You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2013/02/13 02:07:01 UTC
[8/50] [abbrv] git commit: refs/heads/vim51_win8 - Revert "
CLOUDSTACK-737"
Revert " CLOUDSTACK-737"
This reverts commit 65210f4e7ee62b237ccdd8d853553e7c990f19c8.
Conflicts:
server/src/com/cloud/vm/UserVmManagerImpl.java
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/a2fa1676
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/a2fa1676
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/a2fa1676
Branch: refs/heads/vim51_win8
Commit: a2fa16761327f66638a00b41c7399c3d1985ac3f
Parents: 447d49a
Author: Anthony Xu <an...@citrix.com>
Authored: Fri Feb 8 10:47:08 2013 -0800
Committer: Anthony Xu <an...@citrix.com>
Committed: Fri Feb 8 10:47:08 2013 -0800
----------------------------------------------------------------------
.../src/com/cloud/network/NetworkManagerImpl.java | 2 +-
server/src/com/cloud/vm/UserVmManagerImpl.java | 78 ++++++++++++---
2 files changed, 64 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/a2fa1676/server/src/com/cloud/network/NetworkManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index 585251d..f02bcec 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -1868,7 +1868,7 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager, L
if ( _networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat)) {
throw new InvalidParameterValueException("Service SourceNat is not allowed in security group enabled zone");
}
- if ( ! _networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SecurityGroup)) {
+ if ( _networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SecurityGroup)) {
throw new InvalidParameterValueException("network must have SecurityGroup provider in security group enabled zone");
=======
// Only Account specific Isolated network with sourceNat service disabled are allowed in security group
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/a2fa1676/server/src/com/cloud/vm/UserVmManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
index 7dd726c..b5e7431 100644
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -2867,14 +2867,15 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Use
Account caller = UserContext.current().getCaller();
List<NetworkVO> networkList = new ArrayList<NetworkVO>();
+ boolean isSecurityGroupEnabledNetworkUsed = false;
boolean isVmWare = (template.getHypervisorType() == HypervisorType.VMware || (hypervisor != null && hypervisor == HypervisorType.VMware));
- if (isVmWare) {
- throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor");
- }
// Verify that caller can perform actions in behalf of vm owner
_accountMgr.checkAccess(caller, null, true, owner);
+
+ // If no network is specified, find system security group enabled network
if (networkIdList == null || networkIdList.isEmpty()) {
+<<<<<<< HEAD
throw new InvalidParameterValueException("need to specify networkIDs");
}
if (networkIdList.size() > 1 ) {
@@ -2883,30 +2884,76 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Use
// Verify that all the networks are Shared/Guest; can't create combination of SG enabled and disabled networks
for (Long networkId : networkIdList) {
NetworkVO network = _networkDao.findById(networkId);
+=======
+ Network networkWithSecurityGroup = _networkModel.getNetworkWithSecurityGroupEnabled(zone.getId());
+ if (networkWithSecurityGroup == null) {
+ throw new InvalidParameterValueException("No network with security enabled is found in zone id=" + zone.getId());
+ }
+
+ networkList.add(_networkDao.findById(networkWithSecurityGroup.getId()));
+ isSecurityGroupEnabledNetworkUsed = true;
+
+ } else if (securityGroupIdList != null && !securityGroupIdList.isEmpty()) {
+ if (isVmWare) {
+ throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor");
+ }
+ // Only one network can be specified, and it should be security group enabled
+ if (networkIdList.size() > 1) {
+ throw new InvalidParameterValueException("Only support one network per VM if security group enabled");
+ }
+
+ NetworkVO network = _networkDao.findById(networkIdList.get(0).longValue());
+
+>>>>>>> parent of 65210f4... CLOUDSTACK-737
if (network == null) {
throw new InvalidParameterValueException(
"Unable to find network by id "
+ networkIdList.get(0).longValue());
}
- boolean isSecurityGroupEnabled = _networkModel.isSecurityGroupSupportedInNetwork(network);
- if ( ! isSecurityGroupEnabled) {
- throw new InvalidParameterValueException("Only support Security Group enabled networks in Security enabled zone, network " + network.getUuid() + " doesn't support security group ");
- }
+ if (!_networkModel.isSecurityGroupSupportedInNetwork(network)) {
+ throw new InvalidParameterValueException("Network is not security group enabled: " + network.getId());
+ }
+
+ networkList.add(network);
+ isSecurityGroupEnabledNetworkUsed = true;
+
+ } else {
+ // Verify that all the networks are Shared/Guest; can't create combination of SG enabled and disabled networks
+ for (Long networkId : networkIdList) {
+ NetworkVO network = _networkDao.findById(networkId);
+
+ if (network == null) {
+ throw new InvalidParameterValueException("Unable to find network by id " + networkIdList.get(0).longValue());
+ }
+
+ boolean isSecurityGroupEnabled = _networkModel.isSecurityGroupSupportedInNetwork(network);
+ if (isSecurityGroupEnabled) {
+ if (networkIdList.size() > 1) {
+ throw new InvalidParameterValueException("Can't create a vm with multiple networks one of" +
+ " which is Security Group enabled");
+ }
+
+ isSecurityGroupEnabledNetworkUsed = true;
+ }
- if (!(network.getTrafficType() == TrafficType.Guest && network.getGuestType() == Network.GuestType.Shared)) {
- throw new InvalidParameterValueException("Can specify only Shared Guest networks when" +
+ if (!(network.getTrafficType() == TrafficType.Guest && network.getGuestType() == Network.GuestType.Shared)) {
+ throw new InvalidParameterValueException("Can specify only Shared Guest networks when" +
" deploy vm in Advance Security Group enabled zone");
- }
+ }
- // Perform account permission check
- if (network.getAclType() == ACLType.Account) {
- _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
+ // Perform account permission check
+ if (network.getAclType() == ACLType.Account) {
+ _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
+ }
+ networkList.add(network);
}
- networkList.add(network);
}
+
// if network is security group enabled, and no security group is specified, then add the default security group automatically
- if ( _networkModel.canAddDefaultSecurityGroup()) {
+ if (isSecurityGroupEnabledNetworkUsed && !isVmWare && _networkModel.canAddDefaultSecurityGroup()) {
+
+ //add the default securityGroup only if no security group is specified
if(securityGroupIdList == null || securityGroupIdList.isEmpty()){
if (securityGroupIdList == null) {
securityGroupIdList = new ArrayList<Long>();
@@ -2931,6 +2978,7 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Use
}
}
}
+
return createVirtualMachine(zone, serviceOffering, template, hostName, displayName, owner, diskOfferingId,
diskSize, networkList, securityGroupIdList, group, userData, sshKeyPair, hypervisor, caller, requestedIps, defaultIps, keyboard);
}