revokePortForwardingRuleInternal(rule.getId(), caller, userId, false); revokeStaticNatRuleInternal(rule.getId(), caller, userId, false); success = success && applyPortForwardingRules(ipId, _ipAddrMgr.RulesContinueOnError.value(), caller); success = success && applyStaticNatRulesForIp(ipId, _ipAddrMgr.RulesContinueOnError.value(), caller, true); success = success && applyStaticNatForIp(ipId, false, caller, true);
revokePortForwardingRuleInternal(rule.getId(), caller, userId, false); revokeStaticNatRuleInternal(rule.getId(), caller, userId, false); success = success && applyPortForwardingRulesForNetwork(networkId, true, caller); success = success && applyPortForwardingRulesForNetwork(networkId, _ipAddrMgr.RulesContinueOnError.value(), caller); success = success && applyStaticNatRulesForNetwork(networkId, true, caller); success = success && applyStaticNatRulesForNetwork(networkId, _ipAddrMgr.RulesContinueOnError.value(), caller);
protected boolean applyStaticNatRulesForIp(long sourceIpId, boolean continueOnError, Account caller, boolean forRevoke) { List<? extends FirewallRule> rules = _firewallDao.listByIpAndPurpose(sourceIpId, Purpose.StaticNat); List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>(); if (rules.size() == 0) { s_logger.debug("There are no static nat rules to apply for ip id=" + sourceIpId); return true; } for (FirewallRule rule : rules) { staticNatRules.add(buildStaticNatRule(rule, forRevoke)); } if (caller != null) { _accountMgr.checkAccess(caller, null, true, staticNatRules.toArray(new StaticNatRule[staticNatRules.size()])); } try { if (!_firewallMgr.applyRules(staticNatRules, continueOnError, true)) { return false; } } catch (ResourceUnavailableException ex) { s_logger.warn("Failed to apply static nat rules for ip due to ", ex); return false; } return true; }
@Override @ActionEvent(eventType = EventTypes.EVENT_DISABLE_STATIC_NAT, eventDescription = "disabling static nat", async = true) public boolean disableStaticNat(long ipId) throws ResourceUnavailableException, NetworkRuleConflictException, InsufficientAddressCapacityException { CallContext ctx = CallContext.current(); Account caller = ctx.getCallingAccount(); IPAddressVO ipAddress = _ipAddressDao.findById(ipId); checkIpAndUserVm(ipAddress, null, caller, false); if (ipAddress.getSystem()) { InvalidParameterValueException ex = new InvalidParameterValueException("Can't disable static nat for system IP address with specified id"); ex.addProxyObject(ipAddress.getUuid(), "ipId"); throw ex; } Long vmId = ipAddress.getAssociatedWithVmId(); if (vmId == null) { InvalidParameterValueException ex = new InvalidParameterValueException("Specified IP address id is not associated with any vm Id"); ex.addProxyObject(ipAddress.getUuid(), "ipId"); throw ex; } // if network has elastic IP functionality supported, we first have to disable static nat on old ip in order to // re-enable it on the new one enable static nat takes care of that Network guestNetwork = _networkModel.getNetwork(ipAddress.getAssociatedWithNetworkId()); NetworkOffering offering = _entityMgr.findById(NetworkOffering.class, guestNetwork.getNetworkOfferingId()); if (offering.isElasticIp()) { if (offering.isAssociatePublicIP()) { getSystemIpAndEnableStaticNatForVm(_vmDao.findById(vmId), true); return true; } } return disableStaticNat(ipId, caller, ctx.getCallingUserId(), false); }
checkIpAndUserVm(ipAddress, vm, caller, true); } else { checkIpAndUserVm(ipAddress, vm, caller, false); isIpReadyForStaticNat(vmId, ipAddress, dstIp, caller, ctx.getCallingUserId()); if (applyStaticNatForIp(ipId, false, caller, false)) { performedIpAssoc = false; // ignor unassignIPFromVpcNetwork in finally block return true;
@Override public boolean revokePortForwardingRulesForVm(long vmId) { boolean success = true; UserVmVO vm = _vmDao.findByIdIncludingRemoved(vmId); if (vm == null) { return false; } List<PortForwardingRuleVO> rules = _portForwardingDao.listByVm(vmId); Set<Long> ipsToReprogram = new HashSet<Long>(); if (rules == null || rules.isEmpty()) { s_logger.debug("No port forwarding rules are found for vm id=" + vmId); return true; } for (PortForwardingRuleVO rule : rules) { // Mark port forwarding rule as Revoked, but don't revoke it yet (apply=false) revokePortForwardingRuleInternal(rule.getId(), _accountMgr.getSystemAccount(), Account.ACCOUNT_ID_SYSTEM, false); ipsToReprogram.add(rule.getSourceIpAddressId()); } // apply rules for all ip addresses for (Long ipId : ipsToReprogram) { s_logger.debug("Applying port forwarding rules for ip address id=" + ipId + " as a part of vm expunge"); if (!applyPortForwardingRules(ipId, _ipAddrMgr.RulesContinueOnError.value(), _accountMgr.getSystemAccount())) { s_logger.warn("Failed to apply port forwarding rules for ip id=" + ipId); success = false; } } return success; }
checkIpAndUserVm(ipAddress, null, caller, false); long networkId = ipAddress.getAssociatedWithNetworkId(); if (!revokeAllPFAndStaticNatRulesForIp(ipId, callerUserId, caller)) { s_logger.warn("Unable to revoke all static nat rules for ip " + ipAddress); success = false;
@Override @ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "applying port forwarding rule", async = true) public boolean applyPortForwardingRules(long ipId, Account caller) throws ResourceUnavailableException { if (!applyPortForwardingRules(ipId, false, caller)) { throw new CloudRuntimeException("Failed to apply port forwarding rule"); } return true; }
@Override @ActionEvent(eventType = EventTypes.EVENT_NET_RULE_ADD, eventDescription = "applying static nat rule", async = true) public boolean applyStaticNatRules(long ipId, Account caller) throws ResourceUnavailableException { if (!applyStaticNatRulesForIp(ipId, false, caller, false)) { throw new CloudRuntimeException("Failed to apply static nat rule"); } return true; }
@Override @ActionEvent(eventType = EventTypes.EVENT_ENABLE_STATIC_NAT, eventDescription = "enabling static nat") public boolean enableStaticNat(long ipId, long vmId, long networkId, String vmGuestIp) throws NetworkRuleConflictException, ResourceUnavailableException { return enableStaticNat(ipId, vmId, networkId, false, vmGuestIp); }
protected boolean applyStaticNatForIp(long sourceIpId, boolean continueOnError, Account caller, boolean forRevoke) { IpAddress sourceIp = _ipAddressDao.findById(sourceIpId); List<StaticNat> staticNats = createStaticNatForIp(sourceIp, caller, forRevoke); if (staticNats != null && !staticNats.isEmpty()) { try { if (!_ipAddrMgr.applyStaticNats(staticNats, continueOnError, forRevoke)) { return false; } } catch (ResourceUnavailableException ex) { s_logger.warn("Failed to create static nat rule due to ", ex); return false; } } return true; }
if (!disableStaticNat(oldIP.getId(), caller, callerUserId, true)) { throw new CloudRuntimeException("Failed to disable old static nat rule for vm "+ vm.getInstanceName() + " with id "+vm.getUuid() +" and public ip " + oldIP);
private boolean revokePortForwardingRuleInternal(long ruleId, Account caller, long userId, boolean apply) { PortForwardingRuleVO rule = _portForwardingDao.findById(ruleId); _firewallMgr.revokeRule(rule, caller, userId, true); boolean success = false; if (apply) { success = applyPortForwardingRules(rule.getSourceIpAddressId(), _ipAddrMgr.RulesContinueOnError.value(), caller); } else { success = true; } return success; }
private boolean revokeStaticNatRuleInternal(long ruleId, Account caller, long userId, boolean apply) { FirewallRuleVO rule = _firewallDao.findById(ruleId); _firewallMgr.revokeRule(rule, caller, userId, true); boolean success = false; if (apply) { success = applyStaticNatRulesForIp(rule.getSourceIpAddressId(), _ipAddrMgr.RulesContinueOnError.value(), caller, true); } else { success = true; } return success; }
success = enableStaticNat(ip.getId(), vm.getId(), guestNetwork.getId(), isSystemVM, null); } catch (NetworkRuleConflictException ex) { s_logger.warn("Failed to enable static nat as a part of enabling elasticIp and staticNat for vm " + vm + " in guest network " + guestNetwork +
@Override public boolean applyStaticNatForNetwork(long networkId, boolean continueOnError, Account caller, boolean forRevoke) { List<? extends IpAddress> staticNatIps = _ipAddressDao.listStaticNatPublicIps(networkId); List<StaticNat> staticNats = new ArrayList<StaticNat>(); for (IpAddress staticNatIp : staticNatIps) { staticNats.addAll(createStaticNatForIp(staticNatIp, caller, forRevoke)); } if (staticNats != null && !staticNats.isEmpty()) { if (forRevoke) { s_logger.debug("Found " + staticNats.size() + " static nats to disable for network id " + networkId); } try { if (!_ipAddrMgr.applyStaticNats(staticNats, continueOnError, forRevoke)) { return false; } } catch (ResourceUnavailableException ex) { s_logger.warn("Failed to create static nat rule due to ", ex); return false; } } else { s_logger.debug("Found 0 static nat rules to apply for network id " + networkId); } return true; }
if (!applyPortForwardingRules(rule.getSourceIpAddressId(), false, caller)) { throw new CloudRuntimeException("Failed to apply the new port forwarding rule:" + id);
@Override public boolean applyStaticNatRulesForNetwork(long networkId, boolean continueOnError, Account caller) { List<FirewallRuleVO> rules = _firewallDao.listByNetworkAndPurpose(networkId, Purpose.StaticNat); List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>(); if (rules.size() == 0) { s_logger.debug("There are no static nat rules to apply for network id=" + networkId); return true; } if (caller != null) { _accountMgr.checkAccess(caller, null, true, rules.toArray(new FirewallRule[rules.size()])); } for (FirewallRuleVO rule : rules) { staticNatRules.add(buildStaticNatRule(rule, false)); } try { if (!_firewallMgr.applyRules(staticNatRules, continueOnError, true)) { return false; } } catch (ResourceUnavailableException ex) { s_logger.warn("Failed to apply static nat rules for network due to ", ex); return false; } return true; }