use of com.cloud.utils.exception.ExecutionException in project cloudstack by apache.
the class CiscoVnmcResource method execute.
private Answer execute(SetPortForwardingRulesCommand cmd, int numRetries) {
String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
String tenant = "vlan-" + vlanId;
PortForwardingRuleTO[] rules = cmd.getRules();
Map<String, List<PortForwardingRuleTO>> publicIpRulesMap = new HashMap<String, List<PortForwardingRuleTO>>();
for (PortForwardingRuleTO rule : rules) {
String publicIp = rule.getSrcIp();
if (!publicIpRulesMap.containsKey(publicIp)) {
List<PortForwardingRuleTO> publicIpRulesList = new ArrayList<PortForwardingRuleTO>();
publicIpRulesMap.put(publicIp, publicIpRulesList);
}
publicIpRulesMap.get(publicIp).add(rule);
}
try {
if (!_connection.createTenantVDCNatPolicySet(tenant)) {
throw new ExecutionException("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicySet(tenant, true)) {
throw new ExecutionException("Failed to create ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicySet(tenant, false)) {
throw new ExecutionException("Failed to create ACL egress policy set in VNMC for guest network with vlan " + vlanId);
}
for (String publicIp : publicIpRulesMap.keySet()) {
String policyIdentifier = publicIp.replace('.', '-');
if (!_connection.createTenantVDCPFPolicy(tenant, policyIdentifier)) {
throw new ExecutionException("Failed to create PF policy in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCPFPolicyRef(tenant, policyIdentifier)) {
throw new ExecutionException("Failed to associate PF policy with NAT policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
throw new ExecutionException("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) {
throw new ExecutionException("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) {
throw new ExecutionException("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId);
}
for (PortForwardingRuleTO rule : publicIpRulesMap.get(publicIp)) {
if (rule.revoked()) {
if (!_connection.deleteTenantVDCPFRule(tenant, rule.getId(), policyIdentifier)) {
throw new ExecutionException("Failed to delete PF rule in VNMC for guest network with vlan " + vlanId);
}
} else {
if (!_connection.createTenantVDCPFIpPool(tenant, Long.toString(rule.getId()), rule.getDstIp())) {
throw new ExecutionException("Failed to create PF ip pool in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCPFPortPool(tenant, Long.toString(rule.getId()), Integer.toString(rule.getDstPortRange()[0]), Integer.toString(rule.getDstPortRange()[1]))) {
throw new ExecutionException("Failed to create PF port pool in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCPFRule(tenant, rule.getId(), policyIdentifier, rule.getProtocol().toUpperCase(), rule.getSrcIp(), Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]))) {
throw new ExecutionException("Failed to create PF rule in VNMC for guest network with vlan " + vlanId);
}
}
}
}
if (!_connection.associateAclPolicySet(tenant)) {
throw new ExecutionException("Failed to associate source NAT policy set with edge security profile in VNMC for guest network with vlan " + vlanId);
}
} catch (ExecutionException e) {
String msg = "SetPortForwardingRulesCommand failed due to " + e.getMessage();
s_logger.error(msg, e);
return new Answer(cmd, false, msg);
}
return new Answer(cmd, true, "Success");
}
use of com.cloud.utils.exception.ExecutionException in project cloudstack by apache.
the class CiscoVnmcResource method execute.
private Answer execute(SetSourceNatCommand cmd, int numRetries) {
String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
String tenant = "vlan-" + vlanId;
String policyIdentifier = cmd.getIpAddress().getPublicIp().replace('.', '-');
try {
if (!_connection.createTenantVDCNatPolicySet(tenant)) {
throw new ExecutionException("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCSourceNatPolicy(tenant, policyIdentifier)) {
throw new ExecutionException("Failed to create source NAT policy in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCSourceNatPolicyRef(tenant, policyIdentifier)) {
throw new ExecutionException("Failed to associate source NAT policy with NAT policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCSourceNatIpPool(tenant, policyIdentifier, cmd.getIpAddress().getPublicIp())) {
throw new ExecutionException("Failed to create source NAT ip pool in VNMC for guest network with vlan " + vlanId);
}
String[] ipRange = getIpRangeFromCidr(cmd.getContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR));
if (!_connection.createTenantVDCSourceNatRule(tenant, policyIdentifier, ipRange[0], ipRange[1])) {
throw new ExecutionException("Failed to create source NAT rule in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.associateNatPolicySet(tenant)) {
throw new ExecutionException("Failed to associate source NAT policy set with edge security profile in VNMC for guest network with vlan " + vlanId);
}
} catch (ExecutionException e) {
String msg = "SetSourceNatCommand failed due to " + e.getMessage();
s_logger.error(msg, e);
return new Answer(cmd, false, msg);
}
return new Answer(cmd, true, "Success");
}
use of com.cloud.utils.exception.ExecutionException in project cloudstack by apache.
the class JuniperSrxResource method execute.
private Answer execute(SetStaticNatRulesCommand cmd, int numRetries) {
StaticNatRuleTO[] allRules = cmd.getRules();
Map<String, ArrayList<FirewallRuleTO>> activeRules = getActiveRules(allRules);
Map<String, String> vlanTagMap = getVlanTagMap(allRules);
try {
openConfiguration();
Set<String> ipPairs = activeRules.keySet();
for (String ipPair : ipPairs) {
String[] ipPairComponents = ipPair.split("-");
String publicIp = ipPairComponents[0];
String privateIp = ipPairComponents[1];
List<FirewallRuleTO> activeRulesForIpPair = activeRules.get(ipPair);
Long publicVlanTag = getVlanTag(vlanTagMap.get(publicIp));
// Delete the existing static NAT rule for this IP pair
removeStaticNatRule(publicVlanTag, publicIp, privateIp);
if (activeRulesForIpPair.size() > 0) {
// If there are active FirewallRules for this IP pair, add the static NAT rule and open the specified port ranges
addStaticNatRule(publicVlanTag, publicIp, privateIp, activeRulesForIpPair);
}
}
commitConfiguration();
return new Answer(cmd);
} catch (ExecutionException e) {
s_logger.error(e);
closeConfiguration();
if (numRetries > 0 && refreshSrxConnection()) {
int numRetriesRemaining = numRetries - 1;
s_logger.debug("Retrying SetPortForwardingRulesCommand. Number of retries remaining: " + numRetriesRemaining);
return execute(cmd, numRetriesRemaining);
} else {
return new Answer(cmd, e);
}
}
}
use of com.cloud.utils.exception.ExecutionException in project cloudstack by apache.
the class JuniperSrxResource method parseApplicationName.
private Object[] parseApplicationName(SecurityPolicyType type, String applicationName) throws ExecutionException {
String errorMsg = "Invalid application: " + applicationName;
String[] applicationComponents = applicationName.split("-");
Protocol protocol;
Integer startPort;
Integer endPort;
int offset = 0;
try {
offset = (type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS) || type.equals(SecurityPolicyType.SECURITYPOLICY_EGRESS_DEFAULT)) ? 1 : 0;
protocol = getProtocol(applicationComponents[offset + 0]);
startPort = Integer.parseInt(applicationComponents[offset + 1]);
endPort = Integer.parseInt(applicationComponents[offset + 2]);
} catch (Exception e) {
throw new ExecutionException(errorMsg);
}
return new Object[] { protocol, startPort, endPort };
}
use of com.cloud.utils.exception.ExecutionException in project cloudstack by apache.
the class JuniperSrxResource method execute.
private Answer execute(SetPortForwardingRulesCommand cmd, int numRetries) {
PortForwardingRuleTO[] allRules = cmd.getRules();
Map<String, ArrayList<FirewallRuleTO>> activeRules = getActiveRules(allRules);
try {
openConfiguration();
Set<String> ipPairs = activeRules.keySet();
for (String ipPair : ipPairs) {
String[] ipPairComponents = ipPair.split("-");
String publicIp = ipPairComponents[0];
String privateIp = ipPairComponents[1];
List<FirewallRuleTO> activeRulesForIpPair = activeRules.get(ipPair);
// Get a list of all destination NAT rules for the public/private IP address pair
List<String[]> destNatRules = getDestNatRules(RuleMatchCondition.PUBLIC_PRIVATE_IPS, publicIp, privateIp, null, null);
Map<String, Long> publicVlanTags = getPublicVlanTagsForNatRules(destNatRules);
// Delete all of these rules, along with the destination NAT pools and security policies they use
removeDestinationNatRules(null, publicVlanTags, destNatRules);
// If there are active rules for the public/private IP address pair, add them back
for (FirewallRuleTO rule : activeRulesForIpPair) {
Long publicVlanTag = getVlanTag(rule.getSrcVlanTag());
PortForwardingRuleTO portForwardingRule = (PortForwardingRuleTO) rule;
addDestinationNatRule(getProtocol(rule.getProtocol()), publicVlanTag, portForwardingRule.getSrcIp(), portForwardingRule.getDstIp(), portForwardingRule.getSrcPortRange()[0], portForwardingRule.getSrcPortRange()[1], portForwardingRule.getDstPortRange()[0], portForwardingRule.getDstPortRange()[1]);
}
}
commitConfiguration();
return new Answer(cmd);
} catch (ExecutionException e) {
s_logger.error(e);
closeConfiguration();
if (numRetries > 0 && refreshSrxConnection()) {
int numRetriesRemaining = numRetries - 1;
s_logger.debug("Retrying SetPortForwardingRulesCommand. Number of retries remaining: " + numRetriesRemaining);
return execute(cmd, numRetriesRemaining);
} else {
return new Answer(cmd, e);
}
}
}
Aggregations