b2a5e26c06
bug 10792: add default system wide firewall rule
...
status 10792: resolved fixed
2011-11-15 16:51:30 -08:00
3a845d2d75
Keep Service/Provider map per network as well as per networkOffering (to handle the case when there are multiple providers defined for the same service in the network offering, and only one is picked when the network is created)
2011-11-07 16:16:03 -08:00
525a0a7675
1)Changed implementation for restart network: call shutdown/implement methods as a part of it
...
2)Re-apply all existing firewall rules as a part of implement call. TODO: Cleanup all existing rules from the backend (leave them in the DB) as a part of shutdown call
2011-10-25 18:24:24 -07:00
780e0efe79
Removing references to DataCenter - providers, using the networkoffering -> providers map instead.
...
TODO:
- Still leaving the provider columns in data_center schema as-is for CloudKit and BareMetal
- ExternalNetworkDeviceMgrImpl still needs to fix the dataCenter.setProviders calls and externalNetworkApplicance usage checks to see if zone has external networking.
2011-10-24 18:06:33 -07:00
6379c9c61e
Return false when failed to apply the rules on the backend
2011-10-24 17:55:04 -07:00
25c2734e03
More stuff to Projects feature - added support for adding resources (vms, templates, isos) to the project
2011-10-05 13:24:25 -07:00
12e25fb988
Implemented vm* api commands to be executed against the project
2011-09-29 10:20:51 -07:00
a1cab92ae1
bug 11537: revoke related FirewallRules when do vmExpunge and ipAddress release.
...
status 11537: resolved fixed
Reviewed-by: edison@cloud.com
Conflicts:
server/src/com/cloud/network/firewall/FirewallManagerImpl.java
server/src/com/cloud/vm/UserVmManagerImpl.java
2011-09-22 14:01:02 -07:00
a1331d1cfc
Intermidiate checkin to Project feature:
...
1) Introduce new managers - ProjectManager and DomainManager. Moved all domain related code from AccountManager to DomainManager.
2) Moved some code from ManagementServerImpl to the correct managers.
3) New resource limit for Domain - Project
2011-09-20 18:35:28 -07:00
b6f58b77b8
bug 11462: 1) when delete PF rule, revoke corresponding firewall first (if exists) 2) never remove PF rule from the table when corresponding firewall rule wasn't removed yet
...
status 11462: resolved fixed
Reviewed-by: edison@cloud.com
Conflicts:
server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
2011-09-20 10:32:57 -07:00
8c53dbcdd7
bug 11185: support multiple CIDR on overlapping port ranges for firewall rules
...
status 11185: resolved fixed
Conflicts:
server/src/com/cloud/network/firewall/FirewallManagerImpl.java
Conflicts:
api/src/com/cloud/network/firewall/FirewallService.java
server/src/com/cloud/network/firewall/FirewallManagerImpl.java
server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
server/src/com/cloud/network/rules/RulesManagerImpl.java
2011-08-25 12:21:11 -07:00
e3f179844e
bug 11236: domainAdmin/regularUser can edit/delete/copy/extract Public template/iso only if it was created by them. They still can use/see public template/iso when execute list/deploy/attachIso commands. Root admin can operate with other people templates w/o any restrictions.
...
status 11236: resolved fixed
2011-08-24 14:48:35 -07:00
8a7feb8ec1
Merge branch '2.2.y'
...
Conflicts:
agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java
api/src/com/cloud/agent/api/routing/LoadBalancerConfigCommand.java
api/src/com/cloud/agent/api/to/FirewallRuleTO.java
api/src/com/cloud/agent/api/to/IpAddressTO.java
api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java
api/src/com/cloud/api/ApiConstants.java
api/src/com/cloud/api/BaseCmd.java
api/src/com/cloud/api/ResponseGenerator.java
api/src/com/cloud/api/commands/CreateFirewallRuleCmd.java
api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java
api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java
api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
api/src/com/cloud/api/commands/DeleteLoadBalancerRuleCmd.java
api/src/com/cloud/api/commands/ListCapabilitiesCmd.java
api/src/com/cloud/api/commands/UpdateNetworkCmd.java
api/src/com/cloud/api/response/CapabilitiesResponse.java
api/src/com/cloud/network/Network.java
api/src/com/cloud/network/NetworkService.java
api/src/com/cloud/network/firewall/FirewallService.java
api/src/com/cloud/network/lb/LoadBalancingRule.java
api/src/com/cloud/network/lb/LoadBalancingRulesService.java
api/src/com/cloud/network/rules/FirewallRule.java
api/src/com/cloud/network/rules/RulesService.java
api/src/com/cloud/offering/NetworkOffering.java
client/tomcatconf/commands.properties.in
cloud.spec
core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
core/src/com/cloud/hypervisor/xen/resource/CitrixHelper.java
core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
core/src/com/cloud/storage/template/DownloadManagerImpl.java
core/src/com/cloud/vm/DomainRouterVO.java
debian/cloud-deps.install
patches/systemvm/debian/config/etc/init.d/cloud-early-config
patches/systemvm/debian/config/root/ipassoc.sh
patches/systemvm/debian/config/root/loadbalancer.sh
scripts/vm/hypervisor/kvm/rundomrpre.sh
scripts/vm/hypervisor/xenserver/vmops
server/src/com/cloud/agent/manager/AgentAttache.java
server/src/com/cloud/agent/manager/AgentManagerImpl.java
server/src/com/cloud/agent/manager/AgentMonitor.java
server/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
server/src/com/cloud/alert/ClusterAlertAdapter.java
server/src/com/cloud/api/ApiResponseHelper.java
server/src/com/cloud/api/ApiServer.java
server/src/com/cloud/cluster/ClusterManagerImpl.java
server/src/com/cloud/configuration/Config.java
server/src/com/cloud/configuration/ConfigurationManager.java
server/src/com/cloud/configuration/ConfigurationManagerImpl.java
server/src/com/cloud/configuration/DefaultComponentLibrary.java
server/src/com/cloud/deploy/FirstFitPlanner.java
server/src/com/cloud/ha/HighAvailabilityManagerImpl.java
server/src/com/cloud/host/dao/HostDaoImpl.java
server/src/com/cloud/hypervisor/xen/discoverer/XcpServerDiscoverer.java
server/src/com/cloud/network/LoadBalancerVO.java
server/src/com/cloud/network/NetworkManager.java
server/src/com/cloud/network/NetworkManagerImpl.java
server/src/com/cloud/network/dao/FirewallRulesDao.java
server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java
server/src/com/cloud/network/element/DhcpElement.java
server/src/com/cloud/network/element/VirtualRouterElement.java
server/src/com/cloud/network/firewall/FirewallManagerImpl.java
server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java
server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
server/src/com/cloud/network/rules/FirewallManager.java
server/src/com/cloud/network/rules/FirewallRuleVO.java
server/src/com/cloud/network/rules/PortForwardingRuleVO.java
server/src/com/cloud/network/rules/RulesManagerImpl.java
server/src/com/cloud/network/rules/StaticNatRuleImpl.java
server/src/com/cloud/network/security/SecurityGroupListener.java
server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
server/src/com/cloud/offerings/NetworkOfferingVO.java
server/src/com/cloud/server/ConfigurationServerImpl.java
server/src/com/cloud/server/ManagementServerImpl.java
server/src/com/cloud/storage/StorageManager.java
server/src/com/cloud/storage/StorageManagerImpl.java
server/src/com/cloud/storage/dao/VMTemplateHostDaoImpl.java
server/src/com/cloud/storage/download/DownloadMonitorImpl.java
server/src/com/cloud/upgrade/DatabaseUpgradeChecker.java
server/src/com/cloud/upgrade/dao/Upgrade228to229.java
server/src/com/cloud/upgrade/dao/Upgrade229to2210.java
server/src/com/cloud/user/AccountManagerImpl.java
server/src/com/cloud/vm/UserVmManagerImpl.java
server/src/com/cloud/vm/VirtualMachineManagerImpl.java
server/src/com/cloud/vm/dao/DomainRouterDao.java
server/src/com/cloud/vm/dao/DomainRouterDaoImpl.java
setup/db/create-index-fk.sql
setup/db/create-schema.sql
setup/db/db/schema-222to224.sql
setup/db/db/schema-227to228.sql
setup/db/db/schema-228to229.sql
setup/db/db/schema-229to2210.sql
tools/testClient/README
ui/scripts/cloud.core.instance.js
utils/src/com/cloud/utils/SerialVersionUID.java
utils/src/com/cloud/utils/db/ConnectionConcierge.java
utils/src/com/cloud/utils/db/Merovingian2.java
utils/src/com/cloud/utils/db/Transaction.java
utils/src/com/cloud/utils/nio/Link.java
utils/src/com/cloud/utils/nio/NioConnection.java
utils/src/com/cloud/utils/time/InaccurateClock.java
2011-08-22 20:28:30 -07:00
11d06f3d6a
Added missing license headers
2011-08-15 14:24:46 -07:00
5fd0ff5610
Added missing license headers
2011-08-15 14:24:28 -07:00
47e8d2b29c
Fixed error message
2011-08-15 10:18:44 -07:00
c63f9fbca2
bug 10561: allowing to create a firewall rule with sameport range but different protocols
2011-08-15 10:18:10 -07:00
803255b0ba
bug 11029: db upgrade from 2.2.9 to 2.2.10 includes firewall_rule upgrade now
...
status 11029: resolved fixed
Commit also includes the following:
* map firewall rule to pf/lb/staticNat/vpn when the firewall rule is created as a part of pf/lb/staticNat/vpn rule creation
* when delete firewall rules, also delete related firewall rule
2011-08-15 10:18:09 -07:00
51af0db682
mass merge 2.2.10
2011-08-11 16:41:52 -07:00
10034bc196
Fixed rule validation for static nat rules
2011-08-11 14:03:49 -07:00
278f2a401f
bug 10561: intermediate checkin for enable/disableStaticNat.
...
1) On enableStaticNat command we actually send the command to the backend (we used to just upgrade the DB in the past). The backend command carries sourceIp and destIp, and creates IP to IP mapping on the domR.
2) On disableStaticNat for the Ip address in addition to cleaning up port ranges, we also delete IP to IP mapping on the domR.
2011-08-11 10:19:22 -07:00
17a8234140
should be able to apply firewall rules to static natted ips
2011-08-10 22:53:07 -07:00
e874109839
bug 11071: when elb service is enabled, don't check supported protocols as the provider is NULL in data_center table
...
status 11071: resolved fixed
2011-08-10 19:25:04 -07:00
0805dbd3fb
Fixed rule validation for ICMP protocol
2011-08-10 19:11:26 -07:00
13a9c1d589
Fixed capability check in rule validation
2011-08-10 18:23:13 -07:00
fe3dd44bec
ICMP protocol is supported in createFirewallRule command only; throw an error if specified in createPF/StaticNat/LB rule
2011-08-10 12:56:25 -07:00
949ad3f4c4
bug 10561: readding source cidr changes to firewall rules
2011-08-10 13:55:37 +05:30
9bba09857e
bug 10561: readding source cidr changes to firewall rules
2011-08-10 13:52:42 +05:30
6b9603bc4c
bug 10561: intermidiate checkin for FirewallRuleFeature
...
1) Added new apis: createFirewallRule, deleteFirewallRule, listFirewallRules
2) Modified existing apis - added boolean openFirewall parameter to createPortForwardingRule/createIpForwardingRule/createRemoteAccessVpn. If parameter is set to true, open firewall on the domR before creating an actual PF rule there
Modified backend calls appropriately.
3) Schema changes for firewall_rules table:
* startPort/endPort can be null now
* added icmp_type, icmp_code fields (can be not null only when protocol is icmp)
4) Added new manager - FirewallManagerImpl
Conflicts:
api/src/com/cloud/api/BaseCmd.java
client/tomcatconf/commands.properties.in
server/src/com/cloud/api/ApiResponseHelper.java
server/src/com/cloud/configuration/DefaultComponentLibrary.java
server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
server/src/com/cloud/network/rules/RulesManagerImpl.java
2011-08-09 15:51:56 -07:00
311afeae23
bug 10731: reverting back source cidr changes for loadbalancer and portforwarding
2011-08-09 16:01:48 +05:30
06d007337a
bug 10561: intermidiate checkin for FirewallRuleFeature
...
1) Added new apis: createFirewallRule, deleteFirewallRule, listFirewallRules
2) Modified existing apis - added boolean openFirewall parameter to createPortForwardingRule/createIpForwardingRule/createRemoteAccessVpn. If parameter is set to true, open firewall on the domR before creating an actual PF rule there
Modified backend calls appropriately.
3) Schema changes for firewall_rules table:
* startPort/endPort can be null now
* added icmp_type, icmp_code fields (can be not null only when protocol is icmp)
4) Added new manager - FirewallManagerImpl
2011-08-08 20:59:40 -07:00
Edison Su
alena
prachi
Naredula Janardhana Reddy
Chiradeep Vittal
Abhinandan Prateek