Example 6 with StaticNatRuleTO
use of com.cloud.agent.api.to.StaticNatRuleTO in project cloudstack by apache.
the class PaloAltoResource method execute.
private Answer execute(SetStaticNatRulesCommand cmd, int numRetries) {
StaticNatRuleTO[] rules = cmd.getRules();
try {
ArrayList<IPaloAltoCommand> commandList = new ArrayList<IPaloAltoCommand>();
for (StaticNatRuleTO rule : rules) {
if (!rule.revoked()) {
manageStcNatRule(commandList, PaloAltoPrimative.ADD, rule);
} else {
manageStcNatRule(commandList, PaloAltoPrimative.DELETE, rule);
}
}
boolean status = requestWithCommit(commandList);
return new Answer(cmd);
} catch (ExecutionException e) {
s_logger.error(e);
if (numRetries > 0 && refreshPaloAltoConnection()) {
int numRetriesRemaining = numRetries - 1;
s_logger.debug("Retrying SetStaticNatRulesCommand. Number of retries remaining: " + numRetriesRemaining);
return execute(cmd, numRetriesRemaining);
} else {
return new Answer(cmd, e);
}
}
}
Also used :
StaticNatRuleTO(com.cloud.agent.api.to.StaticNatRuleTO)
Answer(com.cloud.agent.api.Answer)
MaintainAnswer(com.cloud.agent.api.MaintainAnswer)
IpAssocAnswer(com.cloud.agent.api.routing.IpAssocAnswer)
ReadyAnswer(com.cloud.agent.api.ReadyAnswer)
ExternalNetworkResourceUsageAnswer(com.cloud.agent.api.ExternalNetworkResourceUsageAnswer)
ArrayList(java.util.ArrayList)
ExecutionException(com.cloud.utils.exception.ExecutionException)
Example 7 with StaticNatRuleTO
use of com.cloud.agent.api.to.StaticNatRuleTO in project cloudstack by apache.
the class NetscalerResource method execute.
private synchronized Answer execute(final SetStaticNatRulesCommand cmd, final int numRetries) {
if (_isSdx) {
return Answer.createUnsupportedCommandAnswer(cmd);
}
final String[] results = new String[cmd.getRules().length];
int i = 0;
boolean endResult = true;
try {
for (final StaticNatRuleTO rule : cmd.getRules()) {
final String srcIp = rule.getSrcIp();
final String dstIP = rule.getDstIp();
final String iNatRuleName = generateInatRuleName(srcIp, dstIP);
final String rNatRuleName = generateRnatRuleName(srcIp, dstIP);
inat iNatRule = null;
rnat rnatRule = null;
if (!rule.revoked()) {
try {
iNatRule = inat.get(_netscalerService, iNatRuleName);
} catch (final nitro_exception e) {
if (e.getErrorCode() != NitroError.NS_RESOURCE_NOT_EXISTS) {
throw e;
}
}
if (iNatRule == null) {
iNatRule = new inat();
iNatRule.set_name(iNatRuleName);
iNatRule.set_publicip(srcIp);
iNatRule.set_privateip(dstIP);
iNatRule.set_usnip("OFF");
iNatRule.set_usip("ON");
try {
apiCallResult = inat.add(_netscalerService, iNatRule);
} catch (final nitro_exception e) {
if (e.getErrorCode() != NitroError.NS_RESOURCE_EXISTS) {
throw e;
}
}
s_logger.debug("Created Inat rule on the Netscaler device " + _ip + " to enable static NAT from " + srcIp + " to " + dstIP);
}
try {
final rnat[] rnatRules = rnat.get(_netscalerService);
if (rnatRules != null) {
for (final rnat rantrule : rnatRules) {
if (rantrule.get_network().equalsIgnoreCase(rNatRuleName)) {
rnatRule = rantrule;
break;
}
}
}
} catch (final nitro_exception e) {
throw e;
}
if (rnatRule == null) {
rnatRule = new rnat();
rnatRule.set_natip(srcIp);
rnatRule.set_network(dstIP);
rnatRule.set_netmask("255.255.255.255");
try {
apiCallResult = rnat.update(_netscalerService, rnatRule);
} catch (final nitro_exception e) {
if (e.getErrorCode() != NitroError.NS_RESOURCE_EXISTS) {
throw e;
}
}
s_logger.debug("Created Rnat rule on the Netscaler device " + _ip + " to enable revese static NAT from " + dstIP + " to " + srcIp);
}
} else {
try {
inat.delete(_netscalerService, iNatRuleName);
final rnat[] rnatRules = rnat.get(_netscalerService);
if (rnatRules != null) {
for (final rnat rantrule : rnatRules) {
if (rantrule.get_network().equalsIgnoreCase(dstIP)) {
rnatRule = rantrule;
rnat.clear(_netscalerService, rnatRule);
break;
}
}
}
} catch (final nitro_exception e) {
if (e.getErrorCode() != NitroError.NS_RESOURCE_NOT_EXISTS) {
throw e;
}
}
s_logger.debug("Deleted Inat rule on the Netscaler device " + _ip + " to remove static NAT from " + srcIp + " to " + dstIP);
}
saveConfiguration();
results[i++] = "Static nat rule from " + srcIp + " to " + dstIP + " successfully " + (rule.revoked() ? " revoked." : " created.");
}
} catch (final Exception e) {
if (shouldRetry(numRetries)) {
return retry(cmd, numRetries);
}
results[i++] = "Configuring static nat rule failed due to " + e.getMessage();
endResult = false;
return new SetStaticNatRulesAnswer(cmd, results, endResult);
}
return new SetStaticNatRulesAnswer(cmd, results, endResult);
}
Also used :
StaticNatRuleTO(com.cloud.agent.api.to.StaticNatRuleTO)
com.citrix.netscaler.nitro.exception.nitro_exception(com.citrix.netscaler.nitro.exception.nitro_exception)
com.citrix.netscaler.nitro.resource.config.network.inat(com.citrix.netscaler.nitro.resource.config.network.inat)
com.citrix.netscaler.nitro.resource.config.network.rnat(com.citrix.netscaler.nitro.resource.config.network.rnat)
ExecutionException(com.cloud.utils.exception.ExecutionException)
IOException(java.io.IOException)
ConfigurationException(javax.naming.ConfigurationException)
SetStaticNatRulesAnswer(com.cloud.agent.api.routing.SetStaticNatRulesAnswer)
Example 8 with StaticNatRuleTO
use of com.cloud.agent.api.to.StaticNatRuleTO in project cloudstack by apache.
the class NetscalerElement method applyStaticNats.
@Override
public boolean applyStaticNats(Network config, List<? extends StaticNat> rules) throws ResourceUnavailableException {
if (!canHandle(config, Service.StaticNat)) {
return false;
}
boolean multiNetScalerDeployment = Boolean.valueOf(_configDao.getValue(Config.EIPWithMultipleNetScalersEnabled.key()));
try {
if (!multiNetScalerDeployment) {
String errMsg;
ExternalLoadBalancerDeviceVO lbDevice = getExternalLoadBalancerForNetwork(config);
if (lbDevice == null) {
try {
lbDevice = allocateLoadBalancerForNetwork(config);
} catch (Exception e) {
errMsg = "Could not allocate a NetSclaer load balancer for configuring static NAT rules due to" + e.getMessage();
s_logger.error(errMsg);
throw new ResourceUnavailableException(errMsg, this.getClass(), 0);
}
}
if (!isNetscalerDevice(lbDevice.getDeviceName())) {
errMsg = "There are no NetScaler load balancer assigned for this network. So NetScaler element will not be handling the static nat rules.";
s_logger.error(errMsg);
throw new ResourceUnavailableException(errMsg, this.getClass(), 0);
}
SetStaticNatRulesAnswer answer = null;
List<StaticNatRuleTO> rulesTO = null;
if (rules != null) {
rulesTO = new ArrayList<StaticNatRuleTO>();
for (StaticNat rule : rules) {
IpAddress sourceIp = _networkMgr.getIp(rule.getSourceIpAddressId());
StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, sourceIp.getAddress().addr(), null, null, rule.getDestIpAddress(), null, null, null, rule.isForRevoke(), false);
rulesTO.add(ruleTO);
}
}
SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rulesTO, null);
answer = (SetStaticNatRulesAnswer) _agentMgr.send(lbDevice.getHostId(), cmd);
if (answer == null) {
return false;
} else {
return answer.getResult();
}
} else {
if (rules != null) {
for (StaticNat rule : rules) {
// validate if EIP rule can be configured.
ExternalLoadBalancerDeviceVO lbDevice = getNetScalerForEIP(rule);
if (lbDevice == null) {
String errMsg = "There is no NetScaler device configured to perform EIP to guest IP address: " + rule.getDestIpAddress();
s_logger.error(errMsg);
throw new ResourceUnavailableException(errMsg, this.getClass(), 0);
}
List<StaticNatRuleTO> rulesTO = new ArrayList<StaticNatRuleTO>();
IpAddress sourceIp = _networkMgr.getIp(rule.getSourceIpAddressId());
StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, sourceIp.getAddress().addr(), null, null, rule.getDestIpAddress(), null, null, null, rule.isForRevoke(), false);
rulesTO.add(ruleTO);
SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rulesTO, null);
// send commands to configure INAT rule on the NetScaler device
SetStaticNatRulesAnswer answer = (SetStaticNatRulesAnswer) _agentMgr.send(lbDevice.getHostId(), cmd);
if (answer == null) {
String errMsg = "Failed to configure INAT rule on NetScaler device " + lbDevice.getHostId();
s_logger.error(errMsg);
throw new ResourceUnavailableException(errMsg, this.getClass(), 0);
}
}
return true;
}
}
return true;
} catch (Exception e) {
s_logger.error("Failed to configure StaticNat rule due to " + e.getMessage());
return false;
}
}
Also used :
StaticNatRuleTO(com.cloud.agent.api.to.StaticNatRuleTO)
SetStaticNatRulesCommand(com.cloud.agent.api.routing.SetStaticNatRulesCommand)
ArrayList(java.util.ArrayList)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
ConcurrentOperationException(com.cloud.exception.ConcurrentOperationException)
InsufficientCapacityException(com.cloud.exception.InsufficientCapacityException)
ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
InsufficientNetworkCapacityException(com.cloud.exception.InsufficientNetworkCapacityException)
StaticNat(com.cloud.network.rules.StaticNat)
ExternalLoadBalancerDeviceVO(com.cloud.network.dao.ExternalLoadBalancerDeviceVO)
ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException)
IpAddress(com.cloud.network.IpAddress)
PublicIpAddress(com.cloud.network.PublicIpAddress)
SetStaticNatRulesAnswer(com.cloud.agent.api.routing.SetStaticNatRulesAnswer)
Example 9 with StaticNatRuleTO
use of com.cloud.agent.api.to.StaticNatRuleTO in project cloudstack by apache.
the class JuniperSrxResource method getActiveRules.
private Map<String, ArrayList<FirewallRuleTO>> getActiveRules(FirewallRuleTO[] allRules) {
Map<String, ArrayList<FirewallRuleTO>> activeRules = new HashMap<String, ArrayList<FirewallRuleTO>>();
for (FirewallRuleTO rule : allRules) {
String ipPair;
if (rule.getPurpose().equals(Purpose.StaticNat)) {
StaticNatRuleTO staticNatRule = (StaticNatRuleTO) rule;
ipPair = staticNatRule.getSrcIp() + "-" + staticNatRule.getDstIp();
} else if (rule.getPurpose().equals(Purpose.PortForwarding)) {
PortForwardingRuleTO portForwardingRule = (PortForwardingRuleTO) rule;
ipPair = portForwardingRule.getSrcIp() + "-" + portForwardingRule.getDstIp();
} else {
continue;
}
ArrayList<FirewallRuleTO> activeRulesForIpPair = activeRules.get(ipPair);
if (activeRulesForIpPair == null) {
activeRulesForIpPair = new ArrayList<FirewallRuleTO>();
}
if (!rule.revoked() || rule.isAlreadyAdded()) {
activeRulesForIpPair.add(rule);
}
activeRules.put(ipPair, activeRulesForIpPair);
}
return activeRules;
}
Also used :
StaticNatRuleTO(com.cloud.agent.api.to.StaticNatRuleTO)
PortForwardingRuleTO(com.cloud.agent.api.to.PortForwardingRuleTO)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
FirewallRuleTO(com.cloud.agent.api.to.FirewallRuleTO)
Example 10 with StaticNatRuleTO
use of com.cloud.agent.api.to.StaticNatRuleTO in project cloudstack by apache.
the class CiscoVnmcResource method execute.
private Answer execute(SetStaticNatRulesCommand cmd, int numRetries) {
String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
String tenant = "vlan-" + vlanId;
StaticNatRuleTO[] rules = cmd.getRules();
Map<String, List<StaticNatRuleTO>> publicIpRulesMap = new HashMap<String, List<StaticNatRuleTO>>();
for (StaticNatRuleTO rule : rules) {
String publicIp = rule.getSrcIp();
if (!publicIpRulesMap.containsKey(publicIp)) {
List<StaticNatRuleTO> publicIpRulesList = new ArrayList<StaticNatRuleTO>();
publicIpRulesMap.put(publicIp, publicIpRulesList);
}
publicIpRulesMap.get(publicIp).add(rule);
}
try {
if (!_connection.createTenantVDCNatPolicySet(tenant)) {
throw new ExecutionException("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicySet(tenant, true)) {
throw new ExecutionException("Failed to create ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicySet(tenant, false)) {
throw new ExecutionException("Failed to create ACL egress policy set in VNMC for guest network with vlan " + vlanId);
}
for (String publicIp : publicIpRulesMap.keySet()) {
String policyIdentifier = publicIp.replace('.', '-');
if (!_connection.createTenantVDCDNatPolicy(tenant, policyIdentifier)) {
throw new ExecutionException("Failed to create DNAT policy in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCDNatPolicyRef(tenant, policyIdentifier)) {
throw new ExecutionException("Failed to associate DNAT policy with NAT policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
throw new ExecutionException("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) {
throw new ExecutionException("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) {
throw new ExecutionException("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId);
}
for (StaticNatRuleTO rule : publicIpRulesMap.get(publicIp)) {
if (rule.revoked()) {
if (!_connection.deleteTenantVDCDNatRule(tenant, rule.getId(), policyIdentifier)) {
throw new ExecutionException("Failed to delete DNAT rule in VNMC for guest network with vlan " + vlanId);
}
} else {
if (!_connection.createTenantVDCDNatIpPool(tenant, Long.toString(rule.getId()), rule.getDstIp())) {
throw new ExecutionException("Failed to create DNAT ip pool in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCDNatRule(tenant, rule.getId(), policyIdentifier, rule.getSrcIp())) {
throw new ExecutionException("Failed to create DNAT rule in VNMC for guest network with vlan " + vlanId);
}
}
}
}
if (!_connection.associateAclPolicySet(tenant)) {
throw new ExecutionException("Failed to associate source NAT policy set with edge security profile in VNMC for guest network with vlan " + vlanId);
}
} catch (ExecutionException e) {
String msg = "SetStaticNatRulesCommand failed due to " + e.getMessage();
s_logger.error(msg, e);
return new Answer(cmd, false, msg);
}
return new Answer(cmd, true, "Success");
}
Also used :
StaticNatRuleTO(com.cloud.agent.api.to.StaticNatRuleTO)
ReadyAnswer(com.cloud.agent.api.ReadyAnswer)
Answer(com.cloud.agent.api.Answer)
MaintainAnswer(com.cloud.agent.api.MaintainAnswer)
ExternalNetworkResourceUsageAnswer(com.cloud.agent.api.ExternalNetworkResourceUsageAnswer)
IpAssocAnswer(com.cloud.agent.api.routing.IpAssocAnswer)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
ExecutionException(com.cloud.utils.exception.ExecutionException)
Aggregations
StaticNatRuleTO (com.cloud.agent.api.to.StaticNatRuleTO)21
ArrayList (java.util.ArrayList)17
SetStaticNatRulesCommand (com.cloud.agent.api.routing.SetStaticNatRulesCommand)8
Answer (com.cloud.agent.api.Answer)7
Test (org.junit.Test)7
ConfigureStaticNatRulesOnLogicalRouterAnswer (com.cloud.agent.api.ConfigureStaticNatRulesOnLogicalRouterAnswer)6
ConfigureStaticNatRulesOnLogicalRouterCommand (com.cloud.agent.api.ConfigureStaticNatRulesOnLogicalRouterCommand)5
IpAssocAnswer (com.cloud.agent.api.routing.IpAssocAnswer)5
IpAddress (com.cloud.network.IpAddress)5
PublicIpAddress (com.cloud.network.PublicIpAddress)5
NatRule (com.cloud.network.nicira.NatRule)5
StaticNat (com.cloud.network.rules.StaticNat)5
DestinationNatRule (com.cloud.network.nicira.DestinationNatRule)4
SourceNatRule (com.cloud.network.nicira.SourceNatRule)4
ExecutionException (com.cloud.utils.exception.ExecutionException)4
ExternalNetworkResourceUsageAnswer (com.cloud.agent.api.ExternalNetworkResourceUsageAnswer)3
MaintainAnswer (com.cloud.agent.api.MaintainAnswer)3
ReadyAnswer (com.cloud.agent.api.ReadyAnswer)3
SetStaticNatRulesAnswer (com.cloud.agent.api.routing.SetStaticNatRulesAnswer)3
DataCenterVO (com.cloud.dc.DataCenterVO)3
