CLOUDSTACK-751: added a support for blacklisting certain routes on a zone level so they can't be used when create Static Route for VPC Private Gateway

2013-04-22 12:05:49 -07:00 · 2013-04-22 12:05:49 -07:00 · c9c2c5902d
parent df039aab7f
commit c9c2c5902d
5 changed files with 73 additions and 8 deletions
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@ -16,7 +16,10 @@
 // under the License.
 package com.cloud.configuration;

-import java.util.*;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.StringTokenizer;

 import org.apache.cloudstack.engine.subsystem.api.storage.StoragePoolAllocator;

@ -26,6 +29,7 @@ import com.cloud.ha.HighAvailabilityManager;
 import com.cloud.hypervisor.Hypervisor.HypervisorType;
 import com.cloud.network.NetworkManager;
 import com.cloud.network.router.VpcVirtualNetworkApplianceManager;
+import com.cloud.network.vpc.VpcManager;
 import com.cloud.server.ManagementServer;
 import com.cloud.storage.StorageManager;
 import com.cloud.storage.secondary.SecondaryStorageVmManager;
@ -34,10 +38,6 @@ import com.cloud.template.TemplateManager;
 import com.cloud.vm.UserVmManager;
 import com.cloud.vm.snapshot.VMSnapshotManager;

-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-
 public enum Config {

 	// Alert
@ -400,7 +400,10 @@ public enum Config {
    VMSnapshotMax("Advanced", VMSnapshotManager.class, Integer.class, "vmsnapshot.max", "10", "Maximum vm snapshots for a vm", null),
    VMSnapshotCreateWait("Advanced", VMSnapshotManager.class, Integer.class, "vmsnapshot.create.wait", "1800", "In second, timeout for create vm snapshot", null),

-    CloudDnsName("Advanced", ManagementServer.class, String.class, "cloud.dns.name", "default", " DNS name of the cloud", null);
+    CloudDnsName("Advanced", ManagementServer.class, String.class, "cloud.dns.name", "default", " DNS name of the cloud", null),
+	
+    BlacklistedRoutes("Advanced", VpcManager.class, String.class, "blacklisted.routes", null, "Routes that are blacklisted, can not be used for Static Routes creation for the VPC Private Gateway",
+	           "routes", ConfigurationParameterScope.zone.toString());
    
 	
 	private final String _category;
@ -532,6 +535,8 @@ public enum Config {
            return "StorageManager";
        } else if (_componentClass == TemplateManager.class) {
            return "TemplateManager";
+        } else if (_componentClass == VpcManager.class) {
+            return "VpcManager";
        }else {
            return "none";
        }
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@ -342,7 +342,7 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
                }
                DcDetailVO dcDetailVO = _zoneDetailsDao.findDetail(resourceId, name.toLowerCase());
                if (dcDetailVO == null) {
-                    dcDetailVO = new DcDetailVO(dcDetailVO.getId(), name, value);
+                    dcDetailVO = new DcDetailVO(zone.getId(), name, value);
                    _zoneDetailsDao.persist(dcDetailVO);
                } else {
                    dcDetailVO.setValue(value);
@ -584,6 +584,16 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
                if (!NetUtils.verifyInstanceName(value)) {
                    return "Instance name can not contain hyphen, spaces and plus sign";
                }
+            } else if (range.equals("routes")) {
+                String[] routes = value.split(",");
+                for (String route : routes) {
+                    if (route != null) {
+                        String routeToVerify = route.trim();
+                        if (!NetUtils.isValidCIDR(routeToVerify)) {
+                            throw new InvalidParameterValueException("Invalid value for blacklisted route: " + route);
+                        }
+                    }
+                }
            } else {
                String[] options = range.split(",");
                for (String option : options) {
--- a/server/src/com/cloud/dc/dao/DataCenterDao.java
+++ b/server/src/com/cloud/dc/dao/DataCenterDao.java
@ -77,4 +77,6 @@ public interface DataCenterDao extends GenericDao<DataCenterVO, Long> {
 	List<DataCenterVO> findZonesByDomainId(Long domainId, String keyword);

 	List<DataCenterVO> findByKeyword(String keyword);
+
+    List<DataCenterVO> listAllZones();
 }
--- a/server/src/com/cloud/dc/dao/DataCenterDaoImpl.java
+++ b/server/src/com/cloud/dc/dao/DataCenterDaoImpl.java
@ -401,4 +401,12 @@ public class DataCenterDaoImpl extends GenericDaoBase<DataCenterVO, Long> implem
        txn.commit();
        return result;
    }
+    
+    @Override
+    public List<DataCenterVO> listAllZones(){
+        SearchCriteria<DataCenterVO> sc = NameSearch.create();
+        List<DataCenterVO> dcs =  listBy(sc);
+
+        return dcs;
+    }
 }
--- a/server/src/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/VpcManagerImpl.java
@ -39,11 +39,14 @@ import org.springframework.stereotype.Component;

 import com.cloud.configuration.Config;
 import com.cloud.configuration.ConfigurationManager;
+import com.cloud.configuration.ConfigurationVO;
 import com.cloud.configuration.Resource.ResourceType;
 import com.cloud.configuration.dao.ConfigurationDao;
 import com.cloud.dc.DataCenter;
+import com.cloud.dc.DataCenterVO;
 import com.cloud.dc.Vlan.VlanType;
 import com.cloud.dc.VlanVO;
+import com.cloud.dc.dao.DataCenterDao;
 import com.cloud.dc.dao.VlanDao;
 import com.cloud.deploy.DeployDestination;
 import com.cloud.event.ActionEvent;
@ -92,6 +95,7 @@ import com.cloud.offerings.NetworkOfferingServiceMapVO;
 import com.cloud.offerings.dao.NetworkOfferingServiceMapDao;
 import com.cloud.org.Grouping;
 import com.cloud.projects.Project.ListProjectResourcesCriteria;
+import com.cloud.server.ConfigurationServer;
 import com.cloud.server.ResourceTag.TaggedResourceType;
 import com.cloud.tags.ResourceTagVO;
 import com.cloud.tags.dao.ResourceTagDao;
@ -115,7 +119,6 @@ import com.cloud.utils.db.SearchCriteria.Op;
 import com.cloud.utils.db.Transaction;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.net.NetUtils;
-import com.cloud.vm.DomainRouterVO;
 import com.cloud.vm.ReservationContext;
 import com.cloud.vm.ReservationContextImpl;
 import com.cloud.vm.dao.DomainRouterDao;
@ -175,11 +178,17 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
    ResourceLimitService _resourceLimitMgr;
    @Inject
    VpcServiceMapDao _vpcSrvcDao;
+    @Inject
+    DataCenterDao _dcDao;
+    @Inject
+    ConfigurationServer _configServer;

    private final ScheduledExecutorService _executor = Executors.newScheduledThreadPool(1, new NamedThreadFactory("VpcChecker"));
    private List<VpcProvider> vpcElements = null;
    private final List<Service> nonSupportedServices = Arrays.asList(Service.SecurityGroup, Service.Firewall);
    private final List<Provider> supportedProviders = Arrays.asList(Provider.VPCVirtualRouter, Provider.NiciraNvp);
+    
+    private Map<Long, Set<String>> zoneBlackListedRoutes;
 
    int _cleanupInterval;
    int _maxNetworks;
@ -231,6 +240,26 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
        IpAddressSearch.join("virtualNetworkVlanSB", virtualNetworkVlanSB, IpAddressSearch.entity().getVlanId(), virtualNetworkVlanSB.entity().getId(), JoinBuilder.JoinType.INNER);
        IpAddressSearch.done();
        
+        //populate blacklisted routes
+        List<DataCenterVO> zones = _dcDao.listAllZones();
+        zoneBlackListedRoutes = new HashMap<Long, Set<String>>();
+        for (DataCenterVO zone : zones) {
+            List<ConfigurationVO> confs = _configServer.getConfigListByScope(Config.ConfigurationParameterScope.zone.toString(), zone.getId());
+            for (ConfigurationVO conf : confs) {
+                String routeStr = conf.getValue();
+                if (conf.getName().equalsIgnoreCase(Config.BlacklistedRoutes.key()) && routeStr != null && !routeStr.isEmpty()) {
+                    String[] routes = routeStr.split(",");
+                    Set<String> cidrs = new HashSet<String>();
+                    for (String route : routes) {
+                        cidrs.add(route);
+                    }
+                    
+                    zoneBlackListedRoutes.put(zone.getId(), cidrs);
+                    break;
+                }
+            }
+        }
+        
        return true;
    }

@ -1653,6 +1682,17 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
        if (NetUtils.isNetworksOverlap(vpc.getCidr(), NetUtils.getLinkLocalCIDR())) {
            throw new InvalidParameterValueException("CIDR should be outside of link local cidr " + NetUtils.getLinkLocalCIDR());
        }
+        
+        //3) Verify against blacklisted routes
+        Set<String> cidrBlackList = zoneBlackListedRoutes.get(vpc.getZoneId());
+        
+        if (cidrBlackList != null && !cidrBlackList.isEmpty()) {
+            for (String blackListedRoute : cidrBlackList) {
+                if (NetUtils.isNetworksOverlap(blackListedRoute, cidr)) {
+                    throw new InvalidParameterValueException("The static gateway cidr overlaps with one of the blacklisted routes of the VPC zone");
+                }
+            }
+        }

        Transaction txn = Transaction.currentTxn();
        txn.start();