Updated Branches: refs/heads/network-refactor [created] a64b38671
Move applyRules to the rightful place(s). Not sure why applyIps is required during applyRules, so we still have a reference back into a (simplified) applyRules in NetworkManager Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/a64b3867 Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/a64b3867 Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/a64b3867 Branch: refs/heads/network-refactor Commit: a64b38671496729e67a845aeb83fabbaccefba18 Parents: e37f458 Author: Chiradeep Vittal <[email protected]> Authored: Fri Jan 4 19:22:53 2013 -0800 Committer: Chiradeep Vittal <[email protected]> Committed: Fri Jan 4 19:22:53 2013 -0800 ---------------------------------------------------------------------- server/src/com/cloud/network/NetworkManager.java | 5 +- .../src/com/cloud/network/NetworkManagerImpl.java | 43 ++++++++++ .../src/com/cloud/network/NetworkRuleApplier.java | 28 +++++++ .../network/firewall/FirewallManagerImpl.java | 64 ++++++++++++++- .../network/lb/LoadBalancingRulesManagerImpl.java | 28 +++++- 5 files changed, 158 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/a64b3867/server/src/com/cloud/network/NetworkManager.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java index 0646789..0d281aa 100755 --- a/server/src/com/cloud/network/NetworkManager.java +++ b/server/src/com/cloud/network/NetworkManager.java @@ -41,8 +41,6 @@ import com.cloud.network.Network.Service; import com.cloud.network.Networks.TrafficType; import com.cloud.network.addr.PublicIp; import com.cloud.network.element.NetworkElement; -import com.cloud.network.element.RemoteAccessVPNServiceProvider; -import com.cloud.network.element.Site2SiteVpnServiceProvider; import com.cloud.network.element.UserDataServiceProvider; import com.cloud.network.guru.NetworkGuru; import com.cloud.network.rules.FirewallRule; @@ -50,7 +48,6 @@ import com.cloud.network.rules.StaticNat; import com.cloud.offering.NetworkOffering; import com.cloud.offerings.NetworkOfferingVO; import com.cloud.user.Account; -import com.cloud.uservm.UserVm; import com.cloud.utils.Pair; import com.cloud.vm.Nic; import com.cloud.vm.NicProfile; @@ -137,6 +134,8 @@ public interface NetworkManager extends NetworkService { String getNextAvailableMacAddressInNetwork(long networkConfigurationId) throws InsufficientAddressCapacityException; boolean applyRules(List<? extends FirewallRule> rules, boolean continueOnError) throws ResourceUnavailableException; + + boolean applyRules(List<? extends FirewallRule> rules, FirewallRule.Purpose purpose, NetworkRuleApplier applier, boolean continueOnError) throws ResourceUnavailableException; public boolean validateRule(FirewallRule rule); http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/a64b3867/server/src/com/cloud/network/NetworkManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index a1604ae..e7877de 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -3741,6 +3741,49 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } @Override + public boolean applyRules(List<? extends FirewallRule> rules, FirewallRule.Purpose purpose, + NetworkRuleApplier applier, boolean continueOnError) throws ResourceUnavailableException { + if (rules == null || rules.size() == 0) { + s_logger.debug("There are no rules to forward to the network elements"); + return true; + } + + boolean success = true; + Network network = _networksDao.findById(rules.get(0).getNetworkId()); + + // get the list of public ip's owned by the network + List<IPAddressVO> userIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), null); + List<PublicIp> publicIps = new ArrayList<PublicIp>(); + if (userIps != null && !userIps.isEmpty()) { + for (IPAddressVO userIp : userIps) { + PublicIp publicIp = new PublicIp(userIp, _vlanDao.findById(userIp.getVlanId()), NetUtils.createSequenceBasedMacAddress(userIp.getMacAddress())); + publicIps.add(publicIp); + } + } + + // rules can not programmed unless IP is associated with network service provider, so run IP assoication for + // the network so as to ensure IP is associated before applying rules (in add state) + applyIpAssociations(network, false, continueOnError, publicIps); + + try { + applier.applyRules(network, purpose, rules); + } catch (ResourceUnavailableException e) { + if (!continueOnError) { + throw e; + } + s_logger.warn("Problems with applying " + purpose + " rules but pushing on", e); + success = false; + } + + // if all the rules configured on public IP are revoked then dis-associate IP with network service provider + applyIpAssociations(network, true, continueOnError, publicIps); + + return success; + } + + + + @Override /* The rules here is only the same kind of rule, e.g. all load balancing rules or all port forwarding rules */ public boolean applyRules(List<? extends FirewallRule> rules, boolean continueOnError) throws ResourceUnavailableException { if (rules == null || rules.size() == 0) { http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/a64b3867/server/src/com/cloud/network/NetworkRuleApplier.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/NetworkRuleApplier.java b/server/src/com/cloud/network/NetworkRuleApplier.java new file mode 100644 index 0000000..31763d0 --- /dev/null +++ b/server/src/com/cloud/network/NetworkRuleApplier.java @@ -0,0 +1,28 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package com.cloud.network; + +import java.util.List; + +import com.cloud.exception.ResourceUnavailableException; +import com.cloud.network.rules.FirewallRule; + +public interface NetworkRuleApplier { + public boolean applyRules(Network network, FirewallRule.Purpose purpose, List<? extends FirewallRule> rules) throws ResourceUnavailableException; + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/a64b3867/server/src/com/cloud/network/firewall/FirewallManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java index 54611e1..8e781ec 100644 --- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java @@ -46,18 +46,24 @@ import com.cloud.network.Network; import com.cloud.network.Network.Capability; import com.cloud.network.Network.Service; import com.cloud.network.NetworkManager; +import com.cloud.network.NetworkRuleApplier; import com.cloud.network.dao.FirewallRulesCidrsDao; import com.cloud.network.dao.FirewallRulesDao; import com.cloud.network.dao.IPAddressDao; import com.cloud.network.element.FirewallServiceProvider; +import com.cloud.network.element.NetworkACLServiceProvider; import com.cloud.network.element.NetworkElement; +import com.cloud.network.element.PortForwardingServiceProvider; +import com.cloud.network.element.StaticNatServiceProvider; import com.cloud.network.rules.FirewallManager; import com.cloud.network.rules.FirewallRule; import com.cloud.network.rules.FirewallRule.FirewallRuleType; import com.cloud.network.rules.FirewallRule.Purpose; import com.cloud.network.rules.FirewallRule.State; import com.cloud.network.rules.FirewallRuleVO; +import com.cloud.network.rules.PortForwardingRule; import com.cloud.network.rules.PortForwardingRuleVO; +import com.cloud.network.rules.StaticNat; import com.cloud.network.rules.dao.PortForwardingRulesDao; import com.cloud.network.vpc.VpcManager; import com.cloud.projects.Project.ListProjectResourcesCriteria; @@ -87,7 +93,7 @@ import com.cloud.vm.UserVmVO; import com.cloud.vm.dao.UserVmDao; @Local(value = { FirewallService.class, FirewallManager.class}) -public class FirewallManagerImpl implements FirewallService, FirewallManager, Manager { +public class FirewallManagerImpl implements FirewallService, FirewallManager, NetworkRuleApplier, Manager { private static final Logger s_logger = Logger.getLogger(FirewallManagerImpl.class); String _name; @@ -122,6 +128,15 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma @Inject(adapter = FirewallServiceProvider.class) Adapters<FirewallServiceProvider> _firewallElements; + @Inject(adapter = PortForwardingServiceProvider.class) + Adapters<PortForwardingServiceProvider> _pfElements; + + @Inject(adapter = StaticNatServiceProvider.class) + Adapters<StaticNatServiceProvider> _staticNatElements; + + @Inject(adapter = NetworkACLServiceProvider.class) + Adapters<NetworkACLServiceProvider> _networkAclElements; + private boolean _elbEnabled = false; @Override @@ -434,7 +449,12 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma public boolean applyRules(List<? extends FirewallRule> rules, boolean continueOnError, boolean updateRulesInDB) throws ResourceUnavailableException { boolean success = true; - if (!_networkMgr.applyRules(rules, continueOnError)) { + if (rules == null || rules.size() == 0) { + s_logger.debug("There are no rules to forward to the network elements"); + return true; + } + Purpose purpose = rules.get(0).getPurpose(); + if (!_networkMgr.applyRules(rules, purpose, this, continueOnError)) { s_logger.warn("Rules are not completely applied"); return false; } else { @@ -467,6 +487,46 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma } @Override + public boolean applyRules(Network network, Purpose purpose, List<? extends FirewallRule> rules) + throws ResourceUnavailableException { + boolean handled = false; + switch (purpose){ + case Firewall: + for (FirewallServiceProvider fwElement: _firewallElements) { + handled = fwElement.applyFWRules(network, rules); + if (handled) + break; + } + case PortForwarding: + for (PortForwardingServiceProvider element: _pfElements) { + handled = element.applyPFRules(network, (List<PortForwardingRule>) rules); + if (handled) + break; + } + break; + case StaticNat: + for (StaticNatServiceProvider element: _staticNatElements) { + handled = element.applyStaticNats(network, (List<? extends StaticNat>) rules); + if (handled) + break; + } + break; + case NetworkACL: + for (NetworkACLServiceProvider element: _networkAclElements) { + handled = element.applyNetworkACLs(network, (List<? extends FirewallRule>) rules); + if (handled) + break; + } + break; + default: + assert(false): "Unexpected fall through in applying rules to the network elements"; + s_logger.error("FirewallManager cannot process rules of type " + purpose); + throw new CloudRuntimeException("FirewallManager cannot process rules of type " + purpose); + } + return handled; + } + + @Override public void removeRule(FirewallRule rule) { //remove the rule http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/a64b3867/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java index 6346bc3..aa89474 100755 --- a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java +++ b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java @@ -68,6 +68,7 @@ import com.cloud.network.Network.Capability; import com.cloud.network.Network.Provider; import com.cloud.network.Network.Service; import com.cloud.network.NetworkManager; +import com.cloud.network.NetworkRuleApplier; import com.cloud.network.NetworkVO; import com.cloud.network.as.AutoScalePolicy; import com.cloud.network.as.AutoScalePolicyConditionMapVO; @@ -92,6 +93,7 @@ import com.cloud.network.dao.LoadBalancerDao; import com.cloud.network.dao.LoadBalancerVMMapDao; import com.cloud.network.dao.NetworkDao; import com.cloud.network.dao.NetworkServiceMapDao; +import com.cloud.network.element.LoadBalancingServiceProvider; import com.cloud.network.lb.LoadBalancingRule.LbAutoScalePolicy; import com.cloud.network.lb.LoadBalancingRule.LbAutoScaleVmGroup; import com.cloud.network.lb.LoadBalancingRule.LbAutoScaleVmProfile; @@ -125,9 +127,9 @@ import com.cloud.user.UserContext; import com.cloud.user.dao.AccountDao; import com.cloud.user.dao.UserDao; import com.cloud.uservm.UserVm; -import com.cloud.utils.IdentityProxy; import com.cloud.utils.Pair; import com.cloud.utils.Ternary; +import com.cloud.utils.component.Adapters; import com.cloud.utils.component.Inject; import com.cloud.utils.component.Manager; import com.cloud.utils.db.DB; @@ -147,7 +149,7 @@ import com.google.gson.Gson; import com.google.gson.reflect.TypeToken; @Local(value = { LoadBalancingRulesManager.class, LoadBalancingRulesService.class }) -public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesManager, LoadBalancingRulesService, Manager { +public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesManager, LoadBalancingRulesService, NetworkRuleApplier, Manager { private static final Logger s_logger = Logger.getLogger(LoadBalancingRulesManagerImpl.class); String _name; @@ -226,7 +228,8 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa DataCenterDao _dcDao = null; @Inject UserDao _userDao; - + @Inject(adapter = LoadBalancingServiceProvider.class) + Adapters<LoadBalancingServiceProvider> _lbProviders; // Will return a string. For LB Stickiness this will be a json, for autoscale this will be "," separated values @Override @@ -324,7 +327,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa List<LoadBalancingRule> rules = Arrays.asList(rule); - if (!_networkMgr.applyRules(rules, false)) { + if (!_networkMgr.applyRules(rules, FirewallRule.Purpose.LoadBalancing, this, false)) { s_logger.debug("LB rules' autoscale config are not completely applied"); return false; } @@ -1119,6 +1122,19 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa return true; } } + + @Override + public boolean applyRules(Network network, Purpose purpose, List<? extends FirewallRule> rules) + throws ResourceUnavailableException { + assert(purpose == Purpose.LoadBalancing): "LB Manager asked to handle non-LB rules"; + boolean handled = false; + for (LoadBalancingServiceProvider lbElement: _lbProviders) { + handled = lbElement.applyLBRules(network, (List<LoadBalancingRule>) rules); + if (handled) + break; + } + return handled; + } @DB protected boolean applyLoadBalancerRules(List<LoadBalancerVO> lbs, boolean updateRulesInDB) throws ResourceUnavailableException { @@ -1132,7 +1148,7 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa rules.add(loadBalancing); } - if (!_networkMgr.applyRules(rules, false)) { + if (!_networkMgr.applyRules(rules, FirewallRule.Purpose.LoadBalancing, this, false)) { s_logger.debug("LB rules are not completely applied"); return false; } @@ -1569,4 +1585,6 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa //remove the rule _lbDao.remove(rule.getId()); } + + }
