Example 1 with LoadBalancerCertMapVO
use of com.cloud.network.dao.LoadBalancerCertMapVO in project cloudstack by apache.
the class LoadBalancingRulesManagerImpl method applyLoadBalancerRules.
@DB
protected boolean applyLoadBalancerRules(List<LoadBalancerVO> lbs, boolean updateRulesInDB) throws ResourceUnavailableException {
List<LoadBalancingRule> rules = new ArrayList<LoadBalancingRule>();
for (LoadBalancerVO lb : lbs) {
rules.add(getLoadBalancerRuleToApply(lb));
}
if (!applyLbRules(rules, false)) {
s_logger.debug("LB rules are not completely applied");
return false;
}
if (updateRulesInDB) {
for (final LoadBalancerVO lb : lbs) {
boolean checkForReleaseElasticIp = Transaction.execute(new TransactionCallback<Boolean>() {
@Override
public Boolean doInTransaction(TransactionStatus status) {
boolean checkForReleaseElasticIp = false;
if (lb.getState() == FirewallRule.State.Revoke) {
removeLBRule(lb);
s_logger.debug("LB " + lb.getId() + " is successfully removed");
checkForReleaseElasticIp = true;
} else if (lb.getState() == FirewallRule.State.Add) {
lb.setState(FirewallRule.State.Active);
s_logger.debug("LB rule " + lb.getId() + " state is set to Active");
_lbDao.persist(lb);
}
// remove LB-Vm mappings that were state to revoke
List<LoadBalancerVMMapVO> lbVmMaps = _lb2VmMapDao.listByLoadBalancerId(lb.getId(), true);
List<Long> instanceIds = new ArrayList<Long>();
for (LoadBalancerVMMapVO lbVmMap : lbVmMaps) {
instanceIds.add(lbVmMap.getInstanceId());
_lb2VmMapDao.remove(lb.getId(), lbVmMap.getInstanceId(), lbVmMap.getInstanceIp(), null);
s_logger.debug("Load balancer rule id " + lb.getId() + " is removed for vm " + lbVmMap.getInstanceId() + " instance ip " + lbVmMap.getInstanceIp());
}
if (_lb2VmMapDao.listByLoadBalancerId(lb.getId()).isEmpty()) {
lb.setState(FirewallRule.State.Add);
_lbDao.persist(lb);
s_logger.debug("LB rule " + lb.getId() + " state is set to Add as there are no more active LB-VM mappings");
}
// remove LB-Stickiness policy mapping that were state to revoke
List<LBStickinessPolicyVO> stickinesspolicies = _lb2stickinesspoliciesDao.listByLoadBalancerId(lb.getId(), true);
if (!stickinesspolicies.isEmpty()) {
_lb2stickinesspoliciesDao.remove(lb.getId(), true);
s_logger.debug("Load balancer rule id " + lb.getId() + " is removed stickiness policies");
}
// remove LB-HealthCheck policy mapping that were state to
// revoke
List<LBHealthCheckPolicyVO> healthCheckpolicies = _lb2healthcheckDao.listByLoadBalancerId(lb.getId(), true);
if (!healthCheckpolicies.isEmpty()) {
_lb2healthcheckDao.remove(lb.getId(), true);
s_logger.debug("Load balancer rule id " + lb.getId() + " is removed health check monitors policies");
}
LoadBalancerCertMapVO lbCertMap = _lbCertMapDao.findByLbRuleId(lb.getId());
if (lbCertMap != null && lbCertMap.isRevoke()) {
_lbCertMapDao.remove(lbCertMap.getId());
s_logger.debug("Load balancer rule id " + lb.getId() + " removed certificate mapping");
}
return checkForReleaseElasticIp;
}
});
if (checkForReleaseElasticIp && lb.getSourceIpAddressId() != null) {
boolean success = true;
long count = _firewallDao.countRulesByIpId(lb.getSourceIpAddressId());
if (count == 0) {
try {
success = handleSystemLBIpRelease(lb);
} catch (Exception ex) {
s_logger.warn("Failed to release system ip as a part of lb rule " + lb + " deletion due to exception ", ex);
success = false;
} finally {
if (!success) {
s_logger.warn("Failed to release system ip as a part of lb rule " + lb + " deletion");
}
}
}
}
// VPC, unassign it from the network
if (lb.getSourceIpAddressId() != null) {
IpAddress ip = _ipAddressDao.findById(lb.getSourceIpAddressId());
_vpcMgr.unassignIPFromVpcNetwork(ip.getId(), lb.getNetworkId());
}
}
}
return true;
}
Also used :
ArrayList(java.util.ArrayList)
LoadBalancerVO(com.cloud.network.dao.LoadBalancerVO)
TransactionStatus(com.cloud.utils.db.TransactionStatus)
LoadBalancerCertMapVO(com.cloud.network.dao.LoadBalancerCertMapVO)
InvalidParameterException(java.security.InvalidParameterException)
TransactionCallbackWithException(com.cloud.utils.db.TransactionCallbackWithException)
NetworkRuleConflictException(com.cloud.exception.NetworkRuleConflictException)
InsufficientAddressCapacityException(com.cloud.exception.InsufficientAddressCapacityException)
ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
PermissionDeniedException(com.cloud.exception.PermissionDeniedException)
ArrayList(java.util.ArrayList)
List(java.util.List)
LoadBalancerVMMapVO(com.cloud.network.dao.LoadBalancerVMMapVO)
IpAddress(com.cloud.network.IpAddress)
DB(com.cloud.utils.db.DB)
Example 2 with LoadBalancerCertMapVO
use of com.cloud.network.dao.LoadBalancerCertMapVO in project cloudstack by apache.
the class CertServiceImpl method deleteSslCert.
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_LB_CERT_DELETE, eventDescription = "Deleting a certificate to cloudstack", async = false)
public void deleteSslCert(final DeleteSslCertCmd deleteSslCertCmd) {
Preconditions.checkNotNull(deleteSslCertCmd);
final CallContext ctx = CallContext.current();
final Account caller = ctx.getCallingAccount();
final Long certId = deleteSslCertCmd.getId();
final SslCertVO certVO = _sslCertDao.findById(certId);
if (certVO == null) {
throw new InvalidParameterValueException("Invalid certificate id: " + certId);
}
_accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, true, certVO);
final List<LoadBalancerCertMapVO> lbCertRule = _lbCertDao.listByCertId(certId);
if (lbCertRule != null && !lbCertRule.isEmpty()) {
StringBuilder lbNames = new StringBuilder();
for (final LoadBalancerCertMapVO rule : lbCertRule) {
final LoadBalancerVO lb = _entityMgr.findById(LoadBalancerVO.class, rule.getLbId());
lbNames.append(lb.getName()).append(" ");
}
throw new CloudRuntimeException("Certificate in use by a loadbalancer(s) " + lbNames.toString());
}
_sslCertDao.remove(certId);
}
Also used :
Account(com.cloud.user.Account)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
SslCertVO(com.cloud.network.dao.SslCertVO)
LoadBalancerVO(com.cloud.network.dao.LoadBalancerVO)
LoadBalancerCertMapVO(com.cloud.network.dao.LoadBalancerCertMapVO)
CallContext(org.apache.cloudstack.context.CallContext)
ActionEvent(com.cloud.event.ActionEvent)
DB(com.cloud.utils.db.DB)
Example 3 with LoadBalancerCertMapVO
use of com.cloud.network.dao.LoadBalancerCertMapVO in project cloudstack by apache.
the class CertServiceImpl method createCertResponse.
public SslCertResponse createCertResponse(final SslCertVO cert, final List<LoadBalancerCertMapVO> lbCertMap) {
Preconditions.checkNotNull(cert);
final SslCertResponse response = new SslCertResponse();
final Account account = _accountDao.findByIdIncludingRemoved(cert.getAccountId());
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
// find the project
final Project project = _projectMgr.findByProjectAccountIdIncludingRemoved(account.getId());
if (project != null) {
response.setProjectId(project.getUuid());
response.setProjectName(project.getName());
}
response.setAccountName(account.getAccountName());
} else {
response.setAccountName(account.getAccountName());
}
final DomainVO domain = _domainDao.findByIdIncludingRemoved(cert.getDomainId());
response.setDomainId(domain.getUuid());
response.setDomainName(domain.getName());
response.setObjectName("sslcert");
response.setId(cert.getUuid());
response.setCertificate(cert.getCertificate());
response.setFingerprint(cert.getFingerPrint());
response.setName(cert.getName());
if (cert.getChain() != null) {
response.setCertchain(cert.getChain());
}
if (lbCertMap != null && !lbCertMap.isEmpty()) {
final List<String> lbIds = new ArrayList<String>();
for (final LoadBalancerCertMapVO mapVO : lbCertMap) {
final LoadBalancer lb = _entityMgr.findById(LoadBalancerVO.class, mapVO.getLbId());
if (lb != null) {
lbIds.add(lb.getUuid());
}
}
response.setLbIds(lbIds);
}
return response;
}
Also used :
Account(com.cloud.user.Account)
Project(com.cloud.projects.Project)
DomainVO(com.cloud.domain.DomainVO)
ArrayList(java.util.ArrayList)
LoadBalancerCertMapVO(com.cloud.network.dao.LoadBalancerCertMapVO)
LoadBalancer(com.cloud.network.rules.LoadBalancer)
SslCertResponse(org.apache.cloudstack.api.response.SslCertResponse)
Example 4 with LoadBalancerCertMapVO
use of com.cloud.network.dao.LoadBalancerCertMapVO in project cosmic by MissionCriticalCloud.
the class CertServiceImpl method deleteSslCert.
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_LB_CERT_DELETE, eventDescription = "Deleting a certificate to cloudstack", async = false)
public void deleteSslCert(final DeleteSslCertCmd deleteSslCertCmd) {
final CallContext ctx = CallContext.current();
final Account caller = ctx.getCallingAccount();
final Long certId = deleteSslCertCmd.getId();
final SslCertVO certVO = _sslCertDao.findById(certId);
if (certVO == null) {
throw new InvalidParameterValueException("Invalid certificate id: " + certId);
}
_accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, true, certVO);
final List<LoadBalancerCertMapVO> lbCertRule = _lbCertDao.listByCertId(certId);
if ((lbCertRule != null) && (!lbCertRule.isEmpty())) {
String lbUuids = "";
for (final LoadBalancerCertMapVO rule : lbCertRule) {
final LoadBalancerVO lb = _entityMgr.findById(LoadBalancerVO.class, rule.getLbId());
lbUuids += " " + lb.getUuid();
}
throw new CloudRuntimeException("Certificate in use by a loadbalancer(s)" + lbUuids);
}
_sslCertDao.remove(certId);
}
Also used :
Account(com.cloud.user.Account)
InvalidParameterValueException(com.cloud.utils.exception.InvalidParameterValueException)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
SslCertVO(com.cloud.network.dao.SslCertVO)
LoadBalancerVO(com.cloud.network.dao.LoadBalancerVO)
LoadBalancerCertMapVO(com.cloud.network.dao.LoadBalancerCertMapVO)
CallContext(com.cloud.context.CallContext)
ActionEvent(com.cloud.event.ActionEvent)
DB(com.cloud.utils.db.DB)
Example 5 with LoadBalancerCertMapVO
use of com.cloud.network.dao.LoadBalancerCertMapVO in project cosmic by MissionCriticalCloud.
the class LoadBalancingRulesManagerImpl method removeCertFromLoadBalancer.
@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_LB_CERT_REMOVE, eventDescription = "removing certificate from load balancer", async = true)
public boolean removeCertFromLoadBalancer(final long lbRuleId) {
final CallContext caller = CallContext.current();
final LoadBalancerVO loadBalancer = _lbDao.findById(lbRuleId);
final LoadBalancerCertMapVO lbCertMap = _lbCertMapDao.findByLbRuleId(lbRuleId);
if (loadBalancer == null) {
throw new InvalidParameterException("Invalid load balancer value: " + lbRuleId);
}
if (lbCertMap == null) {
throw new InvalidParameterException("No certificate is bound to lb with id: " + lbRuleId);
}
_accountMgr.checkAccess(caller.getCallingAccount(), null, true, loadBalancer);
boolean success = false;
final FirewallRule.State backupState = loadBalancer.getState();
try {
loadBalancer.setState(FirewallRule.State.Add);
_lbDao.persist(loadBalancer);
lbCertMap.setRevoke(true);
_lbCertMapDao.persist(lbCertMap);
if (!applyLoadBalancerConfig(lbRuleId)) {
s_logger.warn("Failed to remove cert from load balancer rule id " + lbRuleId);
final CloudRuntimeException ex = new CloudRuntimeException("Failed to remove certificate load balancer rule id " + lbRuleId);
ex.addProxyObject(loadBalancer.getUuid(), "loadBalancerId");
throw ex;
}
success = true;
} catch (final ResourceUnavailableException e) {
if (isRollBackAllowedForProvider(loadBalancer)) {
lbCertMap.setRevoke(false);
_lbCertMapDao.persist(lbCertMap);
loadBalancer.setState(backupState);
_lbDao.persist(loadBalancer);
s_logger.debug("Rolled back certificate removal lb id " + lbRuleId);
}
s_logger.warn("Unable to apply the load balancer config because resource is unavaliable.", e);
if (!success) {
final CloudRuntimeException ex = new CloudRuntimeException("Failed to remove certificate from load balancer rule id " + lbRuleId);
ex.addProxyObject(loadBalancer.getUuid(), "loadBalancerId");
throw ex;
}
}
return success;
}
Also used :
InvalidParameterException(java.security.InvalidParameterException)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
LoadBalancerVO(com.cloud.network.dao.LoadBalancerVO)
ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException)
LoadBalancerCertMapVO(com.cloud.network.dao.LoadBalancerCertMapVO)
CallContext(com.cloud.context.CallContext)
FirewallRule(com.cloud.network.rules.FirewallRule)
ActionEvent(com.cloud.event.ActionEvent)
DB(com.cloud.utils.db.DB)
Aggregations
LoadBalancerCertMapVO (com.cloud.network.dao.LoadBalancerCertMapVO)18
LoadBalancerVO (com.cloud.network.dao.LoadBalancerVO)12
SslCertVO (com.cloud.network.dao.SslCertVO)10
DB (com.cloud.utils.db.DB)10
ArrayList (java.util.ArrayList)10
ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)8
Account (com.cloud.user.Account)8
CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)8
ActionEvent (com.cloud.event.ActionEvent)6
FirewallRule (com.cloud.network.rules.FirewallRule)6
InvalidParameterException (java.security.InvalidParameterException)6
CallContext (com.cloud.context.CallContext)4
DomainVO (com.cloud.domain.DomainVO)4
InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)4
LoadBalancerVMMapVO (com.cloud.network.dao.LoadBalancerVMMapVO)4
LoadBalancer (com.cloud.network.rules.LoadBalancer)4
Project (com.cloud.projects.Project)4
TransactionStatus (com.cloud.utils.db.TransactionStatus)4
InvalidParameterValueException (com.cloud.utils.exception.InvalidParameterValueException)4
List (java.util.List)4
