use of com.cloud.network.vpc.NetworkACLVO in project cloudstack by apache.
the class ServerDBSyncImpl method createVirtualNetwork.
public void createVirtualNetwork(NetworkVO dbNet, StringBuffer syncLogMesg) throws IOException {
syncLogMesg.append("VN# DB: " + _manager.getCanonicalName(dbNet) + "(" + dbNet.getUuid() + "); VNC: none; action: create\n");
if (_manager.getDatabase().lookupVirtualNetwork(dbNet.getUuid(), _manager.getCanonicalName(dbNet), dbNet.getTrafficType()) != null) {
s_logger.warn("VN model object is already present in DB: " + dbNet.getUuid() + ", name: " + dbNet.getName());
}
VirtualNetworkModel vnModel = new VirtualNetworkModel(dbNet, dbNet.getUuid(), _manager.getCanonicalName(dbNet), dbNet.getTrafficType());
if (dbNet.getTrafficType() == TrafficType.Guest && dbNet.getNetworkACLId() != null) {
NetworkACLVO acl = _networkACLDao.findById(dbNet.getNetworkACLId());
NetworkPolicyModel policyModel = _manager.getDatabase().lookupNetworkPolicy(acl.getUuid());
if (policyModel == null) {
s_logger.error("Network(" + dbNet.getName() + ") has ACL but policy model not created: " + acl.getUuid() + ", name: " + acl.getName());
} else {
vnModel.addToNetworkPolicy(policyModel);
}
}
vnModel.build(_manager.getModelController(), dbNet);
if (_rwMode) {
try {
if (!vnModel.verify(_manager.getModelController())) {
vnModel.update(_manager.getModelController());
}
} catch (InternalErrorException ex) {
s_logger.warn("create virtual-network", ex);
syncLogMesg.append("Error: VN# VNC : Unable to create network " + dbNet.getName() + "\n");
return;
}
s_logger.debug("add model " + vnModel.getName());
_manager.getDatabase().getVirtualNetworks().add(vnModel);
syncLogMesg.append("VN# VNC: " + dbNet.getUuid() + ", " + vnModel.getName() + " created\n");
} else {
syncLogMesg.append("VN# VNC: " + vnModel.getName() + " created \n");
}
}
use of com.cloud.network.vpc.NetworkACLVO in project cloudstack by apache.
the class ContrailVpcElementImpl method applyNetworkACLs.
@Override
public boolean applyNetworkACLs(Network net, List<? extends NetworkACLItem> rules) throws ResourceUnavailableException {
s_logger.debug("NetworkElement applyNetworkACLs");
if (rules == null || rules.isEmpty()) {
s_logger.debug("no rules to apply");
return true;
}
Long aclId = rules.get(0).getAclId();
NetworkACLVO acl = _networkACLDao.findById(aclId);
NetworkPolicyModel policyModel = _manager.getDatabase().lookupNetworkPolicy(acl.getUuid());
if (policyModel == null) {
/*
* For the first time, when a CS ACL applied to a network, create a network-policy in VNC
* and when there are no networks associated to CS ACL, delete it from VNC.
*/
policyModel = new NetworkPolicyModel(acl.getUuid(), acl.getName());
net.juniper.contrail.api.types.Project project;
try {
project = _manager.getVncProject(net.getDomainId(), net.getAccountId());
if (project == null) {
project = _manager.getDefaultVncProject();
}
} catch (IOException ex) {
s_logger.warn("read project", ex);
return false;
}
policyModel.setProject(project);
}
VirtualNetworkModel vnModel = _manager.getDatabase().lookupVirtualNetwork(net.getUuid(), _manager.getCanonicalName(net), net.getTrafficType());
NetworkPolicyModel oldPolicyModel = null;
/* this method is called when network is destroyed too, hence vn model might have been deleted already */
if (vnModel != null) {
oldPolicyModel = vnModel.getNetworkPolicyModel();
vnModel.addToNetworkPolicy(policyModel);
}
try {
policyModel.build(_manager.getModelController(), rules);
} catch (Exception e) {
s_logger.error(e);
e.printStackTrace();
return false;
}
try {
if (!policyModel.verify(_manager.getModelController())) {
policyModel.update(_manager.getModelController());
}
_manager.getDatabase().getNetworkPolicys().add(policyModel);
} catch (Exception ex) {
s_logger.error("network-policy update: ", ex);
ex.printStackTrace();
return false;
}
if (!policyModel.hasPolicyRules()) {
try {
policyModel.delete(_manager.getModelController());
_manager.getDatabase().getNetworkPolicys().remove(policyModel);
} catch (IOException e) {
e.printStackTrace();
return false;
}
}
/*
* if no other VNs are associated with the old policy,
* we could delete it from the Contrail VNC
*/
if (policyModel != oldPolicyModel && oldPolicyModel != null && !oldPolicyModel.hasDescendents()) {
try {
oldPolicyModel.delete(_manager.getModelController());
_manager.getDatabase().getNetworkPolicys().remove(oldPolicyModel);
} catch (IOException e) {
e.printStackTrace();
return false;
}
}
return true;
}
use of com.cloud.network.vpc.NetworkACLVO in project cloudstack by apache.
the class NetworkACLServiceTest method setUp.
@Override
@Before
public void setUp() {
ComponentContext.initComponentsLifeCycle();
Account account = new AccountVO("testaccount", 1, "testdomain", (short) 0, UUID.randomUUID().toString());
UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone", UUID.randomUUID().toString(), User.Source.UNKNOWN);
CallContext.register(user, account);
createACLItemCmd = new CreateNetworkACLCmd() {
@Override
public Long getACLId() {
return 3L;
}
@Override
public Integer getNumber() {
return 1;
}
@Override
public String getProtocol() {
return "TCP";
}
};
acl = new NetworkACLVO() {
@Override
public Long getVpcId() {
return 1L;
}
@Override
public long getId() {
return 1L;
}
};
aclItem = new NetworkACLItemVO() {
@Override
public long getAclId() {
return 4L;
}
};
}
use of com.cloud.network.vpc.NetworkACLVO in project cloudstack by apache.
the class OvsTunnelManagerImpl method prepareVpcRoutingPolicyUpdate.
private OvsVpcRoutingPolicyConfigCommand prepareVpcRoutingPolicyUpdate(long vpcId) {
List<OvsVpcRoutingPolicyConfigCommand.Acl> acls = new ArrayList<>();
List<OvsVpcRoutingPolicyConfigCommand.Tier> tiers = new ArrayList<>();
VpcVO vpc = _vpcDao.findById(vpcId);
List<? extends Network> vpcNetworks = _vpcMgr.getVpcNetworks(vpcId);
assert (vpc != null && (vpcNetworks != null && !vpcNetworks.isEmpty())) : "invalid vpc id";
for (Network network : vpcNetworks) {
Long networkAclId = network.getNetworkACLId();
if (networkAclId == null)
continue;
NetworkACLVO networkAcl = _networkACLDao.findById(networkAclId);
List<OvsVpcRoutingPolicyConfigCommand.AclItem> aclItems = new ArrayList<>();
List<NetworkACLItemVO> aclItemVos = _networkACLItemDao.listByACL(networkAclId);
for (NetworkACLItemVO aclItem : aclItemVos) {
String[] sourceCidrs = aclItem.getSourceCidrList().toArray(new String[aclItem.getSourceCidrList().size()]);
aclItems.add(new OvsVpcRoutingPolicyConfigCommand.AclItem(aclItem.getNumber(), aclItem.getUuid(), aclItem.getAction().name(), aclItem.getTrafficType().name(), ((aclItem.getSourcePortStart() != null) ? aclItem.getSourcePortStart().toString() : null), ((aclItem.getSourcePortEnd() != null) ? aclItem.getSourcePortEnd().toString() : null), aclItem.getProtocol(), sourceCidrs));
}
OvsVpcRoutingPolicyConfigCommand.Acl acl = new OvsVpcRoutingPolicyConfigCommand.Acl(networkAcl.getUuid(), aclItems.toArray(new OvsVpcRoutingPolicyConfigCommand.AclItem[aclItems.size()]));
acls.add(acl);
OvsVpcRoutingPolicyConfigCommand.Tier tier = new OvsVpcRoutingPolicyConfigCommand.Tier(network.getUuid(), network.getCidr(), networkAcl.getUuid());
tiers.add(tier);
}
OvsVpcRoutingPolicyConfigCommand cmd = new OvsVpcRoutingPolicyConfigCommand(vpc.getUuid(), vpc.getCidr(), acls.toArray(new OvsVpcRoutingPolicyConfigCommand.Acl[acls.size()]), tiers.toArray(new OvsVpcRoutingPolicyConfigCommand.Tier[tiers.size()]));
return cmd;
}
use of com.cloud.network.vpc.NetworkACLVO in project cloudstack by apache.
the class ServerDBSyncImpl method equalVirtualNetwork.
public Boolean equalVirtualNetwork(NetworkVO dbn, VirtualNetwork vnet, StringBuffer syncLogMesg) {
syncLogMesg.append("VN# DB: " + _manager.getCanonicalName(dbn) + "; VNC: " + vnet.getName() + "; action: equal\n");
VirtualNetworkModel current = _manager.getDatabase().lookupVirtualNetwork(vnet.getUuid(), _manager.getCanonicalName(dbn), dbn.getTrafficType());
VirtualNetworkModel vnModel = new VirtualNetworkModel(dbn, vnet.getUuid(), _manager.getCanonicalName(dbn), dbn.getTrafficType());
if (dbn.getTrafficType() == TrafficType.Guest && dbn.getNetworkACLId() != null) {
NetworkACLVO acl = _networkACLDao.findById(dbn.getNetworkACLId());
NetworkPolicyModel policyModel = _manager.getDatabase().lookupNetworkPolicy(acl.getUuid());
if (policyModel == null) {
s_logger.error("Network(" + dbn.getName() + ") has ACL but policy model not created: " + acl.getUuid() + ", name: " + acl.getName());
} else {
vnModel.addToNetworkPolicy(policyModel);
}
}
vnModel.build(_manager.getModelController(), dbn);
if (_rwMode) {
if (current != null) {
FloatingIpPoolModel fipPoolModel = current.getFipPoolModel();
if (fipPoolModel != null) {
vnModel.setFipPoolModel(fipPoolModel);
fipPoolModel.addToVirtualNetwork(vnModel);
}
_manager.getDatabase().getVirtualNetworks().remove(current);
}
s_logger.debug("add model " + vnModel.getName());
_manager.getDatabase().getVirtualNetworks().add(vnModel);
try {
if (!vnModel.verify(_manager.getModelController())) {
vnModel.update(_manager.getModelController());
}
} catch (Exception ex) {
s_logger.warn("update virtual-network", ex);
}
if (current != null) {
NetworkPolicyModel oldPolicyModel = current.getNetworkPolicyModel();
if (oldPolicyModel != vnModel.getNetworkPolicyModel()) {
/*
* if no other VNs are associated with the old policy,
* we could delete it from the Contrail VNC
*/
if (oldPolicyModel != null && !oldPolicyModel.hasDescendents()) {
try {
oldPolicyModel.delete(_manager.getModelController());
_manager.getDatabase().getNetworkPolicys().remove(oldPolicyModel);
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
} else {
//compare
if (current != null && current.compare(_manager.getModelController(), vnModel) == false) {
syncLogMesg.append("VN# DB: " + _manager.getCanonicalName(dbn) + "; VNC: " + vnet.getName() + "; attributes differ\n");
return false;
}
}
return true;
}
Aggregations