| // Licensed to the Apache Software Foundation (ASF) under one |
| // or more contributor license agreements. See the NOTICE file |
| // distributed with this work for additional information |
| // regarding copyright ownership. The ASF licenses this file |
| // to you under the Apache License, Version 2.0 (the |
| // "License"); you may not use this file except in compliance |
| // with the License. You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, |
| // software distributed under the License is distributed on an |
| // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| // KIND, either express or implied. See the License for the |
| // specific language governing permissions and limitations |
| // under the License. |
| |
| package org.apache.cloudstack.network.contrail.management; |
| |
| import java.io.IOException; |
| import java.util.List; |
| |
| import javax.inject.Inject; |
| |
| import org.apache.cloudstack.network.contrail.model.VirtualNetworkModel; |
| import org.apache.cloudstack.network.contrail.model.NetworkPolicyModel; |
| |
| import org.apache.log4j.Logger; |
| import org.springframework.stereotype.Component; |
| |
| import com.cloud.deploy.DeployDestination; |
| import com.cloud.exception.ConcurrentOperationException; |
| import com.cloud.exception.InsufficientCapacityException; |
| import com.cloud.exception.ResourceUnavailableException; |
| import com.cloud.network.Network; |
| import com.cloud.network.Network.Provider; |
| import com.cloud.network.element.NetworkACLServiceProvider; |
| import com.cloud.network.element.VpcProvider; |
| import com.cloud.network.vpc.NetworkACLItem; |
| import com.cloud.network.vpc.NetworkACLVO; |
| import com.cloud.network.vpc.PrivateGateway; |
| import com.cloud.network.vpc.StaticRouteProfile; |
| import com.cloud.network.vpc.Vpc; |
| import com.cloud.network.vpc.dao.NetworkACLDao; |
| import com.cloud.vm.ReservationContext; |
| |
| @Component |
| public class ContrailVpcElementImpl extends ContrailElementImpl implements NetworkACLServiceProvider, VpcProvider { |
| private static final Logger s_logger = |
| Logger.getLogger(ContrailElement.class); |
| |
| @Inject |
| NetworkACLDao _networkACLDao; |
| |
| // NetworkElement API |
| @Override |
| public Provider getProvider() { |
| return Provider.JuniperContrailVpcRouter; |
| } |
| |
| @Override |
| public boolean implementVpc(Vpc vpc, DeployDestination dest, |
| ReservationContext context) throws ConcurrentOperationException, |
| ResourceUnavailableException, InsufficientCapacityException { |
| // TODO Auto-generated method stub |
| s_logger.debug("NetworkElement implementVpc"); |
| return true; |
| } |
| |
| @Override |
| public boolean shutdownVpc(Vpc vpc, ReservationContext context) |
| throws ConcurrentOperationException, ResourceUnavailableException { |
| // TODO Auto-generated method stub |
| s_logger.debug("NetworkElement shutdownVpc"); |
| return true; |
| } |
| |
| @Override |
| public boolean createPrivateGateway(PrivateGateway gateway) |
| throws ConcurrentOperationException, ResourceUnavailableException { |
| // TODO Auto-generated method stub |
| s_logger.debug("NetworkElement createPrivateGateway"); |
| return false; |
| } |
| |
| @Override |
| public boolean deletePrivateGateway(PrivateGateway privateGateway) |
| throws ConcurrentOperationException, ResourceUnavailableException { |
| // TODO Auto-generated method stub |
| s_logger.debug("NetworkElement deletePrivateGateway"); |
| return false; |
| } |
| |
| @Override |
| public boolean applyStaticRoutes(Vpc vpc, List<StaticRouteProfile> routes) |
| throws ResourceUnavailableException { |
| // TODO Auto-generated method stub |
| s_logger.debug("NetworkElement applyStaticRoutes"); |
| return true; |
| } |
| |
| @Override |
| public boolean applyNetworkACLs(Network net, |
| List<? extends NetworkACLItem> rules) |
| throws ResourceUnavailableException { |
| s_logger.debug("NetworkElement applyNetworkACLs"); |
| if (rules == null || rules.isEmpty()) { |
| s_logger.debug("no rules to apply"); |
| return true; |
| } |
| |
| Long aclId = rules.get(0).getAclId(); |
| NetworkACLVO acl = _networkACLDao.findById(aclId); |
| NetworkPolicyModel policyModel = _manager.getDatabase().lookupNetworkPolicy(acl.getUuid()); |
| if (policyModel == null) { |
| /* |
| * For the first time, when a CS ACL applied to a network, create a network-policy in VNC |
| * and when there are no networks associated to CS ACL, delete it from VNC. |
| */ |
| policyModel = new NetworkPolicyModel(acl.getUuid(), acl.getName()); |
| net.juniper.contrail.api.types.Project project; |
| try { |
| project = _manager.getVncProject(net.getDomainId(), net.getAccountId()); |
| if (project == null) { |
| project = _manager.getDefaultVncProject(); |
| } |
| } catch (IOException ex) { |
| s_logger.warn("read project", ex); |
| return false; |
| } |
| policyModel.setProject(project); |
| } |
| |
| VirtualNetworkModel vnModel = _manager.getDatabase().lookupVirtualNetwork(net.getUuid(), |
| _manager.getCanonicalName(net), net.getTrafficType()); |
| NetworkPolicyModel oldPolicyModel = null; |
| /* this method is called when network is destroyed too, hence vn model might have been deleted already */ |
| if (vnModel != null) { |
| oldPolicyModel = vnModel.getNetworkPolicyModel(); |
| vnModel.addToNetworkPolicy(policyModel); |
| } |
| |
| try { |
| policyModel.build(_manager.getModelController(), rules); |
| } catch (Exception e) { |
| s_logger.error(e); |
| e.printStackTrace(); |
| return false; |
| } |
| |
| try { |
| if (!policyModel.verify(_manager.getModelController())) { |
| policyModel.update(_manager.getModelController()); |
| } |
| _manager.getDatabase().getNetworkPolicys().add(policyModel); |
| } catch (Exception ex) { |
| s_logger.error("network-policy update: ", ex); |
| ex.printStackTrace(); |
| return false; |
| } |
| |
| if (!policyModel.hasPolicyRules()) { |
| try { |
| policyModel.delete(_manager.getModelController()); |
| _manager.getDatabase().getNetworkPolicys().remove(policyModel); |
| } catch (IOException e) { |
| e.printStackTrace(); |
| return false; |
| } |
| } |
| /* |
| * if no other VNs are associated with the old policy, |
| * we could delete it from the Contrail VNC |
| */ |
| if (policyModel != oldPolicyModel && oldPolicyModel != null && !oldPolicyModel.hasDescendents()) { |
| try { |
| oldPolicyModel.delete(_manager.getModelController()); |
| _manager.getDatabase().getNetworkPolicys().remove(oldPolicyModel); |
| } catch (IOException e) { |
| e.printStackTrace(); |
| return false; |
| } |
| } |
| |
| return true; |
| } |
| |
| @Override |
| public boolean applyACLItemsToPrivateGw(PrivateGateway privateGateway, |
| List<? extends NetworkACLItem> rules) |
| throws ResourceUnavailableException { |
| // TODO Auto-generated method stub |
| s_logger.debug("NetworkElement applyACLItemsToPrivateGw"); |
| return true; |
| } |
| |
| } |