You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ra...@apache.org on 2013/10/18 14:15:36 UTC
git commit: updated refs/heads/hyperv to f74e9aa
Updated Branches:
refs/heads/hyperv b24935f2f -> f74e9aac7
Implemented SetFirewallRulesCommand in HyperV Resource
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/f74e9aac
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/f74e9aac
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/f74e9aac
Branch: refs/heads/hyperv
Commit: f74e9aac741ed0ba78310a99677d7adea25848b5
Parents: b24935f
Author: Rajesh Battala <ra...@citrix.com>
Authored: Fri Oct 18 17:40:36 2013 +0530
Committer: Rajesh Battala <ra...@citrix.com>
Committed: Fri Oct 18 17:40:36 2013 +0530
----------------------------------------------------------------------
.../resource/HypervDirectConnectResource.java | 86 +++++++++++++++++++-
1 file changed, 85 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f74e9aac/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java b/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java
index 57a9dfd..9d46322 100644
--- a/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java
+++ b/plugins/hypervisors/hyperv/src/com/cloud/hypervisor/hyperv/resource/HypervDirectConnectResource.java
@@ -64,13 +64,17 @@ import com.cloud.agent.api.routing.IpAssocAnswer;
import com.cloud.agent.api.routing.IpAssocCommand;
import com.cloud.agent.api.routing.NetworkElementCommand;
import com.cloud.agent.api.routing.SavePasswordCommand;
+import com.cloud.agent.api.routing.SetFirewallRulesAnswer;
+import com.cloud.agent.api.routing.SetFirewallRulesCommand;
import com.cloud.agent.api.routing.VmDataCommand;
import com.cloud.agent.api.to.DhcpTO;
+import com.cloud.agent.api.to.FirewallRuleTO;
import com.cloud.agent.api.to.IpAddressTO;
import com.cloud.dc.DataCenter.NetworkType;
import com.cloud.host.Host.Type;
import com.cloud.hypervisor.Hypervisor;
import com.cloud.network.Networks.RouterPrivateIpStrategy;
+import com.cloud.network.rules.FirewallRule;
import com.cloud.resource.ServerResource;
import com.cloud.resource.ServerResourceBase;
import com.cloud.serializer.GsonHelper;
@@ -363,7 +367,9 @@ public class HypervDirectConnectResource extends ServerResourceBase implements
answer = execute((VmDataCommand) cmd);
} else if (clazz == SavePasswordCommand.class) {
answer = execute((SavePasswordCommand) cmd);
- }
+ } else if (clazz == SetFirewallRulesCommand.class) {
+ answer = execute((SetFirewallRulesCommand)cmd);
+ }
else {
@@ -431,6 +437,84 @@ public class HypervDirectConnectResource extends ServerResourceBase implements
}
+ protected SetFirewallRulesAnswer execute(SetFirewallRulesCommand cmd) {
+ String controlIp = getRouterSshControlIp(cmd);
+ String[] results = new String[cmd.getRules().length];
+ FirewallRuleTO[] allrules = cmd.getRules();
+ FirewallRule.TrafficType trafficType = allrules[0].getTrafficType();
+ String egressDefault = cmd.getAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT);
+
+ String[][] rules = cmd.generateFwRules();
+ String args = "";
+ args += " -F ";
+ if (trafficType == FirewallRule.TrafficType.Egress){
+ args+= " -E ";
+ if (egressDefault.equals("true")) {
+ args+= " -P 1 ";
+ } else if (egressDefault.equals("System")) {
+ args+= " -P 2 ";
+ } else {
+ args+= " -P 0 ";
+ }
+ }
+
+ StringBuilder sb = new StringBuilder();
+ String[] fwRules = rules[0];
+ if (fwRules.length > 0) {
+ for (int i = 0; i < fwRules.length; i++) {
+ sb.append(fwRules[i]).append(',');
+ }
+ args += " -a " + sb.toString();
+ }
+
+ try {
+ Pair<Boolean, String> result = null;
+
+ if (trafficType == FirewallRule.TrafficType.Egress){
+ result = SshHelper.sshExecute(controlIp,
+ DEFAULT_DOMR_SSHPORT, "root", getSystemVMKeyFile(),
+ null, "/root/firewallRule_egress.sh " + args);
+ } else {
+ result = SshHelper.sshExecute(controlIp,
+ DEFAULT_DOMR_SSHPORT, "root", getSystemVMKeyFile(),
+ null, "/root/firewall_rule.sh " + args);
+ }
+
+ if (s_logger.isDebugEnabled()) {
+ if (trafficType == FirewallRule.TrafficType.Egress){
+ s_logger.debug("Executing script on domain router " + controlIp
+ + ": /root/firewallRule_egress.sh " + args);
+ } else {
+ s_logger.debug("Executing script on domain router " + controlIp
+ + ": /root/firewall_rule.sh " + args);
+ }
+ }
+
+
+ if (!result.first()) {
+ s_logger.error("SetFirewallRulesCommand failure on setting one rule. args: "
+ + args);
+ //FIXME - in the future we have to process each rule separately; now we temporarily set every rule to be false if single rule fails
+ for (int i=0; i < results.length; i++) {
+ results[i] = "Failed";
+ }
+
+ return new SetFirewallRulesAnswer(cmd, false, results);
+ }
+ } catch (Throwable e) {
+ s_logger.error("SetFirewallRulesCommand(args: " + args
+ + ") failed on setting one rule due to "
+ ,e);
+ //FIXME - in the future we have to process each rule separately; now we temporarily set every rule to be false if single rule fails
+ for (int i=0; i < results.length; i++) {
+ results[i] = "Failed";
+ }
+ return new SetFirewallRulesAnswer(cmd, false, results);
+ }
+
+ return new SetFirewallRulesAnswer(cmd, true, results);
+ }
+
protected Answer execute(VmDataCommand cmd) {
if (s_logger.isInfoEnabled()) {