@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
_executor = Executors.newScheduledThreadPool(1, new NamedThreadFactory("Upload-Monitor"));
_monitoringInterval = UploadMonitoringInterval.value();
_uploadOperationTimeout = UploadOperationTimeout.value() * 60 * 1000;
_nodeId = ManagementServerNode.getManagementServerId();
return true;
}
public ScopedConfigStorage scoped(ConfigKey<?> config) {
for (ScopedConfigStorage storage : _scopedStorages) {
if (storage.getScope() == config.scope()) {
return storage;
}
}
throw new CloudRuntimeException(
"Unable to find config storage for this scope: " + config.scope() + " for " + config.key());
}
private void createOrupdateConfigObject(
Date date, String componentName, ConfigKey<?> key, String value) {
ConfigurationVO vo = _configDao.findById(key.key());
if (vo == null) {
vo = new ConfigurationVO(componentName, key);
vo.setUpdated(date);
if (value != null) {
vo.setValue(value);
}
_configDao.persist(vo);
} else {
if (vo.isDynamic() != key.isDynamic()
|| !ObjectUtils.equals(vo.getDescription(), key.description())
|| !ObjectUtils.equals(vo.getDefaultValue(), key.defaultValue())
|| !ObjectUtils.equals(vo.getScope(), key.scope().toString())
|| !ObjectUtils.equals(vo.getComponent(), componentName)) {
vo.setDynamic(key.isDynamic());
vo.setDescription(key.description());
vo.setDefaultValue(key.defaultValue());
vo.setScope(key.scope().toString());
vo.setComponent(componentName);
vo.setUpdated(date);
_configDao.persist(vo);
}
}
}
public ConfigDepotImpl() {
ConfigKey.init(this);
_scopeLevelConfigsMap.put(ConfigKey.Scope.Zone, new HashSet<ConfigKey<?>>());
_scopeLevelConfigsMap.put(ConfigKey.Scope.Cluster, new HashSet<ConfigKey<?>>());
_scopeLevelConfigsMap.put(ConfigKey.Scope.StoragePool, new HashSet<ConfigKey<?>>());
_scopeLevelConfigsMap.put(ConfigKey.Scope.Account, new HashSet<ConfigKey<?>>());
}
protected void populateConfiguration(Date date, Configurable configurable) {
if (_configured.contains(configurable)) return;
s_logger.debug("Retrieving keys from " + configurable.getClass().getSimpleName());
for (ConfigKey<?> key : configurable.getConfigKeys()) {
Pair<String, ConfigKey<?>> previous = _allKeys.get(key.key());
if (previous != null && !previous.first().equals(configurable.getConfigComponentName())) {
throw new CloudRuntimeException(
"Configurable "
+ configurable.getConfigComponentName()
+ " is adding a key that has been added before by "
+ previous.first()
+ ": "
+ key.toString());
}
_allKeys.put(
key.key(), new Pair<String, ConfigKey<?>>(configurable.getConfigComponentName(), key));
createOrupdateConfigObject(date, configurable.getConfigComponentName(), key, null);
if ((key.scope() != null) && (key.scope() != ConfigKey.Scope.Global)) {
Set<ConfigKey<?>> currentConfigs = _scopeLevelConfigsMap.get(key.scope());
currentConfigs.add(key);
}
}
_configured.add(configurable);
}
protected String retrieveTemplateName(final HypervisorType hType, final long datacenterId) {
String templateName = null;
if (hType == HypervisorType.BareMetal) {
final ConfigKey<String> hypervisorConfigKey = hypervisorsMap.get(HypervisorType.VMware);
templateName = hypervisorConfigKey.valueIn(datacenterId);
} else {
// Returning NULL is fine because the simulator will need it when
// being used instead of a real hypervisor.
// The hypervisorsMap contains only real hypervisors.
final ConfigKey<String> hypervisorConfigKey = hypervisorsMap.get(hType);
if (hypervisorConfigKey != null) {
templateName = hypervisorConfigKey.valueIn(datacenterId);
}
}
return templateName;
}
private void validateRemoteAccessVpnConfiguration() throws ConfigurationException {
String ipRange = RemoteAccessVpnClientIpRange.value();
if (ipRange == null) {
s_logger.warn("Remote Access VPN global configuration missing client ip range -- ignoring");
return;
}
Integer pskLength = _pskLength;
if (pskLength != null && (pskLength < 8 || pskLength > 256)) {
throw new ConfigurationException(
"Remote Access VPN: IPSec preshared key length should be between 8 and 256");
}
String[] range = ipRange.split("-");
if (range.length != 2) {
throw new ConfigurationException("Remote Access VPN: Invalid ip range " + ipRange);
}
if (!NetUtils.isValidIp(range[0]) || !NetUtils.isValidIp(range[1])) {
throw new ConfigurationException(
"Remote Access VPN: Invalid ip in range specification " + ipRange);
}
if (!NetUtils.validIpRange(range[0], range[1])) {
throw new ConfigurationException("Remote Access VPN: Invalid ip range " + ipRange);
}
}
public static int getUploadOperationTimeout() {
return UploadOperationTimeout.value();
}
public Long getReadTimeout() {
return ldapReadTimeout.value();
}
@Override
@DB
public RemoteAccessVpn createRemoteAccessVpn(
final long publicIpId, String ipRange, boolean openFirewall, final Boolean forDisplay)
throws NetworkRuleConflictException {
CallContext ctx = CallContext.current();
final Account caller = ctx.getCallingAccount();
Long networkId = null;
// make sure ip address exists
final PublicIpAddress ipAddr = _networkMgr.getPublicIpAddress(publicIpId);
if (ipAddr == null) {
throw new InvalidParameterValueException(
"Unable to create remote access vpn, invalid public IP address id" + publicIpId);
}
_accountMgr.checkAccess(caller, null, true, ipAddr);
if (!ipAddr.readyToUse()) {
throw new InvalidParameterValueException(
"The Ip address is not ready to be used yet: " + ipAddr.getAddress());
}
IPAddressVO ipAddress = _ipAddressDao.findById(publicIpId);
networkId = ipAddress.getAssociatedWithNetworkId();
if (networkId != null) {
_networkMgr.checkIpForService(ipAddress, Service.Vpn, null);
}
final Long vpcId = ipAddress.getVpcId();
/* IP Address used for VPC must be the source NAT IP of whole VPC */
if (vpcId != null && ipAddress.isSourceNat()) {
assert networkId == null;
// No firewall setting for VPC, it would be open internally
openFirewall = false;
}
final boolean openFirewallFinal = openFirewall;
if (networkId == null && vpcId == null) {
throw new InvalidParameterValueException(
"Unable to create remote access vpn for the ipAddress: "
+ ipAddr.getAddress().addr()
+ " as ip is not associated with any network or VPC");
}
RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByPublicIpAddress(publicIpId);
if (vpnVO != null) {
// if vpn is in Added state, return it to the api
if (vpnVO.getState() == RemoteAccessVpn.State.Added) {
return vpnVO;
}
throw new InvalidParameterValueException(
"A Remote Access VPN already exists for this public Ip address");
}
if (ipRange == null) {
ipRange = RemoteAccessVpnClientIpRange.valueIn(ipAddr.getAccountId());
}
final String[] range = ipRange.split("-");
if (range.length != 2) {
throw new InvalidParameterValueException("Invalid ip range");
}
if (!NetUtils.isValidIp(range[0]) || !NetUtils.isValidIp(range[1])) {
throw new InvalidParameterValueException("Invalid ip in range specification " + ipRange);
}
if (!NetUtils.validIpRange(range[0], range[1])) {
throw new InvalidParameterValueException("Invalid ip range " + ipRange);
}
Pair<String, Integer> cidr = null;
// TODO: assumes one virtual network / domr per account per zone
if (networkId != null) {
vpnVO = _remoteAccessVpnDao.findByAccountAndNetwork(ipAddr.getAccountId(), networkId);
if (vpnVO != null) {
// if vpn is in Added state, return it to the api
if (vpnVO.getState() == RemoteAccessVpn.State.Added) {
return vpnVO;
}
throw new InvalidParameterValueException(
"A Remote Access VPN already exists for this account");
}
// Verify that vpn service is enabled for the network
Network network = _networkMgr.getNetwork(networkId);
if (!_networkMgr.areServicesSupportedInNetwork(network.getId(), Service.Vpn)) {
throw new InvalidParameterValueException(
"Vpn service is not supported in network id=" + ipAddr.getAssociatedWithNetworkId());
}
cidr = NetUtils.getCidr(network.getCidr());
} else { // Don't need to check VPC because there is only one IP(source NAT IP) available for
// VPN
Vpc vpc = _vpcDao.findById(vpcId);
cidr = NetUtils.getCidr(vpc.getCidr());
}
// FIXME: This check won't work for the case where the guest ip range
// changes depending on the vlan allocated.
String[] guestIpRange = NetUtils.getIpRangeFromCidr(cidr.first(), cidr.second());
if (NetUtils.ipRangesOverlap(range[0], range[1], guestIpRange[0], guestIpRange[1])) {
throw new InvalidParameterValueException(
"Invalid ip range: "
+ ipRange
+ " overlaps with guest ip range "
+ guestIpRange[0]
+ "-"
+ guestIpRange[1]);
}
// TODO: check sufficient range
// TODO: check overlap with private and public ip ranges in datacenter
long startIp = NetUtils.ip2Long(range[0]);
final String newIpRange = NetUtils.long2Ip(++startIp) + "-" + range[1];
final String sharedSecret = PasswordGenerator.generatePresharedKey(_pskLength);
return Transaction.execute(
new TransactionCallbackWithException<RemoteAccessVpn, NetworkRuleConflictException>() {
@Override
public RemoteAccessVpn doInTransaction(TransactionStatus status)
throws NetworkRuleConflictException {
if (vpcId == null) {
_rulesMgr.reservePorts(
ipAddr,
NetUtils.UDP_PROTO,
Purpose.Vpn,
openFirewallFinal,
caller,
NetUtils.VPN_PORT,
NetUtils.VPN_L2TP_PORT,
NetUtils.VPN_NATT_PORT);
}
RemoteAccessVpnVO vpnVO =
new RemoteAccessVpnVO(
ipAddr.getAccountId(),
ipAddr.getDomainId(),
ipAddr.getAssociatedWithNetworkId(),
publicIpId,
vpcId,
range[0],
newIpRange,
sharedSecret);
if (forDisplay != null) {
vpnVO.setDisplay(forDisplay);
}
return _remoteAccessVpnDao.persist(vpnVO);
}
});
}
@Override
public <T> void set(ConfigKey<T> key, T value) {
_configDao.update(key.key(), value.toString());
}