This is an automated email from the ASF dual-hosted git repository.
pearl11594 pushed a commit to branch nsx-additional-fixes
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit 4a56dbba92f274869f69940ea0c77f29f6e00f2f
Author: Pearl Dsilva <pearl1...@gmail.com>
AuthorDate: Tue Feb 27 12:31:22 2024 -0500
NSX: Re-add network rules when network is updated
---
.../apache/cloudstack/resource/NsxResource.java | 4 ++-
.../apache/cloudstack/service/NsxApiClient.java | 34 ++++++++++++++++++----
.../org/apache/cloudstack/service/NsxElement.java | 7 ++---
3 files changed, 34 insertions(+), 11 deletions(-)
diff --git
a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/resource/NsxResource.java
b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/resource/NsxResource.java
index 453a26016d7..06f6f9c1bcb 100644
---
a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/resource/NsxResource.java
+++
b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/resource/NsxResource.java
@@ -387,7 +387,9 @@ public class NsxResource implements ServerResource {
String privatePort = cmd.getPrivatePort();
String service = privatePort.contains("-") ?
nsxApiClient.getServicePath(ruleName, privatePort, cmd.getProtocol(), null,
null) :
nsxApiClient.getNsxInfraServices(ruleName, privatePort,
cmd.getProtocol(), null, null);
-
+ if (nsxApiClient.doesPfRuleExist(ruleName, tier1GatewayName,
cmd.getNetworkResourceName())) {
+ return new NsxAnswer(cmd, true, null);
+ }
nsxApiClient.createPortForwardingRule(ruleName, tier1GatewayName,
cmd.getNetworkResourceName(), cmd.getPublicIp(),
cmd.getVmIp(), cmd.getPublicPort(), service);
} catch (Exception e) {
diff --git
a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java
b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java
index 6091130c476..940464d3ba2 100644
---
a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java
+++
b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java
@@ -124,6 +124,7 @@ public class NsxApiClient {
protected static final String NSX_LB_PASSIVE_MONITOR =
"/infra/lb-monitor-profiles/default-passive-lb-monitor";
protected static final String TCP_MONITOR_PROFILE = "LBTcpMonitorProfile";
protected static final String UDP_MONITOR_PROFILE = "LBUdpMonitorProfile";
+ protected static final String NAT_ID = "USER";
private enum PoolAllocation { ROUTING, LB_SMALL, LB_MEDIUM, LB_LARGE,
LB_XLARGE }
@@ -342,18 +343,16 @@ public class NsxApiClient {
private void removeTier1GatewayNatRules(String tier1Id) {
NatRules natRulesService = (NatRules) nsxService.apply(NatRules.class);
- String natId = "USER";
- PolicyNatRuleListResult result = natRulesService.list(tier1Id, natId,
null, false, null, null, null, null);
+ PolicyNatRuleListResult result = natRulesService.list(tier1Id, NAT_ID,
null, false, null, null, null, null);
List<PolicyNatRule> natRules = result.getResults();
if (CollectionUtils.isEmpty(natRules)) {
logger.debug(String.format("Didn't find any NAT rule to remove on
the Tier 1 Gateway %s", tier1Id));
} else {
for (PolicyNatRule natRule : natRules) {
logger.debug(String.format("Removing NAT rule %s from Tier 1
Gateway %s", natRule.getId(), tier1Id));
- natRulesService.delete(tier1Id, natId, natRule.getId());
+ natRulesService.delete(tier1Id, NAT_ID, natRule.getId());
}
}
-
}
public String getDefaultSiteId() {
@@ -566,13 +565,23 @@ public class NsxApiClient {
natService.patch(tier1GatewayName, NatId.USER.name(), ruleName,
rule);
} catch (Error error) {
ApiError ae = error.getData()._convertTo(ApiError.class);
- String msg = String.format("Failed to delete NSX Port-forward rule
%s for network: %s, due to %s",
+ String msg = String.format("Failed to add NSX Port-forward rule %s
for network: %s, due to %s",
ruleName, networkName, ae.getErrorMessage());
logger.error(msg);
throw new CloudRuntimeException(msg);
}
}
+ public boolean doesPfRuleExist(String ruleName, String tier1GatewayName,
String networkName) {
+ try {
+ NatRules natService = (NatRules) nsxService.apply(NatRules.class);
+ PolicyNatRule rule = natService.get(tier1GatewayName, NAT_ID,
ruleName);
+ return !Objects.isNull(rule);
+ } catch (Error error) {
+ return false;
+ }
+ }
+
List<LBPoolMember> getLbPoolMembers(List<NsxLoadBalancerMember>
memberList, String tier1GatewayName) {
List<LBPoolMember> members = new ArrayList<>();
for (NsxLoadBalancerMember member : memberList) {
@@ -678,6 +687,9 @@ public class NsxApiClient {
String lbVirtualServerName =
getVirtualServerName(tier1GatewayName, lbId);
String lbServiceName = getLoadBalancerName(tier1GatewayName);
LbVirtualServers lbVirtualServers = (LbVirtualServers)
nsxService.apply(LbVirtualServers.class);
+ if (Objects.nonNull(getLbVirtualServerService(lbVirtualServers,
lbServiceName))) {
+ return;
+ }
LBVirtualServer lbVirtualServer = new LBVirtualServer.Builder()
.setId(lbVirtualServerName)
.setDisplayName(lbVirtualServerName)
@@ -762,6 +774,18 @@ public class NsxApiClient {
return null;
}
+ private LBVirtualServer getLbVirtualServerService(LbVirtualServers
lbVirtualServers, String lbVSName) {
+ try {
+ LBVirtualServer lbVirtualServer = lbVirtualServers.get(lbVSName);
+ if (Objects.nonNull(lbVirtualServer)) {
+ return lbVirtualServer;
+ }
+ } catch (Exception e) {
+ return null;
+ }
+ return null;
+ }
+
private String getLbPath(String lbServiceName) {
try {
LbServices lbServices = (LbServices)
nsxService.apply(LbServices.class);
diff --git
a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
index f69cc0d1bef..1fb546ed122 100644
---
a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
+++
b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
@@ -558,7 +558,7 @@ public class NsxElement extends AdapterBase implements
DhcpServiceProvider, Dns
.setRuleId(rule.getId())
.setProtocol(rule.getProtocol().toUpperCase(Locale.ROOT))
.build();
- if (rule.getState() == FirewallRule.State.Add) {
+ if (Arrays.asList(FirewallRule.State.Add,
FirewallRule.State.Active).contains(rule.getState())) {
result &= nsxService.createPortForwardRule(networkRule);
} else if (rule.getState() == FirewallRule.State.Revoke) {
result &= nsxService.deletePortForwardRule(networkRule);
@@ -642,9 +642,6 @@ public class NsxElement extends AdapterBase implements
DhcpServiceProvider, Dns
public boolean applyLBRules(Network network, List<LoadBalancingRule>
rules) throws ResourceUnavailableException {
boolean result = true;
for (LoadBalancingRule loadBalancingRule : rules) {
- if (loadBalancingRule.getState() == FirewallRule.State.Active) {
- continue;
- }
IPAddressVO publicIp =
ipAddressDao.findByIpAndDcId(network.getDataCenterId(),
loadBalancingRule.getSourceIp().addr());
NsxOpObject nsxObject = getNsxOpObject(network);
@@ -666,7 +663,7 @@ public class NsxElement extends AdapterBase implements
DhcpServiceProvider, Dns
.setProtocol(loadBalancingRule.getLbProtocol().toUpperCase(Locale.ROOT))
.setAlgorithm(loadBalancingRule.getAlgorithm())
.build();
- if (loadBalancingRule.getState() == FirewallRule.State.Add) {
+ if (Arrays.asList(FirewallRule.State.Add,
FirewallRule.State.Active).contains(loadBalancingRule.getState())) {
result &= nsxService.createLbRule(networkRule);
} else if (loadBalancingRule.getState() ==
FirewallRule.State.Revoke) {
result &= nsxService.deleteLbRule(networkRule);
