use of com.cloud.legacymodel.network.StaticNatRule in project cosmic by MissionCriticalCloud.
the class RulesManagerImpl method createStaticNatRule.
@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "creating static nat rule", create = true)
public StaticNatRule createStaticNatRule(final StaticNatRule rule, final boolean openFirewall) throws NetworkRuleConflictException {
final Account caller = CallContext.current().getCallingAccount();
final Long ipAddrId = rule.getSourceIpAddressId();
final IPAddressVO ipAddress = _ipAddressDao.findById(ipAddrId);
// Validate ip address
if (ipAddress == null) {
throw new InvalidParameterValueException("Unable to create static nat rule; ip id=" + ipAddrId + " doesn't exist in the system");
} else if (ipAddress.isSourceNat() || !ipAddress.isOneToOneNat() || ipAddress.getAssociatedWithVmId() == null) {
throw new NetworkRuleConflictException("Can't do static nat on ip address: " + ipAddress.getAddress());
}
_firewallMgr.validateFirewallRule(caller, ipAddress, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), Purpose.StaticNat, FirewallRuleType.User, null, rule.getTrafficType());
final Long networkId = ipAddress.getAssociatedWithNetworkId();
final Long accountId = ipAddress.getAllocatedToAccountId();
final Long domainId = ipAddress.getAllocatedInDomainId();
_networkModel.checkIpForService(ipAddress, Service.StaticNat, null);
final Network network = _networkModel.getNetwork(networkId);
final NetworkOffering off = _entityMgr.findById(NetworkOffering.class, network.getNetworkOfferingId());
if (off.getElasticIp()) {
throw new InvalidParameterValueException("Can't create ip forwarding rules for the network where elasticIP service is enabled");
}
// String dstIp = _networkModel.getIpInNetwork(ipAddress.getAssociatedWithVmId(), networkId);
final String dstIp = ipAddress.getVmIp();
return Transaction.execute(new TransactionCallbackWithException<StaticNatRule, NetworkRuleConflictException>() {
@Override
public StaticNatRule doInTransaction(final TransactionStatus status) throws NetworkRuleConflictException {
FirewallRuleVO newRule = new FirewallRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol().toLowerCase(), networkId, accountId, domainId, rule.getPurpose(), null, null, null, null, null);
newRule = _firewallDao.persist(newRule);
// create firewallRule for 0.0.0.0/0 cidr
if (openFirewall) {
_firewallMgr.createRuleForAllCidrs(ipAddrId, caller, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), null, null, newRule.getId(), networkId);
}
try {
_firewallMgr.detectRulesConflict(newRule);
if (!_firewallDao.setStateToAdd(newRule)) {
throw new CloudRuntimeException("Unable to update the state to add for " + newRule);
}
CallContext.current().setEventDetails("Rule Id: " + newRule.getId());
final StaticNatRule staticNatRule = new StaticNatRuleImpl(newRule, dstIp);
return staticNatRule;
} catch (final Exception e) {
if (newRule != null) {
// no need to apply the rule as it wasn't programmed on the backend yet
_firewallMgr.revokeRelatedFirewallRule(newRule.getId(), false);
_firewallMgr.removeRule(newRule);
}
if (e instanceof NetworkRuleConflictException) {
throw (NetworkRuleConflictException) e;
}
throw new CloudRuntimeException("Unable to add static nat rule for the ip id=" + newRule.getSourceIpAddressId(), e);
}
}
});
}
use of com.cloud.legacymodel.network.StaticNatRule in project cosmic by MissionCriticalCloud.
the class CreateIpForwardingRuleCmd method create.
@Override
public void create() {
// cidr list parameter is deprecated
if (cidrlist != null) {
throw new InvalidParameterValueException("Parameter cidrList is deprecated; if you need to open firewall rule for the specific CIDR, please refer to createFirewallRule command");
}
try {
final StaticNatRule rule = _rulesService.createStaticNatRule(this, getOpenFirewall());
setEntityId(rule.getId());
setEntityUuid(rule.getUuid());
} catch (final NetworkRuleConflictException e) {
s_logger.info("Unable to create static NAT rule due to ", e);
throw new ServerApiException(ApiErrorCode.NETWORK_RULE_CONFLICT_ERROR, e.getMessage());
}
}
use of com.cloud.legacymodel.network.StaticNatRule in project cosmic by MissionCriticalCloud.
the class BasicNetworkVisitor method visit.
@Override
public boolean visit(final FirewallRules firewall) throws ResourceUnavailableException {
final Network network = firewall.getNetwork();
final DomainRouterVO router = (DomainRouterVO) firewall.getRouter();
final List<? extends FirewallRule> rules = firewall.getRules();
final List<LoadBalancingRule> loadbalancingRules = firewall.getLoadbalancingRules();
final Purpose purpose = firewall.getPurpose();
final Commands cmds = new Commands(Command.OnError.Continue);
_commandSetupHelper.createPublicIpACLsCommands(router, cmds);
if (purpose == Purpose.LoadBalancing) {
_commandSetupHelper.createApplyLoadBalancingRulesCommands(loadbalancingRules, router, cmds, network.getId());
return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
} else if (purpose == Purpose.PortForwarding) {
_commandSetupHelper.createApplyPortForwardingRulesCommands((List<? extends PortForwardingRule>) rules, router, cmds, network.getId());
return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
} else if (purpose == Purpose.StaticNat) {
_commandSetupHelper.createApplyStaticNatRulesCommands((List<StaticNatRule>) rules, router, cmds, network.getId());
return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
} else if (purpose == Purpose.Firewall) {
_commandSetupHelper.createApplyFirewallRulesCommands(rules, router, cmds, network.getId());
return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
}
s_logger.warn("Unable to apply rules of purpose: " + rules.get(0).getPurpose());
return false;
}
use of com.cloud.legacymodel.network.StaticNatRule in project cosmic by MissionCriticalCloud.
the class RulesManagerImpl method applyStaticNatRulesForIp.
protected boolean applyStaticNatRulesForIp(final long sourceIpId, final boolean continueOnError, final Account caller, final boolean forRevoke) {
final List<? extends FirewallRule> rules = _firewallDao.listByIpAndPurpose(sourceIpId, Purpose.StaticNat);
final List<StaticNatRule> staticNatRules = new ArrayList<>();
if (rules.size() == 0) {
s_logger.debug("There are no static nat rules to apply for ip id=" + sourceIpId);
return true;
}
for (final FirewallRule rule : rules) {
staticNatRules.add(buildStaticNatRule(rule, forRevoke));
}
if (caller != null) {
_accountMgr.checkAccess(caller, null, true, staticNatRules.toArray(new StaticNatRule[staticNatRules.size()]));
}
try {
if (!_firewallMgr.applyRules(staticNatRules, continueOnError, true)) {
return false;
}
} catch (final ResourceUnavailableException ex) {
s_logger.warn("Failed to apply static nat rules for ip due to ", ex);
return false;
}
return true;
}
Aggregations