use of com.cloud.network.RemoteAccessVpn in project cosmic by MissionCriticalCloud.
the class VpcVirtualRouterElementTest method testApplyVpnUsersException1.
@Test
public void testApplyVpnUsersException1() {
vpcVirtualRouterElement._vpcRouterMgr = _vpcRouterMgr;
final AdvancedNetworkTopology advancedNetworkTopology = Mockito.mock(AdvancedNetworkTopology.class);
final BasicNetworkTopology basicNetworkTopology = Mockito.mock(BasicNetworkTopology.class);
networkTopologyContext.setAdvancedNetworkTopology(advancedNetworkTopology);
networkTopologyContext.setBasicNetworkTopology(basicNetworkTopology);
networkTopologyContext.init();
final RemoteAccessVpn remoteAccessVpn = Mockito.mock(RemoteAccessVpn.class);
final List<VpnUser> users = new ArrayList<>();
when(remoteAccessVpn.getVpcId()).thenReturn(null);
try {
final String[] results = vpcVirtualRouterElement.applyVpnUsers(remoteAccessVpn, users);
assertNull(results);
} catch (final ResourceUnavailableException e) {
fail(e.getMessage());
}
verify(remoteAccessVpn, times(1)).getVpcId();
}
use of com.cloud.network.RemoteAccessVpn in project cosmic by MissionCriticalCloud.
the class CreateRemoteAccessVpnCmd method create.
@Override
public void create() {
try {
final RemoteAccessVpn vpn = _ravService.createRemoteAccessVpn(publicIpId, ipRange, getOpenFirewall(), isDisplay());
if (vpn != null) {
setEntityId(vpn.getId());
setEntityUuid(vpn.getUuid());
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create remote access vpn");
}
} catch (final NetworkRuleConflictException e) {
s_logger.info("Network rule conflict: " + e.getMessage());
s_logger.trace("Network Rule Conflict: ", e);
throw new ServerApiException(ApiErrorCode.NETWORK_RULE_CONFLICT_ERROR, e.getMessage());
}
}
use of com.cloud.network.RemoteAccessVpn in project cosmic by MissionCriticalCloud.
the class CreateRemoteAccessVpnCmd method execute.
@Override
public void execute() {
try {
final RemoteAccessVpn result = _ravService.startRemoteAccessVpn(publicIpId, getOpenFirewall());
if (result != null) {
final RemoteAccessVpnResponse response = _responseGenerator.createRemoteAccessVpnResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create remote access vpn");
}
} catch (final ResourceUnavailableException ex) {
s_logger.warn("Exception: ", ex);
throw new ServerApiException(ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, ex.getMessage());
}
}
use of com.cloud.network.RemoteAccessVpn in project cloudstack by apache.
the class CreateRemoteAccessVpnCmd method create.
@Override
public void create() {
try {
RemoteAccessVpn vpn = _ravService.createRemoteAccessVpn(publicIpId, ipRange, getOpenFirewall(), isDisplay());
if (vpn != null) {
setEntityId(vpn.getId());
setEntityUuid(vpn.getUuid());
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create remote access vpn");
}
} catch (NetworkRuleConflictException e) {
s_logger.info("Network rule conflict: " + e.getMessage());
s_logger.trace("Network Rule Conflict: ", e);
throw new ServerApiException(ApiErrorCode.NETWORK_RULE_CONFLICT_ERROR, e.getMessage());
}
}
use of com.cloud.network.RemoteAccessVpn in project cloudstack by apache.
the class NetworkOrchestrator method reprogramNetworkRules.
// This method re-programs the rules/ips for existing network
protected boolean reprogramNetworkRules(final long networkId, final Account caller, final Network network) throws ResourceUnavailableException {
boolean success = true;
// Apply egress rules first to effect the egress policy early on the guest traffic
final List<FirewallRuleVO> firewallEgressRulesToApply = _firewallDao.listByNetworkPurposeTrafficType(networkId, Purpose.Firewall, FirewallRule.TrafficType.Egress);
final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
final DataCenter zone = _dcDao.findById(network.getDataCenterId());
if (_networkModel.areServicesSupportedInNetwork(network.getId(), Service.Firewall) && _networkModel.areServicesSupportedInNetwork(network.getId(), Service.Firewall) && (network.getGuestType() == Network.GuestType.Isolated || network.getGuestType() == Network.GuestType.Shared && zone.getNetworkType() == NetworkType.Advanced)) {
// add default egress rule to accept the traffic
_firewallMgr.applyDefaultEgressFirewallRule(network.getId(), offering.isEgressDefaultPolicy(), true);
}
if (!_firewallMgr.applyFirewallRules(firewallEgressRulesToApply, false, caller)) {
s_logger.warn("Failed to reapply firewall Egress rule(s) as a part of network id=" + networkId + " restart");
success = false;
}
// associate all ip addresses
if (!_ipAddrMgr.applyIpAssociations(network, false)) {
s_logger.warn("Failed to apply ip addresses as a part of network id" + networkId + " restart");
success = false;
}
// apply static nat
if (!_rulesMgr.applyStaticNatsForNetwork(networkId, false, caller)) {
s_logger.warn("Failed to apply static nats a part of network id" + networkId + " restart");
success = false;
}
// apply firewall rules
final List<FirewallRuleVO> firewallIngressRulesToApply = _firewallDao.listByNetworkPurposeTrafficType(networkId, Purpose.Firewall, FirewallRule.TrafficType.Ingress);
if (!_firewallMgr.applyFirewallRules(firewallIngressRulesToApply, false, caller)) {
s_logger.warn("Failed to reapply Ingress firewall rule(s) as a part of network id=" + networkId + " restart");
success = false;
}
// apply port forwarding rules
if (!_rulesMgr.applyPortForwardingRulesForNetwork(networkId, false, caller)) {
s_logger.warn("Failed to reapply port forwarding rule(s) as a part of network id=" + networkId + " restart");
success = false;
}
// apply static nat rules
if (!_rulesMgr.applyStaticNatRulesForNetwork(networkId, false, caller)) {
s_logger.warn("Failed to reapply static nat rule(s) as a part of network id=" + networkId + " restart");
success = false;
}
// apply public load balancer rules
if (!_lbMgr.applyLoadBalancersForNetwork(networkId, Scheme.Public)) {
s_logger.warn("Failed to reapply Public load balancer rules as a part of network id=" + networkId + " restart");
success = false;
}
// apply internal load balancer rules
if (!_lbMgr.applyLoadBalancersForNetwork(networkId, Scheme.Internal)) {
s_logger.warn("Failed to reapply internal load balancer rules as a part of network id=" + networkId + " restart");
success = false;
}
// apply vpn rules
final List<? extends RemoteAccessVpn> vpnsToReapply = _vpnMgr.listRemoteAccessVpns(networkId);
if (vpnsToReapply != null) {
for (final RemoteAccessVpn vpn : vpnsToReapply) {
// Start remote access vpn per ip
if (_vpnMgr.startRemoteAccessVpn(vpn.getServerAddressId(), false) == null) {
s_logger.warn("Failed to reapply vpn rules as a part of network id=" + networkId + " restart");
success = false;
}
}
}
// apply network ACLs
if (!_networkACLMgr.applyACLToNetwork(networkId)) {
s_logger.warn("Failed to reapply network ACLs as a part of of network id=" + networkId + " restart");
success = false;
}
return success;
}
Aggregations