diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index 4d1185a973b..dbcbc5332d0 100755 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -16,7 +16,10 @@ // under the License. package com.cloud.configuration; -import java.util.*; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.StringTokenizer; import org.apache.cloudstack.engine.subsystem.api.storage.StoragePoolAllocator; @@ -26,6 +29,7 @@ import com.cloud.ha.HighAvailabilityManager; import com.cloud.hypervisor.Hypervisor.HypervisorType; import com.cloud.network.NetworkManager; import com.cloud.network.router.VpcVirtualNetworkApplianceManager; +import com.cloud.network.vpc.VpcManager; import com.cloud.server.ManagementServer; import com.cloud.storage.StorageManager; import com.cloud.storage.secondary.SecondaryStorageVmManager; @@ -34,10 +38,6 @@ import com.cloud.template.TemplateManager; import com.cloud.vm.UserVmManager; import com.cloud.vm.snapshot.VMSnapshotManager; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; - public enum Config { // Alert @@ -400,7 +400,10 @@ public enum Config { VMSnapshotMax("Advanced", VMSnapshotManager.class, Integer.class, "vmsnapshot.max", "10", "Maximum vm snapshots for a vm", null), VMSnapshotCreateWait("Advanced", VMSnapshotManager.class, Integer.class, "vmsnapshot.create.wait", "1800", "In second, timeout for create vm snapshot", null), - CloudDnsName("Advanced", ManagementServer.class, String.class, "cloud.dns.name", "default", " DNS name of the cloud", null); + CloudDnsName("Advanced", ManagementServer.class, String.class, "cloud.dns.name", "default", " DNS name of the cloud", null), + + BlacklistedRoutes("Advanced", VpcManager.class, String.class, "blacklisted.routes", null, "Routes that are blacklisted, can not be used for Static Routes creation for the VPC Private Gateway", + "routes", ConfigurationParameterScope.zone.toString()); private final String _category; @@ -532,6 +535,8 @@ public enum Config { return "StorageManager"; } else if (_componentClass == TemplateManager.class) { return "TemplateManager"; + } else if (_componentClass == VpcManager.class) { + return "VpcManager"; }else { return "none"; } diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java index b5734a290ce..a2a62919eff 100755 --- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java @@ -342,7 +342,7 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati } DcDetailVO dcDetailVO = _zoneDetailsDao.findDetail(resourceId, name.toLowerCase()); if (dcDetailVO == null) { - dcDetailVO = new DcDetailVO(dcDetailVO.getId(), name, value); + dcDetailVO = new DcDetailVO(zone.getId(), name, value); _zoneDetailsDao.persist(dcDetailVO); } else { dcDetailVO.setValue(value); @@ -584,6 +584,16 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati if (!NetUtils.verifyInstanceName(value)) { return "Instance name can not contain hyphen, spaces and plus sign"; } + } else if (range.equals("routes")) { + String[] routes = value.split(","); + for (String route : routes) { + if (route != null) { + String routeToVerify = route.trim(); + if (!NetUtils.isValidCIDR(routeToVerify)) { + throw new InvalidParameterValueException("Invalid value for blacklisted route: " + route); + } + } + } } else { String[] options = range.split(","); for (String option : options) { diff --git a/server/src/com/cloud/dc/dao/DataCenterDao.java b/server/src/com/cloud/dc/dao/DataCenterDao.java index ee228f1ab5b..e54b9bbbe29 100755 --- a/server/src/com/cloud/dc/dao/DataCenterDao.java +++ b/server/src/com/cloud/dc/dao/DataCenterDao.java @@ -77,4 +77,6 @@ public interface DataCenterDao extends GenericDao { List findZonesByDomainId(Long domainId, String keyword); List findByKeyword(String keyword); + + List listAllZones(); } diff --git a/server/src/com/cloud/dc/dao/DataCenterDaoImpl.java b/server/src/com/cloud/dc/dao/DataCenterDaoImpl.java index 2a6c2ecb252..4afd640d314 100755 --- a/server/src/com/cloud/dc/dao/DataCenterDaoImpl.java +++ b/server/src/com/cloud/dc/dao/DataCenterDaoImpl.java @@ -401,4 +401,12 @@ public class DataCenterDaoImpl extends GenericDaoBase implem txn.commit(); return result; } + + @Override + public List listAllZones(){ + SearchCriteria sc = NameSearch.create(); + List dcs = listBy(sc); + + return dcs; + } } diff --git a/server/src/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/com/cloud/network/vpc/VpcManagerImpl.java index dbd36ae0cf7..425f551b049 100644 --- a/server/src/com/cloud/network/vpc/VpcManagerImpl.java +++ b/server/src/com/cloud/network/vpc/VpcManagerImpl.java @@ -39,11 +39,14 @@ import org.springframework.stereotype.Component; import com.cloud.configuration.Config; import com.cloud.configuration.ConfigurationManager; +import com.cloud.configuration.ConfigurationVO; import com.cloud.configuration.Resource.ResourceType; import com.cloud.configuration.dao.ConfigurationDao; import com.cloud.dc.DataCenter; +import com.cloud.dc.DataCenterVO; import com.cloud.dc.Vlan.VlanType; import com.cloud.dc.VlanVO; +import com.cloud.dc.dao.DataCenterDao; import com.cloud.dc.dao.VlanDao; import com.cloud.deploy.DeployDestination; import com.cloud.event.ActionEvent; @@ -92,6 +95,7 @@ import com.cloud.offerings.NetworkOfferingServiceMapVO; import com.cloud.offerings.dao.NetworkOfferingServiceMapDao; import com.cloud.org.Grouping; import com.cloud.projects.Project.ListProjectResourcesCriteria; +import com.cloud.server.ConfigurationServer; import com.cloud.server.ResourceTag.TaggedResourceType; import com.cloud.tags.ResourceTagVO; import com.cloud.tags.dao.ResourceTagDao; @@ -115,7 +119,6 @@ import com.cloud.utils.db.SearchCriteria.Op; import com.cloud.utils.db.Transaction; import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.utils.net.NetUtils; -import com.cloud.vm.DomainRouterVO; import com.cloud.vm.ReservationContext; import com.cloud.vm.ReservationContextImpl; import com.cloud.vm.dao.DomainRouterDao; @@ -175,11 +178,17 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis ResourceLimitService _resourceLimitMgr; @Inject VpcServiceMapDao _vpcSrvcDao; + @Inject + DataCenterDao _dcDao; + @Inject + ConfigurationServer _configServer; private final ScheduledExecutorService _executor = Executors.newScheduledThreadPool(1, new NamedThreadFactory("VpcChecker")); private List vpcElements = null; private final List nonSupportedServices = Arrays.asList(Service.SecurityGroup, Service.Firewall); private final List supportedProviders = Arrays.asList(Provider.VPCVirtualRouter, Provider.NiciraNvp); + + private Map> zoneBlackListedRoutes; int _cleanupInterval; int _maxNetworks; @@ -231,6 +240,26 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis IpAddressSearch.join("virtualNetworkVlanSB", virtualNetworkVlanSB, IpAddressSearch.entity().getVlanId(), virtualNetworkVlanSB.entity().getId(), JoinBuilder.JoinType.INNER); IpAddressSearch.done(); + //populate blacklisted routes + List zones = _dcDao.listAllZones(); + zoneBlackListedRoutes = new HashMap>(); + for (DataCenterVO zone : zones) { + List confs = _configServer.getConfigListByScope(Config.ConfigurationParameterScope.zone.toString(), zone.getId()); + for (ConfigurationVO conf : confs) { + String routeStr = conf.getValue(); + if (conf.getName().equalsIgnoreCase(Config.BlacklistedRoutes.key()) && routeStr != null && !routeStr.isEmpty()) { + String[] routes = routeStr.split(","); + Set cidrs = new HashSet(); + for (String route : routes) { + cidrs.add(route); + } + + zoneBlackListedRoutes.put(zone.getId(), cidrs); + break; + } + } + } + return true; } @@ -1653,6 +1682,17 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis if (NetUtils.isNetworksOverlap(vpc.getCidr(), NetUtils.getLinkLocalCIDR())) { throw new InvalidParameterValueException("CIDR should be outside of link local cidr " + NetUtils.getLinkLocalCIDR()); } + + //3) Verify against blacklisted routes + Set cidrBlackList = zoneBlackListedRoutes.get(vpc.getZoneId()); + + if (cidrBlackList != null && !cidrBlackList.isEmpty()) { + for (String blackListedRoute : cidrBlackList) { + if (NetUtils.isNetworksOverlap(blackListedRoute, cidr)) { + throw new InvalidParameterValueException("The static gateway cidr overlaps with one of the blacklisted routes of the VPC zone"); + } + } + } Transaction txn = Transaction.currentTxn(); txn.start();