Example 6 with Vpc
use of com.cloud.legacymodel.network.vpc.Vpc in project cosmic by MissionCriticalCloud.
the class VpcManagerImpl method startVpc.
@Override
public boolean startVpc(final long vpcId, final boolean destroyOnFailure) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException {
final CallContext ctx = CallContext.current();
final Account caller = ctx.getCallingAccount();
final User callerUser = _accountMgr.getActiveUser(ctx.getCallingUserId());
// check if vpc exists
final Vpc vpc = getActiveVpc(vpcId);
if (vpc == null) {
final InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find Enabled VPC by id specified");
ex.addProxyObject(String.valueOf(vpcId), "VPC");
throw ex;
}
// permission check
_accountMgr.checkAccess(caller, null, false, vpc);
final Zone zone = zoneRepository.findById(vpc.getZoneId()).orElse(null);
final DeployDestination dest = new DeployDestination(zone, null, null, null);
final ReservationContext context = new ReservationContextImpl(null, null, callerUser, _accountMgr.getAccount(vpc.getAccountId()));
boolean result = true;
try {
if (!startVpc(vpc, dest, context)) {
s_logger.warn("Failed to start vpc " + vpc);
result = false;
}
} catch (final Exception ex) {
s_logger.warn("Failed to start vpc " + vpc + " due to ", ex);
result = false;
} finally {
// do cleanup
if (!result && destroyOnFailure) {
s_logger.debug("Destroying vpc " + vpc + " that failed to start");
if (destroyVpc(vpc, caller, callerUser.getId())) {
s_logger.warn("Successfully destroyed vpc " + vpc + " that failed to start");
} else {
s_logger.warn("Failed to destroy vpc " + vpc + " that failed to start");
}
}
}
return result;
}
Also used :
Account(com.cloud.legacymodel.user.Account)
User(com.cloud.legacymodel.user.User)
InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)
Zone(com.cloud.db.model.Zone)
DeployDestination(com.cloud.deploy.DeployDestination)
Vpc(com.cloud.legacymodel.network.vpc.Vpc)
CallContext(com.cloud.context.CallContext)
ReservationContextImpl(com.cloud.vm.ReservationContextImpl)
InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)
PermissionDeniedException(com.cloud.legacymodel.exceptions.PermissionDeniedException)
TransactionCallbackWithException(com.cloud.utils.db.TransactionCallbackWithException)
ResourceAllocationException(com.cloud.legacymodel.exceptions.ResourceAllocationException)
ConcurrentOperationException(com.cloud.legacymodel.exceptions.ConcurrentOperationException)
ExecutionException(java.util.concurrent.ExecutionException)
InsufficientAddressCapacityException(com.cloud.legacymodel.exceptions.InsufficientAddressCapacityException)
InsufficientCapacityException(com.cloud.legacymodel.exceptions.InsufficientCapacityException)
NetworkRuleConflictException(com.cloud.legacymodel.exceptions.NetworkRuleConflictException)
ConfigurationException(javax.naming.ConfigurationException)
ResourceUnavailableException(com.cloud.legacymodel.exceptions.ResourceUnavailableException)
ServerApiException(com.cloud.api.ServerApiException)
CloudRuntimeException(com.cloud.legacymodel.exceptions.CloudRuntimeException)
ReservationContext(com.cloud.vm.ReservationContext)
Example 7 with Vpc
use of com.cloud.legacymodel.network.vpc.Vpc in project cosmic by MissionCriticalCloud.
the class RemoteAccessVpnManagerImpl method createRemoteAccessVpn.
@Override
@DB
public RemoteAccessVpn createRemoteAccessVpn(final long publicIpId, String ipRange, boolean openFirewall, final Boolean forDisplay) throws NetworkRuleConflictException {
final CallContext ctx = CallContext.current();
final Account caller = ctx.getCallingAccount();
final Long networkId;
// make sure ip address exists
final PublicIpAddress ipAddr = _networkMgr.getPublicIpAddress(publicIpId);
if (ipAddr == null) {
throw new InvalidParameterValueException("Unable to create remote access vpn, invalid public IP address id" + publicIpId);
}
_accountMgr.checkAccess(caller, null, true, ipAddr);
if (!ipAddr.readyToUse()) {
throw new InvalidParameterValueException("The Ip address is not ready to be used yet: " + ipAddr.getAddress());
}
final IPAddressVO ipAddress = _ipAddressDao.findById(publicIpId);
networkId = ipAddress.getAssociatedWithNetworkId();
if (networkId != null) {
_networkMgr.checkIpForService(ipAddress, Service.Vpn, null);
}
final Long vpcId = ipAddress.getVpcId();
/* IP Address used for VPC must be the source NAT IP of whole VPC */
if (vpcId != null && ipAddress.isSourceNat()) {
assert networkId == null;
// No firewall setting for VPC, it would be open internally
openFirewall = false;
}
final boolean openFirewallFinal = openFirewall;
if (networkId == null && vpcId == null) {
throw new InvalidParameterValueException("Unable to create remote access vpn for the ipAddress: " + ipAddr.getAddress().addr() + " as ip is not associated with any network or VPC");
}
RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByPublicIpAddress(publicIpId);
if (vpnVO != null) {
// if vpn is in Added state, return it to the api
if (vpnVO.getState() == RemoteAccessVpn.State.Added) {
return vpnVO;
}
throw new InvalidParameterValueException("A Remote Access VPN already exists for this public Ip address");
}
if (ipRange == null) {
ipRange = RemoteAccessVpnClientIpRange.valueIn(ipAddr.getAccountId());
}
final String[] range = ipRange.split("-");
if (range.length != 2) {
throw new InvalidParameterValueException("Invalid ip range");
}
if (!NetUtils.isValidIp4(range[0]) || !NetUtils.isValidIp4(range[1])) {
throw new InvalidParameterValueException("Invalid ip in range specification " + ipRange);
}
if (!NetUtils.validIpRange(range[0], range[1])) {
throw new InvalidParameterValueException("Invalid ip range " + ipRange);
}
final Pair<String, Integer> cidr;
// TODO: assumes one virtual network / domr per account per zone
if (networkId != null) {
vpnVO = _remoteAccessVpnDao.findByAccountAndNetwork(ipAddr.getAccountId(), networkId);
if (vpnVO != null) {
// if vpn is in Added state, return it to the api
if (vpnVO.getState() == RemoteAccessVpn.State.Added) {
return vpnVO;
}
throw new InvalidParameterValueException("A Remote Access VPN already exists for this account");
}
// Verify that vpn service is enabled for the network
final Network network = _networkMgr.getNetwork(networkId);
if (!_networkMgr.areServicesSupportedInNetwork(network.getId(), Service.Vpn)) {
throw new InvalidParameterValueException("Vpn service is not supported in network id=" + ipAddr.getAssociatedWithNetworkId());
}
cidr = NetUtils.getCidr(network.getCidr());
} else {
// Don't need to check VPC because there is only one IP(source NAT IP) available for VPN
final Vpc vpc = _vpcDao.findById(vpcId);
cidr = NetUtils.getCidr(vpc.getCidr());
}
// FIXME: This check won't work for the case where the guest ip range
// changes depending on the vlan allocated.
final String[] guestIpRange = NetUtils.getIpRangeFromCidr(cidr.first(), cidr.second());
if (NetUtils.ipRangesOverlap(range[0], range[1], guestIpRange[0], guestIpRange[1])) {
throw new InvalidParameterValueException("Invalid ip range: " + ipRange + " overlaps with guest ip range " + guestIpRange[0] + "-" + guestIpRange[1]);
}
// TODO: check sufficient range
// TODO: check overlap with private and public ip ranges in datacenter
long startIp = NetUtils.ip2Long(range[0]);
final String newIpRange = NetUtils.long2Ip(++startIp) + "-" + range[1];
final String sharedSecret = PasswordGenerator.generatePresharedKey(_pskLength);
return Transaction.execute(new TransactionCallbackWithException<RemoteAccessVpn, NetworkRuleConflictException>() {
@Override
public RemoteAccessVpn doInTransaction(final TransactionStatus status) throws NetworkRuleConflictException {
if (vpcId == null) {
_rulesMgr.reservePorts(ipAddr, NetUtils.UDP_PROTO, Purpose.Vpn, openFirewallFinal, caller, NetUtils.VPN_PORT, NetUtils.VPN_L2TP_PORT, NetUtils.VPN_NATT_PORT);
}
final RemoteAccessVpnVO vpnVO = new RemoteAccessVpnVO(ipAddr.getAccountId(), ipAddr.getDomainId(), ipAddr.getAssociatedWithNetworkId(), publicIpId, vpcId, range[0], newIpRange, sharedSecret);
if (forDisplay != null) {
vpnVO.setDisplay(forDisplay);
}
return _remoteAccessVpnDao.persist(vpnVO);
}
});
}
Also used :
Account(com.cloud.legacymodel.user.Account)
RemoteAccessVpnVO(com.cloud.network.dao.RemoteAccessVpnVO)
Vpc(com.cloud.legacymodel.network.vpc.Vpc)
TransactionStatus(com.cloud.utils.db.TransactionStatus)
CallContext(com.cloud.context.CallContext)
NetworkRuleConflictException(com.cloud.legacymodel.exceptions.NetworkRuleConflictException)
PublicIpAddress(com.cloud.network.PublicIpAddress)
InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)
Network(com.cloud.legacymodel.network.Network)
IPAddressVO(com.cloud.network.dao.IPAddressVO)
RemoteAccessVpn(com.cloud.network.RemoteAccessVpn)
DB(com.cloud.utils.db.DB)
Example 8 with Vpc
use of com.cloud.legacymodel.network.vpc.Vpc in project cosmic by MissionCriticalCloud.
the class NetworkACLServiceImpl method updateNetworkACL.
@Override
@ActionEvent(eventType = EventTypes.EVENT_NETWORK_ACL_UPDATE, eventDescription = "updating network acl", async = true)
public NetworkACL updateNetworkACL(final Long id, final String customId, final Boolean forDisplay, final String description, final String name) {
final NetworkACLVO acl = _networkACLDao.findById(id);
final Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId());
final Account caller = CallContext.current().getCallingAccount();
_accountMgr.checkAccess(caller, null, true, vpc);
if (customId != null) {
acl.setUuid(customId);
}
if (forDisplay != null) {
acl.setDisplay(forDisplay);
}
if (description != null) {
acl.setDescription(description);
}
if (name != null) {
acl.setName(name);
}
_networkACLDao.update(id, acl);
return _networkACLDao.findById(id);
}
Also used :
Account(com.cloud.legacymodel.user.Account)
Vpc(com.cloud.legacymodel.network.vpc.Vpc)
ActionEvent(com.cloud.event.ActionEvent)
Example 9 with Vpc
use of com.cloud.legacymodel.network.vpc.Vpc in project cosmic by MissionCriticalCloud.
the class NetworkACLServiceImpl method listNetworkACLItems.
@Override
public Pair<List<? extends NetworkACLItem>, Integer> listNetworkACLItems(final ListNetworkACLsCmd cmd) {
final Long networkId = cmd.getNetworkId();
final Long id = cmd.getId();
Long aclId = cmd.getAclId();
final String trafficType = cmd.getTrafficType();
final String protocol = cmd.getProtocol();
final String action = cmd.getAction();
final Map<String, String> tags = cmd.getTags();
final Account caller = CallContext.current().getCallingAccount();
final Filter filter = new Filter(NetworkACLItemVO.class, "id", false, cmd.getStartIndex(), cmd.getPageSizeVal());
final SearchBuilder<NetworkACLItemVO> sb = _networkACLItemDao.createSearchBuilder();
sb.and("id", sb.entity().getId(), Op.EQ);
sb.and("aclId", sb.entity().getAclId(), Op.EQ);
sb.and("trafficType", sb.entity().getTrafficType(), Op.EQ);
sb.and("protocol", sb.entity().getProtocol(), Op.EQ);
sb.and("action", sb.entity().getAction(), Op.EQ);
if (tags != null && !tags.isEmpty()) {
final SearchBuilder<ResourceTagVO> tagSearch = _resourceTagDao.createSearchBuilder();
for (int count = 0; count < tags.size(); count++) {
tagSearch.or().op("key" + String.valueOf(count), tagSearch.entity().getKey(), Op.EQ);
tagSearch.and("value" + String.valueOf(count), tagSearch.entity().getValue(), Op.EQ);
tagSearch.cp();
}
tagSearch.and("resourceType", tagSearch.entity().getResourceType(), Op.EQ);
sb.groupBy(sb.entity().getId());
sb.join("tagSearch", tagSearch, sb.entity().getId(), tagSearch.entity().getResourceId(), JoinBuilder.JoinType.INNER);
}
if (aclId == null) {
// Join with network_acl table when aclId is not specified to list acl_items within permitted VPCs
final SearchBuilder<NetworkACLVO> vpcSearch = _networkACLDao.createSearchBuilder();
vpcSearch.and("vpcId", vpcSearch.entity().getVpcId(), Op.IN);
sb.join("vpcSearch", vpcSearch, sb.entity().getAclId(), vpcSearch.entity().getId(), JoinBuilder.JoinType.INNER);
}
final SearchCriteria<NetworkACLItemVO> sc = sb.create();
if (id != null) {
sc.setParameters("id", id);
}
if (networkId != null) {
final Network network = _networkDao.findById(networkId);
aclId = network.getNetworkACLId();
if (aclId == null) {
// Return empty list
return new Pair(new ArrayList<NetworkACLItem>(), 0);
}
}
if (trafficType != null) {
sc.setParameters("trafficType", trafficType);
}
if (aclId != null) {
// Get VPC and check access
final NetworkACL acl = _networkACLDao.findById(aclId);
if (acl.getVpcId() != 0) {
final Vpc vpc = _vpcDao.findById(acl.getVpcId());
if (vpc == null) {
throw new InvalidParameterValueException("Unable to find VPC associated with acl");
}
_accountMgr.checkAccess(caller, null, true, vpc);
}
sc.setParameters("aclId", aclId);
} else {
// ToDo: Add accountId to network_acl_item table for permission check
// aclId is not specified
// List permitted VPCs and filter aclItems
final List<Long> permittedAccounts = new ArrayList<>();
Long domainId = cmd.getDomainId();
boolean isRecursive = cmd.isRecursive();
final String accountName = cmd.getAccountName();
final Long projectId = cmd.getProjectId();
final boolean listAll = cmd.listAll();
final Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<>(domainId, isRecursive, null);
_accountMgr.buildACLSearchParameters(caller, id, accountName, projectId, permittedAccounts, domainIdRecursiveListProject, listAll, false);
domainId = domainIdRecursiveListProject.first();
isRecursive = domainIdRecursiveListProject.second();
final ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third();
final SearchBuilder<VpcVO> sbVpc = _vpcDao.createSearchBuilder();
_accountMgr.buildACLSearchBuilder(sbVpc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
final SearchCriteria<VpcVO> scVpc = sbVpc.create();
_accountMgr.buildACLSearchCriteria(scVpc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
final List<VpcVO> vpcs = _vpcDao.search(scVpc, null);
final List<Long> vpcIds = new ArrayList<>();
for (final VpcVO vpc : vpcs) {
vpcIds.add(vpc.getId());
}
// Add vpc_id 0 to list acl_items in default ACL
vpcIds.add(0L);
sc.setJoinParameters("vpcSearch", "vpcId", vpcIds.toArray());
}
if (protocol != null) {
sc.setParameters("protocol", protocol);
}
if (action != null) {
sc.setParameters("action", action);
}
if (tags != null && !tags.isEmpty()) {
int count = 0;
sc.setJoinParameters("tagSearch", "resourceType", ResourceObjectType.NetworkACL.toString());
for (final String key : tags.keySet()) {
sc.setJoinParameters("tagSearch", "key" + String.valueOf(count), key);
sc.setJoinParameters("tagSearch", "value" + String.valueOf(count), tags.get(key));
count++;
}
}
final Pair<List<NetworkACLItemVO>, Integer> result = _networkACLItemDao.searchAndCount(sc, filter);
final List<NetworkACLItemVO> aclItemVOs = result.first();
for (final NetworkACLItemVO item : aclItemVOs) {
_networkACLItemDao.loadCidrs(item);
}
return new Pair<>(aclItemVOs, result.second());
}
Also used :
Account(com.cloud.legacymodel.user.Account)
Vpc(com.cloud.legacymodel.network.vpc.Vpc)
ArrayList(java.util.ArrayList)
NetworkACL(com.cloud.legacymodel.network.vpc.NetworkACL)
NetworkACLItem(com.cloud.legacymodel.network.vpc.NetworkACLItem)
InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)
Network(com.cloud.legacymodel.network.Network)
ResourceTagVO(com.cloud.tags.ResourceTagVO)
List(java.util.List)
ArrayList(java.util.ArrayList)
Pair(com.cloud.legacymodel.utils.Pair)
Ternary(com.cloud.legacymodel.utils.Ternary)
ListProjectResourcesCriteria(com.cloud.projects.Project.ListProjectResourcesCriteria)
Filter(com.cloud.utils.db.Filter)
Example 10 with Vpc
use of com.cloud.legacymodel.network.vpc.Vpc in project cosmic by MissionCriticalCloud.
the class NetworkACLServiceImpl method replacePublicIpACL.
@Override
public boolean replacePublicIpACL(final long aclId, final long publicIpId) throws ResourceUnavailableException {
final Account caller = CallContext.current().getCallingAccount();
final IPAddressVO publicIp = _ipAddressDao.findById(publicIpId);
if (publicIp == null) {
throw new InvalidParameterValueException("Unable to find specified IP address");
}
final NetworkACL acl = _networkACLDao.findById(aclId);
if (acl == null) {
throw new InvalidParameterValueException("Unable to find specified NetworkACL");
}
if (publicIp.getVpcId() == null) {
throw new InvalidParameterValueException("IP address is not part of a VPC: " + publicIp.getUuid());
}
if (aclId != NetworkACL.DEFAULT_DENY && aclId != NetworkACL.DEFAULT_ALLOW) {
// ACL is not default DENY/ALLOW
// ACL should be associated with a VPC
final Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId());
if (vpc == null) {
throw new InvalidParameterValueException("Unable to find Vpc associated with the NetworkACL");
}
_accountMgr.checkAccess(caller, null, true, vpc);
if (!publicIp.getVpcId().equals(acl.getVpcId())) {
throw new InvalidParameterValueException("IP address: " + publicIpId + " and ACL: " + aclId + " do not belong to the same VPC");
}
}
return _networkAclMgr.replacePublicIpACL(acl, publicIp);
}
Also used :
Account(com.cloud.legacymodel.user.Account)
InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)
Vpc(com.cloud.legacymodel.network.vpc.Vpc)
IPAddressVO(com.cloud.network.dao.IPAddressVO)
NetworkACL(com.cloud.legacymodel.network.vpc.NetworkACL)
Aggregations
Vpc (com.cloud.legacymodel.network.vpc.Vpc)60
InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)24
Account (com.cloud.legacymodel.user.Account)24
ResourceUnavailableException (com.cloud.legacymodel.exceptions.ResourceUnavailableException)17
DomainRouterVO (com.cloud.vm.DomainRouterVO)17
Network (com.cloud.legacymodel.network.Network)15
ArrayList (java.util.ArrayList)14
NetworkACL (com.cloud.legacymodel.network.vpc.NetworkACL)11
ActionEvent (com.cloud.event.ActionEvent)9
ConcurrentOperationException (com.cloud.legacymodel.exceptions.ConcurrentOperationException)9
CloudRuntimeException (com.cloud.legacymodel.exceptions.CloudRuntimeException)8
NetworkVO (com.cloud.network.dao.NetworkVO)8
List (java.util.List)8
ServerApiException (com.cloud.api.ServerApiException)7
InsufficientCapacityException (com.cloud.legacymodel.exceptions.InsufficientCapacityException)7
IPAddressVO (com.cloud.network.dao.IPAddressVO)7
DB (com.cloud.utils.db.DB)7
VpcResponse (com.cloud.api.response.VpcResponse)6
CallContext (com.cloud.context.CallContext)6
DataCenter (com.cloud.legacymodel.dc.DataCenter)6
