You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@brooklyn.apache.org by Zaid Mohsin <za...@cloudsoftcorp.com> on 2014/10/06 16:08:23 UTC

Opening up port ranges in Brooklyn

Hi,
I’ve been trying to open a range of ports in the configuration (e.g. open up ports on Ec2 security groups), but could not know how exactly? There is an example of this in CouchbaseNodeImpl:

   @Override
    protected Collection<Integer> getRequiredOpenPorts() {
        // TODO this creates a huge list of inbound ports; much better to define on a security group using range syntax!
        int erlangRangeStart = getConfig(NODE_DATA_EXCHANGE_PORT_RANGE_START).iterator().next();
        int erlangRangeEnd = getConfig(NODE_DATA_EXCHANGE_PORT_RANGE_END).iterator().next();

        Set<Integer> newPorts = MutableSet.<Integer>copyOf(super.getRequiredOpenPorts());
        newPorts.remove(erlangRangeStart);
        newPorts.remove(erlangRangeEnd);
        for (int i = erlangRangeStart; i <= erlangRangeEnd; i++)
            newPorts.add(i);
        return newPorts;
    }


but when I tried it in my entity, it didn’t work. Any thoughts?

Regards

Re: Opening up port ranges in Brooklyn

Posted by Zaid Mohsin <za...@cloudsoftcorp.com>.

Hi Aled,
That didn’t open up the ports from start to end. I’m running in AWS Ec2. 

The CouchbaseNodeImpl was specifically implemented to avoid having a custom security group.

port ranges as first class concept will solve this problem and makes it easier to configure.

Regards
 
On 6 Oct 2014, at 15:18, Aled Sage <al...@cloudsoftcorp.com> wrote:

> Hi Zaid,
> 
> That code looks like it will work - i.e. adding everything in the port range to `super.getRequiredOpenPorts()`. What happened when you tried that code? Which cloud are you running against?
> 
> However, the TODO in that code is important! For example, with AWS the jclouds support currently sends one API call per port to configure the security group (rather than using the functionality to specify a range). This will certainly not scale for large port ranges - you'll likely get rate-limited so hit 403 unauthorized errors.
> 
> Better would be for us to support port ranges as a first-class concept, and to improve the jclouds AWS code to support that as well.
> 
> In the mean time, if your port range is very large then creating a pre-existing security group and configuring it to use that will get around the problem.
> 
> Aled
> 
> 
> On 06/10/2014 15:08, Zaid Mohsin wrote:
>> Hi,
>> I’ve been trying to open a range of ports in the configuration (e.g. open up ports on Ec2 security groups), but could not know how exactly? There is an example of this in CouchbaseNodeImpl:
>> 
>>    @Override
>>     protected Collection<Integer> getRequiredOpenPorts() {
>>         // TODO this creates a huge list of inbound ports; much better to define on a security group using range syntax!
>>         int erlangRangeStart = getConfig(NODE_DATA_EXCHANGE_PORT_RANGE_START).iterator().next();
>>         int erlangRangeEnd = getConfig(NODE_DATA_EXCHANGE_PORT_RANGE_END).iterator().next();
>> 
>>         Set<Integer> newPorts = MutableSet.<Integer>copyOf(super.getRequiredOpenPorts());
>>         newPorts.remove(erlangRangeStart);
>>         newPorts.remove(erlangRangeEnd);
>>         for (int i = erlangRangeStart; i <= erlangRangeEnd; i++)
>>             newPorts.add(i);
>>         return newPorts;
>>     }
>> 
>> 
>> but when I tried it in my entity, it didn’t work. Any thoughts?
>> 
>> Regards
>

Re: Opening up port ranges in Brooklyn

Posted by Aled Sage <al...@cloudsoftcorp.com>.

Hi Zaid,

That code looks like it will work - i.e. adding everything in the port 
range to `super.getRequiredOpenPorts()`. What happened when you tried 
that code? Which cloud are you running against?

However, the TODO in that code is important! For example, with AWS the 
jclouds support currently sends one API call per port to configure the 
security group (rather than using the functionality to specify a range). 
This will certainly not scale for large port ranges - you'll likely get 
rate-limited so hit 403 unauthorized errors.

Better would be for us to support port ranges as a first-class concept, 
and to improve the jclouds AWS code to support that as well.

In the mean time, if your port range is very large then creating a 
pre-existing security group and configuring it to use that will get 
around the problem.

Aled

On 06/10/2014 15:08, Zaid Mohsin wrote:
> Hi,
> I’ve been trying to open a range of ports in the configuration (e.g. open up ports on Ec2 security groups), but could not know how exactly? There is an example of this in CouchbaseNodeImpl:
>
>     @Override
>      protected Collection<Integer> getRequiredOpenPorts() {
>          // TODO this creates a huge list of inbound ports; much better to define on a security group using range syntax!
>          int erlangRangeStart = getConfig(NODE_DATA_EXCHANGE_PORT_RANGE_START).iterator().next();
>          int erlangRangeEnd = getConfig(NODE_DATA_EXCHANGE_PORT_RANGE_END).iterator().next();
>
>          Set<Integer> newPorts = MutableSet.<Integer>copyOf(super.getRequiredOpenPorts());
>          newPorts.remove(erlangRangeStart);
>          newPorts.remove(erlangRangeEnd);
>          for (int i = erlangRangeStart; i <= erlangRangeEnd; i++)
>              newPorts.add(i);
>          return newPorts;
>      }
>
>
> but when I tried it in my entity, it didn’t work. Any thoughts?
>
> Regards