use of com.cloud.network.RemoteAccessVpn in project CloudStack-archive by CloudStack-extras.
the class CreateRemoteAccessVpnCmd method execute.
@Override
public void execute() {
try {
RemoteAccessVpn result = _ravService.startRemoteAccessVpn(publicIpId, getOpenFirewall());
if (result != null) {
RemoteAccessVpnResponse response = _responseGenerator.createRemoteAccessVpnResponse(result);
response.setResponseName(getCommandName());
this.setResponseObject(response);
} else {
throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create remote access vpn");
}
} catch (ResourceUnavailableException ex) {
s_logger.warn("Exception: ", ex);
throw new ServerApiException(BaseCmd.RESOURCE_UNAVAILABLE_ERROR, ex.getMessage());
}
}
use of com.cloud.network.RemoteAccessVpn in project CloudStack-archive by CloudStack-extras.
the class ListRemoteAccessVpnsCmd method execute.
@Override
public void execute() {
List<? extends RemoteAccessVpn> vpns = _ravService.searchForRemoteAccessVpns(this);
ListResponse<RemoteAccessVpnResponse> response = new ListResponse<RemoteAccessVpnResponse>();
List<RemoteAccessVpnResponse> vpnResponses = new ArrayList<RemoteAccessVpnResponse>();
if (vpns != null && !vpns.isEmpty()) {
for (RemoteAccessVpn vpn : vpns) {
vpnResponses.add(_responseGenerator.createRemoteAccessVpnResponse(vpn));
}
}
response.setResponses(vpnResponses);
response.setResponseName(getCommandName());
this.setResponseObject(response);
}
use of com.cloud.network.RemoteAccessVpn in project cosmic by MissionCriticalCloud.
the class VpcVirtualRouterElementTest method testApplyVpnUsers.
@Test
public void testApplyVpnUsers() {
vpcVirtualRouterElement._vpcRouterMgr = _vpcRouterMgr;
final AdvancedNetworkTopology advancedNetworkTopology = Mockito.mock(AdvancedNetworkTopology.class);
final BasicNetworkTopology basicNetworkTopology = Mockito.mock(BasicNetworkTopology.class);
networkTopologyContext.setAdvancedNetworkTopology(advancedNetworkTopology);
networkTopologyContext.setBasicNetworkTopology(basicNetworkTopology);
networkTopologyContext.init();
final Vpc vpc = Mockito.mock(Vpc.class);
final Zone zone = Mockito.mock(Zone.class);
final RemoteAccessVpn remoteAccessVpn = Mockito.mock(RemoteAccessVpn.class);
final DomainRouterVO domainRouterVO1 = Mockito.mock(DomainRouterVO.class);
final DomainRouterVO domainRouterVO2 = Mockito.mock(DomainRouterVO.class);
final VpnUser vpnUser1 = Mockito.mock(VpnUser.class);
final VpnUser vpnUser2 = Mockito.mock(VpnUser.class);
final List<VpnUser> users = new ArrayList<>();
users.add(vpnUser1);
users.add(vpnUser2);
final List<DomainRouterVO> routers = new ArrayList<>();
routers.add(domainRouterVO1);
routers.add(domainRouterVO2);
final Long vpcId = new Long(1l);
final Long zoneId = new Long(1l);
when(remoteAccessVpn.getVpcId()).thenReturn(vpcId);
when(_vpcRouterMgr.getVpcRouters(vpcId)).thenReturn(routers);
when(_entityMgr.findById(Vpc.class, vpcId)).thenReturn(vpc);
when(vpc.getZoneId()).thenReturn(zoneId);
when(zoneRepository.findOne(zoneId)).thenReturn(zone);
when(networkTopologyContext.retrieveNetworkTopology(zone)).thenReturn(advancedNetworkTopology);
try {
when(advancedNetworkTopology.applyVpnUsers(remoteAccessVpn, users, domainRouterVO1)).thenReturn(new String[] { "user1", "user2" });
when(advancedNetworkTopology.applyVpnUsers(remoteAccessVpn, users, domainRouterVO2)).thenReturn(new String[] { "user3", "user4" });
} catch (final ResourceUnavailableException e) {
fail(e.getMessage());
}
try {
final String[] results = vpcVirtualRouterElement.applyVpnUsers(remoteAccessVpn, users);
assertNotNull(results);
assertEquals(results[0], "user1");
assertEquals(results[1], "user2");
assertEquals(results[2], "user3");
assertEquals(results[3], "user4");
} catch (final ResourceUnavailableException e) {
fail(e.getMessage());
}
verify(remoteAccessVpn, times(1)).getVpcId();
verify(vpc, times(1)).getZoneId();
verify(zoneRepository, times(1)).findOne(zoneId);
verify(networkTopologyContext, times(1)).retrieveNetworkTopology(zone);
}
use of com.cloud.network.RemoteAccessVpn in project cloudstack by apache.
the class VirtualNetworkApplianceManagerImpl method finalizeNetworkRulesForNetwork.
protected void finalizeNetworkRulesForNetwork(final Commands cmds, final DomainRouterVO router, final Provider provider, final Long guestNetworkId) {
s_logger.debug("Resending ipAssoc, port forwarding, load balancing rules as a part of Virtual router start");
final ArrayList<? extends PublicIpAddress> publicIps = getPublicIpsToApply(router, provider, guestNetworkId);
final List<FirewallRule> firewallRulesEgress = new ArrayList<FirewallRule>();
// Fetch firewall Egress rules.
if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) {
firewallRulesEgress.addAll(_rulesDao.listByNetworkPurposeTrafficType(guestNetworkId, Purpose.Firewall, FirewallRule.TrafficType.Egress));
// create egress default rule for VR
createDefaultEgressFirewallRule(firewallRulesEgress, guestNetworkId);
}
// Re-apply firewall Egress rules
s_logger.debug("Found " + firewallRulesEgress.size() + " firewall Egress rule(s) to apply as a part of domR " + router + " start.");
if (!firewallRulesEgress.isEmpty()) {
_commandSetupHelper.createFirewallRulesCommands(firewallRulesEgress, router, cmds, guestNetworkId);
}
if (publicIps != null && !publicIps.isEmpty()) {
final List<RemoteAccessVpn> vpns = new ArrayList<RemoteAccessVpn>();
final List<PortForwardingRule> pfRules = new ArrayList<PortForwardingRule>();
final List<FirewallRule> staticNatFirewallRules = new ArrayList<FirewallRule>();
final List<StaticNat> staticNats = new ArrayList<StaticNat>();
final List<FirewallRule> firewallRulesIngress = new ArrayList<FirewallRule>();
// StaticNatRules; PFVPN to reapply on domR start)
for (final PublicIpAddress ip : publicIps) {
if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.PortForwarding, provider)) {
pfRules.addAll(_pfRulesDao.listForApplication(ip.getId()));
}
if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) {
staticNatFirewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.StaticNat));
}
if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) {
firewallRulesIngress.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.Firewall));
}
if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Vpn, provider)) {
final RemoteAccessVpn vpn = _vpnDao.findByPublicIpAddress(ip.getId());
if (vpn != null) {
vpns.add(vpn);
}
}
if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) {
if (ip.isOneToOneNat()) {
boolean revoke = false;
if (ip.getState() == IpAddress.State.Releasing) {
// for ips got struck in releasing state we need to delete the rule not add.
s_logger.debug("Rule revoke set to true for the ip " + ip.getAddress() + " becasue it is in releasing state");
revoke = true;
}
final StaticNatImpl staticNat = new StaticNatImpl(ip.getAccountId(), ip.getDomainId(), guestNetworkId, ip.getId(), ip.getVmIp(), revoke);
staticNats.add(staticNat);
}
}
}
// Re-apply static nats
s_logger.debug("Found " + staticNats.size() + " static nat(s) to apply as a part of domR " + router + " start.");
if (!staticNats.isEmpty()) {
_commandSetupHelper.createApplyStaticNatCommands(staticNats, router, cmds, guestNetworkId);
}
// Re-apply firewall Ingress rules
s_logger.debug("Found " + firewallRulesIngress.size() + " firewall Ingress rule(s) to apply as a part of domR " + router + " start.");
if (!firewallRulesIngress.isEmpty()) {
_commandSetupHelper.createFirewallRulesCommands(firewallRulesIngress, router, cmds, guestNetworkId);
}
// Re-apply port forwarding rules
s_logger.debug("Found " + pfRules.size() + " port forwarding rule(s) to apply as a part of domR " + router + " start.");
if (!pfRules.isEmpty()) {
_commandSetupHelper.createApplyPortForwardingRulesCommands(pfRules, router, cmds, guestNetworkId);
}
// Re-apply static nat rules
s_logger.debug("Found " + staticNatFirewallRules.size() + " static nat rule(s) to apply as a part of domR " + router + " start.");
if (!staticNatFirewallRules.isEmpty()) {
final List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>();
for (final FirewallRule rule : staticNatFirewallRules) {
staticNatRules.add(_rulesMgr.buildStaticNatRule(rule, false));
}
_commandSetupHelper.createApplyStaticNatRulesCommands(staticNatRules, router, cmds, guestNetworkId);
}
// Re-apply vpn rules
s_logger.debug("Found " + vpns.size() + " vpn(s) to apply as a part of domR " + router + " start.");
if (!vpns.isEmpty()) {
for (final RemoteAccessVpn vpn : vpns) {
_commandSetupHelper.createApplyVpnCommands(true, vpn, router, cmds);
}
}
final List<LoadBalancerVO> lbs = _loadBalancerDao.listByNetworkIdAndScheme(guestNetworkId, Scheme.Public);
final List<LoadBalancingRule> lbRules = new ArrayList<LoadBalancingRule>();
if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Lb, provider)) {
// Re-apply load balancing rules
for (final LoadBalancerVO lb : lbs) {
final List<LbDestination> dstList = _lbMgr.getExistingDestinations(lb.getId());
final List<LbStickinessPolicy> policyList = _lbMgr.getStickinessPolicies(lb.getId());
final List<LbHealthCheckPolicy> hcPolicyList = _lbMgr.getHealthCheckPolicies(lb.getId());
final Ip sourceIp = _networkModel.getPublicIpAddress(lb.getSourceIpAddressId()).getAddress();
final LbSslCert sslCert = _lbMgr.getLbSslCert(lb.getId());
final LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList, policyList, hcPolicyList, sourceIp, sslCert, lb.getLbProtocol());
lbRules.add(loadBalancing);
}
}
s_logger.debug("Found " + lbRules.size() + " load balancing rule(s) to apply as a part of domR " + router + " start.");
if (!lbRules.isEmpty()) {
_commandSetupHelper.createApplyLoadBalancingRulesCommands(lbRules, router, cmds, guestNetworkId);
}
}
// Reapply dhcp and dns configuration.
final Network guestNetwork = _networkDao.findById(guestNetworkId);
if (guestNetwork.getGuestType() == GuestType.Shared && _networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Dhcp, provider)) {
final Map<Network.Capability, String> dhcpCapabilities = _networkSvc.getNetworkOfferingServiceCapabilities(_networkOfferingDao.findById(_networkDao.findById(guestNetworkId).getNetworkOfferingId()), Service.Dhcp);
final String supportsMultipleSubnets = dhcpCapabilities.get(Network.Capability.DhcpAccrossMultipleSubnets);
if (supportsMultipleSubnets != null && Boolean.valueOf(supportsMultipleSubnets)) {
final List<NicIpAliasVO> revokedIpAliasVOs = _nicIpAliasDao.listByNetworkIdAndState(guestNetworkId, NicIpAlias.State.revoked);
s_logger.debug("Found" + revokedIpAliasVOs.size() + "ip Aliases to revoke on the router as a part of dhcp configuration");
removeRevokedIpAliasFromDb(revokedIpAliasVOs);
final List<NicIpAliasVO> aliasVOs = _nicIpAliasDao.listByNetworkIdAndState(guestNetworkId, NicIpAlias.State.active);
s_logger.debug("Found" + aliasVOs.size() + "ip Aliases to apply on the router as a part of dhcp configuration");
final List<IpAliasTO> activeIpAliasTOs = new ArrayList<IpAliasTO>();
for (final NicIpAliasVO aliasVO : aliasVOs) {
activeIpAliasTOs.add(new IpAliasTO(aliasVO.getIp4Address(), aliasVO.getNetmask(), aliasVO.getAliasCount().toString()));
}
if (activeIpAliasTOs.size() != 0) {
_commandSetupHelper.createIpAlias(router, activeIpAliasTOs, guestNetworkId, cmds);
_commandSetupHelper.configDnsMasq(router, _networkDao.findById(guestNetworkId), cmds);
}
}
}
}
use of com.cloud.network.RemoteAccessVpn in project cloudstack by apache.
the class VpcVirtualRouterElementTest method testApplyVpnUsers.
@Test
public void testApplyVpnUsers() {
vpcVirtualRouterElement._vpcRouterMgr = _vpcRouterMgr;
final AdvancedNetworkTopology advancedNetworkTopology = Mockito.mock(AdvancedNetworkTopology.class);
final BasicNetworkTopology basicNetworkTopology = Mockito.mock(BasicNetworkTopology.class);
networkTopologyContext.setAdvancedNetworkTopology(advancedNetworkTopology);
networkTopologyContext.setBasicNetworkTopology(basicNetworkTopology);
networkTopologyContext.init();
final Vpc vpc = Mockito.mock(Vpc.class);
final DataCenterVO dataCenterVO = Mockito.mock(DataCenterVO.class);
final RemoteAccessVpn remoteAccessVpn = Mockito.mock(RemoteAccessVpn.class);
final DomainRouterVO domainRouterVO1 = Mockito.mock(DomainRouterVO.class);
final DomainRouterVO domainRouterVO2 = Mockito.mock(DomainRouterVO.class);
final VpnUser vpnUser1 = Mockito.mock(VpnUser.class);
final VpnUser vpnUser2 = Mockito.mock(VpnUser.class);
final List<VpnUser> users = new ArrayList<VpnUser>();
users.add(vpnUser1);
users.add(vpnUser2);
final List<DomainRouterVO> routers = new ArrayList<DomainRouterVO>();
routers.add(domainRouterVO1);
routers.add(domainRouterVO2);
final Long vpcId = new Long(1l);
final Long zoneId = new Long(1l);
when(remoteAccessVpn.getVpcId()).thenReturn(vpcId);
when(_vpcRouterMgr.getVpcRouters(vpcId)).thenReturn(routers);
when(_entityMgr.findById(Vpc.class, vpcId)).thenReturn(vpc);
when(vpc.getZoneId()).thenReturn(zoneId);
when(_dcDao.findById(zoneId)).thenReturn(dataCenterVO);
when(networkTopologyContext.retrieveNetworkTopology(dataCenterVO)).thenReturn(advancedNetworkTopology);
try {
when(advancedNetworkTopology.applyVpnUsers(remoteAccessVpn, users, domainRouterVO1)).thenReturn(new String[] { "user1", "user2" });
when(advancedNetworkTopology.applyVpnUsers(remoteAccessVpn, users, domainRouterVO2)).thenReturn(new String[] { "user3", "user4" });
} catch (final ResourceUnavailableException e) {
fail(e.getMessage());
}
try {
final String[] results = vpcVirtualRouterElement.applyVpnUsers(remoteAccessVpn, users);
assertNotNull(results);
assertEquals(results[0], "user1");
assertEquals(results[1], "user2");
assertEquals(results[2], "user3");
assertEquals(results[3], "user4");
} catch (final ResourceUnavailableException e) {
fail(e.getMessage());
}
verify(remoteAccessVpn, times(1)).getVpcId();
verify(vpc, times(1)).getZoneId();
verify(_dcDao, times(1)).findById(zoneId);
verify(networkTopologyContext, times(1)).retrieveNetworkTopology(dataCenterVO);
}
Aggregations