fixing VPC IP Association and ACL rules. Have to rewrite in a better why the apply rules method in the Advanced Topology
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/325026de Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/325026de Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/325026de Branch: refs/heads/master Commit: 325026de3f51c935c89a98d9e7cfe5ecd89699c2 Parents: b97f2b0 Author: Wilder Rodrigues <wrodrig...@schubergphilis.com> Authored: Fri Jul 18 16:50:47 2014 +0200 Committer: wilderrodrigues <wrodrig...@schubergphilis.com> Committed: Tue Oct 14 15:01:14 2014 +0200 ---------------------------------------------------------------------- .../VpcVirtualNetworkApplianceManagerImpl.java | 7 -- .../cloud/network/rules/NicPlugInOutRules.java | 2 +- .../rules/VirtualNetworkApplianceFactory.java | 4 +- .../network/rules/VpcIpAssociationRules.java | 9 +- .../topology/AdvancedNetworkTopology.java | 110 ++++++++++++++++++- .../topology/AdvancedNetworkVisitor.java | 5 +- 6 files changed, 116 insertions(+), 21 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/325026de/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java index d2f6f5d..c36a9c6 100644 --- a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java @@ -397,13 +397,6 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian return super.finalizeVirtualMachineProfile(profile, dest, context); } - protected boolean sendNetworkACLs(final VirtualRouter router, final List<? extends NetworkACLItem> rules, final long guestNetworkId, final boolean isPrivateGateway) - throws ResourceUnavailableException { - Commands cmds = new Commands(Command.OnError.Continue); - createNetworkACLsCommands(rules, router, cmds, guestNetworkId, isPrivateGateway); - return sendCommandsToRouter(router, cmds); - } - private void createNetworkACLsCommands(final List<? extends NetworkACLItem> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId, final boolean privateGateway) { List<NetworkACLTO> rulesTO = new ArrayList<NetworkACLTO>(); String guestVlan = null; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/325026de/server/src/com/cloud/network/rules/NicPlugInOutRules.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/rules/NicPlugInOutRules.java b/server/src/com/cloud/network/rules/NicPlugInOutRules.java index f4be96f..b96e2b1 100644 --- a/server/src/com/cloud/network/rules/NicPlugInOutRules.java +++ b/server/src/com/cloud/network/rules/NicPlugInOutRules.java @@ -127,7 +127,7 @@ public class NicPlugInOutRules extends RuleApplier { } } - // Let the IpAssociationRule call the visitor fot the NicPlugInOutRule + // The visit will be done from the AdvancedNetworkTopology, after the VpcIpAssociation is done. return true; } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/325026de/server/src/com/cloud/network/rules/VirtualNetworkApplianceFactory.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/rules/VirtualNetworkApplianceFactory.java b/server/src/com/cloud/network/rules/VirtualNetworkApplianceFactory.java index 32f61ce..356f3bb 100644 --- a/server/src/com/cloud/network/rules/VirtualNetworkApplianceFactory.java +++ b/server/src/com/cloud/network/rules/VirtualNetworkApplianceFactory.java @@ -158,8 +158,8 @@ public class VirtualNetworkApplianceFactory { return ipAssociationRules; } - public VpcIpAssociationRules createVpcIpAssociationRules(final Network network, final List<? extends PublicIpAddress> ipAddresses, final NicPlugInOutRules nicPlugInOutRules) { - VpcIpAssociationRules ipAssociationRules = new VpcIpAssociationRules(network, ipAddresses, nicPlugInOutRules); + public VpcIpAssociationRules createVpcIpAssociationRules(final Network network, final List<? extends PublicIpAddress> ipAddresses) { + VpcIpAssociationRules ipAssociationRules = new VpcIpAssociationRules(network, ipAddresses); initBeans(ipAssociationRules); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/325026de/server/src/com/cloud/network/rules/VpcIpAssociationRules.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/rules/VpcIpAssociationRules.java b/server/src/com/cloud/network/rules/VpcIpAssociationRules.java index bcda360..e3c9bed 100644 --- a/server/src/com/cloud/network/rules/VpcIpAssociationRules.java +++ b/server/src/com/cloud/network/rules/VpcIpAssociationRules.java @@ -47,16 +47,13 @@ public class VpcIpAssociationRules extends RuleApplier { private final List<? extends PublicIpAddress> _ipAddresses; - private final NicPlugInOutRules _nicPlugInOutRules; - private Map<String, String> _vlanMacAddress; private List<PublicIpAddress> _ipsToSend; - public VpcIpAssociationRules(final Network network, final List<? extends PublicIpAddress> ipAddresses, final NicPlugInOutRules nicPlugInOutRules) { + public VpcIpAssociationRules(final Network network, final List<? extends PublicIpAddress> ipAddresses) { super(network); _ipAddresses = ipAddresses; - _nicPlugInOutRules = nicPlugInOutRules; } @Override @@ -90,10 +87,6 @@ public class VpcIpAssociationRules extends RuleApplier { return _ipAddresses; } - public NicPlugInOutRules getNicPlugInOutRules() { - return _nicPlugInOutRules; - } - public Map<String, String> getVlanMacAddress() { return _vlanMacAddress; } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/325026de/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkTopology.java ---------------------------------------------------------------------- diff --git a/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkTopology.java b/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkTopology.java index 05ad17f..a39fed6 100644 --- a/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkTopology.java +++ b/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkTopology.java @@ -17,6 +17,7 @@ package org.apache.cloudstack.network.topology; +import java.util.ArrayList; import java.util.List; import org.apache.log4j.Logger; @@ -24,8 +25,13 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import com.cloud.dc.DataCenter; +import com.cloud.dc.DataCenter.NetworkType; +import com.cloud.dc.Pod; import com.cloud.deploy.DeployDestination; +import com.cloud.exception.AgentUnavailableException; import com.cloud.exception.ResourceUnavailableException; +import com.cloud.host.Status; import com.cloud.network.Network; import com.cloud.network.PublicIpAddress; import com.cloud.network.router.VirtualRouter; @@ -39,6 +45,7 @@ import com.cloud.network.rules.VpcIpAssociationRules; import com.cloud.network.vpc.NetworkACLItem; import com.cloud.vm.DomainRouterVO; import com.cloud.vm.NicProfile; +import com.cloud.vm.VirtualMachine.State; import com.cloud.vm.VirtualMachineProfile; @Component @@ -105,14 +112,25 @@ public class AdvancedNetworkTopology extends BasicNetworkTopology { final Long podId = null; NicPlugInOutRules nicPlugInOutRules = _virtualNetworkApplianceFactory.createNicPluInOutRules(network, ipAddresses); - VpcIpAssociationRules ipAssociationRules = _virtualNetworkApplianceFactory.createVpcIpAssociationRules(network, ipAddresses, nicPlugInOutRules); + nicPlugInOutRules.accept(_advancedVisitor, router); - return applyRules(network, routers, typeString, isPodLevelException, podId, failWhenDisconnect, new RuleApplierWrapper<RuleApplier>(ipAssociationRules)); + VpcIpAssociationRules ipAssociationRules = _virtualNetworkApplianceFactory.createVpcIpAssociationRules(network, ipAddresses); + boolean result = applyRules(network, routers, typeString, isPodLevelException, podId, failWhenDisconnect, new RuleApplierWrapper<RuleApplier>(ipAssociationRules)); + + if (result) { + _advancedVisitor.visit(nicPlugInOutRules); + } + + return result; } @Override public boolean applyNetworkACLs(final Network network, final List<? extends NetworkACLItem> rules, final List<? extends VirtualRouter> routers, final boolean isPrivateGateway) throws ResourceUnavailableException { + if (rules == null || rules.isEmpty()) { + s_logger.debug("No network ACLs to be applied for network " + network.getId()); + return true; + } s_logger.debug("APPLYING NETWORK ACLs RULES"); @@ -125,4 +143,92 @@ public class AdvancedNetworkTopology extends BasicNetworkTopology { return applyRules(network, routers, typeString, isPodLevelException, podId, failWhenDisconnect, new RuleApplierWrapper<RuleApplier>(aclsRules)); } + + @Override + public boolean applyRules(final Network network, final List<? extends VirtualRouter> routers, final String typeString, final boolean isPodLevelException, final Long podId, final boolean failWhenDisconnect, + final RuleApplierWrapper<RuleApplier> ruleApplierWrapper) + throws ResourceUnavailableException { + + if (routers == null || routers.isEmpty()) { + s_logger.warn("Unable to apply " + typeString + ", virtual router doesn't exist in the network " + network.getId()); + throw new ResourceUnavailableException("Unable to apply " + typeString, DataCenter.class, network.getDataCenterId()); + } + + RuleApplier ruleApplier = ruleApplierWrapper.getRuleType(); + + final DataCenter dc = _dcDao.findById(network.getDataCenterId()); + final boolean isZoneBasic = (dc.getNetworkType() == NetworkType.Basic); + + // isPodLevelException and podId is only used for basic zone + assert !((!isZoneBasic && isPodLevelException) || (isZoneBasic && isPodLevelException && podId == null)); + + final List<VirtualRouter> connectedRouters = new ArrayList<VirtualRouter>(); + final List<VirtualRouter> disconnectedRouters = new ArrayList<VirtualRouter>(); + boolean result = true; + final String msg = "Unable to apply " + typeString + " on disconnected router "; + for (final VirtualRouter router : routers) { + if (router.getState() == State.Running) { + s_logger.debug("Applying " + typeString + " in network " + network); + + if (router.isStopPending()) { + if (_hostDao.findById(router.getHostId()).getState() == Status.Up) { + throw new ResourceUnavailableException("Unable to process due to the stop pending router " + router.getInstanceName() + + " haven't been stopped after it's host coming back!", DataCenter.class, router.getDataCenterId()); + } + s_logger.debug("Router " + router.getInstanceName() + " is stop pending, so not sending apply " + typeString + " commands to the backend"); + continue; + } + + try { + ruleApplier.accept(_advancedVisitor, router); + + connectedRouters.add(router); + } catch (final AgentUnavailableException e) { + s_logger.warn(msg + router.getInstanceName(), e); + disconnectedRouters.add(router); + } + + //If rules fail to apply on one domR and not due to disconnection, no need to proceed with the rest + if (!result) { + if (isZoneBasic && isPodLevelException) { + throw new ResourceUnavailableException("Unable to apply " + typeString + " on router ", Pod.class, podId); + } + throw new ResourceUnavailableException("Unable to apply " + typeString + " on router ", DataCenter.class, router.getDataCenterId()); + } + + } else if (router.getState() == State.Stopped || router.getState() == State.Stopping) { + s_logger.debug("Router " + router.getInstanceName() + " is in " + router.getState() + ", so not sending apply " + typeString + " commands to the backend"); + } else { + s_logger.warn("Unable to apply " + typeString + ", virtual router is not in the right state " + router.getState()); + if (isZoneBasic && isPodLevelException) { + throw new ResourceUnavailableException("Unable to apply " + typeString + ", virtual router is not in the right state", Pod.class, podId); + } + throw new ResourceUnavailableException("Unable to apply " + typeString + ", virtual router is not in the right state", DataCenter.class, + router.getDataCenterId()); + } + } + + if (!connectedRouters.isEmpty()) { + if (!isZoneBasic && !disconnectedRouters.isEmpty() && disconnectedRouters.get(0).getIsRedundantRouter()) { + // These disconnected redundant virtual routers are out of sync now, stop them for synchronization + //[FIXME] handleSingleWorkingRedundantRouter(connectedRouters, disconnectedRouters, msg); + } + } else if (!disconnectedRouters.isEmpty()) { + for (final VirtualRouter router : disconnectedRouters) { + if (s_logger.isDebugEnabled()) { + s_logger.debug(msg + router.getInstanceName() + "(" + router.getId() + ")"); + } + } + if (isZoneBasic && isPodLevelException) { + throw new ResourceUnavailableException(msg, Pod.class, podId); + } + throw new ResourceUnavailableException(msg, DataCenter.class, disconnectedRouters.get(0).getDataCenterId()); + } + + result = true; + if (failWhenDisconnect) { + result = !connectedRouters.isEmpty(); + } + return result; + } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cloudstack/blob/325026de/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkVisitor.java ---------------------------------------------------------------------- diff --git a/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkVisitor.java b/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkVisitor.java index 35c1755..cdd9ba0 100644 --- a/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkVisitor.java +++ b/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkVisitor.java @@ -77,7 +77,10 @@ public class AdvancedNetworkVisitor extends BasicNetworkVisitor { final Commands commands = nicPlugInOutRules.getNetUsageCommands(); - return _applianceManager.sendCommandsToRouter(router, commands); + if (commands.size() > 0) { + return _applianceManager.sendCommandsToRouter(router, commands); + } + return true; } @Override
