/** * Compress the security group rules using zlib compression to allow the call to the hypervisor * to scale beyond 8k cidrs. * Note : not using {@see GZipOutputStream} since that is for files, using {@see DeflaterOutputStream} instead. * {@see GZipOutputStream} gives a different header, although the compression is the same */ public String compressStringifiedRules() { final String stringified = stringifyRules(); final ByteArrayOutputStream out = new ByteArrayOutputStream(); String encodedResult = null; try { final DeflaterOutputStream dzip = new DeflaterOutputStream(out); dzip.write(stringified.getBytes()); dzip.close(); encodedResult = Base64.encodeBase64String(out.toByteArray()); } catch (final IOException e) { LOGGER.warn("Exception while compressing security group rules"); } return encodedResult; }
public SecurityGroupRulesCmd( final String guestIp, final String guestIp6, final String guestMac, final String vmName, final Long vmId, final String signature, final Long seqNum, final IpPortAndProto[] ingressRuleSet, final IpPortAndProto[] egressRuleSet, final List<String> secIps) { this.guestIp = guestIp; this.guestIp6 = guestIp6; this.vmName = vmName; setIngressRuleSet(ingressRuleSet); this.setEgressRuleSet(egressRuleSet); this.guestMac = guestMac; this.seqNum = seqNum; this.vmId = vmId; if (signature == null) { final String stringified = stringifyRules(); this.signature = DigestUtils.md5Hex(stringified); } else { this.signature = signature; } this.secIps = secIps; }
private Answer execute(SecurityGroupRulesCmd cmd) { boolean result = false; try { OvmVif.Details vif = getVifFromVm(cmd.getVmName(), null); String vifDeviceName = vif.name; String bridgeName = vif.bridge; result = addNetworkRules(cmd.getVmName(), Long.toString(cmd.getVmId()), cmd.getGuestIp(), cmd.getSignature(), String.valueOf(cmd.getSeqNum()), cmd.getGuestMac(), cmd.stringifyRules(), vifDeviceName, bridgeName); } catch (XmlRpcException e) { s_logger.error(e); result = false; } if (!result) { s_logger.warn("Failed to program network rules for vm " + cmd.getVmName()); return new SecurityGroupRuleAnswer(cmd, false, "programming network rules failed"); } else { s_logger.info("Programmed network rules for vm " + cmd.getVmName() + " guestIp=" + cmd.getGuestIp() + ":ingress num rules=" + cmd.getIngressRuleSet().size() + ":egress num rules=" + cmd.getEgressRuleSet().size()); return new SecurityGroupRuleAnswer(cmd); } }
@Override public Answer execute(final SecurityGroupRulesCmd command, final LibvirtComputingResource libvirtComputingResource) { String vif = null; String brname = null; try { final LibvirtUtilitiesHelper libvirtUtilitiesHelper = libvirtComputingResource.getLibvirtUtilitiesHelper(); final Connect conn = libvirtUtilitiesHelper.getConnectionByVmName(command.getVmName()); final List<InterfaceDef> nics = libvirtComputingResource.getInterfaces(conn, command.getVmName()); vif = nics.get(0).getDevName(); brname = nics.get(0).getBrName(); } catch (final LibvirtException e) { return new SecurityGroupRuleAnswer(command, false, e.toString()); } final boolean result = libvirtComputingResource.addNetworkRules(command.getVmName(), Long.toString(command.getVmId()), command.getGuestIp(), command.getGuestIp6(), command.getSignature(), Long.toString(command.getSeqNum()), command.getGuestMac(), command.stringifyRules(), vif, brname, command.getSecIpsString()); if (!result) { s_logger.warn("Failed to program network rules for vm " + command.getVmName()); return new SecurityGroupRuleAnswer(command, false, "programming network rules failed"); } else { s_logger.debug("Programmed network rules for vm " + command.getVmName() + " guestIp=" + command.getGuestIp() + ",ingress numrules=" + command.getIngressRuleSet().size() + ",egress numrules=" + command.getEgressRuleSet().size()); return new SecurityGroupRuleAnswer(command); } } }