Example 21 with FirewallRuleVO
use of com.cloud.network.rules.FirewallRuleVO in project cloudstack by apache.
the class PaloAltoResourceTest method addEgressFirewallRule.
@Test
public void addEgressFirewallRule() throws ConfigurationException, Exception {
if (_context.containsKey("enable_console_output") && _context.get("enable_console_output").equals("true")) {
System.out.println("\nTEST: addEgressFirewallRule");
System.out.println("---------------------------------------------------");
}
_context.put("has_public_interface", "true");
_context.put("has_private_interface", "true");
_context.put("has_src_nat_rule", "true");
_context.put("has_isolation_fw_rule", "true");
_context.put("has_service_tcp_80", "true");
_resource.setMockContext(_context);
_resource.configure("PaloAltoResource", _resourceParams);
long vlanId = 3954;
List<FirewallRuleTO> rules = new ArrayList<FirewallRuleTO>();
List<String> cidrList = new ArrayList<String>();
cidrList.add("0.0.0.0/0");
FirewallRuleVO activeVO = new FirewallRuleVO(null, null, 80, 80, "tcp", 1, 1, 1, Purpose.Firewall, cidrList, null, null, null, FirewallRule.TrafficType.Egress);
FirewallRuleTO active = new FirewallRuleTO(activeVO, Long.toString(vlanId), null, Purpose.Firewall, FirewallRule.TrafficType.Egress);
rules.add(active);
SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rules);
cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "10.3.96.1/20");
Answer answer = _resource.executeRequest(cmd);
assertTrue(answer.getResult());
}
Also used :
Answer(com.cloud.agent.api.Answer)
IpAssocAnswer(com.cloud.agent.api.routing.IpAssocAnswer)
ArrayList(java.util.ArrayList)
FirewallRuleTO(com.cloud.agent.api.to.FirewallRuleTO)
SetFirewallRulesCommand(com.cloud.agent.api.routing.SetFirewallRulesCommand)
FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)
Test(org.junit.Test)
Example 22 with FirewallRuleVO
use of com.cloud.network.rules.FirewallRuleVO in project cloudstack by apache.
the class FirewallManagerImpl method applyDefaultEgressFirewallRule.
@Override
public boolean applyDefaultEgressFirewallRule(Long networkId, boolean defaultPolicy, boolean add) throws ResourceUnavailableException {
s_logger.debug("applying default firewall egress rules ");
NetworkVO network = _networkDao.findById(networkId);
List<String> sourceCidr = new ArrayList<String>();
sourceCidr.add(NetUtils.ALL_CIDRS);
FirewallRuleVO ruleVO = new FirewallRuleVO(null, null, null, null, "all", networkId, network.getAccountId(), network.getDomainId(), Purpose.Firewall, sourceCidr, null, null, null, FirewallRule.TrafficType.Egress, FirewallRuleType.System);
ruleVO.setState(add ? State.Add : State.Revoke);
List<FirewallRuleVO> rules = new ArrayList<FirewallRuleVO>();
rules.add(ruleVO);
try {
//this is not required to store in db because we don't to add this rule along with the normal rules
if (!applyRules(rules, false, false)) {
return false;
}
} catch (ResourceUnavailableException ex) {
s_logger.warn("Failed to apply default egress rules for guest network due to ", ex);
return false;
}
return true;
}
Also used :
NetworkVO(com.cloud.network.dao.NetworkVO)
ArrayList(java.util.ArrayList)
ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException)
FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)
Example 23 with FirewallRuleVO
use of com.cloud.network.rules.FirewallRuleVO in project cloudstack by apache.
the class ApiDBUtils method findJobInstanceUuid.
public static String findJobInstanceUuid(AsyncJob job) {
if (job == null) {
return null;
}
String jobInstanceId = null;
ApiCommandJobType jobInstanceType = EnumUtils.fromString(ApiCommandJobType.class, job.getInstanceType(), ApiCommandJobType.None);
if (job.getInstanceId() == null) {
// when assert is hit, implement 'getInstanceId' of BaseAsyncCmd and return appropriate instance id
assert (false);
return null;
}
if (jobInstanceType == ApiCommandJobType.Volume) {
VolumeVO volume = ApiDBUtils.findVolumeById(job.getInstanceId());
if (volume != null) {
jobInstanceId = volume.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.Template || jobInstanceType == ApiCommandJobType.Iso) {
VMTemplateVO template = ApiDBUtils.findTemplateById(job.getInstanceId());
if (template != null) {
jobInstanceId = template.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.VirtualMachine || jobInstanceType == ApiCommandJobType.ConsoleProxy || jobInstanceType == ApiCommandJobType.SystemVm || jobInstanceType == ApiCommandJobType.DomainRouter) {
VMInstanceVO vm = ApiDBUtils.findVMInstanceById(job.getInstanceId());
if (vm != null) {
jobInstanceId = vm.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.Snapshot) {
Snapshot snapshot = ApiDBUtils.findSnapshotById(job.getInstanceId());
if (snapshot != null) {
jobInstanceId = snapshot.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.Host) {
Host host = ApiDBUtils.findHostById(job.getInstanceId());
if (host != null) {
jobInstanceId = host.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.StoragePool) {
StoragePoolVO spool = ApiDBUtils.findStoragePoolById(job.getInstanceId());
if (spool != null) {
jobInstanceId = spool.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.IpAddress) {
IPAddressVO ip = ApiDBUtils.findIpAddressById(job.getInstanceId());
if (ip != null) {
jobInstanceId = ip.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.SecurityGroup) {
SecurityGroup sg = ApiDBUtils.findSecurityGroupById(job.getInstanceId());
if (sg != null) {
jobInstanceId = sg.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.PhysicalNetwork) {
PhysicalNetworkVO pnet = ApiDBUtils.findPhysicalNetworkById(job.getInstanceId());
if (pnet != null) {
jobInstanceId = pnet.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.TrafficType) {
PhysicalNetworkTrafficTypeVO trafficType = ApiDBUtils.findPhysicalNetworkTrafficTypeById(job.getInstanceId());
if (trafficType != null) {
jobInstanceId = trafficType.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.PhysicalNetworkServiceProvider) {
PhysicalNetworkServiceProvider sp = ApiDBUtils.findPhysicalNetworkServiceProviderById(job.getInstanceId());
if (sp != null) {
jobInstanceId = sp.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.FirewallRule) {
FirewallRuleVO fw = ApiDBUtils.findFirewallRuleById(job.getInstanceId());
if (fw != null) {
jobInstanceId = fw.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.Account) {
Account acct = ApiDBUtils.findAccountById(job.getInstanceId());
if (acct != null) {
jobInstanceId = acct.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.User) {
User usr = ApiDBUtils.findUserById(job.getInstanceId());
if (usr != null) {
jobInstanceId = usr.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.StaticRoute) {
StaticRouteVO route = ApiDBUtils.findStaticRouteById(job.getInstanceId());
if (route != null) {
jobInstanceId = route.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.PrivateGateway) {
VpcGatewayVO gateway = ApiDBUtils.findVpcGatewayById(job.getInstanceId());
if (gateway != null) {
jobInstanceId = gateway.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.Counter) {
CounterVO counter = ApiDBUtils.getCounter(job.getInstanceId());
if (counter != null) {
jobInstanceId = counter.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.Condition) {
ConditionVO condition = ApiDBUtils.findConditionById(job.getInstanceId());
if (condition != null) {
jobInstanceId = condition.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.AutoScalePolicy) {
AutoScalePolicyVO policy = ApiDBUtils.findAutoScalePolicyById(job.getInstanceId());
if (policy != null) {
jobInstanceId = policy.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.AutoScaleVmProfile) {
AutoScaleVmProfileVO profile = ApiDBUtils.findAutoScaleVmProfileById(job.getInstanceId());
if (profile != null) {
jobInstanceId = profile.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.AutoScaleVmGroup) {
AutoScaleVmGroupVO group = ApiDBUtils.findAutoScaleVmGroupById(job.getInstanceId());
if (group != null) {
jobInstanceId = group.getUuid();
}
} else if (jobInstanceType == ApiCommandJobType.Network) {
NetworkVO networkVO = ApiDBUtils.findNetworkById(job.getInstanceId());
if (networkVO != null) {
jobInstanceId = networkVO.getUuid();
}
} else if (jobInstanceType != ApiCommandJobType.None) {
// entity table mapping
assert (false);
}
return jobInstanceId;
}
Also used :
ProjectAccount(com.cloud.projects.ProjectAccount)
UserAccount(com.cloud.user.UserAccount)
Account(com.cloud.user.Account)
AutoScalePolicyVO(com.cloud.network.as.AutoScalePolicyVO)
VpcGatewayVO(com.cloud.network.vpc.VpcGatewayVO)
PhysicalNetworkVO(com.cloud.network.dao.PhysicalNetworkVO)
NetworkVO(com.cloud.network.dao.NetworkVO)
ApiCommandJobType(org.apache.cloudstack.api.ApiCommandJobType)
User(com.cloud.user.User)
VMTemplateVO(com.cloud.storage.VMTemplateVO)
VMInstanceVO(com.cloud.vm.VMInstanceVO)
Host(com.cloud.host.Host)
PhysicalNetworkTrafficTypeVO(com.cloud.network.dao.PhysicalNetworkTrafficTypeVO)
PhysicalNetworkServiceProvider(com.cloud.network.PhysicalNetworkServiceProvider)
StaticRouteVO(com.cloud.network.vpc.StaticRouteVO)
SecurityGroup(com.cloud.network.security.SecurityGroup)
FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)
VMSnapshot(com.cloud.vm.snapshot.VMSnapshot)
Snapshot(com.cloud.storage.Snapshot)
AutoScaleVmProfileVO(com.cloud.network.as.AutoScaleVmProfileVO)
AutoScaleVmGroupVO(com.cloud.network.as.AutoScaleVmGroupVO)
VolumeVO(com.cloud.storage.VolumeVO)
StoragePoolVO(org.apache.cloudstack.storage.datastore.db.StoragePoolVO)
PhysicalNetworkVO(com.cloud.network.dao.PhysicalNetworkVO)
ConditionVO(com.cloud.network.as.ConditionVO)
IPAddressVO(com.cloud.network.dao.IPAddressVO)
CounterVO(com.cloud.network.as.CounterVO)
Example 24 with FirewallRuleVO
use of com.cloud.network.rules.FirewallRuleVO in project cloudstack by apache.
the class ApiResponseHelper method createAutoScaleVmGroupResponse.
@Override
public AutoScaleVmGroupResponse createAutoScaleVmGroupResponse(AutoScaleVmGroup vmGroup) {
AutoScaleVmGroupResponse response = new AutoScaleVmGroupResponse();
response.setId(vmGroup.getUuid());
response.setMinMembers(vmGroup.getMinMembers());
response.setMaxMembers(vmGroup.getMaxMembers());
response.setState(vmGroup.getState());
response.setInterval(vmGroup.getInterval());
response.setForDisplay(vmGroup.isDisplay());
AutoScaleVmProfileVO profile = ApiDBUtils.findAutoScaleVmProfileById(vmGroup.getProfileId());
if (profile != null) {
response.setProfileId(profile.getUuid());
}
FirewallRuleVO fw = ApiDBUtils.findFirewallRuleById(vmGroup.getLoadBalancerId());
if (fw != null) {
response.setLoadBalancerId(fw.getUuid());
}
List<AutoScalePolicyResponse> scaleUpPoliciesResponse = new ArrayList<AutoScalePolicyResponse>();
List<AutoScalePolicyResponse> scaleDownPoliciesResponse = new ArrayList<AutoScalePolicyResponse>();
response.setScaleUpPolicies(scaleUpPoliciesResponse);
response.setScaleDownPolicies(scaleDownPoliciesResponse);
response.setObjectName("autoscalevmgroup");
// Fetch policies for vmgroup
List<AutoScalePolicy> scaleUpPolicies = new ArrayList<AutoScalePolicy>();
List<AutoScalePolicy> scaleDownPolicies = new ArrayList<AutoScalePolicy>();
ApiDBUtils.getAutoScaleVmGroupPolicies(vmGroup.getId(), scaleUpPolicies, scaleDownPolicies);
// populate policies
for (AutoScalePolicy autoScalePolicy : scaleUpPolicies) {
scaleUpPoliciesResponse.add(createAutoScalePolicyResponse(autoScalePolicy));
}
for (AutoScalePolicy autoScalePolicy : scaleDownPolicies) {
scaleDownPoliciesResponse.add(createAutoScalePolicyResponse(autoScalePolicy));
}
return response;
}
Also used :
AutoScaleVmProfileVO(com.cloud.network.as.AutoScaleVmProfileVO)
AutoScalePolicyResponse(org.apache.cloudstack.api.response.AutoScalePolicyResponse)
AutoScalePolicy(com.cloud.network.as.AutoScalePolicy)
ArrayList(java.util.ArrayList)
AutoScaleVmGroupResponse(org.apache.cloudstack.api.response.AutoScaleVmGroupResponse)
FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)
Example 25 with FirewallRuleVO
use of com.cloud.network.rules.FirewallRuleVO in project cloudstack by apache.
the class LoadBalancingRulesManagerImpl method deleteLoadBalancerRule.
@DB
public boolean deleteLoadBalancerRule(final long loadBalancerId, boolean apply, Account caller, long callerUserId, boolean rollBack) {
final LoadBalancerVO lb = _lbDao.findById(loadBalancerId);
FirewallRule.State backupState = lb.getState();
// remove any ssl certs associated with this LB rule before trying to delete it.
LoadBalancerCertMapVO lbCertMap = _lbCertMapDao.findByLbRuleId(loadBalancerId);
if (lbCertMap != null) {
boolean removeResult = removeCertFromLoadBalancer(loadBalancerId);
if (!removeResult) {
throw new CloudRuntimeException("Unable to remove certificate from load balancer rule " + loadBalancerId);
}
}
List<LoadBalancerVMMapVO> backupMaps = Transaction.execute(new TransactionCallback<List<LoadBalancerVMMapVO>>() {
@Override
public List<LoadBalancerVMMapVO> doInTransaction(TransactionStatus status) {
boolean generateUsageEvent = false;
if (lb.getState() == FirewallRule.State.Staged) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Found a rule that is still in stage state so just removing it: " + lb);
}
generateUsageEvent = true;
} else if (lb.getState() == FirewallRule.State.Add || lb.getState() == FirewallRule.State.Active) {
lb.setState(FirewallRule.State.Revoke);
_lbDao.persist(lb);
generateUsageEvent = true;
}
List<LoadBalancerVMMapVO> backupMaps = _lb2VmMapDao.listByLoadBalancerId(loadBalancerId);
List<LoadBalancerVMMapVO> maps = _lb2VmMapDao.listByLoadBalancerId(loadBalancerId);
if (maps != null) {
for (LoadBalancerVMMapVO map : maps) {
map.setRevoke(true);
_lb2VmMapDao.persist(map);
s_logger.debug("Set load balancer rule for revoke: rule id " + loadBalancerId + ", vmId " + map.getInstanceId());
}
}
List<LBHealthCheckPolicyVO> hcPolicies = _lb2healthcheckDao.listByLoadBalancerIdAndDisplayFlag(loadBalancerId, null);
for (LBHealthCheckPolicyVO lbHealthCheck : hcPolicies) {
lbHealthCheck.setRevoke(true);
_lb2healthcheckDao.persist(lbHealthCheck);
}
if (generateUsageEvent) {
// Generate usage event right after all rules were marked for revoke
Network network = _networkModel.getNetwork(lb.getNetworkId());
UsageEventUtils.publishUsageEvent(EventTypes.EVENT_LOAD_BALANCER_DELETE, lb.getAccountId(), network.getDataCenterId(), lb.getId(), null, LoadBalancingRule.class.getName(), lb.getUuid());
}
return backupMaps;
}
});
// gather external network usage stats for this lb rule
NetworkVO network = _networkDao.findById(lb.getNetworkId());
if (network != null) {
if (_networkModel.networkIsConfiguredForExternalNetworking(network.getDataCenterId(), network.getId())) {
_externalDeviceUsageMgr.updateExternalLoadBalancerNetworkUsageStats(loadBalancerId);
}
}
if (apply) {
try {
if (!applyLoadBalancerConfig(loadBalancerId)) {
s_logger.warn("Unable to apply the load balancer config");
return false;
}
} catch (ResourceUnavailableException e) {
if (rollBack && isRollBackAllowedForProvider(lb)) {
if (backupMaps != null) {
for (LoadBalancerVMMapVO map : backupMaps) {
_lb2VmMapDao.persist(map);
s_logger.debug("LB Rollback rule id: " + loadBalancerId + ", vmId " + map.getInstanceId());
}
}
lb.setState(backupState);
_lbDao.persist(lb);
s_logger.debug("LB Rollback rule id: " + loadBalancerId + " while deleting LB rule.");
} else {
s_logger.warn("Unable to apply the load balancer config because resource is unavaliable.", e);
}
return false;
}
}
FirewallRuleVO relatedRule = _firewallDao.findByRelatedId(lb.getId());
if (relatedRule != null) {
s_logger.warn("Unable to remove firewall rule id=" + lb.getId() + " as it has related firewall rule id=" + relatedRule.getId() + "; leaving it in Revoke state");
return false;
} else {
_firewallMgr.removeRule(lb);
}
// FIXME: breaking the dependency on ELB manager. This breaks
// functionality of ELB using virtual router
// Bug CS-15411 opened to document this
// _elbMgr.handleDeleteLoadBalancerRule(lb, callerUserId, caller);
s_logger.debug("Load balancer with id " + lb.getId() + " is removed successfully");
return true;
}
Also used :
NetworkVO(com.cloud.network.dao.NetworkVO)
LoadBalancerVO(com.cloud.network.dao.LoadBalancerVO)
LoadBalancerCertMapVO(com.cloud.network.dao.LoadBalancerCertMapVO)
TransactionStatus(com.cloud.utils.db.TransactionStatus)
LBHealthCheckPolicyVO(com.cloud.network.LBHealthCheckPolicyVO)
FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
Network(com.cloud.network.Network)
ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException)
ArrayList(java.util.ArrayList)
List(java.util.List)
LoadBalancerVMMapVO(com.cloud.network.dao.LoadBalancerVMMapVO)
FirewallRule(com.cloud.network.rules.FirewallRule)
DB(com.cloud.utils.db.DB)
Aggregations
FirewallRuleVO (com.cloud.network.rules.FirewallRuleVO)32
ArrayList (java.util.ArrayList)18
InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)9
ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)8
IPAddressVO (com.cloud.network.dao.IPAddressVO)8
FirewallRule (com.cloud.network.rules.FirewallRule)8
DB (com.cloud.utils.db.DB)7
List (java.util.List)7
ActionEvent (com.cloud.event.ActionEvent)6
Network (com.cloud.network.Network)6
NetworkVO (com.cloud.network.dao.NetworkVO)6
Test (org.junit.Test)6
Account (com.cloud.user.Account)5
TransactionStatus (com.cloud.utils.db.TransactionStatus)5
CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)5
HashSet (java.util.HashSet)5
DataCenter (com.cloud.dc.DataCenter)4
NetworkRuleConflictException (com.cloud.exception.NetworkRuleConflictException)4
PortForwardingRuleVO (com.cloud.network.rules.PortForwardingRuleVO)4
PhysicalNetwork (com.cloud.network.PhysicalNetwork)3
