Search in sources :

Example 6 with PortForwardingRule

use of com.cloud.legacymodel.network.PortForwardingRule in project cosmic by MissionCriticalCloud.

the class VirtualNetworkApplianceManagerImpl method finalizeNetworkRulesForNetwork.

protected void finalizeNetworkRulesForNetwork(final Commands cmds, final DomainRouterVO router, final Provider provider, final Long guestNetworkId) {
    s_logger.debug("Resending ipAssoc, port forwarding, load balancing rules as a part of Virtual router start");
    final ArrayList<? extends PublicIpAddress> publicIps = getPublicIpsToApply(router, provider, guestNetworkId);
    final List<FirewallRule> firewallRulesEgress = new ArrayList<>();
    // Fetch firewall Egress rules.
    if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) {
        firewallRulesEgress.addAll(_rulesDao.listByNetworkPurposeTrafficType(guestNetworkId, Purpose.Firewall, FirewallRule.TrafficType.Egress));
        if (firewallRulesEgress.isEmpty()) {
            // create egress default rule for VR
            createDefaultEgressFirewallRule(firewallRulesEgress, guestNetworkId);
        }
    }
    // Re-apply firewall Egress rules
    s_logger.debug("Found " + firewallRulesEgress.size() + " firewall Egress rule(s) to apply as a part of domR " + router + " start.");
    if (!firewallRulesEgress.isEmpty()) {
        _commandSetupHelper.createFirewallRulesCommands(firewallRulesEgress, router, cmds, guestNetworkId);
    }
    if (publicIps != null && !publicIps.isEmpty()) {
        final List<PortForwardingRule> pfRules = new ArrayList<>();
        final List<FirewallRule> staticNatFirewallRules = new ArrayList<>();
        final List<StaticNat> staticNats = new ArrayList<>();
        final List<FirewallRule> firewallRulesIngress = new ArrayList<>();
        // StaticNatRules; PFVPN to reapply on domR start)
        for (final PublicIpAddress ip : publicIps) {
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.PortForwarding, provider)) {
                pfRules.addAll(_pfRulesDao.listForApplication(ip.getId()));
            }
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) {
                staticNatFirewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.StaticNat));
            }
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) {
                firewallRulesIngress.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.Firewall));
            }
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) {
                if (ip.isOneToOneNat()) {
                    final StaticNatImpl staticNat = new StaticNatImpl(ip.getAccountId(), ip.getDomainId(), guestNetworkId, ip.getId(), ip.getVmIp(), false);
                    staticNats.add(staticNat);
                }
            }
        }
        // Re-apply static nats
        s_logger.debug("Found " + staticNats.size() + " static nat(s) to apply as a part of domR " + router + " start.");
        if (!staticNats.isEmpty()) {
            _commandSetupHelper.createApplyStaticNatCommands(staticNats, router, cmds);
        }
        // Re-apply firewall Ingress rules
        s_logger.debug("Found " + firewallRulesIngress.size() + " firewall Ingress rule(s) to apply as a part of domR " + router + " start.");
        if (!firewallRulesIngress.isEmpty()) {
            _commandSetupHelper.createFirewallRulesCommands(firewallRulesIngress, router, cmds, guestNetworkId);
        }
        // Re-apply port forwarding rules
        s_logger.debug("Found " + pfRules.size() + " port forwarding rule(s) to apply as a part of domR " + router + " start.");
        if (!pfRules.isEmpty()) {
            _commandSetupHelper.createApplyPortForwardingRulesCommands(pfRules, router, cmds, guestNetworkId);
        }
        // Re-apply static nat rules
        s_logger.debug("Found " + staticNatFirewallRules.size() + " static nat rule(s) to apply as a part of domR " + router + " start.");
        if (!staticNatFirewallRules.isEmpty()) {
            final List<StaticNatRule> staticNatRules = new ArrayList<>();
            for (final FirewallRule rule : staticNatFirewallRules) {
                staticNatRules.add(_rulesMgr.buildStaticNatRule(rule, false));
            }
            _commandSetupHelper.createApplyStaticNatRulesCommands(staticNatRules, router, cmds, guestNetworkId);
        }
        final List<LoadBalancerVO> lbs = _loadBalancerDao.listByNetworkIdAndScheme(guestNetworkId, Scheme.Public);
        final List<LoadBalancingRule> lbRules = new ArrayList<>();
        if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Lb, provider)) {
            // Re-apply load balancing rules
            for (final LoadBalancerVO lb : lbs) {
                final List<LbDestination> dstList = _lbMgr.getExistingDestinations(lb.getId());
                final List<LbStickinessPolicy> policyList = _lbMgr.getStickinessPolicies(lb.getId());
                final List<LbHealthCheckPolicy> hcPolicyList = _lbMgr.getHealthCheckPolicies(lb.getId());
                final Ip sourceIp = _networkModel.getPublicIpAddress(lb.getSourceIpAddressId()).getAddress();
                final LbSslCert sslCert = _lbMgr.getLbSslCert(lb.getId());
                final LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList, policyList, hcPolicyList, sourceIp, sslCert, lb.getLbProtocol());
                lbRules.add(loadBalancing);
            }
        }
        s_logger.debug("Found " + lbRules.size() + " load balancing rule(s) to apply as a part of domR " + router + " start.");
        if (!lbRules.isEmpty()) {
            _commandSetupHelper.createApplyLoadBalancingRulesCommands(lbRules, router, cmds, guestNetworkId);
        }
    }
}
Also used : LbSslCert(com.cloud.legacymodel.network.LoadBalancingRule.LbSslCert) LoadBalancingRule(com.cloud.legacymodel.network.LoadBalancingRule) Ip(com.cloud.legacymodel.network.Ip) PublicIp(com.cloud.network.addr.PublicIp) ArrayList(java.util.ArrayList) LoadBalancerVO(com.cloud.network.dao.LoadBalancerVO) LbStickinessPolicy(com.cloud.legacymodel.network.LoadBalancingRule.LbStickinessPolicy) StaticNatRule(com.cloud.legacymodel.network.StaticNatRule) PortForwardingRule(com.cloud.legacymodel.network.PortForwardingRule) StaticNat(com.cloud.network.rules.StaticNat) LbDestination(com.cloud.legacymodel.network.LoadBalancingRule.LbDestination) PublicIpAddress(com.cloud.network.PublicIpAddress) StaticNatImpl(com.cloud.network.rules.StaticNatImpl) LbHealthCheckPolicy(com.cloud.legacymodel.network.LoadBalancingRule.LbHealthCheckPolicy) FirewallRule(com.cloud.legacymodel.network.FirewallRule)

Example 7 with PortForwardingRule

use of com.cloud.legacymodel.network.PortForwardingRule in project cosmic by MissionCriticalCloud.

the class CreatePortForwardingRuleCmd method execute.

// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
@Override
public void execute() throws ResourceUnavailableException {
    final CallContext callerContext = CallContext.current();
    boolean success = true;
    PortForwardingRule rule = null;
    try {
        CallContext.current().setEventDetails("Rule Id: " + getEntityId());
        if (getOpenFirewall()) {
            success = success && _firewallService.applyIngressFirewallRules(ipAddressId, callerContext.getCallingAccount());
        }
        success = success && _rulesService.applyPortForwardingRules(ipAddressId, callerContext.getCallingAccount());
        // State is different after the rule is applied, so get new object here
        rule = _entityMgr.findById(PortForwardingRule.class, getEntityId());
        FirewallRuleResponse fwResponse = new FirewallRuleResponse();
        if (rule != null) {
            fwResponse = _responseGenerator.createPortForwardingRuleResponse(rule);
            setResponseObject(fwResponse);
        }
        fwResponse.setResponseName(getCommandName());
    } finally {
        if (!success || rule == null) {
            if (getOpenFirewall()) {
                _firewallService.revokeRelatedFirewallRule(getEntityId(), true);
            }
            try {
                _rulesService.revokePortForwardingRule(getEntityId(), true);
            } catch (final Exception ex) {
            // Ignore e.g. failed to apply rules to device error
            }
            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to apply port forwarding rule");
        }
    }
}
Also used : ServerApiException(com.cloud.api.ServerApiException) CallContext(com.cloud.context.CallContext) PortForwardingRule(com.cloud.legacymodel.network.PortForwardingRule) FirewallRuleResponse(com.cloud.api.response.FirewallRuleResponse) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) ResourceUnavailableException(com.cloud.legacymodel.exceptions.ResourceUnavailableException) ServerApiException(com.cloud.api.ServerApiException) NetworkRuleConflictException(com.cloud.legacymodel.exceptions.NetworkRuleConflictException)

Example 8 with PortForwardingRule

use of com.cloud.legacymodel.network.PortForwardingRule in project cosmic by MissionCriticalCloud.

the class BasicNetworkVisitor method visit.

@Override
public boolean visit(final FirewallRules firewall) throws ResourceUnavailableException {
    final Network network = firewall.getNetwork();
    final DomainRouterVO router = (DomainRouterVO) firewall.getRouter();
    final List<? extends FirewallRule> rules = firewall.getRules();
    final List<LoadBalancingRule> loadbalancingRules = firewall.getLoadbalancingRules();
    final Purpose purpose = firewall.getPurpose();
    final Commands cmds = new Commands(Command.OnError.Continue);
    _commandSetupHelper.createPublicIpACLsCommands(router, cmds);
    if (purpose == Purpose.LoadBalancing) {
        _commandSetupHelper.createApplyLoadBalancingRulesCommands(loadbalancingRules, router, cmds, network.getId());
        return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
    } else if (purpose == Purpose.PortForwarding) {
        _commandSetupHelper.createApplyPortForwardingRulesCommands((List<? extends PortForwardingRule>) rules, router, cmds, network.getId());
        return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
    } else if (purpose == Purpose.StaticNat) {
        _commandSetupHelper.createApplyStaticNatRulesCommands((List<StaticNatRule>) rules, router, cmds, network.getId());
        return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
    } else if (purpose == Purpose.Firewall) {
        _commandSetupHelper.createApplyFirewallRulesCommands(rules, router, cmds, network.getId());
        return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
    }
    s_logger.warn("Unable to apply rules of purpose: " + rules.get(0).getPurpose());
    return false;
}
Also used : LoadBalancingRule(com.cloud.legacymodel.network.LoadBalancingRule) Network(com.cloud.legacymodel.network.Network) Commands(com.cloud.agent.manager.Commands) Purpose(com.cloud.legacymodel.network.FirewallRule.Purpose) List(java.util.List) StaticNatRule(com.cloud.legacymodel.network.StaticNatRule) PortForwardingRule(com.cloud.legacymodel.network.PortForwardingRule) DomainRouterVO(com.cloud.vm.DomainRouterVO)

Aggregations

PortForwardingRule (com.cloud.legacymodel.network.PortForwardingRule)8 ArrayList (java.util.ArrayList)4 FirewallRuleResponse (com.cloud.api.response.FirewallRuleResponse)3 PublicIpAddress (com.cloud.network.PublicIpAddress)3 ServerApiException (com.cloud.api.ServerApiException)2 InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)2 NetworkRuleConflictException (com.cloud.legacymodel.exceptions.NetworkRuleConflictException)2 Ip (com.cloud.legacymodel.network.Ip)2 LoadBalancingRule (com.cloud.legacymodel.network.LoadBalancingRule)2 StaticNatRule (com.cloud.legacymodel.network.StaticNatRule)2 PortForwardingRuleTO (com.cloud.legacymodel.to.PortForwardingRuleTO)2 IpAddress (com.cloud.network.IpAddress)2 List (java.util.List)2 Commands (com.cloud.agent.manager.Commands)1 ListResponse (com.cloud.api.response.ListResponse)1 CallContext (com.cloud.context.CallContext)1 Zone (com.cloud.db.model.Zone)1 HostVO (com.cloud.host.HostVO)1 ConfigurePortForwardingRulesOnLogicalRouterAnswer (com.cloud.legacymodel.communication.answer.ConfigurePortForwardingRulesOnLogicalRouterAnswer)1 ConfigurePortForwardingRulesOnLogicalRouterCommand (com.cloud.legacymodel.communication.command.ConfigurePortForwardingRulesOnLogicalRouterCommand)1