From 4dc321d810118335937802a6a75e52f294654251 Mon Sep 17 00:00:00 2001 From: Daan Hoogland Date: Mon, 12 Jan 2026 16:28:41 +0100 Subject: [PATCH 1/3] check if a source NAT IP address is needed before assigning one --- .../cloud/network/IpAddressManagerImpl.java | 61 ++++--------------- 1 file changed, 11 insertions(+), 50 deletions(-) diff --git a/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java b/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java index 1c8bf7ae03f5..e51df08a0330 100644 --- a/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java +++ b/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java @@ -205,20 +205,12 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage @Inject AccountDao _accountDao; @Inject - DomainDao _domainDao; - @Inject UserDao _userDao; @Inject ConfigurationDao _configDao; @Inject - UserVmDao _userVmDao; - @Inject - AlertManager _alertMgr; - @Inject AccountManager _accountMgr; @Inject - ConfigurationManager _configMgr; - @Inject AccountVlanMapDao _accountVlanMapDao; @Inject DomainVlanMapDao _domainVlanMapDao; @@ -229,8 +221,6 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage @Inject NetworkDetailsDao _networkDetailsDao; @Inject - NicDao _nicDao; - @Inject RulesManager _rulesMgr; @Inject LoadBalancingRulesManager _lbMgr; @@ -239,22 +229,10 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage @Inject PodVlanMapDao _podVlanMapDao; @Inject - NetworkOfferingDetailsDao _ntwkOffDetailsDao; - @Inject - AccountGuestVlanMapDao _accountGuestVlanMapDao; - @Inject - DataCenterVnetDao _datacenterVnetDao; - @Inject - NetworkAccountDao _networkAccountDao; - @Inject protected NicIpAliasDao _nicIpAliasDao; @Inject protected IPAddressDao _publicIpAddressDao; @Inject - NetworkDomainDao _networkDomainDao; - @Inject - VMInstanceDao _vmDao; - @Inject FirewallManager _firewallMgr; @Inject FirewallRulesDao _firewallDao; @@ -268,36 +246,10 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage @Inject PhysicalNetworkDao _physicalNetworkDao; @Inject - PhysicalNetworkServiceProviderDao _pNSPDao; - @Inject - PortForwardingRulesDao _portForwardingRulesDao; - @Inject - LoadBalancerDao _lbDao; - @Inject - PhysicalNetworkTrafficTypeDao _pNTrafficTypeDao; - @Inject - AgentManager _agentMgr; - @Inject - HostDao _hostDao; - @Inject - NetworkServiceMapDao _ntwkSrvcDao; - @Inject - StorageNetworkManager _stnwMgr; - @Inject VpcManager _vpcMgr; @Inject - PrivateIpDao _privateIpDao; - @Inject - NetworkACLManager _networkACLMgr; - @Inject - UsageEventDao _usageEventDao; - @Inject NetworkModel _networkModel; @Inject - NicSecondaryIpDao _nicSecondaryIpDao; - @Inject - UserIpv6AddressDao _ipv6Dao; - @Inject Ipv6AddressManager _ipv6Mgr; @Inject PortableIpDao _portableIpDao; @@ -1102,7 +1054,7 @@ public PublicIp assignSourceNatIpAddressToGuestNetwork(Account owner, Network gu IPAddressVO sourceNatIp = getExistingSourceNatInNetwork(owner.getId(), guestNetwork.getId()); PublicIp ipToReturn = null; - if (sourceNatIp != null) { + if (sourceNatIp != null || isRouted(guestNetwork)) { ipToReturn = PublicIp.createFromAddrAndVlan(sourceNatIp, _vlanDao.findById(sourceNatIp.getVlanId())); } else { ipToReturn = assignDedicateIpAddress(owner, guestNetwork.getId(), null, dcId, true); @@ -1111,6 +1063,15 @@ public PublicIp assignSourceNatIpAddressToGuestNetwork(Account owner, Network gu return ipToReturn; } + private boolean isRouted(Network guestNetwork) { + VpcOffering vpcOffer = null; + NetworkOffering netOffer = _networkOfferingDao.findById(guestNetwork.getNetworkOfferingId()); + if (netOffer.isForVpc()) { + vpcOffer = vpcOfferingDao.findById(guestNetwork.getVpcId()); + } + return netOffer.getRoutingMode() != null || (vpcOffer != null && vpcOffer.getRoutingMode() != null); + } + @DB @Override public PublicIp assignDedicateIpAddress(Account owner, final Long guestNtwkId, final Long vpcId, final long dcId, final boolean isSourceNat) @@ -1633,7 +1594,7 @@ private static void validateNetworkAndIpOwnership(Account owner, IPAddressVO ipT */ protected boolean isSourceNatAvailableForNetwork(Account owner, IPAddressVO ipToAssoc, Network network) { NetworkOffering offering = _networkOfferingDao.findById(network.getNetworkOfferingId()); - boolean sharedSourceNat = offering.isSharedSourceNat(); + boolean sharedSourceNat = offering.isSharedSourceNat() || offering.getRoutingMode() != null; boolean isSourceNat = false; if (!sharedSourceNat) { if (getExistingSourceNatInNetwork(owner.getId(), network.getId()) == null) { From 7d116a1c42594e146549b782e64e2d12f23c3f08 Mon Sep 17 00:00:00 2001 From: Daan Hoogland Date: Mon, 12 Jan 2026 17:00:50 +0100 Subject: [PATCH 2/3] cleanup --- .../cloud/network/IpAddressManagerImpl.java | 206 +++++++----------- 1 file changed, 73 insertions(+), 133 deletions(-) diff --git a/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java b/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java index e51df08a0330..a3e9237acae2 100644 --- a/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java +++ b/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java @@ -33,9 +33,6 @@ import javax.inject.Inject; -import com.cloud.network.dao.PublicIpQuarantineDao; -import com.cloud.network.vo.PublicIpQuarantineVO; -import com.cloud.resourcelimit.CheckedReservation; import org.apache.cloudstack.acl.ControlledEntity.ACLType; import org.apache.cloudstack.acl.SecurityChecker.AccessType; import org.apache.cloudstack.annotation.AnnotationService; @@ -57,10 +54,7 @@ import org.apache.cloudstack.reservation.dao.ReservationDao; import org.apache.commons.collections.CollectionUtils; -import com.cloud.agent.AgentManager; -import com.cloud.alert.AlertManager; import com.cloud.api.ApiDBUtils; -import com.cloud.configuration.ConfigurationManager; import com.cloud.configuration.Resource.ResourceType; import com.cloud.dc.AccountVlanMapVO; import com.cloud.dc.DataCenter; @@ -75,18 +69,15 @@ import com.cloud.dc.dao.AccountVlanMapDao; import com.cloud.dc.dao.DataCenterDao; import com.cloud.dc.dao.DataCenterIpAddressDao; -import com.cloud.dc.dao.DataCenterVnetDao; import com.cloud.dc.dao.DomainVlanMapDao; import com.cloud.dc.dao.HostPodDao; import com.cloud.dc.dao.PodVlanMapDao; import com.cloud.dc.dao.VlanDao; import com.cloud.deploy.DeployDestination; import com.cloud.domain.Domain; -import com.cloud.domain.dao.DomainDao; import com.cloud.event.ActionEventUtils; import com.cloud.event.EventTypes; import com.cloud.event.UsageEventUtils; -import com.cloud.event.dao.UsageEventDao; import com.cloud.exception.AccountLimitException; import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.InsufficientAddressCapacityException; @@ -96,7 +87,6 @@ import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceAllocationException; import com.cloud.exception.ResourceUnavailableException; -import com.cloud.host.dao.HostDao; import com.cloud.network.IpAddress.State; import com.cloud.network.Network.Capability; import com.cloud.network.Network.GuestType; @@ -107,21 +97,14 @@ import com.cloud.network.Networks.IsolationType; import com.cloud.network.Networks.TrafficType; import com.cloud.network.addr.PublicIp; -import com.cloud.network.dao.AccountGuestVlanMapDao; import com.cloud.network.dao.FirewallRulesDao; import com.cloud.network.dao.IPAddressDao; import com.cloud.network.dao.IPAddressVO; -import com.cloud.network.dao.LoadBalancerDao; -import com.cloud.network.dao.NetworkAccountDao; import com.cloud.network.dao.NetworkDao; import com.cloud.network.dao.NetworkDetailsDao; import com.cloud.network.dao.NetworkDetailVO; -import com.cloud.network.dao.NetworkDomainDao; -import com.cloud.network.dao.NetworkServiceMapDao; import com.cloud.network.dao.PhysicalNetworkDao; -import com.cloud.network.dao.PhysicalNetworkServiceProviderDao; -import com.cloud.network.dao.PhysicalNetworkTrafficTypeDao; -import com.cloud.network.dao.UserIpv6AddressDao; +import com.cloud.network.dao.PublicIpQuarantineDao; import com.cloud.network.element.IpDeployer; import com.cloud.network.element.IpDeployingRequester; import com.cloud.network.element.NetworkElement; @@ -134,11 +117,10 @@ import com.cloud.network.rules.FirewallRuleVO; import com.cloud.network.rules.RulesManager; import com.cloud.network.rules.StaticNat; -import com.cloud.network.rules.dao.PortForwardingRulesDao; -import com.cloud.network.vpc.NetworkACLManager; +import com.cloud.network.vo.PublicIpQuarantineVO; import com.cloud.network.vpc.VpcManager; +import com.cloud.network.vpc.VpcOffering; import com.cloud.network.vpc.VpcVO; -import com.cloud.network.vpc.dao.PrivateIpDao; import com.cloud.network.vpc.dao.VpcDao; import com.cloud.network.vpc.dao.VpcOfferingDao; import com.cloud.network.vpn.RemoteAccessVpnService; @@ -146,9 +128,8 @@ import com.cloud.offering.NetworkOffering.Availability; import com.cloud.offerings.NetworkOfferingVO; import com.cloud.offerings.dao.NetworkOfferingDao; -import com.cloud.offerings.dao.NetworkOfferingDetailsDao; -import com.cloud.offerings.dao.NetworkOfferingServiceMapDao; import com.cloud.org.Grouping; +import com.cloud.resourcelimit.CheckedReservation; import com.cloud.user.Account; import com.cloud.user.AccountManager; import com.cloud.user.ResourceLimitService; @@ -184,11 +165,7 @@ import com.cloud.vm.ReservationContextImpl; import com.cloud.vm.VirtualMachine; import com.cloud.vm.VirtualMachineProfile; -import com.cloud.vm.dao.NicDao; import com.cloud.vm.dao.NicIpAliasDao; -import com.cloud.vm.dao.NicSecondaryIpDao; -import com.cloud.vm.dao.UserVmDao; -import com.cloud.vm.dao.VMInstanceDao; public class IpAddressManagerImpl extends ManagerBase implements IpAddressManager, Configurable { @@ -242,8 +219,6 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage @Inject ReservationDao reservationDao; @Inject - NetworkOfferingServiceMapDao _ntwkOfferingSrvcDao; - @Inject PhysicalNetworkDao _physicalNetworkDao; @Inject VpcManager _vpcMgr; @@ -275,7 +250,7 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage static Boolean rulesContinueOnErrFlag = true; - public static final ConfigKey SystemVmPublicIpReservationModeStrictness = new ConfigKey("Advanced", + public static final ConfigKey SystemVmPublicIpReservationModeStrictness = new ConfigKey<>("Advanced", Boolean.class, "system.vm.public.ip.reservation.mode.strictness", "false", "If enabled, the use of System VMs public IP reservation is strict, preferred if not.", true, ConfigKey.Scope.Global); @@ -368,8 +343,8 @@ private IPAddressVO assignIpAddressWithLock(IPAddressVO possibleAddr) { @Override public boolean configure(String name, Map params) { // populate providers - Map> defaultSharedNetworkOfferingProviders = new HashMap>(); - Set defaultProviders = new HashSet(); + Map> defaultSharedNetworkOfferingProviders = new HashMap<>(); + Set defaultProviders = new HashSet<>(); defaultProviders.add(Network.Provider.VirtualRouter); defaultSharedNetworkOfferingProviders.put(Service.Dhcp, defaultProviders); @@ -387,15 +362,15 @@ public boolean configure(String name, Map params) { defaultIsolatedNetworkOfferingProviders.put(Service.PortForwarding, defaultProviders); defaultIsolatedNetworkOfferingProviders.put(Service.Vpn, defaultProviders); - Map> defaultSharedSGEnabledNetworkOfferingProviders = new HashMap>(); + Map> defaultSharedSGEnabledNetworkOfferingProviders = new HashMap<>(); defaultSharedSGEnabledNetworkOfferingProviders.put(Service.Dhcp, defaultProviders); defaultSharedSGEnabledNetworkOfferingProviders.put(Service.Dns, defaultProviders); defaultSharedSGEnabledNetworkOfferingProviders.put(Service.UserData, defaultProviders); - Set sgProviders = new HashSet(); + Set sgProviders = new HashSet<>(); sgProviders.add(Provider.SecurityGroupProvider); defaultSharedSGEnabledNetworkOfferingProviders.put(Service.SecurityGroup, sgProviders); - Map> defaultIsolatedSourceNatEnabledNetworkOfferingProviders = new HashMap>(); + Map> defaultIsolatedSourceNatEnabledNetworkOfferingProviders = new HashMap<>(); defaultProviders.clear(); defaultProviders.add(Network.Provider.VirtualRouter); defaultIsolatedSourceNatEnabledNetworkOfferingProviders.put(Service.Dhcp, defaultProviders); @@ -409,7 +384,7 @@ public boolean configure(String name, Map params) { defaultIsolatedSourceNatEnabledNetworkOfferingProviders.put(Service.PortForwarding, defaultProviders); defaultIsolatedSourceNatEnabledNetworkOfferingProviders.put(Service.Vpn, defaultProviders); - Map> defaultVPCOffProviders = new HashMap>(); + Map> defaultVPCOffProviders = new HashMap<>(); defaultProviders.clear(); defaultProviders.add(Network.Provider.VirtualRouter); defaultVPCOffProviders.put(Service.Dhcp, defaultProviders); @@ -424,11 +399,11 @@ public boolean configure(String name, Map params) { defaultVPCOffProviders.put(Service.Vpn, defaultProviders); //#8 - network offering with internal lb service - Map> internalLbOffProviders = new HashMap>(); - Set defaultVpcProvider = new HashSet(); + Map> internalLbOffProviders = new HashMap<>(); + Set defaultVpcProvider = new HashSet<>(); defaultVpcProvider.add(Network.Provider.VPCVirtualRouter); - Set defaultInternalLbProvider = new HashSet(); + Set defaultInternalLbProvider = new HashSet<>(); defaultInternalLbProvider.add(Network.Provider.InternalLbVm); internalLbOffProviders.put(Service.Dhcp, defaultVpcProvider); @@ -439,12 +414,12 @@ public boolean configure(String name, Map params) { internalLbOffProviders.put(Service.Lb, defaultInternalLbProvider); internalLbOffProviders.put(Service.SourceNat, defaultVpcProvider); - Map> netscalerServiceProviders = new HashMap>(); - Set vrProvider = new HashSet(); + Map> netscalerServiceProviders = new HashMap<>(); + Set vrProvider = new HashSet<>(); vrProvider.add(Provider.VirtualRouter); - Set sgProvider = new HashSet(); + Set sgProvider = new HashSet<>(); sgProvider.add(Provider.SecurityGroupProvider); - Set nsProvider = new HashSet(); + Set nsProvider = new HashSet<>(); nsProvider.add(Provider.Netscaler); netscalerServiceProviders.put(Service.Dhcp, vrProvider); netscalerServiceProviders.put(Service.Dns, vrProvider); @@ -453,10 +428,10 @@ public boolean configure(String name, Map params) { netscalerServiceProviders.put(Service.StaticNat, nsProvider); netscalerServiceProviders.put(Service.Lb, nsProvider); - Map> serviceCapabilityMap = new HashMap>(); - Map elb = new HashMap(); + Map> serviceCapabilityMap = new HashMap<>(); + Map elb = new HashMap<>(); elb.put(Capability.ElasticLb, "true"); - Map eip = new HashMap(); + Map eip = new HashMap<>(); eip.put(Capability.ElasticIp, "true"); serviceCapabilityMap.put(Service.Lb, elb); serviceCapabilityMap.put(Service.StaticNat, eip); @@ -522,12 +497,8 @@ boolean checkIfIpAssocRequired(Network network, boolean postApplyRules, List rules, FirewallRule.Purpose purpose, NetworkRuleApplier applier, boolean continueOnError) throws ResourceUnavailableException { - if (rules == null || rules.size() == 0) { + if (rules == null || rules.isEmpty()) { logger.debug("There are no rules to forward to the network elements"); return true; } @@ -585,7 +553,7 @@ public boolean applyRules(List rules, FirewallRule.Purpo boolean success = true; Network network = _networksDao.findById(rules.get(0).getNetworkId()); FirewallRuleVO.TrafficType trafficType = rules.get(0).getTrafficType(); - List publicIps = new ArrayList(); + List publicIps = new ArrayList<>(); if (!(rules.get(0).getPurpose() == FirewallRule.Purpose.Firewall && trafficType == FirewallRule.TrafficType.Egress)) { // get the list of public ip's owned by the network @@ -739,7 +707,7 @@ public boolean releasePortableIpAddress(final long addrId) { final GlobalLock portableIpLock = GlobalLock.getInternLock("PortablePublicIpRange"); try { - return Transaction.execute(new TransactionCallback() { + return Transaction.execute(new TransactionCallback<>() { @Override public Boolean doInTransaction(TransactionStatus status) { portableIpLock.lock(5); @@ -827,18 +795,18 @@ public List listAvailablePublicIps(final long dcId, final Long podI StringBuilder errorMessage = new StringBuilder("Unable to get ip address in "); boolean fetchFromDedicatedRange = false; - List dedicatedVlanDbIds = new ArrayList(); - List nonDedicatedVlanDbIds = new ArrayList(); + List dedicatedVlanDbIds = new ArrayList<>(); + List nonDedicatedVlanDbIds = new ArrayList<>(); DataCenter zone = _entityMgr.findById(DataCenter.class, dcId); - SearchCriteria sc = null; + SearchCriteria sc; if (podId != null) { sc = AssignIpAddressFromPodVlanSearch.create(); sc.setJoinParameters("podVlanMapSB", "podId", podId); - errorMessage.append(" pod id=" + podId); + errorMessage.append(" pod id=").append(podId); } else { sc = AssignIpAddressSearch.create(); - errorMessage.append(" zone id=" + dcId); + errorMessage.append(" zone id=").append(dcId); } sc.setParameters("dc", dcId); @@ -846,11 +814,11 @@ public List listAvailablePublicIps(final long dcId, final Long podI // for direct network take ip addresses only from the vlans belonging to the network if (vlanUse == VlanType.DirectAttached) { sc.setJoinParameters("vlan", "networkId", guestNetworkId); - errorMessage.append(", network id=" + guestNetworkId); + errorMessage.append(", network id=").append(guestNetworkId); } if (requestedGateway != null) { sc.setJoinParameters("vlan", "vlanGateway", requestedGateway); - errorMessage.append(", requested gateway=" + requestedGateway); + errorMessage.append(", requested gateway=").append(requestedGateway); } sc.setJoinParameters("vlan", "type", vlanUse); @@ -862,13 +830,13 @@ public List listAvailablePublicIps(final long dcId, final Long podI } if (requestedIp != null) { sc.addAnd("address", SearchCriteria.Op.EQ, requestedIp); - errorMessage.append(": requested ip " + requestedIp + " is not available"); + errorMessage.append(": requested ip ").append(requestedIp).append(" is not available"); } else if (routerIpAddress != null) { sc.addAnd("address", Op.NEQ, routerIpAddress); } boolean ascOrder = ! forSystemVms; - Filter filter = new Filter(IPAddressVO.class, "forSystemVms", ascOrder, 0l, 1l); + Filter filter = new Filter(IPAddressVO.class, "forSystemVms", ascOrder, 0L, 1L); filter.addOrderBy(IPAddressVO.class,"vlanId", true); @@ -910,10 +878,10 @@ public List listAvailablePublicIps(final long dcId, final Long podI if (!dedicatedVlanDbIds.isEmpty()) { fetchFromDedicatedRange = true; sc.setParameters("vlanId", dedicatedVlanDbIds.toArray()); - errorMessage.append(", vlanId id=" + Arrays.toString(dedicatedVlanDbIds.toArray())); + errorMessage.append(", vlanId id=").append(Arrays.toString(dedicatedVlanDbIds.toArray())); } else if (!nonDedicatedVlanDbIds.isEmpty()) { sc.setParameters("vlanId", nonDedicatedVlanDbIds.toArray()); - errorMessage.append(", vlanId id=" + Arrays.toString(nonDedicatedVlanDbIds.toArray())); + errorMessage.append(", vlanId id=").append(Arrays.toString(nonDedicatedVlanDbIds.toArray())); } else { if (podId != null) { InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", Pod.class, podId); @@ -933,13 +901,13 @@ public List listAvailablePublicIps(final long dcId, final Long podI } // If all the dedicated IPs of the owner are in use fetch an IP from the system pool - if ((!lockOneRow || (lockOneRow && addrs.size() == 0)) && fetchFromDedicatedRange && vlanUse == VlanType.VirtualNetwork) { + if ((!lockOneRow || (lockOneRow && addrs.isEmpty())) && fetchFromDedicatedRange && vlanUse == VlanType.VirtualNetwork) { // Verify if account is allowed to acquire IPs from the system boolean useSystemIps = UseSystemPublicIps.valueIn(owner.getId()); if (useSystemIps && !nonDedicatedVlanDbIds.isEmpty()) { fetchFromDedicatedRange = false; sc.setParameters("vlanId", nonDedicatedVlanDbIds.toArray()); - errorMessage.append(", vlanId id=" + Arrays.toString(nonDedicatedVlanDbIds.toArray())); + errorMessage.append(", vlanId id=").append(Arrays.toString(nonDedicatedVlanDbIds.toArray())); if (lockOneRow) { addrs = _ipAddressDao.lockRows(sc, filter, true); } else { @@ -949,7 +917,7 @@ public List listAvailablePublicIps(final long dcId, final Long podI } } - if (lockOneRow && addrs.size() == 0) { + if (lockOneRow && addrs.isEmpty()) { if (podId != null) { InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Insufficient address capacity", Pod.class, podId); // for now, we hardcode the table names, but we should ideally do a lookup for the tablename from the VO object. @@ -1040,9 +1008,7 @@ public void doInTransactionWithoutResult(TransactionStatus status) { protected boolean isIpDedicated(IPAddressVO addr) { List maps = _accountVlanMapDao.listAccountVlanMapsByVlan(addr.getVlanId()); - if (maps != null && !maps.isEmpty()) - return true; - return false; + return maps != null && !maps.isEmpty(); } @Override @@ -1054,10 +1020,10 @@ public PublicIp assignSourceNatIpAddressToGuestNetwork(Account owner, Network gu IPAddressVO sourceNatIp = getExistingSourceNatInNetwork(owner.getId(), guestNetwork.getId()); PublicIp ipToReturn = null; - if (sourceNatIp != null || isRouted(guestNetwork)) { + if (sourceNatIp != null) { ipToReturn = PublicIp.createFromAddrAndVlan(sourceNatIp, _vlanDao.findById(sourceNatIp.getVlanId())); } else { - ipToReturn = assignDedicateIpAddress(owner, guestNetwork.getId(), null, dcId, true); + ipToReturn = assignDedicateIpAddress(owner, guestNetwork.getId(), null, dcId, ! isRouted(guestNetwork)); } return ipToReturn; @@ -1089,8 +1055,7 @@ public PublicIp doInTransaction(TransactionStatus status) throws InsufficientAdd if (owner == null) { // this ownerId comes from owner or type Account. See the class "AccountVO" and the annotations in that class // to get the table name and field name that is queried to fill this ownerid. - ConcurrentOperationException ex = new ConcurrentOperationException("Unable to lock account"); - throw ex; + throw new ConcurrentOperationException("Unable to lock account"); } if (logger.isDebugEnabled()) { logger.debug("lock account {} is acquired", owner); @@ -1185,7 +1150,7 @@ public boolean applyIpAssociations(Network network, boolean postApplyRules, bool if (deployer == null) { throw new CloudRuntimeException("Fail to get ip deployer for element: " + element); } - Set services = new HashSet(); + Set services = new HashSet<>(); for (PublicIpAddress ip : ips) { if (!ipToServices.containsKey(ip)) { continue; @@ -1217,9 +1182,8 @@ public AcquirePodIpCmdResponse allocatePodIp(String zoneId, String podId) throws DataCenter zone = _entityMgr.findByUuid(DataCenter.class, zoneId); Account caller = CallContext.current().getCallingAccount(); if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) { - ResourceAllocationException ex = new ResourceAllocationException( + throw new ResourceAllocationException( generateErrorMessageForOperationOnDisabledZone("allocate Pod IP addresses", zone), ResourceType.network); - throw ex; } DataCenterIpAddressVO vo = null; @@ -1272,14 +1236,14 @@ public void releasePodIp(Long id) throws CloudRuntimeException { try { _privateIPAddressDao.releasePodIpAddress(id); } catch (Exception e) { - new CloudRuntimeException(e.getMessage()); + throw new CloudRuntimeException(e.getMessage()); } } @DB @Override public IpAddress allocateIp(final Account ipOwner, final boolean isSystem, Account caller, User callerUser, final DataCenter zone, final Boolean displayIp, final String ipaddress) - throws ConcurrentOperationException, InsufficientAddressCapacityException, CloudRuntimeException { + throws InsufficientAddressCapacityException, CloudRuntimeException { final VlanType vlanType = VlanType.VirtualNetwork; final boolean assign = false; @@ -1369,9 +1333,8 @@ public IPAddressVO doInTransaction(TransactionStatus status) throws Insufficient List portableIpVOs = _portableIpDao.listByRegionIdAndState(1, PortableIp.State.Free); if (portableIpVOs == null || portableIpVOs.isEmpty()) { - InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Unable to find available portable IP addresses", Region.class, - new Long(1)); - throw ex; + throw new InsufficientAddressCapacityException("Unable to find available portable IP addresses", + Region.class, 1L); } // allocate first portable IP to the user @@ -1608,15 +1571,12 @@ protected boolean isSourceNatAvailableForNetwork(Account owner, IPAddressVO ipTo protected boolean isSharedNetworkOfferingWithServices(long networkOfferingId) { NetworkOfferingVO networkOffering = _networkOfferingDao.findById(networkOfferingId); - if ((networkOffering.getGuestType() == Network.GuestType.Shared) + return (networkOffering.getGuestType() == GuestType.Shared) && (_networkModel.areServicesSupportedByNetworkOffering(networkOfferingId, Service.SourceNat) - || _networkModel.areServicesSupportedByNetworkOffering(networkOfferingId, Service.StaticNat) - || _networkModel.areServicesSupportedByNetworkOffering(networkOfferingId, Service.Firewall) - || _networkModel.areServicesSupportedByNetworkOffering(networkOfferingId, Service.PortForwarding) || _networkModel.areServicesSupportedByNetworkOffering( - networkOfferingId, Service.Lb))) { - return true; - } - return false; + || _networkModel.areServicesSupportedByNetworkOffering(networkOfferingId, Service.StaticNat) + || _networkModel.areServicesSupportedByNetworkOffering(networkOfferingId, Service.Firewall) + || _networkModel.areServicesSupportedByNetworkOffering(networkOfferingId, Service.PortForwarding) + || _networkModel.areServicesSupportedByNetworkOffering(networkOfferingId, Service.Lb)); } @Override @@ -1627,8 +1587,8 @@ public IPAddressVO associatePortableIPToGuestNetwork(long ipAddrId, long network @DB @Override - public IPAddressVO disassociatePortableIPToGuestNetwork(long ipId, long networkId) throws ResourceAllocationException, ResourceUnavailableException, - InsufficientAddressCapacityException, ConcurrentOperationException { + public IPAddressVO disassociatePortableIPToGuestNetwork(long ipId, long networkId) throws ResourceUnavailableException, + ConcurrentOperationException { Account caller = CallContext.current().getCallingAccount(); Account owner = null; @@ -1670,7 +1630,7 @@ public IPAddressVO disassociatePortableIPToGuestNetwork(long ipId, long networkI validateNetworkAndIpOwnership(owner, ipToAssoc, network, zone); // Check if IP has any services (rules) associated in the network - List ipList = new ArrayList(); + List ipList = new ArrayList<>(); PublicIp publicIp = PublicIp.createFromAddrAndVlan(ipToAssoc, _vlanDao.findById(ipToAssoc.getVlanId())); ipList.add(publicIp); Map> ipToServices = _networkModel.getIpToServices(ipList, false, true); @@ -1694,7 +1654,7 @@ public IPAddressVO disassociatePortableIPToGuestNetwork(long ipId, long networkI } return ip; } finally { - + // catch (ResourceUnavailableException ignored) } } @@ -1711,15 +1671,13 @@ public boolean isPortableIpTransferableFromNetwork(long ipAddrId, long networkId } // Check if IP has any services (rules) associated in the network - List ipList = new ArrayList(); + List ipList = new ArrayList<>(); PublicIp publicIp = PublicIp.createFromAddrAndVlan(ip, _vlanDao.findById(ip.getVlanId())); ipList.add(publicIp); Map> ipToServices = _networkModel.getIpToServices(ipList, false, true); if (!ipToServices.isEmpty()) { Set ipServices = ipToServices.get(publicIp); - if (ipServices != null && !ipServices.isEmpty()) { - return false; - } + return ipServices == null || ipServices.isEmpty(); } return true; @@ -1827,7 +1785,7 @@ public Ternary, Network> doInTransaction(Transa if (guestNetwork == null) { List networks = getIsolatedNetworksWithSourceNATOwnedByAccountInZone(zoneId, owner); - if (networks.size() == 0) { + if (networks.isEmpty()) { createNetwork = true; } else if (networks.size() == 1) { guestNetwork = networks.get(0); @@ -1839,7 +1797,7 @@ public Ternary, Network> doInTransaction(Transa // create new Virtual network (Isolated with SourceNAT) for the user if it doesn't exist List requiredOfferings = _networkOfferingDao.listByAvailability(Availability.Required, false); - if (requiredOfferings.size() < 1) { + if (requiredOfferings.isEmpty()) { throw new CloudRuntimeException("Unable to find network offering with availability=" + Availability.Required + " to automatically create the network as part of createVlanIpRange"); } @@ -1901,7 +1859,7 @@ public Ternary, Network> doInTransaction(Transa markPublicIpAsAllocated(addr); } } - return new Ternary, Network>(createNetwork, requiredOfferings, guestNetwork); + return new Ternary<>(createNetwork, requiredOfferings, guestNetwork); } }); } catch (Exception e1) { @@ -1953,7 +1911,7 @@ public IPAddressVO markIpAsUnavailable(final long addrId) { } if (ip.getState() != State.Releasing) { - return Transaction.execute(new TransactionCallback() { + return Transaction.execute(new TransactionCallback<>() { @Override public IPAddressVO doInTransaction(TransactionStatus status) { if (checkIfIpResourceCountShouldBeUpdated(ip)) { @@ -2065,8 +2023,8 @@ public String acquireLastGuestIpAddress(Network network) { return null; } - List availableIpsReverse = new ArrayList(availableIps); - Collections.sort(availableIpsReverse, Collections.reverseOrder()); + List availableIpsReverse = new ArrayList<>(availableIps); + availableIpsReverse.sort(Collections.reverseOrder()); return NetUtils.long2Ip(availableIpsReverse.iterator().next()); } @@ -2105,7 +2063,7 @@ public List getStaticNatSourceIps(List staticN @Override public boolean applyStaticNats(List staticNats, boolean continueOnError, boolean forRevoke) throws ResourceUnavailableException { - if (staticNats == null || staticNats.size() == 0) { + if (staticNats == null || staticNats.isEmpty()) { logger.debug("There are no static nat rules for the network elements"); return true; } @@ -2121,7 +2079,7 @@ public boolean applyStaticNats(List staticNats, boolean con List userIps = getStaticNatSourceIps(staticNats); - List publicIps = new ArrayList(); + List publicIps = new ArrayList<>(); if (userIps != null && !userIps.isEmpty()) { for (IPAddressVO userIp : userIps) { PublicIp publicIp = PublicIp.createFromAddrAndVlan(userIp, _vlanDao.findById(userIp.getVlanId())); @@ -2181,16 +2139,12 @@ boolean checkStaticNatIPAssocRequired(Network network, boolean postApplyRules, b activeFwCount = _firewallDao.countRulesByIpIdAndState(ip.getId(), FirewallRule.State.Active); if (!postApplyRules && !forRevoke) { - if (activeFwCount > 0) { - continue; - } else { + if (activeFwCount <= 0) { return true; } } else if (postApplyRules && forRevoke) { return true; } - } else { - continue; } } return false; @@ -2209,13 +2163,8 @@ public IpAddress assignSystemIp(long networkId, Account owner, boolean forElasti ip = allocateIP(owner, true, guestNetwork.getDataCenterId()); // apply ip associations ip = associateIPToGuestNetwork(ip.getId(), networkId, true); - ; - } catch (ResourceAllocationException ex) { + } catch (ResourceAllocationException | ResourceUnavailableException | ConcurrentOperationException ex) { throw new CloudRuntimeException("Failed to allocate system ip due to ", ex); - } catch (ConcurrentOperationException ex) { - throw new CloudRuntimeException("Failed to allocate system lb ip due to ", ex); - } catch (ResourceUnavailableException ex) { - throw new CloudRuntimeException("Failed to allocate system lb ip due to ", ex); } if (ip == null) { @@ -2252,7 +2201,6 @@ public void allocateDirectIp(final NicProfile nic, final DataCenter dc, final Vi @Override public void doInTransactionWithoutResult(TransactionStatus status) throws InsufficientAddressCapacityException { //This method allocates direct ip for the Shared network in Advance zones - boolean ipv4 = false; if (network.getGateway() != null) { if (nic.getIPv4Address() == null) { PublicIp ip = null; @@ -2304,13 +2252,8 @@ public void allocateNicValues(final NicProfile nic, final DataCenter dc, final V @Override public void doInTransactionWithoutResult(TransactionStatus status) throws InsufficientAddressCapacityException { //This method allocates direct ip for the Shared network in Advance zones - boolean ipv4 = false; - if (network.getGateway() != null) { if (nic.getIPv4Address() == null) { - ipv4 = true; - // PublicIp ip = null; - //Get ip address from the placeholder and don't allocate a new one if (requestedIpv4 != null && vm.getType() == VirtualMachine.Type.DomainRouter) { logger.debug("There won't be nic assignment for VR {} in this network {}", vm, network); @@ -2391,10 +2334,7 @@ public boolean isIpEqualsGatewayOrNetworkOfferingsEmpty(Network network, String if (requestedIp.equals(network.getGateway()) || requestedIp.equals(network.getIp6Gateway())) { return true; } - if (_networkModel.listNetworkOfferingServices(network.getNetworkOfferingId()).isEmpty() && network.getCidr() == null) { - return true; - } - return false; + return _networkModel.listNetworkOfferingServices(network.getNetworkOfferingId()).isEmpty() && network.getCidr() == null; } @Override From e8cebc652d01ac3b2c1aed6f6e08ded18ce91442 Mon Sep 17 00:00:00 2001 From: dahn Date: Tue, 13 Jan 2026 14:21:35 +0100 Subject: [PATCH 3/3] get offer for vpc Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../main/java/com/cloud/network/IpAddressManagerImpl.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java b/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java index a3e9237acae2..466d56d53aca 100644 --- a/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java +++ b/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java @@ -1032,8 +1032,11 @@ public PublicIp assignSourceNatIpAddressToGuestNetwork(Account owner, Network gu private boolean isRouted(Network guestNetwork) { VpcOffering vpcOffer = null; NetworkOffering netOffer = _networkOfferingDao.findById(guestNetwork.getNetworkOfferingId()); - if (netOffer.isForVpc()) { - vpcOffer = vpcOfferingDao.findById(guestNetwork.getVpcId()); + if (netOffer.isForVpc() && guestNetwork.getVpcId() != null) { + VpcVO vpc = _vpcDao.findById(guestNetwork.getVpcId()); + if (vpc != null) { + vpcOffer = vpcOfferingDao.findById(vpc.getVpcOfferingId()); + } } return netOffer.getRoutingMode() != null || (vpcOffer != null && vpcOffer.getRoutingMode() != null); }