Firewall service is enabled in default elb/eip network offering

Also added more handling for error cases scenarios

api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java

@@ -39,7 +39,6 @@ import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.IpAddress;
 import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.StaticNatRule;
-import com.cloud.network.rules.FirewallRule.FirewallRuleType;
 import com.cloud.user.Account;
 import com.cloud.user.UserContext;
 

server/src/com/cloud/network/NetworkManager.java

@@ -282,4 +282,6 @@ public interface NetworkManager extends NetworkService {
 	IpAddress assignElasticIp(long networkId, Account owner,
 			boolean forElasticLb, boolean forElasticIp)
 			throws InsufficientAddressCapacityException;
+
+	boolean handleElasticIpRelease(IpAddress ip);
 }

server/src/com/cloud/network/NetworkManagerImpl.java

@@ -1935,8 +1935,9 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         	UserVm vm = null;
         	if (vmId != null) {
         		vm = _userVmDao.findById(vmId);
+            	return _rulesMgr.enableElasticIpAndStaticNatForVm(vm, true);
         	}
-        	return _rulesMgr.enableElasticIpAndStaticNatForVm(vm, true);
+        	return true;
         } else {
         	s_logger.warn("Failed to release public ip address id=" + ipAddressId);
         	return false;
@@ -5879,4 +5880,24 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
 		return ip;
 	}
 	
+	@Override
+	public boolean handleElasticIpRelease(IpAddress ip) {
+		boolean success = true;
+		Long networkId = ip.getAssociatedWithNetworkId();
+		if (networkId != null) {
+		    Network guestNetwork = getNetwork(networkId);
+			NetworkOffering offering = _configMgr.getNetworkOffering(guestNetwork.getNetworkOfferingId());
+			if (offering.getElasticIp()) {
+				UserContext ctx = UserContext.current();
+				if (!releasePublicIpAddress(ip.getId(), ctx.getCallerUserId(), ctx.getCaller())) {
+					s_logger.warn("Unable to release elastic ip address id=" + ip.getId());
+					success = false;
+				} else {
+					s_logger.warn("Successfully released elastic ip address id=" + ip.getId());
+				}
+			}
+		}
+		return success;
+	}
+	
 }

server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java

@@ -633,11 +633,21 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
         
         LoadBalancer result = _elbMgr.handleCreateLoadBalancerRule(lb, lbOwner, lb.getNetworkId());
         if (result == null){
+        	IpAddress ip = null;
         	if (off.getElasticLb()) {
-        		IpAddress ip = _networkMgr.assignElasticIp(lb.getNetworkId(), lbOwner, true, false);
+        		ip = _networkMgr.assignElasticIp(lb.getNetworkId(), lbOwner, true, false);
 	        	lb.setSourceIpAddressId(ip.getId());
         	}
-            result = createLoadBalancer(lb, openFirewall);
+        	try {
+                result = createLoadBalancer(lb, openFirewall);
+        	} catch (Exception ex) {
+        		s_logger.warn("Failed to create load balancer due to ", ex);
+        	} finally {
+        		if (result == null && ip != null) {
+        			s_logger.debug("Releasing elastic IP address " + ip + " as corresponding lb rule failed to create");
+        			_networkMgr.handleElasticIpRelease(ip);
+        		}
+        	}
         }
         
     	if (result == null){

server/src/com/cloud/network/rules/RulesManagerImpl.java

@@ -338,7 +338,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
         // Check permissions
         checkIpAndUserVm(ipAddress, vm, caller);
 
-        // Verify that the ip is associated with the network and firewallService is supported for the network
+        // Verify that the ip is associated with the network and static nat service is supported for the network
         Long networkId = ipAddress.getAssociatedWithNetworkId();
         if (networkId == null) {
             throw new InvalidParameterValueException("Unable to enable static nat for the ipAddress id=" + ipId + " as ip is not associated with any network");
@@ -351,8 +351,8 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
         }
 
         Network network = _networkMgr.getNetwork(networkId);
-        if (!_networkMgr.areServicesSupportedInNetwork(network.getId(), Service.Firewall)) {
-            throw new InvalidParameterValueException("Unable to create static nat rule; Firewall service is not supported in network id=" + networkId);
+        if (!_networkMgr.areServicesSupportedInNetwork(network.getId(), Service.StaticNat)) {
+            throw new InvalidParameterValueException("Unable to create static nat rule; StaticNat service is not supported in network id=" + networkId);
         }
 
         // Verify ip address parameter
@@ -1032,7 +1032,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
             ipAddress.setOneToOneNat(false);
             ipAddress.setAssociatedWithVmId(null);
             _ipAddressDao.update(ipAddress.getId(), ipAddress);
-            if (!handleElasticIpRelease(ipAddress)) {
+            if (!_networkMgr.handleElasticIpRelease(ipAddress)) {
             	s_logger.warn("Failed to release elastic ip address " + ipAddress);
             	return false;
             }
@@ -1143,10 +1143,15 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
         				return false;
         			}
         			s_logger.debug("Allocated elastic ip " + ip + ", now enabling static nat on it for vm " + vm);
-        			success = success && enableStaticNat(ip.getId(), vm.getId());
+        			try {
+        				enableStaticNat(ip.getId(), vm.getId());
+        			} catch (Exception ex) {
+        				s_logger.warn("Failed to enable static nat as a part of enabling elasticIp and staticNat for vm " + vm + " in guest network " + guestNetwork + " due to exception ", ex);
+        				success = false;
+        			}
         			if (!success) {
         				s_logger.warn("Failed to enable static nat on elastic ip " + ip + " for the vm " + vm + ", releasing the ip...");
-        				handleElasticIpRelease(ip);
+        				_networkMgr.handleElasticIpRelease(ip);
         			} else {
         				s_logger.warn("Succesfully enabled static nat on elastic ip " + ip + " for the vm " + vm);
         			}
@@ -1163,22 +1168,4 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
     	return success;
     }
 	
-	protected boolean handleElasticIpRelease(IpAddress ip) {
-		boolean success = true;
-		Long networkId = ip.getAssociatedWithNetworkId();
-		if (networkId != null) {
-		    Network guestNetwork = _networkMgr.getNetwork(networkId);
-			NetworkOffering offering = _configMgr.getNetworkOffering(guestNetwork.getNetworkOfferingId());
-			if (offering.getElasticIp()) {
-				UserContext ctx = UserContext.current();
-				if (!_networkMgr.releasePublicIpAddress(ip.getId(), ctx.getCallerUserId(), ctx.getCaller())) {
-					s_logger.warn("Unable to release elastic ip address id=" + ip.getId());
-					success = false;
-				} else {
-					s_logger.warn("Successfully released elastic ip address id=" + ip.getId());
-				}
-			}
-		}
-		return success;
-	}
 }

server/src/com/cloud/server/ConfigurationServerImpl.java

@@ -870,7 +870,6 @@ public class ConfigurationServerImpl implements ConfigurationServer {
         netscalerServiceProviders.put(Service.Dns, Provider.VirtualRouter);
         netscalerServiceProviders.put(Service.UserData, Provider.VirtualRouter);
         netscalerServiceProviders.put(Service.SecurityGroup, Provider.SecurityGroupProvider);
-        netscalerServiceProviders.put(Service.Firewall, Provider.Netscaler);
         netscalerServiceProviders.put(Service.StaticNat, Provider.Netscaler);
         netscalerServiceProviders.put(Service.Lb, Provider.Netscaler);