Examples with NetworkExternalFirewallVO com.cloud.network.dao.NetworkExternalFirewallVO used on opensource projects

Example 6 with NetworkExternalFirewallVO

use of com.cloud.network.dao.NetworkExternalFirewallVO in project cloudstack by apache.

the class PaloAltoExternalFirewallElement method configurePaloAltoFirewall.

@Override
public ExternalFirewallDeviceVO configurePaloAltoFirewall(ConfigurePaloAltoFirewallCmd cmd) {
    Long fwDeviceId = cmd.getFirewallDeviceId();
    Long deviceCapacity = cmd.getFirewallCapacity();
    ExternalFirewallDeviceVO fwDeviceVO = _fwDevicesDao.findById(fwDeviceId);
    if (fwDeviceVO == null || !fwDeviceVO.getDeviceName().equalsIgnoreCase(NetworkDevice.PaloAltoFirewall.getName())) {
        throw new InvalidParameterValueException("No Palo Alto firewall device found with ID: " + fwDeviceId);
    }
    if (deviceCapacity != null) {
        // check if any networks are using this Palo Alto device
        List<NetworkExternalFirewallVO> networks = _networkFirewallDao.listByFirewallDeviceId(fwDeviceId);
        if ((networks != null) && !networks.isEmpty()) {
            if (deviceCapacity < networks.size()) {
                throw new CloudRuntimeException("There are more number of networks already using this Palo Alto firewall device than configured capacity");
            }
        }
        if (deviceCapacity != null) {
            fwDeviceVO.setCapacity(deviceCapacity);
        }
    }
    fwDeviceVO.setDeviceState(FirewallDeviceState.Enabled);
    _fwDevicesDao.update(fwDeviceId, fwDeviceVO);
    return fwDeviceVO;
}

Example 7 with NetworkExternalFirewallVO

use of com.cloud.network.dao.NetworkExternalFirewallVO in project cloudstack by apache.

the class JuniperSRXExternalFirewallElement method listNetworks.

@Override
public List<? extends Network> listNetworks(ListSrxFirewallNetworksCmd cmd) {
    Long fwDeviceId = cmd.getFirewallDeviceId();
    List<NetworkVO> networks = new ArrayList<NetworkVO>();
    ExternalFirewallDeviceVO fwDeviceVo = _fwDevicesDao.findById(fwDeviceId);
    if (fwDeviceVo == null || !fwDeviceVo.getDeviceName().equalsIgnoreCase(NetworkDevice.JuniperSRXFirewall.getName())) {
        throw new InvalidParameterValueException("Could not find SRX firewall device with ID " + fwDeviceId);
    }
    List<NetworkExternalFirewallVO> networkFirewallMaps = _networkFirewallDao.listByFirewallDeviceId(fwDeviceId);
    if (networkFirewallMaps != null && !networkFirewallMaps.isEmpty()) {
        for (NetworkExternalFirewallVO networkFirewallMap : networkFirewallMaps) {
            NetworkVO network = _networkDao.findById(networkFirewallMap.getNetworkId());
            networks.add(network);
        }
    }
    return networks;
}

Example 8 with NetworkExternalFirewallVO

use of com.cloud.network.dao.NetworkExternalFirewallVO in project cloudstack by apache.

the class ExternalDeviceUsageManagerImpl method getExternalFirewallForNetwork.

private ExternalFirewallDeviceVO getExternalFirewallForNetwork(Network network) {
    NetworkExternalFirewallVO fwDeviceForNetwork = _networkExternalFirewallDao.findByNetworkId(network.getId());
    if (fwDeviceForNetwork != null) {
        long fwDeviceId = fwDeviceForNetwork.getExternalFirewallDeviceId();
        ExternalFirewallDeviceVO fwDevice = _externalFirewallDeviceDao.findById(fwDeviceId);
        assert (fwDevice != null);
        return fwDevice;
    }
    return null;
}

Example 9 with NetworkExternalFirewallVO

use of com.cloud.network.dao.NetworkExternalFirewallVO in project cloudstack by apache.

the class ExternalFirewallDeviceManagerImpl method manageGuestNetworkWithExternalFirewall.

@Override
public boolean manageGuestNetworkWithExternalFirewall(boolean add, Network network) throws ResourceUnavailableException, InsufficientCapacityException {
    if (network.getTrafficType() != TrafficType.Guest) {
        s_logger.trace("External firewall can only be used for add/remove guest networks.");
        return false;
    }
    long zoneId = network.getDataCenterId();
    DataCenterVO zone = _dcDao.findById(zoneId);
    HostVO externalFirewall = null;
    if (add) {
        GlobalLock deviceMapLock = GlobalLock.getInternLock("NetworkFirewallDeviceMap");
        try {
            if (deviceMapLock.lock(120)) {
                try {
                    ExternalFirewallDeviceVO device = findSuitableFirewallForNetwork(network);
                    long externalFirewallId = device.getId();
                    NetworkExternalFirewallVO networkFW = new NetworkExternalFirewallVO(network.getId(), externalFirewallId);
                    _networkExternalFirewallDao.persist(networkFW);
                    externalFirewall = _hostDao.findById(device.getHostId());
                } finally {
                    deviceMapLock.unlock();
                }
            }
        } finally {
            deviceMapLock.releaseRef();
        }
    } else {
        ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network);
        if (fwDeviceVO == null) {
            s_logger.warn("Network shutdown requested on external firewall element, which did not implement the network." + " Either network implement failed half way through or already network shutdown is completed.");
            return true;
        }
        externalFirewall = _hostDao.findById(fwDeviceVO.getHostId());
    }
    Account account = _accountDao.findByIdIncludingRemoved(network.getAccountId());
    NetworkOffering offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
    boolean sharedSourceNat = offering.getSharedSourceNat();
    IPAddressVO sourceNatIp = null;
    if (!sharedSourceNat) {
        // Get the source NAT IP address for this network
        List<? extends IpAddress> sourceNatIps = _networkModel.listPublicIpsAssignedToAccount(network.getAccountId(), zoneId, true);
        for (IpAddress ipAddress : sourceNatIps) {
            if (ipAddress.getAssociatedWithNetworkId().longValue() == network.getId()) {
                sourceNatIp = _ipAddressDao.findById(ipAddress.getId());
                break;
            }
        }
        if (sourceNatIp == null) {
            String errorMsg = "External firewall was unable to find the source NAT IP address for network " + network.getName();
            s_logger.error(errorMsg);
            return true;
        }
    }
    // Send a command to the external firewall to implement or shutdown the guest network
    long guestVlanTag = Long.parseLong(BroadcastDomainType.getValue(network.getBroadcastUri()));
    String guestVlanGateway = network.getGateway();
    String guestVlanCidr = network.getCidr();
    String sourceNatIpAddress = null;
    String publicVlanTag = null;
    if (sourceNatIp != null) {
        sourceNatIpAddress = sourceNatIp.getAddress().addr();
        VlanVO publicVlan = _vlanDao.findById(sourceNatIp.getVlanId());
        publicVlanTag = publicVlan.getVlanTag();
    }
    // Get network rate
    Integer networkRate = _networkModel.getNetworkRate(network.getId(), null);
    IpAddressTO ip = new IpAddressTO(account.getAccountId(), sourceNatIpAddress, add, false, !sharedSourceNat, publicVlanTag, null, null, null, networkRate, false);
    IpAddressTO[] ips = new IpAddressTO[1];
    ips[0] = ip;
    IpAssocCommand cmd = new IpAssocCommand(ips);
    cmd.setAccessDetail(NetworkElementCommand.GUEST_NETWORK_GATEWAY, guestVlanGateway);
    cmd.setAccessDetail(NetworkElementCommand.GUEST_NETWORK_CIDR, guestVlanCidr);
    cmd.setAccessDetail(NetworkElementCommand.GUEST_VLAN_TAG, String.valueOf(guestVlanTag));
    Answer answer = _agentMgr.easySend(externalFirewall.getId(), cmd);
    List<String> reservedIpAddressesForGuestNetwork = _nicDao.listIpAddressInNetwork(network.getId());
    if (answer == null || !answer.getResult()) {
        String action = add ? "implement" : "shutdown";
        String answerDetails = (answer != null) ? answer.getDetails() : "answer was null";
        String msg = "External firewall was unable to " + action + " the guest network on the external firewall in zone " + zone.getName() + " due to " + answerDetails;
        s_logger.error(msg);
        if (!add && (!reservedIpAddressesForGuestNetwork.contains(network.getGateway()))) {
            // If we failed the implementation as well, then just return, no complain
            s_logger.error("Skip the shutdown of guest network on SRX because it seems we didn't implement it as well");
            return true;
        }
        throw new ResourceUnavailableException(msg, DataCenter.class, zoneId);
    }
    if (add && (!reservedIpAddressesForGuestNetwork.contains(network.getGateway()))) {
        // Insert a new NIC for this guest network to reserve the gateway address
        _networkMgr.savePlaceholderNic(network, network.getGateway(), null, null);
    }
    // Delete any mappings used for inline external load balancers in this network
    List<NicVO> nicsInNetwork = _nicDao.listByNetworkId(network.getId());
    for (NicVO nic : nicsInNetwork) {
        InlineLoadBalancerNicMapVO mapping = _inlineLoadBalancerNicMapDao.findByNicId(nic.getId());
        if (mapping != null) {
            _nicDao.expunge(mapping.getNicId());
            _inlineLoadBalancerNicMapDao.expunge(mapping.getId());
        }
    }
    // on network shutdown, delete placeHolder nics used for the firewall device
    if (!add) {
        List<NicVO> nics = _nicDao.listByNetworkId(network.getId());
        for (NicVO nic : nics) {
            if (nic.getVmType() == null && nic.getReservationStrategy().equals(ReservationStrategy.PlaceHolder) && nic.getIPv4Address().equals(network.getGateway())) {
                s_logger.debug("Removing placeholder nic " + nic + " for the network " + network);
                _nicDao.remove(nic.getId());
            }
        }
        freeFirewallForNetwork(network);
    }
    String action = add ? "implemented" : "shut down";
    s_logger.debug("External firewall has " + action + " the guest network for account " + account.getAccountName() + "(id = " + account.getAccountId() + ") with VLAN tag " + guestVlanTag);
    return true;
}

Example 10 with NetworkExternalFirewallVO

use of com.cloud.network.dao.NetworkExternalFirewallVO in project cloudstack by apache.

the class ExternalFirewallDeviceManagerImpl method deleteExternalFirewall.

@Override
public boolean deleteExternalFirewall(Long hostId) {
    HostVO externalFirewall = _hostDao.findById(hostId);
    if (externalFirewall == null) {
        throw new InvalidParameterValueException("Could not find an external firewall with ID: " + hostId);
    }
    DetailVO fwHostDetails = _hostDetailDao.findDetail(hostId, ApiConstants.FIREWALL_DEVICE_ID);
    long fwDeviceId = Long.parseLong(fwHostDetails.getValue());
    // check if any networks are using this balancer device
    List<NetworkExternalFirewallVO> networks = _networkExternalFirewallDao.listByFirewallDeviceId(fwDeviceId);
    if ((networks != null) && !networks.isEmpty()) {
        throw new CloudRuntimeException("Delete can not be done as there are networks using the firewall device ");
    }
    try {
        // put the host in maintenance state in order for it to be deleted
        externalFirewall.setResourceState(ResourceState.Maintenance);
        _hostDao.update(hostId, externalFirewall);
        _resourceMgr.deleteHost(hostId, false, false);
        // delete the external load balancer entry
        _externalFirewallDeviceDao.remove(fwDeviceId);
        return true;
    } catch (Exception e) {
        s_logger.debug("Failed to delete external firewall device due to " + e.getMessage());
        return false;
    }
}