cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yas...@apache.org
Subject [1/5] git commit: S2S VPN: CS-15947: Add global config for S2S VPN VPN connection counts limitation
Date Fri, 10 Aug 2012 23:27:23 GMT
Updated Branches:
  refs/heads/vpc abbfd7407 -> 327b4833c


S2S VPN: CS-15947: Add global config for S2S VPN VPN connection counts limitation

And subnets limitation for each customer gateway

Conflicts:

	server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/327b4833
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/327b4833
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/327b4833

Branch: refs/heads/vpc
Commit: 327b4833cef42fa876c556d754466ecdc39fb39e
Parents: 302c904
Author: Sheng Yang <sheng.yang@citrix.com>
Authored: Fri Aug 10 16:11:58 2012 -0700
Committer: Sheng Yang <sheng.yang@citrix.com>
Committed: Fri Aug 10 16:24:35 2012 -0700

----------------------------------------------------------------------
 server/src/com/cloud/configuration/Config.java     |    3 ++
 .../cloud/network/vpn/Site2SiteVpnManagerImpl.java |   21 ++++++++++++++-
 2 files changed, 23 insertions(+), 1 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/327b4833/server/src/com/cloud/configuration/Config.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java
index 116af37..5ee66ff 100755
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@@ -26,6 +26,7 @@ import com.cloud.ha.HighAvailabilityManager;
 import com.cloud.hypervisor.Hypervisor.HypervisorType;
 import com.cloud.network.NetworkManager;
 import com.cloud.network.router.VpcVirtualNetworkApplianceManager;
+import com.cloud.network.vpn.Site2SiteVpnManager;
 import com.cloud.server.ManagementServer;
 import com.cloud.storage.StorageManager;
 import com.cloud.storage.allocator.StoragePoolAllocator;
@@ -109,6 +110,8 @@ public enum Config {
 	RemoteAccessVpnPskLength("Network", AgentManager.class, Integer.class, "remote.access.vpn.psk.length",
"24", "The length of the ipsec preshared key (minimum 8, maximum 256)", null),
 	RemoteAccessVpnClientIpRange("Network", AgentManager.class, String.class, "remote.access.vpn.client.iprange",
"10.1.2.1-10.1.2.8", "The range of ips to be allocated to remote access vpn clients. The first
ip in the range is used by the VPN server", null),
 	RemoteAccessVpnUserLimit("Network", AgentManager.class, String.class, "remote.access.vpn.user.limit",
"8", "The maximum number of VPN users that can be created per account", null),	
+	Site2SiteVpnConnectionPerVpnGatewayLimit("Network", ManagementServer.class, Integer.class,
"site2site.vpn.vpngateway.connection.limit", "4", "The maximum number of VPN connection per
VPN gateway", null),
+	Site2SiteVpnSubnetsPerCustomerGatewayLimit("Network", ManagementServer.class, Integer.class,
"site2site.vpn.customergateway.subnets.limit", "10", "The maximum number of subnets per customer
gateway", null),
 	
 	// Console Proxy
 	ConsoleProxyCapacityStandby("Console Proxy", AgentManager.class, String.class, "consoleproxy.capacity.standby",
"10", "The minimal number of console proxy viewer sessions that system is able to serve immediately(standby
capacity)", null),

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/327b4833/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
index a48d5d4..b8b3fef 100644
--- a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
+++ b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
@@ -20,6 +20,8 @@ import com.cloud.api.commands.ListVpnCustomerGatewaysCmd;
 import com.cloud.api.commands.ListVpnGatewaysCmd;
 import com.cloud.api.commands.ResetVpnConnectionCmd;
 import com.cloud.api.commands.UpdateVpnCustomerGatewayCmd;
+import com.cloud.configuration.Config;
+import com.cloud.configuration.dao.ConfigurationDao;
 import com.cloud.event.ActionEvent;
 import com.cloud.event.EventTypes;
 import com.cloud.exception.InvalidParameterValueException;
@@ -47,7 +49,10 @@ import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
 import com.cloud.user.UserContext;
 import com.cloud.user.dao.AccountDao;
+import com.cloud.user.dao.UserStatisticsDao;
+import com.cloud.utils.NumbersUtil;
 import com.cloud.utils.Ternary;
+import com.cloud.utils.component.ComponentLocator;
 import com.cloud.utils.component.Inject;
 import com.cloud.utils.component.Manager;
 import com.cloud.utils.db.DB;
@@ -74,10 +79,18 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager
{
     @Inject AccountManager _accountMgr;
     
     String _name;
+    int _connLimit;
+    int _subnetsLimit;
     
     @Override
     public boolean configure(String name, Map<String, Object> params) throws ConfigurationException
{
         _name = name;
+        
+        ComponentLocator locator = ComponentLocator.getCurrentLocator();
+        ConfigurationDao configDao = locator.getDao(ConfigurationDao.class);
+        Map<String, String> configs = configDao.getConfiguration(params);
+        _connLimit = NumbersUtil.parseInt(configs.get(Config.Site2SiteVpnConnectionPerVpnGatewayLimit.key()),
4);
+        _subnetsLimit = NumbersUtil.parseInt(configs.get(Config.Site2SiteVpnSubnetsPerCustomerGatewayLimit.key()),
10);
         return true;
     }
 
@@ -126,8 +139,11 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager,
Manager {
     }
 
     protected void checkCustomerGatewayCidrList(String guestCidrList) {
-        // Remote sub nets cannot overlap themselves
         String[] cidrList = guestCidrList.split(",");
+        if (cidrList.length > _subnetsLimit) {
+            throw new InvalidParameterValueException("Too many subnets of customer gateway!
The limit is " + _subnetsLimit);
+        }
+        // Remote sub nets cannot overlap themselves
         for (int i = 0; i < cidrList.length - 1; i ++) {
             for (int j = i + 1; j < cidrList.length; j ++) {
                 if (NetUtils.isNetworksOverlap(cidrList[i], cidrList[j])) {
@@ -254,6 +270,9 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager
{
         
         // We also need to check if the new connection's remote CIDR is overlapped with existed
connections
         List<Site2SiteVpnConnectionVO> conns = _vpnConnectionDao.listByVpnGatewayId(vpnGatewayId);
+        if (conns.size() >= _connLimit) {
+            throw new InvalidParameterValueException("There are too many VPN connections
with current VPN gateway! The limit is " + _connLimit);
+        }
         for (Site2SiteVpnConnectionVO vc : conns) {
             if (vc == null) {
                 continue;


Mime
View raw message