You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ch...@apache.org on 2013/01/18 02:01:23 UTC
[4/39] git commit: Move applyRules to the rightful place(s). Not sure
why applyIps is required during applyRules,
so we still have a reference back into a (simplified) applyRules in
NetworkManager
Move applyRules to the rightful place(s). Not sure why applyIps is required during applyRules, so we still have a reference back into a (simplified) applyRules in NetworkManager
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/a64b3867
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/a64b3867
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/a64b3867
Branch: refs/heads/master
Commit: a64b38671496729e67a845aeb83fabbaccefba18
Parents: e37f458
Author: Chiradeep Vittal <ch...@apache.org>
Authored: Fri Jan 4 19:22:53 2013 -0800
Committer: Chiradeep Vittal <ch...@apache.org>
Committed: Fri Jan 4 19:22:53 2013 -0800
----------------------------------------------------------------------
server/src/com/cloud/network/NetworkManager.java | 5 +-
.../src/com/cloud/network/NetworkManagerImpl.java | 43 ++++++++++
.../src/com/cloud/network/NetworkRuleApplier.java | 28 +++++++
.../network/firewall/FirewallManagerImpl.java | 64 ++++++++++++++-
.../network/lb/LoadBalancingRulesManagerImpl.java | 28 +++++-
5 files changed, 158 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/a64b3867/server/src/com/cloud/network/NetworkManager.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java
index 0646789..0d281aa 100755
--- a/server/src/com/cloud/network/NetworkManager.java
+++ b/server/src/com/cloud/network/NetworkManager.java
@@ -41,8 +41,6 @@ import com.cloud.network.Network.Service;
import com.cloud.network.Networks.TrafficType;
import com.cloud.network.addr.PublicIp;
import com.cloud.network.element.NetworkElement;
-import com.cloud.network.element.RemoteAccessVPNServiceProvider;
-import com.cloud.network.element.Site2SiteVpnServiceProvider;
import com.cloud.network.element.UserDataServiceProvider;
import com.cloud.network.guru.NetworkGuru;
import com.cloud.network.rules.FirewallRule;
@@ -50,7 +48,6 @@ import com.cloud.network.rules.StaticNat;
import com.cloud.offering.NetworkOffering;
import com.cloud.offerings.NetworkOfferingVO;
import com.cloud.user.Account;
-import com.cloud.uservm.UserVm;
import com.cloud.utils.Pair;
import com.cloud.vm.Nic;
import com.cloud.vm.NicProfile;
@@ -137,6 +134,8 @@ public interface NetworkManager extends NetworkService {
String getNextAvailableMacAddressInNetwork(long networkConfigurationId) throws InsufficientAddressCapacityException;
boolean applyRules(List<? extends FirewallRule> rules, boolean continueOnError) throws ResourceUnavailableException;
+
+ boolean applyRules(List<? extends FirewallRule> rules, FirewallRule.Purpose purpose, NetworkRuleApplier applier, boolean continueOnError) throws ResourceUnavailableException;
public boolean validateRule(FirewallRule rule);
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/a64b3867/server/src/com/cloud/network/NetworkManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index a1604ae..e7877de 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -3741,6 +3741,49 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
}
@Override
+ public boolean applyRules(List<? extends FirewallRule> rules, FirewallRule.Purpose purpose,
+ NetworkRuleApplier applier, boolean continueOnError) throws ResourceUnavailableException {
+ if (rules == null || rules.size() == 0) {
+ s_logger.debug("There are no rules to forward to the network elements");
+ return true;
+ }
+
+ boolean success = true;
+ Network network = _networksDao.findById(rules.get(0).getNetworkId());
+
+ // get the list of public ip's owned by the network
+ List<IPAddressVO> userIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), null);
+ List<PublicIp> publicIps = new ArrayList<PublicIp>();
+ if (userIps != null && !userIps.isEmpty()) {
+ for (IPAddressVO userIp : userIps) {
+ PublicIp publicIp = new PublicIp(userIp, _vlanDao.findById(userIp.getVlanId()), NetUtils.createSequenceBasedMacAddress(userIp.getMacAddress()));
+ publicIps.add(publicIp);
+ }
+ }
+
+ // rules can not programmed unless IP is associated with network service provider, so run IP assoication for
+ // the network so as to ensure IP is associated before applying rules (in add state)
+ applyIpAssociations(network, false, continueOnError, publicIps);
+
+ try {
+ applier.applyRules(network, purpose, rules);
+ } catch (ResourceUnavailableException e) {
+ if (!continueOnError) {
+ throw e;
+ }
+ s_logger.warn("Problems with applying " + purpose + " rules but pushing on", e);
+ success = false;
+ }
+
+ // if all the rules configured on public IP are revoked then dis-associate IP with network service provider
+ applyIpAssociations(network, true, continueOnError, publicIps);
+
+ return success;
+ }
+
+
+
+ @Override
/* The rules here is only the same kind of rule, e.g. all load balancing rules or all port forwarding rules */
public boolean applyRules(List<? extends FirewallRule> rules, boolean continueOnError) throws ResourceUnavailableException {
if (rules == null || rules.size() == 0) {
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/a64b3867/server/src/com/cloud/network/NetworkRuleApplier.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkRuleApplier.java b/server/src/com/cloud/network/NetworkRuleApplier.java
new file mode 100644
index 0000000..31763d0
--- /dev/null
+++ b/server/src/com/cloud/network/NetworkRuleApplier.java
@@ -0,0 +1,28 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package com.cloud.network;
+
+import java.util.List;
+
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.rules.FirewallRule;
+
+public interface NetworkRuleApplier {
+ public boolean applyRules(Network network, FirewallRule.Purpose purpose, List<? extends FirewallRule> rules) throws ResourceUnavailableException;
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/a64b3867/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
index 54611e1..8e781ec 100644
--- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
+++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
@@ -46,18 +46,24 @@ import com.cloud.network.Network;
import com.cloud.network.Network.Capability;
import com.cloud.network.Network.Service;
import com.cloud.network.NetworkManager;
+import com.cloud.network.NetworkRuleApplier;
import com.cloud.network.dao.FirewallRulesCidrsDao;
import com.cloud.network.dao.FirewallRulesDao;
import com.cloud.network.dao.IPAddressDao;
import com.cloud.network.element.FirewallServiceProvider;
+import com.cloud.network.element.NetworkACLServiceProvider;
import com.cloud.network.element.NetworkElement;
+import com.cloud.network.element.PortForwardingServiceProvider;
+import com.cloud.network.element.StaticNatServiceProvider;
import com.cloud.network.rules.FirewallManager;
import com.cloud.network.rules.FirewallRule;
import com.cloud.network.rules.FirewallRule.FirewallRuleType;
import com.cloud.network.rules.FirewallRule.Purpose;
import com.cloud.network.rules.FirewallRule.State;
import com.cloud.network.rules.FirewallRuleVO;
+import com.cloud.network.rules.PortForwardingRule;
import com.cloud.network.rules.PortForwardingRuleVO;
+import com.cloud.network.rules.StaticNat;
import com.cloud.network.rules.dao.PortForwardingRulesDao;
import com.cloud.network.vpc.VpcManager;
import com.cloud.projects.Project.ListProjectResourcesCriteria;
@@ -87,7 +93,7 @@ import com.cloud.vm.UserVmVO;
import com.cloud.vm.dao.UserVmDao;
@Local(value = { FirewallService.class, FirewallManager.class})
-public class FirewallManagerImpl implements FirewallService, FirewallManager, Manager {
+public class FirewallManagerImpl implements FirewallService, FirewallManager, NetworkRuleApplier, Manager {
private static final Logger s_logger = Logger.getLogger(FirewallManagerImpl.class);
String _name;
@@ -122,6 +128,15 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
@Inject(adapter = FirewallServiceProvider.class)
Adapters<FirewallServiceProvider> _firewallElements;
+ @Inject(adapter = PortForwardingServiceProvider.class)
+ Adapters<PortForwardingServiceProvider> _pfElements;
+
+ @Inject(adapter = StaticNatServiceProvider.class)
+ Adapters<StaticNatServiceProvider> _staticNatElements;
+
+ @Inject(adapter = NetworkACLServiceProvider.class)
+ Adapters<NetworkACLServiceProvider> _networkAclElements;
+
private boolean _elbEnabled = false;
@Override
@@ -434,7 +449,12 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
public boolean applyRules(List<? extends FirewallRule> rules, boolean continueOnError, boolean updateRulesInDB)
throws ResourceUnavailableException {
boolean success = true;
- if (!_networkMgr.applyRules(rules, continueOnError)) {
+ if (rules == null || rules.size() == 0) {
+ s_logger.debug("There are no rules to forward to the network elements");
+ return true;
+ }
+ Purpose purpose = rules.get(0).getPurpose();
+ if (!_networkMgr.applyRules(rules, purpose, this, continueOnError)) {
s_logger.warn("Rules are not completely applied");
return false;
} else {
@@ -467,6 +487,46 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
}
@Override
+ public boolean applyRules(Network network, Purpose purpose, List<? extends FirewallRule> rules)
+ throws ResourceUnavailableException {
+ boolean handled = false;
+ switch (purpose){
+ case Firewall:
+ for (FirewallServiceProvider fwElement: _firewallElements) {
+ handled = fwElement.applyFWRules(network, rules);
+ if (handled)
+ break;
+ }
+ case PortForwarding:
+ for (PortForwardingServiceProvider element: _pfElements) {
+ handled = element.applyPFRules(network, (List<PortForwardingRule>) rules);
+ if (handled)
+ break;
+ }
+ break;
+ case StaticNat:
+ for (StaticNatServiceProvider element: _staticNatElements) {
+ handled = element.applyStaticNats(network, (List<? extends StaticNat>) rules);
+ if (handled)
+ break;
+ }
+ break;
+ case NetworkACL:
+ for (NetworkACLServiceProvider element: _networkAclElements) {
+ handled = element.applyNetworkACLs(network, (List<? extends FirewallRule>) rules);
+ if (handled)
+ break;
+ }
+ break;
+ default:
+ assert(false): "Unexpected fall through in applying rules to the network elements";
+ s_logger.error("FirewallManager cannot process rules of type " + purpose);
+ throw new CloudRuntimeException("FirewallManager cannot process rules of type " + purpose);
+ }
+ return handled;
+ }
+
+ @Override
public void removeRule(FirewallRule rule) {
//remove the rule
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/a64b3867/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
index 6346bc3..aa89474 100755
--- a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
+++ b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
@@ -68,6 +68,7 @@ import com.cloud.network.Network.Capability;
import com.cloud.network.Network.Provider;
import com.cloud.network.Network.Service;
import com.cloud.network.NetworkManager;
+import com.cloud.network.NetworkRuleApplier;
import com.cloud.network.NetworkVO;
import com.cloud.network.as.AutoScalePolicy;
import com.cloud.network.as.AutoScalePolicyConditionMapVO;
@@ -92,6 +93,7 @@ import com.cloud.network.dao.LoadBalancerDao;
import com.cloud.network.dao.LoadBalancerVMMapDao;
import com.cloud.network.dao.NetworkDao;
import com.cloud.network.dao.NetworkServiceMapDao;
+import com.cloud.network.element.LoadBalancingServiceProvider;
import com.cloud.network.lb.LoadBalancingRule.LbAutoScalePolicy;
import com.cloud.network.lb.LoadBalancingRule.LbAutoScaleVmGroup;
import com.cloud.network.lb.LoadBalancingRule.LbAutoScaleVmProfile;
@@ -125,9 +127,9 @@ import com.cloud.user.UserContext;
import com.cloud.user.dao.AccountDao;
import com.cloud.user.dao.UserDao;
import com.cloud.uservm.UserVm;
-import com.cloud.utils.IdentityProxy;
import com.cloud.utils.Pair;
import com.cloud.utils.Ternary;
+import com.cloud.utils.component.Adapters;
import com.cloud.utils.component.Inject;
import com.cloud.utils.component.Manager;
import com.cloud.utils.db.DB;
@@ -147,7 +149,7 @@ import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
@Local(value = { LoadBalancingRulesManager.class, LoadBalancingRulesService.class })
-public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesManager, LoadBalancingRulesService, Manager {
+public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesManager, LoadBalancingRulesService, NetworkRuleApplier, Manager {
private static final Logger s_logger = Logger.getLogger(LoadBalancingRulesManagerImpl.class);
String _name;
@@ -226,7 +228,8 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
DataCenterDao _dcDao = null;
@Inject
UserDao _userDao;
-
+ @Inject(adapter = LoadBalancingServiceProvider.class)
+ Adapters<LoadBalancingServiceProvider> _lbProviders;
// Will return a string. For LB Stickiness this will be a json, for autoscale this will be "," separated values
@Override
@@ -324,7 +327,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
List<LoadBalancingRule> rules = Arrays.asList(rule);
- if (!_networkMgr.applyRules(rules, false)) {
+ if (!_networkMgr.applyRules(rules, FirewallRule.Purpose.LoadBalancing, this, false)) {
s_logger.debug("LB rules' autoscale config are not completely applied");
return false;
}
@@ -1119,6 +1122,19 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
return true;
}
}
+
+ @Override
+ public boolean applyRules(Network network, Purpose purpose, List<? extends FirewallRule> rules)
+ throws ResourceUnavailableException {
+ assert(purpose == Purpose.LoadBalancing): "LB Manager asked to handle non-LB rules";
+ boolean handled = false;
+ for (LoadBalancingServiceProvider lbElement: _lbProviders) {
+ handled = lbElement.applyLBRules(network, (List<LoadBalancingRule>) rules);
+ if (handled)
+ break;
+ }
+ return handled;
+ }
@DB
protected boolean applyLoadBalancerRules(List<LoadBalancerVO> lbs, boolean updateRulesInDB) throws ResourceUnavailableException {
@@ -1132,7 +1148,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
rules.add(loadBalancing);
}
- if (!_networkMgr.applyRules(rules, false)) {
+ if (!_networkMgr.applyRules(rules, FirewallRule.Purpose.LoadBalancing, this, false)) {
s_logger.debug("LB rules are not completely applied");
return false;
}
@@ -1569,4 +1585,6 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
//remove the rule
_lbDao.remove(rule.getId());
}
+
+
}