Search in sources :

Example 6 with Nic

use of com.cloud.legacymodel.network.Nic in project cosmic by MissionCriticalCloud.

the class RulesManagerImpl method enableStaticNat.

private boolean enableStaticNat(final long ipId, final long vmId, final long networkId, final boolean isSystemVm, final String vmGuestIp) throws NetworkRuleConflictException, ResourceUnavailableException {
    final CallContext ctx = CallContext.current();
    final Account caller = ctx.getCallingAccount();
    CallContext.current().setEventDetails("Ip Id: " + ipId);
    // Verify input parameters
    IPAddressVO ipAddress = _ipAddressDao.findById(ipId);
    if (ipAddress == null) {
        throw new InvalidParameterValueException("Unable to find ip address by id " + ipId);
    }
    // Verify input parameters
    boolean performedIpAssoc = false;
    final boolean isOneToOneNat = ipAddress.isOneToOneNat();
    final Long associatedWithVmId = ipAddress.getAssociatedWithVmId();
    final Nic guestNic;
    NicSecondaryIpVO nicSecIp = null;
    String dstIp = null;
    try {
        final Network network = _networkModel.getNetwork(networkId);
        if (network == null) {
            throw new InvalidParameterValueException("Unable to find network by id");
        }
        // Check that vm has a nic in the network
        guestNic = _networkModel.getNicInNetwork(vmId, networkId);
        if (guestNic == null) {
            throw new InvalidParameterValueException("Vm doesn't belong to the network with specified id");
        }
        dstIp = guestNic.getIPv4Address();
        if (!_networkModel.areServicesSupportedInNetwork(network.getId(), Service.StaticNat)) {
            throw new InvalidParameterValueException("Unable to create static nat rule; StaticNat service is not " + "supported in network with specified id");
        }
        if (!isSystemVm) {
            final UserVmVO vm = _vmDao.findById(vmId);
            if (vm == null) {
                throw new InvalidParameterValueException("Can't enable static nat for the address id=" + ipId + ", invalid virtual machine id specified (" + vmId + ").");
            }
            // associate ip address to network (if needed)
            if (ipAddress.getAssociatedWithNetworkId() == null) {
                final boolean assignToVpcNtwk = network.getVpcId() != null && ipAddress.getVpcId() != null && ipAddress.getVpcId().longValue() == network.getVpcId();
                if (assignToVpcNtwk) {
                    _networkModel.checkIpForService(ipAddress, Service.StaticNat, networkId);
                    s_logger.debug("The ip is not associated with the VPC network id=" + networkId + ", so assigning");
                    try {
                        ipAddress = _ipAddrMgr.associateIPToGuestNetwork(ipId, networkId, false);
                    } catch (final Exception ex) {
                        s_logger.warn("Failed to associate ip id=" + ipId + " to VPC network id=" + networkId + " as " + "a part of enable static nat");
                        return false;
                    }
                }
            } else if (ipAddress.getAssociatedWithNetworkId() != networkId) {
                throw new InvalidParameterValueException("Invalid network Id=" + networkId + ". IP is associated with" + " a different network than passed network id");
            } else {
                _networkModel.checkIpForService(ipAddress, Service.StaticNat, null);
            }
            if (ipAddress.getAssociatedWithNetworkId() == null) {
                throw new InvalidParameterValueException("Ip address " + ipAddress + " is not assigned to the network " + network);
            }
            // Check permissions
            if (ipAddress.getSystem()) {
                // when system is enabling static NAT on system IP's (for EIP) ignore VM state
                checkIpAndUserVm(ipAddress, vm, caller, true);
            } else {
                checkIpAndUserVm(ipAddress, vm, caller, false);
            }
            // dstIp = guestNic.getIp4Address();
            if (vmGuestIp != null) {
                if (!dstIp.equals(vmGuestIp)) {
                    // check whether the secondary ip set to the vm or not
                    final boolean secondaryIpSet = _networkMgr.isSecondaryIpSetForNic(guestNic.getId());
                    if (!secondaryIpSet) {
                        throw new InvalidParameterValueException("VM ip " + vmGuestIp + " address not belongs to the vm");
                    }
                    // check the ip belongs to the vm or not
                    nicSecIp = _nicSecondaryDao.findByIp4AddressAndNicId(vmGuestIp, guestNic.getId());
                    if (nicSecIp == null) {
                        throw new InvalidParameterValueException("VM ip " + vmGuestIp + " address not belongs to the vm");
                    }
                    dstIp = nicSecIp.getIp4Address();
                // Set public ip column with the vm ip
                }
            }
            // Verify ip address parameter
            // checking vm id is not sufficient, check for the vm ip
            isIpReadyForStaticNat(vmId, ipAddress, dstIp, caller, ctx.getCallingUserId());
        }
        ipAddress.setOneToOneNat(true);
        ipAddress.setAssociatedWithVmId(vmId);
        ipAddress.setVmIp(dstIp);
        if (_ipAddressDao.update(ipAddress.getId(), ipAddress)) {
            // enable static nat on the backend
            s_logger.trace("Enabling static nat for ip address " + ipAddress + " and vm id=" + vmId + " on the backend");
            if (applyStaticNatForIp(ipId, false, caller, false)) {
                // ignor unassignIPFromVpcNetwork in finally block
                performedIpAssoc = false;
                return true;
            } else {
                s_logger.warn("Failed to enable static nat rule for ip address " + ipId + " on the backend");
                ipAddress.setOneToOneNat(isOneToOneNat);
                ipAddress.setAssociatedWithVmId(associatedWithVmId);
                ipAddress.setVmIp(null);
                _ipAddressDao.update(ipAddress.getId(), ipAddress);
            }
        } else {
            s_logger.warn("Failed to update ip address " + ipAddress + " in the DB as a part of enableStaticNat");
        }
    } finally {
        if (performedIpAssoc) {
            // if the rule is the last one for the ip address assigned to VPC, unassign it from the network
            final IpAddress ip = _ipAddressDao.findById(ipAddress.getId());
            _vpcMgr.unassignIPFromVpcNetwork(ip.getId(), networkId);
        }
    }
    return false;
}
Also used : Account(com.cloud.legacymodel.user.Account) UserVmVO(com.cloud.vm.UserVmVO) Nic(com.cloud.legacymodel.network.Nic) CallContext(com.cloud.context.CallContext) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) TransactionCallbackWithException(com.cloud.utils.db.TransactionCallbackWithException) NetworkRuleConflictException(com.cloud.legacymodel.exceptions.NetworkRuleConflictException) ResourceUnavailableException(com.cloud.legacymodel.exceptions.ResourceUnavailableException) CloudRuntimeException(com.cloud.legacymodel.exceptions.CloudRuntimeException) InsufficientAddressCapacityException(com.cloud.legacymodel.exceptions.InsufficientAddressCapacityException) NicSecondaryIpVO(com.cloud.vm.dao.NicSecondaryIpVO) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) Network(com.cloud.legacymodel.network.Network) IPAddressVO(com.cloud.network.dao.IPAddressVO) IpAddress(com.cloud.network.IpAddress)

Example 7 with Nic

use of com.cloud.legacymodel.network.Nic in project cosmic by MissionCriticalCloud.

the class RulesManagerImpl method getSystemIpAndEnableStaticNatForVm.

@Override
public void getSystemIpAndEnableStaticNatForVm(final VirtualMachine vm, final boolean getNewIp) throws InsufficientAddressCapacityException {
    boolean success = true;
    // enable static nat if eIp capability is supported
    final List<? extends Nic> nics = _nicDao.listByVmId(vm.getId());
    for (final Nic nic : nics) {
        final Network guestNetwork = _networkModel.getNetwork(nic.getNetworkId());
        final NetworkOffering offering = _entityMgr.findById(NetworkOffering.class, guestNetwork.getNetworkOfferingId());
        if (offering.getElasticIp()) {
            final boolean isSystemVM = (vm.getType() == VirtualMachineType.ConsoleProxy || vm.getType() == VirtualMachineType.SecondaryStorageVm);
            // for user VM's associate public IP only if offering is marked to associate a public IP by default on start of VM
            if (!isSystemVM && !offering.getAssociatePublicIP()) {
                continue;
            }
            // check if there is already static nat enabled
            if (_ipAddressDao.findByAssociatedVmId(vm.getId()) != null && !getNewIp) {
                s_logger.debug("Vm " + vm + " already has ip associated with it in guest network " + guestNetwork);
                continue;
            }
            s_logger.debug("Allocating system ip and enabling static nat for it for the vm " + vm + " in guest network " + guestNetwork);
            final IpAddress ip = _ipAddrMgr.assignSystemIp(guestNetwork.getId(), _accountMgr.getAccount(vm.getAccountId()), false, true);
            if (ip == null) {
                throw new CloudRuntimeException("Failed to allocate system ip for vm " + vm + " in guest network " + guestNetwork);
            }
            s_logger.debug("Allocated system ip " + ip + ", now enabling static nat on it for vm " + vm);
            try {
                success = enableStaticNat(ip.getId(), vm.getId(), guestNetwork.getId(), isSystemVM, null);
            } catch (final NetworkRuleConflictException ex) {
                s_logger.warn("Failed to enable static nat as a part of enabling elasticIp and staticNat for vm " + vm + " in guest network " + guestNetwork + " due to exception ", ex);
                success = false;
            } catch (final ResourceUnavailableException ex) {
                s_logger.warn("Failed to enable static nat as a part of enabling elasticIp and staticNat for vm " + vm + " in guest network " + guestNetwork + " due to exception ", ex);
                success = false;
            }
            if (!success) {
                s_logger.warn("Failed to enable static nat on system ip " + ip + " for the vm " + vm + ", releasing the ip...");
                _ipAddrMgr.handleSystemIpRelease(ip);
                throw new CloudRuntimeException("Failed to enable static nat on system ip for the vm " + vm);
            } else {
                s_logger.warn("Succesfully enabled static nat on system ip " + ip + " for the vm " + vm);
            }
        }
    }
}
Also used : NetworkOffering(com.cloud.offering.NetworkOffering) CloudRuntimeException(com.cloud.legacymodel.exceptions.CloudRuntimeException) Network(com.cloud.legacymodel.network.Network) ResourceUnavailableException(com.cloud.legacymodel.exceptions.ResourceUnavailableException) Nic(com.cloud.legacymodel.network.Nic) IpAddress(com.cloud.network.IpAddress) NetworkRuleConflictException(com.cloud.legacymodel.exceptions.NetworkRuleConflictException)

Example 8 with Nic

use of com.cloud.legacymodel.network.Nic in project cosmic by MissionCriticalCloud.

the class RulesManagerImpl method createPortForwardingRule.

@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "creating forwarding rule", create = true)
public PortForwardingRule createPortForwardingRule(final PortForwardingRule rule, final Long vmId, final Ip vmIp, final boolean openFirewall, final Boolean forDisplay) throws NetworkRuleConflictException {
    final CallContext ctx = CallContext.current();
    final Account caller = ctx.getCallingAccount();
    final Long ipAddrId = rule.getSourceIpAddressId();
    IPAddressVO ipAddress = _ipAddressDao.findById(ipAddrId);
    // Validate ip address
    if (ipAddress == null) {
        throw new InvalidParameterValueException("Unable to create port forwarding rule; ip id=" + ipAddrId + " doesn't exist in the system");
    } else if (ipAddress.isOneToOneNat()) {
        throw new InvalidParameterValueException("Unable to create port forwarding rule; ip id=" + ipAddrId + " has static nat enabled");
    }
    final Long networkId = rule.getNetworkId();
    final Network network = _networkModel.getNetwork(networkId);
    // associate ip address to network (if needed)
    boolean performedIpAssoc = false;
    final Nic guestNic;
    if (ipAddress.getAssociatedWithNetworkId() == null) {
        final boolean assignToVpcNtwk = network.getVpcId() != null && ipAddress.getVpcId() != null && ipAddress.getVpcId().longValue() == network.getVpcId();
        if (assignToVpcNtwk) {
            _networkModel.checkIpForService(ipAddress, Service.PortForwarding, networkId);
            s_logger.debug("The ip is not associated with the VPC network id=" + networkId + ", so assigning");
            try {
                ipAddress = _ipAddrMgr.associateIPToGuestNetwork(ipAddrId, networkId, false);
                performedIpAssoc = true;
            } catch (final Exception ex) {
                throw new CloudRuntimeException("Failed to associate ip to VPC network as " + "a part of port forwarding rule creation");
            }
        }
    } else {
        _networkModel.checkIpForService(ipAddress, Service.PortForwarding, null);
    }
    if (ipAddress.getAssociatedWithNetworkId() == null) {
        throw new InvalidParameterValueException("Ip address " + ipAddress + " is not assigned to the network " + network);
    }
    try {
        _firewallMgr.validateFirewallRule(caller, ipAddress, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), Purpose.PortForwarding, FirewallRuleType.User, networkId, rule.getTrafficType());
        final Long accountId = ipAddress.getAllocatedToAccountId();
        final Long domainId = ipAddress.getAllocatedInDomainId();
        // start port can't be bigger than end port
        if (rule.getDestinationPortStart() > rule.getDestinationPortEnd()) {
            throw new InvalidParameterValueException("Start port can't be bigger than end port");
        }
        // check that the port ranges are of equal size
        if ((rule.getDestinationPortEnd() - rule.getDestinationPortStart()) != (rule.getSourcePortEnd() - rule.getSourcePortStart())) {
            throw new InvalidParameterValueException("Source port and destination port ranges should be of equal sizes.");
        }
        // validate user VM exists
        final UserVm vm = _vmDao.findById(vmId);
        if (vm == null) {
            throw new InvalidParameterValueException("Unable to create port forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + vmId + ").");
        } else if (vm.getState() == VirtualMachine.State.Destroyed || vm.getState() == VirtualMachine.State.Expunging) {
            throw new InvalidParameterValueException("Invalid user vm: " + vm.getId());
        }
        // Verify that vm has nic in the network
        Ip dstIp = rule.getDestinationIpAddress();
        guestNic = _networkModel.getNicInNetwork(vmId, networkId);
        if (guestNic == null || guestNic.getIPv4Address() == null) {
            throw new InvalidParameterValueException("Vm doesn't belong to network associated with ipAddress");
        } else {
            dstIp = new Ip(NetUtils.ip2Long(guestNic.getIPv4Address()));
        }
        if (vmIp != null) {
            // vm ip is passed so it can be primary or secondary ip addreess.
            if (!dstIp.equals(vmIp)) {
                // the vm ip is secondary ip to the nic.
                // is vmIp is secondary ip or not
                final NicSecondaryIp secondaryIp = _nicSecondaryDao.findByIp4AddressAndNicId(vmIp.toString(), guestNic.getId());
                if (secondaryIp == null) {
                    throw new InvalidParameterValueException("IP Address is not in the VM nic's network ");
                }
                dstIp = vmIp;
            }
        }
        // if start port and end port are passed in, and they are not equal to each other, perform the validation
        boolean validatePortRange = false;
        if (rule.getSourcePortStart().intValue() != rule.getSourcePortEnd().intValue() || rule.getDestinationPortStart() != rule.getDestinationPortEnd()) {
            validatePortRange = true;
        }
        if (validatePortRange) {
            // source start port and source dest port should be the same. The same applies to dest ports
            if (rule.getSourcePortStart().intValue() != rule.getDestinationPortStart()) {
                throw new InvalidParameterValueException("Private port start should be equal to public port start");
            }
            if (rule.getSourcePortEnd().intValue() != rule.getDestinationPortEnd()) {
                throw new InvalidParameterValueException("Private port end should be equal to public port end");
            }
        }
        final Ip dstIpFinal = dstIp;
        final IPAddressVO ipAddressFinal = ipAddress;
        return Transaction.execute(new TransactionCallbackWithException<PortForwardingRuleVO, NetworkRuleConflictException>() {

            @Override
            public PortForwardingRuleVO doInTransaction(final TransactionStatus status) throws NetworkRuleConflictException {
                PortForwardingRuleVO newRule = new PortForwardingRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), dstIpFinal, rule.getDestinationPortStart(), rule.getDestinationPortEnd(), rule.getProtocol().toLowerCase(), networkId, accountId, domainId, vmId);
                if (forDisplay != null) {
                    newRule.setDisplay(forDisplay);
                }
                newRule = _portForwardingDao.persist(newRule);
                // create firewallRule for 0.0.0.0/0 cidr
                if (openFirewall) {
                    _firewallMgr.createRuleForAllCidrs(ipAddrId, caller, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), null, null, newRule.getId(), networkId);
                }
                try {
                    _firewallMgr.detectRulesConflict(newRule);
                    if (!_firewallDao.setStateToAdd(newRule)) {
                        throw new CloudRuntimeException("Unable to update the state to add for " + newRule);
                    }
                    CallContext.current().setEventDetails("Rule Id: " + newRule.getId());
                    return newRule;
                } catch (final Exception e) {
                    if (newRule != null) {
                        // no need to apply the rule as it wasn't programmed on the backend yet
                        _firewallMgr.revokeRelatedFirewallRule(newRule.getId(), false);
                        removePFRule(newRule);
                    }
                    if (e instanceof NetworkRuleConflictException) {
                        throw (NetworkRuleConflictException) e;
                    }
                    throw new CloudRuntimeException("Unable to add rule for the ip id=" + ipAddrId, e);
                }
            }
        });
    } finally {
        // release ip address if ipassoc was perfored
        if (performedIpAssoc) {
            // if the rule is the last one for the ip address assigned to VPC, unassign it from the network
            final IpAddress ip = _ipAddressDao.findById(ipAddress.getId());
            _vpcMgr.unassignIPFromVpcNetwork(ip.getId(), networkId);
        }
    }
}
Also used : Account(com.cloud.legacymodel.user.Account) NicSecondaryIp(com.cloud.vm.NicSecondaryIp) Ip(com.cloud.legacymodel.network.Ip) NicSecondaryIp(com.cloud.vm.NicSecondaryIp) Nic(com.cloud.legacymodel.network.Nic) TransactionStatus(com.cloud.utils.db.TransactionStatus) CallContext(com.cloud.context.CallContext) NetworkRuleConflictException(com.cloud.legacymodel.exceptions.NetworkRuleConflictException) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) TransactionCallbackWithException(com.cloud.utils.db.TransactionCallbackWithException) NetworkRuleConflictException(com.cloud.legacymodel.exceptions.NetworkRuleConflictException) ResourceUnavailableException(com.cloud.legacymodel.exceptions.ResourceUnavailableException) CloudRuntimeException(com.cloud.legacymodel.exceptions.CloudRuntimeException) InsufficientAddressCapacityException(com.cloud.legacymodel.exceptions.InsufficientAddressCapacityException) UserVm(com.cloud.uservm.UserVm) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) CloudRuntimeException(com.cloud.legacymodel.exceptions.CloudRuntimeException) Network(com.cloud.legacymodel.network.Network) IPAddressVO(com.cloud.network.dao.IPAddressVO) IpAddress(com.cloud.network.IpAddress) ActionEvent(com.cloud.event.ActionEvent) DB(com.cloud.utils.db.DB)

Example 9 with Nic

use of com.cloud.legacymodel.network.Nic in project cosmic by MissionCriticalCloud.

the class ListNicsCmd method execute.

// ///////////////////////////////////////////////////
// ///////////// API Implementation///////////////////
// ///////////////////////////////////////////////////
@Override
public void execute() throws ResourceUnavailableException, ResourceAllocationException, ConcurrentOperationException, InsufficientCapacityException {
    try {
        final List<? extends Nic> results = _networkService.listNics(this);
        final ListResponse<NicResponse> response = new ListResponse<>();
        List<NicResponse> resList = null;
        if (results != null) {
            resList = new ArrayList<>(results.size());
            for (final Nic r : results) {
                final NicResponse resp = _responseGenerator.createNicResponse(r);
                resp.setObjectName("nic");
                resList.add(resp);
            }
            response.setResponses(resList);
        }
        response.setResponses(resList);
        response.setResponseName(getCommandName());
        this.setResponseObject(response);
    } catch (final Exception e) {
        s_logger.warn("Failed to list secondary ip address per nic ");
        throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.getMessage());
    }
}
Also used : ListResponse(com.cloud.api.response.ListResponse) ServerApiException(com.cloud.api.ServerApiException) Nic(com.cloud.legacymodel.network.Nic) ServerApiException(com.cloud.api.ServerApiException) InsufficientCapacityException(com.cloud.legacymodel.exceptions.InsufficientCapacityException) ResourceUnavailableException(com.cloud.legacymodel.exceptions.ResourceUnavailableException) ConcurrentOperationException(com.cloud.legacymodel.exceptions.ConcurrentOperationException) ResourceAllocationException(com.cloud.legacymodel.exceptions.ResourceAllocationException) NicResponse(com.cloud.api.response.NicResponse)

Example 10 with Nic

use of com.cloud.legacymodel.network.Nic in project cosmic by MissionCriticalCloud.

the class UserVmDomRInvestigator method isVmAlive.

@Override
public boolean isVmAlive(final VirtualMachine vm, final Host host) throws UnknownVM {
    if (vm.getType() != VirtualMachineType.User) {
        if (s_logger.isDebugEnabled()) {
            s_logger.debug("Not a User Vm, unable to determine state of " + vm + " returning null");
        }
        throw new UnknownVM();
    }
    if (s_logger.isDebugEnabled()) {
        s_logger.debug("testing if " + vm + " is alive");
    }
    // to verify that the VM is alive, we ask the domR (router) to ping the VM (private IP)
    final UserVmVO userVm = _userVmDao.findById(vm.getId());
    final List<? extends Nic> nics = _networkMgr.getNicsForTraffic(userVm.getId(), TrafficType.Guest);
    for (final Nic nic : nics) {
        if (nic.getIPv4Address() == null) {
            continue;
        }
        final List<VirtualRouter> routers = _vnaMgr.getRoutersForNetwork(nic.getNetworkId());
        if (routers == null || routers.isEmpty()) {
            if (s_logger.isDebugEnabled()) {
                s_logger.debug("Unable to find a router in network " + nic.getNetworkId() + " to ping " + vm);
            }
            continue;
        }
        Boolean result = null;
        for (final VirtualRouter router : routers) {
            result = testUserVM(vm, nic, router);
            if (result != null) {
                break;
            }
        }
        if (result == null) {
            continue;
        }
        return result;
    }
    if (s_logger.isDebugEnabled()) {
        s_logger.debug("Returning null since we're unable to determine state of " + vm);
    }
    throw new UnknownVM();
}
Also used : UserVmVO(com.cloud.vm.UserVmVO) Nic(com.cloud.legacymodel.network.Nic) VirtualRouter(com.cloud.legacymodel.network.VirtualRouter)

Aggregations

Nic (com.cloud.legacymodel.network.Nic)37 Network (com.cloud.legacymodel.network.Network)19 CloudRuntimeException (com.cloud.legacymodel.exceptions.CloudRuntimeException)17 ArrayList (java.util.ArrayList)13 InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)11 ResourceUnavailableException (com.cloud.legacymodel.exceptions.ResourceUnavailableException)11 NicProfile (com.cloud.vm.NicProfile)8 IPAddressVO (com.cloud.network.dao.IPAddressVO)7 DB (com.cloud.utils.db.DB)7 Zone (com.cloud.db.model.Zone)5 ConcurrentOperationException (com.cloud.legacymodel.exceptions.ConcurrentOperationException)5 InsufficientAddressCapacityException (com.cloud.legacymodel.exceptions.InsufficientAddressCapacityException)5 Ip (com.cloud.legacymodel.network.Ip)5 LoadBalancerVO (com.cloud.network.dao.LoadBalancerVO)5 UserVm (com.cloud.uservm.UserVm)5 DomainRouterVO (com.cloud.vm.DomainRouterVO)5 CallContext (com.cloud.context.CallContext)4 IpAddress (com.cloud.network.IpAddress)4 PublicIp (com.cloud.network.addr.PublicIp)4 NetworkVO (com.cloud.network.dao.NetworkVO)4