You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whirr.apache.org by ab...@apache.org on 2013/03/25 17:12:43 UTC
[5/5] git commit: WHIRR-711. Add security group support for OpenStack.
WHIRR-711. Add security group support for OpenStack.
Project: http://git-wip-us.apache.org/repos/asf/whirr/repo
Commit: http://git-wip-us.apache.org/repos/asf/whirr/commit/265d98ea
Tree: http://git-wip-us.apache.org/repos/asf/whirr/tree/265d98ea
Diff: http://git-wip-us.apache.org/repos/asf/whirr/diff/265d98ea
Branch: refs/heads/branch-0.8
Commit: 265d98ea506b1490fbec5e4872304d9969c0716e
Parents: 9d3efed
Author: Andrew Bayer <an...@gmail.com>
Authored: Sun Mar 24 15:03:53 2013 -0700
Committer: Andrew Bayer <an...@gmail.com>
Committed: Mon Mar 25 09:12:33 2013 -0700
----------------------------------------------------------------------
CHANGES.txt | 2 +
.../org/apache/whirr/service/FirewallManager.java | 44 +++++++++++++++
2 files changed, 46 insertions(+), 0 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/whirr/blob/265d98ea/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index a465421..171098a 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -4,6 +4,8 @@ Release 0.8.2 (unreleased changes)
IMPROVEMENTS
+ WHIRR-711. Add security group support for OpenStack. (abayer)
+
WHIRR-681. Enhance puppet service with an ability to export
cluster topology to the puppet code. (Roman Shaposhnik via abayer)
http://git-wip-us.apache.org/repos/asf/whirr/blob/265d98ea/core/src/main/java/org/apache/whirr/service/FirewallManager.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/whirr/service/FirewallManager.java b/core/src/main/java/org/apache/whirr/service/FirewallManager.java
index e3d53df..d9f780f 100644
--- a/core/src/main/java/org/apache/whirr/service/FirewallManager.java
+++ b/core/src/main/java/org/apache/whirr/service/FirewallManager.java
@@ -34,11 +34,16 @@ import org.jclouds.compute.ComputeServiceContext;
import org.jclouds.ec2.EC2ApiMetadata;
import org.jclouds.ec2.EC2Client;
import org.jclouds.ec2.domain.IpProtocol;
+import org.jclouds.openstack.nova.v2_0.NovaApiMetadata;
+import org.jclouds.openstack.nova.v2_0.domain.Ingress;
+import org.jclouds.openstack.nova.v2_0.domain.SecurityGroup;
+import org.jclouds.openstack.nova.v2_0.extensions.SecurityGroupApi;
import org.jclouds.javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.google.common.base.Function;
+import com.google.common.base.Optional;
import com.google.common.base.Predicate;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
@@ -220,6 +225,45 @@ public class FirewallManager {
}
}
}
+ } else if (NovaApiMetadata.CONTEXT_TOKEN.isAssignableFrom(computeServiceContext.getBackendType())) {
+ // This code (or something like it) may be added to jclouds (see
+ // http://code.google.com/p/jclouds/issues/detail?id=336).
+ // Until then we need this temporary workaround.
+ Optional<? extends SecurityGroupApi> securityGroupApi = computeServiceContext.unwrap(NovaApiMetadata.CONTEXT_TOKEN)
+ .getApi()
+ .getSecurityGroupExtensionForZone(clusterSpec.getTemplate().getLocationId());
+
+ if (securityGroupApi.isPresent()) {
+ final String groupName = "jclouds-" + clusterSpec.getClusterName();
+ Optional<? extends SecurityGroup> group = securityGroupApi.get().list().firstMatch(new Predicate<SecurityGroup>() {
+ @Override
+ public boolean apply(SecurityGroup secGrp) {
+ return secGrp.getName().equals(groupName);
+ }
+ });
+
+ if (group.isPresent()) {
+ for (String cidr : cidrs) {
+ for (int port : ports) {
+ try {
+ securityGroupApi.get().createRuleAllowingCidrBlock(group.get().getId(),
+ Ingress.builder()
+ .ipProtocol(org.jclouds.openstack.nova.v2_0.domain.IpProtocol.TCP)
+ .fromPort(port).toPort(port).build(),
+ cidr);
+
+ } catch(IllegalStateException e) {
+ LOG.warn(e.getMessage());
+ /* ignore, it means that this permission was already granted */
+ }
+ }
+ }
+ } else {
+ LOG.warn("Expected security group " + groupName + " does not exist.");
+ }
+ } else {
+ LOG.warn("OpenStack security group extension not available for this cloud.");
+ }
}
}
}