Example 41 with ExecutionException
use of com.cloud.utils.exception.ExecutionException in project cloudstack by apache.
the class CiscoVnmcResource method execute.
private Answer execute(SetFirewallRulesCommand cmd, int numRetries) {
String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
String tenant = "vlan-" + vlanId;
FirewallRuleTO[] rules = cmd.getRules();
Map<String, List<FirewallRuleTO>> publicIpRulesMap = new HashMap<String, List<FirewallRuleTO>>();
for (FirewallRuleTO rule : rules) {
String publicIp = rule.getSrcIp();
if (!publicIpRulesMap.containsKey(publicIp)) {
List<FirewallRuleTO> publicIpRulesList = new ArrayList<FirewallRuleTO>();
publicIpRulesMap.put(publicIp, publicIpRulesList);
}
publicIpRulesMap.get(publicIp).add(rule);
}
try {
if (!_connection.createTenantVDCAclPolicySet(tenant, true)) {
throw new ExecutionException("Failed to create ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicySet(tenant, false)) {
throw new ExecutionException("Failed to create ACL egress policy set in VNMC for guest network with vlan " + vlanId);
}
for (String publicIp : publicIpRulesMap.keySet()) {
String policyIdentifier = publicIp.replace('.', '-');
if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
throw new ExecutionException("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) {
throw new ExecutionException("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
}
if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) {
throw new ExecutionException("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId);
}
for (FirewallRuleTO rule : publicIpRulesMap.get(publicIp)) {
if (rule.revoked()) {
if (!_connection.deleteTenantVDCAclRule(tenant, rule.getId(), policyIdentifier)) {
throw new ExecutionException("Failed to delete ACL rule in VNMC for guest network with vlan " + vlanId);
}
} else {
String[] externalIpRange = getIpRangeFromCidr(rule.getSourceCidrList().get(0));
if (rule.getTrafficType() == TrafficType.Ingress) {
if (!rule.getProtocol().equalsIgnoreCase("icmp") && rule.getSrcPortRange() != null) {
if (!_connection.createTenantVDCIngressAclRule(tenant, rule.getId(), policyIdentifier, rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1], Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]))) {
throw new ExecutionException("Failed to create ACL ingress rule in VNMC for guest network with vlan " + vlanId);
}
} else {
if (!_connection.createTenantVDCIngressAclRule(tenant, rule.getId(), policyIdentifier, rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1])) {
throw new ExecutionException("Failed to create ACL ingress rule in VNMC for guest network with vlan " + vlanId);
}
}
} else {
if ((rule.getProtocol().equalsIgnoreCase("tcp") || rule.getProtocol().equalsIgnoreCase("udp")) && rule.getSrcPortRange() != null) {
if (!_connection.createTenantVDCEgressAclRule(tenant, rule.getId(), policyIdentifier, rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1], Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]))) {
throw new ExecutionException("Failed to create ACL egress rule in VNMC for guest network with vlan " + vlanId);
}
} else {
if (!_connection.createTenantVDCEgressAclRule(tenant, rule.getId(), policyIdentifier, rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1])) {
throw new ExecutionException("Failed to create ACL egress rule in VNMC for guest network with vlan " + vlanId);
}
}
}
}
}
}
if (!_connection.associateAclPolicySet(tenant)) {
throw new ExecutionException("Failed to associate ACL policy set with edge security profile in VNMC for guest network with vlan " + vlanId);
}
} catch (ExecutionException e) {
String msg = "SetFirewallRulesCommand failed due to " + e.getMessage();
s_logger.error(msg, e);
return new Answer(cmd, false, msg);
}
return new Answer(cmd, true, "Success");
}
Also used :
ReadyAnswer(com.cloud.agent.api.ReadyAnswer)
Answer(com.cloud.agent.api.Answer)
MaintainAnswer(com.cloud.agent.api.MaintainAnswer)
ExternalNetworkResourceUsageAnswer(com.cloud.agent.api.ExternalNetworkResourceUsageAnswer)
IpAssocAnswer(com.cloud.agent.api.routing.IpAssocAnswer)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
FirewallRuleTO(com.cloud.agent.api.to.FirewallRuleTO)
ExecutionException(com.cloud.utils.exception.ExecutionException)
Example 42 with ExecutionException
use of com.cloud.utils.exception.ExecutionException in project cloudstack by apache.
the class PaloAltoResource method getPrivateSubnet.
private String getPrivateSubnet(String vlan) throws ExecutionException {
String _interfaceName = genPrivateInterfaceName(Long.parseLong(vlan));
Map<String, String> params = new HashMap<String, String>();
params.put("type", "config");
params.put("action", "get");
params.put("xpath", "/config/devices/entry/network/interface/" + _privateInterfaceType + "/entry[@name='" + _privateInterface + "']/layer3/units/entry[@name='" + _interfaceName + "']/ip/entry");
String response = request(PaloAltoMethod.GET, params);
if (validResponse(response) && responseNotEmpty(response)) {
NodeList response_body;
Document doc = getDocument(response);
XPath xpath = XPathFactory.newInstance().newXPath();
try {
XPathExpression expr = xpath.compile("/response[@status='success']/result/entry");
response_body = (NodeList) expr.evaluate(doc, XPathConstants.NODESET);
} catch (XPathExpressionException e) {
throw new ExecutionException(e.getCause().getMessage());
}
if (response_body.getLength() > 0) {
return response_body.item(0).getAttributes().getNamedItem("name").getTextContent();
}
}
return null;
}
Also used :
XPath(javax.xml.xpath.XPath)
XPathExpression(javax.xml.xpath.XPathExpression)
HashMap(java.util.HashMap)
XPathExpressionException(javax.xml.xpath.XPathExpressionException)
NodeList(org.w3c.dom.NodeList)
Document(org.w3c.dom.Document)
ExecutionException(com.cloud.utils.exception.ExecutionException)
Example 43 with ExecutionException
use of com.cloud.utils.exception.ExecutionException in project cloudstack by apache.
the class PaloAltoResource method manageDstNatRule.
public boolean manageDstNatRule(ArrayList<IPaloAltoCommand> cmdList, PaloAltoPrimative prim, PortForwardingRuleTO rule) throws ExecutionException {
String publicIp = rule.getSrcIp();
String dstNatName = genDstNatRuleName(publicIp, rule.getId());
String publicInterfaceName;
String publicVlanTag;
if (rule.getSrcVlanTag() == null) {
publicInterfaceName = genPublicInterfaceName(new Long("9999"));
} else {
publicVlanTag = parsePublicVlanTag(rule.getSrcVlanTag());
if (publicVlanTag.equals("untagged")) {
publicInterfaceName = genPublicInterfaceName(new Long("9999"));
} else {
publicInterfaceName = genPublicInterfaceName(new Long(publicVlanTag));
}
}
switch(prim) {
case CHECK_IF_EXISTS:
// check if one exists already
Map<String, String> params = new HashMap<String, String>();
params.put("type", "config");
params.put("action", "get");
params.put("xpath", "/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/nat/rules/entry[@name='" + dstNatName + "']");
String response = request(PaloAltoMethod.GET, params);
boolean result = (validResponse(response) && responseNotEmpty(response));
s_logger.debug("Destination NAT exists: " + dstNatName + ", " + result);
return result;
case ADD:
if (manageDstNatRule(cmdList, PaloAltoPrimative.CHECK_IF_EXISTS, rule)) {
return true;
}
// build source service xml
String srcService;
String protocol = rule.getProtocol();
int[] srcPortRange = rule.getSrcPortRange();
if (srcPortRange != null) {
String portRange;
if (srcPortRange.length == 1 || srcPortRange[0] == srcPortRange[1]) {
portRange = String.valueOf(srcPortRange[0]);
} else {
portRange = String.valueOf(srcPortRange[0]) + "-" + String.valueOf(srcPortRange[1]);
}
manageService(cmdList, PaloAltoPrimative.ADD, protocol, portRange, null);
srcService = genServiceName(protocol, portRange, null);
} else {
// no equivalent config in PA, so allow all traffic...
srcService = "any";
}
// build destination port xml (single port limit in PA)
String dstPortXML = "";
int[] dstPortRange = rule.getDstPortRange();
if (dstPortRange != null) {
dstPortXML = "<translated-port>" + dstPortRange[0] + "</translated-port>";
}
// add public IP to the sub-interface
Map<String, String> a_sub_params = new HashMap<String, String>();
a_sub_params.put("type", "config");
a_sub_params.put("action", "set");
a_sub_params.put("xpath", "/config/devices/entry/network/interface/" + _publicInterfaceType + "/entry[@name='" + _publicInterface + "']/layer3/units/entry[@name='" + publicInterfaceName + "']/ip");
a_sub_params.put("element", "<entry name='" + publicIp + "/32'/>");
cmdList.add(new DefaultPaloAltoCommand(PaloAltoMethod.GET, a_sub_params));
// add the destination nat rule for the public IP
String xml = "";
xml += "<from><member>" + _publicZone + "</member></from>";
xml += "<to><member>" + _publicZone + "</member></to>";
xml += "<source><member>any</member></source>";
xml += "<destination><member>" + publicIp + "</member></destination>";
xml += "<service>" + srcService + "</service>";
xml += "<nat-type>ipv4</nat-type>";
xml += "<to-interface>" + publicInterfaceName + "</to-interface>";
xml += "<destination-translation><translated-address>" + rule.getDstIp() + "</translated-address>" + dstPortXML + "</destination-translation>";
Map<String, String> a_params = new HashMap<String, String>();
a_params.put("type", "config");
a_params.put("action", "set");
a_params.put("xpath", "/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/nat/rules/entry[@name='" + dstNatName + "']");
a_params.put("element", xml);
cmdList.add(new DefaultPaloAltoCommand(PaloAltoMethod.POST, a_params));
return true;
case DELETE:
if (!manageDstNatRule(cmdList, PaloAltoPrimative.CHECK_IF_EXISTS, rule)) {
return true;
}
// determine if we need to delete the ip from the interface as well...
Map<String, String> c_params = new HashMap<String, String>();
c_params.put("type", "config");
c_params.put("action", "get");
c_params.put("xpath", "/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/nat/rules/entry[destination/member[text()='" + publicIp + "']]");
String c_response = request(PaloAltoMethod.GET, c_params);
String count = "";
NodeList response_body;
Document doc = getDocument(c_response);
XPath xpath = XPathFactory.newInstance().newXPath();
try {
XPathExpression expr = xpath.compile("/response[@status='success']/result");
response_body = (NodeList) expr.evaluate(doc, XPathConstants.NODESET);
} catch (XPathExpressionException e) {
throw new ExecutionException(e.getCause().getMessage());
}
if (response_body.getLength() > 0 && response_body.item(0).getAttributes().getLength() > 0) {
count = response_body.item(0).getAttributes().getNamedItem("count").getTextContent();
}
// delete the dst nat rule
Map<String, String> d_params = new HashMap<String, String>();
d_params.put("type", "config");
d_params.put("action", "delete");
d_params.put("xpath", "/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/nat/rules/entry[@name='" + dstNatName + "']");
cmdList.add(new DefaultPaloAltoCommand(PaloAltoMethod.POST, d_params));
if (!count.equals("") && Integer.parseInt(count) == 1) {
// this dst nat rule is the last, so remove the ip...
// delete IP from sub-interface...
Map<String, String> d_sub_params = new HashMap<String, String>();
d_sub_params.put("type", "config");
d_sub_params.put("action", "delete");
d_sub_params.put("xpath", "/config/devices/entry/network/interface/" + _publicInterfaceType + "/entry[@name='" + _publicInterface + "']/layer3/units/entry[@name='" + publicInterfaceName + "']/ip/entry[@name='" + publicIp + "/32']");
cmdList.add(new DefaultPaloAltoCommand(PaloAltoMethod.GET, d_sub_params));
}
return true;
default:
s_logger.debug("Unrecognized command.");
return false;
}
}
Also used :
XPath(javax.xml.xpath.XPath)
XPathExpression(javax.xml.xpath.XPathExpression)
HashMap(java.util.HashMap)
XPathExpressionException(javax.xml.xpath.XPathExpressionException)
NodeList(org.w3c.dom.NodeList)
Document(org.w3c.dom.Document)
ExecutionException(com.cloud.utils.exception.ExecutionException)
Example 44 with ExecutionException
use of com.cloud.utils.exception.ExecutionException in project cloudstack by apache.
the class PaloAltoResource method responseNotEmpty.
/* Validate that the response is not empty. */
public boolean responseNotEmpty(String response) throws ExecutionException {
NodeList response_body;
Document doc = getDocument(response);
XPath xpath = XPathFactory.newInstance().newXPath();
try {
XPathExpression expr = xpath.compile("/response[@status='success']");
response_body = (NodeList) expr.evaluate(doc, XPathConstants.NODESET);
} catch (XPathExpressionException e) {
throw new ExecutionException(e.getCause().getMessage());
}
if (response_body.getLength() > 0 && (!response_body.item(0).getTextContent().equals("") || (response_body.item(0).hasChildNodes() && response_body.item(0).getFirstChild().hasChildNodes()))) {
return true;
} else {
return false;
}
}
Also used :
XPath(javax.xml.xpath.XPath)
XPathExpression(javax.xml.xpath.XPathExpression)
XPathExpressionException(javax.xml.xpath.XPathExpressionException)
NodeList(org.w3c.dom.NodeList)
Document(org.w3c.dom.Document)
ExecutionException(com.cloud.utils.exception.ExecutionException)
Example 45 with ExecutionException
use of com.cloud.utils.exception.ExecutionException in project cloudstack by apache.
the class PaloAltoResource method getDocument.
private Document getDocument(String xml) throws ExecutionException {
StringReader xmlReader = new StringReader(xml);
InputSource xmlSource = new InputSource(xmlReader);
Document doc = null;
try {
doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(xmlSource);
} catch (Exception e) {
s_logger.error(e);
throw new ExecutionException(e.getMessage());
}
if (doc == null) {
throw new ExecutionException("Failed to parse xml " + xml);
} else {
return doc;
}
}
Also used :
InputSource(org.xml.sax.InputSource)
StringReader(java.io.StringReader)
Document(org.w3c.dom.Document)
ExecutionException(com.cloud.utils.exception.ExecutionException)
XPathExpressionException(javax.xml.xpath.XPathExpressionException)
ExecutionException(com.cloud.utils.exception.ExecutionException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ConfigurationException(javax.naming.ConfigurationException)
IOException(java.io.IOException)
Aggregations
ExecutionException (com.cloud.utils.exception.ExecutionException)83
ConfigurationException (javax.naming.ConfigurationException)31
IOException (java.io.IOException)30
ArrayList (java.util.ArrayList)23
IpAssocAnswer (com.cloud.agent.api.routing.IpAssocAnswer)20
RemoteException (java.rmi.RemoteException)20
ExternalNetworkResourceUsageAnswer (com.cloud.agent.api.ExternalNetworkResourceUsageAnswer)19
Answer (com.cloud.agent.api.Answer)17
MaintainAnswer (com.cloud.agent.api.MaintainAnswer)16
ReadyAnswer (com.cloud.agent.api.ReadyAnswer)16
com.citrix.netscaler.nitro.exception.nitro_exception (com.citrix.netscaler.nitro.exception.nitro_exception)13
Document (org.w3c.dom.Document)12
XPathExpressionException (javax.xml.xpath.XPathExpressionException)11
HashMap (java.util.HashMap)10
XPath (javax.xml.xpath.XPath)8
XPathExpression (javax.xml.xpath.XPathExpression)8
NodeList (org.w3c.dom.NodeList)7
com.citrix.netscaler.nitro.resource.config.gslb.gslbvserver (com.citrix.netscaler.nitro.resource.config.gslb.gslbvserver)5
com.citrix.netscaler.nitro.resource.config.lb.lbvserver (com.citrix.netscaler.nitro.resource.config.lb.lbvserver)5
com.citrix.netscaler.nitro.resource.config.ns.nsconfig (com.citrix.netscaler.nitro.resource.config.ns.nsconfig)5
