Correctly associating nat, acl policy sets to edge security profile in VNMC
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/3422ceef Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/3422ceef Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/3422ceef Branch: refs/heads/cisco-vnmc-api-integration Commit: 3422ceefb6d1f5a92ec0868c1261a22e2cfbc54e Parents: 9c1e193 Author: Koushik Das <[email protected]> Authored: Mon Apr 8 14:42:32 2013 +0530 Committer: Koushik Das <[email protected]> Committed: Mon Apr 8 14:42:32 2013 +0530 ---------------------------------------------------------------------- .../network/cisco/associate-nat-policy-set.xml | 2 -- .../network/cisco/CiscoVnmcConnectionImpl.java | 5 ++--- .../cloud/network/element/CiscoVnmcElement.java | 8 ++++---- .../cloud/network/resource/CiscoVnmcResource.java | 4 ++-- 4 files changed, 8 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3422ceef/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-nat-policy-set.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-nat-policy-set.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-nat-policy-set.xml index a92c8f5..6d67c31 100644 --- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-nat-policy-set.xml +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-nat-policy-set.xml @@ -25,8 +25,6 @@ under the License. connTimeoutRef="" descr="%descr%" dn="%espdn%" - egressAclPsetRef="default-egress" - ingressAclPsetRef="default-ingress" inspectRef="" name="%name%" natPsetRef="%natpolicysetname%" http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3422ceef/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java index 081917a..527fb04 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java @@ -548,8 +548,6 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { xml = replaceXmlValue(xml, "descr", "Edge Security Profile for Tenant VDC" + tenantName); xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceSecurityProfile(tenantName)); xml = replaceXmlValue(xml, "espdn", getDnForTenantVDCEdgeSecurityProfile(tenantName)); - xml = replaceXmlValue(xml, "egressref", "default-egress"); - xml = replaceXmlValue(xml, "ingressref", "default-ingress"); xml = replaceXmlValue(xml, "natpolicysetname", getNameForNatPolicySet(tenantName)); String response = sendRequest(service, xml); @@ -661,7 +659,8 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { xml = replaceXmlValue(xml, "descr", "Edge Security Profile for Tenant VDC" + tenantName); xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceSecurityProfile(tenantName)); xml = replaceXmlValue(xml, "espdn", getDnForTenantVDCEdgeSecurityProfile(tenantName)); - xml = replaceXmlValue(xml, "egresspolicysetname", getNameForAclPolicySet(tenantName, false)); + //xml = replaceXmlValue(xml, "egresspolicysetname", getNameForAclPolicySet(tenantName, false)); + xml = replaceXmlValue(xml, "egresspolicysetname", "default-egress"); xml = replaceXmlValue(xml, "ingresspolicysetname", getNameForAclPolicySet(tenantName, true)); xml = replaceXmlValue(xml, "natpolicysetname", getNameForNatPolicySet(tenantName)); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3422ceef/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java index d22fbe9..443bb40 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java @@ -356,10 +356,10 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro } // configure source NAT - if (!configureSourceNat(vlanId, network.getCidr(), sourceNatIp, ciscoVnmcHost.getId())) { - s_logger.error("Failed to configure source NAT in Cisco VNMC device for network " + network.getName()); - return false; - } + //if (!configureSourceNat(vlanId, network.getCidr(), sourceNatIp, ciscoVnmcHost.getId())) { + // s_logger.error("Failed to configure source NAT in Cisco VNMC device for network " + network.getName()); + // return false; + //} // associate Asa 1000v instance with logical edge firewall if (!associateAsaWithLogicalEdgeFirewall(vlanId, assignedAsa.getManagementIp(), ciscoVnmcHost.getId())) { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3422ceef/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java index 61cd12f..9155978 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java @@ -494,7 +494,7 @@ public class CiscoVnmcResource implements ServerResource { } } - if (!_connection.associateNatPolicySet(tenant)) { + if (!_connection.associateAclPolicySet(tenant)) { throw new Exception("Failed to associate source NAT policy set with edge security profile in VNMC for guest network with vlan " + vlanId); } } catch (Throwable e) { @@ -597,7 +597,7 @@ public class CiscoVnmcResource implements ServerResource { } } - if (!_connection.associateNatPolicySet(tenant)) { + if (!_connection.associateAclPolicySet(tenant)) { throw new Exception("Failed to associate source NAT policy set with edge security profile in VNMC for guest network with vlan " + vlanId); } } catch (Throwable e) {
