Search in sources :

Example 1 with RemoteAccessVpn

use of com.cloud.network.RemoteAccessVpn in project CloudStack-archive by CloudStack-extras.

the class CreateRemoteAccessVpnCmd method execute.

@Override
public void execute() {
    try {
        RemoteAccessVpn result = _ravService.startRemoteAccessVpn(publicIpId, getOpenFirewall());
        if (result != null) {
            RemoteAccessVpnResponse response = _responseGenerator.createRemoteAccessVpnResponse(result);
            response.setResponseName(getCommandName());
            this.setResponseObject(response);
        } else {
            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create remote access vpn");
        }
    } catch (ResourceUnavailableException ex) {
        s_logger.warn("Exception: ", ex);
        throw new ServerApiException(BaseCmd.RESOURCE_UNAVAILABLE_ERROR, ex.getMessage());
    }
}
Also used : ServerApiException(com.cloud.api.ServerApiException) ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException) RemoteAccessVpnResponse(com.cloud.api.response.RemoteAccessVpnResponse) RemoteAccessVpn(com.cloud.network.RemoteAccessVpn)

Example 2 with RemoteAccessVpn

use of com.cloud.network.RemoteAccessVpn in project CloudStack-archive by CloudStack-extras.

the class ListRemoteAccessVpnsCmd method execute.

@Override
public void execute() {
    List<? extends RemoteAccessVpn> vpns = _ravService.searchForRemoteAccessVpns(this);
    ListResponse<RemoteAccessVpnResponse> response = new ListResponse<RemoteAccessVpnResponse>();
    List<RemoteAccessVpnResponse> vpnResponses = new ArrayList<RemoteAccessVpnResponse>();
    if (vpns != null && !vpns.isEmpty()) {
        for (RemoteAccessVpn vpn : vpns) {
            vpnResponses.add(_responseGenerator.createRemoteAccessVpnResponse(vpn));
        }
    }
    response.setResponses(vpnResponses);
    response.setResponseName(getCommandName());
    this.setResponseObject(response);
}
Also used : ListResponse(com.cloud.api.response.ListResponse) ArrayList(java.util.ArrayList) RemoteAccessVpnResponse(com.cloud.api.response.RemoteAccessVpnResponse) RemoteAccessVpn(com.cloud.network.RemoteAccessVpn)

Example 3 with RemoteAccessVpn

use of com.cloud.network.RemoteAccessVpn in project cosmic by MissionCriticalCloud.

the class VpcVirtualRouterElementTest method testApplyVpnUsers.

@Test
public void testApplyVpnUsers() {
    vpcVirtualRouterElement._vpcRouterMgr = _vpcRouterMgr;
    final AdvancedNetworkTopology advancedNetworkTopology = Mockito.mock(AdvancedNetworkTopology.class);
    final BasicNetworkTopology basicNetworkTopology = Mockito.mock(BasicNetworkTopology.class);
    networkTopologyContext.setAdvancedNetworkTopology(advancedNetworkTopology);
    networkTopologyContext.setBasicNetworkTopology(basicNetworkTopology);
    networkTopologyContext.init();
    final Vpc vpc = Mockito.mock(Vpc.class);
    final Zone zone = Mockito.mock(Zone.class);
    final RemoteAccessVpn remoteAccessVpn = Mockito.mock(RemoteAccessVpn.class);
    final DomainRouterVO domainRouterVO1 = Mockito.mock(DomainRouterVO.class);
    final DomainRouterVO domainRouterVO2 = Mockito.mock(DomainRouterVO.class);
    final VpnUser vpnUser1 = Mockito.mock(VpnUser.class);
    final VpnUser vpnUser2 = Mockito.mock(VpnUser.class);
    final List<VpnUser> users = new ArrayList<>();
    users.add(vpnUser1);
    users.add(vpnUser2);
    final List<DomainRouterVO> routers = new ArrayList<>();
    routers.add(domainRouterVO1);
    routers.add(domainRouterVO2);
    final Long vpcId = new Long(1l);
    final Long zoneId = new Long(1l);
    when(remoteAccessVpn.getVpcId()).thenReturn(vpcId);
    when(_vpcRouterMgr.getVpcRouters(vpcId)).thenReturn(routers);
    when(_entityMgr.findById(Vpc.class, vpcId)).thenReturn(vpc);
    when(vpc.getZoneId()).thenReturn(zoneId);
    when(zoneRepository.findOne(zoneId)).thenReturn(zone);
    when(networkTopologyContext.retrieveNetworkTopology(zone)).thenReturn(advancedNetworkTopology);
    try {
        when(advancedNetworkTopology.applyVpnUsers(remoteAccessVpn, users, domainRouterVO1)).thenReturn(new String[] { "user1", "user2" });
        when(advancedNetworkTopology.applyVpnUsers(remoteAccessVpn, users, domainRouterVO2)).thenReturn(new String[] { "user3", "user4" });
    } catch (final ResourceUnavailableException e) {
        fail(e.getMessage());
    }
    try {
        final String[] results = vpcVirtualRouterElement.applyVpnUsers(remoteAccessVpn, users);
        assertNotNull(results);
        assertEquals(results[0], "user1");
        assertEquals(results[1], "user2");
        assertEquals(results[2], "user3");
        assertEquals(results[3], "user4");
    } catch (final ResourceUnavailableException e) {
        fail(e.getMessage());
    }
    verify(remoteAccessVpn, times(1)).getVpcId();
    verify(vpc, times(1)).getZoneId();
    verify(zoneRepository, times(1)).findOne(zoneId);
    verify(networkTopologyContext, times(1)).retrieveNetworkTopology(zone);
}
Also used : BasicNetworkTopology(com.cloud.network.topology.BasicNetworkTopology) Zone(com.cloud.db.model.Zone) Vpc(com.cloud.network.vpc.Vpc) ArrayList(java.util.ArrayList) AdvancedNetworkTopology(com.cloud.network.topology.AdvancedNetworkTopology) VpnUser(com.cloud.network.VpnUser) ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException) RemoteAccessVpn(com.cloud.network.RemoteAccessVpn) DomainRouterVO(com.cloud.vm.DomainRouterVO) Test(org.junit.Test)

Example 4 with RemoteAccessVpn

use of com.cloud.network.RemoteAccessVpn in project cloudstack by apache.

the class VirtualNetworkApplianceManagerImpl method finalizeNetworkRulesForNetwork.

protected void finalizeNetworkRulesForNetwork(final Commands cmds, final DomainRouterVO router, final Provider provider, final Long guestNetworkId) {
    s_logger.debug("Resending ipAssoc, port forwarding, load balancing rules as a part of Virtual router start");
    final ArrayList<? extends PublicIpAddress> publicIps = getPublicIpsToApply(router, provider, guestNetworkId);
    final List<FirewallRule> firewallRulesEgress = new ArrayList<FirewallRule>();
    // Fetch firewall Egress rules.
    if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) {
        firewallRulesEgress.addAll(_rulesDao.listByNetworkPurposeTrafficType(guestNetworkId, Purpose.Firewall, FirewallRule.TrafficType.Egress));
        // create egress default rule for VR
        createDefaultEgressFirewallRule(firewallRulesEgress, guestNetworkId);
    }
    // Re-apply firewall Egress rules
    s_logger.debug("Found " + firewallRulesEgress.size() + " firewall Egress rule(s) to apply as a part of domR " + router + " start.");
    if (!firewallRulesEgress.isEmpty()) {
        _commandSetupHelper.createFirewallRulesCommands(firewallRulesEgress, router, cmds, guestNetworkId);
    }
    if (publicIps != null && !publicIps.isEmpty()) {
        final List<RemoteAccessVpn> vpns = new ArrayList<RemoteAccessVpn>();
        final List<PortForwardingRule> pfRules = new ArrayList<PortForwardingRule>();
        final List<FirewallRule> staticNatFirewallRules = new ArrayList<FirewallRule>();
        final List<StaticNat> staticNats = new ArrayList<StaticNat>();
        final List<FirewallRule> firewallRulesIngress = new ArrayList<FirewallRule>();
        // StaticNatRules; PFVPN to reapply on domR start)
        for (final PublicIpAddress ip : publicIps) {
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.PortForwarding, provider)) {
                pfRules.addAll(_pfRulesDao.listForApplication(ip.getId()));
            }
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) {
                staticNatFirewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.StaticNat));
            }
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) {
                firewallRulesIngress.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.Firewall));
            }
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Vpn, provider)) {
                final RemoteAccessVpn vpn = _vpnDao.findByPublicIpAddress(ip.getId());
                if (vpn != null) {
                    vpns.add(vpn);
                }
            }
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) {
                if (ip.isOneToOneNat()) {
                    boolean revoke = false;
                    if (ip.getState() == IpAddress.State.Releasing) {
                        // for ips got struck in releasing state we need to delete the rule not add.
                        s_logger.debug("Rule revoke set to true for the ip " + ip.getAddress() + " becasue it is in releasing state");
                        revoke = true;
                    }
                    final StaticNatImpl staticNat = new StaticNatImpl(ip.getAccountId(), ip.getDomainId(), guestNetworkId, ip.getId(), ip.getVmIp(), revoke);
                    staticNats.add(staticNat);
                }
            }
        }
        // Re-apply static nats
        s_logger.debug("Found " + staticNats.size() + " static nat(s) to apply as a part of domR " + router + " start.");
        if (!staticNats.isEmpty()) {
            _commandSetupHelper.createApplyStaticNatCommands(staticNats, router, cmds, guestNetworkId);
        }
        // Re-apply firewall Ingress rules
        s_logger.debug("Found " + firewallRulesIngress.size() + " firewall Ingress rule(s) to apply as a part of domR " + router + " start.");
        if (!firewallRulesIngress.isEmpty()) {
            _commandSetupHelper.createFirewallRulesCommands(firewallRulesIngress, router, cmds, guestNetworkId);
        }
        // Re-apply port forwarding rules
        s_logger.debug("Found " + pfRules.size() + " port forwarding rule(s) to apply as a part of domR " + router + " start.");
        if (!pfRules.isEmpty()) {
            _commandSetupHelper.createApplyPortForwardingRulesCommands(pfRules, router, cmds, guestNetworkId);
        }
        // Re-apply static nat rules
        s_logger.debug("Found " + staticNatFirewallRules.size() + " static nat rule(s) to apply as a part of domR " + router + " start.");
        if (!staticNatFirewallRules.isEmpty()) {
            final List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>();
            for (final FirewallRule rule : staticNatFirewallRules) {
                staticNatRules.add(_rulesMgr.buildStaticNatRule(rule, false));
            }
            _commandSetupHelper.createApplyStaticNatRulesCommands(staticNatRules, router, cmds, guestNetworkId);
        }
        // Re-apply vpn rules
        s_logger.debug("Found " + vpns.size() + " vpn(s) to apply as a part of domR " + router + " start.");
        if (!vpns.isEmpty()) {
            for (final RemoteAccessVpn vpn : vpns) {
                _commandSetupHelper.createApplyVpnCommands(true, vpn, router, cmds);
            }
        }
        final List<LoadBalancerVO> lbs = _loadBalancerDao.listByNetworkIdAndScheme(guestNetworkId, Scheme.Public);
        final List<LoadBalancingRule> lbRules = new ArrayList<LoadBalancingRule>();
        if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Lb, provider)) {
            // Re-apply load balancing rules
            for (final LoadBalancerVO lb : lbs) {
                final List<LbDestination> dstList = _lbMgr.getExistingDestinations(lb.getId());
                final List<LbStickinessPolicy> policyList = _lbMgr.getStickinessPolicies(lb.getId());
                final List<LbHealthCheckPolicy> hcPolicyList = _lbMgr.getHealthCheckPolicies(lb.getId());
                final Ip sourceIp = _networkModel.getPublicIpAddress(lb.getSourceIpAddressId()).getAddress();
                final LbSslCert sslCert = _lbMgr.getLbSslCert(lb.getId());
                final LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList, policyList, hcPolicyList, sourceIp, sslCert, lb.getLbProtocol());
                lbRules.add(loadBalancing);
            }
        }
        s_logger.debug("Found " + lbRules.size() + " load balancing rule(s) to apply as a part of domR " + router + " start.");
        if (!lbRules.isEmpty()) {
            _commandSetupHelper.createApplyLoadBalancingRulesCommands(lbRules, router, cmds, guestNetworkId);
        }
    }
    // Reapply dhcp and dns configuration.
    final Network guestNetwork = _networkDao.findById(guestNetworkId);
    if (guestNetwork.getGuestType() == GuestType.Shared && _networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Dhcp, provider)) {
        final Map<Network.Capability, String> dhcpCapabilities = _networkSvc.getNetworkOfferingServiceCapabilities(_networkOfferingDao.findById(_networkDao.findById(guestNetworkId).getNetworkOfferingId()), Service.Dhcp);
        final String supportsMultipleSubnets = dhcpCapabilities.get(Network.Capability.DhcpAccrossMultipleSubnets);
        if (supportsMultipleSubnets != null && Boolean.valueOf(supportsMultipleSubnets)) {
            final List<NicIpAliasVO> revokedIpAliasVOs = _nicIpAliasDao.listByNetworkIdAndState(guestNetworkId, NicIpAlias.State.revoked);
            s_logger.debug("Found" + revokedIpAliasVOs.size() + "ip Aliases to revoke on the router as a part of dhcp configuration");
            removeRevokedIpAliasFromDb(revokedIpAliasVOs);
            final List<NicIpAliasVO> aliasVOs = _nicIpAliasDao.listByNetworkIdAndState(guestNetworkId, NicIpAlias.State.active);
            s_logger.debug("Found" + aliasVOs.size() + "ip Aliases to apply on the router as a part of dhcp configuration");
            final List<IpAliasTO> activeIpAliasTOs = new ArrayList<IpAliasTO>();
            for (final NicIpAliasVO aliasVO : aliasVOs) {
                activeIpAliasTOs.add(new IpAliasTO(aliasVO.getIp4Address(), aliasVO.getNetmask(), aliasVO.getAliasCount().toString()));
            }
            if (activeIpAliasTOs.size() != 0) {
                _commandSetupHelper.createIpAlias(router, activeIpAliasTOs, guestNetworkId, cmds);
                _commandSetupHelper.configDnsMasq(router, _networkDao.findById(guestNetworkId), cmds);
            }
        }
    }
}
Also used : LoadBalancingRule(com.cloud.network.lb.LoadBalancingRule) PublicIp(com.cloud.network.addr.PublicIp) Ip(com.cloud.utils.net.Ip) ArrayList(java.util.ArrayList) LoadBalancerVO(com.cloud.network.dao.LoadBalancerVO) LbStickinessPolicy(com.cloud.network.lb.LoadBalancingRule.LbStickinessPolicy) StaticNatRule(com.cloud.network.rules.StaticNatRule) NicIpAliasVO(com.cloud.vm.dao.NicIpAliasVO) LbDestination(com.cloud.network.lb.LoadBalancingRule.LbDestination) PublicIpAddress(com.cloud.network.PublicIpAddress) Network(com.cloud.network.Network) FirewallRule(com.cloud.network.rules.FirewallRule) LbSslCert(com.cloud.network.lb.LoadBalancingRule.LbSslCert) PortForwardingRule(com.cloud.network.rules.PortForwardingRule) StaticNat(com.cloud.network.rules.StaticNat) StaticNatImpl(com.cloud.network.rules.StaticNatImpl) LbHealthCheckPolicy(com.cloud.network.lb.LoadBalancingRule.LbHealthCheckPolicy) IpAliasTO(com.cloud.agent.api.routing.IpAliasTO) RemoteAccessVpn(com.cloud.network.RemoteAccessVpn)

Example 5 with RemoteAccessVpn

use of com.cloud.network.RemoteAccessVpn in project cloudstack by apache.

the class VpcVirtualRouterElementTest method testApplyVpnUsers.

@Test
public void testApplyVpnUsers() {
    vpcVirtualRouterElement._vpcRouterMgr = _vpcRouterMgr;
    final AdvancedNetworkTopology advancedNetworkTopology = Mockito.mock(AdvancedNetworkTopology.class);
    final BasicNetworkTopology basicNetworkTopology = Mockito.mock(BasicNetworkTopology.class);
    networkTopologyContext.setAdvancedNetworkTopology(advancedNetworkTopology);
    networkTopologyContext.setBasicNetworkTopology(basicNetworkTopology);
    networkTopologyContext.init();
    final Vpc vpc = Mockito.mock(Vpc.class);
    final DataCenterVO dataCenterVO = Mockito.mock(DataCenterVO.class);
    final RemoteAccessVpn remoteAccessVpn = Mockito.mock(RemoteAccessVpn.class);
    final DomainRouterVO domainRouterVO1 = Mockito.mock(DomainRouterVO.class);
    final DomainRouterVO domainRouterVO2 = Mockito.mock(DomainRouterVO.class);
    final VpnUser vpnUser1 = Mockito.mock(VpnUser.class);
    final VpnUser vpnUser2 = Mockito.mock(VpnUser.class);
    final List<VpnUser> users = new ArrayList<VpnUser>();
    users.add(vpnUser1);
    users.add(vpnUser2);
    final List<DomainRouterVO> routers = new ArrayList<DomainRouterVO>();
    routers.add(domainRouterVO1);
    routers.add(domainRouterVO2);
    final Long vpcId = new Long(1l);
    final Long zoneId = new Long(1l);
    when(remoteAccessVpn.getVpcId()).thenReturn(vpcId);
    when(_vpcRouterMgr.getVpcRouters(vpcId)).thenReturn(routers);
    when(_entityMgr.findById(Vpc.class, vpcId)).thenReturn(vpc);
    when(vpc.getZoneId()).thenReturn(zoneId);
    when(_dcDao.findById(zoneId)).thenReturn(dataCenterVO);
    when(networkTopologyContext.retrieveNetworkTopology(dataCenterVO)).thenReturn(advancedNetworkTopology);
    try {
        when(advancedNetworkTopology.applyVpnUsers(remoteAccessVpn, users, domainRouterVO1)).thenReturn(new String[] { "user1", "user2" });
        when(advancedNetworkTopology.applyVpnUsers(remoteAccessVpn, users, domainRouterVO2)).thenReturn(new String[] { "user3", "user4" });
    } catch (final ResourceUnavailableException e) {
        fail(e.getMessage());
    }
    try {
        final String[] results = vpcVirtualRouterElement.applyVpnUsers(remoteAccessVpn, users);
        assertNotNull(results);
        assertEquals(results[0], "user1");
        assertEquals(results[1], "user2");
        assertEquals(results[2], "user3");
        assertEquals(results[3], "user4");
    } catch (final ResourceUnavailableException e) {
        fail(e.getMessage());
    }
    verify(remoteAccessVpn, times(1)).getVpcId();
    verify(vpc, times(1)).getZoneId();
    verify(_dcDao, times(1)).findById(zoneId);
    verify(networkTopologyContext, times(1)).retrieveNetworkTopology(dataCenterVO);
}
Also used : BasicNetworkTopology(org.apache.cloudstack.network.topology.BasicNetworkTopology) DataCenterVO(com.cloud.dc.DataCenterVO) Vpc(com.cloud.network.vpc.Vpc) ArrayList(java.util.ArrayList) AdvancedNetworkTopology(org.apache.cloudstack.network.topology.AdvancedNetworkTopology) VpnUser(com.cloud.network.VpnUser) ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException) RemoteAccessVpn(com.cloud.network.RemoteAccessVpn) DomainRouterVO(com.cloud.vm.DomainRouterVO) Test(org.junit.Test)

Aggregations

RemoteAccessVpn (com.cloud.network.RemoteAccessVpn)22 ArrayList (java.util.ArrayList)11 ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)9 VpnUser (com.cloud.network.VpnUser)7 Test (org.junit.Test)6 RemoteAccessVpnResponse (com.cloud.api.response.RemoteAccessVpnResponse)5 Vpc (com.cloud.network.vpc.Vpc)5 Network (com.cloud.network.Network)4 PublicIpAddress (com.cloud.network.PublicIpAddress)4 Zone (com.cloud.db.model.Zone)3 NetworkRuleConflictException (com.cloud.exception.NetworkRuleConflictException)3 IPAddressVO (com.cloud.network.dao.IPAddressVO)3 RemoteAccessVpnVO (com.cloud.network.dao.RemoteAccessVpnVO)3 FirewallRuleVO (com.cloud.network.rules.FirewallRuleVO)3 NetworkOfferingVO (com.cloud.offerings.NetworkOfferingVO)3 DomainRouterVO (com.cloud.vm.DomainRouterVO)3 List (java.util.List)3 RemoteAccessVpnResponse (org.apache.cloudstack.api.response.RemoteAccessVpnResponse)3 AdvancedNetworkTopology (org.apache.cloudstack.network.topology.AdvancedNetworkTopology)3 BasicNetworkTopology (org.apache.cloudstack.network.topology.BasicNetworkTopology)3