Example 1 with RemoteAccessVPNServiceProvider
use of com.cloud.network.element.RemoteAccessVPNServiceProvider in project cloudstack by apache.
the class RemoteAccessVpnManagerImpl method startRemoteAccessVpn.
@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_REMOTE_ACCESS_VPN_CREATE, eventDescription = "creating remote access vpn", async = true)
public RemoteAccessVpnVO startRemoteAccessVpn(long ipAddressId, boolean openFirewall) throws ResourceUnavailableException {
Account caller = CallContext.current().getCallingAccount();
final RemoteAccessVpnVO vpn = _remoteAccessVpnDao.findByPublicIpAddress(ipAddressId);
if (vpn == null) {
throw new InvalidParameterValueException("Unable to find your vpn: " + ipAddressId);
}
if (vpn.getVpcId() != null) {
openFirewall = false;
}
_accountMgr.checkAccess(caller, null, true, vpn);
boolean started = false;
try {
boolean firewallOpened = true;
if (openFirewall) {
firewallOpened = _firewallMgr.applyIngressFirewallRules(vpn.getServerAddressId(), caller);
}
if (firewallOpened) {
for (RemoteAccessVPNServiceProvider element : _vpnServiceProviders) {
if (element.startVpn(vpn)) {
started = true;
break;
}
}
}
return vpn;
} finally {
if (started) {
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
vpn.setState(RemoteAccessVpn.State.Running);
_remoteAccessVpnDao.update(vpn.getId(), vpn);
// Start billing of existing VPN users in ADD and Active state
List<VpnUserVO> vpnUsers = _vpnUsersDao.listByAccount(vpn.getAccountId());
for (VpnUserVO user : vpnUsers) {
if (user.getState() != VpnUser.State.Revoke) {
UsageEventUtils.publishUsageEvent(EventTypes.EVENT_VPN_USER_ADD, user.getAccountId(), 0, user.getId(), user.getUsername(), user.getClass().getName(), user.getUuid());
}
}
}
});
}
}
}
Also used :
Account(com.cloud.user.Account)
RemoteAccessVPNServiceProvider(com.cloud.network.element.RemoteAccessVPNServiceProvider)
RemoteAccessVpnVO(com.cloud.network.dao.RemoteAccessVpnVO)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
VpnUserVO(com.cloud.network.VpnUserVO)
TransactionStatus(com.cloud.utils.db.TransactionStatus)
TransactionCallbackNoReturn(com.cloud.utils.db.TransactionCallbackNoReturn)
List(java.util.List)
ArrayList(java.util.ArrayList)
ActionEvent(com.cloud.event.ActionEvent)
DB(com.cloud.utils.db.DB)
Example 2 with RemoteAccessVPNServiceProvider
use of com.cloud.network.element.RemoteAccessVPNServiceProvider in project cloudstack by apache.
the class RemoteAccessVpnManagerImpl method destroyRemoteAccessVpnForIp.
@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, eventDescription = "removing remote access vpn", async = true)
public boolean destroyRemoteAccessVpnForIp(long ipId, Account caller, final boolean forceCleanup) throws ResourceUnavailableException {
final RemoteAccessVpnVO vpn = _remoteAccessVpnDao.findByPublicIpAddress(ipId);
if (vpn == null) {
s_logger.debug("there are no Remote access vpns for public ip address id=" + ipId);
return true;
}
_accountMgr.checkAccess(caller, AccessType.OperateEntry, true, vpn);
RemoteAccessVpn.State prevState = vpn.getState();
vpn.setState(RemoteAccessVpn.State.Removed);
_remoteAccessVpnDao.update(vpn.getId(), vpn);
boolean success = false;
try {
for (RemoteAccessVPNServiceProvider element : _vpnServiceProviders) {
if (element.stopVpn(vpn)) {
success = true;
break;
}
}
} catch (ResourceUnavailableException ex) {
vpn.setState(prevState);
_remoteAccessVpnDao.update(vpn.getId(), vpn);
s_logger.debug("Failed to stop the vpn " + vpn.getId() + " , so reverted state to " + RemoteAccessVpn.State.Running);
success = false;
} finally {
if (success || forceCleanup) {
//Cleanup corresponding ports
final List<? extends FirewallRule> vpnFwRules = _rulesDao.listByIpAndPurpose(ipId, Purpose.Vpn);
boolean applyFirewall = false;
final List<FirewallRuleVO> fwRules = new ArrayList<FirewallRuleVO>();
//if related firewall rule is created for the first vpn port, it would be created for the 2 other ports as well, so need to cleanup the backend
if (vpnFwRules.size() != 0 && _rulesDao.findByRelatedId(vpnFwRules.get(0).getId()) != null) {
applyFirewall = true;
}
if (applyFirewall) {
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
for (FirewallRule vpnFwRule : vpnFwRules) {
//don't apply on the backend yet; send all 3 rules in a banch
_firewallMgr.revokeRelatedFirewallRule(vpnFwRule.getId(), false);
fwRules.add(_rulesDao.findByRelatedId(vpnFwRule.getId()));
}
s_logger.debug("Marked " + fwRules.size() + " firewall rules as Revoked as a part of disable remote access vpn");
}
});
//now apply vpn rules on the backend
s_logger.debug("Reapplying firewall rules for ip id=" + ipId + " as a part of disable remote access vpn");
success = _firewallMgr.applyIngressFirewallRules(ipId, caller);
}
if (success || forceCleanup) {
try {
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
_remoteAccessVpnDao.remove(vpn.getId());
// Stop billing of VPN users when VPN is removed. VPN_User_ADD events will be generated when VPN is created again
List<VpnUserVO> vpnUsers = _vpnUsersDao.listByAccount(vpn.getAccountId());
for (VpnUserVO user : vpnUsers) {
// VPN_USER_REMOVE event is already generated for users in Revoke state
if (user.getState() != VpnUser.State.Revoke) {
UsageEventUtils.publishUsageEvent(EventTypes.EVENT_VPN_USER_REMOVE, user.getAccountId(), 0, user.getId(), user.getUsername(), user.getClass().getName(), user.getUuid());
}
}
if (vpnFwRules != null) {
for (FirewallRule vpnFwRule : vpnFwRules) {
_rulesDao.remove(vpnFwRule.getId());
s_logger.debug("Successfully removed firewall rule with ip id=" + vpnFwRule.getSourceIpAddressId() + " and port " + vpnFwRule.getSourcePortStart().intValue() + " as a part of vpn cleanup");
}
}
}
});
} catch (Exception ex) {
s_logger.warn("Unable to release the three vpn ports from the firewall rules", ex);
}
}
}
}
return success;
}
Also used :
RemoteAccessVPNServiceProvider(com.cloud.network.element.RemoteAccessVPNServiceProvider)
RemoteAccessVpnVO(com.cloud.network.dao.RemoteAccessVpnVO)
VpnUserVO(com.cloud.network.VpnUserVO)
ArrayList(java.util.ArrayList)
TransactionStatus(com.cloud.utils.db.TransactionStatus)
TransactionCallbackNoReturn(com.cloud.utils.db.TransactionCallbackNoReturn)
FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)
AccountLimitException(com.cloud.exception.AccountLimitException)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
TransactionCallbackWithException(com.cloud.utils.db.TransactionCallbackWithException)
NetworkRuleConflictException(com.cloud.exception.NetworkRuleConflictException)
ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException)
ConfigurationException(javax.naming.ConfigurationException)
ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException)
List(java.util.List)
ArrayList(java.util.ArrayList)
FirewallRule(com.cloud.network.rules.FirewallRule)
RemoteAccessVpn(com.cloud.network.RemoteAccessVpn)
ActionEvent(com.cloud.event.ActionEvent)
DB(com.cloud.utils.db.DB)
Example 3 with RemoteAccessVPNServiceProvider
use of com.cloud.network.element.RemoteAccessVPNServiceProvider in project cloudstack by apache.
the class RemoteAccessVpnManagerImpl method applyVpnUsers.
@DB
@Override
public boolean applyVpnUsers(long vpnOwnerId, String userName) throws ResourceUnavailableException {
Account caller = CallContext.current().getCallingAccount();
Account owner = _accountDao.findById(vpnOwnerId);
_accountMgr.checkAccess(caller, null, true, owner);
s_logger.debug("Applying vpn users for " + owner);
List<RemoteAccessVpnVO> vpns = _remoteAccessVpnDao.findByAccount(vpnOwnerId);
RemoteAccessVpnVO vpnTemp = null;
List<VpnUserVO> users = _vpnUsersDao.listByAccount(vpnOwnerId);
//If user is in Active state, we still have to resend them therefore their status has to be Add
for (VpnUserVO user : users) {
if (user.getState() == State.Active) {
user.setState(State.Add);
_vpnUsersDao.update(user.getId(), user);
}
}
boolean success = true;
Boolean[] finals = new Boolean[users.size()];
for (RemoteAccessVPNServiceProvider element : _vpnServiceProviders) {
s_logger.debug("Applying vpn access to " + element.getName());
for (RemoteAccessVpnVO vpn : vpns) {
try {
String[] results = element.applyVpnUsers(vpn, users);
if (results != null) {
int indexUser = -1;
for (int i = 0; i < results.length; i++) {
indexUser++;
if (indexUser == users.size()) {
// results on multiple VPC routers are combined in commit 13eb789, reset user index if one VR is done.
indexUser = 0;
}
s_logger.debug("VPN User " + users.get(indexUser) + (results[i] == null ? " is set on " : (" couldn't be set due to " + results[i]) + " on ") + vpn.getUuid());
if (results[i] == null) {
if (finals[indexUser] == null) {
finals[indexUser] = true;
}
} else {
finals[indexUser] = false;
success = false;
vpnTemp = vpn;
}
}
}
} catch (Exception e) {
s_logger.warn("Unable to apply vpn users ", e);
success = false;
vpnTemp = vpn;
for (int i = 0; i < finals.length; i++) {
finals[i] = false;
}
}
}
}
for (int i = 0; i < finals.length; i++) {
final VpnUserVO user = users.get(i);
if (finals[i]) {
if (user.getState() == State.Add) {
user.setState(State.Active);
_vpnUsersDao.update(user.getId(), user);
} else if (user.getState() == State.Revoke) {
_vpnUsersDao.remove(user.getId());
}
} else {
if (user.getState() == State.Add && (user.getUsername()).equals(userName)) {
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
_vpnUsersDao.remove(user.getId());
UsageEventUtils.publishUsageEvent(EventTypes.EVENT_VPN_USER_REMOVE, user.getAccountId(), 0, user.getId(), user.getUsername(), user.getClass().getName(), user.getUuid());
}
});
}
s_logger.warn("Failed to apply vpn for user " + user.getUsername() + ", accountId=" + user.getAccountId());
}
}
if (!success) {
throw new ResourceUnavailableException("Failed add vpn user due to Resource unavailable ", RemoteAccessVPNServiceProvider.class, vpnTemp.getId());
}
return success;
}
Also used :
Account(com.cloud.user.Account)
RemoteAccessVPNServiceProvider(com.cloud.network.element.RemoteAccessVPNServiceProvider)
RemoteAccessVpnVO(com.cloud.network.dao.RemoteAccessVpnVO)
VpnUserVO(com.cloud.network.VpnUserVO)
TransactionStatus(com.cloud.utils.db.TransactionStatus)
TransactionCallbackNoReturn(com.cloud.utils.db.TransactionCallbackNoReturn)
AccountLimitException(com.cloud.exception.AccountLimitException)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
TransactionCallbackWithException(com.cloud.utils.db.TransactionCallbackWithException)
NetworkRuleConflictException(com.cloud.exception.NetworkRuleConflictException)
ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException)
ConfigurationException(javax.naming.ConfigurationException)
ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException)
DB(com.cloud.utils.db.DB)
Aggregations
InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)3
VpnUserVO (com.cloud.network.VpnUserVO)3
RemoteAccessVpnVO (com.cloud.network.dao.RemoteAccessVpnVO)3
RemoteAccessVPNServiceProvider (com.cloud.network.element.RemoteAccessVPNServiceProvider)3
DB (com.cloud.utils.db.DB)3
TransactionCallbackNoReturn (com.cloud.utils.db.TransactionCallbackNoReturn)3
TransactionStatus (com.cloud.utils.db.TransactionStatus)3
ActionEvent (com.cloud.event.ActionEvent)2
AccountLimitException (com.cloud.exception.AccountLimitException)2
NetworkRuleConflictException (com.cloud.exception.NetworkRuleConflictException)2
ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)2
Account (com.cloud.user.Account)2
TransactionCallbackWithException (com.cloud.utils.db.TransactionCallbackWithException)2
ArrayList (java.util.ArrayList)2
List (java.util.List)2
ConfigurationException (javax.naming.ConfigurationException)2
RemoteAccessVpn (com.cloud.network.RemoteAccessVpn)1
FirewallRule (com.cloud.network.rules.FirewallRule)1
FirewallRuleVO (com.cloud.network.rules.FirewallRuleVO)1
