cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kous...@apache.org
Subject [2/4] git commit: refs/heads/cisco-vnmc-api-integration - - Creating static routes in VNMC as part of edge firewall configuration - Passing order parameter while creating rules so that they are evaluated in a specific order - Added methods in VnmcResourc
Date Fri, 08 Mar 2013 09:58:05 GMT
- Creating static routes in VNMC as part of edge firewall configuration
- Passing order parameter while creating rules so that they are evaluated in a specific order
- Added methods in VnmcResource for listing acl policies and rules belonging to variouos policies.
This is used to compute order while creation of various rules in VNMC


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/aa94eca5
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/aa94eca5
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/aa94eca5

Branch: refs/heads/cisco-vnmc-api-integration
Commit: aa94eca516836949da40f1c0672c0aad9699c759
Parents: cc824e8
Author: Koushik Das <koushik.das@citrix.com>
Authored: Fri Mar 8 00:38:52 2013 +0530
Committer: Koushik Das <koushik.das@citrix.com>
Committed: Fri Mar 8 00:38:52 2013 +0530

----------------------------------------------------------------------
 .../network/cisco/associate-route-policy.xml       |   28 ++--
 .../network/cisco/create-acl-policy-ref.xml        |    2 +-
 .../scripts/network/cisco/create-dnat-rule.xml     |    2 +-
 .../network/cisco/create-edge-device-profile.xml   |   14 +-
 .../cisco/create-edge-device-route-policy.xml      |   16 +-
 .../network/cisco/create-edge-device-route.xml     |   34 ++--
 .../cisco/create-ingress-acl-rule-for-dnat.xml     |    2 +-
 .../cisco/create-ingress-acl-rule-for-pf.xml       |    2 +-
 .../network/cisco/create-ingress-acl-rule.xml      |    2 +-
 .../scripts/network/cisco/create-pf-rule.xml       |    2 +-
 .../network/cisco/create-source-nat-rule.xml       |    2 +-
 .../scripts/network/cisco/list-acl-policies.xml    |   14 ++
 .../scripts/network/cisco/list-children.xml        |   11 ++
 .../api/CreateLogicalEdgeFirewallCommand.java      |   10 +
 .../cloud/network/cisco/CiscoVnmcConnection.java   |    3 +-
 .../network/cisco/CiscoVnmcConnectionImpl.java     |  132 ++++++++++++---
 .../cloud/network/element/CiscoVnmcElement.java    |   56 +++++--
 .../cloud/network/resource/CiscoVnmcResource.java  |   25 +++-
 18 files changed, 268 insertions(+), 89 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml
index af4e4d0..acc5ddb 100644
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml
@@ -1,15 +1,15 @@
-<configConfMo 
-dn="" 
-cookie="%cookie%" 
-inHierarchical="false">
-    <inConfig>
-      <policyEdgeDeviceServiceProfile
-            addrTranslationTimeout="10800"
-            dn="%profiledn%"
-            ipAudit=""
-            name="%profilename%"
-            routing="%routepolicyname%"
-            status="modified"
-            vpn=""/>
-    </inConfig>
+<configConfMo
+  dn=""
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfig>
+    <policyEdgeDeviceServiceProfile
+      addrTranslationTimeout="10800"
+      dn="%dn%"
+      ipAudit=""
+      name="%name%"
+      routing="%routepolicyname%"
+      status="modified"
+      vpn=""/>
+  </inConfig>
 </configConfMo>

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml
index 2d3f02a..34efcca 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml
@@ -7,7 +7,7 @@
     <pair key="%aclpolicyrefdn%">
       <policyPolicyNameRef
         dn="%aclpolicyrefdn%"
-        order="100"
+        order="%order%"
         policyName="%aclpolicyname%"
         status="created"/>
     </pair>

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml
index 688e295..8b2842a 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml
@@ -9,7 +9,7 @@
         descr="%descr%"
         dn="%natruledn%"
         name="%natrulename%"
-        order="100"
+        order="%order%"
         status="created"/>
     </pair>
 

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml
index 2baec16..bccf058 100644
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml
@@ -1,14 +1,14 @@
-<configConfMo 
-cookie="%cookie%"
-inHierarchical="false"> 
-    <inConfig> 
-      <policyEdgeDeviceServiceProfile 
+<configConfMo
+  cookie="%cookie%"
+  inHierarchical="false"> 
+  <inConfig> 
+    <policyEdgeDeviceServiceProfile 
       addrTranslationTimeout="10800" 
       descr="%descr%" 
       dn="%dn%" 
       name="%name%"
       status="created" 
       vpn=""/> 
-    </inConfig> 
+  </inConfig> 
 </configConfMo>
-<!--dn="org-root/org-TestTenant3/org-Tenant3-VDC/edsp-Tenant3-Edge-Device-Profile" -->
+<!-- dn="org-root/org-TestTenant3/org-Tenant3-VDC/edsp-Tenant3-Edge-Device-Profile" -->

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml
index 3b760de..d111bd1 100644
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml
@@ -1,12 +1,12 @@
-<configConfMo 
+<configConfMo
   dn=""
   cookie="%cookie%"
   inHierarchical="false">
-    <inConfig>
-      <routeRoutingPolicy
-        descr="%descr%" 
-        dn="%routepolicydn%"
-        name="%name%" 
-        status="created"/>
-    </inConfig>
+  <inConfig>
+    <routeRoutingPolicy
+      descr="%descr%"
+      dn="%routepolicydn%"
+      name="%name%"
+      status="created"/>
+  </inConfig>
 </configConfMo>

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml
index 24b55e5..91b10a3 100644
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml
@@ -1,17 +1,17 @@
-<configConfMos 
-cookie="%cookie%"
-inHierarchical="false"> 
-    <inConfigs> 
-      <pair key="%routedn%" >
-        <routeStaticRoute 
-          dn="%routedn%"
-          id="%id%" 
-          ipAddress="%destination%"
-          ipSubnet="%netmask%" 
-          nextHopGWIp="%nexthop%"
-          nextHopIntf="%nexthopintf%"
-          routeMetric="1" 
-          status="created"/> 
-      </pair> 
-  </inConfigs> 
-</configConfMos> 
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%routedn%">
+      <routeStaticRoute
+        dn="%routepolicydn%/sroute-2"
+        id="2"
+        ipAddress="%destination%"
+        ipSubnet="%netmask%"
+        nextHopGWIp="%nexthop%"
+        nextHopIntf="%nexthopintf%"
+        routeMetric="1"
+        status="created"/>
+    </pair>
+  </inConfigs>
+</configConfMos>

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-dnat.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-dnat.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-dnat.xml
index de7305f..82af078 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-dnat.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-dnat.xml
@@ -8,7 +8,7 @@
         descr="%descr%"
         dn="%aclruledn%"
         name="%aclrulename%"
-        order="300"
+        order="%order%"
         status="created"/>
     </pair>
 

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-pf.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-pf.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-pf.xml
index 9d37552..f81f0bc 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-pf.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule-for-pf.xml
@@ -8,7 +8,7 @@
         descr="%descr%"
         dn="%aclruledn%"
         name="%aclrulename%"
-        order="300"
+        order="%order%"
         status="created"/>
     </pair>
 

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
index 57f12d0..23f05d0 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
@@ -8,7 +8,7 @@
         descr="%descr%"
         dn="%aclruledn%"
         name="%aclrulename%"
-        order="300"
+        order="%order%"
         status="created"/>
     </pair>
 

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml
index b6d2840..9a63ac7 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml
@@ -9,7 +9,7 @@
         descr="%descr%"
         dn="%natruledn%"
         name="%natrulename%"
-        order="100"
+        order="%order%"
         status="created"/>
     </pair>
 

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml
index aec191f..0e411a3 100644
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml
@@ -8,7 +8,7 @@
           descr="%descr%"
           dn="%natruledn%"
           name="%natrulename%"
-          order="100"
+          order="%order%"
           status="created"/>
       </pair>
 

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-acl-policies.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-acl-policies.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-acl-policies.xml
new file mode 100755
index 0000000..9d10da5
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-acl-policies.xml
@@ -0,0 +1,14 @@
+
+<orgResolveInScope
+  dn="%vdcdn%"
+  cookie="%cookie%"
+  inClass="policyRuleBasedPolicy"
+  inSingleLevel="false"
+  inHierarchical="false">
+    <inFilter>
+    </inFilter>
+</orgResolveInScope>
+
+<!--
+    vdcdn="org-root/org-vlan-123/org-VDC-vlan-123"
+--!>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-children.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-children.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-children.xml
new file mode 100755
index 0000000..cc98e64
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-children.xml
@@ -0,0 +1,11 @@
+<configResolveChildren
+  cookie="%cookie%"
+  inDn="%dn%"
+  inHierarchical="true">
+  <inFilter>
+  </inFilter>
+</configResolveChildren>
+
+<!--
+  dn="org-root/org-vlan-517/org-VDC-vlan-517/natpol-DNAT-vlan-517-10-147-30-235"
+--!>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java
b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java
index bbc3d22..def8225 100755
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java
@@ -16,6 +16,9 @@
 // under the License.
 package com.cloud.agent.api;
 
+import java.util.ArrayList;
+import java.util.List;
+
 /**
  * Command for creating a logical edge firewall in VNMC
  */
@@ -25,6 +28,7 @@ public class CreateLogicalEdgeFirewallCommand extends Command {
     private String _internalIp;
     private String _publicSubnet;
     private String _internalSubnet;
+    private List<String> _publicGateways;
 
     public CreateLogicalEdgeFirewallCommand(long vlanId,
             String publicIp, String internalIp,
@@ -35,6 +39,7 @@ public class CreateLogicalEdgeFirewallCommand extends Command {
         this._internalIp = internalIp;
         this._publicSubnet = publicSubnet;
         this.setInternalSubnet(internalSubnet);
+        _publicGateways = new ArrayList<String>();
     }
 
     @Override
@@ -81,4 +86,9 @@ public class CreateLogicalEdgeFirewallCommand extends Command {
     public void setInternalSubnet(String _internalSubnet) {
         this._internalSubnet = _internalSubnet;
     }
+
+    public List<String> getPublicGateways() {
+        return _publicGateways;
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
index c5961d2..abad8ad 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
@@ -37,8 +37,7 @@ public interface CiscoVnmcConnection {
             throws ExecutionException;
 
     public boolean createTenantVDCEdgeStaticRoute(String tenantName,
-            String nextHopIp, String outsideIntf, String destination,
-            String netmask) throws ExecutionException;
+            String nextHopIp, String destination, String netmask) throws ExecutionException;
 
     public boolean associateTenantVDCEdgeStaticRoutePolicy(String tenantName)
             throws ExecutionException;

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
index eac3e67..5a1755c 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
@@ -50,6 +50,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
 
     private enum VnmcXml {
         LOGIN("login.xml", "mgmt-controller"),
+
         CREATE_TENANT("create-tenant.xml", "service-reg"),
         DELETE_TENANT("delete-tenant.xml", "service-reg"),
         CREATE_VDC("create-vdc.xml", "service-reg"),
@@ -59,8 +60,9 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         CREATE_EDGE_ROUTE_POLICY("create-edge-device-route-policy.xml", "policy-mgr"),
         CREATE_EDGE_ROUTE("create-edge-device-route.xml", "policy-mgr"),
         RESOLVE_EDGE_ROUTE_POLICY("associate-route-policy.xml", "policy-mgr"),
-        RESOLVE_EDGE_DHCP_POLICY("associate-dhcp-policy.xml", "policy-mgr"),
+
         CREATE_DHCP_POLICY("create-dhcp-policy.xml", "policy-mgr"),
+        RESOLVE_EDGE_DHCP_POLICY("associate-dhcp-policy.xml", "policy-mgr"),
         RESOLVE_EDGE_DHCP_SERVER_POLICY("associate-dhcp-server.xml", "policy-mgr"),
 
         CREATE_EDGE_SECURITY_PROFILE("create-edge-security-profile.xml", "policy-mgr"),
@@ -87,10 +89,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         RESOLVE_ACL_POLICY_SET("associate-acl-policy-set.xml", "policy-mgr"),
         CREATE_ACL_POLICY("create-acl-policy.xml", "policy-mgr"),
         DELETE_ACL_POLICY("delete-acl-policy.xml", "policy-mgr"),
+        LIST_ACL_POLICIES("list-acl-policies.xml", "policy-mgr"),
         CREATE_ACL_POLICY_REF("create-acl-policy-ref.xml", "policy-mgr"),
         CREATE_INGRESS_ACL_RULE("create-ingress-acl-rule.xml", "policy-mgr"),
         DELETE_ACL_RULE("delete-acl-rule.xml", "policy-mgr"),
 
+        LIST_CHILDREN("list-children.xml", "policy-mgr"),
+
         CREATE_EDGE_FIREWALL("create-edge-firewall.xml", "resource-mgr"),
         DELETE_EDGE_FIREWALL("delete-edge-firewall.xml", "resource-mgr"),
 
@@ -188,10 +193,6 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         //FIXME: any other construct is unreliable. why?
     }
 
-    private String getDnForEdgeDeviceRoute(String tenantName, int id) {
-        return getDnForEdgeDeviceRoutingPolicy(tenantName) + "/sroute-" + id ;
-    }
-
     private String getDnForDhcpPolicy(String tenantName, String intfName) {
         return getDnForTenantVDCEdgeDeviceProfile(tenantName) + "/dhcp-" + intfName;
     }
@@ -241,7 +242,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
     }
 
     private String getNameForEdgeDeviceRoutePolicy(String tenantName) {
-        return "EDSP-" + tenantName + "-Routes";//FIXME: this has to match DN somehow?
+        return "EDSP-" + tenantName + "-Routes";
     }
 
     @Override
@@ -312,7 +313,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         String xml = VnmcXml.CREATE_EDGE_ROUTE_POLICY.getXml();
         String service = VnmcXml.CREATE_EDGE_ROUTE_POLICY.getService();
         xml = replaceXmlValue(xml, "cookie", _cookie);
-        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceRoutePolicy(tenantName));//FIXME:
this has to match DN somehow?
+        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceRoutePolicy(tenantName));
         xml = replaceXmlValue(xml, "routepolicydn", getDnForEdgeDeviceRoutingPolicy(tenantName));
         xml = replaceXmlValue(xml, "descr", "Routing Policy for Edge Device for Tenant "
+ tenantName);
 
@@ -321,16 +322,14 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection
{
    }
 
     @Override
-    public boolean createTenantVDCEdgeStaticRoute(String tenantName, 
-            String nextHopIp, String outsideIntf,
-            String destination, String netmask) throws ExecutionException {
+    public boolean createTenantVDCEdgeStaticRoute(String tenantName,
+            String nextHopIp, String destination, String netmask) throws ExecutionException
{
         String xml = VnmcXml.CREATE_EDGE_ROUTE.getXml();
         String service = VnmcXml.CREATE_EDGE_ROUTE.getService();
         xml = replaceXmlValue(xml, "cookie", _cookie);
-        xml = replaceXmlValue(xml, "routedn", getDnForEdgeDeviceRoute(tenantName, 2));//TODO:
why 2?
-        xml = replaceXmlValue(xml, "id", "2"); // TODO:2?
+        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceRoutePolicy(tenantName));
         xml = replaceXmlValue(xml, "nexthop", nextHopIp);
-        xml = replaceXmlValue(xml, "nexthopintf", outsideIntf);
+        xml = replaceXmlValue(xml, "nexthopintf", getNameForEdgeOutsideIntf(tenantName));
         xml = replaceXmlValue(xml, "destination", destination);
         xml = replaceXmlValue(xml, "netmask", netmask);
 
@@ -345,8 +344,8 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         String xml = VnmcXml.RESOLVE_EDGE_ROUTE_POLICY.getXml();
         String service = VnmcXml.RESOLVE_EDGE_ROUTE_POLICY.getService();
         xml = replaceXmlValue(xml, "cookie", _cookie);
-        xml = replaceXmlValue(xml, "profilename", getNameForEdgeDeviceServiceProfile(tenantName));
-        xml = replaceXmlValue(xml, "profiledn", getDnForTenantVDC(tenantName) + "/edsp-"
+ getNameForEdgeDeviceServiceProfile(tenantName));
+        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceServiceProfile(tenantName));
+        xml = replaceXmlValue(xml, "dn", getDnForTenantVDCEdgeDeviceProfile(tenantName));
         xml = replaceXmlValue(xml, "routepolicyname", getNameForEdgeDeviceRoutePolicy(tenantName));
 
         String response =  sendRequest(service, xml);
@@ -488,6 +487,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         xml = replaceXmlValue(xml, "srcendip", endSourceIp);
         xml = replaceXmlValue(xml, "ippoolname", getNameForSourceNatIpPool(tenantName));
 
+        List<String> rules = listChildren(getDnForSourceNatPolicy(tenantName));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
         String response =  sendRequest(service, xml);
         return verifySuccess(response);
     }
@@ -610,6 +616,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         xml = replaceXmlValue(xml, "aclpolicydn", getDnForAclPolicy(tenantName, identifier));
         xml = replaceXmlValue(xml, "aclpolicyrefdn", getDnForAclPolicyRef(tenantName, identifier,
ingress));
 
+        List<String> policies = listAclPolicies(tenantName);
+        int order = 100;
+        if (policies != null) {
+            order += policies.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
         String response =  sendRequest(service, xml);
         return verifySuccess(response);
     }
@@ -675,6 +688,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         xml = replaceXmlValue(xml, "destendport", destEndPort);
         xml = replaceXmlValue(xml, "destip", destIp);
 
+        List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
         String response =  sendRequest(service, xml);
         return verifySuccess(response);
     }
@@ -783,7 +803,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         xml = replaceXmlValue(xml, "cookie", _cookie);
         xml = replaceXmlValue(xml, "vdcdn", getDnForTenantVDC(tenantName));
 
-        String response =  sendRequest(service, xml);
+        String response = sendRequest(service, xml);
 
         List<String> result = new ArrayList<String>();
         Document xmlDoc = getDocument(response);
@@ -797,6 +817,48 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         return result;
     }
 
+    private List<String> listAclPolicies(String tenantName) throws ExecutionException
{
+
+        String xml = VnmcXml.LIST_ACL_POLICIES.getXml();
+        String service = VnmcXml.LIST_ACL_POLICIES.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "vdcdn", getDnForTenantVDC(tenantName));
+
+        String response = sendRequest(service, xml);
+
+        List<String> result = new ArrayList<String>();
+        Document xmlDoc = getDocument(response);
+        xmlDoc.normalize();
+        NodeList policyList = xmlDoc.getElementsByTagName("pair");
+        for (int i=0; i < policyList.getLength(); i++) {
+            Node policyNode = policyList.item(i);
+            result.add(policyNode.getAttributes().getNamedItem("key").getNodeValue());
+        }
+
+        return result;
+    }
+
+    private List<String> listChildren(String dn) throws ExecutionException {
+
+        String xml = VnmcXml.LIST_CHILDREN.getXml();
+        String service = VnmcXml.LIST_CHILDREN.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "dn", dn);
+
+        String response = sendRequest(service, xml);
+
+        List<String> result = new ArrayList<String>();
+        Document xmlDoc = getDocument(response);
+        xmlDoc.normalize();
+        NodeList policyList = xmlDoc.getElementsByTagName("policyRule");
+        for (int i=0; i < policyList.getLength(); i++) {
+            Node policyNode = policyList.item(i);
+            result.add(policyNode.getAttributes().getNamedItem("name").getNodeValue());
+        }
+
+        return result;
+    }
+
     @Override
     public boolean createTenantVDCPFPortPool(String tenantName, String identifier,
             String startPort, String endPort) throws ExecutionException {
@@ -855,6 +917,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         xml = replaceXmlValue(xml, "endport", endPort);
         xml = replaceXmlValue(xml, "protocolvalue", protocol);
 
+        List<String> rules = listChildren(getDnForPFPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
         String response =  sendRequest(service, xml);
         return verifySuccess(response);
     }
@@ -867,14 +936,22 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection
{
         String xml = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_PF.getXml();
         String service = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_PF.getService();
         xml = replaceXmlValue(xml, "cookie", _cookie);
-        xml = replaceXmlValue(xml, "natruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
-        xml = replaceXmlValue(xml, "natrulename", getNameForAclRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
         xml = replaceXmlValue(xml, "descr", "ACL rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "actiontype", "permit");
         xml = replaceXmlValue(xml, "protocolvalue", protocol);
         xml = replaceXmlValue(xml, "ip", publicIp);
         xml = replaceXmlValue(xml, "startport", startPort);
         xml = replaceXmlValue(xml, "endport", endPort);
 
+        List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
         String response =  sendRequest(service, xml);
         return verifySuccess(response);
     }
@@ -952,6 +1029,13 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection
{
         xml = replaceXmlValue(xml, "ippoolname", getNameForDNatIpPool(tenantName, policyIdentifier
+ "-" + identifier));
         xml = replaceXmlValue(xml, "ip", publicIp);
 
+        List<String> rules = listChildren(getDnForDNatPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
         String response =  sendRequest(service, xml);
         return verifySuccess(response);
     }
@@ -963,11 +1047,19 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection
{
         String xml = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_DNAT.getXml();
         String service = VnmcXml.CREATE_INGRESS_ACL_RULE_FOR_DNAT.getService();
         xml = replaceXmlValue(xml, "cookie", _cookie);
-        xml = replaceXmlValue(xml, "natruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
-        xml = replaceXmlValue(xml, "natrulename", getNameForAclRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
         xml = replaceXmlValue(xml, "descr", "ACL rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "actiontype", "permit");
         xml = replaceXmlValue(xml, "ip", publicIp);
 
+        List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
         String response =  sendRequest(service, xml);
         return verifySuccess(response);
     }

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
index 0e6b138..72d51c3 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
@@ -60,6 +60,7 @@ import com.cloud.dc.ClusterVSMMapVO;
 import com.cloud.dc.DataCenter;
 import com.cloud.dc.Vlan;
 import com.cloud.dc.DataCenter.NetworkType;
+import com.cloud.dc.VlanVO;
 import com.cloud.dc.dao.ClusterDao;
 import com.cloud.dc.dao.ClusterVSMMapDao;
 import com.cloud.dc.dao.VlanDao;
@@ -116,6 +117,7 @@ import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.vm.NicProfile;
 import com.cloud.vm.ReservationContext;
 import com.cloud.vm.VirtualMachine;
+import com.cloud.vm.VirtualMachine.Type;
 import com.cloud.vm.VirtualMachineProfile;
 
 @Local(value = NetworkElement.class)
@@ -159,7 +161,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
     @Inject
     NetworkAsa1000vMapDao _networkAsa1000vMapDao;
 
-    private boolean canHandle(Network network) {
+    protected boolean canHandle(Network network) {
         if (network.getBroadcastDomainType() != BroadcastDomainType.Vlan) {
             return false; //TODO: should handle VxLAN as well
         }
@@ -206,8 +208,11 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
     }
 
     private boolean createLogicalEdgeFirewall(long vlanId, String gateway,
-            String publicIp, long hostId) {
+            String publicIp, List<String> publicGateways, long hostId) {
         CreateLogicalEdgeFirewallCommand cmd = new CreateLogicalEdgeFirewallCommand(vlanId,
publicIp, gateway, "255.255.255.0", "255.255.255.0");
+        for (String publicGateway : publicGateways) {
+            cmd.getPublicGateways().add(publicGateway);
+        }
         Answer answer = _agentMgr.easySend(hostId, cmd);
         return answer.getResult();
     }
@@ -318,8 +323,16 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
             String vlan = network.getBroadcastUri().getHost();
             long vlanId = Long.parseLong(vlan);
 
+            List<VlanVO> vlanVOList = _vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId());
+            List<String> publicGateways = new ArrayList<String>();
+            for (VlanVO vlanVO : vlanVOList) {
+                publicGateways.add(vlanVO.getVlanGateway());
+            }
+
             // create logical edge firewall in VNMC
-            if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), sourceNatIp.getAddress().addr(),
ciscoVnmcHost.getId())) {
+            //String insideIp = _networkMgr.acquireGuestIpAddress(network, null);
+            //if (!createLogicalEdgeFirewall(vlanId, insideIp, sourceNatIp.getAddress().addr(),
ciscoVnmcHost.getId())) {
+            if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), sourceNatIp.getAddress().addr(),
publicGateways, ciscoVnmcHost.getId())) {
                 s_logger.error("Failed to create logical edge firewall in Cisco VNMC device
for network " + network.getName());
                 return false;
             }
@@ -364,7 +377,16 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
             DeployDestination dest, ReservationContext context)
             throws ConcurrentOperationException, ResourceUnavailableException,
             InsufficientCapacityException {
-        //Ensure that there is an ASA 1000v assigned to this network
+        if (vm.getType() != Type.User) {
+            return false;
+        }
+
+        // ensure that there is an ASA 1000v assigned to this network
+        NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
+        if (asaForNetwork == null) {
+            return false;
+        }
+
         return true;
     }
 
@@ -373,16 +395,21 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
             VirtualMachineProfile<? extends VirtualMachine> vm,
             ReservationContext context) throws ConcurrentOperationException,
             ResourceUnavailableException {
-        // TODO Auto-generated method stub
-        return false;
+        return true;
     }
 
     @Override
     public boolean shutdown(Network network, ReservationContext context,
             boolean cleanup) throws ConcurrentOperationException,
             ResourceUnavailableException {
-        // TODO Auto-generated method stub
-        return false;
+
+        unassignAsa1000vFromNetwork(network);
+        // disassociateAsaFromLogicalEdgeFirewall()
+        // delete ACL and NAT policies
+        // delete logical edge firewall
+        // delete tenant/VDC
+
+        return true;
     }
 
     @Override
@@ -416,8 +443,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
     @Override
     public boolean destroy(Network network, ReservationContext context)
             throws ConcurrentOperationException, ResourceUnavailableException {
-        // TODO Auto-generated method stub
-        return false;
+        return true;
     }
 
     @Override
@@ -574,11 +600,9 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
         return responseList;
     }
 
-    
     @Override
     public IpDeployer getIpDeployer(Network network) {
-        // TODO Auto-generated method stub
-        return null;
+        return this;
     }
 
     @Override
@@ -878,4 +902,10 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
         return null;
     }
 
+    private void unassignAsa1000vFromNetwork(Network network) {
+        NetworkAsa1000vMapVO networkAsaMap = _networkAsa1000vMapDao.findByNetworkId(network.getId());
+        if (networkAsaMap != null) {
+            _networkAsa1000vMapDao.remove(networkAsaMap.getId());
+        }
+    }
 }

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/aa94eca5/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
index e49952e..16aaed2 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
@@ -182,7 +182,7 @@ public class CiscoVnmcResource implements ServerResource{
 
     }
 
-    public StartupCommand[] initialize() {   
+    public StartupCommand[] initialize() {
         StartupExternalFirewallCommand cmd = new StartupExternalFirewallCommand();
         cmd.setName(_name);
         cmd.setDataCenter(_zoneId);
@@ -581,6 +581,26 @@ public class CiscoVnmcResource implements ServerResource{
         return execute(cmd, _numRetries);
     }
 
+    private void createEdgeDeviceProfile(String tenant, List<String> gateways, Long
vlanId) throws Exception {
+        // create edge device profile
+        if (!_connection.createTenantVDCEdgeDeviceProfile(tenant))
+            throw new Exception("Failed to create tenant edge device profile in VNMC for
guest network with vlan " + vlanId);
+
+        // create edge static route policy
+        if (!_connection.createTenantVDCEdgeStaticRoutePolicy(tenant))
+            throw new Exception("Failed to create tenant edge static route policy in VNMC
for guest network with vlan " + vlanId);
+
+        // create edge static route for all gateways
+        for (String gateway : gateways) {
+            if (!_connection.createTenantVDCEdgeStaticRoute(tenant, gateway, "0.0.0.0", "0.0.0.0"))
+                throw new Exception("Failed to create tenant edge static route in VNMC for
guest network with vlan " + vlanId);
+        }
+
+        // associate edge 
+        if (!_connection.associateTenantVDCEdgeStaticRoutePolicy(tenant))
+            throw new Exception("Failed to associate edge static route policy with edge device
profile in VNMC for guest network with vlan " + vlanId);
+    }
+
     private Answer execute(CreateLogicalEdgeFirewallCommand cmd, int numRetries) {
         String tenant = "vlan-" + cmd.getVlanId();
         try {
@@ -596,6 +616,9 @@ public class CiscoVnmcResource implements ServerResource{
             if (!_connection.createTenantVDCEdgeSecurityProfile(tenant))
                 throw new Exception("Failed to create tenant edge security profile in VNMC
for guest network with vlan " + cmd.getVlanId());
 
+            // create edge device profile and associated route
+            createEdgeDeviceProfile(tenant, cmd.getPublicGateways(), cmd.getVlanId());
+
             // create logical edge firewall
             if (!_connection.createEdgeFirewall(tenant, cmd.getPublicIp(), cmd.getInternalIp(),
cmd.getPublicSubnet(), cmd.getInternalSubnet()))
                 throw new Exception("Failed to create edge firewall in VNMC for guest network
with vlan " + cmd.getVlanId());


Mime
View raw message