diff --git a/core/src/com/cloud/network/dao/FirewallRulesDao.java b/core/src/com/cloud/network/dao/FirewallRulesDao.java index 31add033acb..d9247c36fdf 100644 --- a/core/src/com/cloud/network/dao/FirewallRulesDao.java +++ b/core/src/com/cloud/network/dao/FirewallRulesDao.java @@ -52,5 +52,6 @@ public interface FirewallRulesDao extends GenericDao { public List findByPublicIpPrivateIpForNatRule(String publicIp,String privateIp); public List listByPrivateIp(String privateIp); public boolean isPublicIpOneToOneNATted(String publicIp); - void deleteIPForwardingByPublicIpAndPort(String ipAddress, String port); + void deleteIPForwardingByPublicIpAndPort(String ipAddress, String port); + public List listIPForwardingForLB(long userId, long dcId); } diff --git a/core/src/com/cloud/network/dao/FirewallRulesDaoImpl.java b/core/src/com/cloud/network/dao/FirewallRulesDaoImpl.java index 0b568e2328e..cd83a38d661 100644 --- a/core/src/com/cloud/network/dao/FirewallRulesDaoImpl.java +++ b/core/src/com/cloud/network/dao/FirewallRulesDaoImpl.java @@ -43,7 +43,9 @@ public class FirewallRulesDaoImpl extends GenericDaoBase i private static final Logger s_logger = Logger.getLogger(FirewallRulesDaoImpl.class); public static String SELECT_IP_FORWARDINGS_BY_USERID_SQL = null; - public static String SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL = null; + public static String SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL = null; + public static String SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL = null; + public static final String DELETE_IP_FORWARDING_BY_IPADDRESS_SQL = "DELETE FROM ip_forwarding WHERE public_ip_address = ?"; public static final String DELETE_IP_FORWARDING_BY_IP_PORT_SQL = "DELETE FROM ip_forwarding WHERE public_ip_address = ? and public_port = ?"; @@ -59,7 +61,8 @@ public class FirewallRulesDaoImpl extends GenericDaoBase i protected SearchBuilder FWByPrivateIPSearch; protected SearchBuilder RulesExcludingPubIpPort; protected SearchBuilder FWByGroupId; - protected SearchBuilder FWByIpForLB; + protected SearchBuilder FWByIpForLB; + protected SearchBuilder FWByGroupAndPrivateIp; protected SearchBuilder FWByPrivateIpPrivatePortPublicIpPublicPortSearch; protected SearchBuilder OneToOneNATSearch; @@ -82,7 +85,13 @@ public class FirewallRulesDaoImpl extends GenericDaoBase i SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL = buildSelectByUserIdAndDatacenterIdSql(); if (s_logger.isDebugEnabled()) { s_logger.debug(SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL); - } + } + + SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL = buildSelectByUserIdAndDatacenterIdForLBSql(); + if (s_logger.isDebugEnabled()) { + s_logger.debug(SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL); + } + FWByIPSearch = createSearchBuilder(); FWByIPSearch.and("publicIpAddress", FWByIPSearch.entity().getPublicIpAddress(), SearchCriteria.Op.EQ); @@ -149,6 +158,7 @@ public class FirewallRulesDaoImpl extends GenericDaoBase i FWByIpForLB.and("groupId", FWByIpForLB.entity().getGroupId(), SearchCriteria.Op.NNULL); FWByIpForLB.and("forwarding", FWByIpForLB.entity().isForwarding(), SearchCriteria.Op.EQ); FWByIpForLB.done(); + return true; } @@ -162,6 +172,10 @@ public class FirewallRulesDaoImpl extends GenericDaoBase i protected String buildSelectByUserIdAndDatacenterIdSql() { return "SELECT i.id, i.group_id, i.public_ip_address, i.public_port, i.private_ip_address, i.private_port, i.enabled, i.protocol, i.forwarding, i.algorithm FROM ip_forwarding i, user_ip_address u WHERE i.public_ip_address=u.public_ip_address AND u.account_id=? AND u.data_center_id=?"; + } + + protected String buildSelectByUserIdAndDatacenterIdForLBSql() { + return "SELECT i.id, i.group_id, i.public_ip_address, i.public_port, i.private_ip_address, i.private_port, i.enabled, i.protocol, i.forwarding, i.algorithm FROM ip_forwarding i, user_ip_address u WHERE i.public_ip_address=u.public_ip_address AND u.account_id=? AND u.data_center_id=? AND i.group_id is not NULL"; } public List listIPForwarding(String publicIPAddress, boolean forwarding) { @@ -391,5 +405,24 @@ public class FirewallRulesDaoImpl extends GenericDaoBase i sc.setParameters("publicIpAddress", publicIp); sc.setParameters("forwarding", false); return search(sc, null); - } + } + + @Override + public List listIPForwardingForLB(long userId, long dcId) { + Transaction txn = Transaction.currentTxn(); + List forwardings = new ArrayList(); + PreparedStatement pstmt = null; + try { + pstmt = txn.prepareAutoCloseStatement(SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL); + pstmt.setLong(1, userId); + pstmt.setLong(2, dcId); + ResultSet rs = pstmt.executeQuery(); + while (rs.next()) { + forwardings.add(toEntityBean(rs, false)); + } + } catch (Exception e) { + s_logger.warn(e); + } + return forwardings; + } } diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index f40f63ba11d..d356e3fb57c 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -825,11 +825,12 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag if (rule.isForwarding()) { return updatePortForwardingRule(rule, router, hostId, oldPrivateIP, oldPrivatePort); - } else { - final List fwRules = _rulesDao.listIPForwarding(ipVO.getAccountId(), ipVO.getDataCenterId()); + } else if (rule.getGroupId() != null) { + final List fwRules = _rulesDao.listIPForwardingForLB(ipVO.getAccountId(), ipVO.getDataCenterId()); return updateLoadBalancerRules(fwRules, router, hostId); } + return true; } @Override @@ -870,7 +871,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag fwdRules.add(rule); final SetFirewallRuleCommand cmd = new SetFirewallRuleCommand(routerName, routerIp, false, rule, false); cmds.addCommand(cmd); - } else { + } else if (rule.getGroupId() != null){ lbRules.add(rule); } @@ -882,6 +883,9 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag final LoadBalancerCfgCommand cmd = new LoadBalancerCfgCommand(cfg, addRemoveRules, routerName, routerIp); cmds.addCommand(cmd); } + if (cmds.size() == 0) { + return result; + } Answer [] answers = null; try { answers = _agentMgr.send(host.getId(), cmds); diff --git a/server/src/com/cloud/network/router/DomainRouterManagerImpl.java b/server/src/com/cloud/network/router/DomainRouterManagerImpl.java index f043a4208dd..542b6266fc9 100644 --- a/server/src/com/cloud/network/router/DomainRouterManagerImpl.java +++ b/server/src/com/cloud/network/router/DomainRouterManagerImpl.java @@ -1140,7 +1140,9 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute } final List fwRules = new ArrayList(); for (final IPAddressVO ipVO : ipAddrs) { - fwRules.addAll(_rulesDao.listIPForwarding(ipVO.getAddress())); + //We need only firewall rules that are either forwarding or for load balancers + fwRules.addAll(_rulesDao.listIPForwarding(ipVO.getAddress(), true)); + fwRules.addAll(_rulesDao.listIpForwardingRulesForLoadBalancers(ipVO.getAddress())); } final List result = _networkMgr.updateFirewallRules(router .getPublicIpAddress(), fwRules, router);