cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kis...@apache.org
Subject git commit: updated refs/heads/network_acl to 8471a75
Date Fri, 03 May 2013 12:37:30 GMT
Updated Branches:
  refs/heads/network_acl a3e18bbd4 -> 8471a753b


CLOUDSTACK-763: Upgrade networkAcls from firewall_rules to network_acl_item table


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/8471a753
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/8471a753
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/8471a753

Branch: refs/heads/network_acl
Commit: 8471a753b8af542572592327bcd012573606118a
Parents: a3e18bb
Author: Kishan Kavala <kishan@cloud.com>
Authored: Fri May 3 18:06:57 2013 +0530
Committer: Kishan Kavala <kishan@cloud.com>
Committed: Fri May 3 18:06:57 2013 +0530

----------------------------------------------------------------------
 .../src/com/cloud/upgrade/dao/Upgrade410to420.java |  163 +++++++++++++++
 1 files changed, 163 insertions(+), 0 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8471a753/server/src/com/cloud/upgrade/dao/Upgrade410to420.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/upgrade/dao/Upgrade410to420.java b/server/src/com/cloud/upgrade/dao/Upgrade410to420.java
index f39038f..0eb6af7 100644
--- a/server/src/com/cloud/upgrade/dao/Upgrade410to420.java
+++ b/server/src/com/cloud/upgrade/dao/Upgrade410to420.java
@@ -19,11 +19,14 @@ package com.cloud.upgrade.dao;
 
 import java.io.File;
 import java.sql.Connection;
+import java.sql.Date;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
+import java.sql.Types;
 import java.util.UUID;
 
+import com.cloud.network.vpc.NetworkACL;
 import org.apache.log4j.Logger;
 
 import com.cloud.utils.exception.CloudRuntimeException;
@@ -65,6 +68,7 @@ public class Upgrade410to420 implements DbUpgrade {
         updateSystemVmTemplates(conn);
         updateCluster_details(conn);
         updatePrimaryStore(conn);
+        updateNetworkACLs(conn);
     }
 	
 	private void updateSystemVmTemplates(Connection conn) {
@@ -305,4 +309,163 @@ public class Upgrade410to420 implements DbUpgrade {
             }
         }
     }
+
+    private void updateNetworkACLs(Connection conn) {
+        //Fetch all VPC Tiers
+        //For each tier create a network ACL and move all the acl_items to network_acl_item
table
+        // If there are no acl_items for a tier, associate it with default ACL
+        s_logger.debug("Updating network ACLs");
+        PreparedStatement pstmt = null;
+        PreparedStatement pstmtDelete = null;
+        ResultSet rs = null;
+        ResultSet rsAcls = null;
+        ResultSet rsCidr = null;
+        //1,2 are default acl Ids, start Ids from 3
+        long nextAclId = 3;
+        try {
+            pstmt = conn.prepareStatement("SELECT id, vpc_id, uuid FROM `cloud`.`networks`
where vpc_id is not null and removed is null");
+            rs = pstmt.executeQuery();
+            while (rs.next()) {
+                Long networkId = rs.getLong(1);
+                s_logger.debug("Updating network ACLs for network: "+networkId);
+                Long vpcId = rs.getLong(2);
+                String tierUuid = rs.getString(3);
+                pstmt = conn.prepareStatement("SELECT id, uuid, start_port, end_port, state,
protocol, icmp_code, icmp_type, created, traffic_type FROM `cloud`.`firewall_rules` where
network_id = ? and purpose = 'NetworkACL'");
+                pstmt.setLong(1, networkId);
+                rsAcls = pstmt.executeQuery();
+                boolean hasAcls = false;
+                Long aclId = null;
+                int number = 1;
+                while(rsAcls.next()){
+                    if(!hasAcls){
+                        hasAcls = true;
+                        aclId = nextAclId++;
+                        //create ACL
+                        s_logger.debug("Creating network ACL for tier: "+tierUuid);
+                        pstmt = conn.prepareStatement("INSERT INTO `cloud`.`network_acl`
(id, uuid, vpc_id, description, name) values (?, UUID(), ? , ?, ?)");
+                        pstmt.setLong(1, aclId);
+                        pstmt.setLong(2, vpcId);
+                        pstmt.setString(3, "ACL for tier " + tierUuid);
+                        pstmt.setString(4, "tier_" + tierUuid);
+                        pstmt.executeUpdate();
+                    }
+
+                    Long fwRuleId = rsAcls.getLong(1);
+                    String cidr = null;
+                    //get cidr
+                    pstmt = conn.prepareStatement("SELECT id, source_cidr FROM `cloud`.`firewall_rules_cidrs`
where firewall_rule_id = ?");
+                    pstmt.setLong(1, fwRuleId);
+                    rsCidr = pstmt.executeQuery();
+                    while(rsCidr.next()){
+                        Long cidrId = rsCidr.getLong(1);
+                        String sourceCidr = rsCidr.getString(2);
+                        if(cidr == null){
+                            cidr = sourceCidr;
+                        } else {
+                            cidr += ","+sourceCidr;
+                        }
+                        //Delete cidr entry
+                        pstmtDelete = conn.prepareStatement("DELETE FROM `cloud`.`firewall_rules_cidrs`
where id = ?");
+                        pstmtDelete.setLong(1, cidrId);
+                        pstmtDelete.executeUpdate();
+                    }
+
+
+                    String aclItemUuid = rsAcls.getString(2);
+                    //Move acl to network_acl_item table
+                    s_logger.debug("Moving firewall rule: "+aclItemUuid);
+                    pstmt = conn.prepareStatement("INSERT INTO `cloud`.`network_acl_item`
(uuid, acl_id, start_port, end_port, state, protocol, icmp_code, icmp_type, created, traffic_type,
cidr, number, action) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? )");
+                    //uuid
+                    pstmt.setString(1, aclItemUuid);
+                    //aclId
+                    pstmt.setLong(2, aclId);
+                    //Start port
+                    Integer startPort = rsAcls.getInt(3);
+                    if(rsAcls.wasNull()){
+                        pstmt.setNull(3, Types.INTEGER);
+                    } else {
+                        pstmt.setLong(3, startPort);
+                    }
+                    //End port
+                    Integer endPort = rsAcls.getInt(4);
+                    if(rsAcls.wasNull()){
+                        pstmt.setNull(4, Types.INTEGER);
+                    } else {
+                        pstmt.setLong(4, endPort);
+                    }
+                    //State
+                    String state = rsAcls.getString(5);
+                    pstmt.setString(5, state);
+                    //protocol
+                    String protocol = rsAcls.getString(6);
+                    pstmt.setString(6, protocol);
+                    //icmp_code
+                    Integer icmpCode = rsAcls.getInt(7);
+                    if(rsAcls.wasNull()){
+                        pstmt.setNull(7, Types.INTEGER);
+                    } else {
+                        pstmt.setLong(7, icmpCode);
+                    }
+
+                    //icmp_type
+                    Integer icmpType = rsAcls.getInt(8);
+                    if(rsAcls.wasNull()){
+                        pstmt.setNull(8, Types.INTEGER);
+                    } else {
+                        pstmt.setLong(8, icmpType);
+                    }
+
+                    //created
+                    Date created = rsAcls.getDate(9);
+                    pstmt.setDate(9, created);
+                    //traffic type
+                    String trafficType = rsAcls.getString(10);
+                    pstmt.setString(10, trafficType);
+
+                    //cidr
+                    pstmt.setString(11, cidr);
+                    //number
+                    pstmt.setInt(12, number++);
+                    //action
+                    pstmt.setString(13, "Allow");
+                    pstmt.executeUpdate();
+
+                    //Delete firewall rule
+                    pstmtDelete = conn.prepareStatement("DELETE FROM `cloud`.`firewall_rules`
where id = ?");
+                    pstmtDelete.setLong(1, fwRuleId);
+                    pstmtDelete.executeUpdate();
+                }
+                if(!hasAcls){
+                    //no network ACls for this network.
+                    // Assign default Deny ACL
+                    aclId = NetworkACL.DEFAULT_DENY;
+                }
+                //Assign acl to network
+                pstmt = conn.prepareStatement("UPDATE `cloud`.`networks` set network_acl_id=?
where id=?");
+                pstmt.setLong(1, aclId);
+                pstmt.setLong(2, networkId);
+                pstmt.executeUpdate();
+            }
+            s_logger.debug("Done updating network ACLs ");
+        } catch (SQLException e) {
+            throw new CloudRuntimeException("Unable to move network acls from firewall rules
table to network_acl_item table", e);
+        } finally {
+            try {
+                if (rs != null) {
+                    rs.close();
+                }
+                if (rsAcls != null) {
+                    rsAcls.close();
+                }
+                if (rsCidr != null) {
+                    rsCidr.close();
+                }
+                if (pstmt != null) {
+                    pstmt.close();
+                }
+            } catch (SQLException e) {
+            }
+        }
+    }
+
 }


Mime
View raw message