diff --git a/api/src/com/cloud/agent/api/PlugNicCommand.java b/api/src/com/cloud/agent/api/PlugNicCommand.java index 4222e4c4369..7d340046bb2 100644 --- a/api/src/com/cloud/agent/api/PlugNicCommand.java +++ b/api/src/com/cloud/agent/api/PlugNicCommand.java @@ -21,7 +21,7 @@ import com.cloud.agent.api.to.VirtualMachineTO; public class PlugNicCommand extends Command { VirtualMachineTO vm; - NicTO nic; + NicTO nic; public VirtualMachineTO getVirtualMachine() { return vm; @@ -43,4 +43,5 @@ public class PlugNicCommand extends Command { this.vm = vm; this.nic = nic; } + } diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index d7780fd626b..34cc29a56ee 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -1863,46 +1863,19 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian @Override public boolean finalizeCommandsOnStart(Commands cmds, VirtualMachineProfile profile) { DomainRouterVO router = profile.getVirtualMachine(); - DataCenterVO dcVo = _dcDao.findById(router.getDataCenterIdToDeployIn()); - - NicProfile controlNic = null; - - if(profile.getHypervisorType() == HypervisorType.VMware && dcVo.getNetworkType() == NetworkType.Basic) { - // TODO this is a ugly to test hypervisor type here - // for basic network mode, we will use the guest NIC for control NIC - for (NicProfile nic : profile.getNics()) { - if (nic.getTrafficType() == TrafficType.Guest && nic.getIp4Address() != null) { - controlNic = nic; - } - } - } else { - for (NicProfile nic : profile.getNics()) { - if (nic.getTrafficType() == TrafficType.Control && nic.getIp4Address() != null) { - controlNic = nic; - } - } - } + NicProfile controlNic = getControlNic(profile); if (controlNic == null) { s_logger.error("Control network doesn't exist for the router " + router); return false; } - cmds.addCommand("checkSsh", new CheckSshCommand(profile.getInstanceName(), controlNic.getIp4Address(), 3922)); - - // Update router template/scripts version - final GetDomRVersionCmd command = new GetDomRVersionCmd(); - command.setAccessDetail(NetworkElementCommand.ROUTER_IP, controlNic.getIp4Address()); - command.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName()); - cmds.addCommand("getDomRVersion", command); - - // Network usage command to create iptables rules - boolean forVpc = profile.getVirtualMachine().getVpcId() != null; - cmds.addCommand("networkUsage", new NetworkUsageCommand(controlNic.getIp4Address(), router.getHostName(), "create", forVpc)); + finalizeSshAndVersionAndNetworkUsageOnStart(cmds, profile, router, controlNic); // restart network if restartNetwork = false is not specified in profile parameters boolean reprogramGuestNtwks = true; - if (profile.getParameter(Param.ReProgramGuestNetworks) != null && (Boolean) profile.getParameter(Param.ReProgramGuestNetworks) == false) { + if (profile.getParameter(Param.ReProgramGuestNetworks) != null + && (Boolean) profile.getParameter(Param.ReProgramGuestNetworks) == false) { reprogramGuestNtwks = false; } @@ -1918,141 +1891,184 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian List routerGuestNtwkIds = _routerDao.getRouterNetworks(router.getId()); for (Long guestNetworkId : routerGuestNtwkIds) { if (reprogramGuestNtwks) { - s_logger.debug("Resending ipAssoc, port forwarding, load balancing rules as a part of Virtual router start"); - long ownerId = router.getAccountId(); - - final List userIps = _networkMgr.listPublicIpsAssignedToGuestNtwk(ownerId, guestNetworkId, null); - List allPublicIps = new ArrayList(); - if (userIps != null && !userIps.isEmpty()) { - for (IPAddressVO userIp : userIps) { - PublicIp publicIp = new PublicIp(userIp, _vlanDao.findById(userIp.getVlanId()), - NetUtils.createSequenceBasedMacAddress(userIp.getMacAddress())); - allPublicIps.add(publicIp); - } - } - - //Get public Ips that should be handled by router - Network network = _networkDao.findById(guestNetworkId); - Map> ipToServices = _networkMgr.getIpToServices(allPublicIps, false, false); - Map> providerToIpList = _networkMgr.getProviderToIpList(network, ipToServices); - // Only cover virtual router for now, if ELB use it this need to be modified - ArrayList publicIps = providerToIpList.get(Provider.VirtualRouter); - - s_logger.debug("Found " + publicIps.size() + " ip(s) to apply as a part of domR " + router + " start."); - - if (!publicIps.isEmpty()) { - - List vpns = new ArrayList(); - List pfRules = new ArrayList(); - List staticNatFirewallRules = new ArrayList(); - List staticNats = new ArrayList(); - List firewallRules = new ArrayList(); - - // Re-apply public ip addresses - should come before PF/LB/VPN - if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) { - createAssociateIPCommands(router, publicIps, cmds, 0); - } - - //Get information about all the rules (StaticNats and StaticNatRules; PFVPN to reapply on domR start) - for (PublicIp ip : publicIps) { - if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.PortForwarding, provider)) { - pfRules.addAll(_pfRulesDao.listForApplication(ip.getId())); - } - if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) { - staticNatFirewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.StaticNat)); - } - if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) { - firewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.Firewall)); - } - - if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Vpn, provider)) { - RemoteAccessVpn vpn = _vpnDao.findById(ip.getId()); - if (vpn != null) { - vpns.add(vpn); - } - - if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) { - if (ip.isOneToOneNat()) { - String dstIp = _networkMgr.getIpInNetwork(ip.getAssociatedWithVmId(), guestNetworkId); - StaticNatImpl staticNat = new StaticNatImpl(ip.getAccountId(), ip.getDomainId(), guestNetworkId, ip.getId(), dstIp, false); - staticNats.add(staticNat); - } - } - } - - //Re-apply static nats - s_logger.debug("Found " + staticNats.size() + " static nat(s) to apply as a part of domR " + router + " start."); - if (!staticNats.isEmpty()) { - createApplyStaticNatCommands(staticNats, router, cmds, guestNetworkId); - } - - //Re-apply firewall rules - s_logger.debug("Found " + staticNats.size() + " firewall rule(s) to apply as a part of domR " + router + " start."); - if (!firewallRules.isEmpty()) { - createFirewallRulesCommands(firewallRules, router, cmds, guestNetworkId); - } - - // Re-apply port forwarding rules - s_logger.debug("Found " + pfRules.size() + " port forwarding rule(s) to apply as a part of domR " + router + " start."); - if (!pfRules.isEmpty()) { - createApplyPortForwardingRulesCommands(pfRules, router, cmds, guestNetworkId); - } - - // Re-apply static nat rules - s_logger.debug("Found " + staticNatFirewallRules.size() + " static nat rule(s) to apply as a part of domR " + router + " start."); - if (!staticNatFirewallRules.isEmpty()) { - List staticNatRules = new ArrayList(); - for (FirewallRule rule : staticNatFirewallRules) { - staticNatRules.add(_rulesMgr.buildStaticNatRule(rule, false)); - } - createApplyStaticNatRulesCommands(staticNatRules, router, cmds, guestNetworkId); - } - - // Re-apply vpn rules - s_logger.debug("Found " + vpns.size() + " vpn(s) to apply as a part of domR " + router + " start."); - if (!vpns.isEmpty()) { - for (RemoteAccessVpn vpn : vpns) { - createApplyVpnCommands(vpn, router, cmds); - } - } - - List lbs = _loadBalancerDao.listByNetworkId(guestNetworkId); - List lbRules = new ArrayList(); - if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Lb, provider)) { - // Re-apply load balancing rules - for (LoadBalancerVO lb : lbs) { - List dstList = _lbMgr.getExistingDestinations(lb.getId()); - List policyList = _lbMgr.getStickinessPolicies(lb.getId()); - LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList, policyList); - lbRules.add(loadBalancing); - } - } - - s_logger.debug("Found " + lbRules.size() + " load balancing rule(s) to apply as a part of domR " + router + " start."); - if (!lbRules.isEmpty()) { - createApplyLoadBalancingRulesCommands(lbRules, router, cmds, guestNetworkId); - } - } - - } + finalizeNetworkRulesForNetwork(cmds, router, provider, guestNetworkId); } - if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Dhcp, provider)) { - // Resend dhcp - s_logger.debug("Reapplying dhcp entries as a part of domR " + router + " start..."); - createDhcpEntryCommandsForVMs(router, cmds, guestNetworkId); - } - - if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.UserData, provider)) { - // Resend user data - s_logger.debug("Reapplying vm data (userData and metaData) entries as a part of domR " + router + " start..."); - createVmDataCommandForVMs(router, cmds, guestNetworkId); - } + finalizeUserDataAndDhcpOnStart(cmds, router, provider, guestNetworkId); } return true; } + protected NicProfile getControlNic(VirtualMachineProfile profile) { + DomainRouterVO router = profile.getVirtualMachine(); + DataCenterVO dcVo = _dcDao.findById(router.getDataCenterIdToDeployIn()); + NicProfile controlNic = null; + if (profile.getHypervisorType() == HypervisorType.VMware && dcVo.getNetworkType() == NetworkType.Basic) { + // TODO this is a ugly to test hypervisor type here + // for basic network mode, we will use the guest NIC for control NIC + for (NicProfile nic : profile.getNics()) { + if (nic.getTrafficType() == TrafficType.Guest && nic.getIp4Address() != null) { + controlNic = nic; + } + } + } else { + for (NicProfile nic : profile.getNics()) { + if (nic.getTrafficType() == TrafficType.Control && nic.getIp4Address() != null) { + controlNic = nic; + } + } + } + return controlNic; + } + + protected void finalizeSshAndVersionAndNetworkUsageOnStart(Commands cmds, VirtualMachineProfile profile, DomainRouterVO router, NicProfile controlNic) { + cmds.addCommand("checkSsh", new CheckSshCommand(profile.getInstanceName(), controlNic.getIp4Address(), 3922)); + + // Update router template/scripts version + final GetDomRVersionCmd command = new GetDomRVersionCmd(); + command.setAccessDetail(NetworkElementCommand.ROUTER_IP, controlNic.getIp4Address()); + command.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName()); + cmds.addCommand("getDomRVersion", command); + + // Network usage command to create iptables rules + boolean forVpc = profile.getVirtualMachine().getVpcId() != null; + cmds.addCommand("networkUsage", new NetworkUsageCommand(controlNic.getIp4Address(), router.getHostName(), "create", forVpc)); + } + + protected void finalizeUserDataAndDhcpOnStart(Commands cmds, DomainRouterVO router, Provider provider, Long guestNetworkId) { + if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Dhcp, provider)) { + // Resend dhcp + s_logger.debug("Reapplying dhcp entries as a part of domR " + router + " start..."); + createDhcpEntryCommandsForVMs(router, cmds, guestNetworkId); + } + + if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.UserData, provider)) { + // Resend user data + s_logger.debug("Reapplying vm data (userData and metaData) entries as a part of domR " + router + " start..."); + createVmDataCommandForVMs(router, cmds, guestNetworkId); + } + } + + protected void finalizeNetworkRulesForNetwork(Commands cmds, DomainRouterVO router, Provider provider, Long guestNetworkId) { + s_logger.debug("Resending ipAssoc, port forwarding, load balancing rules as a part of Virtual router start"); + long ownerId = router.getAccountId(); + + final List userIps = _networkMgr.listPublicIpsAssignedToGuestNtwk(ownerId, guestNetworkId, null); + List allPublicIps = new ArrayList(); + if (userIps != null && !userIps.isEmpty()) { + for (IPAddressVO userIp : userIps) { + PublicIp publicIp = new PublicIp(userIp, _vlanDao.findById(userIp.getVlanId()), + NetUtils.createSequenceBasedMacAddress(userIp.getMacAddress())); + allPublicIps.add(publicIp); + } + } + + //Get public Ips that should be handled by router + Network network = _networkDao.findById(guestNetworkId); + Map> ipToServices = _networkMgr.getIpToServices(allPublicIps, false, false); + Map> providerToIpList = _networkMgr.getProviderToIpList(network, ipToServices); + // Only cover virtual router for now, if ELB use it this need to be modified + + ArrayList publicIps = providerToIpList.get(provider); + + s_logger.debug("Found " + publicIps.size() + " ip(s) to apply as a part of domR " + router + " start."); + + if (!publicIps.isEmpty()) { + List vpns = new ArrayList(); + List pfRules = new ArrayList(); + List staticNatFirewallRules = new ArrayList(); + List staticNats = new ArrayList(); + List firewallRules = new ArrayList(); + + // Re-apply public ip addresses - should come before PF/LB/VPN + if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) { + createAssociateIPCommands(router, publicIps, cmds, 0); + } + + //Get information about all the rules (StaticNats and StaticNatRules; PFVPN to reapply on domR start) + for (PublicIp ip : publicIps) { + if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.PortForwarding, provider)) { + pfRules.addAll(_pfRulesDao.listForApplication(ip.getId())); + } + if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) { + staticNatFirewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.StaticNat)); + } + if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) { + firewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.Firewall)); + } + + if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Vpn, provider)) { + RemoteAccessVpn vpn = _vpnDao.findById(ip.getId()); + if (vpn != null) { + vpns.add(vpn); + } + } + + if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) { + if (ip.isOneToOneNat()) { + String dstIp = _networkMgr.getIpInNetwork(ip.getAssociatedWithVmId(), guestNetworkId); + StaticNatImpl staticNat = new StaticNatImpl(ip.getAccountId(), ip.getDomainId(), guestNetworkId, ip.getId(), dstIp, false); + staticNats.add(staticNat); + } + } + } + + //Re-apply static nats + s_logger.debug("Found " + staticNats.size() + " static nat(s) to apply as a part of domR " + router + " start."); + if (!staticNats.isEmpty()) { + createApplyStaticNatCommands(staticNats, router, cmds, guestNetworkId); + } + + //Re-apply firewall rules + s_logger.debug("Found " + staticNats.size() + " firewall rule(s) to apply as a part of domR " + router + " start."); + if (!firewallRules.isEmpty()) { + createFirewallRulesCommands(firewallRules, router, cmds, guestNetworkId); + } + + // Re-apply port forwarding rules + s_logger.debug("Found " + pfRules.size() + " port forwarding rule(s) to apply as a part of domR " + router + " start."); + if (!pfRules.isEmpty()) { + createApplyPortForwardingRulesCommands(pfRules, router, cmds, guestNetworkId); + } + + // Re-apply static nat rules + s_logger.debug("Found " + staticNatFirewallRules.size() + " static nat rule(s) to apply as a part of domR " + router + " start."); + if (!staticNatFirewallRules.isEmpty()) { + List staticNatRules = new ArrayList(); + for (FirewallRule rule : staticNatFirewallRules) { + staticNatRules.add(_rulesMgr.buildStaticNatRule(rule, false)); + } + createApplyStaticNatRulesCommands(staticNatRules, router, cmds, guestNetworkId); + } + + // Re-apply vpn rules + s_logger.debug("Found " + vpns.size() + " vpn(s) to apply as a part of domR " + router + " start."); + if (!vpns.isEmpty()) { + for (RemoteAccessVpn vpn : vpns) { + createApplyVpnCommands(vpn, router, cmds); + } + } + + List lbs = _loadBalancerDao.listByNetworkId(guestNetworkId); + List lbRules = new ArrayList(); + if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Lb, provider)) { + // Re-apply load balancing rules + for (LoadBalancerVO lb : lbs) { + List dstList = _lbMgr.getExistingDestinations(lb.getId()); + List policyList = _lbMgr.getStickinessPolicies(lb.getId()); + LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList, policyList); + lbRules.add(loadBalancing); + } + } + + s_logger.debug("Found " + lbRules.size() + " load balancing rule(s) to apply as a part of domR " + router + " start."); + if (!lbRules.isEmpty()) { + createApplyLoadBalancingRulesCommands(lbRules, router, cmds, guestNetworkId); + } + } + } + @Override public boolean finalizeStart(VirtualMachineProfile profile, long hostId, Commands cmds, ReservationContext context) { diff --git a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java index 4bb5c1879bc..425f18259e6 100644 --- a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java @@ -706,13 +706,22 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian DomainRouterVO router = profile.getVirtualMachine(); boolean isVpc = (router.getVpcId() != null); - boolean result = super.finalizeCommandsOnStart(cmds, profile); - if (!isVpc) { - return result; + return super.finalizeCommandsOnStart(cmds, profile); } - //Get guest nic info + + //1) FORM SSH CHECK COMMAND + NicProfile controlNic = getControlNic(profile); + if (controlNic == null) { + s_logger.error("Control network doesn't exist for the router " + router); + return false; + } + + finalizeSshAndVersionAndNetworkUsageOnStart(cmds, profile, router, controlNic); + + + //2) FORM PLUG NIC COMMANDS Map guestNics = new HashMap(); Map publicNics = new HashMap(); @@ -767,27 +776,47 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian return false; } + //3) REAPPLY FIREWALL RULES boolean reprogramGuestNtwks = true; - if (profile.getParameter(Param.ReProgramGuestNetworks) != null && (Boolean) profile.getParameter(Param.ReProgramGuestNetworks) == false) { + if (profile.getParameter(Param.ReProgramGuestNetworks) != null + && (Boolean) profile.getParameter(Param.ReProgramGuestNetworks) == false) { reprogramGuestNtwks = false; } - - //get network ACLs for the router + + VirtualRouterProvider vrProvider = _vrProviderDao.findById(router.getElementId()); + if (vrProvider == null) { + throw new CloudRuntimeException("Cannot find related virtual router provider of router: " + router.getHostName()); + } + Provider provider = Network.Provider.getProvider(vrProvider.getType().toString()); + if (provider == null) { + throw new CloudRuntimeException("Cannot find related provider of virtual router provider: " + vrProvider.getType().toString()); + } + List routerGuestNtwkIds = _routerDao.getRouterNetworks(router.getId()); - if (reprogramGuestNtwks) { - for (Long guestNetworkId : routerGuestNtwkIds) { - s_logger.debug("Resending network ACLs as a part of VPC Virtual router start"); - - if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, Provider.VPCVirtualRouter)) { - List networkACLs = _networkACLService.listNetworkACLs(guestNetworkId); - s_logger.debug("Found " + networkACLs.size() + " network ACLs to apply as a part of VPC VR " + router + " start."); - if (!networkACLs.isEmpty()) { - createNetworkACLsCommands((List)networkACLs, router, cmds, guestNetworkId); - } - } + for (Long guestNetworkId : routerGuestNtwkIds) { + if (reprogramGuestNtwks) { + finalizeNetworkRulesForNetwork(cmds, router, provider, guestNetworkId); } + + finalizeUserDataAndDhcpOnStart(cmds, router, provider, guestNetworkId); } - return result; + return true; + } + + + @Override + protected void finalizeNetworkRulesForNetwork(Commands cmds, DomainRouterVO router, Provider provider, Long guestNetworkId) { + + super.finalizeNetworkRulesForNetwork(cmds, router, provider, guestNetworkId); + + if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, Provider.VPCVirtualRouter)) { + List networkACLs = _networkACLService.listNetworkACLs(guestNetworkId); + s_logger.debug("Found " + networkACLs.size() + " network ACLs to apply as a part of VPC VR " + router + + " start for guest network id=" + guestNetworkId); + if (!networkACLs.isEmpty()) { + createNetworkACLsCommands((List)networkACLs, router, cmds, guestNetworkId); + } + } } }