cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kis...@apache.org
Subject [21/50] [abbrv] git commit: updated refs/heads/baremetal-systemvm to 23482b1
Date Tue, 21 Oct 2014 14:56:59 GMT
CLOUDSTACK-7728: Fixed adding iptables rules for egress allow on VR reboot


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/e257c13f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/e257c13f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/e257c13f

Branch: refs/heads/baremetal-systemvm
Commit: e257c13f167791c17967ad0d37a545ccbd145efd
Parents: f488a8f
Author: Jayapal <jayapal@apache.org>
Authored: Wed Oct 15 17:38:53 2014 +0530
Committer: Jayapal <jayapal@apache.org>
Committed: Thu Oct 16 09:38:21 2014 +0530

----------------------------------------------------------------------
 .../VirtualNetworkApplianceManagerImpl.java     | 30 ++++++++++++++++++++
 1 file changed, 30 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e257c13f/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index 987a556..b67f667 100755
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -170,11 +170,13 @@ import com.cloud.network.rules.RulesManager;
 import com.cloud.network.rules.StaticNat;
 import com.cloud.network.rules.StaticNatImpl;
 import com.cloud.network.rules.StaticNatRule;
+import com.cloud.network.rules.FirewallRuleVO;
 import com.cloud.network.rules.dao.PortForwardingRulesDao;
 import com.cloud.network.vpn.Site2SiteVpnManager;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offering.ServiceOffering;
 import com.cloud.offerings.NetworkOfferingVO;
+import com.cloud.offerings.NetworkOfferingVO;
 import com.cloud.offerings.dao.NetworkOfferingDao;
 import com.cloud.resource.ResourceManager;
 import com.cloud.server.ConfigurationServer;
@@ -2651,6 +2653,10 @@ VirtualMachineGuru, Listener, Configurable, StateListener<State,
VirtualMachine.
         //  Fetch firewall Egress rules.
         if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall,
provider)) {
             firewallRulesEgress.addAll(_rulesDao.listByNetworkPurposeTrafficType(guestNetworkId,
Purpose.Firewall, FirewallRule.TrafficType.Egress));
+            if (firewallRulesEgress.isEmpty()) {
+                //create egress default rule for VR
+                createDefaultEgressFirewallRule(firewallRulesEgress, guestNetworkId);
+            }
         }
 
         // Re-apply firewall Egress rules
@@ -2774,6 +2780,30 @@ VirtualMachineGuru, Listener, Configurable, StateListener<State,
VirtualMachine.
         }
     }
 
+    private void createDefaultEgressFirewallRule(List<FirewallRule> rules, long networkId)
{
+        String systemRule = null;
+
+        Boolean defaultEgressPolicy = false;
+        NetworkVO network = _networkDao.findById(networkId);
+        NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
+        defaultEgressPolicy = offering.getEgressDefaultPolicy();
+
+
+        // construct rule when egress policy is true. In true case for VR we default allow
rule need to be added
+        if (defaultEgressPolicy) {
+            systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
+
+            List<String> sourceCidr = new ArrayList<String>();
+
+            sourceCidr.add(NetUtils.ALL_CIDRS);
+            FirewallRule rule = new FirewallRuleVO(null, null, null, null, "all", networkId,
network.getAccountId(), network.getDomainId(), Purpose.Firewall, sourceCidr,
+                    null, null, null, FirewallRule.TrafficType.Egress, FirewallRule.FirewallRuleType.System);
+
+            rules.add(rule);
+        }
+    }
+
+
     private void removeRevokedIpAliasFromDb(final List<NicIpAliasVO> revokedIpAliasVOs)
{
         for (final NicIpAliasVO ipalias : revokedIpAliasVOs) {
             _nicIpAliasDao.expunge(ipalias.getId());


Mime
View raw message