etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed PF and static NAT rule creation in VNMC

This commit is contained in:
Koushik Das 2013-03-30 15:54:25 +05:30
parent 7e6159fa05
commit 9c1ee93f2e
6 changed files with 58 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
View File

@ -82,9 +82,9 @@ public interface CiscoVnmcConnection {
String identifier, String policyIdentifier)
throws ExecutionException;
public boolean createTenantVDCIngressAclRuleForDNat(String tenantName,
public boolean createTenantVDCAclRuleForDNat(String tenantName,
String identifier, String policyIdentifier,
String publicIp)
String ipAddress)
throws ExecutionException;
public boolean createTenantVDCDNatPolicy(String tenantName, String identifier)
@ -113,9 +113,9 @@ public interface CiscoVnmcConnection {
String identifier, String policyIdentifier)
throws ExecutionException;
public boolean createTenantVDCIngressAclRuleForPF(String tenantName,
public boolean createTenantVDCAclRuleForPF(String tenantName,
String identifier, String policyIdentifier,
String protocol, String publicIp,
String protocol, String ipAddress,
String startPort, String endPort)
throws ExecutionException;
@ -152,8 +152,8 @@ public interface CiscoVnmcConnection {
public boolean deleteTenantVDCAclRule(String tenantName,
String identifier, String policyIdentifier) throws ExecutionException;
public boolean createTenantVDCAclPolicy(String tenantName, String identifier,
boolean ingress) throws ExecutionException;
public boolean createTenantVDCAclPolicy(String tenantName,
String identifier) throws ExecutionException;
public boolean createTenantVDCAclPolicyRef(String tenantName, String identifier,
boolean ingress) throws ExecutionException;
@ -178,9 +178,9 @@ public interface CiscoVnmcConnection {
public Map<String, String> listUnAssocAsa1000v() throws ExecutionException;
public boolean assocAsa1000v(String tenantName, String firewallDn)
public boolean assignAsa1000v(String tenantName, String firewallDn)
throws ExecutionException;
public boolean disassocAsa1000v(String tenantName, String firewallDn)
public boolean unassignAsa1000v(String tenantName, String firewallDn)
throws ExecutionException;
}

31
plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
View File

@ -79,9 +79,9 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
CREATE_IP_POOL("create-ip-pool.xml", "policy-mgr"),
CREATE_PF_RULE("create-pf-rule.xml", "policy-mgr"),
CREATE_INGRESS_ACL_RULE_FOR_PF("create-ingress-acl-rule-for-pf.xml", "policy-mgr"),
CREATE_ACL_RULE_FOR_PF("create-ingress-acl-rule-for-pf.xml", "policy-mgr"),
CREATE_DNAT_RULE("create-dnat-rule.xml", "policy-mgr"),
CREATE_INGRESS_ACL_RULE_FOR_DNAT("create-ingress-acl-rule-for-dnat.xml", "policy-mgr"),
CREATE_ACL_RULE_FOR_DNAT("create-ingress-acl-rule-for-dnat.xml", "policy-mgr"),
CREATE_SOURCE_NAT_RULE("create-source-nat-rule.xml", "policy-mgr"),
CREATE_ACL_POLICY_SET("create-acl-policy-set.xml", "policy-mgr"),
@ -583,13 +583,12 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
}
@Override
public boolean createTenantVDCAclPolicy(String tenantName, String identifier, boolean ingress) throws ExecutionException {
public boolean createTenantVDCAclPolicy(String tenantName, String identifier) throws ExecutionException {
String xml = VnmcXml.CREATE_ACL_POLICY.getXml();
String service = VnmcXml.CREATE_ACL_POLICY.getService();
xml = replaceXmlValue(xml, "cookie", _cookie);
xml = replaceXmlValue(xml, "aclpolicyname", getNameForAclPolicy(tenantName, identifier));
xml = replaceXmlValue(xml, "aclpolicydn", getDnForAclPolicy(tenantName, identifier));
xml = replaceXmlValue(xml, "aclpolicyrefdn", getDnForAclPolicyRef(tenantName, identifier, ingress));
String response = sendRequest(service, xml);
return verifySuccess(response);
@ -972,19 +971,19 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
}
@Override
public boolean createTenantVDCIngressAclRuleForPF(String tenantName,
public boolean createTenantVDCAclRuleForPF(String tenantName,
String identifier, String policyIdentifier, String protocol,
String publicIp, String startPort, String endPort)
String ipAddress, String startPort, String endPort)
throws ExecutionException {
String xml = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_PF.getXml();
String service = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_PF.getService();
String xml = VnmcXml.CREATE_ACL_RULE_FOR_PF.getXml();
String service = VnmcXml.CREATE_ACL_RULE_FOR_PF.getService();
xml = replaceXmlValue(xml, "cookie", _cookie);
xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
xml = replaceXmlValue(xml, "descr", "ACL rule for Tenant VDC " + tenantName);
xml = replaceXmlValue(xml, "actiontype", "permit");
xml = replaceXmlValue(xml, "protocolvalue", protocol);
xml = replaceXmlValue(xml, "ip", publicIp);
xml = replaceXmlValue(xml, "ip", ipAddress);
xml = replaceXmlValue(xml, "startport", startPort);
xml = replaceXmlValue(xml, "endport", endPort);
@ -1093,17 +1092,17 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
}
@Override
public boolean createTenantVDCIngressAclRuleForDNat(String tenantName,
String identifier, String policyIdentifier, String publicIp)
public boolean createTenantVDCAclRuleForDNat(String tenantName,
String identifier, String policyIdentifier, String ipAddress)
throws ExecutionException {
String xml = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_DNAT.getXml();
String service = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_DNAT.getService();
String xml = VnmcXml.CREATE_ACL_RULE_FOR_DNAT.getXml();
String service = VnmcXml.CREATE_ACL_RULE_FOR_DNAT.getService();
xml = replaceXmlValue(xml, "cookie", _cookie);
xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
xml = replaceXmlValue(xml, "descr", "ACL rule for Tenant VDC " + tenantName);
xml = replaceXmlValue(xml, "actiontype", "permit");
xml = replaceXmlValue(xml, "ip", publicIp);
xml = replaceXmlValue(xml, "ip", ipAddress);
List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
int order = 100;
@ -1229,7 +1228,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
}
@Override
public boolean assocAsa1000v(String tenantName, String firewallDn) throws ExecutionException {
public boolean assignAsa1000v(String tenantName, String firewallDn) throws ExecutionException {
String xml = VnmcXml.ASSIGN_ASA1000V.getXml();
String service = VnmcXml.ASSIGN_ASA1000V.getService();
xml = replaceXmlValue(xml, "cookie", _cookie);
@ -1241,7 +1240,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
}
@Override
public boolean disassocAsa1000v(String tenantName, String firewallDn) throws ExecutionException {
public boolean unassignAsa1000v(String tenantName, String firewallDn) throws ExecutionException {
String xml = VnmcXml.UNASSIGN_ASA1000V.getXml();
String service = VnmcXml.UNASSIGN_ASA1000V.getService();
xml = replaceXmlValue(xml, "cookie", _cookie);

4
plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
View File

@ -334,8 +334,6 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
}
// create logical edge firewall in VNMC
//String insideIp = _networkMgr.acquireGuestIpAddress(network, null);
//if (!createLogicalEdgeFirewall(vlanId, insideIp, sourceNatIp.getAddress().addr(), ciscoVnmcHost.getId())) {
if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), sourceNatIp.getAddress().addr(), publicGateways, ciscoVnmcHost.getId())) {
s_logger.error("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName());
return false;
@ -420,7 +418,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
if (!devices.isEmpty()) {
CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
cleanupLogicalEdgeFirewall(vlanId, ciscoVnmcHost.getId());
}

61
plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
View File

@ -346,21 +346,14 @@ public class CiscoVnmcResource implements ServerResource {
for (String publicIp : publicIpRulesMap.keySet()) {
String policyIdentifier = publicIp.replace('.', '-');
/*if (!_connection.deleteTenantVDCAclPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to delete ACL ingress policy in VNMC for guest network with vlan " + vlanId);
}*/
if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier, true)) {
throw new Exception("Failed to create ACL ingress policy in VNMC for guest network with vlan " + vlanId);
if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) {
throw new Exception("Failed to associate ACL ingress policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier, false)) {
throw new Exception("Failed to create ACL egress policy in VNMC for guest network with vlan " + vlanId);
throw new Exception("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) {
throw new Exception("Failed to associate ACL egress policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId);
throw new Exception("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId);
}
for (FirewallRuleTO rule : publicIpRulesMap.get(publicIp)) {
@ -437,10 +430,6 @@ public class CiscoVnmcResource implements ServerResource {
for (String publicIp : publicIpRulesMap.keySet()) {
String policyIdentifier = publicIp.replace('.', '-');
/*if (!_connection.deleteTenantVDCDNatPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to delete DNAT policy in VNMC for guest network with vlan " + vlanId);
}*/
if (!_connection.createTenantVDCDNatPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to create DNAT policy in VNMC for guest network with vlan " + vlanId);
}
@ -448,11 +437,14 @@ public class CiscoVnmcResource implements ServerResource {
throw new Exception("Failed to associate DNAT policy with NAT policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier, true)) {
throw new Exception("Failed to create ACL ingress policy in VNMC for guest network with vlan " + vlanId);
if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) {
throw new Exception("Failed to associate ACL ingress policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
throw new Exception("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) {
throw new Exception("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId);
}
for (StaticNatRuleTO rule : publicIpRulesMap.get(publicIp)) {
@ -474,9 +466,9 @@ public class CiscoVnmcResource implements ServerResource {
throw new Exception("Failed to create DNAT rule in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCIngressAclRuleForDNat(tenant,
Long.toString(rule.getId()), policyIdentifier, rule.getSrcIp())) {
throw new Exception("Failed to create ACL ingress rule for DNAT in VNMC for guest network with vlan " + vlanId);
if (!_connection.createTenantVDCAclRuleForDNat(tenant,
Long.toString(rule.getId()), policyIdentifier, rule.getDstIp())) {
throw new Exception("Failed to create ACL rule for DNAT in VNMC for guest network with vlan " + vlanId);
}
}
}
@ -526,13 +518,13 @@ public class CiscoVnmcResource implements ServerResource {
throw new Exception("Failed to create ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicySet(tenant, false)) {
throw new Exception("Failed to create ACL egress policy set in VNMC for guest network with vlan " + vlanId);
}
for (String publicIp : publicIpRulesMap.keySet()) {
String policyIdentifier = publicIp.replace('.', '-');
/*if (!_connection.deleteTenantVDCPFPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to delete ACL ingress policy in VNMC for guest network with vlan " + vlanId);
}*/
if (!_connection.createTenantVDCPFPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to create PF policy in VNMC for guest network with vlan " + vlanId);
}
@ -540,11 +532,14 @@ public class CiscoVnmcResource implements ServerResource {
throw new Exception("Failed to associate PF policy with NAT policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier, true)) {
throw new Exception("Failed to create ACL ingress policy in VNMC for guest network with vlan " + vlanId);
if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
throw new Exception("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) {
throw new Exception("Failed to associate ACL ingress policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
throw new Exception("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) {
throw new Exception("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId);
}
for (PortForwardingRuleTO rule : publicIpRulesMap.get(publicIp)) {
@ -572,11 +567,11 @@ public class CiscoVnmcResource implements ServerResource {
throw new Exception("Failed to create PF rule in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCIngressAclRuleForPF(tenant,
if (!_connection.createTenantVDCAclRuleForPF(tenant,
Long.toString(rule.getId()), policyIdentifier,
rule.getProtocol().toUpperCase(), rule.getSrcIp(),
Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]))) {
throw new Exception("Failed to create ACL ingress rule for PF in VNMC for guest network with vlan " + vlanId);
rule.getProtocol().toUpperCase(), rule.getDstIp(),
Integer.toString(rule.getDstPortRange()[0]), Integer.toString(rule.getDstPortRange()[1]))) {
throw new Exception("Failed to create ACL rule for PF in VNMC for guest network with vlan " + vlanId);
}
}
}
@ -702,7 +697,7 @@ public class CiscoVnmcResource implements ServerResource {
throw new Exception("Requested ASA 1000v (" + cmd.getAsaMgmtIp() + ") is not available");
}
if (!_connection.assocAsa1000v(tenant, asaInstanceDn)) {
if (!_connection.assignAsa1000v(tenant, asaInstanceDn)) {
throw new Exception("Failed to associate ASA 1000v (" + cmd.getAsaMgmtIp() + ") with logical edge firewall for guest vlan " + cmd.getVlanId());
}
} catch (Throwable e) {

2
plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java
View File

@ -238,7 +238,7 @@ public class CiscoVnmcConnectionTest {
@Test
public void assocAsa1000v() {
try {
boolean result = connection.assocAsa1000v(tenantName, fwDns.get(0));
boolean result = connection.assignAsa1000v(tenantName, fwDns.get(0));
assertTrue(result);
} catch (ExecutionException e) {
// TODO Auto-generated catch block

10
plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java
View File

@ -165,7 +165,7 @@ public class CiscoVnmcResourceTest {
_resource.configure("CiscoVnmcResource", _parameters);
_resource.setConnection(_connection);
when(_connection.createTenantVDCAclPolicySet(anyString(), anyBoolean())).thenReturn(true);
when(_connection.createTenantVDCAclPolicy(anyString(), anyString(), anyBoolean())).thenReturn(true);
when(_connection.createTenantVDCAclPolicy(anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCAclPolicyRef(anyString(), anyString(), anyBoolean())).thenReturn(true);
when(_connection.deleteTenantVDCAclRule(anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCIngressAclRule(
@ -204,14 +204,14 @@ public class CiscoVnmcResourceTest {
when(_connection.createTenantVDCAclPolicySet(anyString(), anyBoolean())).thenReturn(true);
when(_connection.createTenantVDCDNatPolicy(anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCDNatPolicyRef(anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCAclPolicy(anyString(), anyString(), anyBoolean())).thenReturn(true);
when(_connection.createTenantVDCAclPolicy(anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCAclPolicyRef(anyString(), anyString(), anyBoolean())).thenReturn(true);
when(_connection.deleteTenantVDCDNatRule(anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.deleteTenantVDCAclRule(anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCDNatIpPool(anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCDNatRule(anyString(),
anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCIngressAclRuleForDNat(anyString(),
when(_connection.createTenantVDCAclRuleForDNat(anyString(),
anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.associateNatPolicySet(anyString())).thenReturn(true);
@ -241,7 +241,7 @@ public class CiscoVnmcResourceTest {
when(_connection.createTenantVDCAclPolicySet(anyString(), anyBoolean())).thenReturn(true);
when(_connection.createTenantVDCPFPolicy(anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCPFPolicyRef(anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCAclPolicy(anyString(), anyString(), anyBoolean())).thenReturn(true);
when(_connection.createTenantVDCAclPolicy(anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCAclPolicyRef(anyString(), anyString(), anyBoolean())).thenReturn(true);
when(_connection.deleteTenantVDCPFRule(anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.deleteTenantVDCAclRule(anyString(), anyString(), anyString())).thenReturn(true);
@ -250,7 +250,7 @@ public class CiscoVnmcResourceTest {
when(_connection.createTenantVDCPFRule(anyString(),
anyString(), anyString(), anyString(),
anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.createTenantVDCIngressAclRuleForPF(anyString(),
when(_connection.createTenantVDCAclRuleForPF(anyString(),
anyString(), anyString(), anyString(),
anyString(), anyString(), anyString())).thenReturn(true);
when(_connection.associateNatPolicySet(anyString())).thenReturn(true);