This is an automated email from the ASF dual-hosted git repository. pearl11594 pushed a commit to branch fr03-nsx-reorder-acl-rules in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit 4e12e7f62d510274d841d606e35120ee35eedfe4 Author: Pearl Dsilva <[email protected]> AuthorDate: Mon Jan 29 10:53:33 2024 -0500 NSX: Improve NSX resource cleanup process (#3) --- .../org/apache/cloudstack/service/NsxApiClient.java | 17 ++++++++++++++--- .../com/cloud/network/firewall/FirewallManagerImpl.java | 3 ++- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java index cb81a736c37..0ad9f94512a 100644 --- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java +++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java @@ -100,6 +100,7 @@ import static org.apache.cloudstack.utils.NsxControllerUtils.getServiceEntryName import static org.apache.cloudstack.utils.NsxControllerUtils.getLoadBalancerName; import static org.apache.cloudstack.utils.NsxControllerUtils.getLoadBalancerAlgorithm; import static org.apache.cloudstack.utils.NsxControllerUtils.getActiveMonitorProfileName; +import static org.apache.cloudstack.utils.NsxControllerUtils.getTier1GatewayName; public class NsxApiClient { @@ -429,6 +430,10 @@ public class NsxApiClient { public void deleteSegment(long zoneId, long domainId, long accountId, Long vpcId, long networkId, String segmentName) { try { removeSegmentDistributedFirewallRules(segmentName); + if (Objects.isNull(vpcId)) { + String t1GatewayName = getTier1GatewayName(domainId, accountId, zoneId, networkId, false); + deleteLoadBalancer(getLoadBalancerName(t1GatewayName)); + } removeSegment(segmentName); DhcpRelayConfigs dhcpRelayConfig = (DhcpRelayConfigs) nsxService.apply(DhcpRelayConfigs.class); String dhcpRelayConfigId = NsxControllerUtils.getNsxDhcpRelayConfigId(zoneId, domainId, accountId, vpcId, networkId); @@ -445,9 +450,15 @@ public class NsxApiClient { protected void removeSegment(String segmentName) { LOGGER.debug(String.format("Removing the segment with ID %s", segmentName)); Segments segmentService = (Segments) nsxService.apply(Segments.class); - Segment segment = segmentService.get(segmentName); - if (segment == null) { - LOGGER.error(String.format("The segment with ID %s is not found, skipping removal", segmentName)); + String errMsg = String.format("The segment with ID %s is not found, skipping removal", segmentName); + try { + Segment segment = segmentService.get(segmentName); + if (segment == null) { + LOGGER.warn(errMsg); + return; + } + } catch (Exception e) { + LOGGER.warn(errMsg); return; } String siteId = getDefaultSiteId(); diff --git a/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java index 4be933aaf11..0aae8f5beb6 100644 --- a/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java @@ -732,7 +732,8 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, return; } - if (NetUtils.ICMP_PROTO.equals(protocol.toLowerCase(Locale.ROOT)) && (rule.getIcmpType() == -1 || rule.getIcmpCode() == -1)) { + if (NetUtils.ICMP_PROTO.equals(protocol.toLowerCase(Locale.ROOT)) && (rule.getIcmpType() == -1 || rule.getIcmpCode() == -1) + && State.Add.equals(rule.getState())) { String errorMsg = "Passing -1 for ICMP type is not supported for NSX enabled zones"; s_logger.error(errorMsg); throw new InvalidParameterValueException(errorMsg);
