diff --git a/engine/components-api/src/com/cloud/capacity/CapacityManager.java b/engine/components-api/src/com/cloud/capacity/CapacityManager.java index 17641827648..979c6f7f5ed 100755 --- a/engine/components-api/src/com/cloud/capacity/CapacityManager.java +++ b/engine/components-api/src/com/cloud/capacity/CapacityManager.java @@ -32,13 +32,22 @@ public interface CapacityManager { static final String CpuOverprovisioningFactorCK = "cpu.overprovisioning.factor"; static final String MemOverprovisioningFactorCK = "mem.overprovisioning.factor"; + static final String StorageCapacityDisableThresholdCK = "pool.storage.capacity.disablethreshold"; + static final String StorageOverprovisioningFactorCK = "storage.overprovisioning.factor"; + static final String StorageAllocatedCapacityDisableThresholdCK = "pool.storage.allocated.capacity.disablethreshold"; static final ConfigKey CpuOverprovisioningFactor = new ConfigKey(Float.class, CpuOverprovisioningFactorCK, "Advanced", "1.0", "Used for CPU overprovisioning calculation; available CPU will be (actualCpuCapacity * cpu.overprovisioning.factor)", true, ConfigKey.Scope.Cluster, null); static final ConfigKey MemOverprovisioningFactor = new ConfigKey(Float.class, MemOverprovisioningFactorCK, "Advanced", "1.0", "Used for memory overprovisioning calculation", true, ConfigKey.Scope.Cluster, null); + static final ConfigKey StorageCapacityDisableThreshold = new ConfigKey("Alert", Double.class, StorageCapacityDisableThresholdCK, "0.85", + "Percentage (as a value between 0 and 1) of storage utilization above which allocators will disable using the pool for low storage available.", true, ConfigKey.Scope.Zone); + static final ConfigKey StorageOverprovisioningFactor = new ConfigKey("Storage", Double.class, StorageOverprovisioningFactorCK, "2", + "Used for storage overprovisioning calculation; available storage will be (actualStorageSize * storage.overprovisioning.factor)", true, ConfigKey.Scope.Zone); + static final ConfigKey StorageAllocatedCapacityDisableThreshold = new ConfigKey("Alert", Double.class, StorageAllocatedCapacityDisableThresholdCK, "0.85", + "Percentage (as a value between 0 and 1) of allocated storage utilization above which allocators will disable using the pool for low allocated storage available.", true, + ConfigKey.Scope.Zone); - public boolean releaseVmCapacity(VirtualMachine vm, boolean moveFromReserved, boolean moveToReservered, Long hostId); void allocateVmCapacity(VirtualMachine vm, boolean fromLastHost); diff --git a/engine/orchestration/src/com/cloud/network/NetworkStateListener.java b/engine/components-api/src/com/cloud/network/NetworkStateListener.java similarity index 100% rename from engine/orchestration/src/com/cloud/network/NetworkStateListener.java rename to engine/components-api/src/com/cloud/network/NetworkStateListener.java diff --git a/engine/components-api/src/com/cloud/network/rules/RulesManager.java b/engine/components-api/src/com/cloud/network/rules/RulesManager.java index 2bdf356460b..201d79db9c6 100644 --- a/engine/components-api/src/com/cloud/network/rules/RulesManager.java +++ b/engine/components-api/src/com/cloud/network/rules/RulesManager.java @@ -30,7 +30,7 @@ import com.cloud.vm.VirtualMachine; /** * Rules Manager manages the network rules created for different networks. */ -public interface RulesManager { +public interface RulesManager extends RulesService { boolean applyPortForwardingRulesForNetwork(long networkId, boolean continueOnError, Account caller); diff --git a/engine/orchestration/src/com/cloud/network/rules/StaticNatRuleImpl.java b/engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java similarity index 100% rename from engine/orchestration/src/com/cloud/network/rules/StaticNatRuleImpl.java rename to engine/components-api/src/com/cloud/network/rules/StaticNatRuleImpl.java diff --git a/engine/orchestration/test/com/cloud/vm/VirtualMachineManagerImplTest.java b/engine/orchestration/test/com/cloud/vm/VirtualMachineManagerImplTest.java index beeff404c1e..4e3b60b35e9 100644 --- a/engine/orchestration/test/com/cloud/vm/VirtualMachineManagerImplTest.java +++ b/engine/orchestration/test/com/cloud/vm/VirtualMachineManagerImplTest.java @@ -30,7 +30,6 @@ import java.util.Iterator; import java.util.List; import java.util.Map; -import org.apache.log4j.lf5.viewer.configure.ConfigurationManager; import org.junit.Before; import org.junit.Test; import org.mockito.Mock; @@ -41,6 +40,8 @@ import org.mockito.Spy; import org.apache.cloudstack.api.command.user.vm.RestoreVMCmd; import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService; import org.apache.cloudstack.engine.orchestration.service.VolumeOrchestrationService; +import org.apache.cloudstack.framework.config.ConfigDepot; +import org.apache.cloudstack.framework.config.ConfigValue; import org.apache.cloudstack.framework.config.dao.ConfigurationDao; import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao; import org.apache.cloudstack.storage.datastore.db.StoragePoolVO; @@ -113,8 +114,6 @@ public class VirtualMachineManagerImplTest { @Mock Account _account; @Mock - ConfigurationManager _configMgr; - @Mock CapacityManager _capacityMgr; @Mock AgentManager _agentMgr; @@ -197,6 +196,8 @@ public class VirtualMachineManagerImplTest { Map _volumeToPoolMock; @Mock EntityManager _entityMgr; + @Mock + ConfigDepot _configDepot; @Before public void setup() { @@ -222,6 +223,7 @@ public class VirtualMachineManagerImplTest { _vmMgr._vmDao = _vmInstanceDao; _vmMgr._uservmDetailsDao = _vmDetailsDao; _vmMgr._entityMgr = _entityMgr; + _vmMgr._configDepot = _configDepot; when(_vmMock.getId()).thenReturn(314l); when(_vmInstance.getId()).thenReturn(1L); @@ -266,9 +268,14 @@ public class VirtualMachineManagerImplTest { doReturn(hostVO).when(_hostDao).findById(1L); doReturn(1L).when(_vmInstance).getDataCenterId(); doReturn(1L).when(hostVO).getClusterId(); - when(_configMgr.getConfigValue(Config.EnableDynamicallyScaleVm.key(), Config.Scope.zone.toString(), 1L)).thenReturn("true"); - when(_configMgr.getConfigValue(Config.MemOverprovisioningFactor.key(), Config.Scope.cluster.toString(), 1L)).thenReturn("1.0"); - when(_configMgr.getConfigValue(Config.CPUOverprovisioningFactor.key(), Config.Scope.cluster.toString(), 1L)).thenReturn("1.0"); + @SuppressWarnings("unchecked") + ConfigValue memOverprovisioningFactor = mock(ConfigValue.class); + @SuppressWarnings("unchecked") + ConfigValue cpuOverprovisioningFactor = mock(ConfigValue.class); + when(_configDepot.get(CapacityManager.MemOverprovisioningFactor)).thenReturn(memOverprovisioningFactor); + when(memOverprovisioningFactor.valueIn(1L)).thenReturn(1.0f); + when(_configDepot.get(CapacityManager.CpuOverprovisioningFactor)).thenReturn(cpuOverprovisioningFactor); + when(cpuOverprovisioningFactor.valueIn(1L)).thenReturn(1.0f); ScaleVmCommand reconfigureCmd = new ScaleVmCommand("myVmName", newServiceOffering.getCpu(), newServiceOffering.getSpeed(), newServiceOffering.getSpeed(), newServiceOffering.getRamSize(), newServiceOffering.getRamSize(), newServiceOffering.getLimitCpuUse()); diff --git a/server/src/com/cloud/capacity/CapacityManagerImpl.java b/server/src/com/cloud/capacity/CapacityManagerImpl.java index 348021c2efd..3d5fa4ad9ac 100755 --- a/server/src/com/cloud/capacity/CapacityManagerImpl.java +++ b/server/src/com/cloud/capacity/CapacityManagerImpl.java @@ -30,6 +30,7 @@ import javax.naming.ConfigurationException; import org.apache.log4j.Logger; import org.apache.cloudstack.framework.config.ConfigKey; +import org.apache.cloudstack.framework.config.ConfigValue; import org.apache.cloudstack.framework.config.Configurable; import org.apache.cloudstack.framework.config.dao.ConfigurationDao; import org.apache.cloudstack.framework.messagebus.MessageBus; @@ -75,6 +76,7 @@ import com.cloud.storage.dao.VolumeDao; import com.cloud.utils.DateUtil; import com.cloud.utils.NumbersUtil; import com.cloud.utils.Pair; +import com.cloud.utils.component.InjectConfig; import com.cloud.utils.component.ManagerBase; import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.db.DB; @@ -133,9 +135,9 @@ public class CapacityManagerImpl extends ManagerBase implements CapacityManager, ClusterDetailsDao _clusterDetailsDao; private int _vmCapacityReleaseInterval; private ScheduledExecutorService _executor; - private boolean _stopped; long _extraBytesPerVolume = 0; - private float _storageOverProvisioningFactor = 1.0f; + @InjectConfig(key = StorageOverprovisioningFactorCK) + private ConfigValue _storageOverProvisioningFactor; @Inject MessageBus _messageBus; @@ -145,7 +147,6 @@ public class CapacityManagerImpl extends ManagerBase implements CapacityManager, @Override public boolean configure(String name, Map params) throws ConfigurationException { _vmCapacityReleaseInterval = NumbersUtil.parseInt(_configDao.getValue(Config.CapacitySkipcountingHours.key()), 3600); - _storageOverProvisioningFactor = NumbersUtil.parseFloat(_configDao.getValue(Config.StorageOverprovisioningFactor.key()), 1.0f); _executor = Executors.newScheduledThreadPool(1, new NamedThreadFactory("HostCapacity-Checker")); VirtualMachine.State.getStateMachine().registerListener(this); @@ -165,7 +166,6 @@ public class CapacityManagerImpl extends ManagerBase implements CapacityManager, @Override public boolean stop() { _executor.shutdownNow(); - _stopped = true; return true; } diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index cde8b03ae62..9eca56f32b6 100755 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -57,15 +57,12 @@ public enum Config { VlanCapacityThreshold("Alert", ManagementServer.class, Float.class, "zone.vlan.capacity.notificationthreshold", "0.75", "Percentage (as a value between 0 and 1) of Zone Vlan utilization above which alerts will be sent about low number of Zone Vlans.", null), DirectNetworkPublicIpCapacityThreshold("Alert", ManagementServer.class, Float.class, "zone.directnetwork.publicip.capacity.notificationthreshold", "0.75", "Percentage (as a value between 0 and 1) of Direct Network Public Ip Utilization above which alerts will be sent about low number of direct network public ips.", null), LocalStorageCapacityThreshold("Alert", ManagementServer.class, Float.class, "cluster.localStorage.capacity.notificationthreshold", "0.75", "Percentage (as a value between 0 and 1) of local storage utilization above which alerts will be sent about low local storage available.", null), - StorageAllocatedCapacityDisableThreshold("Alert", ManagementServer.class, Float.class, "pool.storage.allocated.capacity.disablethreshold", "0.85", "Percentage (as a value between 0 and 1) of allocated storage utilization above which allocators will disable using the pool for low allocated storage available.", null, ConfigKey.Scope.Zone.toString()), - StorageCapacityDisableThreshold("Alert", ManagementServer.class, Float.class, "pool.storage.capacity.disablethreshold", "0.85", "Percentage (as a value between 0 and 1) of storage utilization above which allocators will disable using the pool for low storage available.", null, ConfigKey.Scope.Zone.toString()), CPUCapacityDisableThreshold("Alert", ManagementServer.class, Float.class, "cluster.cpu.allocated.capacity.disablethreshold", "0.85", "Percentage (as a value between 0 and 1) of cpu utilization above which allocators will disable using the cluster for low cpu available. Keep the corresponding notification threshold lower than this to be notified beforehand.", null, ConfigKey.Scope.Cluster.toString()), MemoryCapacityDisableThreshold("Alert", ManagementServer.class, Float.class, "cluster.memory.allocated.capacity.disablethreshold", "0.85", "Percentage (as a value between 0 and 1) of memory utilization above which allocators will disable using the cluster for low memory available. Keep the corresponding notification threshold lower than this to be notified beforehand.", null, ConfigKey.Scope.Cluster.toString()), // Storage - StorageOverprovisioningFactor("Storage", StoragePoolAllocator.class, String.class, "storage.overprovisioning.factor", "2", "Used for storage overprovisioning calculation; available storage will be (actualStorageSize * storage.overprovisioning.factor)", null, ConfigKey.Scope.Zone.toString()), StorageStatsInterval("Storage", ManagementServer.class, String.class, "storage.stats.interval", "60000", "The interval (in milliseconds) when storage stats (per host) are retrieved from agents.", null), MaxVolumeSize("Storage", ManagementServer.class, Integer.class, "storage.max.volume.size", "2000", "The maximum size for a volume (in GB).", null), StorageCacheReplacementLRUTimeInterval("Storage", ManagementServer.class, Integer.class, "storage.cache.replacement.lru.interval", "30", "time interval for unused data on cache storage (in days).", null), diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java index 14e11fa4811..7432aa219e9 100755 --- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java @@ -373,8 +373,8 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati weightBasedParametersForValidation.add(Config.VlanCapacityThreshold.key()); weightBasedParametersForValidation.add(Config.DirectNetworkPublicIpCapacityThreshold.key()); weightBasedParametersForValidation.add(Config.LocalStorageCapacityThreshold.key()); - weightBasedParametersForValidation.add(Config.StorageAllocatedCapacityDisableThreshold.key()); - weightBasedParametersForValidation.add(Config.StorageCapacityDisableThreshold.key()); + weightBasedParametersForValidation.add(CapacityManager.StorageAllocatedCapacityDisableThreshold.key()); + weightBasedParametersForValidation.add(CapacityManager.StorageCapacityDisableThreshold.key()); weightBasedParametersForValidation.add(Config.CPUCapacityDisableThreshold.key()); weightBasedParametersForValidation.add(Config.MemoryCapacityDisableThreshold.key()); weightBasedParametersForValidation.add(Config.AgentLoadThreshold.key()); @@ -387,7 +387,7 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati overprovisioningFactorsForValidation = new HashSet(); overprovisioningFactorsForValidation.add(CapacityManager.MemOverprovisioningFactor.key()); overprovisioningFactorsForValidation.add(CapacityManager.CpuOverprovisioningFactor.key()); - overprovisioningFactorsForValidation.add(Config.StorageOverprovisioningFactor.key()); + overprovisioningFactorsForValidation.add(CapacityManager.StorageOverprovisioningFactor.key()); } @Override diff --git a/server/src/com/cloud/network/rules/RulesApiServiceImpl.java b/server/src/com/cloud/network/rules/RulesApiServiceImpl.java deleted file mode 100644 index 1c1774de5ad..00000000000 --- a/server/src/com/cloud/network/rules/RulesApiServiceImpl.java +++ /dev/null @@ -1,1043 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package com.cloud.network.rules; - -import java.util.ArrayList; -import java.util.List; -import java.util.Map; - -import javax.ejb.Local; -import javax.inject.Inject; - -import org.apache.log4j.Logger; - -import org.apache.cloudstack.api.command.user.firewall.ListPortForwardingRulesCmd; -import org.apache.cloudstack.context.CallContext; -import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService; - -import com.cloud.configuration.ConfigurationManager; -import com.cloud.domain.dao.DomainDao; -import com.cloud.event.ActionEvent; -import com.cloud.event.EventTypes; -import com.cloud.event.UsageEventUtils; -import com.cloud.event.dao.EventDao; -import com.cloud.event.dao.UsageEventDao; -import com.cloud.exception.InsufficientAddressCapacityException; -import com.cloud.exception.InvalidParameterValueException; -import com.cloud.exception.NetworkRuleConflictException; -import com.cloud.exception.ResourceUnavailableException; -import com.cloud.network.IpAddress; -import com.cloud.network.IpAddressManager; -import com.cloud.network.Network; -import com.cloud.network.Network.Service; -import com.cloud.network.NetworkModel; -import com.cloud.network.dao.FirewallRulesCidrsDao; -import com.cloud.network.dao.FirewallRulesDao; -import com.cloud.network.dao.IPAddressDao; -import com.cloud.network.dao.IPAddressVO; -import com.cloud.network.dao.LoadBalancerVMMapDao; -import com.cloud.network.rules.FirewallRule.FirewallRuleType; -import com.cloud.network.rules.FirewallRule.Purpose; -import com.cloud.network.rules.dao.PortForwardingRulesDao; -import com.cloud.network.vpc.VpcManager; -import com.cloud.network.vpc.VpcService; -import com.cloud.offering.NetworkOffering; -import com.cloud.projects.Project.ListProjectResourcesCriteria; -import com.cloud.server.ResourceTag.TaggedResourceType; -import com.cloud.tags.ResourceTagVO; -import com.cloud.tags.dao.ResourceTagDao; -import com.cloud.user.Account; -import com.cloud.user.AccountManager; -import com.cloud.user.DomainManager; -import com.cloud.uservm.UserVm; -import com.cloud.utils.Pair; -import com.cloud.utils.Ternary; -import com.cloud.utils.component.ManagerBase; -import com.cloud.utils.db.DB; -import com.cloud.utils.db.EntityManager; -import com.cloud.utils.db.Filter; -import com.cloud.utils.db.JoinBuilder; -import com.cloud.utils.db.SearchBuilder; -import com.cloud.utils.db.SearchCriteria; -import com.cloud.utils.db.SearchCriteria.Op; -import com.cloud.utils.db.Transaction; -import com.cloud.utils.exception.CloudRuntimeException; -import com.cloud.utils.net.Ip; -import com.cloud.vm.Nic; -import com.cloud.vm.NicSecondaryIp; -import com.cloud.vm.UserVmVO; -import com.cloud.vm.VMInstanceVO; -import com.cloud.vm.VirtualMachine; -import com.cloud.vm.dao.NicDao; -import com.cloud.vm.dao.NicSecondaryIpDao; -import com.cloud.vm.dao.NicSecondaryIpVO; -import com.cloud.vm.dao.UserVmDao; -import com.cloud.vm.dao.VMInstanceDao; - -@Local(value = {RulesService.class}) -public class RulesApiServiceImpl extends ManagerBase implements RulesService { - private static final Logger s_logger = Logger.getLogger(RulesApiServiceImpl.class); - - @Inject - IpAddressManager _ipAddrMgr; - @Inject - EntityManager _entityMgr; - - @Inject - PortForwardingRulesDao _portForwardingDao; - @Inject - FirewallRulesCidrsDao _firewallCidrsDao; - @Inject - FirewallRulesDao _firewallDao; - @Inject - IPAddressDao _ipAddressDao; - @Inject - UserVmDao _vmDao; - @Inject - VMInstanceDao _vmInstanceDao; - @Inject - AccountManager _accountMgr; - @Inject - NetworkOrchestrationService _networkMgr; - @Inject - NetworkModel _networkModel; - @Inject - EventDao _eventDao; - @Inject - UsageEventDao _usageEventDao; - @Inject - DomainDao _domainDao; - @Inject - FirewallManager _firewallMgr; - @Inject - DomainManager _domainMgr; - @Inject - ConfigurationManager _configMgr; - @Inject - NicDao _nicDao; - @Inject - ResourceTagDao _resourceTagDao; - @Inject - VpcManager _vpcMgr; - @Inject - NicSecondaryIpDao _nicSecondaryDao; - @Inject - LoadBalancerVMMapDao _loadBalancerVMMapDao; - @Inject - VpcService _vpcService; - - protected void checkIpAndUserVm(IpAddress ipAddress, UserVm userVm, Account caller, Boolean ignoreVmState) { - if (ipAddress == null || ipAddress.getAllocatedTime() == null || ipAddress.getAllocatedToAccountId() == null) { - throw new InvalidParameterValueException("Unable to create ip forwarding rule on address " + ipAddress + ", invalid IP address specified."); - } - - if (userVm == null) { - return; - } - - if (userVm.getState() == VirtualMachine.State.Destroyed || userVm.getState() == VirtualMachine.State.Expunging) { - if (!ignoreVmState) { - throw new InvalidParameterValueException("Invalid user vm: " + userVm.getId()); - } - } - - _accountMgr.checkAccess(caller, null, true, ipAddress, userVm); - - // validate that IP address and userVM belong to the same account - if (ipAddress.getAllocatedToAccountId().longValue() != userVm.getAccountId()) { - throw new InvalidParameterValueException("Unable to create ip forwarding rule, IP address " + ipAddress + " owner is not the same as owner of virtual machine " + - userVm.toString()); - } - - // validate that userVM is in the same availability zone as the IP address - if (ipAddress.getDataCenterId() != userVm.getDataCenterId()) { - //make an exception for portable IP - if (!ipAddress.isPortable()) { - throw new InvalidParameterValueException("Unable to create ip forwarding rule, IP address " + ipAddress + - " is not in the same availability zone as virtual machine " + userVm.toString()); - } - } - - } - - public void checkRuleAndUserVm(FirewallRule rule, UserVm userVm, Account caller) { - if (userVm == null || rule == null) { - return; - } - - _accountMgr.checkAccess(caller, null, true, rule, userVm); - - if (userVm.getState() == VirtualMachine.State.Destroyed || userVm.getState() == VirtualMachine.State.Expunging) { - throw new InvalidParameterValueException("Invalid user vm: " + userVm.getId()); - } - - if (rule.getAccountId() != userVm.getAccountId()) { - throw new InvalidParameterValueException("New rule " + rule + " and vm id=" + userVm.getId() + " belong to different accounts"); - } - } - - @Override - @DB - @ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "creating forwarding rule", create = true) - public PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId, Ip vmIp, boolean openFirewall) throws NetworkRuleConflictException { - CallContext ctx = CallContext.current(); - Account caller = ctx.getCallingAccount(); - - Long ipAddrId = rule.getSourceIpAddressId(); - - IPAddressVO ipAddress = _ipAddressDao.findById(ipAddrId); - - // Validate ip address - if (ipAddress == null) { - throw new InvalidParameterValueException("Unable to create port forwarding rule; ip id=" + ipAddrId + " doesn't exist in the system"); - } else if (ipAddress.isOneToOneNat()) { - throw new InvalidParameterValueException("Unable to create port forwarding rule; ip id=" + ipAddrId + " has static nat enabled"); - } - - Long networkId = rule.getNetworkId(); - Network network = _networkModel.getNetwork(networkId); - //associate ip address to network (if needed) - boolean performedIpAssoc = false; - Nic guestNic; - if (ipAddress.getAssociatedWithNetworkId() == null) { - boolean assignToVpcNtwk = network.getVpcId() != null && ipAddress.getVpcId() != null && ipAddress.getVpcId().longValue() == network.getVpcId(); - if (assignToVpcNtwk) { - _networkModel.checkIpForService(ipAddress, Service.PortForwarding, networkId); - - s_logger.debug("The ip is not associated with the VPC network id=" + networkId + ", so assigning"); - try { - ipAddress = _ipAddrMgr.associateIPToGuestNetwork(ipAddrId, networkId, false); - performedIpAssoc = true; - } catch (Exception ex) { - throw new CloudRuntimeException("Failed to associate ip to VPC network as " + "a part of port forwarding rule creation"); - } - } - } else { - _networkModel.checkIpForService(ipAddress, Service.PortForwarding, null); - } - - if (ipAddress.getAssociatedWithNetworkId() == null) { - throw new InvalidParameterValueException("Ip address " + ipAddress + " is not assigned to the network " + network); - } - - try { - _firewallMgr.validateFirewallRule(caller, ipAddress, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), Purpose.PortForwarding, - FirewallRuleType.User, networkId, rule.getTrafficType()); - - Long accountId = ipAddress.getAllocatedToAccountId(); - Long domainId = ipAddress.getAllocatedInDomainId(); - - // start port can't be bigger than end port - if (rule.getDestinationPortStart() > rule.getDestinationPortEnd()) { - throw new InvalidParameterValueException("Start port can't be bigger than end port"); - } - - // check that the port ranges are of equal size - if ((rule.getDestinationPortEnd() - rule.getDestinationPortStart()) != (rule.getSourcePortEnd() - rule.getSourcePortStart())) { - throw new InvalidParameterValueException("Source port and destination port ranges should be of equal sizes."); - } - - // validate user VM exists - UserVm vm = _vmDao.findById(vmId); - if (vm == null) { - throw new InvalidParameterValueException("Unable to create port forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + vmId + ")."); - } else { - checkRuleAndUserVm(rule, vm, caller); - } - - // Verify that vm has nic in the network - Ip dstIp = rule.getDestinationIpAddress(); - guestNic = _networkModel.getNicInNetwork(vmId, networkId); - if (guestNic == null || guestNic.getIp4Address() == null) { - throw new InvalidParameterValueException("Vm doesn't belong to network associated with ipAddress"); - } else { - dstIp = new Ip(guestNic.getIp4Address()); - } - - if (vmIp != null) { - //vm ip is passed so it can be primary or secondary ip addreess. - if (!dstIp.equals(vmIp)) { - //the vm ip is secondary ip to the nic. - // is vmIp is secondary ip or not - NicSecondaryIp secondaryIp = _nicSecondaryDao.findByIp4AddressAndNicId(vmIp.toString(), guestNic.getId()); - if (secondaryIp == null) { - throw new InvalidParameterValueException("IP Address is not in the VM nic's network "); - } - dstIp = vmIp; - } - } - - //if start port and end port are passed in, and they are not equal to each other, perform the validation - boolean validatePortRange = false; - if (rule.getSourcePortStart().intValue() != rule.getSourcePortEnd().intValue() || rule.getDestinationPortStart() != rule.getDestinationPortEnd()) { - validatePortRange = true; - } - - if (validatePortRange) { - //source start port and source dest port should be the same. The same applies to dest ports - if (rule.getSourcePortStart().intValue() != rule.getDestinationPortStart()) { - throw new InvalidParameterValueException("Private port start should be equal to public port start"); - } - - if (rule.getSourcePortEnd().intValue() != rule.getDestinationPortEnd()) { - throw new InvalidParameterValueException("Private port end should be equal to public port end"); - } - } - - Transaction txn = Transaction.currentTxn(); - txn.start(); - - PortForwardingRuleVO newRule = new PortForwardingRuleVO(rule.getXid(), - rule.getSourceIpAddressId(), - rule.getSourcePortStart(), - rule.getSourcePortEnd(), - dstIp, - rule.getDestinationPortStart(), - rule.getDestinationPortEnd(), - rule.getProtocol().toLowerCase(), - networkId, - accountId, - domainId, - vmId); - newRule = _portForwardingDao.persist(newRule); - - // create firewallRule for 0.0.0.0/0 cidr - if (openFirewall) { - _firewallMgr.createRuleForAllCidrs(ipAddrId, caller, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), null, null, newRule.getId(), networkId); - } - - try { - _firewallMgr.detectRulesConflict(newRule); - if (!_firewallDao.setStateToAdd(newRule)) { - throw new CloudRuntimeException("Unable to update the state to add for " + newRule); - } - CallContext.current().setEventDetails("Rule Id: " + newRule.getId()); - UsageEventUtils.publishUsageEvent(EventTypes.EVENT_NET_RULE_ADD, newRule.getAccountId(), ipAddress.getDataCenterId(), newRule.getId(), null, - PortForwardingRule.class.getName(), newRule.getUuid()); - txn.commit(); - return newRule; - } catch (Exception e) { - if (newRule != null) { - txn.start(); - // no need to apply the rule as it wasn't programmed on the backend yet - _firewallMgr.revokeRelatedFirewallRule(newRule.getId(), false); - removePFRule(newRule); - txn.commit(); - } - - if (e instanceof NetworkRuleConflictException) { - throw (NetworkRuleConflictException)e; - } - - throw new CloudRuntimeException("Unable to add rule for the ip id=" + ipAddrId, e); - } - } finally { - // release ip address if ipassoc was perfored - if (performedIpAssoc) { - //if the rule is the last one for the ip address assigned to VPC, unassign it from the network - IpAddress ip = _ipAddressDao.findById(ipAddress.getId()); - _vpcMgr.unassignIPFromVpcNetwork(ip.getId(), networkId); - } - } - } - - @Override - @DB - @ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "creating static nat rule", create = true) - public StaticNatRule createStaticNatRule(StaticNatRule rule, boolean openFirewall) throws NetworkRuleConflictException { - Account caller = CallContext.current().getCallingAccount(); - - Long ipAddrId = rule.getSourceIpAddressId(); - - IPAddressVO ipAddress = _ipAddressDao.findById(ipAddrId); - - // Validate ip address - if (ipAddress == null) { - throw new InvalidParameterValueException("Unable to create static nat rule; ip id=" + ipAddrId + " doesn't exist in the system"); - } else if (ipAddress.isSourceNat() || !ipAddress.isOneToOneNat() || ipAddress.getAssociatedWithVmId() == null) { - throw new NetworkRuleConflictException("Can't do static nat on ip address: " + ipAddress.getAddress()); - } - - _firewallMgr.validateFirewallRule(caller, ipAddress, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), Purpose.StaticNat, FirewallRuleType.User, - null, rule.getTrafficType()); - - Long networkId = ipAddress.getAssociatedWithNetworkId(); - Long accountId = ipAddress.getAllocatedToAccountId(); - Long domainId = ipAddress.getAllocatedInDomainId(); - - _networkModel.checkIpForService(ipAddress, Service.StaticNat, null); - - Network network = _networkModel.getNetwork(networkId); - NetworkOffering off = _entityMgr.findById(NetworkOffering.class, network.getNetworkOfferingId()); - if (off.getElasticIp()) { - throw new InvalidParameterValueException("Can't create ip forwarding rules for the network where elasticIP service is enabled"); - } - - //String dstIp = _networkModel.getIpInNetwork(ipAddress.getAssociatedWithVmId(), networkId); - String dstIp = ipAddress.getVmIp(); - Transaction txn = Transaction.currentTxn(); - txn.start(); - - FirewallRuleVO newRule = new FirewallRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol() - .toLowerCase(), networkId, accountId, domainId, rule.getPurpose(), null, null, null, null, null); - - newRule = _firewallDao.persist(newRule); - - // create firewallRule for 0.0.0.0/0 cidr - if (openFirewall) { - _firewallMgr.createRuleForAllCidrs(ipAddrId, caller, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), null, null, newRule.getId(), networkId); - } - - try { - _firewallMgr.detectRulesConflict(newRule); - if (!_firewallDao.setStateToAdd(newRule)) { - throw new CloudRuntimeException("Unable to update the state to add for " + newRule); - } - CallContext.current().setEventDetails("Rule Id: " + newRule.getId()); - UsageEventUtils.publishUsageEvent(EventTypes.EVENT_NET_RULE_ADD, newRule.getAccountId(), 0, newRule.getId(), null, FirewallRule.class.getName(), newRule.getUuid()); - - txn.commit(); - StaticNatRule staticNatRule = new StaticNatRuleImpl(newRule, dstIp); - - return staticNatRule; - } catch (Exception e) { - - if (newRule != null) { - txn.start(); - // no need to apply the rule as it wasn't programmed on the backend yet - _firewallMgr.revokeRelatedFirewallRule(newRule.getId(), false); - _firewallMgr.removeRule(newRule); - txn.commit(); - } - - if (e instanceof NetworkRuleConflictException) { - throw (NetworkRuleConflictException)e; - } - throw new CloudRuntimeException("Unable to add static nat rule for the ip id=" + newRule.getSourceIpAddressId(), e); - } - } - - @Override - @ActionEvent(eventType = EventTypes.EVENT_ENABLE_STATIC_NAT, eventDescription = "enabling static nat") - public boolean enableStaticNat(long ipId, long vmId, long networkId, String vmGuestIp) throws NetworkRuleConflictException, ResourceUnavailableException { - return enableStaticNat(ipId, vmId, networkId, false, vmGuestIp); - } - - private boolean enableStaticNat(long ipId, long vmId, long networkId, boolean isSystemVm, String vmGuestIp) throws NetworkRuleConflictException, ResourceUnavailableException { - CallContext ctx = CallContext.current(); - Account caller = ctx.getCallingAccount(); - CallContext.current().setEventDetails("Ip Id: " + ipId); - - // Verify input parameters - IPAddressVO ipAddress = _ipAddressDao.findById(ipId); - if (ipAddress == null) { - throw new InvalidParameterValueException("Unable to find ip address by id " + ipId); - } - - // Verify input parameters - boolean performedIpAssoc = false; - boolean isOneToOneNat = ipAddress.isOneToOneNat(); - Long associatedWithVmId = ipAddress.getAssociatedWithVmId(); - Nic guestNic; - NicSecondaryIpVO nicSecIp = null; - String dstIp = null; - - try { - Network network = _networkModel.getNetwork(networkId); - if (network == null) { - throw new InvalidParameterValueException("Unable to find network by id"); - } - - // Check that vm has a nic in the network - guestNic = _networkModel.getNicInNetwork(vmId, networkId); - if (guestNic == null) { - throw new InvalidParameterValueException("Vm doesn't belong to the network with specified id"); - } - dstIp = guestNic.getIp4Address(); - - if (!_networkModel.areServicesSupportedInNetwork(network.getId(), Service.StaticNat)) { - throw new InvalidParameterValueException("Unable to create static nat rule; StaticNat service is not " + "supported in network with specified id"); - } - - if (!isSystemVm) { - UserVmVO vm = _vmDao.findById(vmId); - if (vm == null) { - throw new InvalidParameterValueException("Can't enable static nat for the address id=" + ipId + ", invalid virtual machine id specified (" + vmId + ")."); - } - //associate ip address to network (if needed) - if (ipAddress.getAssociatedWithNetworkId() == null) { - boolean assignToVpcNtwk = network.getVpcId() != null && ipAddress.getVpcId() != null && ipAddress.getVpcId().longValue() == network.getVpcId(); - if (assignToVpcNtwk) { - _networkModel.checkIpForService(ipAddress, Service.StaticNat, networkId); - - s_logger.debug("The ip is not associated with the VPC network id=" + networkId + ", so assigning"); - try { - ipAddress = _ipAddrMgr.associateIPToGuestNetwork(ipId, networkId, false); - } catch (Exception ex) { - s_logger.warn("Failed to associate ip id=" + ipId + " to VPC network id=" + networkId + " as " + "a part of enable static nat"); - return false; - } - } else if (ipAddress.isPortable()) { - s_logger.info("Portable IP " + ipAddress.getUuid() + " is not associated with the network yet " + " so associate IP with the network " + networkId); - try { - // check if StaticNat service is enabled in the network - _networkModel.checkIpForService(ipAddress, Service.StaticNat, networkId); - - // associate portable IP to vpc, if network is part of VPC - if (network.getVpcId() != null) { - _vpcService.associateIPToVpc(ipId, network.getVpcId()); - } - - // associate portable IP with guest network - ipAddress = _ipAddrMgr.associatePortableIPToGuestNetwork(ipId, networkId, false); - } catch (Exception e) { - s_logger.warn("Failed to associate portable id=" + ipId + " to network id=" + networkId + " as " + "a part of enable static nat"); - return false; - } - } - } else if (ipAddress.getAssociatedWithNetworkId() != networkId) { - if (ipAddress.isPortable()) { - // check if destination network has StaticNat service enabled - _networkModel.checkIpForService(ipAddress, Service.StaticNat, networkId); - - // check if portable IP can be transferred across the networks - if (_ipAddrMgr.isPortableIpTransferableFromNetwork(ipId, ipAddress.getAssociatedWithNetworkId())) { - try { - // transfer the portable IP and refresh IP details - _ipAddrMgr.transferPortableIP(ipId, ipAddress.getAssociatedWithNetworkId(), networkId); - ipAddress = _ipAddressDao.findById(ipId); - } catch (Exception e) { - s_logger.warn("Failed to associate portable id=" + ipId + " to network id=" + networkId + " as " + "a part of enable static nat"); - return false; - } - } else { - throw new InvalidParameterValueException("Portable IP: " + ipId + " has associated services " + "in network " + ipAddress.getAssociatedWithNetworkId() + - " so can not be transferred to " + " network " + networkId); - } - } else { - throw new InvalidParameterValueException("Invalid network Id=" + networkId + ". IP is associated with" + " a different network than passed network id"); - } - } else { - _networkModel.checkIpForService(ipAddress, Service.StaticNat, null); - } - - if (ipAddress.getAssociatedWithNetworkId() == null) { - throw new InvalidParameterValueException("Ip address " + ipAddress + " is not assigned to the network " + network); - } - - // Check permissions - if (ipAddress.getSystem()) { - // when system is enabling static NAT on system IP's (for EIP) ignore VM state - checkIpAndUserVm(ipAddress, vm, caller, true); - } else { - checkIpAndUserVm(ipAddress, vm, caller, false); - } - - //is static nat is for vm secondary ip - //dstIp = guestNic.getIp4Address(); - if (vmGuestIp != null) { - //dstIp = guestNic.getIp4Address(); - - if (!dstIp.equals(vmGuestIp)) { - //check whether the secondary ip set to the vm or not - boolean secondaryIpSet = _networkMgr.isSecondaryIpSetForNic(guestNic.getId()); - if (!secondaryIpSet) { - throw new InvalidParameterValueException("VM ip " + vmGuestIp + " address not belongs to the vm"); - } - //check the ip belongs to the vm or not - nicSecIp = _nicSecondaryDao.findByIp4AddressAndNicId(vmGuestIp, guestNic.getId()); - if (nicSecIp == null) { - throw new InvalidParameterValueException("VM ip " + vmGuestIp + " address not belongs to the vm"); - } - dstIp = nicSecIp.getIp4Address(); - // Set public ip column with the vm ip - } - } - - // Verify ip address parameter - // checking vm id is not sufficient, check for the vm ip - isIpReadyForStaticNat(vmId, ipAddress, dstIp, caller, ctx.getCallingUserId()); - } - - ipAddress.setOneToOneNat(true); - ipAddress.setAssociatedWithVmId(vmId); - - ipAddress.setVmIp(dstIp); - if (_ipAddressDao.update(ipAddress.getId(), ipAddress)) { - // enable static nat on the backend - s_logger.trace("Enabling static nat for ip address " + ipAddress + " and vm id=" + vmId + " on the backend"); - if (applyStaticNatForIp(ipId, false, caller, false)) { - performedIpAssoc = false; // ignor unassignIPFromVpcNetwork in finally block - return true; - } else { - s_logger.warn("Failed to enable static nat rule for ip address " + ipId + " on the backend"); - ipAddress.setOneToOneNat(isOneToOneNat); - ipAddress.setAssociatedWithVmId(associatedWithVmId); - ipAddress.setVmIp(null); - _ipAddressDao.update(ipAddress.getId(), ipAddress); - } - } else { - s_logger.warn("Failed to update ip address " + ipAddress + " in the DB as a part of enableStaticNat"); - - } - } finally { - if (performedIpAssoc) { - //if the rule is the last one for the ip address assigned to VPC, unassign it from the network - IpAddress ip = _ipAddressDao.findById(ipAddress.getId()); - _vpcMgr.unassignIPFromVpcNetwork(ip.getId(), networkId); - } - } - return false; - } - - protected void isIpReadyForStaticNat(long vmId, IPAddressVO ipAddress, String vmIp, Account caller, long callerUserId) throws NetworkRuleConflictException, - ResourceUnavailableException { - if (ipAddress.isSourceNat()) { - throw new InvalidParameterValueException("Can't enable static, ip address " + ipAddress + " is a sourceNat ip address"); - } - - if (!ipAddress.isOneToOneNat()) { // Dont allow to enable static nat if PF/LB rules exist for the IP - List portForwardingRules = _firewallDao.listByIpAndPurposeAndNotRevoked(ipAddress.getId(), Purpose.PortForwarding); - if (portForwardingRules != null && !portForwardingRules.isEmpty()) { - throw new NetworkRuleConflictException("Failed to enable static nat for the ip address " + ipAddress + " as it already has PortForwarding rules assigned"); - } - - List loadBalancingRules = _firewallDao.listByIpAndPurposeAndNotRevoked(ipAddress.getId(), Purpose.LoadBalancing); - if (loadBalancingRules != null && !loadBalancingRules.isEmpty()) { - throw new NetworkRuleConflictException("Failed to enable static nat for the ip address " + ipAddress + " as it already has LoadBalancing rules assigned"); - } - } else if (ipAddress.getAssociatedWithVmId() != null && ipAddress.getAssociatedWithVmId().longValue() != vmId) { - throw new NetworkRuleConflictException("Failed to enable static for the ip address " + ipAddress + " and vm id=" + vmId + " as it's already assigned to antoher vm"); - } - - //check wether the vm ip is alreday associated with any public ip address - IPAddressVO oldIP = _ipAddressDao.findByAssociatedVmIdAndVmIp(vmId, vmIp); - - if (oldIP != null) { - // If elasticIP functionality is supported in the network, we always have to disable static nat on the old -// ip in order to re-enable it on the new one - Long networkId = oldIP.getAssociatedWithNetworkId(); - boolean reassignStaticNat = false; - if (networkId != null) { - Network guestNetwork = _networkModel.getNetwork(networkId); - NetworkOffering offering = _entityMgr.findById(NetworkOffering.class, guestNetwork.getNetworkOfferingId()); - if (offering.getElasticIp()) { - reassignStaticNat = true; - } - } - - // If there is public ip address already associated with the vm, throw an exception - if (!reassignStaticNat) { - throw new InvalidParameterValueException("Failed to enable static nat for the ip address id=" + ipAddress.getId() + " as vm id=" + vmId + - " is already associated with ip id=" + oldIP.getId()); - } - // unassign old static nat rule - s_logger.debug("Disassociating static nat for ip " + oldIP); - if (!disableStaticNat(oldIP.getId(), caller, callerUserId, true)) { - throw new CloudRuntimeException("Failed to disable old static nat rule for vm id=" + vmId + " and ip " + oldIP); - } - } - } - - @Override - @ActionEvent(eventType = EventTypes.EVENT_NET_RULE_DELETE, eventDescription = "revoking forwarding rule", async = true) - public boolean revokePortForwardingRule(long ruleId, boolean apply) { - CallContext ctx = CallContext.current(); - Account caller = ctx.getCallingAccount(); - - PortForwardingRuleVO rule = _portForwardingDao.findById(ruleId); - if (rule == null) { - throw new InvalidParameterValueException("Unable to find " + ruleId); - } - - _accountMgr.checkAccess(caller, null, true, rule); - - if (!revokePortForwardingRuleInternal(ruleId, caller, ctx.getCallingUserId(), apply)) { - throw new CloudRuntimeException("Failed to delete port forwarding rule"); - } - return true; - } - - private boolean revokePortForwardingRuleInternal(long ruleId, Account caller, long userId, boolean apply) { - PortForwardingRuleVO rule = _portForwardingDao.findById(ruleId); - - _firewallMgr.revokeRule(rule, caller, userId, true); - - boolean success = false; - - if (apply) { - success = applyPortForwardingRules(rule.getSourceIpAddressId(), true, caller); - } else { - success = true; - } - - return success; - } - - @Override - @ActionEvent(eventType = EventTypes.EVENT_NET_RULE_DELETE, eventDescription = "revoking forwarding rule", async = true) - public boolean revokeStaticNatRule(long ruleId, boolean apply) { - CallContext ctx = CallContext.current(); - Account caller = ctx.getCallingAccount(); - - FirewallRuleVO rule = _firewallDao.findById(ruleId); - if (rule == null) { - throw new InvalidParameterValueException("Unable to find " + ruleId); - } - - _accountMgr.checkAccess(caller, null, true, rule); - - if (!revokeStaticNatRuleInternal(ruleId, caller, ctx.getCallingUserId(), apply)) { - throw new CloudRuntimeException("Failed to revoke forwarding rule"); - } - return true; - } - - private boolean revokeStaticNatRuleInternal(long ruleId, Account caller, long userId, boolean apply) { - FirewallRuleVO rule = _firewallDao.findById(ruleId); - - _firewallMgr.revokeRule(rule, caller, userId, true); - - boolean success = false; - - if (apply) { - success = applyStaticNatRulesForIp(rule.getSourceIpAddressId(), true, caller, true); - } else { - success = true; - } - - return success; - } - - @Override - public Pair, Integer> listPortForwardingRules(ListPortForwardingRulesCmd cmd) { - Long ipId = cmd.getIpAddressId(); - Long id = cmd.getId(); - Map tags = cmd.getTags(); - - Account caller = CallContext.current().getCallingAccount(); - List permittedAccounts = new ArrayList(); - - if (ipId != null) { - IPAddressVO ipAddressVO = _ipAddressDao.findById(ipId); - if (ipAddressVO == null || !ipAddressVO.readyToUse()) { - throw new InvalidParameterValueException("Ip address id=" + ipId + " not ready for port forwarding rules yet"); - } - _accountMgr.checkAccess(caller, null, true, ipAddressVO); - } - - Ternary domainIdRecursiveListProject = new Ternary(cmd.getDomainId(), - cmd.isRecursive(), - null); - _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedAccounts, domainIdRecursiveListProject, cmd.listAll(), false); - Long domainId = domainIdRecursiveListProject.first(); - Boolean isRecursive = domainIdRecursiveListProject.second(); - ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third(); - - Filter filter = new Filter(PortForwardingRuleVO.class, "id", false, cmd.getStartIndex(), cmd.getPageSizeVal()); - SearchBuilder sb = _portForwardingDao.createSearchBuilder(); - _accountMgr.buildACLSearchBuilder(sb, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); - - sb.and("id", sb.entity().getId(), Op.EQ); - sb.and("ip", sb.entity().getSourceIpAddressId(), Op.EQ); - sb.and("purpose", sb.entity().getPurpose(), Op.EQ); - - if (tags != null && !tags.isEmpty()) { - SearchBuilder tagSearch = _resourceTagDao.createSearchBuilder(); - for (int count = 0; count < tags.size(); count++) { - tagSearch.or().op("key" + String.valueOf(count), tagSearch.entity().getKey(), SearchCriteria.Op.EQ); - tagSearch.and("value" + String.valueOf(count), tagSearch.entity().getValue(), SearchCriteria.Op.EQ); - tagSearch.cp(); - } - tagSearch.and("resourceType", tagSearch.entity().getResourceType(), SearchCriteria.Op.EQ); - sb.groupBy(sb.entity().getId()); - sb.join("tagSearch", tagSearch, sb.entity().getId(), tagSearch.entity().getResourceId(), JoinBuilder.JoinType.INNER); - } - - SearchCriteria sc = sb.create(); - _accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); - - if (id != null) { - sc.setParameters("id", id); - } - - if (tags != null && !tags.isEmpty()) { - int count = 0; - sc.setJoinParameters("tagSearch", "resourceType", TaggedResourceType.PortForwardingRule.toString()); - for (String key : tags.keySet()) { - sc.setJoinParameters("tagSearch", "key" + String.valueOf(count), key); - sc.setJoinParameters("tagSearch", "value" + String.valueOf(count), tags.get(key)); - count++; - } - } - - if (ipId != null) { - sc.setParameters("ip", ipId); - } - - sc.setParameters("purpose", Purpose.PortForwarding); - - Pair, Integer> result = _portForwardingDao.searchAndCount(sc, filter); - return new Pair, Integer>(result.first(), result.second()); - } - - protected boolean applyPortForwardingRules(long ipId, boolean continueOnError, Account caller) { - List rules = _portForwardingDao.listForApplication(ipId); - - if (rules.size() == 0) { - s_logger.debug("There are no port forwarding rules to apply for ip id=" + ipId); - return true; - } - - if (caller != null) { - _accountMgr.checkAccess(caller, null, true, rules.toArray(new PortForwardingRuleVO[rules.size()])); - } - - try { - if (!_firewallMgr.applyRules(rules, continueOnError, true)) { - return false; - } - } catch (ResourceUnavailableException ex) { - s_logger.warn("Failed to apply port forwarding rules for ip due to ", ex); - return false; - } - - return true; - } - - protected boolean applyStaticNatRulesForIp(long sourceIpId, boolean continueOnError, Account caller, boolean forRevoke) { - List rules = _firewallDao.listByIpAndPurpose(sourceIpId, Purpose.StaticNat); - List staticNatRules = new ArrayList(); - - if (rules.size() == 0) { - s_logger.debug("There are no static nat rules to apply for ip id=" + sourceIpId); - return true; - } - - for (FirewallRule rule : rules) { - staticNatRules.add(buildStaticNatRule(rule, forRevoke)); - } - - if (caller != null) { - _accountMgr.checkAccess(caller, null, true, staticNatRules.toArray(new StaticNatRule[staticNatRules.size()])); - } - - try { - if (!_firewallMgr.applyRules(staticNatRules, continueOnError, true)) { - return false; - } - } catch (ResourceUnavailableException ex) { - s_logger.warn("Failed to apply static nat rules for ip due to ", ex); - return false; - } - - return true; - } - @Override - public Pair, Integer> searchStaticNatRules(Long ipId, Long id, Long vmId, Long start, Long size, String accountName, Long domainId, - Long projectId, boolean isRecursive, boolean listAll) { - Account caller = CallContext.current().getCallingAccount(); - List permittedAccounts = new ArrayList(); - - if (ipId != null) { - IPAddressVO ipAddressVO = _ipAddressDao.findById(ipId); - if (ipAddressVO == null || !ipAddressVO.readyToUse()) { - throw new InvalidParameterValueException("Ip address id=" + ipId + " not ready for port forwarding rules yet"); - } - _accountMgr.checkAccess(caller, null, true, ipAddressVO); - } - - Ternary domainIdRecursiveListProject = new Ternary(domainId, isRecursive, null); - _accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedAccounts, domainIdRecursiveListProject, listAll, false); - domainId = domainIdRecursiveListProject.first(); - isRecursive = domainIdRecursiveListProject.second(); - ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third(); - - Filter filter = new Filter(PortForwardingRuleVO.class, "id", false, start, size); - SearchBuilder sb = _firewallDao.createSearchBuilder(); - _accountMgr.buildACLSearchBuilder(sb, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); - - sb.and("ip", sb.entity().getSourceIpAddressId(), Op.EQ); - sb.and("purpose", sb.entity().getPurpose(), Op.EQ); - sb.and("id", sb.entity().getId(), Op.EQ); - - if (vmId != null) { - SearchBuilder ipSearch = _ipAddressDao.createSearchBuilder(); - ipSearch.and("associatedWithVmId", ipSearch.entity().getAssociatedWithVmId(), Op.EQ); - sb.join("ipSearch", ipSearch, sb.entity().getSourceIpAddressId(), ipSearch.entity().getId(), JoinBuilder.JoinType.INNER); - } - - SearchCriteria sc = sb.create(); - _accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); - sc.setParameters("purpose", Purpose.StaticNat); - - if (id != null) { - sc.setParameters("id", id); - } - - if (ipId != null) { - sc.setParameters("ip", ipId); - } - - if (vmId != null) { - sc.setJoinParameters("ipSearch", "associatedWithVmId", vmId); - } - - Pair, Integer> result = _firewallDao.searchAndCount(sc, filter); - return new Pair, Integer>(result.first(), result.second()); - } - - @Override - @ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "applying port forwarding rule", async = true) - public boolean applyPortForwardingRules(long ipId, Account caller) throws ResourceUnavailableException { - if (!applyPortForwardingRules(ipId, false, caller)) { - throw new CloudRuntimeException("Failed to apply port forwarding rule"); - } - return true; - } - - @Override - @ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "applying static nat rule", async = true) - public boolean applyStaticNatRules(long ipId, Account caller) throws ResourceUnavailableException { - if (!applyStaticNatRulesForIp(ipId, false, caller, false)) { - throw new CloudRuntimeException("Failed to apply static nat rule"); - } - return true; - } - @Override - @ActionEvent(eventType = EventTypes.EVENT_DISABLE_STATIC_NAT, eventDescription = "disabling static nat", async = true) - public boolean disableStaticNat(long ipId) throws ResourceUnavailableException, NetworkRuleConflictException, InsufficientAddressCapacityException { - CallContext ctx = CallContext.current(); - Account caller = ctx.getCallingAccount(); - IPAddressVO ipAddress = _ipAddressDao.findById(ipId); - checkIpAndUserVm(ipAddress, null, caller, false); - - if (ipAddress.getSystem()) { - InvalidParameterValueException ex = new InvalidParameterValueException("Can't disable static nat for system IP address with specified id"); - ex.addProxyObject(ipAddress.getUuid(), "ipId"); - throw ex; - } - - Long vmId = ipAddress.getAssociatedWithVmId(); - if (vmId == null) { - InvalidParameterValueException ex = new InvalidParameterValueException("Specified IP address id is not associated with any vm Id"); - ex.addProxyObject(ipAddress.getUuid(), "ipId"); - throw ex; - } - - // if network has elastic IP functionality supported, we first have to disable static nat on old ip in order to - // re-enable it on the new one enable static nat takes care of that - Network guestNetwork = _networkModel.getNetwork(ipAddress.getAssociatedWithNetworkId()); - NetworkOffering offering = _entityMgr.findById(NetworkOffering.class, guestNetwork.getNetworkOfferingId()); - if (offering.getElasticIp()) { - if (offering.getAssociatePublicIP()) { - getSystemIpAndEnableStaticNatForVm(_vmDao.findById(vmId), true); - return true; - } - } - - return disableStaticNat(ipId, caller, ctx.getCallingUserId(), false); - } - - @Override - public StaticNatRule buildStaticNatRule(FirewallRule rule, boolean forRevoke) { - IpAddress ip = _ipAddressDao.findById(rule.getSourceIpAddressId()); - FirewallRuleVO ruleVO = _firewallDao.findById(rule.getId()); - - if (ip == null || !ip.isOneToOneNat() || ip.getAssociatedWithVmId() == null) { - InvalidParameterValueException ex = new InvalidParameterValueException("Source ip address of the specified firewall rule id is not static nat enabled"); - ex.addProxyObject(ruleVO.getUuid(), "ruleId"); - throw ex; - } - - String dstIp = ip.getVmIp(); - if (dstIp == null) { - InvalidParameterValueException ex = new InvalidParameterValueException("VM ip address of the specified public ip is not set "); - ex.addProxyObject(ruleVO.getUuid(), "ruleId"); - throw ex; - } - - return new StaticNatRuleImpl(ruleVO, dstIp); - } - - protected boolean applyStaticNatForIp(long sourceIpId, boolean continueOnError, Account caller, boolean forRevoke) { - IpAddress sourceIp = _ipAddressDao.findById(sourceIpId); - - List staticNats = createStaticNatForIp(sourceIp, caller, forRevoke); - - if (staticNats != null && !staticNats.isEmpty()) { - try { - if (!_ipAddrMgr.applyStaticNats(staticNats, continueOnError, forRevoke)) { - return false; - } - } catch (ResourceUnavailableException ex) { - s_logger.warn("Failed to create static nat rule due to ", ex); - return false; - } - } - - return true; - } - - protected List createStaticNatForIp(IpAddress sourceIp, Account caller, boolean forRevoke) { - List staticNats = new ArrayList(); - if (!sourceIp.isOneToOneNat()) { - s_logger.debug("Source ip id=" + sourceIp + " is not one to one nat"); - return staticNats; - } - - Long networkId = sourceIp.getAssociatedWithNetworkId(); - if (networkId == null) { - throw new CloudRuntimeException("Ip address is not associated with any network"); - } - - VMInstanceVO vm = _vmInstanceDao.findById(sourceIp.getAssociatedWithVmId()); - Network network = _networkModel.getNetwork(networkId); - if (network == null) { - CloudRuntimeException ex = new CloudRuntimeException("Unable to find an ip address to map to specified vm id"); - ex.addProxyObject(vm.getUuid(), "vmId"); - throw ex; - } - - if (caller != null) { - _accountMgr.checkAccess(caller, null, true, sourceIp); - } - - // create new static nat rule - // Get nic IP4 address - Nic guestNic = _networkModel.getNicInNetworkIncludingRemoved(vm.getId(), networkId); - if (guestNic == null) { - throw new InvalidParameterValueException("Vm doesn't belong to the network with specified id"); - } - - String dstIp; - - dstIp = sourceIp.getVmIp(); - if (dstIp == null) { - throw new InvalidParameterValueException("Vm ip is not set as dnat ip for this public ip"); - } - - StaticNatImpl staticNat = new StaticNatImpl(sourceIp.getAllocatedToAccountId(), sourceIp.getAllocatedInDomainId(), networkId, sourceIp.getId(), dstIp, forRevoke); - staticNats.add(staticNat); - return staticNats; - } - - protected void removePFRule(PortForwardingRuleVO rule) { - _portForwardingDao.remove(rule.getId()); - } - -} diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index 0e7d37a0c83..6e326b0f652 100755 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -142,7 +142,7 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules @Inject LoadBalancerVMMapDao _loadBalancerVMMapDao; @Inject - VpcService _vpcService; + VpcService _vpcSvc; protected void checkIpAndUserVm(IpAddress ipAddress, UserVm userVm, Account caller, Boolean ignoreVmState) { @@ -509,7 +509,7 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules // associate portable IP to vpc, if network is part of VPC if (network.getVpcId() != null) { - _vpcService.associateIPToVpc(ipId, network.getVpcId()); + _vpcSvc.associateIPToVpc(ipId, network.getVpcId()); } // associate portable IP with guest network @@ -844,12 +844,6 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules return new Pair, Integer>(result.first(), result.second()); } - @Override - public List getSourceCidrs(long ruleId) { - return _firewallCidrsDao.getSourceCidrs(ruleId); - } - - protected boolean applyPortForwardingRules(long ipId, boolean continueOnError, Account caller) { List rules = _portForwardingDao.listForApplication(ipId); diff --git a/server/src/com/cloud/storage/StorageManagerImpl.java b/server/src/com/cloud/storage/StorageManagerImpl.java index e89d0fd0d9d..cf06b4ed3bd 100755 --- a/server/src/com/cloud/storage/StorageManagerImpl.java +++ b/server/src/com/cloud/storage/StorageManagerImpl.java @@ -73,7 +73,7 @@ import org.apache.cloudstack.engine.subsystem.api.storage.VolumeService; import org.apache.cloudstack.engine.subsystem.api.storage.VolumeService.VolumeApiResult; import org.apache.cloudstack.engine.subsystem.api.storage.ZoneScope; import org.apache.cloudstack.framework.async.AsyncCallFuture; -import org.apache.cloudstack.framework.config.ConfigKey; +import org.apache.cloudstack.framework.config.ConfigValue; import org.apache.cloudstack.framework.config.dao.ConfigurationDao; import org.apache.cloudstack.storage.datastore.db.ImageStoreDao; import org.apache.cloudstack.storage.datastore.db.ImageStoreDetailsDao; @@ -147,13 +147,13 @@ import com.cloud.storage.listener.VolumeStateListener; import com.cloud.template.TemplateManager; import com.cloud.user.Account; import com.cloud.user.AccountManager; -import com.cloud.user.User; import com.cloud.user.dao.UserDao; import com.cloud.utils.NumbersUtil; import com.cloud.utils.Pair; import com.cloud.utils.StringUtils; import com.cloud.utils.UriUtils; import com.cloud.utils.component.ComponentContext; +import com.cloud.utils.component.InjectConfig; import com.cloud.utils.component.ManagerBase; import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.db.DB; @@ -280,19 +280,12 @@ public class StorageManagerImpl extends ManagerBase implements StorageManager, C boolean _storageCleanupEnabled; boolean _templateCleanupEnabled = true; int _storageCleanupInterval; - private int _createVolumeFromSnapshotWait; - private int _copyvolumewait; int _storagePoolAcquisitionWaitSeconds = 1800; // 30 minutes // protected BigDecimal _overProvisioningFactor = new BigDecimal(1); - private long _maxVolumeSizeInGb; private long _serverId; - private int _customDiskOfferingMinSize = 1; - private int _customDiskOfferingMaxSize = 1024; private final Map hostListeners = new HashMap(); - private boolean _recreateSystemVmEnabled; - public boolean share(VMInstanceVO vm, List vols, HostVO host, boolean cancelPreviousShare) throws StorageUnavailableException { // if pool is in maintenance and it is the ONLY pool available; reject @@ -450,16 +443,7 @@ public class StorageManagerImpl extends ManagerBase implements StorageManager, C String storageCleanupEnabled = configs.get("storage.cleanup.enabled"); _storageCleanupEnabled = (storageCleanupEnabled == null) ? true : Boolean.parseBoolean(storageCleanupEnabled); - String value = _configDao.getValue(Config.CreateVolumeFromSnapshotWait.toString()); - _createVolumeFromSnapshotWait = NumbersUtil.parseInt(value, Integer.parseInt(Config.CreateVolumeFromSnapshotWait.getDefaultValue())); - - value = _configDao.getValue(Config.CopyVolumeWait.toString()); - _copyvolumewait = NumbersUtil.parseInt(value, Integer.parseInt(Config.CopyVolumeWait.getDefaultValue())); - - value = _configDao.getValue(Config.RecreateSystemVmEnabled.key()); - _recreateSystemVmEnabled = Boolean.parseBoolean(value); - - value = _configDao.getValue(Config.StorageTemplateCleanupEnabled.key()); + String value = _configDao.getValue(Config.StorageTemplateCleanupEnabled.key()); _templateCleanupEnabled = (value == null ? true : Boolean.parseBoolean(value)); String time = configs.get("storage.cleanup.interval"); @@ -474,17 +458,6 @@ public class StorageManagerImpl extends ManagerBase implements StorageManager, C _agentMgr.registerForHostEvents(ComponentContext.inject(LocalStoragePoolListener.class), true, false, false); - String maxVolumeSizeInGbString = _configDao.getValue("storage.max.volume.size"); - _maxVolumeSizeInGb = NumbersUtil.parseLong(maxVolumeSizeInGbString, 2000); - - String _customDiskOfferingMinSizeStr = _configDao.getValue(Config.CustomDiskOfferingMinSize.toString()); - _customDiskOfferingMinSize = NumbersUtil.parseInt(_customDiskOfferingMinSizeStr, - Integer.parseInt(Config.CustomDiskOfferingMinSize.getDefaultValue())); - - String _customDiskOfferingMaxSizeStr = _configDao.getValue(Config.CustomDiskOfferingMaxSize.toString()); - _customDiskOfferingMaxSize = NumbersUtil.parseInt(_customDiskOfferingMaxSizeStr, - Integer.parseInt(Config.CustomDiskOfferingMaxSize.getDefaultValue())); - _serverId = _msServer.getId(); UpHostsInPoolSearch = _storagePoolHostDao.createSearchBuilder(Long.class); @@ -598,7 +571,6 @@ public class StorageManagerImpl extends ManagerBase implements StorageManager, C } @Override - @SuppressWarnings("rawtypes") public PrimaryDataStoreInfo createPool(CreateStoragePoolCmd cmd) throws ResourceInUseException, IllegalArgumentException, UnknownHostException, ResourceUnavailableException { String providerName = cmd.getStorageProviderName(); @@ -886,10 +858,12 @@ public class StorageManagerImpl extends ManagerBase implements StorageManager, C listener.hostConnect(hostId, pool.getId()); } + @InjectConfig(key = CapacityManager.StorageOverprovisioningFactorCK) + ConfigValue _storageOverprovisioningFactor; + @Override public BigDecimal getStorageOverProvisioningFactor(Long dcId) { - return new BigDecimal(_configServer.getConfigValue(Config.StorageOverprovisioningFactor.key(), - ConfigKey.Scope.Zone.toString(), dcId)); + return new BigDecimal(_storageOverprovisioningFactor.valueIn(dcId)); } @Override @@ -1221,11 +1195,6 @@ public class StorageManagerImpl extends ManagerBase implements StorageManager, C @DB public PrimaryDataStoreInfo preparePrimaryStorageForMaintenance(Long primaryStorageId) throws ResourceUnavailableException, InsufficientCapacityException { - Long userId = CallContext.current().getCallingUserId(); - User user = _userDao.findById(userId); - Account account = CallContext.current().getCallingAccount(); - - boolean restart = true; StoragePoolVO primaryStorage = null; primaryStorage = _storagePoolDao.findById(primaryStorageId); @@ -1252,9 +1221,6 @@ public class StorageManagerImpl extends ManagerBase implements StorageManager, C @DB public PrimaryDataStoreInfo cancelPrimaryStorageForMaintenance(CancelPrimaryStorageMaintenanceCmd cmd) throws ResourceUnavailableException { Long primaryStorageId = cmd.getId(); - Long userId = CallContext.current().getCallingUserId(); - User user = _userDao.findById(userId); - Account account = CallContext.current().getCallingAccount(); StoragePoolVO primaryStorage = null; primaryStorage = _storagePoolDao.findById(primaryStorageId); @@ -1496,10 +1462,12 @@ public class StorageManagerImpl extends ManagerBase implements StorageManager, C } } + @InjectConfig(key = CapacityManager.StorageCapacityDisableThresholdCK) + ConfigValue _storageCapacityDisableThreshold; + private boolean checkUsagedSpace(StoragePool pool) { StatsCollector sc = StatsCollector.getInstance(); - double storageUsedThreshold = Double.parseDouble(_configServer.getConfigValue(Config.StorageCapacityDisableThreshold.key(), - ConfigKey.Scope.Zone.toString(), pool.getDataCenterId())); + double storageUsedThreshold = _storageCapacityDisableThreshold.valueIn(pool.getDataCenterId()); if (sc != null) { long totalSize = pool.getCapacityBytes(); StorageStats stats = sc.getStoragePoolStats(pool.getId()); @@ -1569,6 +1537,9 @@ public class StorageManagerImpl extends ManagerBase implements StorageManager, C return futureIops <= pool.getCapacityIops(); } + @InjectConfig(key = CapacityManager.StorageAllocatedCapacityDisableThresholdCK) + ConfigValue _storageAllocatedCapacityDisableThreshold; + @Override public boolean storagePoolHasEnoughSpace(List volumes, StoragePool pool) { @@ -1604,8 +1575,7 @@ public class StorageManagerImpl extends ManagerBase implements StorageManager, C totalOverProvCapacity = pool.getCapacityBytes(); } - double storageAllocatedThreshold = Double.parseDouble(_configServer.getConfigValue(Config.StorageAllocatedCapacityDisableThreshold.key(), - ConfigKey.Scope.Zone.toString(), pool.getDataCenterId())); + double storageAllocatedThreshold = _storageAllocatedCapacityDisableThreshold.valueIn(pool.getDataCenterId()); if (s_logger.isDebugEnabled()) { s_logger.debug("Checking pool: " + pool.getId() + " for volume allocation " + volumes.toString() + ", maxSize : " + totalOverProvCapacity + ", totalAllocatedSize : " + allocatedSizeWithtemplate + ", askingSize : " + totalAskingSize + ", allocated disable threshold: " @@ -1782,7 +1752,6 @@ public class StorageManagerImpl extends ManagerBase implements StorageManager, C @Override public boolean deleteImageStore(DeleteImageStoreCmd cmd) { long storeId = cmd.getId(); - User caller = _accountMgr.getActiveUser(CallContext.current().getCallingUserId()); // Verify that image store exists ImageStoreVO store = _imageStoreDao.findById(storeId); if (store == null) { @@ -1893,7 +1862,6 @@ public class StorageManagerImpl extends ManagerBase implements StorageManager, C @Override public boolean deleteSecondaryStagingStore(DeleteSecondaryStagingStoreCmd cmd) { long storeId = cmd.getId(); - User caller = _accountMgr.getActiveUser(CallContext.current().getCallingUserId()); // Verify that cache store exists ImageStoreVO store = _imageStoreDao.findById(storeId); if (store == null) {