Example 1 with Purpose
use of com.cloud.network.rules.FirewallRule.Purpose in project cloudstack by apache.
the class FirewallManagerImpl method applyRules.
@Override
public boolean applyRules(List<? extends FirewallRule> rules, boolean continueOnError, boolean updateRulesInDB) throws ResourceUnavailableException {
boolean success = true;
if (rules == null || rules.size() == 0) {
s_logger.debug("There are no rules to forward to the network elements");
return true;
}
Purpose purpose = rules.get(0).getPurpose();
if (!_ipAddrMgr.applyRules(rules, purpose, this, continueOnError)) {
s_logger.warn("Rules are not completely applied");
return false;
} else {
if (updateRulesInDB) {
for (FirewallRule rule : rules) {
if (rule.getState() == FirewallRule.State.Revoke) {
FirewallRuleVO relatedRule = _firewallDao.findByRelatedId(rule.getId());
if (relatedRule != null) {
s_logger.warn("Can't remove the firewall rule id=" + rule.getId() + " as it has related firewall rule id=" + relatedRule.getId() + "; leaving it in Revoke state");
success = false;
} else {
removeRule(rule);
if (rule.getSourceIpAddressId() != null) {
//if the rule is the last one for the ip address assigned to VPC, unassign it from the network
IpAddress ip = _ipAddressDao.findById(rule.getSourceIpAddressId());
_vpcMgr.unassignIPFromVpcNetwork(ip.getId(), rule.getNetworkId());
}
}
} else if (rule.getState() == FirewallRule.State.Add) {
FirewallRuleVO ruleVO = _firewallDao.findById(rule.getId());
ruleVO.setState(FirewallRule.State.Active);
_firewallDao.update(ruleVO.getId(), ruleVO);
}
}
}
}
return success;
}
Also used :
Purpose(com.cloud.network.rules.FirewallRule.Purpose)
IpAddress(com.cloud.network.IpAddress)
FirewallRule(com.cloud.network.rules.FirewallRule)
FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)
Example 2 with Purpose
use of com.cloud.network.rules.FirewallRule.Purpose in project cloudstack by apache.
the class NetworkServiceImpl method getPublicIpPurposeInRules.
private Set<Purpose> getPublicIpPurposeInRules(PublicIp ip, boolean includeRevoked, boolean includingFirewall) {
Set<Purpose> result = new HashSet<Purpose>();
List<FirewallRuleVO> rules = null;
if (includeRevoked) {
rules = _firewallDao.listByIp(ip.getId());
} else {
rules = _firewallDao.listByIpAndNotRevoked(ip.getId());
}
if (rules == null || rules.isEmpty()) {
return null;
}
for (FirewallRuleVO rule : rules) {
if (rule.getPurpose() != Purpose.Firewall || includingFirewall) {
result.add(rule.getPurpose());
}
}
return result;
}
Also used :
Purpose(com.cloud.network.rules.FirewallRule.Purpose)
FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)
HashSet(java.util.HashSet)
Example 3 with Purpose
use of com.cloud.network.rules.FirewallRule.Purpose in project cloudstack by apache.
the class BasicNetworkVisitor method visit.
@SuppressWarnings("unchecked")
@Override
public boolean visit(final FirewallRules firewall) throws ResourceUnavailableException {
final Network network = firewall.getNetwork();
final VirtualRouter router = firewall.getRouter();
final List<? extends FirewallRule> rules = firewall.getRules();
final List<LoadBalancingRule> loadbalancingRules = firewall.getLoadbalancingRules();
final Purpose purpose = firewall.getPurpose();
final Commands cmds = new Commands(Command.OnError.Continue);
if (purpose == Purpose.LoadBalancing) {
_commandSetupHelper.createApplyLoadBalancingRulesCommands(loadbalancingRules, router, cmds, network.getId());
return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
} else if (purpose == Purpose.PortForwarding) {
_commandSetupHelper.createApplyPortForwardingRulesCommands((List<? extends PortForwardingRule>) rules, router, cmds, network.getId());
return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
} else if (purpose == Purpose.StaticNat) {
_commandSetupHelper.createApplyStaticNatRulesCommands((List<StaticNatRule>) rules, router, cmds, network.getId());
return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
} else if (purpose == Purpose.Firewall) {
_commandSetupHelper.createApplyFirewallRulesCommands(rules, router, cmds, network.getId());
return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
}
s_logger.warn("Unable to apply rules of purpose: " + rules.get(0).getPurpose());
return false;
}
Also used :
LoadBalancingRule(com.cloud.network.lb.LoadBalancingRule)
Network(com.cloud.network.Network)
Commands(com.cloud.agent.manager.Commands)
Purpose(com.cloud.network.rules.FirewallRule.Purpose)
List(java.util.List)
ArrayList(java.util.ArrayList)
StaticNatRule(com.cloud.network.rules.StaticNatRule)
PortForwardingRule(com.cloud.network.rules.PortForwardingRule)
VirtualRouter(com.cloud.network.router.VirtualRouter)
Example 4 with Purpose
use of com.cloud.network.rules.FirewallRule.Purpose in project cloudstack by apache.
the class LoadBalancingRulesManagerImpl method validateLbRule.
@Override
public boolean validateLbRule(LoadBalancingRule lbRule) {
Network network = _networkDao.findById(lbRule.getNetworkId());
Purpose purpose = lbRule.getPurpose();
if (purpose != Purpose.LoadBalancing) {
s_logger.debug("Unable to validate network rules for purpose: " + purpose.toString());
return false;
}
for (LoadBalancingServiceProvider ne : _lbProviders) {
boolean validated = ne.validateLBRule(network, lbRule);
if (!validated)
return false;
}
return true;
}
Also used :
Network(com.cloud.network.Network)
Purpose(com.cloud.network.rules.FirewallRule.Purpose)
LoadBalancingServiceProvider(com.cloud.network.element.LoadBalancingServiceProvider)
Example 5 with Purpose
use of com.cloud.network.rules.FirewallRule.Purpose in project cloudstack by apache.
the class NetworkModelImpl method getIpToServices.
@Override
public Map<PublicIpAddress, Set<Service>> getIpToServices(List<? extends PublicIpAddress> publicIps, boolean postApplyRules, boolean includingFirewall) {
Map<PublicIpAddress, Set<Service>> ipToServices = new HashMap<PublicIpAddress, Set<Service>>();
if (publicIps != null && !publicIps.isEmpty()) {
Set<Long> networkSNAT = new HashSet<Long>();
for (PublicIpAddress ip : publicIps) {
Set<Service> services = ipToServices.get(ip);
if (services == null) {
services = new HashSet<Service>();
}
if (ip.isSourceNat()) {
if (!networkSNAT.contains(ip.getAssociatedWithNetworkId())) {
services.add(Service.SourceNat);
networkSNAT.add(ip.getAssociatedWithNetworkId());
} else {
CloudRuntimeException ex = new CloudRuntimeException("Multiple generic soure NAT IPs provided for network");
// see the IPAddressVO.java class.
IPAddressVO ipAddr = ApiDBUtils.findIpAddressById(ip.getAssociatedWithNetworkId());
String ipAddrUuid = ip.getAssociatedWithNetworkId().toString();
if (ipAddr != null) {
ipAddrUuid = ipAddr.getUuid();
}
ex.addProxyObject(ipAddrUuid, "networkId");
throw ex;
}
}
ipToServices.put(ip, services);
// provider
if (ip.getState() == State.Allocating) {
continue;
}
// check if any active rules are applied on the public IP
Set<Purpose> purposes = getPublicIpPurposeInRules(ip, false, includingFirewall);
// Firewall rules didn't cover static NAT
if (ip.isOneToOneNat() && ip.getAssociatedWithVmId() != null) {
if (purposes == null) {
purposes = new HashSet<Purpose>();
}
purposes.add(Purpose.StaticNat);
}
if (purposes == null || purposes.isEmpty()) {
// since no active rules are there check if any rules are applied on the public IP but are in
// revoking state
purposes = getPublicIpPurposeInRules(ip, true, includingFirewall);
if (ip.isOneToOneNat()) {
if (purposes == null) {
purposes = new HashSet<Purpose>();
}
purposes.add(Purpose.StaticNat);
}
if (purposes == null || purposes.isEmpty()) {
// IP is not being used for any purpose so skip IPAssoc to network service provider
continue;
} else {
if (postApplyRules) {
// association with the provider
if (ip.isSourceNat()) {
s_logger.debug("Not releasing ip " + ip.getAddress().addr() + " as it is in use for SourceNat");
} else {
ip.setState(State.Releasing);
}
} else {
if (ip.getState() == State.Releasing) {
// rules are not revoked yet, so don't let the network service provider revoke the IP
// association
// mark IP is allocated so that IP association will not be removed from the provider
ip.setState(State.Allocated);
}
}
}
}
if (purposes.contains(Purpose.StaticNat)) {
services.add(Service.StaticNat);
}
if (purposes.contains(Purpose.LoadBalancing)) {
services.add(Service.Lb);
}
if (purposes.contains(Purpose.PortForwarding)) {
services.add(Service.PortForwarding);
}
if (purposes.contains(Purpose.Vpn)) {
services.add(Service.Vpn);
}
if (purposes.contains(Purpose.Firewall)) {
services.add(Service.Firewall);
}
if (services.isEmpty()) {
continue;
}
ipToServices.put(ip, services);
}
}
return ipToServices;
}
Also used :
Set(java.util.Set)
TreeSet(java.util.TreeSet)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
Service(com.cloud.network.Network.Service)
Purpose(com.cloud.network.rules.FirewallRule.Purpose)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
IPAddressVO(com.cloud.network.dao.IPAddressVO)
HashSet(java.util.HashSet)
Aggregations
Purpose (com.cloud.network.rules.FirewallRule.Purpose)7
HashSet (java.util.HashSet)4
FirewallRuleVO (com.cloud.network.rules.FirewallRuleVO)3
Network (com.cloud.network.Network)2
Service (com.cloud.network.Network.Service)2
IPAddressVO (com.cloud.network.dao.IPAddressVO)2
CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)2
HashMap (java.util.HashMap)2
Set (java.util.Set)2
TreeSet (java.util.TreeSet)2
Commands (com.cloud.agent.manager.Commands)1
IpAddress (com.cloud.network.IpAddress)1
PublicIp (com.cloud.network.addr.PublicIp)1
LoadBalancingServiceProvider (com.cloud.network.element.LoadBalancingServiceProvider)1
LoadBalancingRule (com.cloud.network.lb.LoadBalancingRule)1
LoadBalancingRulesService (com.cloud.network.lb.LoadBalancingRulesService)1
VirtualRouter (com.cloud.network.router.VirtualRouter)1
FirewallRule (com.cloud.network.rules.FirewallRule)1
PortForwardingRule (com.cloud.network.rules.PortForwardingRule)1
StaticNatRule (com.cloud.network.rules.StaticNatRule)1
