Search in sources :

Example 6 with ActionEvent

use of com.cloud.event.ActionEvent in project cloudstack by apache.

the class VpcManagerImpl method createVpcOffering.

@Override
@ActionEvent(eventType = EventTypes.EVENT_VPC_OFFERING_CREATE, eventDescription = "creating vpc offering", create = true)
public VpcOffering createVpcOffering(final String name, final String displayText, final List<String> supportedServices, final Map<String, List<String>> serviceProviders, final Map serviceCapabilitystList, final Long serviceOfferingId) {
    final Map<Network.Service, Set<Network.Provider>> svcProviderMap = new HashMap<Network.Service, Set<Network.Provider>>();
    final Set<Network.Provider> defaultProviders = new HashSet<Network.Provider>();
    defaultProviders.add(Provider.VPCVirtualRouter);
    // Just here for 4.1, replaced by commit 836ce6c1 in newer versions
    final Set<Network.Provider> sdnProviders = new HashSet<Network.Provider>();
    sdnProviders.add(Provider.NiciraNvp);
    sdnProviders.add(Provider.JuniperContrailVpcRouter);
    sdnProviders.add(Provider.NuageVsp);
    boolean sourceNatSvc = false;
    boolean firewallSvs = false;
    // populate the services first
    for (final String serviceName : supportedServices) {
        // validate if the service is supported
        final Service service = Network.Service.getService(serviceName);
        if (service == null || nonSupportedServices.contains(service)) {
            throw new InvalidParameterValueException("Service " + serviceName + " is not supported in VPC");
        }
        if (service == Service.Connectivity) {
            s_logger.debug("Applying Connectivity workaround, setting provider to NiciraNvp");
            svcProviderMap.put(service, sdnProviders);
        } else {
            svcProviderMap.put(service, defaultProviders);
        }
        if (service == Service.NetworkACL) {
            firewallSvs = true;
        }
        if (service == Service.SourceNat) {
            sourceNatSvc = true;
        }
    }
    if (!sourceNatSvc) {
        s_logger.debug("Automatically adding source nat service to the list of VPC services");
        svcProviderMap.put(Service.SourceNat, defaultProviders);
    }
    if (!firewallSvs) {
        s_logger.debug("Automatically adding network ACL service to the list of VPC services");
        svcProviderMap.put(Service.NetworkACL, defaultProviders);
    }
    if (serviceProviders != null) {
        for (final Entry<String, List<String>> serviceEntry : serviceProviders.entrySet()) {
            final Network.Service service = Network.Service.getService(serviceEntry.getKey());
            if (svcProviderMap.containsKey(service)) {
                final Set<Provider> providers = new HashSet<Provider>();
                for (final String prvNameStr : serviceEntry.getValue()) {
                    // check if provider is supported
                    final Network.Provider provider = Network.Provider.getProvider(prvNameStr);
                    if (provider == null) {
                        throw new InvalidParameterValueException("Invalid service provider: " + prvNameStr);
                    }
                    providers.add(provider);
                }
                svcProviderMap.put(service, providers);
            } else {
                throw new InvalidParameterValueException("Service " + serviceEntry.getKey() + " is not enabled for the network " + "offering, can't add a provider to it");
            }
        }
    }
    // add gateway provider (if sourceNat provider is enabled)
    final Set<Provider> sourceNatServiceProviders = svcProviderMap.get(Service.SourceNat);
    if (CollectionUtils.isNotEmpty(sourceNatServiceProviders)) {
        svcProviderMap.put(Service.Gateway, sourceNatServiceProviders);
    }
    validateConnectivtyServiceCapabilities(svcProviderMap.get(Service.Connectivity), serviceCapabilitystList);
    final boolean supportsDistributedRouter = isVpcOfferingSupportsDistributedRouter(serviceCapabilitystList);
    final boolean offersRegionLevelVPC = isVpcOfferingForRegionLevelVpc(serviceCapabilitystList);
    final boolean redundantRouter = isVpcOfferingRedundantRouter(serviceCapabilitystList);
    final VpcOffering offering = createVpcOffering(name, displayText, svcProviderMap, false, null, serviceOfferingId, supportsDistributedRouter, offersRegionLevelVPC, redundantRouter);
    CallContext.current().setEventDetails(" Id: " + offering.getId() + " Name: " + name);
    return offering;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) NetworkOrchestrationService(org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService) Service(com.cloud.network.Network.Service) ScheduledExecutorService(java.util.concurrent.ScheduledExecutorService) NetworkService(com.cloud.network.NetworkService) ResourceLimitService(com.cloud.user.ResourceLimitService) ExecutorService(java.util.concurrent.ExecutorService) Service(com.cloud.network.Network.Service) StaticNatServiceProvider(com.cloud.network.element.StaticNatServiceProvider) VpcProvider(com.cloud.network.element.VpcProvider) Provider(com.cloud.network.Network.Provider) InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException) Provider(com.cloud.network.Network.Provider) Network(com.cloud.network.Network) PhysicalNetwork(com.cloud.network.PhysicalNetwork) ArrayList(java.util.ArrayList) List(java.util.List) HashSet(java.util.HashSet) ActionEvent(com.cloud.event.ActionEvent)

Example 7 with ActionEvent

use of com.cloud.event.ActionEvent in project cloudstack by apache.

the class VpcManagerImpl method createVpc.

@Override
@ActionEvent(eventType = EventTypes.EVENT_VPC_CREATE, eventDescription = "creating vpc", create = true)
public Vpc createVpc(final long zoneId, final long vpcOffId, final long vpcOwnerId, final String vpcName, final String displayText, final String cidr, String networkDomain, final Boolean displayVpc) throws ResourceAllocationException {
    final Account caller = CallContext.current().getCallingAccount();
    final Account owner = _accountMgr.getAccount(vpcOwnerId);
    // Verify that caller can perform actions in behalf of vpc owner
    _accountMgr.checkAccess(caller, null, false, owner);
    // check resource limit
    _resourceLimitMgr.checkResourceLimit(owner, ResourceType.vpc);
    // Validate vpc offering
    final VpcOfferingVO vpcOff = _vpcOffDao.findById(vpcOffId);
    if (vpcOff == null || vpcOff.getState() != State.Enabled) {
        final InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find vpc offering in " + State.Enabled + " state by specified id");
        if (vpcOff == null) {
            ex.addProxyObject(String.valueOf(vpcOffId), "vpcOfferingId");
        } else {
            ex.addProxyObject(vpcOff.getUuid(), "vpcOfferingId");
        }
        throw ex;
    }
    final boolean isRegionLevelVpcOff = vpcOff.offersRegionLevelVPC();
    if (isRegionLevelVpcOff && networkDomain == null) {
        throw new InvalidParameterValueException("Network domain must be specified for region level VPC");
    }
    // Validate zone
    final DataCenter zone = _entityMgr.findById(DataCenter.class, zoneId);
    if (zone == null) {
        throw new InvalidParameterValueException("Can't find zone by id specified");
    }
    if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) {
        // See DataCenterVO.java
        final PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation since specified Zone is currently disabled");
        ex.addProxyObject(zone.getUuid(), "zoneId");
        throw ex;
    }
    if (networkDomain == null) {
        // 1) Get networkDomain from the corresponding account
        networkDomain = _ntwkModel.getAccountNetworkDomain(owner.getId(), zoneId);
        // global config variables
        if (networkDomain == null) {
            networkDomain = "cs" + Long.toHexString(owner.getId()) + NetworkOrchestrationService.GuestDomainSuffix.valueIn(zoneId);
        }
    }
    final boolean useDistributedRouter = vpcOff.supportsDistributedRouter();
    final VpcVO vpc = new VpcVO(zoneId, vpcName, displayText, owner.getId(), owner.getDomainId(), vpcOffId, cidr, networkDomain, useDistributedRouter, isRegionLevelVpcOff, vpcOff.getRedundantRouter());
    return createVpc(displayVpc, vpc);
}
Also used : Account(com.cloud.user.Account) DataCenter(com.cloud.dc.DataCenter) InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException) PermissionDeniedException(com.cloud.exception.PermissionDeniedException) ActionEvent(com.cloud.event.ActionEvent)

Example 8 with ActionEvent

use of com.cloud.event.ActionEvent in project cloudstack by apache.

the class RemoteAccessVpnManagerImpl method startRemoteAccessVpn.

@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_REMOTE_ACCESS_VPN_CREATE, eventDescription = "creating remote access vpn", async = true)
public RemoteAccessVpnVO startRemoteAccessVpn(long ipAddressId, boolean openFirewall) throws ResourceUnavailableException {
    Account caller = CallContext.current().getCallingAccount();
    final RemoteAccessVpnVO vpn = _remoteAccessVpnDao.findByPublicIpAddress(ipAddressId);
    if (vpn == null) {
        throw new InvalidParameterValueException("Unable to find your vpn: " + ipAddressId);
    }
    if (vpn.getVpcId() != null) {
        openFirewall = false;
    }
    _accountMgr.checkAccess(caller, null, true, vpn);
    boolean started = false;
    try {
        boolean firewallOpened = true;
        if (openFirewall) {
            firewallOpened = _firewallMgr.applyIngressFirewallRules(vpn.getServerAddressId(), caller);
        }
        if (firewallOpened) {
            for (RemoteAccessVPNServiceProvider element : _vpnServiceProviders) {
                if (element.startVpn(vpn)) {
                    started = true;
                    break;
                }
            }
        }
        return vpn;
    } finally {
        if (started) {
            Transaction.execute(new TransactionCallbackNoReturn() {

                @Override
                public void doInTransactionWithoutResult(TransactionStatus status) {
                    vpn.setState(RemoteAccessVpn.State.Running);
                    _remoteAccessVpnDao.update(vpn.getId(), vpn);
                    // Start billing of existing VPN users in ADD and Active state
                    List<VpnUserVO> vpnUsers = _vpnUsersDao.listByAccount(vpn.getAccountId());
                    for (VpnUserVO user : vpnUsers) {
                        if (user.getState() != VpnUser.State.Revoke) {
                            UsageEventUtils.publishUsageEvent(EventTypes.EVENT_VPN_USER_ADD, user.getAccountId(), 0, user.getId(), user.getUsername(), user.getClass().getName(), user.getUuid());
                        }
                    }
                }
            });
        }
    }
}
Also used : Account(com.cloud.user.Account) RemoteAccessVPNServiceProvider(com.cloud.network.element.RemoteAccessVPNServiceProvider) RemoteAccessVpnVO(com.cloud.network.dao.RemoteAccessVpnVO) InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException) VpnUserVO(com.cloud.network.VpnUserVO) TransactionStatus(com.cloud.utils.db.TransactionStatus) TransactionCallbackNoReturn(com.cloud.utils.db.TransactionCallbackNoReturn) List(java.util.List) ArrayList(java.util.ArrayList) ActionEvent(com.cloud.event.ActionEvent) DB(com.cloud.utils.db.DB)

Example 9 with ActionEvent

use of com.cloud.event.ActionEvent in project cloudstack by apache.

the class RemoteAccessVpnManagerImpl method destroyRemoteAccessVpnForIp.

@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, eventDescription = "removing remote access vpn", async = true)
public boolean destroyRemoteAccessVpnForIp(long ipId, Account caller, final boolean forceCleanup) throws ResourceUnavailableException {
    final RemoteAccessVpnVO vpn = _remoteAccessVpnDao.findByPublicIpAddress(ipId);
    if (vpn == null) {
        s_logger.debug("there are no Remote access vpns for public ip address id=" + ipId);
        return true;
    }
    _accountMgr.checkAccess(caller, AccessType.OperateEntry, true, vpn);
    RemoteAccessVpn.State prevState = vpn.getState();
    vpn.setState(RemoteAccessVpn.State.Removed);
    _remoteAccessVpnDao.update(vpn.getId(), vpn);
    boolean success = false;
    try {
        for (RemoteAccessVPNServiceProvider element : _vpnServiceProviders) {
            if (element.stopVpn(vpn)) {
                success = true;
                break;
            }
        }
    } catch (ResourceUnavailableException ex) {
        vpn.setState(prevState);
        _remoteAccessVpnDao.update(vpn.getId(), vpn);
        s_logger.debug("Failed to stop the vpn " + vpn.getId() + " , so reverted state to " + RemoteAccessVpn.State.Running);
        success = false;
    } finally {
        if (success || forceCleanup) {
            //Cleanup corresponding ports
            final List<? extends FirewallRule> vpnFwRules = _rulesDao.listByIpAndPurpose(ipId, Purpose.Vpn);
            boolean applyFirewall = false;
            final List<FirewallRuleVO> fwRules = new ArrayList<FirewallRuleVO>();
            //if related firewall rule is created for the first vpn port, it would be created for the 2 other ports as well, so need to cleanup the backend
            if (vpnFwRules.size() != 0 && _rulesDao.findByRelatedId(vpnFwRules.get(0).getId()) != null) {
                applyFirewall = true;
            }
            if (applyFirewall) {
                Transaction.execute(new TransactionCallbackNoReturn() {

                    @Override
                    public void doInTransactionWithoutResult(TransactionStatus status) {
                        for (FirewallRule vpnFwRule : vpnFwRules) {
                            //don't apply on the backend yet; send all 3 rules in a banch
                            _firewallMgr.revokeRelatedFirewallRule(vpnFwRule.getId(), false);
                            fwRules.add(_rulesDao.findByRelatedId(vpnFwRule.getId()));
                        }
                        s_logger.debug("Marked " + fwRules.size() + " firewall rules as Revoked as a part of disable remote access vpn");
                    }
                });
                //now apply vpn rules on the backend
                s_logger.debug("Reapplying firewall rules for ip id=" + ipId + " as a part of disable remote access vpn");
                success = _firewallMgr.applyIngressFirewallRules(ipId, caller);
            }
            if (success || forceCleanup) {
                try {
                    Transaction.execute(new TransactionCallbackNoReturn() {

                        @Override
                        public void doInTransactionWithoutResult(TransactionStatus status) {
                            _remoteAccessVpnDao.remove(vpn.getId());
                            // Stop billing of VPN users when VPN is removed. VPN_User_ADD events will be generated when VPN is created again
                            List<VpnUserVO> vpnUsers = _vpnUsersDao.listByAccount(vpn.getAccountId());
                            for (VpnUserVO user : vpnUsers) {
                                // VPN_USER_REMOVE event is already generated for users in Revoke state
                                if (user.getState() != VpnUser.State.Revoke) {
                                    UsageEventUtils.publishUsageEvent(EventTypes.EVENT_VPN_USER_REMOVE, user.getAccountId(), 0, user.getId(), user.getUsername(), user.getClass().getName(), user.getUuid());
                                }
                            }
                            if (vpnFwRules != null) {
                                for (FirewallRule vpnFwRule : vpnFwRules) {
                                    _rulesDao.remove(vpnFwRule.getId());
                                    s_logger.debug("Successfully removed firewall rule with ip id=" + vpnFwRule.getSourceIpAddressId() + " and port " + vpnFwRule.getSourcePortStart().intValue() + " as a part of vpn cleanup");
                                }
                            }
                        }
                    });
                } catch (Exception ex) {
                    s_logger.warn("Unable to release the three vpn ports from the firewall rules", ex);
                }
            }
        }
    }
    return success;
}
Also used : RemoteAccessVPNServiceProvider(com.cloud.network.element.RemoteAccessVPNServiceProvider) RemoteAccessVpnVO(com.cloud.network.dao.RemoteAccessVpnVO) VpnUserVO(com.cloud.network.VpnUserVO) ArrayList(java.util.ArrayList) TransactionStatus(com.cloud.utils.db.TransactionStatus) TransactionCallbackNoReturn(com.cloud.utils.db.TransactionCallbackNoReturn) FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO) AccountLimitException(com.cloud.exception.AccountLimitException) InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException) TransactionCallbackWithException(com.cloud.utils.db.TransactionCallbackWithException) NetworkRuleConflictException(com.cloud.exception.NetworkRuleConflictException) ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException) ConfigurationException(javax.naming.ConfigurationException) ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException) List(java.util.List) ArrayList(java.util.ArrayList) FirewallRule(com.cloud.network.rules.FirewallRule) RemoteAccessVpn(com.cloud.network.RemoteAccessVpn) ActionEvent(com.cloud.event.ActionEvent) DB(com.cloud.utils.db.DB)

Example 10 with ActionEvent

use of com.cloud.event.ActionEvent in project cloudstack by apache.

the class RemoteAccessVpnManagerImpl method updateRemoteAccessVpn.

@Override
@ActionEvent(eventType = EventTypes.EVENT_REMOTE_ACCESS_VPN_UPDATE, eventDescription = "updating remote access vpn", async = true)
public RemoteAccessVpn updateRemoteAccessVpn(long id, String customId, Boolean forDisplay) {
    final RemoteAccessVpnVO vpn = _remoteAccessVpnDao.findById(id);
    if (vpn == null) {
        throw new InvalidParameterValueException("Can't find remote access vpn by id " + id);
    }
    _accountMgr.checkAccess(CallContext.current().getCallingAccount(), null, true, vpn);
    if (customId != null) {
        vpn.setUuid(customId);
    }
    if (forDisplay != null) {
        vpn.setDisplay(forDisplay);
    }
    _remoteAccessVpnDao.update(vpn.getId(), vpn);
    return _remoteAccessVpnDao.findById(id);
}
Also used : RemoteAccessVpnVO(com.cloud.network.dao.RemoteAccessVpnVO) InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException) ActionEvent(com.cloud.event.ActionEvent)

Aggregations

ActionEvent (com.cloud.event.ActionEvent)209 InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)174 Account (com.cloud.user.Account)114 CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)80 DB (com.cloud.utils.db.DB)79 TransactionStatus (com.cloud.utils.db.TransactionStatus)40 PermissionDeniedException (com.cloud.exception.PermissionDeniedException)32 ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)32 ArrayList (java.util.ArrayList)31 CallContext (org.apache.cloudstack.context.CallContext)22 ConcurrentOperationException (com.cloud.exception.ConcurrentOperationException)20 TransactionCallbackNoReturn (com.cloud.utils.db.TransactionCallbackNoReturn)20 DataCenterVO (com.cloud.dc.DataCenterVO)18 Network (com.cloud.network.Network)18 LoadBalancerVO (com.cloud.network.dao.LoadBalancerVO)17 InvalidParameterException (java.security.InvalidParameterException)16 List (java.util.List)16 NetworkVO (com.cloud.network.dao.NetworkVO)15 ConfigurationException (javax.naming.ConfigurationException)15 ResourceAllocationException (com.cloud.exception.ResourceAllocationException)14