use of com.cloud.event.ActionEvent in project cloudstack by apache.
the class Site2SiteVpnManagerImpl method deleteVpnGateway.
@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_GATEWAY_DELETE, eventDescription = "deleting s2s vpn gateway", async = true)
public boolean deleteVpnGateway(DeleteVpnGatewayCmd cmd) {
CallContext.current().setEventDetails(" Id: " + cmd.getId());
Account caller = CallContext.current().getCallingAccount();
Long id = cmd.getId();
Site2SiteVpnGateway vpnGateway = _vpnGatewayDao.findById(id);
if (vpnGateway == null) {
throw new InvalidParameterValueException("Fail to find vpn gateway with " + id + " !");
}
_accountMgr.checkAccess(caller, null, false, vpnGateway);
doDeleteVpnGateway(vpnGateway);
return true;
}
use of com.cloud.event.ActionEvent in project cloudstack by apache.
the class VpcManagerImpl method createVpcOffering.
@Override
@ActionEvent(eventType = EventTypes.EVENT_VPC_OFFERING_CREATE, eventDescription = "creating vpc offering", create = true)
public VpcOffering createVpcOffering(final String name, final String displayText, final List<String> supportedServices, final Map<String, List<String>> serviceProviders, final Map serviceCapabilitystList, final Long serviceOfferingId) {
final Map<Network.Service, Set<Network.Provider>> svcProviderMap = new HashMap<Network.Service, Set<Network.Provider>>();
final Set<Network.Provider> defaultProviders = new HashSet<Network.Provider>();
defaultProviders.add(Provider.VPCVirtualRouter);
// Just here for 4.1, replaced by commit 836ce6c1 in newer versions
final Set<Network.Provider> sdnProviders = new HashSet<Network.Provider>();
sdnProviders.add(Provider.NiciraNvp);
sdnProviders.add(Provider.JuniperContrailVpcRouter);
sdnProviders.add(Provider.NuageVsp);
boolean sourceNatSvc = false;
boolean firewallSvs = false;
// populate the services first
for (final String serviceName : supportedServices) {
// validate if the service is supported
final Service service = Network.Service.getService(serviceName);
if (service == null || nonSupportedServices.contains(service)) {
throw new InvalidParameterValueException("Service " + serviceName + " is not supported in VPC");
}
if (service == Service.Connectivity) {
s_logger.debug("Applying Connectivity workaround, setting provider to NiciraNvp");
svcProviderMap.put(service, sdnProviders);
} else {
svcProviderMap.put(service, defaultProviders);
}
if (service == Service.NetworkACL) {
firewallSvs = true;
}
if (service == Service.SourceNat) {
sourceNatSvc = true;
}
}
if (!sourceNatSvc) {
s_logger.debug("Automatically adding source nat service to the list of VPC services");
svcProviderMap.put(Service.SourceNat, defaultProviders);
}
if (!firewallSvs) {
s_logger.debug("Automatically adding network ACL service to the list of VPC services");
svcProviderMap.put(Service.NetworkACL, defaultProviders);
}
if (serviceProviders != null) {
for (final Entry<String, List<String>> serviceEntry : serviceProviders.entrySet()) {
final Network.Service service = Network.Service.getService(serviceEntry.getKey());
if (svcProviderMap.containsKey(service)) {
final Set<Provider> providers = new HashSet<Provider>();
for (final String prvNameStr : serviceEntry.getValue()) {
// check if provider is supported
final Network.Provider provider = Network.Provider.getProvider(prvNameStr);
if (provider == null) {
throw new InvalidParameterValueException("Invalid service provider: " + prvNameStr);
}
providers.add(provider);
}
svcProviderMap.put(service, providers);
} else {
throw new InvalidParameterValueException("Service " + serviceEntry.getKey() + " is not enabled for the network " + "offering, can't add a provider to it");
}
}
}
// add gateway provider (if sourceNat provider is enabled)
final Set<Provider> sourceNatServiceProviders = svcProviderMap.get(Service.SourceNat);
if (CollectionUtils.isNotEmpty(sourceNatServiceProviders)) {
svcProviderMap.put(Service.Gateway, sourceNatServiceProviders);
}
validateConnectivtyServiceCapabilities(svcProviderMap.get(Service.Connectivity), serviceCapabilitystList);
final boolean supportsDistributedRouter = isVpcOfferingSupportsDistributedRouter(serviceCapabilitystList);
final boolean offersRegionLevelVPC = isVpcOfferingForRegionLevelVpc(serviceCapabilitystList);
final boolean redundantRouter = isVpcOfferingRedundantRouter(serviceCapabilitystList);
final VpcOffering offering = createVpcOffering(name, displayText, svcProviderMap, false, null, serviceOfferingId, supportsDistributedRouter, offersRegionLevelVPC, redundantRouter);
CallContext.current().setEventDetails(" Id: " + offering.getId() + " Name: " + name);
return offering;
}
use of com.cloud.event.ActionEvent in project cloudstack by apache.
the class VpcManagerImpl method createVpc.
@Override
@ActionEvent(eventType = EventTypes.EVENT_VPC_CREATE, eventDescription = "creating vpc", create = true)
public Vpc createVpc(final long zoneId, final long vpcOffId, final long vpcOwnerId, final String vpcName, final String displayText, final String cidr, String networkDomain, final Boolean displayVpc) throws ResourceAllocationException {
final Account caller = CallContext.current().getCallingAccount();
final Account owner = _accountMgr.getAccount(vpcOwnerId);
// Verify that caller can perform actions in behalf of vpc owner
_accountMgr.checkAccess(caller, null, false, owner);
// check resource limit
_resourceLimitMgr.checkResourceLimit(owner, ResourceType.vpc);
// Validate vpc offering
final VpcOfferingVO vpcOff = _vpcOffDao.findById(vpcOffId);
if (vpcOff == null || vpcOff.getState() != State.Enabled) {
final InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find vpc offering in " + State.Enabled + " state by specified id");
if (vpcOff == null) {
ex.addProxyObject(String.valueOf(vpcOffId), "vpcOfferingId");
} else {
ex.addProxyObject(vpcOff.getUuid(), "vpcOfferingId");
}
throw ex;
}
final boolean isRegionLevelVpcOff = vpcOff.offersRegionLevelVPC();
if (isRegionLevelVpcOff && networkDomain == null) {
throw new InvalidParameterValueException("Network domain must be specified for region level VPC");
}
// Validate zone
final DataCenter zone = _entityMgr.findById(DataCenter.class, zoneId);
if (zone == null) {
throw new InvalidParameterValueException("Can't find zone by id specified");
}
if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) {
// See DataCenterVO.java
final PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation since specified Zone is currently disabled");
ex.addProxyObject(zone.getUuid(), "zoneId");
throw ex;
}
if (networkDomain == null) {
// 1) Get networkDomain from the corresponding account
networkDomain = _ntwkModel.getAccountNetworkDomain(owner.getId(), zoneId);
// global config variables
if (networkDomain == null) {
networkDomain = "cs" + Long.toHexString(owner.getId()) + NetworkOrchestrationService.GuestDomainSuffix.valueIn(zoneId);
}
}
final boolean useDistributedRouter = vpcOff.supportsDistributedRouter();
final VpcVO vpc = new VpcVO(zoneId, vpcName, displayText, owner.getId(), owner.getDomainId(), vpcOffId, cidr, networkDomain, useDistributedRouter, isRegionLevelVpcOff, vpcOff.getRedundantRouter());
return createVpc(displayVpc, vpc);
}
use of com.cloud.event.ActionEvent in project cloudstack by apache.
the class RemoteAccessVpnManagerImpl method startRemoteAccessVpn.
@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_REMOTE_ACCESS_VPN_CREATE, eventDescription = "creating remote access vpn", async = true)
public RemoteAccessVpnVO startRemoteAccessVpn(long ipAddressId, boolean openFirewall) throws ResourceUnavailableException {
Account caller = CallContext.current().getCallingAccount();
final RemoteAccessVpnVO vpn = _remoteAccessVpnDao.findByPublicIpAddress(ipAddressId);
if (vpn == null) {
throw new InvalidParameterValueException("Unable to find your vpn: " + ipAddressId);
}
if (vpn.getVpcId() != null) {
openFirewall = false;
}
_accountMgr.checkAccess(caller, null, true, vpn);
boolean started = false;
try {
boolean firewallOpened = true;
if (openFirewall) {
firewallOpened = _firewallMgr.applyIngressFirewallRules(vpn.getServerAddressId(), caller);
}
if (firewallOpened) {
for (RemoteAccessVPNServiceProvider element : _vpnServiceProviders) {
if (element.startVpn(vpn)) {
started = true;
break;
}
}
}
return vpn;
} finally {
if (started) {
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
vpn.setState(RemoteAccessVpn.State.Running);
_remoteAccessVpnDao.update(vpn.getId(), vpn);
// Start billing of existing VPN users in ADD and Active state
List<VpnUserVO> vpnUsers = _vpnUsersDao.listByAccount(vpn.getAccountId());
for (VpnUserVO user : vpnUsers) {
if (user.getState() != VpnUser.State.Revoke) {
UsageEventUtils.publishUsageEvent(EventTypes.EVENT_VPN_USER_ADD, user.getAccountId(), 0, user.getId(), user.getUsername(), user.getClass().getName(), user.getUuid());
}
}
}
});
}
}
}
use of com.cloud.event.ActionEvent in project cloudstack by apache.
the class RemoteAccessVpnManagerImpl method destroyRemoteAccessVpnForIp.
@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, eventDescription = "removing remote access vpn", async = true)
public boolean destroyRemoteAccessVpnForIp(long ipId, Account caller, final boolean forceCleanup) throws ResourceUnavailableException {
final RemoteAccessVpnVO vpn = _remoteAccessVpnDao.findByPublicIpAddress(ipId);
if (vpn == null) {
s_logger.debug("there are no Remote access vpns for public ip address id=" + ipId);
return true;
}
_accountMgr.checkAccess(caller, AccessType.OperateEntry, true, vpn);
RemoteAccessVpn.State prevState = vpn.getState();
vpn.setState(RemoteAccessVpn.State.Removed);
_remoteAccessVpnDao.update(vpn.getId(), vpn);
boolean success = false;
try {
for (RemoteAccessVPNServiceProvider element : _vpnServiceProviders) {
if (element.stopVpn(vpn)) {
success = true;
break;
}
}
} catch (ResourceUnavailableException ex) {
vpn.setState(prevState);
_remoteAccessVpnDao.update(vpn.getId(), vpn);
s_logger.debug("Failed to stop the vpn " + vpn.getId() + " , so reverted state to " + RemoteAccessVpn.State.Running);
success = false;
} finally {
if (success || forceCleanup) {
//Cleanup corresponding ports
final List<? extends FirewallRule> vpnFwRules = _rulesDao.listByIpAndPurpose(ipId, Purpose.Vpn);
boolean applyFirewall = false;
final List<FirewallRuleVO> fwRules = new ArrayList<FirewallRuleVO>();
//if related firewall rule is created for the first vpn port, it would be created for the 2 other ports as well, so need to cleanup the backend
if (vpnFwRules.size() != 0 && _rulesDao.findByRelatedId(vpnFwRules.get(0).getId()) != null) {
applyFirewall = true;
}
if (applyFirewall) {
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
for (FirewallRule vpnFwRule : vpnFwRules) {
//don't apply on the backend yet; send all 3 rules in a banch
_firewallMgr.revokeRelatedFirewallRule(vpnFwRule.getId(), false);
fwRules.add(_rulesDao.findByRelatedId(vpnFwRule.getId()));
}
s_logger.debug("Marked " + fwRules.size() + " firewall rules as Revoked as a part of disable remote access vpn");
}
});
//now apply vpn rules on the backend
s_logger.debug("Reapplying firewall rules for ip id=" + ipId + " as a part of disable remote access vpn");
success = _firewallMgr.applyIngressFirewallRules(ipId, caller);
}
if (success || forceCleanup) {
try {
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
_remoteAccessVpnDao.remove(vpn.getId());
// Stop billing of VPN users when VPN is removed. VPN_User_ADD events will be generated when VPN is created again
List<VpnUserVO> vpnUsers = _vpnUsersDao.listByAccount(vpn.getAccountId());
for (VpnUserVO user : vpnUsers) {
// VPN_USER_REMOVE event is already generated for users in Revoke state
if (user.getState() != VpnUser.State.Revoke) {
UsageEventUtils.publishUsageEvent(EventTypes.EVENT_VPN_USER_REMOVE, user.getAccountId(), 0, user.getId(), user.getUsername(), user.getClass().getName(), user.getUuid());
}
}
if (vpnFwRules != null) {
for (FirewallRule vpnFwRule : vpnFwRules) {
_rulesDao.remove(vpnFwRule.getId());
s_logger.debug("Successfully removed firewall rule with ip id=" + vpnFwRule.getSourceIpAddressId() + " and port " + vpnFwRule.getSourcePortStart().intValue() + " as a part of vpn cleanup");
}
}
}
});
} catch (Exception ex) {
s_logger.warn("Unable to release the three vpn ports from the firewall rules", ex);
}
}
}
}
return success;
}
Aggregations