@Override public void doInTransactionWithoutResult(final TransactionStatus status) { final List<PrivateIpVO> privateIps = _privateIpDao.listByNetworkId(networkId); if (privateIps.size() > 1 || !privateIps.get(0).getIpAddress().equalsIgnoreCase(gateway.getIp4Address())) { s_logger.debug("Not removing network id=" + gateway.getNetworkId() + " as it has private ip addresses for other gateways"); deleteNetwork = false; } final PrivateIpVO ip = _privateIpDao.findByIpAndVpcId(gateway.getVpcId(), gateway.getIp4Address()); if (ip != null) { _privateIpDao.remove(ip.getId()); s_logger.debug("Deleted private ip " + ip); } _vpcGatewayDao.remove(gateway.getId()); s_logger.debug("Deleted private gateway " + gateway); } });
@Override public PrivateGatewayResponse createPrivateGatewayResponse(PrivateGateway result) { PrivateGatewayResponse response = new PrivateGatewayResponse(); response.setId(result.getUuid()); response.setBroadcastUri(result.getBroadcastUri()); response.setGateway(result.getGateway()); response.setNetmask(result.getNetmask()); if (result.getVpcId() != null) { Vpc vpc = ApiDBUtils.findVpcById(result.getVpcId()); response.setVpcId(vpc.getUuid()); DataCenter zone = ApiDBUtils.findZoneById(result.getZoneId()); if (zone != null) { response.setZoneId(zone.getUuid()); response.setZoneName(zone.getName()); response.setAddress(result.getIp4Address()); PhysicalNetwork pnet = ApiDBUtils.findPhysicalNetworkById(result.getPhysicalNetworkId()); if (pnet != null) { response.setPhysicalNetworkId(pnet.getUuid()); populateAccount(response, result.getAccountId()); populateDomain(response, result.getDomainId()); response.setState(result.getState().toString()); response.setSourceNat(result.getSourceNat()); NetworkACL acl = ApiDBUtils.findByNetworkACLId(result.getNetworkACLId()); if (acl != null) { response.setAclId(acl.getUuid());
@Override public boolean revokeACLItemsForPrivateGw(final PrivateGateway gateway) throws ResourceUnavailableException { final long networkACLId = gateway.getNetworkACLId(); final List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(networkACLId); if (aclItems.isEmpty()) { s_logger.debug("Found no network ACL Items for private gateway 'id=" + gateway.getId() + "'"); return true; } if (s_logger.isDebugEnabled()) { s_logger.debug("Releasing " + aclItems.size() + " Network ACL Items for private gateway id=" + gateway.getId()); } for (final NetworkACLItemVO aclItem : aclItems) { // Mark all Network ACLs rules as Revoke, but don't update in DB if (aclItem.getState() == State.Add || aclItem.getState() == State.Active) { aclItem.setState(State.Revoke); } } final boolean success = applyACLToPrivateGw(gateway, aclItems); if (s_logger.isDebugEnabled() && success) { s_logger.debug("Successfully released Network ACLs for private gateway id=" + gateway.getId() + " and # of rules now = " + aclItems.size()); } return success; }
@Override public boolean createPrivateGateway(final PrivateGateway gateway) throws ConcurrentOperationException, ResourceUnavailableException { if (gateway.getType() != VpcGateway.Type.Private) { s_logger.warn("Type of vpc gateway is not " + VpcGateway.Type.Private); return true; } final List<DomainRouterVO> routers = _vpcRouterMgr.getVpcRouters(gateway.getVpcId()); if (routers == null || routers.isEmpty()) { s_logger.debug(getName() + " element doesn't need to create Private gateway on the backend; VPC virtual " + "router doesn't exist in the vpc id=" + gateway.getVpcId()); return true; } s_logger.info("Adding VPC routers to Guest Network: " + routers.size() + " to be added!"); final DataCenterVO dcVO = _dcDao.findById(gateway.getZoneId()); final NetworkTopology networkTopology = networkTopologyContext.retrieveNetworkTopology(dcVO); boolean result = true; final Network network = _networkDao.findById(gateway.getNetworkId()); final boolean isPrivateGateway = true; for (final DomainRouterVO domainRouterVO : routers) { if (networkTopology.setupPrivateGateway(gateway, domainRouterVO)) { try { final List<NetworkACLItemVO> rules = _networkACLItemDao.listByACL(gateway.getNetworkACLId()); result = result && networkTopology.applyNetworkACLs(network, rules, domainRouterVO, isPrivateGateway); } catch (final Exception ex) { s_logger.debug("Failed to apply network acl id " + gateway.getNetworkACLId() + " on gateway "); return false; } } } return result; }
@Override public void create() throws ResourceAllocationException { PrivateGateway result = null; try { result = _vpcService.createVpcPrivateGateway(getVpcId(), getPhysicalNetworkId(), getBroadcastUri(), getStartIp(), getGateway(), getNetmask(), getEntityOwnerId(), getNetworkOfferingId(), getIsSourceNat(), getAclId()); } catch (InsufficientCapacityException ex) { s_logger.info(ex); s_logger.trace(ex); throw new ServerApiException(ApiErrorCode.INSUFFICIENT_CAPACITY_ERROR, ex.getMessage()); } catch (ConcurrentOperationException ex) { s_logger.warn("Exception: ", ex); throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, ex.getMessage()); } if (result != null) { setEntityId(result.getId()); setEntityUuid(result.getUuid()); } else { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create private gateway"); } }
@Override public boolean applyACLToPrivateGw(final PrivateGateway gateway) throws ResourceUnavailableException { final VpcGatewayVO vpcGatewayVO = _vpcGatewayDao.findById(gateway.getId()); final List<? extends NetworkACLItem> rules = _networkACLItemDao.listByACL(vpcGatewayVO.getNetworkACLId()); return applyACLToPrivateGw(gateway, rules); }
@Override public Boolean call() throws Exception { final long networkId = gateway.getNetworkId(); Transaction.execute(new TransactionCallbackNoReturn() { @Override public void doInTransactionWithoutResult(final TransactionStatus status) { final List<PrivateIpVO> privateIps = _privateIpDao.listByNetworkId(networkId); if (privateIps.size() > 1 || !privateIps.get(0).getIpAddress().equalsIgnoreCase(gateway.getIp4Address())) { s_logger.debug("Not removing network id=" + gateway.getNetworkId() + " as it has private ip addresses for other gateways"); deleteNetwork = false; } final PrivateIpVO ip = _privateIpDao.findByIpAndVpcId(gateway.getVpcId(), gateway.getIp4Address()); if (ip != null) { _privateIpDao.remove(ip.getId()); s_logger.debug("Deleted private ip " + ip); } _vpcGatewayDao.remove(gateway.getId()); s_logger.debug("Deleted private gateway " + gateway); } }); return deleteNetwork; }
@Override public boolean applyACLItemsToPrivateGw(final PrivateGateway gateway, final List<? extends NetworkACLItem> rules) throws ResourceUnavailableException { final Network network = _networkDao.findById(gateway.getNetworkId()); final boolean isPrivateGateway = true; final List<DomainRouterVO> routers = _vpcRouterMgr.getVpcRouters(gateway.getVpcId()); if (routers == null || routers.isEmpty()) { s_logger.debug("Virtual router element doesn't need to apply network acl rules on the backend; virtual " + "router doesn't exist in the network " + network.getId()); return true; } final DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId()); final NetworkTopology networkTopology = networkTopologyContext.retrieveNetworkTopology(dcVO); final Network privateNetwork = _networkModel.getNetwork(gateway.getNetworkId()); boolean result = true; for (final DomainRouterVO domainRouterVO : routers) { final NicProfile nicProfile = _networkModel.getNicProfile(domainRouterVO, privateNetwork.getId(), null); if (nicProfile != null) { result = result && networkTopology.applyNetworkACLs(network, rules, domainRouterVO, isPrivateGateway); } else { s_logger.warn("Nic Profile for router '" + domainRouterVO + "' has already been removed. Router is redundant = " + domainRouterVO.getIsRedundantRouter()); } } return result; }
@Override public boolean replaceNetworkACLForPrivateGw(final NetworkACL acl, final PrivateGateway gateway) throws ResourceUnavailableException { final VpcGatewayVO vpcGatewayVo = _vpcGatewayDao.findById(gateway.getId()); final List<NetworkACLItemVO> aclItems = _networkACLItemDao.listByACL(acl.getId()); if (aclItems == null || aclItems.isEmpty()) { //Revoke ACL Items of the existing ACL if the new network acl is empty //Other wise existing rules will not be removed on the router elelment s_logger.debug("New network ACL is empty. Revoke existing rules before applying ACL"); if (!revokeACLItemsForPrivateGw(gateway)) { throw new CloudRuntimeException("Failed to replace network ACL. Error while removing existing ACL " + "items for privatewa gateway: " + gateway.getId()); } } vpcGatewayVo.setNetworkACLId(acl.getId()); if (_vpcGatewayDao.update(vpcGatewayVo.getId(), vpcGatewayVo)) { return applyACLToPrivateGw(gateway); } return false; }
@Override public boolean destroyPrivateGateway(final PrivateGateway gateway, final VirtualRouter router) throws ConcurrentOperationException, ResourceUnavailableException { boolean result = true; if (!_networkModel.isVmPartOfNetwork(router.getId(), gateway.getNetworkId())) { s_logger.debug("Router doesn't have nic for gateway " + gateway + " so no need to removed it"); return result; } final Network privateNetwork = _networkModel.getNetwork(gateway.getNetworkId()); final NicProfile nicProfile = _networkModel.getNicProfile(router, privateNetwork.getId(), null); s_logger.debug("Releasing private ip for gateway " + gateway + " from " + router); result = setupVpcPrivateNetwork(router, false, nicProfile); if (!result) { s_logger.warn("Failed to release private ip for gateway " + gateway + " on router " + router); return false; } // revoke network acl on the private gateway. if (!_networkACLMgr.revokeACLItemsForPrivateGw(gateway)) { s_logger.debug("Failed to delete network acl items on " + gateway + " from router " + router); return false; } s_logger.debug("Removing router " + router + " from private network " + privateNetwork + " as a part of delete private gateway"); result = result && _itMgr.removeVmFromNetwork(router, privateNetwork, null); s_logger.debug("Private gateawy " + gateway + " is removed from router " + router); return result; }
if (gateway != null) { s_logger.debug("Deleting private gateway " + gateway + " as a part of vpc " + vpcId + " resources cleanup"); if (!deleteVpcPrivateGateway(gateway.getId())) { success = false; s_logger.debug("Failed to delete private gateway " + gateway + " as a part of vpc " + vpcId + " resources cleanup");
@DB protected boolean deletePrivateGatewayFromTheDB(final PrivateGateway gateway) { // check if there are ips allocted in the network final long networkId = gateway.getNetworkId(); vpcTxCallable.setGateway(gateway); final ExecutorService txExecutor = Executors.newSingleThreadExecutor(); final Future<Boolean> futureResult = txExecutor.submit(vpcTxCallable); boolean deleteNetworkFinal; try { deleteNetworkFinal = futureResult.get(); if (deleteNetworkFinal) { final User callerUser = _accountMgr.getActiveUser(CallContext.current().getCallingUserId()); final Account owner = _accountMgr.getAccount(Account.ACCOUNT_ID_SYSTEM); final ReservationContext context = new ReservationContextImpl(null, null, callerUser, owner); _ntwkMgr.destroyNetwork(networkId, context, false); s_logger.debug("Deleted private network id=" + networkId); } } catch (final InterruptedException e) { s_logger.error("deletePrivateGatewayFromTheDB failed to delete network id " + networkId + "due to => ", e); } catch (final ExecutionException e) { s_logger.error("deletePrivateGatewayFromTheDB failed to delete network id " + networkId + "due to => ", e); } return true; }
s_logger.debug("failed to apply network acl item on private gateway " + privateGateway.getId() + "acl id " + aclId); break;
protected boolean destroyPrivateGateway(final NetworkTopologyVisitor visitor) throws ConcurrentOperationException, ResourceUnavailableException { if (!networkModel.isVmPartOfNetwork(_router.getId(), _privateGateway.getNetworkId())) { s_logger.debug("Router doesn't have nic for gateway " + _privateGateway + " so no need to removed it"); return true; final Network privateNetwork = networkModel.getNetwork(_privateGateway.getNetworkId());
try { final NetworkModel networkModel = visitor.getVirtualNetworkApplianceFactory().getNetworkModel(); _network = networkModel.getNetwork(_privateGateway.getNetworkId());
for (final PrivateGateway privateGateway : privateGateways) { final NicProfile privateNic = nicProfileHelper.createPrivateNicProfileForGateway(privateGateway, router); final Network privateNetwork = _networkModel.getNetwork(privateGateway.getNetworkId()); networks.put(privateNetwork, new ArrayList<NicProfile>(Arrays.asList(privateNic)));