use of com.vmware.vim25.DVSSecurityPolicy in project cloudstack by apache.
the class HypervisorHostHelper method createVmwareDVPortSettingSpec.
public static VMwareDVSPortSetting createVmwareDVPortSettingSpec(DVSTrafficShapingPolicy shapingPolicy, DVSSecurityPolicy secPolicy, VmwareDistributedVirtualSwitchVlanSpec vlanSpec) {
VMwareDVSPortSetting dvsPortSetting = new VMwareDVSPortSetting();
dvsPortSetting.setVlan(vlanSpec);
dvsPortSetting.setSecurityPolicy(secPolicy);
dvsPortSetting.setInShapingPolicy(shapingPolicy);
dvsPortSetting.setOutShapingPolicy(shapingPolicy);
return dvsPortSetting;
}
use of com.vmware.vim25.DVSSecurityPolicy in project cloudstack by apache.
the class HypervisorHostHelper method createVmwareDVPortSettingSpec.
public static VMwareDVSPortSetting createVmwareDVPortSettingSpec(DVSTrafficShapingPolicy shapingPolicy, DVSSecurityPolicy secPolicy, DVSMacManagementPolicy macManagementPolicy, VmwareDistributedVirtualSwitchVlanSpec vlanSpec, boolean dvSwitchSupportNewPolicies) {
VMwareDVSPortSetting dvsPortSetting = new VMwareDVSPortSetting();
dvsPortSetting.setVlan(vlanSpec);
dvsPortSetting.setSecurityPolicy(secPolicy);
if (dvSwitchSupportNewPolicies) {
dvsPortSetting.setMacManagementPolicy(macManagementPolicy);
}
dvsPortSetting.setInShapingPolicy(shapingPolicy);
dvsPortSetting.setOutShapingPolicy(shapingPolicy);
return dvsPortSetting;
}
use of com.vmware.vim25.DVSSecurityPolicy in project cloudstack by apache.
the class HypervisorHostHelperTest method testDVSSecurityPolicyLegacyWithDetail.
@Test
public void testDVSSecurityPolicyLegacyWithDetail() {
Map<NetworkOffering.Detail, String> details = getNicDetails();
details.put(NetworkOffering.Detail.ForgedTransmits, "true");
DVSSecurityPolicy secPolicy = HypervisorHostHelper.createDVSSecurityPolicy(details);
assertFalse(secPolicy.getAllowPromiscuous().isValue());
assertTrue(secPolicy.getForgedTransmits().isValue());
assertFalse(secPolicy.getMacChanges().isValue());
}
use of com.vmware.vim25.DVSSecurityPolicy in project cloudstack by apache.
the class HypervisorHostHelperTest method testDVSSecurityPolicyLegacyDefaultWithDetail.
@Test
public void testDVSSecurityPolicyLegacyDefaultWithDetail() {
Map<NetworkOffering.Detail, String> details = getNicDetails();
details.remove(NetworkOffering.Detail.ForgedTransmits);
details.remove(NetworkOffering.Detail.PromiscuousMode);
DVSSecurityPolicy secPolicy = HypervisorHostHelper.createDVSSecurityPolicy(details);
assertFalse(secPolicy.getAllowPromiscuous().isValue());
assertFalse(secPolicy.getMacChanges().isValue());
assertTrue(secPolicy.getForgedTransmits().isValue());
}
use of com.vmware.vim25.DVSSecurityPolicy in project cloudstack by apache.
the class HypervisorHostHelper method prepareNetwork.
/**
* @param ethPortProfileName
* @param namePrefix
* @param hostMo
* @param vlanId
* @param networkRateMbps
* @param networkRateMulticastMbps
* @param timeOutMs
* @param vSwitchType
* @param numPorts
* @return
* @throws Exception
*/
public static Pair<ManagedObjectReference, String> prepareNetwork(String physicalNetwork, String namePrefix, HostMO hostMo, String vlanId, String secondaryvlanId, Integer networkRateMbps, Integer networkRateMulticastMbps, long timeOutMs, VirtualSwitchType vSwitchType, int numPorts, String gateway, boolean configureVServiceInNexus, BroadcastDomainType broadcastDomainType, Map<String, String> vsmCredentials) throws Exception {
ManagedObjectReference morNetwork = null;
VmwareContext context = hostMo.getContext();
ManagedObjectReference dcMor = hostMo.getHyperHostDatacenter();
DatacenterMO dataCenterMo = new DatacenterMO(context, dcMor);
DistributedVirtualSwitchMO dvSwitchMo = null;
ManagedObjectReference morEthernetPortProfile = null;
String ethPortProfileName = null;
ManagedObjectReference morDvSwitch = null;
String dvSwitchName = null;
boolean bWaitPortGroupReady = false;
boolean createGCTag = false;
String vcApiVersion;
String minVcApiVersionSupportingAutoExpand;
boolean autoExpandSupported;
String networkName;
Integer vid = null;
// secondary pvlan id
Integer spvlanid = null;
/** This is the list of BroadcastDomainTypes we can actually
* prepare networks for in this function.
*/
BroadcastDomainType[] supportedBroadcastTypes = new BroadcastDomainType[] { BroadcastDomainType.Lswitch, BroadcastDomainType.LinkLocal, BroadcastDomainType.Native, BroadcastDomainType.Pvlan, BroadcastDomainType.Storage, BroadcastDomainType.UnDecided, BroadcastDomainType.Vlan, BroadcastDomainType.Vsp };
if (!Arrays.asList(supportedBroadcastTypes).contains(broadcastDomainType)) {
throw new InvalidParameterException("BroadcastDomainType " + broadcastDomainType + " it not supported on a VMWare hypervisor at this time.");
}
if (broadcastDomainType == BroadcastDomainType.Lswitch) {
if (vSwitchType == VirtualSwitchType.NexusDistributedVirtualSwitch) {
throw new InvalidParameterException("Nexus Distributed Virtualswitch is not supported with BroadcastDomainType " + broadcastDomainType);
}
/**
* Nicira NVP requires all vms to be connected to a single port-group.
* A unique vlan needs to be set per port. This vlan is specific to
* this implementation and has no reference to other vlans in CS
*/
// FIXME Should be set via a configuration item in CS
networkName = "br-int";
// No doubt about this, depending on vid=null to avoid lots of code below
vid = null;
} else {
networkName = composeCloudNetworkName(namePrefix, vlanId, secondaryvlanId, networkRateMbps, physicalNetwork);
if (vlanId != null && !UNTAGGED_VLAN_NAME.equalsIgnoreCase(vlanId)) {
createGCTag = true;
vid = Integer.parseInt(vlanId);
}
if (secondaryvlanId != null) {
spvlanid = Integer.parseInt(secondaryvlanId);
}
}
if (vSwitchType == VirtualSwitchType.VMwareDistributedVirtualSwitch) {
DVSTrafficShapingPolicy shapingPolicy;
DVSSecurityPolicy secPolicy;
vcApiVersion = getVcenterApiVersion(context);
minVcApiVersionSupportingAutoExpand = "5.0";
autoExpandSupported = isFeatureSupportedInVcenterApiVersion(vcApiVersion, minVcApiVersionSupportingAutoExpand);
dvSwitchName = physicalNetwork;
// and switch types.
if (dvSwitchName == null) {
s_logger.warn("Detected null dvSwitch. Defaulting to dvSwitch0");
dvSwitchName = "dvSwitch0";
}
morDvSwitch = dataCenterMo.getDvSwitchMor(dvSwitchName);
if (morDvSwitch == null) {
String msg = "Unable to find distributed vSwitch " + dvSwitchName;
s_logger.error(msg);
throw new Exception(msg);
} else {
s_logger.debug("Found distributed vSwitch " + dvSwitchName);
}
if (broadcastDomainType == BroadcastDomainType.Lswitch) {
if (!dataCenterMo.hasDvPortGroup(networkName)) {
throw new InvalidParameterException("NVP integration port-group " + networkName + " does not exist on the DVS " + dvSwitchName);
}
bWaitPortGroupReady = false;
} else {
dvSwitchMo = new DistributedVirtualSwitchMO(context, morDvSwitch);
shapingPolicy = getDVSShapingPolicy(networkRateMbps);
secPolicy = createDVSSecurityPolicy();
// type isolated.
if (vid != null && spvlanid != null) {
setupPVlanPair(dvSwitchMo, morDvSwitch, vid, spvlanid);
}
VMwareDVSPortgroupPolicy portGroupPolicy = null;
if (broadcastDomainType == BroadcastDomainType.Vsp) {
//If the broadcastDomainType is Vsp, then set the VMwareDVSPortgroupPolicy
portGroupPolicy = new VMwareDVSPortgroupPolicy();
portGroupPolicy.setVlanOverrideAllowed(true);
portGroupPolicy.setBlockOverrideAllowed(true);
portGroupPolicy.setPortConfigResetAtDisconnect(true);
}
// Next, create the port group. For this, we need to create a VLAN spec.
createPortGroup(physicalNetwork, networkName, vid, spvlanid, dataCenterMo, shapingPolicy, secPolicy, portGroupPolicy, dvSwitchMo, numPorts, autoExpandSupported);
bWaitPortGroupReady = true;
}
} else if (vSwitchType == VirtualSwitchType.NexusDistributedVirtualSwitch) {
ethPortProfileName = physicalNetwork;
// and switch types.
if (ethPortProfileName == null) {
s_logger.warn("Detected null ethrenet port profile. Defaulting to epp0.");
ethPortProfileName = "epp0";
}
morEthernetPortProfile = dataCenterMo.getDvPortGroupMor(ethPortProfileName);
if (morEthernetPortProfile == null) {
String msg = "Unable to find Ethernet port profile " + ethPortProfileName;
s_logger.error(msg);
throw new Exception(msg);
} else {
s_logger.info("Found Ethernet port profile " + ethPortProfileName);
}
long averageBandwidth = 0L;
if (networkRateMbps != null && networkRateMbps.intValue() > 0) {
averageBandwidth = networkRateMbps.intValue() * 1024L * 1024L;
}
// We chose 50% higher allocation than average bandwidth.
// TODO(sateesh): Optionally let user specify the peak coefficient
long peakBandwidth = (long) (averageBandwidth * 1.5);
// TODO(sateesh): Optionally let user specify the burst coefficient
long burstSize = 5 * averageBandwidth / 8;
if (vsmCredentials != null) {
s_logger.info("Stocking credentials of Nexus VSM");
context.registerStockObject("vsmcredentials", vsmCredentials);
}
if (!dataCenterMo.hasDvPortGroup(networkName)) {
s_logger.info("Port profile " + networkName + " not found.");
createPortProfile(context, physicalNetwork, networkName, vid, networkRateMbps, peakBandwidth, burstSize, gateway, configureVServiceInNexus);
bWaitPortGroupReady = true;
} else {
s_logger.info("Port profile " + networkName + " found.");
updatePortProfile(context, physicalNetwork, networkName, vid, networkRateMbps, peakBandwidth, burstSize);
}
}
// Wait for dvPortGroup on vCenter
if (bWaitPortGroupReady)
morNetwork = waitForDvPortGroupReady(dataCenterMo, networkName, timeOutMs);
else
morNetwork = dataCenterMo.getDvPortGroupMor(networkName);
if (morNetwork == null) {
String msg = "Failed to create guest network " + networkName;
s_logger.error(msg);
throw new Exception(msg);
}
if (createGCTag) {
NetworkMO networkMo = new NetworkMO(hostMo.getContext(), morNetwork);
networkMo.setCustomFieldValue(CustomFieldConstants.CLOUD_GC_DVP, "true");
s_logger.debug("Added custom field : " + CustomFieldConstants.CLOUD_GC_DVP);
}
return new Pair<ManagedObjectReference, String>(morNetwork, networkName);
}
Aggregations