use of com.cloud.legacymodel.network.Network in project cosmic by MissionCriticalCloud.
the class ConfigurationManagerImpl method createVlanAndPublicIpRange.
@Override
@DB
public Vlan createVlanAndPublicIpRange(final long zoneId, final long networkId, final long physicalNetworkId, final boolean forVirtualNetwork, final Long podId, final String startIP, final String endIP, final String vlanGateway, final String vlanNetmask, String vlanId, final Domain domain, final Account vlanOwner, final String startIPv6, final String endIPv6, final String vlanIp6Gateway, final String vlanIp6Cidr) {
final Network network = _networkModel.getNetwork(networkId);
boolean ipv4 = false, ipv6 = false;
if (startIP != null) {
ipv4 = true;
}
if (startIPv6 != null) {
ipv6 = true;
}
if (!ipv4 && !ipv6) {
throw new InvalidParameterValueException("Please specify IPv4 or IPv6 address.");
}
// Validate the zone
final Zone zone = zoneRepository.findById(zoneId).orElse(null);
if (zone == null) {
throw new InvalidParameterValueException("Please specify a valid zone.");
}
// ACL check
checkZoneAccess(CallContext.current().getCallingAccount(), zone);
// Validate the physical network
if (_physicalNetworkDao.findById(physicalNetworkId) == null) {
throw new InvalidParameterValueException("Please specify a valid physical network id");
}
// Validate the pod
if (podId != null) {
final Pod pod = _podDao.findById(podId);
if (pod == null) {
throw new InvalidParameterValueException("Please specify a valid pod.");
}
if (pod.getDataCenterId() != zoneId) {
throw new InvalidParameterValueException("Pod id=" + podId + " doesn't belong to zone id=" + zoneId);
}
// pod vlans can be created in basic zone only
if (zone.getNetworkType() != NetworkType.Basic || network.getTrafficType() != TrafficType.Guest) {
throw new InvalidParameterValueException("Pod id can be specified only for the networks of type " + TrafficType.Guest + " in zone of type " + NetworkType.Basic);
}
}
// 2) if vlan is missing, default it to the guest network's vlan
if (network.getTrafficType() == TrafficType.Guest) {
String networkVlanId = null;
final URI uri = network.getBroadcastUri();
if (uri != null) {
final String[] vlan = uri.toString().split("vlan:\\/\\/");
networkVlanId = vlan[1];
// For pvlan
networkVlanId = networkVlanId.split("-")[0];
}
if (vlanId != null) {
// network's vlanId
if (networkVlanId != null && !NetUtils.isSameIsolationId(networkVlanId, vlanId)) {
throw new InvalidParameterValueException("Vlan doesn't match vlan of the network");
}
} else {
vlanId = networkVlanId;
}
} else if (network.getTrafficType() == TrafficType.Public && vlanId == null) {
throw new InvalidParameterValueException("Unable to determine vlan id or untagged vlan for public network");
}
if (vlanId == null) {
vlanId = Vlan.UNTAGGED;
}
final VlanType vlanType = forVirtualNetwork ? VlanType.VirtualNetwork : VlanType.DirectAttached;
if ((domain != null || vlanOwner != null) && zone.getNetworkType() != NetworkType.Advanced) {
throw new InvalidParameterValueException("Vlan owner can be defined only in the zone of type " + NetworkType.Advanced);
}
if (ipv4) {
// Make sure the gateway is valid
if (!NetUtils.isValidIp4(vlanGateway)) {
throw new InvalidParameterValueException("Please specify a valid gateway");
}
// Make sure the netmask is valid
if (!NetUtils.isValidIp4Netmask(vlanNetmask)) {
throw new InvalidParameterValueException("Please specify a valid netmask");
}
}
if (ipv6) {
if (!NetUtils.isValidIp6(vlanIp6Gateway)) {
throw new InvalidParameterValueException("Please specify a valid IPv6 gateway");
}
if (!NetUtils.isValidIp6Cidr(vlanIp6Cidr)) {
throw new InvalidParameterValueException("Please specify a valid IPv6 CIDR");
}
}
if (ipv4) {
final String newCidr = NetUtils.getCidrFromGatewayAndNetmask(vlanGateway, vlanNetmask);
// Make sure start and end ips are with in the range of cidr calculated for this gateway and netmask {
if (!NetUtils.isIpWithtInCidrRange(vlanGateway, newCidr) || !NetUtils.isIpWithtInCidrRange(startIP, newCidr) || !NetUtils.isIpWithtInCidrRange(endIP, newCidr)) {
throw new InvalidParameterValueException("Please specify a valid IP range or valid netmask or valid gateway");
}
// Check if the new VLAN's subnet conflicts with the guest network
// in
// the specified zone (guestCidr is null for basic zone)
final String guestNetworkCidr = zone.getGuestNetworkCidr();
if (guestNetworkCidr != null) {
if (NetUtils.isNetworksOverlap(newCidr, guestNetworkCidr)) {
throw new InvalidParameterValueException("The new IP range you have specified has overlapped with the guest network in zone: " + zone.getName() + ". Please specify a different gateway/netmask.");
}
}
// Check if there are any errors with the IP range
checkPublicIpRangeErrors(zoneId, vlanId, vlanGateway, vlanNetmask, startIP, endIP);
// Throw an exception if this subnet overlaps with subnet on other VLAN,
// if this is ip range extension, gateway, network mask should be same and ip range should not overlap
final List<VlanVO> vlans = _vlanDao.listByZone(zone.getId());
for (final VlanVO vlan : vlans) {
final String otherVlanGateway = vlan.getVlanGateway();
final String otherVlanNetmask = vlan.getVlanNetmask();
// Continue if it's not IPv4
if (otherVlanGateway == null || otherVlanNetmask == null) {
continue;
}
if (vlan.getNetworkId() == null) {
continue;
}
final String otherCidr = NetUtils.getCidrFromGatewayAndNetmask(otherVlanGateway, otherVlanNetmask);
if (!NetUtils.isNetworksOverlap(newCidr, otherCidr)) {
continue;
}
// from here, subnet overlaps
if (!vlanId.equals(vlan.getVlanTag())) {
boolean overlapped = false;
if (network.getTrafficType() == TrafficType.Public) {
overlapped = true;
} else {
final Long nwId = vlan.getNetworkId();
if (nwId != null) {
final Network nw = _networkModel.getNetwork(nwId);
if (nw != null && nw.getTrafficType() == TrafficType.Public) {
overlapped = true;
}
}
}
if (overlapped) {
throw new InvalidParameterValueException("The IP range with tag: " + vlan.getVlanTag() + " in zone " + zone.getName() + " has overlapped with the subnet. Please specify a different gateway/netmask.");
}
} else {
final String[] otherVlanIpRange = vlan.getIpRange().split("\\-");
final String otherVlanStartIP = otherVlanIpRange[0];
String otherVlanEndIP = null;
if (otherVlanIpRange.length > 1) {
otherVlanEndIP = otherVlanIpRange[1];
}
// extend IP range
if (!vlanGateway.equals(otherVlanGateway) || !vlanNetmask.equals(vlan.getVlanNetmask())) {
throw new InvalidParameterValueException("The IP range has already been added with gateway " + otherVlanGateway + " ,and netmask " + otherVlanNetmask + ", Please specify the gateway/netmask if you want to extend ip range");
}
if (!NetUtils.is31PrefixCidr(newCidr)) {
if (NetUtils.ipRangesOverlap(startIP, endIP, otherVlanStartIP, otherVlanEndIP)) {
throw new InvalidParameterValueException("The IP range already has IPs that overlap with the new range." + " Please specify a different start IP/end IP.");
}
}
}
}
}
String ipv6Range = null;
if (ipv6) {
ipv6Range = startIPv6;
if (endIPv6 != null) {
ipv6Range += "-" + endIPv6;
}
final List<VlanVO> vlans = _vlanDao.listByZone(zone.getId());
for (final VlanVO vlan : vlans) {
if (vlan.getIp6Gateway() == null) {
continue;
}
if (NetUtils.isSameIsolationId(vlanId, vlan.getVlanTag())) {
if (NetUtils.isIp6RangeOverlap(ipv6Range, vlan.getIp6Range())) {
throw new InvalidParameterValueException("The IPv6 range with tag: " + vlan.getVlanTag() + " already has IPs that overlap with the new range. Please specify a different start IP/end IP.");
}
if (!vlanIp6Gateway.equals(vlan.getIp6Gateway())) {
throw new InvalidParameterValueException("The IP range with tag: " + vlan.getVlanTag() + " has already been added with gateway " + vlan.getIp6Gateway() + ". Please specify a different tag.");
}
}
}
}
// Check if the vlan is being used
if (_zoneDao.findVnet(zoneId, physicalNetworkId, vlanId).size() > 0) {
throw new InvalidParameterValueException("The VLAN tag " + vlanId + " is already being used for dynamic vlan allocation for the guest network in zone " + zone.getName());
}
String ipRange = null;
if (ipv4) {
ipRange = startIP;
if (endIP != null) {
ipRange += "-" + endIP;
}
}
// Everything was fine, so persist the VLAN
final VlanVO vlan = commitVlanAndIpRange(zoneId, networkId, physicalNetworkId, podId, startIP, endIP, vlanGateway, vlanNetmask, vlanId, domain, vlanOwner, vlanIp6Gateway, vlanIp6Cidr, ipv4, zone, vlanType, ipv6Range, ipRange);
return vlan;
}
use of com.cloud.legacymodel.network.Network in project cosmic by MissionCriticalCloud.
the class ConsoleProxyManagerImpl method createProxyInstance.
protected Map<String, Object> createProxyInstance(final long dataCenterId, final VMTemplateVO template) throws ConcurrentOperationException {
final long id = this._consoleProxyDao.getNextInSequence(Long.class, "id");
final String name = VirtualMachineName.getConsoleProxyName(id, this._instance);
final Zone zone = this.zoneRepository.findById(dataCenterId).orElse(null);
final Account systemAcct = this._accountMgr.getSystemAccount();
final DataCenterDeployment plan = new DataCenterDeployment(dataCenterId);
final NetworkVO defaultNetwork = getDefaultNetworkForCreation(zone);
final List<? extends NetworkOffering> offerings = this._networkModel.getSystemAccountNetworkOfferings(NetworkOffering.SystemControlNetwork, NetworkOffering.SystemManagementNetwork);
final LinkedHashMap<Network, List<? extends NicProfile>> networks = new LinkedHashMap<>(offerings.size() + 1);
final NicProfile defaultNic = new NicProfile();
defaultNic.setDefaultNic(true);
networks.put(this._networkMgr.setupNetwork(systemAcct, this._networkOfferingDao.findById(defaultNetwork.getNetworkOfferingId()), plan, null, null, false).get(0), new ArrayList<>(Arrays.asList(defaultNic)));
for (final NetworkOffering offering : offerings) {
networks.put(this._networkMgr.setupNetwork(systemAcct, offering, plan, null, null, false).get(0), new ArrayList<>());
}
ServiceOfferingVO serviceOffering = this._serviceOffering;
if (serviceOffering == null) {
serviceOffering = this._offeringDao.findDefaultSystemOffering(ServiceOffering.consoleProxyDefaultOffUniqueName, ConfigurationManagerImpl.SystemVMUseLocalStorage.valueIn(dataCenterId));
}
ConsoleProxyVO proxy = new ConsoleProxyVO(id, serviceOffering.getId(), name, template.getId(), template.getHypervisorType(), template.getGuestOSId(), dataCenterId, systemAcct.getDomainId(), systemAcct.getId(), this._accountMgr.getSystemUser().getId(), 0, serviceOffering.getOfferHA(), template.getOptimiseFor(), template.getManufacturerString(), template.getCpuFlags(), template.getMacLearning(), false, template.getMaintenancePolicy());
proxy.setDynamicallyScalable(template.isDynamicallyScalable());
proxy = this._consoleProxyDao.persist(proxy);
try {
this._itMgr.allocate(name, template, serviceOffering, networks, plan, null);
} catch (final InsufficientCapacityException e) {
logger.warn("InsufficientCapacity", e);
throw new CloudRuntimeException("Insufficient capacity exception", e);
}
final Map<String, Object> context = new HashMap<>();
context.put("dc", zone);
final HostPodVO pod = this._podDao.findById(proxy.getPodIdToDeployIn());
context.put("pod", pod);
context.put("proxyVmId", proxy.getId());
return context;
}
use of com.cloud.legacymodel.network.Network in project cosmic by MissionCriticalCloud.
the class VpcManagerImpl method createVpcGuestNetwork.
@DB
@Override
public Network createVpcGuestNetwork(final long ntwkOffId, final String name, final String displayText, final String gateway, final String cidr, final String vlanId, String networkDomain, final Account owner, final Long domainId, final PhysicalNetwork pNtwk, final long zoneId, final ACLType aclType, final Boolean subdomainAccess, final long vpcId, final Long aclId, final Account caller, final Boolean isDisplayNetworkEnabled, final String dns1, final String dns2, final String ipExclusionList, final String dhcpTftpServer, final String dhcpBootfileName) throws ConcurrentOperationException, InsufficientCapacityException, ResourceAllocationException {
final Vpc vpc = getActiveVpc(vpcId);
if (vpc == null) {
final InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find Enabled VPC ");
ex.addProxyObject(String.valueOf(vpcId), "VPC");
throw ex;
}
_accountMgr.checkAccess(caller, null, false, vpc);
if (networkDomain == null) {
networkDomain = vpc.getNetworkDomain();
}
// 1) Validate if network can be created for VPC
validateNtwkOffForNtwkInVpc(null, ntwkOffId, cidr, networkDomain, vpc, gateway, owner, aclId);
// 2) Create network
final Network guestNetwork = _ntwkMgr.createGuestNetwork(ntwkOffId, name, displayText, gateway, cidr, vlanId, networkDomain, owner, domainId, pNtwk, zoneId, aclType, subdomainAccess, vpcId, null, null, isDisplayNetworkEnabled, null, dns1, dns2, ipExclusionList, dhcpTftpServer, dhcpBootfileName);
if (guestNetwork != null) {
guestNetwork.setNetworkACLId(aclId);
_ntwkDao.update(guestNetwork.getId(), (NetworkVO) guestNetwork);
}
return guestNetwork;
}
use of com.cloud.legacymodel.network.Network in project cosmic by MissionCriticalCloud.
the class RemoteAccessVpnManagerImpl method createRemoteAccessVpn.
@Override
@DB
public RemoteAccessVpn createRemoteAccessVpn(final long publicIpId, String ipRange, boolean openFirewall, final Boolean forDisplay) throws NetworkRuleConflictException {
final CallContext ctx = CallContext.current();
final Account caller = ctx.getCallingAccount();
final Long networkId;
// make sure ip address exists
final PublicIpAddress ipAddr = _networkMgr.getPublicIpAddress(publicIpId);
if (ipAddr == null) {
throw new InvalidParameterValueException("Unable to create remote access vpn, invalid public IP address id" + publicIpId);
}
_accountMgr.checkAccess(caller, null, true, ipAddr);
if (!ipAddr.readyToUse()) {
throw new InvalidParameterValueException("The Ip address is not ready to be used yet: " + ipAddr.getAddress());
}
final IPAddressVO ipAddress = _ipAddressDao.findById(publicIpId);
networkId = ipAddress.getAssociatedWithNetworkId();
if (networkId != null) {
_networkMgr.checkIpForService(ipAddress, Service.Vpn, null);
}
final Long vpcId = ipAddress.getVpcId();
/* IP Address used for VPC must be the source NAT IP of whole VPC */
if (vpcId != null && ipAddress.isSourceNat()) {
assert networkId == null;
// No firewall setting for VPC, it would be open internally
openFirewall = false;
}
final boolean openFirewallFinal = openFirewall;
if (networkId == null && vpcId == null) {
throw new InvalidParameterValueException("Unable to create remote access vpn for the ipAddress: " + ipAddr.getAddress().addr() + " as ip is not associated with any network or VPC");
}
RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByPublicIpAddress(publicIpId);
if (vpnVO != null) {
// if vpn is in Added state, return it to the api
if (vpnVO.getState() == RemoteAccessVpn.State.Added) {
return vpnVO;
}
throw new InvalidParameterValueException("A Remote Access VPN already exists for this public Ip address");
}
if (ipRange == null) {
ipRange = RemoteAccessVpnClientIpRange.valueIn(ipAddr.getAccountId());
}
final String[] range = ipRange.split("-");
if (range.length != 2) {
throw new InvalidParameterValueException("Invalid ip range");
}
if (!NetUtils.isValidIp4(range[0]) || !NetUtils.isValidIp4(range[1])) {
throw new InvalidParameterValueException("Invalid ip in range specification " + ipRange);
}
if (!NetUtils.validIpRange(range[0], range[1])) {
throw new InvalidParameterValueException("Invalid ip range " + ipRange);
}
final Pair<String, Integer> cidr;
// TODO: assumes one virtual network / domr per account per zone
if (networkId != null) {
vpnVO = _remoteAccessVpnDao.findByAccountAndNetwork(ipAddr.getAccountId(), networkId);
if (vpnVO != null) {
// if vpn is in Added state, return it to the api
if (vpnVO.getState() == RemoteAccessVpn.State.Added) {
return vpnVO;
}
throw new InvalidParameterValueException("A Remote Access VPN already exists for this account");
}
// Verify that vpn service is enabled for the network
final Network network = _networkMgr.getNetwork(networkId);
if (!_networkMgr.areServicesSupportedInNetwork(network.getId(), Service.Vpn)) {
throw new InvalidParameterValueException("Vpn service is not supported in network id=" + ipAddr.getAssociatedWithNetworkId());
}
cidr = NetUtils.getCidr(network.getCidr());
} else {
// Don't need to check VPC because there is only one IP(source NAT IP) available for VPN
final Vpc vpc = _vpcDao.findById(vpcId);
cidr = NetUtils.getCidr(vpc.getCidr());
}
// FIXME: This check won't work for the case where the guest ip range
// changes depending on the vlan allocated.
final String[] guestIpRange = NetUtils.getIpRangeFromCidr(cidr.first(), cidr.second());
if (NetUtils.ipRangesOverlap(range[0], range[1], guestIpRange[0], guestIpRange[1])) {
throw new InvalidParameterValueException("Invalid ip range: " + ipRange + " overlaps with guest ip range " + guestIpRange[0] + "-" + guestIpRange[1]);
}
// TODO: check sufficient range
// TODO: check overlap with private and public ip ranges in datacenter
long startIp = NetUtils.ip2Long(range[0]);
final String newIpRange = NetUtils.long2Ip(++startIp) + "-" + range[1];
final String sharedSecret = PasswordGenerator.generatePresharedKey(_pskLength);
return Transaction.execute(new TransactionCallbackWithException<RemoteAccessVpn, NetworkRuleConflictException>() {
@Override
public RemoteAccessVpn doInTransaction(final TransactionStatus status) throws NetworkRuleConflictException {
if (vpcId == null) {
_rulesMgr.reservePorts(ipAddr, NetUtils.UDP_PROTO, Purpose.Vpn, openFirewallFinal, caller, NetUtils.VPN_PORT, NetUtils.VPN_L2TP_PORT, NetUtils.VPN_NATT_PORT);
}
final RemoteAccessVpnVO vpnVO = new RemoteAccessVpnVO(ipAddr.getAccountId(), ipAddr.getDomainId(), ipAddr.getAssociatedWithNetworkId(), publicIpId, vpcId, range[0], newIpRange, sharedSecret);
if (forDisplay != null) {
vpnVO.setDisplay(forDisplay);
}
return _remoteAccessVpnDao.persist(vpnVO);
}
});
}
use of com.cloud.legacymodel.network.Network in project cosmic by MissionCriticalCloud.
the class AdvancedNetworkVisitor method visit.
@Override
public boolean visit(final NetworkAclsRules acls) throws ResourceUnavailableException {
final VirtualRouter router = acls.getRouter();
final Network network = acls.getNetwork();
final Commands commands = new Commands(Command.OnError.Continue);
final List<? extends NetworkACLItem> rules = acls.getRules();
_commandSetupHelper.createNetworkACLsCommands(rules, router, commands, network.getId(), acls.isPrivateGateway());
return _networkGeneralHelper.sendCommandsToRouter(router, commands);
}
Aggregations