Java tutorial
// // Licensed to the Apache Software Foundation (ASF) under one // or more contributor license agreements. See the NOTICE file // distributed with this work for additional information // regarding copyright ownership. The ASF licenses this file // to you under the Apache License, Version 2.0 (the // "License"); you may not use this file except in compliance // with the License. You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, // software distributed under the License is distributed on an // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY // KIND, either express or implied. See the License for the // specific language governing permissions and limitations // under the License. // package com.cloud.network.element; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Set; import java.util.UUID; import javax.inject.Inject; import javax.naming.ConfigurationException; import org.apache.log4j.Logger; import org.springframework.stereotype.Component; import org.apache.cloudstack.network.ExternalNetworkDeviceManager.NetworkDevice; import org.apache.commons.net.util.SubnetUtils; import com.cloud.agent.AgentManager; import com.cloud.agent.api.BcfAnswer; import com.cloud.agent.api.UpdateBcfRouterCommand; import com.cloud.agent.api.CreateBcfAttachmentCommand; import com.cloud.agent.api.CreateBcfStaticNatCommand; import com.cloud.agent.api.DeleteBcfAttachmentCommand; import com.cloud.agent.api.DeleteBcfStaticNatCommand; import com.cloud.agent.api.StartupBigSwitchBcfCommand; import com.cloud.agent.api.StartupCommand; import com.cloud.api.ApiDBUtils; import com.cloud.api.commands.AddBigSwitchBcfDeviceCmd; import com.cloud.api.commands.DeleteBigSwitchBcfDeviceCmd; import com.cloud.api.commands.ListBigSwitchBcfDevicesCmd; import com.cloud.api.commands.BcfConstants; import com.cloud.api.response.BigSwitchBcfDeviceResponse; import com.cloud.configuration.ConfigurationManager; import com.cloud.dc.DataCenterVO; import com.cloud.dc.dao.DataCenterDao; import com.cloud.dc.dao.VlanDao; import com.cloud.deploy.DeployDestination; import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.InsufficientCapacityException; import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.host.DetailVO; import com.cloud.host.Host; import com.cloud.host.HostVO; import com.cloud.host.dao.HostDao; import com.cloud.host.dao.HostDetailsDao; import com.cloud.hypervisor.Hypervisor.HypervisorType; import com.cloud.network.BigSwitchBcfDeviceVO; import com.cloud.network.IpAddressManager; import com.cloud.network.Network; import com.cloud.network.Network.Capability; import com.cloud.network.Network.Provider; import com.cloud.network.Network.Service; import com.cloud.network.NetworkModel; import com.cloud.network.Networks.BroadcastDomainType; import com.cloud.network.PhysicalNetwork; import com.cloud.network.PhysicalNetworkServiceProvider; import com.cloud.network.PublicIpAddress; import com.cloud.network.bigswitch.AclData; import com.cloud.network.bigswitch.BigSwitchBcfApi; import com.cloud.network.bigswitch.BigSwitchBcfUtils; import com.cloud.network.bigswitch.TopologyData; import com.cloud.network.dao.BigSwitchBcfDao; import com.cloud.network.dao.FirewallRulesCidrsDao; import com.cloud.network.dao.FirewallRulesDao; import com.cloud.network.dao.IPAddressDao; import com.cloud.network.dao.NetworkDao; import com.cloud.network.dao.NetworkServiceMapDao; import com.cloud.network.dao.PhysicalNetworkDao; import com.cloud.network.dao.PhysicalNetworkServiceProviderDao; import com.cloud.network.dao.PhysicalNetworkServiceProviderVO; import com.cloud.network.dao.PhysicalNetworkVO; import com.cloud.network.resource.BigSwitchBcfResource; import com.cloud.network.rules.FirewallRule; import com.cloud.network.rules.StaticNat; import com.cloud.network.vpc.NetworkACLItem; import com.cloud.network.vpc.NetworkACLItemCidrsDao; import com.cloud.network.vpc.NetworkACLItemDao; import com.cloud.network.vpc.Vpc; import com.cloud.network.vpc.dao.VpcDao; import com.cloud.offering.NetworkOffering; import com.cloud.resource.ResourceManager; import com.cloud.resource.ResourceState; import com.cloud.resource.ResourceStateAdapter; import com.cloud.resource.ServerResource; import com.cloud.resource.UnableDeleteHostException; import com.cloud.user.dao.AccountDao; import com.cloud.utils.component.AdapterBase; import com.cloud.utils.db.DB; import com.cloud.utils.db.Transaction; import com.cloud.utils.db.TransactionCallback; import com.cloud.utils.db.TransactionStatus; import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.vm.NicProfile; import com.cloud.vm.ReservationContext; import com.cloud.vm.VirtualMachineProfile; import com.cloud.vm.dao.DomainRouterDao; import com.cloud.vm.dao.NicDao; import com.cloud.vm.dao.VMInstanceDao; /** * BigSwitchBcfElement is responsible for creating and plugging a nic into a BCF Segment network. * When a VM is created and needs to be plugged into a BCF Segment network, BigSwitchBcfElement is * called by NetworkOrchestrator to create a "port" and an "attachment" for each nic, and * register them with the controller to be plugged into the corresponding network. It also * removes them when the VM is destroyed. */ @Component public class BigSwitchBcfElement extends AdapterBase implements BigSwitchBcfElementService, ConnectivityProvider, IpDeployer, SourceNatServiceProvider, StaticNatServiceProvider, NetworkACLServiceProvider, FirewallServiceProvider, ResourceStateAdapter { private static final Logger s_logger = Logger.getLogger(BigSwitchBcfElement.class); private static final Map<Service, Map<Capability, String>> capabilities = setCapabilities(); @Inject ResourceManager _resourceMgr; @Inject PhysicalNetworkDao _physicalNetworkDao; @Inject PhysicalNetworkServiceProviderDao _physicalNetworkServiceProviderDao; @Inject BigSwitchBcfDao _bigswitchBcfDao; @Inject HostDetailsDao _hostDetailsDao; @Inject HostDao _hostDao; @Inject AgentManager _agentMgr; @Inject NetworkDao _networkDao; @Inject DomainRouterDao _routerDao; @Inject NicDao _nicDao; @Inject VMInstanceDao _vmDao; @Inject AccountDao _accountDao; @Inject VpcDao _vpcDao; @Inject NetworkModel _networkModel; @Inject ConfigurationManager _configMgr; @Inject NetworkServiceMapDao _ntwkSrvcDao; @Inject DataCenterDao _zoneDao; @Inject IPAddressDao _ipAddressDao; @Inject IpAddressManager _ipAddrMgr; @Inject VlanDao _vlanDao; @Inject FirewallRulesDao _fwRulesDao; @Inject FirewallRulesCidrsDao _fwCidrsDao; @Inject NetworkACLItemDao _aclItemDao; @Inject NetworkACLItemCidrsDao _aclItemCidrsDao; private BigSwitchBcfUtils _bcfUtils = null; @Override public Map<Service, Map<Capability, String>> getCapabilities() { return capabilities; } @Override public Provider getProvider() { return Provider.BigSwitchBcf; } private boolean canHandle(Network network, Service service) { s_logger.debug("Checking if BigSwitchBcfElement can handle service " + service.getName() + " on network " + network.getDisplayText()); if (network.getBroadcastDomainType() != BroadcastDomainType.Vlan) { return false; } if (!_networkModel.isProviderForNetwork(getProvider(), network.getId())) { s_logger.debug("BigSwitchBcfElement is not a provider for network " + network.getDisplayText()); return false; } if (!_ntwkSrvcDao.canProviderSupportServiceInNetwork(network.getId(), service, BcfConstants.BIG_SWITCH_BCF)) { s_logger.debug("BigSwitchBcfElement can't provide the " + service.getName() + " service on network " + network.getDisplayText()); return false; } return true; } @Override public boolean configure(String name, Map<String, Object> params) throws ConfigurationException { super.configure(name, params); _resourceMgr.registerResourceStateAdapter(this.getClass().getSimpleName(), this); return true; } @Override public boolean implement(Network network, NetworkOffering offering, DeployDestination dest, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException { updateBcfRouter(network); return true; } @Override public boolean prepare(Network network, NicProfile nic, VirtualMachineProfile vm, DeployDestination dest, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException { if (!canHandle(network, Service.Connectivity)) { return false; } bcfUtilsInit(); // get arguments for CreateBcfAttachmentCommand // determine whether this is VPC network or stand-alone network Vpc vpc = null; if (network.getVpcId() != null) { vpc = _vpcDao.acquireInLockTable(network.getVpcId()); } String tenantId; String tenantName; if (vpc != null) { tenantId = vpc.getUuid(); tenantName = vpc.getName(); _vpcDao.releaseFromLockTable(vpc.getId()); } else { // use account in CS as tenant in BSN // use network id/name as tenant id/name for non-VPC networks tenantId = network.getUuid(); tenantName = network.getName(); } String networkId = network.getUuid(); String hostname = dest.getHost().getName(); String nicId = nic.getUuid(); Integer vlan = Integer.valueOf(BroadcastDomainType.getValue(nic.getIsolationUri())); String ipv4 = nic.getIPv4Address(); String mac = nic.getMacAddress(); long zoneId = network.getDataCenterId(); String vmwareVswitchLabel = _networkModel.getDefaultGuestTrafficLabel(zoneId, HypervisorType.VMware); String[] labelArray = null; String vswitchName = null; if (vmwareVswitchLabel != null) { labelArray = vmwareVswitchLabel.split(","); vswitchName = labelArray[0]; } // hypervisor type: // kvm: ivs port name // vmware: specific portgroup naming convention String pgName = ""; if (dest.getHost().getHypervisorType() == HypervisorType.KVM) { pgName = hostname; } else if (dest.getHost().getHypervisorType() == HypervisorType.VMware) { pgName = hostname + "-" + vswitchName; } CreateBcfAttachmentCommand cmd = new CreateBcfAttachmentCommand(tenantId, tenantName, networkId, pgName, nicId, vlan, ipv4, mac); _bcfUtils.sendBcfCommandWithNetworkSyncCheck(cmd, network); return true; } @Override public boolean release(Network network, NicProfile nic, VirtualMachineProfile vm, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { if (!canHandle(network, Service.Connectivity)) { return false; } if (network.getBroadcastUri() == null) { s_logger.error("Nic has no broadcast Uri"); return false; } bcfUtilsInit(); String networkId = network.getUuid(); String nicId = nic.getUuid(); String tenantId; if (network.getVpcId() != null) { tenantId = network.getNetworkDomain(); } else { tenantId = networkId; } DeleteBcfAttachmentCommand cmd = new DeleteBcfAttachmentCommand(tenantId, networkId, nicId); _bcfUtils.sendBcfCommandWithNetworkSyncCheck(cmd, network); return true; } @Override public boolean shutdown(Network network, ReservationContext context, boolean cleanup) throws ConcurrentOperationException, ResourceUnavailableException { if (!canHandle(network, Service.Connectivity)) { return false; } return true; } @Override public boolean destroy(Network network, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { if (!canHandle(network, Service.Connectivity)) { return false; } return true; } @Override public boolean isReady(PhysicalNetworkServiceProvider provider) { return true; } @Override public boolean shutdownProviderInstances(PhysicalNetworkServiceProvider provider, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException { return true; } @Override public boolean canEnableIndividualServices() { return true; } @Override public boolean verifyServicesCombination(Set<Service> services) { if (!services.contains(Service.Connectivity)) { s_logger.warn("Unable to provide services without Connectivity service enabled for this element"); return false; } return true; } private static Map<Service, Map<Capability, String>> setCapabilities() { Map<Service, Map<Capability, String>> capabilities = new HashMap<Service, Map<Capability, String>>(); // L2 Support capabilities.put(Service.Connectivity, null); // L3 Support capabilities.put(Service.Gateway, null); // L3 Support : SourceNat Map<Capability, String> sourceNatCapabilities = new HashMap<Capability, String>(); sourceNatCapabilities.put(Capability.SupportedSourceNatTypes, "peraccount"); sourceNatCapabilities.put(Capability.RedundantRouter, "false"); capabilities.put(Service.SourceNat, sourceNatCapabilities); // L3 support : StaticNat capabilities.put(Service.StaticNat, null); //add network ACL capability Map<Network.Capability, String> networkACLCapabilities = new HashMap<Network.Capability, String>(); networkACLCapabilities.put(Network.Capability.SupportedProtocols, "tcp,udp,icmp"); capabilities.put(Network.Service.NetworkACL, networkACLCapabilities); // Set capabilities for Firewall service Map<Capability, String> firewallCapabilities = new HashMap<Capability, String>(); firewallCapabilities.put(Capability.TrafficStatistics, "per public ip"); firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp"); firewallCapabilities.put(Capability.SupportedEgressProtocols, "tcp,udp,icmp, all"); firewallCapabilities.put(Capability.SupportedTrafficDirection, "ingress, egress"); firewallCapabilities.put(Capability.MultipleIps, "true"); capabilities.put(Service.Firewall, firewallCapabilities); return capabilities; } @Override @DB public BigSwitchBcfDeviceVO addBigSwitchBcfDevice(AddBigSwitchBcfDeviceCmd cmd) { BigSwitchBcfDeviceVO newBcfDevice; bcfUtilsInit(); ServerResource resource = new BigSwitchBcfResource(); final String deviceName = BcfConstants.BIG_SWITCH_BCF.getName(); NetworkDevice networkDevice = NetworkDevice.getNetworkDevice(deviceName); final Long physicalNetworkId = cmd.getPhysicalNetworkId(); final String hostname = cmd.getHost(); final String username = cmd.getUsername(); final String password = cmd.getPassword(); final Boolean nat = cmd.getNat(); PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId); if (physicalNetwork == null) { throw new InvalidParameterValueException( "Could not find phyical network with ID: " + physicalNetworkId); } long zoneId = physicalNetwork.getDataCenterId(); final PhysicalNetworkServiceProviderVO ntwkSvcProvider = _physicalNetworkServiceProviderDao .findByServiceProvider(physicalNetwork.getId(), networkDevice.getNetworkServiceProvder()); if (ntwkSvcProvider == null) { throw new CloudRuntimeException("Network Service Provider: " + networkDevice.getNetworkServiceProvder() + " is not enabled in the physical network: " + physicalNetworkId + "to add this device"); } else if (ntwkSvcProvider.getState() == PhysicalNetworkServiceProvider.State.Shutdown) { throw new CloudRuntimeException("Network Service Provider: " + ntwkSvcProvider.getProviderName() + " is in shutdown state in the physical network: " + physicalNetworkId + "to add this device"); } ntwkSvcProvider.setFirewallServiceProvided(true); ntwkSvcProvider.setGatewayServiceProvided(true); ntwkSvcProvider.setNetworkAclServiceProvided(true); ntwkSvcProvider.setSourcenatServiceProvided(true); ntwkSvcProvider.setStaticnatServiceProvided(true); if (_bigswitchBcfDao.listByPhysicalNetwork(physicalNetworkId).size() > 1) { throw new CloudRuntimeException("At most two BCF controllers can be configured"); } DataCenterVO zone = _zoneDao.findById(physicalNetwork.getDataCenterId()); String zoneName; if (zone != null) { zoneName = zone.getName(); } else { zoneName = String.valueOf(zoneId); } Boolean natNow = _bcfUtils.isNatEnabled(); if (!nat && natNow) { throw new CloudRuntimeException( "NAT is enabled in existing controller. Enable NAT for new controller or remove existing controller first."); } else if (nat && !natNow) { throw new CloudRuntimeException( "NAT is disabled in existing controller. Disable NAT for new controller or remove existing controller first."); } Map<String, String> params = new HashMap<String, String>(); params.put("guid", UUID.randomUUID().toString()); params.put("zoneId", zoneName); params.put("physicalNetworkId", String.valueOf(physicalNetwork.getId())); params.put("name", "BigSwitch Controller - " + cmd.getHost()); params.put("hostname", cmd.getHost()); params.put("username", username); params.put("password", password); params.put("nat", nat.toString()); // FIXME What to do with multiple isolation types params.put("transportzoneisotype", physicalNetwork.getIsolationMethods().get(0).toLowerCase()); Map<String, Object> hostdetails = new HashMap<String, Object>(); hostdetails.putAll(params); try { resource.configure(cmd.getHost(), hostdetails); // store current topology in bcf resource TopologyData topo = _bcfUtils.getTopology(physicalNetwork.getId()); ((BigSwitchBcfResource) resource).setTopology(topo); final Host host = _resourceMgr.addHost(zoneId, resource, Host.Type.L2Networking, params); if (host != null) { newBcfDevice = Transaction.execute(new TransactionCallback<BigSwitchBcfDeviceVO>() { @Override public BigSwitchBcfDeviceVO doInTransaction(TransactionStatus status) { BigSwitchBcfDeviceVO bigswitchBcfDevice = new BigSwitchBcfDeviceVO(host.getId(), physicalNetworkId, ntwkSvcProvider.getProviderName(), deviceName, hostname, username, password, nat, BigSwitchBcfApi.HASH_IGNORE); _bigswitchBcfDao.persist(bigswitchBcfDevice); DetailVO detail = new DetailVO(host.getId(), "bigswitchbcfdeviceid", String.valueOf(bigswitchBcfDevice.getId())); _hostDetailsDao.persist(detail); return bigswitchBcfDevice; } }); } else { throw new CloudRuntimeException( "Failed to add BigSwitch BCF Controller Device due to internal error."); } } catch (ConfigurationException e) { throw new CloudRuntimeException(e.getMessage()); } // initial topology sync to newly added BCF controller HostVO bigswitchBcfHost = _hostDao.findById(newBcfDevice.getHostId()); _bcfUtils.syncTopologyToBcfHost(bigswitchBcfHost, nat); return newBcfDevice; } @Override public BigSwitchBcfDeviceResponse createBigSwitchBcfDeviceResponse(BigSwitchBcfDeviceVO bigswitchBcfDeviceVO) { HostVO bigswitchBcfHost = _hostDao.findById(bigswitchBcfDeviceVO.getHostId()); _hostDao.loadDetails(bigswitchBcfHost); BigSwitchBcfDeviceResponse response = new BigSwitchBcfDeviceResponse(); response.setDeviceName(bigswitchBcfDeviceVO.getDeviceName()); PhysicalNetwork pnw = ApiDBUtils.findPhysicalNetworkById(bigswitchBcfDeviceVO.getPhysicalNetworkId()); if (pnw != null) { response.setPhysicalNetworkId(pnw.getUuid()); } response.setId(bigswitchBcfDeviceVO.getUuid()); response.setProviderName(bigswitchBcfDeviceVO.getProviderName()); response.setHostName(bigswitchBcfHost.getDetail("hostname")); response.setObjectName("bigswitchbcfdevice"); return response; } @Override public boolean deleteBigSwitchBcfDevice(DeleteBigSwitchBcfDeviceCmd cmd) { Long bigswitchBcfDeviceId = cmd.getBigSwitchBcfDeviceId(); BigSwitchBcfDeviceVO bigswitchBcfDevice = _bigswitchBcfDao.findById(bigswitchBcfDeviceId); if (bigswitchBcfDevice == null) { throw new InvalidParameterValueException( "Could not find a BigSwitch Controller with id " + bigswitchBcfDevice); } HostVO bigswitchHost = _hostDao.findById(bigswitchBcfDevice.getHostId()); Long hostId = bigswitchHost.getId(); bigswitchHost.setResourceState(ResourceState.Maintenance); _hostDao.update(hostId, bigswitchHost); _resourceMgr.deleteHost(hostId, false, false); _bigswitchBcfDao.remove(bigswitchBcfDeviceId); return true; } @Override public List<BigSwitchBcfDeviceVO> listBigSwitchBcfDevices(ListBigSwitchBcfDevicesCmd cmd) { Long physicalNetworkId = cmd.getPhysicalNetworkId(); Long bigswitchBcfDeviceId = cmd.getBigSwitchBcfDeviceId(); List<BigSwitchBcfDeviceVO> responseList = new ArrayList<BigSwitchBcfDeviceVO>(); if (physicalNetworkId == null && bigswitchBcfDeviceId == null) { throw new InvalidParameterValueException( "Either physical network Id or bigswitch device Id must be specified"); } if (bigswitchBcfDeviceId != null) { BigSwitchBcfDeviceVO bigswitchBcfDevice = _bigswitchBcfDao.findById(bigswitchBcfDeviceId); if (bigswitchBcfDevice == null) { throw new InvalidParameterValueException( "Could not find BigSwitch controller with id: " + bigswitchBcfDevice); } responseList.add(bigswitchBcfDevice); } else { PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId); if (physicalNetwork == null) { throw new InvalidParameterValueException( "Could not find a physical network with id: " + physicalNetworkId); } responseList = _bigswitchBcfDao.listByPhysicalNetwork(physicalNetworkId); } return responseList; } @Override public HostVO createHostVOForConnectedAgent(HostVO host, StartupCommand[] cmd) { return null; } @Override public HostVO createHostVOForDirectConnectAgent(HostVO host, StartupCommand[] startup, ServerResource resource, Map<String, String> details, List<String> hostTags) { if (!(startup[0] instanceof StartupBigSwitchBcfCommand)) { return null; } BigSwitchBcfResource bcfResource = (BigSwitchBcfResource) resource; bcfUtilsInit(); if (_bcfUtils.getTopology() != null) { bcfResource.setTopology(_bcfUtils.getTopology()); } host.setType(Host.Type.L2Networking); return host; } @Override public DeleteHostAnswer deleteHost(HostVO host, boolean isForced, boolean isForceDeleteStorage) throws UnableDeleteHostException { if (!(host.getType() == Host.Type.L2Networking)) { return null; } return new DeleteHostAnswer(true); } @Override public List<Class<?>> getCommands() { List<Class<?>> cmdList = new ArrayList<Class<?>>(); cmdList.add(AddBigSwitchBcfDeviceCmd.class); cmdList.add(DeleteBigSwitchBcfDeviceCmd.class); cmdList.add(ListBigSwitchBcfDevicesCmd.class); return cmdList; } @Override public IpDeployer getIpDeployer(Network network) { return this; } @Override public boolean applyStaticNats(Network network, List<? extends StaticNat> rules) throws ResourceUnavailableException { bcfUtilsInit(); _bcfUtils.listACLbyNetwork(network); Vpc vpc = null; if (network.getVpcId() != null) { vpc = _vpcDao.acquireInLockTable(network.getVpcId()); } String tenantId; if (vpc != null) { tenantId = vpc.getUuid(); _vpcDao.releaseFromLockTable(vpc.getId()); } else { // use account in CS as tenant in BSN // use network uuid as tenantId for non-VPC networks tenantId = network.getUuid(); } for (StaticNat rule : rules) { String srcIp = _ipAddressDao.findById(rule.getSourceIpAddressId()).getAddress().addr(); String dstIp = rule.getDestIpAddress(); String mac = rule.getSourceMacAddress(); if (!rule.isForRevoke()) { s_logger.debug( "BCF enables static NAT for public IP: " + srcIp + " private IP " + dstIp + " mac " + mac); CreateBcfStaticNatCommand cmd = new CreateBcfStaticNatCommand(tenantId, network.getUuid(), dstIp, srcIp, mac); _bcfUtils.sendBcfCommandWithNetworkSyncCheck(cmd, network); } else { s_logger.debug( "BCF removes static NAT for public IP: " + srcIp + " private IP " + dstIp + " mac " + mac); DeleteBcfStaticNatCommand cmd = new DeleteBcfStaticNatCommand(tenantId, srcIp); _bcfUtils.sendBcfCommandWithNetworkSyncCheck(cmd, network); } } return true; } @Override public boolean applyIps(Network network, List<? extends PublicIpAddress> ipAddress, Set<Service> services) throws ResourceUnavailableException { return false; } @Override public boolean applyNetworkACLs(Network network, List<? extends NetworkACLItem> rules) throws ResourceUnavailableException { SubnetUtils utils; String cidr = null; List<String> cidrList; for (NetworkACLItem r : rules) { if (r.getState() == NetworkACLItem.State.Revoke) { continue; } cidrList = r.getSourceCidrList(); if (cidrList != null) { if (cidrList.size() > 1 || !r.getSourcePortEnd().equals(r.getSourcePortStart())) { throw new ResourceUnavailableException("One CIDR and one port only please.", Network.class, network.getId()); } else { cidr = cidrList.get(0); } } if (cidr == null || cidr.equalsIgnoreCase("0.0.0.0/0")) { cidr = ""; } else { utils = new SubnetUtils(cidr); if (!utils.getInfo().getNetworkAddress().equals(utils.getInfo().getAddress())) { throw new ResourceUnavailableException("Invalid CIDR in Network ACL rule.", Network.class, network.getId()); } } } updateBcfRouter(network); return true; } @Override public boolean applyFWRules(Network network, List<? extends FirewallRule> rules) throws ResourceUnavailableException { SubnetUtils utils; String cidr = null; List<String> cidrList; for (FirewallRule r : rules) { if (r.getState() == FirewallRule.State.Revoke) { continue; } cidrList = r.getSourceCidrList(); if (cidrList != null) { if (cidrList.size() > 1 || !r.getSourcePortEnd().equals(r.getSourcePortStart())) { throw new ResourceUnavailableException("One CIDR and one port only please.", Network.class, network.getId()); } else { cidr = cidrList.get(0); } } if (cidr == null || cidr.equalsIgnoreCase("0.0.0.0/0")) { cidr = ""; } else { utils = new SubnetUtils(cidr); if (!utils.getInfo().getNetworkAddress().equals(utils.getInfo().getAddress())) { throw new ResourceUnavailableException("Invalid CIDR in Firewall rule.", Network.class, network.getId()); } } } updateBcfRouter(network); return true; } private void updateBcfRouter(Network network) throws IllegalArgumentException { bcfUtilsInit(); Vpc vpc = null; if (network.getVpcId() != null) { vpc = _vpcDao.acquireInLockTable(network.getVpcId()); } String tenantId; if (vpc != null) { tenantId = vpc.getUuid(); _vpcDao.releaseFromLockTable(vpc.getId()); } else { tenantId = network.getUuid(); } UpdateBcfRouterCommand cmd = new UpdateBcfRouterCommand(tenantId); List<AclData> aclList = _bcfUtils.listACLbyNetwork(network); for (AclData acl : aclList) { cmd.addAcl(acl); } if (vpc != null) { cmd.setPublicIp(_bcfUtils.getPublicIpByVpc(vpc)); } else { cmd.setPublicIp(_bcfUtils.getPublicIpByNetwork(network)); } BcfAnswer answer = _bcfUtils.sendBcfCommandWithNetworkSyncCheck(cmd, network); if (answer != null && !answer.getResult()) { throw new IllegalArgumentException("Illegal router update arguments"); } } private void bcfUtilsInit() { if (_bcfUtils == null) { _bcfUtils = new BigSwitchBcfUtils(_networkDao, _nicDao, _vmDao, _hostDao, _vpcDao, _bigswitchBcfDao, _agentMgr, _vlanDao, _ipAddressDao, _fwRulesDao, _fwCidrsDao, _aclItemDao, _aclItemCidrsDao, _networkModel); } } }