etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Move applyRules to the rightful place(s). Not sure why applyIps is required during applyRules, so we still have a reference back into a (simplified) applyRules in NetworkManager

This commit is contained in:
Chiradeep Vittal 2013-01-04 19:22:53 -08:00
parent e37f458a8d
commit a64b386714
5 changed files with 158 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
server/src/com/cloud/network/NetworkManager.java
View File

@ -41,8 +41,6 @@ import com.cloud.network.Network.Service;
import com.cloud.network.Networks.TrafficType;
import com.cloud.network.addr.PublicIp;
import com.cloud.network.element.NetworkElement;
import com.cloud.network.element.RemoteAccessVPNServiceProvider;
import com.cloud.network.element.Site2SiteVpnServiceProvider;
import com.cloud.network.element.UserDataServiceProvider;
import com.cloud.network.guru.NetworkGuru;
import com.cloud.network.rules.FirewallRule;
@ -50,7 +48,6 @@ import com.cloud.network.rules.StaticNat;
import com.cloud.offering.NetworkOffering;
import com.cloud.offerings.NetworkOfferingVO;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
import com.cloud.utils.Pair;
import com.cloud.vm.Nic;
import com.cloud.vm.NicProfile;
@ -137,6 +134,8 @@ public interface NetworkManager extends NetworkService {
String getNextAvailableMacAddressInNetwork(long networkConfigurationId) throws InsufficientAddressCapacityException;
boolean applyRules(List<? extends FirewallRule> rules, boolean continueOnError) throws ResourceUnavailableException;
boolean applyRules(List<? extends FirewallRule> rules, FirewallRule.Purpose purpose, NetworkRuleApplier applier, boolean continueOnError) throws ResourceUnavailableException;
public boolean validateRule(FirewallRule rule);

43
server/src/com/cloud/network/NetworkManagerImpl.java
View File

@ -3740,6 +3740,49 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
return true;
}
@Override
public boolean applyRules(List<? extends FirewallRule> rules, FirewallRule.Purpose purpose,
NetworkRuleApplier applier, boolean continueOnError) throws ResourceUnavailableException {
if (rules == null || rules.size() == 0) {
s_logger.debug("There are no rules to forward to the network elements");
return true;
}
boolean success = true;
Network network = _networksDao.findById(rules.get(0).getNetworkId());
// get the list of public ip's owned by the network
List<IPAddressVO> userIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), null);
List<PublicIp> publicIps = new ArrayList<PublicIp>();
if (userIps != null && !userIps.isEmpty()) {
for (IPAddressVO userIp : userIps) {
PublicIp publicIp = new PublicIp(userIp, _vlanDao.findById(userIp.getVlanId()), NetUtils.createSequenceBasedMacAddress(userIp.getMacAddress()));
publicIps.add(publicIp);
}
}
// rules can not programmed unless IP is associated with network service provider, so run IP assoication for
// the network so as to ensure IP is associated before applying rules (in add state)
applyIpAssociations(network, false, continueOnError, publicIps);
try {
applier.applyRules(network, purpose, rules);
} catch (ResourceUnavailableException e) {
if (!continueOnError) {
throw e;
}
s_logger.warn("Problems with applying " + purpose + " rules but pushing on", e);
success = false;
}
// if all the rules configured on public IP are revoked then dis-associate IP with network service provider
applyIpAssociations(network, true, continueOnError, publicIps);
return success;
}
@Override
/* The rules here is only the same kind of rule, e.g. all load balancing rules or all port forwarding rules */
public boolean applyRules(List<? extends FirewallRule> rules, boolean continueOnError) throws ResourceUnavailableException {

28
server/src/com/cloud/network/NetworkRuleApplier.java Normal file
View File

@ -0,0 +1,28 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network;
import java.util.List;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.rules.FirewallRule;
public interface NetworkRuleApplier {
public boolean applyRules(Network network, FirewallRule.Purpose purpose, List<? extends FirewallRule> rules) throws ResourceUnavailableException;
}

64
server/src/com/cloud/network/firewall/FirewallManagerImpl.java
View File

@ -46,18 +46,24 @@ import com.cloud.network.Network;
import com.cloud.network.Network.Capability;
import com.cloud.network.Network.Service;
import com.cloud.network.NetworkManager;
import com.cloud.network.NetworkRuleApplier;
import com.cloud.network.dao.FirewallRulesCidrsDao;
import com.cloud.network.dao.FirewallRulesDao;
import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.element.FirewallServiceProvider;
import com.cloud.network.element.NetworkACLServiceProvider;
import com.cloud.network.element.NetworkElement;
import com.cloud.network.element.PortForwardingServiceProvider;
import com.cloud.network.element.StaticNatServiceProvider;
import com.cloud.network.rules.FirewallManager;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.FirewallRule.FirewallRuleType;
import com.cloud.network.rules.FirewallRule.Purpose;
import com.cloud.network.rules.FirewallRule.State;
import com.cloud.network.rules.FirewallRuleVO;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.rules.PortForwardingRuleVO;
import com.cloud.network.rules.StaticNat;
import com.cloud.network.rules.dao.PortForwardingRulesDao;
import com.cloud.network.vpc.VpcManager;
import com.cloud.projects.Project.ListProjectResourcesCriteria;
@ -87,7 +93,7 @@ import com.cloud.vm.UserVmVO;
import com.cloud.vm.dao.UserVmDao;
@Local(value = { FirewallService.class, FirewallManager.class})
public class FirewallManagerImpl implements FirewallService, FirewallManager, Manager {
public class FirewallManagerImpl implements FirewallService, FirewallManager, NetworkRuleApplier, Manager {
private static final Logger s_logger = Logger.getLogger(FirewallManagerImpl.class);
String _name;
@ -122,6 +128,15 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
@Inject(adapter = FirewallServiceProvider.class)
Adapters<FirewallServiceProvider> _firewallElements;
@Inject(adapter = PortForwardingServiceProvider.class)
Adapters<PortForwardingServiceProvider> _pfElements;
@Inject(adapter = StaticNatServiceProvider.class)
Adapters<StaticNatServiceProvider> _staticNatElements;
@Inject(adapter = NetworkACLServiceProvider.class)
Adapters<NetworkACLServiceProvider> _networkAclElements;
private boolean _elbEnabled = false;
@Override
@ -434,7 +449,12 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
public boolean applyRules(List<? extends FirewallRule> rules, boolean continueOnError, boolean updateRulesInDB)
throws ResourceUnavailableException {
boolean success = true;
if (!_networkMgr.applyRules(rules, continueOnError)) {
if (rules == null || rules.size() == 0) {
s_logger.debug("There are no rules to forward to the network elements");
return true;
}
Purpose purpose = rules.get(0).getPurpose();
if (!_networkMgr.applyRules(rules, purpose, this, continueOnError)) {
s_logger.warn("Rules are not completely applied");
return false;
} else {
@ -466,6 +486,46 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
return success;
}
@Override
public boolean applyRules(Network network, Purpose purpose, List<? extends FirewallRule> rules)
throws ResourceUnavailableException {
boolean handled = false;
switch (purpose){
case Firewall:
for (FirewallServiceProvider fwElement: _firewallElements) {
handled = fwElement.applyFWRules(network, rules);
if (handled)
break;
}
case PortForwarding:
for (PortForwardingServiceProvider element: _pfElements) {
handled = element.applyPFRules(network, (List<PortForwardingRule>) rules);
if (handled)
break;
}
break;
case StaticNat:
for (StaticNatServiceProvider element: _staticNatElements) {
handled = element.applyStaticNats(network, (List<? extends StaticNat>) rules);
if (handled)
break;
}
break;
case NetworkACL:
for (NetworkACLServiceProvider element: _networkAclElements) {
handled = element.applyNetworkACLs(network, (List<? extends FirewallRule>) rules);
if (handled)
break;
}
break;
default:
assert(false): "Unexpected fall through in applying rules to the network elements";
s_logger.error("FirewallManager cannot process rules of type " + purpose);
throw new CloudRuntimeException("FirewallManager cannot process rules of type " + purpose);
}
return handled;
}
@Override
public void removeRule(FirewallRule rule) {

28
server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
View File

@ -68,6 +68,7 @@ import com.cloud.network.Network.Capability;
import com.cloud.network.Network.Provider;
import com.cloud.network.Network.Service;
import com.cloud.network.NetworkManager;
import com.cloud.network.NetworkRuleApplier;
import com.cloud.network.NetworkVO;
import com.cloud.network.as.AutoScalePolicy;
import com.cloud.network.as.AutoScalePolicyConditionMapVO;
@ -92,6 +93,7 @@ import com.cloud.network.dao.LoadBalancerDao;
import com.cloud.network.dao.LoadBalancerVMMapDao;
import com.cloud.network.dao.NetworkDao;
import com.cloud.network.dao.NetworkServiceMapDao;
import com.cloud.network.element.LoadBalancingServiceProvider;
import com.cloud.network.lb.LoadBalancingRule.LbAutoScalePolicy;
import com.cloud.network.lb.LoadBalancingRule.LbAutoScaleVmGroup;
import com.cloud.network.lb.LoadBalancingRule.LbAutoScaleVmProfile;
@ -125,9 +127,9 @@ import com.cloud.user.UserContext;
import com.cloud.user.dao.AccountDao;
import com.cloud.user.dao.UserDao;
import com.cloud.uservm.UserVm;
import com.cloud.utils.IdentityProxy;
import com.cloud.utils.Pair;
import com.cloud.utils.Ternary;
import com.cloud.utils.component.Adapters;
import com.cloud.utils.component.Inject;
import com.cloud.utils.component.Manager;
import com.cloud.utils.db.DB;
@ -147,7 +149,7 @@ import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
@Local(value = { LoadBalancingRulesManager.class, LoadBalancingRulesService.class })
public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesManager, LoadBalancingRulesService, Manager {
public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesManager, LoadBalancingRulesService, NetworkRuleApplier, Manager {
private static final Logger s_logger = Logger.getLogger(LoadBalancingRulesManagerImpl.class);
String _name;
@ -226,7 +228,8 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
DataCenterDao _dcDao = null;
@Inject
UserDao _userDao;
@Inject(adapter = LoadBalancingServiceProvider.class)
Adapters<LoadBalancingServiceProvider> _lbProviders;
// Will return a string. For LB Stickiness this will be a json, for autoscale this will be "," separated values
@Override
@ -324,7 +327,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
List<LoadBalancingRule> rules = Arrays.asList(rule);
if (!_networkMgr.applyRules(rules, false)) {
if (!_networkMgr.applyRules(rules, FirewallRule.Purpose.LoadBalancing, this, false)) {
s_logger.debug("LB rules' autoscale config are not completely applied");
return false;
}
@ -1119,6 +1122,19 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
return true;
}
}
@Override
public boolean applyRules(Network network, Purpose purpose, List<? extends FirewallRule> rules)
throws ResourceUnavailableException {
assert(purpose == Purpose.LoadBalancing): "LB Manager asked to handle non-LB rules";
boolean handled = false;
for (LoadBalancingServiceProvider lbElement: _lbProviders) {
handled = lbElement.applyLBRules(network, (List<LoadBalancingRule>) rules);
if (handled)
break;
}
return handled;
}
@DB
protected boolean applyLoadBalancerRules(List<LoadBalancerVO> lbs, boolean updateRulesInDB) throws ResourceUnavailableException {
@ -1132,7 +1148,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
rules.add(loadBalancing);
}
if (!_networkMgr.applyRules(rules, false)) {
if (!_networkMgr.applyRules(rules, FirewallRule.Purpose.LoadBalancing, this, false)) {
s_logger.debug("LB rules are not completely applied");
return false;
}
@ -1569,4 +1585,6 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
//remove the rule
_lbDao.remove(rule.getId());
}
}