after network orchestrator refactor, only network elements providingg
services as defined by network offering, are invloved network design and
imlement phase. So OVS network element need to be enables as
'Connectivity' service provider to make GRE tunnels work. This fix
introduced 'Ovs' provider as Connectivity service provider.
(cherry picked from commit 2e004878b1)
Signed-off-by: Animesh Chaturvedi <animesh@apache.org>
Replaced HttpClient#execute(HttpUriRequest) with
HttpClient#execute(HttpUriRequest,ResponseHandler<T>).
The former requires extra EntityUtils#consume(HttpEntity).
(cherry picked from commit 09e27fd7bf)
Signed-off-by: Animesh Chaturvedi <animesh@apache.org>
introduces a force option in delete network to forcifully delete a
network. This comes handy in rare cases where network fails to implenet
and network is in shutdown state, but network shutdown to rollback
implement process fails as well.
vxlan code. Users can set a physical network to isolation type 'vxlan',
put public traffic on that physical network, and it will still attempt
to use 'vlan' isolation on the KVM hosts. This is going to be an issue
for other isolation types as well, but I'm not familiar with them, so
I'm just fixing vxlan for now.
service and not used for LB
Fix adds a boolean flag to addNetscalerLoadBalancer api, which
will mark added NetScaler for exclusive GSLB service. A netscaler marked
as exclusive gslb service provider is not picked for any guest network's
lb provider.
Conflicts:
engine/schema/src/com/cloud/network/dao/ExternalLoadBalancerDeviceVO.java
plugins/network-elements/f5/src/com/cloud/network/element/F5ExternalLoadBalancerElement.java
plugins/network-elements/netscaler/src/com/cloud/api/commands/AddNetscalerLoadBalancerCmd.java
plugins/network-elements/netscaler/src/com/cloud/api/response/NetscalerLoadBalancerResponse.java
plugins/network-elements/netscaler/src/com/cloud/network/element/NetscalerElement.java
server/src/com/cloud/network/ExternalLoadBalancerDeviceManager.java
server/src/com/cloud/network/ExternalLoadBalancerDeviceManagerImpl.java
setup/db/db/schema-421to430.sql
1. Egress default policy rules is send to the firewall provider. It is up to the
provider to configure the rules.
2. The default policy rules are send for both allow and deny default policy.
3. On network shutdown rules for delete are send.
4. For VR and SRX, by default deny the traffic. So no default rule to deny traffic is required.
Those bugs are related to classes not implementing Serializable, nox overriding the equals and/or hashCode methods and with empty finalize method.
Signed-off-by: Hugo Trippaers <htrippaers@schubergphilis.com>
This patch adds a network plugin to support Palo Alto Networks firewall (their appliance and their VM series firewall).
More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
Features supported are:
- List/Add/Delete Palo Alto service provider
- List/Add/Delete Palo Alto network service offering
- List/Add/Delete Palo Alto network with above service offering
- Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
- List/Add/Delete Ingress Firewall rule
- List/Add/Delete Egress Firewall rule
- List/Add/Delete Port Forwarding rule
- List/Add/Delete Static Nat rule
- Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
- Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
Knowns limitations:
- Only supports one public IP range in CloudStack.
- Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
- Currently not tracking usage on Public IPs.
Signed-off-by: Sheng Yang <sheng.yang@citrix.com>
Introduction of a new Transaction API that is more consistent with the style
of Spring's transaction managment. The existing Transaction class was renamed
to TransactionLegacy. All of the non-DAO code in the management server has been
updated to use the new Transaction API.
ACS is now comprised of a hierarchy of spring application contexts.
Each plugin can contribute configuration files to add to an existing
module or create it's own module.
Additionally, for the mgmt server, ACS custom AOP is no longer used
and instead we use Spring AOP to manage interceptors.
Rajani Karuturi
Alena Prokharchyk
Hugo Trippaers
Daan Hoogland
Murali Reddy
Hiroaki KAWAI
Animesh Chaturvedi
sbalineni
Sachchidanand Vaidya
Jayapal
Sheng Yang
Marcus Sorensen
Koushik Das
Syed Ahmed
Jayapal
Will Stevens
Darren Shepherd
Rajesh Battala
John Kinsella
wilderrodrigues
wilderrodrigues
Edison Su
Pedro Marques
dhoogland
Laszlo Hornyak
Darren Shepherd