Example 1 with Site2SiteVpnConnectionVO
use of com.cloud.network.dao.Site2SiteVpnConnectionVO in project cloudstack by apache.
the class VirtualNetworkApplianceManagerImpl method updateSite2SiteVpnConnectionState.
@DB
protected void updateSite2SiteVpnConnectionState(final List<DomainRouterVO> routers) {
for (final DomainRouterVO router : routers) {
if (router.getRole() == Role.INTERNAL_LB_VM) {
continue;
}
final List<Site2SiteVpnConnectionVO> conns = _s2sVpnMgr.getConnectionsForRouter(router);
if (conns == null || conns.isEmpty()) {
continue;
}
if (router.getIsRedundantRouter() && router.getRedundantState() != RedundantState.PRIMARY) {
continue;
}
if (router.getState() != VirtualMachine.State.Running) {
for (final Site2SiteVpnConnectionVO conn : conns) {
if (conn.getState() != Site2SiteVpnConnection.State.Error) {
conn.setState(Site2SiteVpnConnection.State.Disconnected);
_s2sVpnConnectionDao.persist(conn);
}
}
continue;
}
final List<String> ipList = new ArrayList<String>();
for (final Site2SiteVpnConnectionVO conn : conns) {
if (conn.getState() != Site2SiteVpnConnection.State.Connected && conn.getState() != Site2SiteVpnConnection.State.Disconnected && conn.getState() != Site2SiteVpnConnection.State.Connecting) {
continue;
}
final Site2SiteCustomerGateway gw = _s2sCustomerGatewayDao.findById(conn.getCustomerGatewayId());
ipList.add(gw.getGatewayIp());
}
final String privateIP = router.getPrivateIpAddress();
final HostVO host = _hostDao.findById(router.getHostId());
if (host == null || host.getState() != Status.Up) {
continue;
} else if (host.getManagementServerId() != ManagementServerNode.getManagementServerId()) {
/* Only cover hosts managed by this management server */
continue;
} else if (privateIP != null) {
final CheckS2SVpnConnectionsCommand command = new CheckS2SVpnConnectionsCommand(ipList);
command.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
command.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
command.setWait(30);
final Answer origAnswer = _agentMgr.easySend(router.getHostId(), command);
CheckS2SVpnConnectionsAnswer answer = null;
if (origAnswer instanceof CheckS2SVpnConnectionsAnswer) {
answer = (CheckS2SVpnConnectionsAnswer) origAnswer;
} else {
s_logger.warn("Unable to update router " + router.getHostName() + "'s VPN connection status");
continue;
}
if (!answer.getResult()) {
s_logger.warn("Unable to update router " + router.getHostName() + "'s VPN connection status");
continue;
}
for (final Site2SiteVpnConnectionVO conn : conns) {
final Site2SiteVpnConnectionVO lock = _s2sVpnConnectionDao.acquireInLockTable(conn.getId());
if (lock == null) {
throw new CloudRuntimeException("Unable to acquire lock for site to site vpn connection id " + conn.getId());
}
try {
if (conn.getState() != Site2SiteVpnConnection.State.Connected && conn.getState() != Site2SiteVpnConnection.State.Disconnected && conn.getState() != Site2SiteVpnConnection.State.Connecting) {
continue;
}
final Site2SiteVpnConnection.State oldState = conn.getState();
final Site2SiteCustomerGateway gw = _s2sCustomerGatewayDao.findById(conn.getCustomerGatewayId());
if (answer.isIPPresent(gw.getGatewayIp())) {
if (answer.isConnected(gw.getGatewayIp())) {
conn.setState(Site2SiteVpnConnection.State.Connected);
} else {
conn.setState(Site2SiteVpnConnection.State.Disconnected);
}
_s2sVpnConnectionDao.persist(conn);
if (oldState != conn.getState()) {
final String title = "Site-to-site Vpn Connection to " + gw.getName() + " just switched from " + oldState + " to " + conn.getState();
final String context = "Site-to-site Vpn Connection to " + gw.getName() + " on router " + router.getHostName() + "(id: " + router.getId() + ") " + " just switched from " + oldState + " to " + conn.getState();
s_logger.info(context);
_alertMgr.sendAlert(AlertManager.AlertType.ALERT_TYPE_DOMAIN_ROUTER, router.getDataCenterId(), router.getPodIdToDeployIn(), title, context);
}
}
} finally {
_s2sVpnConnectionDao.releaseFromLockTable(lock.getId());
}
}
}
}
}
Also used :
CheckS2SVpnConnectionsAnswer(com.cloud.agent.api.CheckS2SVpnConnectionsAnswer)
ArrayList(java.util.ArrayList)
Site2SiteVpnConnectionVO(com.cloud.network.dao.Site2SiteVpnConnectionVO)
HostVO(com.cloud.host.HostVO)
ManagementServerHostVO(com.cloud.cluster.ManagementServerHostVO)
Site2SiteVpnConnection(com.cloud.network.Site2SiteVpnConnection)
GroupAnswer(com.cloud.agent.api.routing.GroupAnswer)
NetworkUsageAnswer(com.cloud.agent.api.NetworkUsageAnswer)
Answer(com.cloud.agent.api.Answer)
CheckRouterAnswer(com.cloud.agent.api.CheckRouterAnswer)
AgentControlAnswer(com.cloud.agent.api.AgentControlAnswer)
GetDomRVersionAnswer(com.cloud.agent.api.GetDomRVersionAnswer)
CheckS2SVpnConnectionsAnswer(com.cloud.agent.api.CheckS2SVpnConnectionsAnswer)
GetRouterMonitorResultsAnswer(com.cloud.agent.api.routing.GetRouterMonitorResultsAnswer)
GetRouterAlertsAnswer(com.cloud.agent.api.GetRouterAlertsAnswer)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
CheckS2SVpnConnectionsCommand(com.cloud.agent.api.CheckS2SVpnConnectionsCommand)
DomainRouterVO(com.cloud.vm.DomainRouterVO)
Site2SiteCustomerGateway(com.cloud.network.Site2SiteCustomerGateway)
DB(com.cloud.utils.db.DB)
Example 2 with Site2SiteVpnConnectionVO
use of com.cloud.network.dao.Site2SiteVpnConnectionVO in project cloudstack by apache.
the class Site2SiteVpnManagerImpl method createVpnConnection.
@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CONNECTION_CREATE, eventDescription = "creating s2s vpn connection", create = true)
public Site2SiteVpnConnection createVpnConnection(CreateVpnConnectionCmd cmd) throws NetworkRuleConflictException {
Account caller = CallContext.current().getCallingAccount();
Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId());
// Verify that caller can perform actions in behalf of vpc owner
_accountMgr.checkAccess(caller, null, false, owner);
Long customerGatewayId = cmd.getCustomerGatewayId();
Site2SiteCustomerGateway customerGateway = _customerGatewayDao.findById(customerGatewayId);
if (customerGateway == null) {
throw new InvalidParameterValueException("Unable to found specified Site to Site VPN customer gateway " + customerGatewayId + " !");
}
_accountMgr.checkAccess(caller, null, false, customerGateway);
Long vpnGatewayId = cmd.getVpnGatewayId();
Site2SiteVpnGateway vpnGateway = _vpnGatewayDao.findById(vpnGatewayId);
if (vpnGateway == null) {
throw new InvalidParameterValueException("Unable to found specified Site to Site VPN gateway " + vpnGatewayId + " !");
}
_accountMgr.checkAccess(caller, null, false, vpnGateway);
if (customerGateway.getAccountId() != vpnGateway.getAccountId() || customerGateway.getDomainId() != vpnGateway.getDomainId()) {
throw new InvalidParameterValueException("VPN connection can only be esitablished between same account's VPN gateway and customer gateway!");
}
if (_vpnConnectionDao.findByVpnGatewayIdAndCustomerGatewayId(vpnGatewayId, customerGatewayId) != null) {
throw new InvalidParameterValueException("The vpn connection with customer gateway id " + customerGatewayId + " and vpn gateway id " + vpnGatewayId + " already existed!");
}
String[] cidrList = customerGateway.getGuestCidrList().split(",");
// Remote sub nets cannot overlap VPC's sub net
String vpcCidr = _vpcDao.findById(vpnGateway.getVpcId()).getCidr();
for (String cidr : cidrList) {
if (NetUtils.isNetworksOverlap(vpcCidr, cidr)) {
throw new InvalidParameterValueException("The subnets of customer gateway " + customerGatewayId + "'s subnet " + cidr + " is overlapped with VPC cidr " + vpcCidr + "!");
}
}
// We also need to check if the new connection's remote CIDR is overlapped with existed connections
List<Site2SiteVpnConnectionVO> conns = _vpnConnectionDao.listByVpnGatewayId(vpnGatewayId);
if (conns.size() >= _connLimit) {
throw new InvalidParameterValueException("There are too many VPN connections with current VPN gateway! The limit is " + _connLimit);
}
for (Site2SiteVpnConnectionVO vc : conns) {
if (vc == null) {
continue;
}
Site2SiteCustomerGatewayVO gw = _customerGatewayDao.findById(vc.getCustomerGatewayId());
String[] oldCidrList = gw.getGuestCidrList().split(",");
for (String oldCidr : oldCidrList) {
for (String cidr : cidrList) {
if (NetUtils.isNetworksOverlap(cidr, oldCidr)) {
throw new InvalidParameterValueException("The new connection's remote subnet " + cidr + " is overlapped with existed VPN connection to customer gateway " + gw.getName() + "'s subnet " + oldCidr);
}
}
}
}
Site2SiteVpnConnectionVO conn = new Site2SiteVpnConnectionVO(owner.getAccountId(), owner.getDomainId(), vpnGatewayId, customerGatewayId, cmd.isPassive());
conn.setState(State.Pending);
if (cmd.getDisplay() != null) {
conn.setDisplay(cmd.getDisplay());
}
_vpnConnectionDao.persist(conn);
return conn;
}
Also used :
Account(com.cloud.user.Account)
Site2SiteVpnGateway(com.cloud.network.Site2SiteVpnGateway)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
Site2SiteCustomerGatewayVO(com.cloud.network.dao.Site2SiteCustomerGatewayVO)
Site2SiteVpnConnectionVO(com.cloud.network.dao.Site2SiteVpnConnectionVO)
Site2SiteCustomerGateway(com.cloud.network.Site2SiteCustomerGateway)
ActionEvent(com.cloud.event.ActionEvent)
Example 3 with Site2SiteVpnConnectionVO
use of com.cloud.network.dao.Site2SiteVpnConnectionVO in project cloudstack by apache.
the class Site2SiteVpnManagerImpl method updateVpnConnection.
@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CONNECTION_UPDATE, eventDescription = "creating s2s vpn gateway", async = true)
public Site2SiteVpnConnection updateVpnConnection(long id, String customId, Boolean forDisplay) {
Account caller = CallContext.current().getCallingAccount();
Site2SiteVpnConnectionVO conn = _vpnConnectionDao.findById(id);
if (conn == null) {
throw new InvalidParameterValueException("Fail to find site to site VPN connection " + id);
}
_accountMgr.checkAccess(caller, null, false, conn);
if (customId != null) {
conn.setUuid(customId);
}
if (forDisplay != null) {
conn.setDisplay(forDisplay);
}
_vpnConnectionDao.update(id, conn);
return _vpnConnectionDao.findById(id);
}
Also used :
Account(com.cloud.user.Account)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
Site2SiteVpnConnectionVO(com.cloud.network.dao.Site2SiteVpnConnectionVO)
ActionEvent(com.cloud.event.ActionEvent)
Example 4 with Site2SiteVpnConnectionVO
use of com.cloud.network.dao.Site2SiteVpnConnectionVO in project cloudstack by apache.
the class Site2SiteVpnManagerImpl method markDisconnectVpnConnByVpc.
@Override
@DB
public void markDisconnectVpnConnByVpc(long vpcId) {
List<Site2SiteVpnConnectionVO> conns = _vpnConnectionDao.listByVpcId(vpcId);
for (Site2SiteVpnConnectionVO conn : conns) {
if (conn == null) {
continue;
}
Site2SiteVpnConnectionVO lock = _vpnConnectionDao.acquireInLockTable(conn.getId());
if (lock == null) {
throw new CloudRuntimeException("Unable to acquire lock on " + conn);
}
try {
if (conn.getState() == Site2SiteVpnConnection.State.Connected || conn.getState() == Site2SiteVpnConnection.State.Connecting) {
conn.setState(Site2SiteVpnConnection.State.Disconnected);
_vpnConnectionDao.persist(conn);
}
} finally {
_vpnConnectionDao.releaseFromLockTable(lock.getId());
}
}
}
Also used :
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
Site2SiteVpnConnectionVO(com.cloud.network.dao.Site2SiteVpnConnectionVO)
DB(com.cloud.utils.db.DB)
Example 5 with Site2SiteVpnConnectionVO
use of com.cloud.network.dao.Site2SiteVpnConnectionVO in project cloudstack by apache.
the class VirtualNetworkApplianceManagerImplTest method testUpdateSite2SiteVpnConnectionState.
@Test
public void testUpdateSite2SiteVpnConnectionState() throws Exception {
DomainRouterVO router = new DomainRouterVO(1L, 1L, 1L, "First testing router", 1L, Hypervisor.HypervisorType.XenServer, 1L, 1L, 1L, 1L, false, VirtualRouter.RedundantState.PRIMARY, true, true, 1L);
router.setState(VirtualMachine.State.Running);
router.setPrivateIpAddress("192.168.50.15");
List<DomainRouterVO> routers = new ArrayList<DomainRouterVO>();
routers.add(router);
Site2SiteVpnConnectionVO conn = new Site2SiteVpnConnectionVO(1L, 1L, 1L, 1L, false);
Site2SiteVpnConnectionVO conn1 = new Site2SiteVpnConnectionVO(1L, 1L, 1L, 1L, false);
conn.setState(Site2SiteVpnConnection.State.Disconnected);
conn1.setState(Site2SiteVpnConnection.State.Disconnected);
List<Site2SiteVpnConnectionVO> conns = new ArrayList<Site2SiteVpnConnectionVO>();
conns.add(conn);
conns.add(conn1);
Site2SiteCustomerGatewayVO gw = new Site2SiteCustomerGatewayVO("Testing gateway", 1L, 1L, "192.168.50.15", "Guest List", "ipsecPsk", "ikePolicy", "espPolicy", 1L, 1L, true, true, false, "ike");
HostVO hostVo = new HostVO(1L, "Testing host", Host.Type.Routing, "192.168.50.15", "privateNetmask", "privateMacAddress", "publicIpAddress", "publicNetmask", "publicMacAddress", "storageIpAddress", "storageNetmask", "storageMacAddress", "deuxStorageIpAddress", "duxStorageNetmask", "deuxStorageMacAddress", "guid", Status.Up, "version", "iqn", new Date(), 1L, 1L, 1L, 1L, "parent", 20L, Storage.StoragePoolType.Gluster);
hostVo.setManagementServerId(ManagementServerNode.getManagementServerId());
ArrayList<String> ipList = new ArrayList<>();
ipList.add("192.168.50.15");
_s2sConnCommand = new CheckS2SVpnConnectionsCommand(ipList);
when(_s2sVpnMgr.getConnectionsForRouter(router)).thenReturn(conns);
when(_s2sVpnConnectionDao.persist(conn)).thenReturn(null);
when(_s2sCustomerGatewayDao.findById(conn.getCustomerGatewayId())).thenReturn(gw);
when(_hostDao.findById(router.getHostId())).thenReturn(hostVo);
when(_routerControlHelper.getRouterControlIp(router.getId())).thenReturn("192.168.50.15");
doReturn(_s2sVpnAnswer).when(_agentMgr).easySend(nullable(Long.class), nullable(CheckS2SVpnConnectionsCommand.class));
when(_s2sVpnAnswer.getResult()).thenReturn(true);
when(_s2sVpnConnectionDao.acquireInLockTable(conn.getId())).thenReturn(conn);
when(_s2sVpnAnswer.isIPPresent("192.168.50.15")).thenReturn(true);
when(_s2sVpnAnswer.isConnected("192.168.50.15")).thenReturn(true);
lenient().doNothing().when(_alertMgr).sendAlert(any(AlertManager.AlertType.class), anyLong(), anyLong(), anyString(), anyString());
virtualNetworkApplianceManagerImpl.updateSite2SiteVpnConnectionState(routers);
for (Site2SiteVpnConnection connection : conns) {
assertEquals(Site2SiteVpnConnection.State.Connected, connection.getState());
}
}
Also used :
Site2SiteCustomerGatewayVO(com.cloud.network.dao.Site2SiteCustomerGatewayVO)
ArrayList(java.util.ArrayList)
Matchers.anyString(org.mockito.Matchers.anyString)
Site2SiteVpnConnectionVO(com.cloud.network.dao.Site2SiteVpnConnectionVO)
HostVO(com.cloud.host.HostVO)
Date(java.util.Date)
Site2SiteVpnConnection(com.cloud.network.Site2SiteVpnConnection)
Matchers.anyLong(org.mockito.Matchers.anyLong)
CheckS2SVpnConnectionsCommand(com.cloud.agent.api.CheckS2SVpnConnectionsCommand)
DomainRouterVO(com.cloud.vm.DomainRouterVO)
Test(org.junit.Test)
Aggregations
Site2SiteVpnConnectionVO (com.cloud.network.dao.Site2SiteVpnConnectionVO)21
ActionEvent (com.cloud.event.ActionEvent)11
Account (com.cloud.user.Account)11
DB (com.cloud.utils.db.DB)8
CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)8
InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)6
InvalidParameterValueException (com.cloud.utils.exception.InvalidParameterValueException)6
Site2SiteVpnServiceProvider (com.cloud.network.element.Site2SiteVpnServiceProvider)5
ArrayList (java.util.ArrayList)5
ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)4
Site2SiteCustomerGateway (com.cloud.network.Site2SiteCustomerGateway)4
Site2SiteCustomerGatewayVO (com.cloud.network.dao.Site2SiteCustomerGatewayVO)4
CheckS2SVpnConnectionsCommand (com.cloud.agent.api.CheckS2SVpnConnectionsCommand)3
HostVO (com.cloud.host.HostVO)3
Site2SiteVpnConnection (com.cloud.network.Site2SiteVpnConnection)3
DomainRouterVO (com.cloud.vm.DomainRouterVO)3
AgentControlAnswer (com.cloud.agent.api.AgentControlAnswer)2
Answer (com.cloud.agent.api.Answer)2
CheckRouterAnswer (com.cloud.agent.api.CheckRouterAnswer)2
CheckS2SVpnConnectionsAnswer (com.cloud.agent.api.CheckS2SVpnConnectionsAnswer)2
