You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by pe...@apache.org on 2023/10/26 13:26:43 UTC
[cloudstack] branch nsx-static-nat updated: fix adding multiple pf rules
This is an automated email from the ASF dual-hosted git repository.
pearl11594 pushed a commit to branch nsx-static-nat
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/nsx-static-nat by this push:
new b47b99b142c fix adding multiple pf rules
b47b99b142c is described below
commit b47b99b142ce4e3a1724bafbabefa0771f97be05
Author: Pearl Dsilva <pe...@gmail.com>
AuthorDate: Thu Oct 26 09:26:31 2023 -0400
fix adding multiple pf rules
---
.../agent/api/DeleteNsxNatRuleCommand.java | 17 +++++++--
.../cloudstack/agent/api/NsxNetworkCommand.java | 9 +++++
.../apache/cloudstack/resource/NsxResource.java | 41 +++++++++++-----------
.../apache/cloudstack/service/NsxApiClient.java | 22 ++++++++++--
.../org/apache/cloudstack/service/NsxElement.java | 2 +-
.../apache/cloudstack/service/NsxServiceImpl.java | 2 +-
6 files changed, 66 insertions(+), 27 deletions(-)
diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/agent/api/DeleteNsxNatRuleCommand.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/agent/api/DeleteNsxNatRuleCommand.java
index 638f1471a70..82ca54d5b0d 100644
--- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/agent/api/DeleteNsxNatRuleCommand.java
+++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/agent/api/DeleteNsxNatRuleCommand.java
@@ -21,10 +21,15 @@ import com.cloud.network.Network;
public class DeleteNsxNatRuleCommand extends NsxNetworkCommand {
private Long ruleId;
private Network.Service service;
+
+ private String privatePort;
+ private String protocol;
public DeleteNsxNatRuleCommand(long domainId, long accountId, long zoneId, Long networkResourceId, String networkResourceName,
- boolean isResourceVpc, Long vmId, Long ruleId, String publicIp, String vmIp) {
- super(domainId, accountId, zoneId, networkResourceId, networkResourceName, isResourceVpc, vmId, publicIp, vmIp);
+ boolean isResourceVpc, Long vmId, Long ruleId, String privatePort, String protocol) {
+ super(domainId, accountId, zoneId, networkResourceId, networkResourceName, isResourceVpc, vmId);
this.ruleId = ruleId;
+ this.privatePort = privatePort;
+ this.protocol = protocol;
}
public Long getRuleId() {
@@ -38,4 +43,12 @@ public class DeleteNsxNatRuleCommand extends NsxNetworkCommand {
public void setService(Network.Service service) {
this.service = service;
}
+
+ public String getPrivatePort() {
+ return privatePort;
+ }
+
+ public String getProtocol() {
+ return protocol;
+ }
}
diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/agent/api/NsxNetworkCommand.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/agent/api/NsxNetworkCommand.java
index b29f6f62347..e5f49af9c17 100644
--- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/agent/api/NsxNetworkCommand.java
+++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/agent/api/NsxNetworkCommand.java
@@ -37,6 +37,15 @@ public class NsxNetworkCommand extends NsxCommand {
this.vmIp = vmIp;
}
+ public NsxNetworkCommand(long domainId, long accountId, long zoneId, Long networkResourceId, String networkResourceName,
+ boolean isResourceVpc, Long vmId) {
+ super(domainId, accountId, zoneId);
+ this.networkResourceId = networkResourceId;
+ this.networkResourceName = networkResourceName;
+ this.isResourceVpc = isResourceVpc;
+ this.vmId = vmId;
+ }
+
public Long getNetworkResourceId() {
return networkResourceId;
}
diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/resource/NsxResource.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/resource/NsxResource.java
index 0b32ac517ab..2a375bcd483 100644
--- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/resource/NsxResource.java
+++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/resource/NsxResource.java
@@ -361,26 +361,6 @@ public class NsxResource implements ServerResource {
return new NsxAnswer(cmd, true, null);
}
- private NsxAnswer executeRequest(DeleteNsxNatRuleCommand cmd) {
- String ruleName = null;
- if (cmd.getService() == Network.Service.StaticNat) {
- ruleName = NsxControllerUtils.getStaticNatRuleName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(),
- cmd.getNetworkResourceId(), cmd.isResourceVpc());
- } else if (cmd.getService() == Network.Service.PortForwarding) {
- ruleName = NsxControllerUtils.getPortForwardRuleName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(),
- cmd.getNetworkResourceId(), cmd.getRuleId(), cmd.isResourceVpc());
- }
- String tier1GatewayName = NsxControllerUtils.getTier1GatewayName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(),
- cmd.getNetworkResourceId(), cmd.isResourceVpc());
- try {
- nsxApiClient.deleteNatRule(cmd.getNetworkResourceName(), tier1GatewayName, ruleName);
- } catch (Exception e) {
- LOGGER.error(String.format("Failed to add NSX static NAT rule %s for network: %s", ruleName, cmd.getNetworkResourceName()));
- return new NsxAnswer(cmd, new CloudRuntimeException(e.getMessage()));
- }
- return new NsxAnswer(cmd, true, null);
- }
-
private NsxAnswer executeRequest(CreateNsxPortForwardRuleCommand cmd) {
String ruleName = NsxControllerUtils.getPortForwardRuleName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(),
cmd.getNetworkResourceId(), cmd.getRuleId(), cmd.isResourceVpc());
@@ -400,6 +380,27 @@ public class NsxResource implements ServerResource {
return new NsxAnswer(cmd, true, null);
}
+ private NsxAnswer executeRequest(DeleteNsxNatRuleCommand cmd) {
+ String ruleName = null;
+ if (cmd.getService() == Network.Service.StaticNat) {
+ ruleName = NsxControllerUtils.getStaticNatRuleName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(),
+ cmd.getNetworkResourceId(), cmd.isResourceVpc());
+ } else if (cmd.getService() == Network.Service.PortForwarding) {
+ ruleName = NsxControllerUtils.getPortForwardRuleName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(),
+ cmd.getNetworkResourceId(), cmd.getRuleId(), cmd.isResourceVpc());
+ }
+ String tier1GatewayName = NsxControllerUtils.getTier1GatewayName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(),
+ cmd.getNetworkResourceId(), cmd.isResourceVpc());
+ try {
+ nsxApiClient.deleteNatRule(cmd.getService(), cmd.getPrivatePort(), cmd.getProtocol(),
+ cmd.getNetworkResourceName(), tier1GatewayName, ruleName);
+ } catch (Exception e) {
+ LOGGER.error(String.format("Failed to add NSX static NAT rule %s for network: %s", ruleName, cmd.getNetworkResourceName()));
+ return new NsxAnswer(cmd, new CloudRuntimeException(e.getMessage()));
+ }
+ return new NsxAnswer(cmd, true, null);
+ }
+
@Override
public boolean start() {
return true;
diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java
index 815dad97ea0..534030a6211 100644
--- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java
+++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java
@@ -17,6 +17,7 @@
package org.apache.cloudstack.service;
import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.network.Network;
import com.cloud.utils.exception.CloudRuntimeException;
import com.vmware.nsx.model.TransportZone;
import com.vmware.nsx.model.TransportZoneListResult;
@@ -332,11 +333,18 @@ public class NsxApiClient {
}
}
- public void deleteNatRule(String networkName, String tier1GatewayName, String ruleName) {
+ public void deleteNatRule(Network.Service service, String privatePort, String protocol, String networkName, String tier1GatewayName, String ruleName) {
try {
NatRules natService = (NatRules) nsxService.apply(NatRules.class);
LOGGER.debug(String.format("Deleting NSX static NAT rule %s for tier-1 gateway %s (network: %s)", ruleName, tier1GatewayName, networkName));
+ // delete NAT rule
natService.delete(tier1GatewayName, NatId.USER.name(), ruleName);
+ if (service == Network.Service.PortForwarding) {
+ String svcName = getServiceName(ruleName, privatePort, protocol);
+ // Delete service
+ Services services = (Services) nsxService.apply(Services.class);
+ services.delete(svcName);
+ }
} catch (Error error) {
ApiError ae = error.getData()._convertTo(ApiError.class);
String msg = String.format("Failed to delete NSX Static NAT rule %s for tier-1 gateway %s (VPC: %s), due to %s",
@@ -408,8 +416,8 @@ public class NsxApiClient {
public String createNsxInfraService(String ruleName, String port, String protocol) {
try {
- String serviceEntryName = ruleName + "-SE-" + port;
- String serviceName = ruleName + "-SVC-" + port;
+ String serviceEntryName = getServiceEntryName(ruleName, port, protocol);
+ String serviceName = getServiceName(ruleName, port, protocol);
Services service = (Services) nsxService.apply(Services.class);
com.vmware.nsx_policy.model.Service infraService = new com.vmware.nsx_policy.model.Service.Builder()
.setServiceEntries(List.of(
@@ -448,4 +456,12 @@ public class NsxApiClient {
}
return null;
}
+
+ private String getServiceName(String ruleName, String port, String protocol) {
+ return ruleName + "-SVC-" + port + "-" +protocol;
+ }
+
+ private String getServiceEntryName(String ruleName, String port, String protocol) {
+ return ruleName + "-SE-" + port + "-" + protocol;
+ }
}
diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
index 27c2f67759c..c8ac091485b 100644
--- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
+++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
@@ -523,7 +523,7 @@ public class NsxElement extends AdapterBase implements DhcpServiceProvider, DnsS
.build();
if (rule.getState() == FirewallRule.State.Add) {
return nsxService.createPortForwardRule(networkRule);
- } else {
+ } else if (rule.getState() == FirewallRule.State.Revoke) {
return nsxService.deletePortForwardRule(networkRule);
}
}
diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxServiceImpl.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxServiceImpl.java
index 466b75b78a3..c2aef1404fb 100644
--- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxServiceImpl.java
+++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxServiceImpl.java
@@ -119,7 +119,7 @@ public class NsxServiceImpl implements NsxService {
public boolean deletePortForwardRule(NsxNetworkRule netRule) {
DeleteNsxNatRuleCommand deleteCmd = new DeleteNsxNatRuleCommand(netRule.getDomainId(),
netRule.getAccountId(), netRule.getZoneId(), netRule.getNetworkResourceId(),
- netRule.getNetworkResourceName(), netRule.isVpcResource(), netRule.getVmId(), netRule.getRuleId(), null, null);
+ netRule.getNetworkResourceName(), netRule.isVpcResource(), netRule.getVmId(), netRule.getRuleId(), netRule.getPrivatePort(), netRule.getPublicPort());
deleteCmd.setService(Network.Service.PortForwarding);
NsxAnswer result = nsxControllerUtils.sendNsxCommand(deleteCmd, netRule.getZoneId());
return result.getResult();