etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bug 10731: reverting back source cidr changes for loadbalancer and portforwarding

This commit is contained in:
Abhinandan Prateek 2011-08-09 16:01:48 +05:30
parent e466f49fc6
commit 311afeae23
17 changed files with 23 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
api/src/com/cloud/agent/api/to/LoadBalancerTO.java
View File

@ -27,14 +27,13 @@ public class LoadBalancerTO {
String srcIp;
int srcPort;
String protocol;
List<String> sourceCidrs;
String algorithm;
boolean revoked;
boolean alreadyAdded;
DestinationTO[] destinations;
public LoadBalancerTO (String srcIp, int srcPort, String protocol, List<String> sourceCidrs, String algorithm, boolean revoked, boolean alreadyAdded, List<LbDestination> destinations) {
public LoadBalancerTO (String srcIp, int srcPort, String protocol, String algorithm, boolean revoked, boolean alreadyAdded, List<LbDestination> destinations) {
this.srcIp = srcIp;
this.srcPort = srcPort;
this.protocol = protocol;
@ -42,7 +41,6 @@ public class LoadBalancerTO {
this.revoked = revoked;
this.alreadyAdded = alreadyAdded;
this.destinations = new DestinationTO[destinations.size()];
this.sourceCidrs = sourceCidrs;
int i = 0;
for (LbDestination destination : destinations) {
this.destinations[i++] = new DestinationTO(destination.getIpAddress(), destination.getDestinationPortStart(), destination.isRevoked(), false);
@ -59,14 +57,6 @@ public class LoadBalancerTO {
public int getSrcPort() {
return srcPort;
}
public List<String> getSourceCidrs(){
return sourceCidrs;
}
public String getStringSourceCidrs(){
return StringUtils.join(sourceCidrs, "-");
}
public String getAlgorithm() {
return algorithm;

10
api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java
View File

@ -33,7 +33,6 @@ import com.cloud.utils.net.NetUtils;
public class PortForwardingRuleTO extends FirewallRuleTO {
String dstIp;
int[] dstPortRange;
List<String> sourceCidrs;
protected PortForwardingRuleTO() {
super();
@ -43,7 +42,6 @@ public class PortForwardingRuleTO extends FirewallRuleTO {
super(rule, srcIp);
this.dstIp = rule.getDestinationIpAddress().addr();
this.dstPortRange = new int[] { rule.getDestinationPortStart(), rule.getDestinationPortEnd() };
this.sourceCidrs = rule.getSourceCidrList();
}
protected PortForwardingRuleTO(long id, String srcIp, int srcPortStart, int srcPortEnd, String dstIp, int dstPortStart, int dstPortEnd, String protocol, boolean revoked, boolean brandNew) {
@ -64,12 +62,4 @@ public class PortForwardingRuleTO extends FirewallRuleTO {
return NetUtils.portRangeToString(dstPortRange);
}
public List<String> getSourceCidrs(){
return sourceCidrs;
}
public String getStringSourceCidrs(){
return StringUtils.join(sourceCidrs, ",");
}
}

4
api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java
View File

@ -264,8 +264,4 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Sta
return null;
}
@Override
public List<String> getSourceCidrList() {
return null;
}
}

17
api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java
View File

@ -72,9 +72,6 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCmd /*implements LoadBa
@Parameter(name=ApiConstants.PUBLIC_PORT, type=CommandType.INTEGER, required=true, description="the public port from where the network traffic will be load balanced from")
private Integer publicPort;
@Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the cidr list to forward traffic from")
private List<String> cidrlist;
@Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN, description = "if true, firewall rule for source/end pubic port is automatically created; if false - firewall rule has to be created explicitely. Has value true by default")
private Boolean openFirewall;
@ -120,10 +117,6 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCmd /*implements LoadBa
public String getName() {
return loadBalancerRuleName;
}
public List<String> getSourceCidrList() {
return cidrlist;
}
public Boolean getOpenFirewall() {
if (openFirewall != null) {
@ -143,15 +136,7 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCmd /*implements LoadBa
}
@Override
public void execute() throws ResourceAllocationException, ResourceUnavailableException {
if (cidrlist != null){
for (String cidr: cidrlist){
if (!NetUtils.isValidCIDR(cidr)){
throw new ServerApiException(BaseCmd.PARAM_ERROR, "Source cidrs formatting error " + cidr);
}
}
}
public void execute() throws ResourceAllocationException, ResourceUnavailableException {
LoadBalancer result = null;
try {
result = _lbService.createLoadBalancerRule(this, getOpenFirewall());

7
api/src/com/cloud/network/lb/LoadBalancingRule.java
View File

@ -65,12 +65,7 @@ public class LoadBalancingRule implements FirewallRule, LoadBalancer{
public int getDefaultPortEnd() {
return lb.getDefaultPortEnd();
}
@Override
public List<String> getSourceCidrList() {
return lb.getSourceCidrList();
}
@Override
public String getAlgorithm() {

1
api/src/com/cloud/network/rules/FirewallRule.java
View File

@ -74,5 +74,4 @@ public interface FirewallRule extends ControlledEntity {
Integer getIcmpType();
List<String> getSourceCidrList();
}

4
server/src/com/cloud/network/LoadBalancerVO.java
View File

@ -54,8 +54,8 @@ public class LoadBalancerVO extends FirewallRuleVO implements LoadBalancer {
public LoadBalancerVO() {
}
public LoadBalancerVO(String xId, String name, String description, long srcIpId, int srcPort, int dstPort, List<String> sourceCidrs, String algorithm, long networkId, long accountId, long domainId) {
super(xId, srcIpId, srcPort, NetUtils.TCP_PROTO, networkId, accountId, domainId, Purpose.LoadBalancing, sourceCidrs, null, null);
public LoadBalancerVO(String xId, String name, String description, long srcIpId, int srcPort, int dstPort, String algorithm, long networkId, long accountId, long domainId) {
super(xId, srcIpId, srcPort, NetUtils.TCP_PROTO, networkId, accountId, domainId, Purpose.LoadBalancing, null, null);
this.name = name;
this.description = description;
this.algorithm = algorithm;

20
server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java
View File

@ -176,26 +176,6 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
return listBy(sc);
}
@Override @DB
public FirewallRuleVO persist(FirewallRuleVO firewallRule) {
Transaction txn = Transaction.currentTxn();
txn.start();
FirewallRuleVO dbfirewallRule = super.persist(firewallRule);
saveSourceCidrs(firewallRule);
txn.commit();
return dbfirewallRule;
}
public void saveSourceCidrs(FirewallRuleVO firewallRule) {
List<String> cidrlist = firewallRule.getSourceCidrList();
if (cidrlist == null) {
return;
}
_firewallRulesCidrsDao.persist(firewallRule.getId(), cidrlist);
}
@Override
public List<FirewallRuleVO> listByIpPurposeAndProtocolAndNotRevoked(long ipAddressId, Integer startPort, Integer endPort, String protocol, FirewallRule.Purpose purpose) {

17
server/src/com/cloud/network/firewall/FirewallManagerImpl.java
View File

@ -99,13 +99,13 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
public FirewallRule createFirewallRule(FirewallRule rule) throws NetworkRuleConflictException {
Account caller = UserContext.current().getCaller();
return createFirewallRule(rule.getSourceIpAddressId(), caller, rule.getXid(), rule.getSourcePortStart() ,rule.getSourcePortEnd(), rule.getProtocol(), rule.getSourceCidrList(), rule.getIcmpCode(), rule.getIcmpType());
return createFirewallRule(rule.getSourceIpAddressId(), caller, rule.getXid(), rule.getSourcePortStart() ,rule.getSourcePortEnd(), rule.getProtocol(), rule.getIcmpCode(), rule.getIcmpType());
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_FIREWALL_OPEN, eventDescription = "creating firewll rule", create = true)
public FirewallRule createFirewallRule(long ipAddrId, Account caller, String xId, Integer portStart,Integer portEnd, String protocol, List<String> sourceCidrList, Integer icmpCode, Integer icmpType) throws NetworkRuleConflictException{
public FirewallRule createFirewallRule(long ipAddrId, Account caller, String xId, Integer portStart,Integer portEnd, String protocol, Integer icmpCode, Integer icmpType) throws NetworkRuleConflictException{
IPAddressVO ipAddress = _ipAddressDao.findById(ipAddrId);
// Validate ip address
@ -128,7 +128,7 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
Transaction txn = Transaction.currentTxn();
txn.start();
FirewallRuleVO newRule = new FirewallRuleVO (xId, ipAddrId, portStart, portEnd, protocol.toLowerCase(), networkId, accountId, domainId, Purpose.Firewall, sourceCidrList, icmpCode, icmpType);
FirewallRuleVO newRule = new FirewallRuleVO (xId, ipAddrId, portStart, portEnd, protocol.toLowerCase(), networkId, accountId, domainId, Purpose.Firewall, icmpCode, icmpType);
newRule = _firewallDao.persist(newRule);
detectRulesConflict(newRule, ipAddress);
@ -334,12 +334,6 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
return true;
}
for (FirewallRuleVO rule: rules){
// load cidrs if any
rule.setSourceCidrList(_firewallCidrsDao.getSourceCidrs(rule.getId()));
}
if (caller != null) {
_accountMgr.checkAccess(caller, rules.toArray(new FirewallRuleVO[rules.size()]));
}
@ -463,10 +457,7 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
if (!rules.isEmpty()) {
return rules.get(0);
}
List<String> oneCidr = new ArrayList<String>();
oneCidr.add(NetUtils.ALL_CIDRS);
return createFirewallRule(ipAddrId, caller, null, startPort, endPort, protocol, oneCidr, icmpCode, icmpType);
return createFirewallRule(ipAddrId, caller, null, startPort, endPort, protocol, icmpCode, icmpType);
}
@Override

3
server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
View File

@ -284,8 +284,7 @@ public class ElasticLoadBalancerManagerImpl implements
.addr();
int srcPort = rule.getSourcePortStart();
List<LbDestination> destinations = rule.getDestinations();
LoadBalancerTO lb = new LoadBalancerTO(elbIp, srcPort, protocol, null,
algorithm, revoked, false, destinations);
LoadBalancerTO lb = new LoadBalancerTO(elbIp, srcPort, protocol, algorithm, revoked, false, destinations);
lbs[i++] = lb;
}

2
server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
View File

@ -421,7 +421,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
}
LoadBalancerVO newRule = new LoadBalancerVO(lb.getXid(), lb.getName(), lb.getDescription(), lb.getSourceIpAddressId(), lb.getSourcePortEnd(), lb.getDefaultPortStart(),
lb.getSourceCidrList(), lb.getAlgorithm(), network.getId(), ipAddr.getAccountId(), ipAddr.getDomainId());
lb.getAlgorithm(), network.getId(), ipAddr.getAccountId(), ipAddr.getDomainId());
newRule = _lbDao.persist(newRule);
boolean success = true;

6
server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
View File

@ -1912,12 +1912,10 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
boolean revoked = (rule.getState().equals(FirewallRule.State.Revoke));
String protocol = rule.getProtocol();
String algorithm = rule.getAlgorithm();
List<String> sourceCidrs = rule.getSourceCidrList();
String srcIp = _networkMgr.getIp(rule.getSourceIpAddressId()).getAddress().addr();
int srcPort = rule.getSourcePortStart();
List<LbDestination> destinations = rule.getDestinations();
LoadBalancerTO lb = new LoadBalancerTO(srcIp, srcPort, protocol, sourceCidrs, algorithm, revoked, false, destinations);
LoadBalancerTO lb = new LoadBalancerTO(srcIp, srcPort, protocol, algorithm, revoked, false, destinations);
lbs[i++] = lb;
}
@ -2083,8 +2081,6 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
List<LoadBalancingRule> lbRules = new ArrayList<LoadBalancingRule>();
for (LoadBalancerVO lb : lbs) {
List<LbDestination> dstList = _lbMgr.getExistingDestinations(lb.getId());
// load the cidrs,
lb.setSourceCidrList(_firewallCidrsDao.getSourceCidrs(lb.getId()));
LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList);
lbRules.add(loadBalancing);
}

2
server/src/com/cloud/network/rules/FirewallManager.java
View File

@ -48,7 +48,7 @@ public interface FirewallManager extends FirewallService{
*/
boolean revokeFirewallRule(long ruleId, boolean apply, Account caller, long userId);
FirewallRule createFirewallRule(long ipAddrId, Account caller, String xId, Integer portStart, Integer portEnd, String protocol, List<String> sourceCidrList, Integer icmpCode, Integer icmpType)
FirewallRule createFirewallRule(long ipAddrId, Account caller, String xId, Integer portStart, Integer portEnd, String protocol, Integer icmpCode, Integer icmpType)
throws NetworkRuleConflictException;
FirewallRule createRuleForAllCidrs(long ipAddrId, Account caller, Integer startPort, Integer endPort, String protocol, Integer icmpCode, Integer icmpType) throws NetworkRuleConflictException;

24
server/src/com/cloud/network/rules/FirewallRuleVO.java
View File

@ -89,22 +89,7 @@ public class FirewallRuleVO implements FirewallRule {
@Column(name="icmp_type")
Integer icmpType;
// This is a delayed load value. If the value is null,
// then this field has not been loaded yet.
// Call firewallrules dao to load it.
@Transient
List<String> sourceCidrs;
public void setSourceCidrList(List<String> sourceCidrs) {
this.sourceCidrs=sourceCidrs;
}
@Override
public List<String> getSourceCidrList() {
return sourceCidrs;
}
@Override
public long getAccountId() {
@ -172,7 +157,7 @@ public class FirewallRuleVO implements FirewallRule {
protected FirewallRuleVO() {
}
public FirewallRuleVO(String xId, long ipAddressId, Integer portStart, Integer portEnd, String protocol, long networkId, long accountId, long domainId, Purpose purpose, List<String> sourceCidrs, Integer icmpCode, Integer icmpType) {
public FirewallRuleVO(String xId, long ipAddressId, Integer portStart, Integer portEnd, String protocol, long networkId, long accountId, long domainId, Purpose purpose, Integer icmpCode, Integer icmpType) {
this.xId = xId;
if (xId == null) {
this.xId = UUID.randomUUID().toString();
@ -188,11 +173,10 @@ public class FirewallRuleVO implements FirewallRule {
this.state = State.Staged;
this.icmpCode = icmpCode;
this.icmpType = icmpType;
this.sourceCidrs = sourceCidrs;
}
public FirewallRuleVO(String xId, long ipAddressId, int port, String protocol, long networkId, long accountId, long domainId, Purpose purpose, List<String> sourceCidrs, Integer icmpCode, Integer icmpType) {
this(xId, ipAddressId, port, port, protocol, networkId, accountId, domainId, purpose, sourceCidrs, icmpCode, icmpType);
public FirewallRuleVO(String xId, long ipAddressId, int port, String protocol, long networkId, long accountId, long domainId, Purpose purpose, Integer icmpCode, Integer icmpType) {
this(xId, ipAddressId, port, port, protocol, networkId, accountId, domainId, purpose, icmpCode, icmpType);
}
@Override

6
server/src/com/cloud/network/rules/PortForwardingRuleVO.java
View File

@ -52,8 +52,8 @@ public class PortForwardingRuleVO extends FirewallRuleVO implements PortForwardi
public PortForwardingRuleVO() {
}
public PortForwardingRuleVO(String xId, long srcIpId, int srcPortStart, int srcPortEnd, Ip dstIp, int dstPortStart, int dstPortEnd, String protocol, List<String> sourceCidrs, long networkId, long accountId, long domainId, long instanceId) {
super(xId, srcIpId, srcPortStart, srcPortEnd, protocol, networkId, accountId, domainId, Purpose.PortForwarding, sourceCidrs, null, null);
public PortForwardingRuleVO(String xId, long srcIpId, int srcPortStart, int srcPortEnd, Ip dstIp, int dstPortStart, int dstPortEnd, String protocol, long networkId, long accountId, long domainId, long instanceId) {
super(xId, srcIpId, srcPortStart, srcPortEnd, protocol, networkId, accountId, domainId, Purpose.PortForwarding, null, null);
this.destinationIpAddress = dstIp;
this.virtualMachineId = instanceId;
this.destinationPortStart = dstPortStart;
@ -61,7 +61,7 @@ public class PortForwardingRuleVO extends FirewallRuleVO implements PortForwardi
}
public PortForwardingRuleVO(String xId, long srcIpId, int srcPort, Ip dstIp, int dstPort, String protocol, List<String> sourceCidrs, long networkId, long accountId, long domainId, long instanceId) {
this(xId, srcIpId, srcPort, srcPort, dstIp, dstPort, dstPort, protocol.toLowerCase(), sourceCidrs, networkId, accountId, domainId, instanceId);
this(xId, srcIpId, srcPort, srcPort, dstIp, dstPort, dstPort, protocol.toLowerCase(), networkId, accountId, domainId, instanceId);
}
@Override

11
server/src/com/cloud/network/rules/RulesManagerImpl.java
View File

@ -207,7 +207,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
PortForwardingRuleVO newRule = new PortForwardingRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), dstIp, rule.getDestinationPortStart(),
rule.getDestinationPortEnd(), rule.getProtocol().toLowerCase(), rule.getSourceCidrList(), networkId, accountId, domainId, vmId);
rule.getDestinationPortEnd(), rule.getProtocol().toLowerCase(), networkId, accountId, domainId, vmId);
newRule = _forwardingDao.persist(newRule);
try {
@ -265,7 +265,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
FirewallRuleVO newRule = new FirewallRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol().toLowerCase(),
networkId, accountId, domainId, rule.getPurpose(), null, null, null);
networkId, accountId, domainId, rule.getPurpose(), null, null);
newRule = _firewallDao.persist(newRule);
try {
@ -573,11 +573,6 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
return true;
}
for (PortForwardingRuleVO rule: rules){
// load cidrs if any
rule.setSourceCidrList(_firewallCidrsDao.getSourceCidrs(rule.getId()));
}
if (caller != null) {
_accountMgr.checkAccess(caller, rules.toArray(new PortForwardingRuleVO[rules.size()]));
@ -909,7 +904,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
_firewallMgr.createRuleForAllCidrs(ip.getId(), caller, ports[i], ports[i], protocol, null, null);
}
rules[i] = new FirewallRuleVO(null, ip.getId(), ports[i], protocol, ip.getAssociatedWithNetworkId(), ip.getAllocatedToAccountId(), ip.getAllocatedInDomainId(), purpose, null, null, null);
rules[i] = new FirewallRuleVO(null, ip.getId(), ports[i], protocol, ip.getAssociatedWithNetworkId(), ip.getAllocatedToAccountId(), ip.getAllocatedInDomainId(), purpose, null, null);
rules[i] = _firewallDao.persist(rules[i]);
}
txn.commit();

4
server/src/com/cloud/network/rules/StaticNatRuleImpl.java
View File

@ -118,8 +118,4 @@ public class StaticNatRuleImpl implements StaticNatRule{
return null;
}
@Override
public List<String> getSourceCidrList() {
return null;
}
}