etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

S2S VPN: Use source NAT ip address for VPN gateway

This commit is contained in:
Sheng Yang 2012-07-17 15:56:43 -07:00
parent 3994d8427c
commit c36de737db
22 changed files with 151 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
api/src/com/cloud/api/commands/CreateVpnGatewayCmd.java
View File

@ -23,9 +23,9 @@ import com.cloud.api.Parameter;
import com.cloud.api.ServerApiException;
import com.cloud.api.response.Site2SiteVpnGatewayResponse;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.network.IpAddress;
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.user.Account;
import com.cloud.user.UserContext;
@Implementation(description="Creates site to site vpn local gateway", responseObject=Site2SiteVpnGatewayResponse.class)
public class CreateVpnGatewayCmd extends BaseAsyncCmd {
@ -36,9 +36,9 @@ public class CreateVpnGatewayCmd extends BaseAsyncCmd {
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@IdentityMapper(entityTableName="user_ip_address")
@Parameter(name=ApiConstants.PUBLIC_IP_ID, type=CommandType.LONG, required=true, description="public ip address id of the vpn gateway")
private Long publicIpId;
@IdentityMapper(entityTableName="vpc")
@Parameter(name=ApiConstants.VPC_ID, type=CommandType.LONG, required=true, description="public ip address id of the vpn gateway")
private Long vpcId;
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the connection. Must be used with the domainId parameter.")
private String accountName;
@ -53,11 +53,11 @@ public class CreateVpnGatewayCmd extends BaseAsyncCmd {
/////////////////////////////////////////////////////
public String getEntityTable() {
return "user_ip_address";
return "s2s_vpn_gateway";
}
public Long getPublicIpId() {
return publicIpId;
public Long getVpcId() {
return vpcId;
}
public String getAccountName() {
@ -80,18 +80,20 @@ public class CreateVpnGatewayCmd extends BaseAsyncCmd {
@Override
public long getEntityOwnerId() {
IpAddress ip = _networkService.getIp(publicIpId);
if (ip == null) {
throw new InvalidParameterValueException("Unable to find ip address by id", null);
Long accountId = finalyzeAccountId(accountName, domainId, null, true);
if (accountId == null) {
accountId = UserContext.current().getCaller().getId();
}
return ip.getAccountId();
if (accountId == null) {
accountId = Account.ACCOUNT_ID_SYSTEM;
}
return accountId;
}
@Override
public String getEventDescription() {
return "Create site-to-site VPN gateway for account " + getEntityOwnerId() + " using public ip id=" + publicIpId;
return "Create site-to-site VPN gateway for account " + getEntityOwnerId();
}
@Override
@ -101,7 +103,8 @@ public class CreateVpnGatewayCmd extends BaseAsyncCmd {
@Override
public void execute(){
Site2SiteVpnGateway result = _s2sVpnService.createVpnGateway(this);
Site2SiteVpnGateway result;
result = _s2sVpnService.createVpnGateway(this);
if (result != null) {
Site2SiteVpnGatewayResponse response = _responseGenerator.createSite2SiteVpnGatewayResponse(result);
response.setResponseName(getCommandName());
@ -118,14 +121,6 @@ public class CreateVpnGatewayCmd extends BaseAsyncCmd {
@Override
public Long getSyncObjId() {
return getIp().getVpcId();
}
private IpAddress getIp() {
IpAddress ip = _networkService.getIp(publicIpId);
if (ip == null) {
throw new InvalidParameterValueException("Unable to find ip address by id", null);
}
return ip;
return getVpcId();
}
}

6
api/src/com/cloud/api/commands/DeleteVpnGatewayCmd.java
View File

@ -16,16 +16,13 @@ import org.apache.log4j.Logger;
import com.cloud.api.ApiConstants;
import com.cloud.api.BaseAsyncCmd;
import com.cloud.api.BaseAsyncCreateCmd;
import com.cloud.api.BaseCmd;
import com.cloud.api.IdentityMapper;
import com.cloud.api.Implementation;
import com.cloud.api.Parameter;
import com.cloud.api.ServerApiException;
import com.cloud.api.response.Site2SiteVpnGatewayResponse;
import com.cloud.api.response.SuccessResponse;
import com.cloud.event.EventTypes;
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.user.Account;
import com.cloud.user.UserContext;
@ -100,7 +97,8 @@ public class DeleteVpnGatewayCmd extends BaseAsyncCmd {
@Override
public void execute(){
boolean result = _s2sVpnService.deleteVpnGateway(this);
boolean result = false;
result = _s2sVpnService.deleteVpnGateway(this);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
this.setResponseObject(response);

7
api/src/com/cloud/api/response/Site2SiteVpnGatewayResponse.java
View File

@ -27,6 +27,9 @@ public class Site2SiteVpnGatewayResponse extends BaseResponse implements Control
@SerializedName(ApiConstants.PUBLIC_IP) @Param(description="the public IP address")
private String ip;
@SerializedName(ApiConstants.VPC_ID) @Param(description="the vpc id of this gateway")
private Long vpcId;
@SerializedName(ApiConstants.ACCOUNT) @Param(description="the owner")
private String accountName;
@ -53,6 +56,10 @@ public class Site2SiteVpnGatewayResponse extends BaseResponse implements Control
this.ip = ip;
}
public void setVpcId(Long vpcId) {
this.vpcId = vpcId;
}
public void setRemoved(Date removed) {
this.removed = removed;
}

1
api/src/com/cloud/network/Site2SiteVpnGateway.java
View File

@ -7,5 +7,6 @@ import com.cloud.acl.ControlledEntity;
public interface Site2SiteVpnGateway extends ControlledEntity {
public long getId();
public long getAddrId();
public long getVpcId();
public Date getRemoved();
}

1
api/src/com/cloud/network/element/VpcProvider.java
View File

@ -23,6 +23,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.vpc.PrivateGateway;
import com.cloud.network.vpc.StaticRouteProfile;
import com.cloud.network.vpc.Vpc;
import com.cloud.network.vpc.VpcGateway;
import com.cloud.vm.ReservationContext;
/**

2
api/src/com/cloud/network/vpc/VpcService.java
View File

@ -26,6 +26,7 @@ import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.Network;
import com.cloud.network.Network.Provider;
import com.cloud.network.Network.Service;
import com.cloud.network.Site2SiteVpnGateway;
/**
* @author Alena Prokharchyk
@ -220,5 +221,4 @@ public interface VpcService {
* @return
*/
VpcGateway getVpcGateway(long id);
}

13
patches/systemvm/debian/buildsystemvm.sh
View File

@ -59,16 +59,11 @@ EOF
fi
cat > etc/apt/sources.list << EOF
deb http://ftp.us.debian.org/debian/ squeeze main non-free
deb-src http://ftp.us.debian.org/debian/ squeeze main non-free
deb http://ftp.us.debian.org/debian/ squeeze main contrib non-free
deb-src http://ftp.us.debian.org/debian/ squeeze main contrib non-free
deb http://security.debian.org/ squeeze/updates main
deb-src http://security.debian.org/ squeeze/updates main
deb http://volatile.debian.org/debian-volatile squeeze/volatile main
deb-src http://volatile.debian.org/debian-volatile squeeze/volatile main
deb http://ftp.us.debian.org/debian testing main contrib non-free
EOF
cat >> etc/apt/apt.conf << EOF
@ -79,10 +74,6 @@ EOF
Package: *
Pin: release o=Debian,a=stable
Pin-Priority: 900
Package: *
Pin: release o=Debian,a=testing
Pin-Priority: 400
EOF
#apt-key exportall | chroot . apt-key add - &&

1
server/src/com/cloud/api/ApiResponseHelper.java
View File

@ -3805,6 +3805,7 @@ public class ApiResponseHelper implements ResponseGenerator {
Site2SiteVpnGatewayResponse response = new Site2SiteVpnGatewayResponse();
response.setId(result.getId());
response.setIp(ApiDBUtils.findIpAddressById(result.getAddrId()).getAddress().toString());
response.setVpcId(result.getVpcId());
response.setRemoved(result.getRemoved());
response.setObjectName("vpngateway");

4
server/src/com/cloud/network/NetworkManager.java
View File

@ -464,6 +464,8 @@ public interface NetworkManager extends NetworkService {
*/
NicProfile createNicForVm(Network network, NicProfile requested, ReservationContext context, VirtualMachineProfileImpl<VMInstanceVO> vmProfile, boolean prepare) throws InsufficientVirtualNetworkCapcityException,
InsufficientAddressCapacityException, ConcurrentOperationException, InsufficientCapacityException, ResourceUnavailableException;
PublicIp assignVpnGatewayIpAddress(long dcId, Account owner, long vpcId) throws InsufficientAddressCapacityException, ConcurrentOperationException;
}

21
server/src/com/cloud/network/NetworkManagerImpl.java
View File

@ -512,7 +512,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
ipToReturn = new PublicIp(sourceNatIp, _vlanDao.findById(sourceNatIp.getVlanId()),
NetUtils.createSequenceBasedMacAddress(sourceNatIp.getMacAddress()));
} else {
ipToReturn = assignSourceNatIpAddress(owner, null, vpc.getId(), dcId);
ipToReturn = assignDedicateIpAddress(owner, null, vpc.getId(), dcId, true);
}
return ipToReturn;
@ -532,14 +532,20 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
ipToReturn = new PublicIp(sourceNatIp, _vlanDao.findById(sourceNatIp.getVlanId()),
NetUtils.createSequenceBasedMacAddress(sourceNatIp.getMacAddress()));
} else {
ipToReturn = assignSourceNatIpAddress(owner, guestNetwork.getId(), null, dcId);
ipToReturn = assignDedicateIpAddress(owner, guestNetwork.getId(), null, dcId, true);
}
return ipToReturn;
}
@Override
public PublicIp assignVpnGatewayIpAddress(long dcId, Account owner, long vpcId) throws InsufficientAddressCapacityException, ConcurrentOperationException {
return assignDedicateIpAddress(owner, null, vpcId, dcId, false);
}
@DB
public PublicIp assignSourceNatIpAddress(Account owner, Long guestNtwkId, Long vpcId, long dcId)
public PublicIp assignDedicateIpAddress(Account owner, Long guestNtwkId, Long vpcId, long dcId, boolean isSourceNat)
throws ConcurrentOperationException, InsufficientAddressCapacityException {
long ownerId = owner.getId();
@ -580,11 +586,11 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
}
ip = fetchNewPublicIp(dcId, null, vlanId, owner, VlanType.VirtualNetwork, guestNtwkId,
true, false, null, false, vpcId);
IPAddressVO sourceNatIp = ip.ip();
isSourceNat, false, null, false, vpcId);
IPAddressVO publicIp = ip.ip();
markPublicIpAsAllocated(sourceNatIp);
_ipAddressDao.update(sourceNatIp.getId(), sourceNatIp);
markPublicIpAsAllocated(publicIp);
_ipAddressDao.update(publicIp.getId(), publicIp);
txn.commit();
return ip;
@ -746,7 +752,6 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
}
purposes.add(Purpose.StaticNat);
}
//TODO Need to check site 2 site vpn ip assignment
if (purposes == null || purposes.isEmpty()) {
// since no active rules are there check if any rules are applied on the public IP but are in
// revoking state

15
server/src/com/cloud/network/Site2SiteVpnGatewayVO.java
View File

@ -26,6 +26,9 @@ public class Site2SiteVpnGatewayVO implements Site2SiteVpnGateway {
@Column(name="addr_id")
private long addrId;
@Column(name="vpc_id")
private long vpcId;
@Column(name="domain_id")
private Long domainId;
@ -37,9 +40,10 @@ public class Site2SiteVpnGatewayVO implements Site2SiteVpnGateway {
public Site2SiteVpnGatewayVO() { }
public Site2SiteVpnGatewayVO(long accountId, long domainId, long addrId) {
public Site2SiteVpnGatewayVO(long accountId, long domainId, long addrId, long vpcId) {
this.uuid = UUID.randomUUID().toString();
this.setAddrId(addrId);
this.setVpcId(vpcId);
this.accountId = accountId;
this.domainId = domainId;
}
@ -49,6 +53,15 @@ public class Site2SiteVpnGatewayVO implements Site2SiteVpnGateway {
return id;
}
@Override
public long getVpcId() {
return vpcId;
}
public void setVpcId(long vpcId) {
this.vpcId = vpcId;
}
@Override
public long getAddrId() {
return addrId;

5
server/src/com/cloud/network/dao/Site2SiteVpnConnectionDao.java
View File

@ -6,7 +6,8 @@ import com.cloud.network.Site2SiteVpnConnectionVO;
import com.cloud.utils.db.GenericDao;
public interface Site2SiteVpnConnectionDao extends GenericDao<Site2SiteVpnConnectionVO, Long> {
Site2SiteVpnConnectionVO findByCustomerGatewayId(long id);
Site2SiteVpnConnectionVO findByVpnGatewayId(long id);
List<Site2SiteVpnConnectionVO> listByCustomerGatewayId(long id);
List<Site2SiteVpnConnectionVO> listByVpnGatewayId(long id);
List<Site2SiteVpnConnectionVO> listByVpcId(long vpcId);
Site2SiteVpnConnectionVO findByVpnGatewayIdAndCustomerGatewayId(long vpnId, long customerId);
}

23
server/src/com/cloud/network/dao/Site2SiteVpnConnectionDaoImpl.java
View File

@ -25,7 +25,6 @@ public class Site2SiteVpnConnectionDaoImpl extends GenericDaoBase<Site2SiteVpnCo
private final SearchBuilder<Site2SiteVpnConnectionVO> AllFieldsSearch;
private final SearchBuilder<Site2SiteVpnConnectionVO> VpcSearch;
private final SearchBuilder<Site2SiteVpnGatewayVO> VpnGatewaySearch;
private final SearchBuilder<IPAddressVO> AddrSearch;
protected Site2SiteVpnConnectionDaoImpl() {
AllFieldsSearch = createSearchBuilder();
@ -34,32 +33,38 @@ public class Site2SiteVpnConnectionDaoImpl extends GenericDaoBase<Site2SiteVpnCo
AllFieldsSearch.done();
VpcSearch = createSearchBuilder();
AddrSearch = _addrDao.createSearchBuilder();
AddrSearch.and("vpcId", AddrSearch.entity().getVpcId(), SearchCriteria.Op.EQ);
VpnGatewaySearch = _vpnGatewayDao.createSearchBuilder();
VpnGatewaySearch.join("addrSearch", AddrSearch, AddrSearch.entity().getId(), VpnGatewaySearch.entity().getAddrId(), JoinType.INNER);
VpnGatewaySearch.and("vpcId", VpnGatewaySearch.entity().getVpcId(), SearchCriteria.Op.EQ);
VpcSearch.join("vpnGatewaySearch", VpnGatewaySearch, VpnGatewaySearch.entity().getId(), VpcSearch.entity().getVpnGatewayId(), JoinType.INNER);
VpcSearch.done();
}
@Override
public Site2SiteVpnConnectionVO findByCustomerGatewayId(long id) {
public List<Site2SiteVpnConnectionVO> listByCustomerGatewayId(long id) {
SearchCriteria<Site2SiteVpnConnectionVO> sc = AllFieldsSearch.create();
sc.setParameters("customerGatewayId", id);
return findOneBy(sc);
return listBy(sc);
}
@Override
public Site2SiteVpnConnectionVO findByVpnGatewayId(long id) {
public List<Site2SiteVpnConnectionVO> listByVpnGatewayId(long id) {
SearchCriteria<Site2SiteVpnConnectionVO> sc = AllFieldsSearch.create();
sc.setParameters("vpnGatewayId", id);
return findOneBy(sc);
return listBy(sc);
}
@Override
public List<Site2SiteVpnConnectionVO> listByVpcId(long vpcId) {
SearchCriteria<Site2SiteVpnConnectionVO> sc = VpcSearch.create();
sc.setJoinParameters("addrSearch", "vpcId", vpcId);
sc.setJoinParameters("vpnGatewaySearch", "vpcId", vpcId);
return listBy(sc);
}
@Override
public Site2SiteVpnConnectionVO findByVpnGatewayIdAndCustomerGatewayId(long vpnId, long customerId) {
SearchCriteria<Site2SiteVpnConnectionVO> sc = AllFieldsSearch.create();
sc.setParameters("vpnGatewayId", vpnId);
sc.setParameters("customerGatewayId", customerId);
return findOneBy(sc);
}
}

5
server/src/com/cloud/network/dao/Site2SiteVpnGatewayDao.java
View File

@ -1,11 +1,8 @@
package com.cloud.network.dao;
import java.util.List;
import com.cloud.network.Site2SiteVpnGatewayVO;
import com.cloud.utils.db.GenericDao;
public interface Site2SiteVpnGatewayDao extends GenericDao<Site2SiteVpnGatewayVO, Long> {
Site2SiteVpnGatewayVO findByIpAddrId(long id);
List<Site2SiteVpnGatewayVO> listByVpcId(long vpcId);
Site2SiteVpnGatewayVO findByVpcId(long vpcId);
}

26
server/src/com/cloud/network/dao/Site2SiteVpnGatewayDaoImpl.java
View File

@ -1,17 +1,12 @@
package com.cloud.network.dao;
import java.util.List;
import javax.ejb.Local;
import org.apache.log4j.Logger;
import com.cloud.network.IPAddressVO;
import com.cloud.network.Site2SiteVpnGatewayVO;
import com.cloud.utils.component.ComponentLocator;
import com.cloud.utils.component.Inject;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.JoinBuilder.JoinType;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
@ -22,32 +17,17 @@ public class Site2SiteVpnGatewayDaoImpl extends GenericDaoBase<Site2SiteVpnGatew
private static final Logger s_logger = Logger.getLogger(Site2SiteVpnGatewayDaoImpl.class);
private final SearchBuilder<Site2SiteVpnGatewayVO> AllFieldsSearch;
private final SearchBuilder<Site2SiteVpnGatewayVO> VpcSearch;
private final SearchBuilder<IPAddressVO> AddrSearch;
protected Site2SiteVpnGatewayDaoImpl() {
AllFieldsSearch = createSearchBuilder();
AllFieldsSearch.and("addrId", AllFieldsSearch.entity().getAddrId(), SearchCriteria.Op.EQ);
AllFieldsSearch.and("vpcId", AllFieldsSearch.entity().getVpcId(), SearchCriteria.Op.EQ);
AllFieldsSearch.done();
VpcSearch = createSearchBuilder();
AddrSearch = _addrDao.createSearchBuilder();
AddrSearch.and("vpcId", AddrSearch.entity().getVpcId(), SearchCriteria.Op.EQ);
VpcSearch.join("addrSearch", AddrSearch, AddrSearch.entity().getId(), VpcSearch.entity().getAddrId(), JoinType.INNER);
VpcSearch.done();
}
@Override
public Site2SiteVpnGatewayVO findByIpAddrId(long id) {
public Site2SiteVpnGatewayVO findByVpcId(long vpcId) {
SearchCriteria<Site2SiteVpnGatewayVO> sc = AllFieldsSearch.create();
sc.setParameters("addrId", id);
sc.setParameters("vpcId", vpcId);
return findOneBy(sc);
}
@Override
public List<Site2SiteVpnGatewayVO> listByVpcId(long vpcId) {
SearchCriteria<Site2SiteVpnGatewayVO> sc = VpcSearch.create();
sc.setJoinParameters("addrSearch", "vpcId", vpcId);
return listBy(sc);
}
}

1
server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManager.java
View File

@ -26,6 +26,7 @@ import com.cloud.network.rules.FirewallRule;
import com.cloud.network.vpc.PrivateGateway;
import com.cloud.network.vpc.StaticRouteProfile;
import com.cloud.network.vpc.Vpc;
import com.cloud.network.vpc.VpcGateway;
import com.cloud.user.Account;
import com.cloud.vm.DomainRouterVO;
import com.cloud.vm.VirtualMachineProfile.Param;

7
server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
View File

@ -72,12 +72,15 @@ import com.cloud.network.PhysicalNetworkServiceProvider;
import com.cloud.network.PublicIpAddress;
import com.cloud.network.Site2SiteCustomerGatewayVO;
import com.cloud.network.Site2SiteVpnConnection;
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.network.Site2SiteVpnGatewayVO;
import com.cloud.network.VirtualRouterProvider;
import com.cloud.network.VirtualRouterProvider.VirtualRouterProviderType;
import com.cloud.network.VpcVirtualNetworkApplianceService;
import com.cloud.network.addr.PublicIp;
import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.dao.PhysicalNetworkDao;
import com.cloud.network.dao.Site2SiteVpnGatewayDao;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.vpc.NetworkACLManager;
import com.cloud.network.vpc.PrivateGateway;
@ -134,6 +137,10 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
VpcManager _vpcMgr;
@Inject
PrivateIpDao _privateIpDao;
@Inject
IPAddressDao _ipAddrDao;
@Inject
Site2SiteVpnGatewayDao _vpnGatewayDao;
@Override
public List<DomainRouterVO> deployVirtualRouterInVpc(Vpc vpc, DeployDestination dest, Account owner,

1
server/src/com/cloud/network/vpc/Dao/VpcGatewayDao.java
View File

@ -20,4 +20,5 @@ import com.cloud.utils.db.GenericDao;
*/
public interface VpcGatewayDao extends GenericDao<VpcGatewayVO, Long>{
VpcGatewayVO getPrivateGatewayForVpc(long vpcId);
VpcGatewayVO getVpnGatewayForVpc(long vpcId);
}

9
server/src/com/cloud/network/vpc/Dao/VpcGatewayDaoImpl.java
View File

@ -47,4 +47,13 @@ public class VpcGatewayDaoImpl extends GenericDaoBase<VpcGatewayVO, Long> implem
return findOneBy(sc);
}
@Override
public VpcGatewayVO getVpnGatewayForVpc(long vpcId) {
SearchCriteria<VpcGatewayVO> sc = AllFieldsSearch.create();
sc.setParameters("vpcId", vpcId);
sc.setParameters("type", VpcGateway.Type.Vpn);
return findOneBy(sc);
}
}

5
server/src/com/cloud/network/vpc/VpcManagerImpl.java
View File

@ -54,9 +54,12 @@ import com.cloud.network.NetworkVO;
import com.cloud.network.Networks.BroadcastDomainType;
import com.cloud.network.Networks.TrafficType;
import com.cloud.network.PhysicalNetwork;
import com.cloud.network.Site2SiteVpnGateway;
import com.cloud.network.addr.PublicIp;
import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.dao.NetworkDao;
import com.cloud.network.dao.PhysicalNetworkDao;
import com.cloud.network.dao.Site2SiteVpnGatewayDao;
import com.cloud.network.element.VpcProvider;
import com.cloud.network.vpc.VpcOffering.State;
import com.cloud.network.vpc.Dao.PrivateIpDao;
@ -141,6 +144,8 @@ public class VpcManagerImpl implements VpcManager, Manager{
PhysicalNetworkDao _pNtwkDao;
@Inject
ResourceTagDao _resourceTagDao;
@Inject
Site2SiteVpnGatewayDao _vpnGatewayDao;
private final ScheduledExecutorService _executor = Executors.newScheduledThreadPool(1, new NamedThreadFactory("VpcChecker"));

58
server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
View File

@ -24,6 +24,7 @@ import com.cloud.domain.Domain;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.NetworkRuleConflictException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.IPAddressVO;
import com.cloud.network.IpAddress;
import com.cloud.network.NetworkManager;
import com.cloud.network.Site2SiteCustomerGateway;
@ -38,9 +39,13 @@ import com.cloud.network.dao.Site2SiteCustomerGatewayDao;
import com.cloud.network.dao.Site2SiteVpnConnectionDao;
import com.cloud.network.dao.Site2SiteVpnGatewayDao;
import com.cloud.network.element.Site2SiteVpnServiceProvider;
import com.cloud.network.vpc.VpcManager;
import com.cloud.network.vpc.VpcVO;
import com.cloud.network.vpc.Dao.VpcDao;
import com.cloud.user.dao.AccountDao;
import com.cloud.utils.component.Inject;
import com.cloud.utils.component.Manager;
import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.utils.net.NetUtils;
@Local(value = Site2SiteVpnService.class)
@ -53,6 +58,8 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnService, Manager {
@Inject NetworkManager _networkMgr;
@Inject VpcDao _vpcDao;
@Inject IPAddressDao _ipAddressDao;
@Inject AccountDao _accountDao;
@Inject VpcManager _vpcMgr;
String _name;
@ -79,17 +86,13 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnService, Manager {
@Override
public Site2SiteVpnGateway createVpnGateway(CreateVpnGatewayCmd cmd) {
Long ipId = cmd.getPublicIpId();
IpAddress ip = _networkMgr.getIp(ipId);
Long vpcId = ip.getVpcId();
if (ip.getVpcId() == null) {
throw new InvalidParameterValueException("The VPN gateway cannot create with ip not belong to VPC");
}
if (_vpnGatewayDao.findByIpAddrId(ipId) != null) {
throw new InvalidParameterValueException("The VPN gateway with ip ID " + ipId + " already existed!");
Long vpcId = cmd.getVpcId();
VpcVO vpc = _vpcDao.findById(vpcId);
if (vpc == null) {
throw new InvalidParameterValueException("Invalid VPC " + vpcId + " for site to site vpn gateway creation!");
}
List<Site2SiteVpnGatewayVO> gws = _vpnGatewayDao.listByVpcId(vpcId);
if (gws != null && gws.size() != 0) {
Site2SiteVpnGatewayVO gws = _vpnGatewayDao.findByVpcId(vpcId);
if (gws != null) {
throw new InvalidParameterValueException("The VPN gateway of VPC " + vpcId + " already existed!");
}
Long accountId = cmd.getEntityOwnerId();
@ -97,7 +100,13 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnService, Manager {
if (domainId == null) {
domainId = Domain.ROOT_DOMAIN;
}
Site2SiteVpnGatewayVO gw = new Site2SiteVpnGatewayVO(accountId, domainId, ipId);
//Use source NAT ip for VPC
List<IPAddressVO> ips = _ipAddressDao.listByAssociatedVpc(vpcId, true);
if (ips.size() != 1) {
throw new CloudRuntimeException("Cannot found source nat ip of vpc " + vpcId);
}
Site2SiteVpnGatewayVO gw = new Site2SiteVpnGatewayVO(accountId, domainId, ips.get(0).getId(), vpcId);
_vpnGatewayDao.persist(gw);
return gw;
}
@ -155,8 +164,7 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnService, Manager {
if (vpnGateway == null) {
throw new InvalidParameterValueException("Unable to found specified Site to Site VPN gateway " + vpnGatewayId + " !");
}
if (_vpnConnectionDao.findByCustomerGatewayId(customerGatewayId) != null ||
_vpnConnectionDao.findByVpnGatewayId(vpnGatewayId) != null) {
if (_vpnConnectionDao.findByVpnGatewayIdAndCustomerGatewayId(vpnGatewayId, customerGatewayId) != null) {
throw new InvalidParameterValueException("The vpn connection with customer gateway id " + customerGatewayId + " or vpn gateway id "
+ vpnGatewayId + " already existed!");
}
@ -210,6 +218,10 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnService, Manager {
if (customerGateway == null) {
throw new InvalidParameterValueException("Fail to find customer gateway with " + id + " !");
}
List<Site2SiteVpnConnectionVO> vpnConnections = _vpnConnectionDao.listByCustomerGatewayId(id);
if (vpnConnections != null && vpnConnections.size() != 0) {
throw new InvalidParameterValueException("Unable to delete VPN customer gateway " + id + " because there is still related VPN connections!");
}
_customerGatewayDao.remove(id);
return true;
}
@ -221,6 +233,10 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnService, Manager {
if (vpnGateway == null) {
throw new InvalidParameterValueException("Fail to find vpn gateway with " + id + " !");
}
List<Site2SiteVpnConnectionVO> conns = _vpnConnectionDao.listByVpnGatewayId(id);
if (conns != null && conns.size() != 0) {
throw new InvalidParameterValueException("Unable to delete VPN gateway " + id + " because there is still related VPN connections!");
}
_vpnGatewayDao.remove(id);
return true;
}
@ -232,10 +248,13 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnService, Manager {
if (gw == null) {
throw new InvalidParameterValueException("Find to find customer gateway with id " + id);
}
Site2SiteVpnConnection conn = _vpnConnectionDao.findByCustomerGatewayId(id);
if (conn != null && (conn.getState() != State.Disconnected || conn.getState() != State.Error)) {
throw new InvalidParameterValueException("Unable to update customer gateway because there is the correlate VPN connection " + conn.getId()
+ " still active!");
List<Site2SiteVpnConnectionVO> conns = _vpnConnectionDao.listByCustomerGatewayId(id);
if (conns != null) {
for (Site2SiteVpnConnection conn : conns) {
if (conn.getState() != State.Disconnected || conn.getState() != State.Error) {
throw new InvalidParameterValueException("Unable to update customer gateway because there is active VPN connection " + conn.getId());
}
}
}
String gatewayIp = cmd.getGatewayIp();
if (!NetUtils.isValidIp(gatewayIp)) {
@ -314,6 +333,9 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnService, Manager {
if (conn == null) {
throw new InvalidParameterValueException("Fail to find site to site VPN connection " + id + " to reset!");
}
if (conn.getState() == State.Pending) {
throw new InvalidParameterValueException("VPN connection " + id + " cannot be reseted when state is Pending!");
}
if (conn.getState() == State.Connected || conn.getState() == State.Error) {
stopVpnConnection(id);
}
@ -342,7 +364,7 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnService, Manager {
if (id != null) {
results.add(_vpnGatewayDao.findById(cmd.getId()));
} else if (vpcId != null) {
results.addAll(_vpnGatewayDao.listByVpcId(vpcId));
results.add(_vpnGatewayDao.findByVpcId(vpcId));
} else { //id == null && vpcId == null
results.addAll(_vpnGatewayDao.listAll());
}

2
setup/db/create-schema.sql
View File

@ -2138,11 +2138,13 @@ CREATE TABLE `cloud`.`s2s_vpn_gateway` (
`id` bigint unsigned NOT NULL auto_increment COMMENT 'id',
`uuid` varchar(40),
`addr_id` bigint unsigned NOT NULL,
`vpc_id` bigint unsigned NOT NULL,
`domain_id` bigint unsigned NOT NULL,
`account_id` bigint unsigned NOT NULL,
`removed` datetime COMMENT 'date removed if not null',
PRIMARY KEY (`id`),
CONSTRAINT `fk_s2s_vpn_gateway__addr_id` FOREIGN KEY (`addr_id`) REFERENCES `user_ip_address` (`id`) ON DELETE CASCADE,
CONSTRAINT `fk_s2s_vpn_gateway__vpc_id` FOREIGN KEY (`vpc_id`) REFERENCES `vpc` (`id`) ON DELETE CASCADE,
CONSTRAINT `fk_s2s_vpn_gateway__account_id` FOREIGN KEY (`account_id`) REFERENCES `account`(`id`) ON DELETE CASCADE,
CONSTRAINT `fk_s2s_vpn_gateway__domain_id` FOREIGN KEY (`domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE,
CONSTRAINT `uc_s2s_vpn_gateway__uuid` UNIQUE (`uuid`)