Firewall service is enabled in default elb/eip network offering

Alena Prokharchyk · Alena Prokharchyk · commit 6deeb7ddc93b · 2012-01-19T13:58:35.000-08:00
Also added more handling for error cases scenarios
diff --git a/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java
@@ -39,7 +39,6 @@
 import com.cloud.network.IpAddress;
 import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.StaticNatRule;
-import com.cloud.network.rules.FirewallRule.FirewallRuleType;
 import com.cloud.user.Account;
 import com.cloud.user.UserContext;
 
diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java
@@ -282,4 +282,6 @@ void checkCapabilityForProvider(Set<Provider> providers, Service service,
 	IpAddress assignElasticIp(long networkId, Account owner,
 			boolean forElasticLb, boolean forElasticIp)
 			throws InsufficientAddressCapacityException;
+
+	boolean handleElasticIpRelease(IpAddress ip);
 }
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -1935,8 +1935,9 @@ public boolean disassociateIpAddress(long ipAddressId) {
         	UserVm vm = null;
         	if (vmId != null) {
         		vm = _userVmDao.findById(vmId);
+            	return _rulesMgr.enableElasticIpAndStaticNatForVm(vm, true);
         	}
-        	return _rulesMgr.enableElasticIpAndStaticNatForVm(vm, true);
+        	return true;
         } else {
         	s_logger.warn("Failed to release public ip address id=" + ipAddressId);
         	return false;
@@ -5879,4 +5880,24 @@ public IpAddress assignElasticIp(long networkId, Account owner, boolean forElast
 		return ip;
 	}
 	
+	@Override
+	public boolean handleElasticIpRelease(IpAddress ip) {
+		boolean success = true;
+		Long networkId = ip.getAssociatedWithNetworkId();
+		if (networkId != null) {
+		    Network guestNetwork = getNetwork(networkId);
+			NetworkOffering offering = _configMgr.getNetworkOffering(guestNetwork.getNetworkOfferingId());
+			if (offering.getElasticIp()) {
+				UserContext ctx = UserContext.current();
+				if (!releasePublicIpAddress(ip.getId(), ctx.getCallerUserId(), ctx.getCaller())) {
+					s_logger.warn("Unable to release elastic ip address id=" + ip.getId());
+					success = false;
+				} else {
+					s_logger.warn("Successfully released elastic ip address id=" + ip.getId());
+				}
+			}
+		}
+		return success;
+	}
+	
 }
diff --git a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
@@ -633,11 +633,21 @@ public LoadBalancer createLoadBalancerRule(CreateLoadBalancerRuleCmd lb,  boolea
         
         LoadBalancer result = _elbMgr.handleCreateLoadBalancerRule(lb, lbOwner, lb.getNetworkId());
         if (result == null){
+        	IpAddress ip = null;
         	if (off.getElasticLb()) {
-        		IpAddress ip = _networkMgr.assignElasticIp(lb.getNetworkId(), lbOwner, true, false);
+        		ip = _networkMgr.assignElasticIp(lb.getNetworkId(), lbOwner, true, false);
 	        	lb.setSourceIpAddressId(ip.getId());
         	}
-            result = createLoadBalancer(lb, openFirewall);
+        	try {
+                result = createLoadBalancer(lb, openFirewall);
+        	} catch (Exception ex) {
+        		s_logger.warn("Failed to create load balancer due to ", ex);
+        	} finally {
+        		if (result == null && ip != null) {
+        			s_logger.debug("Releasing elastic IP address " + ip + " as corresponding lb rule failed to create");
+        			_networkMgr.handleElasticIpRelease(ip);
+        		}
+        	}
         }
         
     	if (result == null){
diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java
@@ -338,7 +338,7 @@ public boolean enableStaticNat(long ipId, long vmId) throws NetworkRuleConflictE
         // Check permissions
         checkIpAndUserVm(ipAddress, vm, caller);
 
-        // Verify that the ip is associated with the network and firewallService is supported for the network
+        // Verify that the ip is associated with the network and static nat service is supported for the network
         Long networkId = ipAddress.getAssociatedWithNetworkId();
         if (networkId == null) {
             throw new InvalidParameterValueException("Unable to enable static nat for the ipAddress id=" + ipId + " as ip is not associated with any network");
@@ -351,8 +351,8 @@ public boolean enableStaticNat(long ipId, long vmId) throws NetworkRuleConflictE
         }
 
         Network network = _networkMgr.getNetwork(networkId);
-        if (!_networkMgr.areServicesSupportedInNetwork(network.getId(), Service.Firewall)) {
-            throw new InvalidParameterValueException("Unable to create static nat rule; Firewall service is not supported in network id=" + networkId);
+        if (!_networkMgr.areServicesSupportedInNetwork(network.getId(), Service.StaticNat)) {
+            throw new InvalidParameterValueException("Unable to create static nat rule; StaticNat service is not supported in network id=" + networkId);
         }
 
         // Verify ip address parameter
@@ -1032,7 +1032,7 @@ public boolean disableStaticNat(long ipId) throws ResourceUnavailableException {
             ipAddress.setOneToOneNat(false);
             ipAddress.setAssociatedWithVmId(null);
             _ipAddressDao.update(ipAddress.getId(), ipAddress);
-            if (!handleElasticIpRelease(ipAddress)) {
+            if (!_networkMgr.handleElasticIpRelease(ipAddress)) {
             	s_logger.warn("Failed to release elastic ip address " + ipAddress);
             	return false;
             }
@@ -1143,10 +1143,15 @@ public boolean enableElasticIpAndStaticNatForVm(UserVm vm, boolean stopOnError)
         				return false;
         			}
         			s_logger.debug("Allocated elastic ip " + ip + ", now enabling static nat on it for vm " + vm);
-        			success = success && enableStaticNat(ip.getId(), vm.getId());
+        			try {
+        				enableStaticNat(ip.getId(), vm.getId());
+        			} catch (Exception ex) {
+        				s_logger.warn("Failed to enable static nat as a part of enabling elasticIp and staticNat for vm " + vm + " in guest network " + guestNetwork + " due to exception ", ex);
+        				success = false;
+        			}
         			if (!success) {
         				s_logger.warn("Failed to enable static nat on elastic ip " + ip + " for the vm " + vm + ", releasing the ip...");
-        				handleElasticIpRelease(ip);
+        				_networkMgr.handleElasticIpRelease(ip);
         			} else {
         				s_logger.warn("Succesfully enabled static nat on elastic ip " + ip + " for the vm " + vm);
         			}
@@ -1163,22 +1168,4 @@ public boolean enableElasticIpAndStaticNatForVm(UserVm vm, boolean stopOnError)
     	return success;
     }
 	
-	protected boolean handleElasticIpRelease(IpAddress ip) {
-		boolean success = true;
-		Long networkId = ip.getAssociatedWithNetworkId();
-		if (networkId != null) {
-		    Network guestNetwork = _networkMgr.getNetwork(networkId);
-			NetworkOffering offering = _configMgr.getNetworkOffering(guestNetwork.getNetworkOfferingId());
-			if (offering.getElasticIp()) {
-				UserContext ctx = UserContext.current();
-				if (!_networkMgr.releasePublicIpAddress(ip.getId(), ctx.getCallerUserId(), ctx.getCaller())) {
-					s_logger.warn("Unable to release elastic ip address id=" + ip.getId());
-					success = false;
-				} else {
-					s_logger.warn("Successfully released elastic ip address id=" + ip.getId());
-				}
-			}
-		}
-		return success;
-	}
 }
diff --git a/server/src/com/cloud/server/ConfigurationServerImpl.java b/server/src/com/cloud/server/ConfigurationServerImpl.java
@@ -870,7 +870,6 @@ protected void createDefaultNetworkOfferings() {
         netscalerServiceProviders.put(Service.Dns, Provider.VirtualRouter);
         netscalerServiceProviders.put(Service.UserData, Provider.VirtualRouter);
         netscalerServiceProviders.put(Service.SecurityGroup, Provider.SecurityGroupProvider);
-        netscalerServiceProviders.put(Service.Firewall, Provider.Netscaler);
         netscalerServiceProviders.put(Service.StaticNat, Provider.Netscaler);
         netscalerServiceProviders.put(Service.Lb, Provider.Netscaler);
 

Original file line number	Diff line number	Diff line change
`@@ -282,4 +282,6 @@ void checkCapabilityForProvider(Set<Provider> providers, Service service,`
`282`	`282`	`IpAddress assignElasticIp(long networkId, Account owner,`
`283`	`283`	`boolean forElasticLb, boolean forElasticIp)`
`284`	`284`	`throws InsufficientAddressCapacityException;`
	`285`	`+`
	`286`	`+ boolean handleElasticIpRelease(IpAddress ip);`
`285`	`287`	`}`