You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@deltacloud.apache.org by "Dies Koper (JIRA)" <ji...@apache.org> on 2012/10/22 14:02:11 UTC
[jira] [Created] (DTACLOUD-351) fgcp: serverType for FWs changed to
'firewall' which is not in server type list
Dies Koper created DTACLOUD-351:
-----------------------------------
Summary: fgcp: serverType for FWs changed to 'firewall' which is not in server type list
Key: DTACLOUD-351
URL: https://issues.apache.org/jira/browse/DTACLOUD-351
Project: DeltaCloud
Issue Type: Bug
Components: Server
Environment: fgcp
Reporter: Dies Koper
fgcp API changed: it now returns 'firewall' for FWs, which is not listed in server type list.
This causes issues for cimi /machines API which cross-references with hardware_profiles output.
Better to remove FW instances from instance list altogether.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (DTACLOUD-351) fgcp: serverType for FWs changed to
'firewall' which is not in server type list
Posted by "Dies Koper (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DTACLOUD-351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dies Koper updated DTACLOUD-351:
--------------------------------
Attachment: 0001-fgcp-take-fw-out-of-instance-list.patch
filtered FWs from instance list; added code to stop fw in destroy_firewall. also fixed cimi storage unit.
> fgcp: serverType for FWs changed to 'firewall' which is not in server type list
> -------------------------------------------------------------------------------
>
> Key: DTACLOUD-351
> URL: https://issues.apache.org/jira/browse/DTACLOUD-351
> Project: DeltaCloud
> Issue Type: Bug
> Components: Server
> Environment: fgcp
> Reporter: Dies Koper
> Attachments: 0001-fgcp-take-fw-out-of-instance-list.patch
>
>
> fgcp API changed: it now returns 'firewall' for FWs, which is not listed in server type list.
> This causes issues for cimi /machines API which cross-references with hardware_profiles output.
> Better to remove FW instances from instance list altogether.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (DTACLOUD-351) fgcp: serverType for FWs changed
to 'firewall' which is not in server type list
Posted by "Marios Andreou (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DTACLOUD-351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marios Andreou resolved DTACLOUD-351.
-------------------------------------
Resolution: Fixed
pushed to master b0a01c5bd8874ab00d091c4f781e32ccb338742f
> fgcp: serverType for FWs changed to 'firewall' which is not in server type list
> -------------------------------------------------------------------------------
>
> Key: DTACLOUD-351
> URL: https://issues.apache.org/jira/browse/DTACLOUD-351
> Project: DeltaCloud
> Issue Type: Bug
> Components: Server
> Environment: fgcp
> Reporter: Dies Koper
> Assignee: Marios Andreou
> Attachments: 0001-fgcp-take-fw-out-of-instance-list.patch, 0001-fgcp-take-fw-out-of-instance-list.patch
>
>
> fgcp API changed: it now returns 'firewall' for FWs, which is not listed in server type list.
> This causes issues for cimi /machines API which cross-references with hardware_profiles output.
> Better to remove FW instances from instance list altogether.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (DTACLOUD-351) fgcp: serverType for FWs changed to
'firewall' which is not in server type list
Posted by "Marios Andreou (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DTACLOUD-351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marios Andreou closed DTACLOUD-351.
-----------------------------------
> fgcp: serverType for FWs changed to 'firewall' which is not in server type list
> -------------------------------------------------------------------------------
>
> Key: DTACLOUD-351
> URL: https://issues.apache.org/jira/browse/DTACLOUD-351
> Project: DeltaCloud
> Issue Type: Bug
> Components: Server
> Environment: fgcp
> Reporter: Dies Koper
> Assignee: Marios Andreou
> Attachments: 0001-fgcp-take-fw-out-of-instance-list.patch, 0001-fgcp-take-fw-out-of-instance-list.patch
>
>
> fgcp API changed: it now returns 'firewall' for FWs, which is not listed in server type list.
> This causes issues for cimi /machines API which cross-references with hardware_profiles output.
> Better to remove FW instances from instance list altogether.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (DTACLOUD-351) fgcp: serverType for FWs changed
to 'firewall' which is not in server type list
Posted by "Dies Koper (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DTACLOUD-351?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13483274#comment-13483274 ]
Dies Koper commented on DTACLOUD-351:
-------------------------------------
Thanks for all the feedback!
To answer your comments:
1. David said (when we discussed load balancers, which similarly to FWs are implemented as (special) instances in fgcp): (see "RE: load balancers with FGCP" around 22 Aug 2012 on DC mailing list)
> > Is it desirable to expose the load balancer in this way ? Could we
> > suppress load balancer instances in the instances list ?
> > Can we handle the start/stop transparently ? IOW, API users do not need
> > to know that LB's need to be started explicitly, we start them for them
> > when they are needed, and stop them when they are not balancing anything
> > anymore.
So my reasons for removing the firewalls from instances:
1. the above;
2. since recently raises the issue that their returned hardware_profile is a special one, not returned by FGCP's hwp query method (as it's not a hwp that can be selected by users to create normal instances);
3. FWs can't be assigned public IP addresses, run commands on or added to load balancers, which they seem they can if included in instances in the GUI.
2. David also wrote in that e-mail:
> > My problem with this is that LB's can only be used then if the user
> > knows to start some special instance - with that, the FGPC driver will
> > behave differently from other drivers.
which applies to FGCP FWs as well, they can only be removed if the user knows to stop some special instance, behaving differently from other drivers.
3. Thanks for clearing that up. I remembered there was a response code like that and had been searching in the 3xx, 4xx and 5xx ranges for it!
Sounds like 202 is what I need and DC already uses that so my patch is okay the way it is?
4. Thanks. I may merge some next time I make changes in that block.
> fgcp: serverType for FWs changed to 'firewall' which is not in server type list
> -------------------------------------------------------------------------------
>
> Key: DTACLOUD-351
> URL: https://issues.apache.org/jira/browse/DTACLOUD-351
> Project: DeltaCloud
> Issue Type: Bug
> Components: Server
> Environment: fgcp
> Reporter: Dies Koper
> Assignee: Marios Andreou
> Attachments: 0001-fgcp-take-fw-out-of-instance-list.patch
>
>
> fgcp API changed: it now returns 'firewall' for FWs, which is not listed in server type list.
> This causes issues for cimi /machines API which cross-references with hardware_profiles output.
> Better to remove FW instances from instance list altogether.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (DTACLOUD-351) fgcp: serverType for FWs changed
to 'firewall' which is not in server type list
Posted by "David Lutterkort (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DTACLOUD-351?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13485302#comment-13485302 ]
David Lutterkort commented on DTACLOUD-351:
-------------------------------------------
What we're running into here is a limitation of the DC architecture: that we don't have a way to reliably defer work. For now, I think doing the Thread.new patch is fine, and I agree with Dies that we can't magically delete FW's unless we can be dead sure they were created by DC to begin with.
BTW, the Thread.new solution can fail simply because the DC server is shut down before we ever get to issue the fw.destroy.
> fgcp: serverType for FWs changed to 'firewall' which is not in server type list
> -------------------------------------------------------------------------------
>
> Key: DTACLOUD-351
> URL: https://issues.apache.org/jira/browse/DTACLOUD-351
> Project: DeltaCloud
> Issue Type: Bug
> Components: Server
> Environment: fgcp
> Reporter: Dies Koper
> Assignee: Marios Andreou
> Attachments: 0001-fgcp-take-fw-out-of-instance-list.patch
>
>
> fgcp API changed: it now returns 'firewall' for FWs, which is not listed in server type list.
> This causes issues for cimi /machines API which cross-references with hardware_profiles output.
> Better to remove FW instances from instance list altogether.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (DTACLOUD-351) fgcp: serverType for FWs changed
to 'firewall' which is not in server type list
Posted by "Marios Andreou (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DTACLOUD-351?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13483228#comment-13483228 ]
Marios Andreou commented on DTACLOUD-351:
-----------------------------------------
Hi Dies - I understand the problem with the async 'stop first then destroy' for firewalls but I have some comments/questions:
1. Can you clarify a little about why firewalls should be removed altogether from the instances list? (just to help me understand)
2. Why can you not just use 'stop_instance' call to stop the firewall first - i.e. as before? Sure, this firewall will not show up in the list of 'instances', but it's still 'there' - and looking at your 'stop_instance' code, the provision is still there to stop the firewall. This would have to be documented under 'driver specific notes' for example.
3. Regarding the response code - I don't 5XX code is appropriate here as they are for server errors. The best fit I think is something like '202 Accepted' which exactly means "request has been accepted for processing, but the processing has not been completed. The request might or might not eventually be acted upon, as it might be disallowed when processing actually takes place.". But in any case - we cannot return a different status code for a given operation. As in, the current 'destroy_firewall' op returns a '202' - and this happens at a Deltacloud server level rather than at a driver level (i.e. we don't set status code in a driver as the response must be uniform across drivers). Depending on whether my suggestion in 2. above is acceptable we will need to discuss/explore solutions here further.
4. Just a note - regarding your 'on exceptions' block. You can 'chain' exceptions together, like:
1326 on /ALREADY_STARTED/ do$
1327 status 405 # Method Not Allowed$
1328 end$
1329 $
1330 # trying to start a running vserver, etc.$
1331 on /ILLEGAL_STATE/ do$
1332 status 405 # Method Not Allowed$
1333 end$
can become:
on /(ALREADY_STARTED|ILLEGAL_STATE)/ do
status 405
end
> fgcp: serverType for FWs changed to 'firewall' which is not in server type list
> -------------------------------------------------------------------------------
>
> Key: DTACLOUD-351
> URL: https://issues.apache.org/jira/browse/DTACLOUD-351
> Project: DeltaCloud
> Issue Type: Bug
> Components: Server
> Environment: fgcp
> Reporter: Dies Koper
> Assignee: Marios Andreou
> Attachments: 0001-fgcp-take-fw-out-of-instance-list.patch
>
>
> fgcp API changed: it now returns 'firewall' for FWs, which is not listed in server type list.
> This causes issues for cimi /machines API which cross-references with hardware_profiles output.
> Better to remove FW instances from instance list altogether.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (DTACLOUD-351) fgcp: serverType for FWs changed
to 'firewall' which is not in server type list
Posted by "Dies Koper (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DTACLOUD-351?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13484866#comment-13484866 ]
Dies Koper commented on DTACLOUD-351:
-------------------------------------
I agree with 1 and 2, not with 3.
A contract could be used by multiple users (of e.g. the same team). If someone in my team stopped his system's firewall, I can't have DC delete his system just because I used DC to list the firewalls.
I don't think there are any cases that the destroy in Thread.new can fail if the stop operation succeeds, at least none where the same operation in another location (such as a listing) does have a chance of succeeding.
I'll update my patch for 2. (and fix a bug I just found - I hadn't tested the case of listing firewalls while a firewall was being instantiated).
> fgcp: serverType for FWs changed to 'firewall' which is not in server type list
> -------------------------------------------------------------------------------
>
> Key: DTACLOUD-351
> URL: https://issues.apache.org/jira/browse/DTACLOUD-351
> Project: DeltaCloud
> Issue Type: Bug
> Components: Server
> Environment: fgcp
> Reporter: Dies Koper
> Assignee: Marios Andreou
> Attachments: 0001-fgcp-take-fw-out-of-instance-list.patch
>
>
> fgcp API changed: it now returns 'firewall' for FWs, which is not listed in server type list.
> This causes issues for cimi /machines API which cross-references with hardware_profiles output.
> Better to remove FW instances from instance list altogether.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (DTACLOUD-351) fgcp: serverType for FWs changed
to 'firewall' which is not in server type list
Posted by "Dies Koper (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DTACLOUD-351?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13482162#comment-13482162 ]
Dies Koper commented on DTACLOUD-351:
-------------------------------------
about the patch, some background that I'd like you to review in particular:
In fgcp, FWs need to be stopped before they can be destroyed. This could be done when it was listed as an instance, but now that it's not, I need to do it in destroy_firewall.
Stopping the FW takes about 5 min. So I'm executing the (async) stop request first and in a new thread poll till it's stopped and then destroy it, so that from the customer's point of view the request doesn't time out.
Do I need to return a particular http return code (50n Gateway Timeout?) to indicate that the request hasn't been completed yet (after all, this firewall will still appear in the list of firewalls for 5 minutes, even if any operation on it will return an error saying that it is stopping) or is the default http return code fine?
> fgcp: serverType for FWs changed to 'firewall' which is not in server type list
> -------------------------------------------------------------------------------
>
> Key: DTACLOUD-351
> URL: https://issues.apache.org/jira/browse/DTACLOUD-351
> Project: DeltaCloud
> Issue Type: Bug
> Components: Server
> Environment: fgcp
> Reporter: Dies Koper
> Attachments: 0001-fgcp-take-fw-out-of-instance-list.patch
>
>
> fgcp API changed: it now returns 'firewall' for FWs, which is not listed in server type list.
> This causes issues for cimi /machines API which cross-references with hardware_profiles output.
> Better to remove FW instances from instance list altogether.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (DTACLOUD-351) fgcp: serverType for FWs changed
to 'firewall' which is not in server type list
Posted by "Marios Andreou (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DTACLOUD-351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marios Andreou reassigned DTACLOUD-351:
---------------------------------------
Assignee: Marios Andreou
> fgcp: serverType for FWs changed to 'firewall' which is not in server type list
> -------------------------------------------------------------------------------
>
> Key: DTACLOUD-351
> URL: https://issues.apache.org/jira/browse/DTACLOUD-351
> Project: DeltaCloud
> Issue Type: Bug
> Components: Server
> Environment: fgcp
> Reporter: Dies Koper
> Assignee: Marios Andreou
> Attachments: 0001-fgcp-take-fw-out-of-instance-list.patch
>
>
> fgcp API changed: it now returns 'firewall' for FWs, which is not listed in server type list.
> This causes issues for cimi /machines API which cross-references with hardware_profiles output.
> Better to remove FW instances from instance list altogether.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (DTACLOUD-351) fgcp: serverType for FWs changed to
'firewall' which is not in server type list
Posted by "Dies Koper (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DTACLOUD-351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dies Koper updated DTACLOUD-351:
--------------------------------
Attachment: 0001-fgcp-take-fw-out-of-instance-list.patch
updated patch to return 202 Accepted
> fgcp: serverType for FWs changed to 'firewall' which is not in server type list
> -------------------------------------------------------------------------------
>
> Key: DTACLOUD-351
> URL: https://issues.apache.org/jira/browse/DTACLOUD-351
> Project: DeltaCloud
> Issue Type: Bug
> Components: Server
> Environment: fgcp
> Reporter: Dies Koper
> Assignee: Marios Andreou
> Attachments: 0001-fgcp-take-fw-out-of-instance-list.patch, 0001-fgcp-take-fw-out-of-instance-list.patch
>
>
> fgcp API changed: it now returns 'firewall' for FWs, which is not listed in server type list.
> This causes issues for cimi /machines API which cross-references with hardware_profiles output.
> Better to remove FW instances from instance list altogether.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (DTACLOUD-351) fgcp: serverType for FWs changed
to 'firewall' which is not in server type list
Posted by "Marios Andreou (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DTACLOUD-351?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13484794#comment-13484794 ]
Marios Andreou commented on DTACLOUD-351:
-----------------------------------------
Hi Dies:
First off, thanks for your patience - I know you are keen to get this resolved. As we discussed, the API returns 204 after a succesful DELETE firewall operation, but this status code would be misleading since there is no guarantee that the op *was* succesful/completed. I don't like the Thread.new mainly because of this uncertainty... a new Thread is started and there is no way to know how it ends.. succesfully (i.e. client.destroy_vsys succeeds) or not. However, I don't know how else we could handle this situation.
One alternative I thought of was to handle the client.destroy_vsys in the call to GET /api/firewalls.
1. The 'delete firewall' operation just makes the call to client.stop_efm(fw_id)
2. When client requests list (or even a single) firewall, don't display any firewalls that have a state other than 'running' (or whatever the equivalent is in fgcp).
3. Any firewalls that are in that 'stopped' state should be deleted with the client.destroy_vsys
But this is also problematic for at least 2 reasons: in step 1 above you'd return a 204 but the firewall isn't actually 'deleted' - only stopped, AND, there is no guarantee that clients will 'refresh' and call GET /api/firewalls in order to actually destroy firewalls that are just sitting there in the 'stopped' state.
So, my suggestion is perhaps a combination of the two:
1. keep your thread.new.
2. return a 202 from delete firewall - as this more accurately portrays what is happening. Document this difference (notes for specific drivers and perhaps also under the delete /api/firewalls call).
3. When listing firewalls, try and destroy any that are in the stopped state as an added guard against the destroy failing in the Thread.new of the delete firewall method.
what do you think?
marios
> fgcp: serverType for FWs changed to 'firewall' which is not in server type list
> -------------------------------------------------------------------------------
>
> Key: DTACLOUD-351
> URL: https://issues.apache.org/jira/browse/DTACLOUD-351
> Project: DeltaCloud
> Issue Type: Bug
> Components: Server
> Environment: fgcp
> Reporter: Dies Koper
> Assignee: Marios Andreou
> Attachments: 0001-fgcp-take-fw-out-of-instance-list.patch
>
>
> fgcp API changed: it now returns 'firewall' for FWs, which is not listed in server type list.
> This causes issues for cimi /machines API which cross-references with hardware_profiles output.
> Better to remove FW instances from instance list altogether.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira