Java tutorial
// // Licensed to the Apache Software Foundation (ASF) under one // or more contributor license agreements. See the NOTICE file // distributed with this work for additional information // regarding copyright ownership. The ASF licenses this file // to you under the Apache License, Version 2.0 (the // "License"); you may not use this file except in compliance // with the License. You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, // software distributed under the License is distributed on an // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY // KIND, either express or implied. See the License for the // specific language governing permissions and limitations // under the License. // package com.cloud.network.bigswitch; import java.net.URISyntaxException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import org.apache.commons.lang.StringUtils; import org.apache.commons.net.util.SubnetUtils; import org.apache.log4j.Logger; import org.bouncycastle.util.IPAddress; import com.cloud.agent.AgentManager; import com.cloud.agent.api.BcfAnswer; import com.cloud.agent.api.BcfCommand; import com.cloud.agent.api.CacheBcfTopologyCommand; import com.cloud.agent.api.GetControllerDataAnswer; import com.cloud.agent.api.GetControllerDataCommand; import com.cloud.agent.api.SyncBcfTopologyCommand; import com.cloud.dc.VlanVO; import com.cloud.dc.dao.VlanDao; import com.cloud.host.HostVO; import com.cloud.host.dao.HostDao; import com.cloud.hypervisor.Hypervisor.HypervisorType; import com.cloud.network.BigSwitchBcfDeviceVO; import com.cloud.network.Network; import com.cloud.network.NetworkModel; import com.cloud.network.Networks.BroadcastDomainType; import com.cloud.network.Networks.TrafficType; import com.cloud.network.bigswitch.TopologyData.Port; import com.cloud.network.dao.BigSwitchBcfDao; import com.cloud.network.dao.FirewallRulesCidrsDao; import com.cloud.network.dao.FirewallRulesCidrsVO; import com.cloud.network.dao.FirewallRulesDao; import com.cloud.network.dao.IPAddressDao; import com.cloud.network.dao.IPAddressVO; import com.cloud.network.dao.NetworkDao; import com.cloud.network.dao.NetworkVO; import com.cloud.network.rules.FirewallRule.Purpose; import com.cloud.network.rules.FirewallRuleVO; import com.cloud.network.vpc.NetworkACLItem; import com.cloud.network.vpc.NetworkACLItemCidrsDao; import com.cloud.network.vpc.NetworkACLItemCidrsVO; import com.cloud.network.vpc.NetworkACLItemDao; import com.cloud.network.vpc.NetworkACLItemVO; import com.cloud.network.vpc.Vpc; import com.cloud.network.vpc.dao.VpcDao; import com.cloud.utils.db.DB; import com.cloud.utils.db.SearchCriteria; import com.cloud.utils.db.Transaction; import com.cloud.utils.db.TransactionCallback; import com.cloud.utils.db.TransactionStatus; import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.vm.NicVO; import com.cloud.vm.VMInstanceVO; import com.cloud.vm.dao.NicDao; import com.cloud.vm.dao.VMInstanceDao; public class BigSwitchBcfUtils { private static final Logger s_logger = Logger.getLogger(BigSwitchBcfUtils.class); private final NetworkDao _networkDao; private final NicDao _nicDao; private final VMInstanceDao _vmDao; private final HostDao _hostDao; private final VpcDao _vpcDao; private final BigSwitchBcfDao _bigswitchBcfDao; private final AgentManager _agentMgr; private final VlanDao _vlanDao; private final IPAddressDao _ipAddressDao; private final FirewallRulesDao _fwRulesDao; private final FirewallRulesCidrsDao _fwCidrsDao; private final NetworkACLItemDao _aclItemDao; private final NetworkACLItemCidrsDao _aclItemCidrsDao; private final NetworkModel _networkModel; public BigSwitchBcfUtils(NetworkDao networkDao, NicDao nicDao, VMInstanceDao vmDao, HostDao hostDao, VpcDao vpcDao, BigSwitchBcfDao bigswitchBcfDao, AgentManager agentMgr, VlanDao vlanDao, IPAddressDao ipAddressDao, FirewallRulesDao fwRulesDao, FirewallRulesCidrsDao fwCidrsDao, NetworkACLItemDao aclItemDao, NetworkACLItemCidrsDao aclItemCidrsDao, NetworkModel networkModel) { _networkDao = networkDao; _nicDao = nicDao; _vmDao = vmDao; _hostDao = hostDao; _vpcDao = vpcDao; _bigswitchBcfDao = bigswitchBcfDao; _agentMgr = agentMgr; _vlanDao = vlanDao; _ipAddressDao = ipAddressDao; _fwRulesDao = fwRulesDao; _fwCidrsDao = fwCidrsDao; _aclItemDao = aclItemDao; _aclItemCidrsDao = aclItemCidrsDao; _networkModel = networkModel; } public ControlClusterData getControlClusterData(long physicalNetworkId) { ControlClusterData cluster = new ControlClusterData(); // reusable command to query all devices GetControllerDataCommand cmd = new GetControllerDataCommand(); // retrieve all registered BCF devices List<BigSwitchBcfDeviceVO> devices = _bigswitchBcfDao.listByPhysicalNetwork(physicalNetworkId); for (BigSwitchBcfDeviceVO d : devices) { HostVO bigswitchBcfHost = _hostDao.findById(d.getHostId()); if (bigswitchBcfHost == null) { continue; } _hostDao.loadDetails(bigswitchBcfHost); GetControllerDataAnswer answer = (GetControllerDataAnswer) _agentMgr.easySend(bigswitchBcfHost.getId(), cmd); if (answer != null) { if (answer.isMaster()) { cluster.setMaster(bigswitchBcfHost); } else { cluster.setSlave(bigswitchBcfHost); } } } return cluster; } public TopologyData getTopology() { long physicalNetworkId; List<BigSwitchBcfDeviceVO> devices = _bigswitchBcfDao.listAll(); if (!devices.isEmpty()) { physicalNetworkId = devices.get(0).getPhysicalNetworkId(); return getTopology(physicalNetworkId); } else { return null; } } public NetworkVO getPublicNetwork(long physicalNetworkId) { List<NetworkVO> pubNets = _networkDao.listByPhysicalNetworkTrafficType(physicalNetworkId, TrafficType.Public); return pubNets.get(0); } public TopologyData getTopology(long physicalNetworkId) { List<NetworkVO> networks; List<NicVO> nics; networks = _networkDao.listByPhysicalNetworkTrafficType(physicalNetworkId, TrafficType.Guest); TopologyData topo = new TopologyData(); // networks: // - all user created networks (VPC or non-VPC) // - one external network // routers: // - per VPC (handle in network loop) // - per stand-alone network (handle in network loop) // - one external router // handle external network first, only if NAT service is enabled if (networks != null) { if (!(networks.isEmpty()) && isNatEnabled()) { // get public net info - needed to set up source nat gateway NetworkVO pubNet = getPublicNetwork(physicalNetworkId); // locate subnet info SearchCriteria<VlanVO> sc = _vlanDao.createSearchCriteria(); sc.setParameters("network_id", pubNet.getId()); VlanVO vlanVO = _vlanDao.findOneBy(sc); // add tenant external network external TopologyData.Network network = topo.new Network(); network.setId("external"); network.setName("external"); network.setTenantId("external"); network.setTenantName("external"); String pubVlan = null; try { pubVlan = BroadcastDomainType.getValue(vlanVO.getVlanTag()); if (StringUtils.isNumeric(pubVlan)) { network.setVlan(Integer.valueOf(pubVlan)); } else { // untagged pubVlan = "0"; } } catch (URISyntaxException e) { e.printStackTrace(); } topo.addNetwork(network); } } // routerMap used internally for multiple updates to same tenant's router // add back to topo.routers after loop HashMap<String, RouterData> routerMap = new HashMap<String, RouterData>(); for (NetworkVO netVO : networks) { TopologyData.Network network = topo.new Network(); network.setId(netVO.getUuid()); network.setName(netVO.getName()); Integer vlan = null; if (netVO.getBroadcastUri() != null) { String vlanStr = BroadcastDomainType.getValue(netVO.getBroadcastUri()); if (StringUtils.isNumeric(vlanStr)) { vlan = Integer.valueOf(vlanStr); } else { // untagged vlan = 0; } } network.setVlan(vlan); network.setState(netVO.getState().name()); nics = _nicDao.listByNetworkId(netVO.getId()); List<Port> ports = new ArrayList<Port>(); String tenantId = null; String tenantName = null; // if VPC network, assign BCF tenant id with vpc uuid Vpc vpc = null; if (netVO.getVpcId() != null) { vpc = _vpcDao.acquireInLockTable(netVO.getVpcId()); } if (vpc != null) { tenantId = vpc.getUuid(); tenantName = vpc.getName(); } else { tenantId = netVO.getUuid(); tenantName = netVO.getName(); } for (NicVO nic : nics) { NetworkData netData = new NetworkData(); TopologyData.Port p = topo.new Port(); p.setAttachmentInfo(netData.new AttachmentInfo(nic.getUuid(), nic.getMacAddress())); VMInstanceVO vm = _vmDao.findById(nic.getInstanceId()); HostVO host = _hostDao.findById(vm.getHostId()); // if host not found, ignore this nic if (host == null) { continue; } String hostname = host.getName(); long zoneId = netVO.getDataCenterId(); String vmwareVswitchLabel = _networkModel.getDefaultGuestTrafficLabel(zoneId, HypervisorType.VMware); String[] labelArray = null; String vswitchName = null; if (vmwareVswitchLabel != null) { labelArray = vmwareVswitchLabel.split(","); vswitchName = labelArray[0]; } // hypervisor type: // kvm: ivs port name // vmware: specific portgroup naming convention String pgName = ""; if (host.getHypervisorType() == HypervisorType.KVM) { pgName = hostname; } else if (host.getHypervisorType() == HypervisorType.VMware) { pgName = hostname + "-" + vswitchName; } p.setHostId(pgName); p.setSegmentInfo(netData.new SegmentInfo(BroadcastDomainType.Vlan.name(), vlan)); p.setOwner(BigSwitchBcfApi.getCloudstackInstanceId()); List<AttachmentData.Attachment.IpAddress> ipList = new ArrayList<AttachmentData.Attachment.IpAddress>(); ipList.add(new AttachmentData().getAttachment().new IpAddress(nic.getIPv4Address())); p.setIpAddresses(ipList); p.setId(nic.getUuid()); p.setMac(nic.getMacAddress()); netData.getNetwork().setId(network.getId()); netData.getNetwork().setName(network.getName()); netData.getNetwork().setTenantId(tenantId); netData.getNetwork().setTenantName(tenantName); netData.getNetwork().setState(netVO.getState().name()); p.setNetwork(netData.getNetwork()); ports.add(p); } network.setTenantId(tenantId); network.setTenantName(tenantName); network.setPorts(ports); topo.addNetwork(network); // add router for network RouterData routerData; if (tenantId != null) { if (!routerMap.containsKey(tenantId)) { routerData = new RouterData(tenantId); routerMap.put(tenantId, routerData); } else { routerData = routerMap.get(tenantId); } routerData.getRouter().getAcls().addAll(listACLbyNetwork(netVO)); if (vpc != null) { routerData.getRouter().addExternalGateway(getPublicIpByVpc(vpc)); } else { routerData.getRouter().addExternalGateway(getPublicIpByNetwork(netVO)); } RouterInterfaceData intf = new RouterInterfaceData(tenantId, netVO.getGateway(), netVO.getCidr(), netVO.getUuid(), netVO.getName()); routerData.getRouter().addInterface(intf); } } for (RouterData rd : routerMap.values()) { topo.addRouter(rd.getRouter()); } return topo; } public String getPublicIpByNetwork(Network network) { List<IPAddressVO> allocatedIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), true); for (IPAddressVO ip : allocatedIps) { if (ip.isSourceNat()) { return ip.getAddress().addr(); } } return null; } public String getPublicIpByVpc(Vpc vpc) { List<IPAddressVO> allocatedIps = _ipAddressDao.listByAssociatedVpc(vpc.getId(), true); for (IPAddressVO ip : allocatedIps) { if (ip.isSourceNat()) { return ip.getAddress().addr(); } } return null; } public List<AclData> listACLbyNetwork(Network network) { List<AclData> aclList = new ArrayList<AclData>(); List<FirewallRuleVO> fwRules; fwRules = _fwRulesDao.listByNetworkAndPurposeAndNotRevoked(network.getId(), Purpose.Firewall); List<FirewallRulesCidrsVO> fwCidrList = null; SubnetUtils utils; for (FirewallRuleVO rule : fwRules) { AclData acl = new AclData(); acl.setId(rule.getUuid()); acl.setPriority((int) rule.getId()); // CloudStack Firewall interface does not have priority acl.setIpProto(rule.getProtocol()); String cidr = null; Integer port = rule.getSourcePortStart(); fwCidrList = _fwCidrsDao.listByFirewallRuleId(rule.getId()); if (fwCidrList != null) { if (fwCidrList.size() > 1 || !rule.getSourcePortEnd().equals(port)) { continue; } else { cidr = fwCidrList.get(0).getCidr(); } } if (cidr == null || cidr.equalsIgnoreCase("0.0.0.0/0")) { cidr = ""; } else { utils = new SubnetUtils(cidr); if (!utils.getInfo().getNetworkAddress().equals(utils.getInfo().getAddress())) { continue; } } acl.setSource(acl.new AclNetwork(cidr, port)); acl.setAction("permit"); aclList.add(acl); } List<NetworkACLItemVO> aclItems; List<NetworkACLItemCidrsVO> aclCidrList; if (network.getNetworkACLId() != null) { aclItems = _aclItemDao.listByACL(network.getNetworkACLId()); for (NetworkACLItem item : aclItems) { AclData acl = new AclData(); acl.setId(item.getUuid()); acl.setPriority(item.getNumber()); acl.setIpProto(item.getProtocol()); String cidr = null; // currently BCF supports single cidr policy Integer port = item.getSourcePortStart(); // currently BCF supports single port policy aclCidrList = _aclItemCidrsDao.listByNetworkACLItemId(item.getId()); if (aclCidrList != null) { if (aclCidrList.size() > 1 || !item.getSourcePortEnd().equals(port)) { continue; } else { cidr = aclCidrList.get(0).getCidr(); } } if (cidr == null || cidr.equalsIgnoreCase("0.0.0.0/0")) { cidr = ""; } else { utils = new SubnetUtils(cidr); if (!utils.getInfo().getNetworkAddress().equals(utils.getInfo().getAddress())) { continue; } } acl.setSource(acl.new AclNetwork(cidr, port)); acl.setAction(item.getAction().name()); aclList.add(acl); } } return aclList; } public String syncTopologyToBcfHost(HostVO bigswitchBcfHost) { SyncBcfTopologyCommand syncCmd; if (isNatEnabled()) { syncCmd = new SyncBcfTopologyCommand(true, true); } else { syncCmd = new SyncBcfTopologyCommand(true, false); } BcfAnswer syncAnswer = (BcfAnswer) _agentMgr.easySend(bigswitchBcfHost.getId(), syncCmd); if (syncAnswer == null || !syncAnswer.getResult()) { s_logger.error("SyncBcfTopologyCommand failed"); return null; } return syncAnswer.getHash(); } public String syncTopologyToBcfHost(HostVO bigswitchBcfHost, boolean natEnabled) { SyncBcfTopologyCommand syncCmd; if (natEnabled) { syncCmd = new SyncBcfTopologyCommand(true, true); } else { syncCmd = new SyncBcfTopologyCommand(true, false); } BcfAnswer syncAnswer = (BcfAnswer) _agentMgr.easySend(bigswitchBcfHost.getId(), syncCmd); if (syncAnswer == null || !syncAnswer.getResult()) { s_logger.error("SyncBcfTopologyCommand failed"); return null; } return syncAnswer.getHash(); } public BcfAnswer sendBcfCommandWithNetworkSyncCheck(BcfCommand cmd, Network network) throws IllegalArgumentException { // get registered Big Switch controller ControlClusterData cluster = getControlClusterData(network.getPhysicalNetworkId()); if (cluster.getMaster() == null) { return new BcfAnswer(cmd, new CloudRuntimeException("Big Switch Network controller temporarily unavailable")); } TopologyData topo = getTopology(network.getPhysicalNetworkId()); cmd.setTopology(topo); BcfAnswer answer = (BcfAnswer) _agentMgr.easySend(cluster.getMaster().getId(), cmd); if (answer == null || !answer.getResult()) { s_logger.error("BCF API Command failed"); throw new IllegalArgumentException("Failed API call to Big Switch Network plugin"); } String newHash = answer.getHash(); if (cmd.isTopologySyncRequested()) { newHash = syncTopologyToBcfHost(cluster.getMaster()); } if (newHash != null) { commitTopologyHash(network.getPhysicalNetworkId(), newHash); } HostVO slave = cluster.getSlave(); if (slave != null) { TopologyData newTopo = getTopology(network.getPhysicalNetworkId()); CacheBcfTopologyCommand cacheCmd = new CacheBcfTopologyCommand(newTopo); _agentMgr.easySend(cluster.getSlave().getId(), cacheCmd); } return answer; } @DB public Boolean commitTopologyHash(long physicalNetworkId, final String hash) { final List<BigSwitchBcfDeviceVO> devices = _bigswitchBcfDao.listByPhysicalNetwork(physicalNetworkId); return Transaction.execute(new TransactionCallback<Boolean>() { @Override public Boolean doInTransaction(TransactionStatus status) { for (BigSwitchBcfDeviceVO d : devices) { d.setHash(hash); _bigswitchBcfDao.update(d.getId(), d); } return true; } }); } public Boolean isNatEnabled() { List<BigSwitchBcfDeviceVO> devices = _bigswitchBcfDao.listAll(); if (devices != null && !devices.isEmpty()) { return devices.get(0).getNat(); } else { return false; } } public Integer getSubnetMaskLength(String maskString) { if (!IPAddress.isValidIPv4(maskString)) { return null; } String[] octets = maskString.split("\\."); Integer bits = 0; for (String o : octets) { switch (o) { case "255": bits += 8; continue; case "254": bits += 7; return bits; case "252": bits += 6; return bits; case "248": bits += 5; return bits; case "240": bits += 4; return bits; case "224": bits += 3; return bits; case "192": bits += 2; return bits; case "128": bits += 1; return bits; case "0": return bits; default: throw new NumberFormatException("non-contiguous subnet mask not supported"); } } return bits; } }