Skip to content

Commit f41b352

Browse files
author
Chiradeep Vittal
committed
revert egress rules implementation pending review
Reverts a19212703b9734ebd44ebf55cfdd81ebdc9d7fe4 Reverts 24e4e44b8f0712a37147a3777833de3f9e24829e
1 parent d817f3c commit f41b352

9 files changed

Lines changed: 14 additions & 411 deletions

File tree

agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java

Lines changed: 4 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,6 @@
5757
import org.libvirt.DomainInterfaceStats;
5858
import org.libvirt.DomainSnapshot;
5959
import org.libvirt.LibvirtException;
60-
import org.libvirt.Network;
6160
import org.libvirt.NodeInfo;
6261
import org.libvirt.StoragePool;
6362
import org.libvirt.StoragePoolInfo;
@@ -122,8 +121,6 @@
122121
import com.cloud.agent.api.RebootRouterCommand;
123122
import com.cloud.agent.api.SecurityIngressRuleAnswer;
124123
import com.cloud.agent.api.SecurityIngressRulesCmd;
125-
import com.cloud.agent.api.SecurityEgressRuleAnswer;
126-
import com.cloud.agent.api.SecurityEgressRulesCmd;
127124
import com.cloud.agent.api.StartAnswer;
128125
import com.cloud.agent.api.StartCommand;
129126
import com.cloud.agent.api.StartupCommand;
@@ -138,8 +135,8 @@
138135
import com.cloud.agent.api.proxy.CheckConsoleProxyLoadCommand;
139136
import com.cloud.agent.api.proxy.ConsoleProxyLoadAnswer;
140137
import com.cloud.agent.api.proxy.WatchConsoleProxyLoadCommand;
141-
import com.cloud.agent.api.routing.IpAssocCommand;
142138
import com.cloud.agent.api.routing.IpAssocAnswer;
139+
import com.cloud.agent.api.routing.IpAssocCommand;
143140
import com.cloud.agent.api.routing.NetworkElementCommand;
144141
import com.cloud.agent.api.storage.CopyVolumeAnswer;
145142
import com.cloud.agent.api.storage.CopyVolumeCommand;
@@ -906,8 +903,6 @@ public Answer executeRequest(Command cmd) {
906903
return execute((ModifyStoragePoolCommand) cmd);
907904
} else if (cmd instanceof SecurityIngressRulesCmd) {
908905
return execute((SecurityIngressRulesCmd) cmd);
909-
} else if (cmd instanceof SecurityEgressRulesCmd) {
910-
return execute((SecurityEgressRulesCmd) cmd);
911906
} else if (cmd instanceof DeleteStoragePoolCommand) {
912907
return execute((DeleteStoragePoolCommand) cmd);
913908
} else if (cmd instanceof FenceCommand ) {
@@ -1614,7 +1609,7 @@ private Answer execute(SecurityIngressRulesCmd cmd) {
16141609
return new SecurityIngressRuleAnswer(cmd, false, e.toString());
16151610
}
16161611

1617-
boolean result = add_network_rules("ingress",cmd.getVmName(),
1612+
boolean result = add_network_rules(cmd.getVmName(),
16181613
Long.toString(cmd.getVmId()),
16191614
cmd.getGuestIp(),cmd.getSignature(),
16201615
Long.toString(cmd.getSeqNum()),
@@ -1630,34 +1625,6 @@ private Answer execute(SecurityIngressRulesCmd cmd) {
16301625
}
16311626
}
16321627

1633-
private Answer execute(SecurityEgressRulesCmd cmd) {
1634-
String vif = null;
1635-
String brname = null;
1636-
try {
1637-
Connect conn = LibvirtConnection.getConnection();
1638-
List<InterfaceDef> nics = getInterfaces(conn, cmd.getVmName());
1639-
vif = nics.get(0).getDevName();
1640-
brname = nics.get(0).getBrName();
1641-
} catch (LibvirtException e) {
1642-
return new SecurityEgressRuleAnswer(cmd, false, e.toString());
1643-
}
1644-
1645-
boolean result = add_network_rules("egress", cmd.getVmName(),
1646-
Long.toString(cmd.getVmId()),
1647-
cmd.getGuestIp(),cmd.getSignature(),
1648-
Long.toString(cmd.getSeqNum()),
1649-
cmd.getGuestMac(),
1650-
cmd.stringifyRules(), vif, brname);
1651-
1652-
if (!result) {
1653-
s_logger.warn("Failed to program network rules for vm " + cmd.getVmName());
1654-
return new SecurityEgressRuleAnswer(cmd, false, "programming network rules failed");
1655-
} else {
1656-
s_logger.debug("Programmed network rules for vm " + cmd.getVmName() + " guestIp=" + cmd.getGuestIp() + ", numrules=" + cmd.getRuleSet().length);
1657-
return new SecurityEgressRuleAnswer(cmd);
1658-
}
1659-
}
1660-
16611628
private Answer execute(CleanupNetworkRulesCmd cmd) {
16621629
boolean result = cleanup_rules();
16631630
return new Answer(cmd, result, "");
@@ -2038,6 +2005,7 @@ private Answer execute(RebootCommand cmd) {
20382005
} catch (Exception e) {
20392006

20402007
}
2008+
get_rule_logs_for_vms();
20412009
return new RebootAnswer(cmd, null, bytesSent, bytesReceived, vncPort);
20422010
} else {
20432011
return new RebootAnswer(cmd, result);
@@ -2521,9 +2489,7 @@ protected synchronized String attachOrDetachDisk(Connect conn, boolean attach, S
25212489
}
25222490

25232491
DiskDef disk = new DiskDef();
2524-
25252492
disk.defFileBasedDisk(sourceFile, deviceId, DiskDef.diskBus.VIRTIO, DiskDef.diskFmtType.QCOW2);
2526-
25272493
String xml = disk.toString();
25282494
return attachOrDetachDevice(conn, attach, vmName, xml);
25292495
} finally {
@@ -3504,7 +3470,7 @@ protected boolean default_network_rules_for_systemvm(Connect conn, String vmName
35043470
return true;
35053471
}
35063472

3507-
private boolean add_network_rules(String type, String vmName, String vmId, String guestIP, String sig, String seq, String mac, String rules, String vif, String brname) {
3473+
private boolean add_network_rules(String vmName, String vmId, String guestIP, String sig, String seq, String mac, String rules, String vif, String brname) {
35083474
if (!_can_bridge_firewall) {
35093475
return false;
35103476
}
@@ -3515,8 +3481,6 @@ private boolean add_network_rules(String type, String vmName, String vmId, Strin
35153481
cmd.add("--vmname", vmName);
35163482
cmd.add("--vmid", vmId);
35173483
cmd.add("--vmip", guestIP);
3518-
/* type of the rule : ingress or egress */
3519-
cmd.add("--type", type);
35203484
cmd.add("--sig", sig);
35213485
cmd.add("--seq", seq);
35223486
cmd.add("--vmmac", mac);

core/src/com/cloud/network/security/SecurityGroupEgressRulesVO.java

Lines changed: 0 additions & 141 deletions
This file was deleted.

server/src/com/cloud/api/ApiResponseHelper.java

Lines changed: 3 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,6 @@
4444
import com.cloud.api.response.DomainResponse;
4545
import com.cloud.api.response.DomainRouterResponse;
4646
import com.cloud.api.response.EgressRuleResponse;
47-
import com.cloud.api.response.EgressRuleResultObject;
4847
import com.cloud.api.response.EventResponse;
4948
import com.cloud.api.response.ExtractResponse;
5049
import com.cloud.api.response.FirewallResponse;
@@ -453,6 +452,7 @@ public ServiceOfferingResponse createServiceOfferingResponse(ServiceOffering off
453452
offeringResponse.setDomain(ApiDBUtils.findDomainById(offering.getDomainId()).getName());
454453
offeringResponse.setDomainId(offering.getDomainId());
455454
}
455+
offeringResponse.setNetworkRate(offering.getRateMbps());
456456
offeringResponse.setHostTag(offering.getHostTag());
457457
offeringResponse.setObjectName("serviceoffering");
458458

@@ -1611,35 +1611,6 @@ public ListResponse<SecurityGroupResponse> createSecurityGroupResponses(List<? e
16111611
}
16121612
netGrpResponse.setIngressRules(ingressRulesResponse);
16131613
}
1614-
List<EgressRuleResultObject> egressRules = networkGroup.getEgressRules();
1615-
if ((egressRules != null) && !egressRules.isEmpty()) {
1616-
List<EgressRuleResponse> egressRulesResponse = new ArrayList<EgressRuleResponse>();
1617-
1618-
for (EgressRuleResultObject egressRule : egressRules) {
1619-
EgressRuleResponse egressData = new EgressRuleResponse();
1620-
1621-
egressData.setRuleId(egressRule.getId());
1622-
egressData.setProtocol(egressRule.getProtocol());
1623-
if ("icmp".equalsIgnoreCase(egressRule.getProtocol())) {
1624-
egressData.setIcmpType(egressRule.getStartPort());
1625-
egressData.setIcmpCode(egressRule.getEndPort());
1626-
} else {
1627-
egressData.setStartPort(egressRule.getStartPort());
1628-
egressData.setEndPort(egressRule.getEndPort());
1629-
}
1630-
1631-
if (egressRule.getAllowedSecurityGroup() != null) {
1632-
egressData.setSecurityGroupName(egressRule.getAllowedSecurityGroup());
1633-
egressData.setAccountName(egressRule.getAllowedSecGroupAcct());
1634-
} else {
1635-
egressData.setCidr(egressRule.getAllowedDestinationIpCidr());
1636-
}
1637-
1638-
egressData.setObjectName("egressrule");
1639-
egressRulesResponse.add(egressData);
1640-
}
1641-
netGrpResponse.setEgressRules(egressRulesResponse);
1642-
}
16431614
netGrpResponse.setObjectName("securitygroup");
16441615
netGrpResponses.add(netGrpResponse);
16451616
}
@@ -2267,7 +2238,8 @@ public ProjectResponse createProjectResponse(Project project) {
22672238
response.setObjectName("project");
22682239
return response;
22692240
}
2270-
2241+
2242+
22712243
public FirewallResponse createFirewallResponse(FirewallRule fwRule) {
22722244
FirewallResponse response = new FirewallResponse();
22732245

0 commit comments

Comments
 (0)