You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltacloud.apache.org by ma...@apache.org on 2012/10/29 14:43:10 UTC
git commit: fgcp: take fw out of instance list
Updated Branches:
refs/heads/master 3c5a74ae2 -> b0a01c5bd
fgcp: take fw out of instance list
Project: http://git-wip-us.apache.org/repos/asf/deltacloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/deltacloud/commit/b0a01c5b
Tree: http://git-wip-us.apache.org/repos/asf/deltacloud/tree/b0a01c5b
Diff: http://git-wip-us.apache.org/repos/asf/deltacloud/diff/b0a01c5b
Branch: refs/heads/master
Commit: b0a01c5bd8874ab00d091c4f781e32ccb338742f
Parents: 3c5a74a
Author: Dies Koper <di...@fast.au.fujitsu.com>
Authored: Tue Oct 23 01:04:33 2012 +1100
Committer: marios <ma...@redhat.com>
Committed: Mon Oct 29 15:14:15 2012 +0200
----------------------------------------------------------------------
server/lib/cimi/models/machine_configuration.rb | 2 +-
server/lib/deltacloud/drivers/exceptions.rb | 8 +
server/lib/deltacloud/drivers/fgcp/fgcp_driver.rb | 158 ++++++++++------
3 files changed, 107 insertions(+), 61 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/deltacloud/blob/b0a01c5b/server/lib/cimi/models/machine_configuration.rb
----------------------------------------------------------------------
diff --git a/server/lib/cimi/models/machine_configuration.rb b/server/lib/cimi/models/machine_configuration.rb
index 36ebcf7..84c966f 100644
--- a/server/lib/cimi/models/machine_configuration.rb
+++ b/server/lib/cimi/models/machine_configuration.rb
@@ -51,7 +51,7 @@ class CIMI::Model::MachineConfiguration < CIMI::Model::Base
storage = profile.storage ? context.to_kibibyte((profile.storage.value || profile.storage.default), profile.storage.unit) : nil
machine_hash = {
:name => profile.name,
- :description => "Machine Configuration with #{memory} #{profile.memory.unit} "+
+ :description => "Machine Configuration with #{memory} KiB "+
"of memory and #{cpu} CPU",
:cpu => ( cpu if cpu ) ,
:created => Time.now.to_s, # FIXME: DC hardware_profile has no mention about created_at
http://git-wip-us.apache.org/repos/asf/deltacloud/blob/b0a01c5b/server/lib/deltacloud/drivers/exceptions.rb
----------------------------------------------------------------------
diff --git a/server/lib/deltacloud/drivers/exceptions.rb b/server/lib/deltacloud/drivers/exceptions.rb
index 0664c5f..7bbf510 100644
--- a/server/lib/deltacloud/drivers/exceptions.rb
+++ b/server/lib/deltacloud/drivers/exceptions.rb
@@ -30,6 +30,13 @@ module Deltacloud
end
+ class AcceptedButNotCompletedError < DeltacloudException
+ def initialize(e, message=nil)
+ message ||= e.message
+ super(202, e.class.name, message, e.backtrace)
+ end
+ end
+
class AuthenticationFailure < DeltacloudException
def initialize(e, message=nil)
message ||= e.message
@@ -143,6 +150,7 @@ module Deltacloud
def handler(e)
return @handler if @handler
case @status
+ when 202 then AcceptedButNotCompletedError.new(e, @message)
when 401 then AuthenticationFailure.new(e, @message)
when 403 then ForbiddenError.new(e, @message)
when 404 then ObjectNotFound.new(e, @message)
http://git-wip-us.apache.org/repos/asf/deltacloud/blob/b0a01c5b/server/lib/deltacloud/drivers/fgcp/fgcp_driver.rb
----------------------------------------------------------------------
diff --git a/server/lib/deltacloud/drivers/fgcp/fgcp_driver.rb b/server/lib/deltacloud/drivers/fgcp/fgcp_driver.rb
index ea91762..7399c13 100644
--- a/server/lib/deltacloud/drivers/fgcp/fgcp_driver.rb
+++ b/server/lib/deltacloud/drivers/fgcp/fgcp_driver.rb
@@ -237,14 +237,17 @@ class FgcpDriver < Deltacloud::BaseDriver
# :realm_id can point to system or network
if vsys_id == opts[:realm_id] or vserver['vserverId'][0] == opts[:id] or network_id == opts[:realm_id]
- # check state first as it may be filtered on
- state_data = instance_state_data(vserver, client)
- if opts[:state].nil? or opts[:state] == state_data[:state]
+ # skip firewall if filtering by realm
+ unless opts[:realm_id] and determine_server_type(vserver) == 'FW'
+ # check state first as it may be filtered on
+ state_data = instance_state_data(vserver, client)
+ if opts[:state].nil? or opts[:state] == state_data[:state]
- instance = convert_to_instance(client, vserver, state_data)
- add_instance_details(instance, client, vserver)
+ instance = convert_to_instance(client, vserver, state_data)
+ add_instance_details(instance, client, vserver)
- instances << instance
+ instances << instance
+ end
end
end
end
@@ -257,12 +260,16 @@ class FgcpDriver < Deltacloud::BaseDriver
vsys_config = client.get_vsys_configuration(vsys['vsysId'][0])
vsys_config['vsys'][0]['vservers'][0]['vserver'].each do |vserver|
- # to keep the response time of this method acceptable, retrieve state
- # only if required because state is filtered on
- state_data = opts[:state] ? instance_state_data(vserver, client) : nil
- # filter on state
- if opts[:state].nil? or opts[:state] == state_data[:state]
- instances << convert_to_instance(client, vserver, state_data)
+ # skip firewalls - they probably don't belong here and their new type ('firewall' instead of
+ # 'economy') causes errors when trying to map to available profiles)
+ unless determine_server_type(vserver) == 'FW'
+ # to keep the response time of this method acceptable, retrieve state
+ # only if required because state is filtered on
+ state_data = opts[:state] ? instance_state_data(vserver, client) : nil
+ # filter on state
+ if opts[:state].nil? or opts[:state] == state_data[:state]
+ instances << convert_to_instance(client, vserver, state_data)
+ end
end
end
end
@@ -854,44 +861,46 @@ eofwpxml
fw_owner_id = fw['efm'][0]['creator'][0]
rule50000_log = true
- fw['efm'][0]['firewall'][0]['directions'][0]['direction'].each do |direction|
+ if fw['efm'][0]['firewall'][0]['directions'] and fw['efm'][0]['firewall'][0]['directions'][0]['direction']
+ fw['efm'][0]['firewall'][0]['directions'][0]['direction'].each do |direction|
- direction['policies'][0]['policy'].each do |policy|
+ direction['policies'][0]['policy'].each do |policy|
- sources = []
- ['src', 'dst'].each do |e|
+ sources = []
+ ['src', 'dst'].each do |e|
- if policy[e] and policy[e][0] and not policy[e][0].empty?
+ if policy[e] and policy[e][0] and not policy[e][0].empty?
- ip_address_type = policy["#{e}Type"][0]
- address = policy[e][0]
- address.sub!('any', '0.0.0.0/0') if ip_address_type == 'IP'
- address += '/32' if ip_address_type == 'IP' and not address =~ /.*\/.*/
+ ip_address_type = policy["#{e}Type"][0]
+ address = policy[e][0]
+ address.sub!('any', '0.0.0.0/0') if ip_address_type == 'IP'
+ address += '/32' if ip_address_type == 'IP' and not address =~ /.*\/.*/
- sources << {
- :type => 'address',
- :family => 'ipv4',
- :address => address.split('/').first,
- :prefix => ip_address_type == 'IP' ? address.split('/').last : nil
- }
+ sources << {
+ :type => 'address',
+ :family => 'ipv4',
+ :address => address.split('/').first,
+ :prefix => ip_address_type == 'IP' ? address.split('/').last : nil
+ }
+ end
end
- end
- # defining ingress as access going from Internet/Intranet -> DMZ -> SECURE1 -> SECURE2
- ingress = policy['id'][0] =~ /[13].*/ ? 'ingress' : 'egress'
-
- rules << FirewallRule.new({
- :id => policy['id'][0],
- :rule_action => policy['action'][0].downcase,
- :log_rule => policy['log'][0] == 'On',
- :allow_protocol => policy['protocol'][0],
- :port_from => policy['srcPort'] ? policy['srcPort'][0] : nil, # not set for e.g. ICMP
- :port_to => policy['dstPort'] ? policy['dstPort'][0] : nil, # not set for e.g. ICMP
- :direction => ingress,
- :sources => sources
- }) unless policy['id'][0] == '50000' # special case added later
-
- rule50000_log = (policy['log'][0] == 'On') if policy['id'][0] == '50000'
+ # defining ingress as access going from Internet/Intranet -> DMZ -> SECURE1 -> SECURE2
+ ingress = policy['id'][0] =~ /[13].*/ ? 'ingress' : 'egress'
+
+ rules << FirewallRule.new({
+ :id => policy['id'][0],
+ :rule_action => policy['action'][0].downcase,
+ :log_rule => policy['log'][0] == 'On',
+ :allow_protocol => policy['protocol'][0],
+ :port_from => policy['srcPort'] ? policy['srcPort'][0] : nil, # not set for e.g. ICMP
+ :port_to => policy['dstPort'] ? policy['dstPort'][0] : nil, # not set for e.g. ICMP
+ :direction => ingress,
+ :sources => sources
+ }) unless policy['id'][0] == '50000' # special case added later
+
+ rule50000_log = (policy['log'][0] == 'On') if policy['id'][0] == '50000'
+ end
end
end
@@ -962,7 +971,31 @@ eofwpxml
def delete_firewall(credentials, opts={})
safely do
client = new_client(credentials)
- client.destroy_vsys(client.extract_vsys_id(opts[:id]))
+ begin
+ # try to stop FW first
+ opts[:id] =~ /^(.*-S-)\d\d\d\d/
+ fw_id = $1 + '0001'
+ client.stop_efm(fw_id)
+ rescue Exception => ex
+ raise ex if not ex.message =~ /ALREADY_STOPPED.*/
+ client.destroy_vsys(client.extract_vsys_id(opts[:id]))
+ return
+ end
+
+ Thread.new {
+ attempts = 0
+ begin
+ sleep 30
+ # this may fail if the FW is still stopping
+ client.destroy_vsys(client.extract_vsys_id(opts[:id]))
+ rescue Exception => ex
+ raise unless attempts < 20 and ex.message =~ /SERVER_RUNNING.*/
+ # Stopping takes a few minutes, so keep trying for a while
+ attempts += 1
+ retry
+ end
+ }
+ raise 'Firewall will be deleted once it has stopped'
end
end
@@ -1293,47 +1326,47 @@ eofwopxml
exceptions do
+ # FW will be deleted in async polling thread, so can't guarantee successful completion
+ on /Firewall will be deleted once it has stopped/ do
+ status 202 # Accepted
+ end
+
on /ALREADY_STARTED/ do
- status 405
+ status 405 # Method Not Allowed
end
# trying to start a running vserver, etc.
on /ILLEGAL_STATE/ do
- status 405
+ status 405 # Method Not Allowed
end
on /AuthFailure/ do
- status 401
+ status 401 # Unauthorized
end
# User not found: using certificate with wrong region
on /User not found in selectData./ do
- status 401
+ status 401 # Unauthorized
end
# if user doesn't have privileges to view or operate a particular resource
on /User doesn.t have the right of access./ do
- status 400
- end
-
- # time out of sync with ntp
- on /VALIDATION_ERROR.*synchronized.*API-Server time/ do
- status 502
+ status 403 # Forbidden
end
# wrong vserverId, etc.
on /VALIDATION_ERROR/ do
- status 404
+ status 404 # Not Found
end
# wrong vdiskId, etc.
on /RESOURCE_NOT_FOUND/ do
- status 404
+ status 404 # Not Found
end
# wrong FW description (vsys descriptor)
on /does not exist. Specify one of / do
- status 404
+ status 404 # Not Found
end
# trying an operation that is not supported (yet) by the target region
@@ -1341,19 +1374,24 @@ eofwopxml
status 501 # Not Implemented
end
+ # time out of sync with ntp
+ on /VALIDATION_ERROR.*synchronized.*API-Server time/ do
+ status 502 # Bad Gateway
+ end
+
# destroying a running SLB, etc.
on /ALREADY_STARTED/ do
- status 502 #?
+ status 502 # Bad Gateway?
end
# trying to start a running vserver, etc.
on /ILLEGAL_STATE/ do
- status 502
+ status 502 # Bad Gateway
end
# endpoint for country of certificate subject not found
on /API endpoint not found/ do
- status 502
+ status 502 # Bad Gateway
end
on /.*/ do