- Creating static routes in VNMC as part of edge firewall configuration - Passing order parameter while creating rules so that they are evaluated in a specific order - Added methods in VnmcResource for listing acl policies and rules belonging to variouos policies. This is used to compute order while creation of various rules in VNMC
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/aa94eca5 Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/aa94eca5 Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/aa94eca5 Branch: refs/heads/cisco-vnmc-api-integration Commit: aa94eca516836949da40f1c0672c0aad9699c759 Parents: cc824e8 Author: Koushik Das <[email protected]> Authored: Fri Mar 8 00:38:52 2013 +0530 Committer: Koushik Das <[email protected]> Committed: Fri Mar 8 00:38:52 2013 +0530 ---------------------------------------------------------------------- .../network/cisco/associate-route-policy.xml | 28 ++-- .../network/cisco/create-acl-policy-ref.xml | 2 +- .../scripts/network/cisco/create-dnat-rule.xml | 2 +- .../network/cisco/create-edge-device-profile.xml | 14 +- .../cisco/create-edge-device-route-policy.xml | 16 +- .../network/cisco/create-edge-device-route.xml | 34 ++-- .../cisco/create-ingress-acl-rule-for-dnat.xml | 2 +- .../cisco/create-ingress-acl-rule-for-pf.xml | 2 +- .../network/cisco/create-ingress-acl-rule.xml | 2 +- .../scripts/network/cisco/create-pf-rule.xml | 2 +- .../network/cisco/create-source-nat-rule.xml | 2 +- .../scripts/network/cisco/list-acl-policies.xml | 14 ++ .../scripts/network/cisco/list-children.xml | 11 ++ .../api/CreateLogicalEdgeFirewallCommand.java | 10 + .../cloud/network/cisco/CiscoVnmcConnection.java | 3 +- .../network/cisco/CiscoVnmcConnectionImpl.java | 132 ++++++++++++--- .../cloud/network/element/CiscoVnmcElement.java | 56 +++++-- .../cloud/network/resource/CiscoVnmcResource.java | 25 +++- 18 files changed, 268 insertions(+), 89 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml index af4e4d0..acc5ddb 100644 --- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml @@ -1,15 +1,15 @@ -<configConfMo -dn="" -cookie="%cookie%" -inHierarchical="false"> - <inConfig> - <policyEdgeDeviceServiceProfile - addrTranslationTimeout="10800" - dn="%profiledn%" - ipAudit="" - name="%profilename%" - routing="%routepolicyname%" - status="modified" - vpn=""/> - </inConfig> +<configConfMo + dn="" + cookie="%cookie%" + inHierarchical="false"> + <inConfig> + <policyEdgeDeviceServiceProfile + addrTranslationTimeout="10800" + dn="%dn%" + ipAudit="" + name="%name%" + routing="%routepolicyname%" + status="modified" + vpn=""/> + </inConfig> </configConfMo> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml index 2d3f02a..34efcca 100755 --- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml @@ -7,7 +7,7 @@ <pair key="%aclpolicyrefdn%"> <policyPolicyNameRef dn="%aclpolicyrefdn%" - order="100" + order="%order%" policyName="%aclpolicyname%" status="created"/> </pair> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml index 688e295..8b2842a 100755 --- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml @@ -9,7 +9,7 @@ descr="%descr%" dn="%natruledn%" name="%natrulename%" - order="100" + order="%order%" status="created"/> </pair> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml index 2baec16..bccf058 100644 --- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml @@ -1,14 +1,14 @@ -<configConfMo -cookie="%cookie%" -inHierarchical="false"> - <inConfig> - <policyEdgeDeviceServiceProfile +<configConfMo + cookie="%cookie%" + inHierarchical="false"> + <inConfig> + <policyEdgeDeviceServiceProfile addrTranslationTimeout="10800" descr="%descr%" dn="%dn%" name="%name%" status="created" vpn=""/> - </inConfig> + </inConfig> </configConfMo> -<!--dn="org-root/org-TestTenant3/org-Tenant3-VDC/edsp-Tenant3-Edge-Device-Profile" --> +<!-- dn="org-root/org-TestTenant3/org-Tenant3-VDC/edsp-Tenant3-Edge-Device-Profile" --> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml index 3b760de..d111bd1 100644 --- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml @@ -1,12 +1,12 @@ -<configConfMo +<configConfMo dn="" cookie="%cookie%" inHierarchical="false"> - <inConfig> - <routeRoutingPolicy - descr="%descr%" - dn="%routepolicydn%" - name="%name%" - status="created"/> - </inConfig> + <inConfig> + <routeRoutingPolicy + descr="%descr%" + dn="%routepolicydn%" + name="%name%" + status="created"/> + </inConfig> </configConfMo> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml index 24b55e5..91b10a3 100644 --- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml @@ -1,17 +1,17 @@ -<configConfMos -cookie="%cookie%" -inHierarchical="false"> - <inConfigs> - <pair key="%routedn%" > - <routeStaticRoute - dn="%routedn%" - id="%id%" - ipAddress="%destination%" - ipSubnet="%netmask%" - nextHopGWIp="%nexthop%" - nextHopIntf="%nexthopintf%" - routeMetric="1" - status="created"/> - </pair> - </inConfigs> -</configConfMos> +<configConfMos + cookie="%cookie%" + inHierarchical="false"> + <inConfigs> + <pair key="%routedn%"> + <routeStaticRoute + dn="%routepolicydn%/sroute-2" + id="2" + ipAddress="%destination%" + ipSubnet="%netmask%" + nextHopGWIp="%nexthop%" + nextHopIntf="%nexthopintf%" + routeMetric="1" + status="created"/> + </pair> + </inConfigs> +</configConfMos> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-dnat.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-dnat.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-dnat.xml index de7305f..82af078 100755 --- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-dnat.xml +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-dnat.xml @@ -8,7 +8,7 @@ descr="%descr%" dn="%aclruledn%" name="%aclrulename%" - order="300" + order="%order%" status="created"/> </pair> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-pf.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-pf.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-pf.xml index 9d37552..f81f0bc 100755 --- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-pf.xml +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-pf.xml @@ -8,7 +8,7 @@ descr="%descr%" dn="%aclruledn%" name="%aclrulename%" - order="300" + order="%order%" status="created"/> </pair> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml index 57f12d0..23f05d0 100755 --- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml @@ -8,7 +8,7 @@ descr="%descr%" dn="%aclruledn%" name="%aclrulename%" - order="300" + order="%order%" status="created"/> </pair> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml index b6d2840..9a63ac7 100755 --- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml @@ -9,7 +9,7 @@ descr="%descr%" dn="%natruledn%" name="%natrulename%" - order="100" + order="%order%" status="created"/> </pair> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml index aec191f..0e411a3 100644 --- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml @@ -8,7 +8,7 @@ descr="%descr%" dn="%natruledn%" name="%natrulename%" - order="100" + order="%order%" status="created"/> </pair> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-acl-policies.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-acl-policies.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-acl-policies.xml new file mode 100755 index 0000000..9d10da5 --- /dev/null +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-acl-policies.xml @@ -0,0 +1,14 @@ + +<orgResolveInScope + dn="%vdcdn%" + cookie="%cookie%" + inClass="policyRuleBasedPolicy" + inSingleLevel="false" + inHierarchical="false"> + <inFilter> + </inFilter> +</orgResolveInScope> + +<!-- + vdcdn="org-root/org-vlan-123/org-VDC-vlan-123" +--!> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-children.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-children.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-children.xml new file mode 100755 index 0000000..cc98e64 --- /dev/null +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-children.xml @@ -0,0 +1,11 @@ +<configResolveChildren + cookie="%cookie%" + inDn="%dn%" + inHierarchical="true"> + <inFilter> + </inFilter> +</configResolveChildren> + +<!-- + dn="org-root/org-vlan-517/org-VDC-vlan-517/natpol-DNAT-vlan-517-10-147-30-235" +--!> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java index bbc3d22..def8225 100755 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java @@ -16,6 +16,9 @@ // under the License. package com.cloud.agent.api; +import java.util.ArrayList; +import java.util.List; + /** * Command for creating a logical edge firewall in VNMC */ @@ -25,6 +28,7 @@ public class CreateLogicalEdgeFirewallCommand extends Command { private String _internalIp; private String _publicSubnet; private String _internalSubnet; + private List<String> _publicGateways; public CreateLogicalEdgeFirewallCommand(long vlanId, String publicIp, String internalIp, @@ -35,6 +39,7 @@ public class CreateLogicalEdgeFirewallCommand extends Command { this._internalIp = internalIp; this._publicSubnet = publicSubnet; this.setInternalSubnet(internalSubnet); + _publicGateways = new ArrayList<String>(); } @Override @@ -81,4 +86,9 @@ public class CreateLogicalEdgeFirewallCommand extends Command { public void setInternalSubnet(String _internalSubnet) { this._internalSubnet = _internalSubnet; } + + public List<String> getPublicGateways() { + return _publicGateways; + } + } http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java index c5961d2..abad8ad 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java @@ -37,8 +37,7 @@ public interface CiscoVnmcConnection { throws ExecutionException; public boolean createTenantVDCEdgeStaticRoute(String tenantName, - String nextHopIp, String outsideIntf, String destination, - String netmask) throws ExecutionException; + String nextHopIp, String destination, String netmask) throws ExecutionException; public boolean associateTenantVDCEdgeStaticRoutePolicy(String tenantName) throws ExecutionException; http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java index eac3e67..5a1755c 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java @@ -50,6 +50,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { private enum VnmcXml { LOGIN("login.xml", "mgmt-controller"), + CREATE_TENANT("create-tenant.xml", "service-reg"), DELETE_TENANT("delete-tenant.xml", "service-reg"), CREATE_VDC("create-vdc.xml", "service-reg"), @@ -59,8 +60,9 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { CREATE_EDGE_ROUTE_POLICY("create-edge-device-route-policy.xml", "policy-mgr"), CREATE_EDGE_ROUTE("create-edge-device-route.xml", "policy-mgr"), RESOLVE_EDGE_ROUTE_POLICY("associate-route-policy.xml", "policy-mgr"), - RESOLVE_EDGE_DHCP_POLICY("associate-dhcp-policy.xml", "policy-mgr"), + CREATE_DHCP_POLICY("create-dhcp-policy.xml", "policy-mgr"), + RESOLVE_EDGE_DHCP_POLICY("associate-dhcp-policy.xml", "policy-mgr"), RESOLVE_EDGE_DHCP_SERVER_POLICY("associate-dhcp-server.xml", "policy-mgr"), CREATE_EDGE_SECURITY_PROFILE("create-edge-security-profile.xml", "policy-mgr"), @@ -87,10 +89,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { RESOLVE_ACL_POLICY_SET("associate-acl-policy-set.xml", "policy-mgr"), CREATE_ACL_POLICY("create-acl-policy.xml", "policy-mgr"), DELETE_ACL_POLICY("delete-acl-policy.xml", "policy-mgr"), + LIST_ACL_POLICIES("list-acl-policies.xml", "policy-mgr"), CREATE_ACL_POLICY_REF("create-acl-policy-ref.xml", "policy-mgr"), CREATE_INGRESS_ACL_RULE("create-ingress-acl-rule.xml", "policy-mgr"), DELETE_ACL_RULE("delete-acl-rule.xml", "policy-mgr"), + LIST_CHILDREN("list-children.xml", "policy-mgr"), + CREATE_EDGE_FIREWALL("create-edge-firewall.xml", "resource-mgr"), DELETE_EDGE_FIREWALL("delete-edge-firewall.xml", "resource-mgr"), @@ -188,10 +193,6 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { //FIXME: any other construct is unreliable. why? } - private String getDnForEdgeDeviceRoute(String tenantName, int id) { - return getDnForEdgeDeviceRoutingPolicy(tenantName) + "/sroute-" + id ; - } - private String getDnForDhcpPolicy(String tenantName, String intfName) { return getDnForTenantVDCEdgeDeviceProfile(tenantName) + "/dhcp-" + intfName; } @@ -241,7 +242,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { } private String getNameForEdgeDeviceRoutePolicy(String tenantName) { - return "EDSP-" + tenantName + "-Routes";//FIXME: this has to match DN somehow? + return "EDSP-" + tenantName + "-Routes"; } @Override @@ -312,7 +313,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { String xml = VnmcXml.CREATE_EDGE_ROUTE_POLICY.getXml(); String service = VnmcXml.CREATE_EDGE_ROUTE_POLICY.getService(); xml = replaceXmlValue(xml, "cookie", _cookie); - xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceRoutePolicy(tenantName));//FIXME: this has to match DN somehow? + xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceRoutePolicy(tenantName)); xml = replaceXmlValue(xml, "routepolicydn", getDnForEdgeDeviceRoutingPolicy(tenantName)); xml = replaceXmlValue(xml, "descr", "Routing Policy for Edge Device for Tenant " + tenantName); @@ -321,16 +322,14 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { } @Override - public boolean createTenantVDCEdgeStaticRoute(String tenantName, - String nextHopIp, String outsideIntf, - String destination, String netmask) throws ExecutionException { + public boolean createTenantVDCEdgeStaticRoute(String tenantName, + String nextHopIp, String destination, String netmask) throws ExecutionException { String xml = VnmcXml.CREATE_EDGE_ROUTE.getXml(); String service = VnmcXml.CREATE_EDGE_ROUTE.getService(); xml = replaceXmlValue(xml, "cookie", _cookie); - xml = replaceXmlValue(xml, "routedn", getDnForEdgeDeviceRoute(tenantName, 2));//TODO: why 2? - xml = replaceXmlValue(xml, "id", "2"); // TODO:2? + xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceRoutePolicy(tenantName)); xml = replaceXmlValue(xml, "nexthop", nextHopIp); - xml = replaceXmlValue(xml, "nexthopintf", outsideIntf); + xml = replaceXmlValue(xml, "nexthopintf", getNameForEdgeOutsideIntf(tenantName)); xml = replaceXmlValue(xml, "destination", destination); xml = replaceXmlValue(xml, "netmask", netmask); @@ -345,8 +344,8 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { String xml = VnmcXml.RESOLVE_EDGE_ROUTE_POLICY.getXml(); String service = VnmcXml.RESOLVE_EDGE_ROUTE_POLICY.getService(); xml = replaceXmlValue(xml, "cookie", _cookie); - xml = replaceXmlValue(xml, "profilename", getNameForEdgeDeviceServiceProfile(tenantName)); - xml = replaceXmlValue(xml, "profiledn", getDnForTenantVDC(tenantName) + "/edsp-" + getNameForEdgeDeviceServiceProfile(tenantName)); + xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceServiceProfile(tenantName)); + xml = replaceXmlValue(xml, "dn", getDnForTenantVDCEdgeDeviceProfile(tenantName)); xml = replaceXmlValue(xml, "routepolicyname", getNameForEdgeDeviceRoutePolicy(tenantName)); String response = sendRequest(service, xml); @@ -488,6 +487,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { xml = replaceXmlValue(xml, "srcendip", endSourceIp); xml = replaceXmlValue(xml, "ippoolname", getNameForSourceNatIpPool(tenantName)); + List<String> rules = listChildren(getDnForSourceNatPolicy(tenantName)); + int order = 100; + if (rules != null) { + order += rules.size(); + } + xml = replaceXmlValue(xml, "order", Integer.toString(order)); + String response = sendRequest(service, xml); return verifySuccess(response); } @@ -610,6 +616,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { xml = replaceXmlValue(xml, "aclpolicydn", getDnForAclPolicy(tenantName, identifier)); xml = replaceXmlValue(xml, "aclpolicyrefdn", getDnForAclPolicyRef(tenantName, identifier, ingress)); + List<String> policies = listAclPolicies(tenantName); + int order = 100; + if (policies != null) { + order += policies.size(); + } + xml = replaceXmlValue(xml, "order", Integer.toString(order)); + String response = sendRequest(service, xml); return verifySuccess(response); } @@ -675,6 +688,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { xml = replaceXmlValue(xml, "destendport", destEndPort); xml = replaceXmlValue(xml, "destip", destIp); + List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier)); + int order = 100; + if (rules != null) { + order += rules.size(); + } + xml = replaceXmlValue(xml, "order", Integer.toString(order)); + String response = sendRequest(service, xml); return verifySuccess(response); } @@ -783,7 +803,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { xml = replaceXmlValue(xml, "cookie", _cookie); xml = replaceXmlValue(xml, "vdcdn", getDnForTenantVDC(tenantName)); - String response = sendRequest(service, xml); + String response = sendRequest(service, xml); List<String> result = new ArrayList<String>(); Document xmlDoc = getDocument(response); @@ -797,6 +817,48 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { return result; } + private List<String> listAclPolicies(String tenantName) throws ExecutionException { + + String xml = VnmcXml.LIST_ACL_POLICIES.getXml(); + String service = VnmcXml.LIST_ACL_POLICIES.getService(); + xml = replaceXmlValue(xml, "cookie", _cookie); + xml = replaceXmlValue(xml, "vdcdn", getDnForTenantVDC(tenantName)); + + String response = sendRequest(service, xml); + + List<String> result = new ArrayList<String>(); + Document xmlDoc = getDocument(response); + xmlDoc.normalize(); + NodeList policyList = xmlDoc.getElementsByTagName("pair"); + for (int i=0; i < policyList.getLength(); i++) { + Node policyNode = policyList.item(i); + result.add(policyNode.getAttributes().getNamedItem("key").getNodeValue()); + } + + return result; + } + + private List<String> listChildren(String dn) throws ExecutionException { + + String xml = VnmcXml.LIST_CHILDREN.getXml(); + String service = VnmcXml.LIST_CHILDREN.getService(); + xml = replaceXmlValue(xml, "cookie", _cookie); + xml = replaceXmlValue(xml, "dn", dn); + + String response = sendRequest(service, xml); + + List<String> result = new ArrayList<String>(); + Document xmlDoc = getDocument(response); + xmlDoc.normalize(); + NodeList policyList = xmlDoc.getElementsByTagName("policyRule"); + for (int i=0; i < policyList.getLength(); i++) { + Node policyNode = policyList.item(i); + result.add(policyNode.getAttributes().getNamedItem("name").getNodeValue()); + } + + return result; + } + @Override public boolean createTenantVDCPFPortPool(String tenantName, String identifier, String startPort, String endPort) throws ExecutionException { @@ -855,6 +917,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { xml = replaceXmlValue(xml, "endport", endPort); xml = replaceXmlValue(xml, "protocolvalue", protocol); + List<String> rules = listChildren(getDnForPFPolicy(tenantName, policyIdentifier)); + int order = 100; + if (rules != null) { + order += rules.size(); + } + xml = replaceXmlValue(xml, "order", Integer.toString(order)); + String response = sendRequest(service, xml); return verifySuccess(response); } @@ -867,14 +936,22 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { String xml = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_PF.getXml(); String service = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_PF.getService(); xml = replaceXmlValue(xml, "cookie", _cookie); - xml = replaceXmlValue(xml, "natruledn", getDnForAclRule(tenantName, identifier, policyIdentifier)); - xml = replaceXmlValue(xml, "natrulename", getNameForAclRule(tenantName, identifier)); + xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier)); + xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier)); xml = replaceXmlValue(xml, "descr", "ACL rule for Tenant VDC " + tenantName); + xml = replaceXmlValue(xml, "actiontype", "permit"); xml = replaceXmlValue(xml, "protocolvalue", protocol); xml = replaceXmlValue(xml, "ip", publicIp); xml = replaceXmlValue(xml, "startport", startPort); xml = replaceXmlValue(xml, "endport", endPort); + List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier)); + int order = 100; + if (rules != null) { + order += rules.size(); + } + xml = replaceXmlValue(xml, "order", Integer.toString(order)); + String response = sendRequest(service, xml); return verifySuccess(response); } @@ -952,6 +1029,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { xml = replaceXmlValue(xml, "ippoolname", getNameForDNatIpPool(tenantName, policyIdentifier + "-" + identifier)); xml = replaceXmlValue(xml, "ip", publicIp); + List<String> rules = listChildren(getDnForDNatPolicy(tenantName, policyIdentifier)); + int order = 100; + if (rules != null) { + order += rules.size(); + } + xml = replaceXmlValue(xml, "order", Integer.toString(order)); + String response = sendRequest(service, xml); return verifySuccess(response); } @@ -963,11 +1047,19 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { String xml = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_DNAT.getXml(); String service = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_DNAT.getService(); xml = replaceXmlValue(xml, "cookie", _cookie); - xml = replaceXmlValue(xml, "natruledn", getDnForAclRule(tenantName, identifier, policyIdentifier)); - xml = replaceXmlValue(xml, "natrulename", getNameForAclRule(tenantName, identifier)); + xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier)); + xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier)); xml = replaceXmlValue(xml, "descr", "ACL rule for Tenant VDC " + tenantName); + xml = replaceXmlValue(xml, "actiontype", "permit"); xml = replaceXmlValue(xml, "ip", publicIp); + List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier)); + int order = 100; + if (rules != null) { + order += rules.size(); + } + xml = replaceXmlValue(xml, "order", Integer.toString(order)); + String response = sendRequest(service, xml); return verifySuccess(response); } http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java index 0e6b138..72d51c3 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java @@ -60,6 +60,7 @@ import com.cloud.dc.ClusterVSMMapVO; import com.cloud.dc.DataCenter; import com.cloud.dc.Vlan; import com.cloud.dc.DataCenter.NetworkType; +import com.cloud.dc.VlanVO; import com.cloud.dc.dao.ClusterDao; import com.cloud.dc.dao.ClusterVSMMapDao; import com.cloud.dc.dao.VlanDao; @@ -116,6 +117,7 @@ import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.vm.NicProfile; import com.cloud.vm.ReservationContext; import com.cloud.vm.VirtualMachine; +import com.cloud.vm.VirtualMachine.Type; import com.cloud.vm.VirtualMachineProfile; @Local(value = NetworkElement.class) @@ -159,7 +161,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro @Inject NetworkAsa1000vMapDao _networkAsa1000vMapDao; - private boolean canHandle(Network network) { + protected boolean canHandle(Network network) { if (network.getBroadcastDomainType() != BroadcastDomainType.Vlan) { return false; //TODO: should handle VxLAN as well } @@ -206,8 +208,11 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro } private boolean createLogicalEdgeFirewall(long vlanId, String gateway, - String publicIp, long hostId) { + String publicIp, List<String> publicGateways, long hostId) { CreateLogicalEdgeFirewallCommand cmd = new CreateLogicalEdgeFirewallCommand(vlanId, publicIp, gateway, "255.255.255.0", "255.255.255.0"); + for (String publicGateway : publicGateways) { + cmd.getPublicGateways().add(publicGateway); + } Answer answer = _agentMgr.easySend(hostId, cmd); return answer.getResult(); } @@ -318,8 +323,16 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro String vlan = network.getBroadcastUri().getHost(); long vlanId = Long.parseLong(vlan); + List<VlanVO> vlanVOList = _vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId()); + List<String> publicGateways = new ArrayList<String>(); + for (VlanVO vlanVO : vlanVOList) { + publicGateways.add(vlanVO.getVlanGateway()); + } + // create logical edge firewall in VNMC - if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), sourceNatIp.getAddress().addr(), ciscoVnmcHost.getId())) { + //String insideIp = _networkMgr.acquireGuestIpAddress(network, null); + //if (!createLogicalEdgeFirewall(vlanId, insideIp, sourceNatIp.getAddress().addr(), ciscoVnmcHost.getId())) { + if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), sourceNatIp.getAddress().addr(), publicGateways, ciscoVnmcHost.getId())) { s_logger.error("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName()); return false; } @@ -364,7 +377,16 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro DeployDestination dest, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException { - //Ensure that there is an ASA 1000v assigned to this network + if (vm.getType() != Type.User) { + return false; + } + + // ensure that there is an ASA 1000v assigned to this network + NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId()); + if (asaForNetwork == null) { + return false; + } + return true; } @@ -373,16 +395,21 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro VirtualMachineProfile<? extends VirtualMachine> vm, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { - // TODO Auto-generated method stub - return false; + return true; } @Override public boolean shutdown(Network network, ReservationContext context, boolean cleanup) throws ConcurrentOperationException, ResourceUnavailableException { - // TODO Auto-generated method stub - return false; + + unassignAsa1000vFromNetwork(network); + // disassociateAsaFromLogicalEdgeFirewall() + // delete ACL and NAT policies + // delete logical edge firewall + // delete tenant/VDC + + return true; } @Override @@ -416,8 +443,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro @Override public boolean destroy(Network network, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { - // TODO Auto-generated method stub - return false; + return true; } @Override @@ -574,11 +600,9 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro return responseList; } - @Override public IpDeployer getIpDeployer(Network network) { - // TODO Auto-generated method stub - return null; + return this; } @Override @@ -878,4 +902,10 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro return null; } + private void unassignAsa1000vFromNetwork(Network network) { + NetworkAsa1000vMapVO networkAsaMap = _networkAsa1000vMapDao.findByNetworkId(network.getId()); + if (networkAsaMap != null) { + _networkAsa1000vMapDao.remove(networkAsaMap.getId()); + } + } } http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java index e49952e..16aaed2 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java @@ -182,7 +182,7 @@ public class CiscoVnmcResource implements ServerResource{ } - public StartupCommand[] initialize() { + public StartupCommand[] initialize() { StartupExternalFirewallCommand cmd = new StartupExternalFirewallCommand(); cmd.setName(_name); cmd.setDataCenter(_zoneId); @@ -581,6 +581,26 @@ public class CiscoVnmcResource implements ServerResource{ return execute(cmd, _numRetries); } + private void createEdgeDeviceProfile(String tenant, List<String> gateways, Long vlanId) throws Exception { + // create edge device profile + if (!_connection.createTenantVDCEdgeDeviceProfile(tenant)) + throw new Exception("Failed to create tenant edge device profile in VNMC for guest network with vlan " + vlanId); + + // create edge static route policy + if (!_connection.createTenantVDCEdgeStaticRoutePolicy(tenant)) + throw new Exception("Failed to create tenant edge static route policy in VNMC for guest network with vlan " + vlanId); + + // create edge static route for all gateways + for (String gateway : gateways) { + if (!_connection.createTenantVDCEdgeStaticRoute(tenant, gateway, "0.0.0.0", "0.0.0.0")) + throw new Exception("Failed to create tenant edge static route in VNMC for guest network with vlan " + vlanId); + } + + // associate edge + if (!_connection.associateTenantVDCEdgeStaticRoutePolicy(tenant)) + throw new Exception("Failed to associate edge static route policy with edge device profile in VNMC for guest network with vlan " + vlanId); + } + private Answer execute(CreateLogicalEdgeFirewallCommand cmd, int numRetries) { String tenant = "vlan-" + cmd.getVlanId(); try { @@ -596,6 +616,9 @@ public class CiscoVnmcResource implements ServerResource{ if (!_connection.createTenantVDCEdgeSecurityProfile(tenant)) throw new Exception("Failed to create tenant edge security profile in VNMC for guest network with vlan " + cmd.getVlanId()); + // create edge device profile and associated route + createEdgeDeviceProfile(tenant, cmd.getPublicGateways(), cmd.getVlanId()); + // create logical edge firewall if (!_connection.createEdgeFirewall(tenant, cmd.getPublicIp(), cmd.getInternalIp(), cmd.getPublicSubnet(), cmd.getInternalSubnet())) throw new Exception("Failed to create edge firewall in VNMC for guest network with vlan " + cmd.getVlanId());
