@Override public void doInTransactionWithoutResult(TransactionStatus status) { Account owner = _accountMgr.getAccount(addr.getAllocatedToAccountId()); if (_ipAddressDao.lockRow(addr.getId(), true) != null) { final IPAddressVO userIp = _ipAddressDao.findById(addr.getId()); if (userIp.getState() == IpAddress.State.Allocating || addr.getState() == IpAddress.State.Free) { addr.setState(IpAddress.State.Allocated); if (_ipAddressDao.update(addr.getId(), addr)) { // Save usage event if (owner.getAccountId() != Account.ACCOUNT_ID_SYSTEM) { VlanVO vlan = _vlanDao.findById(addr.getVlanId()); String guestType = vlan.getVlanType().toString(); if (!isIpDedicated(addr)) { UsageEventUtils.publishUsageEvent(EventTypes.EVENT_NET_IP_ASSIGN, owner.getId(), addr.getDataCenterId(), addr.getId(), addr.getAddress().toString(), addr.isSourceNat(), guestType, addr.getSystem(), addr.getClass().getName(), addr.getUuid()); } if (updateIpResourceCount(addr)) { _resourceLimitMgr.incrementResourceCount(owner.getId(), ResourceType.public_ip); } } } else { s_logger.error("Failed to mark public IP as allocated with id=" + addr.getId() + " address=" + addr.getAddress()); } } } else { s_logger.error("Failed to acquire row lock to mark public IP as allocated with id=" + addr.getId() + " address=" + addr.getAddress()); } } });
long networkId = ipAddress.getAssociatedWithNetworkId(); if (!ipAddress.isOneToOneNat()) { InvalidParameterValueException ex = new InvalidParameterValueException("One to one nat is not enabled for the specified ip id"); ex.addProxyObject(ipAddress.getUuid(), "ipId"); throw ex; ipAddress.setRuleState(IpAddress.State.Releasing); _ipAddressDao.update(ipAddress.getId(), ipAddress); ipAddress = _ipAddressDao.findById(ipId); boolean isIpSystem = ipAddress.getSystem(); ipAddress.setOneToOneNat(false); ipAddress.setAssociatedWithVmId(null); ipAddress.setRuleState(null); ipAddress.setVmIp(null); if (isIpSystem && !releaseIpIfElastic) { ipAddress.setSystem(false); _ipAddressDao.update(ipAddress.getId(), ipAddress); _vpcMgr.unassignIPFromVpcNetwork(ipAddress.getId(), networkId); s_logger.warn("Failed to disable one to one nat for the ip address id" + ipId); ipAddress = _ipAddressDao.findById(ipId); ipAddress.setRuleState(null); _ipAddressDao.update(ipAddress.getId(), ipAddress); return false;
public VspStaticNat buildVspStaticNat(Boolean forRevoke, IPAddressVO staticNatIp, VlanVO staticNatVlan, NicVO nic) { NicSecondaryIpVO nicSecondaryIp = null; if (nic == null && staticNatIp.getAssociatedWithVmId() != null && staticNatIp.getVmIp() != null) { nicSecondaryIp = _nicSecondaryIpDao.findByIp4AddressAndInstanceId(staticNatIp.getAssociatedWithVmId(), staticNatIp.getVmIp()); if (nicSecondaryIp != null) { nic = _nicDao.findById(nicSecondaryIp.getNicId()); } } VspNic vspNic = (nic != null) ? buildVspNic(nic, nicSecondaryIp) : null; return buildVspStaticNat(forRevoke, staticNatIp, staticNatVlan, vspNic); }
@Override public boolean readyToUse() { return _addr.getAllocatedTime() != null && _addr.getState() == State.Allocated; }
protected boolean updateIpResourceCount(IPAddressVO ip) { // don't increment resource count for direct and dedicated ip addresses return (ip.getAssociatedWithNetworkId() != null || ip.getVpcId() != null) && !isIpDedicated(ip); }
@Override public void doInTransactionWithoutResult(TransactionStatus status) { List<IPAddressVO> ips = _ipAddressDao.listStaticNatPublicIps(network.getId()); for (IPAddressVO ip : ips) { ip.setOneToOneNat(false); ip.setAssociatedWithVmId(null); ip.setVmIp(null); _ipAddressDao.update(ip.getId(),ip); } } });
@PostConstruct public void init() { AllFieldsSearch = createSearchBuilder(); AllFieldsSearch.and("id", AllFieldsSearch.entity().getId(), Op.EQ); AllFieldsSearch.and("dataCenterId", AllFieldsSearch.entity().getDataCenterId(), Op.EQ); AllFieldsSearch.and("ipAddress", AllFieldsSearch.entity().getAddress(), Op.EQ); AllFieldsSearch.and("vlan", AllFieldsSearch.entity().getVlanId(), Op.EQ); AllFieldsSearch.and("accountId", AllFieldsSearch.entity().getAllocatedToAccountId(), Op.EQ); AllFieldsSearch.and("sourceNat", AllFieldsSearch.entity().isSourceNat(), Op.EQ); AllFieldsSearch.and("network", AllFieldsSearch.entity().getAssociatedWithNetworkId(), Op.EQ); AllFieldsSearch.and("associatedWithVmId", AllFieldsSearch.entity().getAssociatedWithVmId(), Op.EQ); AllFieldsSearch.and("oneToOneNat", AllFieldsSearch.entity().isOneToOneNat(), Op.EQ); AllFieldsSearch.and("sourcenetwork", AllFieldsSearch.entity().getSourceNetworkId(), Op.EQ); AllFieldsSearch.and("physicalNetworkId", AllFieldsSearch.entity().getPhysicalNetworkId(), Op.EQ); AllFieldsSearch.and("vpcId", AllFieldsSearch.entity().getVpcId(), Op.EQ); AllFieldsSearch.and("associatedVmIp", AllFieldsSearch.entity().getVmIp(), Op.EQ); AllFieldsSearch.done(); VlanDbIdSearchUnallocated.and("allocated", VlanDbIdSearchUnallocated.entity().getAllocatedTime(), Op.NULL); VlanDbIdSearchUnallocated.and("vlanDbId", VlanDbIdSearchUnallocated.entity().getVlanId(), Op.EQ); VlanDbIdSearchUnallocated.done(); AllIpCount.select(null, Func.COUNT, AllIpCount.entity().getAddress()); AllIpCount.and("dc", AllIpCount.entity().getDataCenterId(), Op.EQ); AllIpCount.and("vlan", AllIpCount.entity().getVlanId(), Op.EQ); AllIpCount.done(); AllIpCountForDc.select(null, Func.COUNT, AllIpCountForDc.entity().getAddress()); AllIpCountForDc.and("dc", AllIpCountForDc.entity().getDataCenterId(), Op.EQ); AllIpCountForDc.done();
sb.and("dataCenterId", sb.entity().getDataCenterId(), SearchCriteria.Op.EQ); sb.and("address", sb.entity().getAddress(), SearchCriteria.Op.EQ); sb.and("vlanDbId", sb.entity().getVlanId(), SearchCriteria.Op.EQ); sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ); sb.and("physicalNetworkId", sb.entity().getPhysicalNetworkId(), SearchCriteria.Op.EQ); sb.and("associatedNetworkIdEq", sb.entity().getAssociatedWithNetworkId(), SearchCriteria.Op.EQ); sb.and("isSourceNat", sb.entity().isSourceNat(), SearchCriteria.Op.EQ); sb.and("isStaticNat", sb.entity().isOneToOneNat(), SearchCriteria.Op.EQ); sb.and("vpcId", sb.entity().getVpcId(), SearchCriteria.Op.EQ); sb.and("state", sb.entity().getState(), SearchCriteria.Op.EQ); sb.and("display", sb.entity().isDisplay(), SearchCriteria.Op.EQ); sb.join("lbSearch", lbSearch, sb.entity().getId(), lbSearch.entity().getSourceIpAddressId(), JoinType.INNER); sb.groupBy(sb.entity().getId()); sb.and("addressLIKE", sb.entity().getAddress(), SearchCriteria.Op.LIKE); sb.groupBy(sb.entity().getId()); sb.join("tagSearch", tagSearch, sb.entity().getId(), tagSearch.entity().getResourceId(), JoinBuilder.JoinType.INNER); sb.join("vlanSearch", vlanSearch, sb.entity().getVlanId(), vlanSearch.entity().getId(), JoinBuilder.JoinType.INNER); sb.and("allocated", sb.entity().getAllocatedTime(), SearchCriteria.Op.NNULL);
boolean isSourceNatAllocated = false; for (IPAddressVO addr : ips) { if (addr.getState() != State.Allocated) { if (!isSourceNatAllocated && allocateSourceNat) { addr.setSourceNat(true); isSourceNatAllocated = true; } else { addr.setSourceNat(false); addr.setAssociatedWithNetworkId(guestNetwork.getId()); addr.setVpcId(guestNetwork.getVpcId()); addr.setAllocatedTime(new Date()); addr.setAllocatedInDomainId(owner.getDomainId()); addr.setAllocatedToAccountId(owner.getId()); addr.setSystem(false); addr.setState(IpAddress.State.Allocating); markPublicIpAsAllocated(addr);
if (ip.isOneToOneNat()) { throw new InvalidParameterValueException("Can't delete account specific vlan " + vlanDbId + " as ip " + ip + " belonging to the range is used for static nat purposes. Cleanup the rules first"); if (ip.isSourceNat()) { throw new InvalidParameterValueException("Can't delete account specific vlan " + vlanDbId + " as ip " + ip + " belonging to the range is a source nat ip for the network id=" + ip.getSourceNetworkId() + ". IP range with the source nat ip address can be removed either as a part of Network, or account removal"); if (_firewallDao.countRulesByIpId(ip.getId()) > 0) { throw new InvalidParameterValueException("Can't delete account specific vlan " + vlanDbId + " as ip " + ip + " belonging to the range has firewall rules applied. Cleanup the rules first"); if (ip.getAllocatedTime() != null) {// This means IP is allocated success = _ipAddrMgr.disassociatePublicIpAddress(ip.getId(), userId, caller); } else { resourceCountToBeDecrement++; UsageEventUtils.publishUsageEvent(EventTypes.EVENT_NET_IP_RELEASE, acctVln.get(0).getAccountId(), ip.getDataCenterId(), ip.getId(), ip.getAddress().toString(), ip.isSourceNat(), vlanRange.getVlanType().toString(), ip.getSystem(), ip.getClass().getName(), ip.getUuid()); final NicIpAliasVO ipAlias = _nicIpAliasDao.findByGatewayAndNetworkIdAndState(vlanRange.getVlanGateway(), vlanRange.getNetworkId(), NicIpAlias.State.active); if (ipAlias != null && vlanDbId == _publicIpAddressDao.findByIpAndSourceNetworkId(vlanRange.getNetworkId(), ipAlias.getIp4Address()).getVlanId()) { throw new InvalidParameterValueException("Cannot delete vlan range " + vlanDbId + " as " + ipAlias.getIp4Address() + "is being used for providing dhcp service in this subnet. Delete all VMs in this subnet and try again");
if (!ip.isOneToOneNat() && !ip.isSourceNat() && !(_firewallDao.countRulesByIpId(ip.getId()) > 0)) { if (s_logger.isDebugEnabled()) { s_logger.debug("Releasing Public IP addresses" + ip + " of vlan " + vlanDbId + " as part of Public IP" + " range release to the system pool"); success = success && _ipAddrMgr.disassociatePublicIpAddress(ip.getId(), userId, caller); } else { ipsInUse.add(ip); UsageEventUtils.publishUsageEvent(EventTypes.EVENT_NET_IP_RELEASE, acctVln.get(0).getAccountId(), ip.getDataCenterId(), ip.getId(), ip.getAddress().toString(), ip.isSourceNat(), vlan.getVlanType().toString(), ip.getSystem(), ip.getClass().getName(), ip.getUuid());
boolean isOneToOneNat = ipAddress.isOneToOneNat(); Long associatedWithVmId = ipAddress.getAssociatedWithVmId(); Nic guestNic; NicSecondaryIpVO nicSecIp = null; if (ipAddress.getAssociatedWithNetworkId() == null) { boolean assignToVpcNtwk = network.getVpcId() != null && ipAddress.getVpcId() != null && ipAddress.getVpcId().longValue() == network.getVpcId(); if (assignToVpcNtwk) { _networkModel.checkIpForService(ipAddress, Service.StaticNat, networkId); } else if (ipAddress.isPortable()) { s_logger.info("Portable IP " + ipAddress.getUuid() + " is not associated with the network yet " + " so associate IP with the network " + networkId); try { } else if (ipAddress.getAssociatedWithNetworkId() != networkId) { if (ipAddress.isPortable()) { if (_ipAddrMgr.isPortableIpTransferableFromNetwork(ipId, ipAddress.getAssociatedWithNetworkId())) { try { _ipAddrMgr.transferPortableIP(ipId, ipAddress.getAssociatedWithNetworkId(), networkId); ipAddress = _ipAddressDao.findById(ipId); } catch (Exception e) { ipAddress.getAssociatedWithNetworkId() + " so can not be transferred to " + " network " + networkId); if (ipAddress.getAssociatedWithNetworkId() == null) { throw new InvalidParameterValueException("Ip address " + ipAddress + " is not assigned to the network " + network);
IPAddressVO ipaddr = new IPAddressVO(new Ip(allocatedPortableIp.getAddress()), dcId, networkId, vpcID, physicalNetworkId, network.getId(), vlan.getId(), true); ipaddr.setState(State.Allocated); ipaddr.setAllocatedTime(new Date()); ipaddr.setAllocatedInDomainId(ipOwner.getDomainId()); ipaddr.setAllocatedToAccountId(ipOwner.getId()); ipaddr = _ipAddressDao.persist(ipaddr); UsageEventUtils.publishUsageEvent(EventTypes.EVENT_PORTABLE_IP_ASSIGN, ipaddr.getId(), ipaddr.getDataCenterId(), ipaddr.getId(), ipaddr.getAddress().toString(), ipaddr.isSourceNat(), null, ipaddr.getSystem(), ipaddr.getClass().getName(), ipaddr.getUuid());
protected void isIpReadyForStaticNat(long vmId, IPAddressVO ipAddress, String vmIp, Account caller, long callerUserId) throws NetworkRuleConflictException, ResourceUnavailableException { if (ipAddress.isSourceNat()) { throw new InvalidParameterValueException("Can't enable static, ip address " + ipAddress + " is a sourceNat ip address"); if (!ipAddress.isOneToOneNat()) { // Dont allow to enable static nat if PF/LB rules exist for the IP List<FirewallRuleVO> portForwardingRules = _firewallDao.listByIpAndPurposeAndNotRevoked(ipAddress.getId(), Purpose.PortForwarding); if (portForwardingRules != null && !portForwardingRules.isEmpty()) { throw new NetworkRuleConflictException("Failed to enable static nat for the ip address " + ipAddress + " as it already has PortForwarding rules assigned"); List<FirewallRuleVO> loadBalancingRules = _firewallDao.listByIpAndPurposeAndNotRevoked(ipAddress.getId(), Purpose.LoadBalancing); if (loadBalancingRules != null && !loadBalancingRules.isEmpty()) { throw new NetworkRuleConflictException("Failed to enable static nat for the ip address " + ipAddress + " as it already has LoadBalancing rules assigned"); } else if (ipAddress.getAssociatedWithVmId() != null && ipAddress.getAssociatedWithVmId().longValue() != vmId) { throw new NetworkRuleConflictException("Failed to enable static for the ip address " + ipAddress + " and vm id=" + vmId + " as it's already assigned to antoher vm"); Long networkId = oldIP.getAssociatedWithNetworkId(); VMInstanceVO vm = _vmInstanceDao.findById(vmId); ipAddress.getAddress()+" with Id " +ipAddress.getUuid()+" as the vm " +vm.getInstanceName() + " with Id " + vm.getUuid() +" is already associated with another public ip " + oldIP.getAddress() +" with id "+ oldIP.getUuid()); if (!disableStaticNat(oldIP.getId(), caller, callerUserId, true)) { throw new CloudRuntimeException("Failed to disable old static nat rule for vm "+ vm.getInstanceName() + " with id "+vm.getUuid() +" and public ip " + oldIP);
@Override public IPAddressVO doInTransaction(TransactionStatus status) { if (updateIpResourceCount(ip)) { _resourceLimitMgr.decrementResourceCount(_ipAddressDao.findById(addrId).getAllocatedToAccountId(), ResourceType.public_ip); } // Save usage event if (ip.getAllocatedToAccountId() != null && ip.getAllocatedToAccountId() != Account.ACCOUNT_ID_SYSTEM) { VlanVO vlan = _vlanDao.findById(ip.getVlanId()); String guestType = vlan.getVlanType().toString(); if (!isIpDedicated(ip)) { String eventType = ip.isPortable() ? EventTypes.EVENT_PORTABLE_IP_RELEASE : EventTypes.EVENT_NET_IP_RELEASE; UsageEventUtils.publishUsageEvent(eventType, ip.getAllocatedToAccountId(), ip.getDataCenterId(), addrId, ip.getAddress().addr(), ip.isSourceNat(), guestType, ip.getSystem(), ip.getClass().getName(), ip.getUuid()); } } return _ipAddressDao.markAsUnavailable(addrId); } });
} else if (ipAddress.isSourceNat() || !ipAddress.isOneToOneNat() || ipAddress.getAssociatedWithVmId() == null) { throw new NetworkRuleConflictException("Can't do static nat on ip address: " + ipAddress.getAddress()); FirewallRuleType.User, null, rule.getTrafficType()); final Long networkId = ipAddress.getAssociatedWithNetworkId(); final Long accountId = ipAddress.getAllocatedToAccountId(); final Long domainId = ipAddress.getAllocatedInDomainId(); final String dstIp = ipAddress.getVmIp(); return Transaction.execute(new TransactionCallbackWithException<StaticNatRule, NetworkRuleConflictException>() { @Override
if (ipVO.getAllocatedTime() == null) { s_logger.debug("Ip Address id= " + ipAddressId + " is not allocated, so do nothing."); return true; if (ipVO.getAllocatedToAccountId() != null) { _accountMgr.checkAccess(caller, null, true, ipVO); if (ipVO.isSourceNat()) { throw new IllegalArgumentException("ip address is used for source nat purposes and can not be disassociated."); VlanVO vlan = _vlanDao.findById(ipVO.getVlanId()); if (!vlan.getVlanType().equals(VlanType.VirtualNetwork)) { throw new IllegalArgumentException("only ip addresses that belong to a virtual network may be disassociated."); if (ipVO.getSystem()) { throwInvalidIdException("Can't release system IP address with specified id", ipVO.getUuid(), "systemIpAddrId"); Long networkId = ipVO.getAssociatedWithNetworkId(); if (networkId != null) { Network guestNetwork = getNetwork(networkId); NetworkOffering offering = _entityMgr.findById(NetworkOffering.class, guestNetwork.getNetworkOfferingId()); Long vmId = ipVO.getAssociatedWithVmId(); if (offering.isElasticIp() && vmId != null) { _rulesMgr.getSystemIpAndEnableStaticNatForVm(_userVmDao.findById(vmId), true);
final List<IPAddressVO> ips = _publicIpAddressDao.listByVlanId(vlanDbId); for (final IPAddressVO ip : ips) { forSystemVms = ip.isForSystemVms(); final Long allocatedToAccountId = ip.getAllocatedToAccountId(); if (allocatedToAccountId != null) { final Account accountAllocatedTo = _accountMgr.getActiveAccountById(allocatedToAccountId); if (!accountAllocatedTo.getAccountName().equalsIgnoreCase(accountName)) { throw new InvalidParameterValueException(ip.getAddress() + " Public IP address in range is allocated to another account "); throw new InvalidParameterValueException(ip.getAddress() + " Public IP address in range is allocated to another domain/account "); UsageEventUtils.publishUsageEvent(EventTypes.EVENT_NET_IP_ASSIGN, vlanOwner.getId(), ip.getDataCenterId(), ip.getId(), ip.getAddress().toString(), ip.isSourceNat(), vlan.getVlanType().toString(), ip.getSystem(), ip.getClass().getName(), ip.getUuid());
IpAddressSearch.and("accountId", IpAddressSearch.entity().getAllocatedToAccountId(), Op.EQ); IpAddressSearch.and("dataCenterId", IpAddressSearch.entity().getDataCenterId(), Op.EQ); IpAddressSearch.and("vpcId", IpAddressSearch.entity().getVpcId(), Op.EQ); IpAddressSearch.and("associatedWithNetworkId", IpAddressSearch.entity().getAssociatedWithNetworkId(), Op.EQ); SearchBuilder<VlanVO> virtualNetworkVlanSB = _vlanDao.createSearchBuilder(); virtualNetworkVlanSB.and("vlanType", virtualNetworkVlanSB.entity().getVlanType(), Op.EQ); IpAddressSearch.join("virtualNetworkVlanSB", virtualNetworkVlanSB, IpAddressSearch.entity().getVlanId(), virtualNetworkVlanSB.entity().getId(), JoinBuilder.JoinType.INNER); IpAddressSearch.done();
} else if (ipVO.isOneToOneNat()) { throw new NetworkRuleConflictException("Can't do load balance on ip address: " + ipVO.getAddress()); if (ipVO.getAssociatedWithNetworkId() == null) { boolean assignToVpcNtwk = network.getVpcId() != null && ipVO.getVpcId() != null && ipVO.getVpcId().longValue() == network.getVpcId(); if (assignToVpcNtwk) { if (ipVO.getAssociatedWithNetworkId() == null) { throw new InvalidParameterValueException("Ip address " + ipVO + " is not assigned to the network " + network); result = createPublicLoadBalancer(xId, name, description, srcPortStart, defPortStart, ipVO.getId(), protocol, algorithm, openFirewall, CallContext.current(), lbProtocol, forDisplay); } catch (Exception ex) { ipVO = _ipAddressDao.findById(ipVO.getId()); _vpcMgr.unassignIPFromVpcNetwork(ipVO.getId(), networkId);