diff --git a/agent-simulator/src/com/cloud/resource/AgentRoutingResource.java b/agent-simulator/src/com/cloud/resource/AgentRoutingResource.java index 009e4165881..2a35b55ca96 100644 --- a/agent-simulator/src/com/cloud/resource/AgentRoutingResource.java +++ b/agent-simulator/src/com/cloud/resource/AgentRoutingResource.java @@ -4,7 +4,6 @@ package com.cloud.resource; -import java.io.File; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -18,9 +17,7 @@ import com.cloud.agent.api.Answer; import com.cloud.agent.api.CheckVirtualMachineAnswer; import com.cloud.agent.api.CheckVirtualMachineCommand; import com.cloud.agent.api.Command; - import com.cloud.agent.api.PingCommand; -import com.cloud.agent.api.PingRoutingCommand; import com.cloud.agent.api.PingRoutingWithNwGroupsCommand; import com.cloud.agent.api.PrepareForMigrationCommand; import com.cloud.agent.api.ReadyAnswer; diff --git a/api/src/com/cloud/api/ApiConstants.java b/api/src/com/cloud/api/ApiConstants.java index 603f178df68..36cae9779ef 100755 --- a/api/src/com/cloud/api/ApiConstants.java +++ b/api/src/com/cloud/api/ApiConstants.java @@ -153,7 +153,6 @@ public class ApiConstants { public static final String SECURITY_GROUP_NAMES = "securitygroupnames"; public static final String SECURITY_GROUP_NAME = "securitygroupname"; public static final String SECURITY_GROUP_ID = "securitygroupid"; - public static final String SECURITY_GROUP_EANBLED = "securitygroupenabled"; public static final String SENT = "sent"; public static final String SENT_BYTES = "sentbytes"; public static final String SERVICE_OFFERING_ID = "serviceofferingid"; @@ -283,4 +282,5 @@ public class ApiConstants { public static final String SERVICE_NAME = "servicename"; public static final String DHCP_RANGE = "dhcprange"; public static final String UUID = "uuid"; + public static final String SECURITY_GROUP_EANBLED = "securitygroupenabled"; } diff --git a/api/src/com/cloud/api/commands/CreateNetworkOfferingCmd.java b/api/src/com/cloud/api/commands/CreateNetworkOfferingCmd.java index 2799cc6a05b..f93929b7f53 100644 --- a/api/src/com/cloud/api/commands/CreateNetworkOfferingCmd.java +++ b/api/src/com/cloud/api/commands/CreateNetworkOfferingCmd.java @@ -97,9 +97,6 @@ public class CreateNetworkOfferingCmd extends BaseCmd { @Parameter(name = ApiConstants.SERVICE_PROVIDER_LIST, type = CommandType.MAP, description = "provider to service mapping. If not specified, the provider for the service will be mapped to the default provider on the physical network") private Map serviceProviderList; - @Parameter(name=ApiConstants.SECURITY_GROUP_EANBLED, type=CommandType.BOOLEAN, description="true is security group is enabled for the network offering") - private Boolean securityGroupEnabled; - @Parameter(name=ApiConstants.TYPE, type=CommandType.STRING, required=true, description="type of the network offering: Shared or Isolated") private String type; @@ -207,10 +204,6 @@ public class CreateNetworkOfferingCmd extends BaseCmd { return serviceProviderMap; } - public Boolean getSecurityGroupEnabled() { - return securityGroupEnabled == null ? false : securityGroupEnabled; - } - ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// ///////////////////////////////////////////////////// diff --git a/api/src/com/cloud/api/commands/CreateZoneCmd.java b/api/src/com/cloud/api/commands/CreateZoneCmd.java index 67577b8ef00..c6123e3df09 100755 --- a/api/src/com/cloud/api/commands/CreateZoneCmd.java +++ b/api/src/com/cloud/api/commands/CreateZoneCmd.java @@ -68,6 +68,9 @@ public class CreateZoneCmd extends BaseCmd { @Parameter(name=ApiConstants.ALLOCATION_STATE, type=CommandType.STRING, description="Allocation state of this Zone for allocation of new resources") private String allocationState; + + @Parameter(name=ApiConstants.SECURITY_GROUP_EANBLED, type=CommandType.BOOLEAN, description="true if network is security group enabled, false otherwise") + private Boolean securitygroupenabled; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -111,12 +114,18 @@ public class CreateZoneCmd extends BaseCmd { public String getAllocationState() { return allocationState; - } + } + + public Boolean getSecuritygroupenabled() { + if (securitygroupenabled == null) { + return false; + } + return securitygroupenabled; + } ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// - @Override public String getCommandName() { return s_name; diff --git a/api/src/com/cloud/api/commands/DeployVMCmd.java b/api/src/com/cloud/api/commands/DeployVMCmd.java index 9803f4fcaa5..8e3188c5298 100644 --- a/api/src/com/cloud/api/commands/DeployVMCmd.java +++ b/api/src/com/cloud/api/commands/DeployVMCmd.java @@ -371,13 +371,10 @@ public class DeployVMCmd extends BaseAsyncCreateCmd { displayName, diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), ipAddress, keyboard); } } else { - if (zone.isSecurityGroupEnabled()) { + if (getSecurityGroupIdList() != null && !getSecurityGroupIdList().isEmpty()) { vm = _userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, template, getNetworkIds(), getSecurityGroupIdList(), owner, name, displayName, diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), ipAddress, keyboard); } else { - if (getSecurityGroupIdList() != null && !getSecurityGroupIdList().isEmpty()) { - throw new InvalidParameterValueException("Can't create vm with security groups; security group feature is not enabled per zone"); - } vm = _userVmService.createAdvancedVirtualMachine(zone, serviceOffering, template, getNetworkIds(), owner, name, displayName, diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), ipAddress, keyboard); } diff --git a/api/src/com/cloud/api/commands/ListNetworkOfferingsCmd.java b/api/src/com/cloud/api/commands/ListNetworkOfferingsCmd.java index 1fcd3a4de35..f5cee89e212 100644 --- a/api/src/com/cloud/api/commands/ListNetworkOfferingsCmd.java +++ b/api/src/com/cloud/api/commands/ListNetworkOfferingsCmd.java @@ -68,9 +68,6 @@ public class ListNetworkOfferingsCmd extends BaseListCmd { @Parameter(name=ApiConstants.ZONE_ID, type=CommandType.LONG, description="list netowrk offerings available for network creation in specific zone") private Long zoneId; - @Parameter(name=ApiConstants.SECURITY_GROUP_EANBLED, type=CommandType.BOOLEAN, description="list network offerings that have security group feature enabled") - private Boolean securityGroupEnabled; - @Parameter(name=ApiConstants.STATE, type=CommandType.STRING, description="list network offerings by state") private String state; @@ -120,10 +117,6 @@ public class ListNetworkOfferingsCmd extends BaseListCmd { return zoneId; } - public Boolean getSecurityGroupEnabled() { - return securityGroupEnabled; - } - public String getState() { return state; } diff --git a/api/src/com/cloud/api/commands/UpdateNetworkOfferingCmd.java b/api/src/com/cloud/api/commands/UpdateNetworkOfferingCmd.java index 435bcbabe89..25d4ec87303 100644 --- a/api/src/com/cloud/api/commands/UpdateNetworkOfferingCmd.java +++ b/api/src/com/cloud/api/commands/UpdateNetworkOfferingCmd.java @@ -88,9 +88,6 @@ public class UpdateNetworkOfferingCmd extends BaseCmd { @Parameter(name=ApiConstants.STATE, type=CommandType.STRING, description="list network offerings by state") private String state; - - @Parameter(name=ApiConstants.SECURITY_GROUP_EANBLED, type=CommandType.BOOLEAN, description="true is security group is enabled for the network offering") - private Boolean securityGroupEnabled; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -172,10 +169,6 @@ public class UpdateNetworkOfferingCmd extends BaseCmd { return state; } - public Boolean getSecurityGroupEnabled() { - return securityGroupEnabled; - } - ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// ///////////////////////////////////////////////////// diff --git a/api/src/com/cloud/api/response/HypervisorCapabilitiesResponse.java b/api/src/com/cloud/api/response/HypervisorCapabilitiesResponse.java index fe968369159..931a7b55b87 100644 --- a/api/src/com/cloud/api/response/HypervisorCapabilitiesResponse.java +++ b/api/src/com/cloud/api/response/HypervisorCapabilitiesResponse.java @@ -38,8 +38,6 @@ public class HypervisorCapabilitiesResponse extends BaseResponse { @SerializedName(ApiConstants.SECURITY_GROUP_EANBLED) @Param(description="true if security group is supported") private boolean isSecurityGroupEnabled; - - @Override public Long getObjectId() { return getId(); diff --git a/api/src/com/cloud/api/response/NetworkOfferingResponse.java b/api/src/com/cloud/api/response/NetworkOfferingResponse.java index 5e6f8505c94..146b2116576 100644 --- a/api/src/com/cloud/api/response/NetworkOfferingResponse.java +++ b/api/src/com/cloud/api/response/NetworkOfferingResponse.java @@ -62,9 +62,6 @@ public class NetworkOfferingResponse extends BaseResponse{ @SerializedName(ApiConstants.NETWORKRATE) @Param(description="data transfer rate in megabits per second allowed.") private Integer networkRate; - @SerializedName(ApiConstants.SECURITY_GROUP_EANBLED) @Param(description="true if security group is enabled, false otherwise") - private Boolean isSecurityGroupEnabled; - @SerializedName(ApiConstants.STATE) @Param(description="state of the network offering. Can be Disabled/Enabled/Inactive") private String state; @@ -122,10 +119,6 @@ public class NetworkOfferingResponse extends BaseResponse{ this.networkRate = networkRate; } - public void setIsSecurityGroupEnabled(Boolean isSecurityGroupEnabled) { - this.isSecurityGroupEnabled = isSecurityGroupEnabled; - } - public void setServices(List services) { this.services = services; } diff --git a/api/src/com/cloud/api/response/NetworkResponse.java b/api/src/com/cloud/api/response/NetworkResponse.java index f780b998ec2..3a599bd7d60 100644 --- a/api/src/com/cloud/api/response/NetworkResponse.java +++ b/api/src/com/cloud/api/response/NetworkResponse.java @@ -120,9 +120,6 @@ public class NetworkResponse extends BaseResponse implements ControlledEntityRes @SerializedName(ApiConstants.NETWORK_DOMAIN) @Param(description="the network domain") private String networkDomain; - @SerializedName(ApiConstants.SECURITY_GROUP_EANBLED) @Param(description="true if security group is enabled, false otherwise") - private Boolean isSecurityGroupEnabled; - @SerializedName(ApiConstants.TAGS) @Param(description="comma separated tag") private String tags; @@ -246,10 +243,6 @@ public class NetworkResponse extends BaseResponse implements ControlledEntityRes this.networkDomain = networkDomain; } - public void setIsSecurityGroupEnabled(Boolean sgEnabled) { - this.isSecurityGroupEnabled = sgEnabled; - } - public void setTags(List tags) { if (tags == null || tags.size() == 0) { return; diff --git a/api/src/com/cloud/dc/DataCenter.java b/api/src/com/cloud/dc/DataCenter.java index 8ed3bfa8b09..a326efb3491 100644 --- a/api/src/com/cloud/dc/DataCenter.java +++ b/api/src/com/cloud/dc/DataCenter.java @@ -1,4 +1,5 @@ /** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. * * This software is licensed under the GNU General Public License v3 or later. diff --git a/api/src/com/cloud/network/Network.java b/api/src/com/cloud/network/Network.java index e9b5c1250ea..40609777134 100644 --- a/api/src/com/cloud/network/Network.java +++ b/api/src/com/cloud/network/Network.java @@ -55,6 +55,7 @@ public interface Network extends ControlledEntity { public static final Service Lb = new Service("Lb", Capability.SupportedLBAlgorithms, Capability.SupportedProtocols, Capability.TrafficStatistics, Capability.LoadBalancingSupportedIps); public static final Service UserData = new Service("UserData"); public static final Service SourceNat = new Service("SourceNat"); + public static final Service SecurityGroup = new Service("SecurityGroup"); private String name; private Capability[] caps; @@ -118,9 +119,11 @@ public interface Network extends ControlledEntity { public static final Provider ExternalGateWay = new Provider("ExternalGateWay", true); public static final Provider ElasticLoadBalancerVm = new Provider("ElasticLoadBalancerVm", false); public static final Provider RedundantVirtualRouter = new Provider("RedundantVirtualRouter", false); - public static final Provider defaultProvider = VirtualRouter; - + public static final Provider SecurityGroupProvider = new Provider("SecurityGroupProvider", false); public static final Provider None = new Provider("None", false); + + //the default provider + public static final Provider defaultProvider = VirtualRouter; private String name; private boolean isExternal; @@ -266,8 +269,6 @@ public interface Network extends ControlledEntity { String getNetworkDomain(); - boolean isSecurityGroupEnabled(); - List getTags(); Type getType(); diff --git a/api/src/com/cloud/network/NetworkProfile.java b/api/src/com/cloud/network/NetworkProfile.java index be243997683..eb4c119b7ae 100644 --- a/api/src/com/cloud/network/NetworkProfile.java +++ b/api/src/com/cloud/network/NetworkProfile.java @@ -47,7 +47,6 @@ public class NetworkProfile implements Network { private String reservationId; private boolean isDefault; private String networkDomain; - private boolean isSecurityGroupEnabled; private List tags; private Network.Type type; private boolean isShared; @@ -72,7 +71,6 @@ public class NetworkProfile implements Network { this.isDefault = network.isDefault(); this.networkDomain = network.getNetworkDomain(); this.domainId = network.getDomainId(); - this.isSecurityGroupEnabled = network.isSecurityGroupEnabled(); this.type = network.getType(); this.isShared = network.getIsShared(); this.physicalNetworkId = network.getPhysicalNetworkId(); @@ -192,11 +190,6 @@ public class NetworkProfile implements Network { public long getDomainId() { return domainId; } - - @Override - public boolean isSecurityGroupEnabled() { - return isSecurityGroupEnabled; - } @Override public Network.Type getType(){ diff --git a/api/src/com/cloud/offering/NetworkOffering.java b/api/src/com/cloud/offering/NetworkOffering.java index bd4e02ef1b4..481ae8d125e 100644 --- a/api/src/com/cloud/offering/NetworkOffering.java +++ b/api/src/com/cloud/offering/NetworkOffering.java @@ -88,13 +88,9 @@ public interface NetworkOffering { String getUniqueName(); - boolean isSecurityGroupEnabled(); - void setState(State state); State getState(); - - void setSecurityGroupEnabled(boolean securityGroupEnabled); - + Type getType(); } diff --git a/api/src/com/cloud/vm/NicProfile.java b/api/src/com/cloud/vm/NicProfile.java index d59e9e5c831..e2f737bfa3b 100644 --- a/api/src/com/cloud/vm/NicProfile.java +++ b/api/src/com/cloud/vm/NicProfile.java @@ -213,7 +213,7 @@ public class NicProfile { return strategy; } - public NicProfile(Nic nic, Network network, URI broadcastUri, URI isolationUri, Integer networkRate) { + public NicProfile(Nic nic, Network network, URI broadcastUri, URI isolationUri, Integer networkRate, boolean isSecurityGroupEnabled) { this.id = nic.getId(); this.networkId = network.getId(); this.gateway = nic.getGateway(); @@ -231,7 +231,7 @@ public class NicProfile { this.broadcastUri = broadcastUri; this.isolationUri = isolationUri; this.netmask = nic.getNetmask(); - this.isSecurityGroupEnabled = network.isSecurityGroupEnabled(); + this.isSecurityGroupEnabled = isSecurityGroupEnabled; this.vmId = nic.getInstanceId(); this.tags = network.getTags(); diff --git a/client/tomcatconf/components-premium.xml.in b/client/tomcatconf/components-premium.xml.in index 7306853c636..1aa7352521f 100755 --- a/client/tomcatconf/components-premium.xml.in +++ b/client/tomcatconf/components-premium.xml.in @@ -30,8 +30,7 @@ - - + diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java index d80d375eeb7..09249ee9549 100755 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@ -2109,7 +2109,6 @@ public class ApiResponseHelper implements ResponseGenerator { response.setSpecifyVlan(offering.getSpecifyVlan()); response.setAvailability(offering.getAvailability().toString()); response.setNetworkRate(ApiDBUtils.getNetworkRate(offering.getId())); - response.setIsSecurityGroupEnabled(offering.isSecurityGroupEnabled()); if (offering.getType() != null) { response.setType(offering.getType().toString()); } @@ -2190,7 +2189,6 @@ public class ApiResponseHelper implements ResponseGenerator { response.setDns1(profile.getDns1()); response.setDns2(profile.getDns2()); - response.setIsSecurityGroupEnabled(network.isSecurityGroupEnabled()); response.setTags(network.getTags()); // populate capability diff --git a/server/src/com/cloud/configuration/ConfigurationManager.java b/server/src/com/cloud/configuration/ConfigurationManager.java index c951493f1d6..ce2e81bf0e2 100644 --- a/server/src/com/cloud/configuration/ConfigurationManager.java +++ b/server/src/com/cloud/configuration/ConfigurationManager.java @@ -117,11 +117,12 @@ public interface ConfigurationManager extends ConfigurationService, Manager { * @param zoneType * @param allocationState * @param networkDomain TODO + * @param isSecurityGroupEnabled TODO * @return * @throws * @throws */ - DataCenterVO createZone(long userId, String zoneName, String dns1, String dns2, String internalDns1, String internalDns2, String guestCidr, String domain, Long domainId, NetworkType zoneType, String allocationState, String networkDomain); + DataCenterVO createZone(long userId, String zoneName, String dns1, String dns2, String internalDns1, String internalDns2, String guestCidr, String domain, Long domainId, NetworkType zoneType, String allocationState, String networkDomain, boolean isSecurityGroupEnabled); /** * Deletes a VLAN from the database, along with all of its IP addresses. Will not delete VLANs that have allocated IP addresses. @@ -177,7 +178,6 @@ public interface ConfigurationManager extends ConfigurationService, Manager { * @param networkRate TODO * @param serviceProviderMap TODO * @param isDefault TODO - * @param isSecurityGroupEnabled TODO * @param type TODO * @param systemOnly TODO * @param id @@ -185,7 +185,7 @@ public interface ConfigurationManager extends ConfigurationService, Manager { * @return network offering object */ - NetworkOfferingVO createNetworkOffering(long userId, String name, String displayText, TrafficType trafficType, String tags, Integer maxConnections, boolean specifyVlan, Availability availability, Integer networkRate, Map> serviceProviderMap, boolean isDefault, boolean isSecurityGroupEnabled, Network.Type type, boolean systemOnly); + NetworkOfferingVO createNetworkOffering(long userId, String name, String displayText, TrafficType trafficType, String tags, Integer maxConnections, boolean specifyVlan, Availability availability, Integer networkRate, Map> serviceProviderMap, boolean isDefault, Network.Type type, boolean systemOnly); Vlan createVlanAndPublicIpRange(Long userId, Long zoneId, Long podId, String startIP, String endIP, String vlanGateway, String vlanNetmask, boolean forVirtualNetwork, String vlanId, Account account, Long networkId) throws InsufficientCapacityException, ConcurrentOperationException, InvalidParameterValueException; diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java index 1a44e8feebe..b1aa9b1ed00 100755 --- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java @@ -1311,7 +1311,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura @Override @DB public DataCenterVO createZone(long userId, String zoneName, String dns1, String dns2, String internalDns1, String internalDns2, String guestCidr, String domain, Long domainId, - NetworkType zoneType, String allocationStateStr, String networkDomain) { + NetworkType zoneType, String allocationStateStr, String networkDomain, boolean isSecurityGroupEnabled) { // checking the following params outside checkzoneparams method as we do not use these params for updatezone // hence the method below is generic to check for common params @@ -1336,7 +1336,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura try { txn.start(); // Create the new zone in the database - DataCenterVO zone = new DataCenterVO(zoneName, null, dns1, dns2, internalDns1, internalDns2, guestCidr, domain, domainId, zoneType, zoneToken, networkDomain); + DataCenterVO zone = new DataCenterVO(zoneName, null, dns1, dns2, internalDns1, internalDns2, guestCidr, domain, domainId, zoneType, zoneToken, networkDomain, isSecurityGroupEnabled); if (allocationStateStr != null && !allocationStateStr.isEmpty()) { Grouping.AllocationState allocationState = Grouping.AllocationState.valueOf(allocationStateStr); zone.setAllocationState(allocationState); @@ -1386,7 +1386,6 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura if (zone.getNetworkType() == NetworkType.Basic) { isNetworkDefault = true; broadcastDomainType = BroadcastDomainType.Native; - userNetwork.setSecurityGroupEnabled(offering.isSecurityGroupEnabled()); } else { continue; } @@ -1415,6 +1414,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura Boolean isBasic = false; String allocationState = cmd.getAllocationState(); String networkDomain = cmd.getDomain(); + boolean isSecurityGroupEnabled = cmd.getSecuritygroupenabled(); if (allocationState == null) { allocationState = Grouping.AllocationState.Enabled.toString(); @@ -1428,12 +1428,12 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura NetworkType zoneType = isBasic ? NetworkType.Basic : NetworkType.Advanced; - /*Guest cidr is required for Advanced zone creation; error out when the parameter specified for Basic zone - if (zoneType == NetworkType.Advanced && guestCidr == null && !securityGroupEnabled) { + //Guest cidr is required for Advanced zone creation; error out when the parameter specified for Basic zone + if (zoneType == NetworkType.Advanced && guestCidr == null && !isSecurityGroupEnabled) { throw new InvalidParameterValueException("guestCidrAddress parameter is required for Advanced zone creation"); } else if (zoneType == NetworkType.Basic && guestCidr != null) { throw new InvalidParameterValueException("guestCidrAddress parameter is not supported for Basic zone"); - }*/ + } DomainVO domainVO = null; @@ -1445,16 +1445,11 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura domainVO = _domainDao.findById(domainId); } - /* Verify zone type - if (zoneType == NetworkType.Basic && vnetRange != null) { - vnetRange = null; + if (zoneType == NetworkType.Basic) { + isSecurityGroupEnabled = true; } - if (zoneType == NetworkType.Basic) { - securityGroupEnabled = true; - }*/ - - return createZone(userId, zoneName, dns1, dns2, internalDns1, internalDns2, guestCidr, domainVO != null ? domainVO.getName() : null, domainId, zoneType, allocationState, networkDomain); + return createZone(userId, zoneName, dns1, dns2, internalDns1, internalDns2, guestCidr, domainVO != null ? domainVO.getName() : null, domainId, zoneType, allocationState, networkDomain, isSecurityGroupEnabled); } @Override @@ -1904,7 +1899,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura throw new InvalidParameterValueException("Vlan doesn't match vlan of the network"); } - if (forVirtualNetwork || zone.getNetworkType() == DataCenter.NetworkType.Basic || network.isSecurityGroupEnabled()) { + if (forVirtualNetwork || zone.getNetworkType() == DataCenter.NetworkType.Basic || zone.isSecurityGroupEnabled()) { if (vlanGateway == null || vlanNetmask == null || zoneId == null) { throw new InvalidParameterValueException("Gateway, netmask and zoneId have to be passed in for virtual and direct untagged networks"); } @@ -2714,7 +2709,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura String trafficTypeString = cmd.getTraffictype(); Boolean specifyVlan = cmd.getSpecifyVlan(); String availabilityStr = cmd.getAvailability(); - Boolean isSecurityGroupEnabled = cmd.getSecurityGroupEnabled(); + Integer networkRate = cmd.getNetworkRate(); @@ -2820,19 +2815,19 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura } } - return createNetworkOffering(userId, name, displayText, trafficType, tags, maxConnections, specifyVlan, availability, networkRate, serviceProviderMap, false, isSecurityGroupEnabled, type, false); + return createNetworkOffering(userId, name, displayText, trafficType, tags, maxConnections, specifyVlan, availability, networkRate, serviceProviderMap, false, type, false); } @Override @DB public NetworkOfferingVO createNetworkOffering(long userId, String name, String displayText, TrafficType trafficType, String tags, Integer maxConnections, boolean specifyVlan, - Availability availability, Integer networkRate, Map> serviceProviderMap, boolean isDefault, boolean isSecurityGroupEnabled, Network.Type type, boolean systemOnly) { + Availability availability, Integer networkRate, Map> serviceProviderMap, boolean isDefault, Network.Type type, boolean systemOnly) { String multicastRateStr = _configDao.getValue("multicast.throttling.rate"); int multicastRate = ((multicastRateStr == null) ? 10 : Integer.parseInt(multicastRateStr)); tags = cleanupTags(tags); - NetworkOfferingVO offering = new NetworkOfferingVO(name, displayText, trafficType, systemOnly, specifyVlan, networkRate, multicastRate, maxConnections, isDefault, availability, tags, isSecurityGroupEnabled, type); + NetworkOfferingVO offering = new NetworkOfferingVO(name, displayText, trafficType, systemOnly, specifyVlan, networkRate, multicastRate, maxConnections, isDefault, availability, tags, type); Transaction txn = Transaction.currentTxn(); txn.start(); @@ -2870,7 +2865,6 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura Object specifyVlan = cmd.getSpecifyVlan(); Object isShared = cmd.getIsShared(); Object availability = cmd.getAvailability(); - Object sgEnabled = cmd.getSecurityGroupEnabled(); Object state = cmd.getState(); Long zoneId = cmd.getZoneId(); DataCenter zone = null; @@ -2926,10 +2920,6 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura if (state != null) { sc.addAnd("state", SearchCriteria.Op.EQ, state); } - - if (sgEnabled != null) { - sc.addAnd("securityGroupEnabled", SearchCriteria.Op.EQ, sgEnabled); - } if (zone != null) { if (zone.getNetworkType() == NetworkType.Basic) { @@ -3005,7 +2995,6 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura String name = cmd.getNetworkOfferingName(); String availabilityStr = cmd.getAvailability(); Availability availability = null; - Boolean sgEnabled = cmd.getSecurityGroupEnabled(); String state = cmd.getState(); UserContext.current().setEventDetails(" Id: "+id); @@ -3061,13 +3050,6 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura Long networks = _networkDao.getNetworkCountByOfferingId(id); boolean networksExist = (networks != null && networks.longValue() > 0); - if (sgEnabled != null) { - if (networksExist) { - throw new InvalidParameterValueException("Unable to reset securityGroupEnabled property as there are existing networks using this network offering"); - } - offering.setSecurityGroupEnabled(sgEnabled); - } - //configure service provider map Map> serviceProviderMap = new HashMap>(); Set defaultProviders = new HashSet(); diff --git a/server/src/com/cloud/dc/DataCenterVO.java b/server/src/com/cloud/dc/DataCenterVO.java index 8732e0c737e..6b44bbac953 100644 --- a/server/src/com/cloud/dc/DataCenterVO.java +++ b/server/src/com/cloud/dc/DataCenterVO.java @@ -121,6 +121,9 @@ public class DataCenterVO implements DataCenter { @Enumerated(value=EnumType.STRING) AllocationState allocationState; + @Column(name="is_security_group_enabled") + boolean securityGroupEnabled; + @Override public String getDnsProvider() { return dnsProvider; @@ -167,12 +170,12 @@ public class DataCenterVO implements DataCenter { } public DataCenterVO(long id, String name, String description, String dns1, String dns2, String dns3, String dns4, String guestCidr, String domain, Long domainId, NetworkType zoneType, String zoneToken, String domainSuffix) { - this(name, description, dns1, dns2, dns3, dns4, guestCidr, domain, domainId, zoneType, zoneToken, domainSuffix); + this(name, description, dns1, dns2, dns3, dns4, guestCidr, domain, domainId, zoneType, zoneToken, domainSuffix, false); this.id = id; this.allocationState = Grouping.AllocationState.Enabled; } - public DataCenterVO(String name, String description, String dns1, String dns2, String dns3, String dns4, String guestCidr, String domain, Long domainId, NetworkType zoneType, String zoneToken, String domainSuffix) { + public DataCenterVO(String name, String description, String dns1, String dns2, String dns3, String dns4, String guestCidr, String domain, Long domainId, NetworkType zoneType, String zoneToken, String domainSuffix, boolean securityGroupEnabled) { this.name = name; this.description = description; this.dns1 = dns1; @@ -184,6 +187,8 @@ public class DataCenterVO implements DataCenter { this.domainId = domainId; this.networkType = zoneType; this.allocationState = Grouping.AllocationState.Enabled; + this.securityGroupEnabled = securityGroupEnabled; + if (zoneType == NetworkType.Advanced) { loadBalancerProvider = Provider.VirtualRouter.getName(); diff --git a/server/src/com/cloud/hypervisor/HypervisorGuruBase.java b/server/src/com/cloud/hypervisor/HypervisorGuruBase.java index 798b25e067e..b4aa34ae4c2 100644 --- a/server/src/com/cloud/hypervisor/HypervisorGuruBase.java +++ b/server/src/com/cloud/hypervisor/HypervisorGuruBase.java @@ -49,7 +49,6 @@ public abstract class HypervisorGuruBase extends AdapterBase implements Hypervis to.setBroadcastUri(profile.getBroadCastUri()); to.setIsolationuri(profile.getIsolationUri()); to.setNetworkRateMbps(profile.getNetworkRate()); - to.setSecurityGroupEnabled(profile.isSecurityGroupEnabled()); to.setTags(profile.getTags()); return to; } diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java index fc0e50b83d3..0fd4ad1ea6c 100644 --- a/server/src/com/cloud/network/NetworkManager.java +++ b/server/src/com/cloud/network/NetworkManager.java @@ -223,6 +223,8 @@ public interface NetworkManager extends NetworkService { List listNetworkOfferingsForUpgrade(long networkId); - PhysicalNetwork translateZoneIdToPhysicalNetwork(long zoneId); + PhysicalNetwork translateZoneIdToPhysicalNetwork(long zoneId); + + boolean isSecurityGroupSupportedInNetwork(Network network); } diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 27d045aaede..f63c95d4913 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -826,6 +826,15 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag defaultDirectNetworkOfferingProviders.put(Service.Dns, defaultProviders); defaultDirectNetworkOfferingProviders.put(Service.UserData, defaultProviders); + + Map> defaultDirectBasicZoneNetworkOfferingProviders = new HashMap>(); + defaultDirectBasicZoneNetworkOfferingProviders.put(Service.Dhcp, defaultProviders); + defaultDirectBasicZoneNetworkOfferingProviders.put(Service.Dns, defaultProviders); + defaultDirectBasicZoneNetworkOfferingProviders.put(Service.UserData, defaultProviders); + Set sgProviders = new HashSet(); + sgProviders.add(Provider.SecurityGroupProvider); + defaultDirectBasicZoneNetworkOfferingProviders.put(Service.SecurityGroup, sgProviders); + Map> defaultVirtualNetworkOfferingProviders = new HashMap>(); defaultProviders.clear(); defaultProviders.add(Network.Provider.VirtualRouter); @@ -845,19 +854,19 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag //check that offering already exists NetworkOfferingVO offering = null; if (_networkOfferingDao.findByUniqueName(NetworkOffering.SystemGuestNetwork) == null) { - offering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM, NetworkOffering.SystemGuestNetwork, "System Offering for System-Guest-Network", TrafficType.Guest, null, null, false, Availability.Optional, null, defaultDirectNetworkOfferingProviders, true, true, Network.Type.Shared, true); + offering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM, NetworkOffering.SystemGuestNetwork, "System Offering for System-Guest-Network", TrafficType.Guest, null, null, false, Availability.Optional, null, defaultDirectNetworkOfferingProviders, true, Network.Type.Shared, true); offering.setState(NetworkOffering.State.Enabled); _networkOfferingDao.update(offering.getId(), offering); } if (_networkOfferingDao.findByUniqueName(NetworkOffering.DefaultVirtualizedNetworkOffering) == null) { - offering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM,NetworkOffering.DefaultVirtualizedNetworkOffering, "Virtual Vlan", TrafficType.Guest, null, null, false, Availability.Required, null, defaultVirtualNetworkOfferingProviders, true, false, Network.Type.Isolated, false); + offering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM,NetworkOffering.DefaultVirtualizedNetworkOffering, "Virtual Vlan", TrafficType.Guest, null, null, false, Availability.Required, null, defaultVirtualNetworkOfferingProviders, true, Network.Type.Isolated, false); offering.setState(NetworkOffering.State.Enabled); _networkOfferingDao.update(offering.getId(), offering); } if (_networkOfferingDao.findByUniqueName(NetworkOffering.DefaultDirectNetworkOffering) == null) { - offering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM, NetworkOffering.DefaultDirectNetworkOffering, "Direct", TrafficType.Guest, null, null, true, Availability.Optional, null, defaultDirectNetworkOfferingProviders, true, false, Network.Type.Shared, false); + offering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM, NetworkOffering.DefaultDirectNetworkOffering, "Direct", TrafficType.Guest, null, null, true, Availability.Optional, null, defaultDirectNetworkOfferingProviders, true, Network.Type.Shared, false); offering.setState(NetworkOffering.State.Enabled); _networkOfferingDao.update(offering.getId(), offering); } @@ -1050,7 +1059,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } NetworkVO vo = new NetworkVO(id, network, offering.getId(), guru.getName(), owner.getDomainId(), owner.getId(), related, name, displayText, isDefault, - predefined.isSecurityGroupEnabled(), (domainId != null), predefined.getNetworkDomain(), offering.getType(), isShared, plan.getDataCenterId(), plan.getPhysicalNetworkId()); + (domainId != null), predefined.getNetworkDomain(), offering.getType(), isShared, plan.getDataCenterId(), plan.getPhysicalNetworkId()); vo.setTags(tags); networks.add(_networksDao.persist(vo, vo.getType() == Network.Type.Isolated)); @@ -1149,7 +1158,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag nics.add(vo); Integer networkRate = getNetworkRate(config.getId(), vm.getId()); - vm.addNic(new NicProfile(vo, network.first(), vo.getBroadcastUri(), vo.getIsolationUri(), networkRate)); + vm.addNic(new NicProfile(vo, network.first(), vo.getBroadcastUri(), vo.getIsolationUri(), networkRate, isSecurityGroupSupportedInNetwork(network.first()))); } if (nics.size() != networks.size()) { @@ -1397,7 +1406,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag URI isolationUri = nic.getIsolationUri(); - profile = new NicProfile(nic, network, broadcastUri, isolationUri, networkRate); + profile = new NicProfile(nic, network, broadcastUri, isolationUri, networkRate, isSecurityGroupSupportedInNetwork(network)); guru.reserve(profile, network, vmProfile, dest, context); nic.setIp4Address(profile.getIp4Address()); nic.setAddressFormat(profile.getFormat()); @@ -1416,7 +1425,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag updateNic(nic, network.getId(), 1); } else { - profile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), networkRate); + profile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), networkRate, isSecurityGroupSupportedInNetwork(network)); guru.updateNicProfile(profile, network); nic.setState(Nic.State.Reserved); updateNic(nic, network.getId(), 1); @@ -1428,7 +1437,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } element.prepare(network, profile, vmProfile, dest, context); } - profile.setSecurityGroupEnabled(network.isSecurityGroupEnabled()); + + profile.setSecurityGroupEnabled(isServiceSupportedByNetworkOffering(network.getNetworkOfferingId(), Service.SecurityGroup)); guru.updateNicProfile(profile, network); vmProfile.addNic(profile); } @@ -1442,7 +1452,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag Integer networkRate = getNetworkRate(network.getId(), vm.getId()); NetworkGuru guru = _networkGurus.get(network.getGuruName()); - NicProfile profile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), networkRate); + NicProfile profile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), networkRate, isSecurityGroupSupportedInNetwork(network)); guru.updateNicProfile(profile, network); vm.addNic(profile); } @@ -1459,7 +1469,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag NetworkGuru guru = _networkGurus.get(network.getGuruName()); nic.setState(Nic.State.Releasing); _nicDao.update(nic.getId(), nic); - NicProfile profile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), null); + NicProfile profile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), null, isSecurityGroupSupportedInNetwork(network)); if (guru.release(profile, vmProfile, nic.getReservationId())) { applyProfileToNicForRelease(nic, profile); nic.setState(Nic.State.Allocated); @@ -1493,7 +1503,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag Integer networkRate = getNetworkRate(network.getId(), vm.getId()); NetworkGuru guru = _networkGurus.get(network.getGuruName()); - NicProfile profile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), networkRate); + NicProfile profile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), networkRate, isSecurityGroupSupportedInNetwork(network)); guru.updateNicProfile(profile, network); profiles.add(profile); } @@ -1595,7 +1605,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag nic.setState(Nic.State.Deallocating); _nicDao.update(nic.getId(), nic); NetworkVO network = _networksDao.findById(nic.getNetworkId()); - NicProfile profile = new NicProfile(nic, network, null, null, null); + NicProfile profile = new NicProfile(nic, network, null, null, null, isSecurityGroupSupportedInNetwork(network)); NetworkGuru guru = _networkGurus.get(network.getGuruName()); guru.deallocate(network, profile, vm); _nicDao.remove(nic.getId()); @@ -1876,7 +1886,6 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag DataCenterDeployment plan = new DataCenterDeployment(zoneId, null, null, null, null, physicalNetwork.getId()); NetworkVO userNetwork = new NetworkVO(); userNetwork.setNetworkDomain(networkDomain); - userNetwork.setSecurityGroupEnabled(isSecurityGroupEnabled); if (cidr != null && gateway != null) { userNetwork.setCidr(cidr); @@ -3420,8 +3429,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag NetworkOffering oldNetworkOffering = _networkOfferingDao.findByIdIncludingRemoved(oldNetworkOfferingId); NetworkOffering newNetworkOffering = _networkOfferingDao.findById(newNetworkOfferingId); - //security group property should be the same - if (oldNetworkOffering.isSecurityGroupEnabled() != newNetworkOffering.isSecurityGroupEnabled()) { + //security group service should be the same + if (isServiceSupportedByNetworkOffering(oldNetworkOfferingId, Service.SecurityGroup) != isServiceSupportedByNetworkOffering(newNetworkOfferingId, Service.SecurityGroup)) { s_logger.debug("Offerings " + newNetworkOfferingId + " and " + oldNetworkOfferingId + " have different securityGroupProperty, can't upgrade"); return false; } @@ -3506,6 +3515,12 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag int vnetStart = 0; int vnetEnd = 0; if (vnetRange != null) { + + //Verify zone type + if (zone.getNetworkType() == NetworkType.Basic && vnetRange != null) { + vnetRange = null; + } + String[] tokens = vnetRange.split("-"); try { vnetStart = Integer.parseInt(tokens[0]); @@ -3969,12 +3984,22 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag @Override public List listNetworkOfferingsForUpgrade(long networkId) { - + List offeringsToReturn = new ArrayList(); NetworkOffering originalOffering = _configMgr.getNetworkOffering(getNetwork(networkId).getNetworkOfferingId()); + boolean securityGroupSupportedByOriginalOff = isServiceSupportedByNetworkOffering(originalOffering.getId(), Service.SecurityGroup); + + //security group supported property should be the same + List offerings = _networkOfferingDao.getOfferingIdsToUpgradeFrom(originalOffering); - return offerings; + for (Long offeringId : offerings) { + if (isServiceSupportedByNetworkOffering(offeringId, Service.SecurityGroup) == securityGroupSupportedByOriginalOff) { + offeringsToReturn.add(offeringId); + } + } + + return offeringsToReturn; } @@ -4169,5 +4194,11 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag return success; } + @Override + public boolean isSecurityGroupSupportedInNetwork(Network network) { + boolean supported = isServiceSupportedByNetworkOffering(network.getNetworkOfferingId(), Service.SecurityGroup); + + return supported; + } } diff --git a/server/src/com/cloud/network/NetworkVO.java b/server/src/com/cloud/network/NetworkVO.java index 9928ec673b9..69169e226a9 100644 --- a/server/src/com/cloud/network/NetworkVO.java +++ b/server/src/com/cloud/network/NetworkVO.java @@ -143,9 +143,6 @@ public class NetworkVO implements Network { @Column(name="is_default") boolean isDefault; - @Column(name="is_security_group_enabled") - boolean securityGroupEnabled; - @ElementCollection(targetClass = String.class, fetch=FetchType.EAGER) @Column(name="tag") @CollectionTable(name="network_tags", joinColumns=@JoinColumn(name="network_id")) @@ -183,7 +180,7 @@ public class NetworkVO implements Network { this.id = -1; } - public NetworkVO(long id, Network that, long offeringId, String guruName, long domainId, long accountId, long related, String name, String displayText, boolean isDefault, boolean isSecurityGroupEnabled, boolean isDomainSpecific, String networkDomain, Type type, boolean isShared, long dcId, Long physicalNetworkId) { + public NetworkVO(long id, Network that, long offeringId, String guruName, long domainId, long accountId, long related, String name, String displayText, boolean isDefault, boolean isDomainSpecific, String networkDomain, Type type, boolean isShared, long dcId, Long physicalNetworkId) { this(id, that.getTrafficType(), that.getMode(), that.getBroadcastDomainType(), offeringId, domainId, accountId, related, name, displayText, isDefault,isDomainSpecific, networkDomain, type, isShared, dcId, physicalNetworkId); this.gateway = that.getGateway(); this.cidr = that.getCidr(); @@ -191,7 +188,6 @@ public class NetworkVO implements Network { this.broadcastDomainType = that.getBroadcastDomainType(); this.guruName = guruName; this.state = that.getState(); - this.securityGroupEnabled = isSecurityGroupEnabled; if (state == null) { state = State.Allocated; } @@ -430,15 +426,6 @@ public class NetworkVO implements Network { return isDefault; } - @Override - public boolean isSecurityGroupEnabled() { - return securityGroupEnabled; - } - - public void setSecurityGroupEnabled(boolean enabled) { - this.securityGroupEnabled = enabled; - } - public void setShared(boolean isShared) { this.isShared = isShared; } diff --git a/server/src/com/cloud/network/dao/NetworkDaoImpl.java b/server/src/com/cloud/network/dao/NetworkDaoImpl.java index c77d93b32c3..191498b190b 100644 --- a/server/src/com/cloud/network/dao/NetworkDaoImpl.java +++ b/server/src/com/cloud/network/dao/NetworkDaoImpl.java @@ -24,6 +24,7 @@ import javax.ejb.Local; import javax.persistence.TableGenerator; import com.cloud.network.Network; +import com.cloud.network.Network.Service; import com.cloud.network.NetworkAccountDaoImpl; import com.cloud.network.NetworkAccountVO; import com.cloud.network.NetworkDomainVO; @@ -31,6 +32,8 @@ import com.cloud.network.NetworkVO; import com.cloud.network.Networks.BroadcastDomainType; import com.cloud.network.Networks.Mode; import com.cloud.network.Networks.TrafficType; +import com.cloud.offerings.NetworkOfferingServiceMapVO; +import com.cloud.offerings.dao.NetworkOfferingServiceMapDaoImpl; import com.cloud.utils.component.ComponentLocator; import com.cloud.utils.db.DB; import com.cloud.utils.db.GenericDaoBase; @@ -60,6 +63,7 @@ public class NetworkDaoImpl extends GenericDaoBase implements N NetworkAccountDaoImpl _accountsDao = ComponentLocator.inject(NetworkAccountDaoImpl.class); NetworkDomainDaoImpl _domainsDao = ComponentLocator.inject(NetworkDomainDaoImpl.class); NetworkOpDaoImpl _opDao = ComponentLocator.inject(NetworkOpDaoImpl.class); + NetworkOfferingServiceMapDaoImpl _ntwkOffSvcMap = ComponentLocator.inject(NetworkOfferingServiceMapDaoImpl.class); final TableGenerator _tgMacAddress; Random _rand = new Random(System.currentTimeMillis()); @@ -112,7 +116,9 @@ public class NetworkDaoImpl extends GenericDaoBase implements N ZoneSecurityGroupSearch = createSearchBuilder(); ZoneSecurityGroupSearch.and("dataCenterId", ZoneSecurityGroupSearch.entity().getDataCenterId(), Op.EQ); - ZoneSecurityGroupSearch.and("securityGroup", ZoneSecurityGroupSearch.entity().isSecurityGroupEnabled(), Op.EQ); + SearchBuilder join1 = _ntwkOffSvcMap.createSearchBuilder(); + join1.and("service", join1.entity().getService(), Op.EQ); + ZoneSecurityGroupSearch.join("services", join1, ZoneSecurityGroupSearch.entity().getNetworkOfferingId(), join1.entity().getNetworkOfferingId(), JoinBuilder.JoinType.INNER); ZoneSecurityGroupSearch.done(); CountByOfferingId = createSearchBuilder(Long.class); @@ -127,7 +133,9 @@ public class NetworkDaoImpl extends GenericDaoBase implements N PhysicalNetworkSearch.done(); securityGroupSearch = createSearchBuilder(); - securityGroupSearch.and("isSgEnabled", securityGroupSearch.entity().isSecurityGroupEnabled(), SearchCriteria.Op.EQ); + SearchBuilder join3 = _ntwkOffSvcMap.createSearchBuilder(); + join3.and("service", join3.entity().getService(), Op.EQ); + securityGroupSearch.join("services", join3, securityGroupSearch.entity().getNetworkOfferingId(), join3.entity().getNetworkOfferingId(), JoinBuilder.JoinType.INNER); securityGroupSearch.done(); _tgMacAddress = _tgs.get("macAddress"); @@ -267,7 +275,7 @@ public class NetworkDaoImpl extends GenericDaoBase implements N if (zoneId != null) { sc.setParameters("dataCenterId", zoneId); } - sc.setParameters("securityGroup", true); + sc.setJoinParameters("services", "service", Service.SecurityGroup.toString()); return search(sc, null); } @@ -344,7 +352,7 @@ public class NetworkDaoImpl extends GenericDaoBase implements N @Override public List listSecurityGroupEnabledNetworks() { SearchCriteria sc = securityGroupSearch.create(); - sc.setParameters("isSgEnabled", true); + sc.setJoinParameters("services", "service", Service.SecurityGroup.toString()); return listBy(sc); } diff --git a/server/src/com/cloud/network/element/DhcpElement.java b/server/src/com/cloud/network/element/DhcpElement.java index cdb64ffd4ef..1d0149837d4 100644 --- a/server/src/com/cloud/network/element/DhcpElement.java +++ b/server/src/com/cloud/network/element/DhcpElement.java @@ -29,7 +29,6 @@ import com.cloud.api.commands.ConfigureDhcpElementCmd; import com.cloud.configuration.ConfigurationManager; import com.cloud.dc.DataCenter; import com.cloud.dc.DataCenter.NetworkType; -import com.cloud.dc.Pod; import com.cloud.dc.dao.HostPodDao; import com.cloud.deploy.DeployDestination; import com.cloud.exception.ConcurrentOperationException; @@ -45,13 +44,11 @@ import com.cloud.network.NetworkManager; import com.cloud.network.Networks.TrafficType; import com.cloud.network.dao.NetworkDao; import com.cloud.network.dao.VirtualRouterElementsDao; +import com.cloud.network.element.VirtualRouterElements.VirtualRouterElementsType; import com.cloud.network.router.VirtualNetworkApplianceManager; import com.cloud.network.router.VirtualRouter; import com.cloud.network.router.VirtualRouter.Role; -import com.cloud.network.element.DhcpElementService; -import com.cloud.network.element.VirtualRouterElements.VirtualRouterElementsType; import com.cloud.offering.NetworkOffering; -import com.cloud.org.Cluster; import com.cloud.user.AccountManager; import com.cloud.uservm.UserVm; import com.cloud.utils.component.AdapterBase; @@ -126,7 +123,7 @@ public class DhcpElement extends AdapterBase implements DhcpElementService, User //for Basic zone, add all Running routers - we have to send Dhcp/vmData/password info to them when network.dns.basiczone.updates is set to "all" Long podId = dest.getPod().getId(); DataCenter dc = dest.getDataCenter(); - boolean isPodBased = (dc.getNetworkType() == NetworkType.Basic || network.isSecurityGroupEnabled()) && network.getTrafficType() == TrafficType.Guest; + boolean isPodBased = (dc.getNetworkType() == NetworkType.Basic || _networkMgr.isSecurityGroupSupportedInNetwork(network)) && network.getTrafficType() == TrafficType.Guest; if (isPodBased && _routerMgr.getDnsBasicZoneUpdate().equalsIgnoreCase("all")) { List allRunningRoutersOutsideThePod = _routerDao.findByNetworkOutsideThePod(network.getId(), podId, State.Running, Role.DHCP_USERDATA); routers.addAll(allRunningRoutersOutsideThePod); diff --git a/server/src/com/cloud/network/element/SecurityGroupElement.java b/server/src/com/cloud/network/element/SecurityGroupElement.java new file mode 100644 index 00000000000..26226ecae56 --- /dev/null +++ b/server/src/com/cloud/network/element/SecurityGroupElement.java @@ -0,0 +1,82 @@ +/** + * * Copyright (C) 2011 Citrix Systems, Inc. All rights reserved +* + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +package com.cloud.network.element; + +import java.util.Map; + +import javax.ejb.Local; + +import com.cloud.deploy.DeployDestination; +import com.cloud.exception.ConcurrentOperationException; +import com.cloud.exception.InsufficientCapacityException; +import com.cloud.exception.ResourceUnavailableException; +import com.cloud.network.Network; +import com.cloud.network.Network.Capability; +import com.cloud.network.Network.Provider; +import com.cloud.network.Network.Service; +import com.cloud.offering.NetworkOffering; +import com.cloud.utils.component.AdapterBase; +import com.cloud.utils.db.DB; +import com.cloud.vm.NicProfile; +import com.cloud.vm.ReservationContext; +import com.cloud.vm.VirtualMachine; +import com.cloud.vm.VirtualMachineProfile; + +@Local(value=NetworkElement.class) +public class SecurityGroupElement extends AdapterBase implements NetworkElement { + + @Override + public Map> getCapabilities() { + return null; + } + + @Override + public Provider getProvider() { + return null; + } + + @Override + public boolean implement(Network network, NetworkOffering offering, DeployDestination dest, ReservationContext context) + throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException { + return true; + } + + @Override @DB + public boolean prepare(Network network, NicProfile nic, VirtualMachineProfile vm, DeployDestination dest, + ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException { + return true; + } + + @Override + public boolean release(Network network, NicProfile nic, VirtualMachineProfile vm, ReservationContext context) + throws ConcurrentOperationException, ResourceUnavailableException { + return true; + } + + @Override + public boolean shutdown(Network network, ReservationContext context, boolean cleanup) throws ConcurrentOperationException, ResourceUnavailableException { + return true; + } + + @Override + public boolean destroy(Network network) throws ConcurrentOperationException, ResourceUnavailableException { + return true; + } +} diff --git a/server/src/com/cloud/network/guru/DirectNetworkGuru.java b/server/src/com/cloud/network/guru/DirectNetworkGuru.java index d0d226847c2..21ab47c6d2b 100644 --- a/server/src/com/cloud/network/guru/DirectNetworkGuru.java +++ b/server/src/com/cloud/network/guru/DirectNetworkGuru.java @@ -78,7 +78,7 @@ public class DirectNetworkGuru extends AdapterBase implements NetworkGuru { // this guru handles only non-system network with type=Shared and serviceNat service disabled //TODO - after broadCastDomainType + physical network are introduced, don't rely on network type of the dc if (dc.getNetworkType() == NetworkType.Advanced && offering.getType() == Network.Type.Shared && !_networkMgr.isServiceSupportedByNetworkOffering(offering.getId(), Service.SourceNat)&& offering.getTrafficType() == TrafficType.Guest) { - if (offering.isSecurityGroupEnabled()) { + if (_networkMgr.isServiceSupportedByNetworkOffering(offering.getId(), Service.SecurityGroup)) { return true; } else if (!offering.isSystemOnly()) { return true; @@ -110,8 +110,6 @@ public class DirectNetworkGuru extends AdapterBase implements NetworkGuru { throw new InvalidParameterValueException("cidr and gateway must be specified together."); } - config.setSecurityGroupEnabled(userSpecified.isSecurityGroupEnabled()); - if (userSpecified.getCidr() != null) { config.setCidr(userSpecified.getCidr()); config.setGateway(userSpecified.getGateway()); @@ -128,7 +126,8 @@ public class DirectNetworkGuru extends AdapterBase implements NetworkGuru { } - if (config.isSecurityGroupEnabled()) { + boolean isSecurityGroupEnabled = _networkMgr.isServiceSupportedByNetworkOffering(offering.getId(), Service.SecurityGroup); + if (isSecurityGroupEnabled) { config.setName("SecurityGroupEnabledNetwork"); config.setDisplayText("SecurityGroupEnabledNetwork"); } diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 59bce7e92b0..628e17e4814 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -1253,7 +1253,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian DataCenterDeployment plan = null; DataCenter dc = dest.getDataCenter(); long dcId = dc.getId(); - boolean isPodBased = (dc.getNetworkType() == NetworkType.Basic || guestNetwork.isSecurityGroupEnabled()) && guestNetwork.getTrafficType() == TrafficType.Guest; + boolean isPodBased = (dc.getNetworkType() == NetworkType.Basic || _networkMgr.isServiceSupportedByNetworkOffering(guestNetwork.getNetworkOfferingId(), Service.SecurityGroup)) && guestNetwork.getTrafficType() == TrafficType.Guest; DomainRouterVO router = null; List routers = null; diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java index 63516f0af63..b4783ec615f 100755 --- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java +++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java @@ -63,6 +63,8 @@ import com.cloud.exception.OperationTimedoutException; import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceInUseException; import com.cloud.hypervisor.Hypervisor.HypervisorType; +import com.cloud.network.Network; +import com.cloud.network.Network.Service; import com.cloud.network.NetworkManager; import com.cloud.network.security.SecurityGroupWork.Step; import com.cloud.network.security.dao.IngressRuleDao; @@ -1278,7 +1280,8 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG VirtualMachine vm = _vmDao.findByIdIncludingRemoved(vmId); List nics = _networkMgr.getNicProfiles(vm); for (NicProfile nic : nics) { - if (nic.isSecurityGroupEnabled() && vm.getHypervisorType() != HypervisorType.VMware) { + Network network = _networkMgr.getNetwork(nic.getNetworkId()); + if (_networkMgr.isSecurityGroupSupportedInNetwork(network) && vm.getHypervisorType() != HypervisorType.VMware) { return true; } } diff --git a/server/src/com/cloud/offerings/NetworkOfferingVO.java b/server/src/com/cloud/offerings/NetworkOfferingVO.java index 44f4d7d0ba1..a576db469dc 100644 --- a/server/src/com/cloud/offerings/NetworkOfferingVO.java +++ b/server/src/com/cloud/offerings/NetworkOfferingVO.java @@ -90,10 +90,7 @@ public class NetworkOfferingVO implements NetworkOffering { @Column(name=GenericDao.CREATED_COLUMN) Date created; - - @Column(name="is_security_group_enabled") - boolean securityGroupEnabled; - + @Column(name="type") @Enumerated(value=EnumType.STRING) Network.Type type; @@ -189,11 +186,6 @@ public class NetworkOfferingVO implements NetworkOffering { public String getUniqueName() { return uniqueName; } - - @Override - public boolean isSecurityGroupEnabled() { - return securityGroupEnabled; - } @Override public void setState(State state) { @@ -204,18 +196,13 @@ public class NetworkOfferingVO implements NetworkOffering { public State getState() { return state; } - - @Override - public void setSecurityGroupEnabled(boolean securityGroupEnabled) { - this.securityGroupEnabled = securityGroupEnabled; - } @Override public Network.Type getType() { return type; } - public NetworkOfferingVO(String name, String displayText, TrafficType trafficType, boolean systemOnly, boolean specifyVlan, Integer rateMbps, Integer multicastRateMbps, Integer concurrentConnections, boolean isDefault, Availability availability, String tags, boolean isSecurityGroupEnabled, Network.Type type) { + public NetworkOfferingVO(String name, String displayText, TrafficType trafficType, boolean systemOnly, boolean specifyVlan, Integer rateMbps, Integer multicastRateMbps, Integer concurrentConnections, boolean isDefault, Availability availability, String tags, Network.Type type) { this.name = name; this.displayText = displayText; this.rateMbps = rateMbps; @@ -228,7 +215,6 @@ public class NetworkOfferingVO implements NetworkOffering { this.availability = availability; this.uniqueName = name; this.tags = tags; - this.securityGroupEnabled = isSecurityGroupEnabled; this.type = type; } @@ -241,7 +227,7 @@ public class NetworkOfferingVO implements NetworkOffering { * @param trafficType */ public NetworkOfferingVO(String name, TrafficType trafficType) { - this(name, "System Offering for " + name, trafficType, true, false, 0, 0, null, true, Availability.Required, null, false, null); + this(name, "System Offering for " + name, trafficType, true, false, 0, 0, null, true, Availability.Required, null, null); this.state = State.Enabled; this.type = Type.Shared; } diff --git a/server/src/com/cloud/offerings/dao/NetworkOfferingDaoImpl.java b/server/src/com/cloud/offerings/dao/NetworkOfferingDaoImpl.java index c1eb059cd70..577b16f0520 100644 --- a/server/src/com/cloud/offerings/dao/NetworkOfferingDaoImpl.java +++ b/server/src/com/cloud/offerings/dao/NetworkOfferingDaoImpl.java @@ -77,7 +77,6 @@ public class NetworkOfferingDaoImpl extends GenericDaoBase defaultDirectGuestNetworkOfferingProviders = new HashMap(); + defaultDirectGuestNetworkOfferingProviders.put(Service.Dhcp, Provider.DhcpServer); + defaultDirectGuestNetworkOfferingProviders.put(Service.Dns, Provider.DhcpServer); + defaultDirectGuestNetworkOfferingProviders.put(Service.UserData, Provider.DhcpServer); + defaultDirectGuestNetworkOfferingProviders.put(Service.SecurityGroup, Provider.SecurityGroupProvider); + Map defaultVirtualNetworkOfferingProviders = new HashMap(); defaultVirtualNetworkOfferingProviders.put(Service.Dhcp, Provider.VirtualRouter); defaultVirtualNetworkOfferingProviders.put(Service.Dns, Provider.VirtualRouter); @@ -853,14 +861,14 @@ public class ConfigurationServerImpl implements ConfigurationServer { "System-Guest-Network", TrafficType.Guest, true, false, null, null, null, true, - Availability.Optional, null, true, Network.Type.Shared); + Availability.Optional, null, Network.Type.Shared); guestNetworkOffering.setState(NetworkOffering.State.Enabled); guestNetworkOffering = _networkOfferingDao.persistDefaultNetworkOffering(guestNetworkOffering); - for (Service service : defaultDirectNetworkOfferingProviders.keySet()) { - NetworkOfferingServiceMapVO offService = new NetworkOfferingServiceMapVO(guestNetworkOffering.getId(), service, defaultDirectNetworkOfferingProviders.get(service)); + for (Service service : defaultDirectGuestNetworkOfferingProviders.keySet()) { + NetworkOfferingServiceMapVO offService = new NetworkOfferingServiceMapVO(guestNetworkOffering.getId(), service, defaultDirectGuestNetworkOfferingProviders.get(service)); _offeringServiceMapDao.persist(offService); s_logger.trace("Added service for the network offering: " + offService); } @@ -870,7 +878,7 @@ public class ConfigurationServerImpl implements ConfigurationServer { "Virtual Vlan", TrafficType.Guest, false, false, null, null, null, true, - Availability.Required, null, false, Network.Type.Isolated); + Availability.Required, null, Network.Type.Isolated); defaultGuestNetworkOffering.setState(NetworkOffering.State.Enabled); defaultGuestNetworkOffering = _networkOfferingDao.persistDefaultNetworkOffering(defaultGuestNetworkOffering); @@ -887,7 +895,7 @@ public class ConfigurationServerImpl implements ConfigurationServer { "Direct", TrafficType.Guest, false, true, null, null, null, true, - Availability.Optional, null, false, Network.Type.Shared); + Availability.Optional, null, Network.Type.Shared); defaultGuestDirectNetworkOffering.setState(NetworkOffering.State.Enabled); defaultGuestDirectNetworkOffering = _networkOfferingDao.persistDefaultNetworkOffering(defaultGuestDirectNetworkOffering); diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index e75b760df97..1d14cd01eff 100755 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -424,7 +424,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager } Network defaultNetwork = _networkDao.findById(defaultNic.getNetworkId()); - NicProfile defaultNicProfile = new NicProfile(defaultNic, defaultNetwork, null, null, null); + NicProfile defaultNicProfile = new NicProfile(defaultNic, defaultNetwork, null, null, null, _networkMgr.isSecurityGroupSupportedInNetwork(defaultNetwork)); VirtualMachineProfile vmProfile = new VirtualMachineProfileImpl(vmInstance); vmProfile.setParameter(VirtualMachineProfile.Param.VmPassword, password); @@ -2079,7 +2079,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager throw new InvalidParameterValueException("Unable to find network by id " + networkIdList.get(0).longValue()); } - if (!network.isSecurityGroupEnabled()) { + if (!_networkMgr.isSecurityGroupSupportedInNetwork(network)) { throw new InvalidParameterValueException("Network is not security group enabled: " + network.getId()); } @@ -2096,11 +2096,12 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager throw new InvalidParameterValueException("Unable to find network by id " + networkIdList.get(0).longValue()); } - if (network.isSecurityGroupEnabled() && networkIdList.size() > 1) { + boolean isSecurityGroupEnabled = _networkMgr.isServiceSupportedByNetworkOffering(network.getNetworkOfferingId(), Service.SecurityGroup); + if (isSecurityGroupEnabled && networkIdList.size() > 1) { throw new InvalidParameterValueException("Can't create a vm with multiple networks one of which is Security Group enabled"); } - if (network.getTrafficType() != TrafficType.Guest || network.getType() != Network.Type.Shared || (network.getType() == Network.Type.Shared && !network.isSecurityGroupEnabled())) { + if (network.getTrafficType() != TrafficType.Guest || network.getType() != Network.Type.Shared || (network.getType() == Network.Type.Shared && !isSecurityGroupEnabled)) { throw new InvalidParameterValueException("Can specify only Direct Guest Account specific networks when deploy vm in Security Group enabled zone"); } diff --git a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java index b42747555c0..42a7051e422 100755 --- a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java +++ b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java @@ -42,10 +42,11 @@ import com.cloud.agent.api.AgentControlCommand; import com.cloud.agent.api.Answer; import com.cloud.agent.api.CheckVirtualMachineAnswer; import com.cloud.agent.api.CheckVirtualMachineCommand; +import com.cloud.agent.api.ClusterSyncAnswer; +import com.cloud.agent.api.ClusterSyncCommand; import com.cloud.agent.api.Command; import com.cloud.agent.api.MigrateAnswer; import com.cloud.agent.api.MigrateCommand; -import com.cloud.agent.api.PingRoutingCommand; import com.cloud.agent.api.PrepareForMigrationAnswer; import com.cloud.agent.api.PrepareForMigrationCommand; import com.cloud.agent.api.RebootAnswer; @@ -54,12 +55,9 @@ import com.cloud.agent.api.StartAnswer; import com.cloud.agent.api.StartCommand; import com.cloud.agent.api.StartupCommand; import com.cloud.agent.api.StartupRoutingCommand; -import com.cloud.agent.api.StartupRoutingCommand.VmState; import com.cloud.agent.api.StopAnswer; import com.cloud.agent.api.StopCommand; import com.cloud.agent.api.to.VirtualMachineTO; -import com.cloud.agent.api.ClusterSyncAnswer; -import com.cloud.agent.api.ClusterSyncCommand; import com.cloud.agent.manager.Commands; import com.cloud.agent.manager.allocator.HostAllocator; import com.cloud.alert.AlertManager; @@ -1838,7 +1836,7 @@ public class VirtualMachineManagerImpl implements VirtualMachineManager, Listene List nics = _nicsDao.listByVmId(profile.getId()); for (NicVO nic : nics) { Network network = _networkMgr.getNetwork(nic.getNetworkId()); - NicProfile nicProfile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), null); + NicProfile nicProfile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), null, _networkMgr.isSecurityGroupSupportedInNetwork(network)); profile.addNic(nicProfile); } diff --git a/setup/db/create-schema.sql b/setup/db/create-schema.sql index a73eb83ecf7..743f69f0a31 100755 --- a/setup/db/create-schema.sql +++ b/setup/db/create-schema.sql @@ -188,7 +188,6 @@ CREATE TABLE `cloud`.`networks` ( `is_default` int(1) unsigned NOT NULL DEFAULT 0 COMMENT '1 if network is default', `created` datetime NOT NULL COMMENT 'date created', `removed` datetime COMMENT 'date removed if not null', - `is_security_group_enabled` tinyint NOT NULL DEFAULT 0 COMMENT '1: enabled, 0: not', `type` char(32) COMMENT 'type of the network, can be Shared or Isolated', PRIMARY KEY (`id`), CONSTRAINT `fk_networks__network_offering_id` FOREIGN KEY (`network_offering_id`) REFERENCES `network_offerings`(`id`), @@ -264,7 +263,6 @@ CREATE TABLE `cloud`.`network_offerings` ( `default` int(1) unsigned NOT NULL DEFAULT 0 COMMENT '1 if network offering is default', `availability` varchar(255) NOT NULL COMMENT 'availability of the network', `shared_source_nat_service` int(1) unsigned NOT NULL DEFAULT 0 COMMENT 'true if the network offering provides the shared source nat service', - `is_security_group_enabled` tinyint NOT NULL DEFAULT 0 COMMENT '1: enabled, 0: not', `state` char(32) COMMENT 'state of the network offering; has Disabled value by default', `type` char(32) COMMENT 'type of the network offering, can be Shared or Isolated', PRIMARY KEY (`id`), @@ -500,6 +498,7 @@ CREATE TABLE `cloud`.`data_center` ( `userdata_provider` char(64) DEFAULT 'VirtualRouter', `allocation_state` varchar(32) NOT NULL DEFAULT 'Enabled' COMMENT 'Is this data center enabled for allocation for new resources', `zone_token` varchar(255), + `is_security_group_enabled` tinyint NOT NULL DEFAULT 0 COMMENT '1: enabled, 0: not', `removed` datetime COMMENT 'date removed if not null', PRIMARY KEY (`id`), CONSTRAINT `fk_data_center__domain_id` FOREIGN KEY (`domain_id`) REFERENCES `domain`(`id`),