diff --git a/api/src/com/cloud/api/commands/DeployVMCmd.java b/api/src/com/cloud/api/commands/DeployVMCmd.java index 8e3188c5298..9afb3f1a01d 100644 --- a/api/src/com/cloud/api/commands/DeployVMCmd.java +++ b/api/src/com/cloud/api/commands/DeployVMCmd.java @@ -371,10 +371,13 @@ public class DeployVMCmd extends BaseAsyncCreateCmd { displayName, diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), ipAddress, keyboard); } } else { - if (getSecurityGroupIdList() != null && !getSecurityGroupIdList().isEmpty()) { + if (zone.isSecurityGroupEnabled()) { vm = _userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, template, getNetworkIds(), getSecurityGroupIdList(), owner, name, displayName, diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), ipAddress, keyboard); } else { + if (getSecurityGroupIdList() != null && !getSecurityGroupIdList().isEmpty()) { + throw new InvalidParameterValueException("Can't create vm with security groups; security group feature is not enabled per zone"); + } vm = _userVmService.createAdvancedVirtualMachine(zone, serviceOffering, template, getNetworkIds(), owner, name, displayName, diskOfferingId, size, group, getHypervisor(), userData, sshKeyPairName, getIpToNetworkMap(), ipAddress, keyboard); } diff --git a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java index b155abf42b3..50e81e0fde2 100644 --- a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java +++ b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java @@ -121,7 +121,6 @@ import com.cloud.vm.NicProfile; import com.cloud.vm.ReservationContext; import com.cloud.vm.SystemVmLoadScanHandler; import com.cloud.vm.SystemVmLoadScanner; -import com.cloud.vm.UserVmVO; import com.cloud.vm.SystemVmLoadScanner.AfterScanAction; import com.cloud.vm.VMInstanceVO; import com.cloud.vm.VirtualMachine; diff --git a/server/src/com/cloud/network/ExternalNetworkDeviceManagerImpl.java b/server/src/com/cloud/network/ExternalNetworkDeviceManagerImpl.java index b93d6abfbc2..b7fa3c38265 100644 --- a/server/src/com/cloud/network/ExternalNetworkDeviceManagerImpl.java +++ b/server/src/com/cloud/network/ExternalNetworkDeviceManagerImpl.java @@ -446,9 +446,9 @@ public class ExternalNetworkDeviceManagerImpl implements ExternalNetworkDeviceMa } } - PhysicalNetworkServiceProviderVO ntwkSvcProider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), ntwkDevice.getNetworkServiceProvder()); - if (ntwkSvcProider.getState() != PhysicalNetworkServiceProvider.State.Enabled) { //TODO: check for other states: Shutdown? - throw new CloudRuntimeException("Network Service Provider: " + ntwkSvcProider.getProviderName() + + PhysicalNetworkServiceProviderVO ntwkSvcProvider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), ntwkDevice.getNetworkServiceProvder()); + if (!_networkMgr.isProviderEnabled(ntwkSvcProvider)) { //TODO: check for other states: Shutdown? + throw new CloudRuntimeException("Network Service Provider: " + ntwkSvcProvider.getProviderName() + " is not in enabled state in the physical network: " + physicalNetworkId + "to add this device" ); } @@ -514,7 +514,7 @@ public class ExternalNetworkDeviceManagerImpl implements ExternalNetworkDeviceMa if (host != null) { Transaction txn = Transaction.currentTxn(); txn.start(); - PhysicalNetworkExternalDeviceVO device = new PhysicalNetworkExternalDeviceVO(ntwkSvcProider.getId(), host.getId()); + PhysicalNetworkExternalDeviceVO device = new PhysicalNetworkExternalDeviceVO(ntwkSvcProvider.getId(), host.getId()); _physicalNetworkExternalDeviceDao.persist(device); txn.commit(); return host; @@ -583,11 +583,11 @@ public class ExternalNetworkDeviceManagerImpl implements ExternalNetworkDeviceMa if (physicalNetworkId == null) { return lbHostsInZone; } - PhysicalNetworkServiceProviderVO ntwkSvcProider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), ntwkDevice.getNetworkServiceProvder()); - if (ntwkSvcProider == null) { + PhysicalNetworkServiceProviderVO ntwkSvcProvider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), ntwkDevice.getNetworkServiceProvder()); + if (ntwkSvcProvider == null) { return null; } - List providerInstances = _physicalNetworkExternalDeviceDao.listByNetworkServiceProviderId(ntwkSvcProider.getId()); + List providerInstances = _physicalNetworkExternalDeviceDao.listByNetworkServiceProviderId(ntwkSvcProvider.getId()); for (PhysicalNetworkExternalDeviceVO provderInstance : providerInstances) { lbHosts.add(_hostDao.findById(provderInstance.getHostId())); } @@ -835,9 +835,9 @@ public class ExternalNetworkDeviceManagerImpl implements ExternalNetworkDeviceMa } } - PhysicalNetworkServiceProviderVO ntwkSvcProider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), ntwkDevice.getNetworkServiceProvder()); - if (ntwkSvcProider.getState() != PhysicalNetworkServiceProvider.State.Enabled) { //TODO: check for other states: Shutdown? - throw new CloudRuntimeException("Network Service Provider: " + ntwkSvcProider.getProviderName() + + PhysicalNetworkServiceProviderVO ntwkSvcProvider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), ntwkDevice.getNetworkServiceProvder()); + if (!_networkMgr.isProviderEnabled(ntwkSvcProvider)) { + throw new CloudRuntimeException("Network Service Provider: " + ntwkSvcProvider.getProviderName() + " is not in enabled state in the physical network: " + physicalNetworkId + "to add this device" ); } @@ -935,7 +935,7 @@ public class ExternalNetworkDeviceManagerImpl implements ExternalNetworkDeviceMa Transaction txn = Transaction.currentTxn(); txn.start(); _dcDao.update(zone.getId(), zone); - PhysicalNetworkExternalDeviceVO device = new PhysicalNetworkExternalDeviceVO(ntwkSvcProider.getId(), externalFirewall.getId()); + PhysicalNetworkExternalDeviceVO device = new PhysicalNetworkExternalDeviceVO(ntwkSvcProvider.getId(), externalFirewall.getId()); _physicalNetworkExternalDeviceDao.persist(device); txn.commit(); return externalFirewall; @@ -1003,11 +1003,11 @@ public class ExternalNetworkDeviceManagerImpl implements ExternalNetworkDeviceMa if (physicalNetworkId == null) { return firewallhostsInZone; } - PhysicalNetworkServiceProviderVO ntwkSvcProider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), ntwkDevice.getNetworkServiceProvder()); - if (ntwkSvcProider == null) { + PhysicalNetworkServiceProviderVO ntwkSvcProvider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), ntwkDevice.getNetworkServiceProvder()); + if (ntwkSvcProvider == null) { return null; } - List providerInstances = _physicalNetworkExternalDeviceDao.listByNetworkServiceProviderId(ntwkSvcProider.getId()); + List providerInstances = _physicalNetworkExternalDeviceDao.listByNetworkServiceProviderId(ntwkSvcProvider.getId()); for (PhysicalNetworkExternalDeviceVO provderInstance : providerInstances) { firewallHosts.add(_hostDao.findById(provderInstance.getHostId())); } diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java index a49091550ac..d6dbb424efc 100644 --- a/server/src/com/cloud/network/NetworkManager.java +++ b/server/src/com/cloud/network/NetworkManager.java @@ -33,6 +33,7 @@ import com.cloud.network.Network.Provider; import com.cloud.network.Network.Service; import com.cloud.network.Networks.TrafficType; import com.cloud.network.addr.PublicIp; +import com.cloud.network.dao.PhysicalNetworkServiceProviderVO; import com.cloud.network.element.UserDataServiceProvider; import com.cloud.network.element.RemoteAccessVPNServiceProvider; import com.cloud.network.guru.NetworkGuru; @@ -225,6 +226,12 @@ public interface NetworkManager extends NetworkService { PhysicalNetwork translateZoneIdToPhysicalNetwork(long zoneId); - boolean isSecurityGroupSupportedInNetwork(Network network); + boolean isSecurityGroupSupportedInNetwork(Network network); + + boolean isProviderEnabled(PhysicalNetworkServiceProvider provider); + + boolean isProviderAvailable(long physicalNetowrkId, String providerName); + + boolean isServiceEnabled(Long physicalNetworkId, long networkOfferingId, Service service); } diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index dabb9233c31..f38956bbf28 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -854,13 +854,16 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag //there is only 1 diff between offering #1 and #3 - securityGroup is enabled for the first, and disabled for the third //TODO - networkOffering 1 should probably become non-system //check that offering already exists - NetworkOfferingVO offering = null; - if (_networkOfferingDao.findByUniqueName(NetworkOffering.SystemGuestNetwork) == null) { - offering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM, NetworkOffering.SystemGuestNetwork, "System Offering for System-Guest-Network", TrafficType.Guest, null, null, false, Availability.Optional, null, defaultDirectNetworkOfferingProviders, true, Network.GuestType.Shared, true); - offering.setState(NetworkOffering.State.Enabled); - _networkOfferingDao.update(offering.getId(), offering); - } + NetworkOfferingVO defaultGuestOffering = _networkOfferingDao.findByUniqueName(NetworkOffering.SystemGuestNetwork); + if (defaultGuestOffering == null) { + defaultGuestOffering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM, NetworkOffering.SystemGuestNetwork, "System Offering for System-Guest-Network", TrafficType.Guest, null, null, false, Availability.Optional, null, defaultDirectNetworkOfferingProviders, true, Network.GuestType.Shared, true); + defaultGuestOffering.setState(NetworkOffering.State.Enabled); + _networkOfferingDao.update(defaultGuestOffering.getId(), defaultGuestOffering); + } + _systemNetworks.put(NetworkOfferingVO.SystemGuestNetwork, defaultGuestOffering); + + NetworkOfferingVO offering = null; if (_networkOfferingDao.findByUniqueName(NetworkOffering.DefaultVirtualizedNetworkOffering) == null) { offering = _configMgr.createNetworkOffering(Account.ACCOUNT_ID_SYSTEM,NetworkOffering.DefaultVirtualizedNetworkOffering, "Virtual Vlan", TrafficType.Guest, null, null, false, Availability.Required, null, defaultVirtualNetworkOfferingProviders, true, Network.GuestType.Isolated, false); offering.setState(NetworkOffering.State.Enabled); @@ -1440,7 +1443,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag element.prepare(network, profile, vmProfile, dest, context); } - profile.setSecurityGroupEnabled(isServiceSupportedByNetworkOffering(network.getNetworkOfferingId(), Service.SecurityGroup)); + profile.setSecurityGroupEnabled(isServiceEnabled(network.getPhysicalNetworkId(), network.getNetworkOfferingId(), Service.SecurityGroup)); guru.updateNicProfile(profile, network); vmProfile.addNic(profile); } @@ -1674,6 +1677,10 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag isDomainSpecific = true; } } + + + //FIXME - need to check if all providers are supported by the physical network + //FIXME - need to check that the traffic type is supported Account owner = null; if (cmd.getAccountName() != null && cmd.getDomainId() != null) { @@ -4360,6 +4367,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag return _pNTrafficTypeDao.listBy(physicalNetworkId); } + @Override public PhysicalNetwork getDefaultPhysicalNetworkByZoneAndTrafficType(long zoneId, TrafficType trafficType) { PhysicalNetworkVO network = null; @@ -4376,4 +4384,42 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag return networkList.get(0); } + + + @Override + public boolean isProviderEnabled(PhysicalNetworkServiceProvider provider) { + if (provider == null || provider.getState() != PhysicalNetworkServiceProvider.State.Enabled) { //TODO: check for other states: Shutdown? + return false; + } + return true; + } + + @Override + public boolean isProviderAvailable(long physicalNetowrkId, String providerName) { + PhysicalNetworkServiceProviderVO ntwkSvcProvider = _pNSPDao.findByServiceProvider(physicalNetowrkId, providerName); + return isProviderEnabled(ntwkSvcProvider); + } + + @Override + public boolean isServiceEnabled(Long physicalNetworkId, long networkOfferingId, Service service) { + //check if the service is supported by the network offering + if (!isServiceSupportedByNetworkOffering(networkOfferingId, service)) { + s_logger.debug("Service " + service.getName() + " is not supported by the network offering id=" + networkOfferingId); + return false; + } + + //get providers for the service and check if all of them are supported + if (physicalNetworkId != null) { + List providers = _ntwkOfferingSrvcDao.getProvidersForService(networkOfferingId, service); + for (String provider : providers) { + if (!isProviderAvailable(physicalNetworkId, provider)) { + s_logger.debug("Provider " + provider + " is not enabled in physical network id=" + physicalNetworkId); + return false; + } + } + } + + return true; + } + } diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java index f57043a89f9..06d533f96db 100755 --- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java +++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java @@ -911,7 +911,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG @Override @DB public boolean addInstanceToGroups(final Long userVmId, final List groups) { - if (!isVmSecurityGroupEnabled(userVmId)) { + if (!isVmNetworkOffSupportsSecurityGroup(userVmId)) { s_logger.trace("User vm " + userVmId + " is not security group enabled, not adding it to security group"); return false; } @@ -1281,7 +1281,20 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG List nics = _networkMgr.getNicProfiles(vm); for (NicProfile nic : nics) { Network network = _networkMgr.getNetwork(nic.getNetworkId()); - if (_networkMgr.isSecurityGroupSupportedInNetwork(network) && vm.getHypervisorType() != HypervisorType.VMware) { + if (_networkMgr.isServiceEnabled(network.getPhysicalNetworkId(), network.getNetworkOfferingId(), Service.SecurityGroup) && vm.getHypervisorType() != HypervisorType.VMware) { + return true; + } + } + return false; + } + + + protected boolean isVmNetworkOffSupportsSecurityGroup(Long vmId) { + VirtualMachine vm = _vmDao.findByIdIncludingRemoved(vmId); + List nics = _networkMgr.getNicProfiles(vm); + for (NicProfile nic : nics) { + Network network = _networkMgr.getNetwork(nic.getNetworkId()); + if (_networkMgr.isServiceSupportedByNetworkOffering(network.getNetworkOfferingId(), Service.SecurityGroup) && vm.getHypervisorType() != HypervisorType.VMware) { return true; } } diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java index 55ca40c96c0..0eba597d824 100644 --- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java +++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java @@ -68,7 +68,6 @@ public class SecurityGroupManagerImpl2 extends SecurityGroupManagerImpl{ } } } - } @Override @@ -113,10 +112,7 @@ public class SecurityGroupManagerImpl2 extends SecurityGroupManagerImpl{ s_logger.debug("Security Group Mgr v2: done scheduling ruleset updates for " + workItems.size() + " vms: num new jobs=" + newJobs + " num rows insert or updated=" + updated + " time taken=" + p.getDuration()); } - } - - - + } @Override public boolean start() { diff --git a/server/src/com/cloud/offerings/NetworkOfferingVO.java b/server/src/com/cloud/offerings/NetworkOfferingVO.java index dbecbb757c9..791169000b0 100644 --- a/server/src/com/cloud/offerings/NetworkOfferingVO.java +++ b/server/src/com/cloud/offerings/NetworkOfferingVO.java @@ -29,7 +29,6 @@ import javax.persistence.Id; import javax.persistence.Table; import com.cloud.network.Network; -import com.cloud.network.Network.GuestType; import com.cloud.network.Networks.TrafficType; import com.cloud.offering.NetworkOffering; import com.cloud.utils.db.GenericDao; diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index 4a12ed2e22d..e897aa2d781 100755 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -2008,7 +2008,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager if (securityGroupIdList != null && isVmWare) { throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor"); - } else if (!isVmWare) { + } else if (!isVmWare && _networkMgr.isServiceSupportedByNetworkOffering(defaultNetwork.getNetworkOfferingId(), Service.SecurityGroup)) { if (securityGroupIdList == null) { securityGroupIdList = new ArrayList(); } @@ -2063,6 +2063,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager } networkList.add(networkWithSecurityGroup); + isSecurityGroupEnabledNetworkUsed = true; } else if (securityGroupIdList != null && !securityGroupIdList.isEmpty()) { if (isVmWare) { @@ -2496,7 +2497,6 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager throw new CloudRuntimeException("Unable to assign Vm to the group " + group); } - _securityGroupMgr.addInstanceToGroups(vm.getId(), securityGroupIdList); return vm;