public LBStickinessPolicyResponse(StickinessPolicy stickinesspolicy) {
this.name = stickinesspolicy.getName();
List<Pair<String, String>> paramsList = stickinesspolicy.getParams();
this.methodName = stickinesspolicy.getMethodName();
this.description = stickinesspolicy.getDescription();
if (stickinesspolicy.isRevoke()) {
this.setState("Revoked");
}
if (stickinesspolicy.getId() != 0) setId(stickinesspolicy.getId());
/* Get the param and values from the database and fill the response object
* The following loop is to
* 1) convert from List of Pair<String,String> to Map<String, String>
* 2) combine all params with name with ":" , currently we have one param called "domain" that can appear multiple times.
* */
Map<String, String> tempParamList = new HashMap<String, String>();
for (Pair<String, String> paramKV : paramsList) {
String key = paramKV.first();
String value = paramKV.second();
StringBuilder sb = new StringBuilder();
sb.append(value);
if (tempParamList.get(key) != null) {
sb.append(":").append(tempParamList.get(key));
}
tempParamList.put(key, sb.toString());
}
this.params = tempParamList;
setObjectName("stickinesspolicy");
}
protected boolean shutdownRouterVM(DomainRouterVO router) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Try to shutdown router VM " + router.getInstanceName() + " directly.");
}
Pair<Boolean, String> result;
try {
result =
SshHelper.sshExecute(
router.getPrivateIpAddress(),
DEFAULT_DOMR_SSHPORT,
"root",
getSystemVMKeyFile(),
null,
"poweroff -f");
if (!result.first()) {
s_logger.debug("Unable to shutdown " + router.getInstanceName() + " directly");
return false;
}
} catch (Throwable e) {
s_logger.warn("Unable to shutdown router " + router.getInstanceName() + " directly.");
return false;
}
if (s_logger.isDebugEnabled()) {
s_logger.debug("Shutdown router " + router.getInstanceName() + " successful.");
}
return true;
}
@Override
public long getAllocatedPoolCapacity(StoragePoolVO pool, VMTemplateVO templateForVmCreation) {
// Get size for all the volumes
Pair<Long, Long> sizes = _volumeDao.getCountAndTotalByPool(pool.getId());
long totalAllocatedSize = sizes.second() + sizes.first() * _extraBytesPerVolume;
// Get size for VM Snapshots
totalAllocatedSize = totalAllocatedSize + getVMSnapshotAllocatedCapacity(pool);
// Iterate through all templates on this storage pool
boolean tmpinstalled = false;
List<VMTemplateStoragePoolVO> templatePoolVOs;
templatePoolVOs = _templatePoolDao.listByPoolId(pool.getId());
for (VMTemplateStoragePoolVO templatePoolVO : templatePoolVOs) {
if ((templateForVmCreation != null)
&& !tmpinstalled
&& (templatePoolVO.getTemplateId() == templateForVmCreation.getId())) {
tmpinstalled = true;
}
long templateSize = templatePoolVO.getTemplateSize();
totalAllocatedSize += templateSize + _extraBytesPerVolume;
}
// Add the size for the templateForVmCreation if its not already present
/*if ((templateForVmCreation != null) && !tmpinstalled) {
}*/
return totalAllocatedSize;
}
public State getState(String clusterId, String name) {
HashMap<String, Pair<String, State>> vms = getClusterVmState(clusterId);
Pair<String, State> pv = vms.get(name);
return pv == null
? State.Stopped
: pv.second(); // if a VM is absent on the cluster, it is effectively in stopped state.
}
private static void updateVmUsageData(
Map<String, Pair<String, Long>> usageDataMap, String key, String vmName, long duration) {
Pair<String, Long> vmUsageInfo = usageDataMap.get(key);
if (vmUsageInfo == null) {
vmUsageInfo = new Pair<String, Long>(vmName, new Long(duration));
} else {
Long runningTime = vmUsageInfo.second();
runningTime = new Long(runningTime.longValue() + duration);
vmUsageInfo = new Pair<String, Long>(vmUsageInfo.first(), runningTime);
}
usageDataMap.put(key, vmUsageInfo);
}
private static void updatePFUsageData(
Map<String, Pair<Long, Long>> usageDataMap, String key, long pfId, long duration) {
Pair<Long, Long> pfUsageInfo = usageDataMap.get(key);
if (pfUsageInfo == null) {
pfUsageInfo = new Pair<Long, Long>(new Long(pfId), new Long(duration));
} else {
Long runningTime = pfUsageInfo.second();
runningTime = new Long(runningTime.longValue() + duration);
pfUsageInfo = new Pair<Long, Long>(pfUsageInfo.first(), runningTime);
}
usageDataMap.put(key, pfUsageInfo);
}
public void testSsh() {
try {
File file = new File("c:\\temp\\id_rsa.kelven");
if (!file.exists()) {
System.out.println("key file does not exist!");
}
Pair<Boolean, String> result =
SshHelper.sshExecute("192.168.1.107", 22, "kelven", file, null, "ls -al");
System.out.println("Result: " + result.second());
} catch (Exception e) {
s_logger.error("Unexpected exception : ", e);
}
}
@Override
public JsonElement serialize(
Pair<Long, Long> src, java.lang.reflect.Type typeOfSrc, JsonSerializationContext context) {
JsonArray array = new JsonArray();
if (src.first() != null) {
array.add(s_gson.toJsonTree(src.first()));
} else {
array.add(new JsonNull());
}
if (src.second() != null) {
array.add(s_gson.toJsonTree(src.second()));
} else {
array.add(new JsonNull());
}
return array;
}
@Override
public Pair<Long, Long> deserialize(
JsonElement json, java.lang.reflect.Type type, JsonDeserializationContext context)
throws JsonParseException {
Pair<Long, Long> pairs = new Pair<Long, Long>(null, null);
JsonArray array = json.getAsJsonArray();
if (array.size() != 2) {
return pairs;
}
JsonElement element = array.get(0);
if (!element.isJsonNull()) {
pairs.first(element.getAsLong());
}
element = array.get(1);
if (!element.isJsonNull()) {
pairs.second(element.getAsLong());
}
return pairs;
}
private boolean preparePxeInAdvancedZone(
VirtualMachineProfile profile,
NicProfile nic,
Network network,
DeployDestination dest,
ReservationContext context)
throws Exception {
DomainRouterVO vr = getVirtualRouter(network);
List<NicVO> nics = _nicDao.listByVmId(vr.getId());
NicVO mgmtNic = null;
for (NicVO nicvo : nics) {
if (ControlNetworkGuru.class.getSimpleName().equals(nicvo.getReserver())) {
mgmtNic = nicvo;
break;
}
}
if (mgmtNic == null) {
throw new CloudRuntimeException(
String.format("cannot find management nic on virtual router[id:%s]", vr.getId()));
}
String internalServerIp = _configDao.getValue(Config.BaremetalInternalStorageServer.key());
if (internalServerIp == null) {
throw new CloudRuntimeException(
String.format(
"please specify 'baremetal.internal.storage.server.ip', which is the http server/nfs server storing kickstart files and ISO files, in global setting"));
}
List<String> tuple = parseKickstartUrl(profile);
String cmd =
String.format(
"/usr/bin/prepare_pxe.sh %s %s %s %s %s %s",
tuple.get(1),
tuple.get(2),
profile.getTemplate().getUuid(),
String.format("01-%s", nic.getMacAddress().replaceAll(":", "-")).toLowerCase(),
tuple.get(0),
nic.getMacAddress().toLowerCase());
s_logger.debug(
String.format(
"prepare pxe on virtual router[ip:%s], cmd: %s", mgmtNic.getIp4Address(), cmd));
Pair<Boolean, String> ret =
SshHelper.sshExecute(
mgmtNic.getIp4Address(), 3922, "root", getSystemVMKeyFile(), null, cmd);
if (!ret.first()) {
throw new CloudRuntimeException(
String.format(
"failed preparing PXE in virtual router[id:%s], because %s",
vr.getId(), ret.second()));
}
// String internalServerIp = "10.223.110.231";
cmd =
String.format(
"/usr/bin/baremetal_snat.sh %s %s %s",
mgmtNic.getIp4Address(), internalServerIp, mgmtNic.getGateway());
s_logger.debug(
String.format(
"prepare SNAT on virtual router[ip:%s], cmd: %s", mgmtNic.getIp4Address(), cmd));
ret =
SshHelper.sshExecute(
mgmtNic.getIp4Address(), 3922, "root", getSystemVMKeyFile(), null, cmd);
if (!ret.first()) {
throw new CloudRuntimeException(
String.format(
"failed preparing PXE in virtual router[id:%s], because %s",
vr.getId(), ret.second()));
}
return true;
}
@Override
@DB
public RemoteAccessVpn createRemoteAccessVpn(
final long publicIpId, String ipRange, boolean openFirewall, final Boolean forDisplay)
throws NetworkRuleConflictException {
CallContext ctx = CallContext.current();
final Account caller = ctx.getCallingAccount();
Long networkId = null;
// make sure ip address exists
final PublicIpAddress ipAddr = _networkMgr.getPublicIpAddress(publicIpId);
if (ipAddr == null) {
throw new InvalidParameterValueException(
"Unable to create remote access vpn, invalid public IP address id" + publicIpId);
}
_accountMgr.checkAccess(caller, null, true, ipAddr);
if (!ipAddr.readyToUse()) {
throw new InvalidParameterValueException(
"The Ip address is not ready to be used yet: " + ipAddr.getAddress());
}
IPAddressVO ipAddress = _ipAddressDao.findById(publicIpId);
networkId = ipAddress.getAssociatedWithNetworkId();
if (networkId != null) {
_networkMgr.checkIpForService(ipAddress, Service.Vpn, null);
}
final Long vpcId = ipAddress.getVpcId();
/* IP Address used for VPC must be the source NAT IP of whole VPC */
if (vpcId != null && ipAddress.isSourceNat()) {
assert networkId == null;
// No firewall setting for VPC, it would be open internally
openFirewall = false;
}
final boolean openFirewallFinal = openFirewall;
if (networkId == null && vpcId == null) {
throw new InvalidParameterValueException(
"Unable to create remote access vpn for the ipAddress: "
+ ipAddr.getAddress().addr()
+ " as ip is not associated with any network or VPC");
}
RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByPublicIpAddress(publicIpId);
if (vpnVO != null) {
// if vpn is in Added state, return it to the api
if (vpnVO.getState() == RemoteAccessVpn.State.Added) {
return vpnVO;
}
throw new InvalidParameterValueException(
"A Remote Access VPN already exists for this public Ip address");
}
if (ipRange == null) {
ipRange = RemoteAccessVpnClientIpRange.valueIn(ipAddr.getAccountId());
}
final String[] range = ipRange.split("-");
if (range.length != 2) {
throw new InvalidParameterValueException("Invalid ip range");
}
if (!NetUtils.isValidIp(range[0]) || !NetUtils.isValidIp(range[1])) {
throw new InvalidParameterValueException("Invalid ip in range specification " + ipRange);
}
if (!NetUtils.validIpRange(range[0], range[1])) {
throw new InvalidParameterValueException("Invalid ip range " + ipRange);
}
Pair<String, Integer> cidr = null;
// TODO: assumes one virtual network / domr per account per zone
if (networkId != null) {
vpnVO = _remoteAccessVpnDao.findByAccountAndNetwork(ipAddr.getAccountId(), networkId);
if (vpnVO != null) {
// if vpn is in Added state, return it to the api
if (vpnVO.getState() == RemoteAccessVpn.State.Added) {
return vpnVO;
}
throw new InvalidParameterValueException(
"A Remote Access VPN already exists for this account");
}
// Verify that vpn service is enabled for the network
Network network = _networkMgr.getNetwork(networkId);
if (!_networkMgr.areServicesSupportedInNetwork(network.getId(), Service.Vpn)) {
throw new InvalidParameterValueException(
"Vpn service is not supported in network id=" + ipAddr.getAssociatedWithNetworkId());
}
cidr = NetUtils.getCidr(network.getCidr());
} else { // Don't need to check VPC because there is only one IP(source NAT IP) available for
// VPN
Vpc vpc = _vpcDao.findById(vpcId);
cidr = NetUtils.getCidr(vpc.getCidr());
}
// FIXME: This check won't work for the case where the guest ip range
// changes depending on the vlan allocated.
String[] guestIpRange = NetUtils.getIpRangeFromCidr(cidr.first(), cidr.second());
if (NetUtils.ipRangesOverlap(range[0], range[1], guestIpRange[0], guestIpRange[1])) {
throw new InvalidParameterValueException(
"Invalid ip range: "
+ ipRange
+ " overlaps with guest ip range "
+ guestIpRange[0]
+ "-"
+ guestIpRange[1]);
}
// TODO: check sufficient range
// TODO: check overlap with private and public ip ranges in datacenter
long startIp = NetUtils.ip2Long(range[0]);
final String newIpRange = NetUtils.long2Ip(++startIp) + "-" + range[1];
final String sharedSecret = PasswordGenerator.generatePresharedKey(_pskLength);
return Transaction.execute(
new TransactionCallbackWithException<RemoteAccessVpn, NetworkRuleConflictException>() {
@Override
public RemoteAccessVpn doInTransaction(TransactionStatus status)
throws NetworkRuleConflictException {
if (vpcId == null) {
_rulesMgr.reservePorts(
ipAddr,
NetUtils.UDP_PROTO,
Purpose.Vpn,
openFirewallFinal,
caller,
NetUtils.VPN_PORT,
NetUtils.VPN_L2TP_PORT,
NetUtils.VPN_NATT_PORT);
}
RemoteAccessVpnVO vpnVO =
new RemoteAccessVpnVO(
ipAddr.getAccountId(),
ipAddr.getDomainId(),
ipAddr.getAssociatedWithNetworkId(),
publicIpId,
vpcId,
range[0],
newIpRange,
sharedSecret);
if (forDisplay != null) {
vpnVO.setDisplay(forDisplay);
}
return _remoteAccessVpnDao.persist(vpnVO);
}
});
}
@Override
public boolean postStateTransitionEvent(
State oldState,
Event event,
State newState,
VirtualMachine vm,
boolean status,
Object opaque) {
if (!status) {
return false;
}
@SuppressWarnings("unchecked")
Pair<Long, Long> hosts = (Pair<Long, Long>) opaque;
Long oldHostId = hosts.first();
s_logger.debug(
"VM state transitted from :"
+ oldState
+ " to "
+ newState
+ " with event: "
+ event
+ "vm's original host id: "
+ vm.getLastHostId()
+ " new host id: "
+ vm.getHostId()
+ " host id before state transition: "
+ oldHostId);
if (oldState == State.Starting) {
if (newState != State.Running) {
releaseVmCapacity(vm, false, false, oldHostId);
}
} else if (oldState == State.Running) {
if (event == Event.AgentReportStopped) {
releaseVmCapacity(vm, false, true, oldHostId);
} else if (event == Event.AgentReportMigrated) {
releaseVmCapacity(vm, false, false, oldHostId);
}
} else if (oldState == State.Migrating) {
if (event == Event.AgentReportStopped) {
/* Release capacity from original host */
releaseVmCapacity(vm, false, false, vm.getLastHostId());
releaseVmCapacity(vm, false, false, oldHostId);
} else if (event == Event.OperationFailed) {
/* Release from dest host */
releaseVmCapacity(vm, false, false, oldHostId);
} else if (event == Event.OperationSucceeded) {
releaseVmCapacity(vm, false, false, vm.getLastHostId());
}
} else if (oldState == State.Stopping) {
if (event == Event.OperationSucceeded) {
releaseVmCapacity(vm, false, true, oldHostId);
} else if (event == Event.AgentReportStopped) {
releaseVmCapacity(vm, false, false, oldHostId);
} else if (event == Event.AgentReportMigrated) {
releaseVmCapacity(vm, false, false, oldHostId);
}
} else if (oldState == State.Stopped) {
if (event == Event.DestroyRequested || event == Event.ExpungeOperation) {
releaseVmCapacity(vm, true, false, vm.getLastHostId());
} else if (event == Event.AgentReportMigrated) {
releaseVmCapacity(vm, false, false, oldHostId);
}
}
if ((newState == State.Starting
|| newState == State.Migrating
|| event == Event.AgentReportMigrated)
&& vm.getHostId() != null) {
boolean fromLastHost = false;
if (vm.getLastHostId() == vm.getHostId()) {
s_logger.debug("VM starting again on the last host it was stopped on");
fromLastHost = true;
}
allocateVmCapacity(vm, fromLastHost);
}
return true;
}
public HttpTemplateDownloader(
StorageLayer storageLayer,
String downloadUrl,
String toDir,
DownloadCompleteCallback callback,
long maxTemplateSizeInBytes,
String user,
String password,
Proxy proxy,
ResourceType resourceType) {
this._storage = storageLayer;
this.downloadUrl = downloadUrl;
this.setToDir(toDir);
this.status = TemplateDownloader.Status.NOT_STARTED;
this.resourceType = resourceType;
this.MAX_TEMPLATE_SIZE_IN_BYTES = maxTemplateSizeInBytes;
this.totalBytes = 0;
this.client = new HttpClient();
myretryhandler =
new HttpMethodRetryHandler() {
public boolean retryMethod(
final HttpMethod method, final IOException exception, int executionCount) {
if (executionCount >= 2) {
// Do not retry if over max retry count
return false;
}
if (exception instanceof NoHttpResponseException) {
// Retry if the server dropped connection on us
return true;
}
if (!method.isRequestSent()) {
// Retry if the request has not been sent fully or
// if it's OK to retry methods that have been sent
return true;
}
// otherwise do not retry
return false;
}
};
try {
this.request = new GetMethod(downloadUrl);
this.request.getParams().setParameter(HttpMethodParams.RETRY_HANDLER, myretryhandler);
this.completionCallback = callback;
// this.request.setFollowRedirects(false);
File f = File.createTempFile("dnld", "tmp_", new File(toDir));
if (_storage != null) {
_storage.setWorldReadableAndWriteable(f);
}
toFile = f.getAbsolutePath();
Pair<String, Integer> hostAndPort = validateUrl(downloadUrl);
if (proxy != null) {
client.getHostConfiguration().setProxy(proxy.getHost(), proxy.getPort());
if (proxy.getUserName() != null) {
Credentials proxyCreds =
new UsernamePasswordCredentials(proxy.getUserName(), proxy.getPassword());
client.getState().setProxyCredentials(AuthScope.ANY, proxyCreds);
}
}
if ((user != null) && (password != null)) {
client.getParams().setAuthenticationPreemptive(true);
Credentials defaultcreds = new UsernamePasswordCredentials(user, password);
client
.getState()
.setCredentials(
new AuthScope(hostAndPort.first(), hostAndPort.second(), AuthScope.ANY_REALM),
defaultcreds);
s_logger.info(
"Added username="******", password="******"for host "
+ hostAndPort.first()
+ ":"
+ hostAndPort.second());
} else {
s_logger.info(
"No credentials configured for host="
+ hostAndPort.first()
+ ":"
+ hostAndPort.second());
}
} catch (IllegalArgumentException iae) {
errorString = iae.getMessage();
status = TemplateDownloader.Status.UNRECOVERABLE_ERROR;
inited = false;
} catch (Exception ex) {
errorString = "Unable to start download -- check url? ";
status = TemplateDownloader.Status.UNRECOVERABLE_ERROR;
s_logger.warn("Exception in constructor -- " + ex.toString());
} catch (Throwable th) {
s_logger.warn("throwable caught ", th);
}
}
@Override
public List<LoadBalancerVO> searchForLoadBalancers(ListLoadBalancerRulesCmd cmd) {
Account caller = UserContext.current().getCaller();
Long ipId = cmd.getPublicIpId();
Long zoneId = cmd.getZoneId();
String path = null;
Pair<String, Long> accountDomainPair =
_accountMgr.finalizeAccountDomainForList(caller, cmd.getAccountName(), cmd.getDomainId());
String accountName = accountDomainPair.first();
Long domainId = accountDomainPair.second();
if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN
|| caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) {
Domain domain = _domainMgr.getDomain(caller.getDomainId());
path = domain.getPath();
}
Filter searchFilter =
new Filter(LoadBalancerVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal());
Object id = cmd.getId();
Object name = cmd.getLoadBalancerRuleName();
Object keyword = cmd.getKeyword();
Object instanceId = cmd.getVirtualMachineId();
SearchBuilder<LoadBalancerVO> sb = _lbDao.createSearchBuilder();
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
sb.and("name", sb.entity().getName(), SearchCriteria.Op.LIKE);
sb.and("sourceIpAddress", sb.entity().getSourceIpAddressId(), SearchCriteria.Op.EQ);
sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ);
if (instanceId != null) {
SearchBuilder<LoadBalancerVMMapVO> lbVMSearch = _lb2VmMapDao.createSearchBuilder();
lbVMSearch.and("instanceId", lbVMSearch.entity().getInstanceId(), SearchCriteria.Op.EQ);
sb.join(
"lbVMSearch",
lbVMSearch,
sb.entity().getId(),
lbVMSearch.entity().getLoadBalancerId(),
JoinBuilder.JoinType.INNER);
}
if (path != null) {
// for domain admin we should show only subdomains information
SearchBuilder<DomainVO> domainSearch = _domainDao.createSearchBuilder();
domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE);
sb.join(
"domainSearch",
domainSearch,
sb.entity().getDomainId(),
domainSearch.entity().getId(),
JoinBuilder.JoinType.INNER);
}
if (zoneId != null) {
SearchBuilder<IPAddressVO> ipSearch = _ipAddressDao.createSearchBuilder();
ipSearch.and("zoneId", ipSearch.entity().getDataCenterId(), SearchCriteria.Op.EQ);
sb.join(
"ipSearch",
ipSearch,
sb.entity().getSourceIpAddressId(),
ipSearch.entity().getId(),
JoinBuilder.JoinType.INNER);
}
SearchCriteria<LoadBalancerVO> sc = sb.create();
if (keyword != null) {
SearchCriteria<LoadBalancerVO> ssc = _lbDao.createSearchCriteria();
ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%");
ssc.addOr("description", SearchCriteria.Op.LIKE, "%" + keyword + "%");
sc.addAnd("name", SearchCriteria.Op.SC, ssc);
}
if (name != null) {
sc.setParameters("name", "%" + name + "%");
}
if (id != null) {
sc.setParameters("id", id);
}
if (ipId != null) {
sc.setParameters("sourceIpAddress", ipId);
}
if (instanceId != null) {
sc.setJoinParameters("lbVMSearch", "instanceId", instanceId);
}
if (domainId != null) {
sc.setParameters("domainId", domainId);
if (accountName != null) {
Account account = _accountMgr.getActiveAccountByName(accountName, domainId);
sc.setParameters("accountId", account.getId());
}
}
if (path != null) {
sc.setJoinParameters("domainSearch", "path", path + "%");
}
if (zoneId != null) {
sc.setJoinParameters("ipSearch", "zoneId", zoneId);
}
return _lbDao.search(sc, searchFilter);
}
@Override
public boolean finalizeCommandsOnStart(final Commands cmds, final VirtualMachineProfile profile) {
final DomainRouterVO domainRouterVO = _routerDao.findById(profile.getId());
final boolean isVpc = domainRouterVO.getVpcId() != null;
if (!isVpc) {
return super.finalizeCommandsOnStart(cmds, profile);
}
if (domainRouterVO.getState() == State.Starting || domainRouterVO.getState() == State.Running) {
// 1) FORM SSH CHECK COMMAND
final NicProfile controlNic = getControlNic(profile);
if (controlNic == null) {
s_logger.error("Control network doesn't exist for the router " + domainRouterVO);
return false;
}
finalizeSshAndVersionAndNetworkUsageOnStart(cmds, profile, domainRouterVO, controlNic);
// 2) FORM PLUG NIC COMMANDS
final List<Pair<Nic, Network>> guestNics = new ArrayList<Pair<Nic, Network>>();
final List<Pair<Nic, Network>> publicNics = new ArrayList<Pair<Nic, Network>>();
final Map<String, String> vlanMacAddress = new HashMap<String, String>();
final List<? extends Nic> routerNics = _nicDao.listByVmId(profile.getId());
for (final Nic routerNic : routerNics) {
final Network network = _networkModel.getNetwork(routerNic.getNetworkId());
if (network.getTrafficType() == TrafficType.Guest) {
final Pair<Nic, Network> guestNic = new Pair<Nic, Network>(routerNic, network);
guestNics.add(guestNic);
} else if (network.getTrafficType() == TrafficType.Public) {
final Pair<Nic, Network> publicNic = new Pair<Nic, Network>(routerNic, network);
publicNics.add(publicNic);
final String vlanTag = BroadcastDomainType.getValue(routerNic.getBroadcastUri());
vlanMacAddress.put(vlanTag, routerNic.getMacAddress());
}
}
final List<Command> usageCmds = new ArrayList<Command>();
// 3) PREPARE PLUG NIC COMMANDS
try {
// add VPC router to public networks
final List<PublicIp> sourceNat = new ArrayList<PublicIp>(1);
for (final Pair<Nic, Network> nicNtwk : publicNics) {
final Nic publicNic = nicNtwk.first();
final Network publicNtwk = nicNtwk.second();
final IPAddressVO userIp =
_ipAddressDao.findByIpAndSourceNetworkId(
publicNtwk.getId(), publicNic.getIPv4Address());
if (userIp.isSourceNat()) {
final PublicIp publicIp =
PublicIp.createFromAddrAndVlan(userIp, _vlanDao.findById(userIp.getVlanId()));
sourceNat.add(publicIp);
if (domainRouterVO.getPublicIpAddress() == null) {
final DomainRouterVO routerVO = _routerDao.findById(domainRouterVO.getId());
routerVO.setPublicIpAddress(publicNic.getIPv4Address());
routerVO.setPublicNetmask(publicNic.getIPv4Netmask());
routerVO.setPublicMacAddress(publicNic.getMacAddress());
_routerDao.update(routerVO.getId(), routerVO);
}
}
final PlugNicCommand plugNicCmd =
new PlugNicCommand(
_nwHelper.getNicTO(
domainRouterVO,
publicNic.getNetworkId(),
publicNic.getBroadcastUri().toString()),
domainRouterVO.getInstanceName(),
domainRouterVO.getType());
cmds.addCommand(plugNicCmd);
final VpcVO vpc = _vpcDao.findById(domainRouterVO.getVpcId());
final NetworkUsageCommand netUsageCmd =
new NetworkUsageCommand(
domainRouterVO.getPrivateIpAddress(),
domainRouterVO.getInstanceName(),
true,
publicNic.getIPv4Address(),
vpc.getCidr());
usageCmds.add(netUsageCmd);
UserStatisticsVO stats =
_userStatsDao.findBy(
domainRouterVO.getAccountId(),
domainRouterVO.getDataCenterId(),
publicNtwk.getId(),
publicNic.getIPv4Address(),
domainRouterVO.getId(),
domainRouterVO.getType().toString());
if (stats == null) {
stats =
new UserStatisticsVO(
domainRouterVO.getAccountId(),
domainRouterVO.getDataCenterId(),
publicNic.getIPv4Address(),
domainRouterVO.getId(),
domainRouterVO.getType().toString(),
publicNtwk.getId());
_userStatsDao.persist(stats);
}
}
// create ip assoc for source nat
if (!sourceNat.isEmpty()) {
_commandSetupHelper.createVpcAssociatePublicIPCommands(
domainRouterVO, sourceNat, cmds, vlanMacAddress);
}
// add VPC router to guest networks
for (final Pair<Nic, Network> nicNtwk : guestNics) {
final Nic guestNic = nicNtwk.first();
// plug guest nic
final PlugNicCommand plugNicCmd =
new PlugNicCommand(
_nwHelper.getNicTO(domainRouterVO, guestNic.getNetworkId(), null),
domainRouterVO.getInstanceName(),
domainRouterVO.getType());
cmds.addCommand(plugNicCmd);
if (!_networkModel.isPrivateGateway(guestNic.getNetworkId())) {
// set guest network
final VirtualMachine vm = _vmDao.findById(domainRouterVO.getId());
final NicProfile nicProfile =
_networkModel.getNicProfile(vm, guestNic.getNetworkId(), null);
final SetupGuestNetworkCommand setupCmd =
_commandSetupHelper.createSetupGuestNetworkCommand(
domainRouterVO, true, nicProfile);
cmds.addCommand(setupCmd);
} else {
// set private network
final PrivateIpVO ipVO =
_privateIpDao.findByIpAndSourceNetworkId(
guestNic.getNetworkId(), guestNic.getIPv4Address());
final Network network = _networkDao.findById(guestNic.getNetworkId());
BroadcastDomainType.getValue(network.getBroadcastUri());
final String netmask = NetUtils.getCidrNetmask(network.getCidr());
final PrivateIpAddress ip =
new PrivateIpAddress(
ipVO,
network.getBroadcastUri().toString(),
network.getGateway(),
netmask,
guestNic.getMacAddress());
final List<PrivateIpAddress> privateIps = new ArrayList<PrivateIpAddress>(1);
privateIps.add(ip);
_commandSetupHelper.createVpcAssociatePrivateIPCommands(
domainRouterVO, privateIps, cmds, true);
final Long privateGwAclId =
_vpcGatewayDao.getNetworkAclIdForPrivateIp(
ipVO.getVpcId(), ipVO.getNetworkId(), ipVO.getIpAddress());
if (privateGwAclId != null) {
// set network acl on private gateway
final List<NetworkACLItemVO> networkACLs =
_networkACLItemDao.listByACL(privateGwAclId);
s_logger.debug(
"Found "
+ networkACLs.size()
+ " network ACLs to apply as a part of VPC VR "
+ domainRouterVO
+ " start for private gateway ip = "
+ ipVO.getIpAddress());
_commandSetupHelper.createNetworkACLsCommands(
networkACLs, domainRouterVO, cmds, ipVO.getNetworkId(), true);
}
}
}
} catch (final Exception ex) {
s_logger.warn(
"Failed to add router " + domainRouterVO + " to network due to exception ", ex);
return false;
}
// 4) RE-APPLY ALL STATIC ROUTE RULES
final List<? extends StaticRoute> routes =
_staticRouteDao.listByVpcId(domainRouterVO.getVpcId());
final List<StaticRouteProfile> staticRouteProfiles =
new ArrayList<StaticRouteProfile>(routes.size());
final Map<Long, VpcGateway> gatewayMap = new HashMap<Long, VpcGateway>();
for (final StaticRoute route : routes) {
VpcGateway gateway = gatewayMap.get(route.getVpcGatewayId());
if (gateway == null) {
gateway = _entityMgr.findById(VpcGateway.class, route.getVpcGatewayId());
gatewayMap.put(gateway.getId(), gateway);
}
staticRouteProfiles.add(new StaticRouteProfile(route, gateway));
}
s_logger.debug(
"Found "
+ staticRouteProfiles.size()
+ " static routes to apply as a part of vpc route "
+ domainRouterVO
+ " start");
if (!staticRouteProfiles.isEmpty()) {
_commandSetupHelper.createStaticRouteCommands(staticRouteProfiles, domainRouterVO, cmds);
}
// 5) RE-APPLY ALL REMOTE ACCESS VPNs
final RemoteAccessVpnVO vpn =
_vpnDao.findByAccountAndVpc(domainRouterVO.getAccountId(), domainRouterVO.getVpcId());
if (vpn != null) {
_commandSetupHelper.createApplyVpnCommands(true, vpn, domainRouterVO, cmds);
}
// 6) REPROGRAM GUEST NETWORK
boolean reprogramGuestNtwks = true;
if (profile.getParameter(Param.ReProgramGuestNetworks) != null
&& (Boolean) profile.getParameter(Param.ReProgramGuestNetworks) == false) {
reprogramGuestNtwks = false;
}
final VirtualRouterProvider vrProvider =
_vrProviderDao.findById(domainRouterVO.getElementId());
if (vrProvider == null) {
throw new CloudRuntimeException(
"Cannot find related virtual router provider of router: "
+ domainRouterVO.getHostName());
}
final Provider provider = Network.Provider.getProvider(vrProvider.getType().toString());
if (provider == null) {
throw new CloudRuntimeException(
"Cannot find related provider of virtual router provider: "
+ vrProvider.getType().toString());
}
for (final Pair<Nic, Network> nicNtwk : guestNics) {
final Nic guestNic = nicNtwk.first();
final AggregationControlCommand startCmd =
new AggregationControlCommand(
Action.Start,
domainRouterVO.getInstanceName(),
controlNic.getIPv4Address(),
_routerControlHelper.getRouterIpInNetwork(
guestNic.getNetworkId(), domainRouterVO.getId()));
cmds.addCommand(startCmd);
if (reprogramGuestNtwks) {
finalizeIpAssocForNetwork(
cmds, domainRouterVO, provider, guestNic.getNetworkId(), vlanMacAddress);
finalizeNetworkRulesForNetwork(cmds, domainRouterVO, provider, guestNic.getNetworkId());
}
finalizeUserDataAndDhcpOnStart(cmds, domainRouterVO, provider, guestNic.getNetworkId());
final AggregationControlCommand finishCmd =
new AggregationControlCommand(
Action.Finish,
domainRouterVO.getInstanceName(),
controlNic.getIPv4Address(),
_routerControlHelper.getRouterIpInNetwork(
guestNic.getNetworkId(), domainRouterVO.getId()));
cmds.addCommand(finishCmd);
}
// Add network usage commands
cmds.addCommands(usageCmds);
}
return true;
}
@Override
public RemoteAccessVpn createRemoteAccessVpn(
long publicIpId, String ipRange, boolean openFirewall, long networkId)
throws NetworkRuleConflictException {
UserContext ctx = UserContext.current();
Account caller = ctx.getCaller();
// make sure ip address exists
PublicIpAddress ipAddr = _networkMgr.getPublicIpAddress(publicIpId);
if (ipAddr == null) {
throw new InvalidParameterValueException(
"Unable to create remote access vpn, invalid public IP address id" + publicIpId);
}
_accountMgr.checkAccess(caller, null, true, ipAddr);
if (!ipAddr.readyToUse()) {
throw new InvalidParameterValueException(
"The Ip address is not ready to be used yet: " + ipAddr.getAddress());
}
IPAddressVO ipAddress = _ipAddressDao.findById(publicIpId);
_networkMgr.checkIpForService(ipAddress, Service.Vpn, null);
RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByPublicIpAddress(publicIpId);
if (vpnVO != null) {
// if vpn is in Added state, return it to the api
if (vpnVO.getState() == RemoteAccessVpn.State.Added) {
return vpnVO;
}
throw new InvalidParameterValueException(
"A Remote Access VPN already exists for this public Ip address");
}
// TODO: assumes one virtual network / domr per account per zone
vpnVO = _remoteAccessVpnDao.findByAccountAndNetwork(ipAddr.getAccountId(), networkId);
if (vpnVO != null) {
// if vpn is in Added state, return it to the api
if (vpnVO.getState() == RemoteAccessVpn.State.Added) {
return vpnVO;
}
throw new InvalidParameterValueException(
"A Remote Access VPN already exists for this account");
}
// Verify that vpn service is enabled for the network
Network network = _networkMgr.getNetwork(networkId);
if (!_networkMgr.areServicesSupportedInNetwork(network.getId(), Service.Vpn)) {
throw new InvalidParameterValueException(
"Vpn service is not supported in network id=" + ipAddr.getAssociatedWithNetworkId());
}
if (ipRange == null) {
ipRange = _clientIpRange;
}
String[] range = ipRange.split("-");
if (range.length != 2) {
throw new InvalidParameterValueException("Invalid ip range");
}
if (!NetUtils.isValidIp(range[0]) || !NetUtils.isValidIp(range[1])) {
throw new InvalidParameterValueException("Invalid ip in range specification " + ipRange);
}
if (!NetUtils.validIpRange(range[0], range[1])) {
throw new InvalidParameterValueException("Invalid ip range " + ipRange);
}
Pair<String, Integer> cidr = NetUtils.getCidr(network.getCidr());
// FIXME: This check won't work for the case where the guest ip range
// changes depending on the vlan allocated.
String[] guestIpRange = NetUtils.getIpRangeFromCidr(cidr.first(), cidr.second());
if (NetUtils.ipRangesOverlap(range[0], range[1], guestIpRange[0], guestIpRange[1])) {
throw new InvalidParameterValueException(
"Invalid ip range: "
+ ipRange
+ " overlaps with guest ip range "
+ guestIpRange[0]
+ "-"
+ guestIpRange[1]);
}
// TODO: check sufficient range
// TODO: check overlap with private and public ip ranges in datacenter
long startIp = NetUtils.ip2Long(range[0]);
String newIpRange = NetUtils.long2Ip(++startIp) + "-" + range[1];
String sharedSecret = PasswordGenerator.generatePresharedKey(_pskLength);
_rulesMgr.reservePorts(
ipAddr,
NetUtils.UDP_PROTO,
Purpose.Vpn,
openFirewall,
caller,
NetUtils.VPN_PORT,
NetUtils.VPN_L2TP_PORT,
NetUtils.VPN_NATT_PORT);
vpnVO =
new RemoteAccessVpnVO(
ipAddr.getAccountId(),
ipAddr.getDomainId(),
ipAddr.getAssociatedWithNetworkId(),
publicIpId,
range[0],
newIpRange,
sharedSecret);
return _remoteAccessVpnDao.persist(vpnVO);
}
@Override
@DB
public void recalculateCapacity() {
// FIXME: the right way to do this is to register a listener (see RouterStatsListener,
// VMSyncListener)
// for the vm sync state. The listener model has connects/disconnects to keep things in
// sync much better
// than this model right now, so when a VM is started, we update the amount allocated,
// and when a VM
// is stopped we updated the amount allocated, and when VM sync reports a changed state,
// we update
// the amount allocated. Hopefully it's limited to 3 entry points and will keep the
// amount allocated
// per host accurate.
try {
if (s_logger.isDebugEnabled()) {
s_logger.debug("recalculating system capacity");
s_logger.debug("Executing cpu/ram capacity update");
}
// Calculate CPU and RAM capacities
// get all hosts...even if they are not in 'UP' state
List<HostVO> hosts = _resourceMgr.listAllHostsInAllZonesByType(Host.Type.Routing);
for (HostVO host : hosts) {
_capacityMgr.updateCapacityForHost(host);
}
if (s_logger.isDebugEnabled()) {
s_logger.debug("Done executing cpu/ram capacity update");
s_logger.debug("Executing storage capacity update");
}
// Calculate storage pool capacity
List<StoragePoolVO> storagePools = _storagePoolDao.listAll();
for (StoragePoolVO pool : storagePools) {
long disk = 0l;
Pair<Long, Long> sizes = _volumeDao.getCountAndTotalByPool(pool.getId());
disk = sizes.second();
if (pool.isShared()) {
_storageMgr.createCapacityEntry(pool, Capacity.CAPACITY_TYPE_STORAGE_ALLOCATED, disk);
} else {
_storageMgr.createCapacityEntry(pool, Capacity.CAPACITY_TYPE_LOCAL_STORAGE, disk);
}
}
if (s_logger.isDebugEnabled()) {
s_logger.debug("Done executing storage capacity update");
s_logger.debug("Executing capacity updates public ip and Vlans");
}
List<DataCenterVO> datacenters = _dcDao.listAll();
for (DataCenterVO datacenter : datacenters) {
long dcId = datacenter.getId();
// NOTE
// What happens if we have multiple vlans? Dashboard currently shows stats
// with no filter based on a vlan
// ideal way would be to remove out the vlan param, and filter only on dcId
// implementing the same
// Calculate new Public IP capacity for Virtual Network
if (datacenter.getNetworkType() == NetworkType.Advanced) {
createOrUpdateIpCapacity(dcId, null, CapacityVO.CAPACITY_TYPE_VIRTUAL_NETWORK_PUBLIC_IP);
}
// Calculate new Public IP capacity for Direct Attached Network
createOrUpdateIpCapacity(dcId, null, CapacityVO.CAPACITY_TYPE_DIRECT_ATTACHED_PUBLIC_IP);
if (datacenter.getNetworkType() == NetworkType.Advanced) {
// Calculate VLAN's capacity
createOrUpdateVlanCapacity(dcId);
}
}
if (s_logger.isDebugEnabled()) {
s_logger.debug("Done capacity updates for public ip and Vlans");
s_logger.debug("Executing capacity updates for private ip");
}
// Calculate new Private IP capacity
List<HostPodVO> pods = _podDao.listAll();
for (HostPodVO pod : pods) {
long podId = pod.getId();
long dcId = pod.getDataCenterId();
createOrUpdateIpCapacity(dcId, podId, CapacityVO.CAPACITY_TYPE_PRIVATE_IP);
}
if (s_logger.isDebugEnabled()) {
s_logger.debug("Done executing capacity updates for private ip");
s_logger.debug("Done recalculating system capacity");
}
} catch (Throwable t) {
s_logger.error("Caught exception in recalculating capacity", t);
}
}
public static boolean parse(AccountVO account, Date startDate, Date endDate) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Parsing all PortForwardingRule usage events for account: " + account.getId());
}
if ((endDate == null) || endDate.after(new Date())) {
endDate = new Date();
}
// - query usage_volume table with the following criteria:
// - look for an entry for accountId with start date in the given range
// - look for an entry for accountId with end date in the given range
// - look for an entry for accountId with end date null (currently running vm or owned IP)
// - look for an entry for accountId with start date before given range *and* end date after
// given range
List<UsagePortForwardingRuleVO> usagePFs =
s_usagePFRuleDao.getUsageRecords(
account.getId(), account.getDomainId(), startDate, endDate, false, 0);
if (usagePFs.isEmpty()) {
s_logger.debug("No port forwarding usage events for this period");
return true;
}
// This map has both the running time *and* the usage amount.
Map<String, Pair<Long, Long>> usageMap = new HashMap<String, Pair<Long, Long>>();
Map<String, PFInfo> pfMap = new HashMap<String, PFInfo>();
// loop through all the port forwarding rule, create a usage record for each
for (UsagePortForwardingRuleVO usagePF : usagePFs) {
long pfId = usagePF.getId();
String key = "" + pfId;
pfMap.put(key, new PFInfo(pfId, usagePF.getZoneId()));
Date pfCreateDate = usagePF.getCreated();
Date pfDeleteDate = usagePF.getDeleted();
if ((pfDeleteDate == null) || pfDeleteDate.after(endDate)) {
pfDeleteDate = endDate;
}
// clip the start date to the beginning of our aggregation range if the vm has been running
// for a while
if (pfCreateDate.before(startDate)) {
pfCreateDate = startDate;
}
if (pfCreateDate.after(endDate)) {
// Ignore records created after endDate
continue;
}
long currentDuration =
(pfDeleteDate.getTime() - pfCreateDate.getTime())
+ 1; // make sure this is an inclusive check for milliseconds (i.e. use n - m + 1 to
// find total number of millis to charge)
updatePFUsageData(usageMap, key, usagePF.getId(), currentDuration);
}
for (String pfIdKey : usageMap.keySet()) {
Pair<Long, Long> sgtimeInfo = usageMap.get(pfIdKey);
long useTime = sgtimeInfo.second().longValue();
// Only create a usage record if we have a runningTime of bigger than zero.
if (useTime > 0L) {
PFInfo info = pfMap.get(pfIdKey);
createUsageRecord(
UsageTypes.PORT_FORWARDING_RULE,
useTime,
startDate,
endDate,
account,
info.getId(),
info.getZoneId());
}
}
return true;
}
public static boolean validateHAProxyLBRule(final LoadBalancingRule rule) {
final String timeEndChar = "dhms";
for (final LbStickinessPolicy stickinessPolicy : rule.getStickinessPolicies()) {
final List<Pair<String, String>> paramsList = stickinessPolicy.getParams();
if (StickinessMethodType.LBCookieBased.getName()
.equalsIgnoreCase(stickinessPolicy.getMethodName())) {
} else if (StickinessMethodType.SourceBased.getName()
.equalsIgnoreCase(stickinessPolicy.getMethodName())) {
String tablesize = "200k"; // optional
String expire = "30m"; // optional
/* overwrite default values with the stick parameters */
for (final Pair<String, String> paramKV : paramsList) {
final String key = paramKV.first();
final String value = paramKV.second();
if ("tablesize".equalsIgnoreCase(key)) {
tablesize = value;
}
if ("expire".equalsIgnoreCase(key)) {
expire = value;
}
}
if (expire != null && !containsOnlyNumbers(expire, timeEndChar)) {
throw new InvalidParameterValueException(
"Failed LB in validation rule id: "
+ rule.getId()
+ " Cause: expire is not in timeformat: "
+ expire);
}
if (tablesize != null && !containsOnlyNumbers(tablesize, "kmg")) {
throw new InvalidParameterValueException(
"Failed LB in validation rule id: "
+ rule.getId()
+ " Cause: tablesize is not in size format: "
+ tablesize);
}
} else if (StickinessMethodType.AppCookieBased.getName()
.equalsIgnoreCase(stickinessPolicy.getMethodName())) {
String length = null; // optional
String holdTime = null; // optional
for (final Pair<String, String> paramKV : paramsList) {
final String key = paramKV.first();
final String value = paramKV.second();
if ("length".equalsIgnoreCase(key)) {
length = value;
}
if ("holdtime".equalsIgnoreCase(key)) {
holdTime = value;
}
}
if (length != null && !containsOnlyNumbers(length, null)) {
throw new InvalidParameterValueException(
"Failed LB in validation rule id: "
+ rule.getId()
+ " Cause: length is not a number: "
+ length);
}
if (holdTime != null
&& !containsOnlyNumbers(holdTime, timeEndChar)
&& !containsOnlyNumbers(holdTime, null)) {
throw new InvalidParameterValueException(
"Failed LB in validation rule id: "
+ rule.getId()
+ " Cause: holdtime is not in timeformat: "
+ holdTime);
}
}
}
return true;
}
public static boolean parse(AccountVO account, Date startDate, Date endDate) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Parsing all VMInstance usage events for account: " + account.getId());
}
if ((endDate == null) || endDate.after(new Date())) {
endDate = new Date();
}
// - query usage_vm_instance table with the following criteria:
// - look for an entry for accountId with start date in the given range
// - look for an entry for accountId with end date in the given range
// - look for an entry for accountId with end date null (currently running vm or owned IP)
// - look for an entry for accountId with start date before given range *and* end date after
// given range
List<UsageVMInstanceVO> usageInstances =
s_usageInstanceDao.getUsageRecords(account.getId(), startDate, endDate);
// ToDo: Add domainID for getting usage records
// This map has both the running time *and* the usage amount.
Map<String, Pair<String, Long>> usageVMUptimeMap = new HashMap<String, Pair<String, Long>>();
Map<String, Pair<String, Long>> allocatedVMMap = new HashMap<String, Pair<String, Long>>();
Map<String, VMInfo> vmServiceOfferingMap = new HashMap<String, VMInfo>();
// loop through all the usage instances, create a usage record for each
for (UsageVMInstanceVO usageInstance : usageInstances) {
long vmId = usageInstance.getVmInstanceId();
long soId = usageInstance.getSerivceOfferingId();
long zoneId = usageInstance.getZoneId();
long tId = usageInstance.getTemplateId();
int usageType = usageInstance.getUsageType();
String key = vmId + "-" + soId + "-" + usageType;
// store the info in the service offering map
vmServiceOfferingMap.put(
key, new VMInfo(vmId, zoneId, soId, tId, usageInstance.getHypervisorType()));
Date vmStartDate = usageInstance.getStartDate();
Date vmEndDate = usageInstance.getEndDate();
if ((vmEndDate == null) || vmEndDate.after(endDate)) {
vmEndDate = endDate;
}
// clip the start date to the beginning of our aggregation range if the vm has been running
// for a while
if (vmStartDate.before(startDate)) {
vmStartDate = startDate;
}
long currentDuration =
(vmEndDate.getTime() - vmStartDate.getTime())
+ 1; // make sure this is an inclusive check for milliseconds (i.e. use n - m + 1 to
// find total number of millis to charge)
switch (usageType) {
case UsageTypes.ALLOCATED_VM:
updateVmUsageData(allocatedVMMap, key, usageInstance.getVmName(), currentDuration);
break;
case UsageTypes.RUNNING_VM:
updateVmUsageData(usageVMUptimeMap, key, usageInstance.getVmName(), currentDuration);
break;
}
}
for (String vmIdKey : usageVMUptimeMap.keySet()) {
Pair<String, Long> vmUptimeInfo = usageVMUptimeMap.get(vmIdKey);
long runningTime = vmUptimeInfo.second().longValue();
// Only create a usage record if we have a runningTime of bigger than zero.
if (runningTime > 0L) {
VMInfo info = vmServiceOfferingMap.get(vmIdKey);
createUsageRecord(
UsageTypes.RUNNING_VM,
runningTime,
startDate,
endDate,
account,
info.getVirtualMachineId(),
vmUptimeInfo.first(),
info.getZoneId(),
info.getServiceOfferingId(),
info.getTemplateId(),
info.getHypervisorType());
}
}
for (String vmIdKey : allocatedVMMap.keySet()) {
Pair<String, Long> vmAllocInfo = allocatedVMMap.get(vmIdKey);
long allocatedTime = vmAllocInfo.second().longValue();
// Only create a usage record if we have a runningTime of bigger than zero.
if (allocatedTime > 0L) {
VMInfo info = vmServiceOfferingMap.get(vmIdKey);
createUsageRecord(
UsageTypes.ALLOCATED_VM,
allocatedTime,
startDate,
endDate,
account,
info.getVirtualMachineId(),
vmAllocInfo.first(),
info.getZoneId(),
info.getServiceOfferingId(),
info.getTemplateId(),
info.getHypervisorType());
}
}
return true;
}
@DB
protected void CheckAndCreateTunnel(VirtualMachine instance, DeployDestination dest) {
if (!_isEnabled) {
return;
}
if (instance.getType() != VirtualMachine.Type.User
&& instance.getType() != VirtualMachine.Type.DomainRouter) {
return;
}
long hostId = dest.getHost().getId();
long accountId = instance.getAccountId();
List<UserVmVO> vms = _userVmDao.listByAccountId(accountId);
List<DomainRouterVO> routers =
_routerDao.findBy(accountId, instance.getDataCenterIdToDeployIn());
List<VMInstanceVO> ins = new ArrayList<VMInstanceVO>();
if (vms != null) {
ins.addAll(vms);
}
if (routers.size() != 0) {
ins.addAll(routers);
}
List<Pair<Long, Integer>> toHosts = new ArrayList<Pair<Long, Integer>>();
List<Pair<Long, Integer>> fromHosts = new ArrayList<Pair<Long, Integer>>();
int key;
for (VMInstanceVO v : ins) {
Long rh = v.getHostId();
if (rh == null || rh.longValue() == hostId) {
continue;
}
OvsTunnelAccountVO ta =
_tunnelAccountDao.getByFromToAccount(hostId, rh.longValue(), accountId);
if (ta == null) {
key = getGreKey(hostId, rh.longValue(), accountId);
if (key == -1) {
s_logger.warn(
String.format(
"Cannot get GRE key for from=%1$s to=%2$s accountId=%3$s, tunnel create failed",
hostId, rh.longValue(), accountId));
continue;
}
Pair<Long, Integer> p = new Pair<Long, Integer>(rh, Integer.valueOf(key));
if (!toHosts.contains(p)) {
toHosts.add(p);
}
}
ta = _tunnelAccountDao.getByFromToAccount(rh.longValue(), hostId, accountId);
if (ta == null) {
key = getGreKey(rh.longValue(), hostId, accountId);
if (key == -1) {
s_logger.warn(
String.format(
"Cannot get GRE key for from=%1$s to=%2$s accountId=%3$s, tunnel create failed",
rh.longValue(), hostId, accountId));
continue;
}
Pair<Long, Integer> p = new Pair<Long, Integer>(rh, Integer.valueOf(key));
if (!fromHosts.contains(p)) {
fromHosts.add(p);
}
}
}
try {
String myIp = dest.getHost().getPrivateIpAddress();
for (Pair<Long, Integer> i : toHosts) {
HostVO rHost = _hostDao.findById(i.first());
Commands cmds =
new Commands(
new OvsCreateTunnelCommand(
rHost.getPrivateIpAddress(),
i.second().toString(),
Long.valueOf(hostId),
i.first(),
accountId,
myIp));
s_logger.debug("Ask host " + hostId + " to create gre tunnel to " + i.first());
Answer[] answers = _agentMgr.send(hostId, cmds);
handleCreateTunnelAnswer(answers);
}
for (Pair<Long, Integer> i : fromHosts) {
HostVO rHost = _hostDao.findById(i.first());
Commands cmd2s =
new Commands(
new OvsCreateTunnelCommand(
myIp,
i.second().toString(),
i.first(),
Long.valueOf(hostId),
accountId,
rHost.getPrivateIpAddress()));
s_logger.debug("Ask host " + i.first() + " to create gre tunnel to " + hostId);
Answer[] answers = _agentMgr.send(i.first(), cmd2s);
handleCreateTunnelAnswer(answers);
}
} catch (Exception e) {
s_logger.debug("Ovs Tunnel network created tunnel failed", e);
}
}
@Override
public boolean verifyRequest(Map<String, Object[]> requestParameters, Long userId)
throws ServerApiException {
try {
String apiKey = null;
String secretKey = null;
String signature = null;
String unsignedRequest = null;
String[] command = (String[]) requestParameters.get("command");
if (command == null) {
s_logger.info("missing command, ignoring request...");
return false;
}
String commandName = command[0];
// if userId not null, that mean that user is logged in
if (userId != null) {
User user = ApiDBUtils.findUserById(userId);
try {
checkCommandAvailable(user, commandName);
} catch (RequestLimitException ex) {
s_logger.debug(ex.getMessage());
throw new ServerApiException(ApiErrorCode.API_LIMIT_EXCEED, ex.getMessage());
} catch (PermissionDeniedException ex) {
s_logger.debug(
"The given command:"
+ commandName
+ " does not exist or it is not available for user with id:"
+ userId);
throw new ServerApiException(
ApiErrorCode.UNSUPPORTED_ACTION_ERROR,
"The given command does not exist or it is not available for user");
}
return true;
} else {
// check against every available command to see if the command exists or not
if (!_apiNameCmdClassMap.containsKey(commandName)
&& !commandName.equals("login")
&& !commandName.equals("logout")) {
s_logger.debug(
"The given command:"
+ commandName
+ " does not exist or it is not available for user with id:"
+ userId);
throw new ServerApiException(
ApiErrorCode.UNSUPPORTED_ACTION_ERROR,
"The given command does not exist or it is not available for user");
}
}
// - build a request string with sorted params, make sure it's all lowercase
// - sign the request, verify the signature is the same
List<String> parameterNames = new ArrayList<String>();
for (Object paramNameObj : requestParameters.keySet()) {
parameterNames.add((String) paramNameObj); // put the name in a list that we'll sort later
}
Collections.sort(parameterNames);
String signatureVersion = null;
String expires = null;
for (String paramName : parameterNames) {
// parameters come as name/value pairs in the form String/String[]
String paramValue = ((String[]) requestParameters.get(paramName))[0];
if ("signature".equalsIgnoreCase(paramName)) {
signature = paramValue;
} else {
if ("apikey".equalsIgnoreCase(paramName)) {
apiKey = paramValue;
} else if ("signatureversion".equalsIgnoreCase(paramName)) {
signatureVersion = paramValue;
} else if ("expires".equalsIgnoreCase(paramName)) {
expires = paramValue;
}
if (unsignedRequest == null) {
unsignedRequest =
paramName + "=" + URLEncoder.encode(paramValue, "UTF-8").replaceAll("\\+", "%20");
} else {
unsignedRequest =
unsignedRequest
+ "&"
+ paramName
+ "="
+ URLEncoder.encode(paramValue, "UTF-8").replaceAll("\\+", "%20");
}
}
}
// if api/secret key are passed to the parameters
if ((signature == null) || (apiKey == null)) {
s_logger.debug(
"Expired session, missing signature, or missing apiKey -- ignoring request. Signature: "
+ signature
+ ", apiKey: "
+ apiKey);
return false; // no signature, bad request
}
Date expiresTS = null;
// FIXME: Hard coded signature, why not have an enum
if ("3".equals(signatureVersion)) {
// New signature authentication. Check for expire parameter and its validity
if (expires == null) {
s_logger.debug(
"Missing Expires parameter -- ignoring request. Signature: "
+ signature
+ ", apiKey: "
+ apiKey);
return false;
}
synchronized (_dateFormat) {
try {
expiresTS = _dateFormat.parse(expires);
} catch (ParseException pe) {
s_logger.debug("Incorrect date format for Expires parameter", pe);
return false;
}
}
Date now = new Date(System.currentTimeMillis());
if (expiresTS.before(now)) {
s_logger.debug(
"Request expired -- ignoring ...sig: " + signature + ", apiKey: " + apiKey);
return false;
}
}
TransactionLegacy txn = TransactionLegacy.open(TransactionLegacy.CLOUD_DB);
txn.close();
User user = null;
// verify there is a user with this api key
Pair<User, Account> userAcctPair = _accountMgr.findUserByApiKey(apiKey);
if (userAcctPair == null) {
s_logger.debug(
"apiKey does not map to a valid user -- ignoring request, apiKey: " + apiKey);
return false;
}
user = userAcctPair.first();
Account account = userAcctPair.second();
if (user.getState() != Account.State.enabled
|| !account.getState().equals(Account.State.enabled)) {
s_logger.info(
"disabled or locked user accessing the api, userid = "
+ user.getId()
+ "; name = "
+ user.getUsername()
+ "; state: "
+ user.getState()
+ "; accountState: "
+ account.getState());
return false;
}
try {
checkCommandAvailable(user, commandName);
} catch (PermissionDeniedException ex) {
s_logger.debug(
"The given command:" + commandName + " does not exist or it is not available for user");
throw new ServerApiException(
ApiErrorCode.UNSUPPORTED_ACTION_ERROR,
"The given command:"
+ commandName
+ " does not exist or it is not available for user with id:"
+ userId);
}
// verify secret key exists
secretKey = user.getSecretKey();
if (secretKey == null) {
s_logger.info(
"User does not have a secret key associated with the account -- ignoring request, username: "******"HmacSHA1");
SecretKeySpec keySpec = new SecretKeySpec(secretKey.getBytes(), "HmacSHA1");
mac.init(keySpec);
mac.update(unsignedRequest.getBytes());
byte[] encryptedBytes = mac.doFinal();
String computedSignature = Base64.encodeBase64String(encryptedBytes);
boolean equalSig = signature.equals(computedSignature);
if (!equalSig) {
s_logger.info(
"User signature: "
+ signature
+ " is not equaled to computed signature: "
+ computedSignature);
} else {
CallContext.register(user, account);
}
return equalSig;
} catch (ServerApiException ex) {
throw ex;
} catch (Exception ex) {
s_logger.error("unable to verify request signature");
}
return false;
}
public static boolean parse(AccountVO account, Date startDate, Date endDate) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Parsing IP Address usage for account: " + account.getId());
}
if ((endDate == null) || endDate.after(new Date())) {
endDate = new Date();
}
// - query usage_ip_address table with the following criteria:
// - look for an entry for accountId with start date in the given range
// - look for an entry for accountId with end date in the given range
// - look for an entry for accountId with end date null (currently running vm or owned IP)
// - look for an entry for accountId with start date before given range *and* end date after
// given range
List<UsageIPAddressVO> usageIPAddress =
m_usageIPAddressDao.getUsageRecords(
account.getId(), account.getDomainId(), startDate, endDate);
if (usageIPAddress.isEmpty()) {
s_logger.debug("No IP Address usage for this period");
return true;
}
// This map has both the running time *and* the usage amount.
Map<String, Pair<Long, Long>> usageMap = new HashMap<String, Pair<Long, Long>>();
Map<String, IpInfo> IPMap = new HashMap<String, IpInfo>();
// loop through all the usage IPs, create a usage record for each
for (UsageIPAddressVO usageIp : usageIPAddress) {
long IpId = usageIp.getId();
String key = "" + IpId;
// store the info in the IP map
IPMap.put(
key, new IpInfo(usageIp.getZoneId(), IpId, usageIp.getAddress(), usageIp.isSourceNat()));
Date IpAssignDate = usageIp.getAssigned();
Date IpReleaseDeleteDate = usageIp.getReleased();
if ((IpReleaseDeleteDate == null) || IpReleaseDeleteDate.after(endDate)) {
IpReleaseDeleteDate = endDate;
}
// clip the start date to the beginning of our aggregation range if the vm has been running
// for a while
if (IpAssignDate.before(startDate)) {
IpAssignDate = startDate;
}
long currentDuration =
(IpReleaseDeleteDate.getTime() - IpAssignDate.getTime())
+ 1; // make sure this is an inclusive check for milliseconds (i.e. use n - m + 1 to
// find total number of millis to charge)
updateIpUsageData(usageMap, key, usageIp.getId(), currentDuration);
}
for (String ipIdKey : usageMap.keySet()) {
Pair<Long, Long> ipTimeInfo = usageMap.get(ipIdKey);
long useTime = ipTimeInfo.second().longValue();
// Only create a usage record if we have a runningTime of bigger than zero.
if (useTime > 0L) {
IpInfo info = IPMap.get(ipIdKey);
createUsageRecord(
info.getZoneId(),
useTime,
startDate,
endDate,
account,
info.getIpId(),
info.getIPAddress(),
info.isSourceNat());
}
}
return true;
}