You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ch...@apache.org on 2013/01/17 01:38:52 UTC
[7/15] git commit: WIP : edge firewall
WIP : edge firewall
Signed-off-by: Chiradeep Vittal <ch...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/f9cc674b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/f9cc674b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/f9cc674b
Branch: refs/heads/cisco-vnmc-api-integration
Commit: f9cc674b9ce5a04f4cf1c17882c597fcc336b121
Parents: 6a0964a
Author: Chiradeep Vittal <ch...@apache.org>
Authored: Wed Jan 16 15:30:36 2013 -0800
Committer: Chiradeep Vittal <ch...@apache.org>
Committed: Wed Jan 16 15:30:36 2013 -0800
----------------------------------------------------------------------
.../scripts/network/cisco/create-edge-firewall.xml | 71 +++++++++++++++
.../cisco-vnmc/scripts/network/cisco/xml | 1 -
.../cloud/network/resource/CiscoVnmcResource.java | 63 ++++++++++++-
.../resource/test/CiscoVnmcResourceTest.java | 11 +++
4 files changed, 141 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/f9cc674b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-firewall.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-firewall.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-firewall.xml
new file mode 100644
index 0000000..3a223ce
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-firewall.xml
@@ -0,0 +1,71 @@
+<configConfMos
+ cookie="%cookie%"
+ inHierarchical="false">
+ <inConfigs>
+ <pair key="%edgefwdn%" >
+ <fwEdgeFirewall
+ haMode="standalone"
+ descr="%edgefwdescr%"
+ dn="%edgefwdn%"
+ name="%edgefwname%"
+ status="created"/>
+ </pair>
+
+ <pair key="%insideintfdn%">
+ <fwDataInterface
+ descr="ASA Inside Interface"
+ dn="%insideintfdn%"
+ ipAddressPrimary="%insideip%"
+ ipAddressSecondary="0.0.0.0"
+ ipSubnet="%insidesubnet%"
+ isIpViaDHCP="no"
+ name="%insideintfname%"
+ role="inside"
+ status="created"/>
+ </pair>
+
+ <pair key="%outsideintfdn%">
+ <fwDataInterface
+ descr="ASA Outside interface "
+ dn="%outsideintfdn%"
+ ipAddressPrimary="%publicip%"
+ ipAddressSecondary="0.0.0.0"
+ ipSubnet="%outsidesubnet%"
+ isIpViaDHCP="no"
+ name="%outsideintfname%"
+ role="outside"
+ status="created"/>
+ </pair>
+
+ <pair key="%outsideintfsp%" >
+ <logicalInterfaceServiceProfileAssociation
+ descr=""
+ dn="%outsideintfsp%"
+ name=""
+ profileRef="%secprofileref%"
+ status="created"/>
+ </pair>
+
+ <pair key="%deviceserviceprofiledn%" >
+ <logicalDeviceServiceProfileAssociation
+ descr=""
+ dn="%deviceserviceprofiledn%"
+ name=""
+ profileRef="%deviceserviceprofile%"
+ status="created"/>
+ </pair>
+ </inConfigs>
+</configConfMos>
+
+<!--
+ edgefwdn="org-root/org-TenantD/org-VDC-TenantD/efw-ASA-1000v-TenantD"
+ insideintfdn="org-root/org-TenantD/org-VDC-TenantD/efw-ASA-1000v-TenantD/interface-Edge_Inside"
+ descr="%edgefwdescr%"
+ ipAddressPrimary="%insideip%"
+ ipSubnet="%insidesubnet%"
+ name="%insideintfname%"
+ outsideintfdn="%outsideintfdn%"
+ ipAddressPrimary="%publicip%"
+ ipSubnet="%outsidesubnet%"
+ name="%outsideintfname%
+--!>
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/f9cc674b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/xml
deleted file mode 100644
index eca3705..0000000
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/xml
+++ /dev/null
@@ -1 +0,0 @@
-<configConfMoscookie="1349308528/b3cb56de-5d62-4d81-bf32-76f7148891eb" inHierarchical="false"> <inConfigs> <pair key="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE" > <policyRuleCondition dn="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE" id="2" order="unspecified" status="created"/> </pair> <pair key="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2/nw-expr2/nw-attr-qual" > <policyNwAttrQualifier attrEp="source" dn="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2/nw-expr2/nw-attr-qual" status="created"/> </pair> <pair key="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE" > <natpolicyNatR
uleBasedPolicy adminState="enabled" descr="Source NAT Rule for Tenant TenantE" dn="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE" name="Source-NAT-For-TenantE" status="created"/> </pair> <pair key="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2/nw-expr2/nw-ip-2" <policyIPAddress dataType="string" descr="" dn="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2/nw-expr2/nw-ip-2" id="2" name="" placement="begin" status="created" value="10.1.1.2"/> </pair> <pair key="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2/nw-expr2/nw-ip-2" > <policyIPAddress dataType="string" descr="" dn="org-
root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2/nw-expr2/nw-ip-2" id="3" name="" placement="end" status="created" value="10.1.1.254"/> </pair> <pair key="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2/nw-expr2" > <policyNetworkExpression dn="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2/nw-expr2" id="2" opr="range" status="created"/> </pair> <pair key="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/rule-cond-2" > <policyRule descr="Source NAT Policy for Tenant TenantE" dn="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE"
name="%natrulerulename%" order="100" status="created"/> </pair> <pair key="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/nat-action" > <natpolicyNatAction actionType="static" destTranslatedIpPool="" destTranslatedPortPool="" dn="org-root/org-TenantE/org-VDC-TenantE/natpol-Source-NAT-For-TenantE/rule-Source-NAT-Policy-Rule-TenantE/nat-action" id="0" isBidirectionalEnabled="yes" isDnsEnabled="yes" isNoProxyArpEnabled="no" isRoundRobinIpEnabled="no" srcTranslatedIpPatPool="" srcTranslatedIpPool="Source-NAT-Pool-For-TenantE" srcTranslatedPortPool="" status="created"/> </pair> </inConfigs></configConfMos>
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/f9cc674b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
index f9a4eae..937470f 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
@@ -94,10 +94,8 @@ public class CiscoVnmcResource implements ServerResource {
CREATE_SOURCE_NAT_POOL("create-source-nat-pool.xml", "policy-mgr"),
CREATE_SOURCE_NAT_POLICY("create-source-nat-policy.xml", "policy-mgr"),
CREATE_NAT_POLICY_SET("create-nat-policy-set.xml", "policy-mgr"),
- RESOLVE_NAT_POLICY_SET("associate-nat-policy-set.xml", "policy-mgr");
-
-
-
+ RESOLVE_NAT_POLICY_SET("associate-nat-policy-set.xml", "policy-mgr"),
+ CREATE_EDGE_FIREWALL("create-edge-firewall.xml", "resource-mgr");
private String scriptsDir = "scripts/network/cisco";
private String xml;
@@ -698,6 +696,63 @@ public class CiscoVnmcResource implements ServerResource {
return verifySuccess(response);
}
+
+ private String getNameForEdgeFirewall(String tenantName) {
+ return "ASA-1000v-" + tenantName;
+ }
+
+ private String getDnForEdgeFirewall(String tenantName) {
+ return getDnForTenantVDC(tenantName) + "/efw-" + getNameForEdgeFirewall(tenantName);
+ }
+
+ private String getNameForEdgeInsideIntf(String tenantName) {
+ return "Edge_Inside";
+ }
+
+ private String getNameForEdgeOutsideIntf(String tenantName) {
+ return "Edge_Outside";
+ }
+
+ private String getDnForOutsideIntf(String tenantName) {
+ return getDnForEdgeFirewall(tenantName) + "/interface-" + getNameForEdgeOutsideIntf(tenantName);
+ }
+
+ private String getDnForInsideIntf(String tenantName) {
+ return getDnForEdgeFirewall(tenantName) + "/interface-" + getNameForEdgeInsideIntf(tenantName);
+ }
+
+ public boolean createEdgeFirewall(String tenantName, String publicIp, String insideIp,
+ String insideSubnet, String outsideSubnet) throws ExecutionException {
+
+ String xml = VnmcXml.CREATE_EDGE_FIREWALL.getXml();
+ String service = VnmcXml.CREATE_EDGE_FIREWALL.getService();
+ xml = replaceXmlValue(xml, "cookie", _cookie);
+ xml = replaceXmlValue(xml, "edgefwdescr", "Edge Firewall for Tenant VDC " + tenantName);
+ xml = replaceXmlValue(xml, "edgefwname", getNameForEdgeFirewall(tenantName));
+ xml = replaceXmlValue(xml, "edgefwdn", getDnForEdgeFirewall(tenantName));
+ xml = replaceXmlValue(xml, "insideintfname", getNameForEdgeInsideIntf(tenantName));
+ xml = replaceXmlValue(xml, "outsideintfname", getNameForEdgeOutsideIntf(tenantName));
+
+ xml = replaceXmlValue(xml, "insideintfdn", getDnForInsideIntf(tenantName));
+ xml = replaceXmlValue(xml, "outsideintfdn", getDnForOutsideIntf(tenantName));
+
+ xml = replaceXmlValue(xml, "deviceserviceprofiledn", getDnForEdgeFirewall(tenantName) + "/device-service-profile");
+ xml = replaceXmlValue(xml, "outsideintfsp", getDnForOutsideIntf(tenantName) + "/interface-service-profile");
+
+ xml = replaceXmlValue(xml, "secprofileref", getNameForEdgeDeviceSecurityProfile(tenantName));
+ xml = replaceXmlValue(xml, "deviceserviceprofile", getNameForEdgeDeviceServiceProfile(tenantName));
+
+
+ xml = replaceXmlValue(xml, "insideip", insideIp);
+ xml = replaceXmlValue(xml, "publicip", publicIp);
+ xml = replaceXmlValue(xml, "insidesubnet", insideSubnet);
+ xml = replaceXmlValue(xml, "outsidesubnet", outsideSubnet);
+
+ String response = sendRequest(service, xml);
+
+ return verifySuccess(response);
+
+ }
private String sendRequest(String service, String xmlRequest) throws ExecutionException {
org.apache.commons.httpclient.protocol.Protocol myhttps =
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/f9cc674b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/test/CiscoVnmcResourceTest.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/test/CiscoVnmcResourceTest.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/test/CiscoVnmcResourceTest.java
index f1e6d28..58baf5b 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/test/CiscoVnmcResourceTest.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/test/CiscoVnmcResourceTest.java
@@ -204,6 +204,7 @@ public class CiscoVnmcResourceTest {
}
}
+ @Ignore
@Test
public void testAssociateNatPolicySet() {
try {
@@ -215,4 +216,14 @@ public class CiscoVnmcResourceTest {
}
}
+ @Test
+ public void testCreateEdgeFirewall() {
+ try {
+ boolean response = resource.createEdgeFirewall(tenantName,
+ "44.44.44.44", "192.168.1.1", "255.255.255.0", "255.255.255.192");
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ e.printStackTrace();
+ }
+ }
}