Examples with NetworkRuleConflictException com.cloud.exception.NetworkRuleConflictException used on opensource projects

Example 76 with NetworkRuleConflictException

use of com.cloud.exception.NetworkRuleConflictException in project cloudstack by apache.

the class FirewallManagerImpl method createFirewallRule.

// Destination CIDR capability is currently implemented for egress rules only. For others, the field is passed as null.
@DB
protected FirewallRule createFirewallRule(final Long ipAddrId, Account caller, final String xId, final Integer portStart, final Integer portEnd, final String protocol, final List<String> sourceCidrList, final List<String> destCidrList, final Integer icmpCode, final Integer icmpType, final Long relatedRuleId, final FirewallRule.FirewallRuleType type, final Long networkId, final FirewallRule.TrafficType trafficType, final Boolean forDisplay) throws NetworkRuleConflictException {
    IPAddressVO ipAddress = null;
    if (ipAddrId != null) {
        // this for ingress firewall rule, for egress id is null
        ipAddress = _ipAddressDao.findById(ipAddrId);
        // Validate ip address
        if (ipAddress == null && type == FirewallRule.FirewallRuleType.User) {
            throw new InvalidParameterValueException("Unable to create firewall rule; " + "couldn't locate IP address by id in the system");
        }
        _networkModel.checkIpForService(ipAddress, Service.Firewall, null);
    }
    validateFirewallRule(caller, ipAddress, portStart, portEnd, protocol, Purpose.Firewall, type, networkId, trafficType);
    // icmp code and icmp type can't be passed in for any other protocol rather than icmp
    if (!protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO) && (icmpCode != null || icmpType != null)) {
        throw new InvalidParameterValueException("Can specify icmpCode and icmpType for ICMP protocol only");
    }
    if (protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO) && (portStart != null || portEnd != null)) {
        throw new InvalidParameterValueException("Can't specify start/end port when protocol is ICMP");
    }
    Long accountId = null;
    Long domainId = null;
    if (ipAddress != null) {
        // Ingress firewall rule
        accountId = ipAddress.getAllocatedToAccountId();
        domainId = ipAddress.getAllocatedInDomainId();
    } else if (networkId != null) {
        // egress firewall rule
        Network network = _networkModel.getNetwork(networkId);
        accountId = network.getAccountId();
        domainId = network.getDomainId();
    }
    final Long accountIdFinal = accountId;
    final Long domainIdFinal = domainId;
    return Transaction.execute(new TransactionCallbackWithException<FirewallRuleVO, NetworkRuleConflictException>() {

        @Override
        public FirewallRuleVO doInTransaction(TransactionStatus status) throws NetworkRuleConflictException {
            FirewallRuleVO newRule = new FirewallRuleVO(xId, ipAddrId, portStart, portEnd, protocol.toLowerCase(), networkId, accountIdFinal, domainIdFinal, Purpose.Firewall, sourceCidrList, destCidrList, icmpCode, icmpType, relatedRuleId, trafficType);
            newRule.setType(type);
            if (forDisplay != null) {
                newRule.setDisplay(forDisplay);
            }
            newRule = _firewallDao.persist(newRule);
            if (type == FirewallRuleType.User)
                detectRulesConflict(newRule);
            if (!_firewallDao.setStateToAdd(newRule)) {
                throw new CloudRuntimeException("Unable to update the state to add for " + newRule);
            }
            CallContext.current().setEventDetails("Rule Id: " + newRule.getId());
            return newRule;
        }
    });
}

Example 77 with NetworkRuleConflictException

use of com.cloud.exception.NetworkRuleConflictException in project cloudstack by apache.

the class AddUcsManagerCmd method execute.

@Override
public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException, NetworkRuleConflictException {
    try {
        UcsManagerResponse rsp = mgr.addUcsManager(this);
        rsp.setObjectName("ucsmanager");
        rsp.setResponseName(getCommandName());
        this.setResponseObject(rsp);
    } catch (Exception e) {
        s_logger.warn("Exception: ", e);
        throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.getMessage());
    }
}

Example 78 with NetworkRuleConflictException

use of com.cloud.exception.NetworkRuleConflictException in project cloudstack by apache.

the class CreateServiceInstanceCmd method execute.

@Override
public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException, NetworkRuleConflictException {
    try {
        _vrouterService.startServiceInstance(getEntityId());
        ServiceInstanceResponse response = _vrouterService.createServiceInstanceResponse(getEntityId());
        response.setObjectName("serviceinstance");
        response.setResponseName(getCommandName());
        this.setResponseObject(response);
    } catch (Exception ex) {
        throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, ex.getMessage());
    }
}

Example 79 with NetworkRuleConflictException

use of com.cloud.exception.NetworkRuleConflictException in project cloudstack by apache.

the class KubernetesClusterResourceModifierActionWorker method provisionSshPortForwardingRules.

/**
 * To provision SSH port forwarding rules for the given Kubernetes cluster
 * for its given virtual machines
 * @param publicIp
 * @param network
 * @param account
 * @param List<Long> clusterVMIds (when empty then method must be called while
 *                  down-scaling of the KubernetesCluster therefore no new rules
 *                  to be added)
 * @param firewallRuleSourcePortStart
 * @throws ResourceUnavailableException
 * @throws NetworkRuleConflictException
 */
protected void provisionSshPortForwardingRules(IpAddress publicIp, Network network, Account account, List<Long> clusterVMIds, int firewallRuleSourcePortStart) throws ResourceUnavailableException, NetworkRuleConflictException {
    if (!CollectionUtils.isEmpty(clusterVMIds)) {
        final long publicIpId = publicIp.getId();
        final long networkId = network.getId();
        final long accountId = account.getId();
        final long domainId = account.getDomainId();
        for (int i = 0; i < clusterVMIds.size(); ++i) {
            long vmId = clusterVMIds.get(i);
            Nic vmNic = networkModel.getNicInNetwork(vmId, networkId);
            final Ip vmIp = new Ip(vmNic.getIPv4Address());
            final long vmIdFinal = vmId;
            final int srcPortFinal = firewallRuleSourcePortStart + i;
            PortForwardingRuleVO pfRule = Transaction.execute(new TransactionCallbackWithException<PortForwardingRuleVO, NetworkRuleConflictException>() {

                @Override
                public PortForwardingRuleVO doInTransaction(TransactionStatus status) throws NetworkRuleConflictException {
                    PortForwardingRuleVO newRule = new PortForwardingRuleVO(null, publicIpId, srcPortFinal, srcPortFinal, vmIp, 22, 22, "tcp", networkId, accountId, domainId, vmIdFinal);
                    newRule.setDisplay(true);
                    newRule.setState(FirewallRule.State.Add);
                    newRule = portForwardingRulesDao.persist(newRule);
                    return newRule;
                }
            });
            rulesService.applyPortForwardingRules(publicIp.getId(), account);
            if (LOGGER.isInfoEnabled()) {
                LOGGER.info(String.format("Provisioned SSH port forwarding rule from port %d to 22 on %s to the VM IP : %s in Kubernetes cluster : %s", srcPortFinal, publicIp.getAddress().addr(), vmIp.toString(), kubernetesCluster.getName()));
            }
        }
    }
}

Example 80 with NetworkRuleConflictException

use of com.cloud.exception.NetworkRuleConflictException in project cloudstack by apache.

the class KubernetesClusterScaleWorker method scaleKubernetesClusterNetworkRules.

/**
 * Scale network rules for an existing Kubernetes cluster while scaling it
 * Open up firewall for SSH access from port NODES_DEFAULT_START_SSH_PORT to NODES_DEFAULT_START_SSH_PORT+n.
 * Also remove port forwarding rules for all virtual machines and re-create port-forwarding rule
 * to forward public IP traffic to all node VMs' private IP.
 * @param clusterVMIds
 * @throws ManagementServerException
 */
private void scaleKubernetesClusterNetworkRules(final List<Long> clusterVMIds) throws ManagementServerException {
    if (!Network.GuestType.Isolated.equals(network.getGuestType())) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug(String.format("Network : %s for Kubernetes cluster : %s is not an isolated network, therefore, no need for network rules", network.getName(), kubernetesCluster.getName()));
        }
        return;
    }
    IpAddress publicIp = getSourceNatIp(network);
    if (publicIp == null) {
        throw new ManagementServerException(String.format("No source NAT IP addresses found for network : %s, Kubernetes cluster : %s", network.getName(), kubernetesCluster.getName()));
    }
    // Remove existing SSH firewall rules
    FirewallRule firewallRule = removeSshFirewallRule(publicIp);
    if (firewallRule == null) {
        throw new ManagementServerException("Firewall rule for node SSH access can't be provisioned");
    }
    int existingFirewallRuleSourcePortEnd = firewallRule.getSourcePortEnd();
    int endPort = CLUSTER_NODES_DEFAULT_START_SSH_PORT + clusterVMIds.size() - 1;
    // Provision new SSH firewall rules
    try {
        provisionFirewallRules(publicIp, owner, CLUSTER_NODES_DEFAULT_START_SSH_PORT, endPort);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug(String.format("Provisioned  firewall rule to open up port %d to %d on %s in Kubernetes cluster %s", CLUSTER_NODES_DEFAULT_START_SSH_PORT, endPort, publicIp.getAddress().addr(), kubernetesCluster.getName()));
        }
    } catch (NoSuchFieldException | IllegalAccessException | ResourceUnavailableException e) {
        throw new ManagementServerException(String.format("Failed to activate SSH firewall rules for the Kubernetes cluster : %s", kubernetesCluster.getName()), e);
    }
    try {
        removePortForwardingRules(publicIp, network, owner, CLUSTER_NODES_DEFAULT_START_SSH_PORT, existingFirewallRuleSourcePortEnd);
    } catch (ResourceUnavailableException e) {
        throw new ManagementServerException(String.format("Failed to remove SSH port forwarding rules for removed VMs for the Kubernetes cluster : %s", kubernetesCluster.getName()), e);
    }
    try {
        provisionSshPortForwardingRules(publicIp, network, owner, clusterVMIds, CLUSTER_NODES_DEFAULT_START_SSH_PORT);
    } catch (ResourceUnavailableException | NetworkRuleConflictException e) {
        throw new ManagementServerException(String.format("Failed to activate SSH port forwarding rules for the Kubernetes cluster : %s", kubernetesCluster.getName()), e);
    }
}