Examples with SetFirewallRulesAnswer com.cloud.agent.api.routing.SetFirewallRulesAnswer used on opensource projects

Example 1 with SetFirewallRulesAnswer

use of com.cloud.agent.api.routing.SetFirewallRulesAnswer in project cloudstack by apache.

the class HypervDirectConnectResource method execute.

protected SetFirewallRulesAnswer execute(final SetFirewallRulesCommand cmd) {
    final String controlIp = getRouterSshControlIp(cmd);
    final String[] results = new String[cmd.getRules().length];
    final FirewallRuleTO[] allrules = cmd.getRules();
    final FirewallRule.TrafficType trafficType = allrules[0].getTrafficType();
    final String egressDefault = cmd.getAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT);
    final String[][] rules = cmd.generateFwRules();
    String args = "";
    args += " -F ";
    if (trafficType == FirewallRule.TrafficType.Egress) {
        args += " -E ";
        if (egressDefault.equals("true")) {
            args += " -P 1 ";
        } else if (egressDefault.equals("System")) {
            args += " -P 2 ";
        } else {
            args += " -P 0 ";
        }
    }
    final StringBuilder sb = new StringBuilder();
    final String[] fwRules = rules[0];
    if (fwRules.length > 0) {
        for (int i = 0; i < fwRules.length; i++) {
            sb.append(fwRules[i]).append(',');
        }
        args += " -a " + sb.toString();
    }
    try {
        Pair<Boolean, String> result = null;
        if (trafficType == FirewallRule.TrafficType.Egress) {
            result = SshHelper.sshExecute(controlIp, DEFAULT_DOMR_SSHPORT, "root", getSystemVMKeyFile(), null, "/root/firewallRule_egress.sh " + args);
        } else {
            result = SshHelper.sshExecute(controlIp, DEFAULT_DOMR_SSHPORT, "root", getSystemVMKeyFile(), null, "/root/firewall_rule.sh " + args);
        }
        if (s_logger.isDebugEnabled()) {
            if (trafficType == FirewallRule.TrafficType.Egress) {
                s_logger.debug("Executing script on domain router " + controlIp + ": /root/firewallRule_egress.sh " + args);
            } else {
                s_logger.debug("Executing script on domain router " + controlIp + ": /root/firewall_rule.sh " + args);
            }
        }
        if (!result.first()) {
            s_logger.error("SetFirewallRulesCommand failure on setting one rule. args: " + args);
            // FIXME - in the future we have to process each rule separately; now we temporarily set every rule to be false if single rule fails
            for (int i = 0; i < results.length; i++) {
                results[i] = "Failed";
            }
            return new SetFirewallRulesAnswer(cmd, false, results);
        }
    } catch (final Throwable e) {
        s_logger.error("SetFirewallRulesCommand(args: " + args + ") failed on setting one rule due to ", e);
        // FIXME - in the future we have to process each rule separately; now we temporarily set every rule to be false if single rule fails
        for (int i = 0; i < results.length; i++) {
            results[i] = "Failed";
        }
        return new SetFirewallRulesAnswer(cmd, false, results);
    }
    return new SetFirewallRulesAnswer(cmd, true, results);
}