Reapply static nat rules when domR starts/reboots

2011-02-15 10:24:32 -08:00 · 2011-02-15 10:24:32 -08:00 · d9dfd37bd4
parent d80caf24fd
commit d9dfd37bd4
2 changed files with 25 additions and 12 deletions
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@ -410,7 +410,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     *            - non-null if the domainId was passed in in the command.
     * @return
     */
-    protected Account getAccountForApiCommand(String accountName, Long domainId) throws InvalidParameterValueException, PermissionDeniedException {
+    protected Account getAccountForApiCommand(String accountName, Long domainId){
        Account account = UserContext.current().getCaller();

        if (_accountMgr.isAdmin(account.getType())) {
@ -1204,7 +1204,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
    }

    @Override @DB @ActionEvent (eventType=EventTypes.EVENT_NET_IP_RELEASE, eventDescription="disassociating Ip")
-    public boolean disassociateIpAddress(DisassociateIPAddrCmd cmd) throws PermissionDeniedException, IllegalArgumentException {
+    public boolean disassociateIpAddress(DisassociateIPAddrCmd cmd){

        Long userId = UserContext.current().getCallerUserId();
        Account caller = UserContext.current().getCaller();
@ -1656,7 +1656,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag

    @Override
    @ActionEvent (eventType=EventTypes.EVENT_NETWORK_DELETE, eventDescription="deleting network")
-    public boolean deleteNetwork(long networkId) throws InvalidParameterValueException, PermissionDeniedException {   
+    public boolean deleteNetwork(long networkId){   
        //Don't allow to delete network via api call when it has vms assigned to it
        int nicCount = getActiveNicsInNetwork(networkId);
        if (nicCount > 0) {
@ -1687,7 +1687,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
    
    @Override
    @DB
-    public boolean deleteNetworkInternal(long networkId, long userId) throws InvalidParameterValueException, PermissionDeniedException {
+    public boolean deleteNetworkInternal(long networkId, long userId){
        return this.destroyNetwork(networkId, userId);
    }

--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@ -1029,13 +1029,14 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
                
                //Re-apply public ip addresses - should come before PF/LB/VPN
                createAssociateIPCommands(router, publicIps, cmds, 0);   
+                    
+                List<RemoteAccessVpn> vpns = new ArrayList<RemoteAccessVpn>(); 
+                List<? extends PortForwardingRule> pfRules = null;
+                List<? extends FirewallRule> staticNatFirewallRules = null;
                
-                //Re-apply port forwarding rules for all public ips
-                List<RemoteAccessVpn> vpns = new ArrayList<RemoteAccessVpn>();
-                
-                List<? extends PortForwardingRule> rules = null;
                for (PublicIpAddress ip : publicIps) {
-                    rules = _pfRulesDao.listForApplication(ip.getId());
+                    pfRules = _pfRulesDao.listForApplication(ip.getId());
+                    staticNatFirewallRules = _rulesDao.listByIpAndPurpose(ip.getId(), Purpose.StaticNat);
                    
                    RemoteAccessVpn vpn = _vpnDao.findById(ip.getId());
                    if (vpn != null) {
@ -1043,11 +1044,23 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
                    }
                }
                
-                s_logger.debug("Found " + rules.size() + " port forwarding rule(s) to apply as a part of domR " + router + " start.");
-                if (!rules.isEmpty()) {
-                    createApplyPortForwardingRulesCommands(rules, router, cmds);
+                //Re-apply port forwarding rules
+                s_logger.debug("Found " + pfRules.size() + " port forwarding rule(s) to apply as a part of domR " + router + " start.");
+                if (!pfRules.isEmpty()) {
+                    createApplyPortForwardingRulesCommands(pfRules, router, cmds);
                } 
                
+                //Re-apply static nat rules
+                s_logger.debug("Found " + staticNatFirewallRules.size() + " static nat rule(s) to apply as a part of domR " + router + " start.");
+                if (!staticNatFirewallRules.isEmpty()) {
+                    List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>();
+                    for (FirewallRule rule : staticNatFirewallRules) {
+                        staticNatRules.add(_rulesMgr.buildStaticNatRule(rule));
+                    }   
+                    createApplyStaticNatRulesCommands(staticNatRules, router, cmds);
+                }
+                
+                //Re-apply vpn rules
                s_logger.debug("Found " + vpns.size() + " vpn(s) to apply as a part of domR " + router + " start.");
                if (!vpns.isEmpty()) {
                    for (RemoteAccessVpn vpn : vpns) {