@Override public PaloAltoFirewallResponse createPaloAltoFirewallResponse(ExternalFirewallDeviceVO fwDeviceVO) { PaloAltoFirewallResponse response = new PaloAltoFirewallResponse(); Map<String, String> fwDetails = _hostDetailDao.findDetails(fwDeviceVO.getHostId()); Host fwHost = _hostDao.findById(fwDeviceVO.getHostId()); response.setId(fwDeviceVO.getUuid()); PhysicalNetwork pnw = ApiDBUtils.findPhysicalNetworkById(fwDeviceVO.getPhysicalNetworkId()); if (pnw != null) { response.setPhysicalNetworkId(pnw.getUuid()); } response.setDeviceName(fwDeviceVO.getDeviceName()); if (fwDeviceVO.getCapacity() == 0) { long defaultFwCapacity = NumbersUtil.parseLong(_configDao.getValue(Config.DefaultExternalFirewallCapacity.key()), 50); response.setDeviceCapacity(defaultFwCapacity); } else { response.setDeviceCapacity(fwDeviceVO.getCapacity()); } response.setProvider(fwDeviceVO.getProviderName()); response.setDeviceState(fwDeviceVO.getDeviceState().name()); response.setIpAddress(fwHost.getPrivateIpAddress()); response.setPublicInterface(fwDetails.get("publicInterface")); response.setUsageInterface(fwDetails.get("usageInterface")); response.setPrivateInterface(fwDetails.get("privateInterface")); response.setPublicZone(fwDetails.get("publicZone")); response.setPrivateZone(fwDetails.get("privateZone")); response.setNumRetries(fwDetails.get("numRetries")); response.setTimeout(fwDetails.get("timeout")); response.setObjectName("paloaltofirewall"); return response; }
@Override public ExternalFirewallDeviceVO doInTransaction(TransactionStatus status) { boolean dedicatedUse = (configParams.get(ApiConstants.FIREWALL_DEVICE_DEDICATED) != null) ? Boolean.parseBoolean(configParams.get(ApiConstants.FIREWALL_DEVICE_DEDICATED)) : false; long capacity = NumbersUtil.parseLong(configParams.get(ApiConstants.FIREWALL_DEVICE_CAPACITY), 0); if (capacity == 0) { capacity = _defaultFwCapacity; } ExternalFirewallDeviceVO fwDevice = new ExternalFirewallDeviceVO(externalFirewall.getId(), pNetworkFinal.getId(), ntwkSvcProvider.getProviderName(), deviceName, capacity, dedicatedUse); _externalFirewallDeviceDao.persist(fwDevice); DetailVO hostDetail = new DetailVO(externalFirewall.getId(), ApiConstants.FIREWALL_DEVICE_ID, String.valueOf(fwDevice.getId())); _hostDetailDao.persist(hostDetail); return fwDevice; } });
protected ExternalFirewallDeviceDaoImpl() { physicalNetworkIdSearch = createSearchBuilder(); physicalNetworkIdSearch.and("physicalNetworkId", physicalNetworkIdSearch.entity().getPhysicalNetworkId(), Op.EQ); physicalNetworkIdSearch.done(); physicalNetworkServiceProviderSearch = createSearchBuilder(); physicalNetworkServiceProviderSearch.and("physicalNetworkId", physicalNetworkServiceProviderSearch.entity().getPhysicalNetworkId(), Op.EQ); physicalNetworkServiceProviderSearch.and("networkServiceProviderName", physicalNetworkServiceProviderSearch.entity().getProviderName(), Op.EQ); physicalNetworkServiceProviderSearch.done(); allocationStateSearch = createSearchBuilder(); allocationStateSearch.and("physicalNetworkId", allocationStateSearch.entity().getPhysicalNetworkId(), Op.EQ); allocationStateSearch.and("providerName", allocationStateSearch.entity().getProviderName(), Op.EQ); allocationStateSearch.and("allocationState", allocationStateSearch.entity().getAllocationState(), Op.EQ); allocationStateSearch.done(); deviceStatusSearch = createSearchBuilder(); deviceStatusSearch.and("physicalNetworkId", deviceStatusSearch.entity().getPhysicalNetworkId(), Op.EQ); deviceStatusSearch.and("providerName", deviceStatusSearch.entity().getProviderName(), Op.EQ); deviceStatusSearch.and("deviceState", deviceStatusSearch.entity().getDeviceState(), Op.EQ); deviceStatusSearch.done(); }
@Override public boolean deletePaloAltoFirewall(DeletePaloAltoFirewallCmd cmd) { Long fwDeviceId = cmd.getFirewallDeviceId(); ExternalFirewallDeviceVO fwDeviceVO = _fwDevicesDao.findById(fwDeviceId); if (fwDeviceVO == null || !fwDeviceVO.getDeviceName().equalsIgnoreCase(NetworkDevice.PaloAltoFirewall.getName())) { throw new InvalidParameterValueException("No Palo Alto firewall device found with ID: " + fwDeviceId); } return deleteExternalFirewall(fwDeviceVO.getHostId()); }
@Override public ExternalFirewallDeviceVO findSuitableFirewallForNetwork(Network network) throws InsufficientCapacityException { long physicalNetworkId = network.getPhysicalNetworkId(); List<ExternalFirewallDeviceVO> fwDevices = _externalFirewallDeviceDao.listByPhysicalNetwork(physicalNetworkId); // loop through the firewall device in the physical network and pick the first-fit for (ExternalFirewallDeviceVO fwDevice : fwDevices) { // max number of guest networks that can be mapped to this device long fullCapacity = fwDevice.getCapacity(); if (fullCapacity == 0) { fullCapacity = _defaultFwCapacity; // if capacity not configured then use the default } // get the list of guest networks that are mapped to this load balancer List<NetworkExternalFirewallVO> mappedNetworks = _networkExternalFirewallDao.listByFirewallDeviceId(fwDevice.getId()); long usedCapacity = (mappedNetworks == null) ? 0 : mappedNetworks.size(); if ((fullCapacity - usedCapacity) > 0) { return fwDevice; } } throw new InsufficientNetworkCapacityException("Unable to find a firewall provider with sufficient capcity " + " to implement the network", DataCenter.class, network.getDataCenterId()); }
@Override public List<Host> listExternalFirewalls(long physicalNetworkId, String deviceName) { List<Host> firewallHosts = new ArrayList<Host>(); NetworkDevice fwNetworkDevice = NetworkDevice.getNetworkDevice(deviceName); PhysicalNetworkVO pNetwork = null; pNetwork = _physicalNetworkDao.findById(physicalNetworkId); if (pNetwork == null) { throw new InvalidParameterValueException("Could not find phyical network with ID: " + physicalNetworkId); } if ((pNetwork == null) || (fwNetworkDevice == null)) { throw new InvalidParameterValueException("Atleast one of ther required parameter physical networkId, device name is missing or invalid."); } PhysicalNetworkServiceProviderVO ntwkSvcProvider = _physicalNetworkServiceProviderDao.findByServiceProvider(pNetwork.getId(), fwNetworkDevice.getNetworkServiceProvder()); if (ntwkSvcProvider == null) { return null; } List<ExternalFirewallDeviceVO> fwDevices = _externalFirewallDeviceDao.listByPhysicalNetworkAndProvider(physicalNetworkId, ntwkSvcProvider.getProviderName()); for (ExternalFirewallDeviceVO fwDevice : fwDevices) { firewallHosts.add(_hostDao.findById(fwDevice.getHostId())); } return firewallHosts; }
@Override public ExternalFirewallDeviceVO configurePaloAltoFirewall(ConfigurePaloAltoFirewallCmd cmd) { Long fwDeviceId = cmd.getFirewallDeviceId(); Long deviceCapacity = cmd.getFirewallCapacity(); ExternalFirewallDeviceVO fwDeviceVO = _fwDevicesDao.findById(fwDeviceId); if (fwDeviceVO == null || !fwDeviceVO.getDeviceName().equalsIgnoreCase(NetworkDevice.PaloAltoFirewall.getName())) { throw new InvalidParameterValueException("No Palo Alto firewall device found with ID: " + fwDeviceId); } if (deviceCapacity != null) { // check if any networks are using this Palo Alto device List<NetworkExternalFirewallVO> networks = _networkFirewallDao.listByFirewallDeviceId(fwDeviceId); if ((networks != null) && !networks.isEmpty()) { if (deviceCapacity < networks.size()) { throw new CloudRuntimeException("There are more number of networks already using this Palo Alto firewall device than configured capacity"); } } if (deviceCapacity != null) { fwDeviceVO.setCapacity(deviceCapacity); } } fwDeviceVO.setDeviceState(FirewallDeviceState.Enabled); _fwDevicesDao.update(fwDeviceId, fwDeviceVO); return fwDeviceVO; }
@Override public boolean isReady(PhysicalNetworkServiceProvider provider) { List<ExternalFirewallDeviceVO> fwDevices = _fwDevicesDao.listByPhysicalNetworkAndProvider(provider.getPhysicalNetworkId(), Provider.PaloAlto.getName()); // true if at-least one Palo Alto device is added in to physical network and is in configured (in enabled state) state if (fwDevices != null && !fwDevices.isEmpty()) { for (ExternalFirewallDeviceVO fwDevice : fwDevices) { if (fwDevice.getDeviceState() == FirewallDeviceState.Enabled) { return true; } } } return false; }
@Override public List<? extends Network> listNetworks(ListPaloAltoFirewallNetworksCmd cmd) { Long fwDeviceId = cmd.getFirewallDeviceId(); List<NetworkVO> networks = new ArrayList<NetworkVO>(); ExternalFirewallDeviceVO fwDeviceVo = _fwDevicesDao.findById(fwDeviceId); if (fwDeviceVo == null || !fwDeviceVo.getDeviceName().equalsIgnoreCase(NetworkDevice.PaloAltoFirewall.getName())) { throw new InvalidParameterValueException("Could not find Palo Alto firewall device with ID " + fwDeviceId); } List<NetworkExternalFirewallVO> networkFirewallMaps = _networkFirewallDao.listByFirewallDeviceId(fwDeviceId); if (networkFirewallMaps != null && !networkFirewallMaps.isEmpty()) { for (NetworkExternalFirewallVO networkFirewallMap : networkFirewallMaps) { NetworkVO network = _networkDao.findById(networkFirewallMap.getNetworkId()); networks.add(network); } } return networks; }
HostVO externalFirewall = null; if (fwDeviceVO != null) { externalFirewall = _hostDao.findById(fwDeviceVO.getHostId()); if (externalFirewall != null) { Long fwDeviceId = new Long(externalFirewall.getId());
@Override public List<ExternalFirewallDeviceVO> listPaloAltoFirewalls(ListPaloAltoFirewallsCmd cmd) { Long physcialNetworkId = cmd.getPhysicalNetworkId(); Long fwDeviceId = cmd.getFirewallDeviceId(); PhysicalNetworkVO pNetwork = null; List<ExternalFirewallDeviceVO> fwDevices = new ArrayList<ExternalFirewallDeviceVO>(); if (physcialNetworkId == null && fwDeviceId == null) { throw new InvalidParameterValueException("Either physical network Id or load balancer device Id must be specified"); } if (fwDeviceId != null) { ExternalFirewallDeviceVO fwDeviceVo = _fwDevicesDao.findById(fwDeviceId); if (fwDeviceVo == null || !fwDeviceVo.getDeviceName().equalsIgnoreCase(NetworkDevice.PaloAltoFirewall.getName())) { throw new InvalidParameterValueException("Could not find Palo Alto firewall device with ID: " + fwDeviceId); } fwDevices.add(fwDeviceVo); } if (physcialNetworkId != null) { pNetwork = _physicalNetworkDao.findById(physcialNetworkId); if (pNetwork == null) { throw new InvalidParameterValueException("Could not find phyical network with ID: " + physcialNetworkId); } fwDevices = _fwDevicesDao.listByPhysicalNetworkAndProvider(physcialNetworkId, Provider.PaloAlto.getName()); } return fwDevices; }
public boolean manageRemoteAccessVpnUsers(Network network, RemoteAccessVpn vpn, List<? extends VpnUser> vpnUsers) throws ResourceUnavailableException { ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network); HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId()); if (externalFirewall == null) { return false; } List<VpnUser> addUsers = new ArrayList<VpnUser>(); List<VpnUser> removeUsers = new ArrayList<VpnUser>(); for (VpnUser user : vpnUsers) { if (user.getState() == VpnUser.State.Add || user.getState() == VpnUser.State.Active) { addUsers.add(user); } else if (user.getState() == VpnUser.State.Revoke) { removeUsers.add(user); } } VpnUsersCfgCommand addUsersCmd = new VpnUsersCfgCommand(addUsers, removeUsers); addUsersCmd.setAccessDetail(NetworkElementCommand.ACCOUNT_ID, String.valueOf(network.getAccountId())); addUsersCmd.setAccessDetail(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr()); Answer answer = _agentMgr.easySend(externalFirewall.getId(), addUsersCmd); if (answer == null || !answer.getResult()) { String details = (answer != null) ? answer.getDetails() : "details unavailable"; DataCenterVO zone = _dcDao.findById(network.getDataCenterId()); String msg = "External firewall was unable to add remote access users in zone " + zone.getName() + " due to: " + details + "."; s_logger.error(msg); throw new ResourceUnavailableException(msg, DataCenter.class, zone.getId()); } return true; }
@Override public boolean applyPortForwardingRules(Network network, List<? extends PortForwardingRule> rules) throws ResourceUnavailableException { // Find the external firewall in this zone long zoneId = network.getDataCenterId(); DataCenterVO zone = _dcDao.findById(zoneId); ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network); HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId()); assert (externalFirewall != null); if (network.getState() == Network.State.Allocated) { s_logger.debug("External firewall was asked to apply firewall rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands."); return true; } List<PortForwardingRuleTO> pfRules = new ArrayList<PortForwardingRuleTO>(); for (PortForwardingRule rule : rules) { IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId()); Vlan vlan = _vlanDao.findById(sourceIp.getVlanId()); PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, vlan.getVlanTag(), sourceIp.getAddress().addr()); pfRules.add(ruleTO); } sendPortForwardingRules(pfRules, zone, externalFirewall.getId()); return true; } }
public boolean applyStaticNatRules(Network network, List<? extends StaticNat> rules) throws ResourceUnavailableException { long zoneId = network.getDataCenterId(); DataCenterVO zone = _dcDao.findById(zoneId); ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network); HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId()); assert (externalFirewall != null); if (network.getState() == Network.State.Allocated) { s_logger.debug("External firewall was asked to apply firewall rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands."); return true; } List<StaticNatRuleTO> staticNatRules = new ArrayList<StaticNatRuleTO>(); for (StaticNat rule : rules) { IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId()); Vlan vlan = _vlanDao.findById(sourceIp.getVlanId()); StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, vlan.getVlanTag(), sourceIp.getAddress().addr(), -1, -1, rule.getDestIpAddress(), -1, -1, "any", rule.isForRevoke(), false); staticNatRules.add(ruleTO); } sendStaticNatRules(staticNatRules, zone, externalFirewall.getId()); return true; }
public boolean manageRemoteAccessVpn(boolean create, Network network, RemoteAccessVpn vpn) throws ResourceUnavailableException { ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network); HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId());
return true; HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId());