From 3fc9b149e4a4419502c3277ec4c42e916fcb640a Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Wed, 2 Nov 2011 15:18:26 -0700 Subject: [PATCH] NaaS: Add portforwarding and staticnat service provider Make them service rather than capability of firewall. Now firewall only means open/close the port. --- api/src/com/cloud/api/ApiConstants.java | 2 ++ .../commands/CreateNetworkOfferingCmd.java | 14 +++++++++ .../commands/UpdateNetworkOfferingCmd.java | 14 +++++++++ api/src/com/cloud/network/Network.java | 6 ++-- .../ConfigurationManagerImpl.java | 16 ++++++++++ .../com/cloud/network/NetworkManagerImpl.java | 2 ++ .../dao/PhysicalNetworkServiceProviderVO.java | 30 +++++++++++++++++++ .../JuniperSRXExternalFirewallElement.java | 13 ++++---- .../network/element/VirtualRouterElement.java | 6 ++-- .../cloud/server/ConfigurationServerImpl.java | 2 ++ setup/db/create-schema.sql | 4 ++- 11 files changed, 95 insertions(+), 14 deletions(-) diff --git a/api/src/com/cloud/api/ApiConstants.java b/api/src/com/cloud/api/ApiConstants.java index bfd201fc43c..b29048e9f57 100755 --- a/api/src/com/cloud/api/ApiConstants.java +++ b/api/src/com/cloud/api/ApiConstants.java @@ -266,6 +266,8 @@ public class ApiConstants { public static final String DHCP_SERVICE = "dhcpservice"; public static final String DNS_SERVICE = "dnsservice"; public static final String SOURCE_NAT_SERVICE = "sourcenatservice"; + public static final String STATIC_NAT_SERVICE = "staticnatservice"; + public static final String PORT_FORWARDING_SERVICE = "staticnatservice"; public static final String VPN_SERVICE = "vpnservice"; public static final String USERDATA_SERVICE = "userdataservice"; public static final String LB_SERVICE = "lbservice"; diff --git a/api/src/com/cloud/api/commands/CreateNetworkOfferingCmd.java b/api/src/com/cloud/api/commands/CreateNetworkOfferingCmd.java index cc6fe0816bb..b99deb62c42 100644 --- a/api/src/com/cloud/api/commands/CreateNetworkOfferingCmd.java +++ b/api/src/com/cloud/api/commands/CreateNetworkOfferingCmd.java @@ -91,6 +91,12 @@ public class CreateNetworkOfferingCmd extends BaseCmd { @Parameter(name=ApiConstants.SOURCE_NAT_SERVICE, type=CommandType.BOOLEAN, description="true if network offering supports source nat service") private Boolean sourceNatService; + @Parameter(name=ApiConstants.STATIC_NAT_SERVICE, type=CommandType.BOOLEAN, description="true if network offering supports source nat service") + private Boolean staticNatService; + + @Parameter(name=ApiConstants.PORT_FORWARDING_SERVICE, type=CommandType.BOOLEAN, description="true if network offering supports source nat service") + private Boolean portForwardingService; + @Parameter(name=ApiConstants.VPN_SERVICE, type=CommandType.BOOLEAN, description="true if network offering supports vpn service") private Boolean vpnService; @@ -175,6 +181,14 @@ public class CreateNetworkOfferingCmd extends BaseCmd { return sourceNatService == null ? false : sourceNatService; } + public Boolean getStaticNatService() { + return staticNatService == null ? false : staticNatService; + } + + public Boolean getPortForwardingService() { + return portForwardingService == null ? false : portForwardingService; + } + public Boolean getVpnService() { return vpnService == null ? false : vpnService; } diff --git a/api/src/com/cloud/api/commands/UpdateNetworkOfferingCmd.java b/api/src/com/cloud/api/commands/UpdateNetworkOfferingCmd.java index 9c70474b9c0..414fbbc194d 100644 --- a/api/src/com/cloud/api/commands/UpdateNetworkOfferingCmd.java +++ b/api/src/com/cloud/api/commands/UpdateNetworkOfferingCmd.java @@ -80,6 +80,12 @@ public class UpdateNetworkOfferingCmd extends BaseCmd { @Parameter(name=ApiConstants.SOURCE_NAT_SERVICE, type=CommandType.BOOLEAN, description="true is network offering supports source nat service") private Boolean sourceNatService; + @Parameter(name=ApiConstants.STATIC_NAT_SERVICE, type=CommandType.BOOLEAN, description="true if network offering supports source nat service") + private Boolean staticNatService; + + @Parameter(name=ApiConstants.PORT_FORWARDING_SERVICE, type=CommandType.BOOLEAN, description="true if network offering supports source nat service") + private Boolean portForwardingService; + @Parameter(name=ApiConstants.VPN_SERVICE, type=CommandType.BOOLEAN, description="true is network offering supports vpn service") private Boolean vpnService; @@ -140,6 +146,14 @@ public class UpdateNetworkOfferingCmd extends BaseCmd { return sourceNatService == null ? false : sourceNatService; } + public Boolean getStaticNatService() { + return staticNatService == null ? false : staticNatService; + } + + public Boolean getPortForwardingService() { + return portForwardingService == null ? false : portForwardingService; + } + public Boolean getVpnService() { return vpnService == null ? false : vpnService; } diff --git a/api/src/com/cloud/network/Network.java b/api/src/com/cloud/network/Network.java index ec2ce371169..a04918dc6ad 100644 --- a/api/src/com/cloud/network/Network.java +++ b/api/src/com/cloud/network/Network.java @@ -51,10 +51,12 @@ public interface Network extends ControlledEntity { public static final Service Dhcp = new Service("Dhcp"); public static final Service Dns = new Service("Dns", Capability.AllowDnsSuffixModification); public static final Service Gateway = new Service("Gateway"); - public static final Service Firewall = new Service("Firewall", Capability.PortForwarding, Capability.StaticNat, Capability.SupportedProtocols, Capability.MultipleIps, Capability.SupportedSourceNatTypes, Capability.TrafficStatistics); + public static final Service Firewall = new Service("Firewall", Capability.SupportedProtocols, Capability.MultipleIps, Capability.SupportedSourceNatTypes, Capability.TrafficStatistics); public static final Service Lb = new Service("Lb", Capability.SupportedLBAlgorithms, Capability.SupportedProtocols, Capability.TrafficStatistics, Capability.LoadBalancingSupportedIps); public static final Service UserData = new Service("UserData"); public static final Service SourceNat = new Service("SourceNat"); + public static final Service StaticNat = new Service("StaticNat"); + public static final Service PortForwarding = new Service("PortForwarding"); public static final Service SecurityGroup = new Service("SecurityGroup"); private String name; @@ -154,8 +156,6 @@ public interface Network extends ControlledEntity { public static class Capability { - public static final Capability PortForwarding = new Capability("PortForwarding"); - public static final Capability StaticNat = new Capability("StaticNat"); public static final Capability SupportedProtocols = new Capability("SupportedProtocols"); public static final Capability SupportedLBAlgorithms = new Capability("SupportedLbAlgorithms"); public static final Capability MultipleIps = new Capability("MultipleIps"); diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java index 6afbdae8906..5dcfb480f1a 100755 --- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java @@ -2872,6 +2872,14 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura serviceProviderMap.put(Network.Service.SourceNat, defaultProviders); } + if (cmd.getStaticNatService()) { + serviceProviderMap.put(Network.Service.StaticNat, defaultProviders); + } + + if (cmd.getPortForwardingService()) { + serviceProviderMap.put(Network.Service.PortForwarding, defaultProviders); + } + if (cmd.getUserdataService()) { serviceProviderMap.put(Network.Service.UserData, defaultProviders); } @@ -3185,6 +3193,14 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura serviceProviderMap.put(Network.Service.SourceNat, defaultProviders); } + if (cmd.getStaticNatService()) { + serviceProviderMap.put(Network.Service.StaticNat, defaultProviders); + } + + if (cmd.getPortForwardingService()) { + serviceProviderMap.put(Network.Service.PortForwarding, defaultProviders); + } + if (cmd.getUserdataService()) { serviceProviderMap.put(Network.Service.UserData, defaultProviders); } diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index f5263418c28..a4a514b22eb 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -878,6 +878,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag defaultVirtualNetworkOfferingProviders.put(Service.Gateway, defaultProviders); defaultVirtualNetworkOfferingProviders.put(Service.Lb, defaultProviders); defaultVirtualNetworkOfferingProviders.put(Service.SourceNat, defaultProviders); + defaultVirtualNetworkOfferingProviders.put(Service.StaticNat, defaultProviders); + defaultVirtualNetworkOfferingProviders.put(Service.PortForwarding, defaultProviders); defaultVirtualNetworkOfferingProviders.put(Service.Vpn, defaultProviders); Transaction txn = Transaction.currentTxn(); diff --git a/server/src/com/cloud/network/dao/PhysicalNetworkServiceProviderVO.java b/server/src/com/cloud/network/dao/PhysicalNetworkServiceProviderVO.java index df8837ed484..c83f1c4275f 100644 --- a/server/src/com/cloud/network/dao/PhysicalNetworkServiceProviderVO.java +++ b/server/src/com/cloud/network/dao/PhysicalNetworkServiceProviderVO.java @@ -74,6 +74,12 @@ public class PhysicalNetworkServiceProviderVO implements PhysicalNetworkServiceP @Column(name = "load_balance_service_provided") boolean lbServiceProvided; + @Column(name = "static_nat_service_provided") + boolean staticnatServiceProvided; + + @Column(name = "port_forwarding_service_provided") + boolean portForwardingServiceProvided; + @Column(name = "user_data_service_provided") boolean userdataServiceProvided; @@ -188,6 +194,22 @@ public class PhysicalNetworkServiceProviderVO implements PhysicalNetworkServiceP this.lbServiceProvided = lbServiceProvided; } + public boolean isStaticnatServiceProvided() { + return staticnatServiceProvided; + } + + public void setStaticnatServiceProvided(boolean staticnatServiceProvided) { + this.staticnatServiceProvided = staticnatServiceProvided; + } + + public boolean isPortForwardingServiceProvided() { + return portForwardingServiceProvided; + } + + public void setPortForwardingServiceProvided(boolean portForwardingServiceProvided) { + this.portForwardingServiceProvided = portForwardingServiceProvided; + } + @Override public boolean isUserdataServiceProvided() { return userdataServiceProvided; @@ -214,6 +236,8 @@ public class PhysicalNetworkServiceProviderVO implements PhysicalNetworkServiceP this.setFirewallServiceProvided(services.contains(Service.Firewall)); this.setLbServiceProvided(services.contains(Service.Lb)); this.setSourcenatServiceProvided(services.contains(Service.SourceNat)); + this.setStaticnatServiceProvided(services.contains(Service.StaticNat)); + this.setPortForwardingServiceProvided(services.contains(Service.PortForwarding)); this.setUserdataServiceProvided(services.contains(Service.UserData)); this.setSecuritygroupServiceProvided(services.contains(Service.SecurityGroup)); } @@ -242,6 +266,12 @@ public class PhysicalNetworkServiceProviderVO implements PhysicalNetworkServiceP if(this.sourcenatServiceProvided){ services.add(Service.SourceNat); } + if(this.staticnatServiceProvided){ + services.add(Service.StaticNat); + } + if(this.portForwardingServiceProvided){ + services.add(Service.PortForwarding); + } if(this.isUserdataServiceProvided()){ services.add(Service.UserData); } diff --git a/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java b/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java index de1a8d55a8a..8cd69219779 100644 --- a/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java +++ b/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java @@ -203,9 +203,6 @@ public class JuniperSRXExternalFirewallElement extends AdapterBase implements So // Set capabilities for Firewall service Map firewallCapabilities = new HashMap(); - // Specifies that static NAT rules are supported by this element - firewallCapabilities.put(Capability.StaticNat, "true"); - // Specifies that NAT rules can be made for either TCP or UDP traffic firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp"); @@ -214,9 +211,6 @@ public class JuniperSRXExternalFirewallElement extends AdapterBase implements So // Specifies that this element can measure network usage on a per public IP basis firewallCapabilities.put(Capability.TrafficStatistics, "per public ip"); - // Specifies that port forwarding rules are supported by this element - firewallCapabilities.put(Capability.PortForwarding, "true"); - // Specifies supported VPN types Map vpnCapabilities = new HashMap(); vpnCapabilities.put(Capability.SupportedVpnTypes, "ipsec"); @@ -225,12 +219,17 @@ public class JuniperSRXExternalFirewallElement extends AdapterBase implements So capabilities.put(Service.Firewall, firewallCapabilities); capabilities.put(Service.Gateway, null); - Map sourceNatCapabilities = new HashMap(); // Specifies that this element supports either one source NAT rule per account, or no source NAT rules at all; // in the latter case a shared interface NAT rule will be used sourceNatCapabilities.put(Capability.SupportedSourceNatTypes, "per account, per zone"); capabilities.put(Service.SourceNat, sourceNatCapabilities); + + // Specifies that port forwarding rules are supported by this element + capabilities.put(Service.PortForwarding, null); + + // Specifies that static NAT rules are supported by this element + capabilities.put(Service.StaticNat, null); return capabilities; } diff --git a/server/src/com/cloud/network/element/VirtualRouterElement.java b/server/src/com/cloud/network/element/VirtualRouterElement.java index be4967b2596..93fb3fbdff9 100644 --- a/server/src/com/cloud/network/element/VirtualRouterElement.java +++ b/server/src/com/cloud/network/element/VirtualRouterElement.java @@ -302,9 +302,7 @@ public class VirtualRouterElement extends DhcpElement implements VirtualRouterEl //Set capabilities for Firewall service Map firewallCapabilities = new HashMap(); - firewallCapabilities.put(Capability.PortForwarding, "true"); firewallCapabilities.put(Capability.TrafficStatistics, "per public ip"); - firewallCapabilities.put(Capability.StaticNat, "true"); firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp"); firewallCapabilities.put(Capability.MultipleIps, "true"); @@ -323,11 +321,13 @@ public class VirtualRouterElement extends DhcpElement implements VirtualRouterEl capabilities.put(Service.Dhcp, null); capabilities.put(Service.Gateway, null); - Map sourceNatCapabilities = new HashMap(); sourceNatCapabilities.put(Capability.SupportedSourceNatTypes, "per account"); capabilities.put(Service.SourceNat, sourceNatCapabilities); + capabilities.put(Service.StaticNat, null); + capabilities.put(Service.PortForwarding, null); + return capabilities; } diff --git a/server/src/com/cloud/server/ConfigurationServerImpl.java b/server/src/com/cloud/server/ConfigurationServerImpl.java index c77139b148a..f84c1c196de 100644 --- a/server/src/com/cloud/server/ConfigurationServerImpl.java +++ b/server/src/com/cloud/server/ConfigurationServerImpl.java @@ -852,6 +852,8 @@ public class ConfigurationServerImpl implements ConfigurationServer { defaultVirtualNetworkOfferingProviders.put(Service.Gateway, Provider.VirtualRouter); defaultVirtualNetworkOfferingProviders.put(Service.Lb, Provider.VirtualRouter); defaultVirtualNetworkOfferingProviders.put(Service.SourceNat, Provider.VirtualRouter); + defaultVirtualNetworkOfferingProviders.put(Service.StaticNat, Provider.VirtualRouter); + defaultVirtualNetworkOfferingProviders.put(Service.PortForwarding, Provider.VirtualRouter); defaultVirtualNetworkOfferingProviders.put(Service.Vpn, Provider.VirtualRouter); NetworkOfferingVO guestNetworkOffering = new NetworkOfferingVO( diff --git a/setup/db/create-schema.sql b/setup/db/create-schema.sql index cf912d30338..dd03cce8331 100755 --- a/setup/db/create-schema.sql +++ b/setup/db/create-schema.sql @@ -1787,8 +1787,10 @@ CREATE TABLE `cloud`.`physical_network_service_providers` ( `dns_service_provided` tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT 'Is DNS service provided', `gateway_service_provided` tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT 'Is Gateway service provided', `firewall_service_provided` tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT 'Is Firewall service provided', - `source_nat_service_provided` tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT 'Is SNAT service provided', + `source_nat_service_provided` tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT 'Is Source NAT service provided', `load_balance_service_provided` tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT 'Is LB service provided', + `static_nat_service_provided` tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT 'Is Static NAT service provided', + `port_forwarding_service_provided` tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT 'Is Port Forwarding service provided', `user_data_service_provided` tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT 'Is UserData service provided', `security_group_service_provided` tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT 'Is SG service provided', PRIMARY KEY (`id`),