You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2013/10/29 04:52:52 UTC
[02/50] [abbrv] git commit: updated refs/heads/object_store_migration
to 5ec2a44
CLOUDSTACK-4964: Cisco VNMC: Nexus password gets logged in MS logs during guest n/w implementation with VNMC provider
Suppressing the password from getting logged
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/8e62fb79
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/8e62fb79
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/8e62fb79
Branch: refs/heads/object_store_migration
Commit: 8e62fb7998fea0e06cbb6c98e4699b2df4064967
Parents: e4a1ff8
Author: Koushik Das <ko...@apache.org>
Authored: Fri Oct 25 17:58:15 2013 +0530
Committer: Koushik Das <ko...@apache.org>
Committed: Fri Oct 25 17:58:15 2013 +0530
----------------------------------------------------------------------
.../api/ConfigureNexusVsmForAsaCommand.java | 3 +
.../cloud/network/element/CiscoVnmcElement.java | 206 +++++++++----------
2 files changed, 104 insertions(+), 105 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8e62fb79/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java
index b20ad1f..863b347 100755
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java
@@ -16,6 +16,8 @@
// under the License.
package com.cloud.agent.api;
+import com.cloud.agent.api.LogLevel.Log4jLevel;
+
/**
* Command for configuring n1kv VSM for asa1kv device. It does the following in VSM:
* a. creating vservice node for asa1kv
@@ -25,6 +27,7 @@ public class ConfigureNexusVsmForAsaCommand extends Command {
private long _vlanId;
private String _ipAddress;
private String _vsmUsername;
+ @LogLevel(Log4jLevel.Off)
private String _vsmPassword;
private String _vsmIp;
private String _asaInPortProfile;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8e62fb79/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
index 5beb1ba..fbda707 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
@@ -317,114 +317,110 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
}
try {
- Transaction.execute(new TransactionCallbackWithExceptionNoReturn<Exception>() {
- @Override
- public void doInTransactionWithoutResult(TransactionStatus status) throws InsufficientAddressCapacityException, ResourceUnavailableException {
-
- // ensure that there is an ASA 1000v assigned to this network
- CiscoAsa1000vDevice assignedAsa = assignAsa1000vToNetwork(network);
- if (assignedAsa == null) {
- s_logger.error("Unable to assign ASA 1000v device to network " + network.getName());
- throw new CloudRuntimeException("Unable to assign ASA 1000v device to network " + network.getName());
- }
-
- ClusterVO asaCluster = _clusterDao.findById(assignedAsa.getClusterId());
- ClusterVSMMapVO clusterVsmMap = _clusterVsmMapDao.findByClusterId(assignedAsa.getClusterId());
- if (clusterVsmMap == null) {
- s_logger.error("Vmware cluster " + asaCluster.getName() + " has no Cisco Nexus VSM device associated with it");
- throw new CloudRuntimeException("Vmware cluster " + asaCluster.getName() + " has no Cisco Nexus VSM device associated with it");
- }
-
- CiscoNexusVSMDeviceVO vsmDevice = _vsmDeviceDao.findById(clusterVsmMap.getVsmId());
- if (vsmDevice == null) {
- s_logger.error("Unable to load details of Cisco Nexus VSM device associated with cluster " + asaCluster.getName());
- throw new CloudRuntimeException("Unable to load details of Cisco Nexus VSM device associated with cluster " + asaCluster.getName());
- }
-
- CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
- HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
- _hostDao.loadDetails(ciscoVnmcHost);
- Account owner = context.getAccount();
- PublicIp sourceNatIp = _ipAddrMgr.assignSourceNatIpAddressToGuestNetwork(owner, network);
- long vlanId = Long.parseLong(BroadcastDomainType.getValue(network.getBroadcastUri()));
-
- List<VlanVO> vlanVOList = _vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId());
- List<String> publicGateways = new ArrayList<String>();
- for (VlanVO vlanVO : vlanVOList) {
- publicGateways.add(vlanVO.getVlanGateway());
- }
-
- // due to VNMC limitation of not allowing source NAT ip as the outside ip of firewall,
- // an additional public ip needs to acquired for assigning as firewall outside ip.
- // In case there are already additional ip addresses available (network restart) use one
- // of them such that it is not the source NAT ip
- IpAddress outsideIp = null;
- List<IPAddressVO> publicIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), null);
- for (IPAddressVO ip : publicIps) {
- if (!ip.isSourceNat()) {
- outsideIp = ip;
- break;
- }
- }
- if (outsideIp == null) { // none available, acquire one
- try {
- Account caller = CallContext.current().getCallingAccount();
- long callerUserId = CallContext.current().getCallingUserId();
- outsideIp = _ipAddrMgr.allocateIp(owner, false, caller, callerUserId, zone);
- } catch (ResourceAllocationException e) {
- s_logger.error("Unable to allocate additional public Ip address. Exception details " + e);
- throw new CloudRuntimeException("Unable to allocate additional public Ip address. Exception details " + e);
- }
-
- try {
- outsideIp = _ipAddrMgr.associateIPToGuestNetwork(outsideIp.getId(), network.getId(), true);
- } catch (ResourceAllocationException e) {
- s_logger.error("Unable to assign allocated additional public Ip " + outsideIp.getAddress().addr() + " to network with vlan " + vlanId + ". Exception details "
- + e);
- throw new CloudRuntimeException("Unable to assign allocated additional public Ip " + outsideIp.getAddress().addr() + " to network with vlan " + vlanId + ". Exception details "
- + e);
- }
- }
-
- // create logical edge firewall in VNMC
- String gatewayNetmask = NetUtils.getCidrNetmask(network.getCidr());
- // due to ASA limitation of allowing single subnet to be assigned to firewall interfaces,
- // all public ip addresses must be from same subnet, this essentially means single public subnet in zone
- if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), gatewayNetmask,
- outsideIp.getAddress().addr(), sourceNatIp.getNetmask(), publicGateways, ciscoVnmcHost.getId())) {
- s_logger.error("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName());
- throw new CloudRuntimeException("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName());
- }
-
- // create stuff in VSM for ASA device
- if (!configureNexusVsmForAsa(vlanId, network.getGateway(),
- vsmDevice.getUserName(), vsmDevice.getPassword(), vsmDevice.getipaddr(),
- assignedAsa.getInPortProfile(), ciscoVnmcHost.getId())) {
- s_logger.error("Failed to configure Cisco Nexus VSM " + vsmDevice.getipaddr() +
- " for ASA device for network " + network.getName());
- throw new CloudRuntimeException("Failed to configure Cisco Nexus VSM " + vsmDevice.getipaddr() +
- " for ASA device for network " + network.getName());
- }
-
- // configure source NAT
- if (!configureSourceNat(vlanId, network.getCidr(), sourceNatIp, ciscoVnmcHost.getId())) {
- s_logger.error("Failed to configure source NAT in Cisco VNMC device for network " + network.getName());
- throw new CloudRuntimeException("Failed to configure source NAT in Cisco VNMC device for network " + network.getName());
- }
-
- // associate Asa 1000v instance with logical edge firewall
- if (!associateAsaWithLogicalEdgeFirewall(vlanId, assignedAsa.getManagementIp(), ciscoVnmcHost.getId())) {
- s_logger.error("Failed to associate Cisco ASA 1000v (" + assignedAsa.getManagementIp() +
- ") with logical edge firewall in VNMC for network " + network.getName());
- throw new CloudRuntimeException("Failed to associate Cisco ASA 1000v (" + assignedAsa.getManagementIp() +
- ") with logical edge firewall in VNMC for network " + network.getName());
- }
+ // ensure that there is an ASA 1000v assigned to this network
+ CiscoAsa1000vDevice assignedAsa = assignAsa1000vToNetwork(network);
+ if (assignedAsa == null) {
+ s_logger.error("Unable to assign ASA 1000v device to network " + network.getName());
+ throw new CloudRuntimeException("Unable to assign ASA 1000v device to network " + network.getName());
+ }
+
+ ClusterVO asaCluster = _clusterDao.findById(assignedAsa.getClusterId());
+ ClusterVSMMapVO clusterVsmMap = _clusterVsmMapDao.findByClusterId(assignedAsa.getClusterId());
+ if (clusterVsmMap == null) {
+ s_logger.error("Vmware cluster " + asaCluster.getName() + " has no Cisco Nexus VSM device associated with it");
+ throw new CloudRuntimeException("Vmware cluster " + asaCluster.getName() + " has no Cisco Nexus VSM device associated with it");
+ }
+
+ CiscoNexusVSMDeviceVO vsmDevice = _vsmDeviceDao.findById(clusterVsmMap.getVsmId());
+ if (vsmDevice == null) {
+ s_logger.error("Unable to load details of Cisco Nexus VSM device associated with cluster " + asaCluster.getName());
+ throw new CloudRuntimeException("Unable to load details of Cisco Nexus VSM device associated with cluster " + asaCluster.getName());
+ }
+
+ CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
+ HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
+ _hostDao.loadDetails(ciscoVnmcHost);
+ Account owner = context.getAccount();
+ PublicIp sourceNatIp = _ipAddrMgr.assignSourceNatIpAddressToGuestNetwork(owner, network);
+ long vlanId = Long.parseLong(BroadcastDomainType.getValue(network.getBroadcastUri()));
+
+ List<VlanVO> vlanVOList = _vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId());
+ List<String> publicGateways = new ArrayList<String>();
+ for (VlanVO vlanVO : vlanVOList) {
+ publicGateways.add(vlanVO.getVlanGateway());
+ }
+
+ // due to VNMC limitation of not allowing source NAT ip as the outside ip of firewall,
+ // an additional public ip needs to acquired for assigning as firewall outside ip.
+ // In case there are already additional ip addresses available (network restart) use one
+ // of them such that it is not the source NAT ip
+ IpAddress outsideIp = null;
+ List<IPAddressVO> publicIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), null);
+ for (IPAddressVO ip : publicIps) {
+ if (!ip.isSourceNat()) {
+ outsideIp = ip;
+ break;
}
- });
+ }
+ if (outsideIp == null) { // none available, acquire one
+ try {
+ Account caller = CallContext.current().getCallingAccount();
+ long callerUserId = CallContext.current().getCallingUserId();
+ outsideIp = _ipAddrMgr.allocateIp(owner, false, caller, callerUserId, zone);
+ } catch (ResourceAllocationException e) {
+ s_logger.error("Unable to allocate additional public Ip address. Exception details " + e);
+ throw new CloudRuntimeException("Unable to allocate additional public Ip address. Exception details " + e);
+ }
+
+ try {
+ outsideIp = _ipAddrMgr.associateIPToGuestNetwork(outsideIp.getId(), network.getId(), true);
+ } catch (ResourceAllocationException e) {
+ s_logger.error("Unable to assign allocated additional public Ip " + outsideIp.getAddress().addr() + " to network with vlan " + vlanId + ". Exception details "
+ + e);
+ throw new CloudRuntimeException("Unable to assign allocated additional public Ip " + outsideIp.getAddress().addr() + " to network with vlan " + vlanId + ". Exception details "
+ + e);
+ }
+ }
+
+ // create logical edge firewall in VNMC
+ String gatewayNetmask = NetUtils.getCidrNetmask(network.getCidr());
+ // due to ASA limitation of allowing single subnet to be assigned to firewall interfaces,
+ // all public ip addresses must be from same subnet, this essentially means single public subnet in zone
+ if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), gatewayNetmask,
+ outsideIp.getAddress().addr(), sourceNatIp.getNetmask(), publicGateways, ciscoVnmcHost.getId())) {
+ s_logger.error("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName());
+ throw new CloudRuntimeException("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName());
+ }
+
+ // create stuff in VSM for ASA device
+ if (!configureNexusVsmForAsa(vlanId, network.getGateway(),
+ vsmDevice.getUserName(), vsmDevice.getPassword(), vsmDevice.getipaddr(),
+ assignedAsa.getInPortProfile(), ciscoVnmcHost.getId())) {
+ s_logger.error("Failed to configure Cisco Nexus VSM " + vsmDevice.getipaddr() +
+ " for ASA device for network " + network.getName());
+ throw new CloudRuntimeException("Failed to configure Cisco Nexus VSM " + vsmDevice.getipaddr() +
+ " for ASA device for network " + network.getName());
+ }
+
+ // configure source NAT
+ if (!configureSourceNat(vlanId, network.getCidr(), sourceNatIp, ciscoVnmcHost.getId())) {
+ s_logger.error("Failed to configure source NAT in Cisco VNMC device for network " + network.getName());
+ throw new CloudRuntimeException("Failed to configure source NAT in Cisco VNMC device for network " + network.getName());
+ }
+
+ // associate Asa 1000v instance with logical edge firewall
+ if (!associateAsaWithLogicalEdgeFirewall(vlanId, assignedAsa.getManagementIp(), ciscoVnmcHost.getId())) {
+ s_logger.error("Failed to associate Cisco ASA 1000v (" + assignedAsa.getManagementIp() +
+ ") with logical edge firewall in VNMC for network " + network.getName());
+ throw new CloudRuntimeException("Failed to associate Cisco ASA 1000v (" + assignedAsa.getManagementIp() +
+ ") with logical edge firewall in VNMC for network " + network.getName());
+ }
} catch (CloudRuntimeException e) {
+ unassignAsa1000vFromNetwork(network);
s_logger.error("CiscoVnmcElement failed", e);
return false;
} catch (Exception e) {
+ unassignAsa1000vFromNetwork(network);
ExceptionUtil.rethrowRuntime(e);
ExceptionUtil.rethrow(e, InsufficientAddressCapacityException.class);
ExceptionUtil.rethrow(e, ResourceUnavailableException.class);
@@ -579,10 +575,10 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
public CiscoVnmcController doInTransaction(TransactionStatus status) {
CiscoVnmcController ciscoVnmcResource = new CiscoVnmcControllerVO(host.getId(), physicalNetworkId, ntwkSvcProvider.getProviderName(), deviceName);
_ciscoVnmcDao.persist((CiscoVnmcControllerVO)ciscoVnmcResource);
-
+
DetailVO detail = new DetailVO(host.getId(), "deviceid", String.valueOf(ciscoVnmcResource.getId()));
_hostDetailsDao.persist(detail);
-
+
return ciscoVnmcResource;
}
});