CLOUDSTACK-737
support multiple NICs in Security group in java side
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/20907e20
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/20907e20
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/20907e20
Branch: refs/heads/advancedsg-leaseweb
Commit: 20907e2081879a236dfb869691e33a13fc94035e
Parents: 9edfd4b
Author: Anthony Xu <anthony@anthony-dev.(none)>
Authored: Thu Jan 31 15:45:52 2013 -0800
Committer: Wei Zhou <[email protected]>
Committed: Tue Jun 11 11:57:57 2013 +0200
----------------------------------------------------------------------
.../com/cloud/network/NetworkManagerImpl.java | 2 +-
.../VirtualNetworkApplianceManagerImpl.java | 3 +-
server/src/com/cloud/vm/UserVmManagerImpl.java | 93 +++++---------------
3 files changed, 23 insertions(+), 75 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/20907e20/server/src/com/cloud/network/NetworkManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java
b/server/src/com/cloud/network/NetworkManagerImpl.java
index 41f64ed..8eaea88 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -1890,7 +1890,7 @@ public class NetworkManagerImpl extends ManagerBase
implements NetworkManager, L
if (
_networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(),
Service.SourceNat)) {
throw new InvalidParameterValueException("Service
SourceNat is not allowed in security group enabled zone");
}
- if (
_networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(),
Service.SecurityGroup)) {
+ if ( !
_networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(),
Service.SecurityGroup)) {
throw new InvalidParameterValueException("network must
have SecurityGroup provider in security group enabled zone");
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/20907e20/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
----------------------------------------------------------------------
diff --git
a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index dd8297a..9bcdc5f 100755
---
a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++
b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -3128,8 +3128,7 @@ public class VirtualNetworkApplianceManagerImpl extends
ManagerBase implements V
private void createDhcpEntryCommand(VirtualRouter router, UserVm vm, NicVO
nic, Commands cmds) {
DhcpEntryCommand dhcpCommand = new
DhcpEntryCommand(nic.getMacAddress(), nic.getIp4Address(), vm.getHostName(),
nic.getIp6Address());
DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId());
- Nic defaultNic = findGatewayIp(vm.getId());
- String gatewayIp = defaultNic.getGateway();
+ String gatewayIp = findGatewayIp(vm.getId());
if (gatewayIp != null && !gatewayIp.equals(nic.getGateway())) {
gatewayIp = "0.0.0.0";
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/20907e20/server/src/com/cloud/vm/UserVmManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java
b/server/src/com/cloud/vm/UserVmManagerImpl.java
index 865a1d3..9be4cbc 100755
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -2866,94 +2866,44 @@ public class UserVmManagerImpl extends ManagerBase
implements UserVmManager, Use
Account caller = UserContext.current().getCaller();
List<NetworkVO> networkList = new ArrayList<NetworkVO>();
- boolean isSecurityGroupEnabledNetworkUsed = false;
boolean isVmWare = (template.getHypervisorType() ==
HypervisorType.VMware || (hypervisor != null && hypervisor ==
HypervisorType.VMware));
+ if (isVmWare) {
+ throw new InvalidParameterValueException("Security group feature
is not supported for vmWare hypervisor");
+ }
// Verify that caller can perform actions in behalf of vm owner
_accountMgr.checkAccess(caller, null, true, owner);
-
- // If no network is specified, find system security group enabled
- // network
if (networkIdList == null || networkIdList.isEmpty()) {
- Network networkWithSecurityGroup =
_networkModel.getNetworkWithSecurityGroupEnabled(zone.getId());
- if (networkWithSecurityGroup == null) {
- throw new InvalidParameterValueException(
- "No network with security enabled is found in zone id="
- + zone.getId());
- }
-
-
networkList.add(_networkDao.findById(networkWithSecurityGroup.getId()));
- isSecurityGroupEnabledNetworkUsed = true;
-
- } else if (securityGroupIdList != null
- && !securityGroupIdList.isEmpty()) {
- if (isVmWare) {
- throw new InvalidParameterValueException(
- "Security group feature is not supported for vmWare
hypervisor");
- }
- // Only one network can be specified, and it should be security
- // group enabled
- if (networkIdList.size() > 1) {
- throw new InvalidParameterValueException(
- "Only support one network per VM if security group
enabled");
- }
-
- NetworkVO network = _networkDao.findById(networkIdList.get(0)
- .longValue());
-
+ throw new InvalidParameterValueException("need to specify
networkIDs");
+ }
+ // Verify that all the networks are Shared/Guest; can't create
combination of SG enabled and disabled networks
+ for (Long networkId : networkIdList) {
+ NetworkVO network = _networkDao.findById(networkId);
if (network == null) {
throw new InvalidParameterValueException(
"Unable to find network by id "
+ networkIdList.get(0).longValue());
}
- if (!_networkModel.isSecurityGroupSupportedInNetwork(network)) {
- throw new InvalidParameterValueException("Network is not
security group enabled: " + network.getId());
- }
-
- networkList.add(network);
- isSecurityGroupEnabledNetworkUsed = true;
+ boolean isSecurityGroupEnabled =
_networkModel.isSecurityGroupSupportedInNetwork(network);
+ if ( ! isSecurityGroupEnabled) {
+ throw new InvalidParameterValueException("Only support
Security Group enabled networks in Security enabled zone, network " +
network.getUuid() + " doesn't support security group ");
+ }
- } else {
- // Verify that all the networks are Shared/Guest; can't create
combination of SG enabled and disabled networks
- for (Long networkId : networkIdList) {
- NetworkVO network = _networkDao.findById(networkId);
-
- if (network == null) {
- throw new InvalidParameterValueException(
- "Unable to find network by id "
- + networkIdList.get(0).longValue());
- }
-
- boolean isSecurityGroupEnabled =
_networkModel.isSecurityGroupSupportedInNetwork(network);
- if (isSecurityGroupEnabled) {
- if (networkIdList.size() > 1) {
- throw new InvalidParameterValueException("Can't create
a vm with multiple networks one of" +
- " which is Security Group enabled");
- }
-
- isSecurityGroupEnabledNetworkUsed = true;
- }
-
- if (!(network.getTrafficType() == TrafficType.Guest &&
network.getGuestType() == Network.GuestType.Shared)) {
- throw new InvalidParameterValueException("Can specify only
Shared Guest networks when" +
+ if (!(network.getTrafficType() == TrafficType.Guest &&
network.getGuestType() == Network.GuestType.Shared)) {
+ throw new InvalidParameterValueException("Can specify only
Shared Guest networks when" +
" deploy vm in Advance Security Group enabled
zone");
- }
+ }
- // Perform account permission check
- if (network.getAclType() == ACLType.Account) {
- _accountMgr.checkAccess(caller, AccessType.UseNetwork,
false, network);
- }
- networkList.add(network);
+ // Perform account permission check
+ if (network.getAclType() == ACLType.Account) {
+ _accountMgr.checkAccess(caller, AccessType.UseNetwork, false,
network);
}
+ networkList.add(network);
}
-
// if network is security group enabled, and no security group is
specified, then add the default security group automatically
- if (isSecurityGroupEnabledNetworkUsed && !isVmWare &&
_networkModel.canAddDefaultSecurityGroup()) {
-
- // add the default securityGroup only if no security group is
- // specified
- if (securityGroupIdList == null || securityGroupIdList.isEmpty()) {
+ if ( _networkModel.canAddDefaultSecurityGroup()) {
+ if(securityGroupIdList == null || securityGroupIdList.isEmpty()){
if (securityGroupIdList == null) {
securityGroupIdList = new ArrayList<Long>();
}
@@ -2977,7 +2927,6 @@ public class UserVmManagerImpl extends ManagerBase
implements UserVmManager, Use
}
}
}
-
return createVirtualMachine(zone, serviceOffering, template, hostName,
displayName, owner, diskOfferingId,
diskSize, networkList, securityGroupIdList, group, userData,
sshKeyPair, hypervisor, caller, requestedIps, defaultIps, keyboard);
}
