Search in sources :

Example 16 with RemoteAccessVpn

use of com.cloud.network.RemoteAccessVpn in project cosmic by MissionCriticalCloud.

the class VpcVirtualRouterElementTest method testApplyVpnUsersException1.

@Test
public void testApplyVpnUsersException1() {
    vpcVirtualRouterElement._vpcRouterMgr = _vpcRouterMgr;
    final AdvancedNetworkTopology advancedNetworkTopology = Mockito.mock(AdvancedNetworkTopology.class);
    final BasicNetworkTopology basicNetworkTopology = Mockito.mock(BasicNetworkTopology.class);
    networkTopologyContext.setAdvancedNetworkTopology(advancedNetworkTopology);
    networkTopologyContext.setBasicNetworkTopology(basicNetworkTopology);
    networkTopologyContext.init();
    final RemoteAccessVpn remoteAccessVpn = Mockito.mock(RemoteAccessVpn.class);
    final List<VpnUser> users = new ArrayList<>();
    when(remoteAccessVpn.getVpcId()).thenReturn(null);
    try {
        final String[] results = vpcVirtualRouterElement.applyVpnUsers(remoteAccessVpn, users);
        assertNull(results);
    } catch (final ResourceUnavailableException e) {
        fail(e.getMessage());
    }
    verify(remoteAccessVpn, times(1)).getVpcId();
}
Also used : BasicNetworkTopology(com.cloud.network.topology.BasicNetworkTopology) VpnUser(com.cloud.network.VpnUser) ArrayList(java.util.ArrayList) ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException) AdvancedNetworkTopology(com.cloud.network.topology.AdvancedNetworkTopology) RemoteAccessVpn(com.cloud.network.RemoteAccessVpn) Test(org.junit.Test)

Example 17 with RemoteAccessVpn

use of com.cloud.network.RemoteAccessVpn in project cosmic by MissionCriticalCloud.

the class CreateRemoteAccessVpnCmd method create.

@Override
public void create() {
    try {
        final RemoteAccessVpn vpn = _ravService.createRemoteAccessVpn(publicIpId, ipRange, getOpenFirewall(), isDisplay());
        if (vpn != null) {
            setEntityId(vpn.getId());
            setEntityUuid(vpn.getUuid());
        } else {
            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create remote access vpn");
        }
    } catch (final NetworkRuleConflictException e) {
        s_logger.info("Network rule conflict: " + e.getMessage());
        s_logger.trace("Network Rule Conflict: ", e);
        throw new ServerApiException(ApiErrorCode.NETWORK_RULE_CONFLICT_ERROR, e.getMessage());
    }
}
Also used : ServerApiException(com.cloud.api.ServerApiException) NetworkRuleConflictException(com.cloud.exception.NetworkRuleConflictException) RemoteAccessVpn(com.cloud.network.RemoteAccessVpn)

Example 18 with RemoteAccessVpn

use of com.cloud.network.RemoteAccessVpn in project cosmic by MissionCriticalCloud.

the class CreateRemoteAccessVpnCmd method execute.

@Override
public void execute() {
    try {
        final RemoteAccessVpn result = _ravService.startRemoteAccessVpn(publicIpId, getOpenFirewall());
        if (result != null) {
            final RemoteAccessVpnResponse response = _responseGenerator.createRemoteAccessVpnResponse(result);
            response.setResponseName(getCommandName());
            setResponseObject(response);
        } else {
            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create remote access vpn");
        }
    } catch (final ResourceUnavailableException ex) {
        s_logger.warn("Exception: ", ex);
        throw new ServerApiException(ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, ex.getMessage());
    }
}
Also used : ServerApiException(com.cloud.api.ServerApiException) ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException) RemoteAccessVpnResponse(com.cloud.api.response.RemoteAccessVpnResponse) RemoteAccessVpn(com.cloud.network.RemoteAccessVpn)

Example 19 with RemoteAccessVpn

use of com.cloud.network.RemoteAccessVpn in project cloudstack by apache.

the class CreateRemoteAccessVpnCmd method create.

@Override
public void create() {
    try {
        RemoteAccessVpn vpn = _ravService.createRemoteAccessVpn(publicIpId, ipRange, getOpenFirewall(), isDisplay());
        if (vpn != null) {
            setEntityId(vpn.getId());
            setEntityUuid(vpn.getUuid());
        } else {
            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create remote access vpn");
        }
    } catch (NetworkRuleConflictException e) {
        s_logger.info("Network rule conflict: " + e.getMessage());
        s_logger.trace("Network Rule Conflict: ", e);
        throw new ServerApiException(ApiErrorCode.NETWORK_RULE_CONFLICT_ERROR, e.getMessage());
    }
}
Also used : ServerApiException(org.apache.cloudstack.api.ServerApiException) NetworkRuleConflictException(com.cloud.exception.NetworkRuleConflictException) RemoteAccessVpn(com.cloud.network.RemoteAccessVpn)

Example 20 with RemoteAccessVpn

use of com.cloud.network.RemoteAccessVpn in project cloudstack by apache.

the class NetworkOrchestrator method reprogramNetworkRules.

// This method re-programs the rules/ips for existing network
protected boolean reprogramNetworkRules(final long networkId, final Account caller, final Network network) throws ResourceUnavailableException {
    boolean success = true;
    // Apply egress rules first to effect the egress policy early on the guest traffic
    final List<FirewallRuleVO> firewallEgressRulesToApply = _firewallDao.listByNetworkPurposeTrafficType(networkId, Purpose.Firewall, FirewallRule.TrafficType.Egress);
    final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
    final DataCenter zone = _dcDao.findById(network.getDataCenterId());
    if (_networkModel.areServicesSupportedInNetwork(network.getId(), Service.Firewall) && _networkModel.areServicesSupportedInNetwork(network.getId(), Service.Firewall) && (network.getGuestType() == Network.GuestType.Isolated || network.getGuestType() == Network.GuestType.Shared && zone.getNetworkType() == NetworkType.Advanced)) {
        // add default egress rule to accept the traffic
        _firewallMgr.applyDefaultEgressFirewallRule(network.getId(), offering.isEgressDefaultPolicy(), true);
    }
    if (!_firewallMgr.applyFirewallRules(firewallEgressRulesToApply, false, caller)) {
        s_logger.warn("Failed to reapply firewall Egress rule(s) as a part of network id=" + networkId + " restart");
        success = false;
    }
    // associate all ip addresses
    if (!_ipAddrMgr.applyIpAssociations(network, false)) {
        s_logger.warn("Failed to apply ip addresses as a part of network id" + networkId + " restart");
        success = false;
    }
    // apply static nat
    if (!_rulesMgr.applyStaticNatsForNetwork(networkId, false, caller)) {
        s_logger.warn("Failed to apply static nats a part of network id" + networkId + " restart");
        success = false;
    }
    // apply firewall rules
    final List<FirewallRuleVO> firewallIngressRulesToApply = _firewallDao.listByNetworkPurposeTrafficType(networkId, Purpose.Firewall, FirewallRule.TrafficType.Ingress);
    if (!_firewallMgr.applyFirewallRules(firewallIngressRulesToApply, false, caller)) {
        s_logger.warn("Failed to reapply Ingress firewall rule(s) as a part of network id=" + networkId + " restart");
        success = false;
    }
    // apply port forwarding rules
    if (!_rulesMgr.applyPortForwardingRulesForNetwork(networkId, false, caller)) {
        s_logger.warn("Failed to reapply port forwarding rule(s) as a part of network id=" + networkId + " restart");
        success = false;
    }
    // apply static nat rules
    if (!_rulesMgr.applyStaticNatRulesForNetwork(networkId, false, caller)) {
        s_logger.warn("Failed to reapply static nat rule(s) as a part of network id=" + networkId + " restart");
        success = false;
    }
    // apply public load balancer rules
    if (!_lbMgr.applyLoadBalancersForNetwork(networkId, Scheme.Public)) {
        s_logger.warn("Failed to reapply Public load balancer rules as a part of network id=" + networkId + " restart");
        success = false;
    }
    // apply internal load balancer rules
    if (!_lbMgr.applyLoadBalancersForNetwork(networkId, Scheme.Internal)) {
        s_logger.warn("Failed to reapply internal load balancer rules as a part of network id=" + networkId + " restart");
        success = false;
    }
    // apply vpn rules
    final List<? extends RemoteAccessVpn> vpnsToReapply = _vpnMgr.listRemoteAccessVpns(networkId);
    if (vpnsToReapply != null) {
        for (final RemoteAccessVpn vpn : vpnsToReapply) {
            // Start remote access vpn per ip
            if (_vpnMgr.startRemoteAccessVpn(vpn.getServerAddressId(), false) == null) {
                s_logger.warn("Failed to reapply vpn rules as a part of network id=" + networkId + " restart");
                success = false;
            }
        }
    }
    // apply network ACLs
    if (!_networkACLMgr.applyACLToNetwork(networkId)) {
        s_logger.warn("Failed to reapply network ACLs as a part of  of network id=" + networkId + " restart");
        success = false;
    }
    return success;
}
Also used : DataCenter(com.cloud.dc.DataCenter) NetworkOfferingVO(com.cloud.offerings.NetworkOfferingVO) FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO) RemoteAccessVpn(com.cloud.network.RemoteAccessVpn)

Aggregations

RemoteAccessVpn (com.cloud.network.RemoteAccessVpn)22 ArrayList (java.util.ArrayList)11 ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)9 VpnUser (com.cloud.network.VpnUser)7 Test (org.junit.Test)6 RemoteAccessVpnResponse (com.cloud.api.response.RemoteAccessVpnResponse)5 Vpc (com.cloud.network.vpc.Vpc)5 Network (com.cloud.network.Network)4 PublicIpAddress (com.cloud.network.PublicIpAddress)4 Zone (com.cloud.db.model.Zone)3 NetworkRuleConflictException (com.cloud.exception.NetworkRuleConflictException)3 IPAddressVO (com.cloud.network.dao.IPAddressVO)3 RemoteAccessVpnVO (com.cloud.network.dao.RemoteAccessVpnVO)3 FirewallRuleVO (com.cloud.network.rules.FirewallRuleVO)3 NetworkOfferingVO (com.cloud.offerings.NetworkOfferingVO)3 DomainRouterVO (com.cloud.vm.DomainRouterVO)3 List (java.util.List)3 RemoteAccessVpnResponse (org.apache.cloudstack.api.response.RemoteAccessVpnResponse)3 AdvancedNetworkTopology (org.apache.cloudstack.network.topology.AdvancedNetworkTopology)3 BasicNetworkTopology (org.apache.cloudstack.network.topology.BasicNetworkTopology)3