diff --git a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java index 2686c2d1bee..38a100225c2 100755 --- a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java +++ b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java @@ -138,6 +138,7 @@ import com.cloud.agent.api.routing.SetSourceNatCommand; import com.cloud.agent.api.routing.SetSourceNatAnswer; import com.cloud.agent.api.routing.SetStaticNatRulesAnswer; import com.cloud.agent.api.routing.SetStaticNatRulesCommand; +import com.cloud.agent.api.routing.Site2SiteVpnCfgCommand; import com.cloud.agent.api.routing.VmDataCommand; import com.cloud.agent.api.routing.VpnUsersCfgCommand; import com.cloud.agent.api.storage.CopyVolumeAnswer; @@ -442,6 +443,10 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa answer = execute((SetNetworkACLCommand) cmd); } else if (clz == SetPortForwardingRulesVpcCommand.class) { answer = execute((SetPortForwardingRulesVpcCommand) cmd); + } else if (clz == Site2SiteVpnCfgCommand.class) { + answer = execute((Site2SiteVpnCfgCommand) cmd); + } else if (clz == CheckS2SVpnConnectionsCommand.class) { + answer = execute((CheckS2SVpnConnectionsCommand) cmd); } else { answer = Answer.createUnsupportedCommandAnswer(cmd); } @@ -1114,6 +1119,75 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa return new SetPortForwardingRulesAnswer(cmd, results, endResult); } + protected Answer execute(Site2SiteVpnCfgCommand cmd) { + if (s_logger.isInfoEnabled()) { + s_logger.info("Executing resource Site2SiteVpnCfgCommand " + _gson.toJson(cmd)); + } + + VmwareManager mgr = getServiceContext().getStockObject(VmwareManager.CONTEXT_STOCK_NAME); + + String routerIp = getRouterSshControlIp(cmd); + + String args =""; + if (cmd.isCreate()) { + args += " -A"; + args += " -l "; + args += cmd.getLocalPublicIp(); + args += " -n "; + args += cmd.getLocalGuestCidr(); + args += " -g "; + args += cmd.getLocalPublicGateway(); + args += " -r "; + args += cmd.getPeerGatewayIp(); + args += " -N "; + args += cmd.getPeerGuestCidrList(); + args += " -e "; + args += "\"" + cmd.getEspPolicy() + "\""; + args += " -i "; + args += "\"" + cmd.getIkePolicy() + "\""; + args += " -t "; + args += Long.toString(cmd.getIkeLifetime()); + args += " -T "; + args += Long.toString(cmd.getEspLifetime()); + args += " -s "; + args += "\"" + cmd.getIpsecPsk() + "\""; + args += " -d "; + if (cmd.getDpd()) { + args += "1"; + } else { + args += "0"; + } + } else { + args += " -D"; + args += " -r "; + args += cmd.getPeerGatewayIp(); + args += " -n "; + args += cmd.getLocalGuestCidr(); + args += " -N "; + args += cmd.getPeerGuestCidrList(); + } + + Pair result; + try { + result = SshHelper.sshExecute(routerIp, DEFAULT_DOMR_SSHPORT, "root", mgr.getSystemVMKeyFile(), null, + "/opt/cloud/bin/ipsectunnel.sh " + args); + + if (!result.first()) { + s_logger.error("Setup site2site VPN " + cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP) + " failed, message: " + result.second()); + + return new Answer(cmd, false, "Setup site2site VPN falied due to " + result.second()); + } + + if (s_logger.isDebugEnabled()) { + s_logger.debug("setup site 2 site vpn on router " + cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP) + " completed"); + } + } catch (Throwable e) { + String msg = "Setup site2site VPN falied due to " + VmwareHelper.getExceptionMessage(e); + s_logger.error(msg, e); + return new Answer(cmd, false, "Setup site2site VPN failed due to " + VmwareHelper.getExceptionMessage(e)); + } + return new Answer(cmd, true, result.second()); + } private PlugNicAnswer execute(PlugNicCommand cmd) { if (s_logger.isInfoEnabled()) {