s_logger.debug("Working on " + work);
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
UserVm vm = null;
Long seqnum = null;
boolean locked = false;
try {
vm = _userVMDao.acquireInLockTable(work.getInstanceId());
if (vm == null) {
vm = _userVMDao.findById(work.getInstanceId());
if (vm == null) {
s_logger.info("VM " + work.getInstanceId() + " is removed");
locked = true;
return;
}
s_logger.warn("Unable to acquire lock on vm id=" + userVmId);
return;
}
locked = true;
Long agentId = null;
VmRulesetLogVO log = _rulesetLogDao.findByVmId(userVmId);
if (log == null) {
s_logger.warn("Cannot find log record for vm id=" + userVmId);
return;
}
seqnum = log.getLogsequence();
if (vm != null && vm.getState() == State.Running) {
Map<PortAndProto, Set<String>> ingressRules = generateRulesForVM(userVmId, SecurityRuleType.IngressRule);
Map<PortAndProto, Set<String>> egressRules = generateRulesForVM(userVmId, SecurityRuleType.EgressRule);
agentId = vm.getHostId();
if (agentId != null) {
// get nic secondary ip address
String privateIp = vm.getPrivateIpAddress();
NicVO nic = _nicDao.findByIp4AddressAndVmId(privateIp, vm.getId());
List<String> nicSecIps = null;
if (nic != null) {
if (nic.getSecondaryIp()) {
//get secondary ips of the vm
long networkId = nic.getNetworkId();
nicSecIps = _nicSecIpDao.getSecondaryIpAddressesForNic(nic.getId());
}
}
SecurityGroupRulesCmd cmd = generateRulesetCmd( vm.getInstanceName(), vm.getPrivateIpAddress(), vm.getPrivateMacAddress(), vm.getId(), generateRulesetSignature(ingressRules, egressRules), seqnum,
ingressRules, egressRules, nicSecIps);
Commands cmds = new Commands(cmd);
try {
_agentMgr.send(agentId, cmds, _answerListener);
} catch (AgentUnavailableException e) {