From cbbf03492f86424bf9e4128de6d8cf46ff65d554 Mon Sep 17 00:00:00 2001 From: alena Date: Wed, 9 Mar 2011 14:40:48 -0800 Subject: [PATCH] bug 8937: throw an Exception when fail to reapply Firewall rules as a part of network Implement status 8937: resolved fixed --- .../com/cloud/network/NetworkManagerImpl.java | 42 ++++++++----------- .../VirtualNetworkApplianceManagerImpl.java | 3 +- .../cloud/vm/VirtualMachineManagerImpl.java | 10 ----- 3 files changed, 19 insertions(+), 36 deletions(-) diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 5a0937f529a..1096f633b8a 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -1099,33 +1099,28 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag network.setMode(result.getMode()); _networksDao.update(networkId, network); - boolean success = true; + for (NetworkElement element : _networkElements) { if (s_logger.isDebugEnabled()) { s_logger.debug("Asking " + element.getName() + " to implmenet " + network); } element.implement(network, offering, dest, context); - //reapply all the firewall/staticNat/lb rules - s_logger.debug("Applying network rules as a part of network " + network + " implement..."); - if (!restartNetwork(networkId, false, context)) { - success = false; - s_logger.warn("Failed to reapply network rules as a part of network " + network + " implement"); - } } - //only when all the network rules got re-implemented successfully, assume that the network is Impelemented - if (success) { - network.setState(Network.State.Implemented); - _networksDao.update(network.getId(), network); - implemented.set(guru, network); - } else { - s_logger.warn("Failed to implement the network " + network + " as some network rules failed to reapply"); - } - + //reapply all the firewall/staticNat/lb rules + s_logger.debug("Applying network rules as a part of network " + network + " implement..."); + if (!restartNetwork(networkId, false, context.getAccount())) { + s_logger.warn("Failed to reapply network rules as a part of network " + network + " implement"); + throw new ResourceUnavailableException("Unable to apply network rules as a part of network " + network + " implement", DataCenter.class, network.getDataCenterId()); + } + + network.setState(Network.State.Implemented); + _networksDao.update(network.getId(), network); + implemented.set(guru, network); return implemented; } finally { if (implemented.first() == null) { - s_logger.debug("Cleaning up because we're unable to implement network " + network); + s_logger.debug("Cleaning up because we're unable to implement the network " + network); network.setState(Network.State.Shutdown); _networksDao.update(networkId, network); @@ -2111,15 +2106,12 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag throw new InvalidParameterValueException("Network is not in the right state to be restarted. Correct states are: " + Network.State.Implemented + ", " + Network.State.Setup); } - Account owner = _accountMgr.getAccount(network.getAccountId()); - ReservationContext context = new ReservationContextImpl(null, null, caller, owner); - _accountMgr.checkAccess(callerAccount, network); boolean success = true; //Restart network - network elements restart is required - success = restartNetwork(networkId, true, context); + success = restartNetwork(networkId, true, callerAccount); if (success) { s_logger.debug("Network id=" + networkId + " is restarted successfully."); @@ -2150,7 +2142,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } } - private boolean restartNetwork(long networkId, boolean restartElements, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException { + private boolean restartNetwork(long networkId, boolean restartElements, Account caller) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException { boolean success = true; NetworkVO network = _networksDao.findById(networkId); @@ -2161,7 +2153,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag s_logger.debug("Restarting network elements for the network " + network); for (NetworkElement element : _networkElements) { //stop and start the network element - if (!element.restart(network, context)) { + if (!element.restart(network, null)) { s_logger.warn("Failed to restart network element(s) as a part of network id" + networkId + " restart"); success = false; } @@ -2175,13 +2167,13 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } //apply port forwarding rules - if (!_rulesMgr.applyPortForwardingRulesForNetwork(networkId, false, context.getAccount())) { + if (!_rulesMgr.applyPortForwardingRulesForNetwork(networkId, false, caller)) { s_logger.warn("Failed to reapply port forwarding rule(s) as a part of network id=" + networkId + " restart"); success = false; } //apply static nat rules - if (!_rulesMgr.applyStaticNatRulesForNetwork(networkId, false, context.getAccount())) { + if (!_rulesMgr.applyStaticNatRulesForNetwork(networkId, false, caller)) { s_logger.warn("Failed to reapply static nat rule(s) as a part of network id=" + networkId + " restart"); success = false; } diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 25683393db8..5c5af90b6e8 100644 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -1224,7 +1224,8 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian dhcpCommand.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName()); cmds.addCommand("dhcp", dhcpCommand); - if (password != null) { + //password should be set only on default network element + if (password != null && network.isDefault()) { final String encodedPassword = rot13(password); SavePasswordCommand cmd = new SavePasswordCommand(encodedPassword, nic.getIp4Address(), profile.getVirtualMachine().getName()); cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, router.getPrivateIpAddress()); diff --git a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java index d8dbb342db3..ab86b4481ca 100755 --- a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java +++ b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java @@ -1136,18 +1136,8 @@ public class VirtualMachineManagerImpl implements VirtualMachineManager, Listene cluster = _configMgr.getCluster(host.getClusterId()); } DeployDestination dest = new DeployDestination(dc, pod, cluster, host); - ReservationContext ctx = new ReservationContextImpl(null, null, caller, account); try { - //implement networks if needed - underlying code will check if network needs to be implemented again. - List nics = _networkMgr.getNics(vm.getId()); - - for (Nic nic : nics) { - if (!_networkMgr.startNetwork(nic.getNetworkId(), dest, ctx)) { - s_logger.warn("Failed to start network id=" + nic.getNetworkId() + " as a part of vm " + vm + " reboot"); - throw new CloudRuntimeException("Failed to implement network id=" + nic.getNetworkId() + " as a part of vm " + vm + " reboot"); - } - } Commands cmds = new Commands(OnError.Revert); cmds.addCommand(new RebootCommand(vm.getName()));