You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by da...@apache.org on 2020/11/06 15:27:50 UTC
[cloudstack] branch 4.14 updated: Preventing port 53 being added as lb rule when dns service is availab… (#4442)
This is an automated email from the ASF dual-hosted git repository.
dahn pushed a commit to branch 4.14
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.14 by this push:
new 9a253c4 Preventing port 53 being added as lb rule when dns service is availab… (#4442)
9a253c4 is described below
commit 9a253c473ba0e3c1a0e361f43572952b9d2662f6
Author: Spaceman1984 <49...@users.noreply.github.com>
AuthorDate: Fri Nov 6 17:27:27 2020 +0200
Preventing port 53 being added as lb rule when dns service is availab… (#4442)
---
.../network/lb/LoadBalancingRulesManagerImpl.java | 111 ++++++++++++---------
1 file changed, 62 insertions(+), 49 deletions(-)
diff --git a/server/src/main/java/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java b/server/src/main/java/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
index d2b6305..0ac0374 100644
--- a/server/src/main/java/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
@@ -29,6 +29,8 @@ import java.util.Set;
import javax.inject.Inject;
+import com.cloud.offerings.NetworkOfferingServiceMapVO;
+import com.cloud.offerings.dao.NetworkOfferingServiceMapDao;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.command.user.loadbalancer.CreateLBHealthCheckPolicyCmd;
import org.apache.cloudstack.api.command.user.loadbalancer.CreateLBStickinessPolicyCmd;
@@ -209,6 +211,8 @@ public class LoadBalancingRulesManagerImpl<Type> extends ManagerBase implements
@Inject
NetworkDao _networkDao;
@Inject
+ NetworkOfferingServiceMapDao _networkOfferingServiceDao;
+ @Inject
FirewallRulesDao _firewallDao;
@Inject
DomainService _domainMgr;
@@ -260,6 +264,7 @@ public class LoadBalancingRulesManagerImpl<Type> extends ManagerBase implements
@Inject
NicSecondaryIpDao _nicSecondaryIpDao;
+ private static final int DNS_PORT = 53;
// Will return a string. For LB Stickiness this will be a json, for
// autoscale this will be "," separated values
@Override
@@ -1598,65 +1603,73 @@ public class LoadBalancingRulesManagerImpl<Type> extends ManagerBase implements
// LoadBalancer result = _elbMgr.handleCreateLoadBalancerRule(lb,
// lbOwner, lb.getNetworkId());
LoadBalancer result = null;
- if (result == null) {
- IpAddress systemIp = null;
- NetworkOffering off = _entityMgr.findById(NetworkOffering.class, network.getNetworkOfferingId());
- if (off.isElasticLb() && ipVO == null && network.getVpcId() == null) {
- systemIp = _ipAddrMgr.assignSystemIp(networkId, lbOwner, true, false);
- if (systemIp != null) {
- ipVO = _ipAddressDao.findById(systemIp.getId());
+ IpAddress systemIp = null;
+ NetworkOffering off = _entityMgr.findById(NetworkOffering.class, network.getNetworkOfferingId());
+
+ if (srcPortStart == DNS_PORT && ipVO.isSourceNat()) {
+ List<NetworkOfferingServiceMapVO> offeringServices = _networkOfferingServiceDao.listByNetworkOfferingId(network.getNetworkOfferingId());
+ for (NetworkOfferingServiceMapVO serviceMapVo: offeringServices) {
+ if (serviceMapVo.getService().equals(Service.Dns.getName())) {
+ throw new InvalidParameterValueException("Error adding load balancer rule, cannot add port 53 with network service offering having DNS service and Source NAT.");
}
}
+ }
- // Validate ip address
- if (ipVO == null) {
- throw new InvalidParameterValueException("Unable to create load balance rule; can't find/allocate source IP");
- } else if (ipVO.isOneToOneNat()) {
- throw new NetworkRuleConflictException("Can't do load balance on ip address: " + ipVO.getAddress());
+ if (off.isElasticLb() && ipVO == null && network.getVpcId() == null) {
+ systemIp = _ipAddrMgr.assignSystemIp(networkId, lbOwner, true, false);
+ if (systemIp != null) {
+ ipVO = _ipAddressDao.findById(systemIp.getId());
}
+ }
- boolean performedIpAssoc = false;
- try {
- if (ipVO.getAssociatedWithNetworkId() == null) {
- boolean assignToVpcNtwk = network.getVpcId() != null && ipVO.getVpcId() != null && ipVO.getVpcId().longValue() == network.getVpcId();
- if (assignToVpcNtwk) {
- // set networkId just for verification purposes
- _networkModel.checkIpForService(ipVO, Service.Lb, networkId);
-
- s_logger.debug("The ip is not associated with the VPC network id=" + networkId + " so assigning");
- ipVO = _ipAddrMgr.associateIPToGuestNetwork(ipAddrId, networkId, false);
- performedIpAssoc = true;
- }
- } else {
- _networkModel.checkIpForService(ipVO, Service.Lb, null);
- }
+ // Validate ip address
+ if (ipVO == null) {
+ throw new InvalidParameterValueException("Unable to create load balance rule; can't find/allocate source IP");
+ } else if (ipVO.isOneToOneNat()) {
+ throw new NetworkRuleConflictException("Can't do load balance on ip address: " + ipVO.getAddress());
+ }
- if (ipVO.getAssociatedWithNetworkId() == null) {
- throw new InvalidParameterValueException("Ip address " + ipVO + " is not assigned to the network " + network);
+ boolean performedIpAssoc = false;
+ try {
+ if (ipVO.getAssociatedWithNetworkId() == null) {
+ boolean assignToVpcNtwk = network.getVpcId() != null && ipVO.getVpcId() != null && ipVO.getVpcId().longValue() == network.getVpcId();
+ if (assignToVpcNtwk) {
+ // set networkId just for verification purposes
+ _networkModel.checkIpForService(ipVO, Service.Lb, networkId);
+
+ s_logger.debug("The ip is not associated with the VPC network id=" + networkId + " so assigning");
+ ipVO = _ipAddrMgr.associateIPToGuestNetwork(ipAddrId, networkId, false);
+ performedIpAssoc = true;
}
+ } else {
+ _networkModel.checkIpForService(ipVO, Service.Lb, null);
+ }
- result = createPublicLoadBalancer(xId, name, description, srcPortStart, defPortStart, ipVO.getId(), protocol, algorithm, openFirewall, CallContext.current(),
- lbProtocol, forDisplay);
- } catch (Exception ex) {
- s_logger.warn("Failed to create load balancer due to ", ex);
- if (ex instanceof NetworkRuleConflictException) {
- throw (NetworkRuleConflictException)ex;
- }
+ if (ipVO.getAssociatedWithNetworkId() == null) {
+ throw new InvalidParameterValueException("Ip address " + ipVO + " is not assigned to the network " + network);
+ }
- if (ex instanceof InvalidParameterValueException) {
- throw (InvalidParameterValueException)ex;
- }
+ result = createPublicLoadBalancer(xId, name, description, srcPortStart, defPortStart, ipVO.getId(), protocol, algorithm, openFirewall, CallContext.current(),
+ lbProtocol, forDisplay);
+ } catch (Exception ex) {
+ s_logger.warn("Failed to create load balancer due to ", ex);
+ if (ex instanceof NetworkRuleConflictException) {
+ throw (NetworkRuleConflictException)ex;
+ }
- } finally {
- if (result == null && systemIp != null) {
- s_logger.debug("Releasing system IP address " + systemIp + " as corresponding lb rule failed to create");
- _ipAddrMgr.handleSystemIpRelease(systemIp);
- }
- // release ip address if ipassoc was perfored
- if (performedIpAssoc) {
- ipVO = _ipAddressDao.findById(ipVO.getId());
- _vpcMgr.unassignIPFromVpcNetwork(ipVO.getId(), networkId);
- }
+ if (ex instanceof InvalidParameterValueException) {
+ throw (InvalidParameterValueException)ex;
+ }
+
+ } finally {
+ if (result == null && systemIp != null) {
+ s_logger.debug("Releasing system IP address " + systemIp + " as corresponding lb rule failed to create");
+ _ipAddrMgr.handleSystemIpRelease(systemIp);
+ }
+ // release ip address if ipassoc was perfored
+ if (performedIpAssoc) {
+ ipVO = _ipAddressDao.findById(ipVO.getId());
+ _vpcMgr.unassignIPFromVpcNetwork(ipVO.getId(), networkId);
}
}