Search in sources :

Example 6 with LoadBalancingRule

use of com.cloud.legacymodel.network.LoadBalancingRule in project cosmic by MissionCriticalCloud.

the class VirtualNetworkApplianceManagerImpl method finalizeNetworkRulesForNetwork.

protected void finalizeNetworkRulesForNetwork(final Commands cmds, final DomainRouterVO router, final Provider provider, final Long guestNetworkId) {
    s_logger.debug("Resending ipAssoc, port forwarding, load balancing rules as a part of Virtual router start");
    final ArrayList<? extends PublicIpAddress> publicIps = getPublicIpsToApply(router, provider, guestNetworkId);
    final List<FirewallRule> firewallRulesEgress = new ArrayList<>();
    // Fetch firewall Egress rules.
    if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) {
        firewallRulesEgress.addAll(_rulesDao.listByNetworkPurposeTrafficType(guestNetworkId, Purpose.Firewall, FirewallRule.TrafficType.Egress));
        if (firewallRulesEgress.isEmpty()) {
            // create egress default rule for VR
            createDefaultEgressFirewallRule(firewallRulesEgress, guestNetworkId);
        }
    }
    // Re-apply firewall Egress rules
    s_logger.debug("Found " + firewallRulesEgress.size() + " firewall Egress rule(s) to apply as a part of domR " + router + " start.");
    if (!firewallRulesEgress.isEmpty()) {
        _commandSetupHelper.createFirewallRulesCommands(firewallRulesEgress, router, cmds, guestNetworkId);
    }
    if (publicIps != null && !publicIps.isEmpty()) {
        final List<PortForwardingRule> pfRules = new ArrayList<>();
        final List<FirewallRule> staticNatFirewallRules = new ArrayList<>();
        final List<StaticNat> staticNats = new ArrayList<>();
        final List<FirewallRule> firewallRulesIngress = new ArrayList<>();
        // StaticNatRules; PFVPN to reapply on domR start)
        for (final PublicIpAddress ip : publicIps) {
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.PortForwarding, provider)) {
                pfRules.addAll(_pfRulesDao.listForApplication(ip.getId()));
            }
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) {
                staticNatFirewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.StaticNat));
            }
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) {
                firewallRulesIngress.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.Firewall));
            }
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) {
                if (ip.isOneToOneNat()) {
                    final StaticNatImpl staticNat = new StaticNatImpl(ip.getAccountId(), ip.getDomainId(), guestNetworkId, ip.getId(), ip.getVmIp(), false);
                    staticNats.add(staticNat);
                }
            }
        }
        // Re-apply static nats
        s_logger.debug("Found " + staticNats.size() + " static nat(s) to apply as a part of domR " + router + " start.");
        if (!staticNats.isEmpty()) {
            _commandSetupHelper.createApplyStaticNatCommands(staticNats, router, cmds);
        }
        // Re-apply firewall Ingress rules
        s_logger.debug("Found " + firewallRulesIngress.size() + " firewall Ingress rule(s) to apply as a part of domR " + router + " start.");
        if (!firewallRulesIngress.isEmpty()) {
            _commandSetupHelper.createFirewallRulesCommands(firewallRulesIngress, router, cmds, guestNetworkId);
        }
        // Re-apply port forwarding rules
        s_logger.debug("Found " + pfRules.size() + " port forwarding rule(s) to apply as a part of domR " + router + " start.");
        if (!pfRules.isEmpty()) {
            _commandSetupHelper.createApplyPortForwardingRulesCommands(pfRules, router, cmds, guestNetworkId);
        }
        // Re-apply static nat rules
        s_logger.debug("Found " + staticNatFirewallRules.size() + " static nat rule(s) to apply as a part of domR " + router + " start.");
        if (!staticNatFirewallRules.isEmpty()) {
            final List<StaticNatRule> staticNatRules = new ArrayList<>();
            for (final FirewallRule rule : staticNatFirewallRules) {
                staticNatRules.add(_rulesMgr.buildStaticNatRule(rule, false));
            }
            _commandSetupHelper.createApplyStaticNatRulesCommands(staticNatRules, router, cmds, guestNetworkId);
        }
        final List<LoadBalancerVO> lbs = _loadBalancerDao.listByNetworkIdAndScheme(guestNetworkId, Scheme.Public);
        final List<LoadBalancingRule> lbRules = new ArrayList<>();
        if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Lb, provider)) {
            // Re-apply load balancing rules
            for (final LoadBalancerVO lb : lbs) {
                final List<LbDestination> dstList = _lbMgr.getExistingDestinations(lb.getId());
                final List<LbStickinessPolicy> policyList = _lbMgr.getStickinessPolicies(lb.getId());
                final List<LbHealthCheckPolicy> hcPolicyList = _lbMgr.getHealthCheckPolicies(lb.getId());
                final Ip sourceIp = _networkModel.getPublicIpAddress(lb.getSourceIpAddressId()).getAddress();
                final LbSslCert sslCert = _lbMgr.getLbSslCert(lb.getId());
                final LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList, policyList, hcPolicyList, sourceIp, sslCert, lb.getLbProtocol());
                lbRules.add(loadBalancing);
            }
        }
        s_logger.debug("Found " + lbRules.size() + " load balancing rule(s) to apply as a part of domR " + router + " start.");
        if (!lbRules.isEmpty()) {
            _commandSetupHelper.createApplyLoadBalancingRulesCommands(lbRules, router, cmds, guestNetworkId);
        }
    }
}
Also used : LbSslCert(com.cloud.legacymodel.network.LoadBalancingRule.LbSslCert) LoadBalancingRule(com.cloud.legacymodel.network.LoadBalancingRule) Ip(com.cloud.legacymodel.network.Ip) PublicIp(com.cloud.network.addr.PublicIp) ArrayList(java.util.ArrayList) LoadBalancerVO(com.cloud.network.dao.LoadBalancerVO) LbStickinessPolicy(com.cloud.legacymodel.network.LoadBalancingRule.LbStickinessPolicy) StaticNatRule(com.cloud.legacymodel.network.StaticNatRule) PortForwardingRule(com.cloud.legacymodel.network.PortForwardingRule) StaticNat(com.cloud.network.rules.StaticNat) LbDestination(com.cloud.legacymodel.network.LoadBalancingRule.LbDestination) PublicIpAddress(com.cloud.network.PublicIpAddress) StaticNatImpl(com.cloud.network.rules.StaticNatImpl) LbHealthCheckPolicy(com.cloud.legacymodel.network.LoadBalancingRule.LbHealthCheckPolicy) FirewallRule(com.cloud.legacymodel.network.FirewallRule)

Example 7 with LoadBalancingRule

use of com.cloud.legacymodel.network.LoadBalancingRule in project cosmic by MissionCriticalCloud.

the class FirewallRules method accept.

@Override
public boolean accept(final NetworkTopologyVisitor visitor, final VirtualRouter router) throws ResourceUnavailableException {
    _router = router;
    _purpose = _rules.get(0).getPurpose();
    if (_purpose == Purpose.LoadBalancing) {
        final LoadBalancerDao loadBalancerDao = visitor.getVirtualNetworkApplianceFactory().getLoadBalancerDao();
        // for load balancer we have to resend all lb rules for the network
        final List<LoadBalancerVO> lbs = loadBalancerDao.listByNetworkIdAndScheme(_network.getId(), Scheme.Public);
        _loadbalancingRules = new ArrayList<>();
        final LoadBalancingRulesManager lbMgr = visitor.getVirtualNetworkApplianceFactory().getLbMgr();
        final NetworkModel networkModel = visitor.getVirtualNetworkApplianceFactory().getNetworkModel();
        for (final LoadBalancerVO lb : lbs) {
            final List<LbDestination> dstList = lbMgr.getExistingDestinations(lb.getId());
            final List<LbStickinessPolicy> policyList = lbMgr.getStickinessPolicies(lb.getId());
            final List<LbHealthCheckPolicy> hcPolicyList = lbMgr.getHealthCheckPolicies(lb.getId());
            final LbSslCert sslCert = lbMgr.getLbSslCert(lb.getId());
            final Ip sourceIp = networkModel.getPublicIpAddress(lb.getSourceIpAddressId()).getAddress();
            final LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList, policyList, hcPolicyList, sourceIp, sslCert, lb.getLbProtocol());
            _loadbalancingRules.add(loadBalancing);
        }
    }
    return visitor.visit(this);
}
Also used : LoadBalancerDao(com.cloud.network.dao.LoadBalancerDao) LbSslCert(com.cloud.legacymodel.network.LoadBalancingRule.LbSslCert) LoadBalancingRule(com.cloud.legacymodel.network.LoadBalancingRule) LoadBalancingRulesManager(com.cloud.network.lb.LoadBalancingRulesManager) Ip(com.cloud.legacymodel.network.Ip) LoadBalancerVO(com.cloud.network.dao.LoadBalancerVO) LbStickinessPolicy(com.cloud.legacymodel.network.LoadBalancingRule.LbStickinessPolicy) LbDestination(com.cloud.legacymodel.network.LoadBalancingRule.LbDestination) NetworkModel(com.cloud.network.NetworkModel) LbHealthCheckPolicy(com.cloud.legacymodel.network.LoadBalancingRule.LbHealthCheckPolicy)

Example 8 with LoadBalancingRule

use of com.cloud.legacymodel.network.LoadBalancingRule in project cosmic by MissionCriticalCloud.

the class LoadBalancingRules method accept.

@Override
public boolean accept(final NetworkTopologyVisitor visitor, final VirtualRouter router) throws ResourceUnavailableException {
    _router = router;
    final LoadBalancerDao loadBalancerDao = visitor.getVirtualNetworkApplianceFactory().getLoadBalancerDao();
    // For load balancer we have to resend all lb rules for the network
    final List<LoadBalancerVO> lbs = loadBalancerDao.listByNetworkIdAndScheme(_network.getId(), Scheme.Public);
    // We are cleaning it before because all the rules have to be sent to the router.
    _rules.clear();
    final LoadBalancingRulesManager lbMgr = visitor.getVirtualNetworkApplianceFactory().getLbMgr();
    final NetworkModel networkModel = visitor.getVirtualNetworkApplianceFactory().getNetworkModel();
    for (final LoadBalancerVO lb : lbs) {
        final List<LbDestination> dstList = lbMgr.getExistingDestinations(lb.getId());
        final List<LbStickinessPolicy> policyList = lbMgr.getStickinessPolicies(lb.getId());
        final List<LbHealthCheckPolicy> hcPolicyList = lbMgr.getHealthCheckPolicies(lb.getId());
        final LbSslCert sslCert = lbMgr.getLbSslCert(lb.getId());
        final Ip sourceIp = networkModel.getPublicIpAddress(lb.getSourceIpAddressId()).getAddress();
        final LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList, policyList, hcPolicyList, sourceIp, sslCert, lb.getLbProtocol());
        _rules.add(loadBalancing);
    }
    return visitor.visit(this);
}
Also used : LoadBalancerDao(com.cloud.network.dao.LoadBalancerDao) LbSslCert(com.cloud.legacymodel.network.LoadBalancingRule.LbSslCert) LoadBalancingRule(com.cloud.legacymodel.network.LoadBalancingRule) LoadBalancingRulesManager(com.cloud.network.lb.LoadBalancingRulesManager) Ip(com.cloud.legacymodel.network.Ip) LoadBalancerVO(com.cloud.network.dao.LoadBalancerVO) LbStickinessPolicy(com.cloud.legacymodel.network.LoadBalancingRule.LbStickinessPolicy) LbDestination(com.cloud.legacymodel.network.LoadBalancingRule.LbDestination) NetworkModel(com.cloud.network.NetworkModel) LbHealthCheckPolicy(com.cloud.legacymodel.network.LoadBalancingRule.LbHealthCheckPolicy)

Example 9 with LoadBalancingRule

use of com.cloud.legacymodel.network.LoadBalancingRule in project cosmic by MissionCriticalCloud.

the class LoadBalancingRulesManagerImpl method applyLoadBalancerRules.

@DB
protected boolean applyLoadBalancerRules(final List<LoadBalancerVO> lbs, final boolean updateRulesInDB) throws ResourceUnavailableException {
    final List<LoadBalancingRule> rules = new ArrayList<>();
    for (final LoadBalancerVO lb : lbs) {
        rules.add(getLoadBalancerRuleToApply(lb));
    }
    if (!applyLbRules(rules, false)) {
        s_logger.debug("LB rules are not completely applied");
        return false;
    }
    if (updateRulesInDB) {
        for (final LoadBalancerVO lb : lbs) {
            final boolean checkForReleaseElasticIp = Transaction.execute(new TransactionCallback<Boolean>() {

                @Override
                public Boolean doInTransaction(final TransactionStatus status) {
                    boolean checkForReleaseElasticIp = false;
                    if (lb.getState() == FirewallRule.State.Revoke) {
                        removeLBRule(lb);
                        s_logger.debug("LB " + lb.getId() + " is successfully removed");
                        checkForReleaseElasticIp = true;
                    } else if (lb.getState() == FirewallRule.State.Add) {
                        lb.setState(FirewallRule.State.Active);
                        s_logger.debug("LB rule " + lb.getId() + " state is set to Active");
                        _lbDao.persist(lb);
                    }
                    // remove LB-Vm mappings that were state to revoke
                    final List<LoadBalancerVMMapVO> lbVmMaps = _lb2VmMapDao.listByLoadBalancerId(lb.getId(), true);
                    final List<Long> instanceIds = new ArrayList<>();
                    for (final LoadBalancerVMMapVO lbVmMap : lbVmMaps) {
                        instanceIds.add(lbVmMap.getInstanceId());
                        _lb2VmMapDao.remove(lb.getId(), lbVmMap.getInstanceId(), lbVmMap.getInstanceIp(), null);
                        s_logger.debug("Load balancer rule id " + lb.getId() + " is removed for vm " + lbVmMap.getInstanceId() + " instance ip " + lbVmMap.getInstanceIp());
                    }
                    if (_lb2VmMapDao.listByLoadBalancerId(lb.getId()).isEmpty()) {
                        lb.setState(FirewallRule.State.Add);
                        _lbDao.persist(lb);
                        s_logger.debug("LB rule " + lb.getId() + " state is set to Add as there are no more active LB-VM mappings");
                    }
                    // remove LB-Stickiness policy mapping that were state to revoke
                    final List<LBStickinessPolicyVO> stickinesspolicies = _lb2stickinesspoliciesDao.listByLoadBalancerId(lb.getId(), true);
                    if (!stickinesspolicies.isEmpty()) {
                        _lb2stickinesspoliciesDao.remove(lb.getId(), true);
                        s_logger.debug("Load balancer rule id " + lb.getId() + " is removed stickiness policies");
                    }
                    // remove LB-HealthCheck policy mapping that were state to
                    // revoke
                    final List<LBHealthCheckPolicyVO> healthCheckpolicies = _lb2healthcheckDao.listByLoadBalancerId(lb.getId(), true);
                    if (!healthCheckpolicies.isEmpty()) {
                        _lb2healthcheckDao.remove(lb.getId(), true);
                        s_logger.debug("Load balancer rule id " + lb.getId() + " is removed health check monitors policies");
                    }
                    final LoadBalancerCertMapVO lbCertMap = _lbCertMapDao.findByLbRuleId(lb.getId());
                    if (lbCertMap != null && lbCertMap.isRevoke()) {
                        _lbCertMapDao.remove(lbCertMap.getId());
                        s_logger.debug("Load balancer rule id " + lb.getId() + " removed certificate mapping");
                    }
                    return checkForReleaseElasticIp;
                }
            });
            if (checkForReleaseElasticIp && lb.getSourceIpAddressId() != null) {
                boolean success = true;
                final long count = _firewallDao.countRulesByIpId(lb.getSourceIpAddressId());
                if (count == 0) {
                    try {
                        success = handleSystemLBIpRelease(lb);
                    } catch (final Exception ex) {
                        s_logger.warn("Failed to release system ip as a part of lb rule " + lb + " deletion due to exception ", ex);
                        success = false;
                    } finally {
                        if (!success) {
                            s_logger.warn("Failed to release system ip as a part of lb rule " + lb + " deletion");
                        }
                    }
                }
            }
            // VPC, unassign it from the network
            if (lb.getSourceIpAddressId() != null) {
                final IpAddress ip = _ipAddressDao.findById(lb.getSourceIpAddressId());
                _vpcMgr.unassignIPFromVpcNetwork(ip.getId(), lb.getNetworkId());
            }
        }
    }
    return true;
}
Also used : LoadBalancingRule(com.cloud.legacymodel.network.LoadBalancingRule) ArrayList(java.util.ArrayList) LoadBalancerVO(com.cloud.network.dao.LoadBalancerVO) TransactionStatus(com.cloud.utils.db.TransactionStatus) LoadBalancerCertMapVO(com.cloud.network.dao.LoadBalancerCertMapVO) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) PermissionDeniedException(com.cloud.legacymodel.exceptions.PermissionDeniedException) InvalidParameterException(java.security.InvalidParameterException) TransactionCallbackWithException(com.cloud.utils.db.TransactionCallbackWithException) InsufficientAddressCapacityException(com.cloud.legacymodel.exceptions.InsufficientAddressCapacityException) NetworkRuleConflictException(com.cloud.legacymodel.exceptions.NetworkRuleConflictException) ResourceUnavailableException(com.cloud.legacymodel.exceptions.ResourceUnavailableException) CloudRuntimeException(com.cloud.legacymodel.exceptions.CloudRuntimeException) ArrayList(java.util.ArrayList) List(java.util.List) LoadBalancerVMMapVO(com.cloud.network.dao.LoadBalancerVMMapVO) IpAddress(com.cloud.network.IpAddress) DB(com.cloud.utils.db.DB)

Example 10 with LoadBalancingRule

use of com.cloud.legacymodel.network.LoadBalancingRule in project cosmic by MissionCriticalCloud.

the class LoadBalancingRulesManagerImpl method getLoadBalancerRuleToApply.

private LoadBalancingRule getLoadBalancerRuleToApply(final LoadBalancerVO lb) {
    final List<LbStickinessPolicy> policyList = getStickinessPolicies(lb.getId());
    final Ip sourceIp = getSourceIp(lb);
    final LbSslCert sslCert = getLbSslCert(lb.getId());
    final LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, null, policyList, null, sourceIp, sslCert, lb.getLbProtocol());
    final List<LbDestination> dstList = getExistingDestinations(lb.getId());
    loadBalancing.setDestinations(dstList);
    final List<LbHealthCheckPolicy> hcPolicyList = getHealthCheckPolicies(lb.getId());
    loadBalancing.setHealthCheckPolicies(hcPolicyList);
    return loadBalancing;
}
Also used : LbSslCert(com.cloud.legacymodel.network.LoadBalancingRule.LbSslCert) LoadBalancingRule(com.cloud.legacymodel.network.LoadBalancingRule) Ip(com.cloud.legacymodel.network.Ip) PublicIp(com.cloud.network.addr.PublicIp) LbHealthCheckPolicy(com.cloud.legacymodel.network.LoadBalancingRule.LbHealthCheckPolicy) LbStickinessPolicy(com.cloud.legacymodel.network.LoadBalancingRule.LbStickinessPolicy) LbDestination(com.cloud.legacymodel.network.LoadBalancingRule.LbDestination)

Aggregations

LoadBalancingRule (com.cloud.legacymodel.network.LoadBalancingRule)12 LoadBalancerVO (com.cloud.network.dao.LoadBalancerVO)8 Ip (com.cloud.legacymodel.network.Ip)7 LbDestination (com.cloud.legacymodel.network.LoadBalancingRule.LbDestination)6 LbStickinessPolicy (com.cloud.legacymodel.network.LoadBalancingRule.LbStickinessPolicy)6 LbHealthCheckPolicy (com.cloud.legacymodel.network.LoadBalancingRule.LbHealthCheckPolicy)5 PublicIp (com.cloud.network.addr.PublicIp)5 ArrayList (java.util.ArrayList)5 InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)4 LbSslCert (com.cloud.legacymodel.network.LoadBalancingRule.LbSslCert)4 Network (com.cloud.legacymodel.network.Network)4 DB (com.cloud.utils.db.DB)4 CloudRuntimeException (com.cloud.legacymodel.exceptions.CloudRuntimeException)3 ResourceUnavailableException (com.cloud.legacymodel.exceptions.ResourceUnavailableException)3 Commands (com.cloud.agent.manager.Commands)2 ActionEvent (com.cloud.event.ActionEvent)2 InsufficientAddressCapacityException (com.cloud.legacymodel.exceptions.InsufficientAddressCapacityException)2 NetworkRuleConflictException (com.cloud.legacymodel.exceptions.NetworkRuleConflictException)2 PermissionDeniedException (com.cloud.legacymodel.exceptions.PermissionDeniedException)2 Nic (com.cloud.legacymodel.network.Nic)2