bug 14484: Apply existed firewall rules when associating IP

It's not a elegant fix. The status for firewall rules should remain unchanged before/after ip association/disassociation. But the related change is tricky than this fix, may not get enough test for 3.0.1. So we would apply existed firewall rules again, which would work, just result in some unnecessary commands. status 14484: resolved fixed Reviewed-by: Edison Su
2012-03-23 19:06:25 -07:00 · 2012-03-23 19:06:25 -07:00 · d80b58fe1d
parent f77430f160
commit d80b58fe1d
1 changed files with 15 additions and 0 deletions
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@ -253,6 +253,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
    @Inject
    NicDao _nicDao = null;
    @Inject
+    FirewallRulesDao _fwRulesDao = null;
+    @Inject
    RulesManager _rulesMgr;
    @Inject
    LoadBalancingRulesManager _lbMgr;
@ -894,14 +896,27 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                } else {
                    throw new CloudRuntimeException("Fail to get ip deployer for element: " + element);
                }
+                //We would apply all the existed firewall rules for this IP, since the rule maybe discard by revoke PF/LB rules
+                List<FirewallRule> firewallRules = new ArrayList<FirewallRule>();
+                boolean applyFirewallRules = false;
+                if (element instanceof FirewallServiceProvider &&
+                        isProviderSupportServiceInNetwork(network.getId(), Service.Firewall, provider)) {
+                    applyFirewallRules = true;
+                }
                Set<Service> services = new HashSet<Service>();
                for (PublicIp ip : ips) {
                    if (!ipToServices.containsKey(ip)) {
                        continue;
                    }
                    services.addAll(ipToServices.get(ip));
+                    if (applyFirewallRules) {
+                        firewallRules.addAll(_fwRulesDao.listByIpAndPurpose(ip.getId(), Purpose.Firewall));
+                    }
                }
                deployer.applyIps(network, ips, services);
+                if (applyFirewallRules && !firewallRules.isEmpty()) {
+                    ((FirewallServiceProvider) element).applyFWRules(network, firewallRules);
+                }
            } catch (ResourceUnavailableException e) {
                success = false;
                if (!continueOnError) {