diff --git a/core/src/com/cloud/agent/resource/virtualnetwork/ConfigHelper.java b/core/src/com/cloud/agent/resource/virtualnetwork/ConfigHelper.java index f66e34b1212..dcc8f472c26 100644 --- a/core/src/com/cloud/agent/resource/virtualnetwork/ConfigHelper.java +++ b/core/src/com/cloud/agent/resource/virtualnetwork/ConfigHelper.java @@ -69,6 +69,7 @@ import com.cloud.agent.resource.virtualnetwork.model.IpAliases; import com.cloud.agent.resource.virtualnetwork.model.IpAssociation; import com.cloud.agent.resource.virtualnetwork.model.NetworkACL; import com.cloud.agent.resource.virtualnetwork.model.ProtocolAclRule; +import com.cloud.agent.resource.virtualnetwork.model.Site2SiteVpn; import com.cloud.agent.resource.virtualnetwork.model.StaticNatRule; import com.cloud.agent.resource.virtualnetwork.model.StaticNatRules; import com.cloud.agent.resource.virtualnetwork.model.TcpAclRule; @@ -122,9 +123,9 @@ public class ConfigHelper { } else if (cmd instanceof RemoteAccessVpnCfgCommand) { cfg = generateConfig((RemoteAccessVpnCfgCommand)cmd); } else if (cmd instanceof VpnUsersCfgCommand) { - cfg = generateConfig((VpnUsersCfgCommand)cmd); // Migrated + cfg = generateConfig((VpnUsersCfgCommand)cmd); // Migrated (SB) } else if (cmd instanceof Site2SiteVpnCfgCommand) { - cfg = generateConfig((Site2SiteVpnCfgCommand)cmd); + cfg = generateConfig((Site2SiteVpnCfgCommand)cmd); // Migrated (SB) } else if (cmd instanceof SetMonitorServiceCommand) { cfg = generateConfig((SetMonitorServiceCommand)cmd); } else if (cmd instanceof SetupGuestNetworkCommand) { @@ -303,12 +304,6 @@ public class ConfigHelper { return cfg; } - private static List generateConfig(VmDataCommand cmd) { - VmData vmData = new VmData(cmd.getVmIpAddress(), cmd.getVmData()); - - return generateConfigItems(vmData); - } - private static List generateConfig(SavePasswordCommand cmd) { VmPassword vmPassword = new VmPassword(cmd.getVmIpAddress(), cmd.getPassword()); @@ -378,55 +373,21 @@ public class ConfigHelper { return cfg; } - private static List generateConfig(Site2SiteVpnCfgCommand cmd) { - LinkedList cfg = new LinkedList<>(); - String args = ""; - if (cmd.isCreate()) { - args += "-A"; - args += " -l "; - args += cmd.getLocalPublicIp(); - args += " -n "; - args += cmd.getLocalGuestCidr(); - args += " -g "; - args += cmd.getLocalPublicGateway(); - args += " -r "; - args += cmd.getPeerGatewayIp(); - args += " -N "; - args += cmd.getPeerGuestCidrList(); - args += " -e "; - args += "\"" + cmd.getEspPolicy() + "\""; - args += " -i "; - args += "\"" + cmd.getIkePolicy() + "\""; - args += " -t "; - args += Long.toString(cmd.getIkeLifetime()); - args += " -T "; - args += Long.toString(cmd.getEspLifetime()); - args += " -s "; - args += "\"" + cmd.getIpsecPsk() + "\""; - args += " -d "; - if (cmd.getDpd()) { - args += "1"; - } else { - args += "0"; - } - if (cmd.isPassive()) { - args += " -p "; - } - } else { - args += "-D"; - args += " -r "; - args += cmd.getPeerGatewayIp(); - args += " -n "; - args += cmd.getLocalGuestCidr(); - args += " -N "; - args += cmd.getPeerGuestCidrList(); - } + private static List generateConfig(VmDataCommand cmd) { + VmData vmData = new VmData(cmd.getVmIpAddress(), cmd.getVmData()); - cfg.add(new ScriptConfigItem(VRScripts.S2SVPN_IPSEC, args)); - return cfg; + return generateConfigItems(vmData); } + private static List generateConfig(Site2SiteVpnCfgCommand cmd) { + Site2SiteVpn site2siteVpn = new Site2SiteVpn(cmd.getLocalPublicIp(), cmd.getLocalGuestCidr(), cmd.getLocalPublicGateway(), cmd.getPeerGatewayIp(), + cmd.getPeerGuestCidrList(), cmd.getEspPolicy(), cmd.getIkePolicy(), cmd.getIpsecPsk(), cmd.getIkeLifetime(), cmd.getEspLifetime(), cmd.isCreate(), cmd.getDpd(), + cmd.isPassive()); + return generateConfigItems(site2siteVpn); + } + + private static List generateConfig(SetMonitorServiceCommand cmd) { LinkedList cfg = new LinkedList<>(); @@ -590,6 +551,9 @@ public class ConfigHelper { case ConfigBase.VPN_USER_LIST: destinationFile = VRScripts.VPN_USER_LIST_CONFIG; break; + case ConfigBase.SITE2SITEVPN: + destinationFile = VRScripts.SITE_2_SITE_VPN_CONFIG; + break; default: throw new CloudRuntimeException("Unable to process the configuration for " + configuration.getType()); } diff --git a/core/src/com/cloud/agent/resource/virtualnetwork/VRScripts.java b/core/src/com/cloud/agent/resource/virtualnetwork/VRScripts.java index 6c09831b862..7821f482c4a 100644 --- a/core/src/com/cloud/agent/resource/virtualnetwork/VRScripts.java +++ b/core/src/com/cloud/agent/resource/virtualnetwork/VRScripts.java @@ -30,6 +30,7 @@ public class VRScripts { protected static final String FORWARDING_RULES_CONFIG = "forwarding_rules.json"; protected static final String VPN_USER_LIST_CONFIG = "vpn_user_list.json"; protected static final String STATICNAT_RULES_CONFIG = "staticnat_rules.json"; + protected static final String SITE_2_SITE_VPN_CONFIG = "site_2_site_vpn.json"; protected final static String CONFIG_CACHE_LOCATION = "/var/cache/cloud/"; protected final static int DEFAULT_EXECUTEINVR_TIMEOUT = 120; //Seconds diff --git a/core/src/com/cloud/agent/resource/virtualnetwork/model/ConfigBase.java b/core/src/com/cloud/agent/resource/virtualnetwork/model/ConfigBase.java index 462af81a7f5..5af1dd092d3 100644 --- a/core/src/com/cloud/agent/resource/virtualnetwork/model/ConfigBase.java +++ b/core/src/com/cloud/agent/resource/virtualnetwork/model/ConfigBase.java @@ -31,6 +31,7 @@ public abstract class ConfigBase { public static final String VPN_USER_LIST = "vpnuserlist"; public static final String STATICNAT_RULES = "staticnatrules"; public static final String IP_ALIAS_CONFIG = "ipaliases"; + public static final String SITE2SITEVPN = "site2sitevpn"; private String type = UNKNOWN; diff --git a/core/src/com/cloud/agent/resource/virtualnetwork/model/Site2SiteVpn.java b/core/src/com/cloud/agent/resource/virtualnetwork/model/Site2SiteVpn.java new file mode 100644 index 00000000000..63b04c5a65a --- /dev/null +++ b/core/src/com/cloud/agent/resource/virtualnetwork/model/Site2SiteVpn.java @@ -0,0 +1,155 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// + +package com.cloud.agent.resource.virtualnetwork.model; + +public class Site2SiteVpn extends ConfigBase { + + private String localPublicIp, localGuestCidr, localPublicGateway, peerGatewayIp, peerGuestCidrList, espPolicy, ikePolicy, ipsecPsk; + private Long ikeLifetime, espLifetime; + private boolean create, dpd, passive; + + public Site2SiteVpn() { + super(ConfigBase.SITE2SITEVPN); + } + + public Site2SiteVpn(String localPublicIp, String localGuestCidr, String localPublicGateway, String peerGatewayIp, String peerGuestCidrList, String espPolicy, + String ikePolicy, + String ipsecPsk, Long ikeLifetime, Long espLifetime, boolean create, Boolean dpd, boolean passive) { + super(ConfigBase.SITE2SITEVPN); + this.localPublicIp = localPublicIp; + this.localGuestCidr = localGuestCidr; + this.localPublicGateway = localPublicGateway; + this.peerGatewayIp = peerGatewayIp; + this.peerGuestCidrList = peerGuestCidrList; + this.espPolicy = espPolicy; + this.ikePolicy = ikePolicy; + this.ipsecPsk = ipsecPsk; + this.ikeLifetime = ikeLifetime; + this.espLifetime = espLifetime; + this.create = create; + this.dpd = dpd; + this.passive = passive; + } + + public String getLocalPublicIp() { + return localPublicIp; + } + + public void setLocalPublicIp(String localPublicIp) { + this.localPublicIp = localPublicIp; + } + + public String getLocalGuestCidr() { + return localGuestCidr; + } + + public void setLocalGuestCidr(String localGuestCidr) { + this.localGuestCidr = localGuestCidr; + } + + public String getLocalPublicGateway() { + return localPublicGateway; + } + + public void setLocalPublicGateway(String localPublicGateway) { + this.localPublicGateway = localPublicGateway; + } + + public String getPeerGatewayIp() { + return peerGatewayIp; + } + + public void setPeerGatewayIp(String peerGatewayIp) { + this.peerGatewayIp = peerGatewayIp; + } + + public String getPeerGuestCidrList() { + return peerGuestCidrList; + } + + public void setPeerGuestCidrList(String peerGuestCidrList) { + this.peerGuestCidrList = peerGuestCidrList; + } + + public String getEspPolicy() { + return espPolicy; + } + + public void setEspPolicy(String espPolicy) { + this.espPolicy = espPolicy; + } + + public String getIkePolicy() { + return ikePolicy; + } + + public void setIkePolicy(String ikePolicy) { + this.ikePolicy = ikePolicy; + } + + public String getIpsecPsk() { + return ipsecPsk; + } + + public void setIpsecPsk(String ipsecPsk) { + this.ipsecPsk = ipsecPsk; + } + + public Long getIkeLifetime() { + return ikeLifetime; + } + + public void setIkeLifetime(Long ikeLifetime) { + this.ikeLifetime = ikeLifetime; + } + + public Long getEspLifetime() { + return espLifetime; + } + + public void setEspLifetime(Long espLifetime) { + this.espLifetime = espLifetime; + } + + public boolean isCreate() { + return create; + } + + public void setCreate(boolean create) { + this.create = create; + } + + public boolean isDpd() { + return dpd; + } + + public void setDpd(boolean dpd) { + this.dpd = dpd; + } + + public boolean isPassive() { + return passive; + } + + public void setPassive(boolean passive) { + this.passive = passive; + } + +}