Examples with NetworkAsa1000vMapVO com.cloud.network.cisco.NetworkAsa1000vMapVO used on opensource projects

Example 1 with NetworkAsa1000vMapVO

use of com.cloud.network.cisco.NetworkAsa1000vMapVO in project cloudstack by apache.

the class CiscoVnmcElement method applyPFRules.

@Override
public boolean applyPFRules(Network network, List<PortForwardingRule> rules) throws ResourceUnavailableException {
    if (!_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.PortForwarding, Provider.CiscoVnmc)) {
        s_logger.error("Port forwarding service is not provided by Cisco Vnmc device on network " + network.getName());
        return false;
    }
    // Find VNMC host for physical network
    List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
    if (devices.isEmpty()) {
        s_logger.error("No Cisco Vnmc device on network " + network.getName());
        return true;
    }
    // Find if ASA 1000v is associated with network
    NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
    if (asaForNetwork == null) {
        s_logger.debug("Cisco ASA 1000v device is not associated with network " + network.getName());
        return true;
    }
    if (network.getState() == Network.State.Allocated) {
        s_logger.debug("External firewall was asked to apply port forwarding rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands.");
        return true;
    }
    CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
    HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
    List<PortForwardingRuleTO> rulesTO = new ArrayList<PortForwardingRuleTO>();
    for (PortForwardingRule rule : rules) {
        IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
        Vlan vlan = _vlanDao.findById(sourceIp.getVlanId());
        PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, vlan.getVlanTag(), sourceIp.getAddress().addr());
        rulesTO.add(ruleTO);
    }
    if (!rulesTO.isEmpty()) {
        SetPortForwardingRulesCommand cmd = new SetPortForwardingRulesCommand(rulesTO);
        cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, BroadcastDomainType.getValue(network.getBroadcastUri()));
        cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr());
        Answer answer = _agentMgr.easySend(ciscoVnmcHost.getId(), cmd);
        if (answer == null || !answer.getResult()) {
            String details = (answer != null) ? answer.getDetails() : "details unavailable";
            String msg = "Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: " + details + ".";
            s_logger.error(msg);
            throw new ResourceUnavailableException(msg, DataCenter.class, network.getDataCenterId());
        }
    }
    return true;
}

Example 2 with NetworkAsa1000vMapVO

use of com.cloud.network.cisco.NetworkAsa1000vMapVO in project cloudstack by apache.

the class CiscoVnmcElement method implement.

@Override
public boolean implement(final Network network, final NetworkOffering offering, final DeployDestination dest, final ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException {
    final DataCenter zone = _entityMgr.findById(DataCenter.class, network.getDataCenterId());
    if (zone.getNetworkType() == NetworkType.Basic) {
        s_logger.debug("Not handling network implement in zone of type " + NetworkType.Basic);
        return false;
    }
    if (!canHandle(network)) {
        return false;
    }
    final List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
    if (devices.isEmpty()) {
        s_logger.error("No Cisco Vnmc device on network " + network.getName());
        return false;
    }
    List<CiscoAsa1000vDeviceVO> asaList = _ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
    if (asaList.isEmpty()) {
        s_logger.debug("No Cisco ASA 1000v device on network " + network.getName());
        return false;
    }
    NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
    if (asaForNetwork != null) {
        s_logger.debug("Cisco ASA 1000v device already associated with network " + network.getName());
        return true;
    }
    if (!_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.SourceNat, Provider.CiscoVnmc)) {
        s_logger.error("SourceNat service is not provided by Cisco Vnmc device on network " + network.getName());
        return false;
    }
    try {
        // ensure that there is an ASA 1000v assigned to this network
        CiscoAsa1000vDevice assignedAsa = assignAsa1000vToNetwork(network);
        if (assignedAsa == null) {
            s_logger.error("Unable to assign ASA 1000v device to network " + network.getName());
            throw new CloudRuntimeException("Unable to assign ASA 1000v device to network " + network.getName());
        }
        ClusterVO asaCluster = _clusterDao.findById(assignedAsa.getClusterId());
        ClusterVSMMapVO clusterVsmMap = _clusterVsmMapDao.findByClusterId(assignedAsa.getClusterId());
        if (clusterVsmMap == null) {
            s_logger.error("Vmware cluster " + asaCluster.getName() + " has no Cisco Nexus VSM device associated with it");
            throw new CloudRuntimeException("Vmware cluster " + asaCluster.getName() + " has no Cisco Nexus VSM device associated with it");
        }
        CiscoNexusVSMDeviceVO vsmDevice = _vsmDeviceDao.findById(clusterVsmMap.getVsmId());
        if (vsmDevice == null) {
            s_logger.error("Unable to load details of Cisco Nexus VSM device associated with cluster " + asaCluster.getName());
            throw new CloudRuntimeException("Unable to load details of Cisco Nexus VSM device associated with cluster " + asaCluster.getName());
        }
        CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
        HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
        _hostDao.loadDetails(ciscoVnmcHost);
        Account owner = context.getAccount();
        PublicIp sourceNatIp = _ipAddrMgr.assignSourceNatIpAddressToGuestNetwork(owner, network);
        long vlanId = Long.parseLong(BroadcastDomainType.getValue(network.getBroadcastUri()));
        List<VlanVO> vlanVOList = _vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId());
        List<String> publicGateways = new ArrayList<String>();
        for (VlanVO vlanVO : vlanVOList) {
            publicGateways.add(vlanVO.getVlanGateway());
        }
        // due to VNMC limitation of not allowing source NAT ip as the outside ip of firewall,
        // an additional public ip needs to acquired for assigning as firewall outside ip.
        // In case there are already additional ip addresses available (network restart) use one
        // of them such that it is not the source NAT ip
        IpAddress outsideIp = null;
        List<IPAddressVO> publicIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), null);
        for (IPAddressVO ip : publicIps) {
            if (!ip.isSourceNat()) {
                outsideIp = ip;
                break;
            }
        }
        if (outsideIp == null) {
            // none available, acquire one
            try {
                Account caller = CallContext.current().getCallingAccount();
                long callerUserId = CallContext.current().getCallingUserId();
                outsideIp = _ipAddrMgr.allocateIp(owner, false, caller, callerUserId, zone, true);
            } catch (ResourceAllocationException e) {
                s_logger.error("Unable to allocate additional public Ip address. Exception details " + e);
                throw new CloudRuntimeException("Unable to allocate additional public Ip address. Exception details " + e);
            }
            try {
                outsideIp = _ipAddrMgr.associateIPToGuestNetwork(outsideIp.getId(), network.getId(), true);
            } catch (ResourceAllocationException e) {
                s_logger.error("Unable to assign allocated additional public Ip " + outsideIp.getAddress().addr() + " to network with vlan " + vlanId + ". Exception details " + e);
                throw new CloudRuntimeException("Unable to assign allocated additional public Ip " + outsideIp.getAddress().addr() + " to network with vlan " + vlanId + ". Exception details " + e);
            }
        }
        // create logical edge firewall in VNMC
        String gatewayNetmask = NetUtils.getCidrNetmask(network.getCidr());
        // all public ip addresses must be from same subnet, this essentially means single public subnet in zone
        if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), gatewayNetmask, outsideIp.getAddress().addr(), sourceNatIp.getNetmask(), publicGateways, ciscoVnmcHost.getId())) {
            s_logger.error("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName());
            throw new CloudRuntimeException("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName());
        }
        // create stuff in VSM for ASA device
        if (!configureNexusVsmForAsa(vlanId, network.getGateway(), vsmDevice.getUserName(), vsmDevice.getPassword(), vsmDevice.getipaddr(), assignedAsa.getInPortProfile(), ciscoVnmcHost.getId())) {
            s_logger.error("Failed to configure Cisco Nexus VSM " + vsmDevice.getipaddr() + " for ASA device for network " + network.getName());
            throw new CloudRuntimeException("Failed to configure Cisco Nexus VSM " + vsmDevice.getipaddr() + " for ASA device for network " + network.getName());
        }
        // configure source NAT
        if (!configureSourceNat(vlanId, network.getCidr(), sourceNatIp, ciscoVnmcHost.getId())) {
            s_logger.error("Failed to configure source NAT in Cisco VNMC device for network " + network.getName());
            throw new CloudRuntimeException("Failed to configure source NAT in Cisco VNMC device for network " + network.getName());
        }
        // associate Asa 1000v instance with logical edge firewall
        if (!associateAsaWithLogicalEdgeFirewall(vlanId, assignedAsa.getManagementIp(), ciscoVnmcHost.getId())) {
            s_logger.error("Failed to associate Cisco ASA 1000v (" + assignedAsa.getManagementIp() + ") with logical edge firewall in VNMC for network " + network.getName());
            throw new CloudRuntimeException("Failed to associate Cisco ASA 1000v (" + assignedAsa.getManagementIp() + ") with logical edge firewall in VNMC for network " + network.getName());
        }
    } catch (CloudRuntimeException e) {
        unassignAsa1000vFromNetwork(network);
        s_logger.error("CiscoVnmcElement failed", e);
        return false;
    } catch (Exception e) {
        unassignAsa1000vFromNetwork(network);
        ExceptionUtil.rethrowRuntime(e);
        ExceptionUtil.rethrow(e, InsufficientAddressCapacityException.class);
        ExceptionUtil.rethrow(e, ResourceUnavailableException.class);
        throw new IllegalStateException(e);
    }
    return true;
}

Example 3 with NetworkAsa1000vMapVO

use of com.cloud.network.cisco.NetworkAsa1000vMapVO in project cloudstack by apache.

the class CiscoVnmcElement method createCiscoAsa1000vResourceResponse.

@Override
public CiscoAsa1000vResourceResponse createCiscoAsa1000vResourceResponse(CiscoAsa1000vDevice ciscoAsa1000vDeviceVO) {
    CiscoAsa1000vResourceResponse response = new CiscoAsa1000vResourceResponse();
    response.setId(ciscoAsa1000vDeviceVO.getUuid());
    response.setManagementIp(ciscoAsa1000vDeviceVO.getManagementIp());
    response.setInPortProfile(ciscoAsa1000vDeviceVO.getInPortProfile());
    NetworkAsa1000vMapVO networkAsaMap = _networkAsa1000vMapDao.findByAsa1000vId(ciscoAsa1000vDeviceVO.getId());
    if (networkAsaMap != null) {
        response.setGuestNetworkId(networkAsaMap.getNetworkId());
    }
    return response;
}

Example 4 with NetworkAsa1000vMapVO

use of com.cloud.network.cisco.NetworkAsa1000vMapVO in project cloudstack by apache.

the class CiscoVnmcElement method applyFWRules.

@Override
public boolean applyFWRules(Network network, List<? extends FirewallRule> rules) throws ResourceUnavailableException {
    if (!_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.Firewall, Provider.CiscoVnmc)) {
        s_logger.error("Firewall service is not provided by Cisco Vnmc device on network " + network.getName());
        return false;
    }
    // Find VNMC host for physical network
    List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
    if (devices.isEmpty()) {
        s_logger.error("No Cisco Vnmc device on network " + network.getName());
        return true;
    }
    // Find if ASA 1000v is associated with network
    NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
    if (asaForNetwork == null) {
        s_logger.debug("Cisco ASA 1000v device is not associated with network " + network.getName());
        return true;
    }
    if (network.getState() == Network.State.Allocated) {
        s_logger.debug("External firewall was asked to apply firewall rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands.");
        return true;
    }
    CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
    HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
    List<FirewallRuleTO> rulesTO = new ArrayList<FirewallRuleTO>();
    for (FirewallRule rule : rules) {
        String address = "0.0.0.0";
        if (rule.getTrafficType() == TrafficType.Ingress) {
            IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
            address = sourceIp.getAddress().addr();
        }
        FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, address, rule.getPurpose(), rule.getTrafficType());
        rulesTO.add(ruleTO);
    }
    if (!rulesTO.isEmpty()) {
        SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO);
        cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, BroadcastDomainType.getValue(network.getBroadcastUri()));
        cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr());
        Answer answer = _agentMgr.easySend(ciscoVnmcHost.getId(), cmd);
        if (answer == null || !answer.getResult()) {
            String details = (answer != null) ? answer.getDetails() : "details unavailable";
            String msg = "Unable to apply firewall rules to Cisco ASA 1000v appliance due to: " + details + ".";
            s_logger.error(msg);
            throw new ResourceUnavailableException(msg, DataCenter.class, network.getDataCenterId());
        }
    }
    return true;
}

Example 5 with NetworkAsa1000vMapVO

use of com.cloud.network.cisco.NetworkAsa1000vMapVO in project cloudstack by apache.

the class CiscoVnmcElement method deleteCiscoAsa1000vResource.

@Override
public boolean deleteCiscoAsa1000vResource(DeleteCiscoAsa1000vResourceCmd cmd) {
    Long asaResourceId = cmd.getCiscoAsa1000vResourceId();
    CiscoAsa1000vDeviceVO asaResource = _ciscoAsa1000vDao.findById(asaResourceId);
    if (asaResource == null) {
        throw new InvalidParameterValueException("Could not find a Cisco ASA 1000v appliance with id " + asaResourceId);
    }
    NetworkAsa1000vMapVO networkAsaMap = _networkAsa1000vMapDao.findByAsa1000vId(asaResource.getId());
    if (networkAsaMap != null) {
        throw new CloudRuntimeException("Cisco ASA 1000v appliance with id " + asaResourceId + " cannot be deleted as it is associated with guest network");
    }
    _ciscoAsa1000vDao.remove(asaResourceId);
    return true;
}