Example 1 with FirewallManager
use of io.fabric8.service.jclouds.firewall.FirewallManager in project fabric8 by jboss-fuse.
the class CloudContainerInstallationTask method install.
public CreateJCloudsContainerMetadata install() {
LoginCredentials credentials = nodeMetadata.getCredentials();
// For some cloud providers return do not allow shell access to root, so the user needs to be overrided.
if (!Strings.isNullOrEmpty(options.getUser()) && credentials != null) {
credentials = credentials.toBuilder().user(options.getUser()).build();
} else {
credentials = nodeMetadata.getCredentials();
}
String id = nodeMetadata.getId();
Set<String> publicAddresses = nodeMetadata.getPublicAddresses();
// Make a copy of the addresses, because we don't want to return back a guice implementation of Set.
Set<String> copyOfPublicAddresses = new HashSet<String>();
for (String publicAddress : publicAddresses) {
copyOfPublicAddresses.add(publicAddress);
}
CreateJCloudsContainerMetadata jCloudsContainerMetadata = new CreateJCloudsContainerMetadata();
jCloudsContainerMetadata.setCreateOptions(options);
jCloudsContainerMetadata.setNodeId(nodeMetadata.getId());
jCloudsContainerMetadata.setContainerName(containerName);
jCloudsContainerMetadata.setPublicAddresses(copyOfPublicAddresses);
jCloudsContainerMetadata.setHostname(nodeMetadata.getHostname());
if (credentials != null) {
jCloudsContainerMetadata.setIdentity(credentials.identity);
jCloudsContainerMetadata.setCredential(credentials.credential);
}
String publicAddress = "";
Properties addresses = new Properties();
if (publicAddresses != null && !publicAddresses.isEmpty()) {
publicAddress = publicAddresses.iterator().next();
addresses.put(ZkDefs.PUBLIC_IP, publicAddress);
}
options.getSystemProperties().put(ContainerProviderUtils.ADDRESSES_PROPERTY_KEY, addresses);
options.getMetadataMap().put(containerName, jCloudsContainerMetadata);
// Setup firwall for node
try {
FirewallManager firewallManager = firewallManagerFactory.getFirewallManager(computeService);
if (firewallManager.isSupported()) {
listener.onStateChange("Configuring firewall.");
String source = getOriginatingIp();
Rule httpRule = Rule.create().source("0.0.0.0/0").destination(nodeMetadata).port(8181);
firewallManager.addRules(httpRule);
if (source != null) {
Rule jmxRule = Rule.create().source(source).destination(nodeMetadata).ports(44444, 1099);
Rule sshRule = Rule.create().source(source).destination(nodeMetadata).port(8101);
Rule zookeeperRule = Rule.create().source(source).destination(nodeMetadata).port(2181);
firewallManager.addRules(jmxRule, sshRule, zookeeperRule);
}
// where firewall configuration is shared among nodes of the same groups, e.g. EC2.
if (!Strings.isNullOrEmpty(publicAddress)) {
Rule zookeeperFromTargetRule = Rule.create().source(publicAddress + "/32").destination(nodeMetadata).port(2181);
firewallManager.addRule(zookeeperFromTargetRule);
}
} else {
listener.onStateChange(String.format("Skipping firewall configuration. Not supported for provider %s", options.getProviderName()));
}
} catch (FirewallNotSupportedOnProviderException e) {
LOGGER.warn("Firewall manager not supported. Firewall will have to be manually configured.");
} catch (IOException e) {
LOGGER.warn("Could not lookup originating ip. Firewall will have to be manually configured.", e);
} catch (Throwable t) {
LOGGER.warn("Failed to setup firewall", t);
}
try {
String script = buildInstallAndStartScript(containerName, options);
listener.onStateChange(String.format("Installing fabric agent on container %s. It may take a while...", containerName));
ExecResponse response = null;
String uploadPath = "/tmp/fabric8-karaf-" + FabricConstants.FABRIC_VERSION + ".zip";
URL distributionURL = options.getProxyUri().resolve("io/fabric8/fabric8-karaf/" + FabricConstants.FABRIC_VERSION + "/fabric8-karaf-" + FabricConstants.FABRIC_VERSION + ".zip").toURL();
try {
if (options.doUploadDistribution()) {
uploadToNode(computeService.getContext(), nodeMetadata, credentials, distributionURL, uploadPath);
}
if (credentials != null) {
response = computeService.runScriptOnNode(id, script, templateOptions.overrideLoginCredentials(credentials).runAsRoot(false));
} else {
response = computeService.runScriptOnNode(id, script, templateOptions);
}
} catch (AuthorizationException ex) {
throw new Exception("Failed to connect to the container via ssh.");
} catch (SshException ex) {
throw new Exception("Failed to connect to the container via ssh.");
}
if (response != null && response.getOutput() != null) {
if (response.getOutput().contains(ContainerProviderUtils.FAILURE_PREFIX)) {
jCloudsContainerMetadata.setFailure(new Exception(ContainerProviderUtils.parseScriptFailure(response.getOutput())));
}
String overridenResolverValue = ContainerProviderUtils.parseResolverOverride(response.getOutput());
if (overridenResolverValue != null) {
jCloudsContainerMetadata.setOverridenResolver(overridenResolverValue);
listener.onStateChange("Overriding resolver to " + overridenResolverValue + ".");
}
} else {
jCloudsContainerMetadata.setFailure(new Exception("No response received for fabric install script."));
}
} catch (Throwable t) {
jCloudsContainerMetadata.setFailure(t);
}
// Cleanup addresses.
options.getSystemProperties().clear();
return jCloudsContainerMetadata;
}
Also used :
FirewallManager(io.fabric8.service.jclouds.firewall.FirewallManager)
ExecResponse(org.jclouds.compute.domain.ExecResponse)
AuthorizationException(org.jclouds.rest.AuthorizationException)
FirewallNotSupportedOnProviderException(io.fabric8.service.jclouds.firewall.FirewallNotSupportedOnProviderException)
IOException(java.io.IOException)
SshException(org.jclouds.ssh.SshException)
Properties(java.util.Properties)
URL(java.net.URL)
AuthorizationException(org.jclouds.rest.AuthorizationException)
FirewallNotSupportedOnProviderException(io.fabric8.service.jclouds.firewall.FirewallNotSupportedOnProviderException)
IOException(java.io.IOException)
SshException(org.jclouds.ssh.SshException)
LoginCredentials(org.jclouds.domain.LoginCredentials)
Rule(io.fabric8.service.jclouds.firewall.Rule)
HashSet(java.util.HashSet)
Example 2 with FirewallManager
use of io.fabric8.service.jclouds.firewall.FirewallManager in project fabric8 by jboss-fuse.
the class CloudFirewallEdit method doExecute.
@Override
protected Object doExecute() throws Exception {
if (validateArguments()) {
ComputeService computeService = findTargetComputeService();
if (computeService == null) {
return null;
}
Set<String> sourceCidrs = collectCirds();
FirewallManager firewallManager = firewallManagerFactory.getFirewallManager(computeService);
NodeMetadata node = null;
if (!Strings.isNullOrEmpty(targetContainerName) && getCurator().getZookeeperClient().isConnected() && fabricService != null) {
CreateJCloudsContainerMetadata metadata = getContainerCloudMetadata(targetContainerName);
if (metadata != null && !Strings.isNullOrEmpty(metadata.getNodeId())) {
targetNodeId = metadata.getNodeId();
}
}
if (!Strings.isNullOrEmpty(targetNodeId)) {
node = computeService.getNodeMetadata(targetNodeId);
}
if (node == null) {
System.err.println("Could not find target node. Make sure you specified either --target-node-id or --target-container using a valid cloud container.");
return null;
}
if (flush) {
firewallManager.addRule(Rule.create().destination(node).flush());
return null;
}
for (String cidr : sourceCidrs) {
Rule rule = Rule.create().destination(node).source(cidr);
if (port != null && port.length > 0) {
rule = rule.ports(port);
}
if (revoke) {
firewallManager.addRule(rule.revoke());
} else {
firewallManager.addRule(rule);
}
}
}
return null;
}
Also used :
NodeMetadata(org.jclouds.compute.domain.NodeMetadata)
FirewallManager(io.fabric8.service.jclouds.firewall.FirewallManager)
CreateJCloudsContainerMetadata(io.fabric8.service.jclouds.CreateJCloudsContainerMetadata)
Rule(io.fabric8.service.jclouds.firewall.Rule)
ComputeService(org.jclouds.compute.ComputeService)
Example 3 with FirewallManager
use of io.fabric8.service.jclouds.firewall.FirewallManager in project fabric8 by jboss-fuse.
the class FirewallManagerFactoryImpl method getFirewallManager.
/**
* Returns a {@link FirewallManager} for the specified {@link ComputeService}.
*/
@Override
public FirewallManager getFirewallManager(ComputeService computeService) throws FirewallNotSupportedOnProviderException {
assertValid();
ApiFirewallSupport firewallSupport = findApiFirewallSupport(computeService);
if (firewallSupport == null) {
throw new FirewallNotSupportedOnProviderException("Service is currently not supported for firewall operations");
}
FirewallManager firewallManager = new FirewallManager(computeService, firewallSupport);
return firewallManager;
}
Also used :
ApiFirewallSupport(io.fabric8.service.jclouds.firewall.ApiFirewallSupport)
FirewallManager(io.fabric8.service.jclouds.firewall.FirewallManager)
FirewallNotSupportedOnProviderException(io.fabric8.service.jclouds.firewall.FirewallNotSupportedOnProviderException)
Aggregations
FirewallManager (io.fabric8.service.jclouds.firewall.FirewallManager)3
FirewallNotSupportedOnProviderException (io.fabric8.service.jclouds.firewall.FirewallNotSupportedOnProviderException)2
Rule (io.fabric8.service.jclouds.firewall.Rule)2
CreateJCloudsContainerMetadata (io.fabric8.service.jclouds.CreateJCloudsContainerMetadata)1
ApiFirewallSupport (io.fabric8.service.jclouds.firewall.ApiFirewallSupport)1
IOException (java.io.IOException)1
URL (java.net.URL)1
HashSet (java.util.HashSet)1
Properties (java.util.Properties)1
ComputeService (org.jclouds.compute.ComputeService)1
ExecResponse (org.jclouds.compute.domain.ExecResponse)1
NodeMetadata (org.jclouds.compute.domain.NodeMetadata)1
LoginCredentials (org.jclouds.domain.LoginCredentials)1
AuthorizationException (org.jclouds.rest.AuthorizationException)1
SshException (org.jclouds.ssh.SshException)1
