Search in sources :

Example 6 with StaticNatRule

use of com.cloud.legacymodel.network.StaticNatRule in project cosmic by MissionCriticalCloud.

the class RulesManagerImpl method createStaticNatRule.

@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "creating static nat rule", create = true)
public StaticNatRule createStaticNatRule(final StaticNatRule rule, final boolean openFirewall) throws NetworkRuleConflictException {
    final Account caller = CallContext.current().getCallingAccount();
    final Long ipAddrId = rule.getSourceIpAddressId();
    final IPAddressVO ipAddress = _ipAddressDao.findById(ipAddrId);
    // Validate ip address
    if (ipAddress == null) {
        throw new InvalidParameterValueException("Unable to create static nat rule; ip id=" + ipAddrId + " doesn't exist in the system");
    } else if (ipAddress.isSourceNat() || !ipAddress.isOneToOneNat() || ipAddress.getAssociatedWithVmId() == null) {
        throw new NetworkRuleConflictException("Can't do static nat on ip address: " + ipAddress.getAddress());
    }
    _firewallMgr.validateFirewallRule(caller, ipAddress, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), Purpose.StaticNat, FirewallRuleType.User, null, rule.getTrafficType());
    final Long networkId = ipAddress.getAssociatedWithNetworkId();
    final Long accountId = ipAddress.getAllocatedToAccountId();
    final Long domainId = ipAddress.getAllocatedInDomainId();
    _networkModel.checkIpForService(ipAddress, Service.StaticNat, null);
    final Network network = _networkModel.getNetwork(networkId);
    final NetworkOffering off = _entityMgr.findById(NetworkOffering.class, network.getNetworkOfferingId());
    if (off.getElasticIp()) {
        throw new InvalidParameterValueException("Can't create ip forwarding rules for the network where elasticIP service is enabled");
    }
    // String dstIp = _networkModel.getIpInNetwork(ipAddress.getAssociatedWithVmId(), networkId);
    final String dstIp = ipAddress.getVmIp();
    return Transaction.execute(new TransactionCallbackWithException<StaticNatRule, NetworkRuleConflictException>() {

        @Override
        public StaticNatRule doInTransaction(final TransactionStatus status) throws NetworkRuleConflictException {
            FirewallRuleVO newRule = new FirewallRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol().toLowerCase(), networkId, accountId, domainId, rule.getPurpose(), null, null, null, null, null);
            newRule = _firewallDao.persist(newRule);
            // create firewallRule for 0.0.0.0/0 cidr
            if (openFirewall) {
                _firewallMgr.createRuleForAllCidrs(ipAddrId, caller, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), null, null, newRule.getId(), networkId);
            }
            try {
                _firewallMgr.detectRulesConflict(newRule);
                if (!_firewallDao.setStateToAdd(newRule)) {
                    throw new CloudRuntimeException("Unable to update the state to add for " + newRule);
                }
                CallContext.current().setEventDetails("Rule Id: " + newRule.getId());
                final StaticNatRule staticNatRule = new StaticNatRuleImpl(newRule, dstIp);
                return staticNatRule;
            } catch (final Exception e) {
                if (newRule != null) {
                    // no need to apply the rule as it wasn't programmed on the backend yet
                    _firewallMgr.revokeRelatedFirewallRule(newRule.getId(), false);
                    _firewallMgr.removeRule(newRule);
                }
                if (e instanceof NetworkRuleConflictException) {
                    throw (NetworkRuleConflictException) e;
                }
                throw new CloudRuntimeException("Unable to add static nat rule for the ip id=" + newRule.getSourceIpAddressId(), e);
            }
        }
    });
}
Also used : Account(com.cloud.legacymodel.user.Account) NetworkOffering(com.cloud.offering.NetworkOffering) TransactionStatus(com.cloud.utils.db.TransactionStatus) StaticNatRule(com.cloud.legacymodel.network.StaticNatRule) NetworkRuleConflictException(com.cloud.legacymodel.exceptions.NetworkRuleConflictException) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) TransactionCallbackWithException(com.cloud.utils.db.TransactionCallbackWithException) NetworkRuleConflictException(com.cloud.legacymodel.exceptions.NetworkRuleConflictException) ResourceUnavailableException(com.cloud.legacymodel.exceptions.ResourceUnavailableException) CloudRuntimeException(com.cloud.legacymodel.exceptions.CloudRuntimeException) InsufficientAddressCapacityException(com.cloud.legacymodel.exceptions.InsufficientAddressCapacityException) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) CloudRuntimeException(com.cloud.legacymodel.exceptions.CloudRuntimeException) Network(com.cloud.legacymodel.network.Network) IPAddressVO(com.cloud.network.dao.IPAddressVO) ActionEvent(com.cloud.event.ActionEvent) DB(com.cloud.utils.db.DB)

Example 7 with StaticNatRule

use of com.cloud.legacymodel.network.StaticNatRule in project cosmic by MissionCriticalCloud.

the class CreateIpForwardingRuleCmd method create.

@Override
public void create() {
    // cidr list parameter is deprecated
    if (cidrlist != null) {
        throw new InvalidParameterValueException("Parameter cidrList is deprecated; if you need to open firewall rule for the specific CIDR, please refer to createFirewallRule command");
    }
    try {
        final StaticNatRule rule = _rulesService.createStaticNatRule(this, getOpenFirewall());
        setEntityId(rule.getId());
        setEntityUuid(rule.getUuid());
    } catch (final NetworkRuleConflictException e) {
        s_logger.info("Unable to create static NAT rule due to ", e);
        throw new ServerApiException(ApiErrorCode.NETWORK_RULE_CONFLICT_ERROR, e.getMessage());
    }
}
Also used : ServerApiException(com.cloud.api.ServerApiException) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) StaticNatRule(com.cloud.legacymodel.network.StaticNatRule) NetworkRuleConflictException(com.cloud.legacymodel.exceptions.NetworkRuleConflictException)

Example 8 with StaticNatRule

use of com.cloud.legacymodel.network.StaticNatRule in project cosmic by MissionCriticalCloud.

the class BasicNetworkVisitor method visit.

@Override
public boolean visit(final FirewallRules firewall) throws ResourceUnavailableException {
    final Network network = firewall.getNetwork();
    final DomainRouterVO router = (DomainRouterVO) firewall.getRouter();
    final List<? extends FirewallRule> rules = firewall.getRules();
    final List<LoadBalancingRule> loadbalancingRules = firewall.getLoadbalancingRules();
    final Purpose purpose = firewall.getPurpose();
    final Commands cmds = new Commands(Command.OnError.Continue);
    _commandSetupHelper.createPublicIpACLsCommands(router, cmds);
    if (purpose == Purpose.LoadBalancing) {
        _commandSetupHelper.createApplyLoadBalancingRulesCommands(loadbalancingRules, router, cmds, network.getId());
        return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
    } else if (purpose == Purpose.PortForwarding) {
        _commandSetupHelper.createApplyPortForwardingRulesCommands((List<? extends PortForwardingRule>) rules, router, cmds, network.getId());
        return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
    } else if (purpose == Purpose.StaticNat) {
        _commandSetupHelper.createApplyStaticNatRulesCommands((List<StaticNatRule>) rules, router, cmds, network.getId());
        return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
    } else if (purpose == Purpose.Firewall) {
        _commandSetupHelper.createApplyFirewallRulesCommands(rules, router, cmds, network.getId());
        return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
    }
    s_logger.warn("Unable to apply rules of purpose: " + rules.get(0).getPurpose());
    return false;
}
Also used : LoadBalancingRule(com.cloud.legacymodel.network.LoadBalancingRule) Network(com.cloud.legacymodel.network.Network) Commands(com.cloud.agent.manager.Commands) Purpose(com.cloud.legacymodel.network.FirewallRule.Purpose) List(java.util.List) StaticNatRule(com.cloud.legacymodel.network.StaticNatRule) PortForwardingRule(com.cloud.legacymodel.network.PortForwardingRule) DomainRouterVO(com.cloud.vm.DomainRouterVO)

Example 9 with StaticNatRule

use of com.cloud.legacymodel.network.StaticNatRule in project cosmic by MissionCriticalCloud.

the class RulesManagerImpl method applyStaticNatRulesForIp.

protected boolean applyStaticNatRulesForIp(final long sourceIpId, final boolean continueOnError, final Account caller, final boolean forRevoke) {
    final List<? extends FirewallRule> rules = _firewallDao.listByIpAndPurpose(sourceIpId, Purpose.StaticNat);
    final List<StaticNatRule> staticNatRules = new ArrayList<>();
    if (rules.size() == 0) {
        s_logger.debug("There are no static nat rules to apply for ip id=" + sourceIpId);
        return true;
    }
    for (final FirewallRule rule : rules) {
        staticNatRules.add(buildStaticNatRule(rule, forRevoke));
    }
    if (caller != null) {
        _accountMgr.checkAccess(caller, null, true, staticNatRules.toArray(new StaticNatRule[staticNatRules.size()]));
    }
    try {
        if (!_firewallMgr.applyRules(staticNatRules, continueOnError, true)) {
            return false;
        }
    } catch (final ResourceUnavailableException ex) {
        s_logger.warn("Failed to apply static nat rules for ip due to ", ex);
        return false;
    }
    return true;
}
Also used : ArrayList(java.util.ArrayList) ResourceUnavailableException(com.cloud.legacymodel.exceptions.ResourceUnavailableException) StaticNatRule(com.cloud.legacymodel.network.StaticNatRule) FirewallRule(com.cloud.legacymodel.network.FirewallRule)

Aggregations

StaticNatRule (com.cloud.legacymodel.network.StaticNatRule)9 ArrayList (java.util.ArrayList)5 FirewallRule (com.cloud.legacymodel.network.FirewallRule)4 InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)3 ResourceUnavailableException (com.cloud.legacymodel.exceptions.ResourceUnavailableException)3 Network (com.cloud.legacymodel.network.Network)3 ServerApiException (com.cloud.api.ServerApiException)2 IpForwardingRuleResponse (com.cloud.api.response.IpForwardingRuleResponse)2 Zone (com.cloud.db.model.Zone)2 CloudRuntimeException (com.cloud.legacymodel.exceptions.CloudRuntimeException)2 NetworkRuleConflictException (com.cloud.legacymodel.exceptions.NetworkRuleConflictException)2 LoadBalancingRule (com.cloud.legacymodel.network.LoadBalancingRule)2 PortForwardingRule (com.cloud.legacymodel.network.PortForwardingRule)2 IpAddress (com.cloud.network.IpAddress)2 PublicIpAddress (com.cloud.network.PublicIpAddress)2 PublicIp (com.cloud.network.addr.PublicIp)2 IPAddressVO (com.cloud.network.dao.IPAddressVO)2 List (java.util.List)2 Commands (com.cloud.agent.manager.Commands)1 ListResponse (com.cloud.api.response.ListResponse)1