Search in sources :

Example 16 with Account

use of com.cloud.legacymodel.user.Account in project cosmic by MissionCriticalCloud.

the class VirtualMachineManagerImpl method migrateVmAwayThroughJobQueue.

public Outcome<VirtualMachine> migrateVmAwayThroughJobQueue(final String vmUuid, final long srcHostId) {
    final CallContext context = CallContext.current();
    final User user = context.getCallingUser();
    final Account account = context.getCallingAccount();
    final VMInstanceVO vm = _vmDao.findByUuid(vmUuid);
    final List<VmWorkJobVO> pendingWorkJobs = _workJobDao.listPendingWorkJobs(VirtualMachineType.Instance, vm.getId(), VmWorkMigrateAway.class.getName());
    VmWorkJobVO workJob = null;
    if (pendingWorkJobs != null && pendingWorkJobs.size() > 0) {
        assert pendingWorkJobs.size() == 1;
        workJob = pendingWorkJobs.get(0);
    } else {
        workJob = new VmWorkJobVO(context.getContextId());
        workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
        workJob.setCmd(VmWorkMigrateAway.class.getName());
        workJob.setAccountId(account.getId());
        workJob.setUserId(user.getId());
        workJob.setVmType(VirtualMachineType.Instance);
        workJob.setVmInstanceId(vm.getId());
        workJob.setRelated(AsyncJobExecutionContext.getOriginJobId());
        // save work context info (there are some duplications)
        final VmWorkMigrateAway workInfo = new VmWorkMigrateAway(user.getId(), account.getId(), vm.getId(), VirtualMachineManagerImpl.VM_WORK_JOB_HANDLER, srcHostId);
        workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
    }
    _jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
    AsyncJobExecutionContext.getCurrentExecutionContext().joinJob(workJob.getId());
    return new VmStateSyncOutcome(workJob, VirtualMachine.PowerState.PowerOn, vm.getId(), vm.getPowerHostId());
}
Also used : Account(com.cloud.legacymodel.user.Account) User(com.cloud.legacymodel.user.User) CallContext(com.cloud.context.CallContext) VmWorkJobVO(com.cloud.framework.jobs.impl.VmWorkJobVO)

Example 17 with Account

use of com.cloud.legacymodel.user.Account in project cosmic by MissionCriticalCloud.

the class FirstFitAllocator method allocateTo.

@Override
public List<Host> allocateTo(final VirtualMachineProfile vmProfile, final DeploymentPlan plan, final HostType type, final ExcludeList avoid, final List<? extends Host> hosts, final int returnUpTo, final boolean considerReservedCapacity) {
    final long dcId = plan.getDataCenterId();
    final Long podId = plan.getPodId();
    final Long clusterId = plan.getClusterId();
    final ServiceOffering offering = vmProfile.getServiceOffering();
    final VMTemplateVO template = (VMTemplateVO) vmProfile.getTemplate();
    final Account account = vmProfile.getOwner();
    List<Host> suitableHosts = new ArrayList<>();
    final List<Host> hostsCopy = new ArrayList<>(hosts);
    if (type == HostType.Storage) {
        // routing or not.
        return suitableHosts;
    }
    final String hostTagOnOffering = offering.getHostTag();
    final String hostTagOnTemplate = template.getTemplateTag();
    final boolean hasSvcOfferingTag = hostTagOnOffering != null ? true : false;
    final boolean hasTemplateTag = hostTagOnTemplate != null ? true : false;
    final String haVmTag = (String) vmProfile.getParameter(VirtualMachineProfile.Param.HaTag);
    if (haVmTag != null) {
        hostsCopy.retainAll(_hostDao.listByHostTag(type, clusterId, podId, dcId, haVmTag));
    } else {
        if (hostTagOnOffering == null && hostTagOnTemplate == null) {
            hostsCopy.retainAll(_resourceMgr.listAllUpAndEnabledNonHAHosts(type, clusterId, podId, dcId));
        } else {
            if (hasSvcOfferingTag) {
                if (s_logger.isDebugEnabled()) {
                    s_logger.debug("Looking for hosts having tag specified on SvcOffering:" + hostTagOnOffering);
                }
                hostsCopy.retainAll(_hostDao.listByHostTag(type, clusterId, podId, dcId, hostTagOnOffering));
                if (s_logger.isDebugEnabled()) {
                    s_logger.debug("Hosts with tag '" + hostTagOnOffering + "' are:" + hostsCopy);
                }
            }
            if (hasTemplateTag) {
                if (s_logger.isDebugEnabled()) {
                    s_logger.debug("Looking for hosts having tag specified on Template:" + hostTagOnTemplate);
                }
                hostsCopy.retainAll(_hostDao.listByHostTag(type, clusterId, podId, dcId, hostTagOnTemplate));
                if (s_logger.isDebugEnabled()) {
                    s_logger.debug("Hosts with tag '" + hostTagOnTemplate + "' are:" + hostsCopy);
                }
            }
        }
    }
    if (!hostsCopy.isEmpty()) {
        suitableHosts = allocateTo(plan, offering, template, avoid, hostsCopy, returnUpTo, considerReservedCapacity, account);
    }
    return suitableHosts;
}
Also used : Account(com.cloud.legacymodel.user.Account) ServiceOffering(com.cloud.offering.ServiceOffering) VMTemplateVO(com.cloud.storage.VMTemplateVO) ArrayList(java.util.ArrayList) Host(com.cloud.legacymodel.dc.Host)

Example 18 with Account

use of com.cloud.legacymodel.user.Account in project cosmic by MissionCriticalCloud.

the class FirstFitAllocator method allocateTo.

@Override
public List<Host> allocateTo(final VirtualMachineProfile vmProfile, final DeploymentPlan plan, final HostType type, final ExcludeList avoid, final int returnUpTo, final boolean considerReservedCapacity) {
    final long dcId = plan.getDataCenterId();
    final Long podId = plan.getPodId();
    final Long clusterId = plan.getClusterId();
    final ServiceOffering offering = vmProfile.getServiceOffering();
    final VMTemplateVO template = (VMTemplateVO) vmProfile.getTemplate();
    final Account account = vmProfile.getOwner();
    if (type == HostType.Storage) {
        // FirstFitAllocator should be used for user VMs only since it won't care whether the host is capable of routing or not
        return new ArrayList<>();
    }
    if (s_logger.isDebugEnabled()) {
        s_logger.debug("Looking for hosts in dc: " + dcId + "  pod:" + podId + "  cluster:" + clusterId);
    }
    final String hostTagOnOffering = offering.getHostTag();
    final String hostTagOnTemplate = template.getTemplateTag();
    final boolean hasSvcOfferingTag = hostTagOnOffering != null ? true : false;
    final boolean hasTemplateTag = hostTagOnTemplate != null ? true : false;
    List<HostVO> clusterHosts = new ArrayList<>();
    final String haVmTag = (String) vmProfile.getParameter(VirtualMachineProfile.Param.HaTag);
    if (haVmTag != null) {
        clusterHosts = _hostDao.listByHostTag(type, clusterId, podId, dcId, haVmTag);
    } else {
        if (hostTagOnOffering == null && hostTagOnTemplate == null) {
            clusterHosts = _resourceMgr.listAllUpAndEnabledNonHAHosts(type, clusterId, podId, dcId);
        } else {
            List<HostVO> hostsMatchingOfferingTag = new ArrayList<>();
            List<HostVO> hostsMatchingTemplateTag = new ArrayList<>();
            if (hasSvcOfferingTag) {
                if (s_logger.isDebugEnabled()) {
                    s_logger.debug("Looking for hosts having tag specified on SvcOffering:" + hostTagOnOffering);
                }
                hostsMatchingOfferingTag = _hostDao.listByHostTag(type, clusterId, podId, dcId, hostTagOnOffering);
                if (s_logger.isDebugEnabled()) {
                    s_logger.debug("Hosts with tag '" + hostTagOnOffering + "' are:" + hostsMatchingOfferingTag);
                }
            }
            if (hasTemplateTag) {
                if (s_logger.isDebugEnabled()) {
                    s_logger.debug("Looking for hosts having tag specified on Template:" + hostTagOnTemplate);
                }
                hostsMatchingTemplateTag = _hostDao.listByHostTag(type, clusterId, podId, dcId, hostTagOnTemplate);
                if (s_logger.isDebugEnabled()) {
                    s_logger.debug("Hosts with tag '" + hostTagOnTemplate + "' are:" + hostsMatchingTemplateTag);
                }
            }
            if (hasSvcOfferingTag && hasTemplateTag) {
                hostsMatchingOfferingTag.retainAll(hostsMatchingTemplateTag);
                clusterHosts = _hostDao.listByHostTag(type, clusterId, podId, dcId, hostTagOnTemplate);
                if (s_logger.isDebugEnabled()) {
                    s_logger.debug("Found " + hostsMatchingOfferingTag.size() + " Hosts satisfying both tags, host ids are:" + hostsMatchingOfferingTag);
                }
                clusterHosts = hostsMatchingOfferingTag;
            } else {
                if (hasSvcOfferingTag) {
                    clusterHosts = hostsMatchingOfferingTag;
                } else {
                    clusterHosts = hostsMatchingTemplateTag;
                }
            }
        }
    }
    // add all hosts that we are not considering to the avoid list
    final List<HostVO> allhostsInCluster = _hostDao.listAllUpAndEnabledNonHAHosts(type, clusterId, podId, dcId, null);
    allhostsInCluster.removeAll(clusterHosts);
    for (final HostVO host : allhostsInCluster) {
        avoid.addHost(host.getId());
    }
    return allocateTo(plan, offering, template, avoid, clusterHosts, returnUpTo, considerReservedCapacity, account);
}
Also used : Account(com.cloud.legacymodel.user.Account) ServiceOffering(com.cloud.offering.ServiceOffering) VMTemplateVO(com.cloud.storage.VMTemplateVO) ArrayList(java.util.ArrayList) HostVO(com.cloud.host.HostVO)

Example 19 with Account

use of com.cloud.legacymodel.user.Account in project cosmic by MissionCriticalCloud.

the class DomainChecker method checkAccess.

@Override
public boolean checkAccess(final Account caller, final ControlledEntity entity, final AccessType accessType) throws PermissionDeniedException {
    if (entity instanceof VirtualMachineTemplate) {
        final VirtualMachineTemplate template = (VirtualMachineTemplate) entity;
        final Account owner = _accountDao.findById(template.getAccountId());
        // validate that the template is usable by the account
        if (!template.isPublicTemplate()) {
            if (_accountService.isRootAdmin(caller.getId()) || (owner.getId() == caller.getId())) {
                return true;
            }
            // special handling for the project case
            if (owner.getType() == Account.ACCOUNT_TYPE_PROJECT && _projectMgr.canAccessProjectAccount(caller, owner.getId())) {
                return true;
            }
            // since the current account is not the owner of the template, check the launch permissions table to see if the
            // account can launch a VM from this template
            final LaunchPermissionVO permission = _launchPermissionDao.findByTemplateAndAccount(template.getId(), caller.getId());
            if (permission == null) {
                throw new PermissionDeniedException(caller + " does not have permission to launch instances from " + template);
            }
        } else {
            // Domain admin and regular user can delete/modify only templates created by them
            if (accessType != null && accessType == AccessType.OperateEntry) {
                if (!_accountService.isRootAdmin(caller.getId()) && owner.getId() != caller.getId()) {
                    // For projects check if the caller account can access the project account
                    if (owner.getType() != Account.ACCOUNT_TYPE_PROJECT || !(_projectMgr.canAccessProjectAccount(caller, owner.getId()))) {
                        throw new PermissionDeniedException("Domain Admin and regular users can modify only their own Public templates");
                    }
                }
            }
        }
        return true;
    } else if (entity instanceof Network && accessType != null && accessType == AccessType.UseEntry) {
        _networkMgr.checkNetworkPermissions(caller, (Network) entity);
    } else if (entity instanceof AffinityGroup) {
        return false;
    } else {
        if (_accountService.isNormalUser(caller.getId())) {
            final Account account = _accountDao.findById(entity.getAccountId());
            if (account != null && account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
                // only project owner can delete/modify the project
                if (accessType != null && accessType == AccessType.ModifyProject) {
                    if (!_projectMgr.canModifyProjectAccount(caller, account.getId())) {
                        throw new PermissionDeniedException(caller + " does not have permission to operate with resource " + entity);
                    }
                } else if (!_projectMgr.canAccessProjectAccount(caller, account.getId())) {
                    throw new PermissionDeniedException(caller + " does not have permission to operate with resource " + entity);
                }
            } else {
                if (caller.getId() != entity.getAccountId()) {
                    throw new PermissionDeniedException(caller + " does not have permission to operate with resource " + entity);
                }
            }
        }
    }
    return true;
}
Also used : Account(com.cloud.legacymodel.user.Account) VirtualMachineTemplate(com.cloud.legacymodel.storage.VirtualMachineTemplate) Network(com.cloud.legacymodel.network.Network) PermissionDeniedException(com.cloud.legacymodel.exceptions.PermissionDeniedException) AffinityGroup(com.cloud.affinity.AffinityGroup) LaunchPermissionVO(com.cloud.storage.LaunchPermissionVO)

Example 20 with Account

use of com.cloud.legacymodel.user.Account in project cosmic by MissionCriticalCloud.

the class AffinityGroupServiceImpl method deleteAffinityGroup.

@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_AFFINITY_GROUP_DELETE, eventDescription = "Deleting affinity group")
public boolean deleteAffinityGroup(final Long affinityGroupId, final String account, final Long projectId, final Long domainId, final String affinityGroupName) {
    final AffinityGroupVO group = getAffinityGroup(affinityGroupId, account, projectId, domainId, affinityGroupName);
    // check permissions
    final Account caller = CallContext.current().getCallingAccount();
    _accountMgr.checkAccess(caller, AccessType.OperateEntry, true, group);
    final Long affinityGroupIdFinal = group.getId();
    deleteAffinityGroup(affinityGroupIdFinal);
    // remove its related ACL permission
    final Pair<Class<?>, Long> params = new Pair<>(AffinityGroup.class, affinityGroupIdFinal);
    _messageBus.publish(_name, EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, PublishScope.LOCAL, params);
    if (s_logger.isDebugEnabled()) {
        s_logger.debug("Deleted affinity group id=" + affinityGroupIdFinal);
    }
    return true;
}
Also used : Account(com.cloud.legacymodel.user.Account) Pair(com.cloud.legacymodel.utils.Pair) ActionEvent(com.cloud.event.ActionEvent) DB(com.cloud.utils.db.DB)

Aggregations

Account (com.cloud.legacymodel.user.Account)435 InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)229 ActionEvent (com.cloud.event.ActionEvent)120 ArrayList (java.util.ArrayList)103 CloudRuntimeException (com.cloud.legacymodel.exceptions.CloudRuntimeException)98 PermissionDeniedException (com.cloud.legacymodel.exceptions.PermissionDeniedException)78 User (com.cloud.legacymodel.user.User)73 DB (com.cloud.utils.db.DB)59 List (java.util.List)58 Pair (com.cloud.legacymodel.utils.Pair)53 Network (com.cloud.legacymodel.network.Network)48 CallContext (com.cloud.context.CallContext)47 DomainVO (com.cloud.domain.DomainVO)47 UserAccount (com.cloud.legacymodel.user.UserAccount)47 Filter (com.cloud.utils.db.Filter)47 TransactionStatus (com.cloud.utils.db.TransactionStatus)40 Domain (com.cloud.legacymodel.domain.Domain)39 ResourceUnavailableException (com.cloud.legacymodel.exceptions.ResourceUnavailableException)37 Test (org.junit.Test)36 Ternary (com.cloud.legacymodel.utils.Ternary)34