Skip to content

Commit 8d4079d

Browse files
author
Sheng Yang
committed
CS-6840: Add hypervisor commands for site-to-site vpn
Conflicts: plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
1 parent cd98543 commit 8d4079d

13 files changed

Lines changed: 373 additions & 132 deletions

File tree

api/src/com/cloud/agent/api/routing/Site2SiteVpnCfgCommand.java

Lines changed: 74 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -3,10 +3,15 @@
33
public class Site2SiteVpnCfgCommand extends NetworkElementCommand {
44

55
private boolean create;
6-
private String gatewayIp;
7-
private String guestIp;
8-
private String guestCidr;
6+
private String localPublicIp;
7+
private String localGuestCidr;
8+
private String localPublicGateway;
9+
private String peerGatewayIp;
10+
private String peerGuestCidrList;
911
private String ipsecPsk;
12+
private String ikePolicy;
13+
private String espPolicy;
14+
private long lifetime;
1015

1116
@Override
1217
public boolean executeInSequence() {
@@ -17,12 +22,18 @@ public Site2SiteVpnCfgCommand () {
1722
this.create = false;
1823
}
1924

20-
public Site2SiteVpnCfgCommand (boolean create, String gatewayIp, String guestIp, String guestCidr, String ipsecPsk) {
25+
public Site2SiteVpnCfgCommand (boolean create, String localPublicIp, String localPublicGateway, String localGuestCidr,
26+
String peerGatewayIp, String peerGuestCidrList, String ikePolicy, String espPolicy, long lifetime, String ipsecPsk) {
2127
this.create = create;
22-
this.gatewayIp = gatewayIp;
23-
this.guestIp = guestIp;
24-
this.guestCidr = guestCidr;
28+
this.setLocalPublicIp(localPublicIp);
29+
this.setLocalPublicGateway(localPublicGateway);
30+
this.setLocalGuestCidr(localGuestCidr);
31+
this.setPeerGatewayIp(peerGatewayIp);
32+
this.setPeerGuestCidrList(peerGuestCidrList);
2533
this.ipsecPsk = ipsecPsk;
34+
this.ikePolicy = ikePolicy;
35+
this.espPolicy = espPolicy;
36+
this.lifetime = lifetime;
2637
}
2738

2839
public boolean isCreate() {
@@ -33,37 +44,75 @@ public void setCreate(boolean create) {
3344
this.create = create;
3445
}
3546

36-
public String getGatewayIp() {
37-
return gatewayIp;
47+
public String getIpsecPsk() {
48+
return ipsecPsk;
3849
}
3950

40-
public void setGatewayIp(String gatewayIp) {
41-
this.gatewayIp = gatewayIp;
51+
public void setIpsecPsk(String ipsecPsk) {
52+
this.ipsecPsk = ipsecPsk;
4253
}
4354

44-
public String getGuestIp() {
45-
return guestIp;
55+
public String getIkePolicy() {
56+
return ikePolicy;
4657
}
4758

48-
public void setGuestIp(String guestIp) {
49-
this.guestIp = guestIp;
59+
public void setIkePolicy(String ikePolicy) {
60+
this.ikePolicy = ikePolicy;
5061
}
5162

52-
public String getGuestCidr() {
53-
return guestCidr;
63+
public String getEspPolicy() {
64+
return espPolicy;
5465
}
5566

56-
public void setGuestCidr(String guestCidr) {
57-
this.guestCidr = guestCidr;
67+
public void setEspPolicy(String espPolicy) {
68+
this.espPolicy = espPolicy;
5869
}
5970

60-
public String getIpsecPsk() {
61-
return ipsecPsk;
71+
public long getLifetime() {
72+
return lifetime;
6273
}
6374

64-
public void setIpsecPsk(String ipsecPsk) {
65-
this.ipsecPsk = ipsecPsk;
75+
public void setLifetime(long lifetime) {
76+
this.lifetime = lifetime;
77+
}
78+
79+
public String getLocalPublicIp() {
80+
return localPublicIp;
81+
}
82+
83+
public void setLocalPublicIp(String localPublicIp) {
84+
this.localPublicIp = localPublicIp;
85+
}
86+
87+
public String getLocalGuestCidr() {
88+
return localGuestCidr;
89+
}
90+
91+
public void setLocalGuestCidr(String localGuestCidr) {
92+
this.localGuestCidr = localGuestCidr;
93+
}
94+
95+
public String getLocalPublicGateway() {
96+
return localPublicGateway;
97+
}
98+
99+
public void setLocalPublicGateway(String localPublicGateway) {
100+
this.localPublicGateway = localPublicGateway;
101+
}
102+
103+
public String getPeerGatewayIp() {
104+
return peerGatewayIp;
105+
}
106+
107+
public void setPeerGatewayIp(String peerGatewayIp) {
108+
this.peerGatewayIp = peerGatewayIp;
109+
}
110+
111+
public String getPeerGuestCidrList() {
112+
return peerGuestCidrList;
113+
}
114+
115+
public void setPeerGuestCidrList(String peerGuestCidrList) {
116+
this.peerGuestCidrList = peerGuestCidrList;
66117
}
67-
68-
69118
}

api/src/com/cloud/network/element/Site2SiteVpnServiceProvider.java

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,9 +5,7 @@
55
import com.cloud.network.Site2SiteVpnConnection;
66

77
public interface Site2SiteVpnServiceProvider extends NetworkElement {
8-
boolean startSite2SiteVpn(Network network, Site2SiteVpnConnection conn) throws ResourceUnavailableException;
8+
boolean startSite2SiteVpn(Site2SiteVpnConnection conn) throws ResourceUnavailableException;
99

10-
boolean stopSite2SiteVpn(Network network, Site2SiteVpnConnection conn) throws ResourceUnavailableException;
11-
12-
IpDeployer getIpDeployer(Network network);
10+
boolean stopSite2SiteVpn(Site2SiteVpnConnection conn) throws ResourceUnavailableException;
1311
}

api/src/com/cloud/network/vpn/Site2SiteVpnService.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -40,8 +40,8 @@ public interface Site2SiteVpnService {
4040
Site2SiteVpnConnection createVpnConnection(CreateVpnConnectionCmd cmd) throws NetworkRuleConflictException;
4141
Site2SiteCustomerGateway deleteCustomerGateway(DeleteVpnCustomerGatewayCmd deleteVpnCustomerGatewayCmd);
4242
Site2SiteVpnGateway deleteVpnGateway(DeleteVpnGatewayCmd deleteVpnGatewayCmd);
43-
Site2SiteVpnConnection deleteVpnConnection(DeleteVpnConnectionCmd deleteVpnConnectionCmd);
44-
Site2SiteVpnConnection resetVpnConnection(ResetVpnConnectionCmd resetVpnConnectionCmd);
43+
Site2SiteVpnConnection deleteVpnConnection(DeleteVpnConnectionCmd deleteVpnConnectionCmd) throws ResourceUnavailableException;
44+
Site2SiteVpnConnection resetVpnConnection(ResetVpnConnectionCmd resetVpnConnectionCmd) throws ResourceUnavailableException;
4545
List<Site2SiteCustomerGateway> searchForCustomerGateways(ListVpnCustomerGatewaysCmd listVpnCustomerGatewaysCmd);
4646
List<Site2SiteVpnGateway> searchForVpnGateways(ListVpnGatewaysCmd listVpnGatewaysCmd);
4747
List<Site2SiteVpnConnection> searchForVpnConnections(ListVpnConnectionsCmd listVpnConnectionsCmd);

core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,7 @@
5757
import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
5858
import com.cloud.agent.api.routing.SetStaticNatRulesAnswer;
5959
import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
60+
import com.cloud.agent.api.routing.Site2SiteVpnCfgCommand;
6061
import com.cloud.agent.api.routing.VmDataCommand;
6162
import com.cloud.agent.api.routing.VpnUsersCfgCommand;
6263
import com.cloud.agent.api.to.IpAddressTO;
@@ -132,6 +133,8 @@ public Answer executeRequest(final Command cmd) {
132133
return execute((VpnUsersCfgCommand)cmd);
133134
} else if (cmd instanceof GetDomRVersionCmd) {
134135
return execute((GetDomRVersionCmd)cmd);
136+
} else if (cmd instanceof Site2SiteVpnCfgCommand) {
137+
return execute((Site2SiteVpnCfgCommand)cmd);
135138
}
136139
else {
137140
return Answer.createUnsupportedCommandAnswer(cmd);
@@ -540,6 +543,42 @@ protected Answer execute(final CheckConsoleProxyLoadCommand cmd) {
540543
protected Answer execute(final WatchConsoleProxyLoadCommand cmd) {
541544
return executeProxyLoadScan(cmd, cmd.getProxyVmId(), cmd.getProxyVmName(), cmd.getProxyManagementIp(), cmd.getProxyCmdPort());
542545
}
546+
547+
protected Answer execute(Site2SiteVpnCfgCommand cmd) {
548+
String args;
549+
if (cmd.isCreate()) {
550+
args = "-A";
551+
args += " -l ";
552+
args += cmd.getLocalPublicIp();
553+
args += " -n ";
554+
args += cmd.getLocalGuestCidr();
555+
args += " -g ";
556+
args += cmd.getLocalPublicGateway();
557+
args += " -r ";
558+
args += cmd.getPeerGatewayIp();
559+
args += " -N ";
560+
args += cmd.getPeerGuestCidrList();
561+
args += " -e ";
562+
args += cmd.getEspPolicy();
563+
args += " -i ";
564+
args += cmd.getIkePolicy();
565+
args += " -t ";
566+
args += Long.toString(cmd.getLifetime());
567+
args += " -s ";
568+
args += cmd.getIpsecPsk();
569+
} else {
570+
args = "-D";
571+
args += " -r ";
572+
args += cmd.getPeerGatewayIp();
573+
args += " -N ";
574+
args += cmd.getPeerGuestCidrList();
575+
}
576+
String result = routerProxy("ipsectunnel", cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP), args);
577+
if (result != null) {
578+
return new Answer(cmd, false, "Configure site to site VPN failed due to " + result);
579+
}
580+
return new Answer(cmd);
581+
}
543582

544583
private Answer executeProxyLoadScan(final Command cmd, final long proxyVmId, final String proxyVmName, final String proxyManagementIp, final int cmdPort) {
545584
String result = null;

plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java

Lines changed: 40 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -158,6 +158,7 @@
158158
import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
159159
import com.cloud.agent.api.routing.SetStaticRouteAnswer;
160160
import com.cloud.agent.api.routing.SetStaticRouteCommand;
161+
import com.cloud.agent.api.routing.Site2SiteVpnCfgCommand;
161162
import com.cloud.agent.api.routing.VmDataCommand;
162163
import com.cloud.agent.api.routing.VpnUsersCfgCommand;
163164
import com.cloud.agent.api.storage.CopyVolumeAnswer;
@@ -546,6 +547,8 @@ public Answer executeRequest(Command cmd) {
546547
return execute((SetPortForwardingRulesVpcCommand) cmd);
547548
} else if (clazz == SetStaticRouteCommand.class) {
548549
return execute((SetStaticRouteCommand) cmd);
550+
} else if (clazz == Site2SiteVpnCfgCommand.class) {
551+
return execute((Site2SiteVpnCfgCommand) cmd);
549552
} else {
550553
return Answer.createUnsupportedCommandAnswer(cmd);
551554
}
@@ -7161,7 +7164,43 @@ protected IpAssocAnswer execute(IpAssocVpcCommand cmd) {
71617164
return null;
71627165
}
71637166

7164-
7167+
protected Answer execute(Site2SiteVpnCfgCommand cmd) {
7168+
Connection conn = getConnection();
7169+
String args = "ipsectunnel.sh " + cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
7170+
if (cmd.isCreate()) {
7171+
args += " -A";
7172+
args += " -l ";
7173+
args += cmd.getLocalPublicIp();
7174+
args += " -n ";
7175+
args += cmd.getLocalGuestCidr();
7176+
args += " -g ";
7177+
args += cmd.getLocalPublicGateway();
7178+
args += " -r ";
7179+
args += cmd.getPeerGatewayIp();
7180+
args += " -N ";
7181+
args += cmd.getPeerGuestCidrList();
7182+
args += " -e ";
7183+
args += cmd.getEspPolicy();
7184+
args += " -i ";
7185+
args += cmd.getIkePolicy();
7186+
args += " -t ";
7187+
args += Long.toString(cmd.getLifetime());
7188+
args += " -s ";
7189+
args += cmd.getIpsecPsk();
7190+
} else {
7191+
args += " -D";
7192+
args += " -r ";
7193+
args += cmd.getPeerGatewayIp();
7194+
args += " -N ";
7195+
args += cmd.getPeerGuestCidrList();
7196+
}
7197+
String result = callHostPlugin(conn, "vmops", "routerProxy", "args", args);
7198+
if (result == null || result.isEmpty()) {
7199+
return new Answer(cmd, false, "Configure site to site VPN failed! ");
7200+
}
7201+
return new Answer(cmd);
7202+
}
7203+
71657204
protected SetSourceNatAnswer execute(SetSourceNatCommand cmd) {
71667205
//FIXME - add implementation here
71677206
return null;

scripts/network/domr/s2s_vpn.sh

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
#!/bin/bash
2+
# Copyright 2012 Citrix Systems, Inc. Licensed under the
3+
# Apache License, Version 2.0 (the "License"); you may not use this
4+
# file except in compliance with the License. Citrix Systems, Inc.
5+
# reserves all rights not expressly granted by the License.
6+
# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
7+
# Unless required by applicable law or agreed to in writing, software
8+
# distributed under the License is distributed on an "AS IS" BASIS,
9+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10+
# See the License for the specific language governing permissions and
11+
# limitations under the License.
12+
#
13+
# Automatically generated by addcopyright.py at 04/03/2012
14+
15+
16+
17+
18+
19+
# @VERSION@
20+
21+
cert="/root/.ssh/id_rsa.cloud"
22+
domr=$1
23+
shift
24+
ssh -p 3922 -o StrictHostKeyChecking=no -i $cert root@$domr "/opt/cloud/bin/ipsectunnel.sh $*" >/dev/null
25+
26+
exit $?

server/src/com/cloud/network/element/VirtualRouterElement.java

Lines changed: 2 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,6 @@
4444
import com.cloud.network.PhysicalNetworkServiceProvider;
4545
import com.cloud.network.PublicIpAddress;
4646
import com.cloud.network.RemoteAccessVpn;
47-
import com.cloud.network.Site2SiteVpnConnection;
4847
import com.cloud.network.VirtualRouterProvider;
4948
import com.cloud.network.VirtualRouterProvider.VirtualRouterProviderType;
5049
import com.cloud.network.VpnUser;
@@ -88,7 +87,7 @@
8887
@Local(value = NetworkElement.class)
8988
public class VirtualRouterElement extends AdapterBase implements VirtualRouterElementService, DhcpServiceProvider,
9089
UserDataServiceProvider, SourceNatServiceProvider, StaticNatServiceProvider, FirewallServiceProvider,
91-
LoadBalancingServiceProvider, PortForwardingServiceProvider, RemoteAccessVPNServiceProvider, Site2SiteVpnServiceProvider, IpDeployer {
90+
LoadBalancingServiceProvider, PortForwardingServiceProvider, RemoteAccessVPNServiceProvider, IpDeployer {
9291
private static final Logger s_logger = Logger.getLogger(VirtualRouterElement.class);
9392

9493
protected static final Map<Service, Map<Capability, String>> capabilities = setCapabilities();
@@ -586,9 +585,6 @@ private static Map<Service, Map<Capability, String>> setCapabilities() {
586585
capabilities.put(Service.StaticNat, null);
587586
capabilities.put(Service.PortForwarding, null);
588587

589-
Map<Capability, String> s2sVpnCapabilities = new HashMap<Capability, String>();
590-
s2sVpnCapabilities.put(Capability.SupportedSite2SiteVpnTypes, "ipsec");
591-
592588
return capabilities;
593589
}
594590

@@ -880,46 +876,8 @@ public boolean verifyServicesCombination(List<String> services) {
880876
public IpDeployer getIpDeployer(Network network) {
881877
return this;
882878
}
883-
879+
884880
protected VirtualRouterProviderType getVirtualRouterProvider() {
885881
return VirtualRouterProviderType.VirtualRouter;
886882
}
887-
888-
@Override
889-
public boolean startSite2SiteVpn(Network network, Site2SiteVpnConnection conn) throws ResourceUnavailableException {
890-
if (!canHandle(network, Service.Site2SiteVpn)) {
891-
return false;
892-
}
893-
894-
List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER);
895-
if (routers == null || routers.isEmpty()) {
896-
s_logger.debug("Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual router doesn't exist in the network " + network.getId());
897-
return true;
898-
}
899-
900-
if (!_routerMgr.startSite2SiteVpn(network, conn, routers)) {
901-
throw new CloudRuntimeException("Failed to apply firewall rules in network " + network.getId());
902-
}
903-
904-
return true;
905-
}
906-
907-
@Override
908-
public boolean stopSite2SiteVpn(Network network, Site2SiteVpnConnection conn) throws ResourceUnavailableException {
909-
if (!canHandle(network, Service.Site2SiteVpn)) {
910-
return false;
911-
}
912-
913-
List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER);
914-
if (routers == null || routers.isEmpty()) {
915-
s_logger.debug("Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual router doesn't exist in the network " + network.getId());
916-
return true;
917-
}
918-
919-
if (!_routerMgr.stopSite2SiteVpn(network, conn, routers)) {
920-
throw new CloudRuntimeException("Failed to apply firewall rules in network " + network.getId());
921-
}
922-
923-
return true;
924-
}
925883
}

0 commit comments

Comments
 (0)