use of com.vmware.vim25.DVSSecurityPolicy in project cloudstack by apache.
the class HypervisorHostHelper method createPortGroup.
private static void createPortGroup(String physicalNetwork, String networkName, Integer vid, Integer spvlanid, DatacenterMO dataCenterMo, DVSTrafficShapingPolicy shapingPolicy, DVSSecurityPolicy secPolicy, VMwareDVSPortgroupPolicy portGroupPolicy, DistributedVirtualSwitchMO dvSwitchMo, int numPorts, boolean autoExpandSupported) throws Exception {
VmwareDistributedVirtualSwitchVlanSpec vlanSpec = null;
VmwareDistributedVirtualSwitchPvlanSpec pvlanSpec = null;
VMwareDVSPortSetting dvsPortSetting = null;
DVPortgroupConfigSpec newDvPortGroupSpec;
// NOTE - VmwareDistributedVirtualSwitchPvlanSpec extends VmwareDistributedVirtualSwitchVlanSpec.
if (vid == null || spvlanid == null) {
vlanSpec = createDVPortVlanIdSpec(vid);
dvsPortSetting = createVmwareDVPortSettingSpec(shapingPolicy, secPolicy, vlanSpec);
} else if (spvlanid != null) {
// Create a pvlan spec. The pvlan spec is different from the pvlan config spec
// that we created earlier. The pvlan config spec is used to configure the switch
// with a <primary vlanId, secondary vlanId> tuple. The pvlan spec is used
// to configure a port group (i.e., a network) with a secondary vlan id. We don't
// need to mention more than the secondary vlan id because one secondary vlan id
// can be associated with only one primary vlan id. Give vCenter the secondary vlan id,
// and it will find out the associated primary vlan id and do the rest of the
// port group configuration.
pvlanSpec = createDVPortPvlanIdSpec(spvlanid);
dvsPortSetting = createVmwareDVPortSettingSpec(shapingPolicy, secPolicy, pvlanSpec);
}
newDvPortGroupSpec = createDvPortGroupSpec(networkName, dvsPortSetting, numPorts, autoExpandSupported);
if (portGroupPolicy != null) {
newDvPortGroupSpec.setPolicy(portGroupPolicy);
}
if (!dataCenterMo.hasDvPortGroup(networkName)) {
s_logger.info("Distributed Virtual Port group " + networkName + " not found.");
// TODO(sateesh): Handle Exceptions
try {
dvSwitchMo.createDVPortGroup(newDvPortGroupSpec);
} catch (Exception e) {
String msg = "Failed to create distributed virtual port group " + networkName + " on dvSwitch " + physicalNetwork;
msg += ". " + VmwareHelper.getExceptionMessage(e);
throw new Exception(msg);
}
} else {
s_logger.info("Found Distributed Virtual Port group " + networkName);
DVPortgroupConfigInfo currentDvPortgroupInfo = dataCenterMo.getDvPortGroupSpec(networkName);
if (!isSpecMatch(currentDvPortgroupInfo, newDvPortGroupSpec)) {
s_logger.info("Updating Distributed Virtual Port group " + networkName);
newDvPortGroupSpec.setDefaultPortConfig(dvsPortSetting);
newDvPortGroupSpec.setConfigVersion(currentDvPortgroupInfo.getConfigVersion());
ManagedObjectReference morDvPortGroup = dataCenterMo.getDvPortGroupMor(networkName);
try {
dvSwitchMo.updateDvPortGroup(morDvPortGroup, newDvPortGroupSpec);
} catch (Exception e) {
String msg = "Failed to update distributed virtual port group " + networkName + " on dvSwitch " + physicalNetwork;
msg += ". " + VmwareHelper.getExceptionMessage(e);
throw new Exception(msg);
}
}
}
}
use of com.vmware.vim25.DVSSecurityPolicy in project cloudstack by apache.
the class HypervisorHostHelper method createDVSSecurityPolicy.
public static DVSSecurityPolicy createDVSSecurityPolicy() {
DVSSecurityPolicy secPolicy = new DVSSecurityPolicy();
BoolPolicy allow = new BoolPolicy();
allow.setValue(true);
secPolicy.setForgedTransmits(allow);
secPolicy.setAllowPromiscuous(allow);
secPolicy.setMacChanges(allow);
return secPolicy;
}
use of com.vmware.vim25.DVSSecurityPolicy in project cloudstack by apache.
the class HypervisorHostHelper method prepareNetwork.
/**
* Prepares network (for non-standard virtual switch) for the VM NIC based on the parameters.
* Can create a new portgroup or update an existing.
* @return Pair of network's ManagedObjectReference and name
* @throws Exception
*/
public static Pair<ManagedObjectReference, String> prepareNetwork(String physicalNetwork, String namePrefix, HostMO hostMo, String vlanId, String secondaryvlanId, Integer networkRateMbps, Integer networkRateMulticastMbps, long timeOutMs, VirtualSwitchType vSwitchType, int numPorts, String gateway, boolean configureVServiceInNexus, BroadcastDomainType broadcastDomainType, Map<String, String> vsmCredentials, Map<NetworkOffering.Detail, String> details) throws Exception {
ManagedObjectReference morNetwork = null;
VmwareContext context = hostMo.getContext();
ManagedObjectReference dcMor = hostMo.getHyperHostDatacenter();
DatacenterMO dataCenterMo = new DatacenterMO(context, dcMor);
DistributedVirtualSwitchMO dvSwitchMo = null;
ManagedObjectReference morEthernetPortProfile = null;
String ethPortProfileName = null;
ManagedObjectReference morDvSwitch = null;
String dvSwitchName = null;
boolean bWaitPortGroupReady = false;
boolean createGCTag = false;
String vcApiVersion;
String minVcApiVersionSupportingAutoExpand;
boolean autoExpandSupported;
String networkName;
Integer vid = null;
// secondary pvlan id
Integer spvlanid = null;
/**
* This is the list of BroadcastDomainTypes we can actually
* prepare networks for in this function.
*/
BroadcastDomainType[] supportedBroadcastTypes = new BroadcastDomainType[] { BroadcastDomainType.Lswitch, BroadcastDomainType.LinkLocal, BroadcastDomainType.Native, BroadcastDomainType.Pvlan, BroadcastDomainType.Storage, BroadcastDomainType.UnDecided, BroadcastDomainType.Vlan };
if (!Arrays.asList(supportedBroadcastTypes).contains(broadcastDomainType)) {
throw new InvalidParameterException("BroadcastDomainType " + broadcastDomainType + " it not supported on a VMWare hypervisor at this time.");
}
if (broadcastDomainType == BroadcastDomainType.Lswitch) {
if (vSwitchType == VirtualSwitchType.NexusDistributedVirtualSwitch) {
throw new InvalidParameterException("Nexus Distributed Virtualswitch is not supported with BroadcastDomainType " + broadcastDomainType);
}
/**
* Nicira NVP requires all vms to be connected to a single port-group.
* A unique vlan needs to be set per port. This vlan is specific to
* this implementation and has no reference to other vlans in CS
*/
// FIXME Should be set via a configuration item in CS
networkName = "br-int";
// No doubt about this, depending on vid=null to avoid lots of code below
vid = null;
} else {
if (vlanId != null) {
vlanId = vlanId.replace("vlan://", "");
}
networkName = composeCloudNetworkName(namePrefix, vlanId, secondaryvlanId, networkRateMbps, physicalNetwork);
if (vlanId != null && !UNTAGGED_VLAN_NAME.equalsIgnoreCase(vlanId) && !StringUtils.containsAny(vlanId, ",-")) {
createGCTag = true;
vid = Integer.parseInt(vlanId);
}
if (vlanId != null && StringUtils.containsAny(vlanId, ",-")) {
createGCTag = true;
}
if (secondaryvlanId != null) {
spvlanid = Integer.parseInt(secondaryvlanId);
}
}
if (vSwitchType == VirtualSwitchType.VMwareDistributedVirtualSwitch) {
vcApiVersion = getVcenterApiVersion(context);
minVcApiVersionSupportingAutoExpand = "5.0";
autoExpandSupported = isFeatureSupportedInVcenterApiVersion(vcApiVersion, minVcApiVersionSupportingAutoExpand);
dvSwitchName = physicalNetwork;
// and switch types.
if (dvSwitchName == null) {
s_logger.warn("Detected null dvSwitch. Defaulting to dvSwitch0");
dvSwitchName = "dvSwitch0";
}
morDvSwitch = dataCenterMo.getDvSwitchMor(dvSwitchName);
if (morDvSwitch == null) {
String msg = "Unable to find distributed vSwitch " + dvSwitchName;
s_logger.error(msg);
throw new Exception(msg);
}
dvSwitchMo = new DistributedVirtualSwitchMO(context, morDvSwitch);
String dvSwitchVersion = dvSwitchMo.getDVSProductVersion(morDvSwitch);
s_logger.debug(String.format("Found distributed vSwitch: %s with product version: %s", dvSwitchName, dvSwitchVersion));
if (broadcastDomainType == BroadcastDomainType.Lswitch) {
if (!dataCenterMo.hasDvPortGroup(networkName)) {
throw new InvalidParameterException("NVP integration port-group " + networkName + " does not exist on the DVS " + dvSwitchName);
}
bWaitPortGroupReady = false;
} else {
boolean dvSwitchSupportNewPolicies = (isFeatureSupportedInVcenterApiVersion(vcApiVersion, MINIMUM_VCENTER_API_VERSION_WITH_DVS_NEW_POLICIES_SUPPORT) && isVersionEqualOrHigher(dvSwitchVersion, MINIMUM_DVS_VERSION_WITH_NEW_POLICIES_SUPPORT));
DVSTrafficShapingPolicy shapingPolicy = getDVSShapingPolicy(networkRateMbps);
DVSSecurityPolicy secPolicy = createDVSSecurityPolicy(details);
DVSMacManagementPolicy macManagementPolicy = createDVSMacManagementPolicy(details);
// First, if both vlan id and pvlan id are provided, we need to
// reconfigure the DVSwitch to have a tuple <vlan id, pvlan id> of
// type isolated.
String pvlanType = MapUtils.isNotEmpty(details) ? details.get(NetworkOffering.Detail.pvlanType) : null;
if (vid != null && spvlanid != null) {
setupPVlanPair(dvSwitchMo, morDvSwitch, vid, spvlanid, pvlanType);
}
VMwareDVSPortgroupPolicy portGroupPolicy = null;
// Next, create the port group. For this, we need to create a VLAN spec.
createPortGroup(physicalNetwork, networkName, vlanId, vid, spvlanid, dataCenterMo, shapingPolicy, secPolicy, macManagementPolicy, portGroupPolicy, dvSwitchMo, numPorts, autoExpandSupported, dvSwitchSupportNewPolicies);
bWaitPortGroupReady = true;
}
} else if (vSwitchType == VirtualSwitchType.NexusDistributedVirtualSwitch) {
ethPortProfileName = physicalNetwork;
// and switch types.
if (ethPortProfileName == null) {
s_logger.warn("Detected null ethrenet port profile. Defaulting to epp0.");
ethPortProfileName = "epp0";
}
morEthernetPortProfile = dataCenterMo.getDvPortGroupMor(ethPortProfileName);
if (morEthernetPortProfile == null) {
String msg = "Unable to find Ethernet port profile " + ethPortProfileName;
s_logger.error(msg);
throw new Exception(msg);
} else {
s_logger.info("Found Ethernet port profile " + ethPortProfileName);
}
long averageBandwidth = 0L;
if (networkRateMbps != null && networkRateMbps.intValue() > 0) {
averageBandwidth = networkRateMbps.intValue() * 1024L * 1024L;
}
// We chose 50% higher allocation than average bandwidth.
// TODO(sateesh): Optionally let user specify the peak coefficient
long peakBandwidth = (long) (averageBandwidth * 1.5);
// TODO(sateesh): Optionally let user specify the burst coefficient
long burstSize = 5 * averageBandwidth / 8;
if (vsmCredentials != null) {
s_logger.info("Stocking credentials of Nexus VSM");
context.registerStockObject("vsmcredentials", vsmCredentials);
}
if (!dataCenterMo.hasDvPortGroup(networkName)) {
s_logger.info("Port profile " + networkName + " not found.");
createPortProfile(context, physicalNetwork, networkName, vid, networkRateMbps, peakBandwidth, burstSize, gateway, configureVServiceInNexus);
bWaitPortGroupReady = true;
} else {
s_logger.info("Port profile " + networkName + " found.");
updatePortProfile(context, physicalNetwork, networkName, vid, networkRateMbps, peakBandwidth, burstSize);
}
}
// Wait for dvPortGroup on vCenter
if (bWaitPortGroupReady)
morNetwork = waitForDvPortGroupReady(dataCenterMo, networkName, timeOutMs);
else
morNetwork = dataCenterMo.getDvPortGroupMor(networkName);
if (morNetwork == null) {
String msg = "Failed to create guest network " + networkName;
s_logger.error(msg);
throw new Exception(msg);
}
if (createGCTag) {
NetworkMO networkMo = new NetworkMO(hostMo.getContext(), morNetwork);
networkMo.setCustomFieldValue(CustomFieldConstants.CLOUD_GC_DVP, "true");
s_logger.debug("Added custom field : " + CustomFieldConstants.CLOUD_GC_DVP);
}
return new Pair<ManagedObjectReference, String>(morNetwork, networkName);
}
use of com.vmware.vim25.DVSSecurityPolicy in project cloudstack by apache.
the class HypervisorHostHelper method createDVSSecurityPolicy.
public static DVSSecurityPolicy createDVSSecurityPolicy(Map<NetworkOffering.Detail, String> nicDetails) {
DVSSecurityPolicy secPolicy = new DVSSecurityPolicy();
BoolPolicy allow = new BoolPolicy();
allow.setValue(true);
BoolPolicy deny = new BoolPolicy();
deny.setValue(false);
secPolicy.setAllowPromiscuous(deny);
secPolicy.setForgedTransmits(allow);
secPolicy.setMacChanges(allow);
if (nicDetails == null) {
nicDetails = getDefaultSecurityDetails();
}
if (nicDetails.containsKey(NetworkOffering.Detail.PromiscuousMode)) {
if (Boolean.parseBoolean(nicDetails.get(NetworkOffering.Detail.PromiscuousMode))) {
secPolicy.setAllowPromiscuous(allow);
} else {
secPolicy.setAllowPromiscuous(deny);
}
}
if (nicDetails.containsKey(NetworkOffering.Detail.ForgedTransmits)) {
if (Boolean.parseBoolean(nicDetails.get(NetworkOffering.Detail.ForgedTransmits))) {
secPolicy.setForgedTransmits(allow);
} else {
secPolicy.setForgedTransmits(deny);
}
}
if (nicDetails.containsKey(NetworkOffering.Detail.MacAddressChanges)) {
if (Boolean.parseBoolean(nicDetails.get(NetworkOffering.Detail.MacAddressChanges))) {
secPolicy.setMacChanges(allow);
} else {
secPolicy.setMacChanges(deny);
}
}
return secPolicy;
}
use of com.vmware.vim25.DVSSecurityPolicy in project cloudstack by apache.
the class HypervisorHostHelper method createPortGroup.
private static void createPortGroup(String physicalNetwork, String networkName, String vlanRange, Integer vid, Integer spvlanid, DatacenterMO dataCenterMo, DVSTrafficShapingPolicy shapingPolicy, DVSSecurityPolicy secPolicy, DVSMacManagementPolicy macManagementPolicy, VMwareDVSPortgroupPolicy portGroupPolicy, DistributedVirtualSwitchMO dvSwitchMo, int numPorts, boolean autoExpandSupported, boolean dvSwitchSupportNewPolicies) throws Exception {
VmwareDistributedVirtualSwitchVlanSpec vlanSpec = null;
VmwareDistributedVirtualSwitchPvlanSpec pvlanSpec = null;
VMwareDVSPortSetting dvsPortSetting = null;
DVPortgroupConfigSpec newDvPortGroupSpec;
// NOTE - VmwareDistributedVirtualSwitchPvlanSpec extends VmwareDistributedVirtualSwitchVlanSpec.
if (vid == null || spvlanid == null) {
vlanSpec = createDVPortVlanSpec(vid, vlanRange);
dvsPortSetting = createVmwareDVPortSettingSpec(shapingPolicy, secPolicy, macManagementPolicy, vlanSpec, dvSwitchSupportNewPolicies);
} else if (spvlanid != null) {
// Create a pvlan spec. The pvlan spec is different from the pvlan config spec
// that we created earlier. The pvlan config spec is used to configure the switch
// with a <primary vlanId, secondary vlanId> tuple. The pvlan spec is used
// to configure a port group (i.e., a network) with a secondary vlan id. We don't
// need to mention more than the secondary vlan id because one secondary vlan id
// can be associated with only one primary vlan id. Give vCenter the secondary vlan id,
// and it will find out the associated primary vlan id and do the rest of the
// port group configuration.
pvlanSpec = createDVPortPvlanIdSpec(spvlanid);
dvsPortSetting = createVmwareDVPortSettingSpec(shapingPolicy, secPolicy, macManagementPolicy, pvlanSpec, dvSwitchSupportNewPolicies);
}
newDvPortGroupSpec = createDvPortGroupSpec(networkName, dvsPortSetting, autoExpandSupported);
if (portGroupPolicy != null) {
newDvPortGroupSpec.setPolicy(portGroupPolicy);
}
if (!dataCenterMo.hasDvPortGroup(networkName)) {
s_logger.info("Distributed Virtual Port group " + networkName + " not found.");
// TODO(sateesh): Handle Exceptions
try {
newDvPortGroupSpec.setNumPorts(numPorts);
dvSwitchMo.createDVPortGroup(newDvPortGroupSpec);
} catch (Exception e) {
String msg = "Failed to create distributed virtual port group " + networkName + " on dvSwitch " + physicalNetwork;
msg += ". " + VmwareHelper.getExceptionMessage(e);
throw new Exception(msg);
}
} else {
s_logger.info("Found Distributed Virtual Port group " + networkName);
DVPortgroupConfigInfo currentDvPortgroupInfo = dataCenterMo.getDvPortGroupSpec(networkName);
if (!isSpecMatch(currentDvPortgroupInfo, newDvPortGroupSpec, dvSwitchSupportNewPolicies)) {
s_logger.info("Updating Distributed Virtual Port group " + networkName);
newDvPortGroupSpec.setDefaultPortConfig(dvsPortSetting);
newDvPortGroupSpec.setConfigVersion(currentDvPortgroupInfo.getConfigVersion());
ManagedObjectReference morDvPortGroup = dataCenterMo.getDvPortGroupMor(networkName);
try {
dvSwitchMo.updateDvPortGroup(morDvPortGroup, newDvPortGroupSpec);
} catch (Exception e) {
String msg = "Failed to update distributed virtual port group " + networkName + " on dvSwitch " + physicalNetwork;
msg += ". " + VmwareHelper.getExceptionMessage(e);
throw new Exception(msg);
}
}
}
}
Aggregations