From d9dfd37bd43ae8b2e40db579945a22f90d1b5765 Mon Sep 17 00:00:00 2001 From: alena Date: Tue, 15 Feb 2011 10:24:32 -0800 Subject: [PATCH] Reapply static nat rules when domR starts/reboots --- .../com/cloud/network/NetworkManagerImpl.java | 8 ++--- .../VirtualNetworkApplianceManagerImpl.java | 29 ++++++++++++++----- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 5e39c719036..8b70f4a067b 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -410,7 +410,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag * - non-null if the domainId was passed in in the command. * @return */ - protected Account getAccountForApiCommand(String accountName, Long domainId) throws InvalidParameterValueException, PermissionDeniedException { + protected Account getAccountForApiCommand(String accountName, Long domainId){ Account account = UserContext.current().getCaller(); if (_accountMgr.isAdmin(account.getType())) { @@ -1204,7 +1204,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } @Override @DB @ActionEvent (eventType=EventTypes.EVENT_NET_IP_RELEASE, eventDescription="disassociating Ip") - public boolean disassociateIpAddress(DisassociateIPAddrCmd cmd) throws PermissionDeniedException, IllegalArgumentException { + public boolean disassociateIpAddress(DisassociateIPAddrCmd cmd){ Long userId = UserContext.current().getCallerUserId(); Account caller = UserContext.current().getCaller(); @@ -1656,7 +1656,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag @Override @ActionEvent (eventType=EventTypes.EVENT_NETWORK_DELETE, eventDescription="deleting network") - public boolean deleteNetwork(long networkId) throws InvalidParameterValueException, PermissionDeniedException { + public boolean deleteNetwork(long networkId){ //Don't allow to delete network via api call when it has vms assigned to it int nicCount = getActiveNicsInNetwork(networkId); if (nicCount > 0) { @@ -1687,7 +1687,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag @Override @DB - public boolean deleteNetworkInternal(long networkId, long userId) throws InvalidParameterValueException, PermissionDeniedException { + public boolean deleteNetworkInternal(long networkId, long userId){ return this.destroyNetwork(networkId, userId); } diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index b5a2257306f..58cc8d60b2c 100644 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -1029,13 +1029,14 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian //Re-apply public ip addresses - should come before PF/LB/VPN createAssociateIPCommands(router, publicIps, cmds, 0); + + List vpns = new ArrayList(); + List pfRules = null; + List staticNatFirewallRules = null; - //Re-apply port forwarding rules for all public ips - List vpns = new ArrayList(); - - List rules = null; for (PublicIpAddress ip : publicIps) { - rules = _pfRulesDao.listForApplication(ip.getId()); + pfRules = _pfRulesDao.listForApplication(ip.getId()); + staticNatFirewallRules = _rulesDao.listByIpAndPurpose(ip.getId(), Purpose.StaticNat); RemoteAccessVpn vpn = _vpnDao.findById(ip.getId()); if (vpn != null) { @@ -1043,11 +1044,23 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian } } - s_logger.debug("Found " + rules.size() + " port forwarding rule(s) to apply as a part of domR " + router + " start."); - if (!rules.isEmpty()) { - createApplyPortForwardingRulesCommands(rules, router, cmds); + //Re-apply port forwarding rules + s_logger.debug("Found " + pfRules.size() + " port forwarding rule(s) to apply as a part of domR " + router + " start."); + if (!pfRules.isEmpty()) { + createApplyPortForwardingRulesCommands(pfRules, router, cmds); } + //Re-apply static nat rules + s_logger.debug("Found " + staticNatFirewallRules.size() + " static nat rule(s) to apply as a part of domR " + router + " start."); + if (!staticNatFirewallRules.isEmpty()) { + List staticNatRules = new ArrayList(); + for (FirewallRule rule : staticNatFirewallRules) { + staticNatRules.add(_rulesMgr.buildStaticNatRule(rule)); + } + createApplyStaticNatRulesCommands(staticNatRules, router, cmds); + } + + //Re-apply vpn rules s_logger.debug("Found " + vpns.size() + " vpn(s) to apply as a part of domR " + router + " start."); if (!vpns.isEmpty()) { for (RemoteAccessVpn vpn : vpns) {