Example 36 with IpAddress
use of com.cloud.network.IpAddress in project cloudstack by apache.
the class CommandSetupHelper method createApplyStaticNatRulesCommands.
public void createApplyStaticNatRulesCommands(final List<? extends StaticNatRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
final List<StaticNatRuleTO> rulesTO = new ArrayList<StaticNatRuleTO>();
if (rules != null) {
for (final StaticNatRule rule : rules) {
final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
final StaticNatRuleTO ruleTO = new StaticNatRuleTO(rule, null, sourceIp.getAddress().addr(), rule.getDestIpAddress());
rulesTO.add(ruleTO);
}
}
final SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rulesTO, router.getVpcId());
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(guestNetworkId, router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
final DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId());
cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString());
cmds.addCommand(cmd);
}
Also used :
StaticNatRuleTO(com.cloud.agent.api.to.StaticNatRuleTO)
DataCenterVO(com.cloud.dc.DataCenterVO)
SetStaticNatRulesCommand(com.cloud.agent.api.routing.SetStaticNatRulesCommand)
ArrayList(java.util.ArrayList)
PrivateIpAddress(com.cloud.network.vpc.PrivateIpAddress)
IpAddress(com.cloud.network.IpAddress)
PublicIpAddress(com.cloud.network.PublicIpAddress)
StaticNatRule(com.cloud.network.rules.StaticNatRule)
Example 37 with IpAddress
use of com.cloud.network.IpAddress in project cloudstack by apache.
the class CommandSetupHelper method createApplyFirewallRulesCommands.
public void createApplyFirewallRulesCommands(final List<? extends FirewallRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
final List<FirewallRuleTO> rulesTO = new ArrayList<FirewallRuleTO>();
String systemRule = null;
Boolean defaultEgressPolicy = false;
if (rules != null) {
if (rules.size() > 0) {
if (rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System) {
systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
}
}
for (final FirewallRule rule : rules) {
_rulesDao.loadSourceCidrs((FirewallRuleVO) rule);
final FirewallRule.TrafficType traffictype = rule.getTrafficType();
if (traffictype == FirewallRule.TrafficType.Ingress) {
final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(), Purpose.Firewall, traffictype);
rulesTO.add(ruleTO);
} else if (rule.getTrafficType() == FirewallRule.TrafficType.Egress) {
final NetworkVO network = _networkDao.findById(guestNetworkId);
final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
defaultEgressPolicy = offering.getEgressDefaultPolicy();
assert rule.getSourceIpAddressId() == null : "ipAddressId should be null for egress firewall rule. ";
final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, "", Purpose.Firewall, traffictype, defaultEgressPolicy);
rulesTO.add(ruleTO);
}
}
}
final SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(guestNetworkId, router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
final DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId());
cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString());
if (systemRule != null) {
cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, systemRule);
} else {
cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, String.valueOf(defaultEgressPolicy));
}
cmds.addCommand(cmd);
}
Also used :
DataCenterVO(com.cloud.dc.DataCenterVO)
NetworkVO(com.cloud.network.dao.NetworkVO)
ArrayList(java.util.ArrayList)
NetworkOfferingVO(com.cloud.offerings.NetworkOfferingVO)
PrivateIpAddress(com.cloud.network.vpc.PrivateIpAddress)
IpAddress(com.cloud.network.IpAddress)
PublicIpAddress(com.cloud.network.PublicIpAddress)
FirewallRuleTO(com.cloud.agent.api.to.FirewallRuleTO)
FirewallRule(com.cloud.network.rules.FirewallRule)
SetFirewallRulesCommand(com.cloud.agent.api.routing.SetFirewallRulesCommand)
Example 38 with IpAddress
use of com.cloud.network.IpAddress in project cloudstack by apache.
the class VirtualNetworkApplianceManagerImpl method getPublicIpsToApply.
protected ArrayList<? extends PublicIpAddress> getPublicIpsToApply(final VirtualRouter router, final Provider provider, final Long guestNetworkId, final com.cloud.network.IpAddress.State... skipInStates) {
final long ownerId = router.getAccountId();
final List<? extends IpAddress> userIps;
final Network guestNetwork = _networkDao.findById(guestNetworkId);
if (guestNetwork.getGuestType() == GuestType.Shared) {
// ignore the account id for the shared network
userIps = _networkModel.listPublicIpsAssignedToGuestNtwk(guestNetworkId, null);
} else {
userIps = _networkModel.listPublicIpsAssignedToGuestNtwk(ownerId, guestNetworkId, null);
}
final List<PublicIp> allPublicIps = new ArrayList<PublicIp>();
if (userIps != null && !userIps.isEmpty()) {
boolean addIp = true;
for (final IpAddress userIp : userIps) {
if (skipInStates != null) {
for (final IpAddress.State stateToSkip : skipInStates) {
if (userIp.getState() == stateToSkip) {
s_logger.debug("Skipping ip address " + userIp + " in state " + userIp.getState());
addIp = false;
break;
}
}
}
if (addIp) {
final IPAddressVO ipVO = _ipAddressDao.findById(userIp.getId());
final PublicIp publicIp = PublicIp.createFromAddrAndVlan(ipVO, _vlanDao.findById(userIp.getVlanId()));
allPublicIps.add(publicIp);
}
}
}
// Get public Ips that should be handled by router
final Network network = _networkDao.findById(guestNetworkId);
final Map<PublicIpAddress, Set<Service>> ipToServices = _networkModel.getIpToServices(allPublicIps, false, true);
final Map<Provider, ArrayList<PublicIpAddress>> providerToIpList = _networkModel.getProviderToIpList(network, ipToServices);
// Only cover virtual router for now, if ELB use it this need to be
// modified
final ArrayList<PublicIpAddress> publicIps = providerToIpList.get(provider);
return publicIps;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
PublicIp(com.cloud.network.addr.PublicIp)
ArrayList(java.util.ArrayList)
VirtualRouterProvider(com.cloud.network.VirtualRouterProvider)
Provider(com.cloud.network.Network.Provider)
PublicIpAddress(com.cloud.network.PublicIpAddress)
Network(com.cloud.network.Network)
IpAddress(com.cloud.network.IpAddress)
PublicIpAddress(com.cloud.network.PublicIpAddress)
IPAddressVO(com.cloud.network.dao.IPAddressVO)
Example 39 with IpAddress
use of com.cloud.network.IpAddress in project cloudstack by apache.
the class CommandSetupHelper method createApplyVpnCommands.
public void createApplyVpnCommands(final boolean isCreate, final RemoteAccessVpn vpn, final VirtualRouter router, final Commands cmds) {
final List<VpnUserVO> vpnUsers = _vpnUsersDao.listByAccount(vpn.getAccountId());
createApplyVpnUsersCommand(vpnUsers, router, cmds);
final IpAddress ip = _networkModel.getIp(vpn.getServerAddressId());
// This block is needed due to the line 206 of the
// RemoteAccessVpnManagenerImpl:
// TODO: assumes one virtual network / domr per account per zone
final String cidr;
final Network network = _networkDao.findById(vpn.getNetworkId());
if (network == null) {
final Vpc vpc = _vpcDao.findById(vpn.getVpcId());
cidr = vpc.getCidr();
} else {
cidr = network.getCidr();
}
final RemoteAccessVpnCfgCommand startVpnCmd = new RemoteAccessVpnCfgCommand(isCreate, ip.getAddress().addr(), vpn.getLocalIp(), vpn.getIpRange(), vpn.getIpsecPresharedKey(), vpn.getVpcId() != null);
startVpnCmd.setLocalCidr(cidr);
startVpnCmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
startVpnCmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
final DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId());
startVpnCmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString());
cmds.addCommand("startVpn", startVpnCmd);
}
Also used :
DataCenterVO(com.cloud.dc.DataCenterVO)
VpnUserVO(com.cloud.network.VpnUserVO)
Network(com.cloud.network.Network)
Vpc(com.cloud.network.vpc.Vpc)
PrivateIpAddress(com.cloud.network.vpc.PrivateIpAddress)
IpAddress(com.cloud.network.IpAddress)
PublicIpAddress(com.cloud.network.PublicIpAddress)
RemoteAccessVpnCfgCommand(com.cloud.agent.api.routing.RemoteAccessVpnCfgCommand)
Example 40 with IpAddress
use of com.cloud.network.IpAddress in project cloudstack by apache.
the class RulesManagerImpl method createPortForwardingRule.
@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "creating forwarding rule", create = true)
public PortForwardingRule createPortForwardingRule(final PortForwardingRule rule, final Long vmId, Ip vmIp, final boolean openFirewall, final Boolean forDisplay) throws NetworkRuleConflictException {
CallContext ctx = CallContext.current();
final Account caller = ctx.getCallingAccount();
final Long ipAddrId = rule.getSourceIpAddressId();
IPAddressVO ipAddress = _ipAddressDao.findById(ipAddrId);
// Validate ip address
if (ipAddress == null) {
throw new InvalidParameterValueException("Unable to create port forwarding rule; ip id=" + ipAddrId + " doesn't exist in the system");
} else if (ipAddress.isOneToOneNat()) {
throw new InvalidParameterValueException("Unable to create port forwarding rule; ip id=" + ipAddrId + " has static nat enabled");
}
final Long networkId = rule.getNetworkId();
Network network = _networkModel.getNetwork(networkId);
//associate ip address to network (if needed)
boolean performedIpAssoc = false;
Nic guestNic;
if (ipAddress.getAssociatedWithNetworkId() == null) {
boolean assignToVpcNtwk = network.getVpcId() != null && ipAddress.getVpcId() != null && ipAddress.getVpcId().longValue() == network.getVpcId();
if (assignToVpcNtwk) {
_networkModel.checkIpForService(ipAddress, Service.PortForwarding, networkId);
s_logger.debug("The ip is not associated with the VPC network id=" + networkId + ", so assigning");
try {
ipAddress = _ipAddrMgr.associateIPToGuestNetwork(ipAddrId, networkId, false);
performedIpAssoc = true;
} catch (Exception ex) {
throw new CloudRuntimeException("Failed to associate ip to VPC network as " + "a part of port forwarding rule creation");
}
}
} else {
_networkModel.checkIpForService(ipAddress, Service.PortForwarding, null);
}
if (ipAddress.getAssociatedWithNetworkId() == null) {
throw new InvalidParameterValueException("Ip address " + ipAddress + " is not assigned to the network " + network);
}
try {
_firewallMgr.validateFirewallRule(caller, ipAddress, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), Purpose.PortForwarding, FirewallRuleType.User, networkId, rule.getTrafficType());
final Long accountId = ipAddress.getAllocatedToAccountId();
final Long domainId = ipAddress.getAllocatedInDomainId();
// start port can't be bigger than end port
if (rule.getDestinationPortStart() > rule.getDestinationPortEnd()) {
throw new InvalidParameterValueException("Start port can't be bigger than end port");
}
// check that the port ranges are of equal size
if ((rule.getDestinationPortEnd() - rule.getDestinationPortStart()) != (rule.getSourcePortEnd() - rule.getSourcePortStart())) {
throw new InvalidParameterValueException("Source port and destination port ranges should be of equal sizes.");
}
// validate user VM exists
UserVm vm = _vmDao.findById(vmId);
if (vm == null) {
throw new InvalidParameterValueException("Unable to create port forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + vmId + ").");
} else if (vm.getState() == VirtualMachine.State.Destroyed || vm.getState() == VirtualMachine.State.Expunging) {
throw new InvalidParameterValueException("Invalid user vm: " + vm.getId());
}
// Verify that vm has nic in the network
Ip dstIp = rule.getDestinationIpAddress();
guestNic = _networkModel.getNicInNetwork(vmId, networkId);
if (guestNic == null || guestNic.getIPv4Address() == null) {
throw new InvalidParameterValueException("Vm doesn't belong to network associated with ipAddress");
} else {
dstIp = new Ip(guestNic.getIPv4Address());
}
if (vmIp != null) {
//vm ip is passed so it can be primary or secondary ip addreess.
if (!dstIp.equals(vmIp)) {
//the vm ip is secondary ip to the nic.
// is vmIp is secondary ip or not
NicSecondaryIp secondaryIp = _nicSecondaryDao.findByIp4AddressAndNicId(vmIp.toString(), guestNic.getId());
if (secondaryIp == null) {
throw new InvalidParameterValueException("IP Address is not in the VM nic's network ");
}
dstIp = vmIp;
}
}
//if start port and end port are passed in, and they are not equal to each other, perform the validation
boolean validatePortRange = false;
if (rule.getSourcePortStart().intValue() != rule.getSourcePortEnd().intValue() || rule.getDestinationPortStart() != rule.getDestinationPortEnd()) {
validatePortRange = true;
}
if (validatePortRange) {
//source start port and source dest port should be the same. The same applies to dest ports
if (rule.getSourcePortStart().intValue() != rule.getDestinationPortStart()) {
throw new InvalidParameterValueException("Private port start should be equal to public port start");
}
if (rule.getSourcePortEnd().intValue() != rule.getDestinationPortEnd()) {
throw new InvalidParameterValueException("Private port end should be equal to public port end");
}
}
final Ip dstIpFinal = dstIp;
final IPAddressVO ipAddressFinal = ipAddress;
return Transaction.execute(new TransactionCallbackWithException<PortForwardingRuleVO, NetworkRuleConflictException>() {
@Override
public PortForwardingRuleVO doInTransaction(TransactionStatus status) throws NetworkRuleConflictException {
PortForwardingRuleVO newRule = new PortForwardingRuleVO(rule.getXid(), rule.getSourceIpAddressId(), rule.getSourcePortStart(), rule.getSourcePortEnd(), dstIpFinal, rule.getDestinationPortStart(), rule.getDestinationPortEnd(), rule.getProtocol().toLowerCase(), networkId, accountId, domainId, vmId);
if (forDisplay != null) {
newRule.setDisplay(forDisplay);
}
newRule = _portForwardingDao.persist(newRule);
// create firewallRule for 0.0.0.0/0 cidr
if (openFirewall) {
_firewallMgr.createRuleForAllCidrs(ipAddrId, caller, rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), null, null, newRule.getId(), networkId);
}
try {
_firewallMgr.detectRulesConflict(newRule);
if (!_firewallDao.setStateToAdd(newRule)) {
throw new CloudRuntimeException("Unable to update the state to add for " + newRule);
}
CallContext.current().setEventDetails("Rule Id: " + newRule.getId());
UsageEventUtils.publishUsageEvent(EventTypes.EVENT_NET_RULE_ADD, newRule.getAccountId(), ipAddressFinal.getDataCenterId(), newRule.getId(), null, PortForwardingRule.class.getName(), newRule.getUuid());
return newRule;
} catch (Exception e) {
if (newRule != null) {
// no need to apply the rule as it wasn't programmed on the backend yet
_firewallMgr.revokeRelatedFirewallRule(newRule.getId(), false);
removePFRule(newRule);
}
if (e instanceof NetworkRuleConflictException) {
throw (NetworkRuleConflictException) e;
}
throw new CloudRuntimeException("Unable to add rule for the ip id=" + ipAddrId, e);
}
}
});
} finally {
// release ip address if ipassoc was perfored
if (performedIpAssoc) {
//if the rule is the last one for the ip address assigned to VPC, unassign it from the network
IpAddress ip = _ipAddressDao.findById(ipAddress.getId());
_vpcMgr.unassignIPFromVpcNetwork(ip.getId(), networkId);
}
}
}
Also used :
Account(com.cloud.user.Account)
Ip(com.cloud.utils.net.Ip)
NicSecondaryIp(com.cloud.vm.NicSecondaryIp)
NicSecondaryIp(com.cloud.vm.NicSecondaryIp)
Nic(com.cloud.vm.Nic)
TransactionStatus(com.cloud.utils.db.TransactionStatus)
CallContext(org.apache.cloudstack.context.CallContext)
NetworkRuleConflictException(com.cloud.exception.NetworkRuleConflictException)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
TransactionCallbackWithException(com.cloud.utils.db.TransactionCallbackWithException)
NetworkRuleConflictException(com.cloud.exception.NetworkRuleConflictException)
InsufficientAddressCapacityException(com.cloud.exception.InsufficientAddressCapacityException)
ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
UserVm(com.cloud.uservm.UserVm)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
Network(com.cloud.network.Network)
IPAddressVO(com.cloud.network.dao.IPAddressVO)
IpAddress(com.cloud.network.IpAddress)
ActionEvent(com.cloud.event.ActionEvent)
DB(com.cloud.utils.db.DB)
Aggregations
IpAddress (com.cloud.network.IpAddress)58
ArrayList (java.util.ArrayList)26
PublicIpAddress (com.cloud.network.PublicIpAddress)20
InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)16
ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)16
Network (com.cloud.network.Network)14
FirewallRule (com.cloud.network.rules.FirewallRule)11
HostVO (com.cloud.host.HostVO)9
CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)9
DataCenterVO (com.cloud.dc.DataCenterVO)7
CiscoVnmcControllerVO (com.cloud.network.cisco.CiscoVnmcControllerVO)7
NetworkAsa1000vMapVO (com.cloud.network.cisco.NetworkAsa1000vMapVO)7
IPAddressVO (com.cloud.network.dao.IPAddressVO)7
PrivateIpAddress (com.cloud.network.vpc.PrivateIpAddress)7
Answer (com.cloud.agent.api.Answer)6
InsufficientAddressCapacityException (com.cloud.exception.InsufficientAddressCapacityException)6
PublicIp (com.cloud.network.addr.PublicIp)6
StaticNat (com.cloud.network.rules.StaticNat)6
Account (com.cloud.user.Account)6
NetworkRuleConflictException (com.cloud.exception.NetworkRuleConflictException)5
