You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ko...@apache.org on 2013/02/21 07:27:02 UTC
[1/2] Added changes to create ingress fw rules in VNMC
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1e38515f/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
index d3f9cab..c96abac 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
@@ -104,7 +104,6 @@ import com.cloud.utils.component.AdapterBase;
import com.cloud.utils.component.Inject;
import com.cloud.utils.db.Transaction;
import com.cloud.utils.exception.CloudRuntimeException;
-import com.cloud.utils.net.NetUtils;
import com.cloud.vm.NicProfile;
import com.cloud.vm.ReservationContext;
import com.cloud.vm.VirtualMachine;
@@ -114,13 +113,13 @@ import com.cloud.vm.VirtualMachineProfile;
public class CiscoVnmcElement extends AdapterBase implements SourceNatServiceProvider, FirewallServiceProvider,
PortForwardingServiceProvider, IpDeployer, StaticNatServiceProvider, ResourceStateAdapter, NetworkElement,
CiscoVnmcElementService, CiscoAsa1000vService {
- private static final Logger s_logger = Logger.getLogger(CiscoVnmcElement.class);
+ private static final Logger s_logger = Logger.getLogger(CiscoVnmcElement.class);
private static final Map<Service, Map<Capability, String>> capabilities = setCapabilities();
@Inject
AgentManager _agentMgr;
@Inject
- ResourceManager _resourceMgr;
+ ResourceManager _resourceMgr;
@Inject
ConfigurationManager _configMgr;
@Inject
@@ -155,7 +154,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
return false; //TODO: should handle VxLAN as well
}
- return true;
+ return true;
}
@Override
@@ -212,7 +211,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
}
private boolean configureSourceNat(long vlanId, String guestCidr,
- PublicIp sourceNatIp, long hostId) {
+ PublicIp sourceNatIp, long hostId) {
boolean add = (sourceNatIp.getState() == IpAddress.State.Releasing ? false : true);
IpAddressTO ip = new IpAddressTO(sourceNatIp.getAccountId(), sourceNatIp.getAddress().addr(), add, false,
sourceNatIp.isSourceNat(), sourceNatIp.getVlanTag(), sourceNatIp.getGateway(), sourceNatIp.getNetmask(), sourceNatIp.getMacAddress(),
@@ -230,7 +229,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
}
private boolean associateAsaWithLogicalEdgeFirewall(long vlanId,
- String asaMgmtIp, long hostId) {
+ String asaMgmtIp, long hostId) {
AssociateAsaWithLogicalEdgeFirewallCommand cmd =
new AssociateAsaWithLogicalEdgeFirewallCommand(vlanId, asaMgmtIp);
Answer answer = _agentMgr.easySend(hostId, cmd);
@@ -239,9 +238,9 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
@Override
public boolean implement(Network network, NetworkOffering offering,
- DeployDestination dest, ReservationContext context)
- throws ConcurrentOperationException, ResourceUnavailableException,
- InsufficientCapacityException {
+ DeployDestination dest, ReservationContext context)
+ throws ConcurrentOperationException, ResourceUnavailableException,
+ InsufficientCapacityException {
DataCenter zone = _configMgr.getZone(network.getDataCenterId());
if (zone.getNetworkType() == NetworkType.Basic) {
@@ -280,13 +279,13 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
List<CiscoAsa1000vDeviceVO> asaList = _ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
if (asaList.isEmpty()) {
s_logger.debug("No Cisco ASA 1000v device on network " + network.getName());
- return false;
+ return false;
}
NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
if (asaForNetwork != null) {
s_logger.debug("Cisco ASA 1000v device already associated with network " + network.getName());
- return true;
+ return true;
}
if (!_networkMgr.isProviderSupportServiceInNetwork(network.getId(), Service.SourceNat, Provider.CiscoVnmc)) {
@@ -294,13 +293,13 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
return false;
}
- Transaction txn = Transaction.currentTxn();
- boolean status = false;
+ Transaction txn = Transaction.currentTxn();
+ boolean status = false;
try {
- txn.start();
+ txn.start();
// ensure that there is an ASA 1000v assigned to this network
- CiscoAsa1000vDevice assignedAsa = assignAsa1000vToNetwork(network);
+ CiscoAsa1000vDevice assignedAsa = assignAsa1000vToNetwork(network);
if (assignedAsa == null) {
s_logger.error("Unable to assign ASA 1000v device to network " + network.getName());
return false;
@@ -354,84 +353,84 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
return true;
}
- @Override
- public boolean prepare(Network network, NicProfile nic,
- VirtualMachineProfile<? extends VirtualMachine> vm,
- DeployDestination dest, ReservationContext context)
- throws ConcurrentOperationException, ResourceUnavailableException,
- InsufficientCapacityException {
- //Ensure that there is an ASA 1000v assigned to this network
- return true;
- }
-
- @Override
- public boolean release(Network network, NicProfile nic,
- VirtualMachineProfile<? extends VirtualMachine> vm,
- ReservationContext context) throws ConcurrentOperationException,
- ResourceUnavailableException {
- // TODO Auto-generated method stub
- return false;
- }
-
- @Override
- public boolean shutdown(Network network, ReservationContext context,
- boolean cleanup) throws ConcurrentOperationException,
- ResourceUnavailableException {
- // TODO Auto-generated method stub
- return false;
- }
-
- @Override
- public boolean isReady(PhysicalNetworkServiceProvider provider) {
- // TODO Auto-generated method stub
- return false;
- }
-
- @Override
- public boolean shutdownProviderInstances(
- PhysicalNetworkServiceProvider provider, ReservationContext context)
- throws ConcurrentOperationException, ResourceUnavailableException {
- // TODO Auto-generated method stub
- return false;
- }
-
- @Override
- public boolean canEnableIndividualServices() {
- return true;
- }
-
- @Override
- public boolean verifyServicesCombination(Set<Service> services) {
+ @Override
+ public boolean prepare(Network network, NicProfile nic,
+ VirtualMachineProfile<? extends VirtualMachine> vm,
+ DeployDestination dest, ReservationContext context)
+ throws ConcurrentOperationException, ResourceUnavailableException,
+ InsufficientCapacityException {
+ //Ensure that there is an ASA 1000v assigned to this network
+ return true;
+ }
+
+ @Override
+ public boolean release(Network network, NicProfile nic,
+ VirtualMachineProfile<? extends VirtualMachine> vm,
+ ReservationContext context) throws ConcurrentOperationException,
+ ResourceUnavailableException {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean shutdown(Network network, ReservationContext context,
+ boolean cleanup) throws ConcurrentOperationException,
+ ResourceUnavailableException {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isReady(PhysicalNetworkServiceProvider provider) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean shutdownProviderInstances(
+ PhysicalNetworkServiceProvider provider, ReservationContext context)
+ throws ConcurrentOperationException, ResourceUnavailableException {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean canEnableIndividualServices() {
+ return true;
+ }
+
+ @Override
+ public boolean verifyServicesCombination(Set<Service> services) {
if (!services.contains(Service.Firewall)) {
s_logger.warn("CiscoVnmc must be used as Firewall Service Provider in the network");
return false;
}
return true;
- }
-
- @Override
- public boolean applyFWRules(Network network,
- List<? extends FirewallRule> rules)
- throws ResourceUnavailableException {
- // TODO Auto-generated method stub
- return false;
- }
-
- @Override
- public boolean destroy(Network network, ReservationContext context)
- throws ConcurrentOperationException, ResourceUnavailableException {
- // TODO Auto-generated method stub
- return false;
- }
-
- @Override
- public List<Class<?>> getCommands() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public CiscoVnmcController addCiscoVnmcResource(AddCiscoVnmcResourceCmd cmd) {
+ }
+
+ @Override
+ public boolean applyFWRules(Network network,
+ List<? extends FirewallRule> rules)
+ throws ResourceUnavailableException {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean destroy(Network network, ReservationContext context)
+ throws ConcurrentOperationException, ResourceUnavailableException {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public List<Class<?>> getCommands() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public CiscoVnmcController addCiscoVnmcResource(AddCiscoVnmcResourceCmd cmd) {
String deviceName = Provider.CiscoVnmc.getName();
NetworkDevice networkDevice = NetworkDevice.getNetworkDevice(deviceName);
Long physicalNetworkId = cmd.getPhysicalNetworkId();
@@ -469,7 +468,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
Map<String, Object> hostdetails = new HashMap<String,Object>();
hostdetails.putAll(params);
- ServerResource resource = new CiscoVnmcResource();
+ ServerResource resource = new CiscoVnmcResource();
Transaction txn = Transaction.currentTxn();
try {
resource.configure(cmd.getHost(), hostdetails);
@@ -495,114 +494,114 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
}
}
- @Override
- public CiscoVnmcResourceResponse createCiscoVnmcResourceResponse(
- CiscoVnmcController ciscoVnmcResourceVO) {
- HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcResourceVO.getHostId());
-
- CiscoVnmcResourceResponse response = new CiscoVnmcResourceResponse();
- response.setId(ciscoVnmcResourceVO.getUuid());
- response.setPhysicalNetworkId(ciscoVnmcResourceVO.getPhysicalNetworkId());
- response.setProviderName(ciscoVnmcResourceVO.getProviderName());
- response.setResourceName(ciscoVnmcHost.getName());
-
- return response;
- }
-
- @Override
- public boolean deleteCiscoVnmcResource(DeleteCiscoVnmcResourceCmd cmd) {
- // TODO Auto-generated method stub
- return false;
- }
-
- @Override
- public List<CiscoVnmcControllerVO> listCiscoVnmcResources(
- ListCiscoVnmcResourcesCmd cmd) {
- Long physicalNetworkId = cmd.getPhysicalNetworkId();
- Long ciscoVnmcResourceId = cmd.getCiscoVnmcResourceId();
- List<CiscoVnmcControllerVO> responseList = new ArrayList<CiscoVnmcControllerVO>();
-
- if (physicalNetworkId == null && ciscoVnmcResourceId == null) {
- throw new InvalidParameterValueException("Either physical network Id or vnmc device Id must be specified");
- }
-
- if (ciscoVnmcResourceId != null) {
- CiscoVnmcControllerVO ciscoVnmcResource = _ciscoVnmcDao.findById(ciscoVnmcResourceId);
- if (ciscoVnmcResource == null) {
- throw new InvalidParameterValueException("Could not find Cisco Vnmc device with id: " + ciscoVnmcResource);
- }
- responseList.add(ciscoVnmcResource);
- }
- else {
- PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
- if (physicalNetwork == null) {
- throw new InvalidParameterValueException("Could not find a physical network with id: " + physicalNetworkId);
- }
- responseList = _ciscoVnmcDao.listByPhysicalNetwork(physicalNetworkId);
- }
-
- return responseList;
- }
-
- @Override
- public IpDeployer getIpDeployer(Network network) {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public boolean applyPFRules(Network network, List<PortForwardingRule> rules)
- throws ResourceUnavailableException {
- // TODO Auto-generated method stub
- return false;
- }
-
- @Override
- public boolean applyStaticNats(Network config,
- List<? extends StaticNat> rules)
- throws ResourceUnavailableException {
- // TODO Auto-generated method stub
- return false;
- }
-
- @Override
- public boolean applyIps(Network network,
- List<? extends PublicIpAddress> ipAddress, Set<Service> services)
- throws ResourceUnavailableException {
- // TODO Auto-generated method stub
- return false;
- }
-
- @Override
- public HostVO createHostVOForConnectedAgent(HostVO host,
- StartupCommand[] cmd) {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public HostVO createHostVOForDirectConnectAgent(HostVO host,
- StartupCommand[] startup, ServerResource resource,
- Map<String, String> details, List<String> hostTags) {
+ @Override
+ public CiscoVnmcResourceResponse createCiscoVnmcResourceResponse(
+ CiscoVnmcController ciscoVnmcResourceVO) {
+ HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcResourceVO.getHostId());
+
+ CiscoVnmcResourceResponse response = new CiscoVnmcResourceResponse();
+ response.setId(ciscoVnmcResourceVO.getUuid());
+ response.setPhysicalNetworkId(ciscoVnmcResourceVO.getPhysicalNetworkId());
+ response.setProviderName(ciscoVnmcResourceVO.getProviderName());
+ response.setResourceName(ciscoVnmcHost.getName());
+
+ return response;
+ }
+
+ @Override
+ public boolean deleteCiscoVnmcResource(DeleteCiscoVnmcResourceCmd cmd) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public List<CiscoVnmcControllerVO> listCiscoVnmcResources(
+ ListCiscoVnmcResourcesCmd cmd) {
+ Long physicalNetworkId = cmd.getPhysicalNetworkId();
+ Long ciscoVnmcResourceId = cmd.getCiscoVnmcResourceId();
+ List<CiscoVnmcControllerVO> responseList = new ArrayList<CiscoVnmcControllerVO>();
+
+ if (physicalNetworkId == null && ciscoVnmcResourceId == null) {
+ throw new InvalidParameterValueException("Either physical network Id or vnmc device Id must be specified");
+ }
+
+ if (ciscoVnmcResourceId != null) {
+ CiscoVnmcControllerVO ciscoVnmcResource = _ciscoVnmcDao.findById(ciscoVnmcResourceId);
+ if (ciscoVnmcResource == null) {
+ throw new InvalidParameterValueException("Could not find Cisco Vnmc device with id: " + ciscoVnmcResource);
+ }
+ responseList.add(ciscoVnmcResource);
+ }
+ else {
+ PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
+ if (physicalNetwork == null) {
+ throw new InvalidParameterValueException("Could not find a physical network with id: " + physicalNetworkId);
+ }
+ responseList = _ciscoVnmcDao.listByPhysicalNetwork(physicalNetworkId);
+ }
+
+ return responseList;
+ }
+
+ @Override
+ public IpDeployer getIpDeployer(Network network) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean applyPFRules(Network network, List<PortForwardingRule> rules)
+ throws ResourceUnavailableException {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean applyStaticNats(Network config,
+ List<? extends StaticNat> rules)
+ throws ResourceUnavailableException {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean applyIps(Network network,
+ List<? extends PublicIpAddress> ipAddress, Set<Service> services)
+ throws ResourceUnavailableException {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public HostVO createHostVOForConnectedAgent(HostVO host,
+ StartupCommand[] cmd) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public HostVO createHostVOForDirectConnectAgent(HostVO host,
+ StartupCommand[] startup, ServerResource resource,
+ Map<String, String> details, List<String> hostTags) {
if (!(startup[0] instanceof StartupExternalFirewallCommand)) {
return null;
}
host.setType(Host.Type.ExternalFirewall);
return host;
- }
+ }
- @Override
- public DeleteHostAnswer deleteHost(HostVO host, boolean isForced,
- boolean isForceDeleteStorage) throws UnableDeleteHostException {
+ @Override
+ public DeleteHostAnswer deleteHost(HostVO host, boolean isForced,
+ boolean isForceDeleteStorage) throws UnableDeleteHostException {
if (host.getType() != com.cloud.host.Host.Type.ExternalFirewall) {
return null;
}
return new DeleteHostAnswer(true);
- }
+ }
- @Override
- public CiscoAsa1000vDevice addCiscoAsa1000vResource(
- AddCiscoAsa1000vResourceCmd cmd) {
+ @Override
+ public CiscoAsa1000vDevice addCiscoAsa1000vResource(
+ AddCiscoAsa1000vResourceCmd cmd) {
Long physicalNetworkId = cmd.getPhysicalNetworkId();
CiscoAsa1000vDevice ciscoAsa1000vResource = null;
@@ -615,56 +614,56 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
_ciscoAsa1000vDao.persist((CiscoAsa1000vDeviceVO)ciscoAsa1000vResource);
return ciscoAsa1000vResource;
- }
-
- @Override
- public CiscoAsa1000vResourceResponse createCiscoAsa1000vResourceResponse(
- CiscoAsa1000vDevice ciscoAsa1000vDeviceVO) {
- CiscoAsa1000vResourceResponse response = new CiscoAsa1000vResourceResponse();
- response.setId(ciscoAsa1000vDeviceVO.getUuid());
- response.setManagementIp(ciscoAsa1000vDeviceVO.getManagementIp());
- response.setInPortProfile(ciscoAsa1000vDeviceVO.getInPortProfile());
-
- return response;
- }
-
- @Override
- public boolean deleteCiscoAsa1000vResource(
- DeleteCiscoAsa1000vResourceCmd cmd) {
- // TODO Auto-generated method stub
- return false;
- }
-
- @Override
- public List<CiscoAsa1000vDeviceVO> listCiscoAsa1000vResources(
- ListCiscoAsa1000vResourcesCmd cmd) {
- Long physicalNetworkId = cmd.getPhysicalNetworkId();
- Long ciscoAsa1000vResourceId = cmd.getCiscoAsa1000vResourceId();
- List<CiscoAsa1000vDeviceVO> responseList = new ArrayList<CiscoAsa1000vDeviceVO>();
-
- if (physicalNetworkId == null && ciscoAsa1000vResourceId == null) {
- throw new InvalidParameterValueException("Either physical network Id or Asa 1000v device Id must be specified");
- }
-
- if (ciscoAsa1000vResourceId != null) {
- CiscoAsa1000vDeviceVO ciscoAsa1000vResource = _ciscoAsa1000vDao.findById(ciscoAsa1000vResourceId);
- if (ciscoAsa1000vResource == null) {
- throw new InvalidParameterValueException("Could not find Cisco Asa 1000v device with id: " + ciscoAsa1000vResourceId);
- }
- responseList.add(ciscoAsa1000vResource);
- } else {
- PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
- if (physicalNetwork == null) {
- throw new InvalidParameterValueException("Could not find a physical network with id: " + physicalNetworkId);
- }
- responseList = _ciscoAsa1000vDao.listByPhysicalNetwork(physicalNetworkId);
- }
-
- return responseList;
- }
-
- @Override
- public CiscoAsa1000vDevice assignAsa1000vToNetwork(Network network) {
+ }
+
+ @Override
+ public CiscoAsa1000vResourceResponse createCiscoAsa1000vResourceResponse(
+ CiscoAsa1000vDevice ciscoAsa1000vDeviceVO) {
+ CiscoAsa1000vResourceResponse response = new CiscoAsa1000vResourceResponse();
+ response.setId(ciscoAsa1000vDeviceVO.getUuid());
+ response.setManagementIp(ciscoAsa1000vDeviceVO.getManagementIp());
+ response.setInPortProfile(ciscoAsa1000vDeviceVO.getInPortProfile());
+
+ return response;
+ }
+
+ @Override
+ public boolean deleteCiscoAsa1000vResource(
+ DeleteCiscoAsa1000vResourceCmd cmd) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public List<CiscoAsa1000vDeviceVO> listCiscoAsa1000vResources(
+ ListCiscoAsa1000vResourcesCmd cmd) {
+ Long physicalNetworkId = cmd.getPhysicalNetworkId();
+ Long ciscoAsa1000vResourceId = cmd.getCiscoAsa1000vResourceId();
+ List<CiscoAsa1000vDeviceVO> responseList = new ArrayList<CiscoAsa1000vDeviceVO>();
+
+ if (physicalNetworkId == null && ciscoAsa1000vResourceId == null) {
+ throw new InvalidParameterValueException("Either physical network Id or Asa 1000v device Id must be specified");
+ }
+
+ if (ciscoAsa1000vResourceId != null) {
+ CiscoAsa1000vDeviceVO ciscoAsa1000vResource = _ciscoAsa1000vDao.findById(ciscoAsa1000vResourceId);
+ if (ciscoAsa1000vResource == null) {
+ throw new InvalidParameterValueException("Could not find Cisco Asa 1000v device with id: " + ciscoAsa1000vResourceId);
+ }
+ responseList.add(ciscoAsa1000vResource);
+ } else {
+ PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
+ if (physicalNetwork == null) {
+ throw new InvalidParameterValueException("Could not find a physical network with id: " + physicalNetworkId);
+ }
+ responseList = _ciscoAsa1000vDao.listByPhysicalNetwork(physicalNetworkId);
+ }
+
+ return responseList;
+ }
+
+ @Override
+ public CiscoAsa1000vDevice assignAsa1000vToNetwork(Network network) {
List<CiscoAsa1000vDeviceVO> asaList = _ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
for (CiscoAsa1000vDeviceVO asa : asaList) {
NetworkAsa1000vMapVO assignedToNetwork = _networkAsa1000vMapDao.findByAsa1000vId(asa.getId());
@@ -672,7 +671,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
NetworkAsa1000vMapVO networkAsaMap = new NetworkAsa1000vMapVO(network.getId(), asa.getId());
_networkAsa1000vMapDao.persist(networkAsaMap);
return asa;
- }
+ }
}
return null;
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1e38515f/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
index 83d0588..3e58398 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
@@ -42,9 +42,11 @@ import com.cloud.agent.api.StartupExternalFirewallCommand;
import com.cloud.agent.api.routing.IpAssocAnswer;
import com.cloud.agent.api.routing.IpAssocCommand;
import com.cloud.agent.api.routing.NetworkElementCommand;
+import com.cloud.agent.api.routing.SetFirewallRulesCommand;
import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
import com.cloud.agent.api.routing.SetSourceNatCommand;
import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
+import com.cloud.agent.api.to.FirewallRuleTO;
import com.cloud.host.Host;
import com.cloud.network.cisco.CiscoVnmcConnectionImpl;
import com.cloud.resource.ServerResource;
@@ -71,7 +73,7 @@ public class CiscoVnmcResource implements ServerResource{
private String _publicInterface;
private String _privateInterface;
- CiscoVnmcConnectionImpl _connection;
+ CiscoVnmcConnectionImpl _connection;
private final Logger s_logger = Logger.getLogger(CiscoVnmcResource.class);
@@ -84,6 +86,8 @@ public class CiscoVnmcResource implements ServerResource{
return execute((IpAssocCommand) cmd);
} else if (cmd instanceof SetSourceNatCommand) {
return execute((SetSourceNatCommand) cmd);
+ } else if (cmd instanceof SetFirewallRulesCommand) {
+ return execute((SetFirewallRulesCommand) cmd);
} else if (cmd instanceof SetStaticNatRulesCommand) {
return execute((SetStaticNatRulesCommand) cmd);
} else if (cmd instanceof SetPortForwardingRulesCommand) {
@@ -93,9 +97,9 @@ public class CiscoVnmcResource implements ServerResource{
} else if (cmd instanceof CreateLogicalEdgeFirewallCommand) {
return execute((CreateLogicalEdgeFirewallCommand)cmd);
} else if (cmd instanceof ConfigureNexusVsmForAsaCommand) {
- return execute((ConfigureNexusVsmForAsaCommand)cmd);
+ return execute((ConfigureNexusVsmForAsaCommand)cmd);
} else if (cmd instanceof AssociateAsaWithLogicalEdgeFirewallCommand) {
- return execute((AssociateAsaWithLogicalEdgeFirewallCommand)cmd);
+ return execute((AssociateAsaWithLogicalEdgeFirewallCommand)cmd);
} else {
return Answer.createUnsupportedCommandAnswer(cmd);
}
@@ -131,7 +135,7 @@ public class CiscoVnmcResource implements ServerResource{
_password = (String) params.get("password");
if (_password == null) {
throw new ConfigurationException("Unable to find password");
- }
+ }
_publicInterface = (String) params.get("publicinterface");
if (_publicInterface == null) {
@@ -232,7 +236,7 @@ public class CiscoVnmcResource implements ServerResource{
}
private ExternalNetworkResourceUsageAnswer execute(ExternalNetworkResourceUsageCommand cmd) {
- return new ExternalNetworkResourceUsageAnswer(cmd);
+ return new ExternalNetworkResourceUsageAnswer(cmd);
}
/*
@@ -243,13 +247,13 @@ public class CiscoVnmcResource implements ServerResource{
try {
ret = _connection.login();
} catch (ExecutionException ex) {
- s_logger.error("Login to Vnmc failed", ex);
+ s_logger.error("Login to Vnmc failed", ex);
}
return ret;
}
private synchronized Answer execute(IpAssocCommand cmd) {
- refreshVnmcConnection();
+ refreshVnmcConnection();
return execute(cmd, _numRetries);
}
@@ -262,17 +266,17 @@ public class CiscoVnmcResource implements ServerResource{
* Source NAT
*/
private synchronized Answer execute(SetSourceNatCommand cmd) {
- refreshVnmcConnection();
+ refreshVnmcConnection();
return execute(cmd, _numRetries);
}
private Answer execute(SetSourceNatCommand cmd, int numRetries) {
- String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
+ String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
String tenant = "vlan-" + vlanId;
try {
// create-nat-policy-set
if (!_connection.createTenantVDCNatPolicySet(tenant)) {
- throw new Exception("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId);
+ throw new Exception("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId);
}
// create-source-nat-pool
@@ -305,10 +309,65 @@ public class CiscoVnmcResource implements ServerResource{
}
/*
+ * Firewall rule
+ */
+ private synchronized Answer execute(SetFirewallRulesCommand cmd) {
+ refreshVnmcConnection();
+ return execute(cmd, _numRetries);
+ }
+
+ private Answer execute(SetFirewallRulesCommand cmd, int numRetries) {
+ String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
+ String tenant = "vlan-" + vlanId;
+ try {
+ // create-acl-policy-set for ingress
+ _connection.createTenantVDCAclPolicySet(tenant, true);
+
+ // delete-acl-policy for ingress
+ _connection.deleteTenantVDCAclPolicy(tenant, true);
+ // delete-acl-policy for egress
+
+ // create-acl-policy for ingress
+ _connection.createTenantVDCAclPolicy(tenant, true);
+
+ // create-acl-policy-set for egress
+ // create-acl-policy for egress
+
+ FirewallRuleTO[] rules = cmd.getRules();
+ for (FirewallRuleTO rule : rules) {
+ if (rule.revoked()) {
+ // delete-acl-rule
+ //_connection.deleteAclRule(tenant, Long.toString(rule.getId()));
+ } else {
+ String cidr = rule.getSourceCidrList().get(0);
+ String[] result = cidr.split("\\/");
+ assert (result.length == 2) : "Something is wrong with source cidr " + cidr;
+ long size = Long.valueOf(result[1]);
+ String startIp = NetUtils.getIpRangeStartIpFromCidr(result[0], size);
+ String endIp = NetUtils.getIpRangeEndIpFromCidr(result[0], size);
+ // create-ingress-acl-rule
+ _connection.createIngressAclRule(tenant,
+ Long.toString(rule.getId()), rule.getProtocol().toUpperCase(), startIp, endIp,
+ Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), rule.getSrcIp());
+ }
+ }
+
+ // associate-acl-policy-set
+ _connection.associateAclPolicySet(tenant);
+ } catch (Throwable e) {
+ String msg = "SetFirewallRulesCommand failed due to " + e.getMessage();
+ s_logger.error(msg, e);
+ return new Answer(cmd, false, msg);
+ }
+
+ return new Answer(cmd);
+ }
+
+ /*
* Static NAT
*/
private synchronized Answer execute(SetStaticNatRulesCommand cmd) {
- refreshVnmcConnection();
+ refreshVnmcConnection();
return execute(cmd, _numRetries);
}
@@ -320,7 +379,7 @@ public class CiscoVnmcResource implements ServerResource{
* Destination NAT
*/
private synchronized Answer execute(SetPortForwardingRulesCommand cmd) {
- refreshVnmcConnection();
+ refreshVnmcConnection();
return execute(cmd, _numRetries);
}
@@ -332,7 +391,7 @@ public class CiscoVnmcResource implements ServerResource{
* Logical edge firewall
*/
private synchronized Answer execute(CreateLogicalEdgeFirewallCommand cmd) {
- refreshVnmcConnection();
+ refreshVnmcConnection();
return execute(cmd, _numRetries);
}
@@ -341,19 +400,19 @@ public class CiscoVnmcResource implements ServerResource{
try {
// create tenant
if (!_connection.createTenant(tenant))
- throw new Exception("Failed to create tenant in VNMC for guest network with vlan " + cmd.getVlanId());
+ throw new Exception("Failed to create tenant in VNMC for guest network with vlan " + cmd.getVlanId());
// create tenant VDC
if (!_connection.createTenantVDC(tenant))
- throw new Exception("Failed to create tenant VDC in VNMC for guest network with vlan " + cmd.getVlanId());
+ throw new Exception("Failed to create tenant VDC in VNMC for guest network with vlan " + cmd.getVlanId());
// create edge security profile
if (!_connection.createTenantVDCEdgeSecurityProfile(tenant))
- throw new Exception("Failed to create tenant edge security profile in VNMC for guest network with vlan " + cmd.getVlanId());
+ throw new Exception("Failed to create tenant edge security profile in VNMC for guest network with vlan " + cmd.getVlanId());
// create logical edge firewall
if (!_connection.createEdgeFirewall(tenant, cmd.getPublicIp(), cmd.getInternalIp(), cmd.getPublicSubnet(), cmd.getInternalSubnet()))
- throw new Exception("Failed to create edge firewall in VNMC for guest network with vlan " + cmd.getVlanId());
+ throw new Exception("Failed to create edge firewall in VNMC for guest network with vlan " + cmd.getVlanId());
} catch (Throwable e) {
String msg = "CreateLogicalEdgeFirewallCommand failed due to " + e.getMessage();
s_logger.error(msg, e);
@@ -371,7 +430,7 @@ public class CiscoVnmcResource implements ServerResource{
}
private Answer execute(ConfigureNexusVsmForAsaCommand cmd, int numRetries) {
- String vlanId = Long.toString(cmd.getVlanId());
+ String vlanId = Long.toString(cmd.getVlanId());
NetconfHelper helper = null;
List<Pair<OperationType, String>> params = new ArrayList<Pair<OperationType, String>>();
params.add(new Pair<OperationType, String>(OperationType.addvlanid, vlanId));
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/1e38515f/plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java
index d116a52..9325951 100644
--- a/plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java
+++ b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java
@@ -30,229 +30,215 @@ import com.cloud.utils.exception.ExecutionException;
@Ignore("Requires actual VNMC to connect to")
public class CiscoVnmcConnectionTest {
- static CiscoVnmcConnectionImpl connection;
- static String tenantName = "TenantE";
- static Map<String, String> fwDns = null;
-
- @BeforeClass
- public static void setUpClass() throws Exception {
- connection = new CiscoVnmcConnectionImpl("10.223.56.5", "admin", "C1sco123");
- try {
- boolean response = connection.login();
- assertTrue(response);
- } catch (ExecutionException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
+ static CiscoVnmcConnectionImpl connection;
+ static String tenantName = "TenantE";
+ static Map<String, String> fwDns = null;
-
- @Test
- public void testLogin() {
- //fail("Not yet implemented");
- try {
- boolean response = connection.login();
- assertTrue(response);
- } catch (ExecutionException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
+ @BeforeClass
+ public static void setUpClass() throws Exception {
+ connection = new CiscoVnmcConnectionImpl("10.223.56.5", "admin", "C1sco123");
+ try {
+ boolean response = connection.login();
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
-
- @Test
- public void testCreateTenant() {
- //fail("Not yet implemented");
- try {
- boolean response = connection.createTenant(tenantName);
- assertTrue(response);
- } catch (ExecutionException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
-
- @Test
- public void testCreateTenantVDC() {
- //fail("Not yet implemented");
- try {
- boolean response = connection.createTenantVDC(tenantName);
- assertTrue(response);
- } catch (ExecutionException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
-
- @Test
- public void testCreateTenantVDCEdgeDeviceProfile() {
- //fail("Not yet implemented");
- try {
- boolean response = connection.createTenantVDCEdgeDeviceProfile(tenantName);
- assertTrue(response);
- } catch (ExecutionException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
-
- @Test
- public void testCreateTenantVDCEdgeDeviceRoutePolicy() {
- try {
- boolean response = connection.createTenantVDCEdgeStaticRoutePolicy(tenantName);
- assertTrue(response);
- } catch (ExecutionException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
-
- @Test
- public void testCreateTenantVDCEdgeDeviceRoute() {
- try {
- boolean response = connection.createTenantVDCEdgeStaticRoute(tenantName,
- "10.223.136.1", "Edge_Outside", "0.0.0.0", "0.0.0.0");
- assertTrue(response);
- } catch (ExecutionException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
-
- @Test
- public void testAssociateRoutePolicyWithEdgeProfile() {
- try {
- boolean response = connection.associateTenantVDCEdgeStaticRoutePolicy(tenantName);
- assertTrue(response);
- } catch (ExecutionException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
-
- @Test
- public void testAssociateTenantVDCEdgeDhcpPolicy() {
- try {
- boolean response = connection.associateTenantVDCEdgeDhcpPolicy(tenantName, "Edge_Inside");
- assertTrue(response);
- } catch (ExecutionException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
-
- @Test
- public void testCreateTenantVDCEdgeDhcpPolicy() {
- try {
- boolean response = connection.createTenantVDCEdgeDhcpPolicy(tenantName,
- "10.1.1.2", "10.1.1.254", "255.255.255.0","4.4.4.4", tenantName+ ".net");
- assertTrue(response);
- } catch (ExecutionException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
-
- @Test
- public void testCreateTenantVDCEdgeSecurityProfile() {
- try {
- boolean response = connection.createTenantVDCEdgeSecurityProfile(tenantName);
- assertTrue(response);
- } catch (ExecutionException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
-
- @Test
- public void testCreateTenantVDCSourceNATPool() {
- try {
- boolean response = connection.createTenantVDCSourceNATPool(tenantName, "10.223.136.10");
- assertTrue(response);
- } catch (ExecutionException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
-
- @Test
- public void testCreateTenantVDCSourceNATPolicy() {
- try {
- boolean response = connection.createTenantVDCSourceNATPolicy(tenantName, "10.1.1.2", "10.1.1.254");
- assertTrue(response);
- } catch (ExecutionException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
-
- @Test
- public void testCreateTenantVDCNatPolicySet() {
- try {
- boolean response = connection.createTenantVDCNatPolicySet(tenantName);
- assertTrue(response);
- } catch (ExecutionException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
-
- @Test
- public void testAssociateNatPolicySet() {
- try {
- boolean response = connection.associateNatPolicySet(tenantName);
- assertTrue(response);
- } catch (ExecutionException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
-
- @Test
- public void testCreateEdgeFirewall() {
- try {
- boolean response = connection.createEdgeFirewall(tenantName,
- "44.44.44.44", "192.168.1.1", "255.255.255.0", "255.255.255.192");
- assertTrue(response);
- } catch (ExecutionException e) {
- e.printStackTrace();
- }
- }
-
- @Test
- public void testListUnassocAsa1000v() {
- try {
- Map<String, String> response = connection.listUnAssocAsa1000v();
- assertTrue(response.size() >=0);
- fwDns = response;
- } catch (ExecutionException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
-
- @Test
- public void assocAsa1000v() {
- try {
- boolean result = connection.assocAsa1000v(tenantName, fwDns.get(0));
- assertTrue(result);
- } catch (ExecutionException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
+
+ @Test
+ public void testLogin() {
+ //fail("Not yet implemented");
+ try {
+ boolean response = connection.login();
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+
+ @Test
+ public void testCreateTenant() {
+ //fail("Not yet implemented");
+ try {
+ boolean response = connection.createTenant(tenantName);
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ @Test
+ public void testCreateTenantVDC() {
+ //fail("Not yet implemented");
+ try {
+ boolean response = connection.createTenantVDC(tenantName);
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ @Test
+ public void testCreateTenantVDCEdgeDeviceProfile() {
+ //fail("Not yet implemented");
+ try {
+ boolean response = connection.createTenantVDCEdgeDeviceProfile(tenantName);
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ @Test
+ public void testCreateTenantVDCEdgeDeviceRoutePolicy() {
+ try {
+ boolean response = connection.createTenantVDCEdgeStaticRoutePolicy(tenantName);
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ @Test
+ public void testCreateTenantVDCEdgeDeviceRoute() {
+ try {
+ boolean response = connection.createTenantVDCEdgeStaticRoute(tenantName,
+ "10.223.136.1", "Edge_Outside", "0.0.0.0", "0.0.0.0");
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ @Test
+ public void testAssociateRoutePolicyWithEdgeProfile() {
+ try {
+ boolean response = connection.associateTenantVDCEdgeStaticRoutePolicy(tenantName);
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ @Test
+ public void testAssociateTenantVDCEdgeDhcpPolicy() {
+ try {
+ boolean response = connection.associateTenantVDCEdgeDhcpPolicy(tenantName, "Edge_Inside");
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ @Test
+ public void testCreateTenantVDCEdgeDhcpPolicy() {
+ try {
+ boolean response = connection.createTenantVDCEdgeDhcpPolicy(tenantName,
+ "10.1.1.2", "10.1.1.254", "255.255.255.0","4.4.4.4", tenantName+ ".net");
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ @Test
+ public void testCreateTenantVDCEdgeSecurityProfile() {
+ try {
+ boolean response = connection.createTenantVDCEdgeSecurityProfile(tenantName);
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ @Test
+ public void testCreateTenantVDCSourceNATPool() {
+ try {
+ boolean response = connection.createTenantVDCSourceNATPool(tenantName, "10.223.136.10");
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ @Test
+ public void testCreateTenantVDCSourceNATPolicy() {
+ try {
+ boolean response = connection.createTenantVDCSourceNATPolicy(tenantName, "10.1.1.2", "10.1.1.254");
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ @Test
+ public void testCreateTenantVDCNatPolicySet() {
+ try {
+ boolean response = connection.createTenantVDCNatPolicySet(tenantName);
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ @Test
+ public void testAssociateNatPolicySet() {
+ try {
+ boolean response = connection.associateNatPolicySet(tenantName);
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ @Test
+ public void testCreateEdgeFirewall() {
+ try {
+ boolean response = connection.createEdgeFirewall(tenantName,
+ "44.44.44.44", "192.168.1.1", "255.255.255.0", "255.255.255.192");
+ assertTrue(response);
+ } catch (ExecutionException e) {
+ e.printStackTrace();
+ }
+ }
+
+ @Test
+ public void testListUnassocAsa1000v() {
+ try {
+ Map<String, String> response = connection.listUnAssocAsa1000v();
+ assertTrue(response.size() >=0);
+ fwDns = response;
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ @Test
+ public void assocAsa1000v() {
+ try {
+ boolean result = connection.assocAsa1000v(tenantName, fwDns.get(0));
+ assertTrue(result);
+ } catch (ExecutionException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
}