Updated Branches: refs/heads/cisco-vnmc-api-integration 05e3d04b5 -> 3422ceefb
Passing correct subnet mask while creating edge firewall in VNMC Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/9c1e193f Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/9c1e193f Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/9c1e193f Branch: refs/heads/cisco-vnmc-api-integration Commit: 9c1e193fca6f5e7687634fe27a98616362267fbf Parents: 05e3d04 Author: Koushik Das <[email protected]> Authored: Sun Apr 7 21:22:22 2013 +0530 Committer: Koushik Das <[email protected]> Committed: Sun Apr 7 21:22:22 2013 +0530 ---------------------------------------------------------------------- .../cloud/network/cisco/CiscoVnmcConnection.java | 2 +- .../network/cisco/CiscoVnmcConnectionImpl.java | 4 ++-- .../cloud/network/element/CiscoVnmcElement.java | 13 +++++++++---- .../cloud/network/resource/CiscoVnmcResource.java | 4 ++++ 4 files changed, 16 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9c1e193f/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java index 2f67bdb..f137148 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java @@ -181,7 +181,7 @@ public interface CiscoVnmcConnection { throws ExecutionException; public boolean createEdgeFirewall(String tenantName, String publicIp, - String insideIp, String insideSubnet, String outsideSubnet) + String insideIp, String publicSubnet, String insideSubnet) throws ExecutionException; public boolean deleteEdgeFirewall(String tenantName) throws ExecutionException; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9c1e193f/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java index 360a056..081917a 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java @@ -1226,7 +1226,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { @Override public boolean createEdgeFirewall(String tenantName, String publicIp, String insideIp, - String insideSubnet, String outsideSubnet) throws ExecutionException { + String publicSubnet, String insideSubnet) throws ExecutionException { String xml = VnmcXml.CREATE_EDGE_FIREWALL.getXml(); String service = VnmcXml.CREATE_EDGE_FIREWALL.getService(); xml = replaceXmlValue(xml, "cookie", _cookie); @@ -1248,7 +1248,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { xml = replaceXmlValue(xml, "insideip", insideIp); xml = replaceXmlValue(xml, "publicip", publicIp); xml = replaceXmlValue(xml, "insidesubnet", insideSubnet); - xml = replaceXmlValue(xml, "outsidesubnet", outsideSubnet); + xml = replaceXmlValue(xml, "outsidesubnet", publicSubnet); String response = sendRequest(service, xml); return verifySuccess(response); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9c1e193f/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java index 8b5741f..d22fbe9 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java @@ -116,6 +116,7 @@ import com.cloud.user.Account; import com.cloud.utils.component.AdapterBase; import com.cloud.utils.db.Transaction; import com.cloud.utils.exception.CloudRuntimeException; +import com.cloud.utils.net.NetUtils; import com.cloud.vm.NicProfile; import com.cloud.vm.ReservationContext; import com.cloud.vm.VirtualMachine; @@ -213,9 +214,11 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro return Provider.CiscoVnmc; } - private boolean createLogicalEdgeFirewall(long vlanId, String gateway, - String publicIp, List<String> publicGateways, long hostId) { - CreateLogicalEdgeFirewallCommand cmd = new CreateLogicalEdgeFirewallCommand(vlanId, publicIp, gateway, "255.255.255.0", "255.255.255.0"); + private boolean createLogicalEdgeFirewall(long vlanId, + String gateway, String gatewayNetmask, + String publicIp, String publicNetmask, + List<String> publicGateways, long hostId) { + CreateLogicalEdgeFirewallCommand cmd = new CreateLogicalEdgeFirewallCommand(vlanId, publicIp, gateway, publicNetmask, gatewayNetmask); for (String publicGateway : publicGateways) { cmd.getPublicGateways().add(publicGateway); } @@ -336,7 +339,9 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro } // create logical edge firewall in VNMC - if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), sourceNatIp.getAddress().addr(), publicGateways, ciscoVnmcHost.getId())) { + String gatewayNetmask = NetUtils.getCidrNetmask(network.getCidr()); + if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), gatewayNetmask, + sourceNatIp.getAddress().addr(), sourceNatIp.getNetmask(), publicGateways, ciscoVnmcHost.getId())) { s_logger.error("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName()); return false; } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9c1e193f/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java index 4e98d93..61cd12f 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java @@ -443,6 +443,10 @@ public class CiscoVnmcResource implements ServerResource { throw new Exception("Failed to create ACL ingress policy set in VNMC for guest network with vlan " + vlanId); } + if (!_connection.createTenantVDCAclPolicySet(tenant, false)) { + throw new Exception("Failed to create ACL egress policy set in VNMC for guest network with vlan " + vlanId); + } + for (String publicIp : publicIpRulesMap.keySet()) { String policyIdentifier = publicIp.replace('.', '-');
