diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/agent/api/DeleteNsxNatRuleCommand.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/agent/api/DeleteNsxNatRuleCommand.java index 638f1471a70..82ca54d5b0d 100644 --- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/agent/api/DeleteNsxNatRuleCommand.java +++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/agent/api/DeleteNsxNatRuleCommand.java @@ -21,10 +21,15 @@ import com.cloud.network.Network; public class DeleteNsxNatRuleCommand extends NsxNetworkCommand { private Long ruleId; private Network.Service service; + + private String privatePort; + private String protocol; public DeleteNsxNatRuleCommand(long domainId, long accountId, long zoneId, Long networkResourceId, String networkResourceName, - boolean isResourceVpc, Long vmId, Long ruleId, String publicIp, String vmIp) { - super(domainId, accountId, zoneId, networkResourceId, networkResourceName, isResourceVpc, vmId, publicIp, vmIp); + boolean isResourceVpc, Long vmId, Long ruleId, String privatePort, String protocol) { + super(domainId, accountId, zoneId, networkResourceId, networkResourceName, isResourceVpc, vmId); this.ruleId = ruleId; + this.privatePort = privatePort; + this.protocol = protocol; } public Long getRuleId() { @@ -38,4 +43,12 @@ public class DeleteNsxNatRuleCommand extends NsxNetworkCommand { public void setService(Network.Service service) { this.service = service; } + + public String getPrivatePort() { + return privatePort; + } + + public String getProtocol() { + return protocol; + } } diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/agent/api/NsxNetworkCommand.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/agent/api/NsxNetworkCommand.java index b29f6f62347..e5f49af9c17 100644 --- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/agent/api/NsxNetworkCommand.java +++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/agent/api/NsxNetworkCommand.java @@ -37,6 +37,15 @@ public class NsxNetworkCommand extends NsxCommand { this.vmIp = vmIp; } + public NsxNetworkCommand(long domainId, long accountId, long zoneId, Long networkResourceId, String networkResourceName, + boolean isResourceVpc, Long vmId) { + super(domainId, accountId, zoneId); + this.networkResourceId = networkResourceId; + this.networkResourceName = networkResourceName; + this.isResourceVpc = isResourceVpc; + this.vmId = vmId; + } + public Long getNetworkResourceId() { return networkResourceId; } diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/resource/NsxResource.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/resource/NsxResource.java index 0b32ac517ab..2a375bcd483 100644 --- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/resource/NsxResource.java +++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/resource/NsxResource.java @@ -361,26 +361,6 @@ public class NsxResource implements ServerResource { return new NsxAnswer(cmd, true, null); } - private NsxAnswer executeRequest(DeleteNsxNatRuleCommand cmd) { - String ruleName = null; - if (cmd.getService() == Network.Service.StaticNat) { - ruleName = NsxControllerUtils.getStaticNatRuleName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(), - cmd.getNetworkResourceId(), cmd.isResourceVpc()); - } else if (cmd.getService() == Network.Service.PortForwarding) { - ruleName = NsxControllerUtils.getPortForwardRuleName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(), - cmd.getNetworkResourceId(), cmd.getRuleId(), cmd.isResourceVpc()); - } - String tier1GatewayName = NsxControllerUtils.getTier1GatewayName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(), - cmd.getNetworkResourceId(), cmd.isResourceVpc()); - try { - nsxApiClient.deleteNatRule(cmd.getNetworkResourceName(), tier1GatewayName, ruleName); - } catch (Exception e) { - LOGGER.error(String.format("Failed to add NSX static NAT rule %s for network: %s", ruleName, cmd.getNetworkResourceName())); - return new NsxAnswer(cmd, new CloudRuntimeException(e.getMessage())); - } - return new NsxAnswer(cmd, true, null); - } - private NsxAnswer executeRequest(CreateNsxPortForwardRuleCommand cmd) { String ruleName = NsxControllerUtils.getPortForwardRuleName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(), cmd.getNetworkResourceId(), cmd.getRuleId(), cmd.isResourceVpc()); @@ -400,6 +380,27 @@ public class NsxResource implements ServerResource { return new NsxAnswer(cmd, true, null); } + private NsxAnswer executeRequest(DeleteNsxNatRuleCommand cmd) { + String ruleName = null; + if (cmd.getService() == Network.Service.StaticNat) { + ruleName = NsxControllerUtils.getStaticNatRuleName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(), + cmd.getNetworkResourceId(), cmd.isResourceVpc()); + } else if (cmd.getService() == Network.Service.PortForwarding) { + ruleName = NsxControllerUtils.getPortForwardRuleName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(), + cmd.getNetworkResourceId(), cmd.getRuleId(), cmd.isResourceVpc()); + } + String tier1GatewayName = NsxControllerUtils.getTier1GatewayName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(), + cmd.getNetworkResourceId(), cmd.isResourceVpc()); + try { + nsxApiClient.deleteNatRule(cmd.getService(), cmd.getPrivatePort(), cmd.getProtocol(), + cmd.getNetworkResourceName(), tier1GatewayName, ruleName); + } catch (Exception e) { + LOGGER.error(String.format("Failed to add NSX static NAT rule %s for network: %s", ruleName, cmd.getNetworkResourceName())); + return new NsxAnswer(cmd, new CloudRuntimeException(e.getMessage())); + } + return new NsxAnswer(cmd, true, null); + } + @Override public boolean start() { return true; diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java index 815dad97ea0..534030a6211 100644 --- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java +++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java @@ -17,6 +17,7 @@ package org.apache.cloudstack.service; import com.cloud.exception.InvalidParameterValueException; +import com.cloud.network.Network; import com.cloud.utils.exception.CloudRuntimeException; import com.vmware.nsx.model.TransportZone; import com.vmware.nsx.model.TransportZoneListResult; @@ -332,11 +333,18 @@ public class NsxApiClient { } } - public void deleteNatRule(String networkName, String tier1GatewayName, String ruleName) { + public void deleteNatRule(Network.Service service, String privatePort, String protocol, String networkName, String tier1GatewayName, String ruleName) { try { NatRules natService = (NatRules) nsxService.apply(NatRules.class); LOGGER.debug(String.format("Deleting NSX static NAT rule %s for tier-1 gateway %s (network: %s)", ruleName, tier1GatewayName, networkName)); + // delete NAT rule natService.delete(tier1GatewayName, NatId.USER.name(), ruleName); + if (service == Network.Service.PortForwarding) { + String svcName = getServiceName(ruleName, privatePort, protocol); + // Delete service + Services services = (Services) nsxService.apply(Services.class); + services.delete(svcName); + } } catch (Error error) { ApiError ae = error.getData()._convertTo(ApiError.class); String msg = String.format("Failed to delete NSX Static NAT rule %s for tier-1 gateway %s (VPC: %s), due to %s", @@ -408,8 +416,8 @@ public class NsxApiClient { public String createNsxInfraService(String ruleName, String port, String protocol) { try { - String serviceEntryName = ruleName + "-SE-" + port; - String serviceName = ruleName + "-SVC-" + port; + String serviceEntryName = getServiceEntryName(ruleName, port, protocol); + String serviceName = getServiceName(ruleName, port, protocol); Services service = (Services) nsxService.apply(Services.class); com.vmware.nsx_policy.model.Service infraService = new com.vmware.nsx_policy.model.Service.Builder() .setServiceEntries(List.of( @@ -448,4 +456,12 @@ public class NsxApiClient { } return null; } + + private String getServiceName(String ruleName, String port, String protocol) { + return ruleName + "-SVC-" + port + "-" +protocol; + } + + private String getServiceEntryName(String ruleName, String port, String protocol) { + return ruleName + "-SE-" + port + "-" + protocol; + } } diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java index 27c2f67759c..c8ac091485b 100644 --- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java +++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java @@ -523,7 +523,7 @@ public class NsxElement extends AdapterBase implements DhcpServiceProvider, DnsS .build(); if (rule.getState() == FirewallRule.State.Add) { return nsxService.createPortForwardRule(networkRule); - } else { + } else if (rule.getState() == FirewallRule.State.Revoke) { return nsxService.deletePortForwardRule(networkRule); } } diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxServiceImpl.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxServiceImpl.java index 466b75b78a3..c2aef1404fb 100644 --- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxServiceImpl.java +++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxServiceImpl.java @@ -119,7 +119,7 @@ public class NsxServiceImpl implements NsxService { public boolean deletePortForwardRule(NsxNetworkRule netRule) { DeleteNsxNatRuleCommand deleteCmd = new DeleteNsxNatRuleCommand(netRule.getDomainId(), netRule.getAccountId(), netRule.getZoneId(), netRule.getNetworkResourceId(), - netRule.getNetworkResourceName(), netRule.isVpcResource(), netRule.getVmId(), netRule.getRuleId(), null, null); + netRule.getNetworkResourceName(), netRule.isVpcResource(), netRule.getVmId(), netRule.getRuleId(), netRule.getPrivatePort(), netRule.getPublicPort()); deleteCmd.setService(Network.Service.PortForwarding); NsxAnswer result = nsxControllerUtils.sendNsxCommand(deleteCmd, netRule.getZoneId()); return result.getResult();