etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bug 8564: Changed implementation for static nat rules. Now we use separate interfaces instead of PortForwardingRules interfaces. 

status 8564: resolved fixed
This commit is contained in:
alena 2011-02-15 09:12:29 -08:00
parent 08c377ea55
commit d80caf24fd
41 changed files with 1054 additions and 1494 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
api/src/com/cloud/agent/api/routing/SetStaticNatRulesAnswer.java Normal file
View File

@ -0,0 +1,38 @@
/**
* Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
*
* This software is licensed under the GNU General Public License v3 or later.
*
* It is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.cloud.agent.api.routing;
import com.cloud.agent.api.Answer;
public class SetStaticNatRulesAnswer extends Answer {
String[] results;
protected SetStaticNatRulesAnswer() {
super();
}
public SetStaticNatRulesAnswer(SetStaticNatRulesCommand cmd, String[] results) {
super(cmd, true, null);
assert(cmd.getRules().length == results.length) : "Shouldn't the results match the commands?";
this.results = results;
}
String[] getResults() {
return results;
}
}

44
api/src/com/cloud/agent/api/routing/SetStaticNatRulesCommand.java Normal file
View File

@ -0,0 +1,44 @@
/**
* Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
*
* This software is licensed under the GNU General Public License v3 or later.
*
* It is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.cloud.agent.api.routing;
import java.util.List;
import com.cloud.agent.api.to.StaticNatRuleTO;
public class SetStaticNatRulesCommand extends NetworkElementCommand{
StaticNatRuleTO[] rules;
protected SetStaticNatRulesCommand() {
}
public SetStaticNatRulesCommand(List<? extends StaticNatRuleTO> staticNatRules) {
rules = new StaticNatRuleTO[staticNatRules.size()];
int i = 0;
for (StaticNatRuleTO rule : staticNatRules) {
rules[i++] = rule;
}
}
public StaticNatRuleTO[] getRules() {
return rules;
}
}

20
api/src/com/cloud/agent/api/to/FirewallRuleTO.java
View File

@ -48,23 +48,22 @@ public class FirewallRuleTO {
int[] srcPortRange;
boolean revoked;
boolean alreadyAdded;
boolean isOneToOneNat;
String vlanNetmask; // FIXME: Get rid of this!
FirewallRule.Purpose purpose;
protected FirewallRuleTO() {
}
public FirewallRuleTO(long id, String srcIp, String protocol, int srcPortStart, int srcPortEnd, boolean revoked, boolean alreadyAdded, boolean isOneToOneNat) {
public FirewallRuleTO(long id, String srcIp, String protocol, int srcPortStart, int srcPortEnd, boolean revoked, boolean alreadyAdded, FirewallRule.Purpose purpose) {
this.srcIp = srcIp;
this.protocol = protocol;
this.srcPortRange = new int[] {srcPortStart, srcPortEnd};
this.revoked = revoked;
this.alreadyAdded = alreadyAdded;
this.isOneToOneNat = isOneToOneNat;
this.purpose = purpose;
}
public FirewallRuleTO(FirewallRule rule, String srcIp) {
this(rule.getId(), srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState()==State.Revoke, rule.getState()==State.Active, rule.isOneToOneNat());
this(rule.getId(), srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState()==State.Revoke, rule.getState()==State.Active, rule.getPurpose());
}
public long getId() {
@ -91,15 +90,12 @@ public class FirewallRuleTO {
return revoked;
}
public String getVlanNetmask() {
return vlanNetmask;
}
public boolean isAlreadyAdded() {
return alreadyAdded;
}
public boolean isOneToOneNat() {
return isOneToOneNat;
public FirewallRule.Purpose getPurpose() {
return purpose;
}
}

3
api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java
View File

@ -17,6 +17,7 @@
*/
package com.cloud.agent.api.to;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.utils.net.NetUtils;
@ -41,7 +42,7 @@ public class PortForwardingRuleTO extends FirewallRuleTO {
}
protected PortForwardingRuleTO(long id, String srcIp, int srcPortStart, int srcPortEnd, String dstIp, int dstPortStart, int dstPortEnd, String protocol, boolean revoked, boolean brandNew) {
super(id, srcIp, protocol, srcPortStart, srcPortEnd, revoked, brandNew, false);
super(id, srcIp, protocol, srcPortStart, srcPortEnd, revoked, brandNew, FirewallRule.Purpose.PortForwarding);
this.dstIp = dstIp;
this.dstPortRange = new int[] { dstPortStart, dstPortEnd };
}

53
api/src/com/cloud/agent/api/to/StaticNatRuleTO.java Normal file
View File

@ -0,0 +1,53 @@
/**
* Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
*
* This software is licensed under the GNU General Public License v3 or later.
*
* It is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.cloud.agent.api.to;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.FirewallRule.State;
import com.cloud.network.rules.StaticNatRule;
/**
* StaticNatRuleTO specifies one static nat rule.
*
* See FirewallRuleTO for the stuff.
*
*/
public class StaticNatRuleTO extends FirewallRuleTO{
String dstIp;
protected StaticNatRuleTO() {
}
public StaticNatRuleTO(StaticNatRule rule, String scrIp, String dstIp) {
super(rule.getId(), scrIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(),rule.getState()==State.Revoke, rule.getState()==State.Active, rule.getPurpose());
this.dstIp = dstIp;
}
protected StaticNatRuleTO(long id, String srcIp, int srcPortStart, int srcPortEnd, String dstIp, int dstPortStart, int dstPortEnd, String protocol, boolean revoked, boolean brandNew) {
super(id, srcIp, protocol, srcPortStart, srcPortEnd, revoked, brandNew, FirewallRule.Purpose.StaticNat);
this.dstIp = dstIp;
}
public String getDstIp() {
return dstIp;
}
}

5
api/src/com/cloud/api/ResponseGenerator.java
View File

@ -40,12 +40,12 @@ import com.cloud.api.response.InstanceGroupResponse;
import com.cloud.api.response.IpForwardingRuleResponse;
import com.cloud.api.response.ListResponse;
import com.cloud.api.response.LoadBalancerResponse;
import com.cloud.api.response.SecurityGroupResponse;
import com.cloud.api.response.NetworkOfferingResponse;
import com.cloud.api.response.NetworkResponse;
import com.cloud.api.response.PodResponse;
import com.cloud.api.response.RemoteAccessVpnResponse;
import com.cloud.api.response.ResourceLimitResponse;
import com.cloud.api.response.SecurityGroupResponse;
import com.cloud.api.response.ServiceOfferingResponse;
import com.cloud.api.response.SnapshotPolicyResponse;
import com.cloud.api.response.SnapshotResponse;
@ -76,6 +76,7 @@ import com.cloud.network.VpnUser;
import com.cloud.network.router.VirtualRouter;
import com.cloud.network.rules.LoadBalancer;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.rules.StaticNatRule;
import com.cloud.network.security.IngressRule;
import com.cloud.network.security.SecurityGroup;
import com.cloud.network.security.SecurityGroupRules;
@ -143,7 +144,7 @@ public interface ResponseGenerator {
FirewallRuleResponse createFirewallRuleResponse(PortForwardingRule fwRule);
IpForwardingRuleResponse createIpForwardingRuleResponse(PortForwardingRule fwRule);
IpForwardingRuleResponse createIpForwardingRuleResponse(StaticNatRule fwRule);
User findUserById(Long userId);

81
api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java
View File

@ -30,16 +30,15 @@ import com.cloud.api.ServerApiException;
import com.cloud.api.response.FirewallRuleResponse;
import com.cloud.api.response.IpForwardingRuleResponse;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.NetworkRuleConflictException;
import com.cloud.network.IpAddress;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.StaticNatRule;
import com.cloud.user.Account;
import com.cloud.user.UserContext;
import com.cloud.utils.net.Ip;
@Implementation(description="Creates an ip forwarding rule", responseObject=FirewallRuleResponse.class)
public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements PortForwardingRule {
public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements StaticNatRule {
public static final Logger s_logger = Logger.getLogger(CreateIpForwardingRuleCmd.class.getName());
private static final String s_name = "createipforwardingruleresponse";
@ -91,15 +90,16 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Por
boolean result;
try {
UserContext.current().setEventDetails("Rule Id: "+getEntityId());
result = _rulesService.applyPortForwardingRules(ipAddressId, UserContext.current().getCaller());
result = _rulesService.applyStaticNatRules(ipAddressId, UserContext.current().getCaller());
} catch (Exception e) {
s_logger.error("Unable to apply port forwarding rules", e);
_rulesService.revokePortForwardingRule(getEntityId(), true);
_rulesService.revokeStaticNatRule(getEntityId(), true);
result = false;
}
if (result) {
PortForwardingRule rule = _entityMgr.findById(PortForwardingRule.class, getEntityId());
IpForwardingRuleResponse fwResponse = _responseGenerator.createIpForwardingRuleResponse(rule);
FirewallRule rule = _entityMgr.findById(FirewallRule.class, getEntityId());
StaticNatRule staticNatRule = _rulesService.buildStaticNatRule(rule);
IpForwardingRuleResponse fwResponse = _responseGenerator.createIpForwardingRuleResponse(staticNatRule);
fwResponse.setResponseName(getCommandName());
this.setResponseObject(fwResponse);
} else {
@ -110,11 +110,11 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Por
@Override
public void create() {
PortForwardingRule rule;
StaticNatRule rule;
try {
rule = _rulesService.createPortForwardingRule(this, getVirtualMachineId(), true);
rule = _rulesService.createStaticNatRule(this);
} catch (NetworkRuleConflictException e) {
s_logger.info("Unable to create Port Forwarding Rule due to " + e.getMessage());
s_logger.info("Unable to create Static Nat Rule due to " + e.getMessage());
throw new ServerApiException(BaseCmd.NETWORK_RULE_CONFLICT_ERROR, e.getMessage());
}
@ -140,7 +140,16 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Por
@Override
public String getEventDescription() {
IpAddress ip = _networkService.getIp(ipAddressId);
return ("Applying an ipforwarding 1:1 NAT rule for Ip: "+ip.getAddress()+" with virtual machine:"+ getVirtualMachineId());
return ("Applying an ipforwarding 1:1 NAT rule for Ip: "+ip.getAddress()+" with virtual machine:"+ this.getVirtualMachineId());
}
private long getVirtualMachineId() {
return _networkService.getIp(ipAddressId).getAssociatedWithVmId();
}
@Override
public String getDestIpAddress(){
return null;
}
@Override
@ -148,11 +157,6 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Por
throw new UnsupportedOperationException("Don't call me");
}
@Override
public String getXid() {
return null;
}
@Override
public long getSourceIpAddressId() {
return ipAddressId;
@ -178,12 +182,12 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Por
}
@Override
public Purpose getPurpose() {
return Purpose.PortForwarding;
public FirewallRule.Purpose getPurpose() {
return FirewallRule.Purpose.StaticNat;
}
@Override
public State getState() {
public FirewallRule.State getState() {
throw new UnsupportedOperationException("Don't call me");
}
@ -198,25 +202,6 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Por
return ip.getDomainId();
}
@Override
public Ip getDestinationIpAddress() {
return null;
}
@Override
public int getDestinationPortStart() {
return startPort;
}
@Override
public int getDestinationPortEnd() {
if (endPort == null) {
return startPort;
} else {
return endPort;
}
}
@Override
public long getAccountId() {
IpAddress ip = _networkService.getIp(ipAddressId);
@ -224,20 +209,9 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Por
}
@Override
public boolean isOneToOneNat() {
return true;
}
@Override
public long getVirtualMachineId() {
IpAddress ip = _networkService.getIp(ipAddressId);
if (ip == null) {
throw new InvalidParameterValueException("Ip address id=" + ipAddressId + " doesn't exist in the system");
} else if (ip.isOneToOneNat() && ip.getAssociatedWithVmId() != null){
return _networkService.getIp(ipAddressId).getAssociatedWithVmId();
} else {
throw new InvalidParameterValueException("Ip address id=" + ipAddressId + " doesn't have 1-1 Nat feature enabled");
}
public String getXid() {
// FIXME: We should allow for end user to specify Xid.
return null;
}
@Override
@ -249,5 +223,4 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Por
public Long getSyncObjId() {
return ipAddressId;
}
}

8
api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java
View File

@ -181,11 +181,5 @@ public class CreateLoadBalancerRuleCmd extends BaseCmd implements LoadBalancer
@Override
public int getDefaultPortEnd() {
return privatePort.intValue();
}
@Override
public boolean isOneToOneNat() {
return false;
}
}
}

7
api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
View File

@ -200,7 +200,7 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements
@Override
public void create() {
try {
PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId, false);
PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId);
setEntityId(result.getId());
} catch (NetworkRuleConflictException ex) {
s_logger.info("Network rule conflict: " + ex.getMessage());
@ -226,11 +226,6 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements
return ip.getAccountId();
}
@Override
public boolean isOneToOneNat() {
return false;
}
@Override
public String getSyncObjType() {
return BaseAsyncCmd.ipAddressSyncObject;

10
api/src/com/cloud/api/commands/DeleteIpForwardingRuleCmd.java
View File

@ -29,7 +29,7 @@ import com.cloud.api.ServerApiException;
import com.cloud.api.response.SuccessResponse;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.rules.FirewallRule;
import com.cloud.user.UserContext;
@Implementation(description="Deletes an ip forwarding rule", responseObject=SuccessResponse.class)
@ -69,7 +69,7 @@ public class DeleteIpForwardingRuleCmd extends BaseAsyncCmd {
@Override
public void execute(){
UserContext.current().setEventDetails("Rule Id: "+id);
boolean result = _rulesService.revokePortForwardingRule(id, true);
boolean result = _rulesService.revokeStaticNatRule(id, true);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
@ -82,9 +82,9 @@ public class DeleteIpForwardingRuleCmd extends BaseAsyncCmd {
@Override
public long getEntityOwnerId() {
if (ownerId == null) {
PortForwardingRule rule = _entityMgr.findById(PortForwardingRule.class, id);
FirewallRule rule = _entityMgr.findById(FirewallRule.class, id);
if (rule == null) {
throw new InvalidParameterValueException("Unable to find firewall rule by id: " + id);
throw new InvalidParameterValueException("Unable to find static nat rule by id: " + id);
} else {
ownerId = rule.getAccountId();
}
@ -109,7 +109,7 @@ public class DeleteIpForwardingRuleCmd extends BaseAsyncCmd {
@Override
public Long getSyncObjId() {
return _rulesService.getPortForwardigRule(id).getSourceIpAddressId();
return _rulesService.getFirewallRule(id).getSourceIpAddressId();
}
}

10
api/src/com/cloud/api/commands/ListIpForwardingRulesCmd.java
View File

@ -29,7 +29,8 @@ import com.cloud.api.Parameter;
import com.cloud.api.response.FirewallRuleResponse;
import com.cloud.api.response.IpForwardingRuleResponse;
import com.cloud.api.response.ListResponse;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.StaticNatRule;
@Implementation(description="List the ip forwarding rules", responseObject=FirewallRuleResponse.class)
public class ListIpForwardingRulesCmd extends BaseListCmd {
@ -91,11 +92,12 @@ public class ListIpForwardingRulesCmd extends BaseListCmd {
@Override
public void execute(){
List<? extends PortForwardingRule> result = _rulesService.searchForIpForwardingRules(publicIpAddressId, id, vmId, this.getStartIndex(), this.getPageSizeVal(), this.getAccountName(), this.getDomainId());
List<? extends FirewallRule> result = _rulesService.searchStaticNatRules(publicIpAddressId, id, vmId, this.getStartIndex(), this.getPageSizeVal(), this.getAccountName(), this.getDomainId());
ListResponse<IpForwardingRuleResponse> response = new ListResponse<IpForwardingRuleResponse>();
List<IpForwardingRuleResponse> ipForwardingResponses = new ArrayList<IpForwardingRuleResponse>();
for (PortForwardingRule rule : result) {
IpForwardingRuleResponse resp = _responseGenerator.createIpForwardingRuleResponse(rule);
for (FirewallRule rule : result) {
StaticNatRule staticNatRule = _rulesService.buildStaticNatRule(rule);
IpForwardingRuleResponse resp = _responseGenerator.createIpForwardingRuleResponse(staticNatRule);
if (resp != null) {
ipForwardingResponses.add(resp);
}

7
api/src/com/cloud/api/commands/RestartNetworkCmd.java
View File

@ -62,7 +62,12 @@ public class RestartNetworkCmd extends BaseAsyncCmd {
}
public long getEntityOwnerId() {
return _networkService.getNetwork(id).getAccountId();
Network network = _networkService.getNetwork(id);
if (network == null) {
throw new InvalidParameterValueException("Networkd id=" + id + " doesn't exist");
} else {
return _networkService.getNetwork(id).getAccountId();
}
}
public Long getNetworkId() {

5
api/src/com/cloud/network/lb/LoadBalancingRule.java
View File

@ -135,9 +135,4 @@ public class LoadBalancingRule implements FirewallRule, LoadBalancer{
return revoked;
}
}
@Override
public boolean isOneToOneNat() {
return false;
}
}

3
api/src/com/cloud/network/rules/FirewallRule.java
View File

@ -25,6 +25,7 @@ public interface FirewallRule extends ControlledEntity {
PortForwarding,
LoadBalancing,
Vpn,
StaticNat,
}
enum State {
@ -65,7 +66,5 @@ public interface FirewallRule extends ControlledEntity {
long getNetworkId();
boolean isOneToOneNat();
long getSourceIpAddressId();
}

17
api/src/com/cloud/network/rules/RulesService.java
View File

@ -19,25 +19,23 @@ package com.cloud.network.rules;
import java.util.List;
import com.cloud.agent.api.to.PortForwardingRuleTO;
import com.cloud.api.commands.ListPortForwardingRulesCmd;
import com.cloud.exception.NetworkRuleConflictException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
public interface RulesService {
List<? extends PortForwardingRule> searchForIpForwardingRules(Long ipId, Long id, Long vmId, Long start, Long size, String accountName, Long domainId);
List<? extends FirewallRule> searchStaticNatRules(Long ipId, Long id, Long vmId, Long start, Long size, String accountName, Long domainId);
/**
* Creates a port forwarding rule between two ip addresses or between
* an ip address and a virtual machine.
* @param rule rule to be created.
* @param vmId vm to be linked to. If specified the destination ip address is ignored.
* @param isNat TODO
* @return PortForwardingRule if created.
* @throws NetworkRuleConflictException if conflicts in the network rules are detected.
*/
PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId, boolean isNat) throws NetworkRuleConflictException;
PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId) throws NetworkRuleConflictException;
/**
* Revokes a port forwarding rule
@ -59,8 +57,15 @@ public interface RulesService {
boolean disableOneToOneNat(long ipAddressId);
List<PortForwardingRuleTO> buildPortForwardingTOrules(List<? extends PortForwardingRule> pfRules);
PortForwardingRule getPortForwardigRule(long ruleId);
FirewallRule getFirewallRule(long ruleId);
StaticNatRule createStaticNatRule(StaticNatRule rule) throws NetworkRuleConflictException;
boolean revokeStaticNatRule(long ruleId, boolean apply);
boolean applyStaticNatRules(long ipAdddressId, Account caller) throws ResourceUnavailableException;
StaticNatRule buildStaticNatRule(FirewallRule rule);
}

48
api/src/com/cloud/network/rules/StaticNatRule.java Normal file
View File

@ -0,0 +1,48 @@
/**
* Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
*
* This software is licensed under the GNU General Public License v3 or later.
*
* It is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.cloud.network.rules;
import com.cloud.acl.ControlledEntity;
public interface StaticNatRule extends ControlledEntity, FirewallRule{
long getId();
String getXid();
String getProtocol();
int getSourcePortStart();
int getSourcePortEnd();
Purpose getPurpose();
State getState();
long getAccountId();
long getDomainId();
long getNetworkId();
long getSourceIpAddressId();
String getDestIpAddress();
}

53
core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
View File

@ -52,9 +52,12 @@ import com.cloud.agent.api.routing.NetworkElementCommand;
import com.cloud.agent.api.routing.SavePasswordCommand;
import com.cloud.agent.api.routing.SetPortForwardingRulesAnswer;
import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
import com.cloud.agent.api.routing.SetStaticNatRulesAnswer;
import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
import com.cloud.agent.api.routing.VmDataCommand;
import com.cloud.agent.api.to.IpAddressTO;
import com.cloud.agent.api.to.PortForwardingRuleTO;
import com.cloud.agent.api.to.StaticNatRuleTO;
import com.cloud.network.HAProxyConfigurator;
import com.cloud.network.LoadBalancerConfigurator;
import com.cloud.utils.NumbersUtil;
@ -97,7 +100,9 @@ public class VirtualRoutingResource implements Manager {
try {
if (cmd instanceof SetPortForwardingRulesCommand ) {
return execute((SetPortForwardingRulesCommand)cmd);
} else if (cmd instanceof LoadBalancerConfigCommand) {
} else if (cmd instanceof SetStaticNatRulesCommand){
return execute((SetStaticNatRulesCommand)cmd);
}else if (cmd instanceof LoadBalancerConfigCommand) {
return execute((LoadBalancerConfigCommand)cmd);
} else if (cmd instanceof IPAssocCommand) {
return execute((IPAssocCommand)cmd);
@ -126,28 +131,46 @@ public class VirtualRoutingResource implements Manager {
for (PortForwardingRuleTO rule : cmd.getRules()) {
String result = null;
final Script command = new Script(_firewallPath, _timeout, s_logger);
command.add(routerIp);
command.add(rule.revoked() ? "-D" : "-A");
if (rule.isOneToOneNat()){
//1:1 NAT needs instanceip;publicip;domrip;op
command.add(" -l ", rule.getSrcIp());
command.add(" -r ", rule.getDstIp());
command.add(" -P ", rule.getProtocol().toLowerCase());
command.add(" -d ", rule.getStringDstPortRange());
command.add(" -G ") ;
} else {
command.add("-P ", rule.getProtocol().toLowerCase());
command.add("-l ", rule.getSrcIp());
command.add("-p ", rule.getStringSrcPortRange());
command.add("-r ", rule.getDstIp());
command.add("-d ", rule.getStringDstPortRange());
}
command.add("-P ", rule.getProtocol().toLowerCase());
command.add("-l ", rule.getSrcIp());
command.add("-p ", rule.getStringSrcPortRange());
command.add("-r ", rule.getDstIp());
command.add("-d ", rule.getStringDstPortRange());
result = command.execute();
results[i++] = (!(result == null || result.isEmpty())) ? "Failed" : null;
}
return new SetPortForwardingRulesAnswer(cmd, results);
}
private Answer execute(SetStaticNatRulesCommand cmd) {
String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
String[] results = new String[cmd.getRules().length];
int i = 0;
for (StaticNatRuleTO rule : cmd.getRules()) {
String result = null;
final Script command = new Script(_firewallPath, _timeout, s_logger);
command.add(routerIp);
command.add(rule.revoked() ? "-D" : "-A");
//1:1 NAT needs instanceip;publicip;domrip;op
command.add(" -l ", rule.getSrcIp());
command.add(" -r ", rule.getDstIp());
command.add(" -P ", rule.getProtocol().toLowerCase());
command.add(" -d ", rule.getStringSrcPortRange());
command.add(" -G ") ;
result = command.execute();
results[i++] = (!(result == null || result.isEmpty())) ? "Failed" : null;
}
return new SetStaticNatRulesAnswer(cmd, results);
}
private Answer execute(LoadBalancerConfigCommand cmd) {
String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);

55
core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
View File

@ -133,6 +133,8 @@ import com.cloud.agent.api.routing.RemoteAccessVpnCfgCommand;
import com.cloud.agent.api.routing.SavePasswordCommand;
import com.cloud.agent.api.routing.SetPortForwardingRulesAnswer;
import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
import com.cloud.agent.api.routing.SetStaticNatRulesAnswer;
import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
import com.cloud.agent.api.routing.VmDataCommand;
import com.cloud.agent.api.routing.VpnUsersCfgCommand;
import com.cloud.agent.api.storage.CopyVolumeAnswer;
@ -146,6 +148,7 @@ import com.cloud.agent.api.storage.PrimaryStorageDownloadCommand;
import com.cloud.agent.api.to.IpAddressTO;
import com.cloud.agent.api.to.NicTO;
import com.cloud.agent.api.to.PortForwardingRuleTO;
import com.cloud.agent.api.to.StaticNatRuleTO;
import com.cloud.agent.api.to.StorageFilerTO;
import com.cloud.agent.api.to.VirtualMachineTO;
import com.cloud.agent.api.to.VolumeTO;
@ -375,7 +378,9 @@ public abstract class CitrixResourceBase implements ServerResource {
return execute((CreateCommand) cmd);
} else if (cmd instanceof SetPortForwardingRulesCommand) {
return execute((SetPortForwardingRulesCommand) cmd);
} else if (cmd instanceof LoadBalancerConfigCommand) {
} else if (cmd instanceof SetStaticNatRulesCommand) {
return execute((SetStaticNatRulesCommand) cmd);
} else if (cmd instanceof LoadBalancerConfigCommand) {
return execute((LoadBalancerConfigCommand) cmd);
} else if (cmd instanceof IPAssocCommand) {
return execute((IPAssocCommand) cmd);
@ -1158,32 +1163,42 @@ public abstract class CitrixResourceBase implements ServerResource {
String[] results = new String[cmd.getRules().length];
int i = 0;
for (PortForwardingRuleTO rule : cmd.getRules()) {
if (rule.isOneToOneNat()){
//1:1 NAT needs instanceip;publicip;domrip;op
args += rule.revoked() ? " -D " : " -A ";
args += " -l " + rule.getSrcIp();
args += " -r " + rule.getDstIp();
args += " -P " + rule.getProtocol().toLowerCase();
args += " -d " + rule.getStringDstPortRange();
args += " -G " ;
args += rule.revoked() ? " -D " : " -A ";
args += " -P " + rule.getProtocol().toLowerCase();
args += " -l " + rule.getSrcIp();
args += " -p " + rule.getStringSrcPortRange();
args += " -r " + rule.getDstIp();
args += " -d " + rule.getStringDstPortRange();
} else {
args += rule.revoked() ? " -D " : " -A ";
args += " -P " + rule.getProtocol().toLowerCase();
args += " -l " + rule.getSrcIp();
args += " -p " + rule.getStringSrcPortRange();
args += " -r " + rule.getDstIp();
args += " -d " + rule.getStringDstPortRange();
}
String result = callHostPlugin(conn, "vmops", "setFirewallRule", "args", args);
results[i++] = (result == null || result.isEmpty()) ? "Failed" : null;
}
return new SetPortForwardingRulesAnswer(cmd, results);
}
protected SetStaticNatRulesAnswer execute(SetStaticNatRulesCommand cmd) {
Connection conn = getConnection();
String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
String args = routerIp;
String[] results = new String[cmd.getRules().length];
int i = 0;
for (StaticNatRuleTO rule : cmd.getRules()) {
//1:1 NAT needs instanceip;publicip;domrip;op
args += rule.revoked() ? " -D " : " -A ";
args += " -l " + rule.getSrcIp();
args += " -r " + rule.getDstIp();
args += " -P " + rule.getProtocol().toLowerCase();
args += " -d " + rule.getStringSrcPortRange();
args += " -G " ;
String result = callHostPlugin(conn, "vmops", "setFirewallRule", "args", args);
results[i++] = (result == null || result.isEmpty()) ? "Failed" : null;
}
return new SetStaticNatRulesAnswer(cmd, results);
}
protected Answer execute(final LoadBalancerConfigCommand cmd) {
Connection conn = getConnection();

29
core/src/com/cloud/network/HAProxyConfigurator.java
View File

@ -191,35 +191,6 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator {
private String getBlankLine() {
return new String("\t ");
}
@Override
public String[][] generateFwRules(List<PortForwardingRuleTO> fwRules) {
String [][] result = new String [2][];
Set<String> toAdd = new HashSet<String>();
Set<String> toRemove = new HashSet<String>();
for (int i = 0; i < fwRules.size(); i++) {
PortForwardingRuleTO rule = fwRules.get(i);
String vlanNetmask = rule.getVlanNetmask();
StringBuilder sb = new StringBuilder();
sb.append(rule.getSrcIp()).append(":");
sb.append(rule.getSrcPortRange()[0]).append(":");
sb.append(vlanNetmask);
String lbRuleEntry = sb.toString();
if (!rule.revoked()) {
toAdd.add(lbRuleEntry);
} else {
toRemove.add(lbRuleEntry);
}
}
toRemove.removeAll(toAdd);
result[ADD] = toAdd.toArray(new String[toAdd.size()]);
result[REMOVE] = toRemove.toArray(new String[toRemove.size()]);
return result;
}
@Override
public String[] generateConfiguration(LoadBalancerConfigCommand lbCmd) {

1
core/src/com/cloud/network/LoadBalancerConfigurator.java
View File

@ -32,7 +32,6 @@ public interface LoadBalancerConfigurator {
public final static int REMOVE = 1;
public String [] generateConfiguration(List<PortForwardingRuleTO> fwRules);
public String [][] generateFwRules(List<PortForwardingRuleTO> fwRules);
public String [] generateConfiguration(LoadBalancerConfigCommand lbCmd);
public String [][] generateFwRules(LoadBalancerConfigCommand lbCmd);

7
server/src/com/cloud/api/ApiResponseHelper.java
View File

@ -109,6 +109,7 @@ import com.cloud.network.router.VirtualRouter;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.LoadBalancer;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.rules.StaticNatRule;
import com.cloud.network.security.IngressRule;
import com.cloud.network.security.SecurityGroup;
import com.cloud.network.security.SecurityGroupRules;
@ -951,7 +952,7 @@ public class ApiResponseHelper implements ResponseGenerator {
}
@Override
public IpForwardingRuleResponse createIpForwardingRuleResponse(PortForwardingRule fwRule) {
public IpForwardingRuleResponse createIpForwardingRuleResponse(StaticNatRule fwRule) {
IpForwardingRuleResponse response = new IpForwardingRuleResponse();
response.setId(fwRule.getId());
response.setProtocol(fwRule.getProtocol());
@ -960,8 +961,8 @@ public class ApiResponseHelper implements ResponseGenerator {
response.setPublicIpAddressId(ip.getId());
response.setPublicIpAddress(ip.getAddress().addr());
if (ip != null && fwRule.getDestinationIpAddress() != null) {
UserVm vm = ApiDBUtils.findUserVmById(fwRule.getVirtualMachineId());
if (ip != null && fwRule.getDestIpAddress() != null) {
UserVm vm = ApiDBUtils.findUserVmById(ip.getAssociatedWithVmId());
if(vm != null){//vm might be destroyed
response.setVirtualMachineId(vm.getId());
response.setVirtualMachineName(vm.getName());

2
server/src/com/cloud/network/LoadBalancerVO.java
View File

@ -53,7 +53,7 @@ public class LoadBalancerVO extends FirewallRuleVO implements LoadBalancer {
}
public LoadBalancerVO(String xId, String name, String description, long srcIpId, int srcPort, int dstPort, String algorithm, long networkId, long accountId, long domainId) {
super(xId, srcIpId, srcPort, NetUtils.TCP_PROTO, networkId, accountId, domainId, Purpose.LoadBalancing, false);
super(xId, srcIpId, srcPort, NetUtils.TCP_PROTO, networkId, accountId, domainId, Purpose.LoadBalancing);
this.name = name;
this.description = description;
this.algorithm = algorithm;

5
server/src/com/cloud/network/NetworkManager.java
View File

@ -81,10 +81,11 @@ public interface NetworkManager extends NetworkService {
* Do all of the work of releasing public ip addresses. Note that
* if this method fails, there can be side effects.
* @param userId
* @param caller TODO
* @param ipAddress
* @return true if it did; false if it didn't
*/
public boolean releasePublicIpAddress(long id, long ownerId, long userId);
public boolean releasePublicIpAddress(long id, long userId, Account caller);
/**
* Lists IP addresses that belong to VirtualNetwork VLANs
@ -111,6 +112,8 @@ public interface NetworkManager extends NetworkService {
List<? extends Nic> getNics(VirtualMachine vm);
List<? extends Nic> getNicsIncludingRemoved(VirtualMachine vm);
List<NicProfile> getNicProfiles(VirtualMachine vm);
List<AccountVO> getAccountsUsingNetwork(long configurationId);

38
server/src/com/cloud/network/NetworkManagerImpl.java
View File

@ -608,9 +608,9 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
}
@Override
public boolean releasePublicIpAddress(long addrId, long ownerId, long userId) {
public boolean releasePublicIpAddress(long addrId, long userId, Account caller) {
IPAddressVO ip = _ipAddressDao.markAsUnavailable(addrId);
assert (ip != null) : "Unable to mark the ip address id=" + addrId + " owned by " + ownerId + " as unavailable.";
assert (ip != null) : "Unable to mark the ip address id=" + addrId + " owned by " + ip.getAccountId() + " as unavailable.";
if (ip == null) {
return true;
}
@ -621,7 +621,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
boolean success = true;
try {
if (!_rulesMgr.revokeAllRules(addrId, userId)) {
if (!_rulesMgr.revokeAllRules(addrId, userId, caller)) {
s_logger.warn("Unable to revoke all the port forwarding rules for ip " + ip);
success = false;
}
@ -630,7 +630,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
success = false;
}
if (!_lbMgr.removeAllLoadBalanacers(addrId)) {
if (!_lbMgr.removeAllLoadBalanacers(addrId, caller, userId)) {
s_logger.warn("Unable to revoke all the load balancer rules for ip " + ip);
success = false;
}
@ -1072,7 +1072,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
@Override
public void prepare(VirtualMachineProfile<? extends VMInstanceVO> vmProfile, DeployDestination dest, ReservationContext context) throws InsufficientCapacityException, ConcurrentOperationException, ResourceUnavailableException {
List<NicVO> nics = _nicDao.listBy(vmProfile.getId());
List<NicVO> nics = _nicDao.listByVmId(vmProfile.getId());
for (NicVO nic : nics) {
Pair<NetworkGuru, NetworkVO> implemented = implementNetwork(nic.getNetworkId(), dest, context);
NetworkGuru concierge = implemented.first();
@ -1123,7 +1123,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
@Override
public <T extends VMInstanceVO> void prepareNicForMigration(VirtualMachineProfile<T> vm, DeployDestination dest) {
List<NicVO> nics = _nicDao.listBy(vm.getId());
List<NicVO> nics = _nicDao.listByVmId(vm.getId());
for (NicVO nic : nics) {
NetworkVO network = _networksDao.findById(nic.getNetworkId());
NetworkOffering no = _configMgr.getNetworkOffering(network.getNetworkOfferingId());
@ -1138,7 +1138,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
@Override
public void release(VirtualMachineProfile<? extends VMInstanceVO> vmProfile, boolean forced) {
List<NicVO> nics = _nicDao.listBy(vmProfile.getId());
List<NicVO> nics = _nicDao.listByVmId(vmProfile.getId());
for (NicVO nic : nics) {
NetworkVO network = _networksDao.findById(nic.getNetworkId());
if (nic.getState() == Nic.State.Reserved || nic.getState() == Nic.State.Reserving) {
@ -1167,7 +1167,12 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
@Override
public List<? extends Nic> getNics(VirtualMachine vm) {
return _nicDao.listBy(vm.getId());
return _nicDao.listByVmId(vm.getId());
}
@Override
public List<? extends Nic> getNicsIncludingRemoved(VirtualMachine vm) {
return _nicDao.listByVmIdIncludingRemoved(vm.getId());
}
private Account findAccountByIpAddress(Long ipAddressId) {
@ -1180,7 +1185,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
@Override
public List<NicProfile> getNicProfiles(VirtualMachine vm) {
List<NicVO> nics = _nicDao.listBy(vm.getId());
List<NicVO> nics = _nicDao.listByVmId(vm.getId());
List<NicProfile> profiles = new ArrayList<NicProfile>();
if (nics != null) {
@ -1265,7 +1270,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
throw new PermissionDeniedException("Ip address id=" + ipAddressId + " belongs to Account wide IP pool and cannot be disassociated");
}
return releasePublicIpAddress(ipAddressId, accountId, userId);
return releasePublicIpAddress(ipAddressId, userId, caller);
} catch (PermissionDeniedException pde) {
throw pde;
@ -1333,7 +1338,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
@Override
public void cleanupNics(VirtualMachineProfile<? extends VMInstanceVO> vm) {
List<NicVO> nics = _nicDao.listBy(vm.getId());
List<NicVO> nics = _nicDao.listByVmId(vm.getId());
for (NicVO nic : nics) {
nic.setState(Nic.State.Deallocating);
_nicDao.update(nic.getId(), nic);
@ -1938,7 +1943,12 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
//apply port forwarding rules
if (!_rulesMgr.applyPortForwardingRulesForNetwork(networkId, false, context.getAccount())) {
s_logger.warn("Failed to reapply firewall rule(s) as a part of network id=" + networkId + " restart");
s_logger.warn("Failed to reapply port forwarding rule(s) as a part of network id=" + networkId + " restart");
}
//apply static nat rules
if (!_rulesMgr.applyStaticNatRulesForNetwork(networkId, false, context.getAccount())) {
s_logger.warn("Failed to reapply static nat rule(s) as a part of network id=" + networkId + " restart");
}
//apply load balancer rules
@ -2066,7 +2076,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
public List<NetworkVO> listNetworksUsedByVm(long vmId, boolean isSystem) {
List<NetworkVO> networks = new ArrayList<NetworkVO>();
List<NicVO> nics = _nicDao.listBy(vmId);
List<NicVO> nics = _nicDao.listByVmId(vmId);
if (nics != null) {
for (Nic nic : nics) {
NetworkVO network = _networksDao.findByIdIncludingRemoved(nic.getNetworkId());
@ -2173,7 +2183,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
@Override
public Nic getDefaultNic(long vmId) {
List<NicVO> nics = _nicDao.listBy(vmId);
List<NicVO> nics = _nicDao.listByVmId(vmId);
Nic defaultNic = null;
if (nics != null) {
for (Nic nic : nics) {

35
server/src/com/cloud/network/dao/FirewallRulesDao.java
View File

@ -28,7 +28,7 @@ import com.cloud.utils.db.GenericDao;
* Data Access Object for user_ip_address and ip_forwarding tables
*/
public interface FirewallRulesDao extends GenericDao<FirewallRuleVO, Long> {
List<FirewallRuleVO> listByIpAndNotRevoked(long ipAddressId, Boolean isOneToOneNat);
List<FirewallRuleVO> listByIpAndNotRevoked(long ipAddressId, FirewallRule.Purpose purpose);
boolean setStateToAdd(FirewallRuleVO rule);
@ -37,32 +37,9 @@ public interface FirewallRulesDao extends GenericDao<FirewallRuleVO, Long> {
boolean releasePorts(long ipAddressId, String protocol, FirewallRule.Purpose purpose, int[] ports);
List<FirewallRuleVO> listByIpAndPurpose(long ipAddressId, FirewallRule.Purpose purpose);
// public List<PortForwardingRuleVO> listIPForwarding(String publicIPAddress, boolean forwarding);
// public List<PortForwardingRuleVO> listIPForwarding(String publicIPAddress, String port, boolean forwarding);
//
// public List<PortForwardingRuleVO> listIPForwarding(long userId);
// public List<PortForwardingRuleVO> listIPForwarding(long userId, long dcId);
// public void deleteIPForwardingByPublicIpAddress(String ipAddress);
// public List<PortForwardingRuleVO> listIPForwarding(String publicIPAddress);
// public List<PortForwardingRuleVO> listIPForwardingForUpdate(String publicIPAddress);
// public void disableIPForwarding(String publicIPAddress);
// public List<PortForwardingRuleVO> listIPForwardingForUpdate(String publicIp, boolean fwding);
// public List<PortForwardingRuleVO> listIPForwardingForUpdate(String publicIp, String publicPort, String proto);
// public List<PortForwardingRuleVO> listIPForwardingByPortAndProto(String publicIp, String publicPort, String proto);
//
// public List<PortForwardingRuleVO> listLoadBalanceRulesForUpdate(String publicIp, String publicPort, String algo);
// public List<PortForwardingRuleVO> listIpForwardingRulesForLoadBalancers(String publicIp);
//
//
// public List<PortForwardingRuleVO> listRulesExcludingPubIpPort(String publicIpAddress, long securityGroupId);
// public List<PortForwardingRuleVO> listBySecurityGroupId(long securityGroupId);
// public List<PortForwardingRuleVO> listByLoadBalancerId(long loadBalancerId);
// public List<PortForwardingRuleVO> listForwardingByPubAndPrivIp(boolean forwarding, String publicIPAddress, String privateIp);
// public PortForwardingRuleVO findByGroupAndPrivateIp(long groupId, String privateIp, boolean forwarding);
// public List<PortForwardingRuleVO> findByPublicIpPrivateIpForNatRule(String publicIp,String privateIp);
// public List<PortForwardingRuleVO> listByPrivateIp(String privateIp);
// public boolean isPublicIpOneToOneNATted(String publicIp);
// void deleteIPForwardingByPublicIpAndPort(String ipAddress, String port);
// public List<PortForwardingRuleVO> listIPForwardingForLB(long userId, long dcId);
List<FirewallRuleVO> listByNetworkIdAndPurpose(long networkId, FirewallRule.Purpose purpose);
List<FirewallRuleVO> listStaticNatByVmId(long vmId);
}

435
server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java
View File

@ -24,15 +24,18 @@ import javax.ejb.Local;
import org.apache.log4j.Logger;
import com.cloud.network.IPAddressVO;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.FirewallRule.Purpose;
import com.cloud.network.rules.FirewallRule.State;
import com.cloud.network.rules.FirewallRuleVO;
import com.cloud.utils.component.ComponentLocator;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.JoinBuilder;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
import com.cloud.utils.db.SearchCriteria.Op;
import com.cloud.utils.net.Ip;
@Local(value=FirewallRulesDao.class) @DB(txn=false)
public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> implements FirewallRulesDao {
@ -41,6 +44,7 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
protected final SearchBuilder<FirewallRuleVO> AllFieldsSearch;
protected final SearchBuilder<FirewallRuleVO> IpNotRevokedSearch;
protected final SearchBuilder<FirewallRuleVO> ReleaseSearch;
protected SearchBuilder<FirewallRuleVO> VmSearch;
protected FirewallRulesDaoImpl() {
super();
@ -59,7 +63,7 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
IpNotRevokedSearch = createSearchBuilder();
IpNotRevokedSearch.and("ipId", IpNotRevokedSearch.entity().getSourceIpAddressId(), Op.EQ);
IpNotRevokedSearch.and("state", IpNotRevokedSearch.entity().getState(), Op.NEQ);
IpNotRevokedSearch.and("oneToOneNat", IpNotRevokedSearch.entity().isOneToOneNat(), Op.EQ);
IpNotRevokedSearch.and("purpose", IpNotRevokedSearch.entity().getPurpose(), Op.EQ);
IpNotRevokedSearch.done();
ReleaseSearch = createSearchBuilder();
@ -84,7 +88,7 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
@Override
public List<FirewallRuleVO> listByIpAndPurpose(long ipId, FirewallRule.Purpose purpose) {
SearchCriteria<FirewallRuleVO> sc = ReleaseSearch.create();
SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create();
sc.setParameters("ipId", ipId);
sc.setParameters("purpose", purpose);
@ -92,17 +96,28 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
}
@Override
public List<FirewallRuleVO> listByIpAndNotRevoked(long ipId, Boolean isOneToOneNat) {
public List<FirewallRuleVO> listByIpAndNotRevoked(long ipId, FirewallRule.Purpose purpose) {
SearchCriteria<FirewallRuleVO> sc = IpNotRevokedSearch.create();
sc.setParameters("ipId", ipId);
sc.setParameters("state", State.Revoke);
if (isOneToOneNat != null) {
sc.setParameters("oneToOneNat", isOneToOneNat);
if (purpose != null) {
sc.setParameters("purpose", purpose);
}
return listBy(sc);
}
@Override
public List<FirewallRuleVO> listByNetworkIdAndPurpose(long networkId, FirewallRule.Purpose purpose) {
SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create();
sc.setParameters("purpose", purpose);
sc.setParameters("networkId", networkId);
return listBy(sc);
}
@Override
public boolean setStateToAdd(FirewallRuleVO rule) {
SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create();
@ -120,388 +135,26 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
return update(rule.getId(), rule);
}
// public static String SELECT_IP_FORWARDINGS_BY_USERID_SQL = null;
// public static String SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL = null;
// public static String SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL = null;
//
//
// public static final String DELETE_IP_FORWARDING_BY_IPADDRESS_SQL = "DELETE FROM ip_forwarding WHERE public_ip_address = ?";
// public static final String DELETE_IP_FORWARDING_BY_IP_PORT_SQL = "DELETE FROM ip_forwarding WHERE public_ip_address = ? and public_port = ?";
//
// public static final String DISABLE_IP_FORWARDING_BY_IPADDRESS_SQL = "UPDATE ip_forwarding set enabled=0 WHERE public_ip_address = ?";
//
//
// protected SearchBuilder<PortForwardingRuleVO> FWByIPAndForwardingSearch;
// protected SearchBuilder<PortForwardingRuleVO> FWByIPPortAndForwardingSearch;
// protected SearchBuilder<PortForwardingRuleVO> FWByIPPortProtoSearch;
// protected SearchBuilder<PortForwardingRuleVO> FWByIPPortAlgoSearch;
// protected SearchBuilder<PortForwardingRuleVO> FWByPrivateIPSearch;
// protected SearchBuilder<PortForwardingRuleVO> RulesExcludingPubIpPort;
// protected SearchBuilder<PortForwardingRuleVO> FWByGroupId;
// protected SearchBuilder<PortForwardingRuleVO> FWByIpForLB;
//
// protected SearchBuilder<PortForwardingRuleVO> FWByGroupAndPrivateIp;
// protected SearchBuilder<PortForwardingRuleVO> FWByPrivateIpPrivatePortPublicIpPublicPortSearch;
// protected SearchBuilder<PortForwardingRuleVO> OneToOneNATSearch;
//
//
// protected FirewallRulesDaoImpl() {
// }
//
// @Override
// public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
// if (!super.configure(name, params)) {
// return false;
// }
//
// SELECT_IP_FORWARDINGS_BY_USERID_SQL = buildSelectByUserIdSql();
// if (s_logger.isDebugEnabled()) {
// s_logger.debug(SELECT_IP_FORWARDINGS_BY_USERID_SQL);
// }
//
// SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL = buildSelectByUserIdAndDatacenterIdSql();
// if (s_logger.isDebugEnabled()) {
// s_logger.debug(SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL);
// }
//
// SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL = buildSelectByUserIdAndDatacenterIdForLBSql();
// if (s_logger.isDebugEnabled()) {
// s_logger.debug(SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL);
// }
//
//
// FWByIPSearch = createSearchBuilder();
// FWByIPSearch.and("publicIpAddress", FWByIPSearch.entity().getSourceIpAddress(), SearchCriteria.Op.EQ);
// FWByIPSearch.done();
//
// FWByIPAndForwardingSearch = createSearchBuilder();
// FWByIPAndForwardingSearch.and("publicIpAddress", FWByIPAndForwardingSearch.entity().getSourceIpAddress(), SearchCriteria.Op.EQ);
// FWByIPAndForwardingSearch.and("forwarding", FWByIPAndForwardingSearch.entity().isForwarding(), SearchCriteria.Op.EQ);
// FWByIPAndForwardingSearch.done();
//
// FWByIPPortAndForwardingSearch = createSearchBuilder();
// FWByIPPortAndForwardingSearch.and("publicIpAddress", FWByIPPortAndForwardingSearch.entity().getSourceIpAddress(), SearchCriteria.Op.EQ);
// FWByIPPortAndForwardingSearch.and("publicPort", FWByIPPortAndForwardingSearch.entity().getSourcePort(), SearchCriteria.Op.EQ);
// FWByIPPortAndForwardingSearch.and("forwarding", FWByIPPortAndForwardingSearch.entity().isForwarding(), SearchCriteria.Op.EQ);
// FWByIPPortAndForwardingSearch.done();
//
// FWByIPPortProtoSearch = createSearchBuilder();
// FWByIPPortProtoSearch.and("publicIpAddress", FWByIPPortProtoSearch.entity().getSourceIpAddress(), SearchCriteria.Op.EQ);
// FWByIPPortProtoSearch.and("publicPort", FWByIPPortProtoSearch.entity().getSourcePort(), SearchCriteria.Op.EQ);
// FWByIPPortProtoSearch.and("protocol", FWByIPPortProtoSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
// FWByIPPortProtoSearch.done();
//
// FWByIPPortAlgoSearch = createSearchBuilder();
// FWByIPPortAlgoSearch.and("publicIpAddress", FWByIPPortAlgoSearch.entity().getSourceIpAddress(), SearchCriteria.Op.EQ);
// FWByIPPortAlgoSearch.and("publicPort", FWByIPPortAlgoSearch.entity().getSourcePort(), SearchCriteria.Op.EQ);
// FWByIPPortAlgoSearch.and("algorithm", FWByIPPortAlgoSearch.entity().getAlgorithm(), SearchCriteria.Op.EQ);
// FWByIPPortAlgoSearch.done();
//
// FWByPrivateIPSearch = createSearchBuilder();
// FWByPrivateIPSearch.and("privateIpAddress", FWByPrivateIPSearch.entity().getDestinationIpAddress(), SearchCriteria.Op.EQ);
// FWByPrivateIPSearch.done();
//
// RulesExcludingPubIpPort = createSearchBuilder();
// RulesExcludingPubIpPort.and("publicIpAddress", RulesExcludingPubIpPort.entity().getDestinationIpAddress(), SearchCriteria.Op.EQ);
// RulesExcludingPubIpPort.and("groupId", RulesExcludingPubIpPort.entity().getGroupId(), SearchCriteria.Op.NEQ);
// RulesExcludingPubIpPort.and("forwarding", RulesExcludingPubIpPort.entity().isForwarding(), SearchCriteria.Op.EQ);
// RulesExcludingPubIpPort.done();
//
// FWByGroupId = createSearchBuilder();
// FWByGroupId.and("groupId", FWByGroupId.entity().getGroupId(), SearchCriteria.Op.EQ);
// FWByGroupId.and("forwarding", FWByGroupId.entity().isForwarding(), SearchCriteria.Op.EQ);
// FWByGroupId.done();
//
// FWByGroupAndPrivateIp = createSearchBuilder();
// FWByGroupAndPrivateIp.and("groupId", FWByGroupAndPrivateIp.entity().getGroupId(), SearchCriteria.Op.EQ);
// FWByGroupAndPrivateIp.and("privateIpAddress", FWByGroupAndPrivateIp.entity().getDestinationIpAddress(), SearchCriteria.Op.EQ);
// FWByGroupAndPrivateIp.and("forwarding", FWByGroupAndPrivateIp.entity().isForwarding(), SearchCriteria.Op.EQ);
// FWByGroupAndPrivateIp.done();
//
// FWByPrivateIpPrivatePortPublicIpPublicPortSearch = createSearchBuilder();
// FWByPrivateIpPrivatePortPublicIpPublicPortSearch.and("publicIpAddress", FWByPrivateIpPrivatePortPublicIpPublicPortSearch.entity().getSourceIpAddress(), SearchCriteria.Op.EQ);
// FWByPrivateIpPrivatePortPublicIpPublicPortSearch.and("privateIpAddress", FWByPrivateIpPrivatePortPublicIpPublicPortSearch.entity().getDestinationIpAddress(), SearchCriteria.Op.EQ);
// FWByPrivateIpPrivatePortPublicIpPublicPortSearch.and("privatePort", FWByPrivateIpPrivatePortPublicIpPublicPortSearch.entity().getDestinationPort(), SearchCriteria.Op.NULL);
// FWByPrivateIpPrivatePortPublicIpPublicPortSearch.and("publicPort", FWByPrivateIpPrivatePortPublicIpPublicPortSearch.entity().getSourcePort(), SearchCriteria.Op.NULL);
// FWByPrivateIpPrivatePortPublicIpPublicPortSearch.done();
//
// OneToOneNATSearch = createSearchBuilder();
// OneToOneNATSearch.and("publicIpAddress", OneToOneNATSearch.entity().getSourceIpAddress(), SearchCriteria.Op.EQ);
// OneToOneNATSearch.and("protocol", OneToOneNATSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
// OneToOneNATSearch.done();
//
// FWByIpForLB = createSearchBuilder();
// FWByIpForLB.and("publicIpAddress", FWByIpForLB.entity().getSourceIpAddress(), SearchCriteria.Op.EQ);
// FWByIpForLB.and("groupId", FWByIpForLB.entity().getGroupId(), SearchCriteria.Op.NNULL);
// FWByIpForLB.and("forwarding", FWByIpForLB.entity().isForwarding(), SearchCriteria.Op.EQ);
// FWByIpForLB.done();
//
// return true;
// }
//
// protected String buildSelectByUserIdSql() {
// StringBuilder sql = createPartialSelectSql(null, true);
// sql.insert(sql.length() - 6, ", user_ip_address ");
// sql.append("ip_forwarding.public_ip_address = user_ip_address.public_ip_address AND user_ip_address.account_id = ?");
//
// return sql.toString();
// }
//
// protected String buildSelectByUserIdAndDatacenterIdSql() {
// return "SELECT i.id, i.group_id, i.public_ip_address, i.public_port, i.private_ip_address, i.private_port, i.enabled, i.protocol, i.forwarding, i.algorithm FROM ip_forwarding i, user_ip_address u WHERE i.public_ip_address=u.public_ip_address AND u.account_id=? AND u.data_center_id=?";
// }
//
// protected String buildSelectByUserIdAndDatacenterIdForLBSql() {
// return "SELECT i.id, i.group_id, i.public_ip_address, i.public_port, i.private_ip_address, i.private_port, i.enabled, i.protocol, i.forwarding, i.algorithm FROM ip_forwarding i, user_ip_address u WHERE i.public_ip_address=u.public_ip_address AND u.account_id=? AND u.data_center_id=? AND i.group_id is not NULL";
// }
//
// public List<PortForwardingRuleVO> listIPForwarding(String publicIPAddress, boolean forwarding) {
// SearchCriteria<PortForwardingRuleVO> sc = FWByIPAndForwardingSearch.create();
// sc.setParameters("publicIpAddress", publicIPAddress);
// sc.setParameters("forwarding", forwarding);
// return listBy(sc);
// }
//
// @Override
// public List<PortForwardingRuleVO> listIPForwarding(long userId) {
// Transaction txn = Transaction.currentTxn();
// List<PortForwardingRuleVO> forwardings = new ArrayList<PortForwardingRuleVO>();
// PreparedStatement pstmt = null;
// try {
// pstmt = txn.prepareAutoCloseStatement(SELECT_IP_FORWARDINGS_BY_USERID_SQL);
// pstmt.setLong(1, userId);
// ResultSet rs = pstmt.executeQuery();
// while (rs.next()) {
// forwardings.add(toEntityBean(rs, false));
// }
// } catch (Exception e) {
// s_logger.warn(e);
// }
// return forwardings;
// }
//
// public List<PortForwardingRuleVO> listIPForwarding(long userId, long dcId) {
// Transaction txn = Transaction.currentTxn();
// List<PortForwardingRuleVO> forwardings = new ArrayList<PortForwardingRuleVO>();
// PreparedStatement pstmt = null;
// try {
// pstmt = txn.prepareAutoCloseStatement(SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL);
// pstmt.setLong(1, userId);
// pstmt.setLong(2, dcId);
// ResultSet rs = pstmt.executeQuery();
// while (rs.next()) {
// forwardings.add(toEntityBean(rs, false));
// }
// } catch (Exception e) {
// s_logger.warn(e);
// }
// return forwardings;
// }
//
// @Override
// public void deleteIPForwardingByPublicIpAddress(String ipAddress) {
// Transaction txn = Transaction.currentTxn();
// PreparedStatement pstmt = null;
// try {
// pstmt = txn.prepareAutoCloseStatement(DELETE_IP_FORWARDING_BY_IPADDRESS_SQL);
// pstmt.setString(1, ipAddress);
// pstmt.executeUpdate();
// } catch (Exception e) {
// s_logger.warn(e);
// }
// }
//
// @Override
// public void deleteIPForwardingByPublicIpAndPort(String ipAddress, String port) {
// Transaction txn = Transaction.currentTxn();
// PreparedStatement pstmt = null;
// try {
// pstmt = txn.prepareAutoCloseStatement(DELETE_IP_FORWARDING_BY_IP_PORT_SQL);
// pstmt.setString(1, ipAddress);
// pstmt.setString(2, port);
//
// pstmt.executeUpdate();
// } catch (Exception e) {
// s_logger.warn(e);
// }
// }
//
// @Override
// public List<PortForwardingRuleVO> listIPForwarding(String publicIPAddress) {
// SearchCriteria<PortForwardingRuleVO> sc = FWByIPSearch.create();
// sc.setParameters("publicIpAddress", publicIPAddress);
// return listBy(sc);
// }
//
// @Override
// public List<PortForwardingRuleVO> listIPForwardingForUpdate(String publicIPAddress) {
// SearchCriteria<PortForwardingRuleVO> sc = FWByIPSearch.create();
// sc.setParameters("publicIpAddress", publicIPAddress);
// return listBy(sc, null);
// }
//
// @Override
// public List<PortForwardingRuleVO> listIPForwardingForUpdate(String publicIp, boolean fwding) {
// SearchCriteria<PortForwardingRuleVO> sc = FWByIPAndForwardingSearch.create();
// sc.setParameters("publicIpAddress", publicIp);
// sc.setParameters("forwarding", fwding);
// return search(sc, null);
// }
//
// @Override
// public List<PortForwardingRuleVO> listIPForwardingForUpdate(String publicIp,
// String publicPort, String proto) {
// SearchCriteria<PortForwardingRuleVO> sc = FWByIPPortProtoSearch.create();
// sc.setParameters("publicIpAddress", publicIp);
// sc.setParameters("publicPort", publicPort);
// sc.setParameters("protocol", proto);
// return search(sc, null);
// }
//
// @Override
// public List<PortForwardingRuleVO> listLoadBalanceRulesForUpdate(String publicIp,
// String publicPort, String algo) {
// SearchCriteria<PortForwardingRuleVO> sc = FWByIPPortAlgoSearch.create();
// sc.setParameters("publicIpAddress", publicIp);
// sc.setParameters("publicPort", publicPort);
// sc.setParameters("algorithm", algo);
// return listBy(sc, null);
// }
//
// @Override
// public List<PortForwardingRuleVO> listIPForwarding(String publicIPAddress,
// String port, boolean forwarding) {
// SearchCriteria<PortForwardingRuleVO> sc = FWByIPPortAndForwardingSearch.create();
// sc.setParameters("publicIpAddress", publicIPAddress);
// sc.setParameters("publicPort", port);
// sc.setParameters("forwarding", forwarding);
//
// return listBy(sc);
// }
//
// @Override
// public void disableIPForwarding(String publicIPAddress) {
// Transaction txn = Transaction.currentTxn();
// PreparedStatement pstmt = null;
// try {
// txn.start();
// pstmt = txn.prepareAutoCloseStatement(DISABLE_IP_FORWARDING_BY_IPADDRESS_SQL);
// pstmt.setString(1, publicIPAddress);
// pstmt.executeUpdate();
// txn.commit();
// } catch (Exception e) {
// txn.rollback();
// throw new CloudRuntimeException("DB Exception ", e);
// }
// }
//
// @Override
// public List<PortForwardingRuleVO> listRulesExcludingPubIpPort(String publicIpAddress, long securityGroupId) {
// SearchCriteria<PortForwardingRuleVO> sc = RulesExcludingPubIpPort.create();
// sc.setParameters("publicIpAddress", publicIpAddress);
// sc.setParameters("groupId", securityGroupId);
// sc.setParameters("forwarding", false);
// return listBy(sc);
// }
//
// @Override
// public List<PortForwardingRuleVO> listBySecurityGroupId(long securityGroupId) {
// SearchCriteria<PortForwardingRuleVO> sc = FWByGroupId.create();
// sc.setParameters("groupId", securityGroupId);
// sc.setParameters("forwarding", Boolean.TRUE);
// return listBy(sc);
// }
//
// @Override
// public List<PortForwardingRuleVO> listForwardingByPubAndPrivIp(boolean forwarding, String publicIPAddress, String privateIp) {
// SearchCriteria<PortForwardingRuleVO> sc = FWByIPAndForwardingSearch.create();
// sc.setParameters("publicIpAddress", publicIPAddress);
// sc.setParameters("forwarding", forwarding);
// sc.addAnd("privateIpAddress", SearchCriteria.Op.EQ, privateIp);
// return listBy(sc);
// }
//
// @Override
// public List<PortForwardingRuleVO> listByLoadBalancerId(long loadBalancerId) {
// SearchCriteria<PortForwardingRuleVO> sc = FWByGroupId.create();
// sc.setParameters("groupId", loadBalancerId);
// sc.setParameters("forwarding", Boolean.FALSE);
// return listBy(sc);
// }
//
// @Override
// public PortForwardingRuleVO findByGroupAndPrivateIp(long groupId, String privateIp, boolean forwarding) {
// SearchCriteria<PortForwardingRuleVO> sc = FWByGroupAndPrivateIp.create();
// sc.setParameters("groupId", groupId);
// sc.setParameters("privateIpAddress", privateIp);
// sc.setParameters("forwarding", forwarding);
// return findOneBy(sc);
//
// }
//
// @Override
// public List<PortForwardingRuleVO> findByPublicIpPrivateIpForNatRule(String publicIp, String privateIp){
// SearchCriteria<PortForwardingRuleVO> sc = FWByPrivateIpPrivatePortPublicIpPublicPortSearch.create();
// sc.setParameters("publicIpAddress", publicIp);
// sc.setParameters("privateIpAddress", privateIp);
// return listBy(sc);
// }
//
// @Override
// public List<PortForwardingRuleVO> listByPrivateIp(String privateIp) {
// SearchCriteria<PortForwardingRuleVO> sc = FWByPrivateIPSearch.create();
// sc.setParameters("privateIpAddress", privateIp);
// return listBy(sc);
// }
//
// @Override
// public List<PortForwardingRuleVO> listIPForwardingByPortAndProto(String publicIp,
// String publicPort, String proto) {
// SearchCriteria<PortForwardingRuleVO> sc = FWByIPPortProtoSearch.create();
// sc.setParameters("publicIpAddress", publicIp);
// sc.setParameters("publicPort", publicPort);
// sc.setParameters("protocol", proto);
// return search(sc, null);
// }
//
// @Override
// public boolean isPublicIpOneToOneNATted(String publicIp) {
// SearchCriteria<PortForwardingRuleVO> sc = OneToOneNATSearch.create();
// sc.setParameters("publicIpAddress", publicIp);
// sc.setParameters("protocol", NetUtils.NAT_PROTO);
// List<PortForwardingRuleVO> rules = search(sc, null);
// if (rules.size() != 1)
// return false;
// return rules.get(1).getProtocol().equalsIgnoreCase(NetUtils.NAT_PROTO);
// }
//
// @Override
// public List<PortForwardingRuleVO> listIpForwardingRulesForLoadBalancers(
// String publicIp) {
// SearchCriteria<PortForwardingRuleVO> sc = FWByIpForLB.create();
// sc.setParameters("publicIpAddress", publicIp);
// sc.setParameters("forwarding", false);
// return search(sc, null);
// }
//
// @Override
// public List<PortForwardingRuleVO> listIPForwardingForLB(long userId, long dcId) {
// Transaction txn = Transaction.currentTxn();
// List<PortForwardingRuleVO> forwardings = new ArrayList<PortForwardingRuleVO>();
// PreparedStatement pstmt = null;
// try {
// pstmt = txn.prepareAutoCloseStatement(SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL);
// pstmt.setLong(1, userId);
// pstmt.setLong(2, dcId);
// ResultSet rs = pstmt.executeQuery();
// while (rs.next()) {
// forwardings.add(toEntityBean(rs, false));
// }
// } catch (Exception e) {
// s_logger.warn(e);
// }
// return forwardings;
// }
@Override
public List<FirewallRuleVO> listStaticNatByVmId(long vmId) {
IPAddressDao _ipDao = ComponentLocator.getLocator("management-server").getDao(IPAddressDao.class);
if (VmSearch == null) {
SearchBuilder<IPAddressVO> IpSearch = _ipDao.createSearchBuilder();
IpSearch.and("associatedWithVmId", IpSearch.entity().getAssociatedWithVmId(), SearchCriteria.Op.EQ);
IpSearch.and("oneToOneNat", IpSearch.entity().isOneToOneNat(), SearchCriteria.Op.NNULL);
VmSearch = createSearchBuilder();
VmSearch.and("purpose", VmSearch.entity().getPurpose(), Op.EQ);
VmSearch.join("ipSearch", IpSearch, VmSearch.entity().getSourceIpAddressId(), IpSearch.entity().getId(), JoinBuilder.JoinType.INNER);
VmSearch.done();
}
SearchCriteria<FirewallRuleVO> sc = VmSearch.create();
sc.setParameters("purpose", Purpose.StaticNat);
sc.setJoinParameters("ipSearch", "associatedWithVmId", vmId);
return listBy(sc);
}
}

36
server/src/com/cloud/network/element/VirtualRouterElement.java
View File

@ -167,38 +167,14 @@ public class VirtualRouterElement extends DhcpElement implements NetworkElement,
long networkId = config.getId();
DomainRouterVO router = _routerDao.findByNetwork(networkId);
if (router == null) {
s_logger.warn("Unable to apply firewall rules, virtual router doesn't exist in the network " + config.getId());
throw new CloudRuntimeException("Unable to apply firewall rules");
s_logger.debug("Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual router doesn't exist in the network " + config.getId());
return true;
}
if (router.getState() == State.Running) {
if (rules != null && !rules.isEmpty()) {
if (rules.get(0).getPurpose() == Purpose.LoadBalancing) {
//for load balancer we have to resend all lb rules for the network
List<LoadBalancerVO> lbs = _lbDao.listByNetworkId(config.getId());
List<LoadBalancingRule> lbRules = new ArrayList<LoadBalancingRule>();
for (LoadBalancerVO lb : lbs) {
List<LbDestination> dstList = _lbMgr.getExistingDestinations(lb.getId());
LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList);
lbRules.add(loadBalancing);
}
return _routerMgr.applyLBRules(config, lbRules);
} else if (rules.get(0).getPurpose() == Purpose.PortForwarding) {
return _routerMgr.applyPortForwardingRules(config, _rulesMgr.buildPortForwardingTOrules((List<PortForwardingRule>)rules));
}
} else {
return true;
}
} else if (router.getState() == State.Stopped || router.getState() == State.Stopping){
s_logger.debug("Router is in " + router.getState() + ", so not sending apply firewall rules commands to the backend");
return true;
} else {
s_logger.warn("Unable to apply firewall rules, virtual router is not in the right state " + router.getState());
throw new CloudRuntimeException("Unable to apply firewall rules, domR is not in right state " + router.getState());
}
}
return false;
return _routerMgr.applyFirewallRules(config, rules);
} else {
return true;
}
}

3
server/src/com/cloud/network/lb/LoadBalancingRulesManager.java
View File

@ -21,9 +21,10 @@ import java.util.List;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.lb.LoadBalancingRule.LbDestination;
import com.cloud.user.Account;
public interface LoadBalancingRulesManager extends LoadBalancingRulesService {
boolean removeAllLoadBalanacers(long ipId);
boolean removeAllLoadBalanacers(long ipId, Account caller, long callerUserId);
List<LbDestination> getExistingDestinations(long lbId);
/**

717
server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
View File

@ -270,18 +270,22 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
@Override @ActionEvent (eventType=EventTypes.EVENT_LOAD_BALANCER_DELETE, eventDescription="deleting load balancer", async=true)
public boolean deleteLoadBalancerRule(long loadBalancerId, boolean apply) {
return deleteLoadBalancerRuleInternal(loadBalancerId, apply);
}
private boolean deleteLoadBalancerRuleInternal(long loadBalancerId, boolean apply) {
UserContext caller = UserContext.current();
UserContext ctx = UserContext.current();
Account caller = ctx.getCaller();
LoadBalancerVO lb = _lbDao.findById(loadBalancerId);
if (lb == null) {
throw new InvalidParameterException("Invalid load balancer value: " + loadBalancerId);
LoadBalancerVO rule = _lbDao.findById(loadBalancerId);
if (rule == null) {
throw new InvalidParameterValueException("Unable to find load balancer rule " + loadBalancerId);
}
_accountMgr.checkAccess(caller.getCaller(), lb);
_accountMgr.checkAccess(caller, rule);
return deleteLoadBalancerRule(loadBalancerId, apply, caller, ctx.getCallerUserId());
}
private boolean deleteLoadBalancerRule(long loadBalancerId, boolean apply, Account caller, long callerUserId) {
LoadBalancerVO lb = _lbDao.findById(loadBalancerId);
lb.setState(FirewallRule.State.Revoke);
_lbDao.persist(lb);
@ -430,17 +434,15 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
}
@Override
public boolean removeAllLoadBalanacers(long ipId) {
List<FirewallRuleVO> rules = _rulesDao.listByIpAndNotRevoked(ipId, null);
public boolean removeAllLoadBalanacers(long ipId, Account caller, long callerUserId) {
List<FirewallRuleVO> rules = _rulesDao.listByIpAndNotRevoked(ipId, Purpose.LoadBalancing);
if (rules != null)
s_logger.debug("Found " + rules.size() + " lb rules to cleanup");
for (FirewallRule rule : rules) {
if (rule.getPurpose() == Purpose.LoadBalancing) {
boolean result = deleteLoadBalancerRuleInternal(rule.getId(), true);
if (result == false) {
s_logger.warn("Unable to remove load balancer rule " + rule.getId());
return false;
}
for (FirewallRule rule : rules) {
boolean result = deleteLoadBalancerRule(rule.getId(), true, caller, callerUserId);
if (result == false) {
s_logger.warn("Unable to remove load balancer rule " + rule.getId());
return false;
}
}
return true;
@ -521,685 +523,6 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
return lb;
}
// @Override @DB
// public boolean removeFromLoadBalancer(RemoveFromLoadBalancerRuleCmd cmd) throws InvalidParameterValueException {
//
// Long userId = UserContext.current().getUserId();
// Account account = UserContext.current().getAccount();
// Long loadBalancerId = cmd.getId();
// Long vmInstanceId = cmd.getVirtualMachineId();
// List<Long> instanceIds = cmd.getVirtualMachineIds();
//
// if ((vmInstanceId == null) && (instanceIds == null)) {
// throw new ServerApiException(BaseCmd.PARAM_ERROR, "No virtual machine id specified.");
// }
//
// // if a single instanceId was given, add it to the list so we can always just process the list if instanceIds
// if (instanceIds == null) {
// instanceIds = new ArrayList<Long>();
// instanceIds.add(vmInstanceId);
// }
//
// if (userId == null) {
// userId = Long.valueOf(1);
// }
//
// LoadBalancerVO loadBalancer = _loadBalancerDao.findById(Long.valueOf(loadBalancerId));
//
// if (loadBalancer == null) {
// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find load balancer rule with id " + loadBalancerId);
// } else if (account != null) {
// if (!isAdmin(account.getType()) && (loadBalancer.getAccountId() != account.getId())) {
// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Account " + account.getAccountName() + " does not own load balancer rule " + loadBalancer.getName() +
// " (id:" + loadBalancer.getId() + ")");
// } else if (!_domainDao.isChildDomain(account.getDomainId(), loadBalancer.getDomainId())) {
// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid load balancer rule id (" + loadBalancer.getId() + ") given, unable to remove virtual machine instances.");
// }
// }
//
// Transaction txn = Transaction.currentTxn();
// LoadBalancerVO loadBalancerLock = null;
// boolean success = true;
// try {
//
// IPAddressVO ipAddress = _ipAddressDao.findById(loadBalancer.getIpAddress());
// if (ipAddress == null) {
// return false;
// }
//
// DomainRouterVO router = _routerMgr.getRouter(ipAddress.getAccountId(), ipAddress.getDataCenterId());
// if (router == null) {
// return false;
// }
//
// txn.start();
// for (Long instanceId : instanceIds) {
// UserVm userVm = _userVmDao.findById(instanceId);
// if (userVm == null) {
// s_logger.warn("Unable to find virtual machine with id " + instanceId);
// throw new InvalidParameterValueException("Unable to find virtual machine with id " + instanceId);
// }
// PortForwardingRuleVO fwRule = _rulesDao.findByGroupAndPrivateIp(loadBalancerId, userVm.getGuestIpAddress(), false);
// if (fwRule != null) {
// fwRule.setEnabled(false);
// _rulesDao.update(fwRule.getId(), fwRule);
// }
// }
//
// List<PortForwardingRuleVO> allLbRules = new ArrayList<PortForwardingRuleVO>();
// IPAddressVO ipAddr = _ipAddressDao.findById(loadBalancer.getIpAddress());
// List<IPAddressVO> ipAddrs = listPublicIpAddressesInVirtualNetwork(loadBalancer.getAccountId(), ipAddr.getDataCenterId(), null);
// for (IPAddressVO ipv : ipAddrs) {
// List<PortForwardingRuleVO> rules = _rulesDao.listIPForwarding(ipv.getAddress(), false);
// allLbRules.addAll(rules);
// }
//
// updateFirewallRules(loadBalancer.getIpAddress(), allLbRules, router);
//
// // firewall rules are updated, lock the load balancer as mappings are updated
// loadBalancerLock = _loadBalancerDao.acquireInLockTable(loadBalancerId);
// if (loadBalancerLock == null) {
// s_logger.warn("removeFromLoadBalancer: failed to lock load balancer " + loadBalancerId + ", deleting mappings anyway...");
// }
//
// // remove all the loadBalancer->VM mappings
// _loadBalancerVMMapDao.remove(loadBalancerId, instanceIds, Boolean.FALSE);
//
// // Save and create the event
// String description;
// String type = EventTypes.EVENT_NET_RULE_DELETE;
// String level = EventVO.LEVEL_INFO;
//
// for (PortForwardingRuleVO updatedRule : allLbRules) {
// if (!updatedRule.isEnabled()) {
// _rulesDao.remove(updatedRule.getId());
//
// description = "deleted load balancer rule [" + updatedRule.getSourceIpAddress() + ":" + updatedRule.getSourcePort() + "]->["
// + updatedRule.getDestinationIpAddress() + ":" + updatedRule.getDestinationPort() + "]" + " " + updatedRule.getProtocol();
//
// EventUtils.saveEvent(userId, loadBalancer.getAccountId(), level, type, description);
// }
// }
// txn.commit();
// } catch (Exception ex) {
// s_logger.warn("Failed to delete load balancing rule with exception: ", ex);
// success = false;
// txn.rollback();
// } finally {
// if (loadBalancerLock != null) {
// _loadBalancerDao.releaseFromLockTable(loadBalancerId);
// }
// }
// return success;
// }
//
// @Override @DB
// public boolean deleteLoadBalancerRule(DeleteLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{
// Long loadBalancerId = cmd.getId();
// Long userId = UserContext.current().getUserId();
// Account account = UserContext.current().getAccount();
//
// ///verify input parameters
// LoadBalancerVO loadBalancer = _loadBalancerDao.findById(loadBalancerId);
// if (loadBalancer == null) {
// throw new InvalidParameterValueException ("Unable to find load balancer rule with id " + loadBalancerId);
// }
//
// if (account != null) {
// if (!isAdmin(account.getType())) {
// if (loadBalancer.getAccountId() != account.getId()) {
// throw new PermissionDeniedException("Account " + account.getAccountName() + " does not own load balancer rule " + loadBalancer.getName() + " (id:" + loadBalancerId + "), permission denied");
// }
// } else if (!_domainDao.isChildDomain(account.getDomainId(), loadBalancer.getDomainId())) {
// throw new PermissionDeniedException("Unable to delete load balancer rule " + loadBalancer.getName() + " (id:" + loadBalancerId + "), permission denied.");
// }
// }
//
// if (userId == null) {
// userId = Long.valueOf(1);
// }
//
// Transaction txn = Transaction.currentTxn();
// LoadBalancerVO loadBalancerLock = null;
// try {
//
// IPAddressVO ipAddress = _ipAddressDao.findById(loadBalancer.getIpAddress());
// if (ipAddress == null) {
// return false;
// }
//
// DomainRouterVO router = _routerMgr.getRouter(ipAddress.getAccountId(), ipAddress.getDataCenterId());
// List<PortForwardingRuleVO> fwRules = _firewallRulesDao.listByLoadBalancerId(loadBalancerId);
//
// txn.start();
//
// if ((fwRules != null) && !fwRules.isEmpty()) {
// for (PortForwardingRuleVO fwRule : fwRules) {
// fwRule.setEnabled(false);
// _firewallRulesDao.update(fwRule.getId(), fwRule);
// }
//
// List<PortForwardingRuleVO> allLbRules = new ArrayList<PortForwardingRuleVO>();
// List<IPAddressVO> ipAddrs = listPublicIpAddressesInVirtualNetwork(loadBalancer.getAccountId(), ipAddress.getDataCenterId(), null);
// for (IPAddressVO ipv : ipAddrs) {
// List<PortForwardingRuleVO> rules = _firewallRulesDao.listIPForwarding(ipv.getAddress(), false);
// allLbRules.addAll(rules);
// }
//
// updateFirewallRules(loadBalancer.getIpAddress(), allLbRules, router);
//
// // firewall rules are updated, lock the load balancer as the mappings are updated
// loadBalancerLock = _loadBalancerDao.acquireInLockTable(loadBalancerId);
// if (loadBalancerLock == null) {
// s_logger.warn("deleteLoadBalancer: failed to lock load balancer " + loadBalancerId + ", deleting mappings anyway...");
// }
//
// // remove all loadBalancer->VM mappings
// List<LoadBalancerVMMapVO> lbVmMap = _loadBalancerVMMapDao.listByLoadBalancerId(loadBalancerId);
// if (lbVmMap != null && !lbVmMap.isEmpty()) {
// for (LoadBalancerVMMapVO lb : lbVmMap) {
// _loadBalancerVMMapDao.remove(lb.getId());
// }
// }
//
// // Save and create the event
// String description;
// String type = EventTypes.EVENT_NET_RULE_DELETE;
// String ruleName = "load balancer";
// String level = EventVO.LEVEL_INFO;
// Account accountOwner = _accountDao.findById(loadBalancer.getAccountId());
//
// for (PortForwardingRuleVO updatedRule : fwRules) {
// _firewallRulesDao.remove(updatedRule.getId());
//
// description = "deleted " + ruleName + " rule [" + updatedRule.getSourceIpAddress() + ":" + updatedRule.getSourcePort() + "]->["
// + updatedRule.getDestinationIpAddress() + ":" + updatedRule.getDestinationPort() + "]" + " " + updatedRule.getProtocol();
//
// EventUtils.saveEvent(userId, accountOwner.getId(), level, type, description);
// }
// }
//
// txn.commit();
// } catch (Exception ex) {
// txn.rollback();
// s_logger.error("Unexpected exception deleting load balancer " + loadBalancerId, ex);
// return false;
// } finally {
// if (loadBalancerLock != null) {
// _loadBalancerDao.releaseFromLockTable(loadBalancerId);
// }
// }
//
// boolean success = _loadBalancerDao.remove(loadBalancerId);
//
// // save off an event for removing the load balancer
// EventVO event = new EventVO();
// event.setUserId(userId);
// event.setAccountId(loadBalancer.getAccountId());
// event.setType(EventTypes.EVENT_LOAD_BALANCER_DELETE);
// if (success) {
// event.setLevel(EventVO.LEVEL_INFO);
// String params = "id="+loadBalancer.getId();
// event.setParameters(params);
// event.setDescription("Successfully deleted load balancer " + loadBalancer.getName() + " (id:" + loadBalancer.getId() + ")");
// } else {
// event.setLevel(EventVO.LEVEL_ERROR);
// event.setDescription("Failed to delete load balancer " + loadBalancer.getName() + " (id:" + loadBalancer.getId() + ")");
// }
// _eventDao.persist(event);
// return success;
// }
// @Override @DB
// public boolean assignToLoadBalancer(AssignToLoadBalancerRuleCmd cmd) throws NetworkRuleConflictException {
// Long loadBalancerId = cmd.getLoadBalancerId();
// Long instanceIdParam = cmd.getVirtualMachineId();
// List<Long> instanceIds = cmd.getVirtualMachineIds();
//
// if ((instanceIdParam == null) && (instanceIds == null)) {
// throw new InvalidParameterValueException("Unable to assign to load balancer " + loadBalancerId + ", no instance id is specified.");
// }
//
// if ((instanceIds == null) && (instanceIdParam != null)) {
// instanceIds = new ArrayList<Long>();
// instanceIds.add(instanceIdParam);
// }
//
// // FIXME: We should probably lock the load balancer here to prevent multiple updates...
// LoadBalancerVO loadBalancer = _loadBalancerDao.findById(loadBalancerId);
// if (loadBalancer == null) {
// throw new InvalidParameterValueException("Failed to assign to load balancer " + loadBalancerId + ", the load balancer was not found.");
// }
//
//
// // Permission check...
// Account account = UserContext.current().getAccount();
// if (account != null) {
// if (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
// if (!_domainDao.isChildDomain(account.getDomainId(), loadBalancer.getDomainId())) {
// throw new PermissionDeniedException("Failed to assign to load balancer " + loadBalancerId + ", permission denied.");
// }
// } else if (account.getType() != Account.ACCOUNT_TYPE_ADMIN && account.getId() != loadBalancer.getAccountId()) {
// throw new PermissionDeniedException("Failed to assign to load balancer " + loadBalancerId + ", permission denied.");
// }
// }
//
// Transaction txn = Transaction.currentTxn();
// List<PortForwardingRuleVO> firewallRulesToApply = new ArrayList<PortForwardingRuleVO>();
// long accountId = 0;
// DomainRouterVO router = null;
//
// List<LoadBalancerVMMapVO> mappedInstances = _loadBalancerVMMapDao.listByLoadBalancerId(loadBalancerId, false);
// Set<Long> mappedInstanceIds = new HashSet<Long>();
// if (mappedInstances != null) {
// for (LoadBalancerVMMapVO mappedInstance : mappedInstances) {
// mappedInstanceIds.add(Long.valueOf(mappedInstance.getInstanceId()));
// }
// }
//
// List<Long> finalInstanceIds = new ArrayList<Long>();
// for (Long instanceId : instanceIds) {
// if (mappedInstanceIds.contains(instanceId)) {
// continue;
// } else {
// finalInstanceIds.add(instanceId);
// }
//
// UserVmVO userVm = _vmDao.findById(instanceId);
// if (userVm == null) {
// s_logger.warn("Unable to find virtual machine with id " + instanceId);
// throw new InvalidParameterValueException("Unable to find virtual machine with id " + instanceId);
// } else {
// // sanity check that the vm can be applied to the load balancer
// ServiceOfferingVO offering = _serviceOfferingDao.findById(userVm.getServiceOfferingId());
// if ((offering == null) || !GuestIpType.Virtualized.equals(offering.getGuestIpType())) {
// // we previously added these instanceIds to the loadBalancerVMMap, so remove them here as we are rejecting the API request
// // without actually modifying the load balancer
// _loadBalancerVMMapDao.remove(loadBalancerId, instanceIds, Boolean.TRUE);
//
// if (s_logger.isDebugEnabled()) {
// s_logger.debug("Unable to add virtual machine " + userVm.toString() + " to load balancer " + loadBalancerId + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")");
// }
//
// throw new InvalidParameterValueException("Unable to add virtual machine " + userVm.toString() + " to load balancer " + loadBalancerId + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")");
// }
// }
//
// if (accountId == 0) {
// accountId = userVm.getAccountId();
// } else if (accountId != userVm.getAccountId()) {
// s_logger.warn("guest vm " + userVm.getHostName() + " (id:" + userVm.getId() + ") belongs to account " + userVm.getAccountId()
// + ", previous vm in list belongs to account " + accountId);
// throw new InvalidParameterValueException("guest vm " + userVm.getHostName() + " (id:" + userVm.getId() + ") belongs to account " + userVm.getAccountId()
// + ", previous vm in list belongs to account " + accountId);
// }
//
// DomainRouterVO nextRouter = null;
// if (userVm.getDomainRouterId() != null) {
// nextRouter = _routerMgr.getRouter(userVm.getDomainRouterId());
// }
// if (nextRouter == null) {
// s_logger.warn("Unable to find router (" + userVm.getDomainRouterId() + ") for virtual machine with id " + instanceId);
// throw new InvalidParameterValueException("Unable to find router (" + userVm.getDomainRouterId() + ") for virtual machine with id " + instanceId);
// }
//
// if (router == null) {
// router = nextRouter;
//
// // Make sure owner of router is owner of load balancer. Since we are already checking that all VMs belong to the same router, by checking router
// // ownership once we'll make sure all VMs belong to the owner of the load balancer.
// if (router.getAccountId() != loadBalancer.getAccountId()) {
// throw new InvalidParameterValueException("guest vm " + userVm.getHostName() + " (id:" + userVm.getId() + ") does not belong to the owner of load balancer " +
// loadBalancer.getName() + " (owner is account id " + loadBalancer.getAccountId() + ")");
// }
// } else if (router.getId() != nextRouter.getId()) {
// throw new InvalidParameterValueException("guest vm " + userVm.getHostName() + " (id:" + userVm.getId() + ") belongs to router " + nextRouter.getHostName()
// + ", previous vm in list belongs to router " + router.getHostName());
// }
//
// // check for ip address/port conflicts by checking exising forwarding and loadbalancing rules
// String ipAddress = loadBalancer.getIpAddress();
// String privateIpAddress = userVm.getGuestIpAddress();
// List<PortForwardingRuleVO> existingRulesOnPubIp = _rulesDao.listIPForwarding(ipAddress);
//
// if (existingRulesOnPubIp != null) {
// for (PortForwardingRuleVO fwRule : existingRulesOnPubIp) {
// if (!( (fwRule.isForwarding() == false) &&
// (fwRule.getGroupId() != null) &&
// (fwRule.getGroupId() == loadBalancer.getId()) )) {
// // if the rule is not for the current load balancer, check to see if the private IP is our target IP,
// // in which case we have a conflict
// if (fwRule.getSourcePort().equals(loadBalancer.getPublicPort())) {
// throw new NetworkRuleConflictException("An existing port forwarding service rule for " + ipAddress + ":" + loadBalancer.getPublicPort()
// + " exists, found while trying to apply load balancer " + loadBalancer.getName() + " (id:" + loadBalancer.getId() + ") to instance "
// + userVm.getHostName() + ".");
// }
// } else if (fwRule.getDestinationIpAddress().equals(privateIpAddress) && fwRule.getDestinationPort().equals(loadBalancer.getPrivatePort()) && fwRule.isEnabled()) {
// // for the current load balancer, don't add the same instance to the load balancer more than once
// continue;
// }
// }
// }
//
// PortForwardingRuleVO newFwRule = new PortForwardingRuleVO();
// newFwRule.setAlgorithm(loadBalancer.getAlgorithm());
// newFwRule.setEnabled(true);
// newFwRule.setForwarding(false);
// newFwRule.setPrivatePort(loadBalancer.getPrivatePort());
// newFwRule.setPublicPort(loadBalancer.getPublicPort());
// newFwRule.setPublicIpAddress(loadBalancer.getIpAddress());
// newFwRule.setPrivateIpAddress(userVm.getGuestIpAddress());
// newFwRule.setGroupId(loadBalancer.getId());
//
// firewallRulesToApply.add(newFwRule);
// }
//
// // if there's no work to do, bail out early rather than reconfiguring the proxy with the existing rules
// if (firewallRulesToApply.isEmpty()) {
// return true;
// }
//
// //Sync on domR
// if(router == null){
// throw new InvalidParameterValueException("Failed to assign to load balancer " + loadBalancerId + ", the domain router was not found at " + loadBalancer.getIpAddress());
// }
// else{
// cmd.synchronizeCommand("Router", router.getId());
// }
//
// IPAddressVO ipAddr = _ipAddressDao.findById(loadBalancer.getIpAddress());
// List<IPAddressVO> ipAddrs = listPublicIpAddressesInVirtualNetwork(accountId, ipAddr.getDataCenterId(), null);
// for (IPAddressVO ipv : ipAddrs) {
// List<PortForwardingRuleVO> rules = _rulesDao.listIpForwardingRulesForLoadBalancers(ipv.getAddress());
// firewallRulesToApply.addAll(rules);
// }
//
// txn.start();
//
// List<PortForwardingRuleVO> updatedRules = null;
// if (router.getState().equals(State.Starting)) {
// // Starting is a special case...if the router is starting that means the IP address hasn't yet been assigned to the domR and the update firewall rules script will fail.
// // In this case, just store the rules and they will be applied when the router state is resent (after the router is started).
// updatedRules = firewallRulesToApply;
// } else {
// updatedRules = updateFirewallRules(loadBalancer.getIpAddress(), firewallRulesToApply, router);
// }
//
// // Save and create the event
// String description;
// String type = EventTypes.EVENT_NET_RULE_ADD;
// String ruleName = "load balancer";
// String level = EventVO.LEVEL_INFO;
//
// LoadBalancerVO loadBalancerLock = null;
// try {
// loadBalancerLock = _loadBalancerDao.acquireInLockTable(loadBalancerId);
// if (loadBalancerLock == null) {
// s_logger.warn("assignToLoadBalancer: Failed to lock load balancer " + loadBalancerId + ", proceeding with updating loadBalancerVMMappings...");
// }
// if ((updatedRules != null) && (updatedRules.size() == firewallRulesToApply.size())) {
// // flag the instances as mapped to the load balancer
// for (Long addedInstanceId : finalInstanceIds) {
// LoadBalancerVMMapVO mappedVM = new LoadBalancerVMMapVO(loadBalancerId, addedInstanceId);
// _loadBalancerVMMapDao.persist(mappedVM);
// }
//
// /* We used to add these instances as pending when the API command is received on the server, and once they were applied,
// * the pending status was removed. In the 2.2 API framework, this is no longer done and instead the new mappings just
// * need to be persisted
// List<LoadBalancerVMMapVO> pendingMappedVMs = _loadBalancerVMMapDao.listByLoadBalancerId(loadBalancerId, true);
// for (LoadBalancerVMMapVO pendingMappedVM : pendingMappedVMs) {
// if (instanceIds.contains(pendingMappedVM.getInstanceId())) {
// LoadBalancerVMMapVO pendingMappedVMForUpdate = _loadBalancerVMMapDao.createForUpdate();
// pendingMappedVMForUpdate.setPending(false);
// _loadBalancerVMMapDao.update(pendingMappedVM.getId(), pendingMappedVMForUpdate);
// }
// }
// */
//
// for (PortForwardingRuleVO updatedRule : updatedRules) {
// _rulesDao.persist(updatedRule);
//
// description = "created new " + ruleName + " rule [" + updatedRule.getSourceIpAddress() + ":"
// + updatedRule.getSourcePort() + "]->[" + updatedRule.getDestinationIpAddress() + ":"
// + updatedRule.getDestinationPort() + "]" + " " + updatedRule.getProtocol();
//
// EventUtils.saveEvent(UserContext.current().getUserId(), loadBalancer.getAccountId(), level, type, description);
// }
// txn.commit();
// return true;
// } else {
// // Remove the instanceIds from the load balancer since there was a failure. Make sure to commit the
// // transaction here, otherwise the act of throwing the internal error exception will cause this
// // remove operation to be rolled back.
// _loadBalancerVMMapDao.remove(loadBalancerId, instanceIds, null);
// txn.commit();
//
// s_logger.warn("Failed to apply load balancer " + loadBalancer.getName() + " (id:" + loadBalancerId + ") to guest virtual machines " + StringUtils.join(instanceIds, ","));
// throw new CloudRuntimeException("Failed to apply load balancer " + loadBalancer.getName() + " (id:" + loadBalancerId + ") to guest virtual machine " + StringUtils.join(instanceIds, ","));
// }
// } finally {
// if (loadBalancerLock != null) {
// _loadBalancerDao.releaseFromLockTable(loadBalancerId);
// }
// }
// }
// @Override @DB
// public LoadBalancer createLoadBalancerRule(CreateLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
// String publicIp = cmd.getPublicIp();
//
// // make sure ip address exists
// IPAddressVO ipAddr = _ipAddressDao.findById(cmd.getPublicIp());
// if (ipAddr == null) {
// throw new InvalidParameterValueException("Unable to create load balancer rule, invalid IP address " + publicIp);
// }
//
// VlanVO vlan = _vlanDao.findById(ipAddr.getVlanDbId());
// if (vlan != null) {
// if (!VlanType.VirtualNetwork.equals(vlan.getVlanType())) {
// throw new InvalidParameterValueException("Unable to create load balancer rule for IP address " + publicIp + ", only VirtualNetwork type IP addresses can be used for load balancers.");
// }
// } // else ERROR?
//
// // Verify input parameters
// if ((ipAddr.getAccountId() == null) || (ipAddr.getAllocated() == null)) {
// throw new InvalidParameterValueException("Unable to create load balancer rule, cannot find account owner for ip " + publicIp);
// }
//
// Account account = UserContext.current().getAccount();
// if (account != null) {
// if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) {
// if (!_domainDao.isChildDomain(account.getDomainId(), ipAddr.getDomainId())) {
// throw new PermissionDeniedException("Unable to create load balancer rule on IP address " + publicIp + ", permission denied.");
// }
// } else if (account.getId() != ipAddr.getAccountId().longValue()) {
// throw new PermissionDeniedException("Unable to create load balancer rule, account " + account.getAccountName() + " doesn't own ip address " + publicIp);
// }
// }
//
// String loadBalancerName = cmd.getLoadBalancerRuleName();
// LoadBalancerVO existingLB = _loadBalancerDao.findByAccountAndName(ipAddr.getAccountId(), loadBalancerName);
// if (existingLB != null) {
// throw new InvalidParameterValueException("Unable to create load balancer rule, an existing load balancer rule with name " + loadBalancerName + " already exists.");
// }
//
// // validate params
// String publicPort = cmd.getPublicPort();
// String privatePort = cmd.getPrivatePort();
// String algorithm = cmd.getAlgorithm();
//
// if (!NetUtils.isValidPort(publicPort)) {
// throw new InvalidParameterValueException("publicPort is an invalid value");
// }
// if (!NetUtils.isValidPort(privatePort)) {
// throw new InvalidParameterValueException("privatePort is an invalid value");
// }
// if ((algorithm == null) || !NetUtils.isValidAlgorithm(algorithm)) {
// throw new InvalidParameterValueException("Invalid algorithm");
// }
//
// boolean locked = false;
// try {
// LoadBalancerVO exitingLB = _loadBalancerDao.findByIpAddressAndPublicPort(publicIp, publicPort);
// if (exitingLB != null) {
// throw new InvalidParameterValueException("IP Address/public port already load balanced by an existing load balancer rule");
// }
//
// List<PortForwardingRuleVO> existingFwRules = _rulesDao.listIPForwarding(publicIp, publicPort, true);
// if ((existingFwRules != null) && !existingFwRules.isEmpty()) {
// throw new InvalidParameterValueException("IP Address (" + publicIp + ") and port (" + publicPort + ") already in use");
// }
//
// ipAddr = _ipAddressDao.acquireInLockTable(publicIp);
// if (ipAddr == null) {
// throw new PermissionDeniedException("User does not own ip address " + publicIp);
// }
//
// locked = true;
//
// LoadBalancerVO loadBalancer = new LoadBalancerVO(loadBalancerName, cmd.getDescription(), ipAddr.getAccountId(), publicIp, publicPort, privatePort, algorithm);
// loadBalancer = _loadBalancerDao.persist(loadBalancer);
// Long id = loadBalancer.getId();
//
// // Save off information for the event that the security group was applied
// Long userId = UserContext.current().getUserId();
// if (userId == null) {
// userId = Long.valueOf(User.UID_SYSTEM);
// }
//
// EventVO event = new EventVO();
// event.setUserId(userId);
// event.setAccountId(ipAddr.getAccountId());
// event.setType(EventTypes.EVENT_LOAD_BALANCER_CREATE);
//
// if (id == null) {
// event.setDescription("Failed to create load balancer " + loadBalancer.getName() + " on ip address " + publicIp + "[" + publicPort + "->" + privatePort + "]");
// event.setLevel(EventVO.LEVEL_ERROR);
// } else {
// event.setDescription("Successfully created load balancer " + loadBalancer.getName() + " on ip address " + publicIp + "[" + publicPort + "->" + privatePort + "]");
// String params = "id="+loadBalancer.getId()+"\ndcId="+ipAddr.getDataCenterId();
// event.setParameters(params);
// event.setLevel(EventVO.LEVEL_INFO);
// }
// _eventDao.persist(event);
//
// return _loadBalancerDao.findById(id);
// } finally {
// if (locked) {
// _ipAddressDao.releaseFromLockTable(publicIp);
// }
// }
// }
// @Override
// public boolean updateLoadBalancerRules(final List<PortForwardingRuleVO> fwRules, final DomainRouterVO router, Long hostId) {
//
// for (PortForwardingRuleVO rule : fwRules) {
// // Determine the the VLAN ID and netmask of the rule's public IP address
// IPAddressVO ip = _ipAddressDao.findById(rule.getSourceIpAddress());
// VlanVO vlan = _vlanDao.findById(new Long(ip.getVlanDbId()));
// String vlanNetmask = vlan.getVlanNetmask();
//
// rule.setVlanNetmask(vlanNetmask);
// }
//
// final LoadBalancerConfigurator cfgrtr = new HAProxyConfigurator();
// final String [] cfg = cfgrtr.generateConfiguration(fwRules);
// final String [][] addRemoveRules = cfgrtr.generateFwRules(fwRules);
// final LoadBalancerCfgCommand cmd = new LoadBalancerCfgCommand(cfg, addRemoveRules, router.getInstanceName(), router.getPrivateIpAddress());
// final Answer ans = _agentMgr.easySend(hostId, cmd);
// if (ans == null) {
// return false;
// } else {
// return ans.getResult();
// }
// }
// @Override @DB
// public LoadBalancerVO updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{
// Long loadBalancerId = cmd.getId();
// String privatePort = cmd.getPrivatePort();
// String algorithm = cmd.getAlgorithm();
// String name = cmd.getLoadBalancerName();
// String description = cmd.getDescription();
// Account account = UserContext.current().getAccount();
//
// //Verify input parameters
// LoadBalancerVO loadBalancer = _loadBalancerDao.findById(loadBalancerId);
// if (loadBalancer == null) {
// throw new InvalidParameterValueException("Unable to find load balancer rule " + loadBalancerId + " for update.");
// }
//
// // make sure the name's not already in use
// if (name != null) {
// LoadBalancerVO existingLB = _loadBalancerDao.findByAccountAndName(loadBalancer.getAccountId(), name);
// if ((existingLB != null) && (existingLB.getId() != loadBalancer.getId())) {
// throw new InvalidParameterValueException("Unable to update load balancer " + loadBalancer.getName() + " with new name " + name + ", the name is already in use.");
// }
// }
//
// Account lbOwner = _accountDao.findById(loadBalancer.getAccountId());
// if (lbOwner == null) {
// throw new InvalidParameterValueException("Unable to update load balancer rule, cannot find owning account");
// }
//
// Long accountId = lbOwner.getId();
// if (account != null) {
// if (!isAdmin(account.getType())) {
// if (account.getId() != accountId.longValue()) {
// throw new PermissionDeniedException("Unable to update load balancer rule, permission denied");
// }
// } else if (!_domainDao.isChildDomain(account.getDomainId(), lbOwner.getDomainId())) {
// throw new PermissionDeniedException("Unable to update load balancer rule, permission denied.");
// }
// }
//
// String updatedPrivatePort = ((privatePort == null) ? loadBalancer.getPrivatePort() : privatePort);
// String updatedAlgorithm = ((algorithm == null) ? loadBalancer.getAlgorithm() : algorithm);
// String updatedName = ((name == null) ? loadBalancer.getName() : name);
// String updatedDescription = ((description == null) ? loadBalancer.getDescription() : description);
//
// Transaction txn = Transaction.currentTxn();
// try {
// txn.start();
// loadBalancer.setPrivatePort(updatedPrivatePort);
// loadBalancer.setAlgorithm(updatedAlgorithm);
// loadBalancer.setName(updatedName);
// loadBalancer.setDescription(updatedDescription);
// _loadBalancerDao.update(loadBalancer.getId(), loadBalancer);
//
// List<PortForwardingRuleVO> fwRules = _firewallRulesDao.listByLoadBalancerId(loadBalancer.getId());
// if ((fwRules != null) && !fwRules.isEmpty()) {
// for (PortForwardingRuleVO fwRule : fwRules) {
// fwRule.setPrivatePort(updatedPrivatePort);
// fwRule.setAlgorithm(updatedAlgorithm);
// _firewallRulesDao.update(fwRule.getId(), fwRule);
// }
// }
// txn.commit();
// } catch (RuntimeException ex) {
// s_logger.warn("Unhandled exception trying to update load balancer rule", ex);
// txn.rollback();
// throw ex;
// } finally {
// txn.close();
// }
//
// // now that the load balancer has been updated, reconfigure the HA Proxy on the router with all the LB rules
// List<PortForwardingRuleVO> allLbRules = new ArrayList<PortForwardingRuleVO>();
// IPAddressVO ipAddress = _ipAddressDao.findById(loadBalancer.getIpAddress());
// List<IPAddressVO> ipAddrs = listPublicIpAddressesInVirtualNetwork(loadBalancer.getAccountId(), ipAddress.getDataCenterId(), null);
// for (IPAddressVO ipv : ipAddrs) {
// List<PortForwardingRuleVO> rules = _firewallRulesDao.listIPForwarding(ipv.getAddress(), false);
// allLbRules.addAll(rules);
// }
//
// IPAddressVO ip = _ipAddressDao.findById(loadBalancer.getIpAddress());
// DomainRouterVO router = _routerMgr.getRouter(ip.getAccountId(), ip.getDataCenterId());
// updateFirewallRules(loadBalancer.getIpAddress(), allLbRules, router);
// return _loadBalancerDao.findById(loadBalancer.getId());
// }
@Override
public List<UserVmVO> listLoadBalancerInstances(ListLoadBalancerRuleInstancesCmd cmd) throws PermissionDeniedException {
Account caller = UserContext.current().getCaller();

5
server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java
View File

@ -22,7 +22,6 @@ import java.util.Map;
import com.cloud.agent.api.to.PortForwardingRuleTO;
import com.cloud.deploy.DeployDestination;
import com.cloud.exception.AgentUnavailableException;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.ResourceUnavailableException;
@ -32,6 +31,7 @@ import com.cloud.network.RemoteAccessVpn;
import com.cloud.network.VirtualNetworkApplianceService;
import com.cloud.network.VpnUser;
import com.cloud.network.lb.LoadBalancingRule;
import com.cloud.network.rules.FirewallRule;
import com.cloud.user.Account;
import com.cloud.user.User;
import com.cloud.uservm.UserVm;
@ -81,8 +81,7 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA
boolean associateIP (Network network, List<? extends PublicIpAddress> ipAddress) throws ResourceUnavailableException;
boolean applyLBRules(Network network, List<LoadBalancingRule> rules) throws ResourceUnavailableException;
boolean applyPortForwardingRules(Network network, List<PortForwardingRuleTO> rules) throws AgentUnavailableException;
boolean applyFirewallRules(Network network, List<? extends FirewallRule> rules) throws ResourceUnavailableException;
String[] applyVpnUsers(Network network, List<? extends VpnUser> users) throws ResourceUnavailableException;

105
server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
View File

@ -49,11 +49,13 @@ import com.cloud.agent.api.routing.NetworkElementCommand;
import com.cloud.agent.api.routing.RemoteAccessVpnCfgCommand;
import com.cloud.agent.api.routing.SavePasswordCommand;
import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
import com.cloud.agent.api.routing.VmDataCommand;
import com.cloud.agent.api.routing.VpnUsersCfgCommand;
import com.cloud.agent.api.to.IpAddressTO;
import com.cloud.agent.api.to.LoadBalancerTO;
import com.cloud.agent.api.to.PortForwardingRuleTO;
import com.cloud.agent.api.to.StaticNatRuleTO;
import com.cloud.agent.manager.Commands;
import com.cloud.alert.AlertManager;
import com.cloud.api.commands.UpgradeRouterCmd;
@ -113,8 +115,10 @@ import com.cloud.network.lb.LoadBalancingRule.LbDestination;
import com.cloud.network.lb.LoadBalancingRulesManager;
import com.cloud.network.router.VirtualRouter.Role;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.FirewallRule.Purpose;
import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.rules.RulesManager;
import com.cloud.network.rules.StaticNatRule;
import com.cloud.network.rules.dao.PortForwardingRulesDao;
import com.cloud.offering.NetworkOffering;
import com.cloud.offerings.NetworkOfferingVO;
@ -1027,23 +1031,21 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
createAssociateIPCommands(router, publicIps, cmds, 0);
//Re-apply port forwarding rules for all public ips
List<PortForwardingRuleTO> rulesToReapply = new ArrayList<PortForwardingRuleTO>();
List<RemoteAccessVpn> vpns = new ArrayList<RemoteAccessVpn>();
List<? extends PortForwardingRule> rules = null;
for (PublicIpAddress ip : publicIps) {
List<? extends PortForwardingRule> rules = _pfRulesDao.listForApplication(ip.getId());
if (rules != null){
rulesToReapply.addAll(_rulesMgr.buildPortForwardingTOrules(rules));
}
rules = _pfRulesDao.listForApplication(ip.getId());
RemoteAccessVpn vpn = _vpnDao.findById(ip.getId());
if (vpn != null) {
vpns.add(vpn);
}
}
s_logger.debug("Found " + rulesToReapply.size() + " port forwarding rule(s) to apply as a part of domR " + router + " start.");
if (!rulesToReapply.isEmpty()) {
createApplyPortForwardingRulesCommands(rulesToReapply, router, cmds);
s_logger.debug("Found " + rules.size() + " port forwarding rule(s) to apply as a part of domR " + router + " start.");
if (!rules.isEmpty()) {
createApplyPortForwardingRulesCommands(rules, router, cmds);
}
s_logger.debug("Found " + vpns.size() + " vpn(s) to apply as a part of domR " + router + " start.");
@ -1209,7 +1211,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
Commands cmds = new Commands(OnError.Stop);
String routerControlIpAddress = null;
List<NicVO> nics = _nicDao.listBy(router.getId());
List<NicVO> nics = _nicDao.listByVmId(router.getId());
for (NicVO n : nics) {
NetworkVO nc = _networksDao.findById(n.getNetworkId());
if (nc.getTrafficType() == TrafficType.Control) {
@ -1403,8 +1405,35 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
}
}
private void createApplyPortForwardingRulesCommands(List<PortForwardingRuleTO> rules, DomainRouterVO router, Commands cmds) {
SetPortForwardingRulesCommand cmd = new SetPortForwardingRulesCommand(rules);
private void createApplyPortForwardingRulesCommands(List<? extends PortForwardingRule> rules, DomainRouterVO router, Commands cmds) {
List<PortForwardingRuleTO> rulesTO = null;
if (rules != null) {
rulesTO = new ArrayList<PortForwardingRuleTO>();
for (PortForwardingRule rule : rules) {
IpAddress sourceIp = _networkMgr.getIp(rule.getSourceIpAddressId());
PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, sourceIp.getAddress().addr());
rulesTO.add(ruleTO);
}
}
SetPortForwardingRulesCommand cmd = new SetPortForwardingRulesCommand(rulesTO);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, router.getPrivateIpAddress());
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
cmds.addCommand(cmd);
}
private void createApplyStaticNatRulesCommands(List<? extends StaticNatRule> rules, DomainRouterVO router, Commands cmds) {
List<StaticNatRuleTO> rulesTO = null;
if (rules != null) {
rulesTO = new ArrayList<StaticNatRuleTO>();
for (StaticNatRule rule : rules) {
IpAddress sourceIp = _networkMgr.getIp(rule.getSourceIpAddressId());
StaticNatRuleTO ruleTO = new StaticNatRuleTO(rule, sourceIp.getAddress().addr(), rule.getDestIpAddress());
rulesTO.add(ruleTO);
}
}
SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rulesTO);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, router.getPrivateIpAddress());
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
cmds.addCommand(cmd);
@ -1547,30 +1576,72 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
throw new ResourceUnavailableException("Unable to assign ip addresses, domR is not in right state " + router.getState(), DataCenter.class, network.getDataCenterId());
}
}
@Override
public boolean applyLBRules(Network network, List<LoadBalancingRule> rules) throws ResourceUnavailableException {
public boolean applyFirewallRules(Network network, List<? extends FirewallRule> rules) throws ResourceUnavailableException {
DomainRouterVO router = _routerDao.findByNetwork(network.getId());
if (router == null) {
s_logger.warn("Unable to apply lb rules, virtual router doesn't exist in the network " + network.getId());
throw new ResourceUnavailableException("Unable to apply lb rules", DataCenter.class, network.getDataCenterId());
}
if (router.getState() == State.Running) {
if (rules != null && !rules.isEmpty()) {
if (rules.get(0).getPurpose() == Purpose.LoadBalancing) {
//for load balancer we have to resend all lb rules for the network
List<LoadBalancerVO> lbs = _loadBalancerDao.listByNetworkId(network.getId());
List<LoadBalancingRule> lbRules = new ArrayList<LoadBalancingRule>();
for (LoadBalancerVO lb : lbs) {
List<LbDestination> dstList = _lbMgr.getExistingDestinations(lb.getId());
LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList);
lbRules.add(loadBalancing);
}
return applyLBRules(router, lbRules);
} else if (rules.get(0).getPurpose() == Purpose.PortForwarding) {
return applyPortForwardingRules(router, (List<PortForwardingRule>)rules);
} else if (rules.get(0).getPurpose() == Purpose.StaticNat) {
return applyStaticNatRules(router, (List<StaticNatRule>)rules);
}else {
s_logger.warn("Unable to apply rules of purpose: " + rules.get(0).getPurpose());
return false;
}
} else {
return true;
}
} else if (router.getState() == State.Stopped || router.getState() == State.Stopping){
s_logger.debug("Router is in " + router.getState() + ", so not sending apply firewall rules commands to the backend");
return true;
} else {
s_logger.warn("Unable to apply firewall rules, virtual router is not in the right state " + router.getState());
throw new CloudRuntimeException("Unable to apply firewall rules, domR is not in right state " + router.getState());
}
}
protected boolean applyLBRules(DomainRouterVO router, List<LoadBalancingRule> rules) throws ResourceUnavailableException {
Commands cmds = new Commands(OnError.Continue);
createApplyLoadBalancingRulesCommands(rules, router, cmds);
//Send commands to router
return sendCommandsToRouter(router, cmds);
}
@Override
public boolean applyPortForwardingRules(Network network, List<PortForwardingRuleTO> rules) throws AgentUnavailableException {
DomainRouterVO router = _routerDao.findByNetwork(network.getId());
protected boolean applyPortForwardingRules(DomainRouterVO router, List<PortForwardingRule> rules) throws ResourceUnavailableException {
Commands cmds = new Commands(OnError.Continue);
createApplyPortForwardingRulesCommands(rules, router, cmds);
//Send commands to router
return sendCommandsToRouter(router, cmds);
}
protected boolean applyStaticNatRules(DomainRouterVO router, List<StaticNatRule> rules) throws ResourceUnavailableException {
Commands cmds = new Commands(OnError.Continue);
createApplyStaticNatRulesCommands(rules, router, cmds);
//Send commands to router
return sendCommandsToRouter(router, cmds);
}
private List<Long> findLonelyRouters() {
List<Long> routersToStop = new ArrayList<Long>();

14
server/src/com/cloud/network/rules/FirewallRuleVO.java
View File

@ -79,9 +79,6 @@ public class FirewallRuleVO implements FirewallRule {
@Column(name=GenericDao.CREATED_COLUMN)
Date created;
@Column(name="is_static_nat", updatable=false)
boolean oneToOneNat;
@Column(name="network_id")
long networkId;
@ -151,7 +148,7 @@ public class FirewallRuleVO implements FirewallRule {
protected FirewallRuleVO() {
}
public FirewallRuleVO(String xId, long ipAddressId, int portStart, int portEnd, String protocol, long networkId, long accountId, long domainId, Purpose purpose, boolean isOneToOneNat) {
public FirewallRuleVO(String xId, long ipAddressId, int portStart, int portEnd, String protocol, long networkId, long accountId, long domainId, Purpose purpose) {
this.xId = xId;
if (xId == null) {
this.xId = UUID.randomUUID().toString();
@ -165,11 +162,10 @@ public class FirewallRuleVO implements FirewallRule {
this.purpose = purpose;
this.networkId = networkId;
this.state = State.Staged;
this.oneToOneNat = isOneToOneNat;
}
public FirewallRuleVO(String xId, long ipAddressId, int port, String protocol, long networkId, long accountId, long domainId, Purpose purpose, boolean isOneToOneNat) {
this(xId, ipAddressId, port, port, protocol, networkId, accountId, domainId, purpose, isOneToOneNat);
public FirewallRuleVO(String xId, long ipAddressId, int port, String protocol, long networkId, long accountId, long domainId, Purpose purpose) {
this(xId, ipAddressId, port, port, protocol, networkId, accountId, domainId, purpose);
}
@Override
@ -177,8 +173,4 @@ public class FirewallRuleVO implements FirewallRule {
return new StringBuilder("Rule[").append(id).append("-").append(purpose).append("-").append(state).append("]").toString();
}
@Override
public boolean isOneToOneNat() {
return oneToOneNat;
}
}

8
server/src/com/cloud/network/rules/PortForwardingRuleVO.java
View File

@ -52,16 +52,16 @@ public class PortForwardingRuleVO extends FirewallRuleVO implements PortForwardi
public PortForwardingRuleVO() {
}
public PortForwardingRuleVO(String xId, long srcIpId, int srcPortStart, int srcPortEnd, Ip dstIp, int dstPortStart, int dstPortEnd, String protocol, long networkId, long accountId, long domainId, long instanceId, boolean isOneToOneNat) {
super(xId, srcIpId, srcPortStart, srcPortEnd, protocol, networkId, accountId, domainId, Purpose.PortForwarding, isOneToOneNat);
public PortForwardingRuleVO(String xId, long srcIpId, int srcPortStart, int srcPortEnd, Ip dstIp, int dstPortStart, int dstPortEnd, String protocol, long networkId, long accountId, long domainId, long instanceId) {
super(xId, srcIpId, srcPortStart, srcPortEnd, protocol, networkId, accountId, domainId, Purpose.PortForwarding);
this.destinationIpAddress = dstIp;
this.virtualMachineId = instanceId;
this.destinationPortStart = dstPortStart;
this.destinationPortEnd = dstPortEnd;
}
public PortForwardingRuleVO(String xId, long srcIpId, int srcPort, Ip dstIp, int dstPort, String protocol, long networkId, long accountId, long domainId, long instanceId, boolean isOneToOneNat) {
this(xId, srcIpId, srcPort, srcPort, dstIp, dstPort, dstPort, protocol.toLowerCase(), networkId, accountId, domainId, instanceId, isOneToOneNat);
public PortForwardingRuleVO(String xId, long srcIpId, int srcPort, Ip dstIp, int dstPort, String protocol, long networkId, long accountId, long domainId, long instanceId) {
this(xId, srcIpId, srcPort, srcPort, dstIp, dstPort, dstPort, protocol.toLowerCase(), networkId, accountId, domainId, instanceId);
}
@Override

12
server/src/com/cloud/network/rules/RulesManager.java
View File

@ -35,8 +35,12 @@ public interface RulesManager extends RulesService {
boolean applyPortForwardingRules(long ipAddressId, boolean continueOnError, Account caller);
boolean applyStaticNatRules(long sourceIpId, boolean continueOnError, Account caller);
boolean applyPortForwardingRulesForNetwork(long networkId, boolean continueOnError, Account caller);
boolean applyStaticNatRulesForNetwork(long networkId, boolean continueOnError, Account caller);
/**
* detectRulesConflict finds conflicts in networking rules. It checks for
* conflicts between the following types of netowrking rules;
@ -59,7 +63,7 @@ public interface RulesManager extends RulesService {
void checkIpAndUserVm(IpAddress ipAddress, UserVm userVm, Account caller) throws InvalidParameterValueException, PermissionDeniedException;
void checkRuleAndUserVm(FirewallRule rule, UserVm userVm, Account caller) throws InvalidParameterValueException, PermissionDeniedException;
boolean revokeAllRules(long ipId, long userId) throws ResourceUnavailableException;
boolean revokeAllRules(long ipId, long userId, Account caller) throws ResourceUnavailableException;
List<? extends FirewallRule> listFirewallRulesByIp(long ipAddressId);
@ -73,10 +77,14 @@ public interface RulesManager extends RulesService {
List<? extends PortForwardingRule> gatherPortForwardingRulesForApplication(List<? extends IpAddress> addrs);
boolean revokePortForwardingRule(long vmId);
boolean revokePortForwardingRulesForVm(long vmId);
boolean revokeStaticNatRulesForVm(long vmId);
FirewallRule[] reservePorts(IpAddress ip, String protocol, FirewallRule.Purpose purpose, int... ports) throws NetworkRuleConflictException;
boolean releasePorts(long ipId, String protocol, FirewallRule.Purpose purpose, int... ports);
List<PortForwardingRuleVO> listByNetworkId(long networkId);
}

472
server/src/com/cloud/network/rules/RulesManagerImpl.java
View File

@ -26,7 +26,6 @@ import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
import com.cloud.agent.api.to.PortForwardingRuleTO;
import com.cloud.api.commands.ListPortForwardingRulesCmd;
import com.cloud.domain.Domain;
import com.cloud.domain.DomainVO;
@ -100,9 +99,9 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
continue; // Skips my own rule.
}
if (rule.isOneToOneNat() && !newRule.isOneToOneNat()) {
if (rule.getPurpose() == Purpose.StaticNat && newRule.getPurpose() != Purpose.StaticNat) {
throw new NetworkRuleConflictException("There is 1 to 1 Nat rule specified for the ip address id=" + newRule.getSourceIpAddressId());
} else if (!rule.isOneToOneNat() && newRule.isOneToOneNat()) {
} else if (rule.getPurpose() != Purpose.StaticNat && newRule.getPurpose() == Purpose.StaticNat) {
throw new NetworkRuleConflictException("There is already firewall rule specified for the ip address id=" + newRule.getSourceIpAddressId());
}
@ -176,8 +175,8 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
@Override @DB @ActionEvent (eventType=EventTypes.EVENT_NET_RULE_ADD, eventDescription="creating forwarding rule", create=true)
public PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId, boolean isNat) throws NetworkRuleConflictException {
@Override @ActionEvent (eventType=EventTypes.EVENT_NET_RULE_ADD, eventDescription="creating forwarding rule", create=true)
public PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId) throws NetworkRuleConflictException {
UserContext ctx = UserContext.current();
Account caller = ctx.getCaller();
@ -185,10 +184,12 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
IPAddressVO ipAddress = _ipAddressDao.findById(ipAddrId);
//Verify ip address existst and if 1-1 nat is enabled for it
//Validate ip address
if (ipAddress == null) {
throw new InvalidParameterValueException("Unable to create ip forwarding rule; ip id=" + ipAddrId + " doesn't exist in the system");
} else {
throw new InvalidParameterValueException("Unable to create port forwarding rule; ip id=" + ipAddrId + " doesn't exist in the system");
} else if (ipAddress.isOneToOneNat()) {
throw new InvalidParameterValueException("Unable to create port forwarding rule; ip id=" + ipAddrId + " has static nat enabled");
}else {
_accountMgr.checkAccess(caller, ipAddress);
}
@ -200,20 +201,14 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
// validate user VM exists
vm = _vmDao.findById(vmId);
if (vm == null) {
throw new InvalidParameterValueException("Unable to create ip forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + vmId + ").");
throw new InvalidParameterValueException("Unable to create port forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + vmId + ").");
} else {
checkRuleAndUserVm(rule, vm, caller);
}
dstIp = null;
List<? extends Nic> nics = _networkMgr.getNics(vm);
for (Nic nic : nics) {
Network ntwk = _networkMgr.getNetwork(nic.getNetworkId());
if (ntwk.getGuestType() == GuestIpType.Virtual && nic.getIp4Address() != null) {
network = ntwk;
dstIp = new Ip(nic.getIp4Address());
break;
}
}
Pair<Network, Ip> guestNic = getUserVmGuestIpAddress(vm, false);
dstIp = guestNic.second();
network = guestNic.first();
if (network == null) {
throw new CloudRuntimeException("Unable to find ip address to map to in vm id=" + vmId);
@ -230,11 +225,6 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
networkId = network.getId();
long accountId = network.getAccountId();
long domainId = network.getDomainId();
if (isNat && (ipAddress.isSourceNat() || !ipAddress.isOneToOneNat() || ipAddress.getAssociatedWithVmId() == null)) {
throw new NetworkRuleConflictException("Can't do one to one NAT on ip address: " + ipAddress.getAddress());
}
//Verify that the network guru supports the protocol specified
Map<Network.Capability, String> firewallCapability = _networkMgr.getServiceCapability(network.getDataCenterId(), Service.Firewall);
@ -244,7 +234,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
//start port can't be bigger than end port
if (rule.getDestinationPortStart() > rule.getDestinationPortEnd()) {
if (rule.getDestinationPortStart() > rule.getDestinationPortEnd() || rule.getSourcePortStart() > rule.getSourcePortEnd()) {
throw new InvalidParameterValueException("Start port can't be bigger than end port");
}
@ -259,7 +249,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
rule.getProtocol().toLowerCase(),
networkId,
accountId,
domainId, vmId, isNat);
domainId, vmId);
newRule = _forwardingDao.persist(newRule);
try {
@ -280,6 +270,96 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
}
@Override @ActionEvent (eventType=EventTypes.EVENT_NET_RULE_ADD, eventDescription="creating static nat rule", create=true)
public StaticNatRule createStaticNatRule(StaticNatRule rule) throws NetworkRuleConflictException {
UserContext ctx = UserContext.current();
Account caller = ctx.getCaller();
Long ipAddrId = rule.getSourceIpAddressId();
IPAddressVO ipAddress = _ipAddressDao.findById(ipAddrId);
//Verify ip address existst and if 1-1 nat is enabled for it
if (ipAddress == null) {
throw new InvalidParameterValueException("Unable to create static nat rule; ip id=" + ipAddrId + " doesn't exist in the system");
} else if (ipAddress.isSourceNat() || !ipAddress.isOneToOneNat() || ipAddress.getAssociatedWithVmId() == null) {
throw new NetworkRuleConflictException("Can't do static nat on ip address: " + ipAddress.getAddress());
}else {
_accountMgr.checkAccess(caller, ipAddress);
}
//Get vm information and verify it
long vmId = ipAddress.getAssociatedWithVmId();
// validate user VM exists
UserVmVO vm = _vmDao.findById(vmId);
if (vm == null) {
throw new InvalidParameterValueException("Unable to create ip forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + vmId + ").");
} else {
checkRuleAndUserVm(rule, vm, caller);
}
Pair<Network, Ip> guestNic = getUserVmGuestIpAddress(vm, false);
Ip dstIp = guestNic.second();
Network guestNetwork = guestNic.first();
if (guestNetwork == null) {
throw new CloudRuntimeException("Unable to find ip address to map to in vm id=" + vmId);
}
_accountMgr.checkAccess(caller, guestNetwork);
long accountId = guestNetwork.getAccountId();
long domainId = guestNetwork.getDomainId();
//Verify that the network guru supports the protocol specified
Map<Network.Capability, String> firewallCapability = _networkMgr.getServiceCapability(guestNetwork.getDataCenterId(), Service.Firewall);
String supportedProtocols = firewallCapability.get(Capability.SupportedProtocols).toLowerCase();
if (!supportedProtocols.contains(rule.getProtocol().toLowerCase())) {
throw new InvalidParameterValueException("Protocol " + rule.getProtocol() + " is not supported in zone " + guestNetwork.getDataCenterId());
}
//start port can't be bigger than end port
if (rule.getSourcePortStart() > rule.getSourcePortEnd()) {
throw new InvalidParameterValueException("Start port can't be bigger than end port");
}
FirewallRuleVO newRule =
new FirewallRuleVO(rule.getXid(),
rule.getSourceIpAddressId(),
rule.getSourcePortStart(),
rule.getSourcePortEnd(),
rule.getProtocol().toLowerCase(),
guestNetwork.getId(),
accountId,
domainId,
rule.getPurpose());
newRule = _firewallDao.persist(newRule);
try {
detectRulesConflict(newRule, ipAddress);
if (!_firewallDao.setStateToAdd(newRule)) {
throw new CloudRuntimeException("Unable to update the state to add for " + newRule);
}
UserContext.current().setEventDetails("Rule Id: "+newRule.getId());
UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_NET_RULE_ADD, newRule.getAccountId(), 0, newRule.getId(), null);
_usageEventDao.persist(usageEvent);
StaticNatRule staticNatRule = new StaticNatRuleImpl(newRule, dstIp.addr());
return staticNatRule;
} catch (Exception e) {
_forwardingDao.remove(newRule.getId());
if (e instanceof NetworkRuleConflictException) {
throw (NetworkRuleConflictException)e;
}
throw new CloudRuntimeException("Unable to add static nat rule for the ip id=" + newRule.getSourceIpAddressId(), e);
}
}
@Override
public boolean enableOneToOneNat(long ipId, long vmId) throws NetworkRuleConflictException{
IPAddressVO ipAddress = _ipAddressDao.findById(ipId);
@ -298,7 +378,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
if (!ipAddress.isOneToOneNat()) {
List<FirewallRuleVO> rules = _firewallDao.listByIpAndNotRevoked(ipId, false);
List<FirewallRuleVO> rules = _firewallDao.listByIpAndNotRevoked(ipId, Purpose.PortForwarding);
if (rules != null && !rules.isEmpty()) {
throw new NetworkRuleConflictException("Failed to enable one to one nat for the ip address id=" + ipAddress.getId() + " as it already has firewall rules assigned");
}
@ -314,20 +394,6 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
protected Pair<Network, Ip> getUserVmGuestIpAddress(UserVm vm) {
Ip dstIp = null;
List<? extends Nic> nics = _networkMgr.getNics(vm);
for (Nic nic : nics) {
Network ntwk = _networkMgr.getNetwork(nic.getNetworkId());
if (ntwk.getGuestType() == GuestIpType.Virtual) {
dstIp = new Ip(nic.getIp4Address());
return new Pair<Network, Ip>(ntwk, dstIp);
}
}
throw new CloudRuntimeException("Unable to find ip address to map to in " + vm.getId());
}
@DB
protected void revokeRule(FirewallRuleVO rule, Account caller, long userId) {
if (caller != null) {
@ -347,7 +413,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
// Save and create the event
String ruleName = rule.getPurpose() == Purpose.Firewall ? "Firewall" : (rule.isOneToOneNat() ? "ip forwarding" : "port forwarding");
String ruleName = rule.getPurpose() == Purpose.Firewall ? "Firewall" : (rule.getPurpose() == FirewallRule.Purpose.StaticNat ? "ip forwarding" : "port forwarding");
StringBuilder description = new StringBuilder("deleted ").append(ruleName).append(" rule [ipAddressId=").append(rule.getSourceIpAddressId()).append(":").append(rule.getSourcePortStart()).append("-").append(rule.getSourcePortEnd()).append("]");
if (rule.getPurpose() == Purpose.PortForwarding) {
PortForwardingRuleVO pfRule = (PortForwardingRuleVO)rule;
@ -360,10 +426,6 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
@Override @ActionEvent (eventType=EventTypes.EVENT_NET_RULE_DELETE, eventDescription="revoking forwarding rule", async=true)
public boolean revokePortForwardingRule(long ruleId, boolean apply) {
return revokePortForwardingRuleInternal(ruleId, apply);
}
private boolean revokePortForwardingRuleInternal(long ruleId, boolean apply) {
UserContext ctx = UserContext.current();
Account caller = ctx.getCaller();
@ -372,10 +434,17 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
throw new InvalidParameterValueException("Unable to find " + ruleId);
}
long ownerId = rule.getAccountId();
_accountMgr.checkAccess(caller, rule);
revokeRule(rule, caller, ctx.getCallerUserId());
return revokePortForwardingRuleInternal(ruleId, caller, ctx.getCallerUserId(), apply);
}
private boolean revokePortForwardingRuleInternal(long ruleId, Account caller, long userId, boolean apply) {
PortForwardingRuleVO rule = _forwardingDao.findById(ruleId);
long ownerId = rule.getAccountId();
revokeRule(rule, caller, userId);
boolean success = false;
@ -391,8 +460,44 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
return success;
}
@Override @ActionEvent (eventType=EventTypes.EVENT_NET_RULE_DELETE, eventDescription="revoking forwarding rule", async=true)
public boolean revokeStaticNatRule(long ruleId, boolean apply) {
UserContext ctx = UserContext.current();
Account caller = ctx.getCaller();
FirewallRuleVO rule = _firewallDao.findById(ruleId);
if (rule == null) {
throw new InvalidParameterValueException("Unable to find " + ruleId);
}
_accountMgr.checkAccess(caller, rule);
return revokeStaticNatRuleInternal(ruleId, caller, ctx.getCallerUserId(), apply);
}
private boolean revokeStaticNatRuleInternal(long ruleId, Account caller, long userId, boolean apply) {
FirewallRuleVO rule = _firewallDao.findById(ruleId);
revokeRule(rule, caller, userId);
boolean success = false;
if (apply) {
success = applyStaticNatRules(rule.getSourceIpAddressId(), true, caller);
} else {
success = true;
}
if(success){
UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_NET_RULE_DELETE, rule.getAccountId(), 0, ruleId, null);
_usageEventDao.persist(usageEvent);
}
return success;
}
@Override
public boolean revokePortForwardingRule(long vmId) {
public boolean revokePortForwardingRulesForVm(long vmId) {
UserVmVO vm = _vmDao.findByIdIncludingRemoved(vmId);
if (vm == null) {
return false;
@ -401,17 +506,35 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
List<PortForwardingRuleVO> rules = _forwardingDao.listByVm(vmId);
if (rules == null || rules.isEmpty()) {
s_logger.debug("No port forwarding rules are found for vm id=" + vmId);
return true;
}
for (PortForwardingRuleVO rule : rules) {
revokePortForwardingRuleInternal(rule.getId(), true);
revokePortForwardingRuleInternal(rule.getId(), _accountMgr.getSystemAccount(), Account.ACCOUNT_ID_SYSTEM, true);
}
return true;
}
public List<? extends FirewallRule> listFirewallRules(long ipId) {
return _firewallDao.listByIpAndNotRevoked(ipId, null);
@Override
public boolean revokeStaticNatRulesForVm(long vmId) {
UserVmVO vm = _vmDao.findByIdIncludingRemoved(vmId);
if (vm == null) {
return false;
}
List<FirewallRuleVO> rules = _firewallDao.listStaticNatByVmId(vm.getId());
if (rules == null || rules.isEmpty()) {
s_logger.debug("No static nat rules are found for vm id=" + vmId);
return true;
}
for (FirewallRuleVO rule : rules) {
revokeStaticNatRuleInternal(rule.getId(), _accountMgr.getSystemAccount(), Account.ACCOUNT_ID_SYSTEM, true);
}
return true;
}
@Override
@ -447,7 +570,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
sb.and("ip", sb.entity().getSourceIpAddressId(), Op.EQ);
sb.and("accountId", sb.entity().getAccountId(), Op.EQ);
sb.and("domainId", sb.entity().getDomainId(), Op.EQ);
sb.and("oneToOneNat", sb.entity().isOneToOneNat(), Op.EQ);
sb.and("purpose", sb.entity().getPurpose(), Op.EQ);
if (path != null) {
//for domain admin we should show only subdomains information
@ -470,7 +593,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
}
sc.setParameters("oneToOneNat", false);
sc.setParameters("purpose", Purpose.PortForwarding);
if (path != null) {
sc.setJoinParameters("domainSearch", "path", path + "%");
@ -504,14 +627,56 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
return true;
}
@Override
public boolean applyStaticNatRules(long sourceIpId, boolean continueOnError, Account caller){
List<FirewallRuleVO> rules = _firewallDao.listByIpAndPurpose(sourceIpId, Purpose.StaticNat);
List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>();
if (rules.size() == 0) {
s_logger.debug("There are no firwall rules to apply for ip id=" + sourceIpId);
return true;
}
for (FirewallRuleVO rule : rules) {
IpAddress sourceIp = _ipAddressDao.findById(rule.getSourceIpAddressId());
UserVmVO vm = _vmDao.findById(sourceIp.getAssociatedWithVmId());
Pair<Network, Ip> guestNic = getUserVmGuestIpAddress(vm, true);
Ip dstIp = guestNic.second();
Network network = guestNic.first();
if (network == null) {
throw new CloudRuntimeException("Unable to find ip address to map to in vm id=" + vm.getId());
}
staticNatRules.add(new StaticNatRuleImpl(rule, dstIp.addr()));
}
if (caller != null) {
_accountMgr.checkAccess(caller, staticNatRules.toArray(new StaticNatRule[staticNatRules.size()]));
}
try {
if (!applyRules(staticNatRules, continueOnError)) {
return false;
}
} catch (ResourceUnavailableException ex) {
s_logger.warn("Failed to apply static nat rules due to ", ex);
return false;
}
return true;
}
@Override
public boolean applyPortForwardingRulesForNetwork(long networkId, boolean continueOnError, Account caller){
List<PortForwardingRuleVO> rules = listByNetworkId(networkId);
if (rules.size() == 0) {
s_logger.debug("There are no firewall rules to apply for network id=" + networkId);
s_logger.debug("There are no port forwarding rules to apply for network id=" + networkId);
return true;
}
if (caller != null) {
_accountMgr.checkAccess(caller, rules.toArray(new PortForwardingRuleVO[rules.size()]));
}
@ -528,17 +693,63 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
return true;
}
private boolean applyRules(List<PortForwardingRuleVO> rules, boolean continueOnError) throws ResourceUnavailableException{
@Override
public boolean applyStaticNatRulesForNetwork(long networkId, boolean continueOnError, Account caller){
List<FirewallRuleVO> rules = _firewallDao.listByNetworkIdAndPurpose(networkId, Purpose.StaticNat);
List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>();
if (rules.size() == 0) {
s_logger.debug("There are no static nat rules to apply for network id=" + networkId);
return true;
}
if (caller != null) {
_accountMgr.checkAccess(caller, rules.toArray(new FirewallRule[rules.size()]));
}
for (FirewallRuleVO rule : rules) {
IpAddress sourceIp = _ipAddressDao.findById(rule.getSourceIpAddressId());
UserVmVO vm = _vmDao.findById(sourceIp.getAssociatedWithVmId());
Pair<Network, Ip> guestNic = getUserVmGuestIpAddress(vm, true);
Ip dstIp = guestNic.second();
Network network = guestNic.first();
if (network == null) {
throw new CloudRuntimeException("Unable to find ip address to map to in vm id=" + vm.getId());
}
staticNatRules.add(new StaticNatRuleImpl(rule, dstIp.addr()));
}
try {
if (!applyRules(staticNatRules, continueOnError)) {
return false;
}
} catch (ResourceUnavailableException ex) {
s_logger.warn("Failed to apply firewall rules due to ", ex);
return false;
}
return true;
}
private boolean applyRules(List<? extends FirewallRule> rules, boolean continueOnError) throws ResourceUnavailableException{
if (!_networkMgr.applyRules(rules, continueOnError)) {
s_logger.warn("Rules are not completely applied");
return false;
} else {
for (PortForwardingRuleVO rule : rules) {
for (FirewallRule rule : rules) {
if (rule.getState() == FirewallRule.State.Revoke) {
_forwardingDao.remove(rule.getId());
_firewallDao.remove(rule.getId());
} else if (rule.getState() == FirewallRule.State.Add) {
rule.setState(FirewallRule.State.Active);
_forwardingDao.update(rule.getId(), rule);
FirewallRuleVO ruleVO = _firewallDao.findById(rule.getId());
ruleVO.setState(FirewallRule.State.Active);
_firewallDao.update(ruleVO.getId(), ruleVO);
}
}
return true;
@ -546,7 +757,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
@Override
public List<PortForwardingRuleVO> searchForIpForwardingRules(Long ipId, Long id, Long vmId, Long start, Long size, String accountName, Long domainId) {
public List<? extends FirewallRule> searchStaticNatRules(Long ipId, Long id, Long vmId, Long start, Long size, String accountName, Long domainId) {
Account caller = UserContext.current().getCaller();
String path = null;
@ -568,11 +779,11 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
Filter filter = new Filter(PortForwardingRuleVO.class, "id", false, start, size);
SearchBuilder<PortForwardingRuleVO> sb = _forwardingDao.createSearchBuilder();
SearchBuilder<FirewallRuleVO> sb = _firewallDao.createSearchBuilder();
sb.and("ip", sb.entity().getSourceIpAddressId(), Op.EQ);
sb.and("accountId", sb.entity().getAccountId(), Op.EQ);
sb.and("domainId", sb.entity().getDomainId(), Op.EQ);
sb.and("oneToOneNat", sb.entity().isOneToOneNat(), Op.EQ);
sb.and("purpose", sb.entity().getPurpose(), Op.EQ);
sb.and("id", sb.entity().getId(), Op.EQ);
if (path != null) {
@ -588,7 +799,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
sb.join("ipSearch", ipSearch, sb.entity().getSourceIpAddressId(), ipSearch.entity().getId(), JoinBuilder.JoinType.INNER);
}
SearchCriteria<PortForwardingRuleVO> sc = sb.create();
SearchCriteria<FirewallRuleVO> sc = sb.create();
if (id != null) {
sc.setParameters("id", id);
@ -606,7 +817,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
}
sc.setParameters("oneToOneNat", true);
sc.setParameters("purpose", Purpose.StaticNat);
if (path != null) {
sc.setJoinParameters("domainSearch", "path", path + "%");
@ -616,29 +827,52 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
sc.setJoinParameters("ipSearch", "associatedWithVmId", vmId);
}
return _forwardingDao.search(sc, filter);
return _firewallDao.search(sc, filter);
}
@Override @ActionEvent (eventType=EventTypes.EVENT_NET_RULE_ADD, eventDescription="applying forwarding rule", async=true)
@Override @ActionEvent (eventType=EventTypes.EVENT_NET_RULE_ADD, eventDescription="applying port forwarding rule", async=true)
public boolean applyPortForwardingRules(long ipId, Account caller) throws ResourceUnavailableException {
return applyPortForwardingRules(ipId, false, caller);
}
@Override @ActionEvent (eventType=EventTypes.EVENT_NET_RULE_ADD, eventDescription="applying static nat rule", async=true)
public boolean applyStaticNatRules(long ipId, Account caller) throws ResourceUnavailableException {
return applyStaticNatRules(ipId, false, caller);
}
@Override
public boolean revokeAllRules(long ipId, long userId) throws ResourceUnavailableException {
List<PortForwardingRuleVO> rules = _forwardingDao.listByIpAndNotRevoked(ipId);
public boolean revokeAllRules(long ipId, long userId, Account caller) throws ResourceUnavailableException {
List<FirewallRule> rules = new ArrayList<FirewallRule>();
//revoke all port forwarding rules
List<PortForwardingRuleVO> pfRules = _forwardingDao.listByIpAndNotRevoked(ipId);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Releasing " + rules.size() + " rules for ip id=" + ipId);
s_logger.debug("Releasing " + pfRules.size() + " port forwarding rules for ip id=" + ipId);
}
for (PortForwardingRuleVO rule : rules) {
revokeRule(rule, null, userId);
for (PortForwardingRuleVO rule : pfRules) {
revokePortForwardingRuleInternal(rule.getId(), caller, userId, true);
}
applyPortForwardingRules(ipId, true, null);
//revoke all all static nat rules
List<FirewallRuleVO> staticNatRules = _firewallDao.listByIpAndNotRevoked(ipId, Purpose.StaticNat);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Releasing " + pfRules.size() + " static nat rules for ip id=" + ipId);
}
for (FirewallRuleVO rule : staticNatRules) {
revokeStaticNatRuleInternal(rule.getId(), caller, userId, true);
}
applyStaticNatRules(ipId, true, null);
// Now we check again in case more rules have been inserted.
rules = _forwardingDao.listByIpAndNotRevoked(ipId);
rules.addAll(_forwardingDao.listByIpAndNotRevoked(ipId));
rules.addAll(_firewallDao.listByIpAndPurpose(ipId, Purpose.StaticNat));
if (s_logger.isDebugEnabled()) {
s_logger.debug("Successfully released rules for ip id=" + ipId + " and # of rules now = " + rules.size());
@ -693,7 +927,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
ip.getAssociatedWithNetworkId(),
ip.getAllocatedToAccountId(),
ip.getAllocatedInDomainId(),
purpose, ip.isOneToOneNat());
purpose);
rules[i] = _firewallDao.persist(rules[i]);
}
txn.commit();
@ -743,24 +977,6 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
return _forwardingDao.listByNetworkId(networkId);
}
public boolean isLastOneToOneNatRule(FirewallRule ruleToCheck) {
List<FirewallRuleVO> rules = _firewallDao.listByIpAndNotRevoked(ruleToCheck.getSourceIpAddressId(), false);
if (rules != null && !rules.isEmpty()) {
for (FirewallRuleVO rule : rules) {
if (ruleToCheck.getId() == rule.getId()) {
continue;
}
if (rule.isOneToOneNat()) {
return false;
}
}
} else {
return true;
}
return true;
}
@Override
public boolean disableOneToOneNat(long ipId){
Account caller = UserContext.current().getCaller();
@ -772,7 +988,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
throw new InvalidParameterValueException("One to one nat is not enabled for the ip id=" + ipId);
}
List<FirewallRuleVO> rules = _firewallDao.listByIpAndNotRevoked(ipId, true);
List<FirewallRuleVO> rules = _firewallDao.listByIpAndNotRevoked(ipId, Purpose.StaticNat);
if (rules != null) {
for (FirewallRuleVO rule : rules) {
rule.setState(State.Revoke);
@ -782,7 +998,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
}
if (applyPortForwardingRules(ipId, true, caller)) {
if (applyStaticNatRules(ipId, true, caller)) {
ipAddress.setOneToOneNat(false);
ipAddress.setAssociatedWithVmId(null);
_ipAddressDao.update(ipAddress.getId(), ipAddress);
@ -793,23 +1009,57 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
}
}
@Override
public List<PortForwardingRuleTO> buildPortForwardingTOrules(List<? extends PortForwardingRule> pfRules) {
if (pfRules != null) {
List<PortForwardingRuleTO> rulesTO = new ArrayList<PortForwardingRuleTO>();
for (PortForwardingRule rule : pfRules) {
IpAddress sourceIp = _networkMgr.getIp(rule.getSourceIpAddressId());
PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, sourceIp.getAddress().addr());
rulesTO.add(ruleTO);
}
return rulesTO;
} else {
return null;
}
}
@Override
public PortForwardingRule getPortForwardigRule(long ruleId) {
return _forwardingDao.findById(ruleId);
}
@Override
public FirewallRule getFirewallRule(long ruleId) {
return _firewallDao.findById(ruleId);
}
protected Pair<Network, Ip> getUserVmGuestIpAddress(UserVm vm, boolean includeRemovedNics) {
Ip dstIp = null;
List<? extends Nic> nics;
if (includeRemovedNics) {
nics = _networkMgr.getNicsIncludingRemoved(vm);
} else {
nics = _networkMgr.getNics(vm);
}
for (Nic nic : nics) {
Network ntwk = _networkMgr.getNetwork(nic.getNetworkId());
if (ntwk.getGuestType() == GuestIpType.Virtual && nic.getIp4Address() != null) {
dstIp = new Ip(nic.getIp4Address());
return new Pair<Network, Ip>(ntwk, dstIp);
}
}
throw new CloudRuntimeException("Unable to find ip address to map to in " + vm.getId());
}
@Override
public StaticNatRule buildStaticNatRule(FirewallRule rule) {
IpAddress ip = _ipAddressDao.findById(rule.getSourceIpAddressId());
FirewallRuleVO ruleVO = _firewallDao.findById(rule.getId());
if (ip == null || !ip.isOneToOneNat()) {
throw new InvalidParameterValueException("Source ip address of the rule id=" + rule.getId() + " is not static nat enabled");
}
UserVm vm = _vmDao.findById(ip.getAssociatedWithVmId());
if (vm == null) {
throw new InvalidParameterValueException("Static nat rule id=" + rule.getId() + " doesn't have vm assocaited with it");
}
Pair<Network, Ip> guestNic = getUserVmGuestIpAddress(vm, false);
Ip dstIp = guestNic.second();
return new StaticNatRuleImpl(ruleVO, dstIp.addr());
}
}

108
server/src/com/cloud/network/rules/StaticNatRuleImpl.java Normal file
View File

@ -0,0 +1,108 @@
/**
* Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
*
* This software is licensed under the GNU General Public License v3 or later.
*
* It is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.cloud.network.rules;
public class StaticNatRuleImpl implements StaticNatRule{
long id;
String xid;
String protocol;
int portStart;
int portEnd;
State state;
long accountId;
long domainId;
long networkId;
long sourceIpAddressId;
String destIpAddress;
public StaticNatRuleImpl(FirewallRuleVO rule, String dstIp) {
this.id = rule.getId();
this.xid = rule.getXid();
this.protocol = rule.getProtocol();
this.portStart = rule.getSourcePortStart();
this.portEnd = rule.getSourcePortEnd();
this.state = rule.getState();
this.accountId = rule.getAccountId();
this.domainId = rule.getDomainId();
this.networkId = rule.getNetworkId();
this.sourceIpAddressId = rule.getSourceIpAddressId();
this.destIpAddress = dstIp;
}
@Override
public String getProtocol() {
return protocol;
}
@Override
public int getSourcePortEnd() {
return portEnd;
}
@Override
public Purpose getPurpose() {
return Purpose.StaticNat;
}
@Override
public State getState() {
return state;
}
@Override
public long getAccountId() {
return accountId;
}
@Override
public long getDomainId() {
return domainId;
}
@Override
public long getNetworkId() {
return networkId;
}
@Override
public long getId() {
return id;
}
@Override
public int getSourcePortStart() {
return portStart;
}
@Override
public long getSourceIpAddressId() {
return sourceIpAddressId;
}
@Override
public String getDestIpAddress() {
return destIpAddress;
}
@Override
public String getXid() {
return xid;
}
}

19
server/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java
View File

@ -21,9 +21,9 @@ import java.util.List;
import javax.ejb.Local;
import com.cloud.network.rules.FirewallRule.Purpose;
import com.cloud.network.rules.FirewallRule.State;
import com.cloud.network.rules.PortForwardingRuleVO;
import com.cloud.utils.db.Filter;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
@ -47,25 +47,31 @@ public class PortForwardingRulesDaoImpl extends GenericDaoBase<PortForwardingRul
AllFieldsSearch.and("protocol", AllFieldsSearch.entity().getProtocol(), Op.EQ);
AllFieldsSearch.and("networkId", AllFieldsSearch.entity().getNetworkId(), Op.EQ);
AllFieldsSearch.and("vmId", AllFieldsSearch.entity().getVirtualMachineId(), Op.EQ);
AllFieldsSearch.and("oneToOneNat", AllFieldsSearch.entity().isOneToOneNat(), Op.EQ);
AllFieldsSearch.and("purpose", AllFieldsSearch.entity().getPurpose(), Op.EQ);
AllFieldsSearch.done();
ApplicationSearch = createSearchBuilder();
ApplicationSearch.and("ipId", ApplicationSearch.entity().getSourceIpAddressId(), Op.EQ);
ApplicationSearch.and("state", ApplicationSearch.entity().getState(), Op.NEQ);
ApplicationSearch.and("purpose", ApplicationSearch.entity().getPurpose(), Op.EQ);
ApplicationSearch.done();
ActiveRulesSearch = createSearchBuilder();
ActiveRulesSearch.and("ipId", ActiveRulesSearch.entity().getSourceIpAddressId(), Op.EQ);
ActiveRulesSearch.and("state", ActiveRulesSearch.entity().getState(), Op.NEQ);
ActiveRulesSearch.and("purpose", ActiveRulesSearch.entity().getPurpose(), Op.EQ);
ActiveRulesSearch.done();
AllRulesSearchByVM = createSearchBuilder();
AllRulesSearchByVM.and("vmId", AllRulesSearchByVM.entity().getVirtualMachineId(), Op.EQ);
AllRulesSearchByVM.and("purpose", AllRulesSearchByVM.entity().getPurpose(), Op.EQ);
AllRulesSearchByVM.done();
ActiveRulesSearchByAccount = createSearchBuilder();
ActiveRulesSearchByAccount.and("accountId", ActiveRulesSearchByAccount.entity().getAccountId(), Op.EQ);
ActiveRulesSearchByAccount.and("state", ActiveRulesSearchByAccount.entity().getState(), Op.NEQ);
ActiveRulesSearchByAccount.and("purpose", ActiveRulesSearchByAccount.entity().getPurpose(), Op.EQ);
ActiveRulesSearchByAccount.done();
}
@ -74,6 +80,7 @@ public class PortForwardingRulesDaoImpl extends GenericDaoBase<PortForwardingRul
SearchCriteria<PortForwardingRuleVO> sc = ApplicationSearch.create();
sc.setParameters("ipId", ipId);
sc.setParameters("state", State.Staged);
sc.setParameters("purpose", Purpose.PortForwarding);
return listBy(sc, null);
}
@ -82,6 +89,8 @@ public class PortForwardingRulesDaoImpl extends GenericDaoBase<PortForwardingRul
public List<PortForwardingRuleVO> listByVm(Long vmId) {
SearchCriteria<PortForwardingRuleVO> sc = AllRulesSearchByVM.create();
sc.setParameters("vmId", vmId);
sc.setParameters("purpose", Purpose.PortForwarding);
return listBy(sc, null);
}
@ -90,6 +99,7 @@ public class PortForwardingRulesDaoImpl extends GenericDaoBase<PortForwardingRul
SearchCriteria<PortForwardingRuleVO> sc = ActiveRulesSearch.create();
sc.setParameters("ipId", ipId);
sc.setParameters("state", State.Revoke);
sc.setParameters("purpose", Purpose.PortForwarding);
return listBy(sc, null);
}
@ -98,6 +108,7 @@ public class PortForwardingRulesDaoImpl extends GenericDaoBase<PortForwardingRul
public List<PortForwardingRuleVO> listByIp(long ipId) {
SearchCriteria<PortForwardingRuleVO> sc = ActiveRulesSearch.create();
sc.setParameters("ipId", ipId);
sc.setParameters("purpose", Purpose.PortForwarding);
return listBy(sc, null);
}
@ -106,6 +117,8 @@ public class PortForwardingRulesDaoImpl extends GenericDaoBase<PortForwardingRul
public List<PortForwardingRuleVO> listByNetworkId(long networkId) {
SearchCriteria<PortForwardingRuleVO> sc = AllFieldsSearch.create();
sc.setParameters("networkId", networkId);
sc.setParameters("purpose", Purpose.PortForwarding);
return listBy(sc);
}
@ -114,6 +127,8 @@ public class PortForwardingRulesDaoImpl extends GenericDaoBase<PortForwardingRul
SearchCriteria<PortForwardingRuleVO> sc = ActiveRulesSearchByAccount.create();
sc.setParameters("accountId", accountId);
sc.setParameters("state", State.Revoke);
sc.setParameters("purpose", Purpose.PortForwarding);
return listBy(sc);
}

16
server/src/com/cloud/vm/UserVmManagerImpl.java
View File

@ -1124,8 +1124,16 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
//Cleanup LB/PF rules before expunging the vm
long vmId = vm.getId();
//cleanup port forwarding rules
if (_rulesMgr.revokePortForwardingRule(vmId)) {
if (_rulesMgr.revokePortForwardingRulesForVm(vmId)) {
s_logger.debug("Port forwarding rules are removed successfully as a part of vm id=" + vmId + " expunge");
} else {
s_logger.warn("Fail to remove port forwarding rules as a part of vm id=" + vmId + " expunge");
}
//cleanup static nat rules
if (_rulesMgr.revokeStaticNatRulesForVm(vmId)) {
s_logger.debug("Port forwarding rules are removed successfully as a part of vm id=" + vmId + " expunge");
} else {
s_logger.warn("Fail to remove port forwarding rules as a part of vm id=" + vmId + " expunge");
@ -2203,7 +2211,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
@Override
public boolean finalizeDeployment(Commands cmds, VirtualMachineProfile<UserVmVO> profile, DeployDestination dest, ReservationContext context) {
UserVmVO userVm = profile.getVirtualMachine();
List<NicVO> nics = _nicDao.listBy(userVm.getId());
List<NicVO> nics = _nicDao.listByVmId(userVm.getId());
for (NicVO nic : nics) {
NetworkVO network = _networkDao.findById(nic.getNetworkId());
if (network.getTrafficType() == TrafficType.Guest) {
@ -2226,7 +2234,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_VM_START, vm.getAccountId(), vm.getDataCenterId(), vm.getId(), vm.getName(), vm.getServiceOfferingId(), vm.getTemplateId(), null);
_usageEventDao.persist(usageEvent);
List<NicVO> nics = _nicDao.listBy(vm.getId());
List<NicVO> nics = _nicDao.listByVmId(vm.getId());
for (NicVO nic : nics) {
NetworkVO network = _networkDao.findById(nic.getNetworkId());
long isDefault = (nic.isDefaultNic()) ? 1 : 0;
@ -2296,7 +2304,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_VM_STOP, vm.getAccountId(), vm.getDataCenterId(), vm.getId(), vm.getName(), vm.getServiceOfferingId(), vm.getTemplateId(), null);
_usageEventDao.persist(usageEvent);
List<NicVO> nics = _nicDao.listBy(vm.getId());
List<NicVO> nics = _nicDao.listByVmId(vm.getId());
for (NicVO nic : nics) {
NetworkVO network = _networkDao.findById(nic.getNetworkId());
usageEvent = new UsageEventVO(EventTypes.EVENT_NETWORK_OFFERING_DELETE, vm.getAccountId(), vm.getDataCenterId(), vm.getId(), null, network.getNetworkOfferingId(), null, null);

4
server/src/com/cloud/vm/dao/NicDao.java
View File

@ -9,7 +9,9 @@ import com.cloud.utils.db.GenericDao;
import com.cloud.vm.NicVO;
public interface NicDao extends GenericDao<NicVO, Long> {
List<NicVO> listBy(long instanceId);
List<NicVO> listByVmId(long instanceId);
List<NicVO> listByVmIdIncludingRemoved(long instanceId);
List<String> listIpAddressInNetwork(long networkConfigId);
List<NicVO> listIncludingRemovedBy(long instanceId);

9
server/src/com/cloud/vm/dao/NicDaoImpl.java
View File

@ -43,12 +43,19 @@ public class NicDaoImpl extends GenericDaoBase<NicVO, Long> implements NicDao {
}
@Override
public List<NicVO> listBy(long instanceId) {
public List<NicVO> listByVmId(long instanceId) {
SearchCriteria<NicVO> sc = AllFieldsSearch.create();
sc.setParameters("instance", instanceId);
return listBy(sc);
}
@Override
public List<NicVO> listByVmIdIncludingRemoved(long instanceId) {
SearchCriteria<NicVO> sc = AllFieldsSearch.create();
sc.setParameters("instance", instanceId);
return listIncludingRemovedBy(sc);
}
@Override
public List<NicVO> listIncludingRemovedBy(long instanceId) {

1
setup/db/create-schema.sql
View File

@ -493,7 +493,6 @@ CREATE TABLE `cloud`.`firewall_rules` (
`account_id` bigint unsigned NOT NULL COMMENT 'owner id',
`domain_id` bigint unsigned NOT NULL COMMENT 'domain id',
`network_id` bigint unsigned NOT NULL COMMENT 'network id',
`is_static_nat` int(1) unsigned NOT NULL DEFAULT 0 COMMENT '1 if firewall rule is one to one nat rule',
`xid` char(40) NOT NULL COMMENT 'external id',
`created` datetime COMMENT 'Date created',
PRIMARY KEY (`id`),