apache · DaanHoogland · Nov 6, 2020 · Nov 5, 2020 · Nov 6, 2020
diff --git a/server/src/main/java/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java b/server/src/main/java/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
@@ -29,6 +29,8 @@
 
 import javax.inject.Inject;
 
+import com.cloud.offerings.NetworkOfferingServiceMapVO;
+import com.cloud.offerings.dao.NetworkOfferingServiceMapDao;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.command.user.loadbalancer.CreateLBHealthCheckPolicyCmd;
 import org.apache.cloudstack.api.command.user.loadbalancer.CreateLBStickinessPolicyCmd;
@@ -209,6 +211,8 @@ public class LoadBalancingRulesManagerImpl<Type> extends ManagerBase implements
     @Inject
     NetworkDao _networkDao;
     @Inject
+    NetworkOfferingServiceMapDao _networkOfferingServiceDao;
+    @Inject
     FirewallRulesDao _firewallDao;
     @Inject
     DomainService _domainMgr;
@@ -260,6 +264,7 @@ public class LoadBalancingRulesManagerImpl<Type> extends ManagerBase implements
     @Inject
     NicSecondaryIpDao _nicSecondaryIpDao;
 
+    private static final int DNS_PORT = 53;
     // Will return a string. For LB Stickiness this will be a json, for
     // autoscale this will be "," separated values
     @Override
@@ -1598,65 +1603,73 @@ public LoadBalancer createPublicLoadBalancerRule(String xId, String name, String
         // LoadBalancer result = _elbMgr.handleCreateLoadBalancerRule(lb,
         // lbOwner, lb.getNetworkId());
         LoadBalancer result = null;
-        if (result == null) {
-            IpAddress systemIp = null;
-            NetworkOffering off = _entityMgr.findById(NetworkOffering.class, network.getNetworkOfferingId());
-            if (off.isElasticLb() && ipVO == null && network.getVpcId() == null) {
-                systemIp = _ipAddrMgr.assignSystemIp(networkId, lbOwner, true, false);
-                if (systemIp != null) {
-                    ipVO = _ipAddressDao.findById(systemIp.getId());
+        IpAddress systemIp = null;
+        NetworkOffering off = _entityMgr.findById(NetworkOffering.class, network.getNetworkOfferingId());
+
+        if (srcPortStart == DNS_PORT && ipVO.isSourceNat()) {
+            List<NetworkOfferingServiceMapVO> offeringServices = _networkOfferingServiceDao.listByNetworkOfferingId(network.getNetworkOfferingId());
+            for (NetworkOfferingServiceMapVO serviceMapVo: offeringServices) {
+                if (serviceMapVo.getService().equals(Service.Dns.getName())) {
+                    throw new InvalidParameterValueException("Error adding load balancer rule, cannot add port 53 with network service offering having DNS service and Source NAT.");
                 }
             }
+        }
 
-            // Validate ip address
-            if (ipVO == null) {
-                throw new InvalidParameterValueException("Unable to create load balance rule; can't find/allocate source IP");
-            } else if (ipVO.isOneToOneNat()) {
-                throw new NetworkRuleConflictException("Can't do load balance on ip address: " + ipVO.getAddress());
+        if (off.isElasticLb() && ipVO == null && network.getVpcId() == null) {
+            systemIp = _ipAddrMgr.assignSystemIp(networkId, lbOwner, true, false);
+            if (systemIp != null) {
+                ipVO = _ipAddressDao.findById(systemIp.getId());
             }
+        }
 
-            boolean performedIpAssoc = false;
-            try {
-                if (ipVO.getAssociatedWithNetworkId() == null) {
-                    boolean assignToVpcNtwk = network.getVpcId() != null && ipVO.getVpcId() != null && ipVO.getVpcId().longValue() == network.getVpcId();
-                    if (assignToVpcNtwk) {
-                        // set networkId just for verification purposes
-                        _networkModel.checkIpForService(ipVO, Service.Lb, networkId);
-
-                        s_logger.debug("The ip is not associated with the VPC network id=" + networkId + " so assigning");
-                        ipVO = _ipAddrMgr.associateIPToGuestNetwork(ipAddrId, networkId, false);
-                        performedIpAssoc = true;
-                    }
-                } else {
-                    _networkModel.checkIpForService(ipVO, Service.Lb, null);
-                }
+        // Validate ip address
+        if (ipVO == null) {
+            throw new InvalidParameterValueException("Unable to create load balance rule; can't find/allocate source IP");
+        } else if (ipVO.isOneToOneNat()) {
+            throw new NetworkRuleConflictException("Can't do load balance on ip address: " + ipVO.getAddress());
+        }
 
-                if (ipVO.getAssociatedWithNetworkId() == null) {
-                    throw new InvalidParameterValueException("Ip address " + ipVO + " is not assigned to the network " + network);
+        boolean performedIpAssoc = false;
+        try {
+            if (ipVO.getAssociatedWithNetworkId() == null) {
+                boolean assignToVpcNtwk = network.getVpcId() != null && ipVO.getVpcId() != null && ipVO.getVpcId().longValue() == network.getVpcId();
+                if (assignToVpcNtwk) {
+                    // set networkId just for verification purposes
+                    _networkModel.checkIpForService(ipVO, Service.Lb, networkId);
+
+                    s_logger.debug("The ip is not associated with the VPC network id=" + networkId + " so assigning");
+                    ipVO = _ipAddrMgr.associateIPToGuestNetwork(ipAddrId, networkId, false);
+                    performedIpAssoc = true;
                 }
+            } else {
+                _networkModel.checkIpForService(ipVO, Service.Lb, null);
+            }
 
-                result = createPublicLoadBalancer(xId, name, description, srcPortStart, defPortStart, ipVO.getId(), protocol, algorithm, openFirewall, CallContext.current(),
-                        lbProtocol, forDisplay);
-            } catch (Exception ex) {
-                s_logger.warn("Failed to create load balancer due to ", ex);
-                if (ex instanceof NetworkRuleConflictException) {
-                    throw (NetworkRuleConflictException)ex;
-                }
+            if (ipVO.getAssociatedWithNetworkId() == null) {
+                throw new InvalidParameterValueException("Ip address " + ipVO + " is not assigned to the network " + network);
+            }
 
-                if (ex instanceof InvalidParameterValueException) {
-                    throw (InvalidParameterValueException)ex;
-                }
+            result = createPublicLoadBalancer(xId, name, description, srcPortStart, defPortStart, ipVO.getId(), protocol, algorithm, openFirewall, CallContext.current(),
+                    lbProtocol, forDisplay);
+        } catch (Exception ex) {
+            s_logger.warn("Failed to create load balancer due to ", ex);
+            if (ex instanceof NetworkRuleConflictException) {
+                throw (NetworkRuleConflictException)ex;
+            }
 
-            } finally {
-                if (result == null && systemIp != null) {
-                    s_logger.debug("Releasing system IP address " + systemIp + " as corresponding lb rule failed to create");
-                    _ipAddrMgr.handleSystemIpRelease(systemIp);
-                }
-                // release ip address if ipassoc was perfored
-                if (performedIpAssoc) {
-                    ipVO = _ipAddressDao.findById(ipVO.getId());
-                    _vpcMgr.unassignIPFromVpcNetwork(ipVO.getId(), networkId);
-                }
+            if (ex instanceof InvalidParameterValueException) {
+                throw (InvalidParameterValueException)ex;
+            }
+
+        } finally {
+            if (result == null && systemIp != null) {
+                s_logger.debug("Releasing system IP address " + systemIp + " as corresponding lb rule failed to create");
+                _ipAddrMgr.handleSystemIpRelease(systemIp);
+            }
+            // release ip address if ipassoc was perfored
+            if (performedIpAssoc) {
+                ipVO = _ipAddressDao.findById(ipVO.getId());
+                _vpcMgr.unassignIPFromVpcNetwork(ipVO.getId(), networkId);
             }
         }