You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by an...@apache.org on 2013/02/08 00:20:02 UTC
[5/5] git commit: refs/heads/master - Merge branch
'sg-in-advanced-zone'
Updated Branches:
refs/heads/master 3dea9a7be -> 951cba92b
Merge branch 'sg-in-advanced-zone'
Conflicts:
server/src/com/cloud/network/NetworkManagerImpl.java
server/src/com/cloud/vm/UserVmManagerImpl.java
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/951cba92
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/951cba92
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/951cba92
Branch: refs/heads/master
Commit: 951cba92bb7a036ddb25d256fb6e1838aed49d79
Parents: 3dea9a7 8a86d08
Author: anthony <an...@cloud.com>
Authored: Thu Feb 7 15:19:41 2013 -0800
Committer: anthony <an...@cloud.com>
Committed: Thu Feb 7 15:19:41 2013 -0800
----------------------------------------------------------------------
.../configuration/ConfigurationManagerImpl.java | 10 +-
.../consoleproxy/ConsoleProxyManagerImpl.java | 29 +++--
.../src/com/cloud/network/NetworkManagerImpl.java | 13 ++-
.../com/cloud/resource/ResourceManagerImpl.java | 6 +
.../secondary/SecondaryStorageManagerImpl.java | 32 +++--
server/src/com/cloud/vm/UserVmManagerImpl.java | 96 ++++-----------
ui/scripts/zoneWizard.js | 1 -
7 files changed, 81 insertions(+), 106 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/951cba92/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/951cba92/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/951cba92/server/src/com/cloud/network/NetworkManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/network/NetworkManagerImpl.java
index f24623e,da0a560..0712820
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@@ -1854,16 -1870,16 +1854,19 @@@ public class NetworkManagerImpl extend
} else if (zone.getNetworkType() == NetworkType.Advanced) {
if (zone.isSecurityGroupEnabled()) {
- // Only shared network with sourceNat service disabled are allowed in security group
+ if (ipv6) {
+ throw new InvalidParameterValueException("IPv6 is not supported with security group!");
+ }
+ // Only Account specific Isolated network with sourceNat service disabled are allowed in security group
// enabled zone
- boolean allowCreation = (ntwkOff.getGuestType() == GuestType.Isolated
- && !_networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat));
- if (!allowCreation) {
- throw new InvalidParameterValueException("Only Account specific Isolated network with sourceNat " +
- "service disabled are allowed in security group enabled zone");
+ if ( ntwkOff.getGuestType() != GuestType.Shared ){
+ throw new InvalidParameterValueException("Only shared guest network can be created in security group enabled zone");
+ }
+ if ( _networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat)) {
+ throw new InvalidParameterValueException("Service SourceNat is not allowed in security group enabled zone");
+ }
+ if ( ! _networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SecurityGroup)) {
+ throw new InvalidParameterValueException("network must have SecurityGroup provider in security group enabled zone");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/951cba92/server/src/com/cloud/resource/ResourceManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/resource/ResourceManagerImpl.java
index 82013d4,5817d4d..55e377d
--- a/server/src/com/cloud/resource/ResourceManagerImpl.java
+++ b/server/src/com/cloud/resource/ResourceManagerImpl.java
@@@ -414,19 -379,21 +414,25 @@@ public class ResourceManagerImpl extend
}
if (cmd.getHypervisor() == null || cmd.getHypervisor().isEmpty()) {
- throw new InvalidParameterValueException("Please specify a hypervisor");
+ throw new InvalidParameterValueException(
+ "Please specify a hypervisor");
}
- Hypervisor.HypervisorType hypervisorType = Hypervisor.HypervisorType.getType(cmd.getHypervisor());
+ Hypervisor.HypervisorType hypervisorType = Hypervisor.HypervisorType
+ .getType(cmd.getHypervisor());
if (hypervisorType == null) {
- s_logger.error("Unable to resolve " + cmd.getHypervisor() + " to a valid supported hypervisor type");
- throw new InvalidParameterValueException("Unable to resolve " + cmd.getHypervisor() + " to a supported ");
+ s_logger.error("Unable to resolve " + cmd.getHypervisor()
+ + " to a valid supported hypervisor type");
+ throw new InvalidParameterValueException("Unable to resolve "
+ + cmd.getHypervisor() + " to a supported ");
}
+ if (zone.isSecurityGroupEnabled()) {
+ if( hypervisorType != HypervisorType.KVM && hypervisorType != HypervisorType.XenServer ) {
+ throw new InvalidParameterValueException("Don't support hypervisor type " + hypervisorType + " in advanced security enabled zone");
+ }
+ }
+
Cluster.ClusterType clusterType = null;
if (cmd.getClusterType() != null && !cmd.getClusterType().isEmpty()) {
clusterType = Cluster.ClusterType.valueOf(cmd.getClusterType());
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/951cba92/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/951cba92/server/src/com/cloud/vm/UserVmManagerImpl.java
----------------------------------------------------------------------
diff --cc server/src/com/cloud/vm/UserVmManagerImpl.java
index 662dab3,7a139f4..7dd726c
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@@ -2867,94 -2048,45 +2867,47 @@@ public class UserVmManagerImpl extends
Account caller = UserContext.current().getCaller();
List<NetworkVO> networkList = new ArrayList<NetworkVO>();
- boolean isSecurityGroupEnabledNetworkUsed = false;
boolean isVmWare = (template.getHypervisorType() == HypervisorType.VMware || (hypervisor != null && hypervisor == HypervisorType.VMware));
+ if (isVmWare) {
+ throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor");
+ }
- //Verify that caller can perform actions in behalf of vm owner
+ // Verify that caller can perform actions in behalf of vm owner
_accountMgr.checkAccess(caller, null, true, owner);
-
- // If no network is specified, find system security group enabled
- // network
if (networkIdList == null || networkIdList.isEmpty()) {
- Network networkWithSecurityGroup = _networkModel.getNetworkWithSecurityGroupEnabled(zone.getId());
- if (networkWithSecurityGroup == null) {
- throw new InvalidParameterValueException(
- "No network with security enabled is found in zone id="
- + zone.getId());
- }
-
- networkList.add(_networkDao.findById(networkWithSecurityGroup.getId()));
- isSecurityGroupEnabledNetworkUsed = true;
-
- } else if (securityGroupIdList != null
- && !securityGroupIdList.isEmpty()) {
- if (isVmWare) {
- throw new InvalidParameterValueException(
- "Security group feature is not supported for vmWare hypervisor");
- }
- // Only one network can be specified, and it should be security
- // group enabled
- if (networkIdList.size() > 1) {
- throw new InvalidParameterValueException(
- "Only support one network per VM if security group enabled");
- }
-
- NetworkVO network = _networkDao.findById(networkIdList.get(0)
- .longValue());
-
+ throw new InvalidParameterValueException("need to specify networkIDs");
+ }
+ if (networkIdList.size() > 1 ) {
+ throw new InvalidParameterValueException("VM can only be on one network in Zone with Security group enabled zone");
+ }
+ // Verify that all the networks are Shared/Guest; can't create combination of SG enabled and disabled networks
+ for (Long networkId : networkIdList) {
+ NetworkVO network = _networkDao.findById(networkId);
if (network == null) {
- throw new InvalidParameterValueException("Unable to find network by id " + networkIdList.get(0).longValue());
+ throw new InvalidParameterValueException(
+ "Unable to find network by id "
+ + networkIdList.get(0).longValue());
}
- if (!_networkModel.isSecurityGroupSupportedInNetwork(network)) {
- throw new InvalidParameterValueException("Network is not security group enabled: " + network.getId());
- }
-
- networkList.add(network);
- isSecurityGroupEnabledNetworkUsed = true;
-
- } else {
- // Verify that all the networks are Shared/Guest; can't create combination of SG enabled and disabled networks
- for (Long networkId : networkIdList) {
- NetworkVO network = _networkDao.findById(networkId);
-
- if (network == null) {
- throw new InvalidParameterValueException(
- "Unable to find network by id "
- + networkIdList.get(0).longValue());
- }
-
- boolean isSecurityGroupEnabled = _networkModel.isSecurityGroupSupportedInNetwork(network);
- if (isSecurityGroupEnabled) {
- if (networkIdList.size() > 1) {
- throw new InvalidParameterValueException("Can't create a vm with multiple networks one of" +
- " which is Security Group enabled");
- }
-
- isSecurityGroupEnabledNetworkUsed = true;
- }
+ boolean isSecurityGroupEnabled = _networkModel.isSecurityGroupSupportedInNetwork(network);
+ if ( ! isSecurityGroupEnabled) {
+ throw new InvalidParameterValueException("Only support Security Group enabled networks in Security enabled zone, network " + network.getUuid() + " doesn't support security group ");
+ }
- if (!(network.getTrafficType() == TrafficType.Guest && network.getGuestType() == Network.GuestType.Shared)) {
- throw new InvalidParameterValueException("Can specify only Shared Guest networks when" +
+ if (!(network.getTrafficType() == TrafficType.Guest && network.getGuestType() == Network.GuestType.Shared)) {
+ throw new InvalidParameterValueException("Can specify only Shared Guest networks when" +
" deploy vm in Advance Security Group enabled zone");
- }
+ }
- // Perform account permission check
- if (network.getAclType() == ACLType.Account) {
- _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
- }
- networkList.add(network);
+ // Perform account permission check
+ if (network.getAclType() == ACLType.Account) {
+ _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
}
+ networkList.add(network);
}
-
// if network is security group enabled, and no security group is specified, then add the default security group automatically
- if (isSecurityGroupEnabledNetworkUsed && !isVmWare && _networkModel.canAddDefaultSecurityGroup()) {
-
- // add the default securityGroup only if no security group is
- // specified
- if (securityGroupIdList == null || securityGroupIdList.isEmpty()) {
+ if ( _networkModel.canAddDefaultSecurityGroup()) {
+ if(securityGroupIdList == null || securityGroupIdList.isEmpty()){
if (securityGroupIdList == null) {
securityGroupIdList = new ArrayList<Long>();
}
@@@ -2978,9 -2104,8 +2931,8 @@@
}
}
}
-
return createVirtualMachine(zone, serviceOffering, template, hostName, displayName, owner, diskOfferingId,
- diskSize, networkList, securityGroupIdList, group, userData, sshKeyPair, hypervisor, caller, requestedIps, defaultIp, keyboard);
+ diskSize, networkList, securityGroupIdList, group, userData, sshKeyPair, hypervisor, caller, requestedIps, defaultIps, keyboard);
}
@Override