etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- Creating static routes in VNMC as part of edge firewall configuration 

- Passing order parameter while creating rules so that they are evaluated in a specific order
- Added methods in VnmcResource for listing acl policies and rules belonging to variouos policies. This is used to compute order while creation of various rules in VNMC
This commit is contained in:
Koushik Das 2013-03-08 00:38:52 +05:30
parent cc824e8585
commit aa94eca516
18 changed files with 268 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml
View File

@ -1,15 +1,15 @@
<configConfMo
dn=""
cookie="%cookie%"
inHierarchical="false">
<inConfig>
<policyEdgeDeviceServiceProfile
addrTranslationTimeout="10800"
dn="%profiledn%"
ipAudit=""
name="%profilename%"
routing="%routepolicyname%"
status="modified"
vpn=""/>
</inConfig>
<configConfMo
dn=""
cookie="%cookie%"
inHierarchical="false">
<inConfig>
<policyEdgeDeviceServiceProfile
addrTranslationTimeout="10800"
dn="%dn%"
ipAudit=""
name="%name%"
routing="%routepolicyname%"
status="modified"
vpn=""/>
</inConfig>
</configConfMo>

2
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml
View File

@ -7,7 +7,7 @@
<pair key="%aclpolicyrefdn%">
<policyPolicyNameRef
dn="%aclpolicyrefdn%"
order="100"
order="%order%"
policyName="%aclpolicyname%"
status="created"/>
</pair>

2
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml
View File

@ -9,7 +9,7 @@
descr="%descr%"
dn="%natruledn%"
name="%natrulename%"
order="100"
order="%order%"
status="created"/>
</pair>

14
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml
View File

@ -1,14 +1,14 @@
<configConfMo
cookie="%cookie%"
inHierarchical="false">
<inConfig>
<policyEdgeDeviceServiceProfile
<configConfMo
cookie="%cookie%"
inHierarchical="false">
<inConfig>
<policyEdgeDeviceServiceProfile
addrTranslationTimeout="10800"
descr="%descr%"
dn="%dn%"
name="%name%"
status="created"
vpn=""/>
</inConfig>
</inConfig>
</configConfMo>
<!--dn="org-root/org-TestTenant3/org-Tenant3-VDC/edsp-Tenant3-Edge-Device-Profile" -->
<!-- dn="org-root/org-TestTenant3/org-Tenant3-VDC/edsp-Tenant3-Edge-Device-Profile" -->

16
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml
View File

@ -1,12 +1,12 @@
<configConfMo
<configConfMo
dn=""
cookie="%cookie%"
inHierarchical="false">
<inConfig>
<routeRoutingPolicy
descr="%descr%"
dn="%routepolicydn%"
name="%name%"
status="created"/>
</inConfig>
<inConfig>
<routeRoutingPolicy
descr="%descr%"
dn="%routepolicydn%"
name="%name%"
status="created"/>
</inConfig>
</configConfMo>

34
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml
View File

@ -1,17 +1,17 @@
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%routedn%" >
<routeStaticRoute
dn="%routedn%"
id="%id%"
ipAddress="%destination%"
ipSubnet="%netmask%"
nextHopGWIp="%nexthop%"
nextHopIntf="%nexthopintf%"
routeMetric="1"
status="created"/>
</pair>
</inConfigs>
</configConfMos>
<configConfMos
cookie="%cookie%"
inHierarchical="false">
<inConfigs>
<pair key="%routedn%">
<routeStaticRoute
dn="%routepolicydn%/sroute-2"
id="2"
ipAddress="%destination%"
ipSubnet="%netmask%"
nextHopGWIp="%nexthop%"
nextHopIntf="%nexthopintf%"
routeMetric="1"
status="created"/>
</pair>
</inConfigs>
</configConfMos>

2
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-dnat.xml
View File

@ -8,7 +8,7 @@
descr="%descr%"
dn="%aclruledn%"
name="%aclrulename%"
order="300"
order="%order%"
status="created"/>
</pair>

2
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-pf.xml
View File

@ -8,7 +8,7 @@
descr="%descr%"
dn="%aclruledn%"
name="%aclrulename%"
order="300"
order="%order%"
status="created"/>
</pair>

2
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
View File

@ -8,7 +8,7 @@
descr="%descr%"
dn="%aclruledn%"
name="%aclrulename%"
order="300"
order="%order%"
status="created"/>
</pair>

2
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml
View File

@ -9,7 +9,7 @@
descr="%descr%"
dn="%natruledn%"
name="%natrulename%"
order="100"
order="%order%"
status="created"/>
</pair>

2
plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml
View File

@ -8,7 +8,7 @@
descr="%descr%"
dn="%natruledn%"
name="%natrulename%"
order="100"
order="%order%"
status="created"/>
</pair>

14
plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-acl-policies.xml Executable file
View File

@ -0,0 +1,14 @@
<orgResolveInScope
dn="%vdcdn%"
cookie="%cookie%"
inClass="policyRuleBasedPolicy"
inSingleLevel="false"
inHierarchical="false">
<inFilter>
</inFilter>
</orgResolveInScope>
<!--
vdcdn="org-root/org-vlan-123/org-VDC-vlan-123"
--!>

11
plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-children.xml Executable file
View File

@ -0,0 +1,11 @@
<configResolveChildren
cookie="%cookie%"
inDn="%dn%"
inHierarchical="true">
<inFilter>
</inFilter>
</configResolveChildren>
<!--
dn="org-root/org-vlan-517/org-VDC-vlan-517/natpol-DNAT-vlan-517-10-147-30-235"
--!>

10
plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java
View File

@ -16,6 +16,9 @@
// under the License.
package com.cloud.agent.api;
import java.util.ArrayList;
import java.util.List;
/**
* Command for creating a logical edge firewall in VNMC
*/
@ -25,6 +28,7 @@ public class CreateLogicalEdgeFirewallCommand extends Command {
private String _internalIp;
private String _publicSubnet;
private String _internalSubnet;
private List<String> _publicGateways;
public CreateLogicalEdgeFirewallCommand(long vlanId,
String publicIp, String internalIp,
@ -35,6 +39,7 @@ public class CreateLogicalEdgeFirewallCommand extends Command {
this._internalIp = internalIp;
this._publicSubnet = publicSubnet;
this.setInternalSubnet(internalSubnet);
_publicGateways = new ArrayList<String>();
}
@Override
@ -81,4 +86,9 @@ public class CreateLogicalEdgeFirewallCommand extends Command {
public void setInternalSubnet(String _internalSubnet) {
this._internalSubnet = _internalSubnet;
}
public List<String> getPublicGateways() {
return _publicGateways;
}
}

3
plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
View File

@ -37,8 +37,7 @@ public interface CiscoVnmcConnection {
throws ExecutionException;
public boolean createTenantVDCEdgeStaticRoute(String tenantName,
String nextHopIp, String outsideIntf, String destination,
String netmask) throws ExecutionException;
String nextHopIp, String destination, String netmask) throws ExecutionException;
public boolean associateTenantVDCEdgeStaticRoutePolicy(String tenantName)
throws ExecutionException;

132
plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
View File

@ -50,6 +50,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
private enum VnmcXml {
LOGIN("login.xml", "mgmt-controller"),
CREATE_TENANT("create-tenant.xml", "service-reg"),
DELETE_TENANT("delete-tenant.xml", "service-reg"),
CREATE_VDC("create-vdc.xml", "service-reg"),
@ -59,8 +60,9 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
CREATE_EDGE_ROUTE_POLICY("create-edge-device-route-policy.xml", "policy-mgr"),
CREATE_EDGE_ROUTE("create-edge-device-route.xml", "policy-mgr"),
RESOLVE_EDGE_ROUTE_POLICY("associate-route-policy.xml", "policy-mgr"),
RESOLVE_EDGE_DHCP_POLICY("associate-dhcp-policy.xml", "policy-mgr"),
CREATE_DHCP_POLICY("create-dhcp-policy.xml", "policy-mgr"),
RESOLVE_EDGE_DHCP_POLICY("associate-dhcp-policy.xml", "policy-mgr"),
RESOLVE_EDGE_DHCP_SERVER_POLICY("associate-dhcp-server.xml", "policy-mgr"),
CREATE_EDGE_SECURITY_PROFILE("create-edge-security-profile.xml", "policy-mgr"),
@ -87,10 +89,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
RESOLVE_ACL_POLICY_SET("associate-acl-policy-set.xml", "policy-mgr"),
CREATE_ACL_POLICY("create-acl-policy.xml", "policy-mgr"),
DELETE_ACL_POLICY("delete-acl-policy.xml", "policy-mgr"),
LIST_ACL_POLICIES("list-acl-policies.xml", "policy-mgr"),
CREATE_ACL_POLICY_REF("create-acl-policy-ref.xml", "policy-mgr"),
CREATE_INGRESS_ACL_RULE("create-ingress-acl-rule.xml", "policy-mgr"),
DELETE_ACL_RULE("delete-acl-rule.xml", "policy-mgr"),
LIST_CHILDREN("list-children.xml", "policy-mgr"),
CREATE_EDGE_FIREWALL("create-edge-firewall.xml", "resource-mgr"),
DELETE_EDGE_FIREWALL("delete-edge-firewall.xml", "resource-mgr"),
@ -188,10 +193,6 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
//FIXME: any other construct is unreliable. why?
}
private String getDnForEdgeDeviceRoute(String tenantName, int id) {
return getDnForEdgeDeviceRoutingPolicy(tenantName) + "/sroute-" + id ;
}
private String getDnForDhcpPolicy(String tenantName, String intfName) {
return getDnForTenantVDCEdgeDeviceProfile(tenantName) + "/dhcp-" + intfName;
}
@ -241,7 +242,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
}
private String getNameForEdgeDeviceRoutePolicy(String tenantName) {
return "EDSP-" + tenantName + "-Routes";//FIXME: this has to match DN somehow?
return "EDSP-" + tenantName + "-Routes";
}
@Override
@ -312,7 +313,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
String xml = VnmcXml.CREATE_EDGE_ROUTE_POLICY.getXml();
String service = VnmcXml.CREATE_EDGE_ROUTE_POLICY.getService();
xml = replaceXmlValue(xml, "cookie", _cookie);
xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceRoutePolicy(tenantName));//FIXME: this has to match DN somehow?
xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceRoutePolicy(tenantName));
xml = replaceXmlValue(xml, "routepolicydn", getDnForEdgeDeviceRoutingPolicy(tenantName));
xml = replaceXmlValue(xml, "descr", "Routing Policy for Edge Device for Tenant " + tenantName);
@ -321,16 +322,14 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
}
@Override
public boolean createTenantVDCEdgeStaticRoute(String tenantName,
String nextHopIp, String outsideIntf,
String destination, String netmask) throws ExecutionException {
public boolean createTenantVDCEdgeStaticRoute(String tenantName,
String nextHopIp, String destination, String netmask) throws ExecutionException {
String xml = VnmcXml.CREATE_EDGE_ROUTE.getXml();
String service = VnmcXml.CREATE_EDGE_ROUTE.getService();
xml = replaceXmlValue(xml, "cookie", _cookie);
xml = replaceXmlValue(xml, "routedn", getDnForEdgeDeviceRoute(tenantName, 2));//TODO: why 2?
xml = replaceXmlValue(xml, "id", "2"); // TODO:2?
xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceRoutePolicy(tenantName));
xml = replaceXmlValue(xml, "nexthop", nextHopIp);
xml = replaceXmlValue(xml, "nexthopintf", outsideIntf);
xml = replaceXmlValue(xml, "nexthopintf", getNameForEdgeOutsideIntf(tenantName));
xml = replaceXmlValue(xml, "destination", destination);
xml = replaceXmlValue(xml, "netmask", netmask);
@ -345,8 +344,8 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
String xml = VnmcXml.RESOLVE_EDGE_ROUTE_POLICY.getXml();
String service = VnmcXml.RESOLVE_EDGE_ROUTE_POLICY.getService();
xml = replaceXmlValue(xml, "cookie", _cookie);
xml = replaceXmlValue(xml, "profilename", getNameForEdgeDeviceServiceProfile(tenantName));
xml = replaceXmlValue(xml, "profiledn", getDnForTenantVDC(tenantName) + "/edsp-" + getNameForEdgeDeviceServiceProfile(tenantName));
xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceServiceProfile(tenantName));
xml = replaceXmlValue(xml, "dn", getDnForTenantVDCEdgeDeviceProfile(tenantName));
xml = replaceXmlValue(xml, "routepolicyname", getNameForEdgeDeviceRoutePolicy(tenantName));
String response = sendRequest(service, xml);
@ -488,6 +487,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
xml = replaceXmlValue(xml, "srcendip", endSourceIp);
xml = replaceXmlValue(xml, "ippoolname", getNameForSourceNatIpPool(tenantName));
List<String> rules = listChildren(getDnForSourceNatPolicy(tenantName));
int order = 100;
if (rules != null) {
order += rules.size();
}
xml = replaceXmlValue(xml, "order", Integer.toString(order));
String response = sendRequest(service, xml);
return verifySuccess(response);
}
@ -610,6 +616,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
xml = replaceXmlValue(xml, "aclpolicydn", getDnForAclPolicy(tenantName, identifier));
xml = replaceXmlValue(xml, "aclpolicyrefdn", getDnForAclPolicyRef(tenantName, identifier, ingress));
List<String> policies = listAclPolicies(tenantName);
int order = 100;
if (policies != null) {
order += policies.size();
}
xml = replaceXmlValue(xml, "order", Integer.toString(order));
String response = sendRequest(service, xml);
return verifySuccess(response);
}
@ -675,6 +688,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
xml = replaceXmlValue(xml, "destendport", destEndPort);
xml = replaceXmlValue(xml, "destip", destIp);
List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
int order = 100;
if (rules != null) {
order += rules.size();
}
xml = replaceXmlValue(xml, "order", Integer.toString(order));
String response = sendRequest(service, xml);
return verifySuccess(response);
}
@ -783,7 +803,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
xml = replaceXmlValue(xml, "cookie", _cookie);
xml = replaceXmlValue(xml, "vdcdn", getDnForTenantVDC(tenantName));
String response = sendRequest(service, xml);
String response = sendRequest(service, xml);
List<String> result = new ArrayList<String>();
Document xmlDoc = getDocument(response);
@ -797,6 +817,48 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
return result;
}
private List<String> listAclPolicies(String tenantName) throws ExecutionException {
String xml = VnmcXml.LIST_ACL_POLICIES.getXml();
String service = VnmcXml.LIST_ACL_POLICIES.getService();
xml = replaceXmlValue(xml, "cookie", _cookie);
xml = replaceXmlValue(xml, "vdcdn", getDnForTenantVDC(tenantName));
String response = sendRequest(service, xml);
List<String> result = new ArrayList<String>();
Document xmlDoc = getDocument(response);
xmlDoc.normalize();
NodeList policyList = xmlDoc.getElementsByTagName("pair");
for (int i=0; i < policyList.getLength(); i++) {
Node policyNode = policyList.item(i);
result.add(policyNode.getAttributes().getNamedItem("key").getNodeValue());
}
return result;
}
private List<String> listChildren(String dn) throws ExecutionException {
String xml = VnmcXml.LIST_CHILDREN.getXml();
String service = VnmcXml.LIST_CHILDREN.getService();
xml = replaceXmlValue(xml, "cookie", _cookie);
xml = replaceXmlValue(xml, "dn", dn);
String response = sendRequest(service, xml);
List<String> result = new ArrayList<String>();
Document xmlDoc = getDocument(response);
xmlDoc.normalize();
NodeList policyList = xmlDoc.getElementsByTagName("policyRule");
for (int i=0; i < policyList.getLength(); i++) {
Node policyNode = policyList.item(i);
result.add(policyNode.getAttributes().getNamedItem("name").getNodeValue());
}
return result;
}
@Override
public boolean createTenantVDCPFPortPool(String tenantName, String identifier,
String startPort, String endPort) throws ExecutionException {
@ -855,6 +917,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
xml = replaceXmlValue(xml, "endport", endPort);
xml = replaceXmlValue(xml, "protocolvalue", protocol);
List<String> rules = listChildren(getDnForPFPolicy(tenantName, policyIdentifier));
int order = 100;
if (rules != null) {
order += rules.size();
}
xml = replaceXmlValue(xml, "order", Integer.toString(order));
String response = sendRequest(service, xml);
return verifySuccess(response);
}
@ -867,14 +936,22 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
String xml = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_PF.getXml();
String service = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_PF.getService();
xml = replaceXmlValue(xml, "cookie", _cookie);
xml = replaceXmlValue(xml, "natruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
xml = replaceXmlValue(xml, "natrulename", getNameForAclRule(tenantName, identifier));
xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
xml = replaceXmlValue(xml, "descr", "ACL rule for Tenant VDC " + tenantName);
xml = replaceXmlValue(xml, "actiontype", "permit");
xml = replaceXmlValue(xml, "protocolvalue", protocol);
xml = replaceXmlValue(xml, "ip", publicIp);
xml = replaceXmlValue(xml, "startport", startPort);
xml = replaceXmlValue(xml, "endport", endPort);
List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
int order = 100;
if (rules != null) {
order += rules.size();
}
xml = replaceXmlValue(xml, "order", Integer.toString(order));
String response = sendRequest(service, xml);
return verifySuccess(response);
}
@ -952,6 +1029,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
xml = replaceXmlValue(xml, "ippoolname", getNameForDNatIpPool(tenantName, policyIdentifier + "-" + identifier));
xml = replaceXmlValue(xml, "ip", publicIp);
List<String> rules = listChildren(getDnForDNatPolicy(tenantName, policyIdentifier));
int order = 100;
if (rules != null) {
order += rules.size();
}
xml = replaceXmlValue(xml, "order", Integer.toString(order));
String response = sendRequest(service, xml);
return verifySuccess(response);
}
@ -963,11 +1047,19 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
String xml = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_DNAT.getXml();
String service = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_DNAT.getService();
xml = replaceXmlValue(xml, "cookie", _cookie);
xml = replaceXmlValue(xml, "natruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
xml = replaceXmlValue(xml, "natrulename", getNameForAclRule(tenantName, identifier));
xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
xml = replaceXmlValue(xml, "descr", "ACL rule for Tenant VDC " + tenantName);
xml = replaceXmlValue(xml, "actiontype", "permit");
xml = replaceXmlValue(xml, "ip", publicIp);
List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
int order = 100;
if (rules != null) {
order += rules.size();
}
xml = replaceXmlValue(xml, "order", Integer.toString(order));
String response = sendRequest(service, xml);
return verifySuccess(response);
}

56
plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
View File

@ -60,6 +60,7 @@ import com.cloud.dc.ClusterVSMMapVO;
import com.cloud.dc.DataCenter;
import com.cloud.dc.Vlan;
import com.cloud.dc.DataCenter.NetworkType;
import com.cloud.dc.VlanVO;
import com.cloud.dc.dao.ClusterDao;
import com.cloud.dc.dao.ClusterVSMMapDao;
import com.cloud.dc.dao.VlanDao;
@ -116,6 +117,7 @@ import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.vm.NicProfile;
import com.cloud.vm.ReservationContext;
import com.cloud.vm.VirtualMachine;
import com.cloud.vm.VirtualMachine.Type;
import com.cloud.vm.VirtualMachineProfile;
@Local(value = NetworkElement.class)
@ -159,7 +161,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
@Inject
NetworkAsa1000vMapDao _networkAsa1000vMapDao;
private boolean canHandle(Network network) {
protected boolean canHandle(Network network) {
if (network.getBroadcastDomainType() != BroadcastDomainType.Vlan) {
return false; //TODO: should handle VxLAN as well
}
@ -206,8 +208,11 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
}
private boolean createLogicalEdgeFirewall(long vlanId, String gateway,
String publicIp, long hostId) {
String publicIp, List<String> publicGateways, long hostId) {
CreateLogicalEdgeFirewallCommand cmd = new CreateLogicalEdgeFirewallCommand(vlanId, publicIp, gateway, "255.255.255.0", "255.255.255.0");
for (String publicGateway : publicGateways) {
cmd.getPublicGateways().add(publicGateway);
}
Answer answer = _agentMgr.easySend(hostId, cmd);
return answer.getResult();
}
@ -318,8 +323,16 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
String vlan = network.getBroadcastUri().getHost();
long vlanId = Long.parseLong(vlan);
List<VlanVO> vlanVOList = _vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId());
List<String> publicGateways = new ArrayList<String>();
for (VlanVO vlanVO : vlanVOList) {
publicGateways.add(vlanVO.getVlanGateway());
}
// create logical edge firewall in VNMC
if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), sourceNatIp.getAddress().addr(), ciscoVnmcHost.getId())) {
//String insideIp = _networkMgr.acquireGuestIpAddress(network, null);
//if (!createLogicalEdgeFirewall(vlanId, insideIp, sourceNatIp.getAddress().addr(), ciscoVnmcHost.getId())) {
if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), sourceNatIp.getAddress().addr(), publicGateways, ciscoVnmcHost.getId())) {
s_logger.error("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName());
return false;
}
@ -364,7 +377,16 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
DeployDestination dest, ReservationContext context)
throws ConcurrentOperationException, ResourceUnavailableException,
InsufficientCapacityException {
//Ensure that there is an ASA 1000v assigned to this network
if (vm.getType() != Type.User) {
return false;
}
// ensure that there is an ASA 1000v assigned to this network
NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
if (asaForNetwork == null) {
return false;
}
return true;
}
@ -373,16 +395,21 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
VirtualMachineProfile<? extends VirtualMachine> vm,
ReservationContext context) throws ConcurrentOperationException,
ResourceUnavailableException {
// TODO Auto-generated method stub
return false;
return true;
}
@Override
public boolean shutdown(Network network, ReservationContext context,
boolean cleanup) throws ConcurrentOperationException,
ResourceUnavailableException {
// TODO Auto-generated method stub
return false;
unassignAsa1000vFromNetwork(network);
// disassociateAsaFromLogicalEdgeFirewall()
// delete ACL and NAT policies
// delete logical edge firewall
// delete tenant/VDC
return true;
}
@Override
@ -416,8 +443,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
@Override
public boolean destroy(Network network, ReservationContext context)
throws ConcurrentOperationException, ResourceUnavailableException {
// TODO Auto-generated method stub
return false;
return true;
}
@Override
@ -574,11 +600,9 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
return responseList;
}
@Override
public IpDeployer getIpDeployer(Network network) {
// TODO Auto-generated method stub
return null;
return this;
}
@Override
@ -878,4 +902,10 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
return null;
}
private void unassignAsa1000vFromNetwork(Network network) {
NetworkAsa1000vMapVO networkAsaMap = _networkAsa1000vMapDao.findByNetworkId(network.getId());
if (networkAsaMap != null) {
_networkAsa1000vMapDao.remove(networkAsaMap.getId());
}
}
}

25
plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
View File

@ -182,7 +182,7 @@ public class CiscoVnmcResource implements ServerResource{
}
public StartupCommand[] initialize() {
public StartupCommand[] initialize() {
StartupExternalFirewallCommand cmd = new StartupExternalFirewallCommand();
cmd.setName(_name);
cmd.setDataCenter(_zoneId);
@ -581,6 +581,26 @@ public class CiscoVnmcResource implements ServerResource{
return execute(cmd, _numRetries);
}
private void createEdgeDeviceProfile(String tenant, List<String> gateways, Long vlanId) throws Exception {
// create edge device profile
if (!_connection.createTenantVDCEdgeDeviceProfile(tenant))
throw new Exception("Failed to create tenant edge device profile in VNMC for guest network with vlan " + vlanId);
// create edge static route policy
if (!_connection.createTenantVDCEdgeStaticRoutePolicy(tenant))
throw new Exception("Failed to create tenant edge static route policy in VNMC for guest network with vlan " + vlanId);
// create edge static route for all gateways
for (String gateway : gateways) {
if (!_connection.createTenantVDCEdgeStaticRoute(tenant, gateway, "0.0.0.0", "0.0.0.0"))
throw new Exception("Failed to create tenant edge static route in VNMC for guest network with vlan " + vlanId);
}
// associate edge
if (!_connection.associateTenantVDCEdgeStaticRoutePolicy(tenant))
throw new Exception("Failed to associate edge static route policy with edge device profile in VNMC for guest network with vlan " + vlanId);
}
private Answer execute(CreateLogicalEdgeFirewallCommand cmd, int numRetries) {
String tenant = "vlan-" + cmd.getVlanId();
try {
@ -596,6 +616,9 @@ public class CiscoVnmcResource implements ServerResource{
if (!_connection.createTenantVDCEdgeSecurityProfile(tenant))
throw new Exception("Failed to create tenant edge security profile in VNMC for guest network with vlan " + cmd.getVlanId());
// create edge device profile and associated route
createEdgeDeviceProfile(tenant, cmd.getPublicGateways(), cmd.getVlanId());
// create logical edge firewall
if (!_connection.createEdgeFirewall(tenant, cmd.getPublicIp(), cmd.getInternalIp(), cmd.getPublicSubnet(), cmd.getInternalSubnet()))
throw new Exception("Failed to create edge firewall in VNMC for guest network with vlan " + cmd.getVlanId());