use of com.vmware.vim25.HostNetworkSecurityPolicy in project cloudstack by apache.
the class HostMO method updatePortGroup.
public void updatePortGroup(HostVirtualSwitch vSwitch, String portGroupName, Integer vlanId, HostNetworkSecurityPolicy secPolicy, HostNetworkTrafficShapingPolicy shapingPolicy) throws Exception {
assert (portGroupName != null);
HostNetworkSystemMO hostNetMo = getHostNetworkSystemMO();
assert (hostNetMo != null);
HostPortGroupSpec spec = new HostPortGroupSpec();
spec.setName(portGroupName);
if (vlanId != null)
spec.setVlanId(vlanId.intValue());
HostNetworkPolicy policy = new HostNetworkPolicy();
if (secPolicy != null)
policy.setSecurity(secPolicy);
policy.setShapingPolicy(shapingPolicy);
spec.setPolicy(policy);
spec.setVswitchName(vSwitch.getName());
hostNetMo.updatePortGroup(portGroupName, spec);
}
use of com.vmware.vim25.HostNetworkSecurityPolicy in project cloudstack by apache.
the class HostMO method createPortGroup.
public void createPortGroup(HostVirtualSwitch vSwitch, String portGroupName, Integer vlanId, HostNetworkSecurityPolicy secPolicy, HostNetworkTrafficShapingPolicy shapingPolicy) throws Exception {
assert (portGroupName != null);
HostNetworkSystemMO hostNetMo = getHostNetworkSystemMO();
assert (hostNetMo != null);
HostPortGroupSpec spec = new HostPortGroupSpec();
spec.setName(portGroupName);
if (vlanId != null)
spec.setVlanId(vlanId.intValue());
HostNetworkPolicy policy = new HostNetworkPolicy();
if (secPolicy != null)
policy.setSecurity(secPolicy);
policy.setShapingPolicy(shapingPolicy);
spec.setPolicy(policy);
spec.setVswitchName(vSwitch.getName());
hostNetMo.addPortGroup(spec);
}
use of com.vmware.vim25.HostNetworkSecurityPolicy in project cloudstack by apache.
the class HypervisorHostHelper method createNvpPortGroup.
private static void createNvpPortGroup(HostMO hostMo, HostVirtualSwitch vSwitch, String networkName, HostNetworkTrafficShapingPolicy shapingPolicy) throws Exception {
/**
* No portgroup created yet for this nic
* We need to find an unused vlan and create the pg
* The vlan is limited to this vSwitch and the NVP vAPP,
* so no relation to the other vlans in use in CloudStack.
*/
String vSwitchName = vSwitch.getName();
// Find all vlanids that we have in use
List<Integer> usedVlans = new ArrayList<Integer>();
for (HostPortGroup pg : hostMo.getHostNetworkInfo().getPortgroup()) {
HostPortGroupSpec hpgs = pg.getSpec();
if (vSwitchName.equals(hpgs.getVswitchName()))
usedVlans.add(hpgs.getVlanId());
}
// Find the first free vlanid
int nvpVlanId = 0;
for (nvpVlanId = 1; nvpVlanId < 4095; nvpVlanId++) {
if (!usedVlans.contains(nvpVlanId)) {
break;
}
}
if (nvpVlanId == 4095) {
throw new InvalidParameterException("No free vlan numbers on " + vSwitchName + " to create a portgroup for nic " + networkName);
}
// Strict security policy
HostNetworkSecurityPolicy secPolicy = new HostNetworkSecurityPolicy();
secPolicy.setAllowPromiscuous(Boolean.FALSE);
secPolicy.setForgedTransmits(Boolean.FALSE);
secPolicy.setMacChanges(Boolean.FALSE);
// Create a portgroup with the uuid of the nic and the vlanid found above
hostMo.createPortGroup(vSwitch, networkName, nvpVlanId, secPolicy, shapingPolicy);
}
use of com.vmware.vim25.HostNetworkSecurityPolicy in project cloudstack by apache.
the class HypervisorHostHelper method prepareNetwork.
public static Pair<ManagedObjectReference, String> prepareNetwork(String vSwitchName, String namePrefix, HostMO hostMo, String vlanId, Integer networkRateMbps, Integer networkRateMulticastMbps, long timeOutMs, boolean syncPeerHosts, BroadcastDomainType broadcastDomainType, String nicUuid) throws Exception {
HostVirtualSwitch vSwitch;
if (vSwitchName == null) {
s_logger.info("Detected vswitch name as undefined. Defaulting to vSwitch0");
vSwitchName = "vSwitch0";
}
vSwitch = hostMo.getHostVirtualSwitchByName(vSwitchName);
if (vSwitch == null) {
String msg = "Unable to find vSwitch" + vSwitchName;
s_logger.error(msg);
throw new Exception(msg);
}
boolean createGCTag = false;
String networkName;
Integer vid = null;
/** This is the list of BroadcastDomainTypes we can actually
* prepare networks for in this function.
*/
BroadcastDomainType[] supportedBroadcastTypes = new BroadcastDomainType[] { BroadcastDomainType.Lswitch, BroadcastDomainType.LinkLocal, BroadcastDomainType.Native, BroadcastDomainType.Pvlan, BroadcastDomainType.Storage, BroadcastDomainType.UnDecided, BroadcastDomainType.Vlan, BroadcastDomainType.Vsp };
if (!Arrays.asList(supportedBroadcastTypes).contains(broadcastDomainType)) {
throw new InvalidParameterException("BroadcastDomainType " + broadcastDomainType + " it not supported on a VMWare hypervisor at this time.");
}
if (broadcastDomainType == BroadcastDomainType.Lswitch) {
/**
* Nicira NVP requires each vm to have its own port-group with a dedicated
* vlan. We'll set the name of the pg to the uuid of the nic.
*/
networkName = nicUuid;
// No doubt about this, depending on vid=null to avoid lots of code below
vid = null;
} else {
networkName = composeCloudNetworkName(namePrefix, vlanId, null, networkRateMbps, vSwitchName);
if (vlanId != null && !UNTAGGED_VLAN_NAME.equalsIgnoreCase(vlanId)) {
createGCTag = true;
vid = Integer.parseInt(vlanId);
}
}
HostNetworkSecurityPolicy secPolicy = null;
if (namePrefix.equalsIgnoreCase("cloud.private")) {
secPolicy = new HostNetworkSecurityPolicy();
secPolicy.setAllowPromiscuous(Boolean.TRUE);
secPolicy.setForgedTransmits(Boolean.TRUE);
secPolicy.setMacChanges(Boolean.TRUE);
}
HostNetworkTrafficShapingPolicy shapingPolicy = null;
if (networkRateMbps != null && networkRateMbps.intValue() > 0) {
shapingPolicy = new HostNetworkTrafficShapingPolicy();
shapingPolicy.setEnabled(true);
shapingPolicy.setAverageBandwidth(networkRateMbps.intValue() * 1024L * 1024L);
//
// TODO : people may have different opinion on how to set the following
//
// give 50% premium to peek
shapingPolicy.setPeakBandwidth((long) (shapingPolicy.getAverageBandwidth() * 1.5));
// allow 5 seconds of burst transfer
shapingPolicy.setBurstSize(5 * shapingPolicy.getAverageBandwidth() / 8);
}
boolean bWaitPortGroupReady = false;
if (broadcastDomainType == BroadcastDomainType.Lswitch) {
//if NSX API VERSION >= 4.2, connect to br-int (nsx.network), do not create portgroup else previous behaviour
if (NiciraNvpApiVersion.isApiVersionLowerThan("4.2")) {
//Previous behaviour
if (!hostMo.hasPortGroup(vSwitch, networkName)) {
createNvpPortGroup(hostMo, vSwitch, networkName, shapingPolicy);
bWaitPortGroupReady = true;
} else {
bWaitPortGroupReady = false;
}
}
} else {
if (!hostMo.hasPortGroup(vSwitch, networkName)) {
hostMo.createPortGroup(vSwitch, networkName, vid, secPolicy, shapingPolicy, timeOutMs);
// Setting flag "bWaitPortGroupReady" to false.
// This flag indicates whether we need to wait for portgroup on vCenter.
// Above createPortGroup() method itself ensures creation of portgroup as well as wait for portgroup.
bWaitPortGroupReady = false;
} else {
HostPortGroupSpec spec = hostMo.getPortGroupSpec(networkName);
if (!isSpecMatch(spec, vid, shapingPolicy)) {
hostMo.updatePortGroup(vSwitch, networkName, vid, secPolicy, shapingPolicy);
bWaitPortGroupReady = true;
}
}
}
ManagedObjectReference morNetwork = null;
if (broadcastDomainType != BroadcastDomainType.Lswitch || (broadcastDomainType == BroadcastDomainType.Lswitch && NiciraNvpApiVersion.isApiVersionLowerThan("4.2"))) {
if (bWaitPortGroupReady)
morNetwork = waitForNetworkReady(hostMo, networkName, timeOutMs);
else
morNetwork = hostMo.getNetworkMor(networkName);
if (morNetwork == null) {
String msg = "Failed to create guest network " + networkName;
s_logger.error(msg);
throw new Exception(msg);
}
if (createGCTag) {
NetworkMO networkMo = new NetworkMO(hostMo.getContext(), morNetwork);
networkMo.setCustomFieldValue(CustomFieldConstants.CLOUD_GC, "true");
}
}
if (syncPeerHosts) {
ManagedObjectReference morParent = hostMo.getParentMor();
if (morParent != null && morParent.getType().equals("ClusterComputeResource")) {
// to be conservative, lock cluster
GlobalLock lock = GlobalLock.getInternLock("ClusterLock." + morParent.getValue());
try {
if (lock.lock(DEFAULT_LOCK_TIMEOUT_SECONDS)) {
try {
List<ManagedObjectReference> hosts = hostMo.getContext().getVimClient().getDynamicProperty(morParent, "host");
if (hosts != null) {
for (ManagedObjectReference otherHost : hosts) {
if (!otherHost.getValue().equals(hostMo.getMor().getValue())) {
HostMO otherHostMo = new HostMO(hostMo.getContext(), otherHost);
try {
if (s_logger.isDebugEnabled())
s_logger.debug("Prepare network on other host, vlan: " + vlanId + ", host: " + otherHostMo.getHostName());
prepareNetwork(vSwitchName, namePrefix, otherHostMo, vlanId, networkRateMbps, networkRateMulticastMbps, timeOutMs, false, broadcastDomainType, nicUuid);
} catch (Exception e) {
s_logger.warn("Unable to prepare network on other host, vlan: " + vlanId + ", host: " + otherHostMo.getHostName());
}
}
}
}
} finally {
lock.unlock();
}
} else {
s_logger.warn("Unable to lock cluster to prepare guest network, vlan: " + vlanId);
}
} finally {
lock.releaseRef();
}
}
}
s_logger.info("Network " + networkName + " is ready on vSwitch " + vSwitchName);
return new Pair<ManagedObjectReference, String>(morNetwork, networkName);
}
Aggregations