Examples with ExternalFirewallDeviceVO com.cloud.network.dao.ExternalFirewallDeviceVO used on opensource projects

Example 21 with ExternalFirewallDeviceVO

use of com.cloud.network.dao.ExternalFirewallDeviceVO in project cloudstack by apache.

the class ExternalDeviceUsageManagerImpl method getExternalFirewallForNetwork.

private ExternalFirewallDeviceVO getExternalFirewallForNetwork(Network network) {
    NetworkExternalFirewallVO fwDeviceForNetwork = _networkExternalFirewallDao.findByNetworkId(network.getId());
    if (fwDeviceForNetwork != null) {
        long fwDeviceId = fwDeviceForNetwork.getExternalFirewallDeviceId();
        ExternalFirewallDeviceVO fwDevice = _externalFirewallDeviceDao.findById(fwDeviceId);
        assert (fwDevice != null);
        return fwDevice;
    }
    return null;
}

Example 22 with ExternalFirewallDeviceVO

use of com.cloud.network.dao.ExternalFirewallDeviceVO in project cloudstack by apache.

the class ExternalFirewallDeviceManagerImpl method applyPortForwardingRules.

@Override
public boolean applyPortForwardingRules(Network network, List<? extends PortForwardingRule> rules) throws ResourceUnavailableException {
    // Find the external firewall in this zone
    long zoneId = network.getDataCenterId();
    DataCenterVO zone = _dcDao.findById(zoneId);
    ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network);
    HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId());
    assert (externalFirewall != null);
    if (network.getState() == Network.State.Allocated) {
        s_logger.debug("External firewall was asked to apply firewall rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands.");
        return true;
    }
    List<PortForwardingRuleTO> pfRules = new ArrayList<PortForwardingRuleTO>();
    for (PortForwardingRule rule : rules) {
        IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
        Vlan vlan = _vlanDao.findById(sourceIp.getVlanId());
        PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, vlan.getVlanTag(), sourceIp.getAddress().addr());
        pfRules.add(ruleTO);
    }
    sendPortForwardingRules(pfRules, zone, externalFirewall.getId());
    return true;
}

Example 23 with ExternalFirewallDeviceVO

use of com.cloud.network.dao.ExternalFirewallDeviceVO in project cloudstack by apache.

the class ExternalFirewallDeviceManagerImpl method manageGuestNetworkWithExternalFirewall.

@Override
public boolean manageGuestNetworkWithExternalFirewall(boolean add, Network network) throws ResourceUnavailableException, InsufficientCapacityException {
    if (network.getTrafficType() != TrafficType.Guest) {
        s_logger.trace("External firewall can only be used for add/remove guest networks.");
        return false;
    }
    long zoneId = network.getDataCenterId();
    DataCenterVO zone = _dcDao.findById(zoneId);
    HostVO externalFirewall = null;
    if (add) {
        GlobalLock deviceMapLock = GlobalLock.getInternLock("NetworkFirewallDeviceMap");
        try {
            if (deviceMapLock.lock(120)) {
                try {
                    ExternalFirewallDeviceVO device = findSuitableFirewallForNetwork(network);
                    long externalFirewallId = device.getId();
                    NetworkExternalFirewallVO networkFW = new NetworkExternalFirewallVO(network.getId(), externalFirewallId);
                    _networkExternalFirewallDao.persist(networkFW);
                    externalFirewall = _hostDao.findById(device.getHostId());
                } finally {
                    deviceMapLock.unlock();
                }
            }
        } finally {
            deviceMapLock.releaseRef();
        }
    } else {
        ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network);
        if (fwDeviceVO == null) {
            s_logger.warn("Network shutdown requested on external firewall element, which did not implement the network." + " Either network implement failed half way through or already network shutdown is completed.");
            return true;
        }
        externalFirewall = _hostDao.findById(fwDeviceVO.getHostId());
    }
    Account account = _accountDao.findByIdIncludingRemoved(network.getAccountId());
    NetworkOffering offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
    boolean sharedSourceNat = offering.getSharedSourceNat();
    IPAddressVO sourceNatIp = null;
    if (!sharedSourceNat) {
        // Get the source NAT IP address for this network
        List<? extends IpAddress> sourceNatIps = _networkModel.listPublicIpsAssignedToAccount(network.getAccountId(), zoneId, true);
        for (IpAddress ipAddress : sourceNatIps) {
            if (ipAddress.getAssociatedWithNetworkId().longValue() == network.getId()) {
                sourceNatIp = _ipAddressDao.findById(ipAddress.getId());
                break;
            }
        }
        if (sourceNatIp == null) {
            String errorMsg = "External firewall was unable to find the source NAT IP address for network " + network.getName();
            s_logger.error(errorMsg);
            return true;
        }
    }
    // Send a command to the external firewall to implement or shutdown the guest network
    long guestVlanTag = Long.parseLong(BroadcastDomainType.getValue(network.getBroadcastUri()));
    String guestVlanGateway = network.getGateway();
    String guestVlanCidr = network.getCidr();
    String sourceNatIpAddress = null;
    String publicVlanTag = null;
    if (sourceNatIp != null) {
        sourceNatIpAddress = sourceNatIp.getAddress().addr();
        VlanVO publicVlan = _vlanDao.findById(sourceNatIp.getVlanId());
        publicVlanTag = publicVlan.getVlanTag();
    }
    // Get network rate
    Integer networkRate = _networkModel.getNetworkRate(network.getId(), null);
    IpAddressTO ip = new IpAddressTO(account.getAccountId(), sourceNatIpAddress, add, false, !sharedSourceNat, publicVlanTag, null, null, null, networkRate, false);
    IpAddressTO[] ips = new IpAddressTO[1];
    ips[0] = ip;
    IpAssocCommand cmd = new IpAssocCommand(ips);
    cmd.setAccessDetail(NetworkElementCommand.GUEST_NETWORK_GATEWAY, guestVlanGateway);
    cmd.setAccessDetail(NetworkElementCommand.GUEST_NETWORK_CIDR, guestVlanCidr);
    cmd.setAccessDetail(NetworkElementCommand.GUEST_VLAN_TAG, String.valueOf(guestVlanTag));
    Answer answer = _agentMgr.easySend(externalFirewall.getId(), cmd);
    List<String> reservedIpAddressesForGuestNetwork = _nicDao.listIpAddressInNetwork(network.getId());
    if (answer == null || !answer.getResult()) {
        String action = add ? "implement" : "shutdown";
        String answerDetails = (answer != null) ? answer.getDetails() : "answer was null";
        String msg = "External firewall was unable to " + action + " the guest network on the external firewall in zone " + zone.getName() + " due to " + answerDetails;
        s_logger.error(msg);
        if (!add && (!reservedIpAddressesForGuestNetwork.contains(network.getGateway()))) {
            // If we failed the implementation as well, then just return, no complain
            s_logger.error("Skip the shutdown of guest network on SRX because it seems we didn't implement it as well");
            return true;
        }
        throw new ResourceUnavailableException(msg, DataCenter.class, zoneId);
    }
    if (add && (!reservedIpAddressesForGuestNetwork.contains(network.getGateway()))) {
        // Insert a new NIC for this guest network to reserve the gateway address
        _networkMgr.savePlaceholderNic(network, network.getGateway(), null, null);
    }
    // Delete any mappings used for inline external load balancers in this network
    List<NicVO> nicsInNetwork = _nicDao.listByNetworkId(network.getId());
    for (NicVO nic : nicsInNetwork) {
        InlineLoadBalancerNicMapVO mapping = _inlineLoadBalancerNicMapDao.findByNicId(nic.getId());
        if (mapping != null) {
            _nicDao.expunge(mapping.getNicId());
            _inlineLoadBalancerNicMapDao.expunge(mapping.getId());
        }
    }
    // on network shutdown, delete placeHolder nics used for the firewall device
    if (!add) {
        List<NicVO> nics = _nicDao.listByNetworkId(network.getId());
        for (NicVO nic : nics) {
            if (nic.getVmType() == null && nic.getReservationStrategy().equals(ReservationStrategy.PlaceHolder) && nic.getIPv4Address().equals(network.getGateway())) {
                s_logger.debug("Removing placeholder nic " + nic + " for the network " + network);
                _nicDao.remove(nic.getId());
            }
        }
        freeFirewallForNetwork(network);
    }
    String action = add ? "implemented" : "shut down";
    s_logger.debug("External firewall has " + action + " the guest network for account " + account.getAccountName() + "(id = " + account.getAccountId() + ") with VLAN tag " + guestVlanTag);
    return true;
}

Example 24 with ExternalFirewallDeviceVO

use of com.cloud.network.dao.ExternalFirewallDeviceVO in project cloudstack by apache.

the class ExternalFirewallDeviceManagerImpl method manageRemoteAccessVpn.

public boolean manageRemoteAccessVpn(boolean create, Network network, RemoteAccessVpn vpn) throws ResourceUnavailableException {
    ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network);
    HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId());
    if (externalFirewall == null) {
        return false;
    }
    // Create/delete VPN
    IpAddress ip = _networkModel.getIp(vpn.getServerAddressId());
    // Mask the IP range with the network's VLAN tag
    String[] ipRange = vpn.getIpRange().split("-");
    DataCenterVO zone = _dcDao.findById(network.getDataCenterId());
    int vlanTag = Integer.parseInt(BroadcastDomainType.getValue(network.getBroadcastUri()));
    int offset = getVlanOffset(network.getPhysicalNetworkId(), vlanTag);
    int cidrSize = getGloballyConfiguredCidrSize();
    for (int i = 0; i < 2; i++) {
        ipRange[i] = NetUtils.long2Ip((NetUtils.ip2Long(ipRange[i]) & 0xff000000) | (offset << (32 - cidrSize)));
    }
    String maskedIpRange = ipRange[0] + "-" + ipRange[1];
    RemoteAccessVpnCfgCommand createVpnCmd = new RemoteAccessVpnCfgCommand(create, ip.getAddress().addr(), vpn.getLocalIp(), maskedIpRange, vpn.getIpsecPresharedKey(), false);
    createVpnCmd.setAccessDetail(NetworkElementCommand.ACCOUNT_ID, String.valueOf(network.getAccountId()));
    createVpnCmd.setAccessDetail(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr());
    Answer answer = _agentMgr.easySend(externalFirewall.getId(), createVpnCmd);
    if (answer == null || !answer.getResult()) {
        String details = (answer != null) ? answer.getDetails() : "details unavailable";
        String msg = "External firewall was unable to create a remote access VPN in zone " + zone.getName() + " due to: " + details + ".";
        s_logger.error(msg);
        throw new ResourceUnavailableException(msg, DataCenter.class, zone.getId());
    }
    // Add/delete users
    List<VpnUserVO> vpnUsers = _vpnUsersDao.listByAccount(vpn.getAccountId());
    return manageRemoteAccessVpnUsers(network, vpn, vpnUsers);
}

Example 25 with ExternalFirewallDeviceVO

use of com.cloud.network.dao.ExternalFirewallDeviceVO in project cloudstack by apache.

the class ExternalFirewallDeviceManagerImpl method addExternalFirewall.

@Override
@DB
public ExternalFirewallDeviceVO addExternalFirewall(long physicalNetworkId, String url, String username, String password, final String deviceName, ServerResource resource) {
    String guid;
    PhysicalNetworkVO pNetwork = null;
    NetworkDevice ntwkDevice = NetworkDevice.getNetworkDevice(deviceName);
    long zoneId;
    if ((ntwkDevice == null) || (url == null) || (username == null) || (resource == null) || (password == null)) {
        throw new InvalidParameterValueException("Atleast one of the required parameters (url, username, password," + " server resource, zone id/physical network id) is not specified or a valid parameter.");
    }
    pNetwork = _physicalNetworkDao.findById(physicalNetworkId);
    if (pNetwork == null) {
        throw new InvalidParameterValueException("Could not find phyical network with ID: " + physicalNetworkId);
    }
    zoneId = pNetwork.getDataCenterId();
    final PhysicalNetworkServiceProviderVO ntwkSvcProvider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), ntwkDevice.getNetworkServiceProvder());
    if (ntwkSvcProvider == null) {
        throw new CloudRuntimeException("Network Service Provider: " + ntwkDevice.getNetworkServiceProvder() + " is not enabled in the physical network: " + physicalNetworkId + "to add this device");
    } else if (ntwkSvcProvider.getState() == PhysicalNetworkServiceProvider.State.Shutdown) {
        throw new CloudRuntimeException("Network Service Provider: " + ntwkSvcProvider.getProviderName() + " is not added or in shutdown state in the physical network: " + physicalNetworkId + "to add this device");
    }
    URI uri;
    try {
        uri = new URI(url);
    } catch (Exception e) {
        s_logger.debug(e);
        throw new InvalidParameterValueException(e.getMessage());
    }
    String ipAddress = uri.getHost();
    Map hostDetails = new HashMap<String, String>();
    guid = getExternalNetworkResourceGuid(pNetwork.getId(), deviceName, ipAddress);
    hostDetails.put("name", guid);
    hostDetails.put("guid", guid);
    hostDetails.put("zoneId", String.valueOf(pNetwork.getDataCenterId()));
    hostDetails.put("ip", ipAddress);
    hostDetails.put("physicalNetworkId", String.valueOf(pNetwork.getId()));
    hostDetails.put("username", username);
    hostDetails.put("password", password);
    hostDetails.put("deviceName", deviceName);
    final Map<String, String> configParams = new HashMap<String, String>();
    UrlUtil.parseQueryParameters(uri.getQuery(), false, configParams);
    hostDetails.putAll(configParams);
    // let the server resource to do parameters validation
    try {
        resource.configure(guid, hostDetails);
    } catch (ConfigurationException e) {
        throw new CloudRuntimeException(e.getMessage());
    }
    final Host externalFirewall = _resourceMgr.addHost(zoneId, resource, Host.Type.ExternalFirewall, hostDetails);
    if (externalFirewall != null) {
        final PhysicalNetworkVO pNetworkFinal = pNetwork;
        return Transaction.execute(new TransactionCallback<ExternalFirewallDeviceVO>() {

            @Override
            public ExternalFirewallDeviceVO doInTransaction(TransactionStatus status) {
                boolean dedicatedUse = (configParams.get(ApiConstants.FIREWALL_DEVICE_DEDICATED) != null) ? Boolean.parseBoolean(configParams.get(ApiConstants.FIREWALL_DEVICE_DEDICATED)) : false;
                long capacity = NumbersUtil.parseLong(configParams.get(ApiConstants.FIREWALL_DEVICE_CAPACITY), 0);
                if (capacity == 0) {
                    capacity = _defaultFwCapacity;
                }
                ExternalFirewallDeviceVO fwDevice = new ExternalFirewallDeviceVO(externalFirewall.getId(), pNetworkFinal.getId(), ntwkSvcProvider.getProviderName(), deviceName, capacity, dedicatedUse);
                _externalFirewallDeviceDao.persist(fwDevice);
                DetailVO hostDetail = new DetailVO(externalFirewall.getId(), ApiConstants.FIREWALL_DEVICE_ID, String.valueOf(fwDevice.getId()));
                _hostDetailDao.persist(hostDetail);
                return fwDevice;
            }
        });
    } else {
        return null;
    }
}