@Override public List<? extends Network> listNetworks(ListPaloAltoFirewallNetworksCmd cmd) { Long fwDeviceId = cmd.getFirewallDeviceId(); List<NetworkVO> networks = new ArrayList<NetworkVO>(); ExternalFirewallDeviceVO fwDeviceVo = _fwDevicesDao.findById(fwDeviceId); if (fwDeviceVo == null || !fwDeviceVo.getDeviceName().equalsIgnoreCase(NetworkDevice.PaloAltoFirewall.getName())) { throw new InvalidParameterValueException("Could not find Palo Alto firewall device with ID " + fwDeviceId); } List<NetworkExternalFirewallVO> networkFirewallMaps = _networkFirewallDao.listByFirewallDeviceId(fwDeviceId); if (networkFirewallMaps != null && !networkFirewallMaps.isEmpty()) { for (NetworkExternalFirewallVO networkFirewallMap : networkFirewallMaps) { NetworkVO network = _networkDao.findById(networkFirewallMap.getNetworkId()); networks.add(network); } } return networks; }
@Override public boolean deleteExternalFirewall(Long hostId) { HostVO externalFirewall = _hostDao.findById(hostId); if (externalFirewall == null) { throw new InvalidParameterValueException("Could not find an external firewall with ID: " + hostId); } DetailVO fwHostDetails = _hostDetailDao.findDetail(hostId, ApiConstants.FIREWALL_DEVICE_ID); long fwDeviceId = Long.parseLong(fwHostDetails.getValue()); // check if any networks are using this balancer device List<NetworkExternalFirewallVO> networks = _networkExternalFirewallDao.listByFirewallDeviceId(fwDeviceId); if ((networks != null) && !networks.isEmpty()) { throw new CloudRuntimeException("Delete can not be done as there are networks using the firewall device "); } try { // put the host in maintenance state in order for it to be deleted externalFirewall.setResourceState(ResourceState.Maintenance); _hostDao.update(hostId, externalFirewall); _resourceMgr.deleteHost(hostId, false, false); // delete the external load balancer entry _externalFirewallDeviceDao.remove(fwDeviceId); return true; } catch (Exception e) { s_logger.debug("Failed to delete external firewall device due to " + e.getMessage()); return false; } }
@Override public ExternalFirewallDeviceVO findSuitableFirewallForNetwork(Network network) throws InsufficientCapacityException { long physicalNetworkId = network.getPhysicalNetworkId(); List<ExternalFirewallDeviceVO> fwDevices = _externalFirewallDeviceDao.listByPhysicalNetwork(physicalNetworkId); // loop through the firewall device in the physical network and pick the first-fit for (ExternalFirewallDeviceVO fwDevice : fwDevices) { // max number of guest networks that can be mapped to this device long fullCapacity = fwDevice.getCapacity(); if (fullCapacity == 0) { fullCapacity = _defaultFwCapacity; // if capacity not configured then use the default } // get the list of guest networks that are mapped to this load balancer List<NetworkExternalFirewallVO> mappedNetworks = _networkExternalFirewallDao.listByFirewallDeviceId(fwDevice.getId()); long usedCapacity = (mappedNetworks == null) ? 0 : mappedNetworks.size(); if ((fullCapacity - usedCapacity) > 0) { return fwDevice; } } throw new InsufficientNetworkCapacityException("Unable to find a firewall provider with sufficient capcity " + " to implement the network", DataCenter.class, network.getDataCenterId()); }
@Override public ExternalFirewallDeviceVO configurePaloAltoFirewall(ConfigurePaloAltoFirewallCmd cmd) { Long fwDeviceId = cmd.getFirewallDeviceId(); Long deviceCapacity = cmd.getFirewallCapacity(); ExternalFirewallDeviceVO fwDeviceVO = _fwDevicesDao.findById(fwDeviceId); if (fwDeviceVO == null || !fwDeviceVO.getDeviceName().equalsIgnoreCase(NetworkDevice.PaloAltoFirewall.getName())) { throw new InvalidParameterValueException("No Palo Alto firewall device found with ID: " + fwDeviceId); } if (deviceCapacity != null) { // check if any networks are using this Palo Alto device List<NetworkExternalFirewallVO> networks = _networkFirewallDao.listByFirewallDeviceId(fwDeviceId); if ((networks != null) && !networks.isEmpty()) { if (deviceCapacity < networks.size()) { throw new CloudRuntimeException("There are more number of networks already using this Palo Alto firewall device than configured capacity"); } } if (deviceCapacity != null) { fwDeviceVO.setCapacity(deviceCapacity); } } fwDeviceVO.setDeviceState(FirewallDeviceState.Enabled); _fwDevicesDao.update(fwDeviceId, fwDeviceVO); return fwDeviceVO; }