Changes: - Added implementation for add/list asa1kv APIs - Added agent command for associating asa1kv appliance with logical edge firewall in VNMC - Added handler for the above agent command in VNMC resource class - Updated VNMC element class to support the above
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/3fd7e30f Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/3fd7e30f Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/3fd7e30f Branch: refs/heads/cisco-vnmc-api-integration Commit: 3fd7e30f6e84adb607c3d61be32ecb889cfa73b3 Parents: d08e2a1 Author: Koushik Das <[email protected]> Authored: Wed Feb 13 11:52:12 2013 +0530 Committer: Koushik Das <[email protected]> Committed: Wed Feb 13 11:52:12 2013 +0530 ---------------------------------------------------------------------- ...AssociateAsaWithLogicalEdgeFirewallCommand.java | 53 ++++ .../agent/api/ConfigureNexusVsmForAsaCommand.java | 2 +- .../api/CreateLogicalEdgeFirewallCommand.java | 2 +- .../cloud/network/cisco/CiscoVnmcConnection.java | 4 +- .../network/cisco/CiscoVnmcConnectionImpl.java | 54 ++-- .../com/cloud/network/cisco/CiscoVnmcManager.java | 7 - .../cloud/network/element/CiscoVnmcElement.java | 196 ++++++++++++--- .../network/element/CiscoVnmcElementService.java | 4 - .../cloud/network/resource/CiscoVnmcResource.java | 38 +++ 9 files changed, 284 insertions(+), 76 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/3fd7e30f/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/AssociateAsaWithLogicalEdgeFirewallCommand.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/AssociateAsaWithLogicalEdgeFirewallCommand.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/AssociateAsaWithLogicalEdgeFirewallCommand.java new file mode 100755 index 0000000..a438cbc --- /dev/null +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/AssociateAsaWithLogicalEdgeFirewallCommand.java @@ -0,0 +1,53 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.agent.api; + +/** + * Associates an ASA 1000v appliance with logical edge firewall in VNMC + */ +public class AssociateAsaWithLogicalEdgeFirewallCommand extends Command { + private long _vlanId; + private String _asaMgmtIp; + + public AssociateAsaWithLogicalEdgeFirewallCommand(long vlanId, String asaMgmtIp) { + super(); + this._vlanId = vlanId; + this._asaMgmtIp = asaMgmtIp; + } + + @Override + public boolean executeInSequence() { + return false; + } + + public long getVlanId() { + return _vlanId; + } + + public void setVlanId(long vlanId) { + this._vlanId = vlanId; + } + + public String getAsaMgmtIp() { + return _asaMgmtIp; + } + + public void setAsaMgmtIp(String asaMgmtIp) { + this._asaMgmtIp = asaMgmtIp; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/3fd7e30f/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java index 3f62096..0e8cdc9 100755 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java @@ -16,7 +16,7 @@ // under the License. package com.cloud.agent.api; -/* +/** * Command for configuring n1kv VSM for asa1kv device. It does the following in VSM: * a. creating vservice node for asa1kv * b. updating vlan of inside port profile associated with asa1kv http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/3fd7e30f/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java index 9c0310b..bbc3d22 100755 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java @@ -16,7 +16,7 @@ // under the License. package com.cloud.agent.api; -/* +/** * Command for creating a logical edge firewall in VNMC */ public class CreateLogicalEdgeFirewallCommand extends Command { http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/3fd7e30f/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java index 84ed586..cf4cf9c 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java @@ -16,7 +16,7 @@ // under the License. package com.cloud.network.cisco; -import java.util.List; +import java.util.Map; import com.cloud.utils.exception.ExecutionException; @@ -68,7 +68,7 @@ public interface CiscoVnmcConnection { String insideIp, String insideSubnet, String outsideSubnet) throws ExecutionException; - public List<String> listUnAssocAsa1000v() throws ExecutionException; + public Map<String, String> listUnAssocAsa1000v() throws ExecutionException; public boolean assocAsa1000v(String tenantName, String firewallDn) throws ExecutionException; http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/3fd7e30f/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java index 62fb845..d7f17a3 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java @@ -624,26 +624,24 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { * @see com.cloud.network.resource.CiscoVnmcConnection#listUnAssocAsa1000v() */ @Override - public List<String> listUnAssocAsa1000v() throws ExecutionException { - - String xml = VnmcXml.LIST_UNASSOC_ASA1000V.getXml(); - String service = VnmcXml.LIST_UNASSOC_ASA1000V.getService(); - xml = replaceXmlValue(xml, "cookie", _cookie); - - - String response = sendRequest(service, xml); + public Map<String, String> listUnAssocAsa1000v() throws ExecutionException { + + String xml = VnmcXml.LIST_UNASSOC_ASA1000V.getXml(); + String service = VnmcXml.LIST_UNASSOC_ASA1000V.getService(); + xml = replaceXmlValue(xml, "cookie", _cookie); + + String response = sendRequest(service, xml); + + Map<String, String> result = new HashMap<String, String>(); + Document xmlDoc = getDocument(response); + xmlDoc.normalize(); + NodeList fwList = xmlDoc.getElementsByTagName("fwInstance"); + for (int j=0; j < fwList.getLength(); j++) { + Node fwNode = fwList.item(j); + result.put(fwNode.getAttributes().getNamedItem("mgmtIp").getNodeValue(), + fwNode.getAttributes().getNamedItem("dn").getNodeValue()); + } - List<String> result = new ArrayList<String>(); - - Document xmlDoc = getDocument(response); - xmlDoc.normalize(); - NodeList fwList = xmlDoc.getElementsByTagName("fwInstance"); - for (int j=0; j < fwList.getLength(); j++) { - Node fwNode = fwList.item(j); - result.add (fwNode.getAttributes().getNamedItem("dn").getNodeValue()); - - } - return result; } @@ -653,16 +651,16 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { */ @Override public boolean assocAsa1000v(String tenantName, String firewallDn) throws ExecutionException { - - String xml = VnmcXml.ASSIGN_ASA1000V.getXml(); - String service = VnmcXml.ASSIGN_ASA1000V.getService(); - xml = replaceXmlValue(xml, "cookie", _cookie); - xml = replaceXmlValue(xml, "binddn", getDnForEdgeFirewall(tenantName) + "/binding"); - xml = replaceXmlValue(xml, "fwdn", firewallDn); - - String response = sendRequest(service, xml); - return verifySuccess(response); + String xml = VnmcXml.ASSIGN_ASA1000V.getXml(); + String service = VnmcXml.ASSIGN_ASA1000V.getService(); + xml = replaceXmlValue(xml, "cookie", _cookie); + xml = replaceXmlValue(xml, "binddn", getDnForEdgeFirewall(tenantName) + "/binding"); + xml = replaceXmlValue(xml, "fwdn", firewallDn); + + String response = sendRequest(service, xml); + + return verifySuccess(response); } http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/3fd7e30f/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcManager.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcManager.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcManager.java index 0f3f9ce..cc5fd04 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcManager.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcManager.java @@ -36,7 +36,6 @@ import com.cloud.host.DetailVO; import com.cloud.host.Host; import com.cloud.host.dao.HostDao; import com.cloud.host.dao.HostDetailsDao; -import com.cloud.network.Network; import com.cloud.network.Network.Provider; import com.cloud.network.PhysicalNetworkServiceProvider; import com.cloud.network.PhysicalNetworkVO; @@ -211,12 +210,6 @@ public class CiscoVnmcManager implements Manager, CiscoVnmcElementService { } @Override - public void assignAsa1000vToNetwork(Network network) { - // TODO Auto-generated method stub - - } - - @Override public List<Class<?>> getCommands() { // TODO Auto-generated method stub return null; http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/3fd7e30f/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java index 7243626..07485b5 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java @@ -32,13 +32,18 @@ import org.apache.log4j.Logger; import com.cloud.agent.AgentManager; import com.cloud.agent.api.Answer; +import com.cloud.agent.api.AssociateAsaWithLogicalEdgeFirewallCommand; import com.cloud.agent.api.ConfigureNexusVsmForAsaCommand; import com.cloud.agent.api.CreateLogicalEdgeFirewallCommand; import com.cloud.agent.api.StartupCommand; import com.cloud.agent.api.StartupExternalFirewallCommand; +import com.cloud.api.commands.AddCiscoAsa1000vResourceCmd; import com.cloud.api.commands.AddCiscoVnmcResourceCmd; +import com.cloud.api.commands.DeleteCiscoAsa1000vResourceCmd; import com.cloud.api.commands.DeleteCiscoVnmcResourceCmd; +import com.cloud.api.commands.ListCiscoAsa1000vResourcesCmd; import com.cloud.api.commands.ListCiscoVnmcResourcesCmd; +import com.cloud.api.response.CiscoAsa1000vResourceResponse; import com.cloud.api.response.CiscoVnmcResourceResponse; import com.cloud.configuration.ConfigurationManager; import com.cloud.dc.ClusterVO; @@ -68,11 +73,15 @@ import com.cloud.network.Network.Service; import com.cloud.network.Networks.BroadcastDomainType; import com.cloud.network.PublicIpAddress; import com.cloud.network.addr.PublicIp; -import com.cloud.network.cisco.CiscoVnmcConnection; +import com.cloud.network.cisco.CiscoAsa1000vDevice; +import com.cloud.network.cisco.CiscoAsa1000vDeviceVO; import com.cloud.network.cisco.CiscoVnmcController; import com.cloud.network.cisco.CiscoVnmcControllerVO; +import com.cloud.network.cisco.NetworkAsa1000vMapVO; +import com.cloud.network.dao.CiscoAsa1000vDao; import com.cloud.network.dao.CiscoNexusVSMDeviceDao; import com.cloud.network.dao.CiscoVnmcDao; +import com.cloud.network.dao.NetworkAsa1000vMapDao; import com.cloud.network.dao.NetworkDao; import com.cloud.network.dao.PhysicalNetworkDao; import com.cloud.network.dao.PhysicalNetworkServiceProviderDao; @@ -98,7 +107,8 @@ import com.cloud.vm.VirtualMachineProfile; @Local(value = NetworkElement.class) public class CiscoVnmcElement extends AdapterBase implements SourceNatServiceProvider, FirewallServiceProvider, - PortForwardingServiceProvider, IpDeployer, StaticNatServiceProvider, ResourceStateAdapter, NetworkElement, CiscoVnmcElementService { + PortForwardingServiceProvider, IpDeployer, StaticNatServiceProvider, ResourceStateAdapter, NetworkElement, + CiscoVnmcElementService, CiscoAsa1000vService { private static final Logger s_logger = Logger.getLogger(CiscoVnmcElement.class); private static final Map<Service, Map<Capability, String>> capabilities = setCapabilities(); @@ -129,8 +139,11 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro CiscoNexusVSMDeviceDao _vsmDeviceDao; @Inject CiscoVnmcDao _ciscoVnmcDao; - - CiscoVnmcConnection _vnmcConnection; + @Inject + CiscoAsa1000vDao _ciscoAsa1000vDao; + @Inject + NetworkAsa1000vMapDao _networkAsa1000vMapDao; + private boolean canHandle(Network network) { if (network.getBroadcastDomainType() != BroadcastDomainType.Vlan) { @@ -193,6 +206,14 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro return answer.getResult(); } + private boolean associateAsaWithLogicalEdgeFirewall(long vlanId, + String asaMgmtIp, long hostId) { + AssociateAsaWithLogicalEdgeFirewallCommand cmd = + new AssociateAsaWithLogicalEdgeFirewallCommand(vlanId, asaMgmtIp); + Answer answer = _agentMgr.easySend(hostId, cmd); + return answer.getResult(); + } + @Override public boolean implement(Network network, NetworkOffering offering, DeployDestination dest, ReservationContext context) @@ -229,39 +250,77 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId()); if (devices.isEmpty()) { - s_logger.error("No Cisco Vnmc device on network " + network.getDisplayText()); + s_logger.error("No Cisco Vnmc device on network " + network.getName()); return false; } - if (!_networkMgr.isProviderSupportServiceInNetwork(network.getId(), Service.SourceNat, Provider.CiscoVnmc)) { - s_logger.error("SourceNat service is not provided by Cisco Vnmc device on network " + network.getDisplayText()); - return false; + List<CiscoAsa1000vDeviceVO> asaList = _ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId()); + if (asaList.isEmpty()) { + s_logger.debug("No Cisco ASA 1000v device on network " + network.getName()); + return false; } - CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0); - HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId()); - _hostDao.loadDetails(ciscoVnmcHost); - Account owner = context.getAccount(); - PublicIp sourceNatIp = _networkMgr.assignSourceNatIpAddressToGuestNetwork(owner, network); - String vlan = network.getBroadcastUri().getHost(); - long vlanId = Long.parseLong(vlan); - - // create logical edge firewall in VNMC - if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), sourceNatIp.getAddress().addr(), ciscoVnmcHost.getId())) { - s_logger.error("Failed to create logical edge firewall in Cisco Vnmc device for network " + network.getDisplayText()); - return false; + NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId()); + if (asaForNetwork != null) { + s_logger.debug("Cisco ASA 1000v device already associated with network " + network.getName()); + return true; } - // create stuff in VSM for ASA device - if (!configureNexusVsmForAsa(vlanId, network.getGateway(), - vsmDevice.getUserName(), vsmDevice.getPassword(), vsmDevice.getipaddr(), - "insidePortProfile" /*FIXME: read it from asa1kv device table*/, ciscoVnmcHost.getId())) { - s_logger.error("Failed to configure Cisco Nexus VSM " + vsmDevice.getipaddr() + " for ASA device for network " + network.getDisplayText()); + if (!_networkMgr.isProviderSupportServiceInNetwork(network.getId(), Service.SourceNat, Provider.CiscoVnmc)) { + s_logger.error("SourceNat service is not provided by Cisco Vnmc device on network " + network.getName()); return false; } - // ensure that there is an ASA 1000v assigned to this network - assignAsa1000vToNetwork(network); + Transaction txn = Transaction.currentTxn(); + boolean status = false; + try { + txn.start(); + + // ensure that there is an ASA 1000v assigned to this network + CiscoAsa1000vDevice assignedAsa = assignAsa1000vToNetwork(network); + if (assignedAsa == null) { + s_logger.error("Unable to assign ASA 1000v device to network " + network.getName()); + return false; + } + + CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0); + HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId()); + _hostDao.loadDetails(ciscoVnmcHost); + Account owner = context.getAccount(); + PublicIp sourceNatIp = _networkMgr.assignSourceNatIpAddressToGuestNetwork(owner, network); + String vlan = network.getBroadcastUri().getHost(); + long vlanId = Long.parseLong(vlan); + + // create logical edge firewall in VNMC + if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), sourceNatIp.getAddress().addr(), ciscoVnmcHost.getId())) { + s_logger.error("Failed to create logical edge firewall in Cisco Vnmc device for network " + network.getName()); + return false; + } + + // create stuff in VSM for ASA device + if (!configureNexusVsmForAsa(vlanId, network.getGateway(), + vsmDevice.getUserName(), vsmDevice.getPassword(), vsmDevice.getipaddr(), + assignedAsa.getInPortProfile(), ciscoVnmcHost.getId())) { + s_logger.error("Failed to configure Cisco Nexus VSM " + vsmDevice.getipaddr() + + " for ASA device for network " + network.getName()); + return false; + } + + // associate Asa 1000v instance with logical edge firewall + if (!associateAsaWithLogicalEdgeFirewall(vlanId, assignedAsa.getManagementIp(), ciscoVnmcHost.getId())) { + s_logger.error("Failed to associate Cisco ASA 1000v (" + assignedAsa.getManagementIp() + + ") with logical edge firewall in VNMC for network " + network.getName()); + return false; + } + + status = true; + txn.commit(); + } finally { + if (!status) { + txn.rollback(); + } + } + return true; } @@ -454,12 +513,6 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro return responseList; } - - - @Override - public void assignAsa1000vToNetwork(Network network) { - // TODO Auto-generated method stub - } @Override public IpDeployer getIpDeployer(Network network) { @@ -517,4 +570,81 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro return new DeleteHostAnswer(true); } + @Override + public CiscoAsa1000vDevice addCiscoAsa1000vResource( + AddCiscoAsa1000vResourceCmd cmd) { + Long physicalNetworkId = cmd.getPhysicalNetworkId(); + CiscoAsa1000vDevice ciscoAsa1000vResource = null; + + PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId); + if (physicalNetwork == null) { + throw new InvalidParameterValueException("Could not find phyical network with ID: " + physicalNetworkId); + } + + ciscoAsa1000vResource = new CiscoAsa1000vDeviceVO(physicalNetworkId, cmd.getManagementIp(), cmd.getInPortProfile()); + _ciscoAsa1000vDao.persist((CiscoAsa1000vDeviceVO)ciscoAsa1000vResource); + + return ciscoAsa1000vResource; + } + + @Override + public CiscoAsa1000vResourceResponse createCiscoAsa1000vResourceResponse( + CiscoAsa1000vDevice ciscoAsa1000vDeviceVO) { + CiscoAsa1000vResourceResponse response = new CiscoAsa1000vResourceResponse(); + response.setId(ciscoAsa1000vDeviceVO.getUuid()); + response.setManagementIp(ciscoAsa1000vDeviceVO.getManagementIp()); + response.setInPortProfile(ciscoAsa1000vDeviceVO.getInPortProfile()); + + return response; + } + + @Override + public boolean deleteCiscoAsa1000vResource( + DeleteCiscoAsa1000vResourceCmd cmd) { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<CiscoAsa1000vDeviceVO> listCiscoAsa1000vResources( + ListCiscoAsa1000vResourcesCmd cmd) { + Long physicalNetworkId = cmd.getPhysicalNetworkId(); + Long ciscoAsa1000vResourceId = cmd.getCiscoAsa1000vResourceId(); + List<CiscoAsa1000vDeviceVO> responseList = new ArrayList<CiscoAsa1000vDeviceVO>(); + + if (physicalNetworkId == null && ciscoAsa1000vResourceId == null) { + throw new InvalidParameterValueException("Either physical network Id or Asa 1000v device Id must be specified"); + } + + if (ciscoAsa1000vResourceId != null) { + CiscoAsa1000vDeviceVO ciscoAsa1000vResource = _ciscoAsa1000vDao.findById(ciscoAsa1000vResourceId); + if (ciscoAsa1000vResource == null) { + throw new InvalidParameterValueException("Could not find Cisco Asa 1000v device with id: " + ciscoAsa1000vResourceId); + } + responseList.add(ciscoAsa1000vResource); + } else { + PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId); + if (physicalNetwork == null) { + throw new InvalidParameterValueException("Could not find a physical network with id: " + physicalNetworkId); + } + responseList = _ciscoAsa1000vDao.listByPhysicalNetwork(physicalNetworkId); + } + + return responseList; + } + + @Override + public CiscoAsa1000vDevice assignAsa1000vToNetwork(Network network) { + List<CiscoAsa1000vDeviceVO> asaList = _ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId()); + for (CiscoAsa1000vDeviceVO asa : asaList) { + NetworkAsa1000vMapVO assignedToNetwork = _networkAsa1000vMapDao.findByAsa1000vId(asa.getId()); + if (assignedToNetwork == null) { + NetworkAsa1000vMapVO networkAsaMap = new NetworkAsa1000vMapVO(network.getId(), asa.getId()); + _networkAsa1000vMapDao.persist(networkAsaMap); + return asa; + } + } + return null; + } + } http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/3fd7e30f/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElementService.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElementService.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElementService.java index e69c506..90cd03d 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElementService.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElementService.java @@ -22,8 +22,6 @@ import com.cloud.api.commands.AddCiscoVnmcResourceCmd; import com.cloud.api.commands.DeleteCiscoVnmcResourceCmd; import com.cloud.api.commands.ListCiscoVnmcResourcesCmd; import com.cloud.api.response.CiscoVnmcResourceResponse; -import com.cloud.network.Network; -import com.cloud.network.Network.Provider; import com.cloud.network.cisco.CiscoVnmcController; import com.cloud.network.cisco.CiscoVnmcControllerVO; import com.cloud.utils.component.PluggableService; @@ -40,7 +38,5 @@ public interface CiscoVnmcElementService extends PluggableService { boolean deleteCiscoVnmcResource(DeleteCiscoVnmcResourceCmd cmd); List<CiscoVnmcControllerVO> listCiscoVnmcResources(ListCiscoVnmcResourcesCmd cmd); - - void assignAsa1000vToNetwork(Network network); } http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/3fd7e30f/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java index e87b923..fc96069 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java @@ -26,6 +26,7 @@ import org.apache.log4j.Logger; import com.cloud.agent.IAgentControl; import com.cloud.agent.api.Answer; +import com.cloud.agent.api.AssociateAsaWithLogicalEdgeFirewallCommand; import com.cloud.agent.api.Command; import com.cloud.agent.api.ConfigureNexusVsmForAsaCommand; import com.cloud.agent.api.CreateLogicalEdgeFirewallCommand; @@ -88,6 +89,8 @@ public class CiscoVnmcResource implements ServerResource{ return execute((CreateLogicalEdgeFirewallCommand)cmd); } else if (cmd instanceof ConfigureNexusVsmForAsaCommand) { return execute((ConfigureNexusVsmForAsaCommand)cmd); + } else if (cmd instanceof AssociateAsaWithLogicalEdgeFirewallCommand) { + return execute((AssociateAsaWithLogicalEdgeFirewallCommand)cmd); } else { return Answer.createUnsupportedCommandAnswer(cmd); } @@ -332,8 +335,43 @@ public class CiscoVnmcResource implements ServerResource{ String msg = "ConfigureVSMForASACommand failed due to " + e.getMessage(); s_logger.error(msg, e); return new Answer(cmd, false, msg); + } finally { + helper.disconnect(); } return new Answer(cmd, true, "Success"); } + + /* + * Associates ASA 1000v with logical edge firewall in VNMC + */ + private synchronized Answer execute(AssociateAsaWithLogicalEdgeFirewallCommand cmd) { + return execute(cmd, _numRetries); + } + + private Answer execute(AssociateAsaWithLogicalEdgeFirewallCommand cmd, int numRetries) { + String tenant = "vlan-" + cmd.getVlanId(); + try { + Map<String, String> availableAsaAppliances = _connection.listUnAssocAsa1000v(); + if (availableAsaAppliances.isEmpty()) { + throw new Exception("No ASA 1000v available to associate with logical edge firewall for guest vlan " + cmd.getVlanId()); + } + + String asaInstanceDn = availableAsaAppliances.get(cmd.getAsaMgmtIp()); + if (asaInstanceDn == null) { + throw new Exception("Requested ASA 1000v (" + cmd.getAsaMgmtIp() + ") is not available"); + } + + if (!_connection.assocAsa1000v(tenant, asaInstanceDn)) { + throw new Exception("Failed to associate ASA 1000v (" + cmd.getAsaMgmtIp() + ") with logical edge firewall for guest vlan " + cmd.getVlanId()); + } + } catch (Throwable e) { + String msg = "AssociateAsaWithLogicalEdgeFirewallCommand failed due to " + e.getMessage(); + s_logger.error(msg, e); + return new Answer(cmd, false, msg); + } + + return new Answer(cmd, true, "Success"); + } + }
