VPC: apply firewall ACLs as a part of VPC router start/restart and VPC network
implement
Conflicts:
server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit:
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/1b1e52dd
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/1b1e52dd
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/1b1e52dd
Branch: refs/heads/vpc
Commit: 1b1e52ddb0f2c98a59a6c8d5d73523908d442e96
Parents: 8879706
Author: Alena Prokharchyk <[email protected]>
Authored: Thu Jun 21 14:58:28 2012 -0700
Committer: Alena Prokharchyk <[email protected]>
Committed: Mon Jun 25 20:47:29 2012 -0700
----------------------------------------------------------------------
.../cloud/network/firewall/NetworkACLService.java | 2 +
.../src/com/cloud/network/NetworkManagerImpl.java | 14 +-
.../network/firewall/NetworkACLManagerImpl.java | 6 +
.../router/VirtualNetworkApplianceManagerImpl.java | 46 ++--
.../VpcVirtualNetworkApplianceManagerImpl.java | 274 ++++++++-------
server/src/com/cloud/vm/VirtualMachineManager.java | 8 +
.../com/cloud/vm/VirtualMachineManagerImpl.java | 10 +-
7 files changed, 206 insertions(+), 154 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b1e52dd/api/src/com/cloud/network/firewall/NetworkACLService.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/network/firewall/NetworkACLService.java
b/api/src/com/cloud/network/firewall/NetworkACLService.java
index 7397793..f7b0f9d 100644
--- a/api/src/com/cloud/network/firewall/NetworkACLService.java
+++ b/api/src/com/cloud/network/firewall/NetworkACLService.java
@@ -43,4 +43,6 @@ public interface NetworkACLService {
* @return
*/
List<? extends NetworkACL> listNetworkACLs(ListNetworkACLsCmd cmd);
+
+ List<? extends NetworkACL> listNetworkACLs(long guestNtwkId);
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b1e52dd/server/src/com/cloud/network/NetworkManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java
b/server/src/com/cloud/network/NetworkManagerImpl.java
index ed94884..e89d9e8 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -134,6 +134,7 @@ import com.cloud.network.element.StaticNatServiceProvider;
import com.cloud.network.element.UserDataServiceProvider;
import com.cloud.network.element.VirtualRouterElement;
import com.cloud.network.element.VpcVirtualRouterElement;
+import com.cloud.network.firewall.NetworkACLService;
import com.cloud.network.guru.NetworkGuru;
import com.cloud.network.lb.LoadBalancingRule;
import com.cloud.network.lb.LoadBalancingRule.LbDestination;
@@ -307,6 +308,8 @@ public class NetworkManagerImpl implements NetworkManager,
NetworkService, Manag
VpcManager _vpcMgr;
@Inject
PrivateIpDao _privateIpDao;
+ @Inject
+ NetworkACLService _networkACLMgr;
private final HashMap<String, NetworkOfferingVO> _systemNetworks = new
HashMap<String, NetworkOfferingVO>(5);
@@ -3924,6 +3927,13 @@ public class NetworkManagerImpl implements
NetworkManager, NetworkService, Manag
}
}
}
+
+ //apply network ACLs
+ if (!_networkACLMgr.applyNetworkACLs(networkId, caller)) {
+ s_logger.warn("Failed to reapply network ACLs as a part of of
network id=" + networkId + " restart");
+ success = false;
+ }
+
return success;
}
@@ -4000,11 +4010,11 @@ public class NetworkManagerImpl implements
NetworkManager, NetworkService, Manag
}
// FIXME - in post 3.0 we are going to support multiple providers for
the same service per network offering, so
-// we have to calculate capabilities for all of them
+ // we have to calculate capabilities for all of them
String provider = providers.get(0);
// FIXME we return the capabilities of the first provider of the
service - what if we have multiple providers
-// for same Service?
+ // for same Service?
NetworkElement element = getElementImplementingProvider(provider);
if (element != null) {
Map<Service, Map<Capability, String>> elementCapabilities =
element.getCapabilities();
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b1e52dd/server/src/com/cloud/network/firewall/NetworkACLManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/firewall/NetworkACLManagerImpl.java
b/server/src/com/cloud/network/firewall/NetworkACLManagerImpl.java
index 235d2a6..50613f6 100644
--- a/server/src/com/cloud/network/firewall/NetworkACLManagerImpl.java
+++ b/server/src/com/cloud/network/firewall/NetworkACLManagerImpl.java
@@ -361,5 +361,11 @@ public class NetworkACLManagerImpl implements
Manager,NetworkACLService{
return _firewallDao.search(sc, filter);
}
+
+
+ @Override
+ public List<? extends NetworkACL> listNetworkACLs(long guestNtwkId) {
+ return _firewallDao.listByNetworkAndPurpose(guestNtwkId,
Purpose.NetworkACL);
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b1e52dd/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
----------------------------------------------------------------------
diff --git
a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index c3d32ca..d7780fd 100755
---
a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++
b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -1925,19 +1925,19 @@ public class VirtualNetworkApplianceManagerImpl
implements VirtualNetworkApplian
List<PublicIp> allPublicIps = new ArrayList<PublicIp>();
if (userIps != null && !userIps.isEmpty()) {
for (IPAddressVO userIp : userIps) {
- PublicIp publicIp = new PublicIp(userIp,
_vlanDao.findById(userIp.getVlanId()),
-
NetUtils.createSequenceBasedMacAddress(userIp.getMacAddress()));
- allPublicIps.add(publicIp);
+ PublicIp publicIp = new PublicIp(userIp,
_vlanDao.findById(userIp.getVlanId()),
+
NetUtils.createSequenceBasedMacAddress(userIp.getMacAddress()));
+ allPublicIps.add(publicIp);
}
}
-
+
//Get public Ips that should be handled by router
Network network = _networkDao.findById(guestNetworkId);
Map<PublicIp, Set<Service>> ipToServices =
_networkMgr.getIpToServices(allPublicIps, false, false);
Map<Provider, ArrayList<PublicIp>> providerToIpList =
_networkMgr.getProviderToIpList(network, ipToServices);
// Only cover virtual router for now, if ELB use it this need
to be modified
ArrayList<PublicIp> publicIps =
providerToIpList.get(Provider.VirtualRouter);
-
+
s_logger.debug("Found " + publicIps.size() + " ip(s) to apply
as a part of domR " + router + " start.");
if (!publicIps.isEmpty()) {
@@ -1953,27 +1953,26 @@ public class VirtualNetworkApplianceManagerImpl
implements VirtualNetworkApplian
createAssociateIPCommands(router, publicIps, cmds, 0);
}
- //Get information about all the rules (StaticNats and
StaticNatRules; PFVPN to reapply on domR start)
- for (PublicIp ip : publicIps) {
- if
(_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId,
Service.PortForwarding, provider)) {
-
pfRules.addAll(_pfRulesDao.listForApplication(ip.getId()));
- }
- if
(_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId,
Service.StaticNat, provider)) {
-
staticNatFirewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(),
Purpose.StaticNat));
- }
- if
(_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId,
Service.Firewall, provider)) {
-
firewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(),
Purpose.Firewall));
- }
+ //Get information about all the rules (StaticNats and
StaticNatRules; PFVPN to reapply on domR start)
+ for (PublicIp ip : publicIps) {
+ if
(_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId,
Service.PortForwarding, provider)) {
+
pfRules.addAll(_pfRulesDao.listForApplication(ip.getId()));
+ }
+ if
(_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId,
Service.StaticNat, provider)) {
+
staticNatFirewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(),
Purpose.StaticNat));
+ }
+ if
(_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId,
Service.Firewall, provider)) {
+
firewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(),
Purpose.Firewall));
+ }
- if
(_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Vpn,
provider)) {
- RemoteAccessVpn vpn = _vpnDao.findById(ip.getId());
- if (vpn != null) {
- vpns.add(vpn);
- }
+ if
(_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId, Service.Vpn,
provider)) {
+ RemoteAccessVpn vpn = _vpnDao.findById(ip.getId());
+ if (vpn != null) {
+ vpns.add(vpn);
}
- if
(_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId,
Service.StaticNat, provider)) {
- if (ip.isOneToOneNat()) {
+ if
(_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId,
Service.StaticNat, provider)) {
+ if (ip.isOneToOneNat()) {
String dstIp =
_networkMgr.getIpInNetwork(ip.getAssociatedWithVmId(), guestNetworkId);
StaticNatImpl staticNat = new
StaticNatImpl(ip.getAccountId(), ip.getDomainId(), guestNetworkId, ip.getId(),
dstIp, false);
staticNats.add(staticNat);
@@ -2035,6 +2034,7 @@ public class VirtualNetworkApplianceManagerImpl
implements VirtualNetworkApplian
}
}
+ }
}
if (_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId,
Service.Dhcp, provider)) {
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b1e52dd/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
----------------------------------------------------------------------
diff --git
a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
index 2dbe053..4bb5c18 100644
---
a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
+++
b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
@@ -48,7 +48,6 @@ import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientAddressCapacityException;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.InsufficientServerCapacityException;
-import com.cloud.exception.InsufficientVirtualNetworkCapcityException;
import com.cloud.exception.OperationTimedoutException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.exception.StorageUnavailableException;
@@ -69,7 +68,7 @@ import
com.cloud.network.VirtualRouterProvider.VirtualRouterProviderType;
import com.cloud.network.VpcVirtualNetworkApplianceService;
import com.cloud.network.addr.PublicIp;
import com.cloud.network.dao.PhysicalNetworkDao;
-import com.cloud.network.router.VirtualRouter.Role;
+import com.cloud.network.firewall.NetworkACLService;
import com.cloud.network.rules.NetworkACL;
import com.cloud.network.vpc.Vpc;
import com.cloud.network.vpc.Dao.VpcDao;
@@ -84,8 +83,10 @@ import com.cloud.vm.DomainRouterVO;
import com.cloud.vm.Nic;
import com.cloud.vm.NicProfile;
import com.cloud.vm.ReservationContext;
+import com.cloud.vm.VirtualMachine;
import com.cloud.vm.VirtualMachineProfile;
import com.cloud.vm.VirtualMachineProfile.Param;
+import com.cloud.vm.dao.VMInstanceDao;
/**
* @author Alena Prokharchyk
@@ -103,6 +104,10 @@ public class VpcVirtualNetworkApplianceManagerImpl extends
VirtualNetworkApplian
PhysicalNetworkDao _pNtwkDao = null;
@Inject
NetworkService _ntwkService = null;
+ @Inject
+ NetworkACLService _networkACLService = null;
+ @Inject
+ VMInstanceDao _vmDao;
@Override
public List<DomainRouterVO> deployVirtualRouterInVpc(Vpc vpc,
DeployDestination dest, Account owner,
@@ -180,21 +185,11 @@ public class VpcVirtualNetworkApplianceManagerImpl
extends VirtualNetworkApplian
return new Pair<DeploymentPlan, List<DomainRouterVO>>(plan, routers);
}
+
@Override
public boolean addVpcRouterToGuestNetwork(VirtualRouter router, Network
network, boolean isRedundant)
throws ConcurrentOperationException, ResourceUnavailableException,
InsufficientCapacityException {
- boolean dnsProvided =
_networkMgr.isProviderSupportServiceInNetwork(network.getId(), Service.Dns,
Provider.VPCVirtualRouter);
- boolean dhcpProvided =
_networkMgr.isProviderSupportServiceInNetwork(network.getId(), Service.Dhcp,
- Provider.VPCVirtualRouter);
-
- boolean setupDns = dnsProvided || dhcpProvided;
-
- return addVpcRouterToGuestNetwork(router, network, isRedundant,
setupDns);
- }
-
- protected boolean addVpcRouterToGuestNetwork(VirtualRouter router, Network
network, boolean isRedundant, boolean setupDns)
- throws ConcurrentOperationException, ResourceUnavailableException,
InsufficientCapacityException {
if (network.getTrafficType() != TrafficType.Guest) {
s_logger.warn("Network " + network + " is not of type " +
TrafficType.Guest);
@@ -212,7 +207,7 @@ public class VpcVirtualNetworkApplianceManagerImpl extends
VirtualNetworkApplian
NicProfile guestNic = _itMgr.addVmToNetwork(router, network, null);
//setup guest network
if (guestNic != null) {
- result = setupVpcGuestNetwork(network, router, true,
isRedundant, guestNic, setupDns);
+ result = setupVpcGuestNetwork(network, router, true, guestNic);
} else {
s_logger.warn("Failed to add router " + router + " to guest
network " + network);
result = false;
@@ -248,7 +243,7 @@ public class VpcVirtualNetworkApplianceManagerImpl extends
VirtualNetworkApplian
return true;
}
- boolean result = setupVpcGuestNetwork(network, router, false,
isRedundant, _networkMgr.getNicProfile(router, network.getId()), false);
+ boolean result = setupVpcGuestNetwork(network, router, false,
_networkMgr.getNicProfile(router, network.getId()));
if (!result) {
s_logger.warn("Failed to destroy guest network config " + network
+ " on router " + router);
return false;
@@ -351,7 +346,7 @@ public class VpcVirtualNetworkApplianceManagerImpl extends
VirtualNetworkApplian
List<PublicIp> publicIps = new ArrayList<PublicIp>(1);
publicIps.add(ipAddress);
Commands cmds = new Commands(OnError.Stop);
- createVpcAssociateIPCommands(router, publicIps, cmds, 0);
+ createVpcAssociateIPCommands(router, publicIps, cmds);
if (sendCommandsToRouter(router, cmds)) {
s_logger.debug("Successfully applied ip association for ip " +
ipAddress + " in vpc network " + network);
@@ -362,64 +357,6 @@ public class VpcVirtualNetworkApplianceManagerImpl extends
VirtualNetworkApplian
}
}
-
- @Override
- public boolean finalizeStart(VirtualMachineProfile<DomainRouterVO>
profile, long hostId, Commands cmds,
- ReservationContext context) {
-
- if (!super.finalizeStart(profile, hostId, cmds, context)) {
- return false;
- } else if (profile.getVirtualMachine().getVpcId() == null) {
- return true;
- }
-
- DomainRouterVO router = profile.getVirtualMachine();
-
- //Get guest nic info
- Map<Nic, Network> guestNics = new HashMap<Nic, Network>();
- Map<Nic, Network> publicNics = new HashMap<Nic, Network>();
-
- List<? extends Nic> routerNics = _nicDao.listByVmId(profile.getId());
- for (Nic routerNic : routerNics) {
- Network network = _networkMgr.getNetwork(routerNic.getNetworkId());
- if (network.getTrafficType() == TrafficType.Guest) {
- guestNics.put(routerNic, network);
- } else if (network.getTrafficType() == TrafficType.Public) {
- publicNics.put(routerNic, network);
- }
- }
-
- try {
- //add VPC router to public and guest networks
- for (Nic publicNic : publicNics.keySet()) {
- Network publicNtwk = publicNics.get(publicNic);
- IPAddressVO userIp =
_ipAddressDao.findByIpAndSourceNetworkId(publicNtwk.getId(),
- publicNic.getIp4Address());
- PublicIp publicIp = new PublicIp(userIp,
_vlanDao.findById(userIp.getVlanId()),
-
NetUtils.createSequenceBasedMacAddress(userIp.getMacAddress()));
- if (!addPublicIpToVpc(router, publicNtwk, publicIp)) {
- s_logger.warn("Failed to add router router " + router + "
to public network " + publicNtwk);
- return false;
- }
- }
-
- for (Nic guestNic : guestNics.keySet()) {
- Network guestNtwk = guestNics.get(guestNic);
- boolean setupDns = _networkMgr.setupDns(guestNtwk,
Provider.VPCVirtualRouter);
-
- if (!addVpcRouterToGuestNetwork(router, guestNtwk, false,
setupDns)) {
- s_logger.warn("Failed to add router router " + router + "
to guest network " + guestNtwk);
- return false;
- }
- }
- } catch (Exception ex) {
- s_logger.warn("Failed to add router " + router + " to network due
to exception ", ex);
- return false;
- }
-
- return true;
- }
-
protected DomainRouterVO deployVpcRouter(Account owner, DeployDestination
dest, DeploymentPlan plan, Map<Param, Object> params,
boolean isRedundant, VirtualRouterProvider vrProvider, long
svcOffId,
Long vpcId, PublicIp sourceNatIp) throws
ConcurrentOperationException,
@@ -497,44 +434,55 @@ public class VpcVirtualNetworkApplianceManagerImpl
extends VirtualNetworkApplian
return result;
}
- protected boolean setupVpcGuestNetwork(Network network, VirtualRouter
router, boolean add, boolean isRedundant,
- NicProfile guestNic, boolean setupDns)
+ protected boolean setupVpcGuestNetwork(Network network, VirtualRouter
router, boolean add, NicProfile guestNic)
throws ConcurrentOperationException, ResourceUnavailableException{
-
- String networkDomain = network.getNetworkDomain();
- String dhcpRange = getGuestDhcpRange(guestNic, network,
_configMgr.getZone(network.getDataCenterId()));
-
+
boolean result = true;
- Nic nic = _nicDao.findByInstanceIdAndNetworkId(network.getId(),
router.getId());
- long guestVlanTag = Long.parseLong(nic.getBroadcastUri().getHost());
+ SetupGuestNetworkCommand setupCmd =
createSetupGuestNetworkCommand(router, add, guestNic);
+
+ Commands cmds = new Commands(OnError.Stop);
+ cmds.addCommand("setupguestnetwork", setupCmd);
+ sendCommandsToRouter(router, cmds);
- String brd =
NetUtils.long2Ip(NetUtils.ip2Long(guestNic.getIp4Address()) |
~NetUtils.ip2Long(guestNic.getNetmask()));
- Integer priority = null;
- if (isRedundant) {
- List<DomainRouterVO> routers =
_routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER);
- try {
- getUpdatedPriority(network, routers,
_routerDao.findById(router.getId()));
- } catch (InsufficientVirtualNetworkCapcityException e) {
- s_logger.error("Failed to get update priority!", e);
- throw new CloudRuntimeException("Failed to get update
priority!");
- }
- }
+ SetupGuestNetworkAnswer setupAnswer =
cmds.getAnswer(SetupGuestNetworkAnswer.class);
+ String setup = add ? "set" : "destroy";
+ if (!(setupAnswer != null && setupAnswer.getResult())) {
+ s_logger.warn("Unable to " + setup + " guest network on router " +
router);
+ result = false;
+ }
+
+ return result;
+ }
+
+ protected SetupGuestNetworkCommand
createSetupGuestNetworkCommand(VirtualRouter router, boolean add, NicProfile
guestNic) {
+ Network network = _networkMgr.getNetwork(guestNic.getNetworkId());
String defaultDns1 = null;
String defaultDns2 = null;
+ boolean dnsProvided =
_networkMgr.isProviderSupportServiceInNetwork(network.getId(), Service.Dns,
Provider.VPCVirtualRouter);
+ boolean dhcpProvided =
_networkMgr.isProviderSupportServiceInNetwork(network.getId(), Service.Dhcp,
+ Provider.VPCVirtualRouter);
+
+ boolean setupDns = dnsProvided || dhcpProvided;
+
if (setupDns) {
defaultDns1 = guestNic.getDns1();
defaultDns2 = guestNic.getDns2();
}
- NicProfile nicProfile = new NicProfile(nic, network,
nic.getBroadcastUri(), nic.getIsolationUri(),
- _networkMgr.getNetworkRate(network.getId(), router.getId()),
- _networkMgr.isSecurityGroupSupportedInNetwork(network),
_networkMgr.getNetworkTag(router.getHypervisorType(), network));
+ Nic nic = _nicDao.findByInstanceIdAndNetworkId(network.getId(),
router.getId());
+ String networkDomain = network.getNetworkDomain();
+ String dhcpRange = getGuestDhcpRange(guestNic, network,
_configMgr.getZone(network.getDataCenterId()));
+
+ VirtualMachine vm = _vmDao.findById(router.getId());
+ NicProfile nicProfile = _networkMgr.getNicProfile(router,
nic.getNetworkId());
- SetupGuestNetworkCommand setupCmd = new
SetupGuestNetworkCommand(dhcpRange, networkDomain, isRedundant, priority,
+ SetupGuestNetworkCommand setupCmd = new
SetupGuestNetworkCommand(dhcpRange, networkDomain, false, null,
defaultDns1, defaultDns2, add, _itMgr.toNicTO(nicProfile,
router.getHypervisorType()));
+ long guestVlanTag =
Long.parseLong(network.getBroadcastUri().getHost());
+ String brd =
NetUtils.long2Ip(NetUtils.ip2Long(guestNic.getIp4Address()) |
~NetUtils.ip2Long(guestNic.getNetmask()));
setupCmd.setAccessDetail(NetworkElementCommand.ROUTER_IP,
getRouterControlIp(router.getId()));
setupCmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP,
getRouterIpInNetwork(network.getId(), router.getId()));
setupCmd.setAccessDetail(NetworkElementCommand.GUEST_VLAN_TAG,
String.valueOf(guestVlanTag));
@@ -542,22 +490,11 @@ public class VpcVirtualNetworkApplianceManagerImpl
extends VirtualNetworkApplian
setupCmd.setAccessDetail(NetworkElementCommand.GUEST_BRIDGE, brd);
setupCmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME,
router.getInstanceName());
- Commands cmds = new Commands(OnError.Stop);
- cmds.addCommand("setupguestnetwork", setupCmd);
- sendCommandsToRouter(router, cmds);
-
- SetupGuestNetworkAnswer setupAnswer =
cmds.getAnswer(SetupGuestNetworkAnswer.class);
- String setup = add ? "set" : "destroy";
- if (!(setupAnswer != null && setupAnswer.getResult())) {
- s_logger.warn("Unable to " + setup + " guest network on router " +
router);
- result = false;
- }
-
- return result;
+ return setupCmd;
}
private void createVpcAssociateIPCommands(final VirtualRouter router,
final List<? extends PublicIpAddress> ips,
- Commands cmds, long vmId) {
+ Commands cmds) {
Pair<IpAddressTO, Long> sourceNatIpAdd = null;
Boolean addSourceNat = null;
@@ -615,16 +552,7 @@ public class VpcVirtualNetworkApplianceManagerImpl extends
VirtualNetworkApplian
//set source nat ip
if (sourceNatIpAdd != null) {
IpAddressTO sourceNatIp = sourceNatIpAdd.first();
- Long publicNetworkId = sourceNatIpAdd.second();
-
- Network guestNetwork = _networkMgr.getNetwork(publicNetworkId);
- Nic nic =
_nicDao.findByInstanceIdAndNetworkId(guestNetwork.getId(), router.getId());
- NicProfile nicProfile = new NicProfile(nic, guestNetwork,
nic.getBroadcastUri(), nic.getIsolationUri(),
- _networkMgr.getNetworkRate(guestNetwork.getId(),
router.getId()),
-
_networkMgr.isSecurityGroupSupportedInNetwork(guestNetwork),
- _networkMgr.getNetworkTag(router.getHypervisorType(),
guestNetwork));
-
- SetSourceNatCommand cmd = new SetSourceNatCommand(sourceNatIp,
addSourceNat, _itMgr.toNicTO(nicProfile, router.getHypervisorType()));
+ SetSourceNatCommand cmd = new SetSourceNatCommand(sourceNatIp,
addSourceNat, null);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP,
getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME,
router.getInstanceName());
DataCenterVO dcVo =
_dcDao.findById(router.getDataCenterIdToDeployIn());
@@ -632,6 +560,13 @@ public class VpcVirtualNetworkApplianceManagerImpl extends
VirtualNetworkApplian
cmds.addCommand("SetSourceNatCommand", cmd);
}
}
+
+ protected NicTO getNicTO(final VirtualRouter router, Long guestNetworkId) {
+ VirtualMachine vm = _vmDao.findById(router.getId());
+ NicProfile nicProfile = _networkMgr.getNicProfile(router,
guestNetworkId);
+
+ return _itMgr.toNicTO(nicProfile, router.getHypervisorType());
+ }
@Override
public boolean associateIP(Network network, final List<? extends
PublicIpAddress> ipAddress, List<? extends VirtualRouter> routers)
@@ -688,7 +623,7 @@ public class VpcVirtualNetworkApplianceManagerImpl extends
VirtualNetworkApplian
@Override
public boolean execute(Network network, VirtualRouter router)
throws ResourceUnavailableException {
Commands cmds = new Commands(OnError.Continue);
- createVpcAssociateIPCommands(router, ipAddress, cmds, 0);
+ createVpcAssociateIPCommands(router, ipAddress, cmds);
return sendCommandsToRouter(router, cmds);
}
});
@@ -755,13 +690,8 @@ public class VpcVirtualNetworkApplianceManagerImpl extends
VirtualNetworkApplian
}
}
- Network network = _networkMgr.getNetwork(guestNetworkId);
- Nic nic = _nicDao.findByInstanceIdAndNetworkId(network.getId(),
router.getId());
- NicProfile nicProfile = new NicProfile(nic, network,
nic.getBroadcastUri(), nic.getIsolationUri(),
- _networkMgr.getNetworkRate(network.getId(), router.getId()),
- _networkMgr.isSecurityGroupSupportedInNetwork(network),
_networkMgr.getNetworkTag(router.getHypervisorType(), network));
- SetNetworkACLCommand cmd = new SetNetworkACLCommand(rulesTO,
_itMgr.toNicTO(nicProfile, router.getHypervisorType()));
+ SetNetworkACLCommand cmd = new SetNetworkACLCommand(rulesTO,
getNicTO(router, guestNetworkId));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP,
getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP,
getRouterIpInNetwork(guestNetworkId, router.getId()));
cmd.setAccessDetail(NetworkElementCommand.GUEST_VLAN_TAG, guestVlan);
@@ -770,4 +700,94 @@ public class VpcVirtualNetworkApplianceManagerImpl extends
VirtualNetworkApplian
cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE,
dcVo.getNetworkType().toString());
cmds.addCommand(cmd);
}
+
+ @Override
+ public boolean finalizeCommandsOnStart(Commands cmds,
VirtualMachineProfile<DomainRouterVO> profile) {
+ DomainRouterVO router = profile.getVirtualMachine();
+
+ boolean isVpc = (router.getVpcId() != null);
+ boolean result = super.finalizeCommandsOnStart(cmds, profile);
+
+ if (!isVpc) {
+ return result;
+ }
+
+ //Get guest nic info
+ Map<Nic, Network> guestNics = new HashMap<Nic, Network>();
+ Map<Nic, Network> publicNics = new HashMap<Nic, Network>();
+
+ List<? extends Nic> routerNics = _nicDao.listByVmId(profile.getId());
+ for (Nic routerNic : routerNics) {
+ Network network = _networkMgr.getNetwork(routerNic.getNetworkId());
+ if (network.getTrafficType() == TrafficType.Guest) {
+ guestNics.put(routerNic, network);
+ } else if (network.getTrafficType() == TrafficType.Public) {
+ publicNics.put(routerNic, network);
+ }
+ }
+
+ List<PublicIp> publicIps = new ArrayList<PublicIp>(1);
+ try {
+ //add VPC router to public networks
+ for (Nic publicNic : publicNics.keySet()) {
+ Network publicNtwk = publicNics.get(publicNic);
+ IPAddressVO userIp =
_ipAddressDao.findByIpAndSourceNetworkId(publicNtwk.getId(),
+ publicNic.getIp4Address());
+ PublicIp publicIp = new PublicIp(userIp,
_vlanDao.findById(userIp.getVlanId()),
+
NetUtils.createSequenceBasedMacAddress(userIp.getMacAddress()));
+
+
+ if (publicIp.isSourceNat()) {
+ publicIps.add(publicIp);
+ }
+
+ PlugNicCommand plugNicCmd = new
PlugNicCommand(_itMgr.toVmTO(profile), getNicTO(router,
publicNic.getNetworkId()));
+ cmds.addCommand(plugNicCmd);
+ }
+
+ //if ip is source nat, create source nat command
+ if (!publicIps.isEmpty()) {
+ createVpcAssociateIPCommands(router, publicIps, cmds);
+ }
+
+ for (Nic guestNic : guestNics.keySet()) {
+ //plug guest nic
+ PlugNicCommand plugNicCmd = new
PlugNicCommand(_itMgr.toVmTO(profile), getNicTO(router,
guestNic.getNetworkId()));
+ cmds.addCommand(plugNicCmd);
+
+ //and set guest network
+ VirtualMachine vm = _vmDao.findById(router.getId());
+ NicProfile nicProfile = _networkMgr.getNicProfile(vm,
guestNic.getNetworkId());
+ SetupGuestNetworkCommand setupCmd =
createSetupGuestNetworkCommand(router, true, nicProfile);
+ cmds.addCommand(setupCmd);
+
+ }
+ } catch (Exception ex) {
+ s_logger.warn("Failed to add router " + router + " to network due
to exception ", ex);
+ return false;
+ }
+
+ boolean reprogramGuestNtwks = true;
+ if (profile.getParameter(Param.ReProgramGuestNetworks) != null &&
(Boolean) profile.getParameter(Param.ReProgramGuestNetworks) == false) {
+ reprogramGuestNtwks = false;
+ }
+
+ //get network ACLs for the router
+ List<Long> routerGuestNtwkIds =
_routerDao.getRouterNetworks(router.getId());
+ if (reprogramGuestNtwks) {
+ for (Long guestNetworkId : routerGuestNtwkIds) {
+ s_logger.debug("Resending network ACLs as a part of VPC
Virtual router start");
+
+ if
(_networkMgr.isProviderSupportServiceInNetwork(guestNetworkId,
Service.Firewall, Provider.VPCVirtualRouter)) {
+ List<? extends NetworkACL> networkACLs =
_networkACLService.listNetworkACLs(guestNetworkId);
+ s_logger.debug("Found " + networkACLs.size() + " network
ACLs to apply as a part of VPC VR " + router + " start.");
+ if (!networkACLs.isEmpty()) {
+
createNetworkACLsCommands((List<NetworkACL>)networkACLs, router, cmds,
guestNetworkId);
+ }
+ }
+ }
+ }
+
+ return result;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b1e52dd/server/src/com/cloud/vm/VirtualMachineManager.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/vm/VirtualMachineManager.java
b/server/src/com/cloud/vm/VirtualMachineManager.java
index 56dc483..1f2b4b5 100644
--- a/server/src/com/cloud/vm/VirtualMachineManager.java
+++ b/server/src/com/cloud/vm/VirtualMachineManager.java
@@ -17,6 +17,7 @@ import java.util.List;
import java.util.Map;
import com.cloud.agent.api.to.NicTO;
+import com.cloud.agent.api.to.VirtualMachineTO;
import com.cloud.deploy.DeployDestination;
import com.cloud.deploy.DeploymentPlan;
import com.cloud.exception.AgentUnavailableException;
@@ -164,4 +165,11 @@ public interface VirtualMachineManager extends Manager {
*/
NicTO toNicTO(NicProfile nic, HypervisorType hypervisorType);
+ /**
+ * @param profile
+ * @param hvGuru
+ * @return
+ */
+ VirtualMachineTO toVmTO(VirtualMachineProfile<? extends VMInstanceVO>
profile);
+
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1b1e52dd/server/src/com/cloud/vm/VirtualMachineManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java
b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java
index 06699ae..af066ab 100755
--- a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java
+++ b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java
@@ -1304,9 +1304,8 @@ public class VirtualMachineManagerImpl implements
VirtualMachineManager, Listene
VirtualMachineProfile<VMInstanceVO> profile = new
VirtualMachineProfileImpl<VMInstanceVO>(vm);
_networkMgr.prepareNicForMigration(profile, dest);
_storageMgr.prepareForMigration(profile, dest);
- HypervisorGuru hvGuru = _hvGuruMgr.getGuru(vm.getHypervisorType());
- VirtualMachineTO to = hvGuru.implement(profile);
+ VirtualMachineTO to = toVmTO(profile);
PrepareForMigrationCommand pfmc = new PrepareForMigrationCommand(to);
ItWorkVO work = new ItWorkVO(UUID.randomUUID().toString(), _nodeId,
State.Migrating, vm.getType(), vm.getId());
@@ -1411,6 +1410,13 @@ public class VirtualMachineManagerImpl implements
VirtualMachineManager, Listene
}
}
+ @Override
+ public VirtualMachineTO toVmTO(VirtualMachineProfile<? extends
VMInstanceVO> profile) {
+ HypervisorGuru hvGuru =
_hvGuruMgr.getGuru(profile.getVirtualMachine().getHypervisorType());
+ VirtualMachineTO to = hvGuru.implement(profile);
+ return to;
+ }
+
protected void cancelWorkItems(long nodeId) {
GlobalLock scanLock =
GlobalLock.getInternLock("vmmgr.cancel.workitem");
