public String stringifyCompressedRules() { final StringBuilder ruleBuilder = new StringBuilder(); stringifyRulesFor(getIngressRuleSet(), INGRESS_RULE, true, ruleBuilder); stringifyRulesFor(getEgressRuleSet(), EGRESS_RULE, true, ruleBuilder); return ruleBuilder.toString(); }
public SecurityGroupRulesCmd( final String guestIp, final String guestIp6, final String guestMac, final String vmName, final Long vmId, final String signature, final Long seqNum, final IpPortAndProto[] ingressRuleSet, final IpPortAndProto[] egressRuleSet, final List<String> secIps) { this.guestIp = guestIp; this.guestIp6 = guestIp6; this.vmName = vmName; setIngressRuleSet(ingressRuleSet); this.setEgressRuleSet(egressRuleSet); this.guestMac = guestMac; this.seqNum = seqNum; this.vmId = vmId; if (signature == null) { final String stringified = stringifyRules(); this.signature = DigestUtils.md5Hex(stringified); } else { this.signature = signature; } this.secIps = secIps; }
private Answer execute(SecurityGroupRulesCmd cmd) { boolean result = false; try { OvmVif.Details vif = getVifFromVm(cmd.getVmName(), null); String vifDeviceName = vif.name; String bridgeName = vif.bridge; result = addNetworkRules(cmd.getVmName(), Long.toString(cmd.getVmId()), cmd.getGuestIp(), cmd.getSignature(), String.valueOf(cmd.getSeqNum()), cmd.getGuestMac(), cmd.stringifyRules(), vifDeviceName, bridgeName); } catch (XmlRpcException e) { s_logger.error(e); result = false; } if (!result) { s_logger.warn("Failed to program network rules for vm " + cmd.getVmName()); return new SecurityGroupRuleAnswer(cmd, false, "programming network rules failed"); } else { s_logger.info("Programmed network rules for vm " + cmd.getVmName() + " guestIp=" + cmd.getGuestIp() + ":ingress num rules=" + cmd.getIngressRuleSet().size() + ":egress num rules=" + cmd.getEgressRuleSet().size()); return new SecurityGroupRuleAnswer(cmd); } }
generateRulesetCmd(vm.getInstanceName(), vm.getPrivateIpAddress(), nic.getIPv6Address(), vm.getPrivateMacAddress(), vm.getId(), null, work.getLogsequenceNumber(), ingressRules, egressRules, nicSecIps); cmd.setMsId(_serverId); if (s_logger.isDebugEnabled()) { s_logger.debug("SecurityGroupManager v2: sending ruleset update for vm " + vm.getInstanceName() + ":ingress num rules=" + cmd.getIngressRuleSet().size() + ":egress num rules=" + cmd.getEgressRuleSet().size() + " num cidrs=" + cmd.getTotalNumCidrs() + " sig=" + cmd.getSignature());
protected Answer execute(SecurityGroupRulesCmd cmd) { SecurityGroupHttpClient hc = new SecurityGroupHttpClient(); return hc.call(cmd.getGuestIp(), cmd); }
/** * Compress the security group rules using zlib compression to allow the call to the hypervisor * to scale beyond 8k cidrs. * Note : not using {@see GZipOutputStream} since that is for files, using {@see DeflaterOutputStream} instead. * {@see GZipOutputStream} gives a different header, although the compression is the same */ public String compressStringifiedRules() { final String stringified = stringifyRules(); final ByteArrayOutputStream out = new ByteArrayOutputStream(); String encodedResult = null; try { final DeflaterOutputStream dzip = new DeflaterOutputStream(out); dzip.write(stringified.getBytes()); dzip.close(); encodedResult = Base64.encodeBase64String(out.toByteArray()); } catch (final IOException e) { LOGGER.warn("Exception while compressing security group rules"); } return encodedResult; }
@Override public Answer execute(final SecurityGroupRulesCmd command, final LibvirtComputingResource libvirtComputingResource) { String vif = null; String brname = null; try { final LibvirtUtilitiesHelper libvirtUtilitiesHelper = libvirtComputingResource.getLibvirtUtilitiesHelper(); final Connect conn = libvirtUtilitiesHelper.getConnectionByVmName(command.getVmName()); final List<InterfaceDef> nics = libvirtComputingResource.getInterfaces(conn, command.getVmName()); vif = nics.get(0).getDevName(); brname = nics.get(0).getBrName(); } catch (final LibvirtException e) { return new SecurityGroupRuleAnswer(command, false, e.toString()); } final boolean result = libvirtComputingResource.addNetworkRules(command.getVmName(), Long.toString(command.getVmId()), command.getGuestIp(), command.getGuestIp6(), command.getSignature(), Long.toString(command.getSeqNum()), command.getGuestMac(), command.stringifyRules(), vif, brname, command.getSecIpsString()); if (!result) { s_logger.warn("Failed to program network rules for vm " + command.getVmName()); return new SecurityGroupRuleAnswer(command, false, "programming network rules failed"); } else { s_logger.debug("Programmed network rules for vm " + command.getVmName() + " guestIp=" + command.getGuestIp() + ",ingress numrules=" + command.getIngressRuleSet().size() + ",egress numrules=" + command.getEgressRuleSet().size()); return new SecurityGroupRuleAnswer(command); } } }
@Override public Answer execute(final SecurityGroupRulesCmd command, final CitrixResourceBase citrixResourceBase) { final Connection conn = citrixResourceBase.getConnection(); if (s_logger.isTraceEnabled()) { s_logger.trace("Sending network rules command to " + citrixResourceBase.getHost().getIp()); } if (!citrixResourceBase.canBridgeFirewall()) { s_logger.warn("Host " + citrixResourceBase.getHost().getIp() + " cannot do bridge firewalling"); return new SecurityGroupRuleAnswer(command, false, "Host " + citrixResourceBase.getHost().getIp() + " cannot do bridge firewalling", SecurityGroupRuleAnswer.FailureReason.CANNOT_BRIDGE_FIREWALL); } final String result = citrixResourceBase.callHostPlugin(conn, "vmops", "network_rules", "vmName", command.getVmName(), "vmIP", command.getGuestIp(), "vmMAC", command.getGuestMac(), "vmID", Long.toString(command.getVmId()), "signature", command.getSignature(), "seqno", Long.toString(command.getSeqNum()), "deflated", "true", "rules", command.compressStringifiedRules(), "secIps", command.getSecIpsString()); if (result == null || result.isEmpty() || !Boolean.parseBoolean(result)) { s_logger.warn("Failed to program network rules for vm " + command.getVmName()); return new SecurityGroupRuleAnswer(command, false, "programming network rules failed"); } else { s_logger.info("Programmed network rules for vm " + command.getVmName() + " guestIp=" + command.getGuestIp() + ", ingress numrules=" + command.getIngressRuleSet().size() + ", egress numrules=" + command.getEgressRuleSet().size()); return new SecurityGroupRuleAnswer(command); } } }
public String stringifyRules() { final StringBuilder ruleBuilder = new StringBuilder(); stringifyRulesFor(getIngressRuleSet(), INGRESS_RULE, false, ruleBuilder); stringifyRulesFor(getEgressRuleSet(), EGRESS_RULE, false, ruleBuilder); return ruleBuilder.toString(); }
try { SecurityGroupVmRuleSet rset = new SecurityGroupVmRuleSet(); rset.getEgressRules().addAll(generateRules(cmd.getEgressRuleSet())); rset.getIngressRules().addAll( generateRules(cmd.getIngressRuleSet())); rset.setVmName(cmd.getVmName()); rset.setVmIp(cmd.getGuestIp()); rset.setVmMac(cmd.getGuestMac()); rset.setVmId(cmd.getVmId()); rset.setSignature(cmd.getSignature()); rset.setSequenceNumber(cmd.getSeqNum()); Marshaller marshaller = context.createMarshaller(); StringWriter writer = new StringWriter();