Example 26 with IpAddress
use of com.cloud.network.IpAddress in project cloudstack by apache.
the class CiscoVnmcElement method applyFWRules.
@Override
public boolean applyFWRules(Network network, List<? extends FirewallRule> rules) throws ResourceUnavailableException {
if (!_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.Firewall, Provider.CiscoVnmc)) {
s_logger.error("Firewall service is not provided by Cisco Vnmc device on network " + network.getName());
return false;
}
// Find VNMC host for physical network
List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
if (devices.isEmpty()) {
s_logger.error("No Cisco Vnmc device on network " + network.getName());
return true;
}
// Find if ASA 1000v is associated with network
NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
if (asaForNetwork == null) {
s_logger.debug("Cisco ASA 1000v device is not associated with network " + network.getName());
return true;
}
if (network.getState() == Network.State.Allocated) {
s_logger.debug("External firewall was asked to apply firewall rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands.");
return true;
}
CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
List<FirewallRuleTO> rulesTO = new ArrayList<FirewallRuleTO>();
for (FirewallRule rule : rules) {
String address = "0.0.0.0";
if (rule.getTrafficType() == TrafficType.Ingress) {
IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
address = sourceIp.getAddress().addr();
}
FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, address, rule.getPurpose(), rule.getTrafficType());
rulesTO.add(ruleTO);
}
if (!rulesTO.isEmpty()) {
SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO);
cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, BroadcastDomainType.getValue(network.getBroadcastUri()));
cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr());
Answer answer = _agentMgr.easySend(ciscoVnmcHost.getId(), cmd);
if (answer == null || !answer.getResult()) {
String details = (answer != null) ? answer.getDetails() : "details unavailable";
String msg = "Unable to apply firewall rules to Cisco ASA 1000v appliance due to: " + details + ".";
s_logger.error(msg);
throw new ResourceUnavailableException(msg, DataCenter.class, network.getDataCenterId());
}
}
return true;
}
Also used :
ArrayList(java.util.ArrayList)
FirewallRuleTO(com.cloud.agent.api.to.FirewallRuleTO)
SetFirewallRulesCommand(com.cloud.agent.api.routing.SetFirewallRulesCommand)
HostVO(com.cloud.host.HostVO)
Answer(com.cloud.agent.api.Answer)
NetworkAsa1000vMapVO(com.cloud.network.cisco.NetworkAsa1000vMapVO)
ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException)
CiscoVnmcControllerVO(com.cloud.network.cisco.CiscoVnmcControllerVO)
IpAddress(com.cloud.network.IpAddress)
PublicIpAddress(com.cloud.network.PublicIpAddress)
FirewallRule(com.cloud.network.rules.FirewallRule)
Example 27 with IpAddress
use of com.cloud.network.IpAddress in project cloudstack by apache.
the class NiciraNvpElement method applyPFRules.
/**
* From interface PortForwardingServiceProvider
*/
@Override
public boolean applyPFRules(Network network, List<PortForwardingRule> rules) throws ResourceUnavailableException {
if (!canHandle(network, Service.PortForwarding)) {
return false;
}
List<NiciraNvpDeviceVO> devices = niciraNvpDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
if (devices.isEmpty()) {
s_logger.error("No NiciraNvp Controller on physical network " + network.getPhysicalNetworkId());
return false;
}
NiciraNvpDeviceVO niciraNvpDevice = devices.get(0);
HostVO niciraNvpHost = hostDao.findById(niciraNvpDevice.getHostId());
NiciraNvpRouterMappingVO routermapping = niciraNvpRouterMappingDao.findByNetworkId(network.getId());
if (routermapping == null) {
s_logger.error("No logical router uuid found for network " + network.getDisplayText());
return false;
}
List<PortForwardingRuleTO> portForwardingRules = new ArrayList<PortForwardingRuleTO>();
for (PortForwardingRule rule : rules) {
IpAddress sourceIp = networkModel.getIp(rule.getSourceIpAddressId());
Vlan vlan = vlanDao.findById(sourceIp.getVlanId());
PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, vlan.getVlanTag(), sourceIp.getAddress().addr());
portForwardingRules.add(ruleTO);
}
ConfigurePortForwardingRulesOnLogicalRouterCommand cmd = new ConfigurePortForwardingRulesOnLogicalRouterCommand(routermapping.getLogicalRouterUuid(), portForwardingRules);
ConfigurePortForwardingRulesOnLogicalRouterAnswer answer = (ConfigurePortForwardingRulesOnLogicalRouterAnswer) agentMgr.easySend(niciraNvpHost.getId(), cmd);
return answer.getResult();
}
Also used :
PortForwardingRuleTO(com.cloud.agent.api.to.PortForwardingRuleTO)
NiciraNvpRouterMappingVO(com.cloud.network.NiciraNvpRouterMappingVO)
ConfigurePortForwardingRulesOnLogicalRouterCommand(com.cloud.agent.api.ConfigurePortForwardingRulesOnLogicalRouterCommand)
NiciraNvpDeviceVO(com.cloud.network.NiciraNvpDeviceVO)
ArrayList(java.util.ArrayList)
IpAddress(com.cloud.network.IpAddress)
PublicIpAddress(com.cloud.network.PublicIpAddress)
Vlan(com.cloud.dc.Vlan)
PortForwardingRule(com.cloud.network.rules.PortForwardingRule)
ConfigurePortForwardingRulesOnLogicalRouterAnswer(com.cloud.agent.api.ConfigurePortForwardingRulesOnLogicalRouterAnswer)
HostVO(com.cloud.host.HostVO)
Example 28 with IpAddress
use of com.cloud.network.IpAddress in project cloudstack by apache.
the class LoadBalancingRulesManagerImpl method handleSystemLBIpRelease.
protected boolean handleSystemLBIpRelease(LoadBalancerVO lb) {
IpAddress ip = _ipAddressDao.findById(lb.getSourceIpAddressId());
boolean success = true;
if (ip.getSystem()) {
s_logger.debug("Releasing system ip address " + lb.getSourceIpAddressId() + " as a part of delete lb rule");
if (!_ipAddrMgr.disassociatePublicIpAddress(lb.getSourceIpAddressId(), CallContext.current().getCallingUserId(), CallContext.current().getCallingAccount())) {
s_logger.warn("Unable to release system ip address id=" + lb.getSourceIpAddressId() + " as a part of delete lb rule");
success = false;
} else {
s_logger.warn("Successfully released system ip address id=" + lb.getSourceIpAddressId() + " as a part of delete lb rule");
}
}
return success;
}
Also used :
IpAddress(com.cloud.network.IpAddress)
Example 29 with IpAddress
use of com.cloud.network.IpAddress in project cloudstack by apache.
the class LoadBalancingRulesManagerImpl method applyLoadBalancerRules.
@DB
protected boolean applyLoadBalancerRules(List<LoadBalancerVO> lbs, boolean updateRulesInDB) throws ResourceUnavailableException {
List<LoadBalancingRule> rules = new ArrayList<LoadBalancingRule>();
for (LoadBalancerVO lb : lbs) {
rules.add(getLoadBalancerRuleToApply(lb));
}
if (!applyLbRules(rules, false)) {
s_logger.debug("LB rules are not completely applied");
return false;
}
if (updateRulesInDB) {
for (final LoadBalancerVO lb : lbs) {
boolean checkForReleaseElasticIp = Transaction.execute(new TransactionCallback<Boolean>() {
@Override
public Boolean doInTransaction(TransactionStatus status) {
boolean checkForReleaseElasticIp = false;
if (lb.getState() == FirewallRule.State.Revoke) {
removeLBRule(lb);
s_logger.debug("LB " + lb.getId() + " is successfully removed");
checkForReleaseElasticIp = true;
} else if (lb.getState() == FirewallRule.State.Add) {
lb.setState(FirewallRule.State.Active);
s_logger.debug("LB rule " + lb.getId() + " state is set to Active");
_lbDao.persist(lb);
}
// remove LB-Vm mappings that were state to revoke
List<LoadBalancerVMMapVO> lbVmMaps = _lb2VmMapDao.listByLoadBalancerId(lb.getId(), true);
List<Long> instanceIds = new ArrayList<Long>();
for (LoadBalancerVMMapVO lbVmMap : lbVmMaps) {
instanceIds.add(lbVmMap.getInstanceId());
_lb2VmMapDao.remove(lb.getId(), lbVmMap.getInstanceId(), lbVmMap.getInstanceIp(), null);
s_logger.debug("Load balancer rule id " + lb.getId() + " is removed for vm " + lbVmMap.getInstanceId() + " instance ip " + lbVmMap.getInstanceIp());
}
if (_lb2VmMapDao.listByLoadBalancerId(lb.getId()).isEmpty()) {
lb.setState(FirewallRule.State.Add);
_lbDao.persist(lb);
s_logger.debug("LB rule " + lb.getId() + " state is set to Add as there are no more active LB-VM mappings");
}
// remove LB-Stickiness policy mapping that were state to revoke
List<LBStickinessPolicyVO> stickinesspolicies = _lb2stickinesspoliciesDao.listByLoadBalancerId(lb.getId(), true);
if (!stickinesspolicies.isEmpty()) {
_lb2stickinesspoliciesDao.remove(lb.getId(), true);
s_logger.debug("Load balancer rule id " + lb.getId() + " is removed stickiness policies");
}
// remove LB-HealthCheck policy mapping that were state to
// revoke
List<LBHealthCheckPolicyVO> healthCheckpolicies = _lb2healthcheckDao.listByLoadBalancerId(lb.getId(), true);
if (!healthCheckpolicies.isEmpty()) {
_lb2healthcheckDao.remove(lb.getId(), true);
s_logger.debug("Load balancer rule id " + lb.getId() + " is removed health check monitors policies");
}
LoadBalancerCertMapVO lbCertMap = _lbCertMapDao.findByLbRuleId(lb.getId());
if (lbCertMap != null && lbCertMap.isRevoke()) {
_lbCertMapDao.remove(lbCertMap.getId());
s_logger.debug("Load balancer rule id " + lb.getId() + " removed certificate mapping");
}
return checkForReleaseElasticIp;
}
});
if (checkForReleaseElasticIp && lb.getSourceIpAddressId() != null) {
boolean success = true;
long count = _firewallDao.countRulesByIpId(lb.getSourceIpAddressId());
if (count == 0) {
try {
success = handleSystemLBIpRelease(lb);
} catch (Exception ex) {
s_logger.warn("Failed to release system ip as a part of lb rule " + lb + " deletion due to exception ", ex);
success = false;
} finally {
if (!success) {
s_logger.warn("Failed to release system ip as a part of lb rule " + lb + " deletion");
}
}
}
}
// VPC, unassign it from the network
if (lb.getSourceIpAddressId() != null) {
IpAddress ip = _ipAddressDao.findById(lb.getSourceIpAddressId());
_vpcMgr.unassignIPFromVpcNetwork(ip.getId(), lb.getNetworkId());
}
}
}
return true;
}
Also used :
ArrayList(java.util.ArrayList)
LoadBalancerVO(com.cloud.network.dao.LoadBalancerVO)
TransactionStatus(com.cloud.utils.db.TransactionStatus)
LoadBalancerCertMapVO(com.cloud.network.dao.LoadBalancerCertMapVO)
InvalidParameterException(java.security.InvalidParameterException)
TransactionCallbackWithException(com.cloud.utils.db.TransactionCallbackWithException)
NetworkRuleConflictException(com.cloud.exception.NetworkRuleConflictException)
InsufficientAddressCapacityException(com.cloud.exception.InsufficientAddressCapacityException)
ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
PermissionDeniedException(com.cloud.exception.PermissionDeniedException)
ArrayList(java.util.ArrayList)
List(java.util.List)
LoadBalancerVMMapVO(com.cloud.network.dao.LoadBalancerVMMapVO)
IpAddress(com.cloud.network.IpAddress)
DB(com.cloud.utils.db.DB)
Example 30 with IpAddress
use of com.cloud.network.IpAddress in project cloudstack by apache.
the class CommandSetupHelper method createFirewallRulesCommands.
public void createFirewallRulesCommands(final List<? extends FirewallRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
final List<FirewallRuleTO> rulesTO = new ArrayList<FirewallRuleTO>();
String systemRule = null;
Boolean defaultEgressPolicy = false;
if (rules != null) {
if (rules.size() > 0) {
if (rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System) {
systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
}
}
for (final FirewallRule rule : rules) {
_rulesDao.loadSourceCidrs((FirewallRuleVO) rule);
final FirewallRule.TrafficType traffictype = rule.getTrafficType();
if (traffictype == FirewallRule.TrafficType.Ingress) {
final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(), Purpose.Firewall, traffictype);
rulesTO.add(ruleTO);
} else if (rule.getTrafficType() == FirewallRule.TrafficType.Egress) {
final NetworkVO network = _networkDao.findById(guestNetworkId);
final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
defaultEgressPolicy = offering.getEgressDefaultPolicy();
assert rule.getSourceIpAddressId() == null : "ipAddressId should be null for egress firewall rule. ";
final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, "", Purpose.Firewall, traffictype, defaultEgressPolicy);
rulesTO.add(ruleTO);
}
}
}
final SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(guestNetworkId, router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
final DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId());
cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString());
if (systemRule != null) {
cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, systemRule);
} else {
cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, String.valueOf(defaultEgressPolicy));
}
cmds.addCommand(cmd);
}
Also used :
DataCenterVO(com.cloud.dc.DataCenterVO)
NetworkVO(com.cloud.network.dao.NetworkVO)
ArrayList(java.util.ArrayList)
NetworkOfferingVO(com.cloud.offerings.NetworkOfferingVO)
PrivateIpAddress(com.cloud.network.vpc.PrivateIpAddress)
IpAddress(com.cloud.network.IpAddress)
PublicIpAddress(com.cloud.network.PublicIpAddress)
FirewallRuleTO(com.cloud.agent.api.to.FirewallRuleTO)
FirewallRule(com.cloud.network.rules.FirewallRule)
SetFirewallRulesCommand(com.cloud.agent.api.routing.SetFirewallRulesCommand)
Aggregations
IpAddress (com.cloud.network.IpAddress)58
ArrayList (java.util.ArrayList)26
PublicIpAddress (com.cloud.network.PublicIpAddress)20
InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)16
ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)16
Network (com.cloud.network.Network)14
FirewallRule (com.cloud.network.rules.FirewallRule)11
HostVO (com.cloud.host.HostVO)9
CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)9
DataCenterVO (com.cloud.dc.DataCenterVO)7
CiscoVnmcControllerVO (com.cloud.network.cisco.CiscoVnmcControllerVO)7
NetworkAsa1000vMapVO (com.cloud.network.cisco.NetworkAsa1000vMapVO)7
IPAddressVO (com.cloud.network.dao.IPAddressVO)7
PrivateIpAddress (com.cloud.network.vpc.PrivateIpAddress)7
Answer (com.cloud.agent.api.Answer)6
InsufficientAddressCapacityException (com.cloud.exception.InsufficientAddressCapacityException)6
PublicIp (com.cloud.network.addr.PublicIp)6
StaticNat (com.cloud.network.rules.StaticNat)6
Account (com.cloud.user.Account)6
NetworkRuleConflictException (com.cloud.exception.NetworkRuleConflictException)5
