Examples with DVSSecurityPolicy com.vmware.vim25.DVSSecurityPolicy used on opensource projects

Example 1 with DVSSecurityPolicy

use of com.vmware.vim25.DVSSecurityPolicy in project cloudstack by apache.

the class HypervisorHostHelper method createVmwareDVPortSettingSpec.

public static VMwareDVSPortSetting createVmwareDVPortSettingSpec(DVSTrafficShapingPolicy shapingPolicy, DVSSecurityPolicy secPolicy, VmwareDistributedVirtualSwitchVlanSpec vlanSpec) {
    VMwareDVSPortSetting dvsPortSetting = new VMwareDVSPortSetting();
    dvsPortSetting.setVlan(vlanSpec);
    dvsPortSetting.setSecurityPolicy(secPolicy);
    dvsPortSetting.setInShapingPolicy(shapingPolicy);
    dvsPortSetting.setOutShapingPolicy(shapingPolicy);
    return dvsPortSetting;
}

Example 2 with DVSSecurityPolicy

use of com.vmware.vim25.DVSSecurityPolicy in project cloudstack by apache.

the class HypervisorHostHelper method createVmwareDVPortSettingSpec.

public static VMwareDVSPortSetting createVmwareDVPortSettingSpec(DVSTrafficShapingPolicy shapingPolicy, DVSSecurityPolicy secPolicy, DVSMacManagementPolicy macManagementPolicy, VmwareDistributedVirtualSwitchVlanSpec vlanSpec, boolean dvSwitchSupportNewPolicies) {
    VMwareDVSPortSetting dvsPortSetting = new VMwareDVSPortSetting();
    dvsPortSetting.setVlan(vlanSpec);
    dvsPortSetting.setSecurityPolicy(secPolicy);
    if (dvSwitchSupportNewPolicies) {
        dvsPortSetting.setMacManagementPolicy(macManagementPolicy);
    }
    dvsPortSetting.setInShapingPolicy(shapingPolicy);
    dvsPortSetting.setOutShapingPolicy(shapingPolicy);
    return dvsPortSetting;
}

Example 3 with DVSSecurityPolicy

use of com.vmware.vim25.DVSSecurityPolicy in project cloudstack by apache.

the class HypervisorHostHelperTest method testDVSSecurityPolicyLegacyWithDetail.

@Test
public void testDVSSecurityPolicyLegacyWithDetail() {
    Map<NetworkOffering.Detail, String> details = getNicDetails();
    details.put(NetworkOffering.Detail.ForgedTransmits, "true");
    DVSSecurityPolicy secPolicy = HypervisorHostHelper.createDVSSecurityPolicy(details);
    assertFalse(secPolicy.getAllowPromiscuous().isValue());
    assertTrue(secPolicy.getForgedTransmits().isValue());
    assertFalse(secPolicy.getMacChanges().isValue());
}

Example 4 with DVSSecurityPolicy

use of com.vmware.vim25.DVSSecurityPolicy in project cloudstack by apache.

the class HypervisorHostHelperTest method testDVSSecurityPolicyLegacyDefaultWithDetail.

@Test
public void testDVSSecurityPolicyLegacyDefaultWithDetail() {
    Map<NetworkOffering.Detail, String> details = getNicDetails();
    details.remove(NetworkOffering.Detail.ForgedTransmits);
    details.remove(NetworkOffering.Detail.PromiscuousMode);
    DVSSecurityPolicy secPolicy = HypervisorHostHelper.createDVSSecurityPolicy(details);
    assertFalse(secPolicy.getAllowPromiscuous().isValue());
    assertFalse(secPolicy.getMacChanges().isValue());
    assertTrue(secPolicy.getForgedTransmits().isValue());
}

Example 5 with DVSSecurityPolicy

use of com.vmware.vim25.DVSSecurityPolicy in project cloudstack by apache.

the class HypervisorHostHelper method prepareNetwork.

/**
     * @param ethPortProfileName
     * @param namePrefix
     * @param hostMo
     * @param vlanId
     * @param networkRateMbps
     * @param networkRateMulticastMbps
     * @param timeOutMs
     * @param vSwitchType
     * @param numPorts
     * @return
     * @throws Exception
     */
public static Pair<ManagedObjectReference, String> prepareNetwork(String physicalNetwork, String namePrefix, HostMO hostMo, String vlanId, String secondaryvlanId, Integer networkRateMbps, Integer networkRateMulticastMbps, long timeOutMs, VirtualSwitchType vSwitchType, int numPorts, String gateway, boolean configureVServiceInNexus, BroadcastDomainType broadcastDomainType, Map<String, String> vsmCredentials) throws Exception {
    ManagedObjectReference morNetwork = null;
    VmwareContext context = hostMo.getContext();
    ManagedObjectReference dcMor = hostMo.getHyperHostDatacenter();
    DatacenterMO dataCenterMo = new DatacenterMO(context, dcMor);
    DistributedVirtualSwitchMO dvSwitchMo = null;
    ManagedObjectReference morEthernetPortProfile = null;
    String ethPortProfileName = null;
    ManagedObjectReference morDvSwitch = null;
    String dvSwitchName = null;
    boolean bWaitPortGroupReady = false;
    boolean createGCTag = false;
    String vcApiVersion;
    String minVcApiVersionSupportingAutoExpand;
    boolean autoExpandSupported;
    String networkName;
    Integer vid = null;
    // secondary pvlan id
    Integer spvlanid = null;
    /** This is the list of BroadcastDomainTypes we can actually
         * prepare networks for in this function.
         */
    BroadcastDomainType[] supportedBroadcastTypes = new BroadcastDomainType[] { BroadcastDomainType.Lswitch, BroadcastDomainType.LinkLocal, BroadcastDomainType.Native, BroadcastDomainType.Pvlan, BroadcastDomainType.Storage, BroadcastDomainType.UnDecided, BroadcastDomainType.Vlan, BroadcastDomainType.Vsp };
    if (!Arrays.asList(supportedBroadcastTypes).contains(broadcastDomainType)) {
        throw new InvalidParameterException("BroadcastDomainType " + broadcastDomainType + " it not supported on a VMWare hypervisor at this time.");
    }
    if (broadcastDomainType == BroadcastDomainType.Lswitch) {
        if (vSwitchType == VirtualSwitchType.NexusDistributedVirtualSwitch) {
            throw new InvalidParameterException("Nexus Distributed Virtualswitch is not supported with BroadcastDomainType " + broadcastDomainType);
        }
        /**
             * Nicira NVP requires all vms to be connected to a single port-group.
             * A unique vlan needs to be set per port. This vlan is specific to
             * this implementation and has no reference to other vlans in CS
             */
        // FIXME Should be set via a configuration item in CS
        networkName = "br-int";
        // No doubt about this, depending on vid=null to avoid lots of code below
        vid = null;
    } else {
        networkName = composeCloudNetworkName(namePrefix, vlanId, secondaryvlanId, networkRateMbps, physicalNetwork);
        if (vlanId != null && !UNTAGGED_VLAN_NAME.equalsIgnoreCase(vlanId)) {
            createGCTag = true;
            vid = Integer.parseInt(vlanId);
        }
        if (secondaryvlanId != null) {
            spvlanid = Integer.parseInt(secondaryvlanId);
        }
    }
    if (vSwitchType == VirtualSwitchType.VMwareDistributedVirtualSwitch) {
        DVSTrafficShapingPolicy shapingPolicy;
        DVSSecurityPolicy secPolicy;
        vcApiVersion = getVcenterApiVersion(context);
        minVcApiVersionSupportingAutoExpand = "5.0";
        autoExpandSupported = isFeatureSupportedInVcenterApiVersion(vcApiVersion, minVcApiVersionSupportingAutoExpand);
        dvSwitchName = physicalNetwork;
        // and switch types.
        if (dvSwitchName == null) {
            s_logger.warn("Detected null dvSwitch. Defaulting to dvSwitch0");
            dvSwitchName = "dvSwitch0";
        }
        morDvSwitch = dataCenterMo.getDvSwitchMor(dvSwitchName);
        if (morDvSwitch == null) {
            String msg = "Unable to find distributed vSwitch " + dvSwitchName;
            s_logger.error(msg);
            throw new Exception(msg);
        } else {
            s_logger.debug("Found distributed vSwitch " + dvSwitchName);
        }
        if (broadcastDomainType == BroadcastDomainType.Lswitch) {
            if (!dataCenterMo.hasDvPortGroup(networkName)) {
                throw new InvalidParameterException("NVP integration port-group " + networkName + " does not exist on the DVS " + dvSwitchName);
            }
            bWaitPortGroupReady = false;
        } else {
            dvSwitchMo = new DistributedVirtualSwitchMO(context, morDvSwitch);
            shapingPolicy = getDVSShapingPolicy(networkRateMbps);
            secPolicy = createDVSSecurityPolicy();
            // type isolated.
            if (vid != null && spvlanid != null) {
                setupPVlanPair(dvSwitchMo, morDvSwitch, vid, spvlanid);
            }
            VMwareDVSPortgroupPolicy portGroupPolicy = null;
            if (broadcastDomainType == BroadcastDomainType.Vsp) {
                //If the broadcastDomainType is Vsp, then set the VMwareDVSPortgroupPolicy
                portGroupPolicy = new VMwareDVSPortgroupPolicy();
                portGroupPolicy.setVlanOverrideAllowed(true);
                portGroupPolicy.setBlockOverrideAllowed(true);
                portGroupPolicy.setPortConfigResetAtDisconnect(true);
            }
            // Next, create the port group. For this, we need to create a VLAN spec.
            createPortGroup(physicalNetwork, networkName, vid, spvlanid, dataCenterMo, shapingPolicy, secPolicy, portGroupPolicy, dvSwitchMo, numPorts, autoExpandSupported);
            bWaitPortGroupReady = true;
        }
    } else if (vSwitchType == VirtualSwitchType.NexusDistributedVirtualSwitch) {
        ethPortProfileName = physicalNetwork;
        // and switch types.
        if (ethPortProfileName == null) {
            s_logger.warn("Detected null ethrenet port profile. Defaulting to epp0.");
            ethPortProfileName = "epp0";
        }
        morEthernetPortProfile = dataCenterMo.getDvPortGroupMor(ethPortProfileName);
        if (morEthernetPortProfile == null) {
            String msg = "Unable to find Ethernet port profile " + ethPortProfileName;
            s_logger.error(msg);
            throw new Exception(msg);
        } else {
            s_logger.info("Found Ethernet port profile " + ethPortProfileName);
        }
        long averageBandwidth = 0L;
        if (networkRateMbps != null && networkRateMbps.intValue() > 0) {
            averageBandwidth = networkRateMbps.intValue() * 1024L * 1024L;
        }
        // We chose 50% higher allocation than average bandwidth.
        // TODO(sateesh): Optionally let user specify the peak coefficient
        long peakBandwidth = (long) (averageBandwidth * 1.5);
        // TODO(sateesh): Optionally let user specify the burst coefficient
        long burstSize = 5 * averageBandwidth / 8;
        if (vsmCredentials != null) {
            s_logger.info("Stocking credentials of Nexus VSM");
            context.registerStockObject("vsmcredentials", vsmCredentials);
        }
        if (!dataCenterMo.hasDvPortGroup(networkName)) {
            s_logger.info("Port profile " + networkName + " not found.");
            createPortProfile(context, physicalNetwork, networkName, vid, networkRateMbps, peakBandwidth, burstSize, gateway, configureVServiceInNexus);
            bWaitPortGroupReady = true;
        } else {
            s_logger.info("Port profile " + networkName + " found.");
            updatePortProfile(context, physicalNetwork, networkName, vid, networkRateMbps, peakBandwidth, burstSize);
        }
    }
    // Wait for dvPortGroup on vCenter
    if (bWaitPortGroupReady)
        morNetwork = waitForDvPortGroupReady(dataCenterMo, networkName, timeOutMs);
    else
        morNetwork = dataCenterMo.getDvPortGroupMor(networkName);
    if (morNetwork == null) {
        String msg = "Failed to create guest network " + networkName;
        s_logger.error(msg);
        throw new Exception(msg);
    }
    if (createGCTag) {
        NetworkMO networkMo = new NetworkMO(hostMo.getContext(), morNetwork);
        networkMo.setCustomFieldValue(CustomFieldConstants.CLOUD_GC_DVP, "true");
        s_logger.debug("Added custom field : " + CustomFieldConstants.CLOUD_GC_DVP);
    }
    return new Pair<ManagedObjectReference, String>(morNetwork, networkName);
}