From 516628273fab9e6f5b06c9f3df70e4d5465cc9b7 Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Thu, 21 Jun 2012 14:58:28 -0700 Subject: [PATCH] VPC: apply firewall ACLs as a part of VPC router start/restart and VPC network implement --- .../network/firewall/NetworkACLService.java | 2 + .../com/cloud/network/NetworkManagerImpl.java | 15 +- .../firewall/NetworkACLManagerImpl.java | 6 + .../VirtualNetworkApplianceManagerImpl.java | 14 +- ...VpcVirtualNetworkApplianceManagerImpl.java | 286 ++++++++++-------- .../com/cloud/vm/VirtualMachineManager.java | 8 + .../cloud/vm/VirtualMachineManagerImpl.java | 10 +- 7 files changed, 196 insertions(+), 145 deletions(-) diff --git a/api/src/com/cloud/network/firewall/NetworkACLService.java b/api/src/com/cloud/network/firewall/NetworkACLService.java index 73977938a89..f7b0f9d3ffa 100644 --- a/api/src/com/cloud/network/firewall/NetworkACLService.java +++ b/api/src/com/cloud/network/firewall/NetworkACLService.java @@ -43,4 +43,6 @@ public interface NetworkACLService { * @return */ List listNetworkACLs(ListNetworkACLsCmd cmd); + + List listNetworkACLs(long guestNtwkId); } diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 3f8764e056e..abb7af1110c 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -134,6 +134,7 @@ import com.cloud.network.element.StaticNatServiceProvider; import com.cloud.network.element.UserDataServiceProvider; import com.cloud.network.element.VirtualRouterElement; import com.cloud.network.element.VpcVirtualRouterElement; +import com.cloud.network.firewall.NetworkACLService; import com.cloud.network.guru.NetworkGuru; import com.cloud.network.lb.LoadBalancingRule; import com.cloud.network.lb.LoadBalancingRule.LbDestination; @@ -173,7 +174,6 @@ import com.cloud.user.User; import com.cloud.user.UserContext; import com.cloud.user.dao.AccountDao; import com.cloud.user.dao.UserStatisticsDao; -import com.cloud.utils.AnnotationHelper; import com.cloud.utils.NumbersUtil; import com.cloud.utils.Pair; import com.cloud.utils.component.Adapters; @@ -307,6 +307,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag VpcManager _vpcMgr; @Inject PrivateIpDao _privateIpDao; + @Inject + NetworkACLService _networkACLMgr; private final HashMap _systemNetworks = new HashMap(5); @@ -3935,6 +3937,13 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } } } + + //apply network ACLs + if (!_networkACLMgr.applyNetworkACLs(networkId, caller)) { + s_logger.warn("Failed to reapply network ACLs as a part of of network id=" + networkId + " restart"); + success = false; + } + return success; } @@ -4011,11 +4020,11 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } // FIXME - in post 3.0 we are going to support multiple providers for the same service per network offering, so -// we have to calculate capabilities for all of them + // we have to calculate capabilities for all of them String provider = providers.get(0); // FIXME we return the capabilities of the first provider of the service - what if we have multiple providers -// for same Service? + // for same Service? NetworkElement element = getElementImplementingProvider(provider); if (element != null) { Map> elementCapabilities = element.getCapabilities(); diff --git a/server/src/com/cloud/network/firewall/NetworkACLManagerImpl.java b/server/src/com/cloud/network/firewall/NetworkACLManagerImpl.java index 235d2a6119e..50613f6ff38 100644 --- a/server/src/com/cloud/network/firewall/NetworkACLManagerImpl.java +++ b/server/src/com/cloud/network/firewall/NetworkACLManagerImpl.java @@ -361,5 +361,11 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLService{ return _firewallDao.search(sc, filter); } + + + @Override + public List listNetworkACLs(long guestNtwkId) { + return _firewallDao.listByNetworkAndPurpose(guestNtwkId, Purpose.NetworkACL); + } } diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 19a7681fa9e..c44a4f4fb9e 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -1921,7 +1921,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian s_logger.debug("Resending ipAssoc, port forwarding, load balancing rules as a part of Virtual router start"); long ownerId = router.getAccountId(); - final List userIps = _networkMgr.listPublicIpsAssignedToGuestNtwk(ownerId, guestNetworkId, null); + final List userIps = _networkMgr.listPublicIpsAssignedToGuestNtwk(ownerId, guestNetworkId, null); List allPublicIps = new ArrayList(); if (userIps != null && !userIps.isEmpty()) { for (IPAddressVO userIp : userIps) { @@ -1956,24 +1956,24 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian //Get information about all the rules (StaticNats and StaticNatRules; PFVPN to reapply on domR start) for (PublicIp ip : publicIps) { - if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.PortForwarding, provider)) { + if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.PortForwarding, provider)) { pfRules.addAll(_pfRulesDao.listForApplication(ip.getId())); } - if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) { + if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) { staticNatFirewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.StaticNat)); } - if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) { + if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) { firewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.Firewall)); } - if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Vpn, provider)) { + if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Vpn, provider)) { RemoteAccessVpn vpn = _vpnDao.findById(ip.getId()); if (vpn != null) { vpns.add(vpn); } } - if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) { + if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) { if (ip.isOneToOneNat()) { String dstIp = _networkMgr.getIpInNetwork(ip.getAssociatedWithVmId(), guestNetworkId); StaticNatImpl staticNat = new StaticNatImpl(ip.getAccountId(), ip.getDomainId(), guestNetworkId, ip.getId(), dstIp, false); @@ -2019,7 +2019,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian } List lbs = _loadBalancerDao.listByNetworkId(guestNetworkId); - List lbRules = new ArrayList(); + List lbRules = new ArrayList(); if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Lb, provider)) { // Re-apply load balancing rules for (LoadBalancerVO lb : lbs) { diff --git a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java index 4016691559a..4bb5c1879bc 100644 --- a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java @@ -48,7 +48,6 @@ import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.InsufficientAddressCapacityException; import com.cloud.exception.InsufficientCapacityException; import com.cloud.exception.InsufficientServerCapacityException; -import com.cloud.exception.InsufficientVirtualNetworkCapcityException; import com.cloud.exception.OperationTimedoutException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.exception.StorageUnavailableException; @@ -69,7 +68,7 @@ import com.cloud.network.VirtualRouterProvider.VirtualRouterProviderType; import com.cloud.network.VpcVirtualNetworkApplianceService; import com.cloud.network.addr.PublicIp; import com.cloud.network.dao.PhysicalNetworkDao; -import com.cloud.network.router.VirtualRouter.Role; +import com.cloud.network.firewall.NetworkACLService; import com.cloud.network.rules.NetworkACL; import com.cloud.network.vpc.Vpc; import com.cloud.network.vpc.Dao.VpcDao; @@ -84,8 +83,10 @@ import com.cloud.vm.DomainRouterVO; import com.cloud.vm.Nic; import com.cloud.vm.NicProfile; import com.cloud.vm.ReservationContext; +import com.cloud.vm.VirtualMachine; import com.cloud.vm.VirtualMachineProfile; import com.cloud.vm.VirtualMachineProfile.Param; +import com.cloud.vm.dao.VMInstanceDao; /** * @author Alena Prokharchyk @@ -103,6 +104,10 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian PhysicalNetworkDao _pNtwkDao = null; @Inject NetworkService _ntwkService = null; + @Inject + NetworkACLService _networkACLService = null; + @Inject + VMInstanceDao _vmDao; @Override public List deployVirtualRouterInVpc(Vpc vpc, DeployDestination dest, Account owner, @@ -180,21 +185,11 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian return new Pair>(plan, routers); } + @Override public boolean addVpcRouterToGuestNetwork(VirtualRouter router, Network network, boolean isRedundant) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException { - boolean dnsProvided = _networkMgr.isProviderSupportServiceInNetwork(network.getId(), Service.Dns, Provider.VPCVirtualRouter); - boolean dhcpProvided = _networkMgr.isProviderSupportServiceInNetwork(network.getId(), Service.Dhcp, - Provider.VPCVirtualRouter); - - boolean setupDns = dnsProvided || dhcpProvided; - - return addVpcRouterToGuestNetwork(router, network, isRedundant, setupDns); - } - - protected boolean addVpcRouterToGuestNetwork(VirtualRouter router, Network network, boolean isRedundant, boolean setupDns) - throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException { if (network.getTrafficType() != TrafficType.Guest) { s_logger.warn("Network " + network + " is not of type " + TrafficType.Guest); @@ -212,7 +207,7 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian NicProfile guestNic = _itMgr.addVmToNetwork(router, network, null); //setup guest network if (guestNic != null) { - result = setupVpcGuestNetwork(network, router, true, isRedundant, guestNic, setupDns); + result = setupVpcGuestNetwork(network, router, true, guestNic); } else { s_logger.warn("Failed to add router " + router + " to guest network " + network); result = false; @@ -248,7 +243,7 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian return true; } - boolean result = setupVpcGuestNetwork(network, router, false, isRedundant, _networkMgr.getNicProfile(router, network.getId()), false); + boolean result = setupVpcGuestNetwork(network, router, false, _networkMgr.getNicProfile(router, network.getId())); if (!result) { s_logger.warn("Failed to destroy guest network config " + network + " on router " + router); return false; @@ -351,7 +346,7 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian List publicIps = new ArrayList(1); publicIps.add(ipAddress); Commands cmds = new Commands(OnError.Stop); - createVpcAssociateIPCommands(router, publicIps, cmds, 0); + createVpcAssociateIPCommands(router, publicIps, cmds); if (sendCommandsToRouter(router, cmds)) { s_logger.debug("Successfully applied ip association for ip " + ipAddress + " in vpc network " + network); @@ -362,64 +357,6 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian } } - - @Override - public boolean finalizeStart(VirtualMachineProfile profile, long hostId, Commands cmds, - ReservationContext context) { - - if (!super.finalizeStart(profile, hostId, cmds, context)) { - return false; - } else if (profile.getVirtualMachine().getVpcId() == null) { - return true; - } - - DomainRouterVO router = profile.getVirtualMachine(); - - //Get guest nic info - Map guestNics = new HashMap(); - Map publicNics = new HashMap(); - - List routerNics = _nicDao.listByVmId(profile.getId()); - for (Nic routerNic : routerNics) { - Network network = _networkMgr.getNetwork(routerNic.getNetworkId()); - if (network.getTrafficType() == TrafficType.Guest) { - guestNics.put(routerNic, network); - } else if (network.getTrafficType() == TrafficType.Public) { - publicNics.put(routerNic, network); - } - } - - try { - //add VPC router to public and guest networks - for (Nic publicNic : publicNics.keySet()) { - Network publicNtwk = publicNics.get(publicNic); - IPAddressVO userIp = _ipAddressDao.findByIpAndSourceNetworkId(publicNtwk.getId(), - publicNic.getIp4Address()); - PublicIp publicIp = new PublicIp(userIp, _vlanDao.findById(userIp.getVlanId()), - NetUtils.createSequenceBasedMacAddress(userIp.getMacAddress())); - if (!addPublicIpToVpc(router, publicNtwk, publicIp)) { - s_logger.warn("Failed to add router router " + router + " to public network " + publicNtwk); - return false; - } - } - - for (Nic guestNic : guestNics.keySet()) { - Network guestNtwk = guestNics.get(guestNic); - boolean setupDns = _networkMgr.setupDns(guestNtwk, Provider.VPCVirtualRouter); - - if (!addVpcRouterToGuestNetwork(router, guestNtwk, false, setupDns)) { - s_logger.warn("Failed to add router router " + router + " to guest network " + guestNtwk); - return false; - } - } - } catch (Exception ex) { - s_logger.warn("Failed to add router " + router + " to network due to exception ", ex); - return false; - } - - return true; - } - protected DomainRouterVO deployVpcRouter(Account owner, DeployDestination dest, DeploymentPlan plan, Map params, boolean isRedundant, VirtualRouterProvider vrProvider, long svcOffId, Long vpcId, PublicIp sourceNatIp) throws ConcurrentOperationException, @@ -497,51 +434,13 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian return result; } - protected boolean setupVpcGuestNetwork(Network network, VirtualRouter router, boolean add, boolean isRedundant, - NicProfile guestNic, boolean setupDns) + protected boolean setupVpcGuestNetwork(Network network, VirtualRouter router, boolean add, NicProfile guestNic) throws ConcurrentOperationException, ResourceUnavailableException{ - - String networkDomain = network.getNetworkDomain(); - String dhcpRange = getGuestDhcpRange(guestNic, network, _configMgr.getZone(network.getDataCenterId())); - + boolean result = true; - Nic nic = _nicDao.findByInstanceIdAndNetworkId(network.getId(), router.getId()); - long guestVlanTag = Long.parseLong(network.getBroadcastUri().getHost()); - - String brd = NetUtils.long2Ip(NetUtils.ip2Long(guestNic.getIp4Address()) | ~NetUtils.ip2Long(guestNic.getNetmask())); - Integer priority = null; - if (isRedundant) { - List routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER); - try { - getUpdatedPriority(network, routers, _routerDao.findById(router.getId())); - } catch (InsufficientVirtualNetworkCapcityException e) { - s_logger.error("Failed to get update priority!", e); - throw new CloudRuntimeException("Failed to get update priority!"); - } - } - - String defaultDns1 = null; - String defaultDns2 = null; - - if (setupDns) { - defaultDns1 = guestNic.getDns1(); - defaultDns2 = guestNic.getDns2(); - } - - NicProfile nicProfile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), - _networkMgr.getNetworkRate(network.getId(), router.getId()), - _networkMgr.isSecurityGroupSupportedInNetwork(network), _networkMgr.getNetworkTag(router.getHypervisorType(), network)); + SetupGuestNetworkCommand setupCmd = createSetupGuestNetworkCommand(router, add, guestNic); - SetupGuestNetworkCommand setupCmd = new SetupGuestNetworkCommand(dhcpRange, networkDomain, isRedundant, priority, - defaultDns1, defaultDns2, add, _itMgr.toNicTO(nicProfile, router.getHypervisorType())); - setupCmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, getRouterControlIp(router.getId())); - setupCmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, getRouterIpInNetwork(network.getId(), router.getId())); - setupCmd.setAccessDetail(NetworkElementCommand.GUEST_VLAN_TAG, String.valueOf(guestVlanTag)); - setupCmd.setAccessDetail(NetworkElementCommand.GUEST_NETWORK_GATEWAY, network.getGateway()); - setupCmd.setAccessDetail(NetworkElementCommand.GUEST_BRIDGE, brd); - setupCmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName()); - Commands cmds = new Commands(OnError.Stop); cmds.addCommand("setupguestnetwork", setupCmd); sendCommandsToRouter(router, cmds); @@ -555,9 +454,47 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian return result; } + + protected SetupGuestNetworkCommand createSetupGuestNetworkCommand(VirtualRouter router, boolean add, NicProfile guestNic) { + Network network = _networkMgr.getNetwork(guestNic.getNetworkId()); + + String defaultDns1 = null; + String defaultDns2 = null; + + boolean dnsProvided = _networkMgr.isProviderSupportServiceInNetwork(network.getId(), Service.Dns, Provider.VPCVirtualRouter); + boolean dhcpProvided = _networkMgr.isProviderSupportServiceInNetwork(network.getId(), Service.Dhcp, + Provider.VPCVirtualRouter); + + boolean setupDns = dnsProvided || dhcpProvided; + + if (setupDns) { + defaultDns1 = guestNic.getDns1(); + defaultDns2 = guestNic.getDns2(); + } + + Nic nic = _nicDao.findByInstanceIdAndNetworkId(network.getId(), router.getId()); + String networkDomain = network.getNetworkDomain(); + String dhcpRange = getGuestDhcpRange(guestNic, network, _configMgr.getZone(network.getDataCenterId())); + + VirtualMachine vm = _vmDao.findById(router.getId()); + NicProfile nicProfile = _networkMgr.getNicProfile(router, nic.getNetworkId()); + + SetupGuestNetworkCommand setupCmd = new SetupGuestNetworkCommand(dhcpRange, networkDomain, false, null, + defaultDns1, defaultDns2, add, _itMgr.toNicTO(nicProfile, router.getHypervisorType())); + long guestVlanTag = Long.parseLong(network.getBroadcastUri().getHost()); + String brd = NetUtils.long2Ip(NetUtils.ip2Long(guestNic.getIp4Address()) | ~NetUtils.ip2Long(guestNic.getNetmask())); + setupCmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, getRouterControlIp(router.getId())); + setupCmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, getRouterIpInNetwork(network.getId(), router.getId())); + setupCmd.setAccessDetail(NetworkElementCommand.GUEST_VLAN_TAG, String.valueOf(guestVlanTag)); + setupCmd.setAccessDetail(NetworkElementCommand.GUEST_NETWORK_GATEWAY, network.getGateway()); + setupCmd.setAccessDetail(NetworkElementCommand.GUEST_BRIDGE, brd); + setupCmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName()); + + return setupCmd; + } private void createVpcAssociateIPCommands(final VirtualRouter router, final List ips, - Commands cmds, long vmId) { + Commands cmds) { Pair sourceNatIpAdd = null; Boolean addSourceNat = null; @@ -615,16 +552,7 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian //set source nat ip if (sourceNatIpAdd != null) { IpAddressTO sourceNatIp = sourceNatIpAdd.first(); - Long publicNetworkId = sourceNatIpAdd.second(); - - Network guestNetwork = _networkMgr.getNetwork(publicNetworkId); - Nic nic = _nicDao.findByInstanceIdAndNetworkId(guestNetwork.getId(), router.getId()); - NicProfile nicProfile = new NicProfile(nic, guestNetwork, nic.getBroadcastUri(), nic.getIsolationUri(), - _networkMgr.getNetworkRate(guestNetwork.getId(), router.getId()), - _networkMgr.isSecurityGroupSupportedInNetwork(guestNetwork), - _networkMgr.getNetworkTag(router.getHypervisorType(), guestNetwork)); - - SetSourceNatCommand cmd = new SetSourceNatCommand(sourceNatIp, addSourceNat, _itMgr.toNicTO(nicProfile, router.getHypervisorType())); + SetSourceNatCommand cmd = new SetSourceNatCommand(sourceNatIp, addSourceNat, null); cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, getRouterControlIp(router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName()); DataCenterVO dcVo = _dcDao.findById(router.getDataCenterIdToDeployIn()); @@ -632,6 +560,13 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian cmds.addCommand("SetSourceNatCommand", cmd); } } + + protected NicTO getNicTO(final VirtualRouter router, Long guestNetworkId) { + VirtualMachine vm = _vmDao.findById(router.getId()); + NicProfile nicProfile = _networkMgr.getNicProfile(router, guestNetworkId); + + return _itMgr.toNicTO(nicProfile, router.getHypervisorType()); + } @Override public boolean associateIP(Network network, final List ipAddress, List routers) @@ -688,7 +623,7 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian @Override public boolean execute(Network network, VirtualRouter router) throws ResourceUnavailableException { Commands cmds = new Commands(OnError.Continue); - createVpcAssociateIPCommands(router, ipAddress, cmds, 0); + createVpcAssociateIPCommands(router, ipAddress, cmds); return sendCommandsToRouter(router, cmds); } }); @@ -755,13 +690,8 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian } } - Network network = _networkMgr.getNetwork(guestNetworkId); - Nic nic = _nicDao.findByInstanceIdAndNetworkId(network.getId(), router.getId()); - NicProfile nicProfile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), - _networkMgr.getNetworkRate(network.getId(), router.getId()), - _networkMgr.isSecurityGroupSupportedInNetwork(network), _networkMgr.getNetworkTag(router.getHypervisorType(), network)); - SetNetworkACLCommand cmd = new SetNetworkACLCommand(rulesTO, _itMgr.toNicTO(nicProfile, router.getHypervisorType())); + SetNetworkACLCommand cmd = new SetNetworkACLCommand(rulesTO, getNicTO(router, guestNetworkId)); cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, getRouterControlIp(router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, getRouterIpInNetwork(guestNetworkId, router.getId())); cmd.setAccessDetail(NetworkElementCommand.GUEST_VLAN_TAG, guestVlan); @@ -770,4 +700,94 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString()); cmds.addCommand(cmd); } + + @Override + public boolean finalizeCommandsOnStart(Commands cmds, VirtualMachineProfile profile) { + DomainRouterVO router = profile.getVirtualMachine(); + + boolean isVpc = (router.getVpcId() != null); + boolean result = super.finalizeCommandsOnStart(cmds, profile); + + if (!isVpc) { + return result; + } + + //Get guest nic info + Map guestNics = new HashMap(); + Map publicNics = new HashMap(); + + List routerNics = _nicDao.listByVmId(profile.getId()); + for (Nic routerNic : routerNics) { + Network network = _networkMgr.getNetwork(routerNic.getNetworkId()); + if (network.getTrafficType() == TrafficType.Guest) { + guestNics.put(routerNic, network); + } else if (network.getTrafficType() == TrafficType.Public) { + publicNics.put(routerNic, network); + } + } + + List publicIps = new ArrayList(1); + try { + //add VPC router to public networks + for (Nic publicNic : publicNics.keySet()) { + Network publicNtwk = publicNics.get(publicNic); + IPAddressVO userIp = _ipAddressDao.findByIpAndSourceNetworkId(publicNtwk.getId(), + publicNic.getIp4Address()); + PublicIp publicIp = new PublicIp(userIp, _vlanDao.findById(userIp.getVlanId()), + NetUtils.createSequenceBasedMacAddress(userIp.getMacAddress())); + + + if (publicIp.isSourceNat()) { + publicIps.add(publicIp); + } + + PlugNicCommand plugNicCmd = new PlugNicCommand(_itMgr.toVmTO(profile), getNicTO(router, publicNic.getNetworkId())); + cmds.addCommand(plugNicCmd); + } + + //if ip is source nat, create source nat command + if (!publicIps.isEmpty()) { + createVpcAssociateIPCommands(router, publicIps, cmds); + } + + for (Nic guestNic : guestNics.keySet()) { + //plug guest nic + PlugNicCommand plugNicCmd = new PlugNicCommand(_itMgr.toVmTO(profile), getNicTO(router, guestNic.getNetworkId())); + cmds.addCommand(plugNicCmd); + + //and set guest network + VirtualMachine vm = _vmDao.findById(router.getId()); + NicProfile nicProfile = _networkMgr.getNicProfile(vm, guestNic.getNetworkId()); + SetupGuestNetworkCommand setupCmd = createSetupGuestNetworkCommand(router, true, nicProfile); + cmds.addCommand(setupCmd); + + } + } catch (Exception ex) { + s_logger.warn("Failed to add router " + router + " to network due to exception ", ex); + return false; + } + + boolean reprogramGuestNtwks = true; + if (profile.getParameter(Param.ReProgramGuestNetworks) != null && (Boolean) profile.getParameter(Param.ReProgramGuestNetworks) == false) { + reprogramGuestNtwks = false; + } + + //get network ACLs for the router + List routerGuestNtwkIds = _routerDao.getRouterNetworks(router.getId()); + if (reprogramGuestNtwks) { + for (Long guestNetworkId : routerGuestNtwkIds) { + s_logger.debug("Resending network ACLs as a part of VPC Virtual router start"); + + if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, Provider.VPCVirtualRouter)) { + List networkACLs = _networkACLService.listNetworkACLs(guestNetworkId); + s_logger.debug("Found " + networkACLs.size() + " network ACLs to apply as a part of VPC VR " + router + " start."); + if (!networkACLs.isEmpty()) { + createNetworkACLsCommands((List)networkACLs, router, cmds, guestNetworkId); + } + } + } + } + + return result; + } } diff --git a/server/src/com/cloud/vm/VirtualMachineManager.java b/server/src/com/cloud/vm/VirtualMachineManager.java index 56dc483be34..1f2b4b50ba5 100644 --- a/server/src/com/cloud/vm/VirtualMachineManager.java +++ b/server/src/com/cloud/vm/VirtualMachineManager.java @@ -17,6 +17,7 @@ import java.util.List; import java.util.Map; import com.cloud.agent.api.to.NicTO; +import com.cloud.agent.api.to.VirtualMachineTO; import com.cloud.deploy.DeployDestination; import com.cloud.deploy.DeploymentPlan; import com.cloud.exception.AgentUnavailableException; @@ -164,4 +165,11 @@ public interface VirtualMachineManager extends Manager { */ NicTO toNicTO(NicProfile nic, HypervisorType hypervisorType); + /** + * @param profile + * @param hvGuru + * @return + */ + VirtualMachineTO toVmTO(VirtualMachineProfile profile); + } diff --git a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java index 08013ed8d8a..9cad3d1e26a 100755 --- a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java +++ b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java @@ -1304,9 +1304,8 @@ public class VirtualMachineManagerImpl implements VirtualMachineManager, Listene VirtualMachineProfile profile = new VirtualMachineProfileImpl(vm); _networkMgr.prepareNicForMigration(profile, dest); _storageMgr.prepareForMigration(profile, dest); - HypervisorGuru hvGuru = _hvGuruMgr.getGuru(vm.getHypervisorType()); - VirtualMachineTO to = hvGuru.implement(profile); + VirtualMachineTO to = toVmTO(profile); PrepareForMigrationCommand pfmc = new PrepareForMigrationCommand(to); ItWorkVO work = new ItWorkVO(UUID.randomUUID().toString(), _nodeId, State.Migrating, vm.getType(), vm.getId()); @@ -1411,6 +1410,13 @@ public class VirtualMachineManagerImpl implements VirtualMachineManager, Listene } } + @Override + public VirtualMachineTO toVmTO(VirtualMachineProfile profile) { + HypervisorGuru hvGuru = _hvGuruMgr.getGuru(profile.getVirtualMachine().getHypervisorType()); + VirtualMachineTO to = hvGuru.implement(profile); + return to; + } + protected void cancelWorkItems(long nodeId) { GlobalLock scanLock = GlobalLock.getInternLock("vmmgr.cancel.workitem");