cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From raj...@apache.org
Subject [3/4] git commit: updated refs/heads/master to e02003d
Date Thu, 09 Feb 2017 06:32:53 GMT
CLOUDSTACK-7985: assignVM in Advanced zone with Security Groups


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ab0d04d1
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ab0d04d1
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ab0d04d1

Branch: refs/heads/master
Commit: ab0d04d10ef8c36a3e478e71f08e6bb9ede9a8f0
Parents: 3f16740
Author: Wei Zhou <w.zhou@tech.leaseweb.com>
Authored: Wed Sep 16 14:45:24 2015 +0200
Committer: Wei Zhou <w.zhou@tech.leaseweb.com>
Committed: Tue Dec 27 12:02:50 2016 +0100

----------------------------------------------------------------------
 .../api/command/admin/vm/AssignVMCmd.java       |   4 +
 server/src/com/cloud/vm/UserVmManagerImpl.java  | 127 ++++++++++++++++++-
 ui/l10n/en.js                                   |   3 +-
 ui/scripts/instances.js                         |  28 +++-
 4 files changed, 158 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ab0d04d1/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java b/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java
index 96ded26..da5f688 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vm/AssignVMCmd.java
@@ -33,6 +33,7 @@ import org.apache.cloudstack.api.response.ProjectResponse;
 import org.apache.cloudstack.api.response.SecurityGroupResponse;
 import org.apache.cloudstack.api.response.UserVmResponse;
 
+import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.user.Account;
 import com.cloud.uservm.UserVm;
 import com.cloud.vm.VirtualMachine;
@@ -133,6 +134,9 @@ public class AssignVMCmd extends BaseCmd  {
             UserVmResponse response = _responseGenerator.createUserVmResponse(ResponseView.Full,
"virtualmachine", userVm).get(0);
             response.setResponseName(getCommandName());
             setResponseObject(response);
+        } catch (InvalidParameterValueException e){
+            e.printStackTrace();
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.getMessage());
         } catch (Exception e) {
             e.printStackTrace();
             throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to move vm
" + e.getMessage());

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ab0d04d1/server/src/com/cloud/vm/UserVmManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
index 8a696b8..ee7744b 100644
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -5240,8 +5240,131 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager,
Vir
 
             s_logger.debug("AssignVM: Basic zone, adding security groups no " + securityGroupIdList.size()
+ " to " + vm.getInstanceName());
         } else {
-            if (zone.isSecurityGroupEnabled())  {
-                throw new InvalidParameterValueException("Not yet implemented for SecurityGroupEnabled
advanced networks.");
+            if (zone.isSecurityGroupEnabled())  { // advanced zone with security groups
+                // cleanup the old security groups
+                _securityGroupMgr.removeInstanceFromGroups(cmd.getVmId());
+
+                Set<NetworkVO> applicableNetworks = new HashSet<NetworkVO>();
+                String requestedIPv4ForDefaultNic = null;
+                String requestedIPv6ForDefaultNic = null;
+                // if networkIdList is null and the first network of vm is shared network,
then keep it if possible
+                if (networkIdList == null || networkIdList.isEmpty()) {
+                    NicVO defaultNicOld = _nicDao.findDefaultNicForVM(vm.getId());
+                    if (defaultNicOld != null) {
+                        NetworkVO defaultNetworkOld = _networkDao.findById(defaultNicOld.getNetworkId());
+                        if (defaultNetworkOld != null && defaultNetworkOld.getGuestType()
== Network.GuestType.Shared && defaultNetworkOld.getAclType() == ACLType.Domain) {
+                            try {
+                                _networkModel.checkNetworkPermissions(newAccount, defaultNetworkOld);
+                                applicableNetworks.add(defaultNetworkOld);
+                                requestedIPv4ForDefaultNic = defaultNicOld.getIPv4Address();
+                                requestedIPv6ForDefaultNic = defaultNicOld.getIPv6Address();
+                                s_logger.debug("AssignVM: use old shared network " + defaultNetworkOld.getName()
+ " with old ip " + requestedIPv4ForDefaultNic + " on default nic of vm:" + vm.getInstanceName());
+                            } catch (PermissionDeniedException e) {
+                                s_logger.debug("AssignVM: the shared network on old default
nic can not be applied to new account");
+                            }
+                        }
+                    }
+                }
+                // cleanup the network for the oldOwner
+                _networkMgr.cleanupNics(vmOldProfile);
+                _networkMgr.expungeNics(vmOldProfile);
+
+                if (networkIdList != null && !networkIdList.isEmpty()) {
+                    // add any additional networks
+                    for (Long networkId : networkIdList) {
+                        NetworkVO network = _networkDao.findById(networkId);
+                        if (network == null) {
+                            InvalidParameterValueException ex = new InvalidParameterValueException(
+                                    "Unable to find specified network id");
+                            ex.addProxyObject(networkId.toString(), "networkId");
+                            throw ex;
+                        }
+
+                        _networkModel.checkNetworkPermissions(newAccount, network);
+
+                        // don't allow to use system networks
+                        NetworkOffering networkOffering = _entityMgr.findById(NetworkOffering.class,
network.getNetworkOfferingId());
+                        if (networkOffering.isSystemOnly()) {
+                            InvalidParameterValueException ex = new InvalidParameterValueException(
+                                    "Specified Network id is system only and can't be used
for vm deployment");
+                            ex.addProxyObject(network.getUuid(), "networkId");
+                            throw ex;
+                        }
+                        applicableNetworks.add(network);
+                    }
+                }
+
+                // add the new nics
+                LinkedHashMap<Network, List<? extends NicProfile>> networks =
new LinkedHashMap<Network, List<? extends NicProfile>>();
+                int toggle = 0;
+                NetworkVO defaultNetwork = null;
+                for (NetworkVO appNet : applicableNetworks) {
+                    NicProfile defaultNic = new NicProfile();
+                    if (toggle == 0) {
+                        defaultNic.setDefaultNic(true);
+                        defaultNic.setRequestedIPv4(requestedIPv4ForDefaultNic);
+                        defaultNic.setRequestedIPv6(requestedIPv6ForDefaultNic);
+                        defaultNetwork = appNet;
+                        toggle++;
+                    }
+                    networks.put(appNet, new ArrayList<NicProfile>(Arrays.asList(defaultNic)));
+
+                }
+
+                boolean isVmWare = (template.getHypervisorType() == HypervisorType.VMware);
+                if (securityGroupIdList != null && isVmWare) {
+                    throw new InvalidParameterValueException("Security group feature is not
supported for vmWare hypervisor");
+                } else if (!isVmWare && (defaultNetwork == null || _networkModel.isSecurityGroupSupportedInNetwork(defaultNetwork))
&& _networkModel.canAddDefaultSecurityGroup()) {
+                    if (securityGroupIdList == null) {
+                        securityGroupIdList = new ArrayList<Long>();
+                    }
+                    SecurityGroup defaultGroup = _securityGroupMgr
+                            .getDefaultSecurityGroup(newAccount.getId());
+                    if (defaultGroup != null) {
+                        // check if security group id list already contains Default
+                        // security group, and if not - add it
+                        boolean defaultGroupPresent = false;
+                        for (Long securityGroupId : securityGroupIdList) {
+                            if (securityGroupId.longValue() == defaultGroup.getId()) {
+                                defaultGroupPresent = true;
+                                break;
+                            }
+                        }
+
+                        if (!defaultGroupPresent) {
+                            securityGroupIdList.add(defaultGroup.getId());
+                        }
+
+                    } else {
+                        // create default security group for the account
+                        if (s_logger.isDebugEnabled()) {
+                            s_logger.debug("Couldn't find default security group for the
account "
+                                    + newAccount + " so creating a new one");
+                        }
+                        defaultGroup = _securityGroupMgr.createSecurityGroup(
+                                SecurityGroupManager.DEFAULT_GROUP_NAME,
+                                SecurityGroupManager.DEFAULT_GROUP_DESCRIPTION,
+                                newAccount.getDomainId(), newAccount.getId(),
+                                newAccount.getAccountName());
+                        securityGroupIdList.add(defaultGroup.getId());
+                    }
+                }
+
+                VirtualMachine vmi = _itMgr.findById(vm.getId());
+                VirtualMachineProfileImpl vmProfile = new VirtualMachineProfileImpl(vmi);
+
+                if (applicableNetworks.isEmpty()) {
+                    throw new InvalidParameterValueException("No network is specified, please
specify one when you move the vm. For now, please add a network to VM on NICs tab.");
+                } else {
+                    _networkMgr.allocate(vmProfile, networks);
+                }
+
+                _securityGroupMgr.addInstanceToGroups(vm.getId(),
+                        securityGroupIdList);
+                s_logger.debug("AssignVM: Advanced zone, adding security groups no "
+                        + securityGroupIdList.size() + " to "
+                        + vm.getInstanceName());
+
             } else {
                 if (securityGroupIdList != null && !securityGroupIdList.isEmpty())
{
                     throw new InvalidParameterValueException("Can't move vm with security
groups; security group feature is not enabled in this zone");

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ab0d04d1/ui/l10n/en.js
----------------------------------------------------------------------
diff --git a/ui/l10n/en.js b/ui/l10n/en.js
index 075a0d8..1ec548f 100644
--- a/ui/l10n/en.js
+++ b/ui/l10n/en.js
@@ -1908,6 +1908,7 @@ var dictionary = {"ICMP.code":"ICMP Code",
 "message.alert.state.detected":"Alert state detected",
 "message.allow.vpn.access":"Please enter a username and password of the user that you want
to allow VPN access.",
 "message.apply.snapshot.policy":"You have successfully updated your current snapshot policy.",
+"message.assign.instance.another":"Please specify the account type, domain, account name
and network (optional) of the new account. <br> If the default nic of the vm is on a
shared network, CloudStack will check if the network can be used by the new account if you
do not specify one network. <br> If the default nic of the vm is on a isolated network,
and the new account has more one isolated networks, you should specify one.",
 "message.attach.iso.confirm":"Please confirm that you want to attach the ISO to this virtual
instance.",
 "message.attach.volume":"Please fill in the following data to attach a new volume. If you
are attaching a disk volume to a Windows based virtual machine, you will need to reboot the
instance to see the attached disk.",
 "message.basic.mode.desc":"Choose this network model if you do <b>*<u>not</u>*</b>
want to enable any VLAN support.  All virtual instances created under this network model will
be assigned an IP directly from the network and security groups are used to provide security
and segregation.",
@@ -2281,4 +2282,4 @@ var dictionary = {"ICMP.code":"ICMP Code",
 "state.detached":"Detached",
 "title.upload.volume":"Upload Volume",
 "ui.listView.filters.all":"All",
-"ui.listView.filters.mine":"Mine"};
\ No newline at end of file
+"ui.listView.filters.mine":"Mine"};

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ab0d04d1/ui/scripts/instances.js
----------------------------------------------------------------------
diff --git a/ui/scripts/instances.js b/ui/scripts/instances.js
index 132801d..f34cf6d 100644
--- a/ui/scripts/instances.js
+++ b/ui/scripts/instances.js
@@ -1905,7 +1905,25 @@
                         label: 'label.assign.instance.another',
                         createForm: {
                             title: 'label.assign.instance.another',
-                            desc: 'Please specify the account type, domain, account name
and network (optional) of the new account. <br> If the default nic of the vm is on a
shared network, CloudStack will check if the network can be used by the new account if you
do not specify one network. <br> If the default nic of the vm is on a isolated network,
and the new account has more one isolated networks, you should specify one.',
+                            desc: 'message.assign.instance.another',
+                            preFilter: function(args) {
+                                var zone;
+                                $.ajax({
+                                    url: createURL('listZones'),
+                                    data: {
+                                        id: args.context.instances[0].zoneid
+                                    },
+                                    async: false,
+                                    success: function(json) {
+                                        zone = json.listzonesresponse.zone[0];
+                                    }
+                                });
+                                if (zone.securitygroupsenabled == true) {
+                                    args.$form.find('.form-item[rel=securitygroup]').css('display',
'inline-block');
+                                } else {
+                                    args.$form.find('.form-item[rel=securitygroup]').hide();
+                                }
+                            },
                             fields: {
                                 accountType: {
                                     label: 'Account Type',
@@ -2157,6 +2175,11 @@
                                     networkIds: args.data.network
                                 });
                             } 
+                            if (args.data.securitygroup != null && args.data.securitygroup
!= '') {
+                                $.extend(dataObj, {
+                                    securitygroupIds: args.data.securitygroup
+                                });
+                            }
 
                             $.ajax({
                                 url: createURL('assignVirtualMachine', {
@@ -2168,6 +2191,9 @@
                                     args.response.success({
                                         data: item
                                     });
+                                },
+                                error: function(data) {
+                                    args.response.error(parseXMLHttpResponse(data));
                                 }
                             });
                         },


Mime
View raw message