etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CS-15217: Security: Malicious user is able to get the size of the cloud by enumerating IDs 

Description:

	More changes to remove DB IDs from exception messages,
This commit is contained in:
Vijayendra Bhamidipati 2012-07-11 12:21:43 -07:00
parent 76b8407b69
commit f2c8a59983
6 changed files with 471 additions and 443 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

519
server/src/com/cloud/baremetal/BareMetalVmManagerImpl.java
View File

@ -73,6 +73,7 @@ import com.cloud.user.SSHKeyPair;
import com.cloud.user.User; import com.cloud.user.User;
import com.cloud.user.UserContext; import com.cloud.user.UserContext;
import com.cloud.uservm.UserVm; import com.cloud.uservm.UserVm;
import com.cloud.utils.IdentityProxy;
import com.cloud.utils.NumbersUtil; import com.cloud.utils.NumbersUtil;
import com.cloud.utils.Pair; import com.cloud.utils.Pair;
import com.cloud.utils.component.Adapters; import com.cloud.utils.component.Adapters;
@ -100,61 +101,61 @@ import com.cloud.vm.VirtualMachineProfile.Param;
@Local(value={BareMetalVmManager.class, BareMetalVmService.class}) @Local(value={BareMetalVmManager.class, BareMetalVmService.class})
public class BareMetalVmManagerImpl extends UserVmManagerImpl implements BareMetalVmManager, BareMetalVmService, Manager, public class BareMetalVmManagerImpl extends UserVmManagerImpl implements BareMetalVmManager, BareMetalVmService, Manager,
StateListener<State, VirtualMachine.Event, VirtualMachine> { StateListener<State, VirtualMachine.Event, VirtualMachine> {
private static final Logger s_logger = Logger.getLogger(BareMetalVmManagerImpl.class); private static final Logger s_logger = Logger.getLogger(BareMetalVmManagerImpl.class);
private ConfigurationDao _configDao; private ConfigurationDao _configDao;
@Inject PxeServerManager _pxeMgr; @Inject PxeServerManager _pxeMgr;
@Inject ResourceManager _resourceMgr; @Inject ResourceManager _resourceMgr;
@Inject (adapter=TemplateAdapter.class) @Inject (adapter=TemplateAdapter.class)
protected Adapters<TemplateAdapter> _adapters; protected Adapters<TemplateAdapter> _adapters;
@Override @Override
public boolean attachISOToVM(long vmId, long isoId, boolean attach) { public boolean attachISOToVM(long vmId, long isoId, boolean attach) {
s_logger.warn("attachISOToVM is not supported by Bare Metal, just fake a true"); s_logger.warn("attachISOToVM is not supported by Bare Metal, just fake a true");
return true; return true;
} }
@Override @Override
public Volume attachVolumeToVM(AttachVolumeCmd command) { public Volume attachVolumeToVM(AttachVolumeCmd command) {
s_logger.warn("attachVolumeToVM is not supported by Bare Metal, return null"); s_logger.warn("attachVolumeToVM is not supported by Bare Metal, return null");
return null; return null;
} }
@Override @Override
public Volume detachVolumeFromVM(DetachVolumeCmd cmd) { public Volume detachVolumeFromVM(DetachVolumeCmd cmd) {
s_logger.warn("detachVolumeFromVM is not supported by Bare Metal, return null"); s_logger.warn("detachVolumeFromVM is not supported by Bare Metal, return null");
return null; return null;
} }
@Override @Override
public UserVm upgradeVirtualMachine(UpgradeVMCmd cmd) { public UserVm upgradeVirtualMachine(UpgradeVMCmd cmd) {
s_logger.warn("upgradeVirtualMachine is not supported by Bare Metal, return null"); s_logger.warn("upgradeVirtualMachine is not supported by Bare Metal, return null");
return null; return null;
} }
@Override @Override
public VMTemplateVO createPrivateTemplateRecord(CreateTemplateCmd cmd, Account templateOwner) throws ResourceAllocationException { public VMTemplateVO createPrivateTemplateRecord(CreateTemplateCmd cmd, Account templateOwner) throws ResourceAllocationException {
/*Baremetal creates record after host rebooting for imaging, in createPrivateTemplate*/ /*Baremetal creates record after host rebooting for imaging, in createPrivateTemplate*/
return null; return null;
} }
@Override @DB @Override @DB
public VMTemplateVO createPrivateTemplate(CreateTemplateCmd cmd) throws CloudRuntimeException { public VMTemplateVO createPrivateTemplate(CreateTemplateCmd cmd) throws CloudRuntimeException {
Long vmId = cmd.getVmId(); Long vmId = cmd.getVmId();
if (vmId == null) { if (vmId == null) {
throw new InvalidParameterValueException("VM ID is null"); throw new InvalidParameterValueException("VM ID is null", null);
} }
UserVmVO vm = _vmDao.findById(vmId); UserVmVO vm = _vmDao.findById(vmId);
if (vm == null) { if (vm == null) {
throw new InvalidParameterValueException("Cannot find VM for ID " + vmId); throw new InvalidParameterValueException("Cannot find VM by ID", null);
} }
Long hostId = (vm.getHostId() == null ? vm.getLastHostId() : vm.getHostId()); Long hostId = (vm.getHostId() == null ? vm.getLastHostId() : vm.getHostId());
HostVO host = _hostDao.findById(hostId); HostVO host = _hostDao.findById(hostId);
if (host == null) { if (host == null) {
throw new InvalidParameterValueException("Cannot find host with id " + hostId); throw new InvalidParameterValueException("Cannot find host by id", null);
} }
List<HostVO> pxes = _resourceMgr.listAllUpAndEnabledHosts(Host.Type.PxeServer, null, host.getPodId(), host.getDataCenterId()); List<HostVO> pxes = _resourceMgr.listAllUpAndEnabledHosts(Host.Type.PxeServer, null, host.getPodId(), host.getDataCenterId());
@ -163,7 +164,7 @@ public class BareMetalVmManagerImpl extends UserVmManagerImpl implements BareMet
} }
if (pxes.size() > 1) { if (pxes.size() > 1) {
CloudRuntimeException ex = new CloudRuntimeException("Multiple PXE servers found in Pod " + host.getPodId() + " in Zone with specified id"); CloudRuntimeException ex = new CloudRuntimeException("Multiple PXE servers found in Pod " + host.getPodId() + " in Zone with specified id");
ex.addProxyObject("data_center", host.getDataCenterId(), "zoneId"); ex.addProxyObject("data_center", host.getDataCenterId(), "zoneId");
throw ex; throw ex;
} }
@ -206,78 +207,84 @@ public class BareMetalVmManagerImpl extends UserVmManagerImpl implements BareMet
s_logger.debug("Create baremetal tempalte for host " + hostId + " failed", e); s_logger.debug("Create baremetal tempalte for host " + hostId + " failed", e);
throw new CloudRuntimeException(e.getMessage()); throw new CloudRuntimeException(e.getMessage());
} }
} }
@Override @Override
public UserVm createVirtualMachine(DeployVMCmd cmd) throws InsufficientCapacityException, ResourceUnavailableException, ConcurrentOperationException, public UserVm createVirtualMachine(DeployVMCmd cmd) throws InsufficientCapacityException, ResourceUnavailableException, ConcurrentOperationException,
StorageUnavailableException, ResourceAllocationException { StorageUnavailableException, ResourceAllocationException {
Account caller = UserContext.current().getCaller(); Account caller = UserContext.current().getCaller();
String accountName = cmd.getAccountName(); String accountName = cmd.getAccountName();
Long domainId = cmd.getDomainId(); Long domainId = cmd.getDomainId();
List<Long> networkList = cmd.getNetworkIds(); List<Long> networkList = cmd.getNetworkIds();
String group = cmd.getGroup(); String group = cmd.getGroup();
Account owner = _accountDao.findActiveAccount(accountName, domainId); Account owner = _accountDao.findActiveAccount(accountName, domainId);
if (owner == null) { if (owner == null) {
throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId); List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
} idList.add(new IdentityProxy("domain", domainId, "domainId"));
throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain with specified id", idList);
_accountMgr.checkAccess(caller, null, true, owner);
long accountId = owner.getId();
DataCenterVO dc = _dcDao.findById(cmd.getZoneId());
if (dc == null) {
throw new InvalidParameterValueException("Unable to find zone: " + cmd.getZoneId());
}
if(Grouping.AllocationState.Disabled == dc.getAllocationState() && !_accountMgr.isRootAdmin(caller.getType())){
throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: "+ cmd.getZoneId() );
}
if (dc.getDomainId() != null) {
DomainVO domain = _domainDao.findById(dc.getDomainId());
if (domain == null) {
throw new CloudRuntimeException("Unable to find the domain " + dc.getDomainId() + " for the zone: " + dc);
}
_configMgr.checkZoneAccess(caller, dc);
_configMgr.checkZoneAccess(owner, dc);
}
// check if account/domain is with in resource limits to create a new vm
_resourceLimitMgr.checkResourceLimit(owner, ResourceType.user_vm);
ServiceOfferingVO offering = _serviceOfferingDao.findById(cmd.getServiceOfferingId());
if (offering == null || offering.getRemoved() != null) {
throw new InvalidParameterValueException("Unable to find service offering: " + cmd.getServiceOfferingId());
} }
VMTemplateVO template = _templateDao.findById(cmd.getTemplateId()); _accountMgr.checkAccess(caller, null, true, owner);
long accountId = owner.getId();
DataCenterVO dc = _dcDao.findById(cmd.getZoneId());
if (dc == null) {
throw new InvalidParameterValueException("Unable to find zone by id", null);
}
if(Grouping.AllocationState.Disabled == dc.getAllocationState() && !_accountMgr.isRootAdmin(caller.getType())){
throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: "+ cmd.getZoneId() );
}
if (dc.getDomainId() != null) {
DomainVO domain = _domainDao.findById(dc.getDomainId());
if (domain == null) {
throw new CloudRuntimeException("Unable to find the domain " + dc.getDomainId() + " for the zone: " + dc);
}
_configMgr.checkZoneAccess(caller, dc);
_configMgr.checkZoneAccess(owner, dc);
}
// check if account/domain is with in resource limits to create a new vm
_resourceLimitMgr.checkResourceLimit(owner, ResourceType.user_vm);
ServiceOfferingVO offering = _serviceOfferingDao.findById(cmd.getServiceOfferingId());
if (offering == null || offering.getRemoved() != null) {
throw new InvalidParameterValueException("Unable to find service offering by id", null);
}
VMTemplateVO template = _templateDao.findById(cmd.getTemplateId());
// Make sure a valid template ID was specified // Make sure a valid template ID was specified
if (template == null || template.getRemoved() != null) { if (template == null || template.getRemoved() != null) {
throw new InvalidParameterValueException("Unable to use template " + cmd.getTemplateId()); throw new InvalidParameterValueException("Unable to use template since it couldn't be found by id or has been marked as removed", null);
} }
if (template.getTemplateType().equals(TemplateType.SYSTEM)) { if (template.getTemplateType().equals(TemplateType.SYSTEM)) {
throw new InvalidParameterValueException("Unable to use system template " + cmd.getTemplateId()+" to deploy a user vm"); List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(template, cmd.getTemplateId(), "templateId"));
throw new InvalidParameterValueException("Unable to use system template with specified id to deploy a user vm", idList);
} }
if (template.getFormat() != Storage.ImageFormat.BAREMETAL) { if (template.getFormat() != Storage.ImageFormat.BAREMETAL) {
throw new InvalidParameterValueException("Unable to use non Bare Metal template" + cmd.getTemplateId() +" to deploy a bare metal vm"); List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(template, cmd.getTemplateId(), "templateId"));
throw new InvalidParameterValueException("Unable to use non Bare Metal template with specified id to deploy a bare metal vm", idList);
} }
String userData = cmd.getUserData(); String userData = cmd.getUserData();
byte [] decodedUserData = null; byte [] decodedUserData = null;
if (userData != null) { if (userData != null) {
if (userData.length() >= 2 * MAX_USER_DATA_LENGTH_BYTES) { if (userData.length() >= 2 * MAX_USER_DATA_LENGTH_BYTES) {
throw new InvalidParameterValueException("User data is too long"); throw new InvalidParameterValueException("User data is too long", null);
} }
decodedUserData = org.apache.commons.codec.binary.Base64.decodeBase64(userData.getBytes()); decodedUserData = org.apache.commons.codec.binary.Base64.decodeBase64(userData.getBytes());
if (decodedUserData.length > MAX_USER_DATA_LENGTH_BYTES){ if (decodedUserData.length > MAX_USER_DATA_LENGTH_BYTES){
throw new InvalidParameterValueException("User data is too long"); throw new InvalidParameterValueException("User data is too long", null);
} }
if (decodedUserData.length < 1) { if (decodedUserData.length < 1) {
throw new InvalidParameterValueException("User data is too short"); throw new InvalidParameterValueException("User data is too short", null);
} }
} }
@ -285,38 +292,38 @@ public class BareMetalVmManagerImpl extends UserVmManagerImpl implements BareMet
String sshPublicKey = null; String sshPublicKey = null;
if (cmd.getSSHKeyPairName() != null && !cmd.getSSHKeyPairName().equals("")) { if (cmd.getSSHKeyPairName() != null && !cmd.getSSHKeyPairName().equals("")) {
Account account = UserContext.current().getCaller(); Account account = UserContext.current().getCaller();
SSHKeyPair pair = _sshKeyPairDao.findByName(account.getAccountId(), account.getDomainId(), cmd.getSSHKeyPairName()); SSHKeyPair pair = _sshKeyPairDao.findByName(account.getAccountId(), account.getDomainId(), cmd.getSSHKeyPairName());
if (pair == null) { if (pair == null) {
throw new InvalidParameterValueException("A key pair with name '" + cmd.getSSHKeyPairName() + "' was not found."); throw new InvalidParameterValueException("A key pair with name '" + cmd.getSSHKeyPairName() + "' was not found.", null);
} }
sshPublicKey = pair.getPublicKey(); sshPublicKey = pair.getPublicKey();
} }
_accountMgr.checkAccess(caller, null, true, template); _accountMgr.checkAccess(caller, null, true, template);
DataCenterDeployment plan = new DataCenterDeployment(dc.getId()); DataCenterDeployment plan = new DataCenterDeployment(dc.getId());
s_logger.debug("Allocating in the DB for bare metal vm"); s_logger.debug("Allocating in the DB for bare metal vm");
if (dc.getNetworkType() != NetworkType.Basic || networkList != null) { if (dc.getNetworkType() != NetworkType.Basic || networkList != null) {
s_logger.warn("Bare Metal only supports basical network mode now, switch to baisc network automatically"); s_logger.warn("Bare Metal only supports basical network mode now, switch to baisc network automatically");
} }
Network defaultNetwork = _networkMgr.getExclusiveGuestNetwork(dc.getId()); Network defaultNetwork = _networkMgr.getExclusiveGuestNetwork(dc.getId());
if (defaultNetwork == null) { if (defaultNetwork == null) {
throw new InvalidParameterValueException("Unable to find a default network to start a vm"); throw new InvalidParameterValueException("Unable to find a default network to start a vm", null);
} }
networkList = new ArrayList<Long>(); networkList = new ArrayList<Long>();
networkList.add(defaultNetwork.getId()); networkList.add(defaultNetwork.getId());
List<Pair<NetworkVO, NicProfile>> networks = new ArrayList<Pair<NetworkVO, NicProfile>>(); List<Pair<NetworkVO, NicProfile>> networks = new ArrayList<Pair<NetworkVO, NicProfile>>();
for (Long networkId : networkList) { for (Long networkId : networkList) {
NetworkVO network = _networkDao.findById(networkId); NetworkVO network = _networkDao.findById(networkId);
if (network == null) { if (network == null) {
throw new InvalidParameterValueException("Unable to find network by id " + networkId); throw new InvalidParameterValueException("Unable to find network by id ", null);
} else { } else {
if (network.getGuestType() != Network.GuestType.Shared) { if (network.getGuestType() != Network.GuestType.Shared) {
//Check account permissions //Check account permissions
@ -339,7 +346,7 @@ public class BareMetalVmManagerImpl extends UserVmManagerImpl implements BareMet
//verify hostName (hostname doesn't have to be unique) //verify hostName (hostname doesn't have to be unique)
if (!NetUtils.verifyDomainNameLabel(hostName, true)) { if (!NetUtils.verifyDomainNameLabel(hostName, true)) {
throw new InvalidParameterValueException("Invalid name. Vm name can contain ASCII letters 'a' through 'z', the digits '0' through '9', " + throw new InvalidParameterValueException("Invalid name. Vm name can contain ASCII letters 'a' through 'z', the digits '0' through '9', " +
"and the hyphen ('-'), must be between 1 and 63 characters long, and can't start or end with \"-\" and can't start with digit"); "and the hyphen ('-'), must be between 1 and 63 characters long, and can't start or end with \"-\" and can't start with digit", null);
} }
} }
@ -350,66 +357,68 @@ public class BareMetalVmManagerImpl extends UserVmManagerImpl implements BareMet
vm.setDetail("SSH.PublicKey", sshPublicKey); vm.setDetail("SSH.PublicKey", sshPublicKey);
} }
if (_itMgr.allocate(vm, template, offering, null, null, networks, null, plan, cmd.getHypervisor(), owner) == null) { if (_itMgr.allocate(vm, template, offering, null, null, networks, null, plan, cmd.getHypervisor(), owner) == null) {
return null; return null;
} }
if (s_logger.isDebugEnabled()) { if (s_logger.isDebugEnabled()) {
s_logger.debug("Successfully allocated DB entry for " + vm); s_logger.debug("Successfully allocated DB entry for " + vm);
} }
if (s_logger.isDebugEnabled()) { if (s_logger.isDebugEnabled()) {
s_logger.debug("Successfully allocated DB entry for " + vm); s_logger.debug("Successfully allocated DB entry for " + vm);
} }
UserContext.current().setEventDetails("Vm Id: " + vm.getId()); UserContext.current().setEventDetails("Vm Id: " + vm.getId());
UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_VM_CREATE, accountId, cmd.getZoneId(), vm.getId(), vm.getHostName(), offering.getId(), template.getId(), HypervisorType.BareMetal.toString()); UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_VM_CREATE, accountId, cmd.getZoneId(), vm.getId(), vm.getHostName(), offering.getId(), template.getId(), HypervisorType.BareMetal.toString());
_usageEventDao.persist(usageEvent); _usageEventDao.persist(usageEvent);
_resourceLimitMgr.incrementResourceCount(accountId, ResourceType.user_vm); _resourceLimitMgr.incrementResourceCount(accountId, ResourceType.user_vm);
// Assign instance to the group // Assign instance to the group
try { try {
if (group != null) { if (group != null) {
boolean addToGroup = addInstanceToGroup(Long.valueOf(id), group); boolean addToGroup = addInstanceToGroup(Long.valueOf(id), group);
if (!addToGroup) { if (!addToGroup) {
throw new CloudRuntimeException("Unable to assign Vm to the group " + group); throw new CloudRuntimeException("Unable to assign Vm to the group " + group);
} }
} }
} catch (Exception ex) { } catch (Exception ex) {
throw new CloudRuntimeException("Unable to assign Vm to the group " + group); throw new CloudRuntimeException("Unable to assign Vm to the group " + group);
} }
return vm; return vm;
} }
public UserVm startVirtualMachine(DeployVMCmd cmd) throws ResourceUnavailableException, InsufficientCapacityException, ConcurrentOperationException { @Override
UserVmVO vm = _vmDao.findById(cmd.getInstanceId()); public UserVm startVirtualMachine(DeployVMCmd cmd) throws ResourceUnavailableException, InsufficientCapacityException, ConcurrentOperationException {
UserVmVO vm = _vmDao.findById(cmd.getInstanceId());
List<HostVO> servers = _resourceMgr.listAllUpAndEnabledHostsInOneZoneByType(Host.Type.PxeServer, vm.getDataCenterIdToDeployIn()); List<HostVO> servers = _resourceMgr.listAllUpAndEnabledHostsInOneZoneByType(Host.Type.PxeServer, vm.getDataCenterIdToDeployIn());
if (servers.size() == 0) { if (servers.size() == 0) {
throw new CloudRuntimeException("Cannot find PXE server, please make sure there is one PXE server per zone"); throw new CloudRuntimeException("Cannot find PXE server, please make sure there is one PXE server per zone");
} }
HostVO pxeServer = servers.get(0); HostVO pxeServer = servers.get(0);
VMTemplateVO template = _templateDao.findById(vm.getTemplateId()); VMTemplateVO template = _templateDao.findById(vm.getTemplateId());
if (template == null || template.getFormat() != Storage.ImageFormat.BAREMETAL) { if (template == null || template.getFormat() != Storage.ImageFormat.BAREMETAL) {
throw new InvalidParameterValueException("Invalid template with id = " + vm.getTemplateId()); throw new InvalidParameterValueException("Cannot locate template by id", null);
} }
Map<VirtualMachineProfile.Param, Object> params = new HashMap<VirtualMachineProfile.Param, Object>(); Map<VirtualMachineProfile.Param, Object> params = new HashMap<VirtualMachineProfile.Param, Object>();
params.put(Param.PxeSeverType, _pxeMgr.getPxeServerType(pxeServer)); params.put(Param.PxeSeverType, _pxeMgr.getPxeServerType(pxeServer));
return startVirtualMachine(cmd, params); return startVirtualMachine(cmd, params);
} }
public UserVm startVirtualMachine(StartVMCmd cmd) throws ResourceUnavailableException, InsufficientCapacityException, ConcurrentOperationException { @Override
public UserVm startVirtualMachine(StartVMCmd cmd) throws ResourceUnavailableException, InsufficientCapacityException, ConcurrentOperationException {
UserVmVO vm = _vmDao.findById(cmd.getInstanceId()); UserVmVO vm = _vmDao.findById(cmd.getInstanceId());
VMTemplateVO template = _templateDao.findById(vm.getTemplateId()); VMTemplateVO template = _templateDao.findById(vm.getTemplateId());
if (template == null || template.getFormat() != Storage.ImageFormat.BAREMETAL) { if (template == null || template.getFormat() != Storage.ImageFormat.BAREMETAL) {
throw new InvalidParameterValueException("Invalid template with id = " + vm.getTemplateId()); throw new InvalidParameterValueException("Cannot locate template by id", null);
} }
Map<VirtualMachineProfile.Param, Object> params = null; Map<VirtualMachineProfile.Param, Object> params = null;
@ -427,135 +436,135 @@ public class BareMetalVmManagerImpl extends UserVmManagerImpl implements BareMet
return vmDetailsPair.first(); return vmDetailsPair.first();
} }
@Override @Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException { public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
_name = name; _name = name;
ComponentLocator locator = ComponentLocator.getCurrentLocator(); ComponentLocator locator = ComponentLocator.getCurrentLocator();
_configDao = locator.getDao(ConfigurationDao.class); _configDao = locator.getDao(ConfigurationDao.class);
if (_configDao == null) { if (_configDao == null) {
throw new ConfigurationException("Unable to get the configuration dao."); throw new ConfigurationException("Unable to get the configuration dao.");
} }
Map<String, String> configs = _configDao.getConfiguration("AgentManager", params); Map<String, String> configs = _configDao.getConfiguration("AgentManager", params);
_instance = configs.get("instance.name"); _instance = configs.get("instance.name");
if (_instance == null) { if (_instance == null) {
_instance = "DEFAULT"; _instance = "DEFAULT";
} }
String workers = configs.get("expunge.workers"); String workers = configs.get("expunge.workers");
int wrks = NumbersUtil.parseInt(workers, 10); int wrks = NumbersUtil.parseInt(workers, 10);
String time = configs.get("expunge.interval"); String time = configs.get("expunge.interval");
_expungeInterval = NumbersUtil.parseInt(time, 86400); _expungeInterval = NumbersUtil.parseInt(time, 86400);
time = configs.get("expunge.delay"); time = configs.get("expunge.delay");
_expungeDelay = NumbersUtil.parseInt(time, _expungeInterval); _expungeDelay = NumbersUtil.parseInt(time, _expungeInterval);
_executor = Executors.newScheduledThreadPool(wrks, new NamedThreadFactory("UserVm-Scavenger")); _executor = Executors.newScheduledThreadPool(wrks, new NamedThreadFactory("UserVm-Scavenger"));
_itMgr.registerGuru(Type.UserBareMetal, this); _itMgr.registerGuru(Type.UserBareMetal, this);
VirtualMachine.State.getStateMachine().registerListener(this); VirtualMachine.State.getStateMachine().registerListener(this);
s_logger.info("User VM Manager is configured."); s_logger.info("User VM Manager is configured.");
return true; return true;
} }
@Override @Override
public boolean finalizeVirtualMachineProfile(VirtualMachineProfile<UserVmVO> profile, DeployDestination dest, ReservationContext context) { public boolean finalizeVirtualMachineProfile(VirtualMachineProfile<UserVmVO> profile, DeployDestination dest, ReservationContext context) {
UserVmVO vm = profile.getVirtualMachine(); UserVmVO vm = profile.getVirtualMachine();
Account owner = _accountDao.findById(vm.getAccountId()); Account owner = _accountDao.findById(vm.getAccountId());
if (owner == null || owner.getState() == Account.State.disabled) { if (owner == null || owner.getState() == Account.State.disabled) {
throw new PermissionDeniedException("The owner of " + vm + " either does not exist or is disabled: " + vm.getAccountId()); throw new PermissionDeniedException("The owner of " + vm + " either does not exist or is disabled: " + vm.getAccountId());
} }
PxeServerType pxeType = (PxeServerType) profile.getParameter(Param.PxeSeverType); PxeServerType pxeType = (PxeServerType) profile.getParameter(Param.PxeSeverType);
if (pxeType == null) { if (pxeType == null) {
s_logger.debug("This is a normal IPMI start, skip prepartion of PXE server"); s_logger.debug("This is a normal IPMI start, skip prepartion of PXE server");
return true; return true;
} }
s_logger.debug("This is a PXE start, prepare PXE server first"); s_logger.debug("This is a PXE start, prepare PXE server first");
List<HostVO> servers = _resourceMgr.listAllUpAndEnabledHosts(Host.Type.PxeServer, null, dest.getPod().getId(), dest.getDataCenter().getId()); List<HostVO> servers = _resourceMgr.listAllUpAndEnabledHosts(Host.Type.PxeServer, null, dest.getPod().getId(), dest.getDataCenter().getId());
if (servers.size() == 0) { if (servers.size() == 0) {
throw new CloudRuntimeException("Cannot find PXE server, please make sure there is one PXE server per zone"); throw new CloudRuntimeException("Cannot find PXE server, please make sure there is one PXE server per zone");
} }
if (servers.size() > 1) { if (servers.size() > 1) {
throw new CloudRuntimeException("Find more than one PXE server, please make sure there is only one PXE server per zone in pod " + dest.getPod().getId() + " zone " + dest.getDataCenter().getId()); throw new CloudRuntimeException("Find more than one PXE server, please make sure there is only one PXE server per zone in pod " + dest.getPod().getId() + " zone " + dest.getDataCenter().getId());
} }
HostVO pxeServer = servers.get(0); HostVO pxeServer = servers.get(0);
if (!_pxeMgr.prepare(pxeType, profile, dest, context, pxeServer.getId())) { if (!_pxeMgr.prepare(pxeType, profile, dest, context, pxeServer.getId())) {
throw new CloudRuntimeException("Pepare PXE server failed"); throw new CloudRuntimeException("Pepare PXE server failed");
} }
profile.addBootArgs("PxeBoot"); profile.addBootArgs("PxeBoot");
return true; return true;
} }
@Override @Override
public boolean finalizeDeployment(Commands cmds, VirtualMachineProfile<UserVmVO> profile, DeployDestination dest, ReservationContext context) { public boolean finalizeDeployment(Commands cmds, VirtualMachineProfile<UserVmVO> profile, DeployDestination dest, ReservationContext context) {
UserVmVO userVm = profile.getVirtualMachine(); UserVmVO userVm = profile.getVirtualMachine();
List<NicVO> nics = _nicDao.listByVmId(userVm.getId()); List<NicVO> nics = _nicDao.listByVmId(userVm.getId());
for (NicVO nic : nics) { for (NicVO nic : nics) {
NetworkVO network = _networkDao.findById(nic.getNetworkId()); NetworkVO network = _networkDao.findById(nic.getNetworkId());
if (network.getTrafficType() == TrafficType.Guest) { if (network.getTrafficType() == TrafficType.Guest) {
userVm.setPrivateIpAddress(nic.getIp4Address()); userVm.setPrivateIpAddress(nic.getIp4Address());
userVm.setPrivateMacAddress(nic.getMacAddress()); userVm.setPrivateMacAddress(nic.getMacAddress());
} }
} }
_vmDao.update(userVm.getId(), userVm); _vmDao.update(userVm.getId(), userVm);
return true; return true;
} }
@Override @Override
public void finalizeStop(VirtualMachineProfile<UserVmVO> profile, StopAnswer answer) { public void finalizeStop(VirtualMachineProfile<UserVmVO> profile, StopAnswer answer) {
super.finalizeStop(profile, answer); super.finalizeStop(profile, answer);
} }
@Override @Override
public UserVm destroyVm(long vmId) throws ResourceUnavailableException, ConcurrentOperationException { public UserVm destroyVm(long vmId) throws ResourceUnavailableException, ConcurrentOperationException {
return super.destroyVm(vmId); return super.destroyVm(vmId);
} }
@Override @Override
public boolean preStateTransitionEvent(State oldState, Event event, State newState, VirtualMachine vo, boolean status, Object opaque) { public boolean preStateTransitionEvent(State oldState, Event event, State newState, VirtualMachine vo, boolean status, Object opaque) {
return true; return true;
} }
@Override @Override
public boolean postStateTransitionEvent(State oldState, Event event, State newState, VirtualMachine vo, boolean status, Object opaque) { public boolean postStateTransitionEvent(State oldState, Event event, State newState, VirtualMachine vo, boolean status, Object opaque) {
if (newState != State.Starting && newState != State.Error && newState != State.Expunging) { if (newState != State.Starting && newState != State.Error && newState != State.Expunging) {
return true; return true;
} }
if (vo.getHypervisorType() != HypervisorType.BareMetal) { if (vo.getHypervisorType() != HypervisorType.BareMetal) {
return true; return true;
} }
HostVO host = _hostDao.findById(vo.getHostId()); HostVO host = _hostDao.findById(vo.getHostId());
if (host == null) { if (host == null) {
s_logger.debug("Skip oldState " + oldState + " to " + "newState " + newState + " transimtion"); s_logger.debug("Skip oldState " + oldState + " to " + "newState " + newState + " transimtion");
return true; return true;
} }
_hostDao.loadDetails(host); _hostDao.loadDetails(host);
if (newState == State.Starting) { if (newState == State.Starting) {
host.setDetail("vmName", vo.getInstanceName()); host.setDetail("vmName", vo.getInstanceName());
s_logger.debug("Add vmName " + host.getDetail("vmName") + " to host " + host.getId() + " details"); s_logger.debug("Add vmName " + host.getDetail("vmName") + " to host " + host.getId() + " details");
} else { } else {
if (host.getDetail("vmName") != null && host.getDetail("vmName").equalsIgnoreCase(vo.getInstanceName())) { if (host.getDetail("vmName") != null && host.getDetail("vmName").equalsIgnoreCase(vo.getInstanceName())) {
s_logger.debug("Remove vmName " + host.getDetail("vmName") + " from host " + host.getId() + " details"); s_logger.debug("Remove vmName " + host.getDetail("vmName") + " from host " + host.getId() + " details");
host.getDetails().remove("vmName"); host.getDetails().remove("vmName");
} }
} }
_hostDao.saveDetails(host); _hostDao.saveDetails(host);
return true; return true;
} }
} }

127
server/src/com/cloud/network/element/VirtualRouterElement.java
View File

@ -66,6 +66,7 @@ import com.cloud.offerings.NetworkOfferingVO;
import com.cloud.offerings.dao.NetworkOfferingDao; import com.cloud.offerings.dao.NetworkOfferingDao;
import com.cloud.user.AccountManager; import com.cloud.user.AccountManager;
import com.cloud.uservm.UserVm; import com.cloud.uservm.UserVm;
import com.cloud.utils.IdentityProxy;
import com.cloud.utils.Pair; import com.cloud.utils.Pair;
import com.cloud.utils.component.AdapterBase; import com.cloud.utils.component.AdapterBase;
import com.cloud.utils.component.Inject; import com.cloud.utils.component.Inject;
@ -86,8 +87,8 @@ import com.google.gson.Gson;
@Local(value = NetworkElement.class) @Local(value = NetworkElement.class)
public class VirtualRouterElement extends AdapterBase implements VirtualRouterElementService, DhcpServiceProvider, public class VirtualRouterElement extends AdapterBase implements VirtualRouterElementService, DhcpServiceProvider,
UserDataServiceProvider, SourceNatServiceProvider, StaticNatServiceProvider, FirewallServiceProvider, UserDataServiceProvider, SourceNatServiceProvider, StaticNatServiceProvider, FirewallServiceProvider,
LoadBalancingServiceProvider, PortForwardingServiceProvider, RemoteAccessVPNServiceProvider, IpDeployer { LoadBalancingServiceProvider, PortForwardingServiceProvider, RemoteAccessVPNServiceProvider, IpDeployer {
private static final Logger s_logger = Logger.getLogger(VirtualRouterElement.class); private static final Logger s_logger = Logger.getLogger(VirtualRouterElement.class);
protected static final Map<Service, Map<Capability, String>> capabilities = setCapabilities(); protected static final Map<Service, Map<Capability, String>> capabilities = setCapabilities();
@ -179,7 +180,7 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
@Override @Override
public boolean prepare(Network network, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm, public boolean prepare(Network network, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm,
DeployDestination dest, ReservationContext context) DeployDestination dest, ReservationContext context)
throws ConcurrentOperationException, InsufficientCapacityException, ResourceUnavailableException { throws ConcurrentOperationException, InsufficientCapacityException, ResourceUnavailableException {
if (vm.getType() != VirtualMachine.Type.User || vm.getHypervisorType() == HypervisorType.BareMetal) { if (vm.getType() != VirtualMachine.Type.User || vm.getHypervisorType() == HypervisorType.BareMetal) {
return false; return false;
} }
@ -215,7 +216,7 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(config.getId(), Role.VIRTUAL_ROUTER); List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(config.getId(), Role.VIRTUAL_ROUTER);
if (routers == null || routers.isEmpty()) { if (routers == null || routers.isEmpty()) {
s_logger.debug("Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual " + s_logger.debug("Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual " +
"router doesn't exist in the network " + config.getId()); "router doesn't exist in the network " + config.getId());
return true; return true;
} }
@ -243,7 +244,7 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
boolean matchedEndChar = false; boolean matchedEndChar = false;
if (str.length() < 2) if (str.length() < 2)
return false; // atleast one numeric and one char. example: return false; // atleast one numeric and one char. example:
// 3h // 3h
char strEnd = str.toCharArray()[str.length() - 1]; char strEnd = str.toCharArray()[str.length() - 1];
for (char c : endChar.toCharArray()) { for (char c : endChar.toCharArray()) {
if (strEnd == c) { if (strEnd == c) {
@ -285,12 +286,16 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
expire = value; expire = value;
} }
if ((expire != null) && !containsOnlyNumbers(expire, timeEndChar)) { if ((expire != null) && !containsOnlyNumbers(expire, timeEndChar)) {
throw new InvalidParameterValueException("Failed LB in validation rule id: " + rule.getId() + List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
" Cause: expire is not in timeformat: " + expire); idList.add(new IdentityProxy(rule, rule.getId(), "ruleId"));
throw new InvalidParameterValueException("Failed LB in validation rule with specified id." +
" Cause: expire is not in timeformat: " + expire, idList);
} }
if ((tablesize != null) && !containsOnlyNumbers(tablesize, "kmg")) { if ((tablesize != null) && !containsOnlyNumbers(tablesize, "kmg")) {
throw new InvalidParameterValueException("Failed LB in validation rule id: " + rule.getId() + List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
" Cause: tablesize is not in size format: " + tablesize); idList.add(new IdentityProxy(rule, rule.getId(), "ruleId"));
throw new InvalidParameterValueException("Failed LB in validation rule with specified id." +
" Cause: tablesize is not in size format: " + tablesize, idList);
} }
} else if (StickinessMethodType.AppCookieBased.getName().equalsIgnoreCase(stickinessPolicy.getMethodName())) { } else if (StickinessMethodType.AppCookieBased.getName().equalsIgnoreCase(stickinessPolicy.getMethodName())) {
@ -316,12 +321,16 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
} }
if ((length != null) && (!containsOnlyNumbers(length, null))) { if ((length != null) && (!containsOnlyNumbers(length, null))) {
throw new InvalidParameterValueException("Failed LB in validation rule id: " + rule.getId() + List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
" Cause: length is not a number: " + length); idList.add(new IdentityProxy(rule, rule.getId(), "ruleId"));
throw new InvalidParameterValueException("Failed LB in validation rule with specified id." +
" Cause: length is not a number: " + length, idList);
} }
if ((holdTime != null) && (!containsOnlyNumbers(holdTime, timeEndChar) && !containsOnlyNumbers(holdTime, null))) { if ((holdTime != null) && (!containsOnlyNumbers(holdTime, timeEndChar) && !containsOnlyNumbers(holdTime, null))) {
throw new InvalidParameterValueException("Failed LB in validation rule id: " + rule.getId() + List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
" Cause: holdtime is not in timeformat: " + holdTime); idList.add(new IdentityProxy(rule, rule.getId(), "ruleId"));
throw new InvalidParameterValueException("Failed LB in validation rule with specified id." +
" Cause: holdtime is not in timeformat: " + holdTime, idList);
} }
} }
} }
@ -346,7 +355,7 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER); List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER);
if (routers == null || routers.isEmpty()) { if (routers == null || routers.isEmpty()) {
s_logger.debug("Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual " + s_logger.debug("Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual " +
"router doesn't exist in the network " + network.getId()); "router doesn't exist in the network " + network.getId());
return true; return true;
} }
@ -368,7 +377,7 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER); List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER);
if (routers == null || routers.isEmpty()) { if (routers == null || routers.isEmpty()) {
s_logger.debug("Virtual router elemnt doesn't need to apply vpn users on the backend; virtual router" + s_logger.debug("Virtual router elemnt doesn't need to apply vpn users on the backend; virtual router" +
" doesn't exist in the network " + network.getId()); " doesn't exist in the network " + network.getId());
return null; return null;
} }
return _routerMgr.applyVpnUsers(network, users, routers); return _routerMgr.applyVpnUsers(network, users, routers);
@ -384,7 +393,7 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER); List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER);
if (routers == null || routers.isEmpty()) { if (routers == null || routers.isEmpty()) {
s_logger.debug("Virtual router elemnt doesn't need stop vpn on the backend; virtual router doesn't" + s_logger.debug("Virtual router elemnt doesn't need stop vpn on the backend; virtual router doesn't" +
" exist in the network " + network.getId()); " exist in the network " + network.getId());
return true; return true;
} }
return _routerMgr.startRemoteAccessVpn(network, vpn, routers); return _routerMgr.startRemoteAccessVpn(network, vpn, routers);
@ -400,7 +409,7 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER); List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER);
if (routers == null || routers.isEmpty()) { if (routers == null || routers.isEmpty()) {
s_logger.debug("Virtual router elemnt doesn't need stop vpn on the backend; virtual router doesn't " + s_logger.debug("Virtual router elemnt doesn't need stop vpn on the backend; virtual router doesn't " +
"exist in the network " + network.getId()); "exist in the network " + network.getId());
return true; return true;
} }
return _routerMgr.deleteRemoteAccessVpn(network, vpn, routers); return _routerMgr.deleteRemoteAccessVpn(network, vpn, routers);
@ -424,7 +433,7 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER); List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER);
if (routers == null || routers.isEmpty()) { if (routers == null || routers.isEmpty()) {
s_logger.debug("Virtual router elemnt doesn't need to associate ip addresses on the backend; virtual " + s_logger.debug("Virtual router elemnt doesn't need to associate ip addresses on the backend; virtual " +
"router doesn't exist in the network " + network.getId()); "router doesn't exist in the network " + network.getId());
return true; return true;
} }
@ -452,61 +461,61 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
method.addParam("cookie-name", false, "Cookie name passed in http header by the LB to the client.", false); method.addParam("cookie-name", false, "Cookie name passed in http header by the LB to the client.", false);
method.addParam("mode", false, method.addParam("mode", false,
"Valid values: insert, rewrite, prefix. Default value: insert. In the insert mode cookie will be created" + "Valid values: insert, rewrite, prefix. Default value: insert. In the insert mode cookie will be created" +
" by the LB. In other modes, cookie will be created by the server and LB modifies it.", false); " by the LB. In other modes, cookie will be created by the server and LB modifies it.", false);
method.addParam( method.addParam(
"nocache", "nocache",
false, false,
"This option is recommended in conjunction with the insert mode when there is a cache between the client" + "This option is recommended in conjunction with the insert mode when there is a cache between the client" +
" and HAProxy, as it ensures that a cacheable response will be tagged non-cacheable if a cookie needs " + " and HAProxy, as it ensures that a cacheable response will be tagged non-cacheable if a cookie needs " +
"to be inserted. This is important because if all persistence cookies are added on a cacheable home page" + "to be inserted. This is important because if all persistence cookies are added on a cacheable home page" +
" for instance, then all customers will then fetch the page from an outer cache and will all share the " + " for instance, then all customers will then fetch the page from an outer cache and will all share the " +
"same persistence cookie, leading to one server receiving much more traffic than others. See also the " + "same persistence cookie, leading to one server receiving much more traffic than others. See also the " +
"insert and postonly options. ", "insert and postonly options. ",
true); true);
method.addParam( method.addParam(
"indirect", "indirect",
false, false,
"When this option is specified in insert mode, cookies will only be added when the server was not reached" + "When this option is specified in insert mode, cookies will only be added when the server was not reached" +
" after a direct access, which means that only when a server is elected after applying a load-balancing algorithm," + " after a direct access, which means that only when a server is elected after applying a load-balancing algorithm," +
" or after a redispatch, then the cookie will be inserted. If the client has all the required information" + " or after a redispatch, then the cookie will be inserted. If the client has all the required information" +
" to connect to the same server next time, no further cookie will be inserted. In all cases, when the " + " to connect to the same server next time, no further cookie will be inserted. In all cases, when the " +
"indirect option is used in insert mode, the cookie is always removed from the requests transmitted to " + "indirect option is used in insert mode, the cookie is always removed from the requests transmitted to " +
"the server. The persistence mechanism then becomes totally transparent from the application point of view.", "the server. The persistence mechanism then becomes totally transparent from the application point of view.",
true); true);
method.addParam( method.addParam(
"postonly", "postonly",
false, false,
"This option ensures that cookie insertion will only be performed on responses to POST requests. It is an" + "This option ensures that cookie insertion will only be performed on responses to POST requests. It is an" +
" alternative to the nocache option, because POST responses are not cacheable, so this ensures that the " + " alternative to the nocache option, because POST responses are not cacheable, so this ensures that the " +
"persistence cookie will never get cached.Since most sites do not need any sort of persistence before the" + "persistence cookie will never get cached.Since most sites do not need any sort of persistence before the" +
" first POST which generally is a login request, this is a very efficient method to optimize caching " + " first POST which generally is a login request, this is a very efficient method to optimize caching " +
"without risking to find a persistence cookie in the cache. See also the insert and nocache options.", "without risking to find a persistence cookie in the cache. See also the insert and nocache options.",
true); true);
method.addParam( method.addParam(
"domain", "domain",
false, false,
"This option allows to specify the domain at which a cookie is inserted. It requires exactly one parameter:" + "This option allows to specify the domain at which a cookie is inserted. It requires exactly one parameter:" +
" a valid domain name. If the domain begins with a dot, the browser is allowed to use it for any host " + " a valid domain name. If the domain begins with a dot, the browser is allowed to use it for any host " +
"ending with that name. It is also possible to specify several domain names by invoking this option multiple" + "ending with that name. It is also possible to specify several domain names by invoking this option multiple" +
" times. Some browsers might have small limits on the number of domains, so be careful when doing that. " + " times. Some browsers might have small limits on the number of domains, so be careful when doing that. " +
"For the record, sending 10 domains to MSIE 6 or Firefox 2 works as expected.", "For the record, sending 10 domains to MSIE 6 or Firefox 2 works as expected.",
false); false);
methodList.add(method); methodList.add(method);
method = new LbStickinessMethod(StickinessMethodType.AppCookieBased, method = new LbStickinessMethod(StickinessMethodType.AppCookieBased,
"This is App session based sticky method. Define session stickiness on an existing application cookie. " + "This is App session based sticky method. Define session stickiness on an existing application cookie. " +
"It can be used only for a specific http traffic"); "It can be used only for a specific http traffic");
method.addParam("cookie-name", false, "This is the name of the cookie used by the application and which LB will " + method.addParam("cookie-name", false, "This is the name of the cookie used by the application and which LB will " +
"have to learn for each new session. Default value: Auto geneared based on ip", false); "have to learn for each new session. Default value: Auto geneared based on ip", false);
method.addParam("length", false, "This is the max number of characters that will be memorized and checked in " + method.addParam("length", false, "This is the max number of characters that will be memorized and checked in " +
"each cookie value. Default value:52", false); "each cookie value. Default value:52", false);
method.addParam( method.addParam(
"holdtime", "holdtime",
false, false,
"This is the time after which the cookie will be removed from memory if unused. The value should be in " + "This is the time after which the cookie will be removed from memory if unused. The value should be in " +
"the format Example : 20s or 30m or 4h or 5d . only seconds(s), minutes(m) hours(h) and days(d) are valid," + "the format Example : 20s or 30m or 4h or 5d . only seconds(s), minutes(m) hours(h) and days(d) are valid," +
" cannot use th combinations like 20h30m. Default value:3h ", " cannot use th combinations like 20h30m. Default value:3h ",
false); false);
method.addParam( method.addParam(
"request-learn", "request-learn",
false, false,
@ -516,24 +525,24 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
"prefix", "prefix",
false, false,
"When this option is specified, haproxy will match on the cookie prefix (or URL parameter prefix). " + "When this option is specified, haproxy will match on the cookie prefix (or URL parameter prefix). " +
"The appsession value is the data following this prefix. Example : appsession ASPSESSIONID len 64 timeout 3h prefix This will match the cookie ASPSESSIONIDXXXX=XXXXX, the appsession value will be XXXX=XXXXX.", "The appsession value is the data following this prefix. Example : appsession ASPSESSIONID len 64 timeout 3h prefix This will match the cookie ASPSESSIONIDXXXX=XXXXX, the appsession value will be XXXX=XXXXX.",
true); true);
method.addParam( method.addParam(
"mode", "mode",
false, false,
"This option allows to change the URL parser mode. 2 modes are currently supported : - path-parameters " + "This option allows to change the URL parser mode. 2 modes are currently supported : - path-parameters " +
": The parser looks for the appsession in the path parameters part (each parameter is separated by a semi-colon), " + ": The parser looks for the appsession in the path parameters part (each parameter is separated by a semi-colon), " +
"which is convenient for JSESSIONID for example.This is the default mode if the option is not set. - query-string :" + "which is convenient for JSESSIONID for example.This is the default mode if the option is not set. - query-string :" +
" In this mode, the parser will look for the appsession in the query string.", " In this mode, the parser will look for the appsession in the query string.",
false); false);
methodList.add(method); methodList.add(method);
method = new LbStickinessMethod(StickinessMethodType.SourceBased, "This is source based Stickiness method, " + method = new LbStickinessMethod(StickinessMethodType.SourceBased, "This is source based Stickiness method, " +
"it can be used for any type of protocol."); "it can be used for any type of protocol.");
method.addParam("tablesize", false, "Size of table to store source ip addresses. example: tablesize=200k or 300m" + method.addParam("tablesize", false, "Size of table to store source ip addresses. example: tablesize=200k or 300m" +
" or 400g. Default value:200k", false); " or 400g. Default value:200k", false);
method.addParam("expire", false, "Entry in source ip table will expire after expire duration. units can be s,m,h,d ." + method.addParam("expire", false, "Entry in source ip table will expire after expire duration. units can be s,m,h,d ." +
" example: expire=30m 20s 50h 4d. Default value:3h", false); " example: expire=30m 20s 50h 4d. Default value:3h", false);
methodList.add(method); methodList.add(method);
Gson gson = new Gson(); Gson gson = new Gson();
@ -593,7 +602,7 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(config.getId(), Role.VIRTUAL_ROUTER); List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(config.getId(), Role.VIRTUAL_ROUTER);
if (routers == null || routers.isEmpty()) { if (routers == null || routers.isEmpty()) {
s_logger.debug("Virtual router elemnt doesn't need to apply static nat on the backend; virtual " + s_logger.debug("Virtual router elemnt doesn't need to apply static nat on the backend; virtual " +
"router doesn't exist in the network " + config.getId()); "router doesn't exist in the network " + config.getId());
return true; return true;
} }
@ -694,7 +703,7 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER); List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER);
if (routers == null || routers.isEmpty()) { if (routers == null || routers.isEmpty()) {
s_logger.debug("Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual " + s_logger.debug("Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual " +
"router doesn't exist in the network " + network.getId()); "router doesn't exist in the network " + network.getId());
return true; return true;
} }
@ -764,7 +773,7 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
@Override @Override
public boolean addDhcpEntry(Network network, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm, public boolean addDhcpEntry(Network network, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm,
DeployDestination dest, ReservationContext context) DeployDestination dest, ReservationContext context)
throws ConcurrentOperationException, InsufficientCapacityException, ResourceUnavailableException { throws ConcurrentOperationException, InsufficientCapacityException, ResourceUnavailableException {
if (canHandle(network, Service.Dhcp)) { if (canHandle(network, Service.Dhcp)) {
if (vm.getType() != VirtualMachine.Type.User) { if (vm.getType() != VirtualMachine.Type.User) {
return false; return false;
@ -787,7 +796,7 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
@Override @Override
public boolean addPasswordAndUserdata(Network network, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm, public boolean addPasswordAndUserdata(Network network, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm,
DeployDestination dest, ReservationContext context) DeployDestination dest, ReservationContext context)
throws ConcurrentOperationException, InsufficientCapacityException, ResourceUnavailableException { throws ConcurrentOperationException, InsufficientCapacityException, ResourceUnavailableException {
if (canHandle(network, Service.UserData)) { if (canHandle(network, Service.UserData)) {
if (vm.getType() != VirtualMachine.Type.User) { if (vm.getType() != VirtualMachine.Type.User) {
return false; return false;

79
server/src/com/cloud/network/firewall/FirewallManagerImpl.java
View File

@ -61,6 +61,7 @@ import com.cloud.user.Account;
import com.cloud.user.AccountManager; import com.cloud.user.AccountManager;
import com.cloud.user.DomainManager; import com.cloud.user.DomainManager;
import com.cloud.user.UserContext; import com.cloud.user.UserContext;
import com.cloud.utils.IdentityProxy;
import com.cloud.utils.Ternary; import com.cloud.utils.Ternary;
import com.cloud.utils.component.Inject; import com.cloud.utils.component.Inject;
import com.cloud.utils.component.Manager; import com.cloud.utils.component.Manager;
@ -152,8 +153,8 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
IPAddressVO ipAddress = _ipAddressDao.findById(ipAddrId); IPAddressVO ipAddress = _ipAddressDao.findById(ipAddrId);
// Validate ip address // Validate ip address
if (ipAddress == null && type == FirewallRule.FirewallRuleType.User) { if (ipAddress == null && type == FirewallRule.FirewallRuleType.User) {
throw new InvalidParameterValueException("Unable to create firewall rule; ip id=" + ipAddrId + throw new InvalidParameterValueException("Unable to create firewall rule; " +
" doesn't exist in the system"); "couldn't locate IP address by id in the system", null);
} }
_networkMgr.checkIpForService(ipAddress, Service.Firewall); _networkMgr.checkIpForService(ipAddress, Service.Firewall);
@ -162,11 +163,11 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
// icmp code and icmp type can't be passed in for any other protocol rather than icmp // icmp code and icmp type can't be passed in for any other protocol rather than icmp
if (!protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO) && (icmpCode != null || icmpType != null)) { if (!protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO) && (icmpCode != null || icmpType != null)) {
throw new InvalidParameterValueException("Can specify icmpCode and icmpType for ICMP protocol only"); throw new InvalidParameterValueException("Can specify icmpCode and icmpType for ICMP protocol only", null);
} }
if (protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO) && (portStart != null || portEnd != null)) { if (protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO) && (portStart != null || portEnd != null)) {
throw new InvalidParameterValueException("Can't specify start/end port when protocol is ICMP"); throw new InvalidParameterValueException("Can't specify start/end port when protocol is ICMP", null);
} }
Long accountId = null; Long accountId = null;
@ -209,8 +210,13 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
if (ipId != null) { if (ipId != null) {
IPAddressVO ipAddressVO = _ipAddressDao.findById(ipId); IPAddressVO ipAddressVO = _ipAddressDao.findById(ipId);
if (ipAddressVO == null || !ipAddressVO.readyToUse()) { if (ipAddressVO == null) {
throw new InvalidParameterValueException("Ip address id=" + ipId + " not ready for firewall rules yet"); throw new InvalidParameterValueException("Couldn't locate Ip address by id", null);
}
if (!ipAddressVO.readyToUse()) {
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(ipAddressVO, ipId, "IpId"));
throw new InvalidParameterValueException("Ip address with specified id is not ready for firewall rules yet", idList);
} }
_accountMgr.checkAccess(caller, null, true, ipAddressVO); _accountMgr.checkAccess(caller, null, true, ipAddressVO);
} }
@ -231,16 +237,16 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
if (tags != null && !tags.isEmpty()) { if (tags != null && !tags.isEmpty()) {
SearchBuilder<ResourceTagVO> tagSearch = _resourceTagDao.createSearchBuilder(); SearchBuilder<ResourceTagVO> tagSearch = _resourceTagDao.createSearchBuilder();
for (int count=0; count < tags.size(); count++) { for (int count=0; count < tags.size(); count++) {
tagSearch.or().op("key" + String.valueOf(count), tagSearch.entity().getKey(), SearchCriteria.Op.EQ); tagSearch.or().op("key" + String.valueOf(count), tagSearch.entity().getKey(), SearchCriteria.Op.EQ);
tagSearch.and("value" + String.valueOf(count), tagSearch.entity().getValue(), SearchCriteria.Op.EQ); tagSearch.and("value" + String.valueOf(count), tagSearch.entity().getValue(), SearchCriteria.Op.EQ);
tagSearch.cp(); tagSearch.cp();
}
tagSearch.and("resourceType", tagSearch.entity().getResourceType(), SearchCriteria.Op.EQ);
sb.groupBy(sb.entity().getId());
sb.join("tagSearch", tagSearch, sb.entity().getId(), tagSearch.entity().getResourceId(), JoinBuilder.JoinType.INNER);
} }
tagSearch.and("resourceType", tagSearch.entity().getResourceType(), SearchCriteria.Op.EQ);
sb.groupBy(sb.entity().getId());
sb.join("tagSearch", tagSearch, sb.entity().getId(), tagSearch.entity().getResourceId(), JoinBuilder.JoinType.INNER);
}
SearchCriteria<FirewallRuleVO> sc = sb.create(); SearchCriteria<FirewallRuleVO> sc = sb.create();
_accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); _accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
@ -273,7 +279,7 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
List<FirewallRuleVO> rules = _firewallDao.listByIpAndPurposeAndNotRevoked(newRule.getSourceIpAddressId(), null); List<FirewallRuleVO> rules = _firewallDao.listByIpAndPurposeAndNotRevoked(newRule.getSourceIpAddressId(), null);
assert (rules.size() >= 1) : "For network rules, we now always first persist the rule and then check for " + assert (rules.size() >= 1) : "For network rules, we now always first persist the rule and then check for " +
"network conflicts so we should at least have one rule at this point."; "network conflicts so we should at least have one rule at this point.";
for (FirewallRuleVO rule : rules) { for (FirewallRuleVO rule : rules) {
if (rule.getId() == newRule.getId()) { if (rule.getId() == newRule.getId()) {
@ -282,7 +288,7 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
boolean oneOfRulesIsFirewall = ((rule.getPurpose() == Purpose.Firewall || newRule.getPurpose() == Purpose.Firewall) boolean oneOfRulesIsFirewall = ((rule.getPurpose() == Purpose.Firewall || newRule.getPurpose() == Purpose.Firewall)
&& ((newRule.getPurpose() != rule.getPurpose()) || (!newRule.getProtocol() && ((newRule.getPurpose() != rule.getPurpose()) || (!newRule.getProtocol()
.equalsIgnoreCase(rule.getProtocol())))); .equalsIgnoreCase(rule.getProtocol()))));
// if both rules are firewall and their cidrs are different, we can skip port ranges verification // if both rules are firewall and their cidrs are different, we can skip port ranges verification
boolean bothRulesFirewall = (rule.getPurpose() == newRule.getPurpose() && rule.getPurpose() == Purpose.Firewall); boolean bothRulesFirewall = (rule.getPurpose() == newRule.getPurpose() && rule.getPurpose() == Purpose.Firewall);
@ -323,7 +329,9 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
if (newRule.getIcmpCode().longValue() == rule.getIcmpCode().longValue() if (newRule.getIcmpCode().longValue() == rule.getIcmpCode().longValue()
&& newRule.getIcmpType().longValue() == rule.getIcmpType().longValue() && newRule.getIcmpType().longValue() == rule.getIcmpType().longValue()
&& newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()) && duplicatedCidrs) { && newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()) && duplicatedCidrs) {
throw new InvalidParameterValueException("New rule conflicts with existing rule id=" + rule.getId()); List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(rule, rule.getId(), "ruleId"));
throw new InvalidParameterValueException("New rule conflicts with existing rule with specified id", idList);
} }
} }
@ -334,12 +342,12 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
} else if (!oneOfRulesIsFirewall && !(bothRulesFirewall && !duplicatedCidrs) } else if (!oneOfRulesIsFirewall && !(bothRulesFirewall && !duplicatedCidrs)
&& ((rule.getSourcePortStart().intValue() <= newRule.getSourcePortStart().intValue() && ((rule.getSourcePortStart().intValue() <= newRule.getSourcePortStart().intValue()
&& rule.getSourcePortEnd().intValue() >= newRule.getSourcePortStart().intValue()) && rule.getSourcePortEnd().intValue() >= newRule.getSourcePortStart().intValue())
|| (rule.getSourcePortStart().intValue() <= newRule.getSourcePortEnd().intValue() || (rule.getSourcePortStart().intValue() <= newRule.getSourcePortEnd().intValue()
&& rule.getSourcePortEnd().intValue() >= newRule.getSourcePortEnd().intValue()) && rule.getSourcePortEnd().intValue() >= newRule.getSourcePortEnd().intValue())
|| (newRule.getSourcePortStart().intValue() <= rule.getSourcePortStart().intValue() || (newRule.getSourcePortStart().intValue() <= rule.getSourcePortStart().intValue()
&& newRule.getSourcePortEnd().intValue() >= rule.getSourcePortStart().intValue()) && newRule.getSourcePortEnd().intValue() >= rule.getSourcePortStart().intValue())
|| (newRule.getSourcePortStart().intValue() <= rule.getSourcePortEnd().intValue() || (newRule.getSourcePortStart().intValue() <= rule.getSourcePortEnd().intValue()
&& newRule.getSourcePortEnd().intValue() >= rule.getSourcePortEnd().intValue()))) { && newRule.getSourcePortEnd().intValue() >= rule.getSourcePortEnd().intValue()))) {
// we allow port forwarding rules with the same parameters but different protocols // we allow port forwarding rules with the same parameters but different protocols
boolean allowPf = (rule.getPurpose() == Purpose.PortForwarding && newRule.getPurpose() == Purpose.PortForwarding boolean allowPf = (rule.getPurpose() == Purpose.PortForwarding && newRule.getPurpose() == Purpose.PortForwarding
@ -363,15 +371,15 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
public void validateFirewallRule(Account caller, IPAddressVO ipAddress, Integer portStart, Integer portEnd, public void validateFirewallRule(Account caller, IPAddressVO ipAddress, Integer portStart, Integer portEnd,
String proto, Purpose purpose, FirewallRuleType type) { String proto, Purpose purpose, FirewallRuleType type) {
if (portStart != null && !NetUtils.isValidPort(portStart)) { if (portStart != null && !NetUtils.isValidPort(portStart)) {
throw new InvalidParameterValueException("publicPort is an invalid value: " + portStart); throw new InvalidParameterValueException("publicPort is an invalid value: " + portStart, null);
} }
if (portEnd != null && !NetUtils.isValidPort(portEnd)) { if (portEnd != null && !NetUtils.isValidPort(portEnd)) {
throw new InvalidParameterValueException("Public port range is an invalid value: " + portEnd); throw new InvalidParameterValueException("Public port range is an invalid value: " + portEnd, null);
} }
// start port can't be bigger than end port // start port can't be bigger than end port
if (portStart != null && portEnd != null && portStart > portEnd) { if (portStart != null && portEnd != null && portStart > portEnd) {
throw new InvalidParameterValueException("Start port can't be bigger than end port"); throw new InvalidParameterValueException("Start port can't be bigger than end port", null);
} }
if (ipAddress == null && type == FirewallRuleType.System) { if (ipAddress == null && type == FirewallRuleType.System) {
@ -384,8 +392,9 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
Long networkId = null; Long networkId = null;
if (ipAddress.getAssociatedWithNetworkId() == null) { if (ipAddress.getAssociatedWithNetworkId() == null) {
throw new InvalidParameterValueException("Unable to create firewall rule ; ip id=" + List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
ipAddress.getId() + " is not associated with any network"); idList.add(new IdentityProxy(ipAddress, ipAddress.getId(), "IpId"));
throw new InvalidParameterValueException("Unable to create firewall rule ; ip with specified id is not associated with any network", idList);
} else { } else {
networkId = ipAddress.getAssociatedWithNetworkId(); networkId = ipAddress.getAssociatedWithNetworkId();
} }
@ -407,9 +416,11 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
if (caps != null) { if (caps != null) {
String supportedProtocols = caps.get(Capability.SupportedProtocols).toLowerCase(); String supportedProtocols = caps.get(Capability.SupportedProtocols).toLowerCase();
if (!supportedProtocols.contains(proto.toLowerCase())) { if (!supportedProtocols.contains(proto.toLowerCase())) {
throw new InvalidParameterValueException("Protocol " + proto + " is not supported in zone " + network.getDataCenterId()); List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(network, network.getDataCenterId(), "dcId"));
throw new InvalidParameterValueException("Protocol " + proto + " is not supported in zone with specified id", idList);
} else if (proto.equalsIgnoreCase(NetUtils.ICMP_PROTO) && purpose != Purpose.Firewall) { } else if (proto.equalsIgnoreCase(NetUtils.ICMP_PROTO) && purpose != Purpose.Firewall) {
throw new InvalidParameterValueException("Protocol " + proto + " is currently supported only for rules with purpose " + Purpose.Firewall); throw new InvalidParameterValueException("Protocol " + proto + " is currently supported only for rules with purpose " + Purpose.Firewall, null);
} }
} }
} }
@ -504,11 +515,11 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
FirewallRuleVO rule = _firewallDao.findById(ruleId); FirewallRuleVO rule = _firewallDao.findById(ruleId);
if (rule == null || rule.getPurpose() != Purpose.Firewall) { if (rule == null || rule.getPurpose() != Purpose.Firewall) {
throw new InvalidParameterValueException("Unable to find " + ruleId + " having purpose " + Purpose.Firewall); throw new InvalidParameterValueException("Unable to find rule having purpose " + Purpose.Firewall, null);
} }
if (rule.getType() == FirewallRuleType.System && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { if (rule.getType() == FirewallRuleType.System && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
throw new InvalidParameterValueException("Only root admin can delete the system wide firewall rule"); throw new InvalidParameterValueException("Only root admin can delete the system wide firewall rule", null);
} }
_accountMgr.checkAccess(caller, null, true, rule); _accountMgr.checkAccess(caller, null, true, rule);
@ -602,7 +613,7 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
@Override @Override
public FirewallRule createRuleForAllCidrs(long ipAddrId, Account caller, public FirewallRule createRuleForAllCidrs(long ipAddrId, Account caller,
Integer startPort, Integer endPort, String protocol, Integer icmpCode, Integer icmpType, Long relatedRuleId, long networkId) Integer startPort, Integer endPort, String protocol, Integer icmpCode, Integer icmpType, Long relatedRuleId, long networkId)
throws NetworkRuleConflictException { throws NetworkRuleConflictException {
// If firwallRule for this port range already exists, return it // If firwallRule for this port range already exists, return it
List<FirewallRuleVO> rules = _firewallDao.listByIpPurposeAndProtocolAndNotRevoked(ipAddrId, startPort, endPort, List<FirewallRuleVO> rules = _firewallDao.listByIpPurposeAndProtocolAndNotRevoked(ipAddrId, startPort, endPort,

20
server/src/com/cloud/network/guru/DirectNetworkGuru.java
View File

@ -70,17 +70,17 @@ public class DirectNetworkGuru extends AdapterBase implements NetworkGuru {
@Override @Override
public boolean isMyTrafficType(TrafficType type) { public boolean isMyTrafficType(TrafficType type) {
for (TrafficType t : _trafficTypes) { for (TrafficType t : _trafficTypes) {
if (t == type) { if (t == type) {
return true; return true;
} }
} }
return false; return false;
} }
@Override @Override
public TrafficType[] getSupportedTrafficType() { public TrafficType[] getSupportedTrafficType() {
return _trafficTypes; return _trafficTypes;
} }
protected boolean canHandle(NetworkOffering offering, DataCenter dc) { protected boolean canHandle(NetworkOffering offering, DataCenter dc) {
@ -110,7 +110,7 @@ public class DirectNetworkGuru extends AdapterBase implements NetworkGuru {
if (userSpecified != null) { if (userSpecified != null) {
if ((userSpecified.getCidr() == null && userSpecified.getGateway() != null) || (userSpecified.getCidr() != null && userSpecified.getGateway() == null)) { if ((userSpecified.getCidr() == null && userSpecified.getGateway() != null) || (userSpecified.getCidr() != null && userSpecified.getGateway() == null)) {
throw new InvalidParameterValueException("cidr and gateway must be specified together."); throw new InvalidParameterValueException("cidr and gateway must be specified together.", null);
} }
if (userSpecified.getCidr() != null) { if (userSpecified.getCidr() != null) {
@ -152,7 +152,7 @@ public class DirectNetworkGuru extends AdapterBase implements NetworkGuru {
@Override @Override
public NicProfile allocate(Network network, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm) throws InsufficientVirtualNetworkCapcityException, public NicProfile allocate(Network network, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm) throws InsufficientVirtualNetworkCapcityException,
InsufficientAddressCapacityException, ConcurrentOperationException { InsufficientAddressCapacityException, ConcurrentOperationException {
DataCenter dc = _dcDao.findById(network.getDataCenterId()); DataCenter dc = _dcDao.findById(network.getDataCenterId());
@ -191,7 +191,7 @@ public class DirectNetworkGuru extends AdapterBase implements NetworkGuru {
@Override @DB @Override @DB
public void deallocate(Network network, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm) { public void deallocate(Network network, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm) {
if (s_logger.isDebugEnabled()) { if (s_logger.isDebugEnabled()) {
s_logger.debug("Deallocate network: networkId: " + nic.getNetworkId() + ", ip: " + nic.getIp4Address()); s_logger.debug("Deallocate network: networkId: " + nic.getNetworkId() + ", ip: " + nic.getIp4Address());
} }

14
server/src/com/cloud/network/guru/GuestNetworkGuru.java
View File

@ -136,7 +136,7 @@ public class GuestNetworkGuru extends AdapterBase implements NetworkGuru {
if (userSpecified != null) { if (userSpecified != null) {
if ((userSpecified.getCidr() == null && userSpecified.getGateway() != null) || if ((userSpecified.getCidr() == null && userSpecified.getGateway() != null) ||
(userSpecified.getCidr() != null && userSpecified.getGateway() == null)) { (userSpecified.getCidr() != null && userSpecified.getGateway() == null)) {
throw new InvalidParameterValueException("cidr and gateway must be specified together."); throw new InvalidParameterValueException("cidr and gateway must be specified together.", null);
} }
if (userSpecified.getCidr() != null) { if (userSpecified.getCidr() != null) {
@ -255,12 +255,12 @@ public class GuestNetworkGuru extends AdapterBase implements NetworkGuru {
} }
protected void allocateVnet(Network network, NetworkVO implemented, long dcId, protected void allocateVnet(Network network, NetworkVO implemented, long dcId,
long physicalNetworkId, String reservationId) throws InsufficientVirtualNetworkCapcityException { long physicalNetworkId, String reservationId) throws InsufficientVirtualNetworkCapcityException {
if (network.getBroadcastUri() == null) { if (network.getBroadcastUri() == null) {
String vnet = _dcDao.allocateVnet(dcId, physicalNetworkId, network.getAccountId(), reservationId); String vnet = _dcDao.allocateVnet(dcId, physicalNetworkId, network.getAccountId(), reservationId);
if (vnet == null) { if (vnet == null) {
throw new InsufficientVirtualNetworkCapcityException("Unable to allocate vnet as a " + throw new InsufficientVirtualNetworkCapcityException("Unable to allocate vnet as a " +
"part of network " + network + " implement ", DataCenter.class, dcId); "part of network " + network + " implement ", DataCenter.class, dcId);
} }
implemented.setBroadcastUri(BroadcastDomainType.Vlan.toUri(vnet)); implemented.setBroadcastUri(BroadcastDomainType.Vlan.toUri(vnet));
EventUtils.saveEvent(UserContext.current().getCallerUserId(), network.getAccountId(), EventUtils.saveEvent(UserContext.current().getCallerUserId(), network.getAccountId(),
@ -299,10 +299,10 @@ public class GuestNetworkGuru extends AdapterBase implements NetworkGuru {
@Override @Override
public NicProfile allocate(Network network, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm) public NicProfile allocate(Network network, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm)
throws InsufficientVirtualNetworkCapcityException, throws InsufficientVirtualNetworkCapcityException,
InsufficientAddressCapacityException { InsufficientAddressCapacityException {
assert (network.getTrafficType() == TrafficType.Guest) : "Look at my name! Why are you calling" + assert (network.getTrafficType() == TrafficType.Guest) : "Look at my name! Why are you calling" +
" me when the traffic type is : " + network.getTrafficType(); " me when the traffic type is : " + network.getTrafficType();
if (nic == null) { if (nic == null) {
nic = new NicProfile(ReservationStrategy.Start, null, null, null, null); nic = new NicProfile(ReservationStrategy.Start, null, null, null, null);
@ -363,7 +363,7 @@ public class GuestNetworkGuru extends AdapterBase implements NetworkGuru {
@Override @Override
public void reserve(NicProfile nic, Network network, VirtualMachineProfile<? extends VirtualMachine> vm, public void reserve(NicProfile nic, Network network, VirtualMachineProfile<? extends VirtualMachine> vm,
DeployDestination dest, ReservationContext context) DeployDestination dest, ReservationContext context)
throws InsufficientVirtualNetworkCapcityException, InsufficientAddressCapacityException { throws InsufficientVirtualNetworkCapcityException, InsufficientAddressCapacityException {
assert (nic.getReservationStrategy() == ReservationStrategy.Start) : "What can I do for nics that are not allocated at start? "; assert (nic.getReservationStrategy() == ReservationStrategy.Start) : "What can I do for nics that are not allocated at start? ";
nic.setBroadcastUri(network.getBroadcastUri()); nic.setBroadcastUri(network.getBroadcastUri());
@ -385,7 +385,7 @@ public class GuestNetworkGuru extends AdapterBase implements NetworkGuru {
profile.getPhysicalNetworkId(), profile.getAccountId(), profile.getReservationId()); profile.getPhysicalNetworkId(), profile.getAccountId(), profile.getReservationId());
EventUtils.saveEvent(UserContext.current().getCallerUserId(), profile.getAccountId(), EventUtils.saveEvent(UserContext.current().getCallerUserId(), profile.getAccountId(),
EventVO.LEVEL_INFO, EventTypes.EVENT_ZONE_VLAN_RELEASE, "Released Zone Vlan: " EventVO.LEVEL_INFO, EventTypes.EVENT_ZONE_VLAN_RELEASE, "Released Zone Vlan: "
+profile.getBroadcastUri().getHost()+" for Network: "+profile.getId(), 0); +profile.getBroadcastUri().getHost()+" for Network: "+profile.getId(), 0);
profile.setBroadcastUri(null); profile.setBroadcastUri(null);
} }
} }

7
server/src/com/cloud/network/guru/PrivateNetworkGuru.java
View File

@ -21,7 +21,6 @@ import com.cloud.dc.DataCenter;
import com.cloud.dc.DataCenter.NetworkType; import com.cloud.dc.DataCenter.NetworkType;
import com.cloud.deploy.DeployDestination; import com.cloud.deploy.DeployDestination;
import com.cloud.deploy.DeploymentPlan; import com.cloud.deploy.DeploymentPlan;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientAddressCapacityException; import com.cloud.exception.InsufficientAddressCapacityException;
import com.cloud.exception.InsufficientVirtualNetworkCapcityException; import com.cloud.exception.InsufficientVirtualNetworkCapcityException;
import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.InvalidParameterValueException;
@ -106,14 +105,14 @@ public class PrivateNetworkGuru extends AdapterBase implements NetworkGuru {
if (userSpecified != null) { if (userSpecified != null) {
if ((userSpecified.getCidr() == null && userSpecified.getGateway() != null) || if ((userSpecified.getCidr() == null && userSpecified.getGateway() != null) ||
(userSpecified.getCidr() != null && userSpecified.getGateway() == null)) { (userSpecified.getCidr() != null && userSpecified.getGateway() == null)) {
throw new InvalidParameterValueException("cidr and gateway must be specified together."); throw new InvalidParameterValueException("cidr and gateway must be specified together.", null);
} }
if (userSpecified.getCidr() != null) { if (userSpecified.getCidr() != null) {
network.setCidr(userSpecified.getCidr()); network.setCidr(userSpecified.getCidr());
network.setGateway(userSpecified.getGateway()); network.setGateway(userSpecified.getGateway());
} else { } else {
throw new InvalidParameterValueException("Can't design network " + network + "; netmask/gateway must be passed in"); throw new InvalidParameterValueException("Can't design network " + network + "; netmask/gateway must be passed in", null);
} }
if (offering.getSpecifyVlan()) { if (offering.getSpecifyVlan()) {
@ -210,7 +209,7 @@ public class PrivateNetworkGuru extends AdapterBase implements NetworkGuru {
@Override @Override
public void reserve(NicProfile nic, Network network, VirtualMachineProfile<? extends VirtualMachine> vm, public void reserve(NicProfile nic, Network network, VirtualMachineProfile<? extends VirtualMachine> vm,
DeployDestination dest, ReservationContext context) DeployDestination dest, ReservationContext context)
throws InsufficientVirtualNetworkCapcityException, InsufficientAddressCapacityException { throws InsufficientVirtualNetworkCapcityException, InsufficientAddressCapacityException {
if (nic.getIp4Address() == null) { if (nic.getIp4Address() == null) {
getIp(nic, _configMgr.getZone(network.getDataCenterId()), network); getIp(nic, _configMgr.getZone(network.getDataCenterId()), network);
nic.setStrategy(ReservationStrategy.Create); nic.setStrategy(ReservationStrategy.Create);