementation for firewall and port forwarding rules in Cisco VNMC element class

commit 66b01a6589e0577ff6ba2a14f8df4f32f8c400fb
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Feb 22 19:19:44 2013 +0530

    VNMC xml for deleting NAT policy

commit 5d9868676868c9f9555aa0e706a6f2f2430cd5cf
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Feb 22 19:16:41 2013 +0530

    Added support for PF/DNAT rules.
    Created methods in VNMCConnection class to create PF rules. Also moved out common code for PF and source NAT in methods.
    Updated the corresponding VNMC resource class.

commit 8db2fbeb8f04b81399f0932a1f8fd782264fb181
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Feb 22 18:21:45 2013 +0530

    Added xml for creating NAT policy set in VNMC

commit f2da0d50caf49efeb903b9abde9a4f996cf6cc1b
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Feb 22 18:17:53 2013 +0530

    Added VNMC XMLs for supporting PF/DNAT rules.
    Also moved out some XMLs related to source NAT to common files so that these can be used for both source NAT and DNAT

commit 124a48819d34547d5355396c151279a23899ff65
Author: Koushik Das <koushik.das@citrix.com>
Date:   Thu Feb 21 17:53:12 2013 +0530

    Separated out creation of ACL policy set and policy in VNMC

commit 1e38515f35f6e567e0118fbea1cdc0dc5ebf9965
Author: Koushik Das <koushik.das@citrix.com>
Date:   Thu Feb 21 11:54:44 2013 +0530

    Added changes to create ingress fw rules in VNMC

commit cb2fba9e7c331634893b4597841ea13784844a84
Author: Koushik Das <koushik.das@citrix.com>
Date:   Thu Feb 14 16:23:05 2013 +0530

    Source NAT in VNMC

commit 720fe2f908895f2102c1cb00698568f4ddd4b8cd
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Feb 13 14:16:47 2013 +0530

    Fix Vnmc test file

commit d6dbe790c6a569dceff1a598bec2522760695bdc
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Feb 13 12:07:03 2013 +0530

    Added db. tables for asa1kv devices and their mapping with guest network

commit 3fd7e30f6e84adb607c3d61be32ecb889cfa73b3
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Feb 13 11:52:12 2013 +0530

    Changes:
    - Added implementation for add/list asa1kv APIs
    - Added agent command for associating asa1kv appliance with logical edge firewall in VNMC
    - Added handler for the above agent command in VNMC resource class
    - Updated VNMC element class to support the above

commit d08e2a1fafdc68ea1c7d6327829aee5aa4c2c38d
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Feb 13 11:40:58 2013 +0530

    Added lifecycle APIs for Cisco Asa 1000v appliance.
    Added corresponding Dao and VO classes.
    Also added mapping Dao and VO for guest netwok and asa appliance

commit 6b999ec867bee2cd31aff5d495470b25af6d45f8
Author: Koushik Das <koushik.das@citrix.com>
Date:   Tue Feb 12 00:05:39 2013 +0530

    Changes:
    a. Added handlers for CreateLogicalEdgeFirewall and ConfigureNexusVSMForASA commands
    b. Logic for add/list vnmc device API
    c. Partial implementation for network element implement()

commit 0656250308f3dd8a6991ee124a0fa3781214b327
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Feb 11 23:48:19 2013 +0530

    Moved VNMC provider creation to Network.java. The plugin code would have been the ideal place to keep it but current state of the code doesn't allow it.

commit dc402eaa7a67c1b457ccf2243a0e53371a0bcfa9
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Feb 11 23:35:19 2013 +0530

    Added new commands for the following:
    a. Logical edge firewall creation in VNMC
    b. Asa1kv vservice node creation and updating asa1kv inside port profile with guest network vlan id in n1kv VSM

commit d6cdfe35f8bdb5a22759678da1cf6f1835debecc
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Feb 11 23:06:36 2013 +0530

    Added helper method to create port profile in n1kv VSM with additional parameters VDC tenant and edge security profile
    Added helper method to create a vservice node in n1kv VSM

commit db42da17e9d3cf7466e0f755d5046d710a5f5356
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Feb 11 22:44:01 2013 +0530

    Added database table for storing VNMC devices

commit f991436335254eae4dc11a9f089a5c6e94403cd3
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Feb 8 16:00:15 2013 +0530

    Added support for network offering creation with VNMC as provider for firewall, port forwarding, source nat

commit 74de210359396b1ac880aa0ffa3a38df6574e07d
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Feb 8 15:06:11 2013 +0530

    Added name attribute for the VNMC lifecycle commands

commit 6ce25ef11dd7eb98b0ae999f9748e7ea907b7e10
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 16:44:28 2013 -0800

    Fix licensing

commit 392cd8ed631009590c0001e88a82b17294af2c3e
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 16:38:19 2013 -0800

    cisco-vnmc: Fix api to use new conventions

commit 6b142bbaabc1a00c94ec598bbd8e257274372d42
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:33:33 2013 -0800

    WIP: configure ASA port profile

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit 1ae21ea49a5535a3e839aba0ccfe95c7e9d9abbd
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:33:01 2013 -0800

    WIP rename device to resource to better reflect nature of VNMC

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit 84d218f972e48d5f92e6659282d6d1762070b108
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:32:54 2013 -0800

    WIP: fixes for associating ASA1000v to tenant

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit d74c6a9ac2efc939aa98c466bf0cd9bcf5e5563c
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:32:45 2013 -0800

    WIP: fixes for associating ASA1000v to tenant

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit 9350d10849015c3bc710efff48045ca7bd9513f4
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:32:29 2013 -0800

    WIP: admin commands for adding / listing VNMC

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit a8031a0cfed08f59b9e22f5b914f7bc205e04104
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:30:41 2013 -0800

    WIP ASA 1000v listing"

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit f9cc674b9ce5a04f4cf1c17882c597fcc336b121
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:30:36 2013 -0800

    WIP : edge firewall

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit 6a0964af00437e2175c95f76e913683393ee8988
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:30:30 2013 -0800

    WIP : edge security policy

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit e32295e8cf3baacb154b2a6cecf48dc3be74f505
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:30:24 2013 -0800

    WIP : dhcp server policy

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit 446a9b84919e8e3d0ed9f131c675726c42ed6a4f
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:30:18 2013 -0800

    WIP : dhcp server policy

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit e35e0eb59ba3e011cad68155b06e96eaf257e91e
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:30:14 2013 -0800

    Move unit test

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit 2b43a3e74ef0e448eb407d3a967f9d8cf2a1d71b
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:30:08 2013 -0800

    Move unit test

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit 11b804a8940c17e105b25ac7f9dfd87651e4c55a
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:29:54 2013 -0800

    WIP: XML control of VNMC

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
This commit is contained in:
Koushik Das 2013-04-15 18:58:43 +05:30
parent ae16f33213
commit e94c70254b
103 changed files with 9751 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
api/src/com/cloud/network/Network.java
View File

@ -137,6 +137,7 @@ public interface Network extends ControlledEntity, StateObject<Network.State>, I
public static final Provider None = new Provider("None", false);
// NiciraNvp is not an "External" provider, otherwise we get in trouble with NetworkServiceImpl.providersConfiguredForExternalNetworking
public static final Provider NiciraNvp = new Provider("NiciraNvp", false);
public static final Provider CiscoVnmc = new Provider("CiscoVnmc", true);
private String name;
private boolean isExternal;

1
api/src/org/apache/cloudstack/api/ApiConstants.java
View File

@ -476,6 +476,7 @@ public class ApiConstants {
public static final String AFFINITY_GROUP_IDS = "affinitygroupids";
public static final String AFFINITY_GROUP_NAMES = "affinitygroupnames";
public static final String DEPLOYMENT_PLANNER = "deploymentplanner";
public static final String ASA_INSIDE_PORT_PROFILE = "insideportprofile";
public enum HostDetails {
all, capacity, events, stats, min;

1
api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java
View File

@ -43,6 +43,7 @@ public interface ExternalNetworkDeviceManager extends Manager {
public static final NetworkDevice F5BigIpLoadBalancer = new NetworkDevice("F5BigIpLoadBalancer", Network.Provider.F5BigIp.getName());
public static final NetworkDevice JuniperSRXFirewall = new NetworkDevice("JuniperSRXFirewall", Network.Provider.JuniperSRX.getName());
public static final NetworkDevice NiciraNvp = new NetworkDevice("NiciraNvp", Network.Provider.NiciraNvp.getName());
public static final NetworkDevice CiscoVnmc = new NetworkDevice("CiscoVnmc", Network.Provider.CiscoVnmc.getName());
public NetworkDevice(String deviceName, String ntwkServiceprovider) {
_name = deviceName;

10
client/pom.xml
View File

@ -455,6 +455,11 @@
file="${basedir}/target/generated-webapp/WEB-INF/web.xml"
match="classpath:componentContext.xml"
replace="classpath:nonossComponentContext.xml" byline="true" />
<exec executable="cp">
<arg value="-r" />
<arg value="${basedir}/../plugins/network-elements/cisco-vnmc/scripts" />
<arg value="${basedir}/target/generated-webapp/WEB-INF/classes/" />
</exec>
</target>
</configuration>
</execution>
@ -639,6 +644,11 @@
<artifactId>cloud-vmware-base</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cloudstack</groupId>
<artifactId>cloud-plugin-network-cisco-vnmc</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
</profile>
</profiles>

11
client/tomcatconf/commands.properties.in
View File

@ -577,3 +577,14 @@ deleteAffinityGroup=15
listAffinityGroups=15
updateVMAffinityGroup=15
listAffinityGroupTypes=15
#### Cisco Vnmc commands
addCiscoVnmcResource=1
deleteCiscoVnmcResource=1
listCiscoVnmcResources=1
#### Cisco Asa1000v commands
addCiscoAsa1000vResource=1
deleteCiscoAsa1000vResource=1
listCiscoAsa1000vResources=1

11
client/tomcatconf/nonossComponentContext.xml.in
View File

@ -136,6 +136,16 @@
<property name="name" value="CiscoNexus1000vVSM"/>
</bean>
<!--
Cisco VNMC support components
-->
<bean id="ciscoVnmcDaoImpl" class="com.cloud.network.dao.CiscoVnmcDaoImpl" />
<bean id="ciscoAsa1000vDaoImpl" class="com.cloud.network.dao.CiscoAsa1000vDaoImpl" />
<bean id="networkAsa1000vMapDaoImpl" class="com.cloud.network.dao.NetworkAsa1000vMapDaoImpl" />
<bean id="CiscoVNMC" class="com.cloud.network.element.CiscoVnmcElement">
<property name="name" value="CiscoVNMC"/>
</bean>
<!--
BigSwitch support components
-->
@ -324,6 +334,7 @@
<ref bean="Netscaler"/>
<ref bean="F5BigIP"/>
<ref bean="CiscoNexus1000vVSM"/>
<ref bean="CiscoVNMC"/>
<ref bean="NiciraNvp" />
<ref bean="MidoNetElement" />
<ref bean="bigSwitchVnsElement"/>

18
plugins/hypervisors/vmware/src/com/cloud/hypervisor/guru/VMwareGuru.java
View File

@ -52,7 +52,9 @@ import com.cloud.hypervisor.HypervisorGuru;
import com.cloud.hypervisor.HypervisorGuruBase;
import com.cloud.hypervisor.vmware.manager.VmwareManager;
import com.cloud.hypervisor.vmware.mo.VirtualEthernetCardType;
import com.cloud.network.Network.Provider;
import com.cloud.network.NetworkModel;
import com.cloud.network.Network.Service;
import com.cloud.network.Networks.TrafficType;
import com.cloud.network.dao.NetworkDao;
import com.cloud.network.dao.NetworkVO;
@ -143,13 +145,23 @@ public class VMwareGuru extends HypervisorGuruBase implements HypervisorGuru {
details.put(VmDetailConstants.ROOK_DISK_CONTROLLER, _vmwareMgr.getRootDiskController());
}
}
List<NicProfile> nicProfiles = vm.getNics();
for(NicProfile nicProfile : nicProfiles) {
if(nicProfile.getTrafficType() == TrafficType.Guest) {
if(_networkMgr.isProviderSupportServiceInNetwork(nicProfile.getNetworkId(), Service.Firewall, Provider.CiscoVnmc)) {
details.put("ConfigureVServiceInNexus", Boolean.TRUE.toString());
}
break;
}
}
to.setDetails(details);
if(vm.getVirtualMachine() instanceof DomainRouterVO) {
List<NicProfile> nicProfiles = vm.getNics();
NicProfile publicNicProfile = null;
NicProfile publicNicProfile = null;
for(NicProfile nicProfile : nicProfiles) {
if(nicProfile.getTrafficType() == TrafficType.Public) {
publicNicProfile = nicProfile;

3
plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/manager/VmwareManagerImpl.java
View File

@ -317,8 +317,7 @@ public class VmwareManagerImpl extends ManagerBase implements VmwareManager, Vmw
}
s_logger.info("Preparing network on host " + hostMo.getContext().toString() + " for " + privateTrafficLabel);
HypervisorHostHelper.prepareNetwork(vSwitchName, "cloud.private", hostMo, vlanId, null, null, 180000, false);
HypervisorHostHelper.prepareNetwork(vSwitchName, "cloud.private", hostMo, vlanId, null, null, 180000, false);
}
@Override

13
plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
View File

@ -1329,7 +1329,7 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
NicTO nicTo = cmd.getNic();
VirtualDevice nic;
Pair<ManagedObjectReference, String> networkInfo = prepareNetworkFromNicInfo(vmMo.getRunningHost(), nicTo);
Pair<ManagedObjectReference, String> networkInfo = prepareNetworkFromNicInfo(vmMo.getRunningHost(), nicTo, false);
if (VmwareHelper.isDvPortGroup(networkInfo.first())) {
String dvSwitchUuid;
ManagedObjectReference dcMor = hyperHost.getHyperHostDatacenter();
@ -1571,7 +1571,7 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
vmMo.getRunningHost(), vlanId, null, null, this._ops_timeout, true);
} else {
networkInfo = HypervisorHostHelper.prepareNetwork(this._publicTrafficInfo.getVirtualSwitchName(), "cloud.public",
vmMo.getRunningHost(), vlanId, null, null, this._ops_timeout, vSwitchType, _portsPerDvPortGroup);
vmMo.getRunningHost(), vlanId, null, null, this._ops_timeout, vSwitchType, _portsPerDvPortGroup, null, false);
}
int nicIndex = allocPublicNicIndex(vmMo);
@ -2304,7 +2304,8 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
for (NicTO nicTo : sortNicsByDeviceId(nics)) {
s_logger.info("Prepare NIC device based on NicTO: " + _gson.toJson(nicTo));
Pair<ManagedObjectReference, String> networkInfo = prepareNetworkFromNicInfo(vmMo.getRunningHost(), nicTo);
boolean configureVServiceInNexus = (nicTo.getType() == TrafficType.Guest) && (vmSpec.getDetails().containsKey("ConfigureVServiceInNexus"));
Pair<ManagedObjectReference, String> networkInfo = prepareNetworkFromNicInfo(vmMo.getRunningHost(), nicTo, configureVServiceInNexus);
if (VmwareHelper.isDvPortGroup(networkInfo.first())) {
String dvSwitchUuid;
ManagedObjectReference dcMor = hyperHost.getHyperHostDatacenter();
@ -2504,7 +2505,7 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
return defaultVlan;
}
private Pair<ManagedObjectReference, String> prepareNetworkFromNicInfo(HostMO hostMo, NicTO nicTo) throws Exception {
private Pair<ManagedObjectReference, String> prepareNetworkFromNicInfo(HostMO hostMo, NicTO nicTo, boolean configureVServiceInNexus) throws Exception {
Pair<String, String> switchName;
TrafficType trafficType;
VirtualSwitchType switchType;
@ -2534,7 +2535,7 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
}
else {
networkInfo = HypervisorHostHelper.prepareNetwork(switchName.first(), namePrefix, hostMo, getVlanInfo(nicTo, switchName.second()),
nicTo.getNetworkRateMbps(), nicTo.getNetworkRateMulticastMbps(), _ops_timeout, switchType, _portsPerDvPortGroup);
nicTo.getNetworkRateMbps(), nicTo.getNetworkRateMulticastMbps(), _ops_timeout, switchType, _portsPerDvPortGroup, nicTo.getGateway(), configureVServiceInNexus);
}
return networkInfo;
@ -3024,7 +3025,7 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
NicTO[] nics = vm.getNics();
for (NicTO nic : nics) {
// prepare network on the host
prepareNetworkFromNicInfo(new HostMO(getServiceContext(), _morHyperHost), nic);
prepareNetworkFromNicInfo(new HostMO(getServiceContext(), _morHyperHost), nic, false);
}
String secStoreUrl = mgr.getSecondaryStorageStoreUrl(Long.parseLong(_dcId));

42
plugins/network-elements/cisco-vnmc/pom.xml Normal file
View File

@ -0,0 +1,42 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<artifactId>cloud-plugin-network-cisco-vnmc</artifactId>
<name>Apache CloudStack Plugin - Cisco VNMC</name>
<parent>
<groupId>org.apache.cloudstack</groupId>
<artifactId>cloudstack-plugins</artifactId>
<version>4.2.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<dependencies>
<dependency>
<groupId>org.apache.cloudstack</groupId>
<artifactId>cloud-plugin-hypervisor-vmware</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cloudstack</groupId>
<artifactId>cloud-vmware-base</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
</project>

34
plugins/network-elements/cisco-vnmc/scripts/network/cisco/assoc-asa1000v.xml Normal file
View File

@ -0,0 +1,34 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMo
dn=""
cookie="%cookie%"
inHierarchical="false">
<inConfig>
<fwResourceBinding
assignedToDn="%fwdn%"
dn="%binddn%"
status="created"/>
</inConfig>
</configConfMo>
<!--
assignedToDn="fw/inst-1007"
dn="org-root/org-TenantD/org-VDC-TenantD/efw-ASA-1000v-TenantD/binding"
-->

37
plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-acl-policy-set.xml Executable file
View File

@ -0,0 +1,37 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%espdn%">
<policyVirtualNetworkEdgeProfile
connTimeoutRef=""
descr="%descr%"
dn="%espdn%"
egressAclPsetRef="%egresspolicysetname%"
ingressAclPsetRef="%ingresspolicysetname%"
inspectRef=""
name="%name%"
natPsetRef="%natpolicysetname%"
status="modified"
vpnRef=""/>
</pair>
</inConfigs>
</configConfMos>

34
plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-dhcp-policy.xml Normal file
View File

@ -0,0 +1,34 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%dhcpdn%">
<policyDhcpPolicyAssoc
dn="%dhcpdn%"
interfaceName="%insideintf%"
policyRef=""
status="created"
type="server"/>
</pair>
</inConfigs>
</configConfMos>
<!--dn="org-root/org-TestTenant3/org-Tenant3-VDC/edsp-Tenant3-Edge-Device-Profile/dhcp-Edge_Inside"-->

32
plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-dhcp-server.xml Normal file
View File

@ -0,0 +1,32 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%dhcpdn%">
<policyDhcpPolicyAssoc
dn="%dhcpdn%"
interfaceName="%insideintf%"
policyRef="%dhcpserverpolicyname%"
status="modified"
type="server"/>
</pair>
</inConfigs>
</configConfMos>

35
plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-nat-policy-set.xml Normal file
View File

@ -0,0 +1,35 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%espdn%">
<policyVirtualNetworkEdgeProfile
connTimeoutRef=""
descr="%descr%"
dn="%espdn%"
inspectRef=""
name="%name%"
natPsetRef="%natpolicysetname%"
status="modified"
vpnRef=""/>
</pair>
</inConfigs>
</configConfMos>

33
plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml Normal file
View File

@ -0,0 +1,33 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMo
dn=""
cookie="%cookie%"
inHierarchical="false">
<inConfig>
<policyEdgeDeviceServiceProfile
addrTranslationTimeout="10800"
dn="%dn%"
ipAudit=""
name="%name%"
routing="%routepolicyname%"
status="modified"
vpn=""/>
</inConfig>
</configConfMo>

38
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml Executable file
View File

@ -0,0 +1,38 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%aclpolicyrefdn%">
<policyPolicyNameRef
dn="%aclpolicyrefdn%"
order="%order%"
policyName="%aclpolicyname%"
status="created"/>
</pair>
</inConfigs>
</configConfMos>
<!--
aclpolicyrefdn="org-root/org-vlan-123/org-VDC-vlan-123/pset-Ingress-ACL-Policy-Set-vlan-123/polref-aaa"
aclpolicyname="aaa"
--!>

36
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml Executable file
View File

@ -0,0 +1,36 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%aclpolicysetdn%">
<policyPolicySet
descr="%descr%"
dn="%aclpolicysetdn%"
name="%aclpolicysetname%"
status="created"/>
</pair>
</inConfigs>
</configConfMos>
<!--
aclpolicysetdn="org-root/org-vlan-123/org-VDC-vlan-123/pset-foo"
aclpolicysetname="foo"
--!>

35
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy.xml Executable file
View File

@ -0,0 +1,35 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMo
dn=""
cookie="%cookie%"
inHierarchical="false">
<inConfig>
<policyRuleBasedPolicy
descr=""
dn="%aclpolicydn%"
name="%aclpolicyname%"
status="created"/>
</inConfig>
</configConfMo>
<!--
aclpolicydn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy"
aclpolicyname="test_policy"
--!>

82
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-rule-for-dnat.xml Executable file
View File

@ -0,0 +1,82 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%aclruledn%">
<policyRule
descr="%descr%"
dn="%aclruledn%"
name="%aclrulename%"
order="%order%"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-action-0">
<fwpolicyAction
actionType="%actiontype%"
dn="%aclruledn%/rule-action-0"
id="0"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2">
<policyRuleCondition
dn="%aclruledn%/rule-cond-2"
id="2"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-2/nw-expr2"
id="2"
opr="eq"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="destination"
dn="%aclruledn%/rule-cond-2/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-ip-2">
<policyIPAddress
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-2/nw-expr2/nw-ip-2"
id="2"
name=""
placement="none"
status="created"
value="%ip%"/>
</pair>
</inConfigs>
</configConfMos>
<!--
aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
aclrulename="dummy"
descr=value
actiontype="drop" or "permit"
ip="public ip at destination"
--!>

156
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-rule-for-pf.xml Executable file
View File

@ -0,0 +1,156 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%aclruledn%">
<policyRule
descr="%descr%"
dn="%aclruledn%"
name="%aclrulename%"
order="%order%"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-action-0">
<fwpolicyAction
actionType="%actiontype%"
dn="%aclruledn%/rule-action-0"
id="0"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2">
<policyRuleCondition
dn="%aclruledn%/rule-cond-2"
id="2"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-2/nw-expr2"
id="2"
opr="eq"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
<policyProtocol
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
id="2"
name=""
placement="none"
status="created"
value="%protocolvalue%"/>
</pair>
<pair key="%aclruledn%/rule-cond-3">
<policyRuleCondition
dn="%aclruledn%/rule-cond-3"
id="3"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-3/nw-expr2"
id="2"
opr="eq"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="destination"
dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
<policyIPAddress
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
id="2"
name=""
placement="begin"
status="created"
value="%ip%"/>
</pair>
<pair key="%aclruledn%/rule-cond-4">
<policyRuleCondition
dn="%aclruledn%/rule-cond-4"
id="4"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-4/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-4/nw-expr2"
id="2"
opr="range"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="destination"
dn="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-port-2">
<policyNetworkPort
appType="Other"
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-4/nw-expr2/nw-port-2"
id="2"
name=""
placement="begin"
status="created"
value="%startport%"/>
</pair>
<pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-port-3">
<policyNetworkPort
appType="Other"
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-4/nw-expr2/nw-port-3"
id="3"
name=""
placement="end"
status="created"
value="%endport%"/>
</pair>
</inConfigs>
</configConfMos>
<!--
aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
aclrulename="dummy"
descr=value
actiontype="drop" or "permit"
protocolvalue="TCP" or "UDP"
ip="public ip at destination"
startport="start port at destination"
endport="end port at destination"
--!>

72
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dhcp-policy.xml Normal file
View File

@ -0,0 +1,72 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%dhcpserverdn%">
<policyDhcpServerPolicy
descr="%dhcpserverdescr%"
dn="%dhcpserverdn%"
dnsDomainRef=""
leaseTime="1036799"
name="%dhcpservername%"
pingTimeout="50"
status="created"/>
</pair>
<pair key="%iprangedn%">
<policyIPAddressRange
dn="%iprangedn%"
endip="%endip%"
name="iprange"
startip="%startip%"
status="created"
subnet="%subnet%"/>
</pair>
<pair key="%dnsservicedn%">
<commDns
descr=""
dn="%dnsservicedn%"
domain="%domain%"
name="%dnsservicename%"
status="created"/>
</pair>
<pair key="%nameserverdn%">
<commDnsProvider
descr=""
dn="%nameserverdn%"
hostip="%nameserverip%"
order="100"
status="created"/>
</pair>
</inConfigs>
</configConfMos>
<!--
"org-root/org-TestTenant3/org-Tenant3-VDC/dhcp-server-Tenant3-DHCP-Policy"
"org-root/org-TestTenant3/org-Tenant3-VDC/dhcp-server-Tenant3-DHCP-Policy/ip-range-iprange"
"org-root/org-TenantC/org-VDC-TenantC/dhcp-server-TenantC-Dhcp-Policy/ip-range-iprange"
"org-root/org-TestTenant3/org-Tenant3-VDC/dhcp-server-Tenant3-DHCP-Policy/dns-svc-Tenant3-DNS"
"org-root/org-TestTenant3/org-Tenant3-VDC/dhcp-server-Tenant3-DHCP-Policy/dns-svc-Tenant3-DNS/dns-8.8.8.8"
--!>

91
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml Executable file
View File

@ -0,0 +1,91 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%natruledn%">
<policyRule
descr="%descr%"
dn="%natruledn%"
name="%natrulename%"
order="%order%"
status="created"/>
</pair>
<pair key="%natruledn%/nat-action">
<natpolicyNatAction
actionType="static"
destTranslatedIpPool="%ippoolname%"
destTranslatedPortPool=""
dn="%natruledn%/nat-action"
id="0"
isBidirectionalEnabled="yes"
isDnsEnabled="no"
isNoProxyArpEnabled="no"
isRoundRobinIpEnabled="no"
srcTranslatedIpPatPool=""
srcTranslatedIpPool=""
srcTranslatedPortPool=""
status="created"/>
</pair>
<pair key="%natruledn%/rule-cond-2">
<policyRuleCondition
dn="%natruledn%/rule-cond-2"
id="2"
order="unspecified"
status="created"/>
</pair>
<pair key="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="destination"
dn="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%natruledn%/rule-cond-2/nw-expr2">
<policyNetworkExpression
dn="%natruledn%/rule-cond-2/nw-expr2"
id="2"
opr="eq"
status="created"/>
</pair>
<pair key="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2">
<policyIPAddress
dataType="string"
descr=""
dn="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2"
id="2"
name=""
placement="none"
status="created"
value="%ip%"/>
</pair>
</inConfigs>
</configConfMos>
<!--
natruledn="org-root/org-vlan-123/org-VDC-vlan-123/natpol-aaa/rule-bbb"
natrulename="bbb"
descr=value
ippoolname="ccc"
ip="10.147.30.230"
--!>

32
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml Normal file
View File

@ -0,0 +1,32 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMo
cookie="%cookie%"
inHierarchical="false">
<inConfig>
<policyEdgeDeviceServiceProfile
addrTranslationTimeout="10800"
descr="%descr%"
dn="%dn%"
name="%name%"
status="created"
vpn=""/>
</inConfig>
</configConfMo>
<!-- dn="org-root/org-TestTenant3/org-Tenant3-VDC/edsp-Tenant3-Edge-Device-Profile" -->

30
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml Normal file
View File

@ -0,0 +1,30 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMo
dn=""
cookie="%cookie%"
inHierarchical="false">
<inConfig>
<routeRoutingPolicy
descr="%descr%"
dn="%routepolicydn%"
name="%name%"
status="created"/>
</inConfig>
</configConfMo>

35
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml Normal file
View File

@ -0,0 +1,35 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%routepolicydn%/sroute-2">
<routeStaticRoute
dn="%routepolicydn%/sroute-2"
id="2"
ipAddress="%destination%"
ipSubnet="%netmask%"
nextHopGWIp="%nexthop%"
nextHopIntf="%nexthopintf%"
routeMetric="1"
status="created"/>
</pair>
</inConfigs>
</configConfMos>

89
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-firewall.xml Normal file
View File

@ -0,0 +1,89 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%edgefwdn%" >
<fwEdgeFirewall
haMode="standalone"
descr="%edgefwdescr%"
dn="%edgefwdn%"
name="%edgefwname%"
status="created"/>
</pair>
<pair key="%insideintfdn%">
<fwDataInterface
descr="ASA Inside Interface"
dn="%insideintfdn%"
ipAddressPrimary="%insideip%"
ipAddressSecondary="0.0.0.0"
ipSubnet="%insidesubnet%"
isIpViaDHCP="no"
name="%insideintfname%"
role="inside"
status="created"/>
</pair>
<pair key="%outsideintfdn%">
<fwDataInterface
descr="ASA Outside interface "
dn="%outsideintfdn%"
ipAddressPrimary="%publicip%"
ipAddressSecondary="0.0.0.0"
ipSubnet="%outsidesubnet%"
isIpViaDHCP="no"
name="%outsideintfname%"
role="outside"
status="created"/>
</pair>
<pair key="%outsideintfsp%" >
<logicalInterfaceServiceProfileAssociation
descr=""
dn="%outsideintfsp%"
name=""
profileRef="%secprofileref%"
status="created"/>
</pair>
<pair key="%deviceserviceprofiledn%" >
<logicalDeviceServiceProfileAssociation
descr=""
dn="%deviceserviceprofiledn%"
name=""
profileRef="%deviceserviceprofile%"
status="created"/>
</pair>
</inConfigs>
</configConfMos>
<!--
edgefwdn="org-root/org-TenantD/org-VDC-TenantD/efw-ASA-1000v-TenantD"
insideintfdn="org-root/org-TenantD/org-VDC-TenantD/efw-ASA-1000v-TenantD/interface-Edge_Inside"
descr="%edgefwdescr%"
ipAddressPrimary="%insideip%"
ipSubnet="%insidesubnet%"
name="%insideintfname%"
outsideintfdn="%outsideintfdn%"
ipAddressPrimary="%publicip%"
ipSubnet="%outsidesubnet%"
name="%outsideintfname%
--!>

41
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-security-profile.xml Normal file
View File

@ -0,0 +1,41 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMo
dn=""
cookie="%cookie%"
inHierarchical="false">
<inConfig>
<policyVirtualNetworkEdgeProfile
descr="%descr%"
dn="%espdn%"
egressAclPsetRef="%egressref%"
ingressAclPsetRef="%ingressref%"
name="%name%"
status="created"
vpnRef=""/>
</inConfig>
</configConfMo>
<!--
descr="Edge Security Profile for Tenant3"
dn="org-root/org-TestTenant3/org-Tenant3-VDC/vnep-Tenant3-ESSP"
egressAclPsetRef="default-egress"
ingressAclPsetRef="default-ingress"
name="Tenant3-ESSP"
--!>

201
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml Executable file
View File

@ -0,0 +1,201 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%aclruledn%">
<policyRule
descr="%descr%"
dn="%aclruledn%"
name="%aclrulename%"
order="%order%"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-action-0">
<fwpolicyAction
actionType="%actiontype%"
dn="%aclruledn%/rule-action-0"
id="0"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2">
<policyRuleCondition
dn="%aclruledn%/rule-cond-2"
id="2"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-2/nw-expr2"
id="2"
opr="eq"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
<policyProtocol
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
id="2"
name=""
placement="none"
status="created"
value="%protocolvalue%"/>
</pair>
<pair key="%aclruledn%/rule-cond-3">
<policyRuleCondition
dn="%aclruledn%/rule-cond-3"
id="3"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-3/nw-expr2"
id="2"
opr="range"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="destination"
dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
<policyIPAddress
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
id="2"
name=""
placement="begin"
status="created"
value="%deststartip%"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
<policyIPAddress
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3"
id="3"
name=""
placement="end"
status="created"
value="%destendip%"/>
</pair>
<pair key="%aclruledn%/rule-cond-4">
<policyRuleCondition
dn="%aclruledn%/rule-cond-4"
id="4"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-4/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-4/nw-expr2"
id="2"
opr="eq"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="source"
dn="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2">
<policyIPAddress
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2"
id="2"
name=""
placement="none"
status="created"
value="%sourceip%"/>
</pair>
<pair key="%aclruledn%/rule-cond-5">
<policyRuleCondition
dn="%aclruledn%/rule-cond-5"
id="5"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-5/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-5/nw-expr2"
id="2"
opr="range"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="source"
dn="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2">
<policyNetworkPort
appType="Other"
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2"
id="2"
name=""
placement="begin"
status="created"
value="%sourcestartport%"/>
</pair>
<pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3">
<policyNetworkPort
appType="Other"
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3"
id="3"
name=""
placement="end"
status="created"
value="%sourceendport%"/>
</pair>
</inConfigs>
</configConfMos>
<!--
aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
aclrulename="dummy"
descr=value
actiontype="drop" or "permit"
protocolvalue = "TCP" or "UDP"
deststartip="destination start ip"
destendip="destination end ip"
sourcestartport="start port at source"
sourceendport="end port at source"
sourceip="source ip"
--!>

122
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml Executable file
View File

@ -0,0 +1,122 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%aclruledn%">
<policyRule
descr="%descr%"
dn="%aclruledn%"
name="%aclrulename%"
order="%order%"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-action-0">
<fwpolicyAction
actionType="%actiontype%"
dn="%aclruledn%/rule-action-0"
id="0"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2">
<policyRuleCondition
dn="%aclruledn%/rule-cond-2"
id="2"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-2/nw-expr2"
id="2"
opr="eq"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
<policyProtocol
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
id="2"
name=""
placement="none"
status="created"
value="%protocolvalue%"/>
</pair>
<pair key="%aclruledn%/rule-cond-3">
<policyRuleCondition
dn="%aclruledn%/rule-cond-3"
id="3"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-3/nw-expr2"
id="2"
opr="range"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="destination"
dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
<policyIPAddress
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
id="2"
name=""
placement="begin"
status="created"
value="%deststartip%"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
<policyIPAddress
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3"
id="3"
name=""
placement="end"
status="created"
value="%destendip%"/>
</pair>
</inConfigs>
</configConfMos>
<!--
aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
aclrulename="dummy"
descr=value
actiontype="drop" or "permit"
protocolvalue = "TCP" or "UDP" or "ICMP"
deststartip="destination start ip"
destendip="destination end ip"
sourceip="source ip"
--!>

121
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-ingress-acl-rule.xml Executable file
View File

@ -0,0 +1,121 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%aclruledn%">
<policyRule
descr="%descr%"
dn="%aclruledn%"
name="%aclrulename%"
order="%order%"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-action-0">
<fwpolicyAction
actionType="%actiontype%"
dn="%aclruledn%/rule-action-0"
id="0"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2">
<policyRuleCondition
dn="%aclruledn%/rule-cond-2"
id="2"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-2/nw-expr2"
id="2"
opr="eq"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
<policyProtocol
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
id="2"
name=""
placement="none"
status="created"
value="%protocolvalue%"/>
</pair>
<pair key="%aclruledn%/rule-cond-3">
<policyRuleCondition
dn="%aclruledn%/rule-cond-3"
id="3"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-3/nw-expr2"
id="2"
opr="range"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="source"
dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
<policyIPAddress
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
id="2"
name=""
placement="begin"
status="created"
value="%sourcestartip%"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
<policyIPAddress
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3"
id="3"
name=""
placement="end"
status="created"
value="%sourceendip%"/>
</pair>
</inConfigs>
</configConfMos>
<!--
aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
aclrulename="dummy"
descr=value
actiontype="drop" or "permit"
protocolvalue = "TCP" or "UDP" or "ICMP"
sourcestartip = "source start IP"
sourceendip = "source end IP"
--!>

201
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml Executable file
View File

@ -0,0 +1,201 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%aclruledn%">
<policyRule
descr="%descr%"
dn="%aclruledn%"
name="%aclrulename%"
order="%order%"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-action-0">
<fwpolicyAction
actionType="%actiontype%"
dn="%aclruledn%/rule-action-0"
id="0"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2">
<policyRuleCondition
dn="%aclruledn%/rule-cond-2"
id="2"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-2/nw-expr2"
id="2"
opr="eq"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
<policyProtocol
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
id="2"
name=""
placement="none"
status="created"
value="%protocolvalue%"/>
</pair>
<pair key="%aclruledn%/rule-cond-3">
<policyRuleCondition
dn="%aclruledn%/rule-cond-3"
id="3"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-3/nw-expr2"
id="2"
opr="range"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="source"
dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
<policyIPAddress
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
id="2"
name=""
placement="begin"
status="created"
value="%sourcestartip%"/>
</pair>
<pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
<policyIPAddress
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3"
id="3"
name=""
placement="end"
status="created"
value="%sourceendip%"/>
</pair>
<pair key="%aclruledn%/rule-cond-4">
<policyRuleCondition
dn="%aclruledn%/rule-cond-4"
id="4"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-4/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-4/nw-expr2"
id="2"
opr="eq"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="destination"
dn="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2">
<policyIPAddress
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2"
id="2"
name=""
placement="none"
status="created"
value="%destip%"/>
</pair>
<pair key="%aclruledn%/rule-cond-5">
<policyRuleCondition
dn="%aclruledn%/rule-cond-5"
id="5"
order="unspecified"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-5/nw-expr2">
<policyNetworkExpression
dn="%aclruledn%/rule-cond-5/nw-expr2"
id="2"
opr="range"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="destination"
dn="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2">
<policyNetworkPort
appType="Other"
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2"
id="2"
name=""
placement="begin"
status="created"
value="%deststartport%"/>
</pair>
<pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3">
<policyNetworkPort
appType="Other"
dataType="string"
descr=""
dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3"
id="3"
name=""
placement="end"
status="created"
value="%destendport%"/>
</pair>
</inConfigs>
</configConfMos>
<!--
aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
aclrulename="dummy"
descr=value
actiontype="drop" or "permit"
protocolvalue = "TCP" or "UDP"
sourcestartip="source start ip"
sourceendip="source end ip"
deststartport="start port at destination"
destendport="end port at destination"
destip="destination ip"
--!>

58
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ip-pool.xml Executable file
View File

@ -0,0 +1,58 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%ippooldn%">
<policyObjectGroup
descr="%descr%"
dn="%ippooldn%"
name="%ippoolname%"
status="created"/>
</pair>
<pair key="%ippooldn%/objgrp-expr-2">
<policyObjectGroupExpression
dn="%ippooldn%/objgrp-expr-2"
id="2"
opr="eq"
order="unspecified"
status="created"/>
</pair>
<pair key="%ippooldn%/objgrp-expr-2/nw-ip-2">
<policyIPAddress
dataType="string"
descr=""
dn="%ippooldn%/objgrp-expr-2/nw-ip-2"
id="2"
name=""
placement="none"
status="created"
value="%ipvalue%"/>
</pair>
</inConfigs>
</configConfMos>
<!--
ippooldn="org-root/org-vlan-123/org-VDC-vlan-123/objgrp-ccc"
ippoolname="ccc"
ipvalue="10.1.1.20"
--!>

38
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-ref.xml Executable file
View File

@ -0,0 +1,38 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%natpolicyrefdn%" >
<policyPolicyNameRef
dn="%natpolicyrefdn%"
order="%order%"
policyName="%natpolicyname%"
status="created"/>
</pair>
</inConfigs>
</configConfMos>
<!--
natpolicyrefdn="org-root/org-TenantD/org-VDC-TenantD/natpset-TenantD-NAT-Policy-Set/polref-Source-NAT-Policy-TenantD"
natpolicyname="Source-NAT-Policy-TenantD"
--!>

37
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-set.xml Normal file
View File

@ -0,0 +1,37 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%natpolicysetdn%">
<natpolicyNatPolicySet
adminState="enabled"
descr="%descr%"
dn="%natpolicysetdn%"
name="%natpolicysetname%"
status="created"/>
</pair>
</inConfigs>
</configConfMos>
<!--
natpolicysetdn="org-root/org-TenantD/org-VDC-TenantD/natpset-TenantD-NAT-Policy-Set"
natpolicysetname="Source-NAT-Policy-Set-TenantD"
--!>

33
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy.xml Executable file
View File

@ -0,0 +1,33 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%natpolicydn%">
<natpolicyNatRuleBasedPolicy
descr=""
dn="%natpolicydn%"
name="%natpolicyname%"
status="created"/>
</pair>
</inConfigs>
</configConfMos>

166
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml Executable file
View File

@ -0,0 +1,166 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%natruledn%">
<policyRule
descr="%descr%"
dn="%natruledn%"
name="%natrulename%"
order="%order%"
status="created"/>
</pair>
<pair key="%natruledn%/nat-action">
<natpolicyNatAction
actionType="static"
destTranslatedIpPool="%ippoolname%"
destTranslatedPortPool="%portpoolname%"
dn="%natruledn%/nat-action"
id="0"
isBidirectionalEnabled="yes"
isDnsEnabled="no"
isNoProxyArpEnabled="no"
isRoundRobinIpEnabled="no"
srcTranslatedIpPatPool=""
srcTranslatedIpPool=""
srcTranslatedPortPool=""
status="created"/>
</pair>
<pair key="%natruledn%/rule-cond-2">
<policyRuleCondition
dn="%natruledn%/rule-cond-2"
id="2"
order="unspecified"
status="created"/>
</pair>
<pair key="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="destination"
dn="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%natruledn%/rule-cond-2/nw-expr2">
<policyNetworkExpression
dn="%natruledn%/rule-cond-2/nw-expr2"
id="2"
opr="eq"
status="created"/>
</pair>
<pair key="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2">
<policyIPAddress
dataType="string"
descr=""
dn="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2"
id="2"
name=""
placement="none"
status="created"
value="%ip%"/>
</pair>
<pair key="%natruledn%/rule-cond-3">
<policyRuleCondition
dn="%natruledn%/rule-cond-3"
id="3"
order="unspecified"
status="created"/>
</pair>
<pair key="%natruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="destination"
dn="%natruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%natruledn%/rule-cond-3/nw-expr2">
<policyNetworkExpression
dn="%natruledn%/rule-cond-3/nw-expr2"
id="2"
opr="range"
status="created"/>
</pair>
<pair key="%natruledn%/rule-cond-3/nw-expr2/nw-port-2">
<policyNetworkPort
appType="Other"
dataType="string"
descr=""
dn="%natruledn%/rule-cond-3/nw-expr2/nw-port-2"
id="2"
name=""
placement="begin"
status="created"
value="%startport%"/>
</pair>
<pair key="%natruledn%/rule-cond-3/nw-expr2/nw-port-3">
<policyNetworkPort
appType="Other"
dataType="string"
descr=""
dn="%natruledn%/rule-cond-3/nw-expr2/nw-port-3"
id="3"
name=""
placement="end"
status="created"
value="%endport%"/>
</pair>
<pair key="%natruledn%/rule-cond-4">
<policyRuleCondition
dn="%natruledn%/rule-cond-4"
id="4"
order="unspecified"
status="created"/>
</pair>
<pair key="%natruledn%/rule-cond-4/nw-expr2">
<policyNetworkExpression
dn="%natruledn%/rule-cond-4/nw-expr2"
id="2"
opr="eq"
status="created"/>
</pair>
<pair key="%natruledn%/rule-cond-4/nw-expr2/nw-protocol-2">
<policyProtocol
dataType="string"
descr=""
dn="%natruledn%/rule-cond-4/nw-expr2/nw-protocol-2"
id="2"
name=""
placement="none"
status="created"
value="%protocolvalue%"/>
</pair>
</inConfigs>
</configConfMos>
<!--
natruledn="org-root/org-vlan-123/org-VDC-vlan-123/natpol-aaa/rule-bbb"
natrulename="bbb"
descr=value
ippoolname="ccc"
portpoolname="ddd"
ip="10.147.30.230"
startport="22"
endport="22"
protocolvalue="TCP"
--!>

72
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-port-pool.xml Executable file
View File

@ -0,0 +1,72 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%portpooldn%">
<policyObjectGroup
descr="%descr%"
dn="%portpooldn%"
name="%portpoolname%"
status="created"/>
</pair>
<pair key="%portpooldn%/objgrp-expr-2">
<policyObjectGroupExpression
dn="%portpooldn%/objgrp-expr-2"
id="2"
opr="range"
order="unspecified"
status="created"/>
</pair>
<pair key="%portpooldn%/objgrp-expr-2/nw-port-2">
<policyNetworkPort
appType="Other"
dataType="string"
descr=""
dn="%portpooldn%/objgrp-expr-2/nw-port-2"
id="2"
name=""
placement="begin"
status="created"
value="%startport%"/>
</pair>
<pair key="%portpooldn%/objgrp-expr-2/nw-port-3">
<policyNetworkPort
appType="Other"
dataType="string"
descr=""
dn="%portpooldn%/objgrp-expr-2/nw-port-3"
id="3"
name=""
placement="end"
status="created"
value="%endport%"/>
</pair>
</inConfigs>
</configConfMos>
<!--
portpooldn="org-root/org-vlan-123/org-VDC-vlan-123/objgrp-ddd"
portpoolname="ddd"
startport="22"
endport="22"
--!>

58
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-pool.xml Normal file
View File

@ -0,0 +1,58 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%snatpoolexprdn%" >
<policyObjectGroupExpression
dn="%snatpoolexprdn%"
opr="eq"
order="unspecified"
status="created"/>
</pair>
<pair key="%publicipdn%" >
<policyIPAddress
dataType="string"
descr=""
dn="%publicipdn%"
name=""
placement="none"
status="created"
value="%publicip%"/>
</pair>
<pair key="%snatpooldn%">
<policyObjectGroup
descr="%descr%"
dn="%snatpooldn%"
name="%name%"
status="created"/>
</pair>
</inConfigs>
</configConfMos>
<!--
snatpoolexprdn="org-root/org-TestTenant3/org-Tenant3-VDC/objgrp-Source-NAT-Pool-For-Tenant3/objgrp-expr-2"
publicipdn="org-root/org-TestTenant3/org-Tenant3-VDC/objgrp-Source-NAT-Pool-For-Tenant3/objgrp-expr-2/nw-ip-2"
snatpooldn= "org-root/org-TestTenant3/org-Tenant3-VDC/objgrp-Source-NAT-Pool-For-Tenant3"
value="10.223.136.10"
--!>

103
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml Normal file
View File

@ -0,0 +1,103 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%natruledn%">
<policyRule
descr="%descr%"
dn="%natruledn%"
name="%natrulename%"
order="%order%"
status="created"/>
</pair>
<pair key="%natruledn%/nat-action">
<natpolicyNatAction
actionType="static"
destTranslatedIpPool=""
destTranslatedPortPool=""
dn="%natruledn%/nat-action"
id="0"
isBidirectionalEnabled="yes"
isDnsEnabled="yes"
isNoProxyArpEnabled="no"
isRoundRobinIpEnabled="no"
srcTranslatedIpPatPool=""
srcTranslatedIpPool="%ippoolname%"
srcTranslatedPortPool=""
status="created"/>
</pair>
<pair key="%natruledn%/rule-cond-2">
<policyRuleCondition
dn="%natruledn%/rule-cond-2"
id="2"
order="unspecified"
status="created"/>
</pair>
<pair key="%natruledn%/rule-cond-2/nw-expr2">
<policyNetworkExpression
dn="%natruledn%/rule-cond-2/nw-expr2"
id="2"
opr="range"
status="created"/>
</pair>
<pair key="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual">
<policyNwAttrQualifier
attrEp="source"
dn="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual"
status="created"/>
</pair>
<pair key="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2">
<policyIPAddress
dataType="string"
descr=""
dn="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2"
id="2"
name=""
placement="begin"
status="created"
value="%srcstartip%"/>
</pair>
<pair key="%natruledn%/rule-cond-2/nw-expr2/nw-ip-3">
<policyIPAddress
dataType="string"
descr=""
dn="%natruledn%/rule-cond-2/nw-expr2/nw-ip-3"
id="3"
name=""
placement="end"
status="created"
value="%srcendip%"/>
</pair>
</inConfigs>
</configConfMos>
<!--
natruledn="org-root/org-TestTenant3/org-Tenant3-VDC/natpol-Source-NAT-For-Tenant3/rule-Source-NAT-Policy-Rule"
natrulename="Source-NAT-Policy-Rule"
descr="Source NAT Policy Rule for Tenant3"
ippoolname=value
srcstartip=value
srcendip=value
--!>

29
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-tenant.xml Normal file
View File

@ -0,0 +1,29 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMo
cookie="%cookie%"
inHierarchical="false">
<inConfig>
<orgTenant
descr="%descr%"
dn="%dn%"
name="%name%"
status="created"/>
</inConfig>
</configConfMo>

30
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-vdc.xml Normal file
View File

@ -0,0 +1,30 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMo
dn=""
cookie="%cookie%"
inHierarchical="false">
<inConfig>
<orgDatacenter
descr="%descr%"
dn="%dn%"
name="%name%"
status="created"/>
</inConfig>
</configConfMo>

30
plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy-set.xml Executable file
View File

@ -0,0 +1,30 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%aclpolicysetdn%">
<policyPolicySet
dn="%aclpolicysetdn%"
name="%aclpolicysetname%"
status="deleted,modified"/>
</pair>
</inConfigs>
</configConfMos>

33
plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy.xml Executable file
View File

@ -0,0 +1,33 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%aclpolicydn%">
<policyRuleBasedPolicy
descr=""
dn="%aclpolicydn%"
name="%aclpolicyname%"
status="deleted,modified"/>
</pair>
</inConfigs>
</configConfMos>

30
plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-edge-firewall.xml Executable file
View File

@ -0,0 +1,30 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%edgefwdn%">
<fwEdgeFirewall
dn="%edgefwdn%"
name="%edgefwname%"
status="deleted"/>
</pair>
</inConfigs>
</configConfMos>

38
plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-edge-security-profile.xml Executable file
View File

@ -0,0 +1,38 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%espdn%">
<policyVirtualNetworkEdgeProfile
connTimeoutRef=""
dn="%espdn%"
egressAclPsetRef=""
ingressAclPsetRef=""
inspectRef=""
ipAuditRef=""
name="%name%"
natPsetRef=""
status="deleted,modified"
tcpInterceptRef=""
vpnRef=""/>
</pair>
</inConfigs>
</configConfMos>

30
plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-nat-policy-set.xml Executable file
View File

@ -0,0 +1,30 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%natpolicysetdn%">
<natpolicyNatPolicySet
dn="%natpolicysetdn%"
name="%natpolicysetname%"
status="deleted,modified"/>
</pair>
</inConfigs>
</configConfMos>

33
plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-nat-policy.xml Executable file
View File

@ -0,0 +1,33 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%natpolicydn%">
<natpolicyNatRuleBasedPolicy
descr=""
dn="%natpolicydn%"
name="%natpolicyname%"
status="deleted,modified"/>
</pair>
</inConfigs>
</configConfMos>

31
plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml Executable file
View File

@ -0,0 +1,31 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%ruledn%">
<policyRule
descr=""
dn="%ruledn%"
name="%rulename%"
status="deleted"/>
</pair>
</inConfigs>
</configConfMos>

30
plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-tenant.xml Executable file
View File

@ -0,0 +1,30 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%dn%">
<orgTenant
dn="%dn%"
name="%name%"
status="deleted,modified"/>
</pair>
</inConfigs>
</configConfMos>

30
plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-vdc.xml Executable file
View File

@ -0,0 +1,30 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%dn%">
<orgDatacenter
dn="%dn%"
name="%name%"
status="deleted,modified"/>
</pair>
</inConfigs>
</configConfMos>

30
plugins/network-elements/cisco-vnmc/scripts/network/cisco/disassoc-asa1000v.xml Executable file
View File

@ -0,0 +1,30 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%binddn%">
<fwResourceBinding
assignedToDn="%fwdn%"
dn="%binddn%"
status="deleted"/>
</pair>
</inConfigs>
</configConfMos>

31
plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-acl-policies.xml Executable file
View File

@ -0,0 +1,31 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<orgResolveInScope
dn="%vdcdn%"
cookie="%cookie%"
inClass="policyRuleBasedPolicy"
inSingleLevel="false"
inHierarchical="false">
<inFilter>
</inFilter>
</orgResolveInScope>
<!--
vdcdn="org-root/org-vlan-123/org-VDC-vlan-123"
--!>

27
plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-children.xml Executable file
View File

@ -0,0 +1,27 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configResolveChildren
cookie="%cookie%"
inDn="%dn%"
inHierarchical="true">
<inFilter>
</inFilter>
</configResolveChildren>
<!--dn="org-root/org-vlan-517/org-VDC-vlan-517/natpol-DNAT-vlan-517-10-147-30-235"--!>

31
plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-nat-policies.xml Executable file
View File

@ -0,0 +1,31 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<orgResolveInScope
dn="%vdcdn%"
cookie="%cookie%"
inClass="natpolicyNatRuleBasedPolicy"
inSingleLevel="false"
inHierarchical="false">
<inFilter>
</inFilter>
</orgResolveInScope>
<!--
vdcdn="org-root/org-vlan-123/org-VDC-vlan-123"
--!>

31
plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-policyrefs-in-policyset.xml Executable file
View File

@ -0,0 +1,31 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<orgResolveInScope
dn="%vdcdn%"
cookie="%cookie%"
inClass="policyPolicyNameRef"
inSingleLevel="false"
inHierarchical="false">
<inFilter>
</inFilter>
</orgResolveInScope>
<!--
vdcdn="org-root/org-vlan-123/org-VDC-vlan-123"
--!>

26
plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-tenants.xml Normal file
View File

@ -0,0 +1,26 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configResolveChildren
cookie="%cookie%"
classId="orgTenant"
inDn="org-root"
inHierarchical="false">
<inFilter>
</inFilter>
</configResolveChildren>

39
plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-unassigned-asa1000v.xml Normal file
View File

@ -0,0 +1,39 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configResolveChildren
cookie="%cookie%"
classId="fwInstance"
inDn="fw"
inHierarchical="false">
<inFilter>
<and>
<eq class="fwInstance" property="capability" value="infra-fw"/>
<eq class="fwInstance" property="assoc" value="none"/>
</and>
</inFilter>
</configResolveChildren>
<!-- resource-mgr -->
<!--
<configResolveChildren cookie="1349366974/592be573-8a27-48d3-aab1-cf6cb94f23ab" commCookie="5/12/0/1cae" srcExtSys="10.223.56.5" destExtSys="10.223.56.5" srcSvc="sam_extXMLApi" destSvc="resource-mgr_dme" response="yes" classId="fwInstance">
<outConfigs>
<fwInstance assignedToDn="" assoc="none" capability="infra-fw" descr="" dn="fw/inst-1007" fltAggr="0" fsmDescr="" fsmPrev="DisassociateSuccess" fsmProgr="100" fsmRmtInvErrCode="none" fsmRmtInvErrDescr="" fsmRmtInvRslt="" fsmStageDescr="" fsmStamp="2012-10-04T16:07:40.110" fsmStatus="nop" fsmTry="0" intId="11818" mgmtIp="10.223.56.7" model="" name="ASA 1000V" pooled="0" registeredClientDn="extpol/reg/clients/client-1007" revision="0" serial="" svcId="1007" vendor=""/>
</outConfigs>
</configResolveChildren>
-->

20
plugins/network-elements/cisco-vnmc/scripts/network/cisco/login.xml Normal file
View File

@ -0,0 +1,20 @@
<?xml version="1.0" encoding="us-ascii"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<aaaLogin inName="%username%" inPassword="%password%" />

53
plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/AssociateAsaWithLogicalEdgeFirewallCommand.java Executable file
View File

@ -0,0 +1,53 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.agent.api;
/**
* Associates an ASA 1000v appliance with logical edge firewall in VNMC
*/
public class AssociateAsaWithLogicalEdgeFirewallCommand extends Command {
private long _vlanId;
private String _asaMgmtIp;
public AssociateAsaWithLogicalEdgeFirewallCommand(long vlanId, String asaMgmtIp) {
super();
this._vlanId = vlanId;
this._asaMgmtIp = asaMgmtIp;
}
@Override
public boolean executeInSequence() {
return false;
}
public long getVlanId() {
return _vlanId;
}
public void setVlanId(long vlanId) {
this._vlanId = vlanId;
}
public String getAsaMgmtIp() {
return _asaMgmtIp;
}
public void setAsaMgmtIp(String asaMgmtIp) {
this._asaMgmtIp = asaMgmtIp;
}
}

43
plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CleanupLogicalEdgeFirewallCommand.java Executable file
View File

@ -0,0 +1,43 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.agent.api;
/**
* Command for cleaning up logical edge firewall in VNMC
*/
public class CleanupLogicalEdgeFirewallCommand extends Command {
private long _vlanId;
public CleanupLogicalEdgeFirewallCommand(long vlanId) {
super();
this._vlanId = vlanId;
}
@Override
public boolean executeInSequence() {
return false;
}
public long getVlanId() {
return _vlanId;
}
public void setVlanId(long vlanId) {
this._vlanId = vlanId;
}
}

95
plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java Executable file
View File

@ -0,0 +1,95 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.agent.api;
/**
* Command for configuring n1kv VSM for asa1kv device. It does the following in VSM:
* a. creating vservice node for asa1kv
* b. updating vlan of inside port profile associated with asa1kv
*/
public class ConfigureNexusVsmForAsaCommand extends Command {
private long _vlanId;
private String _ipAddress;
private String _vsmUsername;
private String _vsmPassword;
private String _vsmIp;
private String _asaInPortProfile;
public ConfigureNexusVsmForAsaCommand(long vlanId, String ipAddress,
String vsmUsername, String vsmPassword, String vsmIp, String asaInPortProfile) {
super();
this._vlanId = vlanId;
this._ipAddress = ipAddress;
this._vsmUsername = vsmUsername;
this._vsmPassword = vsmPassword;
this._vsmIp = vsmIp;
this._asaInPortProfile = asaInPortProfile;
}
@Override
public boolean executeInSequence() {
return false;
}
public long getVlanId() {
return _vlanId;
}
public void setVlanId(long _vlanId) {
this._vlanId = _vlanId;
}
public String getIpAddress() {
return _ipAddress;
}
public void setIpAddress(String _ipAddress) {
this._ipAddress = _ipAddress;
}
public String getVsmUsername() {
return _vsmUsername;
}
public void setVsmUsername(String _vsmUsername) {
this._vsmUsername = _vsmUsername;
}
public String getVsmPassword() {
return _vsmPassword;
}
public void setVsmPassword(String _vsmPassword) {
this._vsmPassword = _vsmPassword;
}
public String getVsmIp() {
return _vsmIp;
}
public void setVsmIp(String _vsmIp) {
this._vsmIp = _vsmIp;
}
public String getAsaInPortProfile() {
return _asaInPortProfile;
}
public void setAsaInPortProfile(String _asaInPortProfile) {
this._asaInPortProfile = _asaInPortProfile;
}
}

94
plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java Executable file
View File

@ -0,0 +1,94 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.agent.api;
import java.util.ArrayList;
import java.util.List;
/**
* Command for creating a logical edge firewall in VNMC
*/
public class CreateLogicalEdgeFirewallCommand extends Command {
private long _vlanId;
private String _publicIp;
private String _internalIp;
private String _publicSubnet;
private String _internalSubnet;
private List<String> _publicGateways;
public CreateLogicalEdgeFirewallCommand(long vlanId,
String publicIp, String internalIp,
String publicSubnet, String internalSubnet) {
super();
this._vlanId = vlanId;
this._publicIp = publicIp;
this._internalIp = internalIp;
this._publicSubnet = publicSubnet;
this.setInternalSubnet(internalSubnet);
_publicGateways = new ArrayList<String>();
}
@Override
public boolean executeInSequence() {
return false;
}
public long getVlanId() {
return _vlanId;
}
public void setVlanId(long vlanId) {
this._vlanId = vlanId;
}
public String getPublicIp() {
return _publicIp;
}
public void setPublicIp(String publicIp) {
this._publicIp = publicIp;
}
public String getInternalIp() {
return _internalIp;
}
public void setInternalIp(String internalIp) {
this._internalIp = internalIp;
}
public String getPublicSubnet() {
return _publicSubnet;
}
public void setPublicSubnet(String publicSubnet) {
this._publicSubnet = publicSubnet;
}
public String getInternalSubnet() {
return _internalSubnet;
}
public void setInternalSubnet(String _internalSubnet) {
this._internalSubnet = _internalSubnet;
}
public List<String> getPublicGateways() {
return _publicGateways;
}
}

116
plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/AddCiscoAsa1000vResourceCmd.java Executable file
View File

@ -0,0 +1,116 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.api.commands;
import javax.inject.Inject;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.ClusterResponse;
import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
import org.apache.log4j.Logger;
import com.cloud.api.response.CiscoAsa1000vResourceResponse;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.cisco.CiscoAsa1000vDevice;
import com.cloud.network.element.CiscoAsa1000vService;
import com.cloud.user.UserContext;
import com.cloud.utils.exception.CloudRuntimeException;
@APICommand(name="addCiscoAsa1000vResource", responseObject=CiscoAsa1000vResourceResponse.class, description="Adds a Cisco Asa 1000v appliance")
public class AddCiscoAsa1000vResourceCmd extends BaseCmd {
private static final Logger s_logger = Logger.getLogger(AddCiscoAsa1000vResourceCmd.class.getName());
private static final String s_name = "addCiscoAsa1000vResource";
@Inject CiscoAsa1000vService _ciscoAsa1000vService;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name=ApiConstants.PHYSICAL_NETWORK_ID, type=CommandType.UUID, entityType = PhysicalNetworkResponse.class, required=true, description="the Physical Network ID")
private Long physicalNetworkId;
@Parameter(name=ApiConstants.HOST_NAME, type=CommandType.STRING, required = true, description="Hostname or ip address of the Cisco ASA 1000v appliance.")
private String host;
@Parameter(name=ApiConstants.ASA_INSIDE_PORT_PROFILE, type=CommandType.STRING, required = true, description="Nexus port profile associated with inside interface of ASA 1000v")
private String inPortProfile;
@Parameter(name=ApiConstants.CLUSTER_ID, type=CommandType.UUID, entityType = ClusterResponse.class, required=true, description="the Cluster ID")
private Long clusterId;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getPhysicalNetworkId() {
return physicalNetworkId;
}
public String getManagementIp() {
return host;
}
public String getInPortProfile() {
return inPortProfile;
}
public Long getClusterId() {
return clusterId;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
try {
CiscoAsa1000vDevice ciscoAsa1000v = _ciscoAsa1000vService.addCiscoAsa1000vResource(this);
if (ciscoAsa1000v != null) {
CiscoAsa1000vResourceResponse response = _ciscoAsa1000vService.createCiscoAsa1000vResourceResponse(ciscoAsa1000v);
response.setObjectName("CiscoAsa1000vResource");
response.setResponseName(getCommandName());
this.setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add Cisco ASA 1000v appliance due to internal error.");
}
} catch (InvalidParameterValueException invalidParamExcp) {
throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
} catch (CloudRuntimeException runtimeExcp) {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
}
}
@Override
public String getCommandName() {
return s_name;
}
@Override
public long getEntityOwnerId() {
return UserContext.current().getCaller().getId();
}
}

115
plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/AddCiscoVnmcResourceCmd.java Normal file
View File

@ -0,0 +1,115 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.api.commands;
import javax.inject.Inject;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
import org.apache.log4j.Logger;
import com.cloud.api.response.CiscoVnmcResourceResponse;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.cisco.CiscoVnmcController;
import com.cloud.network.element.CiscoVnmcElementService;
import com.cloud.user.UserContext;
import com.cloud.utils.exception.CloudRuntimeException;
@APICommand(name="addCiscoVnmcResource", responseObject=CiscoVnmcResourceResponse.class, description="Adds a Cisco Vnmc Controller")
public class AddCiscoVnmcResourceCmd extends BaseCmd {
private static final Logger s_logger = Logger.getLogger(AddCiscoVnmcResourceCmd.class.getName());
private static final String s_name = "addCiscoVnmcResource";
@Inject CiscoVnmcElementService _ciscoVnmcElementService;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name=ApiConstants.PHYSICAL_NETWORK_ID, type=CommandType.UUID, entityType = PhysicalNetworkResponse.class, required=true, description="the Physical Network ID")
private Long physicalNetworkId;
@Parameter(name=ApiConstants.HOST_NAME, type=CommandType.STRING, required = true, description="Hostname or ip address of the Cisco VNMC Controller.")
private String host;
@Parameter(name=ApiConstants.USERNAME, type=CommandType.STRING, required = true, description="Credentials to access the Cisco VNMC Controller API")
private String username;
@Parameter(name=ApiConstants.PASSWORD, type=CommandType.STRING, required = true, description="Credentials to access the Cisco VNMC Controller API")
private String password;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getPhysicalNetworkId() {
return physicalNetworkId;
}
public String getHost() {
return host;
}
public String getUsername() {
return username;
}
public String getPassword() {
return password;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
try {
CiscoVnmcController CiscoVnmcResourceVO = _ciscoVnmcElementService.addCiscoVnmcResource(this);
if (CiscoVnmcResourceVO != null) {
CiscoVnmcResourceResponse response = _ciscoVnmcElementService.createCiscoVnmcResourceResponse(CiscoVnmcResourceVO);
response.setObjectName("CiscoVnmcResource");
response.setResponseName(getCommandName());
this.setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add Cisco VNMC controller due to internal error.");
}
} catch (InvalidParameterValueException invalidParamExcp) {
throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
} catch (CloudRuntimeException runtimeExcp) {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
}
}
@Override
public String getCommandName() {
return s_name;
}
@Override
public long getEntityOwnerId() {
return UserContext.current().getCaller().getId();
}
}

93
plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/DeleteCiscoAsa1000vResourceCmd.java Executable file
View File

@ -0,0 +1,93 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.api.commands;
import javax.inject.Inject;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.SuccessResponse;
import org.apache.log4j.Logger;
import com.cloud.api.response.CiscoAsa1000vResourceResponse;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.element.CiscoAsa1000vService;
import com.cloud.user.UserContext;
import com.cloud.utils.exception.CloudRuntimeException;
@APICommand(name="deleteCiscoAsa1000vResource", responseObject=SuccessResponse.class, description="Deletes a Cisco ASA 1000v appliance")
public class DeleteCiscoAsa1000vResourceCmd extends BaseCmd {
private static final Logger s_logger = Logger.getLogger(DeleteCiscoAsa1000vResourceCmd.class.getName());
private static final String s_name = "deleteCiscoAsa1000vResource";
@Inject CiscoAsa1000vService _ciscoAsa1000vService;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name=ApiConstants.RESOURCE_ID, type=CommandType.UUID, required=true, entityType=CiscoAsa1000vResourceResponse.class, description="Cisco ASA 1000v resource ID")
private Long ciscoAsa1000vResourceId;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getCiscoAsa1000vResourceId() {
return ciscoAsa1000vResourceId;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
try {
boolean result = _ciscoAsa1000vService.deleteCiscoAsa1000vResource(this);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
response.setResponseName(getCommandName());
this.setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete Cisco ASA 1000v appliance.");
}
} catch (InvalidParameterValueException invalidParamExcp) {
throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
} catch (CloudRuntimeException runtimeExcp) {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
}
}
@Override
public String getCommandName() {
return s_name;
}
@Override
public long getEntityOwnerId() {
return UserContext.current().getCaller().getId();
}
}

93
plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/DeleteCiscoVnmcResourceCmd.java Normal file
View File

@ -0,0 +1,93 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.api.commands;
import javax.inject.Inject;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.SuccessResponse;
import org.apache.log4j.Logger;
import com.cloud.api.response.CiscoVnmcResourceResponse;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.element.CiscoVnmcElementService;
import com.cloud.user.UserContext;
import com.cloud.utils.exception.CloudRuntimeException;
@APICommand(name="deleteCiscoVnmcResource", responseObject=SuccessResponse.class, description="Deletes a Cisco Vnmc controller")
public class DeleteCiscoVnmcResourceCmd extends BaseCmd {
private static final Logger s_logger = Logger.getLogger(DeleteCiscoVnmcResourceCmd.class.getName());
private static final String s_name = "deleteCiscoVnmcResource";
@Inject CiscoVnmcElementService _ciscoVnmcElementService;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name=ApiConstants.RESOURCE_ID, type=CommandType.UUID, required=true, entityType=CiscoVnmcResourceResponse.class, description="Cisco Vnmc resource ID")
private Long ciscoVnmcResourceId;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getCiscoVnmcResourceId() {
return ciscoVnmcResourceId;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
try {
boolean result = _ciscoVnmcElementService.deleteCiscoVnmcResource(this);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
response.setResponseName(getCommandName());
this.setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete Cisco Vnmc resource.");
}
} catch (InvalidParameterValueException invalidParamExcp) {
throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
} catch (CloudRuntimeException runtimeExcp) {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
}
}
@Override
public String getCommandName() {
return s_name;
}
@Override
public long getEntityOwnerId() {
return UserContext.current().getCaller().getId();
}
}

110
plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/ListCiscoAsa1000vResourcesCmd.java Executable file
View File

@ -0,0 +1,110 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.api.commands;
import java.util.ArrayList;
import java.util.List;
import javax.inject.Inject;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseListCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
import org.apache.log4j.Logger;
import com.cloud.api.response.CiscoAsa1000vResourceResponse;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.cisco.CiscoAsa1000vDevice;
import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
import com.cloud.network.element.CiscoAsa1000vService;
import com.cloud.utils.exception.CloudRuntimeException;
@APICommand(name="listCiscoAsa1000vResources", responseObject=CiscoAsa1000vResourceResponse.class, description="Lists Cisco ASA 1000v appliances")
public class ListCiscoAsa1000vResourcesCmd extends BaseListCmd {
private static final Logger s_logger = Logger.getLogger(ListCiscoAsa1000vResourcesCmd.class.getName());
private static final String s_name = "listCiscoAsa1000vResources";
@Inject CiscoAsa1000vService _ciscoAsa1000vService;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name=ApiConstants.PHYSICAL_NETWORK_ID, type=CommandType.UUID, entityType = PhysicalNetworkResponse.class, description="the Physical Network ID")
private Long physicalNetworkId;
@Parameter(name=ApiConstants.RESOURCE_ID, type=CommandType.UUID, entityType=CiscoAsa1000vResourceResponse.class, description="Cisco ASA 1000v resource ID")
private Long ciscoAsa1000vResourceId;
@Parameter(name=ApiConstants.HOST_NAME, type=CommandType.STRING, description="Hostname or ip address of the Cisco ASA 1000v appliance.")
private String host;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getCiscoAsa1000vResourceId() {
return ciscoAsa1000vResourceId;
}
public Long getPhysicalNetworkId() {
return physicalNetworkId;
}
public String getManagementIp() {
return host;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
try {
List<CiscoAsa1000vDeviceVO> ciscoAsa1000vDevices = _ciscoAsa1000vService.listCiscoAsa1000vResources(this);
ListResponse<CiscoAsa1000vResourceResponse> response = new ListResponse<CiscoAsa1000vResourceResponse>();
List<CiscoAsa1000vResourceResponse> ciscoAsa1000vResourcesResponse = new ArrayList<CiscoAsa1000vResourceResponse>();
if (ciscoAsa1000vDevices != null && !ciscoAsa1000vDevices.isEmpty()) {
for (CiscoAsa1000vDevice ciscoAsa1000vDeviceVO : ciscoAsa1000vDevices) {
CiscoAsa1000vResourceResponse ciscoAsa1000vResourceResponse = _ciscoAsa1000vService.createCiscoAsa1000vResourceResponse(ciscoAsa1000vDeviceVO);
ciscoAsa1000vResourcesResponse.add(ciscoAsa1000vResourceResponse);
}
}
response.setResponses(ciscoAsa1000vResourcesResponse);
response.setResponseName(getCommandName());
this.setResponseObject(response);
} catch (InvalidParameterValueException invalidParamExcp) {
throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
} catch (CloudRuntimeException runtimeExcp) {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
}
}
@Override
public String getCommandName() {
return s_name;
}
}

106
plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/ListCiscoVnmcResourcesCmd.java Normal file
View File

@ -0,0 +1,106 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.api.commands;
import java.util.ArrayList;
import java.util.List;
import javax.inject.Inject;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseListCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.ListResponse;
import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
import org.apache.log4j.Logger;
import com.cloud.api.response.CiscoVnmcResourceResponse;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.cisco.CiscoVnmcController;
import com.cloud.network.cisco.CiscoVnmcControllerVO;
import com.cloud.network.element.CiscoVnmcElementService;
import com.cloud.utils.exception.CloudRuntimeException;
@APICommand(name="listCiscoVnmcResources", responseObject=CiscoVnmcResourceResponse.class, description="Lists Cisco VNMC controllers")
public class ListCiscoVnmcResourcesCmd extends BaseListCmd {
private static final Logger s_logger = Logger.getLogger(ListCiscoVnmcResourcesCmd.class.getName());
private static final String s_name = "listCiscoVnmcResources";
@Inject CiscoVnmcElementService _ciscoVnmcElementService;
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name=ApiConstants.PHYSICAL_NETWORK_ID, type=CommandType.UUID, entityType = PhysicalNetworkResponse.class, description="the Physical Network ID")
private Long physicalNetworkId;
@Parameter(name=ApiConstants.RESOURCE_ID, type=CommandType.UUID, entityType=CiscoVnmcResourceResponse.class, description="Cisco VNMC resource ID")
private Long ciscoVnmcResourceId;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getCiscoVnmcResourceId() {
return ciscoVnmcResourceId;
}
public Long getPhysicalNetworkId() {
return physicalNetworkId;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
try {
List<CiscoVnmcControllerVO> CiscoVnmcResources = _ciscoVnmcElementService.listCiscoVnmcResources(this);
ListResponse<CiscoVnmcResourceResponse> response = new ListResponse<CiscoVnmcResourceResponse>();
List<CiscoVnmcResourceResponse> CiscoVnmcResourcesResponse = new ArrayList<CiscoVnmcResourceResponse>();
if (CiscoVnmcResources != null && !CiscoVnmcResources.isEmpty()) {
for (CiscoVnmcController CiscoVnmcResourceVO : CiscoVnmcResources) {
CiscoVnmcResourceResponse CiscoVnmcResourceResponse = _ciscoVnmcElementService.createCiscoVnmcResourceResponse(CiscoVnmcResourceVO);
CiscoVnmcResourcesResponse.add(CiscoVnmcResourceResponse);
}
}
response.setResponses(CiscoVnmcResourcesResponse);
response.setResponseName(getCommandName());
this.setResponseObject(response);
} catch (InvalidParameterValueException invalidParamExcp) {
throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
} catch (CloudRuntimeException runtimeExcp) {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
}
}
@Override
public String getCommandName() {
return s_name;
}
}

88
plugins/network-elements/cisco-vnmc/src/com/cloud/api/response/CiscoAsa1000vResourceResponse.java Executable file
View File

@ -0,0 +1,88 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.api.response;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
import org.apache.cloudstack.api.EntityReference;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.response.NetworkResponse;
import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
import com.cloud.network.cisco.CiscoAsa1000vDevice;
import com.google.gson.annotations.SerializedName;
@EntityReference(value = CiscoAsa1000vDevice.class)
public class CiscoAsa1000vResourceResponse extends BaseResponse {
public static final String RESOURCE_NAME = "resourcename";
@SerializedName(ApiConstants.RESOURCE_ID) @Parameter(description="resource id of the Cisco ASA 1000v appliance")
private String id;
@SerializedName(ApiConstants.PHYSICAL_NETWORK_ID)
@Parameter(description="the physical network to which this ASA 1000v belongs to", entityType = PhysicalNetworkResponse.class)
private Long physicalNetworkId ;
public Long getPhysicalNetworkId() {
return physicalNetworkId;
}
@SerializedName(ApiConstants.HOST_NAME)
@Parameter(description="management ip address of ASA 1000v")
private String managementIp;
public String getManagementIp() {
return managementIp;
}
@SerializedName(ApiConstants.ASA_INSIDE_PORT_PROFILE)
@Parameter(description="management ip address of ASA 1000v")
private String inPortProfile;
public String getInPortProfile() {
return inPortProfile;
}
@SerializedName(ApiConstants.NETWORK_ID)
@Parameter(description="the guest network to which ASA 1000v is associated", entityType = NetworkResponse.class)
private Long guestNetworkId;
public Long getGuestNetworkId() {
return guestNetworkId;
}
public void setId(String ciscoAsa1000vResourceId) {
this.id = ciscoAsa1000vResourceId;
}
public void setPhysicalNetworkId(Long physicalNetworkId) {
this.physicalNetworkId = physicalNetworkId;
}
public void setManagementIp(String managementIp) {
this.managementIp = managementIp;
}
public void setInPortProfile(String inPortProfile) {
this.inPortProfile = inPortProfile;
}
public void setGuestNetworkId(Long guestNetworkId) {
this.guestNetworkId = guestNetworkId;
}
}

75
plugins/network-elements/cisco-vnmc/src/com/cloud/api/response/CiscoVnmcResourceResponse.java Normal file
View File

@ -0,0 +1,75 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.api.response;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
import org.apache.cloudstack.api.EntityReference;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
import com.cloud.network.cisco.CiscoVnmcController;
import com.google.gson.annotations.SerializedName;
@EntityReference(value = CiscoVnmcController.class)
public class CiscoVnmcResourceResponse extends BaseResponse {
public static final String RESOURCE_NAME = "resourcename";
@SerializedName(ApiConstants.RESOURCE_ID)
@Parameter(description="resource id of the Cisco VNMC controller")
private String id;
@SerializedName(ApiConstants.PHYSICAL_NETWORK_ID)
@Parameter(description="the physical network to which this VNMC belongs to", entityType = PhysicalNetworkResponse.class)
private Long physicalNetworkId;
public Long getPhysicalNetworkId() {
return physicalNetworkId;
}
public String getProviderName() {
return providerName;
}
public String getResourceName() {
return resourceName;
}
@SerializedName(ApiConstants.PROVIDER) @Parameter(description="name of the provider")
private String providerName;
@SerializedName(RESOURCE_NAME)
@Parameter(description="Cisco VNMC resource name")
private String resourceName;
public void setId(String ciscoVnmcResourceId) {
this.id = ciscoVnmcResourceId;
}
public void setPhysicalNetworkId(Long physicalNetworkId) {
this.physicalNetworkId = physicalNetworkId;
}
public void setProviderName(String providerName) {
this.providerName = providerName;
}
public void setResourceName(String resourceName) {
this.resourceName = resourceName;
}
}

39
plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoAsa1000vDevice.java Executable file
View File

@ -0,0 +1,39 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.cisco;
import org.apache.cloudstack.api.Identity;
import org.apache.cloudstack.api.InternalIdentity;
import com.cloud.org.Grouping;
public interface CiscoAsa1000vDevice extends Grouping, InternalIdentity, Identity {
long getId();
String getUuid();
void setUuid(String uuid);
long getPhysicalNetworkId();
String getManagementIp();
String getInPortProfile();
long getClusterId();
}

101
plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoAsa1000vDeviceVO.java Executable file
View File

@ -0,0 +1,101 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.cisco;
import java.util.UUID;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
@Entity
@Table(name="external_cisco_asa1000v_devices")
public class CiscoAsa1000vDeviceVO implements CiscoAsa1000vDevice {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name="id")
private long id;
@Column(name="uuid")
private String uuid;
@Column(name="physical_network_id")
private long physicalNetworkId;
@Column(name="management_ip")
private String managementIp;
@Column(name="in_Port_profile")
private String inPortProfile;
@Column(name="cluster_id")
private long clusterId;
public CiscoAsa1000vDeviceVO() {
this.uuid = UUID.randomUUID().toString();
}
public CiscoAsa1000vDeviceVO(long physicalNetworkId,
String managementIp, String inPortProfile, long clusterId) {
super();
this.physicalNetworkId = physicalNetworkId;
this.managementIp = managementIp;
this.inPortProfile = inPortProfile;
this.uuid = UUID.randomUUID().toString();
this.clusterId = clusterId;
}
@Override
public long getId() {
return id;
}
@Override
public String getUuid() {
return uuid;
}
@Override
public void setUuid(String uuid) {
this.uuid = uuid;
}
@Override
public long getPhysicalNetworkId() {
return physicalNetworkId;
}
@Override
public String getManagementIp() {
return managementIp;
}
@Override
public String getInPortProfile() {
return inPortProfile;
}
@Override
public long getClusterId() {
return clusterId;
}
}

196
plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java Normal file
View File

@ -0,0 +1,196 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.cisco;
import java.util.Map;
import com.cloud.utils.exception.ExecutionException;
public interface CiscoVnmcConnection {
public boolean createTenant(String tenantName) throws ExecutionException;
public boolean deleteTenant(String tenantName) throws ExecutionException;
public boolean createTenantVDC(String tenantName) throws ExecutionException;
public boolean deleteTenantVDC(String tenantName) throws ExecutionException;
public boolean createTenantVDCEdgeDeviceProfile(String tenantName)
throws ExecutionException;
public boolean createTenantVDCEdgeStaticRoutePolicy(String tenantName)
throws ExecutionException;
public boolean createTenantVDCEdgeStaticRoute(String tenantName,
String nextHopIp, String destination, String netmask) throws ExecutionException;
public boolean associateTenantVDCEdgeStaticRoutePolicy(String tenantName)
throws ExecutionException;
public boolean associateTenantVDCEdgeDhcpPolicy(String tenantName,
String intfName) throws ExecutionException;
public boolean createTenantVDCEdgeDhcpPolicy(String tenantName,
String startIp, String endIp, String subnet, String nameServerIp,
String domain) throws ExecutionException;
public boolean associateTenantVDCEdgeDhcpServerPolicy(String tenantName,
String intfName) throws ExecutionException;
public boolean createTenantVDCEdgeSecurityProfile(String tenantName)
throws ExecutionException;
public boolean deleteTenantVDCEdgeSecurityProfile(String tenantName)
throws ExecutionException;
public boolean createTenantVDCSourceNatIpPool(String tenantName, String identifier,
String publicIp) throws ExecutionException;
public boolean createTenantVDCSourceNatRule(String tenantName, String identifier,
String startSourceIp, String endSourceIp) throws ExecutionException;
public boolean createTenantVDCSourceNatPolicy(String tenantName, String identifier)
throws ExecutionException;
public boolean createTenantVDCSourceNatPolicyRef(String tenantName, String identifier)
throws ExecutionException;
public boolean createTenantVDCDNatIpPool(String tenantName, String identifier,
String ipAddress) throws ExecutionException;
public boolean createTenantVDCDNatRule(String tenantName,
String identifier, String policyIdentifier,
String publicIp)
throws ExecutionException;
public boolean deleteTenantVDCDNatRule(String tenantName,
String identifier, String policyIdentifier)
throws ExecutionException;
public boolean createTenantVDCAclRuleForDNat(String tenantName,
String identifier, String policyIdentifier,
String ipAddress)
throws ExecutionException;
public boolean createTenantVDCDNatPolicy(String tenantName, String identifier)
throws ExecutionException;
public boolean deleteTenantVDCDNatPolicy(String tenantName, String identifier)
throws ExecutionException;
public boolean createTenantVDCDNatPolicyRef(String tenantName, String identifier)
throws ExecutionException;
public boolean createTenantVDCPFPortPool(String tenantName, String identifier,
String startPort, String endPort)
throws ExecutionException;
public boolean createTenantVDCPFIpPool(String tenantName, String identifier,
String ipAddress) throws ExecutionException;
public boolean createTenantVDCPFRule(String tenantName,
String identifier, String policyIdentifier,
String protocol, String publicIp,
String startPort, String endPort)
throws ExecutionException;
public boolean deleteTenantVDCPFRule(String tenantName,
String identifier, String policyIdentifier)
throws ExecutionException;
public boolean createTenantVDCAclRuleForPF(String tenantName,
String identifier, String policyIdentifier,
String protocol, String ipAddress,
String startPort, String endPort)
throws ExecutionException;
public boolean createTenantVDCPFPolicy(String tenantName, String identifier)
throws ExecutionException;
public boolean deleteTenantVDCPFPolicy(String tenantName, String identifier)
throws ExecutionException;
public boolean createTenantVDCPFPolicyRef(String tenantName, String identifier)
throws ExecutionException;
public boolean createTenantVDCNatPolicySet(String tenantName)
throws ExecutionException;
public boolean deleteTenantVDCNatPolicySet(String tenantName)
throws ExecutionException;
public boolean associateNatPolicySet(String tenantName)
throws ExecutionException;
public boolean createTenantVDCIngressAclRule(String tenantName,
String identifier, String policyIdentifier,
String protocol, String sourceStartIp, String sourceEndIp,
String destStartPort, String destEndPort, String destIp)
throws ExecutionException;
public boolean createTenantVDCIngressAclRule(String tenantName,
String identifier, String policyIdentifier,
String protocol, String sourceStartIp, String sourceEndIp, String destIp)
throws ExecutionException;
public boolean createTenantVDCEgressAclRule(String tenantName,
String identifier, String policyIdentifier,
String protocol, String sourceStartPort, String sourceEndPort, String sourceIp,
String destStartIp, String destEndIp)
throws ExecutionException;
public boolean createTenantVDCEgressAclRule(String tenantName,
String identifier, String policyIdentifier,
String protocol, String sourceIp, String destStartIp, String destEndIp)
throws ExecutionException;
public boolean deleteTenantVDCAclRule(String tenantName,
String identifier, String policyIdentifier) throws ExecutionException;
public boolean createTenantVDCAclPolicy(String tenantName,
String identifier) throws ExecutionException;
public boolean createTenantVDCAclPolicyRef(String tenantName, String identifier,
boolean ingress) throws ExecutionException;
public boolean deleteTenantVDCAclPolicy(String tenantName, String identifier)
throws ExecutionException;
public boolean createTenantVDCAclPolicySet(String tenantName, boolean ingress)
throws ExecutionException;
public boolean deleteTenantVDCAclPolicySet(String tenantName, boolean ingress)
throws ExecutionException;
public boolean associateAclPolicySet(String tenantName)
throws ExecutionException;
public boolean createEdgeFirewall(String tenantName, String publicIp,
String insideIp, String publicSubnet, String insideSubnet)
throws ExecutionException;
public boolean deleteEdgeFirewall(String tenantName) throws ExecutionException;
public Map<String, String> listUnAssocAsa1000v() throws ExecutionException;
public boolean assignAsa1000v(String tenantName, String firewallDn)
throws ExecutionException;
public boolean unassignAsa1000v(String tenantName, String firewallDn)
throws ExecutionException;
}

1415
plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java Normal file
View File

File diff suppressed because it is too large Load Diff

40
plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcController.java Normal file
View File

@ -0,0 +1,40 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.cisco;
import org.apache.cloudstack.api.Identity;
import org.apache.cloudstack.api.InternalIdentity;
import com.cloud.org.Grouping;
public interface CiscoVnmcController extends Grouping, InternalIdentity, Identity {
long getId();
String getUuid();
void setUuid(String uuid);
long getPhysicalNetworkId();
long getHostId();
String getProviderName();
String getDeviceName();
}

102
plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcControllerVO.java Normal file
View File

@ -0,0 +1,102 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.cisco;
import java.util.UUID;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
@Entity
@Table(name="external_cisco_vnmc_devices")
public class CiscoVnmcControllerVO implements CiscoVnmcController {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name="id")
private long id;
@Column(name="uuid")
private String uuid;
@Column(name="host_id")
private long hostId;
@Column(name="physical_network_id")
private long physicalNetworkId;
@Column(name="provider_name")
private String providerName;
@Column(name="device_name")
private String deviceName;
public CiscoVnmcControllerVO() {
this.uuid = UUID.randomUUID().toString();
}
public CiscoVnmcControllerVO(long hostId, long physicalNetworkId,
String providerName, String deviceName) {
super();
this.hostId = hostId;
this.physicalNetworkId = physicalNetworkId;
this.providerName = providerName;
this.deviceName = deviceName;
this.uuid = UUID.randomUUID().toString();
}
@Override
public long getId() {
return id;
}
@Override
public String getUuid() {
return uuid;
}
@Override
public void setUuid(String uuid) {
this.uuid = uuid;
}
@Override
public long getPhysicalNetworkId() {
return physicalNetworkId;
}
@Override
public long getHostId() {
return hostId;
}
@Override
public String getProviderName() {
return providerName;
}
@Override
public String getDeviceName() {
return deviceName;
}
}

31
plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/NetworkAsa1000vMap.java Executable file
View File

@ -0,0 +1,31 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.cisco;
import org.apache.cloudstack.api.InternalIdentity;
import com.cloud.org.Grouping;
public interface NetworkAsa1000vMap extends Grouping, InternalIdentity {
long getId();
long getNetworkId();
long getAsa1000vId();
}

73
plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/NetworkAsa1000vMapVO.java Executable file
View File

@ -0,0 +1,73 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.cisco;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
@Entity
@Table(name="network_asa1000v_map")
public class NetworkAsa1000vMapVO implements NetworkAsa1000vMap {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name="id")
private long id;
@Column(name="network_id")
private long networkId;
@Column(name="asa1000v_id")
private long asa1000vId;
public NetworkAsa1000vMapVO() {
}
public NetworkAsa1000vMapVO(long networkId, long asa1000vId) {
super();
this.networkId = networkId;
this.asa1000vId = asa1000vId;
}
@Override
public long getId() {
return id;
}
@Override
public long getAsa1000vId() {
return asa1000vId;
}
public void setAsa1000vId(long asa1000vId) {
this.asa1000vId = asa1000vId;
}
@Override
public long getNetworkId() {
return networkId;
}
public void setNetworkId(long networkId) {
this.networkId = networkId;
}
}

33
plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoAsa1000vDao.java Executable file
View File

@ -0,0 +1,33 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.dao;
import java.util.List;
import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
import com.cloud.utils.db.GenericDao;
public interface CiscoAsa1000vDao extends GenericDao<CiscoAsa1000vDeviceVO, Long>{
/**
* list all the Cisco Asa 1000v devices added in to this physical network
* @param physicalNetworkId physical Network Id
* @return list of CiscoAsa1000vDeviceVO for this physical network.
*/
List<CiscoAsa1000vDeviceVO> listByPhysicalNetwork(long physicalNetworkId);
CiscoAsa1000vDeviceVO findByManagementIp(String managementIp);
}

63
plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoAsa1000vDaoImpl.java Executable file
View File

@ -0,0 +1,63 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.dao;
import java.util.List;
import javax.ejb.Local;
import org.springframework.stereotype.Component;
import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
import com.cloud.utils.db.SearchCriteria.Op;
@Component
@Local(value=CiscoAsa1000vDao.class)
public class CiscoAsa1000vDaoImpl extends GenericDaoBase<CiscoAsa1000vDeviceVO, Long>
implements CiscoAsa1000vDao {
protected final SearchBuilder<CiscoAsa1000vDeviceVO> physicalNetworkIdSearch;
protected final SearchBuilder<CiscoAsa1000vDeviceVO> managementIpSearch;
public CiscoAsa1000vDaoImpl() {
physicalNetworkIdSearch = createSearchBuilder();
physicalNetworkIdSearch.and("physicalNetworkId", physicalNetworkIdSearch.entity().getPhysicalNetworkId(), Op.EQ);
physicalNetworkIdSearch.done();
managementIpSearch = createSearchBuilder();
managementIpSearch.and("managementIp", managementIpSearch.entity().getManagementIp(), Op.EQ);
managementIpSearch.done();
}
@Override
public List<CiscoAsa1000vDeviceVO> listByPhysicalNetwork(long physicalNetworkId) {
SearchCriteria<CiscoAsa1000vDeviceVO> sc = physicalNetworkIdSearch.create();
sc.setParameters("physicalNetworkId", physicalNetworkId);
return search(sc, null);
}
@Override
public CiscoAsa1000vDeviceVO findByManagementIp(String managementIp) {
SearchCriteria<CiscoAsa1000vDeviceVO> sc = managementIpSearch.create();
sc.setParameters("managementIp", managementIp);
return findOneBy(sc);
}
}

32
plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoVnmcDao.java Normal file
View File

@ -0,0 +1,32 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.dao;
import java.util.List;
import com.cloud.network.cisco.CiscoVnmcControllerVO;
import com.cloud.utils.db.GenericDao;
public interface CiscoVnmcDao extends GenericDao<CiscoVnmcControllerVO, Long>{
/**
* list all the Cisco VNMC devices added in to this physical network
* @param physicalNetworkId physical Network Id
* @return list of CiscoVnmcDeviceVO for this physical network.
*/
List<CiscoVnmcControllerVO> listByPhysicalNetwork(long physicalNetworkId);
}

51
plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoVnmcDaoImpl.java Normal file
View File

@ -0,0 +1,51 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.dao;
import java.util.List;
import javax.ejb.Local;
import org.springframework.stereotype.Component;
import com.cloud.network.cisco.CiscoVnmcControllerVO;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
import com.cloud.utils.db.SearchCriteria.Op;
@Component
@Local(value=CiscoVnmcDao.class)
public class CiscoVnmcDaoImpl extends GenericDaoBase<CiscoVnmcControllerVO, Long>
implements CiscoVnmcDao {
protected final SearchBuilder<CiscoVnmcControllerVO> physicalNetworkIdSearch;
public CiscoVnmcDaoImpl() {
physicalNetworkIdSearch = createSearchBuilder();
physicalNetworkIdSearch.and("physicalNetworkId", physicalNetworkIdSearch.entity().getPhysicalNetworkId(), Op.EQ);
physicalNetworkIdSearch.done();
}
@Override
public List<CiscoVnmcControllerVO> listByPhysicalNetwork(long physicalNetworkId) {
SearchCriteria<CiscoVnmcControllerVO> sc = physicalNetworkIdSearch.create();
sc.setParameters("physicalNetworkId", physicalNetworkId);
return search(sc, null);
}
}

28
plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/NetworkAsa1000vMapDao.java Executable file
View File

@ -0,0 +1,28 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.dao;
import com.cloud.network.cisco.NetworkAsa1000vMapVO;
import com.cloud.utils.db.GenericDao;
public interface NetworkAsa1000vMapDao extends GenericDao<NetworkAsa1000vMapVO, Long>{
NetworkAsa1000vMapVO findByNetworkId(long networkId);
NetworkAsa1000vMapVO findByAsa1000vId(long asa1000vId);
}

61
plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/NetworkAsa1000vMapDaoImpl.java Executable file
View File

@ -0,0 +1,61 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.dao;
import javax.ejb.Local;
import org.springframework.stereotype.Component;
import com.cloud.network.cisco.NetworkAsa1000vMapVO;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
import com.cloud.utils.db.SearchCriteria.Op;
@Component
@Local(value=NetworkAsa1000vMapDao.class)
public class NetworkAsa1000vMapDaoImpl extends GenericDaoBase<NetworkAsa1000vMapVO, Long>
implements NetworkAsa1000vMapDao {
protected final SearchBuilder<NetworkAsa1000vMapVO> networkSearch;
protected final SearchBuilder<NetworkAsa1000vMapVO> asa1000vSearch;
public NetworkAsa1000vMapDaoImpl() {
networkSearch = createSearchBuilder();
networkSearch.and("networkId", networkSearch.entity().getNetworkId(), Op.EQ);
networkSearch.done();
asa1000vSearch = createSearchBuilder();
asa1000vSearch.and("asa1000vId", asa1000vSearch.entity().getAsa1000vId(), Op.EQ);
asa1000vSearch.done();
}
@Override
public NetworkAsa1000vMapVO findByNetworkId(long networkId) {
SearchCriteria<NetworkAsa1000vMapVO> sc = networkSearch.create();
sc.setParameters("networkId", networkId);
return findOneBy(sc);
}
@Override
public NetworkAsa1000vMapVO findByAsa1000vId(long asa1000vId) {
SearchCriteria<NetworkAsa1000vMapVO> sc = asa1000vSearch.create();
sc.setParameters("asa1000vId", asa1000vId);
return findOneBy(sc);
}
}

43
plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoAsa1000vService.java Executable file
View File

@ -0,0 +1,43 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.element;
import java.util.List;
import com.cloud.api.commands.AddCiscoAsa1000vResourceCmd;
import com.cloud.api.commands.DeleteCiscoAsa1000vResourceCmd;
import com.cloud.api.commands.ListCiscoAsa1000vResourcesCmd;
import com.cloud.api.response.CiscoAsa1000vResourceResponse;
import com.cloud.network.Network;
import com.cloud.network.cisco.CiscoAsa1000vDevice;
import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
import com.cloud.utils.component.PluggableService;
public interface CiscoAsa1000vService extends PluggableService {
public CiscoAsa1000vDevice addCiscoAsa1000vResource(AddCiscoAsa1000vResourceCmd cmd);
public CiscoAsa1000vResourceResponse createCiscoAsa1000vResourceResponse(
CiscoAsa1000vDevice ciscoAsa1000vDeviceVO);
boolean deleteCiscoAsa1000vResource(DeleteCiscoAsa1000vResourceCmd cmd);
List<CiscoAsa1000vDeviceVO> listCiscoAsa1000vResources(ListCiscoAsa1000vResourcesCmd cmd);
CiscoAsa1000vDevice assignAsa1000vToNetwork(Network network);
}

928
plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java Normal file
View File

@ -0,0 +1,928 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.element;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
import org.apache.cloudstack.network.ExternalNetworkDeviceManager.NetworkDevice;
import org.apache.log4j.Logger;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.Answer;
import com.cloud.agent.api.AssociateAsaWithLogicalEdgeFirewallCommand;
import com.cloud.agent.api.CleanupLogicalEdgeFirewallCommand;
import com.cloud.agent.api.ConfigureNexusVsmForAsaCommand;
import com.cloud.agent.api.CreateLogicalEdgeFirewallCommand;
import com.cloud.agent.api.StartupCommand;
import com.cloud.agent.api.StartupExternalFirewallCommand;
import com.cloud.agent.api.routing.NetworkElementCommand;
import com.cloud.agent.api.routing.SetFirewallRulesCommand;
import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
import com.cloud.agent.api.routing.SetSourceNatCommand;
import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
import com.cloud.agent.api.to.FirewallRuleTO;
import com.cloud.agent.api.to.IpAddressTO;
import com.cloud.agent.api.to.PortForwardingRuleTO;
import com.cloud.agent.api.to.StaticNatRuleTO;
import com.cloud.api.commands.AddCiscoAsa1000vResourceCmd;
import com.cloud.api.commands.AddCiscoVnmcResourceCmd;
import com.cloud.api.commands.DeleteCiscoAsa1000vResourceCmd;
import com.cloud.api.commands.DeleteCiscoVnmcResourceCmd;
import com.cloud.api.commands.ListCiscoAsa1000vResourcesCmd;
import com.cloud.api.commands.ListCiscoVnmcResourcesCmd;
import com.cloud.api.response.CiscoAsa1000vResourceResponse;
import com.cloud.api.response.CiscoVnmcResourceResponse;
import com.cloud.configuration.ConfigurationManager;
import com.cloud.dc.ClusterVO;
import com.cloud.dc.ClusterVSMMapVO;
import com.cloud.dc.DataCenter;
import com.cloud.dc.Vlan;
import com.cloud.dc.DataCenter.NetworkType;
import com.cloud.dc.VlanVO;
import com.cloud.dc.dao.ClusterDao;
import com.cloud.dc.dao.ClusterVSMMapDao;
import com.cloud.dc.dao.VlanDao;
import com.cloud.deploy.DeployDestination;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.host.DetailVO;
import com.cloud.host.Host;
import com.cloud.host.HostVO;
import com.cloud.host.dao.HostDao;
import com.cloud.host.dao.HostDetailsDao;
import com.cloud.network.CiscoNexusVSMDeviceVO;
import com.cloud.network.IpAddress;
import com.cloud.network.Network;
import com.cloud.network.NetworkManager;
import com.cloud.network.NetworkModel;
import com.cloud.network.PhysicalNetworkServiceProvider;
import com.cloud.network.dao.PhysicalNetworkVO;
import com.cloud.network.Network.Capability;
import com.cloud.network.Network.Provider;
import com.cloud.network.Network.Service;
import com.cloud.network.Networks.BroadcastDomainType;
import com.cloud.network.PublicIpAddress;
import com.cloud.network.addr.PublicIp;
import com.cloud.network.cisco.CiscoAsa1000vDevice;
import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
import com.cloud.network.cisco.CiscoVnmcController;
import com.cloud.network.cisco.CiscoVnmcControllerVO;
import com.cloud.network.cisco.NetworkAsa1000vMapVO;
import com.cloud.network.dao.CiscoAsa1000vDao;
import com.cloud.network.dao.CiscoNexusVSMDeviceDao;
import com.cloud.network.dao.CiscoVnmcDao;
import com.cloud.network.dao.NetworkAsa1000vMapDao;
import com.cloud.network.dao.NetworkDao;
import com.cloud.network.dao.PhysicalNetworkDao;
import com.cloud.network.dao.PhysicalNetworkServiceProviderDao;
import com.cloud.network.dao.PhysicalNetworkServiceProviderVO;
import com.cloud.network.resource.CiscoVnmcResource;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.rules.StaticNat;
import com.cloud.offering.NetworkOffering;
import com.cloud.resource.ResourceManager;
import com.cloud.resource.ResourceState;
import com.cloud.resource.ResourceStateAdapter;
import com.cloud.resource.ServerResource;
import com.cloud.resource.UnableDeleteHostException;
import com.cloud.user.Account;
import com.cloud.utils.component.AdapterBase;
import com.cloud.utils.db.Transaction;
import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.utils.net.NetUtils;
import com.cloud.vm.NicProfile;
import com.cloud.vm.ReservationContext;
import com.cloud.vm.VirtualMachine;
import com.cloud.vm.VirtualMachine.Type;
import com.cloud.vm.VirtualMachineProfile;
@Local(value = NetworkElement.class)
public class CiscoVnmcElement extends AdapterBase implements SourceNatServiceProvider, FirewallServiceProvider,
PortForwardingServiceProvider, IpDeployer, StaticNatServiceProvider, ResourceStateAdapter, NetworkElement,
CiscoVnmcElementService, CiscoAsa1000vService {
private static final Logger s_logger = Logger.getLogger(CiscoVnmcElement.class);
private static final Map<Service, Map<Capability, String>> capabilities = setCapabilities();
@Inject
AgentManager _agentMgr;
@Inject
ResourceManager _resourceMgr;
@Inject
ConfigurationManager _configMgr;
@Inject
NetworkManager _networkMgr;
@Inject
NetworkModel _networkModel;
@Inject
PhysicalNetworkDao _physicalNetworkDao;
@Inject
PhysicalNetworkServiceProviderDao _physicalNetworkServiceProviderDao;
@Inject
HostDetailsDao _hostDetailsDao;
@Inject
HostDao _hostDao;
@Inject
NetworkDao _networkDao;
@Inject
ClusterDao _clusterDao;
@Inject
VlanDao _vlanDao;
@Inject
ClusterVSMMapDao _clusterVsmMapDao;
@Inject
CiscoNexusVSMDeviceDao _vsmDeviceDao;
@Inject
CiscoVnmcDao _ciscoVnmcDao;
@Inject
CiscoAsa1000vDao _ciscoAsa1000vDao;
@Inject
NetworkAsa1000vMapDao _networkAsa1000vMapDao;
protected boolean canHandle(Network network) {
if (network.getBroadcastDomainType() != BroadcastDomainType.Vlan) {
return false; //TODO: should handle VxLAN as well
}
return true;
}
@Override
public boolean configure(String name, Map<String, Object> params)
throws ConfigurationException {
super.configure(name, params);
_resourceMgr.registerResourceStateAdapter(this.getClass().getSimpleName(), this);
return true;
}
private static Map<Service, Map<Capability, String>> setCapabilities() {
Map<Service, Map<Capability, String>> capabilities = new HashMap<Service, Map<Capability, String>>();
capabilities.put(Service.Gateway, null);
Map<Capability, String> firewallCapabilities = new HashMap<Capability, String>();
firewallCapabilities.put(Capability.TrafficStatistics, "per public ip");
firewallCapabilities.put(Capability.SupportedTrafficDirection, "ingress,egress");
firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp");
firewallCapabilities.put(Capability.SupportedEgressProtocols, "tcp,udp,icmp");
firewallCapabilities.put(Capability.MultipleIps, "true");
capabilities.put(Service.Firewall, firewallCapabilities);
capabilities.put(Service.StaticNat, null);
capabilities.put(Service.PortForwarding, null);
Map<Capability, String> sourceNatCapabilities = new HashMap<Capability, String>();
sourceNatCapabilities.put(Capability.SupportedSourceNatTypes, "peraccount");
sourceNatCapabilities.put(Capability.RedundantRouter, "false"); //TODO:
capabilities.put(Service.SourceNat, sourceNatCapabilities);
return capabilities;
}
@Override
public Map<Service, Map<Capability, String>> getCapabilities() {
return capabilities;
}
@Override
public Provider getProvider() {
return Provider.CiscoVnmc;
}
private boolean createLogicalEdgeFirewall(long vlanId,
String gateway, String gatewayNetmask,
String publicIp, String publicNetmask,
List<String> publicGateways, long hostId) {
CreateLogicalEdgeFirewallCommand cmd = new CreateLogicalEdgeFirewallCommand(vlanId, publicIp, gateway, publicNetmask, gatewayNetmask);
for (String publicGateway : publicGateways) {
cmd.getPublicGateways().add(publicGateway);
}
Answer answer = _agentMgr.easySend(hostId, cmd);
return answer.getResult();
}
private boolean configureNexusVsmForAsa(long vlanId, String gateway,
String vsmUsername, String vsmPassword, String vsmIp,
String asaInPortProfile, long hostId) {
ConfigureNexusVsmForAsaCommand cmd = new ConfigureNexusVsmForAsaCommand(vlanId, gateway, vsmUsername, vsmPassword, vsmIp, asaInPortProfile);
Answer answer = _agentMgr.easySend(hostId, cmd);
return answer.getResult();
}
private boolean configureSourceNat(long vlanId, String guestCidr,
PublicIp sourceNatIp, long hostId) {
boolean add = (sourceNatIp.getState() == IpAddress.State.Releasing ? false : true);
IpAddressTO ip = new IpAddressTO(sourceNatIp.getAccountId(), sourceNatIp.getAddress().addr(), add, false,
sourceNatIp.isSourceNat(), sourceNatIp.getVlanTag(), sourceNatIp.getGateway(), sourceNatIp.getNetmask(), sourceNatIp.getMacAddress(),
null, sourceNatIp.isOneToOneNat());
boolean addSourceNat = false;
if (sourceNatIp.isSourceNat()) {
addSourceNat = add;
}
SetSourceNatCommand cmd = new SetSourceNatCommand(ip, addSourceNat);
cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, guestCidr);
Answer answer = _agentMgr.easySend(hostId, cmd);
return answer.getResult();
}
private boolean associateAsaWithLogicalEdgeFirewall(long vlanId,
String asaMgmtIp, long hostId) {
AssociateAsaWithLogicalEdgeFirewallCommand cmd =
new AssociateAsaWithLogicalEdgeFirewallCommand(vlanId, asaMgmtIp);
Answer answer = _agentMgr.easySend(hostId, cmd);
return answer.getResult();
}
@Override
public boolean implement(Network network, NetworkOffering offering,
DeployDestination dest, ReservationContext context)
throws ConcurrentOperationException, ResourceUnavailableException,
InsufficientCapacityException {
DataCenter zone = _configMgr.getZone(network.getDataCenterId());
if (zone.getNetworkType() == NetworkType.Basic) {
s_logger.debug("Not handling network implement in zone of type " + NetworkType.Basic);
return false;
}
if (!canHandle(network)) {
return false;
}
List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
if (devices.isEmpty()) {
s_logger.error("No Cisco Vnmc device on network " + network.getName());
return false;
}
List<CiscoAsa1000vDeviceVO> asaList = _ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
if (asaList.isEmpty()) {
s_logger.debug("No Cisco ASA 1000v device on network " + network.getName());
return false;
}
NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
if (asaForNetwork != null) {
s_logger.debug("Cisco ASA 1000v device already associated with network " + network.getName());
return true;
}
if (!_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.SourceNat, Provider.CiscoVnmc)) {
s_logger.error("SourceNat service is not provided by Cisco Vnmc device on network " + network.getName());
return false;
}
Transaction txn = Transaction.currentTxn();
boolean status = false;
try {
txn.start();
// ensure that there is an ASA 1000v assigned to this network
CiscoAsa1000vDevice assignedAsa = assignAsa1000vToNetwork(network);
if (assignedAsa == null) {
s_logger.error("Unable to assign ASA 1000v device to network " + network.getName());
return false;
}
ClusterVO asaCluster = _clusterDao.findById(assignedAsa.getClusterId());
ClusterVSMMapVO clusterVsmMap = _clusterVsmMapDao.findByClusterId(assignedAsa.getClusterId());
if (clusterVsmMap == null) {
s_logger.error("Vmware cluster " + asaCluster.getName() + " has no Cisco Nexus VSM device associated with it");
return false;
}
CiscoNexusVSMDeviceVO vsmDevice = _vsmDeviceDao.findById(clusterVsmMap.getVsmId());
if (vsmDevice == null) {
s_logger.error("Unable to load details of Cisco Nexus VSM device associated with cluster " + asaCluster.getName());
return false;
}
CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
_hostDao.loadDetails(ciscoVnmcHost);
Account owner = context.getAccount();
PublicIp sourceNatIp = _networkMgr.assignSourceNatIpAddressToGuestNetwork(owner, network);
String vlan = network.getBroadcastUri().getHost();
long vlanId = Long.parseLong(vlan);
List<VlanVO> vlanVOList = _vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId());
List<String> publicGateways = new ArrayList<String>();
for (VlanVO vlanVO : vlanVOList) {
publicGateways.add(vlanVO.getVlanGateway());
}
// create logical edge firewall in VNMC
String gatewayNetmask = NetUtils.getCidrNetmask(network.getCidr());
if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), gatewayNetmask,
sourceNatIp.getAddress().addr(), sourceNatIp.getNetmask(), publicGateways, ciscoVnmcHost.getId())) {
s_logger.error("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName());
return false;
}
// create stuff in VSM for ASA device
if (!configureNexusVsmForAsa(vlanId, network.getGateway(),
vsmDevice.getUserName(), vsmDevice.getPassword(), vsmDevice.getipaddr(),
assignedAsa.getInPortProfile(), ciscoVnmcHost.getId())) {
s_logger.error("Failed to configure Cisco Nexus VSM " + vsmDevice.getipaddr() +
" for ASA device for network " + network.getName());
return false;
}
// configure source NAT
//if (!configureSourceNat(vlanId, network.getCidr(), sourceNatIp, ciscoVnmcHost.getId())) {
// s_logger.error("Failed to configure source NAT in Cisco VNMC device for network " + network.getName());
// return false;
//}
// associate Asa 1000v instance with logical edge firewall
if (!associateAsaWithLogicalEdgeFirewall(vlanId, assignedAsa.getManagementIp(), ciscoVnmcHost.getId())) {
s_logger.error("Failed to associate Cisco ASA 1000v (" + assignedAsa.getManagementIp() +
") with logical edge firewall in VNMC for network " + network.getName());
return false;
}
status = true;
txn.commit();
} finally {
if (!status) {
txn.rollback();
//FIXME: also undo changes in VNMC, VSM if anything failed
}
}
return true;
}
@Override
public boolean prepare(Network network, NicProfile nic,
VirtualMachineProfile<? extends VirtualMachine> vm,
DeployDestination dest, ReservationContext context)
throws ConcurrentOperationException, ResourceUnavailableException,
InsufficientCapacityException {
if (vm.getType() != Type.User) {
return false;
}
// ensure that there is an ASA 1000v assigned to this network
NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
if (asaForNetwork == null) {
return false;
}
return true;
}
@Override
public boolean release(Network network, NicProfile nic,
VirtualMachineProfile<? extends VirtualMachine> vm,
ReservationContext context) throws ConcurrentOperationException,
ResourceUnavailableException {
return true;
}
private boolean cleanupLogicalEdgeFirewall(long vlanId, long hostId) {
CleanupLogicalEdgeFirewallCommand cmd = new CleanupLogicalEdgeFirewallCommand(vlanId);
Answer answer = _agentMgr.easySend(hostId, cmd);
return answer.getResult();
}
@Override
public boolean shutdown(Network network, ReservationContext context,
boolean cleanup) throws ConcurrentOperationException,
ResourceUnavailableException {
unassignAsa1000vFromNetwork(network);
String vlan = network.getBroadcastUri().getHost();
long vlanId = Long.parseLong(vlan);
List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
if (!devices.isEmpty()) {
CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
cleanupLogicalEdgeFirewall(vlanId, ciscoVnmcHost.getId());
}
return true;
}
@Override
public boolean isReady(PhysicalNetworkServiceProvider provider) {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean shutdownProviderInstances(
PhysicalNetworkServiceProvider provider, ReservationContext context)
throws ConcurrentOperationException, ResourceUnavailableException {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean canEnableIndividualServices() {
return true;
}
@Override
public boolean verifyServicesCombination(Set<Service> services) {
if (!services.contains(Service.Firewall)) {
s_logger.warn("CiscoVnmc must be used as Firewall Service Provider in the network");
return false;
}
return true;
}
@Override
public boolean destroy(Network network, ReservationContext context)
throws ConcurrentOperationException, ResourceUnavailableException {
return true;
}
@Override
public List<Class<?>> getCommands() {
List<Class<?>> cmdList = new ArrayList<Class<?>>();
cmdList.add(AddCiscoVnmcResourceCmd.class);
cmdList.add(DeleteCiscoVnmcResourceCmd.class);
cmdList.add(ListCiscoVnmcResourcesCmd.class);
cmdList.add(AddCiscoAsa1000vResourceCmd.class);
cmdList.add(DeleteCiscoAsa1000vResourceCmd.class);
cmdList.add(ListCiscoAsa1000vResourcesCmd.class);
return cmdList;
}
@Override
public CiscoVnmcController addCiscoVnmcResource(AddCiscoVnmcResourceCmd cmd) {
String deviceName = Provider.CiscoVnmc.getName();
NetworkDevice networkDevice = NetworkDevice.getNetworkDevice(deviceName);
Long physicalNetworkId = cmd.getPhysicalNetworkId();
CiscoVnmcController ciscoVnmcResource = null;
PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
if (physicalNetwork == null) {
throw new InvalidParameterValueException("Could not find phyical network with ID: " + physicalNetworkId);
}
long zoneId = physicalNetwork.getDataCenterId();
PhysicalNetworkServiceProviderVO ntwkSvcProvider = _physicalNetworkServiceProviderDao.findByServiceProvider(physicalNetwork.getId(), networkDevice.getNetworkServiceProvder());
if (ntwkSvcProvider == null) {
throw new CloudRuntimeException("Network Service Provider: " + networkDevice.getNetworkServiceProvder() +
" is not enabled in the physical network: " + physicalNetworkId + "to add this device");
} else if (ntwkSvcProvider.getState() == PhysicalNetworkServiceProvider.State.Shutdown) {
throw new CloudRuntimeException("Network Service Provider: " + ntwkSvcProvider.getProviderName() +
" is in shutdown state in the physical network: " + physicalNetworkId + "to add this device");
}
if (_ciscoVnmcDao.listByPhysicalNetwork(physicalNetworkId).size() != 0) {
throw new CloudRuntimeException("A Cisco Vnmc device is already configured on this physical network");
}
Map<String, String> params = new HashMap<String,String>();
params.put("guid", UUID.randomUUID().toString());
params.put("zoneId", String.valueOf(physicalNetwork.getDataCenterId()));
params.put("physicalNetworkId", String.valueOf(physicalNetwork.getId()));
params.put("name", "Cisco VNMC Controller - " + cmd.getHost());
params.put("ip", cmd.getHost());
params.put("username", cmd.getUsername());
params.put("password", cmd.getPassword());
params.put("transportzoneisotype", physicalNetwork.getIsolationMethods().get(0).toLowerCase()); // FIXME What to do with multiple isolation types
Map<String, Object> hostdetails = new HashMap<String,Object>();
hostdetails.putAll(params);
ServerResource resource = new CiscoVnmcResource();
Transaction txn = Transaction.currentTxn();
try {
resource.configure(cmd.getHost(), hostdetails);
Host host = _resourceMgr.addHost(zoneId, resource, Host.Type.ExternalFirewall, params);
if (host != null) {
txn.start();
ciscoVnmcResource = new CiscoVnmcControllerVO(host.getId(), physicalNetworkId, ntwkSvcProvider.getProviderName(), deviceName);
_ciscoVnmcDao.persist((CiscoVnmcControllerVO)ciscoVnmcResource);
DetailVO detail = new DetailVO(host.getId(), "deviceid", String.valueOf(ciscoVnmcResource.getId()));
_hostDetailsDao.persist(detail);
txn.commit();
return ciscoVnmcResource;
} else {
throw new CloudRuntimeException("Failed to add Cisco Vnmc device due to internal error.");
}
} catch (ConfigurationException e) {
txn.rollback();
throw new CloudRuntimeException(e.getMessage());
}
}
@Override
public CiscoVnmcResourceResponse createCiscoVnmcResourceResponse(
CiscoVnmcController ciscoVnmcResourceVO) {
HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcResourceVO.getHostId());
CiscoVnmcResourceResponse response = new CiscoVnmcResourceResponse();
response.setId(ciscoVnmcResourceVO.getUuid());
response.setPhysicalNetworkId(ciscoVnmcResourceVO.getPhysicalNetworkId());
response.setProviderName(ciscoVnmcResourceVO.getProviderName());
response.setResourceName(ciscoVnmcHost.getName());
return response;
}
@Override
public boolean deleteCiscoVnmcResource(DeleteCiscoVnmcResourceCmd cmd) {
Long vnmcResourceId = cmd.getCiscoVnmcResourceId();
CiscoVnmcControllerVO vnmcResource = _ciscoVnmcDao.findById(vnmcResourceId);
if (vnmcResource == null) {
throw new InvalidParameterValueException(
"Could not find a Cisco VNMC appliance with id " + vnmcResourceId);
}
// Check if there any ASA 1000v appliances
Long physicalNetworkId = vnmcResource.getPhysicalNetworkId();
PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
if (physicalNetwork != null) {
List<CiscoAsa1000vDeviceVO> responseList = _ciscoAsa1000vDao.listByPhysicalNetwork(physicalNetworkId);
if (responseList.size() > 0) {
throw new CloudRuntimeException(
"Cisco VNMC appliance with id " + vnmcResourceId +
" cannot be deleted as there Cisco ASA 1000v appliances using it");
}
}
HostVO vnmcHost = _hostDao.findById(vnmcResource.getHostId());
Long hostId = vnmcHost.getId();
vnmcHost.setResourceState(ResourceState.Maintenance);
_hostDao.update(hostId, vnmcHost);
_resourceMgr.deleteHost(hostId, false, false);
_ciscoVnmcDao.remove(vnmcResourceId);
return true;
}
@Override
public List<CiscoVnmcControllerVO> listCiscoVnmcResources(
ListCiscoVnmcResourcesCmd cmd) {
Long physicalNetworkId = cmd.getPhysicalNetworkId();
Long ciscoVnmcResourceId = cmd.getCiscoVnmcResourceId();
List<CiscoVnmcControllerVO> responseList = new ArrayList<CiscoVnmcControllerVO>();
if (physicalNetworkId == null && ciscoVnmcResourceId == null) {
throw new InvalidParameterValueException("Either physical network Id or vnmc device Id must be specified");
}
if (ciscoVnmcResourceId != null) {
CiscoVnmcControllerVO ciscoVnmcResource = _ciscoVnmcDao.findById(ciscoVnmcResourceId);
if (ciscoVnmcResource == null) {
throw new InvalidParameterValueException("Could not find Cisco Vnmc device with id: " + ciscoVnmcResource);
}
responseList.add(ciscoVnmcResource);
}
else {
PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
if (physicalNetwork == null) {
throw new InvalidParameterValueException("Could not find a physical network with id: " + physicalNetworkId);
}
responseList = _ciscoVnmcDao.listByPhysicalNetwork(physicalNetworkId);
}
return responseList;
}
@Override
public IpDeployer getIpDeployer(Network network) {
return this;
}
@Override
public boolean applyFWRules(Network network,
List<? extends FirewallRule> rules)
throws ResourceUnavailableException {
if (!_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.Firewall, Provider.CiscoVnmc)) {
s_logger.error("Firewall service is not provided by Cisco Vnmc device on network " + network.getName());
return false;
}
// Find VNMC host for physical network
List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
if (devices.isEmpty()) {
s_logger.error("No Cisco Vnmc device on network " + network.getName());
return true;
}
// Find if ASA 1000v is associated with network
NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
if (asaForNetwork == null) {
s_logger.debug("Cisco ASA 1000v device is not associated with network " + network.getName());
return true;
}
if (network.getState() == Network.State.Allocated) {
s_logger.debug("External firewall was asked to apply firewall rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands.");
return true;
}
CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
List<FirewallRuleTO> rulesTO = new ArrayList<FirewallRuleTO>();
for (FirewallRule rule : rules) {
IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(), rule.getPurpose(), rule.getTrafficType());
rulesTO.add(ruleTO);
}
if (!rulesTO.isEmpty()) {
SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO);
cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, network.getBroadcastUri().getHost());
cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr());
Answer answer = _agentMgr.easySend(ciscoVnmcHost.getId(), cmd);
if (answer == null || !answer.getResult()) {
String details = (answer != null) ? answer.getDetails() : "details unavailable";
String msg = "Unable to apply firewall rules to Cisco ASA 1000v appliance due to: " + details + ".";
s_logger.error(msg);
throw new ResourceUnavailableException(msg, DataCenter.class, network.getDataCenterId());
}
}
return true;
}
@Override
public boolean applyPFRules(Network network, List<PortForwardingRule> rules)
throws ResourceUnavailableException {
if (!_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.PortForwarding, Provider.CiscoVnmc)) {
s_logger.error("Port forwarding service is not provided by Cisco Vnmc device on network " + network.getName());
return false;
}
// Find VNMC host for physical network
List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
if (devices.isEmpty()) {
s_logger.error("No Cisco Vnmc device on network " + network.getName());
return true;
}
// Find if ASA 1000v is associated with network
NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
if (asaForNetwork == null) {
s_logger.debug("Cisco ASA 1000v device is not associated with network " + network.getName());
return true;
}
if (network.getState() == Network.State.Allocated) {
s_logger.debug("External firewall was asked to apply port forwarding rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands.");
return true;
}
CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
List<PortForwardingRuleTO> rulesTO = new ArrayList<PortForwardingRuleTO>();
for (PortForwardingRule rule : rules) {
IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
Vlan vlan = _vlanDao.findById(sourceIp.getVlanId());
PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, vlan.getVlanTag(), sourceIp.getAddress().addr());
rulesTO.add(ruleTO);
}
if (!rulesTO.isEmpty()) {
SetPortForwardingRulesCommand cmd = new SetPortForwardingRulesCommand(rulesTO);
cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, network.getBroadcastUri().getHost());
cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr());
Answer answer = _agentMgr.easySend(ciscoVnmcHost.getId(), cmd);
if (answer == null || !answer.getResult()) {
String details = (answer != null) ? answer.getDetails() : "details unavailable";
String msg = "Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: " + details + ".";
s_logger.error(msg);
throw new ResourceUnavailableException(msg, DataCenter.class, network.getDataCenterId());
}
}
return true;
}
@Override
public boolean applyStaticNats(Network network,
List<? extends StaticNat> rules)
throws ResourceUnavailableException {
if (!_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.StaticNat, Provider.CiscoVnmc)) {
s_logger.error("Static NAT service is not provided by Cisco Vnmc device on network " + network.getName());
return false;
}
// Find VNMC host for physical network
List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
if (devices.isEmpty()) {
s_logger.error("No Cisco Vnmc device on network " + network.getName());
return true;
}
// Find if ASA 1000v is associated with network
NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
if (asaForNetwork == null) {
s_logger.debug("Cisco ASA 1000v device is not associated with network " + network.getName());
return true;
}
if (network.getState() == Network.State.Allocated) {
s_logger.debug("External firewall was asked to apply static NAT rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands.");
return true;
}
CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
List<StaticNatRuleTO> rulesTO = new ArrayList<StaticNatRuleTO>();
for (StaticNat rule : rules) {
IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, sourceIp.getAddress().addr(), null,
null, rule.getDestIpAddress(), null, null, null, rule.isForRevoke(), false);
rulesTO.add(ruleTO);
}
if (!rulesTO.isEmpty()) {
SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rulesTO, null);
cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, network.getBroadcastUri().getHost());
cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr());
Answer answer = _agentMgr.easySend(ciscoVnmcHost.getId(), cmd);
if (answer == null || !answer.getResult()) {
String details = (answer != null) ? answer.getDetails() : "details unavailable";
String msg = "Unable to apply static NAT rules to Cisco ASA 1000v appliance due to: " + details + ".";
s_logger.error(msg);
throw new ResourceUnavailableException(msg, DataCenter.class, network.getDataCenterId());
}
}
return true;
}
@Override
public boolean applyIps(Network network,
List<? extends PublicIpAddress> ipAddress, Set<Service> services)
throws ResourceUnavailableException {
// TODO Auto-generated method stub
return false;
}
@Override
public HostVO createHostVOForConnectedAgent(HostVO host,
StartupCommand[] cmd) {
// TODO Auto-generated method stub
return null;
}
@Override
public HostVO createHostVOForDirectConnectAgent(HostVO host,
StartupCommand[] startup, ServerResource resource,
Map<String, String> details, List<String> hostTags) {
if (!(startup[0] instanceof StartupExternalFirewallCommand)) {
return null;
}
host.setType(Host.Type.ExternalFirewall);
return host;
}
@Override
public DeleteHostAnswer deleteHost(HostVO host, boolean isForced,
boolean isForceDeleteStorage) throws UnableDeleteHostException {
if (host.getType() != com.cloud.host.Host.Type.ExternalFirewall) {
return null;
}
return new DeleteHostAnswer(true);
}
@Override
public CiscoAsa1000vDevice addCiscoAsa1000vResource(
AddCiscoAsa1000vResourceCmd cmd) {
Long physicalNetworkId = cmd.getPhysicalNetworkId();
CiscoAsa1000vDevice ciscoAsa1000vResource = null;
PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
if (physicalNetwork == null) {
throw new InvalidParameterValueException("Could not find phyical network with ID: " + physicalNetworkId);
}
ciscoAsa1000vResource = new CiscoAsa1000vDeviceVO(physicalNetworkId, cmd.getManagementIp(), cmd.getInPortProfile(), cmd.getClusterId());
_ciscoAsa1000vDao.persist((CiscoAsa1000vDeviceVO)ciscoAsa1000vResource);
return ciscoAsa1000vResource;
}
@Override
public CiscoAsa1000vResourceResponse createCiscoAsa1000vResourceResponse(
CiscoAsa1000vDevice ciscoAsa1000vDeviceVO) {
CiscoAsa1000vResourceResponse response = new CiscoAsa1000vResourceResponse();
response.setId(ciscoAsa1000vDeviceVO.getUuid());
response.setManagementIp(ciscoAsa1000vDeviceVO.getManagementIp());
response.setInPortProfile(ciscoAsa1000vDeviceVO.getInPortProfile());
NetworkAsa1000vMapVO networkAsaMap = _networkAsa1000vMapDao.findByAsa1000vId(ciscoAsa1000vDeviceVO.getId());
if (networkAsaMap != null) {
response.setGuestNetworkId(networkAsaMap.getNetworkId());
}
return response;
}
@Override
public boolean deleteCiscoAsa1000vResource(
DeleteCiscoAsa1000vResourceCmd cmd) {
Long asaResourceId = cmd.getCiscoAsa1000vResourceId();
CiscoAsa1000vDeviceVO asaResource = _ciscoAsa1000vDao.findById(asaResourceId);
if (asaResource == null) {
throw new InvalidParameterValueException(
"Could not find a Cisco ASA 1000v appliance with id " + asaResourceId);
}
NetworkAsa1000vMapVO networkAsaMap = _networkAsa1000vMapDao.findByAsa1000vId(asaResource.getId());
if (networkAsaMap != null) {
throw new CloudRuntimeException(
"Cisco ASA 1000v appliance with id " + asaResourceId +
" cannot be deleted as it is associated with guest network");
}
_ciscoAsa1000vDao.remove(asaResourceId);
return true;
}
@Override
public List<CiscoAsa1000vDeviceVO> listCiscoAsa1000vResources(
ListCiscoAsa1000vResourcesCmd cmd) {
Long physicalNetworkId = cmd.getPhysicalNetworkId();
Long ciscoAsa1000vResourceId = cmd.getCiscoAsa1000vResourceId();
List<CiscoAsa1000vDeviceVO> responseList = new ArrayList<CiscoAsa1000vDeviceVO>();
if (physicalNetworkId == null && ciscoAsa1000vResourceId == null) {
throw new InvalidParameterValueException("Either physical network Id or Asa 1000v device Id must be specified");
}
if (ciscoAsa1000vResourceId != null) {
CiscoAsa1000vDeviceVO ciscoAsa1000vResource = _ciscoAsa1000vDao.findById(ciscoAsa1000vResourceId);
if (ciscoAsa1000vResource == null) {
throw new InvalidParameterValueException("Could not find Cisco Asa 1000v device with id: " + ciscoAsa1000vResourceId);
}
responseList.add(ciscoAsa1000vResource);
} else {
PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
if (physicalNetwork == null) {
throw new InvalidParameterValueException("Could not find a physical network with id: " + physicalNetworkId);
}
responseList = _ciscoAsa1000vDao.listByPhysicalNetwork(physicalNetworkId);
}
return responseList;
}
@Override
public CiscoAsa1000vDevice assignAsa1000vToNetwork(Network network) {
List<CiscoAsa1000vDeviceVO> asaList = _ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
for (CiscoAsa1000vDeviceVO asa : asaList) {
NetworkAsa1000vMapVO assignedToNetwork = _networkAsa1000vMapDao.findByAsa1000vId(asa.getId());
if (assignedToNetwork == null) {
NetworkAsa1000vMapVO networkAsaMap = new NetworkAsa1000vMapVO(network.getId(), asa.getId());
_networkAsa1000vMapDao.persist(networkAsaMap);
return asa;
}
}
return null;
}
private void unassignAsa1000vFromNetwork(Network network) {
NetworkAsa1000vMapVO networkAsaMap = _networkAsa1000vMapDao.findByNetworkId(network.getId());
if (networkAsaMap != null) {
_networkAsa1000vMapDao.remove(networkAsaMap.getId());
}
}
}

42
plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElementService.java Normal file
View File

@ -0,0 +1,42 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.element;
import java.util.List;
import com.cloud.api.commands.AddCiscoVnmcResourceCmd;
import com.cloud.api.commands.DeleteCiscoVnmcResourceCmd;
import com.cloud.api.commands.ListCiscoVnmcResourcesCmd;
import com.cloud.api.response.CiscoVnmcResourceResponse;
import com.cloud.network.cisco.CiscoVnmcController;
import com.cloud.network.cisco.CiscoVnmcControllerVO;
import com.cloud.utils.component.PluggableService;
public interface CiscoVnmcElementService extends PluggableService {
//public static final Provider CiscoVnmc = new Provider("CiscoVnmc", true);
public CiscoVnmcController addCiscoVnmcResource(AddCiscoVnmcResourceCmd cmd);
public CiscoVnmcResourceResponse createCiscoVnmcResourceResponse(
CiscoVnmcController CiscoVnmcResourceVO);
boolean deleteCiscoVnmcResource(DeleteCiscoVnmcResourceCmd cmd);
List<CiscoVnmcControllerVO> listCiscoVnmcResources(ListCiscoVnmcResourcesCmd cmd);
}

780
plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java Normal file
View File

@ -0,0 +1,780 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.resource;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
import com.cloud.agent.IAgentControl;
import com.cloud.agent.api.Answer;
import com.cloud.agent.api.AssociateAsaWithLogicalEdgeFirewallCommand;
import com.cloud.agent.api.CleanupLogicalEdgeFirewallCommand;
import com.cloud.agent.api.Command;
import com.cloud.agent.api.ConfigureNexusVsmForAsaCommand;
import com.cloud.agent.api.CreateLogicalEdgeFirewallCommand;
import com.cloud.agent.api.ExternalNetworkResourceUsageAnswer;
import com.cloud.agent.api.ExternalNetworkResourceUsageCommand;
import com.cloud.agent.api.MaintainAnswer;
import com.cloud.agent.api.MaintainCommand;
import com.cloud.agent.api.PingCommand;
import com.cloud.agent.api.ReadyAnswer;
import com.cloud.agent.api.ReadyCommand;
import com.cloud.agent.api.StartupCommand;
import com.cloud.agent.api.StartupExternalFirewallCommand;
import com.cloud.agent.api.routing.IpAssocAnswer;
import com.cloud.agent.api.routing.IpAssocCommand;
import com.cloud.agent.api.routing.NetworkElementCommand;
import com.cloud.agent.api.routing.SetFirewallRulesCommand;
import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
import com.cloud.agent.api.routing.SetSourceNatCommand;
import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
import com.cloud.agent.api.to.FirewallRuleTO;
import com.cloud.agent.api.to.PortForwardingRuleTO;
import com.cloud.agent.api.to.StaticNatRuleTO;
import com.cloud.host.Host;
import com.cloud.network.cisco.CiscoVnmcConnectionImpl;
import com.cloud.network.rules.FirewallRule.TrafficType;
import com.cloud.resource.ServerResource;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.Pair;
import com.cloud.utils.cisco.n1kv.vsm.NetconfHelper;
import com.cloud.utils.cisco.n1kv.vsm.VsmCommand.OperationType;
import com.cloud.utils.cisco.n1kv.vsm.VsmCommand.SwitchPortMode;
import com.cloud.utils.exception.ExecutionException;
import com.cloud.utils.net.NetUtils;
public class CiscoVnmcResource implements ServerResource {
private String _name;
private String _zoneId;
private String _physicalNetworkId;
private String _ip;
private String _username;
private String _password;
private String _guid;
private Integer _numRetries;
private CiscoVnmcConnectionImpl _connection;
public void setConnection(CiscoVnmcConnectionImpl connection) {
this._connection = connection;
}
private final Logger s_logger = Logger.getLogger(CiscoVnmcResource.class);
public Answer executeRequest(Command cmd) {
if (cmd instanceof ReadyCommand) {
return execute((ReadyCommand) cmd);
} else if (cmd instanceof MaintainCommand) {
return execute((MaintainCommand) cmd);
} else if (cmd instanceof IpAssocCommand) {
return execute((IpAssocCommand) cmd);
} else if (cmd instanceof SetSourceNatCommand) {
return execute((SetSourceNatCommand) cmd);
} else if (cmd instanceof SetFirewallRulesCommand) {
return execute((SetFirewallRulesCommand) cmd);
} else if (cmd instanceof SetStaticNatRulesCommand) {
return execute((SetStaticNatRulesCommand) cmd);
} else if (cmd instanceof SetPortForwardingRulesCommand) {
return execute((SetPortForwardingRulesCommand) cmd);
} else if (cmd instanceof ExternalNetworkResourceUsageCommand) {
return execute((ExternalNetworkResourceUsageCommand) cmd);
} else if (cmd instanceof CreateLogicalEdgeFirewallCommand) {
return execute((CreateLogicalEdgeFirewallCommand)cmd);
} else if (cmd instanceof CleanupLogicalEdgeFirewallCommand) {
return execute((CleanupLogicalEdgeFirewallCommand)cmd);
} else if (cmd instanceof ConfigureNexusVsmForAsaCommand) {
return execute((ConfigureNexusVsmForAsaCommand)cmd);
} else if (cmd instanceof AssociateAsaWithLogicalEdgeFirewallCommand) {
return execute((AssociateAsaWithLogicalEdgeFirewallCommand)cmd);
} else {
return Answer.createUnsupportedCommandAnswer(cmd);
}
}
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
try {
_name = (String) params.get("name");
if (_name == null) {
throw new ConfigurationException("Unable to find name");
}
_zoneId = (String) params.get("zoneId");
if (_zoneId == null) {
throw new ConfigurationException("Unable to find zone");
}
_physicalNetworkId = (String) params.get("physicalNetworkId");
if (_physicalNetworkId == null) {
throw new ConfigurationException("Unable to find physical network id in the configuration parameters");
}
_ip = (String) params.get("ip");
if (_ip == null) {
throw new ConfigurationException("Unable to find IP");
}
_username = (String) params.get("username");
if (_username == null) {
throw new ConfigurationException("Unable to find username");
}
_password = (String) params.get("password");
if (_password == null) {
throw new ConfigurationException("Unable to find password");
}
_guid = (String)params.get("guid");
if (_guid == null) {
throw new ConfigurationException("Unable to find the guid");
}
_numRetries = NumbersUtil.parseInt((String) params.get("numretries"), 1);
NumbersUtil.parseInt((String) params.get("timeout"), 300);
// Open a socket and login
_connection = new CiscoVnmcConnectionImpl(_ip, _username, _password);
//if (!refreshVnmcConnection()) {
// throw new ConfigurationException("Unable to open a connection to the VNMC.");
//}
return true;
} catch (Exception e) {
throw new ConfigurationException(e.getMessage());
}
}
public StartupCommand[] initialize() {
StartupExternalFirewallCommand cmd = new StartupExternalFirewallCommand();
cmd.setName(_name);
cmd.setDataCenter(_zoneId);
cmd.setPod("");
cmd.setPrivateIpAddress(_ip);
cmd.setStorageIpAddress("");
cmd.setVersion("");
cmd.setGuid(_guid);
return new StartupCommand[] { cmd };
}
public Host.Type getType() {
return Host.Type.ExternalFirewall;
}
@Override
public String getName() {
return _name;
}
@Override
public boolean start() {
return true;
}
@Override
public boolean stop() {
return true;
}
@Override
public PingCommand getCurrentStatus(final long id) {
if (!refreshVnmcConnection()) {
return null;
}
return new PingCommand(Host.Type.ExternalFirewall, id);
}
@Override
public void disconnected() {
}
public IAgentControl getAgentControl() {
return null;
}
public void setAgentControl(IAgentControl agentControl) {
return;
}
private Answer execute(ReadyCommand cmd) {
return new ReadyAnswer(cmd);
}
private Answer execute(MaintainCommand cmd) {
return new MaintainAnswer(cmd);
}
private ExternalNetworkResourceUsageAnswer execute(ExternalNetworkResourceUsageCommand cmd) {
return new ExternalNetworkResourceUsageAnswer(cmd);
}
/*
* Login
*/
private boolean refreshVnmcConnection() {
boolean ret = false;
try {
ret = _connection.login();
} catch (ExecutionException ex) {
s_logger.error("Login to Vnmc failed", ex);
}
return ret;
}
private synchronized Answer execute(IpAssocCommand cmd) {
refreshVnmcConnection();
return execute(cmd, _numRetries);
}
private Answer execute(IpAssocCommand cmd, int numRetries) {
String[] results = new String[cmd.getIpAddresses().length];
return new IpAssocAnswer(cmd, results);
}
private String[] getIpRangeFromCidr(String cidr) {
String[] result = new String[2];
String[] cidrData = cidr.split("\\/");
assert (cidrData.length == 2) : "Something is wrong with source cidr " + cidr;
long size = Long.valueOf(cidrData[1]);
result[0] = cidrData[0];
result[1] = cidrData[0];
if (size < 32) {
result[0] = NetUtils.getIpRangeStartIpFromCidr(cidrData[0], size);
result[1] = NetUtils.getIpRangeEndIpFromCidr(cidrData[0], size);
}
return result;
}
/*
* Source NAT
*/
private synchronized Answer execute(SetSourceNatCommand cmd) {
refreshVnmcConnection();
return execute(cmd, _numRetries);
}
private Answer execute(SetSourceNatCommand cmd, int numRetries) {
String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
String tenant = "vlan-" + vlanId;
String policyIdentifier = cmd.getIpAddress().getPublicIp().replace('.', '-');
try {
if (!_connection.createTenantVDCNatPolicySet(tenant)) {
throw new Exception("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCSourceNatPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to create source NAT policy in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCSourceNatPolicyRef(tenant, policyIdentifier)) {
throw new Exception("Failed to associate source NAT policy with NAT policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCSourceNatIpPool(tenant, policyIdentifier, cmd.getIpAddress().getPublicIp())) {
throw new Exception("Failed to create source NAT ip pool in VNMC for guest network with vlan " + vlanId);
}
String[] ipRange = getIpRangeFromCidr(cmd.getContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR));
if (!_connection.createTenantVDCSourceNatRule(tenant, policyIdentifier, ipRange[0], ipRange[1])) {
throw new Exception("Failed to create source NAT rule in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.associateNatPolicySet(tenant)) {
throw new Exception("Failed to associate source NAT policy set with edge security profile in VNMC for guest network with vlan " + vlanId);
}
} catch (Throwable e) {
String msg = "SetSourceNatCommand failed due to " + e.getMessage();
s_logger.error(msg, e);
return new Answer(cmd, false, msg);
}
return new Answer(cmd, true, "Success");
}
/*
* Firewall rule
*/
private synchronized Answer execute(SetFirewallRulesCommand cmd) {
refreshVnmcConnection();
return execute(cmd, _numRetries);
}
private Answer execute(SetFirewallRulesCommand cmd, int numRetries) {
String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
String tenant = "vlan-" + vlanId;
FirewallRuleTO[] rules = cmd.getRules();
Map<String, List<FirewallRuleTO>> publicIpRulesMap = new HashMap<String, List<FirewallRuleTO>>();
for (FirewallRuleTO rule : rules) {
String publicIp = rule.getSrcIp();
if (!publicIpRulesMap.containsKey(publicIp)) {
List<FirewallRuleTO> publicIpRulesList = new ArrayList<FirewallRuleTO>();
publicIpRulesMap.put(publicIp, publicIpRulesList);
}
publicIpRulesMap.get(publicIp).add(rule);
}
try {
if (!_connection.createTenantVDCAclPolicySet(tenant, true)) {
throw new Exception("Failed to create ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicySet(tenant, false)) {
throw new Exception("Failed to create ACL egress policy set in VNMC for guest network with vlan " + vlanId);
}
for (String publicIp : publicIpRulesMap.keySet()) {
String policyIdentifier = publicIp.replace('.', '-');
if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) {
throw new Exception("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) {
throw new Exception("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId);
}
for (FirewallRuleTO rule : publicIpRulesMap.get(publicIp)) {
if (rule.revoked()) {
if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()), policyIdentifier)) {
throw new Exception("Failed to delete ACL rule in VNMC for guest network with vlan " + vlanId);
}
} else {
String[] externalIpRange = getIpRangeFromCidr(rule.getSourceCidrList().get(0));
if (rule.getTrafficType() == TrafficType.Ingress) {
if (!rule.getProtocol().equalsIgnoreCase("icmp")) {
if (!_connection.createTenantVDCIngressAclRule(tenant,
Long.toString(rule.getId()), policyIdentifier,
rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1],
Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), publicIp)) {
throw new Exception("Failed to create ACL ingress rule in VNMC for guest network with vlan " + vlanId);
}
} else {
if (!_connection.createTenantVDCIngressAclRule(tenant,
Long.toString(rule.getId()), policyIdentifier,
rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1], publicIp)) {
throw new Exception("Failed to create ACL ingress rule in VNMC for guest network with vlan " + vlanId);
}
}
} else {
if (!rule.getProtocol().equalsIgnoreCase("icmp")) {
if (!_connection.createTenantVDCEgressAclRule(tenant,
Long.toString(rule.getId()), policyIdentifier,
rule.getProtocol().toUpperCase(),
Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), publicIp,
externalIpRange[0], externalIpRange[1])) {
throw new Exception("Failed to create ACL egress rule in VNMC for guest network with vlan " + vlanId);
}
} else {
if (!_connection.createTenantVDCEgressAclRule(tenant,
Long.toString(rule.getId()), policyIdentifier,
rule.getProtocol().toUpperCase(), publicIp, externalIpRange[0], externalIpRange[1])) {
throw new Exception("Failed to create ACL egress rule in VNMC for guest network with vlan " + vlanId);
}
}
}
}
}
}
if (!_connection.associateAclPolicySet(tenant)) {
throw new Exception("Failed to associate ACL policy set with edge security profile in VNMC for guest network with vlan " + vlanId);
}
} catch (Throwable e) {
String msg = "SetFirewallRulesCommand failed due to " + e.getMessage();
s_logger.error(msg, e);
return new Answer(cmd, false, msg);
}
return new Answer(cmd, true, "Success");
}
/*
* Static NAT
*/
private synchronized Answer execute(SetStaticNatRulesCommand cmd) {
refreshVnmcConnection();
return execute(cmd, _numRetries);
}
private Answer execute(SetStaticNatRulesCommand cmd, int numRetries) {
String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
String tenant = "vlan-" + vlanId;
StaticNatRuleTO[] rules = cmd.getRules();
Map<String, List<StaticNatRuleTO>> publicIpRulesMap = new HashMap<String, List<StaticNatRuleTO>>();
for (StaticNatRuleTO rule : rules) {
String publicIp = rule.getSrcIp();
if (!publicIpRulesMap.containsKey(publicIp)) {
List<StaticNatRuleTO> publicIpRulesList = new ArrayList<StaticNatRuleTO>();
publicIpRulesMap.put(publicIp, publicIpRulesList);
}
publicIpRulesMap.get(publicIp).add(rule);
}
try {
if (!_connection.createTenantVDCNatPolicySet(tenant)) {
throw new Exception("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicySet(tenant, true)) {
throw new Exception("Failed to create ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicySet(tenant, false)) {
throw new Exception("Failed to create ACL egress policy set in VNMC for guest network with vlan " + vlanId);
}
for (String publicIp : publicIpRulesMap.keySet()) {
String policyIdentifier = publicIp.replace('.', '-');
if (!_connection.createTenantVDCDNatPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to create DNAT policy in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCDNatPolicyRef(tenant, policyIdentifier)) {
throw new Exception("Failed to associate DNAT policy with NAT policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) {
throw new Exception("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) {
throw new Exception("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId);
}
for (StaticNatRuleTO rule : publicIpRulesMap.get(publicIp)) {
if (rule.revoked()) {
if (!_connection.deleteTenantVDCDNatRule(tenant, Long.toString(rule.getId()), policyIdentifier)) {
throw new Exception("Failed to delete DNAT rule in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()), policyIdentifier)) {
throw new Exception("Failed to delete ACL ingress rule for DNAT in VNMC for guest network with vlan " + vlanId);
}
} else {
if (!_connection.createTenantVDCDNatIpPool(tenant, policyIdentifier + "-" + rule.getId(), rule.getDstIp())) {
throw new Exception("Failed to create DNAT ip pool in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCDNatRule(tenant,
Long.toString(rule.getId()), policyIdentifier, rule.getSrcIp())) {
throw new Exception("Failed to create DNAT rule in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclRuleForDNat(tenant,
Long.toString(rule.getId()), policyIdentifier, rule.getDstIp())) {
throw new Exception("Failed to create ACL rule for DNAT in VNMC for guest network with vlan " + vlanId);
}
}
}
}
if (!_connection.associateAclPolicySet(tenant)) {
throw new Exception("Failed to associate source NAT policy set with edge security profile in VNMC for guest network with vlan " + vlanId);
}
} catch (Throwable e) {
String msg = "SetSourceNatCommand failed due to " + e.getMessage();
s_logger.error(msg, e);
return new Answer(cmd, false, msg);
}
return new Answer(cmd, true, "Success");
}
/*
* Destination NAT
*/
private synchronized Answer execute(SetPortForwardingRulesCommand cmd) {
refreshVnmcConnection();
return execute(cmd, _numRetries);
}
private Answer execute(SetPortForwardingRulesCommand cmd, int numRetries) {
String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
String tenant = "vlan-" + vlanId;
PortForwardingRuleTO[] rules = cmd.getRules();
Map<String, List<PortForwardingRuleTO>> publicIpRulesMap = new HashMap<String, List<PortForwardingRuleTO>>();
for (PortForwardingRuleTO rule : rules) {
String publicIp = rule.getSrcIp();
if (!publicIpRulesMap.containsKey(publicIp)) {
List<PortForwardingRuleTO> publicIpRulesList = new ArrayList<PortForwardingRuleTO>();
publicIpRulesMap.put(publicIp, publicIpRulesList);
}
publicIpRulesMap.get(publicIp).add(rule);
}
try {
if (!_connection.createTenantVDCNatPolicySet(tenant)) {
throw new Exception("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicySet(tenant, true)) {
throw new Exception("Failed to create ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicySet(tenant, false)) {
throw new Exception("Failed to create ACL egress policy set in VNMC for guest network with vlan " + vlanId);
}
for (String publicIp : publicIpRulesMap.keySet()) {
String policyIdentifier = publicIp.replace('.', '-');
if (!_connection.createTenantVDCPFPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to create PF policy in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCPFPolicyRef(tenant, policyIdentifier)) {
throw new Exception("Failed to associate PF policy with NAT policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) {
throw new Exception("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) {
throw new Exception("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId);
}
for (PortForwardingRuleTO rule : publicIpRulesMap.get(publicIp)) {
if (rule.revoked()) {
if (!_connection.deleteTenantVDCPFRule(tenant, Long.toString(rule.getId()), policyIdentifier)) {
throw new Exception("Failed to delete PF rule in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()), policyIdentifier)) {
throw new Exception("Failed to delete ACL ingress rule for PF in VNMC for guest network with vlan " + vlanId);
}
} else {
if (!_connection.createTenantVDCPFIpPool(tenant, policyIdentifier + "-" + rule.getId(), rule.getDstIp())) {
throw new Exception("Failed to create PF ip pool in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCPFPortPool(tenant, policyIdentifier + "-" + rule.getId(),
Integer.toString(rule.getDstPortRange()[0]), Integer.toString(rule.getDstPortRange()[1]))) {
throw new Exception("Failed to create PF port pool in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCPFRule(tenant,
Long.toString(rule.getId()), policyIdentifier,
rule.getProtocol().toUpperCase(), rule.getSrcIp(),
Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]))) {
throw new Exception("Failed to create PF rule in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclRuleForPF(tenant,
Long.toString(rule.getId()), policyIdentifier,
rule.getProtocol().toUpperCase(), rule.getDstIp(),
Integer.toString(rule.getDstPortRange()[0]), Integer.toString(rule.getDstPortRange()[1]))) {
throw new Exception("Failed to create ACL rule for PF in VNMC for guest network with vlan " + vlanId);
}
}
}
}
if (!_connection.associateAclPolicySet(tenant)) {
throw new Exception("Failed to associate source NAT policy set with edge security profile in VNMC for guest network with vlan " + vlanId);
}
} catch (Throwable e) {
String msg = "SetSourceNatCommand failed due to " + e.getMessage();
s_logger.error(msg, e);
return new Answer(cmd, false, msg);
}
return new Answer(cmd, true, "Success");
}
/*
* Logical edge firewall
*/
private synchronized Answer execute(CreateLogicalEdgeFirewallCommand cmd) {
refreshVnmcConnection();
return execute(cmd, _numRetries);
}
private void createEdgeDeviceProfile(String tenant, List<String> gateways, Long vlanId) throws Exception {
// create edge device profile
if (!_connection.createTenantVDCEdgeDeviceProfile(tenant))
throw new Exception("Failed to create tenant edge device profile in VNMC for guest network with vlan " + vlanId);
// create edge static route policy
if (!_connection.createTenantVDCEdgeStaticRoutePolicy(tenant))
throw new Exception("Failed to create tenant edge static route policy in VNMC for guest network with vlan " + vlanId);
// create edge static route for all gateways
for (String gateway : gateways) {
if (!_connection.createTenantVDCEdgeStaticRoute(tenant, gateway, "0.0.0.0", "0.0.0.0"))
throw new Exception("Failed to create tenant edge static route in VNMC for guest network with vlan " + vlanId);
}
// associate edge
if (!_connection.associateTenantVDCEdgeStaticRoutePolicy(tenant))
throw new Exception("Failed to associate edge static route policy with edge device profile in VNMC for guest network with vlan " + vlanId);
}
private Answer execute(CreateLogicalEdgeFirewallCommand cmd, int numRetries) {
String tenant = "vlan-" + cmd.getVlanId();
try {
// create tenant
if (!_connection.createTenant(tenant))
throw new Exception("Failed to create tenant in VNMC for guest network with vlan " + cmd.getVlanId());
// create tenant VDC
if (!_connection.createTenantVDC(tenant))
throw new Exception("Failed to create tenant VDC in VNMC for guest network with vlan " + cmd.getVlanId());
// create edge security profile
if (!_connection.createTenantVDCEdgeSecurityProfile(tenant))
throw new Exception("Failed to create tenant edge security profile in VNMC for guest network with vlan " + cmd.getVlanId());
// create edge device profile and associated route
createEdgeDeviceProfile(tenant, cmd.getPublicGateways(), cmd.getVlanId());
// create logical edge firewall
if (!_connection.createEdgeFirewall(tenant, cmd.getPublicIp(), cmd.getInternalIp(), cmd.getPublicSubnet(), cmd.getInternalSubnet()))
throw new Exception("Failed to create edge firewall in VNMC for guest network with vlan " + cmd.getVlanId());
} catch (Throwable e) {
String msg = "CreateLogicalEdgeFirewallCommand failed due to " + e.getMessage();
s_logger.error(msg, e);
return new Answer(cmd, false, msg);
}
return new Answer(cmd, true, "Success");
}
/*
* Create vservice node and update inside port profile for ASA appliance in VSM
*/
private synchronized Answer execute(ConfigureNexusVsmForAsaCommand cmd) {
return execute(cmd, _numRetries);
}
private Answer execute(ConfigureNexusVsmForAsaCommand cmd, int numRetries) {
String vlanId = Long.toString(cmd.getVlanId());
NetconfHelper helper = null;
List<Pair<OperationType, String>> params = new ArrayList<Pair<OperationType, String>>();
params.add(new Pair<OperationType, String>(OperationType.addvlanid, vlanId));
try {
helper = new NetconfHelper(cmd.getVsmIp(), cmd.getVsmUsername(), cmd.getVsmPassword());
s_logger.debug("Connected to Cisco VSM " + cmd.getVsmIp());
helper.addVServiceNode(vlanId, cmd.getIpAddress());
s_logger.debug("Created vservice node for ASA appliance in Cisco VSM for vlan " + vlanId);
helper.updatePortProfile(cmd.getAsaInPortProfile(), SwitchPortMode.access, params);
s_logger.debug("Updated inside port profile for ASA appliance in Cisco VSM with new vlan " + vlanId);
} catch (Throwable e) {
String msg = "ConfigureVSMForASACommand failed due to " + e.getMessage();
s_logger.error(msg, e);
return new Answer(cmd, false, msg);
} finally {
helper.disconnect();
}
return new Answer(cmd, true, "Success");
}
/*
* Associates ASA 1000v with logical edge firewall in VNMC
*/
private synchronized Answer execute(AssociateAsaWithLogicalEdgeFirewallCommand cmd) {
return execute(cmd, _numRetries);
}
private Answer execute(AssociateAsaWithLogicalEdgeFirewallCommand cmd, int numRetries) {
String tenant = "vlan-" + cmd.getVlanId();
try {
Map<String, String> availableAsaAppliances = _connection.listUnAssocAsa1000v();
if (availableAsaAppliances.isEmpty()) {
throw new Exception("No ASA 1000v available to associate with logical edge firewall for guest vlan " + cmd.getVlanId());
}
String asaInstanceDn = availableAsaAppliances.get(cmd.getAsaMgmtIp());
if (asaInstanceDn == null) {
throw new Exception("Requested ASA 1000v (" + cmd.getAsaMgmtIp() + ") is not available");
}
if (!_connection.assignAsa1000v(tenant, asaInstanceDn)) {
throw new Exception("Failed to associate ASA 1000v (" + cmd.getAsaMgmtIp() + ") with logical edge firewall for guest vlan " + cmd.getVlanId());
}
} catch (Throwable e) {
String msg = "AssociateAsaWithLogicalEdgeFirewallCommand failed due to " + e.getMessage();
s_logger.error(msg, e);
return new Answer(cmd, false, msg);
}
return new Answer(cmd, true, "Success");
}
/*
* Cleanup
*/
private synchronized Answer execute(CleanupLogicalEdgeFirewallCommand cmd) {
refreshVnmcConnection();
return execute(cmd, _numRetries);
}
private Answer execute(CleanupLogicalEdgeFirewallCommand cmd, int numRetries) {
String tenant = "vlan-" + cmd.getVlanId();
try {
_connection.deleteTenant(tenant);
} catch (Throwable e) {
String msg = "CleanupLogicalEdgeFirewallCommand failed due to " + e.getMessage();
s_logger.error(msg, e);
return new Answer(cmd, false, msg);
}
return new Answer(cmd, true, "Success");
}
@Override
public void setName(String name) {
// TODO Auto-generated method stub
}
@Override
public void setConfigParams(Map<String, Object> params) {
// TODO Auto-generated method stub
}
@Override
public Map<String, Object> getConfigParams() {
// TODO Auto-generated method stub
return null;
}
@Override
public int getRunLevel() {
// TODO Auto-generated method stub
return 0;
}
@Override
public void setRunLevel(int level) {
// TODO Auto-generated method stub
}
}

232
plugins/network-elements/cisco-vnmc/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java Normal file
View File

@ -0,0 +1,232 @@
/*
* $HeadURL$
* $Revision$
* $Date$
*
* ====================================================================
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.commons.httpclient.contrib.ssl;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.UnknownHostException;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.HttpClientError;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* <p>
* EasySSLProtocolSocketFactory can be used to creats SSL {@link Socket}s
* that accept self-signed certificates.
* </p>
* <p>
* This socket factory SHOULD NOT be used for productive systems
* due to security reasons, unless it is a concious decision and
* you are perfectly aware of security implications of accepting
* self-signed certificates
* </p>
*
* <p>
* Example of using custom protocol socket factory for a specific host:
* <pre>
* Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
*
* URI uri = new URI("https://localhost/", true);
* // use relative url only
* GetMethod httpget = new GetMethod(uri.getPathQuery());
* HostConfiguration hc = new HostConfiguration();
* hc.setHost(uri.getHost(), uri.getPort(), easyhttps);
* HttpClient client = new HttpClient();
* client.executeMethod(hc, httpget);
* </pre>
* </p>
* <p>
* Example of using custom protocol socket factory per default instead of the standard one:
* <pre>
* Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
* Protocol.registerProtocol("https", easyhttps);
*
* HttpClient client = new HttpClient();
* GetMethod httpget = new GetMethod("https://localhost/");
* client.executeMethod(httpget);
* </pre>
* </p>
*
* @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
*
* <p>
* DISCLAIMER: HttpClient developers DO NOT actively support this component.
* The component is provided as a reference material, which may be inappropriate
* for use without additional customization.
* </p>
*/
public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory {
/** Log object for this class. */
private static final Log LOG = LogFactory.getLog(EasySSLProtocolSocketFactory.class);
private SSLContext sslcontext = null;
/**
* Constructor for EasySSLProtocolSocketFactory.
*/
public EasySSLProtocolSocketFactory() {
super();
}
private static SSLContext createEasySSLContext() {
try {
SSLContext context = SSLContext.getInstance("SSL");
context.init(
null,
new TrustManager[] {new EasyX509TrustManager(null)},
null);
return context;
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throw new HttpClientError(e.toString());
}
}
private SSLContext getSSLContext() {
if (this.sslcontext == null) {
this.sslcontext = createEasySSLContext();
}
return this.sslcontext;
}
/**
* @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
*/
public Socket createSocket(
String host,
int port,
InetAddress clientHost,
int clientPort)
throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket(
host,
port,
clientHost,
clientPort
);
}
/**
* Attempts to get a new socket connection to the given host within the given time limit.
* <p>
* To circumvent the limitations of older JREs that do not support connect timeout a
* controller thread is executed. The controller thread attempts to create a new socket
* within the given limit of time. If socket constructor does not return until the
* timeout expires, the controller terminates and throws an {@link ConnectTimeoutException}
* </p>
*
* @param host the host name/IP
* @param port the port on the host
* @param clientHost the local host name/IP to bind the socket to
* @param clientPort the port on the local machine
* @param params {@link HttpConnectionParams Http connection parameters}
*
* @return Socket a new socket
*
* @throws IOException if an I/O error occurs while creating the socket
* @throws UnknownHostException if the IP address of the host cannot be
* determined
*/
public Socket createSocket(
final String host,
final int port,
final InetAddress localAddress,
final int localPort,
final HttpConnectionParams params
) throws IOException, UnknownHostException, ConnectTimeoutException {
if (params == null) {
throw new IllegalArgumentException("Parameters may not be null");
}
int timeout = params.getConnectionTimeout();
SocketFactory socketfactory = getSSLContext().getSocketFactory();
if (timeout == 0) {
return socketfactory.createSocket(host, port, localAddress, localPort);
} else {
Socket socket = socketfactory.createSocket();
SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
SocketAddress remoteaddr = new InetSocketAddress(host, port);
socket.bind(localaddr);
socket.connect(remoteaddr, timeout);
return socket;
}
}
/**
* @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
*/
public Socket createSocket(String host, int port)
throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket(
host,
port
);
}
/**
* @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
*/
public Socket createSocket(
Socket socket,
String host,
int port,
boolean autoClose)
throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket(
socket,
host,
port,
autoClose
);
}
public boolean equals(Object obj) {
return ((obj != null) && obj.getClass().equals(EasySSLProtocolSocketFactory.class));
}
public int hashCode() {
return EasySSLProtocolSocketFactory.class.hashCode();
}
}

114
plugins/network-elements/cisco-vnmc/src/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java Normal file
View File

@ -0,0 +1,114 @@
/*
* ====================================================================
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.commons.httpclient.contrib.ssl;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* <p>
* EasyX509TrustManager unlike default {@link X509TrustManager} accepts
* self-signed certificates.
* </p>
* <p>
* This trust manager SHOULD NOT be used for productive systems
* due to security reasons, unless it is a concious decision and
* you are perfectly aware of security implications of accepting
* self-signed certificates
* </p>
*
* @author <a href="mailto:adrian.sutton@ephox.com">Adrian Sutton</a>
* @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
*
* <p>
* DISCLAIMER: HttpClient developers DO NOT actively support this component.
* The component is provided as a reference material, which may be inappropriate
* for use without additional customization.
* </p>
*/
public class EasyX509TrustManager implements X509TrustManager
{
private X509TrustManager standardTrustManager = null;
/** Log object for this class. */
private static final Log LOG = LogFactory.getLog(EasyX509TrustManager.class);
/**
* Constructor for EasyX509TrustManager.
*/
public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
super();
TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
factory.init(keystore);
TrustManager[] trustmanagers = factory.getTrustManagers();
if (trustmanagers.length == 0) {
throw new NoSuchAlgorithmException("no trust manager found");
}
this.standardTrustManager = (X509TrustManager)trustmanagers[0];
}
/**
* @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType)
*/
public void checkClientTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
standardTrustManager.checkClientTrusted(certificates,authType);
}
/**
* @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
*/
public void checkServerTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
if ((certificates != null) && LOG.isDebugEnabled()) {
LOG.debug("Server certificate chain:");
for (int i = 0; i < certificates.length; i++) {
LOG.debug("X509Certificate[" + i + "]=" + certificates[i]);
}
}
if ((certificates != null) && (certificates.length == 1)) {
certificates[0].checkValidity();
} else {
standardTrustManager.checkServerTrusted(certificates,authType);
}
}
/**
* @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
*/
public X509Certificate[] getAcceptedIssuers() {
return this.standardTrustManager.getAcceptedIssuers();
}
}

248
plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java Normal file
View File

@ -0,0 +1,248 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.cisco;
import static org.junit.Assert.assertTrue;
import java.util.Map;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import com.cloud.network.cisco.CiscoVnmcConnectionImpl;
import com.cloud.utils.exception.ExecutionException;
@Ignore("Requires actual VNMC to connect to")
public class CiscoVnmcConnectionTest {
static CiscoVnmcConnectionImpl connection;
static String tenantName = "TenantE";
static Map<String, String> fwDns = null;
@BeforeClass
public static void setUpClass() throws Exception {
connection = new CiscoVnmcConnectionImpl("10.223.56.5", "admin", "C1sco123");
try {
boolean response = connection.login();
assertTrue(response);
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testLogin() {
//fail("Not yet implemented");
try {
boolean response = connection.login();
assertTrue(response);
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testCreateTenant() {
//fail("Not yet implemented");
try {
boolean response = connection.createTenant(tenantName);
assertTrue(response);
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testCreateTenantVDC() {
//fail("Not yet implemented");
try {
boolean response = connection.createTenantVDC(tenantName);
assertTrue(response);
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testCreateTenantVDCEdgeDeviceProfile() {
//fail("Not yet implemented");
try {
boolean response = connection.createTenantVDCEdgeDeviceProfile(tenantName);
assertTrue(response);
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testCreateTenantVDCEdgeDeviceRoutePolicy() {
try {
boolean response = connection.createTenantVDCEdgeStaticRoutePolicy(tenantName);
assertTrue(response);
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testCreateTenantVDCEdgeDeviceRoute() {
try {
boolean response = connection.createTenantVDCEdgeStaticRoute(tenantName,
"10.223.136.1", "0.0.0.0", "0.0.0.0");
assertTrue(response);
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testAssociateRoutePolicyWithEdgeProfile() {
try {
boolean response = connection.associateTenantVDCEdgeStaticRoutePolicy(tenantName);
assertTrue(response);
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testAssociateTenantVDCEdgeDhcpPolicy() {
try {
boolean response = connection.associateTenantVDCEdgeDhcpPolicy(tenantName, "Edge_Inside");
assertTrue(response);
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testCreateTenantVDCEdgeDhcpPolicy() {
try {
boolean response = connection.createTenantVDCEdgeDhcpPolicy(tenantName,
"10.1.1.2", "10.1.1.254", "255.255.255.0","4.4.4.4", tenantName+ ".net");
assertTrue(response);
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testCreateTenantVDCEdgeSecurityProfile() {
try {
boolean response = connection.createTenantVDCEdgeSecurityProfile(tenantName);
assertTrue(response);
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testCreateTenantVDCSourceNatIpPool() {
try {
boolean response = connection.createTenantVDCSourceNatIpPool(tenantName, "1", "10.223.136.10");
assertTrue(response);
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testCreateTenantVDCSourceNatPolicy() {
try {
boolean response = connection.createTenantVDCSourceNatPolicy(tenantName, "1");
assertTrue(response);
response = connection.createTenantVDCSourceNatPolicyRef(tenantName, "1");
assertTrue(response);
response = connection.createTenantVDCSourceNatRule(tenantName, "1", "10.1.1.2", "10.1.1.254");
assertTrue(response);
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testCreateTenantVDCNatPolicySet() {
try {
boolean response = connection.createTenantVDCNatPolicySet(tenantName);
assertTrue(response);
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testAssociateNatPolicySet() {
try {
boolean response = connection.associateNatPolicySet(tenantName);
assertTrue(response);
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testCreateEdgeFirewall() {
try {
boolean response = connection.createEdgeFirewall(tenantName,
"44.44.44.44", "192.168.1.1", "255.255.255.0", "255.255.255.192");
assertTrue(response);
} catch (ExecutionException e) {
e.printStackTrace();
}
}
@Test
public void testListUnassocAsa1000v() {
try {
Map<String, String> response = connection.listUnAssocAsa1000v();
assertTrue(response.size() >=0);
fwDns = response;
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void assocAsa1000v() {
try {
boolean result = connection.assignAsa1000v(tenantName, fwDns.get(0));
assertTrue(result);
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}

401
plugins/network-elements/cisco-vnmc/test/com/cloud/network/element/CiscoVnmcElementTest.java Executable file
View File

@ -0,0 +1,401 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.element;
import java.net.URI;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.naming.ConfigurationException;
import org.junit.Before;
import org.junit.Test;
import org.mockito.internal.matchers.Any;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.Answer;
import com.cloud.agent.api.AssociateAsaWithLogicalEdgeFirewallCommand;
import com.cloud.agent.api.CleanupLogicalEdgeFirewallCommand;
import com.cloud.agent.api.ConfigureNexusVsmForAsaCommand;
import com.cloud.agent.api.CreateLogicalEdgeFirewallCommand;
import com.cloud.agent.api.routing.SetFirewallRulesCommand;
import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
import com.cloud.agent.api.routing.SetSourceNatCommand;
import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
import com.cloud.configuration.ConfigurationManager;
import com.cloud.dc.ClusterVSMMapVO;
import com.cloud.dc.DataCenter;
import com.cloud.dc.VlanVO;
import com.cloud.dc.DataCenter.NetworkType;
import com.cloud.dc.dao.ClusterVSMMapDao;
import com.cloud.dc.dao.VlanDao;
import com.cloud.deploy.DeployDestination;
import com.cloud.domain.Domain;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.host.HostVO;
import com.cloud.host.dao.HostDao;
import com.cloud.network.Network;
import com.cloud.network.Network.GuestType;
import com.cloud.network.Network.Provider;
import com.cloud.network.Network.Service;
import com.cloud.network.CiscoNexusVSMDeviceVO;
import com.cloud.network.IpAddress;
import com.cloud.network.NetworkManager;
import com.cloud.network.NetworkModel;
import com.cloud.network.Networks.BroadcastDomainType;
import com.cloud.network.Networks.TrafficType;
import com.cloud.network.addr.PublicIp;
import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
import com.cloud.network.cisco.CiscoVnmcControllerVO;
import com.cloud.network.cisco.NetworkAsa1000vMapVO;
import com.cloud.network.dao.CiscoAsa1000vDao;
import com.cloud.network.dao.CiscoNexusVSMDeviceDao;
import com.cloud.network.dao.CiscoVnmcDao;
import com.cloud.network.dao.NetworkAsa1000vMapDao;
import com.cloud.network.dao.NetworkServiceMapDao;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.rules.StaticNat;
import com.cloud.network.rules.StaticNatRule;
import com.cloud.offering.NetworkOffering;
import com.cloud.resource.ResourceManager;
import com.cloud.user.Account;
import com.cloud.utils.net.Ip;
import com.cloud.vm.ReservationContext;
import static org.junit.Assert.*;
import static org.mockito.Mockito.*;
public class CiscoVnmcElementTest {
CiscoVnmcElement _element = new CiscoVnmcElement();
AgentManager _agentMgr = mock(AgentManager.class);
NetworkManager _networkMgr = mock(NetworkManager.class);
NetworkModel _networkModel = mock(NetworkModel.class);
HostDao _hostDao = mock(HostDao.class);
NetworkServiceMapDao _ntwkSrvcDao = mock(NetworkServiceMapDao.class);
ConfigurationManager _configMgr = mock(ConfigurationManager.class);
CiscoVnmcDao _ciscoVnmcDao = mock(CiscoVnmcDao.class);
CiscoAsa1000vDao _ciscoAsa1000vDao = mock(CiscoAsa1000vDao.class);
NetworkAsa1000vMapDao _networkAsa1000vMapDao = mock(NetworkAsa1000vMapDao.class);
ClusterVSMMapDao _clusterVsmMapDao = mock(ClusterVSMMapDao.class);
CiscoNexusVSMDeviceDao _vsmDeviceDao = mock(CiscoNexusVSMDeviceDao.class);
VlanDao _vlanDao = mock(VlanDao.class);
@Before
public void setUp() throws ConfigurationException {
_element._resourceMgr = mock(ResourceManager.class);
_element._agentMgr = _agentMgr;
_element._networkMgr = _networkMgr;
_element._networkModel = _networkModel;
_element._hostDao = _hostDao;
_element._configMgr = _configMgr;
_element._ciscoVnmcDao = _ciscoVnmcDao;
_element._ciscoAsa1000vDao = _ciscoAsa1000vDao;
_element._networkAsa1000vMapDao = _networkAsa1000vMapDao;
_element._clusterVsmMapDao = _clusterVsmMapDao;
_element._vsmDeviceDao = _vsmDeviceDao;
_element._vlanDao = _vlanDao;
// Standard responses
when(_networkModel.isProviderForNetwork(Provider.CiscoVnmc, 1L)).thenReturn(true);
_element.configure("CiscoVnmcTestElement", Collections.<String, Object> emptyMap());
}
@Test
public void canHandleTest() {
Network network = mock(Network.class);
when(network.getId()).thenReturn(1L);
when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
assertTrue(_element.canHandle(network));
when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.UnDecided);
assertFalse(_element.canHandle(network));
}
@Test
public void implementTest() throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException {
URI uri = URI.create("vlan://123");
Network network = mock(Network.class);
when(network.getId()).thenReturn(1L);
when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
when(network.getDataCenterId()).thenReturn(1L);
when(network.getGateway()).thenReturn("1.1.1.1");
when(network.getBroadcastUri()).thenReturn(uri);
when(network.getCidr()).thenReturn("1.1.1.0/24");
NetworkOffering offering = mock(NetworkOffering.class);
when(offering.getId()).thenReturn(1L);
when(offering.getTrafficType()).thenReturn(TrafficType.Guest);
when(offering.getGuestType()).thenReturn(GuestType.Isolated);
DeployDestination dest = mock(DeployDestination.class);
Domain dom = mock(Domain.class);
when(dom.getName()).thenReturn("d1");
Account acc = mock(Account.class);
when(acc.getAccountName()).thenReturn("a1");
ReservationContext context = mock(ReservationContext.class);
when(context.getDomain()).thenReturn(dom);
when(context.getAccount()).thenReturn(acc);
DataCenter dc = mock(DataCenter.class);
when(dc.getNetworkType()).thenReturn(NetworkType.Advanced);
when(_configMgr.getZone(network.getDataCenterId())).thenReturn(dc);
List<CiscoVnmcControllerVO> devices = new ArrayList<CiscoVnmcControllerVO>();
devices.add(mock(CiscoVnmcControllerVO.class));
when(_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(devices);
CiscoAsa1000vDeviceVO asaVO = mock(CiscoAsa1000vDeviceVO.class);
when(asaVO.getInPortProfile()).thenReturn("foo");
when(asaVO.getManagementIp()).thenReturn("1.2.3.4");
List<CiscoAsa1000vDeviceVO> asaList = new ArrayList<CiscoAsa1000vDeviceVO>();
asaList.add(asaVO);
when(_ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(asaList);
when(_networkAsa1000vMapDao.findByNetworkId(network.getId())).thenReturn(mock(NetworkAsa1000vMapVO.class));
when(_networkAsa1000vMapDao.findByAsa1000vId(anyLong())).thenReturn(null);
when(_networkAsa1000vMapDao.persist(any(NetworkAsa1000vMapVO.class))).thenReturn(mock(NetworkAsa1000vMapVO.class));
when(_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.SourceNat, Provider.CiscoVnmc)).thenReturn(true);
ClusterVSMMapVO clusterVsmMap = mock(ClusterVSMMapVO.class);
when(_clusterVsmMapDao.findByClusterId(anyLong())).thenReturn(clusterVsmMap);
CiscoNexusVSMDeviceVO vsmDevice = mock(CiscoNexusVSMDeviceVO.class);
when(vsmDevice.getUserName()).thenReturn("foo");
when(vsmDevice.getPassword()).thenReturn("bar");
when(vsmDevice.getipaddr()).thenReturn("1.2.3.4");
when(_vsmDeviceDao.findById(anyLong())).thenReturn(vsmDevice);
HostVO hostVO = mock(HostVO.class);
when(hostVO.getId()).thenReturn(1L);
when(_hostDao.findById(anyLong())).thenReturn(hostVO);
Ip ip = mock(Ip.class);
when(ip.addr()).thenReturn("1.2.3.4");
PublicIp publicIp = mock(PublicIp.class);
when(publicIp.getAddress()).thenReturn(ip);
when(publicIp.getState()).thenReturn(IpAddress.State.Releasing);
when(publicIp.getAccountId()).thenReturn(1L);
when(publicIp.isSourceNat()).thenReturn(true);
when(publicIp.getVlanTag()).thenReturn("123");
when(publicIp.getGateway()).thenReturn("1.1.1.1");
when(publicIp.getNetmask()).thenReturn("1.1.1.1");
when(publicIp.getMacAddress()).thenReturn(null);
when(publicIp.isOneToOneNat()).thenReturn(true);
when(_networkMgr.assignSourceNatIpAddressToGuestNetwork(acc, network)).thenReturn(publicIp);
VlanVO vlanVO = mock(VlanVO.class);
when(vlanVO.getVlanGateway()).thenReturn("1.1.1.1");
List<VlanVO> vlanVOList = new ArrayList<VlanVO>();
when(_vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId())).thenReturn(vlanVOList);
Answer answer = mock(Answer.class);
when(answer.getResult()).thenReturn(true);
when(_agentMgr.easySend(anyLong(), any(CreateLogicalEdgeFirewallCommand.class))).thenReturn(answer);
when(_agentMgr.easySend(anyLong(), any(ConfigureNexusVsmForAsaCommand.class))).thenReturn(answer);
when(_agentMgr.easySend(anyLong(), any(SetSourceNatCommand.class))).thenReturn(answer);
when(_agentMgr.easySend(anyLong(), any(AssociateAsaWithLogicalEdgeFirewallCommand.class))).thenReturn(answer);
assertTrue(_element.implement(network, offering, dest, context));
}
@Test
public void shutdownTest() throws ConcurrentOperationException, ResourceUnavailableException {
URI uri = URI.create("vlan://123");
Network network = mock(Network.class);
when(network.getId()).thenReturn(1L);
when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
when(network.getDataCenterId()).thenReturn(1L);
when(network.getBroadcastUri()).thenReturn(uri);
ReservationContext context = mock(ReservationContext.class);
when(_networkAsa1000vMapDao.findByNetworkId(network.getId())).thenReturn(mock(NetworkAsa1000vMapVO.class));
List<CiscoVnmcControllerVO> devices = new ArrayList<CiscoVnmcControllerVO>();
devices.add(mock(CiscoVnmcControllerVO.class));
when(_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(devices);
HostVO hostVO = mock(HostVO.class);
when(hostVO.getId()).thenReturn(1L);
when(_hostDao.findById(anyLong())).thenReturn(hostVO);
Answer answer = mock(Answer.class);
when(answer.getResult()).thenReturn(true);
when(_agentMgr.easySend(anyLong(), any(CleanupLogicalEdgeFirewallCommand.class))).thenReturn(answer);
assertTrue(_element.shutdown(network, context, true));
}
@Test
public void applyFWRulesTest() throws ResourceUnavailableException {
URI uri = URI.create("vlan://123");
Network network = mock(Network.class);
when(network.getId()).thenReturn(1L);
when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
when(network.getDataCenterId()).thenReturn(1L);
when(network.getBroadcastUri()).thenReturn(uri);
when(network.getCidr()).thenReturn("1.1.1.0/24");
when(network.getState()).thenReturn(Network.State.Implemented);
Ip ip = mock(Ip.class);
when(ip.addr()).thenReturn("1.2.3.4");
IpAddress ipAddress = mock(IpAddress.class);
when(ipAddress.getAddress()).thenReturn(ip);
when(_networkModel.getIp(anyLong())).thenReturn(ipAddress);
when(_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.Firewall, Provider.CiscoVnmc)).thenReturn(true);
List<CiscoVnmcControllerVO> devices = new ArrayList<CiscoVnmcControllerVO>();
devices.add(mock(CiscoVnmcControllerVO.class));
when(_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(devices);
when(_networkAsa1000vMapDao.findByNetworkId(network.getId())).thenReturn(mock(NetworkAsa1000vMapVO.class));
HostVO hostVO = mock(HostVO.class);
when(hostVO.getId()).thenReturn(1L);
when(_hostDao.findById(anyLong())).thenReturn(hostVO);
FirewallRule rule = mock(FirewallRule.class);
when(rule.getSourceIpAddressId()).thenReturn(1L);
List<FirewallRule> rules = new ArrayList<FirewallRule>();
rules.add(rule);
Answer answer = mock(Answer.class);
when(answer.getResult()).thenReturn(true);
when(_agentMgr.easySend(anyLong(), any(SetFirewallRulesCommand.class))).thenReturn(answer);
assertTrue(_element.applyFWRules(network, rules));
}
@Test
public void applyPRulesTest() throws ResourceUnavailableException {
URI uri = URI.create("vlan://123");
Network network = mock(Network.class);
when(network.getId()).thenReturn(1L);
when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
when(network.getDataCenterId()).thenReturn(1L);
when(network.getBroadcastUri()).thenReturn(uri);
when(network.getCidr()).thenReturn("1.1.1.0/24");
when(network.getState()).thenReturn(Network.State.Implemented);
Ip ip = mock(Ip.class);
when(ip.addr()).thenReturn("1.2.3.4");
IpAddress ipAddress = mock(IpAddress.class);
when(ipAddress.getAddress()).thenReturn(ip);
when(ipAddress.getVlanId()).thenReturn(1L);
when(_networkModel.getIp(anyLong())).thenReturn(ipAddress);
when(_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.PortForwarding, Provider.CiscoVnmc)).thenReturn(true);
List<CiscoVnmcControllerVO> devices = new ArrayList<CiscoVnmcControllerVO>();
devices.add(mock(CiscoVnmcControllerVO.class));
when(_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(devices);
when(_networkAsa1000vMapDao.findByNetworkId(network.getId())).thenReturn(mock(NetworkAsa1000vMapVO.class));
HostVO hostVO = mock(HostVO.class);
when(hostVO.getId()).thenReturn(1L);
when(_hostDao.findById(anyLong())).thenReturn(hostVO);
VlanVO vlanVO = mock(VlanVO.class);
when(vlanVO.getVlanTag()).thenReturn(null);
when(_vlanDao.findById(anyLong())).thenReturn(vlanVO);
PortForwardingRule rule = mock(PortForwardingRule.class);
when(rule.getSourceIpAddressId()).thenReturn(1L);
when(rule.getDestinationIpAddress()).thenReturn(ip);
List<PortForwardingRule> rules = new ArrayList<PortForwardingRule>();
rules.add(rule);
Answer answer = mock(Answer.class);
when(answer.getResult()).thenReturn(true);
when(_agentMgr.easySend(anyLong(), any(SetPortForwardingRulesCommand.class))).thenReturn(answer);
assertTrue(_element.applyPFRules(network, rules));
}
@Test
public void applyStaticNatsTest() throws ResourceUnavailableException {
URI uri = URI.create("vlan://123");
Network network = mock(Network.class);
when(network.getId()).thenReturn(1L);
when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
when(network.getDataCenterId()).thenReturn(1L);
when(network.getBroadcastUri()).thenReturn(uri);
when(network.getCidr()).thenReturn("1.1.1.0/24");
when(network.getState()).thenReturn(Network.State.Implemented);
Ip ip = mock(Ip.class);
when(ip.addr()).thenReturn("1.2.3.4");
IpAddress ipAddress = mock(IpAddress.class);
when(ipAddress.getAddress()).thenReturn(ip);
when(ipAddress.getVlanId()).thenReturn(1L);
when(_networkModel.getIp(anyLong())).thenReturn(ipAddress);
when(_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.StaticNat, Provider.CiscoVnmc)).thenReturn(true);
List<CiscoVnmcControllerVO> devices = new ArrayList<CiscoVnmcControllerVO>();
devices.add(mock(CiscoVnmcControllerVO.class));
when(_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(devices);
when(_networkAsa1000vMapDao.findByNetworkId(network.getId())).thenReturn(mock(NetworkAsa1000vMapVO.class));
HostVO hostVO = mock(HostVO.class);
when(hostVO.getId()).thenReturn(1L);
when(_hostDao.findById(anyLong())).thenReturn(hostVO);
VlanVO vlanVO = mock(VlanVO.class);
when(vlanVO.getVlanTag()).thenReturn(null);
when(_vlanDao.findById(anyLong())).thenReturn(vlanVO);
StaticNat rule = mock(StaticNat.class);
when(rule.getSourceIpAddressId()).thenReturn(1L);
when(rule.getDestIpAddress()).thenReturn("1.2.3.4");
when(rule.isForRevoke()).thenReturn(false);
List<StaticNat> rules = new ArrayList<StaticNat>();
rules.add(rule);
Answer answer = mock(Answer.class);
when(answer.getResult()).thenReturn(true);
when(_agentMgr.easySend(anyLong(), any(SetStaticNatRulesCommand.class))).thenReturn(answer);
assertTrue(_element.applyStaticNats(network, rules));
}
}

285
plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java Executable file
View File

@ -0,0 +1,285 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.resource;
import static org.junit.Assert.*;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.*;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.naming.ConfigurationException;
import org.junit.Before;
import org.junit.Test;
import com.cloud.agent.api.Answer;
import com.cloud.agent.api.CreateLogicalEdgeFirewallCommand;
import com.cloud.agent.api.PingCommand;
import com.cloud.agent.api.StartupCommand;
import com.cloud.agent.api.routing.NetworkElementCommand;
import com.cloud.agent.api.routing.SetFirewallRulesCommand;
import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
import com.cloud.agent.api.routing.SetSourceNatCommand;
import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
import com.cloud.agent.api.to.FirewallRuleTO;
import com.cloud.agent.api.to.IpAddressTO;
import com.cloud.agent.api.to.PortForwardingRuleTO;
import com.cloud.agent.api.to.StaticNatRuleTO;
import com.cloud.dc.Vlan;
import com.cloud.host.Host;
import com.cloud.network.IpAddress;
import com.cloud.network.cisco.CiscoVnmcConnectionImpl;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.rules.StaticNat;
import com.cloud.network.rules.FirewallRule.Purpose;
import com.cloud.network.rules.FirewallRule.TrafficType;
import com.cloud.network.rules.FirewallRuleVO;
import com.cloud.utils.exception.ExecutionException;
public class CiscoVnmcResourceTest {
CiscoVnmcConnectionImpl _connection = mock(CiscoVnmcConnectionImpl.class);
CiscoVnmcResource _resource;
Map<String,Object> _parameters;
@Before
public void setUp() throws ConfigurationException {
_resource = new CiscoVnmcResource();
_parameters = new HashMap<String, Object>();
_parameters.put("name", "CiscoVnmc");
_parameters.put("zoneId", "1");
_parameters.put("physicalNetworkId", "100");
_parameters.put("ip", "1.2.3.4");
_parameters.put("username", "admin");
_parameters.put("password", "pass");
_parameters.put("guid", "e8e13097-0a08-4e82-b0af-1101589ec3b8");
_parameters.put("numretries", "3");
_parameters.put("timeout", "300");
}
@Test(expected=ConfigurationException.class)
public void resourceConfigureFailure() throws ConfigurationException {
_resource.configure("CiscoVnmcResource", Collections.<String,Object>emptyMap());
}
@Test
public void resourceConfigure() throws ConfigurationException {
_resource.configure("CiscoVnmcResource", _parameters);
assertTrue("CiscoVnmc".equals(_resource.getName()));
assertTrue(_resource.getType() == Host.Type.ExternalFirewall);
}
@Test
public void testInitialization() throws ConfigurationException {
_resource.configure("CiscoVnmcResource", _parameters);
StartupCommand[] sc = _resource.initialize();
assertTrue(sc.length ==1);
assertTrue("e8e13097-0a08-4e82-b0af-1101589ec3b8".equals(sc[0].getGuid()));
assertTrue("CiscoVnmc".equals(sc[0].getName()));
assertTrue("1".equals(sc[0].getDataCenter()));
}
@Test
public void testPingCommandStatusOk() throws ConfigurationException, ExecutionException {
_resource.configure("CiscoVnmcResource", _parameters);
_resource.setConnection(_connection);
when(_connection.login()).thenReturn(true);
PingCommand ping = _resource.getCurrentStatus(1);
assertTrue(ping != null);
assertTrue(ping.getHostId() == 1);
assertTrue(ping.getHostType() == Host.Type.ExternalFirewall);
}
@Test
public void testPingCommandStatusFail() throws ConfigurationException, ExecutionException {
_resource.configure("CiscoVnmcResource", _parameters);
_resource.setConnection(_connection);
when(_connection.login()).thenReturn(false);
PingCommand ping = _resource.getCurrentStatus(1);
assertTrue(ping == null);
}
@Test
public void testSourceNat() throws ConfigurationException, Exception {
long vlanId = 123;
IpAddressTO ip = new IpAddressTO(1, "1.2.3.4", true, false,
false, null, "1.2.3.1", "255.255.255.0", null, null, false);
SetSourceNatCommand cmd = new SetSourceNatCommand(ip, true);
cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "1.2.3.4/32");
_resource.configure("CiscoVnmcResource", _parameters);
_resource.setConnection(_connection);
when(_connection.login()).thenReturn(true);
when(_connection.createTenantVDCNatPolicySet(anyString())).thenReturn(true);
when(_connection.createTenantVDCSourceNatPolicy(anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCSourceNatPolicyRef(anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCSourceNatIpPool(anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCSourceNatRule(anyString(), anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.associateNatPolicySet(anyString())).thenReturn(true);
Answer answer = _resource.executeRequest(cmd);
System.out.println(answer.getDetails());
assertTrue(answer.getResult());
}
@Test
public void testFirewall() throws ConfigurationException, Exception {
long vlanId = 123;
List<FirewallRuleTO> rules = new ArrayList<FirewallRuleTO>();
List<String> cidrList = new ArrayList<String>();
cidrList.add("2.3.2.3/32");
FirewallRuleTO active = new FirewallRuleTO(1,
null, "1.2.3.4", "tcp", 22, 22, false, false,
FirewallRule.Purpose.Firewall, cidrList, null, null);
rules.add(active);
FirewallRuleTO revoked = new FirewallRuleTO(1,
null, "1.2.3.4", "tcp", 22, 22, true, false,
FirewallRule.Purpose.Firewall, null, null, null);
rules.add(revoked);
SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rules);
cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "1.2.3.4/32");
_resource.configure("CiscoVnmcResource", _parameters);
_resource.setConnection(_connection);
when(_connection.createTenantVDCAclPolicySet(anyString(), anyBoolean())).thenReturn(true);
when(_connection.createTenantVDCAclPolicy(anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCAclPolicyRef(anyString(), anyString(), anyBoolean())).thenReturn(true);
when(_connection.deleteTenantVDCAclRule(anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCIngressAclRule(
anyString(), anyString(), anyString(),
anyString(), anyString(), anyString(),
anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCEgressAclRule(
anyString(), anyString(), anyString(),
anyString(), anyString(), anyString(),
anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.associateAclPolicySet(anyString())).thenReturn(true);
Answer answer = _resource.executeRequest(cmd);
System.out.println(answer.getDetails());
assertTrue(answer.getResult());
}
@Test
public void testStaticNat() throws ConfigurationException, Exception {
long vlanId = 123;
List<StaticNatRuleTO> rules = new ArrayList<StaticNatRuleTO>();
StaticNatRuleTO active = new StaticNatRuleTO(0, "1.2.3.4", null,
null, "5.6.7.8", null, null, null, false, false);
rules.add(active);
StaticNatRuleTO revoked = new StaticNatRuleTO(0, "1.2.3.4", null,
null, "5.6.7.8", null, null, null, true, false);
rules.add(revoked);
SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rules, null);
cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "1.2.3.4/32");
_resource.configure("CiscoVnmcResource", _parameters);
_resource.setConnection(_connection);
when(_connection.createTenantVDCNatPolicySet(anyString())).thenReturn(true);
when(_connection.createTenantVDCAclPolicySet(anyString(), anyBoolean())).thenReturn(true);
when(_connection.createTenantVDCDNatPolicy(anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCDNatPolicyRef(anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCAclPolicy(anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCAclPolicyRef(anyString(), anyString(), anyBoolean())).thenReturn(true);
when(_connection.deleteTenantVDCDNatRule(anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.deleteTenantVDCAclRule(anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCDNatIpPool(anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCDNatRule(anyString(),
anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCAclRuleForDNat(anyString(),
anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.associateAclPolicySet(anyString())).thenReturn(true);
Answer answer = _resource.executeRequest(cmd);
System.out.println(answer.getDetails());
assertTrue(answer.getResult());
}
@Test
public void testPortForwarding() throws ConfigurationException, Exception {
long vlanId = 123;
List<PortForwardingRuleTO> rules = new ArrayList<PortForwardingRuleTO>();
PortForwardingRuleTO active = new PortForwardingRuleTO(1, "1.2.3.4", 22, 22,
"5.6.7.8", 22, 22, "tcp", false, false);
rules.add(active);
PortForwardingRuleTO revoked = new PortForwardingRuleTO(1, "1.2.3.4", 22, 22,
"5.6.7.8", 22, 22, "tcp", false, false);
rules.add(revoked);
SetPortForwardingRulesCommand cmd = new SetPortForwardingRulesCommand(rules);
cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "1.2.3.4/32");
_resource.configure("CiscoVnmcResource", _parameters);
_resource.setConnection(_connection);
when(_connection.createTenantVDCNatPolicySet(anyString())).thenReturn(true);
when(_connection.createTenantVDCAclPolicySet(anyString(), anyBoolean())).thenReturn(true);
when(_connection.createTenantVDCPFPolicy(anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCPFPolicyRef(anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCAclPolicy(anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCAclPolicyRef(anyString(), anyString(), anyBoolean())).thenReturn(true);
when(_connection.deleteTenantVDCPFRule(anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.deleteTenantVDCAclRule(anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCPFIpPool(anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCPFPortPool(anyString(), anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCPFRule(anyString(),
anyString(), anyString(), anyString(),
anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCAclRuleForPF(anyString(),
anyString(), anyString(), anyString(),
anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.associateAclPolicySet(anyString())).thenReturn(true);
Answer answer = _resource.executeRequest(cmd);
System.out.println(answer.getDetails());
assertTrue(answer.getResult());
}
@Test
public void testCreateEdgeFirewall() throws ConfigurationException, Exception {
long vlanId = 123;
CreateLogicalEdgeFirewallCommand cmd = new CreateLogicalEdgeFirewallCommand(vlanId, "1.2.3.4", "5.6.7.8", "255.255.255.0", "255.255.255.0");
cmd.getPublicGateways().add("1.1.1.1");
cmd.getPublicGateways().add("2.2.2.2");
_resource.configure("CiscoVnmcResource", _parameters);
_resource.setConnection(_connection);
when(_connection.createTenant(anyString())).thenReturn(true);
when(_connection.createTenantVDC(anyString())).thenReturn(true);
when(_connection.createTenantVDCEdgeSecurityProfile(anyString())).thenReturn(true);
when(_connection.createTenantVDCEdgeDeviceProfile(anyString())).thenReturn(true);
when(_connection.createTenantVDCEdgeStaticRoutePolicy(anyString())).thenReturn(true);
when(_connection.createTenantVDCEdgeStaticRoute(anyString(), anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.associateTenantVDCEdgeStaticRoutePolicy(anyString())).thenReturn(true);
when(_connection.createEdgeFirewall(anyString(), anyString(), anyString(), anyString(), anyString())).thenReturn(true);
Answer answer = _resource.executeRequest(cmd);
System.out.println(answer.getDetails());
assertTrue(answer.getResult());
}
}

1
plugins/pom.xml
View File

@ -138,6 +138,7 @@
</activation>
<modules>
<module>hypervisors/vmware</module>
<module>network-elements/cisco-vnmc</module>
</modules>
</profile>
<profile>

4
server/src/com/cloud/api/ApiResponseHelper.java
View File

@ -2717,8 +2717,8 @@ public class ApiResponseHelper implements ResponseGenerator {
List<? extends Network.Provider> serviceProviders = ApiDBUtils.getProvidersForService(service);
List<ProviderResponse> serviceProvidersResponses = new ArrayList<ProviderResponse>();
for (Network.Provider serviceProvider : serviceProviders) {
// return only Virtual Router/JuniperSRX as a provider for the firewall
if (service == Service.Firewall && !(serviceProvider == Provider.VirtualRouter || serviceProvider == Provider.JuniperSRX)) {
// return only Virtual Router/JuniperSRX/CiscoVnmc as a provider for the firewall
if (service == Service.Firewall && !(serviceProvider == Provider.VirtualRouter || serviceProvider == Provider.JuniperSRX || serviceProvider == Provider.CiscoVnmc)) {
continue;
}

4
server/src/com/cloud/configuration/ConfigurationManagerImpl.java
View File

@ -3302,8 +3302,8 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
throw new InvalidParameterValueException("Invalid service provider: " + prvNameStr);
}
if (provider == Provider.JuniperSRX) {
firewallProvider = Provider.JuniperSRX;
if (provider == Provider.JuniperSRX || provider == Provider.CiscoVnmc) {
firewallProvider = provider;
}
if ((service == Service.PortForwarding || service == Service.StaticNat) && provider == Provider.VirtualRouter){

38
setup/db/db/schema-410to420.sql
View File

@ -680,7 +680,41 @@ CREATE VIEW `cloud`.`affinity_group_view` AS
left join
`cloud`.`vm_instance` ON vm_instance.id = affinity_group_vm_map.instance_id
left join
`cloud`.`user_vm` ON user_vm.id = vm_instance.id;
`cloud`.`user_vm` ON user_vm.id = vm_instance.id;
CREATE TABLE `cloud`.`external_cisco_vnmc_devices` (
`id` bigint unsigned NOT NULL AUTO_INCREMENT COMMENT 'id',
`uuid` varchar(255) UNIQUE,
`physical_network_id` bigint unsigned NOT NULL COMMENT 'id of the physical network in to which cisco vnmc device is added',
`provider_name` varchar(255) NOT NULL COMMENT 'Service Provider name corresponding to this cisco vnmc device',
`device_name` varchar(255) NOT NULL COMMENT 'name of the cisco vnmc device',
`host_id` bigint unsigned NOT NULL COMMENT 'host id coresponding to the external cisco vnmc device',
PRIMARY KEY (`id`),
CONSTRAINT `fk_external_cisco_vnmc_devices__host_id` FOREIGN KEY (`host_id`) REFERENCES `host`(`id`) ON DELETE CASCADE,
CONSTRAINT `fk_external_cisco_vnmc_devices__physical_network_id` FOREIGN KEY (`physical_network_id`) REFERENCES `physical_network`(`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `cloud`.`external_cisco_asa1000v_devices` (
`id` bigint unsigned NOT NULL AUTO_INCREMENT COMMENT 'id',
`uuid` varchar(255) UNIQUE,
`physical_network_id` bigint unsigned NOT NULL COMMENT 'id of the physical network in to which cisco asa1kv device is added',
`management_ip` varchar(255) UNIQUE NOT NULL COMMENT 'mgmt. ip of cisco asa1kv device',
`in_port_profile` varchar(255) NOT NULL COMMENT 'inside port profile name of cisco asa1kv device',
`cluster_id` bigint unsigned NOT NULL COMMENT 'id of the Vmware cluster to which cisco asa1kv device is attached (cisco n1kv switch)',
PRIMARY KEY (`id`),
CONSTRAINT `fk_external_cisco_asa1000v_devices__physical_network_id` FOREIGN KEY (`physical_network_id`) REFERENCES `physical_network`(`id`) ON DELETE CASCADE,
CONSTRAINT `fk_external_cisco_asa1000v_devices__cluster_id` FOREIGN KEY (`cluster_id`) REFERENCES `cluster`(`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `cloud`.`network_asa1000v_map` (
`id` bigint unsigned NOT NULL AUTO_INCREMENT COMMENT 'id',
`network_id` bigint unsigned NOT NULL UNIQUE COMMENT 'id of guest network',
`asa1000v_id` bigint unsigned NOT NULL UNIQUE COMMENT 'id of asa1000v device',
PRIMARY KEY (`id`),
CONSTRAINT `fk_network_asa1000v_map__network_id` FOREIGN KEY (`network_id`) REFERENCES `networks`(`id`) ON DELETE CASCADE,
CONSTRAINT `fk_network_asa1000v_map__asa1000v_id` FOREIGN KEY (`asa1000v_id`) REFERENCES `external_cisco_asa1000v_devices`(`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- Re-enable foreign key checking, at the end of the upgrade path
SET foreign_key_checks = 1;

134
test/integration/component/test_asa1000v_fw.py Executable file
View File

@ -0,0 +1,134 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
""" Cisco ASA1000v external firewall
"""
#Import Local Modules
import marvin
from nose.plugins.attrib import attr
from marvin.cloudstackTestCase import *
from marvin.cloudstackAPI import *
from marvin.integration.lib.utils import *
from marvin.integration.lib.base import *
from marvin.integration.lib.common import *
from marvin.remoteSSHClient import remoteSSHClient
import datetime
class Services:
"""Test Cisco ASA1000v services
"""
def __init__(self):
self.services = {
"vnmc": {
"ipaddress": '10.147.28.236',
"username": 'admin',
"password": 'Password_123',
},
"asa": {
"ipaddress": '10.147.28.238',
"insideportprofile": 'asa-in123',
},
"network_offering": {
"name": 'CiscoVnmc',
"displaytext": 'CiscoVnmc',
"guestiptype": 'Isolated',
"supportedservices": 'Dhcp,Dns,SourceNat,PortForwarding,Firewall,UserData,StaticNat',
"traffictype": 'GUEST',
"availability": 'Optional',
"serviceProviderList": {
"Dhcp": 'VirtualRouter',
"Dns": 'VirtualRouter',
"SourceNat": 'CiscoVnmc',
"PortForwarding": 'CiscoVnmc',
"Firewall": 'CiscoVnmc',
"UserData": 'VirtualRouter',
"StaticNat": 'CiscoVnmc',
},
},
"network": {
"name": "CiscoVnmc",
"displaytext": "CiscoVnmc",
},
}
class TestASASetup(cloudstackTestCase):
@classmethod
def setUpClass(cls):
cls.apiclient = super(
TestASASetup,
cls
).getClsTestClient().getApiClient()
cls.services = Services().services
cls.network_offering = NetworkOffering.create(
cls.apiclient,
cls.services["network_offering"],
conservemode=True)
# Enable network offering
cls.network_offering.update(cls.apiclient, state='Enabled')
cls._cleanup = [
cls.network_offering,
]
return
@classmethod
def tearDownClass(cls):
try:
# Cleanup
cleanup_resources(cls.apiclient, cls._cleanup)
except Exception as e:
raise Exception("Warning: Exception during cleanup : %s" % e)
return
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.dbclient = self.testClient.getDbConnection()
self.zone = get_zone(self.apiclient, self.services)
self.physicalnetworks = PhysicalNetwork.list(self.apiclient, zoneid=self.zone.id)
self.assertNotEqual(len(self.physicalnetworks), 0, "Check if the list physical network API returns a non-empty response")
self.clusters = Cluster.list(self.apiclient, hypervisor='VMware')
self.assertNotEqual(len(self.clusters), 0, "Check if the list cluster API returns a non-empty response")
return
def tearDown(self):
try:
self.debug("Cleaning up the resources")
# Cleanup
cleanup_resources(self.apiclient, self._cleanup)
self.debug("Cleanup complete!")
except Exception as e:
raise Exception("Warning: Exception during cleanup : %s" % e)
return
def test_registerVnmc(self):
Vnmc = VNMC.create(self.apiclient, self.services["vnmc"]["ipaddress"], self.services["vnmc"]["username"], self.services["vnmc"]["password"], self.physicalnetworks[0].id)
self.debug("Cisco VNMC appliance with id %s deployed"%(Vnmc.id))
VnmcList = VNMC.list(self.apiclient, physicalnetworkid = self.physicalnetworks[0].id)
self.assertNotEqual(len(VnmcList), 0, "List VNMC API returned an empty response")
Vnmc.delete(self.apiclient)
def test_registerAsa1000v(self):
Asa = ASA1000V.create(self.apiclient, self.services["asa"]["ipaddress"], self.services["asa"]["insideportprofile"], self.clusters[0].id, self.physicalnetworks[0].id)
self.debug("Cisco ASA 1000v appliance with id %s deployed"%(Asa.id))
AsaList = ASA1000V.list(self.apiclient, physicalnetworkid = self.physicalnetworks[0].id)
self.assertNotEqual(len(AsaList), 0, "List ASA 1000v API returned an empty response")
Asa.delete(self.apiclient)

65
tools/marvin/marvin/integration/lib/base.py
View File

@ -2444,7 +2444,6 @@ class VPC:
[setattr(cmd, k, v) for k, v in kwargs.items()]
return(apiclient.listVPCs(cmd))
class AffinityGroup:
def __init__(self, items):
self.__dict__.update(items)
@ -2467,9 +2466,71 @@ class AffinityGroup:
cmd.id = self.id
return apiclient.deleteVPC(cmd)
@classmethod
def list(cls, apiclient, **kwargs):
cmd = listAffinityGroups.listAffinityGroupsCmd()
[setattr(cmd, k, v) for k, v in kwargs.items()]
return(apiclient.listVPCs(cmd))
class VNMC:
"""Manage VNMC lifecycle"""
def __init__(self, items):
self.__dict__.update(items)
def create(cls, apiclient, hostname, username, password, physicalnetworkid):
"""Registers VNMC appliance"""
cmd = addCiscoVnmcResource.addCiscoVnmcResourceCmd()
cmd.hostname = hostname
cmd.username = username
cmd.password = password
cmd.physicalnetworkid = physicalnetworkid
return VNMC(apiclient.addCiscoVnmcResource(cmd))
def delete(self, apiclient):
"""Removes VNMC appliance"""
cmd = deleteCiscoVnmcResource.deleteCiscoVnmcResourceCmd()
cmd.resourceid = self.resourceid
return apiclient.deleteCiscoVnmcResource(cmd)
@classmethod
def list(cls, apiclient, **kwargs):
"""List VNMC appliances"""
cmd = listCiscoVnmcResources.listCiscoVnmcResourcesCmd()
[setattr(cmd, k, v) for k, v in kwargs.items()]
return(apiclient.listCiscoVnmcResources(cmd))
class ASA1000V:
"""Manage ASA 1000v lifecycle"""
def __init__(self, items):
self.__dict__.update(items)
@classmethod
def create(cls, apiclient, hostname, insideportprofile, clusterid, physicalnetworkid):
"""Registers ASA 1000v appliance"""
cmd = addCiscoAsa1000vResource.addCiscoAsa1000vResourceCmd()
cmd.hostname = hostname
cmd.insideportprofile = insideportprofile
cmd.clusterid = clusterid
cmd.physicalnetworkid = physicalnetworkid
return ASA1000V(apiclient.addCiscoAsa1000vResource(cmd))
def delete(self, apiclient):
"""Removes ASA 1000v appliance"""
cmd = deleteCiscoAsa1000vResource.deleteCiscoAsa1000vResourceCmd()
cmd.resourceid = self.resourceid
return apiclient.deleteCiscoAsa1000vResource(cmd)
@classmethod
def list(cls, apiclient, **kwargs):
"""List ASA 1000v appliances"""
cmd = listCiscoAsa1000vResources.listCiscoAsa1000vResourcesCmd()
[setattr(cmd, k, v) for k, v in kwargs.items()]
return(apiclient.listCiscoAsa1000vResources(cmd))

Some files were not shown because too many files have changed in this diff Show More