diff --git a/api/src/com/cloud/api/ApiConstants.java b/api/src/com/cloud/api/ApiConstants.java index c9ad97d9e9f..5fd0c8ba88d 100755 --- a/api/src/com/cloud/api/ApiConstants.java +++ b/api/src/com/cloud/api/ApiConstants.java @@ -288,5 +288,6 @@ public class ApiConstants { public static final String KVM_NETWORK_LABEL = "kvmnetworklabel"; public static final String VMWARE_NETWORK_LABEL = "vmwarenetworklabel"; public static final String NETWORK_SERVICE_PROVIDER_ID = "nspid"; + public static final String SECURITY_GROUP_SERVICE = "securitygroupservice"; } diff --git a/api/src/com/cloud/api/commands/CreateNetworkOfferingCmd.java b/api/src/com/cloud/api/commands/CreateNetworkOfferingCmd.java index 98931176128..cc6fe0816bb 100644 --- a/api/src/com/cloud/api/commands/CreateNetworkOfferingCmd.java +++ b/api/src/com/cloud/api/commands/CreateNetworkOfferingCmd.java @@ -61,7 +61,7 @@ public class CreateNetworkOfferingCmd extends BaseCmd { @Parameter(name=ApiConstants.TAGS, type=CommandType.STRING, description="the tags for the network offering.") private String tags; - @Parameter(name=ApiConstants.SPECIFY_VLAN, type=CommandType.BOOLEAN, description="true is network offering supports vlans") + @Parameter(name=ApiConstants.SPECIFY_VLAN, type=CommandType.BOOLEAN, description="true if network offering supports vlans") private Boolean specifyVlan; @Parameter(name=ApiConstants.AVAILABILITY, type=CommandType.STRING, description="the availability of network offering. Default value is Required") @@ -70,30 +70,33 @@ public class CreateNetworkOfferingCmd extends BaseCmd { @Parameter(name=ApiConstants.NETWORKRATE, type=CommandType.INTEGER, description="data transfer rate in megabits per second allowed.") private Integer networkRate; - @Parameter(name=ApiConstants.DHCP_SERVICE, type=CommandType.BOOLEAN, description="true is network offering supports dhcp service") + @Parameter(name=ApiConstants.DHCP_SERVICE, type=CommandType.BOOLEAN, description="true if network offering supports dhcp service") private Boolean dhcpService; - @Parameter(name=ApiConstants.DNS_SERVICE, type=CommandType.BOOLEAN, description="true is network offering supports dns service") + @Parameter(name=ApiConstants.DNS_SERVICE, type=CommandType.BOOLEAN, description="true if network offering supports dns service") private Boolean dnsService; - @Parameter(name=ApiConstants.GATEWAY_SERVICE, type=CommandType.BOOLEAN, description="true is network offering supports gateway service") + @Parameter(name=ApiConstants.GATEWAY_SERVICE, type=CommandType.BOOLEAN, description="true if network offering supports gateway service") private Boolean gatewayService; - @Parameter(name=ApiConstants.FIREWALL_SERVICE, type=CommandType.BOOLEAN, description="true is network offering supports firewall service") + @Parameter(name=ApiConstants.FIREWALL_SERVICE, type=CommandType.BOOLEAN, description="true if network offering supports firewall service") private Boolean firewallService; - @Parameter(name=ApiConstants.LB_SERVICE, type=CommandType.BOOLEAN, description="true is network offering supports lb service") + @Parameter(name=ApiConstants.LB_SERVICE, type=CommandType.BOOLEAN, description="true if network offering supports lb service") private Boolean lbService; - @Parameter(name=ApiConstants.USERDATA_SERVICE, type=CommandType.BOOLEAN, description="true is network offering supports user data service") + @Parameter(name=ApiConstants.USERDATA_SERVICE, type=CommandType.BOOLEAN, description="true if network offering supports user data service") private Boolean userdataService; - @Parameter(name=ApiConstants.SOURCE_NAT_SERVICE, type=CommandType.BOOLEAN, description="true is network offering supports source nat service") + @Parameter(name=ApiConstants.SOURCE_NAT_SERVICE, type=CommandType.BOOLEAN, description="true if network offering supports source nat service") private Boolean sourceNatService; - @Parameter(name=ApiConstants.VPN_SERVICE, type=CommandType.BOOLEAN, description="true is network offering supports vpn service") + @Parameter(name=ApiConstants.VPN_SERVICE, type=CommandType.BOOLEAN, description="true if network offering supports vpn service") private Boolean vpnService; + @Parameter(name=ApiConstants.SECURITY_GROUP_SERVICE, type=CommandType.BOOLEAN, description="true if network offering supports security service") + private Boolean securityGroupService; + @Parameter(name = ApiConstants.SERVICE_PROVIDER_LIST, type = CommandType.MAP, description = "provider to service mapping. If not specified, the provider for the service will be mapped to the default provider on the physical network") private Map serviceProviderList; @@ -176,6 +179,10 @@ public class CreateNetworkOfferingCmd extends BaseCmd { return vpnService == null ? false : vpnService; } + public Boolean getSecurityGroupService() { + return securityGroupService == null ? false : securityGroupService; + } + public String getGuestIpType() { return guestIptype; } diff --git a/api/src/com/cloud/api/commands/UpdateNetworkOfferingCmd.java b/api/src/com/cloud/api/commands/UpdateNetworkOfferingCmd.java index 25d4ec87303..9c70474b9c0 100644 --- a/api/src/com/cloud/api/commands/UpdateNetworkOfferingCmd.java +++ b/api/src/com/cloud/api/commands/UpdateNetworkOfferingCmd.java @@ -83,6 +83,9 @@ public class UpdateNetworkOfferingCmd extends BaseCmd { @Parameter(name=ApiConstants.VPN_SERVICE, type=CommandType.BOOLEAN, description="true is network offering supports vpn service") private Boolean vpnService; + @Parameter(name=ApiConstants.SECURITY_GROUP_SERVICE, type=CommandType.BOOLEAN, description="true if network offering supports security service") + private Boolean securityGroupService; + @Parameter(name = ApiConstants.SERVICE_PROVIDER_LIST, type = CommandType.MAP, description = "provider to service mapping. If not specified, the provider for the service will be mapped to the default provider on the physical network") private Map serviceProviderList; @@ -140,6 +143,10 @@ public class UpdateNetworkOfferingCmd extends BaseCmd { public Boolean getVpnService() { return vpnService == null ? false : vpnService; } + + public Boolean getSecurityGroupService() { + return securityGroupService == null ? false : securityGroupService; + } public Map> getServiceProviders() { Map> serviceProviderMap = null; diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java index bd0768b57f8..9fb0b4bd990 100755 --- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java @@ -2799,7 +2799,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura TrafficType trafficType = null; Availability availability = null; - Network.GuestType type = null; + Network.GuestType guestType = null; // Verify traffic type for (TrafficType tType : TrafficType.values()) { @@ -2815,12 +2815,12 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura // Verify offering type for (Network.GuestType offType : Network.GuestType.values()) { if (offType.name().equalsIgnoreCase(cmd.getGuestIpType())) { - type = offType; + guestType = offType; break; } } - if (type == null) { + if (guestType == null) { throw new InvalidParameterValueException("Invalid \"type\" parameter is given; can have Shared and Isolated values"); } @@ -2873,6 +2873,16 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura if (cmd.getVpnService()) { serviceProviderMap.put(Network.Service.Vpn, defaultProviders); } + + if (cmd.getSecurityGroupService()) { + //allow security group service for Shared networks only + if (guestType != GuestType.Shared) { + throw new InvalidParameterValueException("Secrity group service is supported for network offerings with guest ip type " + GuestType.Shared); + } + Set sgProviders = new HashSet(); + sgProviders.add(Provider.SecurityGroupProvider); + serviceProviderMap.put(Network.Service.SecurityGroup, sgProviders); + } // populate providers Map> svcPrv = (Map>) cmd.getServiceProviders(); @@ -2898,7 +2908,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura } } - return createNetworkOffering(userId, name, displayText, trafficType, tags, maxConnections, specifyVlan, availability, networkRate, serviceProviderMap, false, type, false); + return createNetworkOffering(userId, name, displayText, trafficType, tags, maxConnections, specifyVlan, availability, networkRate, serviceProviderMap, false, guestType, false); } @Override @@ -3173,6 +3183,16 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura if (cmd.getVpnService()) { serviceProviderMap.put(Network.Service.Vpn, defaultProviders); } + + if (cmd.getSecurityGroupService()) { + //allow security group service for Shared networks only + if (offering.getGuestType() != GuestType.Shared) { + throw new InvalidParameterValueException("Secrity group service is supported for network offerings with guest ip type " + GuestType.Shared); + } + Set sgProviders = new HashSet(); + sgProviders.add(Provider.SecurityGroupProvider); + serviceProviderMap.put(Network.Service.SecurityGroup, sgProviders); + } // populate providers Map> svcPrv = (Map>) cmd.getServiceProviders(); diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index f38956bbf28..eca24f02923 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -4253,7 +4253,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag @Override public boolean isSecurityGroupSupportedInNetwork(Network network) { - boolean supported = isServiceSupportedByNetworkOffering(network.getNetworkOfferingId(), Service.SecurityGroup); + boolean supported = isServiceEnabled(network.getPhysicalNetworkId(), network.getNetworkOfferingId(), Service.SecurityGroup); return supported; } @@ -4370,7 +4370,6 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag @Override public PhysicalNetwork getDefaultPhysicalNetworkByZoneAndTrafficType(long zoneId, TrafficType trafficType) { - PhysicalNetworkVO network = null; List networkList = _physicalNetworkDao.listByZoneAndTrafficType(zoneId, trafficType); diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java index 06d533f96db..f57043a89f9 100755 --- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java +++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java @@ -911,7 +911,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG @Override @DB public boolean addInstanceToGroups(final Long userVmId, final List groups) { - if (!isVmNetworkOffSupportsSecurityGroup(userVmId)) { + if (!isVmSecurityGroupEnabled(userVmId)) { s_logger.trace("User vm " + userVmId + " is not security group enabled, not adding it to security group"); return false; } @@ -1281,20 +1281,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG List nics = _networkMgr.getNicProfiles(vm); for (NicProfile nic : nics) { Network network = _networkMgr.getNetwork(nic.getNetworkId()); - if (_networkMgr.isServiceEnabled(network.getPhysicalNetworkId(), network.getNetworkOfferingId(), Service.SecurityGroup) && vm.getHypervisorType() != HypervisorType.VMware) { - return true; - } - } - return false; - } - - - protected boolean isVmNetworkOffSupportsSecurityGroup(Long vmId) { - VirtualMachine vm = _vmDao.findByIdIncludingRemoved(vmId); - List nics = _networkMgr.getNicProfiles(vm); - for (NicProfile nic : nics) { - Network network = _networkMgr.getNetwork(nic.getNetworkId()); - if (_networkMgr.isServiceSupportedByNetworkOffering(network.getNetworkOfferingId(), Service.SecurityGroup) && vm.getHypervisorType() != HypervisorType.VMware) { + if (_networkMgr.isSecurityGroupSupportedInNetwork(network) && vm.getHypervisorType() != HypervisorType.VMware) { return true; } } diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java index 0eba597d824..2410d3af6bd 100644 --- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java +++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java @@ -150,8 +150,6 @@ public class SecurityGroupManagerImpl2 extends SecurityGroupManagerImpl{ } catch (InterruptedException e1) { s_logger.warn("SG work: caught InterruptException", e1); } - - } public void sendRulesetUpdates(SecurityGroupWork work){ diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index e897aa2d781..69ad788231f 100755 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -2008,7 +2008,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager if (securityGroupIdList != null && isVmWare) { throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor"); - } else if (!isVmWare && _networkMgr.isServiceSupportedByNetworkOffering(defaultNetwork.getNetworkOfferingId(), Service.SecurityGroup)) { + } else if (!isVmWare && _networkMgr.isSecurityGroupSupportedInNetwork(defaultNetwork)) { if (securityGroupIdList == null) { securityGroupIdList = new ArrayList(); } @@ -2097,7 +2097,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager throw new InvalidParameterValueException("Unable to find network by id " + networkIdList.get(0).longValue()); } - boolean isSecurityGroupEnabled = _networkMgr.isServiceSupportedByNetworkOffering(network.getNetworkOfferingId(), Service.SecurityGroup); + boolean isSecurityGroupEnabled = _networkMgr.isServiceEnabled(network.getPhysicalNetworkId(), network.getNetworkOfferingId(), Service.SecurityGroup); if (isSecurityGroupEnabled && networkIdList.size() > 1) { throw new InvalidParameterValueException("Can't create a vm with multiple networks one of which is Security Group enabled"); } @@ -2381,6 +2381,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager } } + //check if the user data is correct validateUserData(userData); // Find an SSH public key corresponding to the key pair name, if one is given @@ -2394,11 +2395,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager sshPublicKey = pair.getPublicKey(); } - DataCenterDeployment plan = new DataCenterDeployment(zone.getId()); - s_logger.debug("Allocating in the DB for vm"); - List> networks = new ArrayList>(); short defaultNetworkNumber = 0; + boolean securityGroupEnabled = false; for (NetworkVO network : networkList) { if (network.getDataCenterId() != zone.getId()) { @@ -2421,6 +2420,14 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager } networks.add(new Pair(network, profile)); + + if (_networkMgr.isServiceEnabled(network.getPhysicalNetworkId(), network.getNetworkOfferingId(), Service.SecurityGroup)) { + securityGroupEnabled = true; + } + } + + if (securityGroupIdList != null && !securityGroupIdList.isEmpty() && !securityGroupEnabled) { + throw new InvalidParameterValueException("Unable to deploy vm with security groups as SecurityGroup service is not enabled for the vm's network"); } // Verify network information - network default network has to be set; and vm can't have more than one default network @@ -2468,6 +2475,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager } s_logger.debug("Allocating in the DB for vm"); + DataCenterDeployment plan = new DataCenterDeployment(zone.getId()); if (_itMgr.allocate(vm, _templateDao.findById(template.getId()), offering, rootDiskOffering, dataDiskOfferings, networks, null, plan, hypervisorType, owner) == null) { return null;