Revert " CLOUDSTACK-737"
This reverts commit 65210f4e7ee62b237ccdd8d853553e7c990f19c8.
Conflicts:
server/src/com/cloud/vm/UserVmManagerImpl.java
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit:
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/a2fa1676
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/a2fa1676
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/a2fa1676
Branch: refs/heads/vim51_win8
Commit: a2fa16761327f66638a00b41c7399c3d1985ac3f
Parents: 447d49a
Author: Anthony Xu <[email protected]>
Authored: Fri Feb 8 10:47:08 2013 -0800
Committer: Anthony Xu <[email protected]>
Committed: Fri Feb 8 10:47:08 2013 -0800
----------------------------------------------------------------------
.../src/com/cloud/network/NetworkManagerImpl.java | 2 +-
server/src/com/cloud/vm/UserVmManagerImpl.java | 78 ++++++++++++---
2 files changed, 64 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/a2fa1676/server/src/com/cloud/network/NetworkManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java
b/server/src/com/cloud/network/NetworkManagerImpl.java
index 585251d..f02bcec 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -1868,7 +1868,7 @@ public class NetworkManagerImpl extends ManagerBase
implements NetworkManager, L
if (
_networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(),
Service.SourceNat)) {
throw new InvalidParameterValueException("Service
SourceNat is not allowed in security group enabled zone");
}
- if ( !
_networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(),
Service.SecurityGroup)) {
+ if (
_networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(),
Service.SecurityGroup)) {
throw new InvalidParameterValueException("network must
have SecurityGroup provider in security group enabled zone");
=======
// Only Account specific Isolated network with sourceNat
service disabled are allowed in security group
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/a2fa1676/server/src/com/cloud/vm/UserVmManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java
b/server/src/com/cloud/vm/UserVmManagerImpl.java
index 7dd726c..b5e7431 100644
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -2867,14 +2867,15 @@ public class UserVmManagerImpl extends ManagerBase
implements UserVmManager, Use
Account caller = UserContext.current().getCaller();
List<NetworkVO> networkList = new ArrayList<NetworkVO>();
+ boolean isSecurityGroupEnabledNetworkUsed = false;
boolean isVmWare = (template.getHypervisorType() ==
HypervisorType.VMware || (hypervisor != null && hypervisor ==
HypervisorType.VMware));
- if (isVmWare) {
- throw new InvalidParameterValueException("Security group feature
is not supported for vmWare hypervisor");
- }
// Verify that caller can perform actions in behalf of vm owner
_accountMgr.checkAccess(caller, null, true, owner);
+
+ // If no network is specified, find system security group enabled
network
if (networkIdList == null || networkIdList.isEmpty()) {
+<<<<<<< HEAD
throw new InvalidParameterValueException("need to specify
networkIDs");
}
if (networkIdList.size() > 1 ) {
@@ -2883,30 +2884,76 @@ public class UserVmManagerImpl extends ManagerBase
implements UserVmManager, Use
// Verify that all the networks are Shared/Guest; can't create
combination of SG enabled and disabled networks
for (Long networkId : networkIdList) {
NetworkVO network = _networkDao.findById(networkId);
+=======
+ Network networkWithSecurityGroup =
_networkModel.getNetworkWithSecurityGroupEnabled(zone.getId());
+ if (networkWithSecurityGroup == null) {
+ throw new InvalidParameterValueException("No network with
security enabled is found in zone id=" + zone.getId());
+ }
+
+
networkList.add(_networkDao.findById(networkWithSecurityGroup.getId()));
+ isSecurityGroupEnabledNetworkUsed = true;
+
+ } else if (securityGroupIdList != null &&
!securityGroupIdList.isEmpty()) {
+ if (isVmWare) {
+ throw new InvalidParameterValueException("Security group
feature is not supported for vmWare hypervisor");
+ }
+ // Only one network can be specified, and it should be security
group enabled
+ if (networkIdList.size() > 1) {
+ throw new InvalidParameterValueException("Only support one
network per VM if security group enabled");
+ }
+
+ NetworkVO network =
_networkDao.findById(networkIdList.get(0).longValue());
+
+>>>>>>> parent of 65210f4... CLOUDSTACK-737
if (network == null) {
throw new InvalidParameterValueException(
"Unable to find network by id "
+ networkIdList.get(0).longValue());
}
- boolean isSecurityGroupEnabled =
_networkModel.isSecurityGroupSupportedInNetwork(network);
- if ( ! isSecurityGroupEnabled) {
- throw new InvalidParameterValueException("Only support
Security Group enabled networks in Security enabled zone, network " +
network.getUuid() + " doesn't support security group ");
- }
+ if (!_networkModel.isSecurityGroupSupportedInNetwork(network)) {
+ throw new InvalidParameterValueException("Network is not
security group enabled: " + network.getId());
+ }
+
+ networkList.add(network);
+ isSecurityGroupEnabledNetworkUsed = true;
+
+ } else {
+ // Verify that all the networks are Shared/Guest; can't create
combination of SG enabled and disabled networks
+ for (Long networkId : networkIdList) {
+ NetworkVO network = _networkDao.findById(networkId);
+
+ if (network == null) {
+ throw new InvalidParameterValueException("Unable to find
network by id " + networkIdList.get(0).longValue());
+ }
+
+ boolean isSecurityGroupEnabled =
_networkModel.isSecurityGroupSupportedInNetwork(network);
+ if (isSecurityGroupEnabled) {
+ if (networkIdList.size() > 1) {
+ throw new InvalidParameterValueException("Can't create
a vm with multiple networks one of" +
+ " which is Security Group enabled");
+ }
+
+ isSecurityGroupEnabledNetworkUsed = true;
+ }
- if (!(network.getTrafficType() == TrafficType.Guest &&
network.getGuestType() == Network.GuestType.Shared)) {
- throw new InvalidParameterValueException("Can specify only
Shared Guest networks when" +
+ if (!(network.getTrafficType() == TrafficType.Guest &&
network.getGuestType() == Network.GuestType.Shared)) {
+ throw new InvalidParameterValueException("Can specify only
Shared Guest networks when" +
" deploy vm in Advance Security Group enabled
zone");
- }
+ }
- // Perform account permission check
- if (network.getAclType() == ACLType.Account) {
- _accountMgr.checkAccess(caller, AccessType.UseNetwork, false,
network);
+ // Perform account permission check
+ if (network.getAclType() == ACLType.Account) {
+ _accountMgr.checkAccess(caller, AccessType.UseNetwork,
false, network);
+ }
+ networkList.add(network);
}
- networkList.add(network);
}
+
// if network is security group enabled, and no security group is
specified, then add the default security group automatically
- if ( _networkModel.canAddDefaultSecurityGroup()) {
+ if (isSecurityGroupEnabledNetworkUsed && !isVmWare &&
_networkModel.canAddDefaultSecurityGroup()) {
+
+ //add the default securityGroup only if no security group is
specified
if(securityGroupIdList == null || securityGroupIdList.isEmpty()){
if (securityGroupIdList == null) {
securityGroupIdList = new ArrayList<Long>();
@@ -2931,6 +2978,7 @@ public class UserVmManagerImpl extends ManagerBase
implements UserVmManager, Use
}
}
}
+
return createVirtualMachine(zone, serviceOffering, template, hostName,
displayName, owner, diskOfferingId,
diskSize, networkList, securityGroupIdList, group, userData,
sshKeyPair, hypervisor, caller, requestedIps, defaultIps, keyboard);
}
