if (!_rulesMgr.applyStaticNatsForNetwork(networkId, false, caller)) { s_logger.warn("Failed to apply static nats a part of network id" + networkId + " restart"); success = false; if (!_rulesMgr.applyPortForwardingRulesForNetwork(networkId, false, caller)) { s_logger.warn("Failed to reapply port forwarding rule(s) as a part of network id=" + networkId + " restart"); success = false; if (!_rulesMgr.applyStaticNatRulesForNetwork(networkId, false, caller)) { s_logger.warn("Failed to reapply static nat rule(s) as a part of network id=" + networkId + " restart"); success = false;
if (!_rulesMgr.applyStaticNatForNetwork(networkId, false, caller, true)) { s_logger.warn("Failed to disable static nats as part of shutdownNetworkRules for network id " + networkId); success = false;
final List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>(); for (final FirewallRule rule : staticNatFirewallRules) { staticNatRules.add(_rulesMgr.buildStaticNatRule(rule, false));
if (_rulesMgr.revokePortForwardingRulesForVm(vmId)) { s_logger.debug("Port forwarding rules are removed successfully as a part of vm id=" + vmId + " expunge"); } else { if (_rulesMgr.disableStaticNat(ip.getId(), _accountMgr.getAccount(Account.ACCOUNT_ID_SYSTEM), User.UID_SYSTEM, true)) { s_logger.debug("Disabled 1-1 nat for ip address " + ip + " as a part of vm id=" + vmId + " expunge"); } else {
private void reapplyPublicIps(Network networkInOldPhysicalNetwork, Network networkInNewPhysicalNet) { CallContext ctx = CallContext.current(); long callerUserId = ctx.getCallingUserId(); Account caller = ctx.getCallingAccount(); AccountVO networkAccount = _accountDao.findById(networkInNewPhysicalNet.getAccountId()); List<? extends IPAddressVO> staticNatIps = _ipAddressDao.listStaticNatPublicIps(networkInOldPhysicalNetwork.getId()); List<String> providers = _networkOfferingServiceDao.listProvidersForServiceForNetworkOffering(networkInNewPhysicalNet.getNetworkOfferingId(), Network.Service.SourceNat); boolean isSrcNatIpNeeded = providers.stream().anyMatch(provider -> provider.contains(Network.Provider.VirtualRouter.getName())); for (IPAddressVO ipAddress : staticNatIps) { if (!ipAddress.isSourceNat() || isSrcNatIpNeeded) { ipAddress.setAssociatedWithNetworkId(networkInNewPhysicalNet.getId()); _ipAddressDao.persist(ipAddress); } else { _ipAddressManager.disassociatePublicIpAddress(ipAddress.getId(), callerUserId, caller); } } _rulesMgr.applyStaticNatsForNetwork(networkInNewPhysicalNet.getId(), false, networkAccount); }
@Override public boolean finalizeStart(VirtualMachineProfile profile, long hostId, Commands cmds, ReservationContext context) { CheckSshAnswer answer = (CheckSshAnswer)cmds.getAnswer("checkSsh"); if (answer == null || !answer.getResult()) { if (answer != null) { s_logger.warn("Unable to ssh to the VM: " + answer.getDetails()); } else { s_logger.warn("Unable to ssh to the VM: null answer"); } return false; } try { //get system ip and create static nat rule for the vm in case of basic networking with EIP/ELB _rulesMgr.getSystemIpAndEnableStaticNatForVm(profile.getVirtualMachine(), false); IPAddressVO ipaddr = _ipAddressDao.findByAssociatedVmId(profile.getVirtualMachine().getId()); if (ipaddr != null && ipaddr.getSystem()) { ConsoleProxyVO consoleVm = _consoleProxyDao.findById(profile.getId()); // override CPVM guest IP with EIP, so that console url's will be prepared with EIP consoleVm.setPublicIpAddress(ipaddr.getAddress().addr()); _consoleProxyDao.update(consoleVm.getId(), consoleVm); } } catch (Exception ex) { s_logger.warn("Failed to get system ip and enable static nat for the vm " + profile.getVirtualMachine() + " due to exception ", ex); return false; } return true; }
@Override public void finalizeStop(VirtualMachineProfile profile, Answer answer) { //release elastic IP here if assigned IPAddressVO ip = _ipAddressDao.findByAssociatedVmId(profile.getId()); if (ip != null && ip.getSystem()) { CallContext ctx = CallContext.current(); try { _rulesMgr.disableStaticNat(ip.getId(), ctx.getCallingAccount(), ctx.getCallingUserId(), true); } catch (Exception ex) { s_logger.warn("Failed to disable static nat and release system ip " + ip + " as a part of vm " + profile.getVirtualMachine() + " stop due to exception ", ex); } } }
@Override public RemoteAccessVpn doInTransaction(TransactionStatus status) throws NetworkRuleConflictException { if (vpcId == null) { _rulesMgr.reservePorts(ipAddr, NetUtils.UDP_PROTO, Purpose.Vpn, openFirewallFinal, caller, NetUtils.VPN_PORT, NetUtils.VPN_L2TP_PORT, NetUtils.VPN_NATT_PORT); } RemoteAccessVpnVO vpnVO = new RemoteAccessVpnVO(ipAddr.getAccountId(), ipAddr.getDomainId(), ipAddr.getAssociatedWithNetworkId(), publicIpId, vpcId, range[0], newIpRange, sharedSecret); if (forDisplay != null) { vpnVO.setDisplay(forDisplay); } return _remoteAccessVpnDao.persist(vpnVO); } });
_rulesMgr.checkRuleAndUserVm(loadBalancer, vm, caller);
if (_rulesMgr.listAssociatedRulesForGuestNic(nic).size() > 0) { throw new InvalidParameterValueException("Unable to remove nic from " + vmInstance + " in " + network + ", nic has associated Port forwarding or Load balancer or Static NAT rules.");
Long vmId = ipVO.getAssociatedWithVmId(); if (offering.isElasticIp() && vmId != null) { _rulesMgr.getSystemIpAndEnableStaticNatForVm(_userVmDao.findById(vmId), true); return true;
@Override public void finalizeStop(VirtualMachineProfile profile, Answer answer) { VirtualMachine vm = profile.getVirtualMachine(); // release elastic IP here IPAddressVO ip = _ipAddressDao.findByAssociatedVmId(profile.getId()); if (ip != null && ip.getSystem()) { CallContext ctx = CallContext.current(); try { long networkId = ip.getAssociatedWithNetworkId(); Network guestNetwork = _networkDao.findById(networkId); NetworkOffering offering = _entityMgr.findById(NetworkOffering.class, guestNetwork.getNetworkOfferingId()); assert (offering.isAssociatePublicIP() == true) : "User VM should not have system owned public IP associated with it when offering configured not to associate public IP."; _rulesMgr.disableStaticNat(ip.getId(), ctx.getCallingAccount(), ctx.getCallingUserId(), true); } catch (Exception ex) { s_logger.warn("Failed to disable static nat and release system ip " + ip + " as a part of vm " + profile.getVirtualMachine() + " stop due to exception ", ex); } } List<NicVO> nics = _nicDao.listByVmId(vm.getId()); for (NicVO nic : nics) { NetworkVO network = _networkDao.findById(nic.getNetworkId()); if (network.getTrafficType() == TrafficType.Guest) { if (nic.getBroadcastUri() != null && nic.getBroadcastUri().getScheme().equals("pvlan")) { NicProfile nicProfile = new NicProfile(nic, network, nic.getBroadcastUri(), nic.getIsolationUri(), 0, false, "pvlan-nic"); setupVmForPvlan(false, vm.getHostId(), nicProfile); } } } }
_rulesMgr.getSystemIpAndEnableStaticNatForVm(profile.getVirtualMachine(), false); } catch (Exception ex) { s_logger.warn("Failed to get system ip and enable static nat for the vm " + profile.getVirtualMachine() + " due to exception ", ex);