Updated Branches: refs/heads/master df039aab7 -> c9c2c5902
CLOUDSTACK-751: added a support for blacklisting certain routes on a zone level so they can't be used when create Static Route for VPC Private Gateway Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/c9c2c590 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/c9c2c590 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/c9c2c590 Branch: refs/heads/master Commit: c9c2c5902d0e9bc865683529a90d968686512425 Parents: df039aa Author: Alena Prokharchyk <[email protected]> Authored: Mon Apr 22 12:05:49 2013 -0700 Committer: Alena Prokharchyk <[email protected]> Committed: Mon Apr 22 13:35:15 2013 -0700 ---------------------------------------------------------------------- server/src/com/cloud/configuration/Config.java | 17 ++++-- .../configuration/ConfigurationManagerImpl.java | 12 ++++- server/src/com/cloud/dc/dao/DataCenterDao.java | 2 + server/src/com/cloud/dc/dao/DataCenterDaoImpl.java | 8 +++ .../src/com/cloud/network/vpc/VpcManagerImpl.java | 42 ++++++++++++++- 5 files changed, 73 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c9c2c590/server/src/com/cloud/configuration/Config.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index 4d1185a..dbcbc53 100755 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -16,7 +16,10 @@ // under the License. package com.cloud.configuration; -import java.util.*; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.StringTokenizer; import org.apache.cloudstack.engine.subsystem.api.storage.StoragePoolAllocator; @@ -26,6 +29,7 @@ import com.cloud.ha.HighAvailabilityManager; import com.cloud.hypervisor.Hypervisor.HypervisorType; import com.cloud.network.NetworkManager; import com.cloud.network.router.VpcVirtualNetworkApplianceManager; +import com.cloud.network.vpc.VpcManager; import com.cloud.server.ManagementServer; import com.cloud.storage.StorageManager; import com.cloud.storage.secondary.SecondaryStorageVmManager; @@ -34,10 +38,6 @@ import com.cloud.template.TemplateManager; import com.cloud.vm.UserVmManager; import com.cloud.vm.snapshot.VMSnapshotManager; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; - public enum Config { // Alert @@ -400,7 +400,10 @@ public enum Config { VMSnapshotMax("Advanced", VMSnapshotManager.class, Integer.class, "vmsnapshot.max", "10", "Maximum vm snapshots for a vm", null), VMSnapshotCreateWait("Advanced", VMSnapshotManager.class, Integer.class, "vmsnapshot.create.wait", "1800", "In second, timeout for create vm snapshot", null), - CloudDnsName("Advanced", ManagementServer.class, String.class, "cloud.dns.name", "default", " DNS name of the cloud", null); + CloudDnsName("Advanced", ManagementServer.class, String.class, "cloud.dns.name", "default", " DNS name of the cloud", null), + + BlacklistedRoutes("Advanced", VpcManager.class, String.class, "blacklisted.routes", null, "Routes that are blacklisted, can not be used for Static Routes creation for the VPC Private Gateway", + "routes", ConfigurationParameterScope.zone.toString()); private final String _category; @@ -532,6 +535,8 @@ public enum Config { return "StorageManager"; } else if (_componentClass == TemplateManager.class) { return "TemplateManager"; + } else if (_componentClass == VpcManager.class) { + return "VpcManager"; }else { return "none"; } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c9c2c590/server/src/com/cloud/configuration/ConfigurationManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java index b5734a2..a2a6291 100755 --- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java @@ -342,7 +342,7 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati } DcDetailVO dcDetailVO = _zoneDetailsDao.findDetail(resourceId, name.toLowerCase()); if (dcDetailVO == null) { - dcDetailVO = new DcDetailVO(dcDetailVO.getId(), name, value); + dcDetailVO = new DcDetailVO(zone.getId(), name, value); _zoneDetailsDao.persist(dcDetailVO); } else { dcDetailVO.setValue(value); @@ -584,6 +584,16 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati if (!NetUtils.verifyInstanceName(value)) { return "Instance name can not contain hyphen, spaces and plus sign"; } + } else if (range.equals("routes")) { + String[] routes = value.split(","); + for (String route : routes) { + if (route != null) { + String routeToVerify = route.trim(); + if (!NetUtils.isValidCIDR(routeToVerify)) { + throw new InvalidParameterValueException("Invalid value for blacklisted route: " + route); + } + } + } } else { String[] options = range.split(","); for (String option : options) { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c9c2c590/server/src/com/cloud/dc/dao/DataCenterDao.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/dc/dao/DataCenterDao.java b/server/src/com/cloud/dc/dao/DataCenterDao.java index ee228f1..e54b9bb 100755 --- a/server/src/com/cloud/dc/dao/DataCenterDao.java +++ b/server/src/com/cloud/dc/dao/DataCenterDao.java @@ -77,4 +77,6 @@ public interface DataCenterDao extends GenericDao<DataCenterVO, Long> { List<DataCenterVO> findZonesByDomainId(Long domainId, String keyword); List<DataCenterVO> findByKeyword(String keyword); + + List<DataCenterVO> listAllZones(); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c9c2c590/server/src/com/cloud/dc/dao/DataCenterDaoImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/dc/dao/DataCenterDaoImpl.java b/server/src/com/cloud/dc/dao/DataCenterDaoImpl.java index 2a6c2ec..4afd640 100755 --- a/server/src/com/cloud/dc/dao/DataCenterDaoImpl.java +++ b/server/src/com/cloud/dc/dao/DataCenterDaoImpl.java @@ -401,4 +401,12 @@ public class DataCenterDaoImpl extends GenericDaoBase<DataCenterVO, Long> implem txn.commit(); return result; } + + @Override + public List<DataCenterVO> listAllZones(){ + SearchCriteria<DataCenterVO> sc = NameSearch.create(); + List<DataCenterVO> dcs = listBy(sc); + + return dcs; + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c9c2c590/server/src/com/cloud/network/vpc/VpcManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/com/cloud/network/vpc/VpcManagerImpl.java index dbd36ae..425f551 100644 --- a/server/src/com/cloud/network/vpc/VpcManagerImpl.java +++ b/server/src/com/cloud/network/vpc/VpcManagerImpl.java @@ -39,11 +39,14 @@ import org.springframework.stereotype.Component; import com.cloud.configuration.Config; import com.cloud.configuration.ConfigurationManager; +import com.cloud.configuration.ConfigurationVO; import com.cloud.configuration.Resource.ResourceType; import com.cloud.configuration.dao.ConfigurationDao; import com.cloud.dc.DataCenter; +import com.cloud.dc.DataCenterVO; import com.cloud.dc.Vlan.VlanType; import com.cloud.dc.VlanVO; +import com.cloud.dc.dao.DataCenterDao; import com.cloud.dc.dao.VlanDao; import com.cloud.deploy.DeployDestination; import com.cloud.event.ActionEvent; @@ -92,6 +95,7 @@ import com.cloud.offerings.NetworkOfferingServiceMapVO; import com.cloud.offerings.dao.NetworkOfferingServiceMapDao; import com.cloud.org.Grouping; import com.cloud.projects.Project.ListProjectResourcesCriteria; +import com.cloud.server.ConfigurationServer; import com.cloud.server.ResourceTag.TaggedResourceType; import com.cloud.tags.ResourceTagVO; import com.cloud.tags.dao.ResourceTagDao; @@ -115,7 +119,6 @@ import com.cloud.utils.db.SearchCriteria.Op; import com.cloud.utils.db.Transaction; import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.utils.net.NetUtils; -import com.cloud.vm.DomainRouterVO; import com.cloud.vm.ReservationContext; import com.cloud.vm.ReservationContextImpl; import com.cloud.vm.dao.DomainRouterDao; @@ -175,11 +178,17 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis ResourceLimitService _resourceLimitMgr; @Inject VpcServiceMapDao _vpcSrvcDao; + @Inject + DataCenterDao _dcDao; + @Inject + ConfigurationServer _configServer; private final ScheduledExecutorService _executor = Executors.newScheduledThreadPool(1, new NamedThreadFactory("VpcChecker")); private List<VpcProvider> vpcElements = null; private final List<Service> nonSupportedServices = Arrays.asList(Service.SecurityGroup, Service.Firewall); private final List<Provider> supportedProviders = Arrays.asList(Provider.VPCVirtualRouter, Provider.NiciraNvp); + + private Map<Long, Set<String>> zoneBlackListedRoutes; int _cleanupInterval; int _maxNetworks; @@ -231,6 +240,26 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis IpAddressSearch.join("virtualNetworkVlanSB", virtualNetworkVlanSB, IpAddressSearch.entity().getVlanId(), virtualNetworkVlanSB.entity().getId(), JoinBuilder.JoinType.INNER); IpAddressSearch.done(); + //populate blacklisted routes + List<DataCenterVO> zones = _dcDao.listAllZones(); + zoneBlackListedRoutes = new HashMap<Long, Set<String>>(); + for (DataCenterVO zone : zones) { + List<ConfigurationVO> confs = _configServer.getConfigListByScope(Config.ConfigurationParameterScope.zone.toString(), zone.getId()); + for (ConfigurationVO conf : confs) { + String routeStr = conf.getValue(); + if (conf.getName().equalsIgnoreCase(Config.BlacklistedRoutes.key()) && routeStr != null && !routeStr.isEmpty()) { + String[] routes = routeStr.split(","); + Set<String> cidrs = new HashSet<String>(); + for (String route : routes) { + cidrs.add(route); + } + + zoneBlackListedRoutes.put(zone.getId(), cidrs); + break; + } + } + } + return true; } @@ -1653,6 +1682,17 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis if (NetUtils.isNetworksOverlap(vpc.getCidr(), NetUtils.getLinkLocalCIDR())) { throw new InvalidParameterValueException("CIDR should be outside of link local cidr " + NetUtils.getLinkLocalCIDR()); } + + //3) Verify against blacklisted routes + Set<String> cidrBlackList = zoneBlackListedRoutes.get(vpc.getZoneId()); + + if (cidrBlackList != null && !cidrBlackList.isEmpty()) { + for (String blackListedRoute : cidrBlackList) { + if (NetUtils.isNetworksOverlap(blackListedRoute, cidr)) { + throw new InvalidParameterValueException("The static gateway cidr overlaps with one of the blacklisted routes of the VPC zone"); + } + } + } Transaction txn = Transaction.currentTxn(); txn.start();
