mirror of
https://github.com/apache/cloudstack.git
synced 2025-12-15 18:12:35 +01:00
Security group is a service now
This commit is contained in:
alena
parent
71b53a3432
commit
fe0b685e95
@ -4,7 +4,6 @@
|
||||
|
||||
package com.cloud.resource;
|
||||
|
||||
import java.io.File;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
@ -18,9 +17,7 @@ import com.cloud.agent.api.Answer;
|
||||
import com.cloud.agent.api.CheckVirtualMachineAnswer;
|
||||
import com.cloud.agent.api.CheckVirtualMachineCommand;
|
||||
import com.cloud.agent.api.Command;
|
||||
|
||||
import com.cloud.agent.api.PingCommand;
|
||||
import com.cloud.agent.api.PingRoutingCommand;
|
||||
import com.cloud.agent.api.PingRoutingWithNwGroupsCommand;
|
||||
import com.cloud.agent.api.PrepareForMigrationCommand;
|
||||
import com.cloud.agent.api.ReadyAnswer;
|
||||
|
||||
@ -153,7 +153,6 @@ public class ApiConstants {
|
||||
public static final String SECURITY_GROUP_NAMES = "securitygroupnames";
|
||||
public static final String SECURITY_GROUP_NAME = "securitygroupname";
|
||||
public static final String SECURITY_GROUP_ID = "securitygroupid";
|
||||
public static final String SECURITY_GROUP_EANBLED = "securitygroupenabled";
|
||||
public static final String SENT = "sent";
|
||||
public static final String SENT_BYTES = "sentbytes";
|
||||
public static final String SERVICE_OFFERING_ID = "serviceofferingid";
|
||||
@ -283,4 +282,5 @@ public class ApiConstants {
|
||||
public static final String SERVICE_NAME = "servicename";
|
||||
public static final String DHCP_RANGE = "dhcprange";
|
||||
public static final String UUID = "uuid";
|
||||
public static final String SECURITY_GROUP_EANBLED = "securitygroupenabled";
|
||||
}
|
||||
|
||||
@ -97,9 +97,6 @@ public class CreateNetworkOfferingCmd extends BaseCmd {
|
||||
@Parameter(name = ApiConstants.SERVICE_PROVIDER_LIST, type = CommandType.MAP, description = "provider to service mapping. If not specified, the provider for the service will be mapped to the default provider on the physical network")
|
||||
private Map serviceProviderList;
|
||||
|
||||
@Parameter(name=ApiConstants.SECURITY_GROUP_EANBLED, type=CommandType.BOOLEAN, description="true is security group is enabled for the network offering")
|
||||
private Boolean securityGroupEnabled;
|
||||
|
||||
@Parameter(name=ApiConstants.TYPE, type=CommandType.STRING, required=true, description="type of the network offering: Shared or Isolated")
|
||||
private String type;
|
||||
|
||||
@ -207,10 +204,6 @@ public class CreateNetworkOfferingCmd extends BaseCmd {
|
||||
return serviceProviderMap;
|
||||
}
|
||||
|
||||
public Boolean getSecurityGroupEnabled() {
|
||||
return securityGroupEnabled == null ? false : securityGroupEnabled;
|
||||
}
|
||||
|
||||
/////////////////////////////////////////////////////
|
||||
/////////////// API Implementation///////////////////
|
||||
/////////////////////////////////////////////////////
|
||||
|
||||
@ -68,6 +68,9 @@ public class CreateZoneCmd extends BaseCmd {
|
||||
|
||||
@Parameter(name=ApiConstants.ALLOCATION_STATE, type=CommandType.STRING, description="Allocation state of this Zone for allocation of new resources")
|
||||
private String allocationState;
|
||||
|
||||
@Parameter(name=ApiConstants.SECURITY_GROUP_EANBLED, type=CommandType.BOOLEAN, description="true if network is security group enabled, false otherwise")
|
||||
private Boolean securitygroupenabled;
|
||||
|
||||
/////////////////////////////////////////////////////
|
||||
/////////////////// Accessors ///////////////////////
|
||||
@ -111,12 +114,18 @@ public class CreateZoneCmd extends BaseCmd {
|
||||
|
||||
public String getAllocationState() {
|
||||
return allocationState;
|
||||
}
|
||||
}
|
||||
|
||||
public Boolean getSecuritygroupenabled() {
|
||||
if (securitygroupenabled == null) {
|
||||
return false;
|
||||
}
|
||||
return securitygroupenabled;
|
||||
}
|
||||
|
||||
|
||||
/////////////////////////////////////////////////////
|
||||
/////////////// API Implementation///////////////////
|
||||
|
||||
@Override
|
||||
public String getCommandName() {
|
||||
return s_name;
|
||||
|
||||
@ -371,13 +371,10 @@ public class DeployVMCmd extends BaseAsyncCreateCmd {
|
||||
displayName, diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), ipAddress, keyboard);
|
||||
}
|
||||
} else {
|
||||
if (zone.isSecurityGroupEnabled()) {
|
||||
if (getSecurityGroupIdList() != null && !getSecurityGroupIdList().isEmpty()) {
|
||||
vm = _userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, template, getNetworkIds(), getSecurityGroupIdList(),
|
||||
owner, name, displayName, diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), ipAddress, keyboard);
|
||||
} else {
|
||||
if (getSecurityGroupIdList() != null && !getSecurityGroupIdList().isEmpty()) {
|
||||
throw new InvalidParameterValueException("Can't create vm with security groups; security group feature is not enabled per zone");
|
||||
}
|
||||
vm = _userVmService.createAdvancedVirtualMachine(zone, serviceOffering, template, getNetworkIds(), owner, name, displayName,
|
||||
diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), ipAddress, keyboard);
|
||||
}
|
||||
|
||||
@ -68,9 +68,6 @@ public class ListNetworkOfferingsCmd extends BaseListCmd {
|
||||
@Parameter(name=ApiConstants.ZONE_ID, type=CommandType.LONG, description="list netowrk offerings available for network creation in specific zone")
|
||||
private Long zoneId;
|
||||
|
||||
@Parameter(name=ApiConstants.SECURITY_GROUP_EANBLED, type=CommandType.BOOLEAN, description="list network offerings that have security group feature enabled")
|
||||
private Boolean securityGroupEnabled;
|
||||
|
||||
@Parameter(name=ApiConstants.STATE, type=CommandType.STRING, description="list network offerings by state")
|
||||
private String state;
|
||||
|
||||
@ -120,10 +117,6 @@ public class ListNetworkOfferingsCmd extends BaseListCmd {
|
||||
return zoneId;
|
||||
}
|
||||
|
||||
public Boolean getSecurityGroupEnabled() {
|
||||
return securityGroupEnabled;
|
||||
}
|
||||
|
||||
public String getState() {
|
||||
return state;
|
||||
}
|
||||
|
||||
@ -88,9 +88,6 @@ public class UpdateNetworkOfferingCmd extends BaseCmd {
|
||||
|
||||
@Parameter(name=ApiConstants.STATE, type=CommandType.STRING, description="list network offerings by state")
|
||||
private String state;
|
||||
|
||||
@Parameter(name=ApiConstants.SECURITY_GROUP_EANBLED, type=CommandType.BOOLEAN, description="true is security group is enabled for the network offering")
|
||||
private Boolean securityGroupEnabled;
|
||||
|
||||
/////////////////////////////////////////////////////
|
||||
/////////////////// Accessors ///////////////////////
|
||||
@ -172,10 +169,6 @@ public class UpdateNetworkOfferingCmd extends BaseCmd {
|
||||
return state;
|
||||
}
|
||||
|
||||
public Boolean getSecurityGroupEnabled() {
|
||||
return securityGroupEnabled;
|
||||
}
|
||||
|
||||
/////////////////////////////////////////////////////
|
||||
/////////////// API Implementation///////////////////
|
||||
/////////////////////////////////////////////////////
|
||||
|
||||
@ -38,8 +38,6 @@ public class HypervisorCapabilitiesResponse extends BaseResponse {
|
||||
@SerializedName(ApiConstants.SECURITY_GROUP_EANBLED) @Param(description="true if security group is supported")
|
||||
private boolean isSecurityGroupEnabled;
|
||||
|
||||
|
||||
|
||||
@Override
|
||||
public Long getObjectId() {
|
||||
return getId();
|
||||
|
||||
@ -62,9 +62,6 @@ public class NetworkOfferingResponse extends BaseResponse{
|
||||
@SerializedName(ApiConstants.NETWORKRATE) @Param(description="data transfer rate in megabits per second allowed.")
|
||||
private Integer networkRate;
|
||||
|
||||
@SerializedName(ApiConstants.SECURITY_GROUP_EANBLED) @Param(description="true if security group is enabled, false otherwise")
|
||||
private Boolean isSecurityGroupEnabled;
|
||||
|
||||
@SerializedName(ApiConstants.STATE) @Param(description="state of the network offering. Can be Disabled/Enabled/Inactive")
|
||||
private String state;
|
||||
|
||||
@ -122,10 +119,6 @@ public class NetworkOfferingResponse extends BaseResponse{
|
||||
this.networkRate = networkRate;
|
||||
}
|
||||
|
||||
public void setIsSecurityGroupEnabled(Boolean isSecurityGroupEnabled) {
|
||||
this.isSecurityGroupEnabled = isSecurityGroupEnabled;
|
||||
}
|
||||
|
||||
public void setServices(List<ServiceResponse> services) {
|
||||
this.services = services;
|
||||
}
|
||||
|
||||
@ -120,9 +120,6 @@ public class NetworkResponse extends BaseResponse implements ControlledEntityRes
|
||||
@SerializedName(ApiConstants.NETWORK_DOMAIN) @Param(description="the network domain")
|
||||
private String networkDomain;
|
||||
|
||||
@SerializedName(ApiConstants.SECURITY_GROUP_EANBLED) @Param(description="true if security group is enabled, false otherwise")
|
||||
private Boolean isSecurityGroupEnabled;
|
||||
|
||||
@SerializedName(ApiConstants.TAGS) @Param(description="comma separated tag")
|
||||
private String tags;
|
||||
|
||||
@ -246,10 +243,6 @@ public class NetworkResponse extends BaseResponse implements ControlledEntityRes
|
||||
this.networkDomain = networkDomain;
|
||||
}
|
||||
|
||||
public void setIsSecurityGroupEnabled(Boolean sgEnabled) {
|
||||
this.isSecurityGroupEnabled = sgEnabled;
|
||||
}
|
||||
|
||||
public void setTags(List<String> tags) {
|
||||
if (tags == null || tags.size() == 0) {
|
||||
return;
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
/**
|
||||
|
||||
* Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
|
||||
*
|
||||
* This software is licensed under the GNU General Public License v3 or later.
|
||||
|
||||
@ -55,6 +55,7 @@ public interface Network extends ControlledEntity {
|
||||
public static final Service Lb = new Service("Lb", Capability.SupportedLBAlgorithms, Capability.SupportedProtocols, Capability.TrafficStatistics, Capability.LoadBalancingSupportedIps);
|
||||
public static final Service UserData = new Service("UserData");
|
||||
public static final Service SourceNat = new Service("SourceNat");
|
||||
public static final Service SecurityGroup = new Service("SecurityGroup");
|
||||
|
||||
private String name;
|
||||
private Capability[] caps;
|
||||
@ -118,9 +119,11 @@ public interface Network extends ControlledEntity {
|
||||
public static final Provider ExternalGateWay = new Provider("ExternalGateWay", true);
|
||||
public static final Provider ElasticLoadBalancerVm = new Provider("ElasticLoadBalancerVm", false);
|
||||
public static final Provider RedundantVirtualRouter = new Provider("RedundantVirtualRouter", false);
|
||||
public static final Provider defaultProvider = VirtualRouter;
|
||||
|
||||
public static final Provider SecurityGroupProvider = new Provider("SecurityGroupProvider", false);
|
||||
public static final Provider None = new Provider("None", false);
|
||||
|
||||
//the default provider
|
||||
public static final Provider defaultProvider = VirtualRouter;
|
||||
|
||||
private String name;
|
||||
private boolean isExternal;
|
||||
@ -266,8 +269,6 @@ public interface Network extends ControlledEntity {
|
||||
|
||||
String getNetworkDomain();
|
||||
|
||||
boolean isSecurityGroupEnabled();
|
||||
|
||||
List<String> getTags();
|
||||
|
||||
Type getType();
|
||||
|
||||
@ -47,7 +47,6 @@ public class NetworkProfile implements Network {
|
||||
private String reservationId;
|
||||
private boolean isDefault;
|
||||
private String networkDomain;
|
||||
private boolean isSecurityGroupEnabled;
|
||||
private List<String> tags;
|
||||
private Network.Type type;
|
||||
private boolean isShared;
|
||||
@ -72,7 +71,6 @@ public class NetworkProfile implements Network {
|
||||
this.isDefault = network.isDefault();
|
||||
this.networkDomain = network.getNetworkDomain();
|
||||
this.domainId = network.getDomainId();
|
||||
this.isSecurityGroupEnabled = network.isSecurityGroupEnabled();
|
||||
this.type = network.getType();
|
||||
this.isShared = network.getIsShared();
|
||||
this.physicalNetworkId = network.getPhysicalNetworkId();
|
||||
@ -192,11 +190,6 @@ public class NetworkProfile implements Network {
|
||||
public long getDomainId() {
|
||||
return domainId;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isSecurityGroupEnabled() {
|
||||
return isSecurityGroupEnabled;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Network.Type getType(){
|
||||
|
||||
@ -88,13 +88,9 @@ public interface NetworkOffering {
|
||||
|
||||
String getUniqueName();
|
||||
|
||||
boolean isSecurityGroupEnabled();
|
||||
|
||||
void setState(State state);
|
||||
|
||||
State getState();
|
||||
|
||||
void setSecurityGroupEnabled(boolean securityGroupEnabled);
|
||||
|
||||
|
||||
Type getType();
|
||||
}
|
||||
|
||||
@ -213,7 +213,7 @@ public class NicProfile {
|
||||
return strategy;
|
||||
}
|
||||
|
||||
public NicProfile(Nic nic, Network network, URI broadcastUri, URI isolationUri, Integer networkRate) {
|
||||
public NicProfile(Nic nic, Network network, URI broadcastUri, URI isolationUri, Integer networkRate, boolean isSecurityGroupEnabled) {
|
||||
this.id = nic.getId();
|
||||
this.networkId = network.getId();
|
||||
this.gateway = nic.getGateway();
|
||||
@ -231,7 +231,7 @@ public class NicProfile {
|
||||
this.broadcastUri = broadcastUri;
|
||||
this.isolationUri = isolationUri;
|
||||
this.netmask = nic.getNetmask();
|
||||
this.isSecurityGroupEnabled = network.isSecurityGroupEnabled();
|
||||
this.isSecurityGroupEnabled = isSecurityGroupEnabled;
|
||||
this.vmId = nic.getInstanceId();
|
||||
this.tags = network.getTags();
|
||||
|
||||
|
||||
@ -30,8 +30,7 @@
|
||||
<adapter name="ExternalDhcp" class="com.cloud.network.element.ExternalDhcpElement"/>
|
||||
<adapter name="BareMetal" class="com.cloud.network.element.BareMetalElement"/>
|
||||
<adapter name="ElasticLoadBalancer" class="com.cloud.network.element.ElasticLoadBalancerElement"/>
|
||||
|
||||
|
||||
<adapter name="SecurityGroup" class="com.cloud.network.element.SecurityGroupElement"/>
|
||||
</adapters>
|
||||
<adapters key="com.cloud.resource.Discoverer">
|
||||
<adapter name="XCP Agent" class="com.cloud.hypervisor.xen.discoverer.XcpServerDiscoverer"/>
|
||||
|
||||
@ -2109,7 +2109,6 @@ public class ApiResponseHelper implements ResponseGenerator {
|
||||
response.setSpecifyVlan(offering.getSpecifyVlan());
|
||||
response.setAvailability(offering.getAvailability().toString());
|
||||
response.setNetworkRate(ApiDBUtils.getNetworkRate(offering.getId()));
|
||||
response.setIsSecurityGroupEnabled(offering.isSecurityGroupEnabled());
|
||||
if (offering.getType() != null) {
|
||||
response.setType(offering.getType().toString());
|
||||
}
|
||||
@ -2190,7 +2189,6 @@ public class ApiResponseHelper implements ResponseGenerator {
|
||||
response.setDns1(profile.getDns1());
|
||||
response.setDns2(profile.getDns2());
|
||||
|
||||
response.setIsSecurityGroupEnabled(network.isSecurityGroupEnabled());
|
||||
response.setTags(network.getTags());
|
||||
|
||||
// populate capability
|
||||
|
||||
@ -117,11 +117,12 @@ public interface ConfigurationManager extends ConfigurationService, Manager {
|
||||
* @param zoneType
|
||||
* @param allocationState
|
||||
* @param networkDomain TODO
|
||||
* @param isSecurityGroupEnabled TODO
|
||||
* @return
|
||||
* @throws
|
||||
* @throws
|
||||
*/
|
||||
DataCenterVO createZone(long userId, String zoneName, String dns1, String dns2, String internalDns1, String internalDns2, String guestCidr, String domain, Long domainId, NetworkType zoneType, String allocationState, String networkDomain);
|
||||
DataCenterVO createZone(long userId, String zoneName, String dns1, String dns2, String internalDns1, String internalDns2, String guestCidr, String domain, Long domainId, NetworkType zoneType, String allocationState, String networkDomain, boolean isSecurityGroupEnabled);
|
||||
|
||||
/**
|
||||
* Deletes a VLAN from the database, along with all of its IP addresses. Will not delete VLANs that have allocated IP addresses.
|
||||
@ -177,7 +178,6 @@ public interface ConfigurationManager extends ConfigurationService, Manager {
|
||||
* @param networkRate TODO
|
||||
* @param serviceProviderMap TODO
|
||||
* @param isDefault TODO
|
||||
* @param isSecurityGroupEnabled TODO
|
||||
* @param type TODO
|
||||
* @param systemOnly TODO
|
||||
* @param id
|
||||
@ -185,7 +185,7 @@ public interface ConfigurationManager extends ConfigurationService, Manager {
|
||||
* @return network offering object
|
||||
*/
|
||||
|
||||
NetworkOfferingVO createNetworkOffering(long userId, String name, String displayText, TrafficType trafficType, String tags, Integer maxConnections, boolean specifyVlan, Availability availability, Integer networkRate, Map<Service, Set<Provider>> serviceProviderMap, boolean isDefault, boolean isSecurityGroupEnabled, Network.Type type, boolean systemOnly);
|
||||
NetworkOfferingVO createNetworkOffering(long userId, String name, String displayText, TrafficType trafficType, String tags, Integer maxConnections, boolean specifyVlan, Availability availability, Integer networkRate, Map<Service, Set<Provider>> serviceProviderMap, boolean isDefault, Network.Type type, boolean systemOnly);
|
||||
|
||||
Vlan createVlanAndPublicIpRange(Long userId, Long zoneId, Long podId, String startIP, String endIP, String vlanGateway, String vlanNetmask, boolean forVirtualNetwork, String vlanId, Account account, Long networkId) throws InsufficientCapacityException, ConcurrentOperationException, InvalidParameterValueException;
|
||||
|
||||
|
||||
@ -1311,7 +1311,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
||||
@Override
|
||||
@DB
|
||||
public DataCenterVO createZone(long userId, String zoneName, String dns1, String dns2, String internalDns1, String internalDns2, String guestCidr, String domain, Long domainId,
|
||||
NetworkType zoneType, String allocationStateStr, String networkDomain) {
|
||||
NetworkType zoneType, String allocationStateStr, String networkDomain, boolean isSecurityGroupEnabled) {
|
||||
|
||||
// checking the following params outside checkzoneparams method as we do not use these params for updatezone
|
||||
// hence the method below is generic to check for common params
|
||||
@ -1336,7 +1336,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
||||
try {
|
||||
txn.start();
|
||||
// Create the new zone in the database
|
||||
DataCenterVO zone = new DataCenterVO(zoneName, null, dns1, dns2, internalDns1, internalDns2, guestCidr, domain, domainId, zoneType, zoneToken, networkDomain);
|
||||
DataCenterVO zone = new DataCenterVO(zoneName, null, dns1, dns2, internalDns1, internalDns2, guestCidr, domain, domainId, zoneType, zoneToken, networkDomain, isSecurityGroupEnabled);
|
||||
if (allocationStateStr != null && !allocationStateStr.isEmpty()) {
|
||||
Grouping.AllocationState allocationState = Grouping.AllocationState.valueOf(allocationStateStr);
|
||||
zone.setAllocationState(allocationState);
|
||||
@ -1386,7 +1386,6 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
||||
if (zone.getNetworkType() == NetworkType.Basic) {
|
||||
isNetworkDefault = true;
|
||||
broadcastDomainType = BroadcastDomainType.Native;
|
||||
userNetwork.setSecurityGroupEnabled(offering.isSecurityGroupEnabled());
|
||||
} else {
|
||||
continue;
|
||||
}
|
||||
@ -1415,6 +1414,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
||||
Boolean isBasic = false;
|
||||
String allocationState = cmd.getAllocationState();
|
||||
String networkDomain = cmd.getDomain();
|
||||
boolean isSecurityGroupEnabled = cmd.getSecuritygroupenabled();
|
||||
|
||||
if (allocationState == null) {
|
||||
allocationState = Grouping.AllocationState.Enabled.toString();
|
||||
@ -1428,12 +1428,12 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
||||
|
||||
NetworkType zoneType = isBasic ? NetworkType.Basic : NetworkType.Advanced;
|
||||
|
||||
/*Guest cidr is required for Advanced zone creation; error out when the parameter specified for Basic zone
|
||||
if (zoneType == NetworkType.Advanced && guestCidr == null && !securityGroupEnabled) {
|
||||
//Guest cidr is required for Advanced zone creation; error out when the parameter specified for Basic zone
|
||||
if (zoneType == NetworkType.Advanced && guestCidr == null && !isSecurityGroupEnabled) {
|
||||
throw new InvalidParameterValueException("guestCidrAddress parameter is required for Advanced zone creation");
|
||||
} else if (zoneType == NetworkType.Basic && guestCidr != null) {
|
||||
throw new InvalidParameterValueException("guestCidrAddress parameter is not supported for Basic zone");
|
||||
}*/
|
||||
}
|
||||
|
||||
DomainVO domainVO = null;
|
||||
|
||||
@ -1445,16 +1445,11 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
||||
domainVO = _domainDao.findById(domainId);
|
||||
}
|
||||
|
||||
/* Verify zone type
|
||||
if (zoneType == NetworkType.Basic && vnetRange != null) {
|
||||
vnetRange = null;
|
||||
if (zoneType == NetworkType.Basic) {
|
||||
isSecurityGroupEnabled = true;
|
||||
}
|
||||
|
||||
if (zoneType == NetworkType.Basic) {
|
||||
securityGroupEnabled = true;
|
||||
}*/
|
||||
|
||||
return createZone(userId, zoneName, dns1, dns2, internalDns1, internalDns2, guestCidr, domainVO != null ? domainVO.getName() : null, domainId, zoneType, allocationState, networkDomain);
|
||||
return createZone(userId, zoneName, dns1, dns2, internalDns1, internalDns2, guestCidr, domainVO != null ? domainVO.getName() : null, domainId, zoneType, allocationState, networkDomain, isSecurityGroupEnabled);
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -1904,7 +1899,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
||||
throw new InvalidParameterValueException("Vlan doesn't match vlan of the network");
|
||||
}
|
||||
|
||||
if (forVirtualNetwork || zone.getNetworkType() == DataCenter.NetworkType.Basic || network.isSecurityGroupEnabled()) {
|
||||
if (forVirtualNetwork || zone.getNetworkType() == DataCenter.NetworkType.Basic || zone.isSecurityGroupEnabled()) {
|
||||
if (vlanGateway == null || vlanNetmask == null || zoneId == null) {
|
||||
throw new InvalidParameterValueException("Gateway, netmask and zoneId have to be passed in for virtual and direct untagged networks");
|
||||
}
|
||||
@ -2714,7 +2709,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
||||
String trafficTypeString = cmd.getTraffictype();
|
||||
Boolean specifyVlan = cmd.getSpecifyVlan();
|
||||
String availabilityStr = cmd.getAvailability();
|
||||
Boolean isSecurityGroupEnabled = cmd.getSecurityGroupEnabled();
|
||||
|
||||
|
||||
Integer networkRate = cmd.getNetworkRate();
|
||||
|
||||
@ -2820,19 +2815,19 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
||||
}
|
||||
}
|
||||
|
||||
return createNetworkOffering(userId, name, displayText, trafficType, tags, maxConnections, specifyVlan, availability, networkRate, serviceProviderMap, false, isSecurityGroupEnabled, type, false);
|
||||
return createNetworkOffering(userId, name, displayText, trafficType, tags, maxConnections, specifyVlan, availability, networkRate, serviceProviderMap, false, type, false);
|
||||
}
|
||||
|
||||
@Override @DB
|
||||
public NetworkOfferingVO createNetworkOffering(long userId, String name, String displayText, TrafficType trafficType, String tags, Integer maxConnections, boolean specifyVlan,
|
||||
Availability availability, Integer networkRate, Map<Service, Set<Provider>> serviceProviderMap, boolean isDefault, boolean isSecurityGroupEnabled, Network.Type type, boolean systemOnly) {
|
||||
Availability availability, Integer networkRate, Map<Service, Set<Provider>> serviceProviderMap, boolean isDefault, Network.Type type, boolean systemOnly) {
|
||||
|
||||
String multicastRateStr = _configDao.getValue("multicast.throttling.rate");
|
||||
int multicastRate = ((multicastRateStr == null) ? 10 : Integer.parseInt(multicastRateStr));
|
||||
tags = cleanupTags(tags);
|
||||
|
||||
|
||||
NetworkOfferingVO offering = new NetworkOfferingVO(name, displayText, trafficType, systemOnly, specifyVlan, networkRate, multicastRate, maxConnections, isDefault, availability, tags, isSecurityGroupEnabled, type);
|
||||
NetworkOfferingVO offering = new NetworkOfferingVO(name, displayText, trafficType, systemOnly, specifyVlan, networkRate, multicastRate, maxConnections, isDefault, availability, tags, type);
|
||||
|
||||
Transaction txn = Transaction.currentTxn();
|
||||
txn.start();
|
||||
@ -2870,7 +2865,6 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
||||
Object specifyVlan = cmd.getSpecifyVlan();
|
||||
Object isShared = cmd.getIsShared();
|
||||
Object availability = cmd.getAvailability();
|
||||
Object sgEnabled = cmd.getSecurityGroupEnabled();
|
||||
Object state = cmd.getState();
|
||||
Long zoneId = cmd.getZoneId();
|
||||
DataCenter zone = null;
|
||||
@ -2926,10 +2920,6 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
||||
if (state != null) {
|
||||
sc.addAnd("state", SearchCriteria.Op.EQ, state);
|
||||
}
|
||||
|
||||
if (sgEnabled != null) {
|
||||
sc.addAnd("securityGroupEnabled", SearchCriteria.Op.EQ, sgEnabled);
|
||||
}
|
||||
|
||||
if (zone != null) {
|
||||
if (zone.getNetworkType() == NetworkType.Basic) {
|
||||
@ -3005,7 +2995,6 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
||||
String name = cmd.getNetworkOfferingName();
|
||||
String availabilityStr = cmd.getAvailability();
|
||||
Availability availability = null;
|
||||
Boolean sgEnabled = cmd.getSecurityGroupEnabled();
|
||||
String state = cmd.getState();
|
||||
UserContext.current().setEventDetails(" Id: "+id);
|
||||
|
||||
@ -3061,13 +3050,6 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
||||
Long networks = _networkDao.getNetworkCountByOfferingId(id);
|
||||
boolean networksExist = (networks != null && networks.longValue() > 0);
|
||||
|
||||
if (sgEnabled != null) {
|
||||
if (networksExist) {
|
||||
throw new InvalidParameterValueException("Unable to reset securityGroupEnabled property as there are existing networks using this network offering");
|
||||
}
|
||||
offering.setSecurityGroupEnabled(sgEnabled);
|
||||
}
|
||||
|
||||
//configure service provider map
|
||||
Map<Network.Service, Set<Network.Provider>> serviceProviderMap = new HashMap<Network.Service, Set<Network.Provider>>();
|
||||
Set<Network.Provider> defaultProviders = new HashSet<Network.Provider>();
|
||||
|
||||
@ -121,6 +121,9 @@ public class DataCenterVO implements DataCenter {
|
||||
@Enumerated(value=EnumType.STRING)
|
||||
AllocationState allocationState;
|
||||
|
||||
@Column(name="is_security_group_enabled")
|
||||
boolean securityGroupEnabled;
|
||||
|
||||
@Override
|
||||
public String getDnsProvider() {
|
||||
return dnsProvider;
|
||||
@ -167,12 +170,12 @@ public class DataCenterVO implements DataCenter {
|
||||
}
|
||||
|
||||
public DataCenterVO(long id, String name, String description, String dns1, String dns2, String dns3, String dns4, String guestCidr, String domain, Long domainId, NetworkType zoneType, String zoneToken, String domainSuffix) {
|
||||
this(name, description, dns1, dns2, dns3, dns4, guestCidr, domain, domainId, zoneType, zoneToken, domainSuffix);
|
||||
this(name, description, dns1, dns2, dns3, dns4, guestCidr, domain, domainId, zoneType, zoneToken, domainSuffix, false);
|
||||
this.id = id;
|
||||
this.allocationState = Grouping.AllocationState.Enabled;
|
||||
}
|
||||
|
||||
public DataCenterVO(String name, String description, String dns1, String dns2, String dns3, String dns4, String guestCidr, String domain, Long domainId, NetworkType zoneType, String zoneToken, String domainSuffix) {
|
||||
public DataCenterVO(String name, String description, String dns1, String dns2, String dns3, String dns4, String guestCidr, String domain, Long domainId, NetworkType zoneType, String zoneToken, String domainSuffix, boolean securityGroupEnabled) {
|
||||
this.name = name;
|
||||
this.description = description;
|
||||
this.dns1 = dns1;
|
||||
@ -184,6 +187,8 @@ public class DataCenterVO implements DataCenter {
|
||||
this.domainId = domainId;
|
||||
this.networkType = zoneType;
|
||||
this.allocationState = Grouping.AllocationState.Enabled;
|
||||
this.securityGroupEnabled = securityGroupEnabled;
|
||||
|
||||
|
||||
if (zoneType == NetworkType.Advanced) {
|
||||
loadBalancerProvider = Provider.VirtualRouter.getName();
|
||||
|
||||
@ -49,7 +49,6 @@ public abstract class HypervisorGuruBase extends AdapterBase implements Hypervis
|
||||
to.setBroadcastUri(profile.getBroadCastUri());
|
||||
to.setIsolationuri(profile.getIsolationUri());
|
||||
to.setNetworkRateMbps(profile.getNetworkRate());
|
||||
to.setSecurityGroupEnabled(profile.isSecurityGroupEnabled());
|
||||
to.setTags(profile.getTags());
|
||||
return to;
|
||||
}
|
||||
|
||||
@ -223,6 +223,8 @@ public interface NetworkManager extends NetworkService {
|
||||
|
||||
List<Long> listNetworkOfferingsForUpgrade(long networkId);
|
||||
|
||||
PhysicalNetwork translateZoneIdToPhysicalNetwork(long zoneId);
|
||||
PhysicalNetwork translateZoneIdToPhysicalNetwork(long zoneId);
|
||||
|
||||
boolean isSecurityGroupSupportedInNetwork(Network network);
|
||||
|
||||
}
|
||||
|
||||
@ -826,6 +826,15 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
defaultDirectNetworkOfferingProviders.put(Service.Dns, defaultProviders);
|
||||
defaultDirectNetworkOfferingProviders.put(Service.UserData, defaultProviders);
|
||||
|
||||
|
||||
Map<Network.Service, Set<Network.Provider>> defaultDirectBasicZoneNetworkOfferingProviders = new HashMap<Network.Service, Set<Network.Provider>>();
|
||||
defaultDirectBasicZoneNetworkOfferingProviders.put(Service.Dhcp, defaultProviders);
|
||||
defaultDirectBasicZoneNetworkOfferingProviders.put(Service.Dns, defaultProviders);
|
||||
defaultDirectBasicZoneNetworkOfferingProviders.put(Service.UserData, defaultProviders);
|
||||
Set<Provider> sgProviders = new HashSet<Provider>();
|
||||
sgProviders.add(Provider.SecurityGroupProvider);
|
||||
defaultDirectBasicZoneNetworkOfferingProviders.put(Service.SecurityGroup, sgProviders);
|
||||
|
||||
Map<Network.Service, Set<Network.Provider>> defaultVirtualNetworkOfferingProviders = new HashMap<Network.Service, Set<Network.Provider>>();
|
||||
defaultProviders.clear();
|
||||
defaultProviders.add(Network.Provider.VirtualRouter);
|
||||
@ -845,19 +854,19 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
//check that offering already exists
|
||||
NetworkOfferingVO offering = null;
|
||||
if (_networkOfferingDao.findByUniqueName(NetworkOffering.SystemGuestNetwork) == null) {
|
||||
offering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM, NetworkOffering.SystemGuestNetwork, "System Offering for System-Guest-Network", TrafficType.Guest, null, null, false, Availability.Optional, null, defaultDirectNetworkOfferingProviders, true, true, Network.Type.Shared, true);
|
||||
offering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM, NetworkOffering.SystemGuestNetwork, "System Offering for System-Guest-Network", TrafficType.Guest, null, null, false, Availability.Optional, null, defaultDirectNetworkOfferingProviders, true, Network.Type.Shared, true);
|
||||
offering.setState(NetworkOffering.State.Enabled);
|
||||
_networkOfferingDao.update(offering.getId(), offering);
|
||||
}
|
||||
|
||||
if (_networkOfferingDao.findByUniqueName(NetworkOffering.DefaultVirtualizedNetworkOffering) == null) {
|
||||
offering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM,NetworkOffering.DefaultVirtualizedNetworkOffering, "Virtual Vlan", TrafficType.Guest, null, null, false, Availability.Required, null, defaultVirtualNetworkOfferingProviders, true, false, Network.Type.Isolated, false);
|
||||
offering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM,NetworkOffering.DefaultVirtualizedNetworkOffering, "Virtual Vlan", TrafficType.Guest, null, null, false, Availability.Required, null, defaultVirtualNetworkOfferingProviders, true, Network.Type.Isolated, false);
|
||||
offering.setState(NetworkOffering.State.Enabled);
|
||||
_networkOfferingDao.update(offering.getId(), offering);
|
||||
}
|
||||
|
||||
if (_networkOfferingDao.findByUniqueName(NetworkOffering.DefaultDirectNetworkOffering) == null) {
|
||||
offering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM, NetworkOffering.DefaultDirectNetworkOffering, "Direct", TrafficType.Guest, null, null, true, Availability.Optional, null, defaultDirectNetworkOfferingProviders, true, false, Network.Type.Shared, false);
|
||||
offering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM, NetworkOffering.DefaultDirectNetworkOffering, "Direct", TrafficType.Guest, null, null, true, Availability.Optional, null, defaultDirectNetworkOfferingProviders, true, Network.Type.Shared, false);
|
||||
offering.setState(NetworkOffering.State.Enabled);
|
||||
_networkOfferingDao.update(offering.getId(), offering);
|
||||
}
|
||||
@ -1050,7 +1059,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
}
|
||||
|
||||
NetworkVO vo = new NetworkVO(id, network, offering.getId(), guru.getName(), owner.getDomainId(), owner.getId(), related, name, displayText, isDefault,
|
||||
predefined.isSecurityGroupEnabled(), (domainId != null), predefined.getNetworkDomain(), offering.getType(), isShared, plan.getDataCenterId(), plan.getPhysicalNetworkId());
|
||||
(domainId != null), predefined.getNetworkDomain(), offering.getType(), isShared, plan.getDataCenterId(), plan.getPhysicalNetworkId());
|
||||
vo.setTags(tags);
|
||||
networks.add(_networksDao.persist(vo, vo.getType() == Network.Type.Isolated));
|
||||
|
||||
@ -1149,7 +1158,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
nics.add(vo);
|
||||
|
||||
Integer networkRate = getNetworkRate(config.getId(), vm.getId());
|
||||
vm.addNic(new NicProfile(vo, network.first(), vo.getBroadcastUri(), vo.getIsolationUri(), networkRate));
|
||||
vm.addNic(new NicProfile(vo, network.first(), vo.getBroadcastUri(), vo.getIsolationUri(), networkRate, isSecurityGroupSupportedInNetwork(network.first())));
|
||||
}
|
||||
|
||||
if (nics.size() != networks.size()) {
|
||||
@ -1397,7 +1406,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
|
||||
URI isolationUri = nic.getIsolationUri();
|
||||
|
||||
profile = new NicProfile(nic, network, broadcastUri, isolationUri, networkRate);
|
||||
profile = new NicProfile(nic, network, broadcastUri, isolationUri, networkRate, isSecurityGroupSupportedInNetwork(network));
|
||||
guru.reserve(profile, network, vmProfile, dest, context);
|
||||
nic.setIp4Address(profile.getIp4Address());
|
||||
nic.setAddressFormat(profile.getFormat());
|
||||
@ -1416,7 +1425,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
|
||||
updateNic(nic, network.getId(), 1);
|
||||
} else {
|
||||
profile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), networkRate);
|
||||
profile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), networkRate, isSecurityGroupSupportedInNetwork(network));
|
||||
guru.updateNicProfile(profile, network);
|
||||
nic.setState(Nic.State.Reserved);
|
||||
updateNic(nic, network.getId(), 1);
|
||||
@ -1428,7 +1437,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
}
|
||||
element.prepare(network, profile, vmProfile, dest, context);
|
||||
}
|
||||
profile.setSecurityGroupEnabled(network.isSecurityGroupEnabled());
|
||||
|
||||
profile.setSecurityGroupEnabled(isServiceSupportedByNetworkOffering(network.getNetworkOfferingId(), Service.SecurityGroup));
|
||||
guru.updateNicProfile(profile, network);
|
||||
vmProfile.addNic(profile);
|
||||
}
|
||||
@ -1442,7 +1452,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
Integer networkRate = getNetworkRate(network.getId(), vm.getId());
|
||||
|
||||
NetworkGuru guru = _networkGurus.get(network.getGuruName());
|
||||
NicProfile profile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), networkRate);
|
||||
NicProfile profile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), networkRate, isSecurityGroupSupportedInNetwork(network));
|
||||
guru.updateNicProfile(profile, network);
|
||||
vm.addNic(profile);
|
||||
}
|
||||
@ -1459,7 +1469,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
NetworkGuru guru = _networkGurus.get(network.getGuruName());
|
||||
nic.setState(Nic.State.Releasing);
|
||||
_nicDao.update(nic.getId(), nic);
|
||||
NicProfile profile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), null);
|
||||
NicProfile profile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), null, isSecurityGroupSupportedInNetwork(network));
|
||||
if (guru.release(profile, vmProfile, nic.getReservationId())) {
|
||||
applyProfileToNicForRelease(nic, profile);
|
||||
nic.setState(Nic.State.Allocated);
|
||||
@ -1493,7 +1503,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
Integer networkRate = getNetworkRate(network.getId(), vm.getId());
|
||||
|
||||
NetworkGuru guru = _networkGurus.get(network.getGuruName());
|
||||
NicProfile profile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), networkRate);
|
||||
NicProfile profile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), networkRate, isSecurityGroupSupportedInNetwork(network));
|
||||
guru.updateNicProfile(profile, network);
|
||||
profiles.add(profile);
|
||||
}
|
||||
@ -1595,7 +1605,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
nic.setState(Nic.State.Deallocating);
|
||||
_nicDao.update(nic.getId(), nic);
|
||||
NetworkVO network = _networksDao.findById(nic.getNetworkId());
|
||||
NicProfile profile = new NicProfile(nic, network, null, null, null);
|
||||
NicProfile profile = new NicProfile(nic, network, null, null, null, isSecurityGroupSupportedInNetwork(network));
|
||||
NetworkGuru guru = _networkGurus.get(network.getGuruName());
|
||||
guru.deallocate(network, profile, vm);
|
||||
_nicDao.remove(nic.getId());
|
||||
@ -1876,7 +1886,6 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
DataCenterDeployment plan = new DataCenterDeployment(zoneId, null, null, null, null, physicalNetwork.getId());
|
||||
NetworkVO userNetwork = new NetworkVO();
|
||||
userNetwork.setNetworkDomain(networkDomain);
|
||||
userNetwork.setSecurityGroupEnabled(isSecurityGroupEnabled);
|
||||
|
||||
if (cidr != null && gateway != null) {
|
||||
userNetwork.setCidr(cidr);
|
||||
@ -3420,8 +3429,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
NetworkOffering oldNetworkOffering = _networkOfferingDao.findByIdIncludingRemoved(oldNetworkOfferingId);
|
||||
NetworkOffering newNetworkOffering = _networkOfferingDao.findById(newNetworkOfferingId);
|
||||
|
||||
//security group property should be the same
|
||||
if (oldNetworkOffering.isSecurityGroupEnabled() != newNetworkOffering.isSecurityGroupEnabled()) {
|
||||
//security group service should be the same
|
||||
if (isServiceSupportedByNetworkOffering(oldNetworkOfferingId, Service.SecurityGroup) != isServiceSupportedByNetworkOffering(newNetworkOfferingId, Service.SecurityGroup)) {
|
||||
s_logger.debug("Offerings " + newNetworkOfferingId + " and " + oldNetworkOfferingId + " have different securityGroupProperty, can't upgrade");
|
||||
return false;
|
||||
}
|
||||
@ -3506,6 +3515,12 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
int vnetStart = 0;
|
||||
int vnetEnd = 0;
|
||||
if (vnetRange != null) {
|
||||
|
||||
//Verify zone type
|
||||
if (zone.getNetworkType() == NetworkType.Basic && vnetRange != null) {
|
||||
vnetRange = null;
|
||||
}
|
||||
|
||||
String[] tokens = vnetRange.split("-");
|
||||
try {
|
||||
vnetStart = Integer.parseInt(tokens[0]);
|
||||
@ -3969,12 +3984,22 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
|
||||
@Override
|
||||
public List<Long> listNetworkOfferingsForUpgrade(long networkId) {
|
||||
|
||||
List<Long> offeringsToReturn = new ArrayList<Long>();
|
||||
NetworkOffering originalOffering = _configMgr.getNetworkOffering(getNetwork(networkId).getNetworkOfferingId());
|
||||
|
||||
boolean securityGroupSupportedByOriginalOff = isServiceSupportedByNetworkOffering(originalOffering.getId(), Service.SecurityGroup);
|
||||
|
||||
//security group supported property should be the same
|
||||
|
||||
List<Long> offerings = _networkOfferingDao.getOfferingIdsToUpgradeFrom(originalOffering);
|
||||
|
||||
return offerings;
|
||||
for (Long offeringId : offerings) {
|
||||
if (isServiceSupportedByNetworkOffering(offeringId, Service.SecurityGroup) == securityGroupSupportedByOriginalOff) {
|
||||
offeringsToReturn.add(offeringId);
|
||||
}
|
||||
}
|
||||
|
||||
return offeringsToReturn;
|
||||
}
|
||||
|
||||
|
||||
@ -4169,5 +4194,11 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
||||
return success;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isSecurityGroupSupportedInNetwork(Network network) {
|
||||
boolean supported = isServiceSupportedByNetworkOffering(network.getNetworkOfferingId(), Service.SecurityGroup);
|
||||
|
||||
return supported;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -143,9 +143,6 @@ public class NetworkVO implements Network {
|
||||
@Column(name="is_default")
|
||||
boolean isDefault;
|
||||
|
||||
@Column(name="is_security_group_enabled")
|
||||
boolean securityGroupEnabled;
|
||||
|
||||
@ElementCollection(targetClass = String.class, fetch=FetchType.EAGER)
|
||||
@Column(name="tag")
|
||||
@CollectionTable(name="network_tags", joinColumns=@JoinColumn(name="network_id"))
|
||||
@ -183,7 +180,7 @@ public class NetworkVO implements Network {
|
||||
this.id = -1;
|
||||
}
|
||||
|
||||
public NetworkVO(long id, Network that, long offeringId, String guruName, long domainId, long accountId, long related, String name, String displayText, boolean isDefault, boolean isSecurityGroupEnabled, boolean isDomainSpecific, String networkDomain, Type type, boolean isShared, long dcId, Long physicalNetworkId) {
|
||||
public NetworkVO(long id, Network that, long offeringId, String guruName, long domainId, long accountId, long related, String name, String displayText, boolean isDefault, boolean isDomainSpecific, String networkDomain, Type type, boolean isShared, long dcId, Long physicalNetworkId) {
|
||||
this(id, that.getTrafficType(), that.getMode(), that.getBroadcastDomainType(), offeringId, domainId, accountId, related, name, displayText, isDefault,isDomainSpecific, networkDomain, type, isShared, dcId, physicalNetworkId);
|
||||
this.gateway = that.getGateway();
|
||||
this.cidr = that.getCidr();
|
||||
@ -191,7 +188,6 @@ public class NetworkVO implements Network {
|
||||
this.broadcastDomainType = that.getBroadcastDomainType();
|
||||
this.guruName = guruName;
|
||||
this.state = that.getState();
|
||||
this.securityGroupEnabled = isSecurityGroupEnabled;
|
||||
if (state == null) {
|
||||
state = State.Allocated;
|
||||
}
|
||||
@ -430,15 +426,6 @@ public class NetworkVO implements Network {
|
||||
return isDefault;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isSecurityGroupEnabled() {
|
||||
return securityGroupEnabled;
|
||||
}
|
||||
|
||||
public void setSecurityGroupEnabled(boolean enabled) {
|
||||
this.securityGroupEnabled = enabled;
|
||||
}
|
||||
|
||||
public void setShared(boolean isShared) {
|
||||
this.isShared = isShared;
|
||||
}
|
||||
|
||||
@ -24,6 +24,7 @@ import javax.ejb.Local;
|
||||
import javax.persistence.TableGenerator;
|
||||
|
||||
import com.cloud.network.Network;
|
||||
import com.cloud.network.Network.Service;
|
||||
import com.cloud.network.NetworkAccountDaoImpl;
|
||||
import com.cloud.network.NetworkAccountVO;
|
||||
import com.cloud.network.NetworkDomainVO;
|
||||
@ -31,6 +32,8 @@ import com.cloud.network.NetworkVO;
|
||||
import com.cloud.network.Networks.BroadcastDomainType;
|
||||
import com.cloud.network.Networks.Mode;
|
||||
import com.cloud.network.Networks.TrafficType;
|
||||
import com.cloud.offerings.NetworkOfferingServiceMapVO;
|
||||
import com.cloud.offerings.dao.NetworkOfferingServiceMapDaoImpl;
|
||||
import com.cloud.utils.component.ComponentLocator;
|
||||
import com.cloud.utils.db.DB;
|
||||
import com.cloud.utils.db.GenericDaoBase;
|
||||
@ -60,6 +63,7 @@ public class NetworkDaoImpl extends GenericDaoBase<NetworkVO, Long> implements N
|
||||
NetworkAccountDaoImpl _accountsDao = ComponentLocator.inject(NetworkAccountDaoImpl.class);
|
||||
NetworkDomainDaoImpl _domainsDao = ComponentLocator.inject(NetworkDomainDaoImpl.class);
|
||||
NetworkOpDaoImpl _opDao = ComponentLocator.inject(NetworkOpDaoImpl.class);
|
||||
NetworkOfferingServiceMapDaoImpl _ntwkOffSvcMap = ComponentLocator.inject(NetworkOfferingServiceMapDaoImpl.class);
|
||||
|
||||
final TableGenerator _tgMacAddress;
|
||||
Random _rand = new Random(System.currentTimeMillis());
|
||||
@ -112,7 +116,9 @@ public class NetworkDaoImpl extends GenericDaoBase<NetworkVO, Long> implements N
|
||||
|
||||
ZoneSecurityGroupSearch = createSearchBuilder();
|
||||
ZoneSecurityGroupSearch.and("dataCenterId", ZoneSecurityGroupSearch.entity().getDataCenterId(), Op.EQ);
|
||||
ZoneSecurityGroupSearch.and("securityGroup", ZoneSecurityGroupSearch.entity().isSecurityGroupEnabled(), Op.EQ);
|
||||
SearchBuilder<NetworkOfferingServiceMapVO> join1 = _ntwkOffSvcMap.createSearchBuilder();
|
||||
join1.and("service", join1.entity().getService(), Op.EQ);
|
||||
ZoneSecurityGroupSearch.join("services", join1, ZoneSecurityGroupSearch.entity().getNetworkOfferingId(), join1.entity().getNetworkOfferingId(), JoinBuilder.JoinType.INNER);
|
||||
ZoneSecurityGroupSearch.done();
|
||||
|
||||
CountByOfferingId = createSearchBuilder(Long.class);
|
||||
@ -127,7 +133,9 @@ public class NetworkDaoImpl extends GenericDaoBase<NetworkVO, Long> implements N
|
||||
PhysicalNetworkSearch.done();
|
||||
|
||||
securityGroupSearch = createSearchBuilder();
|
||||
securityGroupSearch.and("isSgEnabled", securityGroupSearch.entity().isSecurityGroupEnabled(), SearchCriteria.Op.EQ);
|
||||
SearchBuilder<NetworkOfferingServiceMapVO> join3 = _ntwkOffSvcMap.createSearchBuilder();
|
||||
join3.and("service", join3.entity().getService(), Op.EQ);
|
||||
securityGroupSearch.join("services", join3, securityGroupSearch.entity().getNetworkOfferingId(), join3.entity().getNetworkOfferingId(), JoinBuilder.JoinType.INNER);
|
||||
securityGroupSearch.done();
|
||||
|
||||
_tgMacAddress = _tgs.get("macAddress");
|
||||
@ -267,7 +275,7 @@ public class NetworkDaoImpl extends GenericDaoBase<NetworkVO, Long> implements N
|
||||
if (zoneId != null) {
|
||||
sc.setParameters("dataCenterId", zoneId);
|
||||
}
|
||||
sc.setParameters("securityGroup", true);
|
||||
sc.setJoinParameters("services", "service", Service.SecurityGroup.toString());
|
||||
return search(sc, null);
|
||||
}
|
||||
|
||||
@ -344,7 +352,7 @@ public class NetworkDaoImpl extends GenericDaoBase<NetworkVO, Long> implements N
|
||||
@Override
|
||||
public List<NetworkVO> listSecurityGroupEnabledNetworks() {
|
||||
SearchCriteria<NetworkVO> sc = securityGroupSearch.create();
|
||||
sc.setParameters("isSgEnabled", true);
|
||||
sc.setJoinParameters("services", "service", Service.SecurityGroup.toString());
|
||||
return listBy(sc);
|
||||
}
|
||||
|
||||
|
||||
@ -29,7 +29,6 @@ import com.cloud.api.commands.ConfigureDhcpElementCmd;
|
||||
import com.cloud.configuration.ConfigurationManager;
|
||||
import com.cloud.dc.DataCenter;
|
||||
import com.cloud.dc.DataCenter.NetworkType;
|
||||
import com.cloud.dc.Pod;
|
||||
import com.cloud.dc.dao.HostPodDao;
|
||||
import com.cloud.deploy.DeployDestination;
|
||||
import com.cloud.exception.ConcurrentOperationException;
|
||||
@ -45,13 +44,11 @@ import com.cloud.network.NetworkManager;
|
||||
import com.cloud.network.Networks.TrafficType;
|
||||
import com.cloud.network.dao.NetworkDao;
|
||||
import com.cloud.network.dao.VirtualRouterElementsDao;
|
||||
import com.cloud.network.element.VirtualRouterElements.VirtualRouterElementsType;
|
||||
import com.cloud.network.router.VirtualNetworkApplianceManager;
|
||||
import com.cloud.network.router.VirtualRouter;
|
||||
import com.cloud.network.router.VirtualRouter.Role;
|
||||
import com.cloud.network.element.DhcpElementService;
|
||||
import com.cloud.network.element.VirtualRouterElements.VirtualRouterElementsType;
|
||||
import com.cloud.offering.NetworkOffering;
|
||||
import com.cloud.org.Cluster;
|
||||
import com.cloud.user.AccountManager;
|
||||
import com.cloud.uservm.UserVm;
|
||||
import com.cloud.utils.component.AdapterBase;
|
||||
@ -126,7 +123,7 @@ public class DhcpElement extends AdapterBase implements DhcpElementService, User
|
||||
//for Basic zone, add all Running routers - we have to send Dhcp/vmData/password info to them when network.dns.basiczone.updates is set to "all"
|
||||
Long podId = dest.getPod().getId();
|
||||
DataCenter dc = dest.getDataCenter();
|
||||
boolean isPodBased = (dc.getNetworkType() == NetworkType.Basic || network.isSecurityGroupEnabled()) && network.getTrafficType() == TrafficType.Guest;
|
||||
boolean isPodBased = (dc.getNetworkType() == NetworkType.Basic || _networkMgr.isSecurityGroupSupportedInNetwork(network)) && network.getTrafficType() == TrafficType.Guest;
|
||||
if (isPodBased && _routerMgr.getDnsBasicZoneUpdate().equalsIgnoreCase("all")) {
|
||||
List<DomainRouterVO> allRunningRoutersOutsideThePod = _routerDao.findByNetworkOutsideThePod(network.getId(), podId, State.Running, Role.DHCP_USERDATA);
|
||||
routers.addAll(allRunningRoutersOutsideThePod);
|
||||
|
||||
@ -0,0 +1,82 @@
|
||||
/**
|
||||
* * Copyright (C) 2011 Citrix Systems, Inc. All rights reserved
|
||||
*
|
||||
*
|
||||
* This software is licensed under the GNU General Public License v3 or later.
|
||||
*
|
||||
* It is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or any later version.
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
package com.cloud.network.element;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import javax.ejb.Local;
|
||||
|
||||
import com.cloud.deploy.DeployDestination;
|
||||
import com.cloud.exception.ConcurrentOperationException;
|
||||
import com.cloud.exception.InsufficientCapacityException;
|
||||
import com.cloud.exception.ResourceUnavailableException;
|
||||
import com.cloud.network.Network;
|
||||
import com.cloud.network.Network.Capability;
|
||||
import com.cloud.network.Network.Provider;
|
||||
import com.cloud.network.Network.Service;
|
||||
import com.cloud.offering.NetworkOffering;
|
||||
import com.cloud.utils.component.AdapterBase;
|
||||
import com.cloud.utils.db.DB;
|
||||
import com.cloud.vm.NicProfile;
|
||||
import com.cloud.vm.ReservationContext;
|
||||
import com.cloud.vm.VirtualMachine;
|
||||
import com.cloud.vm.VirtualMachineProfile;
|
||||
|
||||
@Local(value=NetworkElement.class)
|
||||
public class SecurityGroupElement extends AdapterBase implements NetworkElement {
|
||||
|
||||
@Override
|
||||
public Map<Service, Map<Capability, String>> getCapabilities() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Provider getProvider() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean implement(Network network, NetworkOffering offering, DeployDestination dest, ReservationContext context)
|
||||
throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override @DB
|
||||
public boolean prepare(Network network, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm, DeployDestination dest,
|
||||
ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean release(Network network, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm, ReservationContext context)
|
||||
throws ConcurrentOperationException, ResourceUnavailableException {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean shutdown(Network network, ReservationContext context, boolean cleanup) throws ConcurrentOperationException, ResourceUnavailableException {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean destroy(Network network) throws ConcurrentOperationException, ResourceUnavailableException {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@ -78,7 +78,7 @@ public class DirectNetworkGuru extends AdapterBase implements NetworkGuru {
|
||||
// this guru handles only non-system network with type=Shared and serviceNat service disabled
|
||||
//TODO - after broadCastDomainType + physical network are introduced, don't rely on network type of the dc
|
||||
if (dc.getNetworkType() == NetworkType.Advanced && offering.getType() == Network.Type.Shared && !_networkMgr.isServiceSupportedByNetworkOffering(offering.getId(), Service.SourceNat)&& offering.getTrafficType() == TrafficType.Guest) {
|
||||
if (offering.isSecurityGroupEnabled()) {
|
||||
if (_networkMgr.isServiceSupportedByNetworkOffering(offering.getId(), Service.SecurityGroup)) {
|
||||
return true;
|
||||
} else if (!offering.isSystemOnly()) {
|
||||
return true;
|
||||
@ -110,8 +110,6 @@ public class DirectNetworkGuru extends AdapterBase implements NetworkGuru {
|
||||
throw new InvalidParameterValueException("cidr and gateway must be specified together.");
|
||||
}
|
||||
|
||||
config.setSecurityGroupEnabled(userSpecified.isSecurityGroupEnabled());
|
||||
|
||||
if (userSpecified.getCidr() != null) {
|
||||
config.setCidr(userSpecified.getCidr());
|
||||
config.setGateway(userSpecified.getGateway());
|
||||
@ -128,7 +126,8 @@ public class DirectNetworkGuru extends AdapterBase implements NetworkGuru {
|
||||
|
||||
}
|
||||
|
||||
if (config.isSecurityGroupEnabled()) {
|
||||
boolean isSecurityGroupEnabled = _networkMgr.isServiceSupportedByNetworkOffering(offering.getId(), Service.SecurityGroup);
|
||||
if (isSecurityGroupEnabled) {
|
||||
config.setName("SecurityGroupEnabledNetwork");
|
||||
config.setDisplayText("SecurityGroupEnabledNetwork");
|
||||
}
|
||||
|
||||
@ -1253,7 +1253,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
|
||||
DataCenterDeployment plan = null;
|
||||
DataCenter dc = dest.getDataCenter();
|
||||
long dcId = dc.getId();
|
||||
boolean isPodBased = (dc.getNetworkType() == NetworkType.Basic || guestNetwork.isSecurityGroupEnabled()) && guestNetwork.getTrafficType() == TrafficType.Guest;
|
||||
boolean isPodBased = (dc.getNetworkType() == NetworkType.Basic || _networkMgr.isServiceSupportedByNetworkOffering(guestNetwork.getNetworkOfferingId(), Service.SecurityGroup)) && guestNetwork.getTrafficType() == TrafficType.Guest;
|
||||
DomainRouterVO router = null;
|
||||
|
||||
List<DomainRouterVO> routers = null;
|
||||
|
||||
@ -63,6 +63,8 @@ import com.cloud.exception.OperationTimedoutException;
|
||||
import com.cloud.exception.PermissionDeniedException;
|
||||
import com.cloud.exception.ResourceInUseException;
|
||||
import com.cloud.hypervisor.Hypervisor.HypervisorType;
|
||||
import com.cloud.network.Network;
|
||||
import com.cloud.network.Network.Service;
|
||||
import com.cloud.network.NetworkManager;
|
||||
import com.cloud.network.security.SecurityGroupWork.Step;
|
||||
import com.cloud.network.security.dao.IngressRuleDao;
|
||||
@ -1278,7 +1280,8 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
|
||||
VirtualMachine vm = _vmDao.findByIdIncludingRemoved(vmId);
|
||||
List<NicProfile> nics = _networkMgr.getNicProfiles(vm);
|
||||
for (NicProfile nic : nics) {
|
||||
if (nic.isSecurityGroupEnabled() && vm.getHypervisorType() != HypervisorType.VMware) {
|
||||
Network network = _networkMgr.getNetwork(nic.getNetworkId());
|
||||
if (_networkMgr.isSecurityGroupSupportedInNetwork(network) && vm.getHypervisorType() != HypervisorType.VMware) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@ -90,10 +90,7 @@ public class NetworkOfferingVO implements NetworkOffering {
|
||||
|
||||
@Column(name=GenericDao.CREATED_COLUMN)
|
||||
Date created;
|
||||
|
||||
@Column(name="is_security_group_enabled")
|
||||
boolean securityGroupEnabled;
|
||||
|
||||
|
||||
@Column(name="type")
|
||||
@Enumerated(value=EnumType.STRING)
|
||||
Network.Type type;
|
||||
@ -189,11 +186,6 @@ public class NetworkOfferingVO implements NetworkOffering {
|
||||
public String getUniqueName() {
|
||||
return uniqueName;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isSecurityGroupEnabled() {
|
||||
return securityGroupEnabled;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setState(State state) {
|
||||
@ -204,18 +196,13 @@ public class NetworkOfferingVO implements NetworkOffering {
|
||||
public State getState() {
|
||||
return state;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setSecurityGroupEnabled(boolean securityGroupEnabled) {
|
||||
this.securityGroupEnabled = securityGroupEnabled;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Network.Type getType() {
|
||||
return type;
|
||||
}
|
||||
|
||||
public NetworkOfferingVO(String name, String displayText, TrafficType trafficType, boolean systemOnly, boolean specifyVlan, Integer rateMbps, Integer multicastRateMbps, Integer concurrentConnections, boolean isDefault, Availability availability, String tags, boolean isSecurityGroupEnabled, Network.Type type) {
|
||||
public NetworkOfferingVO(String name, String displayText, TrafficType trafficType, boolean systemOnly, boolean specifyVlan, Integer rateMbps, Integer multicastRateMbps, Integer concurrentConnections, boolean isDefault, Availability availability, String tags, Network.Type type) {
|
||||
this.name = name;
|
||||
this.displayText = displayText;
|
||||
this.rateMbps = rateMbps;
|
||||
@ -228,7 +215,6 @@ public class NetworkOfferingVO implements NetworkOffering {
|
||||
this.availability = availability;
|
||||
this.uniqueName = name;
|
||||
this.tags = tags;
|
||||
this.securityGroupEnabled = isSecurityGroupEnabled;
|
||||
this.type = type;
|
||||
}
|
||||
|
||||
@ -241,7 +227,7 @@ public class NetworkOfferingVO implements NetworkOffering {
|
||||
* @param trafficType
|
||||
*/
|
||||
public NetworkOfferingVO(String name, TrafficType trafficType) {
|
||||
this(name, "System Offering for " + name, trafficType, true, false, 0, 0, null, true, Availability.Required, null, false, null);
|
||||
this(name, "System Offering for " + name, trafficType, true, false, 0, 0, null, true, Availability.Required, null, null);
|
||||
this.state = State.Enabled;
|
||||
this.type = Type.Shared;
|
||||
}
|
||||
|
||||
@ -77,7 +77,6 @@ public class NetworkOfferingDaoImpl extends GenericDaoBase<NetworkOfferingVO, Lo
|
||||
UpgradeSearch.and("trafficType", UpgradeSearch.entity().getTrafficType(), Op.EQ);
|
||||
UpgradeSearch.and("type", UpgradeSearch.entity().getType(), Op.EQ);
|
||||
UpgradeSearch.and("state", UpgradeSearch.entity().getState(), Op.EQ);
|
||||
UpgradeSearch.and("securityGroupEnabled", UpgradeSearch.entity().isSecurityGroupEnabled(), Op.EQ);
|
||||
UpgradeSearch.done();
|
||||
}
|
||||
|
||||
@ -155,9 +154,6 @@ public class NetworkOfferingDaoImpl extends GenericDaoBase<NetworkOfferingVO, Lo
|
||||
//list only non-system offerings
|
||||
sc.addAnd("systemOnly", SearchCriteria.Op.EQ, false);
|
||||
|
||||
//security group property should be the same
|
||||
sc.addAnd("securityGroupEnabled", SearchCriteria.Op.EQ, originalOffering.isSecurityGroupEnabled());
|
||||
|
||||
//Type of the network should be the same
|
||||
sc.addAnd("type", SearchCriteria.Op.EQ, originalOffering.getType());
|
||||
|
||||
@ -165,7 +161,7 @@ public class NetworkOfferingDaoImpl extends GenericDaoBase<NetworkOfferingVO, Lo
|
||||
sc.addAnd("trafficType", SearchCriteria.Op.EQ, originalOffering.getTrafficType());
|
||||
|
||||
sc.addAnd("state", SearchCriteria.Op.EQ, NetworkOffering.State.Enabled);
|
||||
|
||||
|
||||
return customSearch(sc, null);
|
||||
}
|
||||
}
|
||||
|
||||
@ -35,9 +35,11 @@ import java.sql.ResultSet;
|
||||
import java.sql.SQLException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Properties;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
@ -838,6 +840,12 @@ public class ConfigurationServerImpl implements ConfigurationServer {
|
||||
defaultDirectNetworkOfferingProviders.put(Service.Dns, Provider.DhcpServer);
|
||||
defaultDirectNetworkOfferingProviders.put(Service.UserData, Provider.DhcpServer);
|
||||
|
||||
Map<Network.Service, Network.Provider> defaultDirectGuestNetworkOfferingProviders = new HashMap<Network.Service, Network.Provider>();
|
||||
defaultDirectGuestNetworkOfferingProviders.put(Service.Dhcp, Provider.DhcpServer);
|
||||
defaultDirectGuestNetworkOfferingProviders.put(Service.Dns, Provider.DhcpServer);
|
||||
defaultDirectGuestNetworkOfferingProviders.put(Service.UserData, Provider.DhcpServer);
|
||||
defaultDirectGuestNetworkOfferingProviders.put(Service.SecurityGroup, Provider.SecurityGroupProvider);
|
||||
|
||||
Map<Network.Service, Network.Provider> defaultVirtualNetworkOfferingProviders = new HashMap<Network.Service, Network.Provider>();
|
||||
defaultVirtualNetworkOfferingProviders.put(Service.Dhcp, Provider.VirtualRouter);
|
||||
defaultVirtualNetworkOfferingProviders.put(Service.Dns, Provider.VirtualRouter);
|
||||
@ -853,14 +861,14 @@ public class ConfigurationServerImpl implements ConfigurationServer {
|
||||
"System-Guest-Network",
|
||||
TrafficType.Guest,
|
||||
true, false, null, null, null, true,
|
||||
Availability.Optional, null, true, Network.Type.Shared);
|
||||
Availability.Optional, null, Network.Type.Shared);
|
||||
|
||||
guestNetworkOffering.setState(NetworkOffering.State.Enabled);
|
||||
|
||||
guestNetworkOffering = _networkOfferingDao.persistDefaultNetworkOffering(guestNetworkOffering);
|
||||
|
||||
for (Service service : defaultDirectNetworkOfferingProviders.keySet()) {
|
||||
NetworkOfferingServiceMapVO offService = new NetworkOfferingServiceMapVO(guestNetworkOffering.getId(), service, defaultDirectNetworkOfferingProviders.get(service));
|
||||
for (Service service : defaultDirectGuestNetworkOfferingProviders.keySet()) {
|
||||
NetworkOfferingServiceMapVO offService = new NetworkOfferingServiceMapVO(guestNetworkOffering.getId(), service, defaultDirectGuestNetworkOfferingProviders.get(service));
|
||||
_offeringServiceMapDao.persist(offService);
|
||||
s_logger.trace("Added service for the network offering: " + offService);
|
||||
}
|
||||
@ -870,7 +878,7 @@ public class ConfigurationServerImpl implements ConfigurationServer {
|
||||
"Virtual Vlan",
|
||||
TrafficType.Guest,
|
||||
false, false, null, null, null, true,
|
||||
Availability.Required, null, false, Network.Type.Isolated);
|
||||
Availability.Required, null, Network.Type.Isolated);
|
||||
|
||||
defaultGuestNetworkOffering.setState(NetworkOffering.State.Enabled);
|
||||
defaultGuestNetworkOffering = _networkOfferingDao.persistDefaultNetworkOffering(defaultGuestNetworkOffering);
|
||||
@ -887,7 +895,7 @@ public class ConfigurationServerImpl implements ConfigurationServer {
|
||||
"Direct",
|
||||
TrafficType.Guest,
|
||||
false, true, null, null, null, true,
|
||||
Availability.Optional, null, false, Network.Type.Shared);
|
||||
Availability.Optional, null, Network.Type.Shared);
|
||||
|
||||
defaultGuestDirectNetworkOffering.setState(NetworkOffering.State.Enabled);
|
||||
defaultGuestDirectNetworkOffering = _networkOfferingDao.persistDefaultNetworkOffering(defaultGuestDirectNetworkOffering);
|
||||
|
||||
@ -424,7 +424,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
|
||||
}
|
||||
|
||||
Network defaultNetwork = _networkDao.findById(defaultNic.getNetworkId());
|
||||
NicProfile defaultNicProfile = new NicProfile(defaultNic, defaultNetwork, null, null, null);
|
||||
NicProfile defaultNicProfile = new NicProfile(defaultNic, defaultNetwork, null, null, null, _networkMgr.isSecurityGroupSupportedInNetwork(defaultNetwork));
|
||||
VirtualMachineProfile<VMInstanceVO> vmProfile = new VirtualMachineProfileImpl<VMInstanceVO>(vmInstance);
|
||||
vmProfile.setParameter(VirtualMachineProfile.Param.VmPassword, password);
|
||||
|
||||
@ -2079,7 +2079,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
|
||||
throw new InvalidParameterValueException("Unable to find network by id " + networkIdList.get(0).longValue());
|
||||
}
|
||||
|
||||
if (!network.isSecurityGroupEnabled()) {
|
||||
if (!_networkMgr.isSecurityGroupSupportedInNetwork(network)) {
|
||||
throw new InvalidParameterValueException("Network is not security group enabled: " + network.getId());
|
||||
}
|
||||
|
||||
@ -2096,11 +2096,12 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
|
||||
throw new InvalidParameterValueException("Unable to find network by id " + networkIdList.get(0).longValue());
|
||||
}
|
||||
|
||||
if (network.isSecurityGroupEnabled() && networkIdList.size() > 1) {
|
||||
boolean isSecurityGroupEnabled = _networkMgr.isServiceSupportedByNetworkOffering(network.getNetworkOfferingId(), Service.SecurityGroup);
|
||||
if (isSecurityGroupEnabled && networkIdList.size() > 1) {
|
||||
throw new InvalidParameterValueException("Can't create a vm with multiple networks one of which is Security Group enabled");
|
||||
}
|
||||
|
||||
if (network.getTrafficType() != TrafficType.Guest || network.getType() != Network.Type.Shared || (network.getType() == Network.Type.Shared && !network.isSecurityGroupEnabled())) {
|
||||
if (network.getTrafficType() != TrafficType.Guest || network.getType() != Network.Type.Shared || (network.getType() == Network.Type.Shared && !isSecurityGroupEnabled)) {
|
||||
throw new InvalidParameterValueException("Can specify only Direct Guest Account specific networks when deploy vm in Security Group enabled zone");
|
||||
}
|
||||
|
||||
|
||||
@ -42,10 +42,11 @@ import com.cloud.agent.api.AgentControlCommand;
|
||||
import com.cloud.agent.api.Answer;
|
||||
import com.cloud.agent.api.CheckVirtualMachineAnswer;
|
||||
import com.cloud.agent.api.CheckVirtualMachineCommand;
|
||||
import com.cloud.agent.api.ClusterSyncAnswer;
|
||||
import com.cloud.agent.api.ClusterSyncCommand;
|
||||
import com.cloud.agent.api.Command;
|
||||
import com.cloud.agent.api.MigrateAnswer;
|
||||
import com.cloud.agent.api.MigrateCommand;
|
||||
import com.cloud.agent.api.PingRoutingCommand;
|
||||
import com.cloud.agent.api.PrepareForMigrationAnswer;
|
||||
import com.cloud.agent.api.PrepareForMigrationCommand;
|
||||
import com.cloud.agent.api.RebootAnswer;
|
||||
@ -54,12 +55,9 @@ import com.cloud.agent.api.StartAnswer;
|
||||
import com.cloud.agent.api.StartCommand;
|
||||
import com.cloud.agent.api.StartupCommand;
|
||||
import com.cloud.agent.api.StartupRoutingCommand;
|
||||
import com.cloud.agent.api.StartupRoutingCommand.VmState;
|
||||
import com.cloud.agent.api.StopAnswer;
|
||||
import com.cloud.agent.api.StopCommand;
|
||||
import com.cloud.agent.api.to.VirtualMachineTO;
|
||||
import com.cloud.agent.api.ClusterSyncAnswer;
|
||||
import com.cloud.agent.api.ClusterSyncCommand;
|
||||
import com.cloud.agent.manager.Commands;
|
||||
import com.cloud.agent.manager.allocator.HostAllocator;
|
||||
import com.cloud.alert.AlertManager;
|
||||
@ -1838,7 +1836,7 @@ public class VirtualMachineManagerImpl implements VirtualMachineManager, Listene
|
||||
List<NicVO> nics = _nicsDao.listByVmId(profile.getId());
|
||||
for (NicVO nic : nics) {
|
||||
Network network = _networkMgr.getNetwork(nic.getNetworkId());
|
||||
NicProfile nicProfile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), null);
|
||||
NicProfile nicProfile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), null, _networkMgr.isSecurityGroupSupportedInNetwork(network));
|
||||
profile.addNic(nicProfile);
|
||||
}
|
||||
|
||||
|
||||
@ -188,7 +188,6 @@ CREATE TABLE `cloud`.`networks` (
|
||||
`is_default` int(1) unsigned NOT NULL DEFAULT 0 COMMENT '1 if network is default',
|
||||
`created` datetime NOT NULL COMMENT 'date created',
|
||||
`removed` datetime COMMENT 'date removed if not null',
|
||||
`is_security_group_enabled` tinyint NOT NULL DEFAULT 0 COMMENT '1: enabled, 0: not',
|
||||
`type` char(32) COMMENT 'type of the network, can be Shared or Isolated',
|
||||
PRIMARY KEY (`id`),
|
||||
CONSTRAINT `fk_networks__network_offering_id` FOREIGN KEY (`network_offering_id`) REFERENCES `network_offerings`(`id`),
|
||||
@ -264,7 +263,6 @@ CREATE TABLE `cloud`.`network_offerings` (
|
||||
`default` int(1) unsigned NOT NULL DEFAULT 0 COMMENT '1 if network offering is default',
|
||||
`availability` varchar(255) NOT NULL COMMENT 'availability of the network',
|
||||
`shared_source_nat_service` int(1) unsigned NOT NULL DEFAULT 0 COMMENT 'true if the network offering provides the shared source nat service',
|
||||
`is_security_group_enabled` tinyint NOT NULL DEFAULT 0 COMMENT '1: enabled, 0: not',
|
||||
`state` char(32) COMMENT 'state of the network offering; has Disabled value by default',
|
||||
`type` char(32) COMMENT 'type of the network offering, can be Shared or Isolated',
|
||||
PRIMARY KEY (`id`),
|
||||
@ -500,6 +498,7 @@ CREATE TABLE `cloud`.`data_center` (
|
||||
`userdata_provider` char(64) DEFAULT 'VirtualRouter',
|
||||
`allocation_state` varchar(32) NOT NULL DEFAULT 'Enabled' COMMENT 'Is this data center enabled for allocation for new resources',
|
||||
`zone_token` varchar(255),
|
||||
`is_security_group_enabled` tinyint NOT NULL DEFAULT 0 COMMENT '1: enabled, 0: not',
|
||||
`removed` datetime COMMENT 'date removed if not null',
|
||||
PRIMARY KEY (`id`),
|
||||
CONSTRAINT `fk_data_center__domain_id` FOREIGN KEY (`domain_id`) REFERENCES `domain`(`id`),
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user