mirror of https://github.com/apache/cloudstack.git
Don't send security group commands to the backend when 1) securtiy group service is disabled in the network offering and 2) security group service provider is supported on the physical network
This commit is contained in:
alena
parent
a43364f0a4
commit
80dc2c0b1a
|
|
@ -371,10 +371,13 @@ public class DeployVMCmd extends BaseAsyncCreateCmd {
|
|||
displayName, diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), ipAddress, keyboard);
|
||||
}
|
||||
} else {
|
||||
if (getSecurityGroupIdList() != null && !getSecurityGroupIdList().isEmpty()) {
|
||||
if (zone.isSecurityGroupEnabled()) {
|
||||
vm = _userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, template, getNetworkIds(), getSecurityGroupIdList(),
|
||||
owner, name, displayName, diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), ipAddress, keyboard);
|
||||
} else {
|
||||
if (getSecurityGroupIdList() != null && !getSecurityGroupIdList().isEmpty()) {
|
||||
throw new InvalidParameterValueException("Can't create vm with security groups; security group feature is not enabled per zone");
|
||||
}
|
||||
vm = _userVmService.createAdvancedVirtualMachine(zone, serviceOffering, template, getNetworkIds(), owner, name, displayName,
|
||||
diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), ipAddress, keyboard);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -121,7 +121,6 @@ import com.cloud.vm.NicProfile;
|
|||
import com.cloud.vm.ReservationContext;
|
||||
import com.cloud.vm.SystemVmLoadScanHandler;
|
||||
import com.cloud.vm.SystemVmLoadScanner;
|
||||
import com.cloud.vm.UserVmVO;
|
||||
import com.cloud.vm.SystemVmLoadScanner.AfterScanAction;
|
||||
import com.cloud.vm.VMInstanceVO;
|
||||
import com.cloud.vm.VirtualMachine;
|
||||
|
|
|
|||
|
|
@ -446,9 +446,9 @@ public class ExternalNetworkDeviceManagerImpl implements ExternalNetworkDeviceMa
|
|||
}
|
||||
}
|
||||
|
||||
PhysicalNetworkServiceProviderVO ntwkSvcProider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), ntwkDevice.getNetworkServiceProvder());
|
||||
if (ntwkSvcProider.getState() != PhysicalNetworkServiceProvider.State.Enabled) { //TODO: check for other states: Shutdown?
|
||||
throw new CloudRuntimeException("Network Service Provider: " + ntwkSvcProider.getProviderName() +
|
||||
PhysicalNetworkServiceProviderVO ntwkSvcProvider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), ntwkDevice.getNetworkServiceProvder());
|
||||
if (!_networkMgr.isProviderEnabled(ntwkSvcProvider)) { //TODO: check for other states: Shutdown?
|
||||
throw new CloudRuntimeException("Network Service Provider: " + ntwkSvcProvider.getProviderName() +
|
||||
" is not in enabled state in the physical network: " + physicalNetworkId + "to add this device" );
|
||||
}
|
||||
|
||||
|
|
@ -514,7 +514,7 @@ public class ExternalNetworkDeviceManagerImpl implements ExternalNetworkDeviceMa
|
|||
if (host != null) {
|
||||
Transaction txn = Transaction.currentTxn();
|
||||
txn.start();
|
||||
PhysicalNetworkExternalDeviceVO device = new PhysicalNetworkExternalDeviceVO(ntwkSvcProider.getId(), host.getId());
|
||||
PhysicalNetworkExternalDeviceVO device = new PhysicalNetworkExternalDeviceVO(ntwkSvcProvider.getId(), host.getId());
|
||||
_physicalNetworkExternalDeviceDao.persist(device);
|
||||
txn.commit();
|
||||
return host;
|
||||
|
|
@ -583,11 +583,11 @@ public class ExternalNetworkDeviceManagerImpl implements ExternalNetworkDeviceMa
|
|||
if (physicalNetworkId == null) {
|
||||
return lbHostsInZone;
|
||||
}
|
||||
PhysicalNetworkServiceProviderVO ntwkSvcProider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), ntwkDevice.getNetworkServiceProvder());
|
||||
if (ntwkSvcProider == null) {
|
||||
PhysicalNetworkServiceProviderVO ntwkSvcProvider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), ntwkDevice.getNetworkServiceProvder());
|
||||
if (ntwkSvcProvider == null) {
|
||||
return null;
|
||||
}
|
||||
List<PhysicalNetworkExternalDeviceVO> providerInstances = _physicalNetworkExternalDeviceDao.listByNetworkServiceProviderId(ntwkSvcProider.getId());
|
||||
List<PhysicalNetworkExternalDeviceVO> providerInstances = _physicalNetworkExternalDeviceDao.listByNetworkServiceProviderId(ntwkSvcProvider.getId());
|
||||
for (PhysicalNetworkExternalDeviceVO provderInstance : providerInstances) {
|
||||
lbHosts.add(_hostDao.findById(provderInstance.getHostId()));
|
||||
}
|
||||
|
|
@ -835,9 +835,9 @@ public class ExternalNetworkDeviceManagerImpl implements ExternalNetworkDeviceMa
|
|||
}
|
||||
}
|
||||
|
||||
PhysicalNetworkServiceProviderVO ntwkSvcProider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), ntwkDevice.getNetworkServiceProvder());
|
||||
if (ntwkSvcProider.getState() != PhysicalNetworkServiceProvider.State.Enabled) { //TODO: check for other states: Shutdown?
|
||||
throw new CloudRuntimeException("Network Service Provider: " + ntwkSvcProider.getProviderName() +
|
||||
PhysicalNetworkServiceProviderVO ntwkSvcProvider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), ntwkDevice.getNetworkServiceProvder());
|
||||
if (!_networkMgr.isProviderEnabled(ntwkSvcProvider)) {
|
||||
throw new CloudRuntimeException("Network Service Provider: " + ntwkSvcProvider.getProviderName() +
|
||||
" is not in enabled state in the physical network: " + physicalNetworkId + "to add this device" );
|
||||
}
|
||||
|
||||
|
|
@ -935,7 +935,7 @@ public class ExternalNetworkDeviceManagerImpl implements ExternalNetworkDeviceMa
|
|||
Transaction txn = Transaction.currentTxn();
|
||||
txn.start();
|
||||
_dcDao.update(zone.getId(), zone);
|
||||
PhysicalNetworkExternalDeviceVO device = new PhysicalNetworkExternalDeviceVO(ntwkSvcProider.getId(), externalFirewall.getId());
|
||||
PhysicalNetworkExternalDeviceVO device = new PhysicalNetworkExternalDeviceVO(ntwkSvcProvider.getId(), externalFirewall.getId());
|
||||
_physicalNetworkExternalDeviceDao.persist(device);
|
||||
txn.commit();
|
||||
return externalFirewall;
|
||||
|
|
@ -1003,11 +1003,11 @@ public class ExternalNetworkDeviceManagerImpl implements ExternalNetworkDeviceMa
|
|||
if (physicalNetworkId == null) {
|
||||
return firewallhostsInZone;
|
||||
}
|
||||
PhysicalNetworkServiceProviderVO ntwkSvcProider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), ntwkDevice.getNetworkServiceProvder());
|
||||
if (ntwkSvcProider == null) {
|
||||
PhysicalNetworkServiceProviderVO ntwkSvcProvider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), ntwkDevice.getNetworkServiceProvder());
|
||||
if (ntwkSvcProvider == null) {
|
||||
return null;
|
||||
}
|
||||
List<PhysicalNetworkExternalDeviceVO> providerInstances = _physicalNetworkExternalDeviceDao.listByNetworkServiceProviderId(ntwkSvcProider.getId());
|
||||
List<PhysicalNetworkExternalDeviceVO> providerInstances = _physicalNetworkExternalDeviceDao.listByNetworkServiceProviderId(ntwkSvcProvider.getId());
|
||||
for (PhysicalNetworkExternalDeviceVO provderInstance : providerInstances) {
|
||||
firewallHosts.add(_hostDao.findById(provderInstance.getHostId()));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ import com.cloud.network.Network.Provider;
|
|||
import com.cloud.network.Network.Service;
|
||||
import com.cloud.network.Networks.TrafficType;
|
||||
import com.cloud.network.addr.PublicIp;
|
||||
import com.cloud.network.dao.PhysicalNetworkServiceProviderVO;
|
||||
import com.cloud.network.element.UserDataServiceProvider;
|
||||
import com.cloud.network.element.RemoteAccessVPNServiceProvider;
|
||||
import com.cloud.network.guru.NetworkGuru;
|
||||
|
|
@ -225,6 +226,12 @@ public interface NetworkManager extends NetworkService {
|
|||
|
||||
PhysicalNetwork translateZoneIdToPhysicalNetwork(long zoneId);
|
||||
|
||||
boolean isSecurityGroupSupportedInNetwork(Network network);
|
||||
boolean isSecurityGroupSupportedInNetwork(Network network);
|
||||
|
||||
boolean isProviderEnabled(PhysicalNetworkServiceProvider provider);
|
||||
|
||||
boolean isProviderAvailable(long physicalNetowrkId, String providerName);
|
||||
|
||||
boolean isServiceEnabled(Long physicalNetworkId, long networkOfferingId, Service service);
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -854,13 +854,16 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
|||
//there is only 1 diff between offering #1 and #3 - securityGroup is enabled for the first, and disabled for the third
|
||||
//TODO - networkOffering 1 should probably become non-system
|
||||
//check that offering already exists
|
||||
NetworkOfferingVO offering = null;
|
||||
if (_networkOfferingDao.findByUniqueName(NetworkOffering.SystemGuestNetwork) == null) {
|
||||
offering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM, NetworkOffering.SystemGuestNetwork, "System Offering for System-Guest-Network", TrafficType.Guest, null, null, false, Availability.Optional, null, defaultDirectNetworkOfferingProviders, true, Network.GuestType.Shared, true);
|
||||
offering.setState(NetworkOffering.State.Enabled);
|
||||
_networkOfferingDao.update(offering.getId(), offering);
|
||||
}
|
||||
|
||||
NetworkOfferingVO defaultGuestOffering = _networkOfferingDao.findByUniqueName(NetworkOffering.SystemGuestNetwork);
|
||||
if (defaultGuestOffering == null) {
|
||||
defaultGuestOffering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM, NetworkOffering.SystemGuestNetwork, "System Offering for System-Guest-Network", TrafficType.Guest, null, null, false, Availability.Optional, null, defaultDirectNetworkOfferingProviders, true, Network.GuestType.Shared, true);
|
||||
defaultGuestOffering.setState(NetworkOffering.State.Enabled);
|
||||
_networkOfferingDao.update(defaultGuestOffering.getId(), defaultGuestOffering);
|
||||
}
|
||||
_systemNetworks.put(NetworkOfferingVO.SystemGuestNetwork, defaultGuestOffering);
|
||||
|
||||
NetworkOfferingVO offering = null;
|
||||
if (_networkOfferingDao.findByUniqueName(NetworkOffering.DefaultVirtualizedNetworkOffering) == null) {
|
||||
offering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM,NetworkOffering.DefaultVirtualizedNetworkOffering, "Virtual Vlan", TrafficType.Guest, null, null, false, Availability.Required, null, defaultVirtualNetworkOfferingProviders, true, Network.GuestType.Isolated, false);
|
||||
offering.setState(NetworkOffering.State.Enabled);
|
||||
|
|
@ -1440,7 +1443,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
|||
element.prepare(network, profile, vmProfile, dest, context);
|
||||
}
|
||||
|
||||
profile.setSecurityGroupEnabled(isServiceSupportedByNetworkOffering(network.getNetworkOfferingId(), Service.SecurityGroup));
|
||||
profile.setSecurityGroupEnabled(isServiceEnabled(network.getPhysicalNetworkId(), network.getNetworkOfferingId(), Service.SecurityGroup));
|
||||
guru.updateNicProfile(profile, network);
|
||||
vmProfile.addNic(profile);
|
||||
}
|
||||
|
|
@ -1674,6 +1677,10 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
|||
isDomainSpecific = true;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
//FIXME - need to check if all providers are supported by the physical network
|
||||
//FIXME - need to check that the traffic type is supported
|
||||
|
||||
Account owner = null;
|
||||
if (cmd.getAccountName() != null && cmd.getDomainId() != null) {
|
||||
|
|
@ -4360,6 +4367,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
|||
return _pNTrafficTypeDao.listBy(physicalNetworkId);
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public PhysicalNetwork getDefaultPhysicalNetworkByZoneAndTrafficType(long zoneId, TrafficType trafficType) {
|
||||
PhysicalNetworkVO network = null;
|
||||
|
|
@ -4376,4 +4384,42 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
|||
|
||||
return networkList.get(0);
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public boolean isProviderEnabled(PhysicalNetworkServiceProvider provider) {
|
||||
if (provider == null || provider.getState() != PhysicalNetworkServiceProvider.State.Enabled) { //TODO: check for other states: Shutdown?
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isProviderAvailable(long physicalNetowrkId, String providerName) {
|
||||
PhysicalNetworkServiceProviderVO ntwkSvcProvider = _pNSPDao.findByServiceProvider(physicalNetowrkId, providerName);
|
||||
return isProviderEnabled(ntwkSvcProvider);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isServiceEnabled(Long physicalNetworkId, long networkOfferingId, Service service) {
|
||||
//check if the service is supported by the network offering
|
||||
if (!isServiceSupportedByNetworkOffering(networkOfferingId, service)) {
|
||||
s_logger.debug("Service " + service.getName() + " is not supported by the network offering id=" + networkOfferingId);
|
||||
return false;
|
||||
}
|
||||
|
||||
//get providers for the service and check if all of them are supported
|
||||
if (physicalNetworkId != null) {
|
||||
List<String> providers = _ntwkOfferingSrvcDao.getProvidersForService(networkOfferingId, service);
|
||||
for (String provider : providers) {
|
||||
if (!isProviderAvailable(physicalNetworkId, provider)) {
|
||||
s_logger.debug("Provider " + provider + " is not enabled in physical network id=" + physicalNetworkId);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -911,7 +911,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
|
|||
@Override
|
||||
@DB
|
||||
public boolean addInstanceToGroups(final Long userVmId, final List<Long> groups) {
|
||||
if (!isVmSecurityGroupEnabled(userVmId)) {
|
||||
if (!isVmNetworkOffSupportsSecurityGroup(userVmId)) {
|
||||
s_logger.trace("User vm " + userVmId + " is not security group enabled, not adding it to security group");
|
||||
return false;
|
||||
}
|
||||
|
|
@ -1281,7 +1281,20 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
|
|||
List<NicProfile> nics = _networkMgr.getNicProfiles(vm);
|
||||
for (NicProfile nic : nics) {
|
||||
Network network = _networkMgr.getNetwork(nic.getNetworkId());
|
||||
if (_networkMgr.isSecurityGroupSupportedInNetwork(network) && vm.getHypervisorType() != HypervisorType.VMware) {
|
||||
if (_networkMgr.isServiceEnabled(network.getPhysicalNetworkId(), network.getNetworkOfferingId(), Service.SecurityGroup) && vm.getHypervisorType() != HypervisorType.VMware) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
protected boolean isVmNetworkOffSupportsSecurityGroup(Long vmId) {
|
||||
VirtualMachine vm = _vmDao.findByIdIncludingRemoved(vmId);
|
||||
List<NicProfile> nics = _networkMgr.getNicProfiles(vm);
|
||||
for (NicProfile nic : nics) {
|
||||
Network network = _networkMgr.getNetwork(nic.getNetworkId());
|
||||
if (_networkMgr.isServiceSupportedByNetworkOffering(network.getNetworkOfferingId(), Service.SecurityGroup) && vm.getHypervisorType() != HypervisorType.VMware) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -68,7 +68,6 @@ public class SecurityGroupManagerImpl2 extends SecurityGroupManagerImpl{
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -113,10 +112,7 @@ public class SecurityGroupManagerImpl2 extends SecurityGroupManagerImpl{
|
|||
s_logger.debug("Security Group Mgr v2: done scheduling ruleset updates for " + workItems.size() + " vms: num new jobs=" +
|
||||
newJobs + " num rows insert or updated=" + updated + " time taken=" + p.getDuration());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean start() {
|
||||
|
|
|
|||
|
|
@ -29,7 +29,6 @@ import javax.persistence.Id;
|
|||
import javax.persistence.Table;
|
||||
|
||||
import com.cloud.network.Network;
|
||||
import com.cloud.network.Network.GuestType;
|
||||
import com.cloud.network.Networks.TrafficType;
|
||||
import com.cloud.offering.NetworkOffering;
|
||||
import com.cloud.utils.db.GenericDao;
|
||||
|
|
|
|||
|
|
@ -2008,7 +2008,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
|
|||
|
||||
if (securityGroupIdList != null && isVmWare) {
|
||||
throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor");
|
||||
} else if (!isVmWare) {
|
||||
} else if (!isVmWare && _networkMgr.isServiceSupportedByNetworkOffering(defaultNetwork.getNetworkOfferingId(), Service.SecurityGroup)) {
|
||||
if (securityGroupIdList == null) {
|
||||
securityGroupIdList = new ArrayList<Long>();
|
||||
}
|
||||
|
|
@ -2063,6 +2063,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
|
|||
}
|
||||
|
||||
networkList.add(networkWithSecurityGroup);
|
||||
isSecurityGroupEnabledNetworkUsed = true;
|
||||
|
||||
} else if (securityGroupIdList != null && !securityGroupIdList.isEmpty()) {
|
||||
if (isVmWare) {
|
||||
|
|
@ -2496,7 +2497,6 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
|
|||
throw new CloudRuntimeException("Unable to assign Vm to the group " + group);
|
||||
}
|
||||
|
||||
|
||||
_securityGroupMgr.addInstanceToGroups(vm.getId(), securityGroupIdList);
|
||||
|
||||
return vm;
|
||||
|
|
|
|||
Loading…
Reference in New Issue