You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ko...@apache.org on 2016/04/11 18:55:02 UTC
[4/6] git commit: updated refs/heads/master to d1def0a
deal with PMD warnings
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d39182f9
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d39182f9
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d39182f9
Branch: refs/heads/master
Commit: d39182f9d432ff477b7021ce805980c35ba39408
Parents: d1c1bde
Author: Daan Hoogland <da...@onecht.net>
Authored: Fri Dec 25 16:47:14 2015 +0100
Committer: Daan Hoogland <da...@onecht.net>
Committed: Sat Dec 26 09:02:30 2015 +0100
----------------------------------------------------------------------
.../cloud/agent/api/SecurityGroupRulesCmd.java | 168 ++++----
.../networkservice/SecurityGroupHttpClient.java | 410 +++++++++----------
...LibvirtSecurityGroupRulesCommandWrapper.java | 2 +-
.../resource/LibvirtComputingResourceTest.java | 22 +-
.../cloud/ovm/hypervisor/OvmResourceBase.java | 4 +-
.../cloud/agent/manager/MockVmManagerImpl.java | 2 +-
.../CitrixSecurityGroupRulesCommandWrapper.java | 2 +-
.../xenbase/CitrixRequestWrapperTest.java | 14 +-
.../security/SecurityGroupManagerImpl2.java | 4 +-
9 files changed, 329 insertions(+), 299 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/core/src/com/cloud/agent/api/SecurityGroupRulesCmd.java
----------------------------------------------------------------------
diff --git a/core/src/com/cloud/agent/api/SecurityGroupRulesCmd.java b/core/src/com/cloud/agent/api/SecurityGroupRulesCmd.java
index fbc3835..a7f4425 100644
--- a/core/src/com/cloud/agent/api/SecurityGroupRulesCmd.java
+++ b/core/src/com/cloud/agent/api/SecurityGroupRulesCmd.java
@@ -21,6 +21,7 @@ package com.cloud.agent.api;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.util.ArrayList;
import java.util.List;
import java.util.zip.DeflaterOutputStream;
@@ -32,34 +33,47 @@ import com.cloud.agent.api.LogLevel.Log4jLevel;
import com.cloud.utils.net.NetUtils;
public class SecurityGroupRulesCmd extends Command {
- static final String EGRESS_RULE = "E:";
- static final String INGRESS_RULE = "I:";
- private static Logger s_logger = Logger.getLogger(SecurityGroupRulesCmd.class);
+ private static final char RULE_TARGET_SEPARATOR = ',';
+ private static final char RULE_COMMAND_SEPARATOR = ':';
+ protected static final String EGRESS_RULE = "E:";
+ protected static final String INGRESS_RULE = "I:";
+ private static final Logger LOGGER = Logger.getLogger(SecurityGroupRulesCmd.class);
+
+ private final String guestIp;
+ private final String vmName;
+ private final String guestMac;
+ private final String signature;
+ private final Long seqNum;
+ private final Long vmId;
+ private Long msId;
+ private List<IpPortAndProto> ingressRuleSet;
+ private List<IpPortAndProto> egressRuleSet;
+ private final List<String> secIps;
public static class IpPortAndProto {
- private String proto;
- private int startPort;
- private int endPort;
+ private final String proto;
+ private final int startPort;
+ private final int endPort;
@LogLevel(Log4jLevel.Trace)
- private String[] allowedCidrs;
+ private List<String> allowedCidrs;
- public IpPortAndProto() {
- }
-
- public IpPortAndProto(String proto, int startPort, int endPort, String[] allowedCidrs) {
- this();
+ public IpPortAndProto(final String proto, final int startPort, final int endPort, final String... allowedCidrs) {
+ super();
this.proto = proto;
this.startPort = startPort;
this.endPort = endPort;
- this.allowedCidrs = allowedCidrs;
+ setAllowedCidrs(allowedCidrs);
}
- public String[] getAllowedCidrs() {
+ public List<String> getAllowedCidrs() {
return allowedCidrs;
}
- public void setAllowedCidrs(String[] allowedCidrs) {
- this.allowedCidrs = allowedCidrs;
+ public void setAllowedCidrs(final String... allowedCidrs) {
+ this.allowedCidrs = new ArrayList<String>();
+ for (final String allowedCidr : allowedCidrs) {
+ this.allowedCidrs.add(allowedCidr);
+ }
}
public String getProto() {
@@ -76,41 +90,29 @@ public class SecurityGroupRulesCmd extends Command {
}
- String guestIp;
- String vmName;
- String guestMac;
- String signature;
- Long seqNum;
- Long vmId;
- Long msId;
- IpPortAndProto[] ingressRuleSet;
- IpPortAndProto[] egressRuleSet;
- private List<String> secIps;
-
- public SecurityGroupRulesCmd() {
- super();
- }
-
- public SecurityGroupRulesCmd(String guestIp, String guestMac, String vmName, Long vmId, String signature, Long seqNum, IpPortAndProto[] ingressRuleSet,
- IpPortAndProto[] egressRuleSet) {
- this();
+ public SecurityGroupRulesCmd(
+ final String guestIp,
+ final String guestMac,
+ final String vmName,
+ final Long vmId,
+ final String signature,
+ final Long seqNum,
+ final IpPortAndProto[] ingressRuleSet,
+ final IpPortAndProto[] egressRuleSet,
+ final List<String> secIps) {
this.guestIp = guestIp;
this.vmName = vmName;
- this.ingressRuleSet = ingressRuleSet;
- this.egressRuleSet = egressRuleSet;
+ setIngressRuleSet(ingressRuleSet);
+ this.setEgressRuleSet(egressRuleSet);
this.guestMac = guestMac;
- this.signature = signature;
this.seqNum = seqNum;
this.vmId = vmId;
if (signature == null) {
- String stringified = stringifyRules();
+ final String stringified = stringifyRules();
this.signature = DigestUtils.md5Hex(stringified);
+ } else {
+ this.signature = signature;
}
- }
-
- public SecurityGroupRulesCmd(String guestIp, String guestMac, String vmName, Long vmId, String signature, Long seqNum, IpPortAndProto[] ingressRuleSet,
- IpPortAndProto[] egressRuleSet, List<String> secIps) {
- this(guestIp, guestMac, vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet);
this.secIps = secIps;
}
@@ -119,20 +121,26 @@ public class SecurityGroupRulesCmd extends Command {
return true;
}
- public IpPortAndProto[] getIngressRuleSet() {
+ public List<IpPortAndProto> getIngressRuleSet() {
return ingressRuleSet;
}
- public void setIngressRuleSet(IpPortAndProto[] ingressRuleSet) {
- this.ingressRuleSet = ingressRuleSet;
+ public void setIngressRuleSet(final IpPortAndProto... ingressRuleSet) {
+ this.ingressRuleSet = new ArrayList<IpPortAndProto>();
+ for(final IpPortAndProto rule: ingressRuleSet) {
+ this.ingressRuleSet.add(rule);
+ }
}
- public IpPortAndProto[] getEgressRuleSet() {
+ public List<IpPortAndProto> getEgressRuleSet() {
return egressRuleSet;
}
- public void setEgressRuleSet(IpPortAndProto[] egressRuleSet) {
- this.egressRuleSet = egressRuleSet;
+ public void setEgressRuleSet(final IpPortAndProto... egressRuleSet) {
+ this.egressRuleSet = new ArrayList<IpPortAndProto>();
+ for(final IpPortAndProto rule: egressRuleSet) {
+ this.egressRuleSet.add(rule);
+ }
}
public String getGuestIp() {
@@ -148,35 +156,35 @@ public class SecurityGroupRulesCmd extends Command {
}
//convert cidrs in the form "a.b.c.d/e" to "hexvalue of 32bit ip/e"
- private String compressCidr(String cidr) {
- String[] toks = cidr.split("/");
- long ipnum = NetUtils.ip2Long(toks[0]);
+ private String compressCidr(final String cidr) {
+ final String[] toks = cidr.split("/");
+ final long ipnum = NetUtils.ip2Long(toks[0]);
return Long.toHexString(ipnum) + "/" + toks[1];
}
public String getSecIpsString() {
- StringBuilder sb = new StringBuilder();
- List<String> ips = getSecIps();
+ final StringBuilder sb = new StringBuilder();
+ final List<String> ips = getSecIps();
if (ips == null) {
- return "0:";
+ sb.append("0:");
} else {
- for (String ip : ips) {
- sb.append(ip).append(":");
+ for (final String ip : ips) {
+ sb.append(ip).append(RULE_COMMAND_SEPARATOR);
}
}
return sb.toString();
}
public String stringifyRules() {
- StringBuilder ruleBuilder = new StringBuilder();
+ final StringBuilder ruleBuilder = new StringBuilder();
stringifyRulesFor(getIngressRuleSet(), INGRESS_RULE, false, ruleBuilder);
stringifyRulesFor(getEgressRuleSet(), EGRESS_RULE, false, ruleBuilder);
return ruleBuilder.toString();
}
public String stringifyCompressedRules() {
- StringBuilder ruleBuilder = new StringBuilder();
- stringifyRulesFor(getEgressRuleSet(), INGRESS_RULE, true, ruleBuilder);
+ final StringBuilder ruleBuilder = new StringBuilder();
+ stringifyRulesFor(getIngressRuleSet(), INGRESS_RULE, true, ruleBuilder);
stringifyRulesFor(getEgressRuleSet(), EGRESS_RULE, true, ruleBuilder);
return ruleBuilder.toString();
}
@@ -187,14 +195,17 @@ public class SecurityGroupRulesCmd extends Command {
* @param compress
* @param ruleBuilder
*/
- void stringifyRulesFor(SecurityGroupRulesCmd.IpPortAndProto[] ipPandPs, String gression, boolean compress, StringBuilder ruleBuilder) {
- for (SecurityGroupRulesCmd.IpPortAndProto ipPandP : ipPandPs) {
- ruleBuilder.append(gression).append(ipPandP.getProto()).append(":").append(ipPandP.getStartPort()).append(":").append(ipPandP.getEndPort()).append(":");
- for (String cidr : ipPandP.getAllowedCidrs()) {
- ruleBuilder.append(compress?compressCidr(cidr):cidr).append(",");
+ private void stringifyRulesFor(
+ final List<IpPortAndProto> ipPandPs,
+ final String gression,
+ final boolean compress,
+ final StringBuilder ruleBuilder) {
+ for (final IpPortAndProto ipPandP : ipPandPs) {
+ ruleBuilder.append(gression).append(ipPandP.getProto()).append(RULE_COMMAND_SEPARATOR).append(ipPandP.getStartPort()).append(RULE_COMMAND_SEPARATOR).append(ipPandP.getEndPort()).append(RULE_COMMAND_SEPARATOR);
+ for (final String cidr : ipPandP.getAllowedCidrs()) {
+ ruleBuilder.append(compress?compressCidr(cidr):cidr).append(RULE_TARGET_SEPARATOR);
}
- ruleBuilder.append("NEXT");
- ruleBuilder.append(" ");
+ ruleBuilder.append("NEXT ");
}
}
@@ -203,19 +214,20 @@ public class SecurityGroupRulesCmd extends Command {
* to scale beyond 8k cidrs.
*/
public String compressStringifiedRules() {
- String stringified = stringifyRules();
- ByteArrayOutputStream out = new ByteArrayOutputStream();
+ final String stringified = stringifyRules();
+ final ByteArrayOutputStream out = new ByteArrayOutputStream();
+ String encodedResult = null;
try {
//Note : not using GZipOutputStream since that is for files
//GZipOutputStream gives a different header, although the compression is the same
- DeflaterOutputStream dzip = new DeflaterOutputStream(out);
+ final DeflaterOutputStream dzip = new DeflaterOutputStream(out);
dzip.write(stringified.getBytes());
dzip.close();
+ encodedResult = Base64.encodeBase64String(out.toByteArray());
} catch (IOException e) {
- s_logger.warn("Exception while compressing security group rules");
- return null;
+ LOGGER.warn("Exception while compressing security group rules");
}
- return Base64.encodeBase64String(out.toByteArray());
+ return encodedResult;
}
public String getSignature() {
@@ -237,16 +249,16 @@ public class SecurityGroupRulesCmd extends Command {
public int getTotalNumCidrs() {
//useful for logging
int count = 0;
- for (IpPortAndProto i : ingressRuleSet) {
- count += i.allowedCidrs.length;
+ for (final IpPortAndProto i : ingressRuleSet) {
+ count += i.allowedCidrs.size();
}
- for (IpPortAndProto i : egressRuleSet) {
- count += i.allowedCidrs.length;
+ for (final IpPortAndProto i : egressRuleSet) {
+ count += i.allowedCidrs.size();
}
return count;
}
- public void setMsId(long msId) {
+ public void setMsId(final long msId) {
this.msId = msId;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/SecurityGroupHttpClient.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/SecurityGroupHttpClient.java b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/SecurityGroupHttpClient.java
index b9e4858..b100929 100644
--- a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/SecurityGroupHttpClient.java
+++ b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/SecurityGroupHttpClient.java
@@ -1,205 +1,205 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-//
-// Automatically generated by addcopyright.py at 01/29/2013
-// Apache License, Version 2.0 (the "License"); you may not use this
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//
-// Automatically generated by addcopyright.py at 04/03/2012
-
-package com.cloud.baremetal.networkservice;
-
-import com.cloud.agent.api.SecurityGroupRuleAnswer;
-import com.cloud.agent.api.SecurityGroupRulesCmd;
-import com.cloud.agent.api.SecurityGroupRulesCmd.IpPortAndProto;
-import com.cloud.baremetal.networkservice.schema.SecurityGroupRule;
-import com.cloud.baremetal.networkservice.schema.SecurityGroupVmRuleSet;
-import com.cloud.utils.Pair;
-import com.cloud.utils.exception.CloudRuntimeException;
-import org.apache.commons.httpclient.HttpClient;
-import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
-import org.apache.commons.httpclient.methods.PostMethod;
-import org.apache.commons.httpclient.methods.StringRequestEntity;
-import org.apache.log4j.Logger;
-
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.Marshaller;
-import java.io.StringWriter;
-import java.net.SocketTimeoutException;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.concurrent.TimeUnit;
-
-public class SecurityGroupHttpClient {
- private static final Logger logger = Logger.getLogger(SecurityGroupHttpClient.class);
- private static final String ARG_NAME = "args";
- private static final String COMMAND = "command";
- private JAXBContext context;
- private int port;
- private static HttpClient httpClient;
- static {
- MultiThreadedHttpConnectionManager connman = new MultiThreadedHttpConnectionManager();
- httpClient = new HttpClient(connman);
- httpClient.setConnectionTimeout(5000);
- }
-
- private enum OpConstant {
- setRules, echo,
- }
-
- public SecurityGroupHttpClient() {
- try {
- context = JAXBContext.newInstance(SecurityGroupRule.class, SecurityGroupVmRuleSet.class);
- port = 9988;
- } catch (Exception e) {
- throw new CloudRuntimeException(
- "Unable to create JAXBContext for security group", e);
- }
- }
-
- private List<SecurityGroupRule> generateRules(IpPortAndProto[] ipps) {
- List<SecurityGroupRule> rules = new ArrayList<SecurityGroupRule>(
- ipps.length);
- for (SecurityGroupRulesCmd.IpPortAndProto ipp : ipps) {
- SecurityGroupRule r = new SecurityGroupRule();
- r.setProtocol(ipp.getProto());
- r.setStartPort(ipp.getStartPort());
- r.setEndPort(ipp.getEndPort());
- for (String cidr : ipp.getAllowedCidrs()) {
- r.getIp().add(cidr);
- }
- rules.add(r);
- }
- return rules;
- }
-
- public HashMap<String, Pair<Long, Long>> sync(String vmName, Long vmId, String agentIp) {
- HashMap<String, Pair<Long, Long>> states = new HashMap<String, Pair<Long, Long>>();
- PostMethod post = new PostMethod(String.format("http://%s:%s/", agentIp, getPort()));
- try {
- post.addRequestHeader("command", "sync");
- if (httpClient.executeMethod(post) != 200) {
- logger.debug(String.format("echoing baremetal security group agent on %s got error: %s", agentIp, post.getResponseBodyAsString()));
- } else {
- String res = post.getResponseBodyAsString();
- // res = ';'.join([vmName, vmId, seqno])
- String[] rulelogs = res.split(",");
- if (rulelogs.length != 6) {
- logger.debug(String.format("host[%s] returns invalid security group sync document[%s], reset rules", agentIp, res));
- states.put(vmName, new Pair<Long, Long>(vmId, -1L));
- return states;
- }
- Pair<Long, Long> p = new Pair<Long, Long>(Long.valueOf(rulelogs[1]), Long.valueOf(rulelogs[5]));
- states.put(rulelogs[0], p);
- return states;
- }
- } catch (SocketTimeoutException se) {
- logger.warn(String.format("unable to sync security group rules on host[%s], %s", agentIp, se.getMessage()));
- } catch (Exception e) {
- logger.warn(String.format("unable to sync security group rules on host[%s]", agentIp), e);
- } finally {
- if (post != null) {
- post.releaseConnection();
- }
- }
- return states;
- }
-
-
- public boolean echo(String agentIp, long l, long m) {
- boolean ret = false;
- int count = 1;
- while (true) {
- try {
- Thread.sleep(m);
- count++;
- } catch (InterruptedException e1) {
- logger.warn("", e1);
- break;
- }
- PostMethod post = new PostMethod(String.format("http://%s:%s/", agentIp, getPort()));
- try {
- post.addRequestHeader("command", "echo");
- if (httpClient.executeMethod(post) != 200) {
- logger.debug(String.format("echoing baremetal security group agent on %s got error: %s", agentIp, post.getResponseBodyAsString()));
- } else {
- ret = true;
- }
- break;
- } catch (Exception e) {
- if (count*m >= l) {
- logger.debug(String.format("ping security group agent on vm[%s] timeout after %s minutes, starting vm failed, count=%s", agentIp, TimeUnit.MILLISECONDS.toSeconds(l), count));
- break;
- } else {
- logger.debug(String.format("Having pinged security group agent on vm[%s] %s times, continue to wait...", agentIp, count));
- }
- } finally {
- if (post != null) {
- post.releaseConnection();
- }
- }
- }
- return ret;
- }
-
- public SecurityGroupRuleAnswer call(String agentIp, SecurityGroupRulesCmd cmd) {
- PostMethod post = new PostMethod(String.format(
- "http://%s:%s", agentIp, getPort()));
- try {
- SecurityGroupVmRuleSet rset = new SecurityGroupVmRuleSet();
- rset.getEgressRules().addAll(generateRules(cmd.getEgressRuleSet()));
- rset.getIngressRules().addAll(
- generateRules(cmd.getIngressRuleSet()));
- rset.setVmName(cmd.getVmName());
- rset.setVmIp(cmd.getGuestIp());
- rset.setVmMac(cmd.getGuestMac());
- rset.setVmId(cmd.getVmId());
- rset.setSignature(cmd.getSignature());
- rset.setSequenceNumber(cmd.getSeqNum());
- Marshaller marshaller = context.createMarshaller();
- StringWriter writer = new StringWriter();
- marshaller.marshal(rset, writer);
- String xmlContents = writer.toString();
- logger.debug(xmlContents);
-
- post.addRequestHeader("command", "set_rules");
- StringRequestEntity entity = new StringRequestEntity(xmlContents);
- post.setRequestEntity(entity);
- if (httpClient.executeMethod(post) != 200) {
- return new SecurityGroupRuleAnswer(cmd, false,
- post.getResponseBodyAsString());
- } else {
- return new SecurityGroupRuleAnswer(cmd);
- }
- } catch (Exception e) {
- return new SecurityGroupRuleAnswer(cmd, false, e.getMessage());
- } finally {
- if (post != null) {
- post.releaseConnection();
- }
- }
- }
-
- public int getPort() {
- return port;
- }
-
- public void setPort(int port) {
- this.port = port;
- }
-}
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+// Automatically generated by addcopyright.py at 01/29/2013
+// Apache License, Version 2.0 (the "License"); you may not use this
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//
+// Automatically generated by addcopyright.py at 04/03/2012
+
+package com.cloud.baremetal.networkservice;
+
+import com.cloud.agent.api.SecurityGroupRuleAnswer;
+import com.cloud.agent.api.SecurityGroupRulesCmd;
+import com.cloud.agent.api.SecurityGroupRulesCmd.IpPortAndProto;
+import com.cloud.baremetal.networkservice.schema.SecurityGroupRule;
+import com.cloud.baremetal.networkservice.schema.SecurityGroupVmRuleSet;
+import com.cloud.utils.Pair;
+import com.cloud.utils.exception.CloudRuntimeException;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.commons.httpclient.methods.StringRequestEntity;
+import org.apache.log4j.Logger;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+import java.io.StringWriter;
+import java.net.SocketTimeoutException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+
+public class SecurityGroupHttpClient {
+ private static final Logger logger = Logger.getLogger(SecurityGroupHttpClient.class);
+ private static final String ARG_NAME = "args";
+ private static final String COMMAND = "command";
+ private JAXBContext context;
+ private int port;
+ private static HttpClient httpClient;
+ static {
+ MultiThreadedHttpConnectionManager connman = new MultiThreadedHttpConnectionManager();
+ httpClient = new HttpClient(connman);
+ httpClient.setConnectionTimeout(5000);
+ }
+
+ private enum OpConstant {
+ setRules, echo,
+ }
+
+ public SecurityGroupHttpClient() {
+ try {
+ context = JAXBContext.newInstance(SecurityGroupRule.class, SecurityGroupVmRuleSet.class);
+ port = 9988;
+ } catch (Exception e) {
+ throw new CloudRuntimeException(
+ "Unable to create JAXBContext for security group", e);
+ }
+ }
+
+ private List<SecurityGroupRule> generateRules(final List<IpPortAndProto> ipps) {
+ List<SecurityGroupRule> rules = new ArrayList<SecurityGroupRule>(
+ ipps.size());
+ for (SecurityGroupRulesCmd.IpPortAndProto ipp : ipps) {
+ SecurityGroupRule r = new SecurityGroupRule();
+ r.setProtocol(ipp.getProto());
+ r.setStartPort(ipp.getStartPort());
+ r.setEndPort(ipp.getEndPort());
+ for (String cidr : ipp.getAllowedCidrs()) {
+ r.getIp().add(cidr);
+ }
+ rules.add(r);
+ }
+ return rules;
+ }
+
+ public HashMap<String, Pair<Long, Long>> sync(String vmName, Long vmId, String agentIp) {
+ HashMap<String, Pair<Long, Long>> states = new HashMap<String, Pair<Long, Long>>();
+ PostMethod post = new PostMethod(String.format("http://%s:%s/", agentIp, getPort()));
+ try {
+ post.addRequestHeader("command", "sync");
+ if (httpClient.executeMethod(post) != 200) {
+ logger.debug(String.format("echoing baremetal security group agent on %s got error: %s", agentIp, post.getResponseBodyAsString()));
+ } else {
+ String res = post.getResponseBodyAsString();
+ // res = ';'.join([vmName, vmId, seqno])
+ String[] rulelogs = res.split(",");
+ if (rulelogs.length != 6) {
+ logger.debug(String.format("host[%s] returns invalid security group sync document[%s], reset rules", agentIp, res));
+ states.put(vmName, new Pair<Long, Long>(vmId, -1L));
+ return states;
+ }
+ Pair<Long, Long> p = new Pair<Long, Long>(Long.valueOf(rulelogs[1]), Long.valueOf(rulelogs[5]));
+ states.put(rulelogs[0], p);
+ return states;
+ }
+ } catch (SocketTimeoutException se) {
+ logger.warn(String.format("unable to sync security group rules on host[%s], %s", agentIp, se.getMessage()));
+ } catch (Exception e) {
+ logger.warn(String.format("unable to sync security group rules on host[%s]", agentIp), e);
+ } finally {
+ if (post != null) {
+ post.releaseConnection();
+ }
+ }
+ return states;
+ }
+
+
+ public boolean echo(String agentIp, long l, long m) {
+ boolean ret = false;
+ int count = 1;
+ while (true) {
+ try {
+ Thread.sleep(m);
+ count++;
+ } catch (InterruptedException e1) {
+ logger.warn("", e1);
+ break;
+ }
+ PostMethod post = new PostMethod(String.format("http://%s:%s/", agentIp, getPort()));
+ try {
+ post.addRequestHeader("command", "echo");
+ if (httpClient.executeMethod(post) != 200) {
+ logger.debug(String.format("echoing baremetal security group agent on %s got error: %s", agentIp, post.getResponseBodyAsString()));
+ } else {
+ ret = true;
+ }
+ break;
+ } catch (Exception e) {
+ if (count*m >= l) {
+ logger.debug(String.format("ping security group agent on vm[%s] timeout after %s minutes, starting vm failed, count=%s", agentIp, TimeUnit.MILLISECONDS.toSeconds(l), count));
+ break;
+ } else {
+ logger.debug(String.format("Having pinged security group agent on vm[%s] %s times, continue to wait...", agentIp, count));
+ }
+ } finally {
+ if (post != null) {
+ post.releaseConnection();
+ }
+ }
+ }
+ return ret;
+ }
+
+ public SecurityGroupRuleAnswer call(String agentIp, SecurityGroupRulesCmd cmd) {
+ PostMethod post = new PostMethod(String.format(
+ "http://%s:%s", agentIp, getPort()));
+ try {
+ SecurityGroupVmRuleSet rset = new SecurityGroupVmRuleSet();
+ rset.getEgressRules().addAll(generateRules(cmd.getEgressRuleSet()));
+ rset.getIngressRules().addAll(
+ generateRules(cmd.getIngressRuleSet()));
+ rset.setVmName(cmd.getVmName());
+ rset.setVmIp(cmd.getGuestIp());
+ rset.setVmMac(cmd.getGuestMac());
+ rset.setVmId(cmd.getVmId());
+ rset.setSignature(cmd.getSignature());
+ rset.setSequenceNumber(cmd.getSeqNum());
+ Marshaller marshaller = context.createMarshaller();
+ StringWriter writer = new StringWriter();
+ marshaller.marshal(rset, writer);
+ String xmlContents = writer.toString();
+ logger.debug(xmlContents);
+
+ post.addRequestHeader("command", "set_rules");
+ StringRequestEntity entity = new StringRequestEntity(xmlContents);
+ post.setRequestEntity(entity);
+ if (httpClient.executeMethod(post) != 200) {
+ return new SecurityGroupRuleAnswer(cmd, false,
+ post.getResponseBodyAsString());
+ } else {
+ return new SecurityGroupRuleAnswer(cmd);
+ }
+ } catch (Exception e) {
+ return new SecurityGroupRuleAnswer(cmd, false, e.getMessage());
+ } finally {
+ if (post != null) {
+ post.releaseConnection();
+ }
+ }
+ }
+
+ public int getPort() {
+ return port;
+ }
+
+ public void setPort(int port) {
+ this.port = port;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSecurityGroupRulesCommandWrapper.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSecurityGroupRulesCommandWrapper.java b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSecurityGroupRulesCommandWrapper.java
index f1a2e02..ef9fd89 100644
--- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSecurityGroupRulesCommandWrapper.java
+++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSecurityGroupRulesCommandWrapper.java
@@ -62,7 +62,7 @@ public final class LibvirtSecurityGroupRulesCommandWrapper extends CommandWrappe
return new SecurityGroupRuleAnswer(command, false, "programming network rules failed");
} else {
s_logger.debug("Programmed network rules for vm " + command.getVmName() + " guestIp=" + command.getGuestIp() + ",ingress numrules="
- + command.getIngressRuleSet().length + ",egress numrules=" + command.getEgressRuleSet().length);
+ + command.getIngressRuleSet().size() + ",egress numrules=" + command.getEgressRuleSet().size());
return new SecurityGroupRuleAnswer(command);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/plugins/hypervisors/kvm/test/com/cloud/hypervisor/kvm/resource/LibvirtComputingResourceTest.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/kvm/test/com/cloud/hypervisor/kvm/resource/LibvirtComputingResourceTest.java b/plugins/hypervisors/kvm/test/com/cloud/hypervisor/kvm/resource/LibvirtComputingResourceTest.java
index 04a27f3..66efdf2 100644
--- a/plugins/hypervisors/kvm/test/com/cloud/hypervisor/kvm/resource/LibvirtComputingResourceTest.java
+++ b/plugins/hypervisors/kvm/test/com/cloud/hypervisor/kvm/resource/LibvirtComputingResourceTest.java
@@ -39,6 +39,7 @@ import java.util.Arrays;
import java.util.List;
import java.util.Random;
import java.util.UUID;
+import java.util.Vector;
import javax.naming.ConfigurationException;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -2893,8 +2894,11 @@ public class LibvirtComputingResourceTest {
final Long seqNum = 1l;
final IpPortAndProto[] ingressRuleSet = new IpPortAndProto[]{Mockito.mock(IpPortAndProto.class)};
final IpPortAndProto[] egressRuleSet = new IpPortAndProto[]{Mockito.mock(IpPortAndProto.class)};
+ final List<String> secIps = new Vector<String>();
+ final List<String> cidrs = new Vector<String>();
+ cidrs.add("0.0.0.0/0");
- final SecurityGroupRulesCmd command = new SecurityGroupRulesCmd(guestIp, guestMac, vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet);
+ final SecurityGroupRulesCmd command = new SecurityGroupRulesCmd(guestIp, guestMac, vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet, secIps);
final LibvirtUtilitiesHelper libvirtUtilitiesHelper = Mockito.mock(LibvirtUtilitiesHelper.class);
final Connect conn = Mockito.mock(Connect.class);
@@ -2914,12 +2918,12 @@ public class LibvirtComputingResourceTest {
when(ingressRuleSet[0].getProto()).thenReturn("tcp");
when(ingressRuleSet[0].getStartPort()).thenReturn(22);
when(ingressRuleSet[0].getEndPort()).thenReturn(22);
- when(ingressRuleSet[0].getAllowedCidrs()).thenReturn(new String[]{"0.0.0.0/0"});
+ when(ingressRuleSet[0].getAllowedCidrs()).thenReturn(cidrs);
when(egressRuleSet[0].getProto()).thenReturn("tcp");
when(egressRuleSet[0].getStartPort()).thenReturn(22);
when(egressRuleSet[0].getEndPort()).thenReturn(22);
- when(egressRuleSet[0].getAllowedCidrs()).thenReturn(new String[]{"0.0.0.0/0"});
+ when(egressRuleSet[0].getAllowedCidrs()).thenReturn(cidrs);
final LibvirtRequestWrapper wrapper = LibvirtRequestWrapper.getInstance();
assertNotNull(wrapper);
@@ -2945,8 +2949,11 @@ public class LibvirtComputingResourceTest {
final Long seqNum = 1l;
final IpPortAndProto[] ingressRuleSet = new IpPortAndProto[]{Mockito.mock(IpPortAndProto.class)};
final IpPortAndProto[] egressRuleSet = new IpPortAndProto[]{Mockito.mock(IpPortAndProto.class)};
+ final List<String> secIps = new Vector<String>();
+ final List<String> cidrs = new Vector<String>();
+ cidrs.add("0.0.0.0/0");
- final SecurityGroupRulesCmd command = new SecurityGroupRulesCmd(guestIp, guestMac, vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet);
+ final SecurityGroupRulesCmd command = new SecurityGroupRulesCmd(guestIp, guestMac, vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet, secIps);
final LibvirtUtilitiesHelper libvirtUtilitiesHelper = Mockito.mock(LibvirtUtilitiesHelper.class);
final Connect conn = Mockito.mock(Connect.class);
@@ -2972,12 +2979,12 @@ public class LibvirtComputingResourceTest {
when(ingressRuleSet[0].getProto()).thenReturn("tcp");
when(ingressRuleSet[0].getStartPort()).thenReturn(22);
when(ingressRuleSet[0].getEndPort()).thenReturn(22);
- when(ingressRuleSet[0].getAllowedCidrs()).thenReturn(new String[]{"0.0.0.0/0"});
+ when(ingressRuleSet[0].getAllowedCidrs()).thenReturn(cidrs);
when(egressRuleSet[0].getProto()).thenReturn("tcp");
when(egressRuleSet[0].getStartPort()).thenReturn(22);
when(egressRuleSet[0].getEndPort()).thenReturn(22);
- when(egressRuleSet[0].getAllowedCidrs()).thenReturn(new String[]{"0.0.0.0/0"});
+ when(egressRuleSet[0].getAllowedCidrs()).thenReturn(cidrs);
when(libvirtComputingResource.addNetworkRules(command.getVmName(), Long.toString(command.getVmId()), command.getGuestIp(), command.getSignature(),
Long.toString(command.getSeqNum()), command.getGuestMac(), command.stringifyRules(), vif, brname, command.getSecIpsString())).thenReturn(true);
@@ -3007,8 +3014,9 @@ public class LibvirtComputingResourceTest {
final Long seqNum = 1l;
final IpPortAndProto[] ingressRuleSet = new IpPortAndProto[]{Mockito.mock(IpPortAndProto.class)};
final IpPortAndProto[] egressRuleSet = new IpPortAndProto[]{Mockito.mock(IpPortAndProto.class)};
+ final List<String> secIps = new Vector<String>();
- final SecurityGroupRulesCmd command = new SecurityGroupRulesCmd(guestIp, guestMac, vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet);
+ final SecurityGroupRulesCmd command = new SecurityGroupRulesCmd(guestIp, guestMac, vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet, secIps);
final LibvirtUtilitiesHelper libvirtUtilitiesHelper = Mockito.mock(LibvirtUtilitiesHelper.class);
final Connect conn = Mockito.mock(Connect.class);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/plugins/hypervisors/ovm/src/com/cloud/ovm/hypervisor/OvmResourceBase.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/ovm/src/com/cloud/ovm/hypervisor/OvmResourceBase.java b/plugins/hypervisors/ovm/src/com/cloud/ovm/hypervisor/OvmResourceBase.java
index 0541b7e..648bf7f 100644
--- a/plugins/hypervisors/ovm/src/com/cloud/ovm/hypervisor/OvmResourceBase.java
+++ b/plugins/hypervisors/ovm/src/com/cloud/ovm/hypervisor/OvmResourceBase.java
@@ -940,8 +940,8 @@ public class OvmResourceBase implements ServerResource, HypervisorResource {
s_logger.warn("Failed to program network rules for vm " + cmd.getVmName());
return new SecurityGroupRuleAnswer(cmd, false, "programming network rules failed");
} else {
- s_logger.info("Programmed network rules for vm " + cmd.getVmName() + " guestIp=" + cmd.getGuestIp() + ":ingress num rules=" + cmd.getIngressRuleSet().length +
- ":egress num rules=" + cmd.getEgressRuleSet().length);
+ s_logger.info("Programmed network rules for vm " + cmd.getVmName() + " guestIp=" + cmd.getGuestIp() + ":ingress num rules=" + cmd.getIngressRuleSet().size() +
+ ":egress num rules=" + cmd.getEgressRuleSet().size());
return new SecurityGroupRuleAnswer(cmd);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/plugins/hypervisors/simulator/src/com/cloud/agent/manager/MockVmManagerImpl.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/simulator/src/com/cloud/agent/manager/MockVmManagerImpl.java b/plugins/hypervisors/simulator/src/com/cloud/agent/manager/MockVmManagerImpl.java
index 6602e1f..5efcd3b 100644
--- a/plugins/hypervisors/simulator/src/com/cloud/agent/manager/MockVmManagerImpl.java
+++ b/plugins/hypervisors/simulator/src/com/cloud/agent/manager/MockVmManagerImpl.java
@@ -626,7 +626,7 @@ public class MockVmManagerImpl extends ManagerBase implements MockVmManager {
reason = ", seqno_new";
}
s_logger.info("Programmed network rules for vm " + cmd.getVmName() + " seqno=" + cmd.getSeqNum() + " signature=" + cmd.getSignature() + " guestIp=" +
- cmd.getGuestIp() + ", numIngressRules=" + cmd.getIngressRuleSet().length + ", numEgressRules=" + cmd.getEgressRuleSet().length + " total cidrs=" +
+ cmd.getGuestIp() + ", numIngressRules=" + cmd.getIngressRuleSet().size() + ", numEgressRules=" + cmd.getEgressRuleSet().size() + " total cidrs=" +
cmd.getTotalNumCidrs() + action + reason);
return updateSeqnoAndSig;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixSecurityGroupRulesCommandWrapper.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixSecurityGroupRulesCommandWrapper.java b/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixSecurityGroupRulesCommandWrapper.java
index 0f8e6b5..b189ba0 100644
--- a/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixSecurityGroupRulesCommandWrapper.java
+++ b/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixSecurityGroupRulesCommandWrapper.java
@@ -56,7 +56,7 @@ public final class CitrixSecurityGroupRulesCommandWrapper extends CommandWrapper
return new SecurityGroupRuleAnswer(command, false, "programming network rules failed");
} else {
s_logger.info("Programmed network rules for vm " + command.getVmName() + " guestIp=" + command.getGuestIp() + ", ingress numrules="
- + command.getIngressRuleSet().length + ", egress numrules=" + command.getEgressRuleSet().length);
+ + command.getIngressRuleSet().size() + ", egress numrules=" + command.getEgressRuleSet().size());
return new SecurityGroupRuleAnswer(command);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/plugins/hypervisors/xenserver/test/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixRequestWrapperTest.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/xenserver/test/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixRequestWrapperTest.java b/plugins/hypervisors/xenserver/test/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixRequestWrapperTest.java
index ca58f35..0e512fb 100644
--- a/plugins/hypervisors/xenserver/test/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixRequestWrapperTest.java
+++ b/plugins/hypervisors/xenserver/test/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixRequestWrapperTest.java
@@ -33,6 +33,7 @@ import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
+import java.util.Vector;
import org.apache.cloudstack.storage.command.AttachAnswer;
import org.apache.cloudstack.storage.command.AttachCommand;
@@ -101,6 +102,7 @@ import com.cloud.agent.api.UnPlugNicCommand;
import com.cloud.agent.api.UpdateHostPasswordCommand;
import com.cloud.agent.api.UpgradeSnapshotCommand;
import com.cloud.agent.api.VMSnapshotTO;
+import com.cloud.agent.api.SecurityGroupRulesCmd.IpPortAndProto;
import com.cloud.agent.api.check.CheckSshCommand;
import com.cloud.agent.api.proxy.CheckConsoleProxyLoadCommand;
import com.cloud.agent.api.proxy.WatchConsoleProxyLoadCommand;
@@ -740,7 +742,17 @@ public class CitrixRequestWrapperTest {
final Connection conn = Mockito.mock(Connection.class);
final XsHost xsHost = Mockito.mock(XsHost.class);
- final SecurityGroupRulesCmd sshCommand = new SecurityGroupRulesCmd();
+ final String guestIp = "127.0.0.1";
+ final String guestMac = "00:00:00:00";
+ final String vmName = "Test";
+ final Long vmId = 1l;
+ final String signature = "signature";
+ final Long seqNum = 1l;
+ final IpPortAndProto[] ingressRuleSet = new IpPortAndProto[]{Mockito.mock(IpPortAndProto.class)};
+ final IpPortAndProto[] egressRuleSet = new IpPortAndProto[]{Mockito.mock(IpPortAndProto.class)};
+ final List<String> secIps = new Vector<String>();
+
+ final SecurityGroupRulesCmd sshCommand = new SecurityGroupRulesCmd(guestIp, guestMac, vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet, secIps);
final CitrixRequestWrapper wrapper = CitrixRequestWrapper.getInstance();
assertNotNull(wrapper);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java
index 64204fe..64bbb75 100644
--- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java
+++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java
@@ -182,8 +182,6 @@ public class SecurityGroupManagerImpl2 extends SecurityGroupManagerImpl {
List<String> nicSecIps = null;
if (nic != null) {
if (nic.getSecondaryIp()) {
- //get secondary ips of the vm
- long networkId = nic.getNetworkId();
nicSecIps = _nicSecIpDao.getSecondaryIpAddressesForNic(nic.getId());
}
}
@@ -193,7 +191,7 @@ public class SecurityGroupManagerImpl2 extends SecurityGroupManagerImpl {
cmd.setMsId(_serverId);
if (s_logger.isDebugEnabled()) {
s_logger.debug("SecurityGroupManager v2: sending ruleset update for vm " + vm.getInstanceName() + ":ingress num rules=" +
- cmd.getIngressRuleSet().length + ":egress num rules=" + cmd.getEgressRuleSet().length + " num cidrs=" + cmd.getTotalNumCidrs() + " sig=" +
+ cmd.getIngressRuleSet().size() + ":egress num rules=" + cmd.getEgressRuleSet().size() + " num cidrs=" + cmd.getTotalNumCidrs() + " sig=" +
cmd.getSignature());
}
Commands cmds = new Commands(cmd);