wido commented on a change in pull request #3639: Multiple networks support for
vms in advanced zone with security group (and kvm support)
URL: https://github.com/apache/cloudstack/pull/3639#discussion_r339295509
##########
File path:
plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
##########
@@ -3511,7 +3512,117 @@ public boolean destroyNetworkRulesForVM(final Connect
conn, final String vmName)
return true;
}
- public boolean defaultNetworkRules(final Connect conn, final String
vmName, final NicTO nic, final Long vmId, final String secIpStr) {
+ /**
+ * Function to destroy the security group rules applied to the nic's
+ * @param conn
+ * @param vmName
+ * @param nic
+ * @return
+ * true : If success
+ * false : If failure
+ */
+ public boolean destroyNetworkRulesForNic(final Connect conn, final String
vmName, final NicTO nic) {
+ if (!_canBridgeFirewall) {
+ return false;
+ }
+ final List<String> nicSecIps = nic.getNicSecIps();
+ String secIpsStr;
+ final StringBuilder sb = new StringBuilder();
+ if (nicSecIps != null) {
+ for (final String ip : nicSecIps) {
+ sb.append(ip).append(";");
+ }
+ secIpsStr = sb.toString();
+ } else {
+ secIpsStr = "0;";
+ }
+ final List<InterfaceDef> intfs = getInterfaces(conn, vmName);
+ if (intfs.size() == 0 || intfs.size() < nic.getDeviceId()) {
+ return false;
+ }
+
+ final InterfaceDef intf = intfs.get(nic.getDeviceId());
+ final String brname = intf.getBrName();
+ final String vif = intf.getDevName();
+
+ final Script cmd = new Script(_securityGroupPath, _timeout, s_logger);
+ cmd.add("destroy_network_rules_for_vm");
+ cmd.add("--vmname", vmName);
+ if (nic.getIp() != null) {
+ cmd.add("--vmip", nic.getIp());
+ }
+ cmd.add("--vmmac", nic.getMac());
+ cmd.add("--vif", vif);
+ cmd.add("--nicsecips", secIpsStr);
+
+ final String result = cmd.execute();
+ if (result != null) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Function to apply default network rules for a VM
+ * @param conn
+ * @param vm
+ * @param checkBeforeApply
+ * @return
+ */
+ public boolean applyDefaultNetworkRules(final Connect conn, final
VirtualMachineTO vm, final boolean checkBeforeApply) {
+ NicTO[] nicTOs = new NicTO[] {};
+ if (vm != null && vm.getNics() != null) {
+ s_logger.debug("Checking default network rules for vm " +
vm.getName());
+ nicTOs = vm.getNics();
+ }
+ for (NicTO nic : nicTOs) {
+ if (vm.getType() != VirtualMachine.Type.User) {
+ nic.setPxeDisable(true);
+ }
+ }
+ boolean isFirstNic = true;
+ for (final NicTO nic : nicTOs) {
+ if (nic.isSecurityGroupEnabled() || nic.getIsolationUri() != null
&&
nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString()))
{
+ if (vm.getType() != VirtualMachine.Type.User) {
+ configureDefaultNetworkRulesForSystemVm(conn,
vm.getName());
+ break;
+ }
+ if (!applyDefaultNetworkRulesOnNic(conn, vm.getName(),
vm.getId(), nic, isFirstNic, checkBeforeApply)) {
+ s_logger.error("Unable to apply default network rule for
nic " + nic.getName() + " for VM " + vm.getName());
+ return false;
+ }
+ isFirstNic = false;
+ }
+ }
+ return true;
+ }
+
+ /**
+ * Function to apply default network rules for a NIC
+ * @param conn
+ * @param vmName
+ * @param vmId
+ * @param nic
+ * @param isFirstNic
+ * @param checkBeforeApply
+ * @return
+ */
+ public boolean applyDefaultNetworkRulesOnNic(final Connect conn, final
String vmName, final Long vmId, final NicTO nic, boolean isFirstNic, boolean
checkBeforeApply) {
+ final List<String> nicSecIps = nic.getNicSecIps();
+ String secIpsStr;
+ final StringBuilder sb = new StringBuilder();
+ if (nicSecIps != null) {
+ for (final String ip : nicSecIps) {
+ sb.append(ip).append(";");
Review comment:
Same here regarding the separator
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
