Example 1 with ExternalFirewallDeviceVO
use of com.cloud.network.dao.ExternalFirewallDeviceVO in project cloudstack by apache.
the class JuniperSRXExternalFirewallElement method configureSrxFirewall.
@Override
public ExternalFirewallDeviceVO configureSrxFirewall(ConfigureSrxFirewallCmd cmd) {
Long fwDeviceId = cmd.getFirewallDeviceId();
Long deviceCapacity = cmd.getFirewallCapacity();
ExternalFirewallDeviceVO fwDeviceVO = _fwDevicesDao.findById(fwDeviceId);
if (fwDeviceVO == null || !fwDeviceVO.getDeviceName().equalsIgnoreCase(NetworkDevice.JuniperSRXFirewall.getName())) {
throw new InvalidParameterValueException("No SRX firewall device found with ID: " + fwDeviceId);
}
if (deviceCapacity != null) {
// check if any networks are using this SRX device
List<NetworkExternalFirewallVO> networks = _networkFirewallDao.listByFirewallDeviceId(fwDeviceId);
if ((networks != null) && !networks.isEmpty()) {
if (deviceCapacity < networks.size()) {
throw new CloudRuntimeException("There are more number of networks already using this SRX firewall device than configured capacity");
}
}
if (deviceCapacity != null) {
fwDeviceVO.setCapacity(deviceCapacity);
}
}
fwDeviceVO.setDeviceState(FirewallDeviceState.Enabled);
_fwDevicesDao.update(fwDeviceId, fwDeviceVO);
return fwDeviceVO;
}
Also used :
ExternalFirewallDeviceVO(com.cloud.network.dao.ExternalFirewallDeviceVO)
NetworkExternalFirewallVO(com.cloud.network.dao.NetworkExternalFirewallVO)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
Example 2 with ExternalFirewallDeviceVO
use of com.cloud.network.dao.ExternalFirewallDeviceVO in project cloudstack by apache.
the class JuniperSRXExternalFirewallElement method listSrxFirewalls.
@Override
public List<ExternalFirewallDeviceVO> listSrxFirewalls(ListSrxFirewallsCmd cmd) {
Long physcialNetworkId = cmd.getPhysicalNetworkId();
Long fwDeviceId = cmd.getFirewallDeviceId();
PhysicalNetworkVO pNetwork = null;
List<ExternalFirewallDeviceVO> fwDevices = new ArrayList<ExternalFirewallDeviceVO>();
if (physcialNetworkId == null && fwDeviceId == null) {
throw new InvalidParameterValueException("Either physical network Id or load balancer device Id must be specified");
}
if (fwDeviceId != null) {
ExternalFirewallDeviceVO fwDeviceVo = _fwDevicesDao.findById(fwDeviceId);
if (fwDeviceVo == null || !fwDeviceVo.getDeviceName().equalsIgnoreCase(NetworkDevice.JuniperSRXFirewall.getName())) {
throw new InvalidParameterValueException("Could not find SRX firewall device with ID: " + fwDeviceId);
}
fwDevices.add(fwDeviceVo);
}
if (physcialNetworkId != null) {
pNetwork = _physicalNetworkDao.findById(physcialNetworkId);
if (pNetwork == null) {
throw new InvalidParameterValueException("Could not find phyical network with ID: " + physcialNetworkId);
}
fwDevices = _fwDevicesDao.listByPhysicalNetworkAndProvider(physcialNetworkId, Provider.JuniperSRX.getName());
}
return fwDevices;
}
Also used :
ExternalFirewallDeviceVO(com.cloud.network.dao.ExternalFirewallDeviceVO)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
PhysicalNetworkVO(com.cloud.network.dao.PhysicalNetworkVO)
ArrayList(java.util.ArrayList)
Example 3 with ExternalFirewallDeviceVO
use of com.cloud.network.dao.ExternalFirewallDeviceVO in project cloudstack by apache.
the class ExternalFirewallDeviceManagerImpl method applyStaticNatRules.
public boolean applyStaticNatRules(Network network, List<? extends StaticNat> rules) throws ResourceUnavailableException {
long zoneId = network.getDataCenterId();
DataCenterVO zone = _dcDao.findById(zoneId);
ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network);
HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId());
assert (externalFirewall != null);
if (network.getState() == Network.State.Allocated) {
s_logger.debug("External firewall was asked to apply firewall rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands.");
return true;
}
List<StaticNatRuleTO> staticNatRules = new ArrayList<StaticNatRuleTO>();
for (StaticNat rule : rules) {
IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
Vlan vlan = _vlanDao.findById(sourceIp.getVlanId());
StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, vlan.getVlanTag(), sourceIp.getAddress().addr(), -1, -1, rule.getDestIpAddress(), -1, -1, "any", rule.isForRevoke(), false);
staticNatRules.add(ruleTO);
}
sendStaticNatRules(staticNatRules, zone, externalFirewall.getId());
return true;
}
Also used :
DataCenterVO(com.cloud.dc.DataCenterVO)
StaticNatRuleTO(com.cloud.agent.api.to.StaticNatRuleTO)
ExternalFirewallDeviceVO(com.cloud.network.dao.ExternalFirewallDeviceVO)
ArrayList(java.util.ArrayList)
Vlan(com.cloud.dc.Vlan)
HostVO(com.cloud.host.HostVO)
StaticNat(com.cloud.network.rules.StaticNat)
Example 4 with ExternalFirewallDeviceVO
use of com.cloud.network.dao.ExternalFirewallDeviceVO in project cloudstack by apache.
the class ExternalFirewallDeviceManagerImpl method manageRemoteAccessVpnUsers.
public boolean manageRemoteAccessVpnUsers(Network network, RemoteAccessVpn vpn, List<? extends VpnUser> vpnUsers) throws ResourceUnavailableException {
ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network);
HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId());
if (externalFirewall == null) {
return false;
}
List<VpnUser> addUsers = new ArrayList<VpnUser>();
List<VpnUser> removeUsers = new ArrayList<VpnUser>();
for (VpnUser user : vpnUsers) {
if (user.getState() == VpnUser.State.Add || user.getState() == VpnUser.State.Active) {
addUsers.add(user);
} else if (user.getState() == VpnUser.State.Revoke) {
removeUsers.add(user);
}
}
VpnUsersCfgCommand addUsersCmd = new VpnUsersCfgCommand(addUsers, removeUsers);
addUsersCmd.setAccessDetail(NetworkElementCommand.ACCOUNT_ID, String.valueOf(network.getAccountId()));
addUsersCmd.setAccessDetail(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr());
Answer answer = _agentMgr.easySend(externalFirewall.getId(), addUsersCmd);
if (answer == null || !answer.getResult()) {
String details = (answer != null) ? answer.getDetails() : "details unavailable";
DataCenterVO zone = _dcDao.findById(network.getDataCenterId());
String msg = "External firewall was unable to add remote access users in zone " + zone.getName() + " due to: " + details + ".";
s_logger.error(msg);
throw new ResourceUnavailableException(msg, DataCenter.class, zone.getId());
}
return true;
}
Also used :
DataCenterVO(com.cloud.dc.DataCenterVO)
VpnUsersCfgCommand(com.cloud.agent.api.routing.VpnUsersCfgCommand)
Answer(com.cloud.agent.api.Answer)
ExternalFirewallDeviceVO(com.cloud.network.dao.ExternalFirewallDeviceVO)
ArrayList(java.util.ArrayList)
ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException)
HostVO(com.cloud.host.HostVO)
Example 5 with ExternalFirewallDeviceVO
use of com.cloud.network.dao.ExternalFirewallDeviceVO in project cloudstack by apache.
the class ExternalFirewallDeviceManagerImpl method getExternalFirewallForNetwork.
@Override
public ExternalFirewallDeviceVO getExternalFirewallForNetwork(Network network) {
NetworkExternalFirewallVO fwDeviceForNetwork = _networkExternalFirewallDao.findByNetworkId(network.getId());
if (fwDeviceForNetwork != null) {
long fwDeviceId = fwDeviceForNetwork.getExternalFirewallDeviceId();
ExternalFirewallDeviceVO fwDevice = _externalFirewallDeviceDao.findById(fwDeviceId);
assert (fwDevice != null);
return fwDevice;
}
return null;
}
Also used :
ExternalFirewallDeviceVO(com.cloud.network.dao.ExternalFirewallDeviceVO)
NetworkExternalFirewallVO(com.cloud.network.dao.NetworkExternalFirewallVO)
Aggregations
ExternalFirewallDeviceVO (com.cloud.network.dao.ExternalFirewallDeviceVO)26
InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)17
ArrayList (java.util.ArrayList)11
CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)9
NetworkExternalFirewallVO (com.cloud.network.dao.NetworkExternalFirewallVO)8
PhysicalNetworkVO (com.cloud.network.dao.PhysicalNetworkVO)8
DataCenterVO (com.cloud.dc.DataCenterVO)7
HostVO (com.cloud.host.HostVO)7
ServerApiException (org.apache.cloudstack.api.ServerApiException)6
ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)4
Answer (com.cloud.agent.api.Answer)3
PaloAltoFirewallResponse (com.cloud.api.response.PaloAltoFirewallResponse)3
SrxFirewallResponse (com.cloud.api.response.SrxFirewallResponse)3
Vlan (com.cloud.dc.Vlan)3
NetworkVO (com.cloud.network.dao.NetworkVO)3
InsufficientNetworkCapacityException (com.cloud.exception.InsufficientNetworkCapacityException)2
Host (com.cloud.host.Host)2
PhysicalNetworkServiceProviderVO (com.cloud.network.dao.PhysicalNetworkServiceProviderVO)2
NetworkDevice (org.apache.cloudstack.network.ExternalNetworkDeviceManager.NetworkDevice)2
IpAssocCommand (com.cloud.agent.api.routing.IpAssocCommand)1
