private DomainRouterVO getVirtualRouter(Network network) {
    List<DomainRouterVO> routers =
        _routerDao.listByNetworkAndRole(network.getId(), VirtualRouter.Role.VIRTUAL_ROUTER);

    if (routers.isEmpty()) {
      throw new CloudRuntimeException(
          String.format(
              "cannot find any running virtual router on network[id:%s, uuid:%s]",
              network.getId(), network.getUuid()));
    }

    if (routers.size() > 1) {
      throw new CloudRuntimeException(
          String.format("baremetal hasn't supported redundant router yet"));
    }

    DomainRouterVO vr = routers.get(0);
    if (!Hypervisor.HypervisorType.VMware.equals(vr.getHypervisorType())) {
      throw new CloudRuntimeException(
          String.format(
              "baremetal only support vmware virtual router, but get %s", vr.getHypervisorType()));
    }

    return vr;
  }
  @Override
  public NicProfile allocate(
      Network config, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm)
      throws InsufficientVirtualNetworkCapcityException, InsufficientAddressCapacityException {

    if (_networkModel.networkIsConfiguredForExternalNetworking(
            config.getDataCenterId(), config.getId())
        && nic != null
        && nic.getRequestedIpv4() != null) {
      throw new CloudRuntimeException("Does not support custom ip allocation at this time: " + nic);
    }

    NicProfile profile = super.allocate(config, nic, vm);

    boolean _isEnabled = Boolean.parseBoolean(_configDao.getValue(Config.OvsTunnelNetwork.key()));
    if (_isEnabled) {
      return null;
    }

    if (_networkModel.networkIsConfiguredForExternalNetworking(
        config.getDataCenterId(), config.getId())) {
      profile.setStrategy(ReservationStrategy.Start);
      /* We won't clear IP address, because router may set gateway as it IP, and it would be updated properly later */
      // profile.setIp4Address(null);
      profile.setGateway(null);
      profile.setNetmask(null);
    }

    return profile;
  }
  @Override
  public boolean applyLBRules(final Network network, final List<LoadBalancingRule> rules)
      throws ResourceUnavailableException {
    boolean result = true;
    if (canHandle(network, Service.Lb)) {
      if (!canHandleLbRules(rules)) {
        return false;
      }

      final List<DomainRouterVO> routers =
          _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER);
      if (routers == null || routers.isEmpty()) {
        s_logger.debug(
            "Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual "
                + "router doesn't exist in the network "
                + network.getId());
        return true;
      }

      final DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId());
      final NetworkTopology networkTopology = _networkTopologyContext.retrieveNetworkTopology(dcVO);

      for (final DomainRouterVO domainRouterVO : routers) {
        result = result && networkTopology.applyLoadBalancingRules(network, rules, domainRouterVO);
        if (!result) {
          s_logger.debug("Failed to apply load balancing rules in network " + network.getId());
        }
      }
    }
    return result;
  }
  @Override
  public boolean removeVpcRouterFromGuestNetwork(final VirtualRouter router, final Network network)
      throws ConcurrentOperationException, ResourceUnavailableException {
    if (network.getTrafficType() != TrafficType.Guest) {
      s_logger.warn("Network " + network + " is not of type " + TrafficType.Guest);
      return false;
    }

    boolean result = true;
    try {
      // Check if router is a part of the Guest network
      if (!_networkModel.isVmPartOfNetwork(router.getId(), network.getId())) {
        s_logger.debug("Router " + router + " is not a part of the Guest network " + network);
        return result;
      }

      result =
          setupVpcGuestNetwork(
              network, router, false, _networkModel.getNicProfile(router, network.getId(), null));
      if (!result) {
        s_logger.warn("Failed to destroy guest network config " + network + " on router " + router);
        return false;
      }

      result = result && _itMgr.removeVmFromNetwork(router, network, null);
    } finally {
      if (result) {
        _routerDao.removeRouterFromGuestNetwork(router.getId(), network.getId());
      }
    }

    return result;
  }
  protected boolean canHandle(final Network network, final Service service) {
    s_logger.debug(
        "Checking if OvsElement can handle service "
            + service.getName()
            + " on network "
            + network.getDisplayText());
    if (network.getBroadcastDomainType() != BroadcastDomainType.Vswitch) {
      return false;
    }

    if (!_networkModel.isProviderForNetwork(getProvider(), network.getId())) {
      s_logger.debug("OvsElement is not a provider for network " + network.getDisplayText());
      return false;
    }

    if (!_ntwkSrvcDao.canProviderSupportServiceInNetwork(
        network.getId(), service, Network.Provider.Ovs)) {
      s_logger.debug(
          "OvsElement can't provide the "
              + service.getName()
              + " service on network "
              + network.getDisplayText());
      return false;
    }

    return true;
  }
 public boolean applyACLItemsToNetwork(long networkId, List<NetworkACLItemVO> rules)
     throws ResourceUnavailableException {
   Network network = _networkDao.findById(networkId);
   boolean handled = false;
   boolean foundProvider = false;
   for (NetworkACLServiceProvider element : _networkAclElements) {
     Network.Provider provider = element.getProvider();
     boolean isAclProvider =
         _networkModel.isProviderSupportServiceInNetwork(
             network.getId(), Service.NetworkACL, provider);
     if (!isAclProvider) {
       continue;
     }
     foundProvider = true;
     s_logger.debug(
         "Applying NetworkACL for network: "
             + network.getId()
             + " with Network ACL service provider");
     handled = element.applyNetworkACLs(network, rules);
     if (handled) break;
   }
   if (!foundProvider) {
     s_logger.debug("Unable to find NetworkACL service provider for network: " + network.getId());
   }
   return handled;
 }
 @Override
 public boolean applyRules(Network network, Purpose purpose, List<? extends FirewallRule> rules)
     throws ResourceUnavailableException {
   boolean handled = false;
   switch (purpose) {
       /* StaticNatRule would be applied by Firewall provider, since the incompatible of two object */
     case StaticNat:
     case Firewall:
       for (FirewallServiceProvider fwElement : _firewallElements) {
         Network.Provider provider = fwElement.getProvider();
         boolean isFwProvider =
             _networkModel.isProviderSupportServiceInNetwork(
                 network.getId(), Service.Firewall, provider);
         if (!isFwProvider) {
           continue;
         }
         handled = fwElement.applyFWRules(network, rules);
         if (handled) break;
       }
       break;
     case PortForwarding:
       for (PortForwardingServiceProvider element : _pfElements) {
         Network.Provider provider = element.getProvider();
         boolean isPfProvider =
             _networkModel.isProviderSupportServiceInNetwork(
                 network.getId(), Service.PortForwarding, provider);
         if (!isPfProvider) {
           continue;
         }
         handled = element.applyPFRules(network, (List<PortForwardingRule>) rules);
         if (handled) break;
       }
       break;
       /*        case NetworkACL:
       for (NetworkACLServiceProvider element: _networkAclElements) {
           Network.Provider provider = element.getProvider();
           boolean  isAclProvider = _networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.NetworkACL, provider);
           if (!isAclProvider) {
               continue;
           }
           handled = element.applyNetworkACLs(network, rules);
           if (handled)
               break;
       }
       break;*/
     default:
       assert (false) : "Unexpected fall through in applying rules to the network elements";
       s_logger.error("FirewallManager cannot process rules of type " + purpose);
       throw new CloudRuntimeException("FirewallManager cannot process rules of type " + purpose);
   }
   return handled;
 }
  @Override
  public boolean applyLoadBalancerRules(Network network, List<? extends FirewallRule> rules)
      throws ResourceUnavailableException {
    if (rules == null || rules.isEmpty()) {
      return true;
    }
    if (rules.get(0).getPurpose() != Purpose.LoadBalancing) {
      s_logger.warn("ELB: Not handling non-LB firewall rules");
      return false;
    }

    DomainRouterVO elbVm = findElbVmForLb(rules.get(0));

    if (elbVm == null) {
      s_logger.warn(
          "Unable to apply lb rules, ELB vm  doesn't exist in the network " + network.getId());
      throw new ResourceUnavailableException(
          "Unable to apply lb rules", DataCenter.class, network.getDataCenterId());
    }

    if (elbVm.getState() == State.Running) {
      // resend all rules for the public ip
      List<LoadBalancerVO> lbs = _lbDao.listByIpAddress(rules.get(0).getSourceIpAddressId());
      List<LoadBalancingRule> lbRules = new ArrayList<LoadBalancingRule>();
      for (LoadBalancerVO lb : lbs) {
        List<LbDestination> dstList = _lbMgr.getExistingDestinations(lb.getId());
        List<LbStickinessPolicy> policyList = _lbMgr.getStickinessPolicies(lb.getId());
        List<LbHealthCheckPolicy> hcPolicyList = _lbMgr.getHealthCheckPolicies(lb.getId());
        LoadBalancingRule loadBalancing =
            new LoadBalancingRule(lb, dstList, policyList, hcPolicyList);
        lbRules.add(loadBalancing);
      }
      return applyLBRules(elbVm, lbRules, network.getId());
    } else if (elbVm.getState() == State.Stopped || elbVm.getState() == State.Stopping) {
      s_logger.debug(
          "ELB VM is in "
              + elbVm.getState()
              + ", so not sending apply LoadBalancing rules commands to the backend");
      return true;
    } else {
      s_logger.warn(
          "Unable to apply loadbalancing rules, ELB VM is not in the right state "
              + elbVm.getState());
      throw new ResourceUnavailableException(
          "Unable to apply loadbalancing rules, ELB VM is not in the right state",
          VirtualRouter.class,
          elbVm.getId());
    }
  }
  @Override
  public boolean applyNetworkACLs(
      final Network network,
      final List<? extends NetworkACLItem> rules,
      final VirtualRouter router,
      final boolean isPrivateGateway)
      throws ResourceUnavailableException {

    if (rules == null || rules.isEmpty()) {
      s_logger.debug("No network ACLs to be applied for network " + network.getId());
      return true;
    }

    s_logger.debug("APPLYING NETWORK ACLs RULES");

    final String typeString = "network acls";
    final boolean isPodLevelException = false;
    final boolean failWhenDisconnect = false;
    final Long podId = null;

    final NetworkAclsRules aclsRules = new NetworkAclsRules(network, rules, isPrivateGateway);

    final boolean result =
        applyRules(
            network,
            router,
            typeString,
            isPodLevelException,
            podId,
            failWhenDisconnect,
            new RuleApplierWrapper<RuleApplier>(aclsRules));
    return result;
  }
 public NetworkProfile(Network network) {
   this.id = network.getId();
   this.uuid = network.getUuid();
   this.broadcastUri = network.getBroadcastUri();
   this.dataCenterId = network.getDataCenterId();
   this.ownerId = network.getAccountId();
   this.state = network.getState();
   this.name = network.getName();
   this.mode = network.getMode();
   this.broadcastDomainType = network.getBroadcastDomainType();
   this.trafficType = network.getTrafficType();
   this.gateway = network.getGateway();
   this.cidr = network.getCidr();
   this.networkOfferingId = network.getNetworkOfferingId();
   this.related = network.getRelated();
   this.displayText = network.getDisplayText();
   this.reservationId = network.getReservationId();
   this.networkDomain = network.getNetworkDomain();
   this.domainId = network.getDomainId();
   this.guestType = network.getGuestType();
   this.physicalNetworkId = network.getPhysicalNetworkId();
   this.aclType = network.getAclType();
   this.restartRequired = network.isRestartRequired();
   this.specifyIpRanges = network.getSpecifyIpRanges();
   this.vpcId = network.getVpcId();
 }
 @Override
 protected void allocateVnet(
     Network network,
     NetworkVO implemented,
     long dcId,
     long physicalNetworkId,
     String reservationId)
     throws InsufficientVirtualNetworkCapcityException {
   if (network.getBroadcastUri() == null) {
     String vnet =
         _dcDao.allocateVnet(
             dcId,
             physicalNetworkId,
             network.getAccountId(),
             reservationId,
             UseSystemGuestVlans.valueIn(network.getAccountId()));
     if (vnet == null) {
       throw new InsufficientVirtualNetworkCapcityException(
           "Unable to allocate vnet as a part of network " + network + " implement ",
           DataCenter.class,
           dcId);
     }
     implemented.setBroadcastUri(BroadcastDomainType.Vswitch.toUri(vnet));
     ActionEventUtils.onCompletedActionEvent(
         CallContext.current().getCallingUserId(),
         network.getAccountId(),
         EventVO.LEVEL_INFO,
         EventTypes.EVENT_ZONE_VLAN_ASSIGN,
         "Assigned Zone Vlan: " + vnet + " Network Id: " + network.getId(),
         0);
   } else {
     implemented.setBroadcastUri(network.getBroadcastUri());
   }
 }
  @Override
  public void reserve(
      NicProfile nic,
      Network config,
      VirtualMachineProfile<? extends VirtualMachine> vm,
      DeployDestination dest,
      ReservationContext context)
      throws InsufficientVirtualNetworkCapcityException, InsufficientAddressCapacityException {
    assert nic.getTrafficType() == TrafficType.Control;

    if (dest.getHost().getHypervisorType() == HypervisorType.VmWare
        && vm.getType() == VirtualMachine.Type.DomainRouter) {
      super.reserve(nic, config, vm, dest, context);

      String mac = _networkMgr.getNextAvailableMacAddressInNetwork(config.getId());
      nic.setMacAddress(mac);
      return;
    }

    String ip =
        _dcDao.allocateLinkLocalIpAddress(
            dest.getDataCenter().getId(),
            dest.getPod().getId(),
            nic.getId(),
            context.getReservationId());
    nic.setIp4Address(ip);
    nic.setMacAddress(NetUtils.long2Mac(NetUtils.ip2Long(ip) | (14l << 40)));
    nic.setNetmask("255.255.0.0");
    nic.setFormat(AddressFormat.Ip4);
    nic.setGateway(NetUtils.getLinkLocalGateway());
  }
 private boolean canHandle(Network network) {
   if (canHandle(_physicalNetworkDao.findById(network.getPhysicalNetworkId()))) {
     if (!_ntwkSrvcDao.canProviderSupportServiceInNetwork(
         network.getId(), Service.Connectivity, getProvider())) {
       s_logger.info("SSP is implicitly active for " + network);
     }
     return true;
   }
   return false;
 }
  private boolean canHandle(Network config) {
    DataCenter zone = _configMgr.getZone(config.getDataCenterId());
    if ((zone.getNetworkType() == NetworkType.Advanced
            && config.getGuestType() != Network.GuestType.Isolated)
        || (zone.getNetworkType() == NetworkType.Basic
            && config.getGuestType() != Network.GuestType.Shared)) {
      s_logger.trace("Not handling network type = " + config.getGuestType());
      return false;
    }

    return _networkManager.networkIsConfiguredForExternalNetworking(zone.getId(), config.getId());
  }
Example #15
0
 @Override
 public boolean validateLBRule(final Network network, final LoadBalancingRule rule) {
   final List<LoadBalancingRule> rules = new ArrayList<LoadBalancingRule>();
   rules.add(rule);
   if (canHandle(network, Service.Lb) && canHandleLbRules(rules)) {
     final List<DomainRouterVO> routers =
         _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER);
     if (routers == null || routers.isEmpty()) {
       return true;
     }
     return validateHAProxyLBRule(rule);
   }
   return true;
 }
 @Override
 public CiscoAsa1000vDevice assignAsa1000vToNetwork(Network network) {
   List<CiscoAsa1000vDeviceVO> asaList =
       _ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
   for (CiscoAsa1000vDeviceVO asa : asaList) {
     NetworkAsa1000vMapVO assignedToNetwork = _networkAsa1000vMapDao.findByAsa1000vId(asa.getId());
     if (assignedToNetwork == null) {
       NetworkAsa1000vMapVO networkAsaMap = new NetworkAsa1000vMapVO(network.getId(), asa.getId());
       _networkAsa1000vMapDao.persist(networkAsaMap);
       return asa;
     }
   }
   return null;
 }
Example #17
0
  @Override
  public boolean applyIps(
      final Network network,
      final List<? extends PublicIpAddress> ipAddress,
      final Set<Service> services)
      throws ResourceUnavailableException {
    boolean canHandle = true;
    for (final Service service : services) {
      // check if Ovs can handle services except SourceNat & Firewall
      if (!canHandle(network, service)
          && service != Service.SourceNat
          && service != Service.Firewall) {
        canHandle = false;
        break;
      }
    }
    boolean result = true;
    if (canHandle) {
      final List<DomainRouterVO> routers =
          _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER);
      if (routers == null || routers.isEmpty()) {
        s_logger.debug(
            "Virtual router element doesn't need to associate ip addresses on the backend; virtual "
                + "router doesn't exist in the network "
                + network.getId());
        return true;
      }

      final DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId());
      final NetworkTopology networkTopology = _networkTopologyContext.retrieveNetworkTopology(dcVO);

      for (final DomainRouterVO domainRouterVO : routers) {
        result = result && networkTopology.associatePublicIP(network, ipAddress, domainRouterVO);
      }
    }
    return result;
  }
  @DB
  public PublicIp allocDirectIp(Account account, long guestNetworkId)
      throws InsufficientAddressCapacityException {
    Network frontEndNetwork = _networkModel.getNetwork(guestNetworkId);
    Transaction txn = Transaction.currentTxn();
    txn.start();

    PublicIp ip =
        _networkMgr.assignPublicIpAddress(
            frontEndNetwork.getDataCenterId(),
            null,
            account,
            VlanType.DirectAttached,
            frontEndNetwork.getId(),
            null,
            true);
    IPAddressVO ipvo = _ipAddressDao.findById(ip.getId());
    ipvo.setAssociatedWithNetworkId(frontEndNetwork.getId());
    _ipAddressDao.update(ipvo.getId(), ipvo);
    txn.commit();
    s_logger.info("Acquired frontend IP for ELB " + ip);

    return ip;
  }
Example #19
0
  @Override
  public boolean applyStaticNats(final Network network, final List<? extends StaticNat> rules)
      throws ResourceUnavailableException {
    if (!canHandle(network, Service.StaticNat)) {
      return false;
    }
    final List<DomainRouterVO> routers =
        _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER);
    if (routers == null || routers.isEmpty()) {
      s_logger.debug(
          "Ovs element doesn't need to apply static nat on the backend; virtual "
              + "router doesn't exist in the network "
              + network.getId());
      return true;
    }

    final DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId());
    final NetworkTopology networkTopology = _networkTopologyContext.retrieveNetworkTopology(dcVO);
    boolean result = true;
    for (final DomainRouterVO domainRouterVO : routers) {
      result = result && networkTopology.applyStaticNats(network, rules, domainRouterVO);
    }
    return result;
  }
Example #20
0
 @Override
 @DB
 public void addRouterToGuestNetwork(VirtualRouter router, Network guestNetwork) {
   if (_routerNetworkDao.findByRouterAndNetwork(router.getId(), guestNetwork.getId()) == null) {
     NetworkOffering off = _offDao.findById(guestNetwork.getNetworkOfferingId());
     if (!(off.getName().equalsIgnoreCase(NetworkOffering.SystemPrivateGatewayNetworkOffering))) {
       TransactionLegacy txn = TransactionLegacy.currentTxn();
       txn.start();
       // 1) add router to network
       RouterNetworkVO routerNtwkMap =
           new RouterNetworkVO(router.getId(), guestNetwork.getId(), guestNetwork.getGuestType());
       _routerNetworkDao.persist(routerNtwkMap);
       // 2) create user stats entry for the network
       UserStatisticsVO stats =
           _userStatsDao.findBy(
               router.getAccountId(),
               router.getDataCenterId(),
               guestNetwork.getId(),
               null,
               router.getId(),
               router.getType().toString());
       if (stats == null) {
         stats =
             new UserStatisticsVO(
                 router.getAccountId(),
                 router.getDataCenterId(),
                 null,
                 router.getId(),
                 router.getType().toString(),
                 guestNetwork.getId());
         _userStatsDao.persist(stats);
       }
       txn.commit();
     }
   }
 }
  @Override
  public void reserve(
      NicProfile nic,
      Network config,
      VirtualMachineProfile<? extends VirtualMachine> vm,
      DeployDestination dest,
      ReservationContext context)
      throws InsufficientVirtualNetworkCapcityException, InsufficientAddressCapacityException {
    assert (nic.getReservationStrategy() == ReservationStrategy.Start)
        : "What can I do for nics that are not allocated at start? ";
    boolean _isEnabled = Boolean.parseBoolean(_configDao.getValue(Config.OvsTunnelNetwork.key()));
    if (_isEnabled) {
      return;
    }

    DataCenter dc = _dcDao.findById(config.getDataCenterId());

    if (_networkModel.networkIsConfiguredForExternalNetworking(
        config.getDataCenterId(), config.getId())) {
      nic.setBroadcastUri(config.getBroadcastUri());
      nic.setIsolationUri(config.getBroadcastUri());
      nic.setDns1(dc.getDns1());
      nic.setDns2(dc.getDns2());
      nic.setNetmask(NetUtils.cidr2Netmask(config.getCidr()));
      long cidrAddress = NetUtils.ip2Long(config.getCidr().split("/")[0]);
      int cidrSize = getGloballyConfiguredCidrSize();
      nic.setGateway(config.getGateway());

      if (nic.getIp4Address() == null) {
        String guestIp = _networkMgr.acquireGuestIpAddress(config, null);
        if (guestIp == null) {
          throw new InsufficientVirtualNetworkCapcityException(
              "Unable to acquire guest IP address for network " + config,
              DataCenter.class,
              dc.getId());
        }

        nic.setIp4Address(guestIp);
      } else {
        long ipMask =
            NetUtils.ip2Long(nic.getIp4Address()) & ~(0xffffffffffffffffl << (32 - cidrSize));
        nic.setIp4Address(NetUtils.long2Ip(cidrAddress | ipMask));
      }
    } else {
      super.reserve(nic, config, vm, dest, context);
    }
  }
  @Override
  public boolean associatePublicIP(
      final Network network,
      final List<? extends PublicIpAddress> ipAddresses,
      final VirtualRouter router)
      throws ResourceUnavailableException {

    if (ipAddresses == null || ipAddresses.isEmpty()) {
      s_logger.debug("No ip association rules to be applied for network " + network.getId());
      return true;
    }

    if (network.getVpcId() == null) {
      return super.associatePublicIP(network, ipAddresses, router);
    }

    s_logger.debug("APPLYING VPC IP RULES");

    final String typeString = "vpc ip association";
    final boolean isPodLevelException = false;
    final boolean failWhenDisconnect = false;
    final Long podId = null;

    final NicPlugInOutRules nicPlugInOutRules = new NicPlugInOutRules(network, ipAddresses);
    nicPlugInOutRules.accept(_advancedVisitor, router);

    final VpcIpAssociationRules ipAssociationRules =
        new VpcIpAssociationRules(network, ipAddresses);
    final boolean result =
        applyRules(
            network,
            router,
            typeString,
            isPodLevelException,
            podId,
            failWhenDisconnect,
            new RuleApplierWrapper<RuleApplier>(ipAssociationRules));

    if (result) {
      _advancedVisitor.visit(nicPlugInOutRules);
    }

    return result;
  }
  @Override
  @DB
  public void deallocate(
      Network config, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm) {
    super.deallocate(config, nic, vm);

    if (Boolean.parseBoolean(_configDao.getValue(Config.OvsTunnelNetwork.key()))) {
      return;
    }

    if (_networkModel.networkIsConfiguredForExternalNetworking(
        config.getDataCenterId(), config.getId())) {
      nic.setIp4Address(null);
      nic.setGateway(null);
      nic.setNetmask(null);
      nic.setBroadcastUri(null);
      nic.setIsolationUri(null);
    }
  }
  @Override
  public boolean prepare(
      Network network,
      NicProfile nic,
      VirtualMachineProfile vm,
      DeployDestination dest,
      ReservationContext context)
      throws ConcurrentOperationException, ResourceUnavailableException,
          InsufficientCapacityException {
    if (vm.getType() != Type.User) {
      return false;
    }

    // ensure that there is an ASA 1000v assigned to this network
    NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
    if (asaForNetwork == null) {
      return false;
    }

    return true;
  }
  public boolean createNetwork(
      Network network,
      NetworkOffering offering,
      DeployDestination dest,
      ReservationContext context) {
    if (_sspUuidDao.findUuidByNetwork(network) != null) {
      s_logger.info("Network already has ssp TenantNetwork uuid :" + network.toString());
      return true;
    }
    if (!canHandle(network)) {
      return false;
    }

    String tenantUuid = _sspTenantDao.findUuidByZone(network.getDataCenterId());
    if (tenantUuid == null) {
      tenantUuid = _configDao.getValueAndInitIfNotExist("ssp.tenant", "Network", null);
    }

    boolean processed = false;
    for (SspClient client :
        fetchSspClients(network.getPhysicalNetworkId(), network.getDataCenterId(), true)) {
      SspClient.TenantNetwork sspNet = client.createTenantNetwork(tenantUuid, network.getName());
      if (sspNet != null) {
        SspUuidVO uuid = new SspUuidVO();
        uuid.setUuid(sspNet.uuid);
        uuid.setObjClass(SspUuidVO.objClassNetwork);
        uuid.setObjId(network.getId());
        _sspUuidDao.persist(uuid);
        return true;
      }
      processed = true;
    }
    if (processed) {
      s_logger.error("Could not allocate an uuid for network " + network.toString());
      return false;
    } else {
      s_logger.error("Skipping #createNetwork() for " + network.toString());
      return true;
    }
  }
  @Override
  public NicProfile allocate(
      Network config, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm)
      throws InsufficientVirtualNetworkCapcityException, InsufficientAddressCapacityException {

    if (config.getTrafficType() != TrafficType.Control) {
      return null;
    }

    if (vm.getHypervisorType() == HypervisorType.VmWare
        && vm.getType() != VirtualMachine.Type.DomainRouter) {
      NicProfile nicProf = new NicProfile(ReservationStrategy.Create, null, null, null, null);
      String mac = _networkMgr.getNextAvailableMacAddressInNetwork(config.getId());
      nicProf.setMacAddress(mac);
      return nicProf;
    }

    if (nic != null) {
      throw new CloudRuntimeException("Does not support nic specification at this time: " + nic);
    }

    return new NicProfile(ReservationStrategy.Start, null, null, null, null);
  }
  @Override
  public boolean destroyPrivateGateway(final PrivateGateway gateway, final VirtualRouter router)
      throws ConcurrentOperationException, ResourceUnavailableException {

    if (!_networkModel.isVmPartOfNetwork(router.getId(), gateway.getNetworkId())) {
      s_logger.debug(
          "Router doesn't have nic for gateway " + gateway + " so no need to removed it");
      return true;
    }

    final Network privateNetwork = _networkModel.getNetwork(gateway.getNetworkId());

    s_logger.debug("Releasing private ip for gateway " + gateway + " from " + router);
    boolean result =
        setupVpcPrivateNetwork(
            router, false, _networkModel.getNicProfile(router, privateNetwork.getId(), null));
    if (!result) {
      s_logger.warn("Failed to release private ip for gateway " + gateway + " on router " + router);
      return false;
    }

    // revoke network acl on the private gateway.
    if (!_networkACLMgr.revokeACLItemsForPrivateGw(gateway)) {
      s_logger.debug("Failed to delete network acl items on " + gateway + " from router " + router);
      return false;
    }

    s_logger.debug(
        "Removing router "
            + router
            + " from private network "
            + privateNetwork
            + " as a part of delete private gateway");
    result = result && _itMgr.removeVmFromNetwork(router, privateNetwork, null);
    s_logger.debug("Private gateawy " + gateway + " is removed from router " + router);
    return result;
  }
  @Override
  public boolean revokeACLItemsForNetwork(long networkId) throws ResourceUnavailableException {
    Network network = _networkDao.findById(networkId);
    if (network.getNetworkACLId() == null) {
      return true;
    }
    List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(network.getNetworkACLId());
    if (aclItems.isEmpty()) {
      s_logger.debug("Found no network ACL Items for network id=" + networkId);
      return true;
    }

    if (s_logger.isDebugEnabled()) {
      s_logger.debug(
          "Releasing " + aclItems.size() + " Network ACL Items for network id=" + networkId);
    }

    for (NetworkACLItemVO aclItem : aclItems) {
      // Mark all Network ACLs rules as Revoke, but don't update in DB
      if (aclItem.getState() == State.Add || aclItem.getState() == State.Active) {
        aclItem.setState(State.Revoke);
      }
    }

    boolean success = applyACLItemsToNetwork(network.getId(), aclItems);

    if (s_logger.isDebugEnabled() && success) {
      s_logger.debug(
          "Successfully released Network ACLs for network id="
              + networkId
              + " and # of rules now = "
              + aclItems.size());
    }

    return success;
  }
  @Override
  @DB
  public RemoteAccessVpn createRemoteAccessVpn(
      final long publicIpId, String ipRange, boolean openFirewall, final Boolean forDisplay)
      throws NetworkRuleConflictException {
    CallContext ctx = CallContext.current();
    final Account caller = ctx.getCallingAccount();

    Long networkId = null;

    // make sure ip address exists
    final PublicIpAddress ipAddr = _networkMgr.getPublicIpAddress(publicIpId);
    if (ipAddr == null) {
      throw new InvalidParameterValueException(
          "Unable to create remote access vpn, invalid public IP address id" + publicIpId);
    }

    _accountMgr.checkAccess(caller, null, true, ipAddr);

    if (!ipAddr.readyToUse()) {
      throw new InvalidParameterValueException(
          "The Ip address is not ready to be used yet: " + ipAddr.getAddress());
    }

    IPAddressVO ipAddress = _ipAddressDao.findById(publicIpId);

    networkId = ipAddress.getAssociatedWithNetworkId();
    if (networkId != null) {
      _networkMgr.checkIpForService(ipAddress, Service.Vpn, null);
    }

    final Long vpcId = ipAddress.getVpcId();
    /* IP Address used for VPC must be the source NAT IP of whole VPC */
    if (vpcId != null && ipAddress.isSourceNat()) {
      assert networkId == null;
      // No firewall setting for VPC, it would be open internally
      openFirewall = false;
    }

    final boolean openFirewallFinal = openFirewall;

    if (networkId == null && vpcId == null) {
      throw new InvalidParameterValueException(
          "Unable to create remote access vpn for the ipAddress: "
              + ipAddr.getAddress().addr()
              + " as ip is not associated with any network or VPC");
    }

    RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByPublicIpAddress(publicIpId);

    if (vpnVO != null) {
      // if vpn is in Added state, return it to the api
      if (vpnVO.getState() == RemoteAccessVpn.State.Added) {
        return vpnVO;
      }
      throw new InvalidParameterValueException(
          "A Remote Access VPN already exists for this public Ip address");
    }

    if (ipRange == null) {
      ipRange = RemoteAccessVpnClientIpRange.valueIn(ipAddr.getAccountId());
    }
    final String[] range = ipRange.split("-");
    if (range.length != 2) {
      throw new InvalidParameterValueException("Invalid ip range");
    }
    if (!NetUtils.isValidIp(range[0]) || !NetUtils.isValidIp(range[1])) {
      throw new InvalidParameterValueException("Invalid ip in range specification " + ipRange);
    }
    if (!NetUtils.validIpRange(range[0], range[1])) {
      throw new InvalidParameterValueException("Invalid ip range " + ipRange);
    }

    Pair<String, Integer> cidr = null;

    // TODO: assumes one virtual network / domr per account per zone
    if (networkId != null) {
      vpnVO = _remoteAccessVpnDao.findByAccountAndNetwork(ipAddr.getAccountId(), networkId);
      if (vpnVO != null) {
        // if vpn is in Added state, return it to the api
        if (vpnVO.getState() == RemoteAccessVpn.State.Added) {
          return vpnVO;
        }
        throw new InvalidParameterValueException(
            "A Remote Access VPN already exists for this account");
      }
      // Verify that vpn service is enabled for the network
      Network network = _networkMgr.getNetwork(networkId);
      if (!_networkMgr.areServicesSupportedInNetwork(network.getId(), Service.Vpn)) {
        throw new InvalidParameterValueException(
            "Vpn service is not supported in network id=" + ipAddr.getAssociatedWithNetworkId());
      }
      cidr = NetUtils.getCidr(network.getCidr());
    } else { // Don't need to check VPC because there is only one IP(source NAT IP) available for
             // VPN
      Vpc vpc = _vpcDao.findById(vpcId);
      cidr = NetUtils.getCidr(vpc.getCidr());
    }

    // FIXME: This check won't work for the case where the guest ip range
    // changes depending on the vlan allocated.
    String[] guestIpRange = NetUtils.getIpRangeFromCidr(cidr.first(), cidr.second());
    if (NetUtils.ipRangesOverlap(range[0], range[1], guestIpRange[0], guestIpRange[1])) {
      throw new InvalidParameterValueException(
          "Invalid ip range: "
              + ipRange
              + " overlaps with guest ip range "
              + guestIpRange[0]
              + "-"
              + guestIpRange[1]);
    }
    // TODO: check sufficient range
    // TODO: check overlap with private and public ip ranges in datacenter

    long startIp = NetUtils.ip2Long(range[0]);
    final String newIpRange = NetUtils.long2Ip(++startIp) + "-" + range[1];
    final String sharedSecret = PasswordGenerator.generatePresharedKey(_pskLength);

    return Transaction.execute(
        new TransactionCallbackWithException<RemoteAccessVpn, NetworkRuleConflictException>() {
          @Override
          public RemoteAccessVpn doInTransaction(TransactionStatus status)
              throws NetworkRuleConflictException {
            if (vpcId == null) {
              _rulesMgr.reservePorts(
                  ipAddr,
                  NetUtils.UDP_PROTO,
                  Purpose.Vpn,
                  openFirewallFinal,
                  caller,
                  NetUtils.VPN_PORT,
                  NetUtils.VPN_L2TP_PORT,
                  NetUtils.VPN_NATT_PORT);
            }
            RemoteAccessVpnVO vpnVO =
                new RemoteAccessVpnVO(
                    ipAddr.getAccountId(),
                    ipAddr.getDomainId(),
                    ipAddr.getAssociatedWithNetworkId(),
                    publicIpId,
                    vpcId,
                    range[0],
                    newIpRange,
                    sharedSecret);

            if (forDisplay != null) {
              vpnVO.setDisplay(forDisplay);
            }
            return _remoteAccessVpnDao.persist(vpnVO);
          }
        });
  }
Example #30
0
  @Override
  public LinkedHashMap<Network, List<? extends NicProfile>> configureGuestNic(
      final RouterDeploymentDefinition routerDeploymentDefinition)
      throws ConcurrentOperationException, InsufficientAddressCapacityException {

    // Form networks
    final LinkedHashMap<Network, List<? extends NicProfile>> networks =
        new LinkedHashMap<Network, List<? extends NicProfile>>(3);
    // 1) Guest network
    final Network guestNetwork = routerDeploymentDefinition.getGuestNetwork();

    if (guestNetwork != null) {
      s_logger.debug("Adding nic for Virtual Router in Guest network " + guestNetwork);
      String defaultNetworkStartIp = null, defaultNetworkStartIpv6 = null;
      if (!routerDeploymentDefinition.isPublicNetwork()) {
        final Nic placeholder =
            _networkModel.getPlaceholderNicForRouter(
                guestNetwork, routerDeploymentDefinition.getPodId());
        if (guestNetwork.getCidr() != null) {
          if (placeholder != null && placeholder.getIPv4Address() != null) {
            s_logger.debug(
                "Requesting ipv4 address "
                    + placeholder.getIPv4Address()
                    + " stored in placeholder nic for the network "
                    + guestNetwork);
            defaultNetworkStartIp = placeholder.getIPv4Address();
          } else {
            final String startIp = _networkModel.getStartIpAddress(guestNetwork.getId());
            if (startIp != null
                && _ipAddressDao
                        .findByIpAndSourceNetworkId(guestNetwork.getId(), startIp)
                        .getAllocatedTime()
                    == null) {
              defaultNetworkStartIp = startIp;
            } else if (s_logger.isDebugEnabled()) {
              s_logger.debug(
                  "First ipv4 "
                      + startIp
                      + " in network id="
                      + guestNetwork.getId()
                      + " is already allocated, can't use it for domain router; will get random ip address from the range");
            }
          }
        }

        if (guestNetwork.getIp6Cidr() != null) {
          if (placeholder != null && placeholder.getIPv6Address() != null) {
            s_logger.debug(
                "Requesting ipv6 address "
                    + placeholder.getIPv6Address()
                    + " stored in placeholder nic for the network "
                    + guestNetwork);
            defaultNetworkStartIpv6 = placeholder.getIPv6Address();
          } else {
            final String startIpv6 = _networkModel.getStartIpv6Address(guestNetwork.getId());
            if (startIpv6 != null
                && _ipv6Dao.findByNetworkIdAndIp(guestNetwork.getId(), startIpv6) == null) {
              defaultNetworkStartIpv6 = startIpv6;
            } else if (s_logger.isDebugEnabled()) {
              s_logger.debug(
                  "First ipv6 "
                      + startIpv6
                      + " in network id="
                      + guestNetwork.getId()
                      + " is already allocated, can't use it for domain router; will get random ipv6 address from the range");
            }
          }
        }
      }

      final NicProfile gatewayNic = new NicProfile(defaultNetworkStartIp, defaultNetworkStartIpv6);
      if (routerDeploymentDefinition.isPublicNetwork()) {
        if (routerDeploymentDefinition.isRedundant()) {
          gatewayNic.setIPv4Address(_ipAddrMgr.acquireGuestIpAddress(guestNetwork, null));
        } else {
          gatewayNic.setIPv4Address(guestNetwork.getGateway());
        }
        gatewayNic.setBroadcastUri(guestNetwork.getBroadcastUri());
        gatewayNic.setBroadcastType(guestNetwork.getBroadcastDomainType());
        gatewayNic.setIsolationUri(guestNetwork.getBroadcastUri());
        gatewayNic.setMode(guestNetwork.getMode());
        final String gatewayCidr = guestNetwork.getCidr();
        gatewayNic.setIPv4Netmask(NetUtils.getCidrNetmask(gatewayCidr));
      } else {
        gatewayNic.setDefaultNic(true);
      }

      networks.put(guestNetwork, new ArrayList<NicProfile>(Arrays.asList(gatewayNic)));
    }
    return networks;
  }