Examples with StaticNatRuleTO com.cloud.agent.api.to.StaticNatRuleTO used on opensource projects

Example 1 with StaticNatRuleTO

use of com.cloud.agent.api.to.StaticNatRuleTO in project cloudstack by apache.

the class SetStaticNatRulesConfigItem method generateConfig.

@Override
public List<ConfigItem> generateConfig(final NetworkElementCommand cmd) {
    final SetStaticNatRulesCommand command = (SetStaticNatRulesCommand) cmd;
    final LinkedList<StaticNatRule> rules = new LinkedList<>();
    for (final StaticNatRuleTO rule : command.getRules()) {
        final StaticNatRule staticNatRule = new StaticNatRule(rule.revoked(), rule.getProtocol(), rule.getSrcIp(), rule.getStringSrcPortRange(), rule.getDstIp());
        rules.add(staticNatRule);
    }
    final StaticNatRules staticNatRules = new StaticNatRules(rules);
    return generateConfigItems(staticNatRules);
}

Example 2 with StaticNatRuleTO

use of com.cloud.agent.api.to.StaticNatRuleTO in project cloudstack by apache.

the class JuniperSrxResource method execute.

private Answer execute(SetStaticNatRulesCommand cmd, int numRetries) {
    StaticNatRuleTO[] allRules = cmd.getRules();
    Map<String, ArrayList<FirewallRuleTO>> activeRules = getActiveRules(allRules);
    Map<String, String> vlanTagMap = getVlanTagMap(allRules);
    try {
        openConfiguration();
        Set<String> ipPairs = activeRules.keySet();
        for (String ipPair : ipPairs) {
            String[] ipPairComponents = ipPair.split("-");
            String publicIp = ipPairComponents[0];
            String privateIp = ipPairComponents[1];
            List<FirewallRuleTO> activeRulesForIpPair = activeRules.get(ipPair);
            Long publicVlanTag = getVlanTag(vlanTagMap.get(publicIp));
            // Delete the existing static NAT rule for this IP pair
            removeStaticNatRule(publicVlanTag, publicIp, privateIp);
            if (activeRulesForIpPair.size() > 0) {
                // If there are active FirewallRules for this IP pair, add the static NAT rule and open the specified port ranges
                addStaticNatRule(publicVlanTag, publicIp, privateIp, activeRulesForIpPair);
            }
        }
        commitConfiguration();
        return new Answer(cmd);
    } catch (ExecutionException e) {
        s_logger.error(e);
        closeConfiguration();
        if (numRetries > 0 && refreshSrxConnection()) {
            int numRetriesRemaining = numRetries - 1;
            s_logger.debug("Retrying SetPortForwardingRulesCommand. Number of retries remaining: " + numRetriesRemaining);
            return execute(cmd, numRetriesRemaining);
        } else {
            return new Answer(cmd, e);
        }
    }
}

Example 3 with StaticNatRuleTO

use of com.cloud.agent.api.to.StaticNatRuleTO in project cloudstack by apache.

the class ExternalFirewallDeviceManagerImpl method applyStaticNatRules.

public boolean applyStaticNatRules(Network network, List<? extends StaticNat> rules) throws ResourceUnavailableException {
    long zoneId = network.getDataCenterId();
    DataCenterVO zone = _dcDao.findById(zoneId);
    ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network);
    HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId());
    assert (externalFirewall != null);
    if (network.getState() == Network.State.Allocated) {
        s_logger.debug("External firewall was asked to apply firewall rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands.");
        return true;
    }
    List<StaticNatRuleTO> staticNatRules = new ArrayList<StaticNatRuleTO>();
    for (StaticNat rule : rules) {
        IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
        Vlan vlan = _vlanDao.findById(sourceIp.getVlanId());
        StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, vlan.getVlanTag(), sourceIp.getAddress().addr(), -1, -1, rule.getDestIpAddress(), -1, -1, "any", rule.isForRevoke(), false);
        staticNatRules.add(ruleTO);
    }
    sendStaticNatRules(staticNatRules, zone, externalFirewall.getId());
    return true;
}

Example 4 with StaticNatRuleTO

use of com.cloud.agent.api.to.StaticNatRuleTO in project cloudstack by apache.

the class HypervDirectConnectResource method execute.

protected Answer execute(final SetStaticNatRulesCommand cmd) {
    if (cmd.getVpcId() != null) {
    //return SetVPCStaticNatRules(cmd);
    }
    if (s_logger.isInfoEnabled()) {
        s_logger.info("Executing resource SetFirewallRuleCommand: " + s_gson.toJson(cmd));
    }
    String args = null;
    final String[] results = new String[cmd.getRules().length];
    int i = 0;
    boolean endResult = true;
    for (final StaticNatRuleTO rule : cmd.getRules()) {
        // 1:1 NAT needs instanceip;publicip;domrip;op
        args = rule.revoked() ? " -D " : " -A ";
        args += " -l " + rule.getSrcIp();
        args += " -r " + rule.getDstIp();
        if (rule.getProtocol() != null) {
            args += " -P " + rule.getProtocol().toLowerCase();
        }
        args += " -d " + rule.getStringSrcPortRange();
        args += " -G ";
        try {
            final String controlIp = getRouterSshControlIp(cmd);
            final Pair<Boolean, String> result = SshHelper.sshExecute(controlIp, DEFAULT_DOMR_SSHPORT, "root", getSystemVMKeyFile(), null, "/root/firewall.sh " + args);
            if (s_logger.isDebugEnabled()) {
                s_logger.debug("Executing script on domain router " + controlIp + ": /root/firewall.sh " + args);
            }
            if (!result.first()) {
                s_logger.error("SetStaticNatRulesCommand failure on setting one rule. args: " + args);
                results[i++] = "Failed";
                endResult = false;
            } else {
                results[i++] = null;
            }
        } catch (final Throwable e) {
            s_logger.error("SetStaticNatRulesCommand (args: " + args + ") failed on setting one rule due to " + e.getMessage());
            results[i++] = "Failed";
            endResult = false;
        }
    }
    return new SetStaticNatRulesAnswer(cmd, results, endResult);
}

Example 5 with StaticNatRuleTO

use of com.cloud.agent.api.to.StaticNatRuleTO in project cloudstack by apache.

the class NiciraNvpResourceTest method testConfigureStaticNatRulesOnLogicalRouterRollback.

@Test
public void testConfigureStaticNatRulesOnLogicalRouterRollback() throws ConfigurationException, NiciraNvpApiException {
    resource.configure("NiciraNvpResource", parameters);
    /*
         * StaticNat Outside IP: 11.11.11.11 Inside IP: 10.10.10.10
         */
    // Mock the command
    final ConfigureStaticNatRulesOnLogicalRouterCommand cmd = mock(ConfigureStaticNatRulesOnLogicalRouterCommand.class);
    final StaticNatRuleTO rule = new StaticNatRuleTO(1, "11.11.11.11", null, null, "10.10.10.10", null, null, null, false, false);
    final List<StaticNatRuleTO> rules = new ArrayList<StaticNatRuleTO>();
    rules.add(rule);
    when(cmd.getRules()).thenReturn(rules);
    when(cmd.getLogicalRouterUuid()).thenReturn("aaaaa");
    // Mock the api create calls
    final NatRule[] rulepair = resource.generateStaticNatRulePair("10.10.10.10", "11.11.11.11");
    rulepair[0].setUuid(UUID.randomUUID());
    rulepair[1].setUuid(UUID.randomUUID());
    when(nvpApi.createLogicalRouterNatRule(eq("aaaaa"), (NatRule) any())).thenReturn(rulepair[0]).thenThrow(new NiciraNvpApiException());
    // Mock the api find call
    @SuppressWarnings("unchecked") final List<NatRule> storedRules = Collections.EMPTY_LIST;
    when(nvpApi.findNatRulesByLogicalRouterUuid("aaaaa")).thenReturn(storedRules);
    final ConfigureStaticNatRulesOnLogicalRouterAnswer a = (ConfigureStaticNatRulesOnLogicalRouterAnswer) resource.executeRequest(cmd);
    assertFalse(a.getResult());
    verify(nvpApi, atLeastOnce()).deleteLogicalRouterNatRule(eq("aaaaa"), eq(rulepair[0].getUuid()));
}