@Override
public void updateUserStats(List<UserStatisticsVO> userStats) {
Transaction txn = Transaction.currentTxn();
try {
txn.start();
String sql = UPDATE_USER_STATS;
PreparedStatement pstmt = null;
pstmt =
txn.prepareAutoCloseStatement(
sql); // in reality I just want CLOUD_USAGE dataSource connection
for (UserStatisticsVO userStat : userStats) {
pstmt.setLong(1, userStat.getNetBytesReceived());
pstmt.setLong(2, userStat.getNetBytesSent());
pstmt.setLong(3, userStat.getCurrentBytesReceived());
pstmt.setLong(4, userStat.getCurrentBytesSent());
pstmt.setLong(5, userStat.getAggBytesReceived());
pstmt.setLong(6, userStat.getAggBytesSent());
pstmt.setLong(7, userStat.getId());
pstmt.addBatch();
}
pstmt.executeBatch();
txn.commit();
} catch (Exception ex) {
txn.rollback();
s_logger.error("error saving user stats to cloud_usage db", ex);
throw new CloudRuntimeException(ex.getMessage());
}
}
@Override
public void updateAccounts(List<AccountVO> accounts) {
Transaction txn = Transaction.currentTxn();
try {
txn.start();
String sql = UPDATE_ACCOUNT;
PreparedStatement pstmt = null;
pstmt =
txn.prepareAutoCloseStatement(
sql); // in reality I just want CLOUD_USAGE dataSource connection
for (AccountVO acct : accounts) {
pstmt.setString(1, acct.getAccountName());
Date removed = acct.getRemoved();
if (removed == null) {
pstmt.setString(2, null);
} else {
pstmt.setString(
2, DateUtil.getDateDisplayString(TimeZone.getTimeZone("GMT"), acct.getRemoved()));
}
pstmt.setLong(3, acct.getId());
pstmt.addBatch();
}
pstmt.executeBatch();
txn.commit();
} catch (Exception ex) {
txn.rollback();
s_logger.error("error saving account to cloud_usage db", ex);
throw new CloudRuntimeException(ex.getMessage());
}
}
@Override
public void saveUsageNetworks(List<UsageNetworkVO> usageNetworks) {
Transaction txn = Transaction.currentTxn();
try {
txn.start();
String sql = INSERT_USAGE_NETWORK;
PreparedStatement pstmt = null;
pstmt =
txn.prepareAutoCloseStatement(
sql); // in reality I just want CLOUD_USAGE dataSource connection
for (UsageNetworkVO usageNetwork : usageNetworks) {
pstmt.setLong(1, usageNetwork.getAccountId());
pstmt.setLong(2, usageNetwork.getZoneId());
pstmt.setLong(3, usageNetwork.getHostId());
pstmt.setString(4, usageNetwork.getHostType());
pstmt.setLong(5, usageNetwork.getNetworkId());
pstmt.setLong(6, usageNetwork.getBytesSent());
pstmt.setLong(7, usageNetwork.getBytesReceived());
pstmt.setLong(8, usageNetwork.getAggBytesReceived());
pstmt.setLong(9, usageNetwork.getAggBytesSent());
pstmt.setLong(10, usageNetwork.getEventTimeMillis());
pstmt.addBatch();
}
pstmt.executeBatch();
txn.commit();
} catch (Exception ex) {
txn.rollback();
s_logger.error("error saving usage_network to cloud_usage db", ex);
throw new CloudRuntimeException(ex.getMessage());
}
}
@Override
@DB
public boolean addInstanceToGroups(final Long userVmId, final List<Long> groups) {
if (!isVmSecurityGroupEnabled(userVmId)) {
s_logger.warn(
"User vm " + userVmId + " is not security group enabled, can't add it to security group");
return false;
}
if (groups != null && !groups.isEmpty()) {
final Transaction txn = Transaction.currentTxn();
txn.start();
UserVm userVm =
_userVMDao.acquireInLockTable(
userVmId); // ensures that duplicate entries are not created.
List<SecurityGroupVO> sgs = new ArrayList<SecurityGroupVO>();
for (Long sgId : groups) {
sgs.add(_securityGroupDao.findById(sgId));
}
final Set<SecurityGroupVO> uniqueGroups =
new TreeSet<SecurityGroupVO>(new SecurityGroupVOComparator());
uniqueGroups.addAll(sgs);
if (userVm == null) {
s_logger.warn("Failed to acquire lock on user vm id=" + userVmId);
}
try {
for (SecurityGroupVO securityGroup : uniqueGroups) {
// don't let the group be deleted from under us.
SecurityGroupVO ngrpLock = _securityGroupDao.lockRow(securityGroup.getId(), false);
if (ngrpLock == null) {
s_logger.warn(
"Failed to acquire lock on network group id="
+ securityGroup.getId()
+ " name="
+ securityGroup.getName());
txn.rollback();
return false;
}
if (_securityGroupVMMapDao.findByVmIdGroupId(userVmId, securityGroup.getId()) == null) {
SecurityGroupVMMapVO groupVmMapVO =
new SecurityGroupVMMapVO(securityGroup.getId(), userVmId);
_securityGroupVMMapDao.persist(groupVmMapVO);
}
}
txn.commit();
return true;
} finally {
if (userVm != null) {
_userVMDao.releaseFromLockTable(userVmId);
}
}
}
return false;
}
@Override
public void deleteOldStats(long maxEventTime) {
Transaction txn = Transaction.currentTxn();
String sql = DELETE_OLD_STATS;
PreparedStatement pstmt = null;
try {
txn.start();
pstmt = txn.prepareAutoCloseStatement(sql);
pstmt.setLong(1, maxEventTime);
pstmt.executeUpdate();
txn.commit();
} catch (Exception ex) {
txn.rollback();
s_logger.error("error deleting old usage network stats", ex);
}
}
@Override
@DB
public StorageNetworkIpAddressVO takeIpAddress(long rangeId) {
SearchCriteria<StorageNetworkIpAddressVO> sc = untakenIp.create();
sc.setParameters("rangeId", rangeId);
Transaction txn = Transaction.currentTxn();
txn.start();
StorageNetworkIpAddressVO ip = lockOneRandomRow(sc, true);
if (ip == null) {
txn.rollback();
return null;
}
ip.setTakenAt(new Date());
update(ip.getId(), ip);
txn.commit();
return ip;
}
@Override
public void saveUserStats(List<UserStatisticsVO> userStats) {
Transaction txn = Transaction.currentTxn();
try {
txn.start();
String sql = INSERT_USER_STATS;
PreparedStatement pstmt = null;
pstmt =
txn.prepareAutoCloseStatement(
sql); // in reality I just want CLOUD_USAGE dataSource connection
for (UserStatisticsVO userStat : userStats) {
pstmt.setLong(1, userStat.getId());
pstmt.setLong(2, userStat.getDataCenterId());
pstmt.setLong(3, userStat.getAccountId());
pstmt.setString(4, userStat.getPublicIpAddress());
if (userStat.getDeviceId() != null) {
pstmt.setLong(5, userStat.getDeviceId());
} else {
pstmt.setNull(5, Types.BIGINT);
}
pstmt.setString(6, userStat.getDeviceType());
if (userStat.getNetworkId() != null) {
pstmt.setLong(7, userStat.getNetworkId());
} else {
pstmt.setNull(7, Types.BIGINT);
}
pstmt.setLong(8, userStat.getNetBytesReceived());
pstmt.setLong(9, userStat.getNetBytesSent());
pstmt.setLong(10, userStat.getCurrentBytesReceived());
pstmt.setLong(11, userStat.getCurrentBytesSent());
pstmt.setLong(12, userStat.getAggBytesReceived());
pstmt.setLong(13, userStat.getAggBytesSent());
pstmt.addBatch();
}
pstmt.executeBatch();
txn.commit();
} catch (Exception ex) {
txn.rollback();
s_logger.error("error saving user stats to cloud_usage db", ex);
throw new CloudRuntimeException(ex.getMessage());
}
}
@Override
public void deleteRecordsForAccount(Long accountId) {
String sql = ((accountId == null) ? DELETE_ALL : DELETE_ALL_BY_ACCOUNTID);
Transaction txn = Transaction.open(Transaction.USAGE_DB);
PreparedStatement pstmt = null;
try {
txn.start();
pstmt = txn.prepareAutoCloseStatement(sql);
if (accountId != null) {
pstmt.setLong(1, accountId.longValue());
}
pstmt.executeUpdate();
txn.commit();
} catch (Exception ex) {
txn.rollback();
s_logger.error("error retrieving usage vm instances for account id: " + accountId);
} finally {
txn.close();
}
}
public void update(UsageVPNUserVO usage) {
Transaction txn = Transaction.open(Transaction.USAGE_DB);
PreparedStatement pstmt = null;
try {
txn.start();
if (usage.getDeleted() != null) {
pstmt = txn.prepareAutoCloseStatement(UPDATE_DELETED);
pstmt.setString(
1, DateUtil.getDateDisplayString(TimeZone.getTimeZone("GMT"), usage.getDeleted()));
pstmt.setLong(2, usage.getAccountId());
pstmt.setLong(3, usage.getUserId());
}
pstmt.executeUpdate();
txn.commit();
} catch (Exception e) {
txn.rollback();
s_logger.warn("Error updating UsageVPNUserVO", e);
} finally {
txn.close();
}
}
@DB
@Override
public void allocateVmCapacity(VirtualMachine vm, boolean fromLastHost) {
long hostId = vm.getHostId();
HostVO host = _hostDao.findById(hostId);
long clusterId = host.getClusterId();
float cpuOvercommitRatio =
Float.parseFloat(_clusterDetailsDao.findDetail(clusterId, "cpuOvercommitRatio").getValue());
float memoryOvercommitRatio =
Float.parseFloat(
_clusterDetailsDao.findDetail(clusterId, "memoryOvercommitRatio").getValue());
ServiceOfferingVO svo = _offeringsDao.findById(vm.getServiceOfferingId());
CapacityVO capacityCpu = _capacityDao.findByHostIdType(hostId, CapacityVO.CAPACITY_TYPE_CPU);
CapacityVO capacityMem = _capacityDao.findByHostIdType(hostId, CapacityVO.CAPACITY_TYPE_MEMORY);
if (capacityCpu == null || capacityMem == null || svo == null) {
return;
}
int cpu = (int) (svo.getCpu() * svo.getSpeed());
long ram = (long) (svo.getRamSize() * 1024L * 1024L);
Transaction txn = Transaction.currentTxn();
try {
txn.start();
capacityCpu = _capacityDao.lockRow(capacityCpu.getId(), true);
capacityMem = _capacityDao.lockRow(capacityMem.getId(), true);
long usedCpu = capacityCpu.getUsedCapacity();
long usedMem = capacityMem.getUsedCapacity();
long reservedCpu = capacityCpu.getReservedCapacity();
long reservedMem = capacityMem.getReservedCapacity();
long actualTotalCpu = capacityCpu.getTotalCapacity();
long actualTotalMem = capacityMem.getTotalCapacity();
long totalCpu = (long) (actualTotalCpu * cpuOvercommitRatio);
long totalMem = (long) (actualTotalMem * memoryOvercommitRatio);
if (s_logger.isDebugEnabled()) {
s_logger.debug(
"Hosts's actual total CPU: "
+ actualTotalCpu
+ " and CPU after applying overprovisioning: "
+ totalCpu);
}
long freeCpu = totalCpu - (reservedCpu + usedCpu);
long freeMem = totalMem - (reservedMem + usedMem);
if (s_logger.isDebugEnabled()) {
s_logger.debug("We are allocating VM, increasing the used capacity of this host:" + hostId);
s_logger.debug(
"Current Used CPU: " + usedCpu + " , Free CPU:" + freeCpu + " ,Requested CPU: " + cpu);
s_logger.debug(
"Current Used RAM: " + usedMem + " , Free RAM:" + freeMem + " ,Requested RAM: " + ram);
}
capacityCpu.setUsedCapacity(usedCpu + cpu);
capacityMem.setUsedCapacity(usedMem + ram);
if (fromLastHost) {
/* alloc from reserved */
if (s_logger.isDebugEnabled()) {
s_logger.debug(
"We are allocating VM to the last host again, so adjusting the reserved capacity if it is not less than required");
s_logger.debug("Reserved CPU: " + reservedCpu + " , Requested CPU: " + cpu);
s_logger.debug("Reserved RAM: " + reservedMem + " , Requested RAM: " + ram);
}
if (reservedCpu >= cpu && reservedMem >= ram) {
capacityCpu.setReservedCapacity(reservedCpu - cpu);
capacityMem.setReservedCapacity(reservedMem - ram);
}
} else {
/* alloc from free resource */
if (!((reservedCpu + usedCpu + cpu <= totalCpu)
&& (reservedMem + usedMem + ram <= totalMem))) {
if (s_logger.isDebugEnabled()) {
s_logger.debug(
"Host doesnt seem to have enough free capacity, but increasing the used capacity anyways, since the VM is already starting on this host ");
}
}
}
s_logger.debug(
"CPU STATS after allocation: for host: "
+ hostId
+ ", old used: "
+ usedCpu
+ ", old reserved: "
+ reservedCpu
+ ", actual total: "
+ actualTotalCpu
+ ", total with overprovisioning: "
+ totalCpu
+ "; new used:"
+ capacityCpu.getUsedCapacity()
+ ", reserved:"
+ capacityCpu.getReservedCapacity()
+ "; requested cpu:"
+ cpu
+ ",alloc_from_last:"
+ fromLastHost);
s_logger.debug(
"RAM STATS after allocation: for host: "
+ hostId
+ ", old used: "
+ usedMem
+ ", old reserved: "
+ reservedMem
+ ", total: "
+ totalMem
+ "; new used: "
+ capacityMem.getUsedCapacity()
+ ", reserved: "
+ capacityMem.getReservedCapacity()
+ "; requested mem: "
+ ram
+ ",alloc_from_last:"
+ fromLastHost);
_capacityDao.update(capacityCpu.getId(), capacityCpu);
_capacityDao.update(capacityMem.getId(), capacityMem);
txn.commit();
} catch (Exception e) {
txn.rollback();
return;
}
}
@DB
@Override
public boolean releaseVmCapacity(
VirtualMachine vm, boolean moveFromReserved, boolean moveToReservered, Long hostId) {
ServiceOfferingVO svo = _offeringsDao.findById(vm.getServiceOfferingId());
CapacityVO capacityCpu = _capacityDao.findByHostIdType(hostId, CapacityVO.CAPACITY_TYPE_CPU);
CapacityVO capacityMemory =
_capacityDao.findByHostIdType(hostId, CapacityVO.CAPACITY_TYPE_MEMORY);
Long clusterId = null;
if (hostId != null) {
HostVO host = _hostDao.findById(hostId);
clusterId = host.getClusterId();
}
if (capacityCpu == null || capacityMemory == null || svo == null) {
return false;
}
Transaction txn = Transaction.currentTxn();
try {
txn.start();
capacityCpu = _capacityDao.lockRow(capacityCpu.getId(), true);
capacityMemory = _capacityDao.lockRow(capacityMemory.getId(), true);
long usedCpu = capacityCpu.getUsedCapacity();
long usedMem = capacityMemory.getUsedCapacity();
long reservedCpu = capacityCpu.getReservedCapacity();
long reservedMem = capacityMemory.getReservedCapacity();
long actualTotalCpu = capacityCpu.getTotalCapacity();
float cpuOvercommitRatio =
Float.parseFloat(
_clusterDetailsDao.findDetail(clusterId, "cpuOvercommitRatio").getValue());
float memoryOvercommitRatio =
Float.parseFloat(
_clusterDetailsDao.findDetail(clusterId, "memoryOvercommitRatio").getValue());
int vmCPU = (int) (svo.getCpu() * svo.getSpeed());
long vmMem = (long) (svo.getRamSize() * 1024L * 1024L);
long actualTotalMem = capacityMemory.getTotalCapacity();
long totalMem = (long) (actualTotalMem * memoryOvercommitRatio);
long totalCpu = (long) (actualTotalCpu * cpuOvercommitRatio);
if (s_logger.isDebugEnabled()) {
s_logger.debug(
"Hosts's actual total CPU: "
+ actualTotalCpu
+ " and CPU after applying overprovisioning: "
+ totalCpu);
s_logger.debug(
"Hosts's actual total RAM: "
+ actualTotalMem
+ " and RAM after applying overprovisioning: "
+ totalMem);
}
if (!moveFromReserved) {
/* move resource from used */
if (usedCpu >= vmCPU) {
capacityCpu.setUsedCapacity(usedCpu - vmCPU);
}
if (usedMem >= vmMem) {
capacityMemory.setUsedCapacity(usedMem - vmMem);
}
if (moveToReservered) {
if (reservedCpu + vmCPU <= totalCpu) {
capacityCpu.setReservedCapacity(reservedCpu + vmCPU);
}
if (reservedMem + vmMem <= totalMem) {
capacityMemory.setReservedCapacity(reservedMem + vmMem);
}
}
} else {
if (reservedCpu >= vmCPU) {
capacityCpu.setReservedCapacity(reservedCpu - vmCPU);
}
if (reservedMem >= vmMem) {
capacityMemory.setReservedCapacity(reservedMem - vmMem);
}
}
s_logger.debug(
"release cpu from host: "
+ hostId
+ ", old used: "
+ usedCpu
+ ",reserved: "
+ reservedCpu
+ ", actual total: "
+ actualTotalCpu
+ ", total with overprovisioning: "
+ totalCpu
+ "; new used: "
+ capacityCpu.getUsedCapacity()
+ ",reserved:"
+ capacityCpu.getReservedCapacity()
+ "; movedfromreserved: "
+ moveFromReserved
+ ",moveToReservered"
+ moveToReservered);
s_logger.debug(
"release mem from host: "
+ hostId
+ ", old used: "
+ usedMem
+ ",reserved: "
+ reservedMem
+ ", total: "
+ totalMem
+ "; new used: "
+ capacityMemory.getUsedCapacity()
+ ",reserved:"
+ capacityMemory.getReservedCapacity()
+ "; movedfromreserved: "
+ moveFromReserved
+ ",moveToReservered"
+ moveToReservered);
_capacityDao.update(capacityCpu.getId(), capacityCpu);
_capacityDao.update(capacityMemory.getId(), capacityMemory);
txn.commit();
return true;
} catch (Exception e) {
s_logger.debug("Failed to transit vm's state, due to " + e.getMessage());
txn.rollback();
return false;
}
}
@Override
@DB
@SuppressWarnings("rawtypes")
public List<IngressRuleVO> authorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressCmd cmd) {
Long securityGroupId = cmd.getSecurityGroupId();
String protocol = cmd.getProtocol();
Integer startPort = cmd.getStartPort();
Integer endPort = cmd.getEndPort();
Integer icmpType = cmd.getIcmpType();
Integer icmpCode = cmd.getIcmpCode();
List<String> cidrList = cmd.getCidrList();
Map groupList = cmd.getUserSecurityGroupList();
Integer startPortOrType = null;
Integer endPortOrCode = null;
// Validate parameters
SecurityGroup securityGroup = _securityGroupDao.findById(securityGroupId);
if (securityGroup == null) {
throw new InvalidParameterValueException(
"Unable to find security group by id " + securityGroupId);
}
if (cidrList == null && groupList == null) {
throw new InvalidParameterValueException(
"At least one cidr or at least one security group needs to be specified");
}
Account caller = UserContext.current().getCaller();
Account owner = _accountMgr.getAccount(securityGroup.getAccountId());
if (owner == null) {
throw new InvalidParameterValueException(
"Unable to find security group owner by id=" + securityGroup.getAccountId());
}
// Verify permissions
_accountMgr.checkAccess(caller, null, securityGroup);
Long domainId = owner.getDomainId();
if (protocol == null) {
protocol = NetUtils.ALL_PROTO;
}
if (!NetUtils.isValidSecurityGroupProto(protocol)) {
throw new InvalidParameterValueException("Invalid protocol " + protocol);
}
if ("icmp".equalsIgnoreCase(protocol)) {
if ((icmpType == null) || (icmpCode == null)) {
throw new InvalidParameterValueException(
"Invalid ICMP type/code specified, icmpType = "
+ icmpType
+ ", icmpCode = "
+ icmpCode);
}
if (icmpType == -1 && icmpCode != -1) {
throw new InvalidParameterValueException("Invalid icmp type range");
}
if (icmpCode > 255) {
throw new InvalidParameterValueException("Invalid icmp code ");
}
startPortOrType = icmpType;
endPortOrCode = icmpCode;
} else if (protocol.equals(NetUtils.ALL_PROTO)) {
if ((startPort != null) || (endPort != null)) {
throw new InvalidParameterValueException(
"Cannot specify startPort or endPort without specifying protocol");
}
startPortOrType = 0;
endPortOrCode = 0;
} else {
if ((startPort == null) || (endPort == null)) {
throw new InvalidParameterValueException(
"Invalid port range specified, startPort = " + startPort + ", endPort = " + endPort);
}
if (startPort == 0 && endPort == 0) {
endPort = 65535;
}
if (startPort > endPort) {
throw new InvalidParameterValueException("Invalid port range " + startPort + ":" + endPort);
}
if (startPort > 65535 || endPort > 65535 || startPort < -1 || endPort < -1) {
throw new InvalidParameterValueException(
"Invalid port numbers " + startPort + ":" + endPort);
}
if (startPort < 0 || endPort < 0) {
throw new InvalidParameterValueException("Invalid port range " + startPort + ":" + endPort);
}
startPortOrType = startPort;
endPortOrCode = endPort;
}
protocol = protocol.toLowerCase();
List<SecurityGroupVO> authorizedGroups = new ArrayList<SecurityGroupVO>();
if (groupList != null) {
Collection userGroupCollection = groupList.values();
Iterator iter = userGroupCollection.iterator();
while (iter.hasNext()) {
HashMap userGroup = (HashMap) iter.next();
String group = (String) userGroup.get("group");
String authorizedAccountName = (String) userGroup.get("account");
if ((group == null) || (authorizedAccountName == null)) {
throw new InvalidParameterValueException(
"Invalid user group specified, fields 'group' and 'account' cannot be null, please specify groups in the form: userGroupList[0].group=XXX&userGroupList[0].account=YYY");
}
Account authorizedAccount = _accountDao.findActiveAccount(authorizedAccountName, domainId);
if (authorizedAccount == null) {
throw new InvalidParameterValueException(
"Nonexistent account: "
+ authorizedAccountName
+ " when trying to authorize ingress for "
+ securityGroupId
+ ":"
+ protocol
+ ":"
+ startPortOrType
+ ":"
+ endPortOrCode);
}
SecurityGroupVO groupVO =
_securityGroupDao.findByAccountAndName(authorizedAccount.getId(), group);
if (groupVO == null) {
throw new InvalidParameterValueException(
"Nonexistent group "
+ group
+ " for account "
+ authorizedAccountName
+ "/"
+ domainId
+ " is given, unable to authorize ingress.");
}
// Check permissions
if (domainId != groupVO.getDomainId()) {
throw new PermissionDeniedException(
"Can't add security group id="
+ groupVO.getDomainId()
+ " as it belongs to different domain");
}
authorizedGroups.add(groupVO);
}
}
final Transaction txn = Transaction.currentTxn();
final Set<SecurityGroupVO> authorizedGroups2 =
new TreeSet<SecurityGroupVO>(new SecurityGroupVOComparator());
authorizedGroups2.addAll(authorizedGroups); // Ensure we don't re-lock the same row
txn.start();
// Prevents other threads/management servers from creating duplicate ingress rules
securityGroup = _securityGroupDao.acquireInLockTable(securityGroupId);
if (securityGroup == null) {
s_logger.warn("Could not acquire lock on network security group: id= " + securityGroupId);
return null;
}
List<IngressRuleVO> newRules = new ArrayList<IngressRuleVO>();
try {
for (final SecurityGroupVO ngVO : authorizedGroups2) {
final Long ngId = ngVO.getId();
// Don't delete the referenced group from under us
if (ngVO.getId() != securityGroup.getId()) {
final SecurityGroupVO tmpGrp = _securityGroupDao.lockRow(ngId, false);
if (tmpGrp == null) {
s_logger.warn("Failed to acquire lock on security group: " + ngId);
txn.rollback();
return null;
}
}
IngressRuleVO ingressRule =
_ingressRuleDao.findByProtoPortsAndAllowedGroupId(
securityGroup.getId(), protocol, startPortOrType, endPortOrCode, ngVO.getId());
if (ingressRule != null) {
continue; // rule already exists.
}
ingressRule =
new IngressRuleVO(
securityGroup.getId(), startPortOrType, endPortOrCode, protocol, ngVO.getId());
ingressRule = _ingressRuleDao.persist(ingressRule);
newRules.add(ingressRule);
}
if (cidrList != null) {
for (String cidr : cidrList) {
IngressRuleVO ingressRule =
_ingressRuleDao.findByProtoPortsAndCidr(
securityGroup.getId(), protocol, startPortOrType, endPortOrCode, cidr);
if (ingressRule != null) {
continue;
}
ingressRule =
new IngressRuleVO(
securityGroup.getId(), startPortOrType, endPortOrCode, protocol, cidr);
ingressRule = _ingressRuleDao.persist(ingressRule);
newRules.add(ingressRule);
}
}
if (s_logger.isDebugEnabled()) {
s_logger.debug(
"Added " + newRules.size() + " rules to security group " + securityGroup.getName());
}
txn.commit();
final ArrayList<Long> affectedVms = new ArrayList<Long>();
affectedVms.addAll(_securityGroupVMMapDao.listVmIdsBySecurityGroup(securityGroup.getId()));
scheduleRulesetUpdateToHosts(affectedVms, true, null);
return newRules;
} catch (Exception e) {
s_logger.warn("Exception caught when adding ingress rules ", e);
throw new CloudRuntimeException("Exception caught when adding ingress rules", e);
} finally {
if (securityGroup != null) {
_securityGroupDao.releaseFromLockTable(securityGroup.getId());
}
}
}
@Override
public void run() {
try {
SearchCriteria<HostVO> sc = _hostDao.createSearchCriteria();
sc.addAnd("status", SearchCriteria.Op.EQ, Status.Up.toString());
sc.addAnd("type", SearchCriteria.Op.EQ, Host.Type.Storage.toString());
ConcurrentHashMap<Long, StorageStats> storageStats =
new ConcurrentHashMap<Long, StorageStats>();
List<HostVO> hosts = _hostDao.search(sc, null);
for (HostVO host : hosts) {
GetStorageStatsCommand command = new GetStorageStatsCommand(host.getGuid());
Answer answer = _agentMgr.easySend(host.getId(), command);
if (answer != null && answer.getResult()) {
storageStats.put(host.getId(), (StorageStats) answer);
}
}
sc = _hostDao.createSearchCriteria();
sc.addAnd("status", SearchCriteria.Op.EQ, Status.Up.toString());
sc.addAnd("type", SearchCriteria.Op.EQ, Host.Type.SecondaryStorage.toString());
hosts = _hostDao.search(sc, null);
for (HostVO host : hosts) {
GetStorageStatsCommand command = new GetStorageStatsCommand(host.getGuid());
Answer answer = _agentMgr.easySend(host.getId(), command);
if (answer != null && answer.getResult()) {
storageStats.put(host.getId(), (StorageStats) answer);
}
}
_storageStats = storageStats;
ConcurrentHashMap<Long, StorageStats> storagePoolStats =
new ConcurrentHashMap<Long, StorageStats>();
List<StoragePoolVO> storagePools = _storagePoolDao.listAll();
for (StoragePoolVO pool : storagePools) {
GetStorageStatsCommand command =
new GetStorageStatsCommand(pool.getUuid(), pool.getPoolType(), pool.getPath());
Answer answer = _storageManager.sendToPool(pool, command);
if (answer != null && answer.getResult()) {
storagePoolStats.put(pool.getId(), (StorageStats) answer);
}
}
_storagePoolStats = storagePoolStats;
// a list to store the new capacity entries that will be committed once everything is
// calculated
List<CapacityVO> newCapacities = new ArrayList<CapacityVO>();
// Updating the storage entries and creating new ones if they dont exist.
Transaction txn = Transaction.open(Transaction.CLOUD_DB);
try {
if (s_logger.isTraceEnabled()) {
s_logger.trace("recalculating system storage capacity");
}
txn.start();
for (Long hostId : storageStats.keySet()) {
StorageStats stats = storageStats.get(hostId);
short capacityType = -1;
HostVO host = _hostDao.findById(hostId);
host.setTotalSize(stats.getCapacityBytes());
_hostDao.update(host.getId(), host);
SearchCriteria<CapacityVO> capacitySC = _capacityDao.createSearchCriteria();
capacitySC.addAnd("hostOrPoolId", SearchCriteria.Op.EQ, hostId);
capacitySC.addAnd("dataCenterId", SearchCriteria.Op.EQ, host.getDataCenterId());
if (Host.Type.SecondaryStorage.equals(host.getType())) {
capacityType = CapacityVO.CAPACITY_TYPE_SECONDARY_STORAGE;
} else if (Host.Type.Storage.equals(host.getType())) {
capacityType = CapacityVO.CAPACITY_TYPE_STORAGE;
}
if (-1 != capacityType) {
capacitySC.addAnd("capacityType", SearchCriteria.Op.EQ, capacityType);
List<CapacityVO> capacities = _capacityDao.search(capacitySC, null);
if (capacities.size() == 0) { // Create a new one
CapacityVO capacity =
new CapacityVO(
host.getId(),
host.getDataCenterId(),
host.getPodId(),
stats.getByteUsed(),
stats.getCapacityBytes(),
capacityType);
_capacityDao.persist(capacity);
} else { // Update if it already exists.
CapacityVO capacity = capacities.get(0);
capacity.setUsedCapacity(stats.getByteUsed());
capacity.setTotalCapacity(stats.getCapacityBytes());
_capacityDao.update(capacity.getId(), capacity);
}
}
} // End of for
txn.commit();
} catch (Exception ex) {
txn.rollback();
s_logger.error("Unable to start transaction for storage capacity update");
} finally {
txn.close();
}
for (Long poolId : storagePoolStats.keySet()) {
StorageStats stats = storagePoolStats.get(poolId);
StoragePoolVO pool = _storagePoolDao.findById(poolId);
if (pool == null) {
continue;
}
pool.setCapacityBytes(stats.getCapacityBytes());
long available = stats.getCapacityBytes() - stats.getByteUsed();
if (available < 0) {
available = 0;
}
pool.setAvailableBytes(available);
_storagePoolDao.update(pool.getId(), pool);
_storageManager.createCapacityEntry(pool, 0L);
}
} catch (Throwable t) {
s_logger.error("Error trying to retrieve storage stats", t);
}
}
@Override
public CiscoVnmcController addCiscoVnmcResource(AddCiscoVnmcResourceCmd cmd) {
String deviceName = Provider.CiscoVnmc.getName();
NetworkDevice networkDevice = NetworkDevice.getNetworkDevice(deviceName);
Long physicalNetworkId = cmd.getPhysicalNetworkId();
CiscoVnmcController ciscoVnmcResource = null;
PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
if (physicalNetwork == null) {
throw new InvalidParameterValueException(
"Could not find phyical network with ID: " + physicalNetworkId);
}
long zoneId = physicalNetwork.getDataCenterId();
PhysicalNetworkServiceProviderVO ntwkSvcProvider =
_physicalNetworkServiceProviderDao.findByServiceProvider(
physicalNetwork.getId(), networkDevice.getNetworkServiceProvder());
if (ntwkSvcProvider == null) {
throw new CloudRuntimeException(
"Network Service Provider: "
+ networkDevice.getNetworkServiceProvder()
+ " is not enabled in the physical network: "
+ physicalNetworkId
+ "to add this device");
} else if (ntwkSvcProvider.getState() == PhysicalNetworkServiceProvider.State.Shutdown) {
throw new CloudRuntimeException(
"Network Service Provider: "
+ ntwkSvcProvider.getProviderName()
+ " is in shutdown state in the physical network: "
+ physicalNetworkId
+ "to add this device");
}
if (_ciscoVnmcDao.listByPhysicalNetwork(physicalNetworkId).size() != 0) {
throw new CloudRuntimeException(
"A Cisco Vnmc device is already configured on this physical network");
}
Map<String, String> params = new HashMap<String, String>();
params.put("guid", UUID.randomUUID().toString());
params.put("zoneId", String.valueOf(physicalNetwork.getDataCenterId()));
params.put("physicalNetworkId", String.valueOf(physicalNetwork.getId()));
params.put("name", "Cisco VNMC Controller - " + cmd.getHost());
params.put("ip", cmd.getHost());
params.put("username", cmd.getUsername());
params.put("password", cmd.getPassword());
Map<String, Object> hostdetails = new HashMap<String, Object>();
hostdetails.putAll(params);
ServerResource resource = new CiscoVnmcResource();
Transaction txn = Transaction.currentTxn();
try {
resource.configure(cmd.getHost(), hostdetails);
Host host = _resourceMgr.addHost(zoneId, resource, Host.Type.ExternalFirewall, params);
if (host != null) {
txn.start();
ciscoVnmcResource =
new CiscoVnmcControllerVO(
host.getId(), physicalNetworkId, ntwkSvcProvider.getProviderName(), deviceName);
_ciscoVnmcDao.persist((CiscoVnmcControllerVO) ciscoVnmcResource);
DetailVO detail =
new DetailVO(host.getId(), "deviceid", String.valueOf(ciscoVnmcResource.getId()));
_hostDetailsDao.persist(detail);
txn.commit();
return ciscoVnmcResource;
} else {
throw new CloudRuntimeException("Failed to add Cisco Vnmc device due to internal error.");
}
} catch (ConfigurationException e) {
txn.rollback();
throw new CloudRuntimeException(e.getMessage());
}
}
@Override
public List<UsageVPNUserVO> getUsageRecords(
Long accountId, Long domainId, Date startDate, Date endDate, boolean limit, int page) {
List<UsageVPNUserVO> usageRecords = new ArrayList<UsageVPNUserVO>();
Long param1 = null;
String sql = null;
if (accountId != null) {
sql = GET_USAGE_RECORDS_BY_ACCOUNT;
param1 = accountId;
} else if (domainId != null) {
sql = GET_USAGE_RECORDS_BY_DOMAIN;
param1 = domainId;
} else {
sql = GET_ALL_USAGE_RECORDS;
}
if (limit) {
int startIndex = 0;
if (page > 0) {
startIndex = 500 * (page - 1);
}
sql += " LIMIT " + startIndex + ",500";
}
Transaction txn = Transaction.open(Transaction.USAGE_DB);
PreparedStatement pstmt = null;
try {
int i = 1;
pstmt = txn.prepareAutoCloseStatement(sql);
if (param1 != null) {
pstmt.setLong(i++, param1);
}
pstmt.setString(i++, DateUtil.getDateDisplayString(TimeZone.getTimeZone("GMT"), startDate));
pstmt.setString(i++, DateUtil.getDateDisplayString(TimeZone.getTimeZone("GMT"), endDate));
pstmt.setString(i++, DateUtil.getDateDisplayString(TimeZone.getTimeZone("GMT"), startDate));
pstmt.setString(i++, DateUtil.getDateDisplayString(TimeZone.getTimeZone("GMT"), endDate));
pstmt.setString(i++, DateUtil.getDateDisplayString(TimeZone.getTimeZone("GMT"), startDate));
pstmt.setString(i++, DateUtil.getDateDisplayString(TimeZone.getTimeZone("GMT"), endDate));
ResultSet rs = pstmt.executeQuery();
while (rs.next()) {
// zoneId, account_id, domain_id, user_id, user_name, created, deleted
Long zoneId = Long.valueOf(rs.getLong(1));
Long acctId = Long.valueOf(rs.getLong(2));
Long dId = Long.valueOf(rs.getLong(3));
long userId = Long.valueOf(rs.getLong(4));
String userName = rs.getString(5);
Date createdDate = null;
Date deletedDate = null;
String createdTS = rs.getString(6);
String deletedTS = rs.getString(7);
if (createdTS != null) {
createdDate = DateUtil.parseDateString(s_gmtTimeZone, createdTS);
}
if (deletedTS != null) {
deletedDate = DateUtil.parseDateString(s_gmtTimeZone, deletedTS);
}
usageRecords.add(
new UsageVPNUserVO(zoneId, acctId, dId, userId, userName, createdDate, deletedDate));
}
} catch (Exception e) {
txn.rollback();
s_logger.warn("Error getting usage records", e);
} finally {
txn.close();
}
return usageRecords;
}
@Override
@DB
public void destroyRemoteAccessVpn(long ipId, Account caller)
throws ResourceUnavailableException {
RemoteAccessVpnVO vpn = _remoteAccessVpnDao.findById(ipId);
if (vpn == null) {
s_logger.debug("vpn id=" + ipId + " does not exists ");
return;
}
_accountMgr.checkAccess(caller, null, true, vpn);
Network network = _networkMgr.getNetwork(vpn.getNetworkId());
vpn.setState(RemoteAccessVpn.State.Removed);
_remoteAccessVpnDao.update(vpn.getServerAddressId(), vpn);
boolean success = false;
try {
for (RemoteAccessVPNServiceProvider element : _vpnServiceProviders) {
if (element.stopVpn(network, vpn)) {
success = true;
break;
}
}
} finally {
if (success) {
// Cleanup corresponding ports
List<? extends FirewallRule> vpnFwRules = _rulesDao.listByIpAndPurpose(ipId, Purpose.Vpn);
Transaction txn = Transaction.currentTxn();
boolean applyFirewall = false;
List<FirewallRuleVO> fwRules = new ArrayList<FirewallRuleVO>();
// if related firewall rule is created for the first vpn port, it would be created for the 2
// other ports as well, so need to cleanup the backend
if (_rulesDao.findByRelatedId(vpnFwRules.get(0).getId()) != null) {
applyFirewall = true;
}
if (applyFirewall) {
txn.start();
for (FirewallRule vpnFwRule : vpnFwRules) {
// don't apply on the backend yet; send all 3 rules in a banch
_firewallMgr.revokeRelatedFirewallRule(vpnFwRule.getId(), false);
fwRules.add(_rulesDao.findByRelatedId(vpnFwRule.getId()));
}
s_logger.debug(
"Marked "
+ fwRules.size()
+ " firewall rules as Revoked as a part of disable remote access vpn");
txn.commit();
// now apply vpn rules on the backend
s_logger.debug(
"Reapplying firewall rules for ip id="
+ ipId
+ " as a part of disable remote access vpn");
success = _firewallMgr.applyIngressFirewallRules(ipId, caller);
}
if (success) {
try {
txn.start();
_remoteAccessVpnDao.remove(ipId);
// Stop billing of VPN users when VPN is removed. VPN_User_ADD events will be generated
// when VPN is created again
List<VpnUserVO> vpnUsers = _vpnUsersDao.listByAccount(vpn.getAccountId());
for (VpnUserVO user : vpnUsers) {
// VPN_USER_REMOVE event is already generated for users in Revoke state
if (user.getState() != VpnUser.State.Revoke) {
UsageEventUtils.publishUsageEvent(
EventTypes.EVENT_VPN_USER_REMOVE,
user.getAccountId(),
0,
user.getId(),
user.getUsername(),
user.getClass().getName(),
user.getUuid());
}
}
if (vpnFwRules != null) {
for (FirewallRule vpnFwRule : vpnFwRules) {
_rulesDao.remove(vpnFwRule.getId());
s_logger.debug(
"Successfully removed firewall rule with ip id="
+ vpnFwRule.getSourceIpAddressId()
+ " and port "
+ vpnFwRule.getSourcePortStart()
+ " as a part of vpn cleanup");
}
}
txn.commit();
} catch (Exception ex) {
txn.rollback();
s_logger.warn("Unable to release the three vpn ports from the firewall rules", ex);
}
}
}
}
}
@Override
@DB
public VmwareDatacenterVO addVmwareDatacenter(AddVmwareDcCmd cmd) throws ResourceInUseException {
VmwareDatacenterVO vmwareDc = null;
Long zoneId = cmd.getZoneId();
String userName = cmd.getUsername();
String password = cmd.getPassword();
String vCenterHost = cmd.getVcenter();
String vmwareDcName = cmd.getName();
// Validate username, password, VMware DC name and vCenter
if (userName == null) {
throw new InvalidParameterValueException("Missing or invalid parameter username.");
}
if (password == null) {
throw new InvalidParameterValueException("Missing or invalid parameter username.");
}
if (vmwareDcName == null) {
throw new InvalidParameterValueException(
"Missing or invalid parameter name. Please provide valid VMware datacenter name.");
}
if (vCenterHost == null) {
throw new InvalidParameterValueException(
"Missing or invalid parameter name. "
+ "Please provide valid VMware vCenter server's IP address or fully qualified domain name.");
}
if (zoneId == null) {
throw new InvalidParameterValueException(
"Missing or invalid parameter name. " + "Please provide valid zone id.");
}
// Zone validation
validateZone(zoneId);
VmwareDatacenterZoneMapVO vmwareDcZoneMap = _vmwareDcZoneMapDao.findByZoneId(zoneId);
// Check if zone is associated with VMware DC
if (vmwareDcZoneMap != null) {
// Check if the associated VMware DC matches the one specified in API params
// This check would yield success as the association exists between same entities (zone and
// VMware DC)
// This scenario would result in if the API addVmwareDc is called more than once with same
// parameters.
Long associatedVmwareDcId = vmwareDcZoneMap.getVmwareDcId();
VmwareDatacenterVO associatedVmwareDc = _vmwareDcDao.findById(associatedVmwareDcId);
if (associatedVmwareDc.getVcenterHost().equalsIgnoreCase(vCenterHost)
&& associatedVmwareDc.getVmwareDatacenterName().equalsIgnoreCase(vmwareDcName)) {
s_logger.info(
"Ignoring API call addVmwareDc, because VMware DC "
+ vCenterHost
+ "/"
+ vmwareDcName
+ " is already associated with specified zone with id "
+ zoneId);
return associatedVmwareDc;
} else {
throw new CloudRuntimeException(
"Zone "
+ zoneId
+ " is already associated with a VMware datacenter. "
+ "Only 1 VMware DC can be associated with a zone.");
}
}
// Zone validation to check if the zone already has resources.
// Association of VMware DC to zone is not allowed if zone already has resources added.
validateZoneWithResources(zoneId, "add VMware datacenter to zone");
// Check if DC is already part of zone
// In that case vmware_data_center table should have the DC
vmwareDc = _vmwareDcDao.getVmwareDatacenterByGuid(vmwareDcName + "@" + vCenterHost);
if (vmwareDc != null) {
throw new ResourceInUseException(
"This DC is already part of other CloudStack zone(s). Cannot add this DC to more zones.");
}
VmwareContext context = null;
DatacenterMO dcMo = null;
String dcCustomFieldValue;
boolean addDcCustomFieldDef = false;
boolean dcInUse = false;
String guid;
ManagedObjectReference dcMor;
try {
context = VmwareContextFactory.create(vCenterHost, userName, password);
// Check if DC exists on vCenter
dcMo = new DatacenterMO(context, vmwareDcName);
dcMor = dcMo.getMor();
if (dcMor == null) {
String msg =
"Unable to find VMware DC " + vmwareDcName + " in vCenter " + vCenterHost + ". ";
s_logger.error(msg);
throw new InvalidParameterValueException(msg);
}
// Check if DC is already associated with another cloudstack deployment
// Get custom field property cloud.zone over this DC
guid = vmwareDcName + "@" + vCenterHost;
dcCustomFieldValue = dcMo.getCustomFieldValue(CustomFieldConstants.CLOUD_ZONE);
if (dcCustomFieldValue == null) {
addDcCustomFieldDef = true;
}
dcInUse = Boolean.parseBoolean(dcCustomFieldValue);
if (dcInUse) {
throw new ResourceInUseException(
"This DC is being managed by other CloudStack deployment. Cannot add this DC to zone.");
}
// Add DC to database into vmware_data_center table
vmwareDc = new VmwareDatacenterVO(guid, vmwareDcName, vCenterHost, userName, password);
Transaction txn = Transaction.currentTxn();
try {
txn.start();
vmwareDc = _vmwareDcDao.persist(vmwareDc);
txn.commit();
} catch (Exception e) {
txn.rollback();
s_logger.error(
"Failed to persist VMware datacenter details to database. Exception: "
+ e.getMessage());
throw new CloudRuntimeException(e.getMessage());
}
// Map zone with vmware datacenter
vmwareDcZoneMap = new VmwareDatacenterZoneMapVO(zoneId, vmwareDc.getId());
txn = Transaction.currentTxn();
try {
txn.start();
vmwareDcZoneMap = _vmwareDcZoneMapDao.persist(vmwareDcZoneMap);
txn.commit();
} catch (Exception e) {
txn.rollback();
s_logger.error(
"Failed to associate VMware datacenter with zone "
+ zoneId
+ ". Exception: "
+ e.getMessage());
// Removing VMware datacenter from vmware_data_center table because association with zone
// failed.
_vmwareDcDao.remove(vmwareDcZoneMap.getId());
throw new CloudRuntimeException(e.getMessage());
}
// Set custom field for this DC
if (addDcCustomFieldDef) {
dcMo.ensureCustomFieldDef(CustomFieldConstants.CLOUD_ZONE);
}
dcMo.setCustomFieldValue(CustomFieldConstants.CLOUD_ZONE, "true");
} catch (Throwable e) {
String msg = "Failed to add VMware DC to zone ";
if (e instanceof RemoteException) {
msg = "Encountered remote exception at vCenter. " + VmwareHelper.getExceptionMessage(e);
} else {
msg += "due to : " + e.getMessage();
}
throw new CloudRuntimeException(msg);
} finally {
if (context != null) {
context.close();
}
context = null;
}
return vmwareDc;
}
@Override
public boolean implement(
Network network, NetworkOffering offering, DeployDestination dest, ReservationContext context)
throws ConcurrentOperationException, ResourceUnavailableException,
InsufficientCapacityException {
DataCenter zone = _configMgr.getZone(network.getDataCenterId());
if (zone.getNetworkType() == NetworkType.Basic) {
s_logger.debug("Not handling network implement in zone of type " + NetworkType.Basic);
return false;
}
if (!canHandle(network)) {
return false;
}
List<CiscoVnmcControllerVO> devices =
_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
if (devices.isEmpty()) {
s_logger.error("No Cisco Vnmc device on network " + network.getName());
return false;
}
List<CiscoAsa1000vDeviceVO> asaList =
_ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
if (asaList.isEmpty()) {
s_logger.debug("No Cisco ASA 1000v device on network " + network.getName());
return false;
}
NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
if (asaForNetwork != null) {
s_logger.debug("Cisco ASA 1000v device already associated with network " + network.getName());
return true;
}
if (!_networkModel.isProviderSupportServiceInNetwork(
network.getId(), Service.SourceNat, Provider.CiscoVnmc)) {
s_logger.error(
"SourceNat service is not provided by Cisco Vnmc device on network " + network.getName());
return false;
}
Transaction txn = Transaction.currentTxn();
boolean status = false;
try {
txn.start();
// ensure that there is an ASA 1000v assigned to this network
CiscoAsa1000vDevice assignedAsa = assignAsa1000vToNetwork(network);
if (assignedAsa == null) {
s_logger.error("Unable to assign ASA 1000v device to network " + network.getName());
return false;
}
ClusterVO asaCluster = _clusterDao.findById(assignedAsa.getClusterId());
ClusterVSMMapVO clusterVsmMap = _clusterVsmMapDao.findByClusterId(assignedAsa.getClusterId());
if (clusterVsmMap == null) {
s_logger.error(
"Vmware cluster "
+ asaCluster.getName()
+ " has no Cisco Nexus VSM device associated with it");
return false;
}
CiscoNexusVSMDeviceVO vsmDevice = _vsmDeviceDao.findById(clusterVsmMap.getVsmId());
if (vsmDevice == null) {
s_logger.error(
"Unable to load details of Cisco Nexus VSM device associated with cluster "
+ asaCluster.getName());
return false;
}
CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
_hostDao.loadDetails(ciscoVnmcHost);
Account owner = context.getAccount();
PublicIp sourceNatIp = _ipAddrMgr.assignSourceNatIpAddressToGuestNetwork(owner, network);
String vlan = network.getBroadcastUri().getHost();
long vlanId = Long.parseLong(vlan);
List<VlanVO> vlanVOList =
_vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId());
List<String> publicGateways = new ArrayList<String>();
for (VlanVO vlanVO : vlanVOList) {
publicGateways.add(vlanVO.getVlanGateway());
}
// due to VNMC limitation of not allowing source NAT ip as the outside ip of firewall,
// an additional public ip needs to acquired for assigning as firewall outside ip.
// In case there are already additional ip addresses available (network restart) use one
// of them such that it is not the source NAT ip
IpAddress outsideIp = null;
List<IPAddressVO> publicIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), null);
for (IPAddressVO ip : publicIps) {
if (!ip.isSourceNat()) {
outsideIp = ip;
break;
}
}
if (outsideIp == null) { // none available, acquire one
try {
Account caller = CallContext.current().getCallingAccount();
long callerUserId = CallContext.current().getCallingUserId();
outsideIp = _ipAddrMgr.allocateIp(owner, false, caller, callerUserId, zone);
} catch (ResourceAllocationException e) {
s_logger.error("Unable to allocate additional public Ip address. Exception details " + e);
return false;
}
try {
outsideIp =
_ipAddrMgr.associateIPToGuestNetwork(outsideIp.getId(), network.getId(), true);
} catch (ResourceAllocationException e) {
s_logger.error(
"Unable to assign allocated additional public Ip "
+ outsideIp.getAddress().addr()
+ " to network with vlan "
+ vlanId
+ ". Exception details "
+ e);
return false;
}
}
// create logical edge firewall in VNMC
String gatewayNetmask = NetUtils.getCidrNetmask(network.getCidr());
// due to ASA limitation of allowing single subnet to be assigned to firewall interfaces,
// all public ip addresses must be from same subnet, this essentially means single public
// subnet in zone
if (!createLogicalEdgeFirewall(
vlanId,
network.getGateway(),
gatewayNetmask,
outsideIp.getAddress().addr(),
sourceNatIp.getNetmask(),
publicGateways,
ciscoVnmcHost.getId())) {
s_logger.error(
"Failed to create logical edge firewall in Cisco VNMC device for network "
+ network.getName());
return false;
}
// create stuff in VSM for ASA device
if (!configureNexusVsmForAsa(
vlanId,
network.getGateway(),
vsmDevice.getUserName(),
vsmDevice.getPassword(),
vsmDevice.getipaddr(),
assignedAsa.getInPortProfile(),
ciscoVnmcHost.getId())) {
s_logger.error(
"Failed to configure Cisco Nexus VSM "
+ vsmDevice.getipaddr()
+ " for ASA device for network "
+ network.getName());
return false;
}
// configure source NAT
if (!configureSourceNat(vlanId, network.getCidr(), sourceNatIp, ciscoVnmcHost.getId())) {
s_logger.error(
"Failed to configure source NAT in Cisco VNMC device for network " + network.getName());
return false;
}
// associate Asa 1000v instance with logical edge firewall
if (!associateAsaWithLogicalEdgeFirewall(
vlanId, assignedAsa.getManagementIp(), ciscoVnmcHost.getId())) {
s_logger.error(
"Failed to associate Cisco ASA 1000v ("
+ assignedAsa.getManagementIp()
+ ") with logical edge firewall in VNMC for network "
+ network.getName());
return false;
}
status = true;
txn.commit();
} finally {
if (!status) {
txn.rollback();
// FIXME: also undo changes in VNMC, VSM if anything failed
}
}
return true;
}