Example 6 with StaticNatRule
use of com.cloud.network.rules.StaticNatRule in project cloudstack by apache.
the class ListIpForwardingRulesCmd method execute.
@Override
public void execute() {
Pair<List<? extends FirewallRule>, Integer> result = _rulesService.searchStaticNatRules(publicIpAddressId, id, vmId, this.getStartIndex(), this.getPageSizeVal(), this.getAccountName(), this.getDomainId(), this.getProjectId(), this.isRecursive(), this.listAll());
ListResponse<IpForwardingRuleResponse> response = new ListResponse<IpForwardingRuleResponse>();
List<IpForwardingRuleResponse> ipForwardingResponses = new ArrayList<IpForwardingRuleResponse>();
for (FirewallRule rule : result.first()) {
StaticNatRule staticNatRule = _rulesService.buildStaticNatRule(rule, false);
IpForwardingRuleResponse resp = _responseGenerator.createIpForwardingRuleResponse(staticNatRule);
if (resp != null) {
ipForwardingResponses.add(resp);
}
}
response.setResponses(ipForwardingResponses, result.second());
response.setResponseName(getCommandName());
this.setResponseObject(response);
}
Also used :
ListResponse(org.apache.cloudstack.api.response.ListResponse)
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
StaticNatRule(com.cloud.network.rules.StaticNatRule)
FirewallRule(com.cloud.network.rules.FirewallRule)
IpForwardingRuleResponse(org.apache.cloudstack.api.response.IpForwardingRuleResponse)
Example 7 with StaticNatRule
use of com.cloud.network.rules.StaticNatRule in project CloudStack-archive by CloudStack-extras.
the class ListIpForwardingRulesCmd method execute.
@Override
public void execute() {
List<? extends FirewallRule> result = _rulesService.searchStaticNatRules(publicIpAddressId, id, vmId, this.getStartIndex(), this.getPageSizeVal(), this.getAccountName(), this.getDomainId(), this.getProjectId(), this.isRecursive(), this.listAll());
ListResponse<IpForwardingRuleResponse> response = new ListResponse<IpForwardingRuleResponse>();
List<IpForwardingRuleResponse> ipForwardingResponses = new ArrayList<IpForwardingRuleResponse>();
for (FirewallRule rule : result) {
StaticNatRule staticNatRule = _rulesService.buildStaticNatRule(rule, false);
IpForwardingRuleResponse resp = _responseGenerator.createIpForwardingRuleResponse(staticNatRule);
if (resp != null) {
ipForwardingResponses.add(resp);
}
}
response.setResponses(ipForwardingResponses);
response.setResponseName(getCommandName());
this.setResponseObject(response);
}
Also used :
ListResponse(com.cloud.api.response.ListResponse)
ArrayList(java.util.ArrayList)
StaticNatRule(com.cloud.network.rules.StaticNatRule)
FirewallRule(com.cloud.network.rules.FirewallRule)
IpForwardingRuleResponse(com.cloud.api.response.IpForwardingRuleResponse)
Example 8 with StaticNatRule
use of com.cloud.network.rules.StaticNatRule in project cloudstack by apache.
the class CommandSetupHelper method createApplyStaticNatRulesCommands.
public void createApplyStaticNatRulesCommands(final List<? extends StaticNatRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
final List<StaticNatRuleTO> rulesTO = new ArrayList<StaticNatRuleTO>();
if (rules != null) {
for (final StaticNatRule rule : rules) {
final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
final StaticNatRuleTO ruleTO = new StaticNatRuleTO(rule, null, sourceIp.getAddress().addr(), rule.getDestIpAddress());
rulesTO.add(ruleTO);
}
}
final SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rulesTO, router.getVpcId());
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(guestNetworkId, router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
final DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId());
cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString());
cmds.addCommand(cmd);
}
Also used :
StaticNatRuleTO(com.cloud.agent.api.to.StaticNatRuleTO)
DataCenterVO(com.cloud.dc.DataCenterVO)
SetStaticNatRulesCommand(com.cloud.agent.api.routing.SetStaticNatRulesCommand)
ArrayList(java.util.ArrayList)
PrivateIpAddress(com.cloud.network.vpc.PrivateIpAddress)
IpAddress(com.cloud.network.IpAddress)
PublicIpAddress(com.cloud.network.PublicIpAddress)
StaticNatRule(com.cloud.network.rules.StaticNatRule)
Example 9 with StaticNatRule
use of com.cloud.network.rules.StaticNatRule in project cloudstack by apache.
the class BasicNetworkVisitor method visit.
@SuppressWarnings("unchecked")
@Override
public boolean visit(final FirewallRules firewall) throws ResourceUnavailableException {
final Network network = firewall.getNetwork();
final VirtualRouter router = firewall.getRouter();
final List<? extends FirewallRule> rules = firewall.getRules();
final List<LoadBalancingRule> loadbalancingRules = firewall.getLoadbalancingRules();
final Purpose purpose = firewall.getPurpose();
final Commands cmds = new Commands(Command.OnError.Continue);
if (purpose == Purpose.LoadBalancing) {
_commandSetupHelper.createApplyLoadBalancingRulesCommands(loadbalancingRules, router, cmds, network.getId());
return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
} else if (purpose == Purpose.PortForwarding) {
_commandSetupHelper.createApplyPortForwardingRulesCommands((List<? extends PortForwardingRule>) rules, router, cmds, network.getId());
return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
} else if (purpose == Purpose.StaticNat) {
_commandSetupHelper.createApplyStaticNatRulesCommands((List<StaticNatRule>) rules, router, cmds, network.getId());
return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
} else if (purpose == Purpose.Firewall) {
_commandSetupHelper.createApplyFirewallRulesCommands(rules, router, cmds, network.getId());
return _networkGeneralHelper.sendCommandsToRouter(router, cmds);
}
s_logger.warn("Unable to apply rules of purpose: " + rules.get(0).getPurpose());
return false;
}
Also used :
LoadBalancingRule(com.cloud.network.lb.LoadBalancingRule)
Network(com.cloud.network.Network)
Commands(com.cloud.agent.manager.Commands)
Purpose(com.cloud.network.rules.FirewallRule.Purpose)
List(java.util.List)
ArrayList(java.util.ArrayList)
StaticNatRule(com.cloud.network.rules.StaticNatRule)
PortForwardingRule(com.cloud.network.rules.PortForwardingRule)
VirtualRouter(com.cloud.network.router.VirtualRouter)
Example 10 with StaticNatRule
use of com.cloud.network.rules.StaticNatRule in project cloudstack by apache.
the class NetworkOrchestrator method shutdownNetworkResources.
private boolean shutdownNetworkResources(final long networkId, final Account caller, final long callerUserId) {
// This method cleans up network rules on the backend w/o touching them in the DB
boolean success = true;
final Network network = _networksDao.findById(networkId);
// Mark all PF rules as revoked and apply them on the backend (not in the DB)
final List<PortForwardingRuleVO> pfRules = _portForwardingRulesDao.listByNetwork(networkId);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Releasing " + pfRules.size() + " port forwarding rules for network id=" + networkId + " as a part of shutdownNetworkRules");
}
for (final PortForwardingRuleVO pfRule : pfRules) {
s_logger.trace("Marking pf rule " + pfRule + " with Revoke state");
pfRule.setState(FirewallRule.State.Revoke);
}
try {
if (!_firewallMgr.applyRules(pfRules, true, false)) {
s_logger.warn("Failed to cleanup pf rules as a part of shutdownNetworkRules");
success = false;
}
} catch (final ResourceUnavailableException ex) {
s_logger.warn("Failed to cleanup pf rules as a part of shutdownNetworkRules due to ", ex);
success = false;
}
// Mark all static rules as revoked and apply them on the backend (not in the DB)
final List<FirewallRuleVO> firewallStaticNatRules = _firewallDao.listByNetworkAndPurpose(networkId, Purpose.StaticNat);
final List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>();
if (s_logger.isDebugEnabled()) {
s_logger.debug("Releasing " + firewallStaticNatRules.size() + " static nat rules for network id=" + networkId + " as a part of shutdownNetworkRules");
}
for (final FirewallRuleVO firewallStaticNatRule : firewallStaticNatRules) {
s_logger.trace("Marking static nat rule " + firewallStaticNatRule + " with Revoke state");
final IpAddress ip = _ipAddressDao.findById(firewallStaticNatRule.getSourceIpAddressId());
final FirewallRuleVO ruleVO = _firewallDao.findById(firewallStaticNatRule.getId());
if (ip == null || !ip.isOneToOneNat() || ip.getAssociatedWithVmId() == null) {
throw new InvalidParameterValueException("Source ip address of the rule id=" + firewallStaticNatRule.getId() + " is not static nat enabled");
}
//String dstIp = _networkModel.getIpInNetwork(ip.getAssociatedWithVmId(), firewallStaticNatRule.getNetworkId());
ruleVO.setState(FirewallRule.State.Revoke);
staticNatRules.add(new StaticNatRuleImpl(ruleVO, ip.getVmIp()));
}
try {
if (!_firewallMgr.applyRules(staticNatRules, true, false)) {
s_logger.warn("Failed to cleanup static nat rules as a part of shutdownNetworkRules");
success = false;
}
} catch (final ResourceUnavailableException ex) {
s_logger.warn("Failed to cleanup static nat rules as a part of shutdownNetworkRules due to ", ex);
success = false;
}
try {
if (!_lbMgr.revokeLoadBalancersForNetwork(networkId, Scheme.Public)) {
s_logger.warn("Failed to cleanup public lb rules as a part of shutdownNetworkRules");
success = false;
}
} catch (final ResourceUnavailableException ex) {
s_logger.warn("Failed to cleanup public lb rules as a part of shutdownNetworkRules due to ", ex);
success = false;
}
try {
if (!_lbMgr.revokeLoadBalancersForNetwork(networkId, Scheme.Internal)) {
s_logger.warn("Failed to cleanup internal lb rules as a part of shutdownNetworkRules");
success = false;
}
} catch (final ResourceUnavailableException ex) {
s_logger.warn("Failed to cleanup public lb rules as a part of shutdownNetworkRules due to ", ex);
success = false;
}
// revoke all firewall rules for the network w/o applying them on the DB
final List<FirewallRuleVO> firewallRules = _firewallDao.listByNetworkPurposeTrafficType(networkId, Purpose.Firewall, FirewallRule.TrafficType.Ingress);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Releasing " + firewallRules.size() + " firewall ingress rules for network id=" + networkId + " as a part of shutdownNetworkRules");
}
for (final FirewallRuleVO firewallRule : firewallRules) {
s_logger.trace("Marking firewall ingress rule " + firewallRule + " with Revoke state");
firewallRule.setState(FirewallRule.State.Revoke);
}
try {
if (!_firewallMgr.applyRules(firewallRules, true, false)) {
s_logger.warn("Failed to cleanup firewall ingress rules as a part of shutdownNetworkRules");
success = false;
}
} catch (final ResourceUnavailableException ex) {
s_logger.warn("Failed to cleanup firewall ingress rules as a part of shutdownNetworkRules due to ", ex);
success = false;
}
final List<FirewallRuleVO> firewallEgressRules = _firewallDao.listByNetworkPurposeTrafficType(networkId, Purpose.Firewall, FirewallRule.TrafficType.Egress);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Releasing " + firewallEgressRules.size() + " firewall egress rules for network id=" + networkId + " as a part of shutdownNetworkRules");
}
try {
// delete default egress rule
final DataCenter zone = _dcDao.findById(network.getDataCenterId());
if (_networkModel.areServicesSupportedInNetwork(network.getId(), Service.Firewall) && (network.getGuestType() == Network.GuestType.Isolated || network.getGuestType() == Network.GuestType.Shared && zone.getNetworkType() == NetworkType.Advanced)) {
// add default egress rule to accept the traffic
_firewallMgr.applyDefaultEgressFirewallRule(network.getId(), _networkModel.getNetworkEgressDefaultPolicy(networkId), false);
}
} catch (final ResourceUnavailableException ex) {
s_logger.warn("Failed to cleanup firewall default egress rule as a part of shutdownNetworkRules due to ", ex);
success = false;
}
for (final FirewallRuleVO firewallRule : firewallEgressRules) {
s_logger.trace("Marking firewall egress rule " + firewallRule + " with Revoke state");
firewallRule.setState(FirewallRule.State.Revoke);
}
try {
if (!_firewallMgr.applyRules(firewallEgressRules, true, false)) {
s_logger.warn("Failed to cleanup firewall egress rules as a part of shutdownNetworkRules");
success = false;
}
} catch (final ResourceUnavailableException ex) {
s_logger.warn("Failed to cleanup firewall egress rules as a part of shutdownNetworkRules due to ", ex);
success = false;
}
if (network.getVpcId() != null) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Releasing Network ACL Items for network id=" + networkId + " as a part of shutdownNetworkRules");
}
try {
//revoke all Network ACLs for the network w/o applying them in the DB
if (!_networkACLMgr.revokeACLItemsForNetwork(networkId)) {
s_logger.warn("Failed to cleanup network ACLs as a part of shutdownNetworkRules");
success = false;
}
} catch (final ResourceUnavailableException ex) {
s_logger.warn("Failed to cleanup network ACLs as a part of shutdownNetworkRules due to ", ex);
success = false;
}
}
//release all static nats for the network
if (!_rulesMgr.applyStaticNatForNetwork(networkId, false, caller, true)) {
s_logger.warn("Failed to disable static nats as part of shutdownNetworkRules for network id " + networkId);
success = false;
}
// Get all ip addresses, mark as releasing and release them on the backend
final List<IPAddressVO> userIps = _ipAddressDao.listByAssociatedNetwork(networkId, null);
final List<PublicIp> publicIpsToRelease = new ArrayList<PublicIp>();
if (userIps != null && !userIps.isEmpty()) {
for (final IPAddressVO userIp : userIps) {
userIp.setState(IpAddress.State.Releasing);
final PublicIp publicIp = PublicIp.createFromAddrAndVlan(userIp, _vlanDao.findById(userIp.getVlanId()));
publicIpsToRelease.add(publicIp);
}
}
try {
if (!_ipAddrMgr.applyIpAssociations(network, true, true, publicIpsToRelease)) {
s_logger.warn("Unable to apply ip address associations for " + network + " as a part of shutdownNetworkRules");
success = false;
}
} catch (final ResourceUnavailableException e) {
throw new CloudRuntimeException("We should never get to here because we used true when applyIpAssociations", e);
}
return success;
}
Also used :
PortForwardingRuleVO(com.cloud.network.rules.PortForwardingRuleVO)
PublicIp(com.cloud.network.addr.PublicIp)
ArrayList(java.util.ArrayList)
StaticNatRule(com.cloud.network.rules.StaticNatRule)
FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)
DataCenter(com.cloud.dc.DataCenter)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
StaticNatRuleImpl(com.cloud.network.rules.StaticNatRuleImpl)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
Network(com.cloud.network.Network)
PhysicalNetwork(com.cloud.network.PhysicalNetwork)
ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException)
IpAddress(com.cloud.network.IpAddress)
IPAddressVO(com.cloud.network.dao.IPAddressVO)
Aggregations
StaticNatRule (com.cloud.network.rules.StaticNatRule)10
ArrayList (java.util.ArrayList)6
FirewallRule (com.cloud.network.rules.FirewallRule)5
InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)3
Network (com.cloud.network.Network)3
ServerApiException (com.cloud.api.ServerApiException)2
IpForwardingRuleResponse (com.cloud.api.response.IpForwardingRuleResponse)2
NetworkRuleConflictException (com.cloud.exception.NetworkRuleConflictException)2
IpAddress (com.cloud.network.IpAddress)2
PublicIpAddress (com.cloud.network.PublicIpAddress)2
PublicIp (com.cloud.network.addr.PublicIp)2
LoadBalancingRule (com.cloud.network.lb.LoadBalancingRule)2
PortForwardingRule (com.cloud.network.rules.PortForwardingRule)2
List (java.util.List)2
ServerApiException (org.apache.cloudstack.api.ServerApiException)2
IpForwardingRuleResponse (org.apache.cloudstack.api.response.IpForwardingRuleResponse)2
IpAliasTO (com.cloud.agent.api.routing.IpAliasTO)1
SetStaticNatRulesCommand (com.cloud.agent.api.routing.SetStaticNatRulesCommand)1
StaticNatRuleTO (com.cloud.agent.api.to.StaticNatRuleTO)1
Commands (com.cloud.agent.manager.Commands)1
