etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-737 

support multiple NICs in Security group in java side
This commit is contained in:
Anthony Xu 2013-01-31 15:45:52 -08:00
parent d7201dfe1f
commit 65210f4e7e
2 changed files with 22 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/src/com/cloud/network/NetworkManagerImpl.java
View File

@ -1878,7 +1878,7 @@ public class NetworkManagerImpl implements NetworkManager, Manager, Listener {
if ( _networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat)) {
throw new InvalidParameterValueException("Service SourceNat is not allowed in security group enabled zone");
}
if ( _networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SecurityGroup)) {
if ( ! _networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SecurityGroup)) {
throw new InvalidParameterValueException("network must have SecurityGroup provider in security group enabled zone");
}
}

82
server/src/com/cloud/vm/UserVmManagerImpl.java
View File

@ -2048,80 +2048,41 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
Account caller = UserContext.current().getCaller();
List<NetworkVO> networkList = new ArrayList<NetworkVO>();
boolean isSecurityGroupEnabledNetworkUsed = false;
boolean isVmWare = (template.getHypervisorType() == HypervisorType.VMware || (hypervisor != null && hypervisor == HypervisorType.VMware));
if (isVmWare) {
throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor");
}
//Verify that caller can perform actions in behalf of vm owner
_accountMgr.checkAccess(caller, null, true, owner);
// If no network is specified, find system security group enabled network
if (networkIdList == null || networkIdList.isEmpty()) {
Network networkWithSecurityGroup = _networkModel.getNetworkWithSecurityGroupEnabled(zone.getId());
if (networkWithSecurityGroup == null) {
throw new InvalidParameterValueException("No network with security enabled is found in zone id=" + zone.getId());
}
networkList.add(_networkDao.findById(networkWithSecurityGroup.getId()));
isSecurityGroupEnabledNetworkUsed = true;
} else if (securityGroupIdList != null && !securityGroupIdList.isEmpty()) {
if (isVmWare) {
throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor");
}
// Only one network can be specified, and it should be security group enabled
if (networkIdList.size() > 1) {
throw new InvalidParameterValueException("Only support one network per VM if security group enabled");
}
NetworkVO network = _networkDao.findById(networkIdList.get(0).longValue());
throw new InvalidParameterValueException("need to specify networkIDs");
}
// Verify that all the networks are Shared/Guest; can't create combination of SG enabled and disabled networks
for (Long networkId : networkIdList) {
NetworkVO network = _networkDao.findById(networkId);
if (network == null) {
throw new InvalidParameterValueException("Unable to find network by id " + networkIdList.get(0).longValue());
}
if (!_networkModel.isSecurityGroupSupportedInNetwork(network)) {
throw new InvalidParameterValueException("Network is not security group enabled: " + network.getId());
}
boolean isSecurityGroupEnabled = _networkModel.isSecurityGroupSupportedInNetwork(network);
if ( ! isSecurityGroupEnabled) {
throw new InvalidParameterValueException("Only support Security Group enabled networks in Security enabled zone, network " + network.getUuid() + " doesn't support security group ");
}
networkList.add(network);
isSecurityGroupEnabledNetworkUsed = true;
} else {
// Verify that all the networks are Shared/Guest; can't create combination of SG enabled and disabled networks
for (Long networkId : networkIdList) {
NetworkVO network = _networkDao.findById(networkId);
if (network == null) {
throw new InvalidParameterValueException("Unable to find network by id " + networkIdList.get(0).longValue());
}
boolean isSecurityGroupEnabled = _networkModel.isSecurityGroupSupportedInNetwork(network);
if (isSecurityGroupEnabled) {
if (networkIdList.size() > 1) {
throw new InvalidParameterValueException("Can't create a vm with multiple networks one of" +
" which is Security Group enabled");
}
isSecurityGroupEnabledNetworkUsed = true;
}
if (!(network.getTrafficType() == TrafficType.Guest && network.getGuestType() == Network.GuestType.Shared)) {
throw new InvalidParameterValueException("Can specify only Shared Guest networks when" +
if (!(network.getTrafficType() == TrafficType.Guest && network.getGuestType() == Network.GuestType.Shared)) {
throw new InvalidParameterValueException("Can specify only Shared Guest networks when" +
" deploy vm in Advance Security Group enabled zone");
}
// Perform account permission check
if (network.getAclType() == ACLType.Account) {
_accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
}
networkList.add(network);
}
}
// Perform account permission check
if (network.getAclType() == ACLType.Account) {
_accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
}
networkList.add(network);
}
// if network is security group enabled, and no security group is specified, then add the default security group automatically
if (isSecurityGroupEnabledNetworkUsed && !isVmWare && _networkModel.canAddDefaultSecurityGroup()) {
//add the default securityGroup only if no security group is specified
if ( _networkModel.canAddDefaultSecurityGroup()) {
if(securityGroupIdList == null || securityGroupIdList.isEmpty()){
if (securityGroupIdList == null) {
securityGroupIdList = new ArrayList<Long>();
@ -2140,7 +2101,6 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
}
}
}
return createVirtualMachine(zone, serviceOffering, template, hostName, displayName, owner, diskOfferingId,
diskSize, networkList, securityGroupIdList, group, userData, sshKeyPair, hypervisor, caller, requestedIps, defaultIp, keyboard);
}