public NetworkProfile(Network network) {
this.id = network.getId();
this.uuid = network.getUuid();
this.broadcastUri = network.getBroadcastUri();
this.dataCenterId = network.getDataCenterId();
this.ownerId = network.getAccountId();
this.state = network.getState();
this.name = network.getName();
this.mode = network.getMode();
this.broadcastDomainType = network.getBroadcastDomainType();
this.trafficType = network.getTrafficType();
this.gateway = network.getGateway();
this.cidr = network.getCidr();
this.networkOfferingId = network.getNetworkOfferingId();
this.related = network.getRelated();
this.displayText = network.getDisplayText();
this.reservationId = network.getReservationId();
this.networkDomain = network.getNetworkDomain();
this.domainId = network.getDomainId();
this.guestType = network.getGuestType();
this.physicalNetworkId = network.getPhysicalNetworkId();
this.aclType = network.getAclType();
this.restartRequired = network.isRestartRequired();
this.specifyIpRanges = network.getSpecifyIpRanges();
this.vpcId = network.getVpcId();
}
@Override
public Network implement(
Network network, NetworkOffering offering, DeployDestination dest, ReservationContext context)
throws InsufficientVirtualNetworkCapcityException {
assert (network.getState() == State.Implementing) : "Why are we implementing " + network;
long dcId = dest.getDataCenter().getId();
NetworkType nwType = dest.getDataCenter().getNetworkType();
// get physical network id
Long physicalNetworkId = network.getPhysicalNetworkId();
// physical network id can be null in Guest Network in Basic zone, so
// locate the physical network
if (physicalNetworkId == null) {
physicalNetworkId =
_networkModel.findPhysicalNetworkId(dcId, offering.getTags(), offering.getTrafficType());
}
PhysicalNetworkVO physnet = _physicalNetworkDao.findById(physicalNetworkId);
if (!canHandle(offering, nwType, physnet)) {
s_logger.debug("Refusing to design this network");
return null;
}
NetworkVO implemented = (NetworkVO) super.implement(network, offering, dest, context);
if (network.getGateway() != null) {
implemented.setGateway(network.getGateway());
}
if (network.getCidr() != null) {
implemented.setCidr(network.getCidr());
}
String name = network.getName();
if (name == null || name.isEmpty()) {
name = ((NetworkVO) network).getUuid();
}
// do we need to create switch right now?
implemented.setBroadcastDomainType(BroadcastDomainType.Vswitch);
return implemented;
}
public boolean createNetwork(
Network network,
NetworkOffering offering,
DeployDestination dest,
ReservationContext context) {
if (_sspUuidDao.findUuidByNetwork(network) != null) {
s_logger.info("Network already has ssp TenantNetwork uuid :" + network.toString());
return true;
}
if (!canHandle(network)) {
return false;
}
String tenantUuid = _sspTenantDao.findUuidByZone(network.getDataCenterId());
if (tenantUuid == null) {
tenantUuid = _configDao.getValueAndInitIfNotExist("ssp.tenant", "Network", null);
}
boolean processed = false;
for (SspClient client :
fetchSspClients(network.getPhysicalNetworkId(), network.getDataCenterId(), true)) {
SspClient.TenantNetwork sspNet = client.createTenantNetwork(tenantUuid, network.getName());
if (sspNet != null) {
SspUuidVO uuid = new SspUuidVO();
uuid.setUuid(sspNet.uuid);
uuid.setObjClass(SspUuidVO.objClassNetwork);
uuid.setObjId(network.getId());
_sspUuidDao.persist(uuid);
return true;
}
processed = true;
}
if (processed) {
s_logger.error("Could not allocate an uuid for network " + network.toString());
return false;
} else {
s_logger.error("Skipping #createNetwork() for " + network.toString());
return true;
}
}
@Override
public Network implement(
final Network network,
final NetworkOffering offering,
final DeployDestination dest,
final ReservationContext context)
throws InsufficientVirtualNetworkCapacityException {
assert network.getState() == State.Implementing : "Why are we implementing " + network;
final long dcId = dest.getDataCenter().getId();
Long physicalNetworkId = network.getPhysicalNetworkId();
// physical network id can be null in Guest Network in Basic zone, so locate the physical
// network
if (physicalNetworkId == null) {
physicalNetworkId =
networkModel.findPhysicalNetworkId(dcId, offering.getTags(), offering.getTrafficType());
}
final NetworkVO implemented =
new NetworkVO(
network.getTrafficType(),
network.getMode(),
network.getBroadcastDomainType(),
network.getNetworkOfferingId(),
State.Allocated,
network.getDataCenterId(),
physicalNetworkId,
offering.getRedundantRouter());
if (network.getGateway() != null) {
implemented.setGateway(network.getGateway());
}
if (network.getCidr() != null) {
implemented.setCidr(network.getCidr());
}
// Name is either the given name or the uuid
String name = network.getName();
if (name == null || name.isEmpty()) {
name = ((NetworkVO) network).getUuid();
}
if (name.length() > MAX_NAME_LENGTH) {
name = name.substring(0, MAX_NAME_LENGTH - 1);
}
final List<NiciraNvpDeviceVO> devices = niciraNvpDao.listByPhysicalNetwork(physicalNetworkId);
if (devices.isEmpty()) {
s_logger.error("No NiciraNvp Controller on physical network " + physicalNetworkId);
return null;
}
final NiciraNvpDeviceVO niciraNvpDevice = devices.get(0);
final HostVO niciraNvpHost = hostDao.findById(niciraNvpDevice.getHostId());
hostDao.loadDetails(niciraNvpHost);
final String transportzoneuuid = niciraNvpHost.getDetail("transportzoneuuid");
final String transportzoneisotype = niciraNvpHost.getDetail("transportzoneisotype");
final CreateLogicalSwitchCommand cmd =
new CreateLogicalSwitchCommand(
transportzoneuuid,
transportzoneisotype,
name,
context.getDomain().getName() + "-" + context.getAccount().getAccountName());
final CreateLogicalSwitchAnswer answer =
(CreateLogicalSwitchAnswer) agentMgr.easySend(niciraNvpHost.getId(), cmd);
if (answer == null || !answer.getResult()) {
s_logger.error("CreateLogicalSwitchCommand failed");
return null;
}
try {
implemented.setBroadcastUri(new URI("lswitch", answer.getLogicalSwitchUuid(), null));
implemented.setBroadcastDomainType(BroadcastDomainType.Lswitch);
s_logger.info(
"Implemented OK, network linked to = " + implemented.getBroadcastUri().toString());
} catch (final URISyntaxException e) {
s_logger.error(
"Unable to store logical switch id in broadcast uri, uuid = " + implemented.getUuid(), e);
return null;
}
return implemented;
}
@Override
public boolean applyStaticNats(Network network, List<? extends StaticNat> rules)
throws ResourceUnavailableException {
if (!_networkModel.isProviderSupportServiceInNetwork(
network.getId(), Service.StaticNat, Provider.CiscoVnmc)) {
s_logger.error(
"Static NAT service is not provided by Cisco Vnmc device on network "
+ network.getName());
return false;
}
// Find VNMC host for physical network
List<CiscoVnmcControllerVO> devices =
_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
if (devices.isEmpty()) {
s_logger.error("No Cisco Vnmc device on network " + network.getName());
return true;
}
// Find if ASA 1000v is associated with network
NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
if (asaForNetwork == null) {
s_logger.debug("Cisco ASA 1000v device is not associated with network " + network.getName());
return true;
}
if (network.getState() == Network.State.Allocated) {
s_logger.debug(
"External firewall was asked to apply static NAT rules for network with ID "
+ network.getId()
+ "; this network is not implemented. Skipping backend commands.");
return true;
}
CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
List<StaticNatRuleTO> rulesTO = new ArrayList<StaticNatRuleTO>();
for (StaticNat rule : rules) {
IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
StaticNatRuleTO ruleTO =
new StaticNatRuleTO(
rule.getSourceIpAddressId(),
sourceIp.getAddress().addr(),
null,
null,
rule.getDestIpAddress(),
null,
null,
null,
rule.isForRevoke(),
false);
rulesTO.add(ruleTO);
}
if (!rulesTO.isEmpty()) {
SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rulesTO, null);
cmd.setContextParam(
NetworkElementCommand.GUEST_VLAN_TAG, network.getBroadcastUri().getHost());
cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr());
Answer answer = _agentMgr.easySend(ciscoVnmcHost.getId(), cmd);
if (answer == null || !answer.getResult()) {
String details = (answer != null) ? answer.getDetails() : "details unavailable";
String msg =
"Unable to apply static NAT rules to Cisco ASA 1000v appliance due to: "
+ details
+ ".";
s_logger.error(msg);
throw new ResourceUnavailableException(msg, DataCenter.class, network.getDataCenterId());
}
}
return true;
}
@Override
public boolean implement(
Network network, NetworkOffering offering, DeployDestination dest, ReservationContext context)
throws ConcurrentOperationException, ResourceUnavailableException,
InsufficientCapacityException {
DataCenter zone = _configMgr.getZone(network.getDataCenterId());
if (zone.getNetworkType() == NetworkType.Basic) {
s_logger.debug("Not handling network implement in zone of type " + NetworkType.Basic);
return false;
}
if (!canHandle(network)) {
return false;
}
List<CiscoVnmcControllerVO> devices =
_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
if (devices.isEmpty()) {
s_logger.error("No Cisco Vnmc device on network " + network.getName());
return false;
}
List<CiscoAsa1000vDeviceVO> asaList =
_ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
if (asaList.isEmpty()) {
s_logger.debug("No Cisco ASA 1000v device on network " + network.getName());
return false;
}
NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
if (asaForNetwork != null) {
s_logger.debug("Cisco ASA 1000v device already associated with network " + network.getName());
return true;
}
if (!_networkModel.isProviderSupportServiceInNetwork(
network.getId(), Service.SourceNat, Provider.CiscoVnmc)) {
s_logger.error(
"SourceNat service is not provided by Cisco Vnmc device on network " + network.getName());
return false;
}
Transaction txn = Transaction.currentTxn();
boolean status = false;
try {
txn.start();
// ensure that there is an ASA 1000v assigned to this network
CiscoAsa1000vDevice assignedAsa = assignAsa1000vToNetwork(network);
if (assignedAsa == null) {
s_logger.error("Unable to assign ASA 1000v device to network " + network.getName());
return false;
}
ClusterVO asaCluster = _clusterDao.findById(assignedAsa.getClusterId());
ClusterVSMMapVO clusterVsmMap = _clusterVsmMapDao.findByClusterId(assignedAsa.getClusterId());
if (clusterVsmMap == null) {
s_logger.error(
"Vmware cluster "
+ asaCluster.getName()
+ " has no Cisco Nexus VSM device associated with it");
return false;
}
CiscoNexusVSMDeviceVO vsmDevice = _vsmDeviceDao.findById(clusterVsmMap.getVsmId());
if (vsmDevice == null) {
s_logger.error(
"Unable to load details of Cisco Nexus VSM device associated with cluster "
+ asaCluster.getName());
return false;
}
CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
_hostDao.loadDetails(ciscoVnmcHost);
Account owner = context.getAccount();
PublicIp sourceNatIp = _ipAddrMgr.assignSourceNatIpAddressToGuestNetwork(owner, network);
String vlan = network.getBroadcastUri().getHost();
long vlanId = Long.parseLong(vlan);
List<VlanVO> vlanVOList =
_vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId());
List<String> publicGateways = new ArrayList<String>();
for (VlanVO vlanVO : vlanVOList) {
publicGateways.add(vlanVO.getVlanGateway());
}
// due to VNMC limitation of not allowing source NAT ip as the outside ip of firewall,
// an additional public ip needs to acquired for assigning as firewall outside ip.
// In case there are already additional ip addresses available (network restart) use one
// of them such that it is not the source NAT ip
IpAddress outsideIp = null;
List<IPAddressVO> publicIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), null);
for (IPAddressVO ip : publicIps) {
if (!ip.isSourceNat()) {
outsideIp = ip;
break;
}
}
if (outsideIp == null) { // none available, acquire one
try {
Account caller = CallContext.current().getCallingAccount();
long callerUserId = CallContext.current().getCallingUserId();
outsideIp = _ipAddrMgr.allocateIp(owner, false, caller, callerUserId, zone);
} catch (ResourceAllocationException e) {
s_logger.error("Unable to allocate additional public Ip address. Exception details " + e);
return false;
}
try {
outsideIp =
_ipAddrMgr.associateIPToGuestNetwork(outsideIp.getId(), network.getId(), true);
} catch (ResourceAllocationException e) {
s_logger.error(
"Unable to assign allocated additional public Ip "
+ outsideIp.getAddress().addr()
+ " to network with vlan "
+ vlanId
+ ". Exception details "
+ e);
return false;
}
}
// create logical edge firewall in VNMC
String gatewayNetmask = NetUtils.getCidrNetmask(network.getCidr());
// due to ASA limitation of allowing single subnet to be assigned to firewall interfaces,
// all public ip addresses must be from same subnet, this essentially means single public
// subnet in zone
if (!createLogicalEdgeFirewall(
vlanId,
network.getGateway(),
gatewayNetmask,
outsideIp.getAddress().addr(),
sourceNatIp.getNetmask(),
publicGateways,
ciscoVnmcHost.getId())) {
s_logger.error(
"Failed to create logical edge firewall in Cisco VNMC device for network "
+ network.getName());
return false;
}
// create stuff in VSM for ASA device
if (!configureNexusVsmForAsa(
vlanId,
network.getGateway(),
vsmDevice.getUserName(),
vsmDevice.getPassword(),
vsmDevice.getipaddr(),
assignedAsa.getInPortProfile(),
ciscoVnmcHost.getId())) {
s_logger.error(
"Failed to configure Cisco Nexus VSM "
+ vsmDevice.getipaddr()
+ " for ASA device for network "
+ network.getName());
return false;
}
// configure source NAT
if (!configureSourceNat(vlanId, network.getCidr(), sourceNatIp, ciscoVnmcHost.getId())) {
s_logger.error(
"Failed to configure source NAT in Cisco VNMC device for network " + network.getName());
return false;
}
// associate Asa 1000v instance with logical edge firewall
if (!associateAsaWithLogicalEdgeFirewall(
vlanId, assignedAsa.getManagementIp(), ciscoVnmcHost.getId())) {
s_logger.error(
"Failed to associate Cisco ASA 1000v ("
+ assignedAsa.getManagementIp()
+ ") with logical edge firewall in VNMC for network "
+ network.getName());
return false;
}
status = true;
txn.commit();
} finally {
if (!status) {
txn.rollback();
// FIXME: also undo changes in VNMC, VSM if anything failed
}
}
return true;
}