http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7706a9c3/server/src/com/cloud/network/NetworkManagerImpl.java ---------------------------------------------------------------------- diff --cc server/src/com/cloud/network/NetworkManagerImpl.java index 36db1dc,77da24e..6403140 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@@ -2963,13 -2548,16 +2968,18 @@@ public class NetworkManagerImpl impleme if (zone.isSecurityGroupEnabled()) { // Only Account specific Isolated network with sourceNat service disabled are allowed in security group // enabled zone - boolean allowCreation = (ntwkOff.getGuestType() == GuestType.Isolated && !areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat)); + boolean allowCreation = (ntwkOff.getGuestType() == GuestType.Isolated + && !areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat)); if (!allowCreation) { - throw new InvalidParameterValueException("Only Account specific Isolated network with sourceNat service disabled are allowed in security group enabled zone"); + throw new InvalidParameterValueException("Only Account specific Isolated network with sourceNat " + + "service disabled are allowed in security group enabled zone"); } } + + //don't allow eip/elb networks in Advance zone + if (ntwkOff.getElasticIp() || ntwkOff.getElasticLb()) { + throw new InvalidParameterValueException("Elastic IP and Elastic LB services are supported in zone of type " + NetworkType.Basic); + } } // VlanId can be specified only when network offering supports it @@@ -3271,13 -2841,17 +3281,17 @@@ if (!permittedAccounts.isEmpty()) { networksToReturn.addAll(listAccountSpecificNetworks( buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, - physicalNetworkId, aclType, skipProjectNetworks, restartRequired, specifyIpRanges, tags), searchFilter, - permittedAccounts)); + physicalNetworkId, aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags), searchFilter, + permittedAccounts)); - } else if (domainId == null || listAll) { + } else if (domainId == null) { networksToReturn.addAll(listAccountSpecificNetworksByDomainPath( buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, - physicalNetworkId, aclType, skipProjectNetworks, restartRequired, specifyIpRanges, tags), searchFilter, path, - isRecursive)); + physicalNetworkId, aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags), searchFilter, path, + isRecursive)); + networksToReturn.addAll(listDomainSpecificNetworksByDomainPath( + buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, - physicalNetworkId, aclType, skipProjectNetworks, restartRequired, specifyIpRanges, tags), searchFilter, path, ++ physicalNetworkId, aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags), searchFilter, path, + isRecursive)); } } else { networksToReturn = _networksDao.search(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, @@@ -3457,7 -3027,23 +3471,23 @@@ sc.addAnd("id", SearchCriteria.Op.SC, accountSC); return _networksDao.search(sc, searchFilter); } - + + private List<NetworkVO> listDomainSpecificNetworksByDomainPath(SearchCriteria<NetworkVO> sc, Filter searchFilter, String path, boolean isRecursive) { + SearchCriteria<NetworkVO> accountSC = _networksDao.createSearchCriteria(); + accountSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Domain.toString()); + + if (path != null) { + if (isRecursive) { + sc.setJoinParameters("domainSearch", "path", path + "%"); + } else { + sc.setJoinParameters("domainSearch", "path", path); + } + } + + sc.addAnd("id", SearchCriteria.Op.SC, accountSC); + return _networksDao.search(sc, searchFilter); + } + @Override @ActionEvent(eventType = EventTypes.EVENT_NETWORK_DELETE, eventDescription = "deleting network", async = true) public boolean deleteNetwork(long networkId) { @@@ -6200,29 -5716,12 +6233,34 @@@ s_logger.warn("Failed to cleanup firewall rules as a part of shutdownNetworkRules due to ", ex); success = false; } + + //revoke all Network ACLs for the network w/o applying them in the DB + List<FirewallRuleVO> networkACLs = _firewallDao.listByNetworkAndPurpose(networkId, Purpose.NetworkACL); + if (s_logger.isDebugEnabled()) { + s_logger.debug("Releasing " + networkACLs.size() + " Network ACLs for network id=" + networkId + + " as a part of shutdownNetworkRules"); + } + + for (FirewallRuleVO networkACL : networkACLs) { + s_logger.trace("Marking network ACL " + networkACL + " with Revoke state"); + networkACL.setState(FirewallRule.State.Revoke); + } + try { + if (!_firewallMgr.applyRules(networkACLs, true, false)) { + s_logger.warn("Failed to cleanup network ACLs as a part of shutdownNetworkRules"); + success = false; + } + } catch (ResourceUnavailableException ex) { + s_logger.warn("Failed to cleanup network ACLs as a part of shutdownNetworkRules due to ", ex); + success = false; + } + + //release all static nats for the network + if (!_rulesMgr.applyStaticNatForNetwork(networkId, false, caller, true)) { + s_logger.warn("Failed to disable static nats as part of shutdownNetworkRules for network id " + networkId); + success = false; + } // Get all ip addresses, mark as releasing and release them on the backend Network network = getNetwork(networkId);
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7706a9c3/server/src/com/cloud/network/rules/RulesManagerImpl.java ---------------------------------------------------------------------- diff --cc server/src/com/cloud/network/rules/RulesManagerImpl.java index 928e6b8,d00835e..3e000a3 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@@ -1255,15 -1173,60 +1255,60 @@@ public class RulesManagerImpl implement @Override public boolean applyStaticNatForIp(long sourceIpId, boolean continueOnError, Account caller, boolean forRevoke) { + IpAddress sourceIp = _ipAddressDao.findById(sourceIpId); + + List<StaticNat> staticNats = createStaticNatForIp(sourceIp, caller, forRevoke); + + if (staticNats != null && !staticNats.isEmpty()) { + try { + if (!_networkMgr.applyStaticNats(staticNats, continueOnError)) { + return false; + } + } catch (ResourceUnavailableException ex) { + s_logger.warn("Failed to create static nat rule due to ", ex); + return false; + } + } + + return true; + } + + + @Override + public boolean applyStaticNatForNetwork(long networkId, boolean continueOnError, Account caller, boolean forRevoke) { + List<? extends IpAddress> staticNatIps = _ipAddressDao.listStaticNatPublicIps(networkId); - + List<StaticNat> staticNats = new ArrayList<StaticNat>(); - IpAddress sourceIp = _ipAddressDao.findById(sourceIpId); + for (IpAddress staticNatIp : staticNatIps) { + staticNats.addAll(createStaticNatForIp(staticNatIp, caller, forRevoke)); + } + + if (staticNats != null && !staticNats.isEmpty()) { + if (forRevoke) { + s_logger.debug("Found " + staticNats.size() + " static nats to disable for network id " + networkId); + } + try { + if (!_networkMgr.applyStaticNats(staticNats, continueOnError)) { + return false; + } + } catch (ResourceUnavailableException ex) { + s_logger.warn("Failed to create static nat rule due to ", ex); + return false; + } + } else { + s_logger.debug("Found 0 static nat rules to apply for network id " + networkId); + } - if (!sourceIp.isOneToOneNat()) { - s_logger.debug("Source ip id=" + sourceIpId + " is not one to one nat"); - return true; - } + return true; + } + protected List<StaticNat> createStaticNatForIp(IpAddress sourceIp, Account caller, boolean forRevoke) { + List<StaticNat> staticNats = new ArrayList<StaticNat>(); + if (!sourceIp.isOneToOneNat()) { + s_logger.debug("Source ip id=" + sourceIp + " is not one to one nat"); + return staticNats; + } + Long networkId = sourceIp.getAssociatedWithNetworkId(); if (networkId == null) { throw new CloudRuntimeException("Ip address is not associated with any network"); http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7706a9c3/server/src/com/cloud/vm/UserVmManagerImpl.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7706a9c3/setup/apidoc/gen_toc.py ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7706a9c3/setup/db/create-schema.sql ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7706a9c3/ui/css/cloudstack3.css ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7706a9c3/ui/scripts/zoneWizard.js ----------------------------------------------------------------------
