You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ja...@apache.org on 2014/03/19 11:35:11 UTC
git commit: updated refs/heads/master to 289ac04
Repository: cloudstack
Updated Branches:
refs/heads/master 4494cbb4c -> 289ac0465
CLOUDSTACK-6240 Fixed updating advanced SG rules for vm nic secondary ip
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/289ac046
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/289ac046
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/289ac046
Branch: refs/heads/master
Commit: 289ac0465cde2e619ca4b6198c3d692765981688
Parents: 4494cbb
Author: Jayapal <ja...@apache.org>
Authored: Wed Mar 19 15:46:15 2014 +0530
Committer: Jayapal <ja...@apache.org>
Committed: Wed Mar 19 15:46:15 2014 +0530
----------------------------------------------------------------------
.../api/command/user/vm/AddIpToVmNicCmd.java | 8 +++++++-
.../api/command/user/vm/RemoveIpFromVmNicCmd.java | 9 ++++++++-
.../network/security/SecurityGroupManagerImpl.java | 13 +++++++------
3 files changed, 22 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/289ac046/api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java
index a7f9436..870bbbf 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java
@@ -92,6 +92,12 @@ public class AddIpToVmNicCmd extends BaseAsyncCmd {
return dc.getNetworkType();
}
+ private boolean isZoneSGEnabled() {
+ Network ntwk = _entityMgr.findById(Network.class, getNetworkId());
+ DataCenter dc = _entityMgr.findById(DataCenter.class, ntwk.getDataCenterId());
+ return dc.isSecurityGroupEnabled();
+ }
+
@Override
public String getEventType() {
return EventTypes.EVENT_NET_IP_ASSIGN;
@@ -136,7 +142,7 @@ public class AddIpToVmNicCmd extends BaseAsyncCmd {
if (result != null) {
secondaryIp = result.getIp4Address();
- if (getNetworkType() == NetworkType.Basic) {
+ if (isZoneSGEnabled()) {
// add security group rules for the secondary ip addresses
boolean success = false;
success = _securityGroupService.securityGroupRulesForVmSecIp(getNicId(), secondaryIp, true);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/289ac046/api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java
index 75eafa9..70d5b48 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java
@@ -131,6 +131,13 @@ public class RemoveIpFromVmNicCmd extends BaseAsyncCmd {
return null;
}
+
+ private boolean isZoneSGEnabled() {
+ Network ntwk = _entityMgr.findById(Network.class, getNetworkId());
+ DataCenter dc = _entityMgr.findById(DataCenter.class, ntwk.getDataCenterId());
+ return dc.isSecurityGroupEnabled();
+ }
+
@Override
public void execute() throws InvalidParameterValueException {
CallContext.current().setEventDetails("Ip Id: " + id);
@@ -140,7 +147,7 @@ public class RemoveIpFromVmNicCmd extends BaseAsyncCmd {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Invalid IP id is passed");
}
- if (getNetworkType() == NetworkType.Basic) {
+ if (isZoneSGEnabled()) {
//remove the security group rules for this secondary ip
boolean success = false;
success = _securityGroupService.securityGroupRulesForVmSecIp(nicSecIp.getNicId(), nicSecIp.getIp4Address(), false);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/289ac046/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
index cf71b25..9c1b967 100755
--- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
+++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
@@ -1350,16 +1350,17 @@ public class SecurityGroupManagerImpl extends ManagerBase implements SecurityGro
// Validate parameters
List<SecurityGroupVO> vmSgGrps = getSecurityGroupsForVm(vmId);
- if (vmSgGrps == null) {
+ if (vmSgGrps.isEmpty()) {
s_logger.debug("Vm is not in any Security group ");
return true;
}
- for (SecurityGroupVO securityGroup : vmSgGrps) {
- Account owner = _accountMgr.getAccount(securityGroup.getAccountId());
- if (owner == null) {
- throw new InvalidParameterValueException("Unable to find security group owner by id=" + securityGroup.getAccountId());
- }
+ //If network does not support SG service, no need add SG rules for secondary ip
+ Network network = _networkModel.getNetwork(nic.getNetworkId());
+ if (!_networkModel.isSecurityGroupSupportedInNetwork(network)) {
+ s_logger.debug("Network " + network + " is not enabled with security group service, "+
+ "so not applying SG rules for secondary ip");
+ return true;
}
String vmMac = vm.getPrivateMacAddress();