cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sate...@apache.org
Subject [01/50] [abbrv] git commit: updated refs/heads/vmware-datamodel to d07f875
Date Sun, 19 May 2013 12:05:32 GMT
Updated Branches:
  refs/heads/vmware-datamodel 57444fcb6 -> d07f87548


CLOUDSTACK-2509: [Cisco VNMC]No way to block incoming traffic as ACL created with PF/Static
Nat is Source is Any
No longer creating firewall rule as part of PF/Static NAT rule creation. Now firewall rule
needs to be configured separately.
Also made some changes to exception handling.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/5511eb24
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/5511eb24
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/5511eb24

Branch: refs/heads/vmware-datamodel
Commit: 5511eb241af775efa59d4fdeb597d2b335b50739
Parents: 265acca
Author: Koushik Das <koushik.das@citrix.com>
Authored: Thu May 16 09:20:41 2013 +0530
Committer: Koushik Das <koushik.das@citrix.com>
Committed: Thu May 16 09:20:41 2013 +0530

----------------------------------------------------------------------
 .../network/cisco/create-egress-acl-rule.xml       |   10 +-
 .../create-generic-egress-acl-no-protocol-rule.xml |   10 +-
 .../cisco/create-generic-egress-acl-rule.xml       |   10 +-
 .../cloud/network/cisco/CiscoVnmcConnection.java   |    4 +-
 .../network/cisco/CiscoVnmcConnectionImpl.java     |   12 +-
 .../cloud/network/resource/CiscoVnmcResource.java  |  149 +++++++--------
 6 files changed, 88 insertions(+), 107 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5511eb24/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
index 05c066d..f283ffe 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
@@ -80,7 +80,7 @@ under the License.
     </pair>
     <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
       <policyNwAttrQualifier
-        attrEp="destination"
+        attrEp="source"
         dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
         status="created"/>
     </pair>
@@ -93,7 +93,7 @@ under the License.
         name=""
         placement="begin"
         status="created"
-        value="%deststartip%"/>
+        value="%sourcestartip%"/>
     </pair>
     <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
       <policyIPAddress
@@ -104,7 +104,7 @@ under the License.
         name=""
         placement="end"
         status="created"
-        value="%destendip%"/>
+        value="%sourceendip%"/>
     </pair>
 
     <pair key="%aclruledn%/rule-cond-4">
@@ -161,8 +161,8 @@ under the License.
     descr=value
     actiontype="drop" or "permit"
     protocolvalue = "TCP" or "UDP"
-    deststartip="destination start ip"
-    destendip="destination end ip"
+    sourcestartip="source start ip"
+    sourceendip="source end ip"
     deststartport="start port at destination"
     destendport="end port at destination"
 --!>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5511eb24/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-no-protocol-rule.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-no-protocol-rule.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-no-protocol-rule.xml
index 17cfa54..e6f4cfb 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-no-protocol-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-no-protocol-rule.xml
@@ -54,7 +54,7 @@ under the License.
     </pair>
     <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-attr-qual">
       <policyNwAttrQualifier
-        attrEp="destination"
+        attrEp="source"
         dn="%aclruledn%/rule-cond-2/nw-expr2/nw-attr-qual"
         status="created"/>
     </pair>
@@ -67,7 +67,7 @@ under the License.
         name=""
         placement="begin"
         status="created"
-        value="%deststartip%"/>
+        value="%sourcestartip%"/>
     </pair>
     <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-ip-3">
       <policyIPAddress
@@ -78,7 +78,7 @@ under the License.
         name=""
         placement="end"
         status="created"
-        value="%destendip%"/>
+        value="%sourceendip%"/>
     </pair>
 
   </inConfigs>
@@ -89,6 +89,6 @@ under the License.
     aclrulename="dummy"
     descr=value
     actiontype="drop" or "permit"
-    deststartip="destination start ip"
-    destendip="destination end ip"
+    sourcestartip="source start ip"
+    sourceendip="source end ip"
 --!>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5511eb24/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
index 436e3ea..55edd1f 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
@@ -80,7 +80,7 @@ under the License.
     </pair>
     <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
       <policyNwAttrQualifier
-        attrEp="destination"
+        attrEp="source"
         dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
         status="created"/>
     </pair>
@@ -93,7 +93,7 @@ under the License.
         name=""
         placement="begin"
         status="created"
-        value="%deststartip%"/>
+        value="%sourcestartip%"/>
     </pair>
     <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
       <policyIPAddress
@@ -104,7 +104,7 @@ under the License.
         name=""
         placement="end"
         status="created"
-        value="%destendip%"/>
+        value="%sourceendip%"/>
     </pair>
 
   </inConfigs>
@@ -116,6 +116,6 @@ under the License.
     descr=value
     actiontype="drop" or "permit"
     protocolvalue = "TCP" or "UDP" or "ICMP"
-    deststartip="destination start ip"
-    destendip="destination end ip"
+    sourcestartip="source start ip"
+    sourceendip="source end ip"
 --!>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5511eb24/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
index fed6724..28e2535 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
@@ -150,13 +150,13 @@ public interface CiscoVnmcConnection {
 
     public boolean createTenantVDCEgressAclRule(String tenantName,
             String identifier, String policyIdentifier,
-            String protocol, String destStartIp, String destEndIp,
+            String protocol, String sourceStartIp, String sourceEndIp,
             String destStartPort, String destEndPort)
             throws ExecutionException;
 
     public boolean createTenantVDCEgressAclRule(String tenantName,
             String identifier, String policyIdentifier,
-            String protocol, String destStartIp, String destEndIp)
+            String protocol, String sourceStartIp, String sourceEndIp)
             throws ExecutionException;
 
     public boolean deleteTenantVDCAclRule(String tenantName,

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5511eb24/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
index 0e57cae..a9e8cf6 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
@@ -729,7 +729,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
     @Override
     public boolean createTenantVDCEgressAclRule(String tenantName,
             String identifier, String policyIdentifier,
-            String protocol, String destStartIp, String destEndIp,
+            String protocol, String sourceStartIp, String sourceEndIp,
             String destStartPort, String destEndPort) throws ExecutionException {
         String xml = VnmcXml.CREATE_EGRESS_ACL_RULE.getXml();
         String service = VnmcXml.CREATE_EGRESS_ACL_RULE.getService();
@@ -740,8 +740,8 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         xml = replaceXmlValue(xml, "descr", "Egress ACL rule for Tenant VDC " + tenantName);
         xml = replaceXmlValue(xml, "actiontype", "permit");
         xml = replaceXmlValue(xml, "protocolvalue", protocol);
-        xml = replaceXmlValue(xml, "deststartip", destStartIp);
-        xml = replaceXmlValue(xml, "destendip", destEndIp);
+        xml = replaceXmlValue(xml, "sourcestartip", sourceStartIp);
+        xml = replaceXmlValue(xml, "sourceendip", sourceEndIp);
         xml = replaceXmlValue(xml, "deststartport", destStartPort);
         xml = replaceXmlValue(xml, "destendport", destEndPort);
 
@@ -759,7 +759,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
     @Override
     public boolean createTenantVDCEgressAclRule(String tenantName,
             String identifier, String policyIdentifier,
-            String protocol, String destStartIp, String destEndIp) throws ExecutionException
{
+            String protocol, String sourceStartIp, String sourceEndIp) throws ExecutionException
{
         String xml = VnmcXml.CREATE_GENERIC_EGRESS_ACL_RULE.getXml();
         String service = VnmcXml.CREATE_GENERIC_EGRESS_ACL_RULE.getService();
         if (protocol.equalsIgnoreCase("all")) { // any protocol
@@ -773,8 +773,8 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
         xml = replaceXmlValue(xml, "descr", "Egress ACL rule for Tenant VDC " + tenantName);
         xml = replaceXmlValue(xml, "actiontype", "permit");
-        xml = replaceXmlValue(xml, "deststartip", destStartIp);
-        xml = replaceXmlValue(xml, "destendip", destEndIp);
+        xml = replaceXmlValue(xml, "sourcestartip", sourceStartIp);
+        xml = replaceXmlValue(xml, "sourceendip", sourceEndIp);
 
         List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
         int order = 100;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5511eb24/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
index 176fdc4..29bbbe6 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
@@ -60,6 +60,7 @@ import com.cloud.utils.Pair;
 import com.cloud.utils.cisco.n1kv.vsm.NetconfHelper;
 import com.cloud.utils.cisco.n1kv.vsm.VsmCommand.OperationType;
 import com.cloud.utils.cisco.n1kv.vsm.VsmCommand.SwitchPortMode;
+import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.exception.ExecutionException;
 import com.cloud.utils.net.NetUtils;
 
@@ -280,30 +281,30 @@ public class CiscoVnmcResource implements ServerResource {
         String policyIdentifier = cmd.getIpAddress().getPublicIp().replace('.', '-');
         try {
             if (!_connection.createTenantVDCNatPolicySet(tenant)) {
-                throw new Exception("Failed to create NAT policy set in VNMC for guest network
with vlan " + vlanId);
+                throw new ExecutionException("Failed to create NAT policy set in VNMC for
guest network with vlan " + vlanId);
             }
 
             if (!_connection.createTenantVDCSourceNatPolicy(tenant, policyIdentifier)) {
-                throw new Exception("Failed to create source NAT policy in VNMC for guest
network with vlan " + vlanId);
+                throw new ExecutionException("Failed to create source NAT policy in VNMC
for guest network with vlan " + vlanId);
             }
 
             if (!_connection.createTenantVDCSourceNatPolicyRef(tenant, policyIdentifier))
{
-                throw new Exception("Failed to associate source NAT policy with NAT policy
set in VNMC for guest network with vlan " + vlanId);
+                throw new ExecutionException("Failed to associate source NAT policy with
NAT policy set in VNMC for guest network with vlan " + vlanId);
             }
 
             if (!_connection.createTenantVDCSourceNatIpPool(tenant, policyIdentifier, cmd.getIpAddress().getPublicIp()))
{
-                throw new Exception("Failed to create source NAT ip pool in VNMC for guest
network with vlan " + vlanId);
+                throw new ExecutionException("Failed to create source NAT ip pool in VNMC
for guest network with vlan " + vlanId);
             }
 
             String[] ipRange = getIpRangeFromCidr(cmd.getContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR));
             if (!_connection.createTenantVDCSourceNatRule(tenant, policyIdentifier, ipRange[0],
ipRange[1])) {
-                throw new Exception("Failed to create source NAT rule in VNMC for guest network
with vlan " + vlanId);
+                throw new ExecutionException("Failed to create source NAT rule in VNMC for
guest network with vlan " + vlanId);
             }
 
             if (!_connection.associateNatPolicySet(tenant)) {
-                throw new Exception("Failed to associate source NAT policy set with edge
security profile in VNMC for guest network with vlan " + vlanId);
+                throw new ExecutionException("Failed to associate source NAT policy set with
edge security profile in VNMC for guest network with vlan " + vlanId);
             }
-        } catch (Throwable e) {
+        } catch (ExecutionException e) {
             String msg = "SetSourceNatCommand failed due to " + e.getMessage();
             s_logger.error(msg, e);
             return new Answer(cmd, false, msg);
@@ -337,29 +338,29 @@ public class CiscoVnmcResource implements ServerResource {
 
         try {
             if (!_connection.createTenantVDCAclPolicySet(tenant, true)) {
-                throw new Exception("Failed to create ACL ingress policy set in VNMC for
guest network with vlan " + vlanId);
+                throw new ExecutionException("Failed to create ACL ingress policy set in
VNMC for guest network with vlan " + vlanId);
             }
             if (!_connection.createTenantVDCAclPolicySet(tenant, false)) {
-                throw new Exception("Failed to create ACL egress policy set in VNMC for guest
network with vlan " + vlanId);
+                throw new ExecutionException("Failed to create ACL egress policy set in VNMC
for guest network with vlan " + vlanId);
             }
 
             for (String publicIp : publicIpRulesMap.keySet()) {
                 String policyIdentifier = publicIp.replace('.', '-');
 
                 if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
-                    throw new Exception("Failed to create ACL policy in VNMC for guest network
with vlan " + vlanId);
+                    throw new ExecutionException("Failed to create ACL policy in VNMC for
guest network with vlan " + vlanId);
                 }
                 if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true))
{
-                    throw new Exception("Failed to associate ACL policy with ACL ingress
policy set in VNMC for guest network with vlan " + vlanId);
+                    throw new ExecutionException("Failed to associate ACL policy with ACL
ingress policy set in VNMC for guest network with vlan " + vlanId);
                 }
                 if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false))
{
-                    throw new Exception("Failed to associate ACL policy with ACL egress policy
set in VNMC for guest network with vlan " + vlanId);
+                    throw new ExecutionException("Failed to associate ACL policy with ACL
egress policy set in VNMC for guest network with vlan " + vlanId);
                 }
 
                 for (FirewallRuleTO rule : publicIpRulesMap.get(publicIp)) {
                     if (rule.revoked()) {
                         if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()),
policyIdentifier)) {
-                            throw new Exception("Failed to delete ACL rule in VNMC for guest
network with vlan " + vlanId);
+                            throw new ExecutionException("Failed to delete ACL rule in VNMC
for guest network with vlan " + vlanId);
                         }
                     } else {
                         String[] externalIpRange = getIpRangeFromCidr(rule.getSourceCidrList().get(0));
@@ -370,13 +371,13 @@ public class CiscoVnmcResource implements ServerResource {
                                         Long.toString(rule.getId()), policyIdentifier,
                                         rule.getProtocol().toUpperCase(), externalIpRange[0],
externalIpRange[1],
                                         Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1])))
{
-                                    throw new Exception("Failed to create ACL ingress rule
in VNMC for guest network with vlan " + vlanId);
+                                    throw new ExecutionException("Failed to create ACL ingress
rule in VNMC for guest network with vlan " + vlanId);
                                 }
                             } else {
                                 if (!_connection.createTenantVDCIngressAclRule(tenant,
                                         Long.toString(rule.getId()), policyIdentifier,
                                         rule.getProtocol().toUpperCase(), externalIpRange[0],
externalIpRange[1])) {
-                                    throw new Exception("Failed to create ACL ingress rule
in VNMC for guest network with vlan " + vlanId);
+                                    throw new ExecutionException("Failed to create ACL ingress
rule in VNMC for guest network with vlan " + vlanId);
                                 }
                             }
                         } else {
@@ -387,13 +388,13 @@ public class CiscoVnmcResource implements ServerResource {
                                         rule.getProtocol().toUpperCase(),
                                         externalIpRange[0], externalIpRange[1],
                                         Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1])))
{
-                                    throw new Exception("Failed to create ACL egress rule
in VNMC for guest network with vlan " + vlanId);
+                                    throw new ExecutionException("Failed to create ACL egress
rule in VNMC for guest network with vlan " + vlanId);
                                 }
                             } else {
                                 if (!_connection.createTenantVDCEgressAclRule(tenant,
                                         Long.toString(rule.getId()), policyIdentifier,
                                         rule.getProtocol().toUpperCase(), externalIpRange[0],
externalIpRange[1])) {
-                                    throw new Exception("Failed to create ACL egress rule
in VNMC for guest network with vlan " + vlanId);
+                                    throw new ExecutionException("Failed to create ACL egress
rule in VNMC for guest network with vlan " + vlanId);
                                 }
                             }
                         }
@@ -402,9 +403,9 @@ public class CiscoVnmcResource implements ServerResource {
             }
 
             if (!_connection.associateAclPolicySet(tenant)) {
-                throw new Exception("Failed to associate ACL policy set with edge security
profile in VNMC for guest network with vlan " + vlanId);
+                throw new ExecutionException("Failed to associate ACL policy set with edge
security profile in VNMC for guest network with vlan " + vlanId);
             }
-        } catch (Throwable e) {
+        } catch (ExecutionException e) {
             String msg = "SetFirewallRulesCommand failed due to " + e.getMessage();
             s_logger.error(msg, e);
             return new Answer(cmd, false, msg);
@@ -438,69 +439,60 @@ public class CiscoVnmcResource implements ServerResource {
 
         try {
             if (!_connection.createTenantVDCNatPolicySet(tenant)) {
-                throw new Exception("Failed to create NAT policy set in VNMC for guest network
with vlan " + vlanId);
+                throw new ExecutionException("Failed to create NAT policy set in VNMC for
guest network with vlan " + vlanId);
             }
 
             if (!_connection.createTenantVDCAclPolicySet(tenant, true)) {
-                throw new Exception("Failed to create ACL ingress policy set in VNMC for
guest network with vlan " + vlanId);
+                throw new ExecutionException("Failed to create ACL ingress policy set in
VNMC for guest network with vlan " + vlanId);
             }
 
             if (!_connection.createTenantVDCAclPolicySet(tenant, false)) {
-                throw new Exception("Failed to create ACL egress policy set in VNMC for guest
network with vlan " + vlanId);
+                throw new ExecutionException("Failed to create ACL egress policy set in VNMC
for guest network with vlan " + vlanId);
             }
 
             for (String publicIp : publicIpRulesMap.keySet()) {
                 String policyIdentifier = publicIp.replace('.', '-');
 
                 if (!_connection.createTenantVDCDNatPolicy(tenant, policyIdentifier)) {
-                    throw new Exception("Failed to create DNAT policy in VNMC for guest network
with vlan " + vlanId);
+                    throw new ExecutionException("Failed to create DNAT policy in VNMC for
guest network with vlan " + vlanId);
                 }
                 if (!_connection.createTenantVDCDNatPolicyRef(tenant, policyIdentifier))
{
-                    throw new Exception("Failed to associate DNAT policy with NAT policy
set in VNMC for guest network with vlan " + vlanId);
+                    throw new ExecutionException("Failed to associate DNAT policy with NAT
policy set in VNMC for guest network with vlan " + vlanId);
                 }
 
                 if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
-                    throw new Exception("Failed to create ACL policy in VNMC for guest network
with vlan " + vlanId);
+                    throw new ExecutionException("Failed to create ACL policy in VNMC for
guest network with vlan " + vlanId);
                 }
                 if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true))
{
-                    throw new Exception("Failed to associate ACL policy with ACL ingress
policy set in VNMC for guest network with vlan " + vlanId);
+                    throw new ExecutionException("Failed to associate ACL policy with ACL
ingress policy set in VNMC for guest network with vlan " + vlanId);
                 }
                 if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false))
{
-                    throw new Exception("Failed to associate ACL policy with ACL egress policy
set in VNMC for guest network with vlan " + vlanId);
+                    throw new ExecutionException("Failed to associate ACL policy with ACL
egress policy set in VNMC for guest network with vlan " + vlanId);
                 }
 
                 for (StaticNatRuleTO rule : publicIpRulesMap.get(publicIp)) {
                     if (rule.revoked()) {
                         if (!_connection.deleteTenantVDCDNatRule(tenant, Long.toString(rule.getId()),
policyIdentifier)) {
-                            throw new Exception("Failed to delete DNAT rule in VNMC for guest
network with vlan " + vlanId);
-                        }
-
-                        if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()),
policyIdentifier)) {
-                            throw new Exception("Failed to delete ACL ingress rule for DNAT
in VNMC for guest network with vlan " + vlanId);
+                            throw new ExecutionException("Failed to delete DNAT rule in VNMC
for guest network with vlan " + vlanId);
                         }
                     } else {
                         if (!_connection.createTenantVDCDNatIpPool(tenant, Long.toString(rule.getId()),
rule.getDstIp())) {
-                            throw new Exception("Failed to create DNAT ip pool in VNMC for
guest network with vlan " + vlanId);
+                            throw new ExecutionException("Failed to create DNAT ip pool in
VNMC for guest network with vlan " + vlanId);
                         }
 
                         if (!_connection.createTenantVDCDNatRule(tenant,
                                 Long.toString(rule.getId()), policyIdentifier, rule.getSrcIp()))
{
-                            throw new Exception("Failed to create DNAT rule in VNMC for guest
network with vlan " + vlanId);
-                        }
-
-                        if (!_connection.createTenantVDCAclRuleForDNat(tenant,
-                                Long.toString(rule.getId()), policyIdentifier, rule.getDstIp()))
{
-                            throw new Exception("Failed to create ACL rule for DNAT in VNMC
for guest network with vlan " + vlanId);
+                            throw new ExecutionException("Failed to create DNAT rule in VNMC
for guest network with vlan " + vlanId);
                         }
                     }
                 }
             }
 
             if (!_connection.associateAclPolicySet(tenant)) {
-                throw new Exception("Failed to associate source NAT policy set with edge
security profile in VNMC for guest network with vlan " + vlanId);
+                throw new ExecutionException("Failed to associate source NAT policy set with
edge security profile in VNMC for guest network with vlan " + vlanId);
             }
-        } catch (Throwable e) {
-            String msg = "SetSourceNatCommand failed due to " + e.getMessage();
+        } catch (ExecutionException e) {
+            String msg = "SetStaticNatRulesCommand failed due to " + e.getMessage();
             s_logger.error(msg, e);
             return new Answer(cmd, false, msg);
         }
@@ -533,77 +525,66 @@ public class CiscoVnmcResource implements ServerResource {
 
         try {
             if (!_connection.createTenantVDCNatPolicySet(tenant)) {
-                throw new Exception("Failed to create NAT policy set in VNMC for guest network
with vlan " + vlanId);
+                throw new ExecutionException("Failed to create NAT policy set in VNMC for
guest network with vlan " + vlanId);
             }
 
             if (!_connection.createTenantVDCAclPolicySet(tenant, true)) {
-                throw new Exception("Failed to create ACL ingress policy set in VNMC for
guest network with vlan " + vlanId);
+                throw new ExecutionException("Failed to create ACL ingress policy set in
VNMC for guest network with vlan " + vlanId);
             }
 
             if (!_connection.createTenantVDCAclPolicySet(tenant, false)) {
-                throw new Exception("Failed to create ACL egress policy set in VNMC for guest
network with vlan " + vlanId);
+                throw new ExecutionException("Failed to create ACL egress policy set in VNMC
for guest network with vlan " + vlanId);
             }
 
             for (String publicIp : publicIpRulesMap.keySet()) {
                 String policyIdentifier = publicIp.replace('.', '-');
 
                 if (!_connection.createTenantVDCPFPolicy(tenant, policyIdentifier)) {
-                    throw new Exception("Failed to create PF policy in VNMC for guest network
with vlan " + vlanId);
+                    throw new ExecutionException("Failed to create PF policy in VNMC for
guest network with vlan " + vlanId);
                 }
                 if (!_connection.createTenantVDCPFPolicyRef(tenant, policyIdentifier)) {
-                    throw new Exception("Failed to associate PF policy with NAT policy set
in VNMC for guest network with vlan " + vlanId);
+                    throw new ExecutionException("Failed to associate PF policy with NAT
policy set in VNMC for guest network with vlan " + vlanId);
                 }
 
                 if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
-                    throw new Exception("Failed to create ACL policy in VNMC for guest network
with vlan " + vlanId);
+                    throw new ExecutionException("Failed to create ACL policy in VNMC for
guest network with vlan " + vlanId);
                 }
                 if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true))
{
-                    throw new Exception("Failed to associate ACL policy with ACL ingress
policy set in VNMC for guest network with vlan " + vlanId);
+                    throw new ExecutionException("Failed to associate ACL policy with ACL
ingress policy set in VNMC for guest network with vlan " + vlanId);
                 }
                 if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false))
{
-                    throw new Exception("Failed to associate ACL policy with ACL egress policy
set in VNMC for guest network with vlan " + vlanId);
+                    throw new ExecutionException("Failed to associate ACL policy with ACL
egress policy set in VNMC for guest network with vlan " + vlanId);
                 }
 
                 for (PortForwardingRuleTO rule : publicIpRulesMap.get(publicIp)) {
                     if (rule.revoked()) {
                         if (!_connection.deleteTenantVDCPFRule(tenant, Long.toString(rule.getId()),
policyIdentifier)) {
-                            throw new Exception("Failed to delete PF rule in VNMC for guest
network with vlan " + vlanId);
-                        }
-
-                        if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()),
policyIdentifier)) {
-                            throw new Exception("Failed to delete ACL ingress rule for PF
in VNMC for guest network with vlan " + vlanId);
+                            throw new ExecutionException("Failed to delete PF rule in VNMC
for guest network with vlan " + vlanId);
                         }
                     } else {
                         if (!_connection.createTenantVDCPFIpPool(tenant, Long.toString(rule.getId()),
rule.getDstIp())) {
-                            throw new Exception("Failed to create PF ip pool in VNMC for
guest network with vlan " + vlanId);
+                            throw new ExecutionException("Failed to create PF ip pool in
VNMC for guest network with vlan " + vlanId);
                         }
                         if (!_connection.createTenantVDCPFPortPool(tenant, Long.toString(rule.getId()),
                                 Integer.toString(rule.getDstPortRange()[0]), Integer.toString(rule.getDstPortRange()[1])))
{
-                            throw new Exception("Failed to create PF port pool in VNMC for
guest network with vlan " + vlanId);
+                            throw new ExecutionException("Failed to create PF port pool in
VNMC for guest network with vlan " + vlanId);
                         }
 
                         if (!_connection.createTenantVDCPFRule(tenant,
                                 Long.toString(rule.getId()), policyIdentifier,
                                 rule.getProtocol().toUpperCase(), rule.getSrcIp(),
                                 Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1])))
{
-                            throw new Exception("Failed to create PF rule in VNMC for guest
network with vlan " + vlanId);
-                        }
-
-                        if (!_connection.createTenantVDCAclRuleForPF(tenant,
-                                Long.toString(rule.getId()), policyIdentifier,
-                                rule.getProtocol().toUpperCase(), rule.getDstIp(),
-                                Integer.toString(rule.getDstPortRange()[0]), Integer.toString(rule.getDstPortRange()[1])))
{
-                            throw new Exception("Failed to create ACL rule for PF in VNMC
for guest network with vlan " + vlanId);
+                            throw new ExecutionException("Failed to create PF rule in VNMC
for guest network with vlan " + vlanId);
                         }
                     }
                 }
             }
 
             if (!_connection.associateAclPolicySet(tenant)) {
-                throw new Exception("Failed to associate source NAT policy set with edge
security profile in VNMC for guest network with vlan " + vlanId);
+                throw new ExecutionException("Failed to associate source NAT policy set with
edge security profile in VNMC for guest network with vlan " + vlanId);
             }
-        } catch (Throwable e) {
-            String msg = "SetSourceNatCommand failed due to " + e.getMessage();
+        } catch (ExecutionException e) {
+            String msg = "SetPortForwardingRulesCommand failed due to " + e.getMessage();
             s_logger.error(msg, e);
             return new Answer(cmd, false, msg);
         }
@@ -619,24 +600,24 @@ public class CiscoVnmcResource implements ServerResource {
         return execute(cmd, _numRetries);
     }
 
-    private void createEdgeDeviceProfile(String tenant, List<String> gateways, Long
vlanId) throws Exception {
+    private void createEdgeDeviceProfile(String tenant, List<String> gateways, Long
vlanId) throws ExecutionException {
         // create edge device profile
         if (!_connection.createTenantVDCEdgeDeviceProfile(tenant))
-            throw new Exception("Failed to create tenant edge device profile in VNMC for
guest network with vlan " + vlanId);
+            throw new ExecutionException("Failed to create tenant edge device profile in
VNMC for guest network with vlan " + vlanId);
 
         // create edge static route policy
         if (!_connection.createTenantVDCEdgeStaticRoutePolicy(tenant))
-            throw new Exception("Failed to create tenant edge static route policy in VNMC
for guest network with vlan " + vlanId);
+            throw new ExecutionException("Failed to create tenant edge static route policy
in VNMC for guest network with vlan " + vlanId);
 
         // create edge static route for all gateways
         for (String gateway : gateways) {
             if (!_connection.createTenantVDCEdgeStaticRoute(tenant, gateway, "0.0.0.0", "0.0.0.0"))
-                throw new Exception("Failed to create tenant edge static route in VNMC for
guest network with vlan " + vlanId);
+                throw new ExecutionException("Failed to create tenant edge static route in
VNMC for guest network with vlan " + vlanId);
         }
 
         // associate edge 
         if (!_connection.associateTenantVDCEdgeStaticRoutePolicy(tenant))
-            throw new Exception("Failed to associate edge static route policy with edge device
profile in VNMC for guest network with vlan " + vlanId);
+            throw new ExecutionException("Failed to associate edge static route policy with
edge device profile in VNMC for guest network with vlan " + vlanId);
     }
 
     private Answer execute(CreateLogicalEdgeFirewallCommand cmd, int numRetries) {
@@ -644,23 +625,23 @@ public class CiscoVnmcResource implements ServerResource {
         try {
             // create tenant
             if (!_connection.createTenant(tenant))
-                throw new Exception("Failed to create tenant in VNMC for guest network with
vlan " + cmd.getVlanId());
+                throw new ExecutionException("Failed to create tenant in VNMC for guest network
with vlan " + cmd.getVlanId());
 
             // create tenant VDC
             if (!_connection.createTenantVDC(tenant))
-                throw new Exception("Failed to create tenant VDC in VNMC for guest network
with vlan " + cmd.getVlanId());
+                throw new ExecutionException("Failed to create tenant VDC in VNMC for guest
network with vlan " + cmd.getVlanId());
 
             // create edge security profile
             if (!_connection.createTenantVDCEdgeSecurityProfile(tenant))
-                throw new Exception("Failed to create tenant edge security profile in VNMC
for guest network with vlan " + cmd.getVlanId());
+                throw new ExecutionException("Failed to create tenant edge security profile
in VNMC for guest network with vlan " + cmd.getVlanId());
 
             // create edge device profile and associated route
             createEdgeDeviceProfile(tenant, cmd.getPublicGateways(), cmd.getVlanId());
 
             // create logical edge firewall
             if (!_connection.createEdgeFirewall(tenant, cmd.getPublicIp(), cmd.getInternalIp(),
cmd.getPublicSubnet(), cmd.getInternalSubnet()))
-                throw new Exception("Failed to create edge firewall in VNMC for guest network
with vlan " + cmd.getVlanId());
-        } catch (Throwable e) {
+                throw new ExecutionException("Failed to create edge firewall in VNMC for
guest network with vlan " + cmd.getVlanId());
+        } catch (ExecutionException e) {
             String msg = "CreateLogicalEdgeFirewallCommand failed due to " + e.getMessage();
             s_logger.error(msg, e);
             return new Answer(cmd, false, msg);
@@ -688,7 +669,7 @@ public class CiscoVnmcResource implements ServerResource {
             s_logger.debug("Created vservice node for ASA appliance in Cisco VSM for vlan
" + vlanId);
             helper.updatePortProfile(cmd.getAsaInPortProfile(), SwitchPortMode.access, params);
             s_logger.debug("Updated inside port profile for ASA appliance in Cisco VSM with
new vlan " + vlanId);
-        } catch (Throwable e) {
+        } catch (CloudRuntimeException e) {
             String msg = "ConfigureVSMForASACommand failed due to " + e.getMessage();
             s_logger.error(msg, e);
             return new Answer(cmd, false, msg);
@@ -711,18 +692,18 @@ public class CiscoVnmcResource implements ServerResource {
         try {
             Map<String, String> availableAsaAppliances = _connection.listUnAssocAsa1000v();
             if (availableAsaAppliances.isEmpty()) {
-                throw new Exception("No ASA 1000v available to associate with logical edge
firewall for guest vlan " + cmd.getVlanId());
+                throw new ExecutionException("No ASA 1000v available to associate with logical
edge firewall for guest vlan " + cmd.getVlanId());
             }
 
             String asaInstanceDn = availableAsaAppliances.get(cmd.getAsaMgmtIp());
             if (asaInstanceDn == null) {
-                throw new Exception("Requested ASA 1000v (" + cmd.getAsaMgmtIp() + ") is
not available");
+                throw new ExecutionException("Requested ASA 1000v (" + cmd.getAsaMgmtIp()
+ ") is not available");
             }
 
             if (!_connection.assignAsa1000v(tenant, asaInstanceDn)) {
-                throw new Exception("Failed to associate ASA 1000v (" + cmd.getAsaMgmtIp()
+ ") with logical edge firewall for guest vlan " + cmd.getVlanId());
+                throw new ExecutionException("Failed to associate ASA 1000v (" + cmd.getAsaMgmtIp()
+ ") with logical edge firewall for guest vlan " + cmd.getVlanId());
             }
-        } catch (Throwable e) {
+        } catch (ExecutionException e) {
             String msg = "AssociateAsaWithLogicalEdgeFirewallCommand failed due to " + e.getMessage();
             s_logger.error(msg, e);
             return new Answer(cmd, false, msg);
@@ -743,7 +724,7 @@ public class CiscoVnmcResource implements ServerResource {
         String tenant = "vlan-" + cmd.getVlanId();
         try {
             _connection.deleteTenant(tenant);
-        } catch (Throwable e) {
+        } catch (ExecutionException e) {
             String msg = "CleanupLogicalEdgeFirewallCommand failed due to " + e.getMessage();
             s_logger.error(msg, e);
             return new Answer(cmd, false, msg);


Mime
View raw message