Examples of CiscoAsa1000vDevice

Examples of com.cloud.network.cisco.CiscoAsa1000vDevice

86
87
88
89
90
91
92
93
94
95
96
    /////////////////////////////////////////////////////

    @Override
    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
        try {
            CiscoAsa1000vDevice ciscoAsa1000v = _ciscoAsa1000vService.addCiscoAsa1000vResource(this);
            if (ciscoAsa1000v != null) {
                CiscoAsa1000vResourceResponse response = _ciscoAsa1000vService.createCiscoAsa1000vResourceResponse(ciscoAsa1000v);
                response.setObjectName("CiscoAsa1000vResource");
                response.setResponseName(getCommandName());
                this.setResponseObject(response);
View Full Code Here

Examples of com.cloud.network.cisco.CiscoAsa1000vDevice

310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
        boolean status = false;
        try {
            txn.start();

            // ensure that there is an ASA 1000v assigned to this network
            CiscoAsa1000vDevice assignedAsa = assignAsa1000vToNetwork(network);
            if (assignedAsa == null) {
                s_logger.error("Unable to assign ASA 1000v device to network " + network.getName());
                return false;
            }

            ClusterVO asaCluster = _clusterDao.findById(assignedAsa.getClusterId());
            ClusterVSMMapVO clusterVsmMap = _clusterVsmMapDao.findByClusterId(assignedAsa.getClusterId());
            if (clusterVsmMap == null) {
                s_logger.error("Vmware cluster " + asaCluster.getName() + " has no Cisco Nexus VSM device associated with it");
                return false;
            }

            CiscoNexusVSMDeviceVO vsmDevice = _vsmDeviceDao.findById(clusterVsmMap.getVsmId());
            if (vsmDevice == null) {
                s_logger.error("Unable to load details of Cisco Nexus VSM device associated with cluster " + asaCluster.getName());
                return false;
            }

            CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
            HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
            _hostDao.loadDetails(ciscoVnmcHost);
            Account owner = context.getAccount();
            PublicIp sourceNatIp = _networkMgr.assignSourceNatIpAddressToGuestNetwork(owner, network);
            String vlan = network.getBroadcastUri().getHost();
            long vlanId = Long.parseLong(vlan);

            List<VlanVO> vlanVOList = _vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId());
            List<String> publicGateways = new ArrayList<String>();
            for (VlanVO vlanVO : vlanVOList) {
                publicGateways.add(vlanVO.getVlanGateway());
            }

            // due to VNMC limitation of not allowing source NAT ip as the outside ip of firewall,
            // an additional public ip needs to acquired for assigning as firewall outside ip.
            // In case there are already additional ip addresses available (network restart) use one
            // of them such that it is not the source NAT ip
            IpAddress outsideIp = null;
            List<IPAddressVO> publicIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), null);
            for (IPAddressVO ip : publicIps) {
                if (!ip.isSourceNat()) {
                    outsideIp = ip;
                    break;
                }
            }
            if (outsideIp == null) { // none available, acquire one
                try {
                    Account caller = UserContext.current().getCaller();
                    long callerUserId = UserContext.current().getCallerUserId();
                    outsideIp = _networkMgr.allocateIp(owner, false, caller, callerUserId, zone);
                } catch (ResourceAllocationException e) {
                    s_logger.error("Unable to allocate additional public Ip address. Exception details " + e);
                    return false;
                }

                try {
                    outsideIp = _networkMgr.associateIPToGuestNetwork(outsideIp.getId(), network.getId(), true);
                } catch (ResourceAllocationException e) {
                    s_logger.error("Unable to assign allocated additional public Ip " + outsideIp.getAddress().addr() + " to network with vlan " + vlanId + ". Exception details " + e);
                    return false;
                }
            }

            // create logical edge firewall in VNMC
            String gatewayNetmask = NetUtils.getCidrNetmask(network.getCidr());
            // due to ASA limitation of allowing single subnet to be assigned to firewall interfaces,
            // all public ip addresses must be from same subnet, this essentially means single public subnet in zone
            if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), gatewayNetmask,
                    outsideIp.getAddress().addr(), sourceNatIp.getNetmask(), publicGateways, ciscoVnmcHost.getId())) {
                s_logger.error("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName());
                return false;
            }

            // create stuff in VSM for ASA device
            if (!configureNexusVsmForAsa(vlanId, network.getGateway(),
                    vsmDevice.getUserName(), vsmDevice.getPassword(), vsmDevice.getipaddr(),
                    assignedAsa.getInPortProfile(), ciscoVnmcHost.getId())) {
                s_logger.error("Failed to configure Cisco Nexus VSM " + vsmDevice.getipaddr() +
                        " for ASA device for network " + network.getName());
                return false;
            }

            // configure source NAT
            if (!configureSourceNat(vlanId, network.getCidr(), sourceNatIp, ciscoVnmcHost.getId())) {
                s_logger.error("Failed to configure source NAT in Cisco VNMC device for network " + network.getName());
                return false;
            }

            // associate Asa 1000v instance with logical edge firewall
            if (!associateAsaWithLogicalEdgeFirewall(vlanId, assignedAsa.getManagementIp(), ciscoVnmcHost.getId())) {
                s_logger.error("Failed to associate Cisco ASA 1000v (" + assignedAsa.getManagementIp() +
                        ") with logical edge firewall in VNMC for network " + network.getName());
                return false;
            }

            status = true;
View Full Code Here

Examples of com.cloud.network.cisco.CiscoAsa1000vDevice

864
865
866
867
868
869
870
871
872
873
874
    @Override
    public CiscoAsa1000vDevice addCiscoAsa1000vResource(
            AddCiscoAsa1000vResourceCmd cmd) {
        Long physicalNetworkId = cmd.getPhysicalNetworkId();
        CiscoAsa1000vDevice ciscoAsa1000vResource = null;

        PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
        if (physicalNetwork == null) {
            throw new InvalidParameterValueException("Could not find phyical network with ID: " + physicalNetworkId);
        }
View Full Code Here

Examples of com.cloud.network.cisco.CiscoAsa1000vDevice

97
98
99
100
101
102
103
104
105
106
107
    @Override
    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException,
        ResourceAllocationException {
        try {
            CiscoAsa1000vDevice ciscoAsa1000v = _ciscoAsa1000vService.addCiscoAsa1000vResource(this);
            if (ciscoAsa1000v != null) {
                CiscoAsa1000vResourceResponse response = _ciscoAsa1000vService.createCiscoAsa1000vResourceResponse(ciscoAsa1000v);
                response.setObjectName("CiscoAsa1000vResource");
                response.setResponseName(getCommandName());
                this.setResponseObject(response);
View Full Code Here

Examples of com.cloud.network.cisco.CiscoAsa1000vDevice

305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
            return false;
        }

        try {
            // ensure that there is an ASA 1000v assigned to this network
            CiscoAsa1000vDevice assignedAsa = assignAsa1000vToNetwork(network);
            if (assignedAsa == null) {
                s_logger.error("Unable to assign ASA 1000v device to network " + network.getName());
                throw new CloudRuntimeException("Unable to assign ASA 1000v device to network " + network.getName());
            }

            ClusterVO asaCluster = _clusterDao.findById(assignedAsa.getClusterId());
            ClusterVSMMapVO clusterVsmMap = _clusterVsmMapDao.findByClusterId(assignedAsa.getClusterId());
            if (clusterVsmMap == null) {
                s_logger.error("Vmware cluster " + asaCluster.getName() + " has no Cisco Nexus VSM device associated with it");
                throw new CloudRuntimeException("Vmware cluster " + asaCluster.getName() + " has no Cisco Nexus VSM device associated with it");
            }

            CiscoNexusVSMDeviceVO vsmDevice = _vsmDeviceDao.findById(clusterVsmMap.getVsmId());
            if (vsmDevice == null) {
                s_logger.error("Unable to load details of Cisco Nexus VSM device associated with cluster " + asaCluster.getName());
                throw new CloudRuntimeException("Unable to load details of Cisco Nexus VSM device associated with cluster " + asaCluster.getName());
            }

            CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
            HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
            _hostDao.loadDetails(ciscoVnmcHost);
            Account owner = context.getAccount();
            PublicIp sourceNatIp = _ipAddrMgr.assignSourceNatIpAddressToGuestNetwork(owner, network);
            long vlanId = Long.parseLong(BroadcastDomainType.getValue(network.getBroadcastUri()));

            List<VlanVO> vlanVOList = _vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId());
            List<String> publicGateways = new ArrayList<String>();
            for (VlanVO vlanVO : vlanVOList) {
                publicGateways.add(vlanVO.getVlanGateway());
            }

            // due to VNMC limitation of not allowing source NAT ip as the outside ip of firewall,
            // an additional public ip needs to acquired for assigning as firewall outside ip.
            // In case there are already additional ip addresses available (network restart) use one
            // of them such that it is not the source NAT ip
            IpAddress outsideIp = null;
            List<IPAddressVO> publicIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), null);
            for (IPAddressVO ip : publicIps) {
                if (!ip.isSourceNat()) {
                    outsideIp = ip;
                    break;
                }
            }
            if (outsideIp == null) { // none available, acquire one
                try {
                    Account caller = CallContext.current().getCallingAccount();
                    long callerUserId = CallContext.current().getCallingUserId();
                    outsideIp = _ipAddrMgr.allocateIp(owner, false, caller, callerUserId, zone, true);
                } catch (ResourceAllocationException e) {
                    s_logger.error("Unable to allocate additional public Ip address. Exception details " + e);
                    throw new CloudRuntimeException("Unable to allocate additional public Ip address. Exception details " + e);
                }

                try {
                    outsideIp = _ipAddrMgr.associateIPToGuestNetwork(outsideIp.getId(), network.getId(), true);
                } catch (ResourceAllocationException e) {
                    s_logger.error("Unable to assign allocated additional public Ip " + outsideIp.getAddress().addr() + " to network with vlan " + vlanId +
                        ". Exception details " + e);
                    throw new CloudRuntimeException("Unable to assign allocated additional public Ip " + outsideIp.getAddress().addr() + " to network with vlan " +
                        vlanId + ". Exception details " + e);
                }
            }

            // create logical edge firewall in VNMC
            String gatewayNetmask = NetUtils.getCidrNetmask(network.getCidr());
            // due to ASA limitation of allowing single subnet to be assigned to firewall interfaces,
            // all public ip addresses must be from same subnet, this essentially means single public subnet in zone
            if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), gatewayNetmask, outsideIp.getAddress().addr(), sourceNatIp.getNetmask(), publicGateways,
                ciscoVnmcHost.getId())) {
                s_logger.error("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName());
                throw new CloudRuntimeException("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName());
            }

            // create stuff in VSM for ASA device
            if (!configureNexusVsmForAsa(vlanId, network.getGateway(), vsmDevice.getUserName(), vsmDevice.getPassword(), vsmDevice.getipaddr(),
                assignedAsa.getInPortProfile(), ciscoVnmcHost.getId())) {
                s_logger.error("Failed to configure Cisco Nexus VSM " + vsmDevice.getipaddr() + " for ASA device for network " + network.getName());
                throw new CloudRuntimeException("Failed to configure Cisco Nexus VSM " + vsmDevice.getipaddr() + " for ASA device for network " + network.getName());
            }

            // configure source NAT
            if (!configureSourceNat(vlanId, network.getCidr(), sourceNatIp, ciscoVnmcHost.getId())) {
                s_logger.error("Failed to configure source NAT in Cisco VNMC device for network " + network.getName());
                throw new CloudRuntimeException("Failed to configure source NAT in Cisco VNMC device for network " + network.getName());
            }

            // associate Asa 1000v instance with logical edge firewall
            if (!associateAsaWithLogicalEdgeFirewall(vlanId, assignedAsa.getManagementIp(), ciscoVnmcHost.getId())) {
                s_logger.error("Failed to associate Cisco ASA 1000v (" + assignedAsa.getManagementIp() + ") with logical edge firewall in VNMC for network " +
                    network.getName());
                throw new CloudRuntimeException("Failed to associate Cisco ASA 1000v (" + assignedAsa.getManagementIp() +
                    ") with logical edge firewall in VNMC for network " + network.getName());
            }
        } catch (CloudRuntimeException e) {
            unassignAsa1000vFromNetwork(network);
            s_logger.error("CiscoVnmcElement failed", e);
View Full Code Here

Examples of com.cloud.network.cisco.CiscoAsa1000vDevice

838
839
840
841
842
843
844
845
846
847
848
    }

    @Override
    public CiscoAsa1000vDevice addCiscoAsa1000vResource(AddCiscoAsa1000vResourceCmd cmd) {
        Long physicalNetworkId = cmd.getPhysicalNetworkId();
        CiscoAsa1000vDevice ciscoAsa1000vResource = null;

        PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
        if (physicalNetwork == null) {
            throw new InvalidParameterValueException("Could not find phyical network with ID: " + physicalNetworkId);
        }
View Full Code Here

Examples of com.cloud.network.cisco.CiscoAsa1000vDevice

307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
        }

        boolean status = false;
        try {
            // ensure that there is an ASA 1000v assigned to this network
            CiscoAsa1000vDevice assignedAsa = assignAsa1000vToNetwork(network);
            if (assignedAsa == null) {
                s_logger.error("Unable to assign ASA 1000v device to network " + network.getName());
                return false;
            }

            ClusterVO asaCluster = _clusterDao.findById(assignedAsa.getClusterId());
            ClusterVSMMapVO clusterVsmMap = _clusterVsmMapDao.findByClusterId(assignedAsa.getClusterId());
            if (clusterVsmMap == null) {
                s_logger.error("Vmware cluster " + asaCluster.getName() + " has no Cisco Nexus VSM device associated with it");
                return false;
            }

            CiscoNexusVSMDeviceVO vsmDevice = _vsmDeviceDao.findById(clusterVsmMap.getVsmId());
            if (vsmDevice == null) {
                s_logger.error("Unable to load details of Cisco Nexus VSM device associated with cluster " + asaCluster.getName());
                return false;
            }

            CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
            HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
            _hostDao.loadDetails(ciscoVnmcHost);
            Account owner = context.getAccount();
            PublicIp sourceNatIp = _networkMgr.assignSourceNatIpAddressToGuestNetwork(owner, network);
            String vlan = network.getBroadcastUri().getHost();
            long vlanId = Long.parseLong(vlan);

            List<VlanVO> vlanVOList = _vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId());
            List<String> publicGateways = new ArrayList<String>();
            for (VlanVO vlanVO : vlanVOList) {
                publicGateways.add(vlanVO.getVlanGateway());
            }

            // due to VNMC limitation of not allowing source NAT ip as the outside ip of firewall,
            // an additional public ip needs to acquired for assigning as firewall outside ip.
            // In case there are already additional ip addresses available (network restart) use one
            // of them such that it is not the source NAT ip
            IpAddress outsideIp = null;
            List<IPAddressVO> publicIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), null);
            for (IPAddressVO ip : publicIps) {
                if (!ip.isSourceNat()) {
                    outsideIp = ip;
                    break;
                }
            }
            if (outsideIp == null) { // none available, acquire one
                try {
                    Account caller = UserContext.current().getCaller();
                    long callerUserId = UserContext.current().getCallerUserId();
                    outsideIp = _networkMgr.allocateIp(owner, false, caller, callerUserId, zone);
                } catch (ResourceAllocationException e) {
                    s_logger.error("Unable to allocate additional public Ip address. Exception details " + e);
                    return false;
                }

                try {
                    outsideIp = _networkMgr.associateIPToGuestNetwork(outsideIp.getId(), network.getId(), true);
                } catch (ResourceAllocationException e) {
                    s_logger.error("Unable to assign allocated additional public Ip " + outsideIp.getAddress().addr() + " to network with vlan " + vlanId + ". Exception details " + e);
                    return false;
                }
            }

            // create logical edge firewall in VNMC
            String gatewayNetmask = NetUtils.getCidrNetmask(network.getCidr());
            // due to ASA limitation of allowing single subnet to be assigned to firewall interfaces,
            // all public ip addresses must be from same subnet, this essentially means single public subnet in zone
            if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), gatewayNetmask,
                    outsideIp.getAddress().addr(), sourceNatIp.getNetmask(), publicGateways, ciscoVnmcHost.getId())) {
                s_logger.error("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName());
                return false;
            }

            // create stuff in VSM for ASA device
            if (!configureNexusVsmForAsa(vlanId, network.getGateway(),
                    vsmDevice.getUserName(), vsmDevice.getPassword(), vsmDevice.getipaddr(),
                    assignedAsa.getInPortProfile(), ciscoVnmcHost.getId())) {
                s_logger.error("Failed to configure Cisco Nexus VSM " + vsmDevice.getipaddr() +
                        " for ASA device for network " + network.getName());
                return false;
            }

            // configure source NAT
            if (!configureSourceNat(vlanId, network.getCidr(), sourceNatIp, ciscoVnmcHost.getId())) {
                s_logger.error("Failed to configure source NAT in Cisco VNMC device for network " + network.getName());
                return false;
            }

            // associate Asa 1000v instance with logical edge firewall
            if (!associateAsaWithLogicalEdgeFirewall(vlanId, assignedAsa.getManagementIp(), ciscoVnmcHost.getId())) {
                s_logger.error("Failed to associate Cisco ASA 1000v (" + assignedAsa.getManagementIp() +
                        ") with logical edge firewall in VNMC for network " + network.getName());
                return false;
            }

            status = true;
View Full Code Here

Examples of com.cloud.network.cisco.CiscoAsa1000vDevice

860
861
862
863
864
865
866
867
868
869
870
    @Override
    public CiscoAsa1000vDevice addCiscoAsa1000vResource(
            AddCiscoAsa1000vResourceCmd cmd) {
        Long physicalNetworkId = cmd.getPhysicalNetworkId();
        CiscoAsa1000vDevice ciscoAsa1000vResource = null;

        PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
        if (physicalNetwork == null) {
            throw new InvalidParameterValueException("Could not find phyical network with ID: " + physicalNetworkId);
        }
View Full Code Here

Examples of com.cloud.network.cisco.CiscoAsa1000vDevice

87
88
89
90
91
92
93
94
95
96
97
    /////////////////////////////////////////////////////

    @Override
    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
        try {
            CiscoAsa1000vDevice ciscoAsa1000v = _ciscoAsa1000vService.addCiscoAsa1000vResource(this);
            if (ciscoAsa1000v != null) {
                CiscoAsa1000vResourceResponse response = _ciscoAsa1000vService.createCiscoAsa1000vResourceResponse(ciscoAsa1000v);
                response.setObjectName("CiscoAsa1000vResource");
                response.setResponseName(getCommandName());
                this.setResponseObject(response);
View Full Code Here

Examples of com.cloud.network.cisco.CiscoAsa1000vDevice

317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
            return false;
        }

        try {
            // ensure that there is an ASA 1000v assigned to this network
            CiscoAsa1000vDevice assignedAsa = assignAsa1000vToNetwork(network);
            if (assignedAsa == null) {
                s_logger.error("Unable to assign ASA 1000v device to network " + network.getName());
                throw new CloudRuntimeException("Unable to assign ASA 1000v device to network " + network.getName());
            }

            ClusterVO asaCluster = _clusterDao.findById(assignedAsa.getClusterId());
            ClusterVSMMapVO clusterVsmMap = _clusterVsmMapDao.findByClusterId(assignedAsa.getClusterId());
            if (clusterVsmMap == null) {
                s_logger.error("Vmware cluster " + asaCluster.getName() + " has no Cisco Nexus VSM device associated with it");
                throw new CloudRuntimeException("Vmware cluster " + asaCluster.getName() + " has no Cisco Nexus VSM device associated with it");
            }

            CiscoNexusVSMDeviceVO vsmDevice = _vsmDeviceDao.findById(clusterVsmMap.getVsmId());
            if (vsmDevice == null) {
                s_logger.error("Unable to load details of Cisco Nexus VSM device associated with cluster " + asaCluster.getName());
                throw new CloudRuntimeException("Unable to load details of Cisco Nexus VSM device associated with cluster " + asaCluster.getName());
            }

            CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
            HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
            _hostDao.loadDetails(ciscoVnmcHost);
            Account owner = context.getAccount();
            PublicIp sourceNatIp = _ipAddrMgr.assignSourceNatIpAddressToGuestNetwork(owner, network);
            long vlanId = Long.parseLong(BroadcastDomainType.getValue(network.getBroadcastUri()));

            List<VlanVO> vlanVOList = _vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId());
            List<String> publicGateways = new ArrayList<String>();
            for (VlanVO vlanVO : vlanVOList) {
                publicGateways.add(vlanVO.getVlanGateway());
            }

            // due to VNMC limitation of not allowing source NAT ip as the outside ip of firewall,
            // an additional public ip needs to acquired for assigning as firewall outside ip.
            // In case there are already additional ip addresses available (network restart) use one
            // of them such that it is not the source NAT ip
            IpAddress outsideIp = null;
            List<IPAddressVO> publicIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), null);
            for (IPAddressVO ip : publicIps) {
                if (!ip.isSourceNat()) {
                    outsideIp = ip;
                    break;
                }
            }
            if (outsideIp == null) { // none available, acquire one
                try {
                    Account caller = CallContext.current().getCallingAccount();
                    long callerUserId = CallContext.current().getCallingUserId();
                    outsideIp = _ipAddrMgr.allocateIp(owner, false, caller, callerUserId, zone);
                } catch (ResourceAllocationException e) {
                    s_logger.error("Unable to allocate additional public Ip address. Exception details " + e);
                    throw new CloudRuntimeException("Unable to allocate additional public Ip address. Exception details " + e);
                }

                try {
                    outsideIp = _ipAddrMgr.associateIPToGuestNetwork(outsideIp.getId(), network.getId(), true);
                } catch (ResourceAllocationException e) {
                    s_logger.error("Unable to assign allocated additional public Ip " + outsideIp.getAddress().addr() + " to network with vlan " + vlanId + ". Exception details "
                            + e);
                    throw new CloudRuntimeException("Unable to assign allocated additional public Ip " + outsideIp.getAddress().addr() + " to network with vlan " + vlanId + ". Exception details "
                            + e);
                }
            }

            // create logical edge firewall in VNMC
            String gatewayNetmask = NetUtils.getCidrNetmask(network.getCidr());
            // due to ASA limitation of allowing single subnet to be assigned to firewall interfaces,
            // all public ip addresses must be from same subnet, this essentially means single public subnet in zone
            if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), gatewayNetmask,
                    outsideIp.getAddress().addr(), sourceNatIp.getNetmask(), publicGateways, ciscoVnmcHost.getId())) {
                s_logger.error("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName());
                throw new CloudRuntimeException("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName());
            }

            // create stuff in VSM for ASA device
            if (!configureNexusVsmForAsa(vlanId, network.getGateway(),
                    vsmDevice.getUserName(), vsmDevice.getPassword(), vsmDevice.getipaddr(),
                    assignedAsa.getInPortProfile(), ciscoVnmcHost.getId())) {
                s_logger.error("Failed to configure Cisco Nexus VSM " + vsmDevice.getipaddr() +
                        " for ASA device for network " + network.getName());
                throw new CloudRuntimeException("Failed to configure Cisco Nexus VSM " + vsmDevice.getipaddr() +
                        " for ASA device for network " + network.getName());
            }

            // configure source NAT
            if (!configureSourceNat(vlanId, network.getCidr(), sourceNatIp, ciscoVnmcHost.getId())) {
                s_logger.error("Failed to configure source NAT in Cisco VNMC device for network " + network.getName());
                throw new CloudRuntimeException("Failed to configure source NAT in Cisco VNMC device for network " + network.getName());
            }

            // associate Asa 1000v instance with logical edge firewall
            if (!associateAsaWithLogicalEdgeFirewall(vlanId, assignedAsa.getManagementIp(), ciscoVnmcHost.getId())) {
                s_logger.error("Failed to associate Cisco ASA 1000v (" + assignedAsa.getManagementIp() +
                        ") with logical edge firewall in VNMC for network " + network.getName());
                throw new CloudRuntimeException("Failed to associate Cisco ASA 1000v (" + assignedAsa.getManagementIp() +
                        ") with logical edge firewall in VNMC for network " + network.getName());
            }
        } catch (CloudRuntimeException e) {
            unassignAsa1000vFromNetwork(network);
            s_logger.error("CiscoVnmcElement failed", e);
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.