Search in sources :

Example 1 with FirewallManager

use of io.fabric8.service.jclouds.firewall.FirewallManager in project fabric8 by jboss-fuse.

the class CloudContainerInstallationTask method install.

public CreateJCloudsContainerMetadata install() {
    LoginCredentials credentials = nodeMetadata.getCredentials();
    // For some cloud providers return do not allow shell access to root, so the user needs to be overrided.
    if (!Strings.isNullOrEmpty(options.getUser()) && credentials != null) {
        credentials = credentials.toBuilder().user(options.getUser()).build();
    } else {
        credentials = nodeMetadata.getCredentials();
    }
    String id = nodeMetadata.getId();
    Set<String> publicAddresses = nodeMetadata.getPublicAddresses();
    // Make a copy of the addresses, because we don't want to return back a guice implementation of Set.
    Set<String> copyOfPublicAddresses = new HashSet<String>();
    for (String publicAddress : publicAddresses) {
        copyOfPublicAddresses.add(publicAddress);
    }
    CreateJCloudsContainerMetadata jCloudsContainerMetadata = new CreateJCloudsContainerMetadata();
    jCloudsContainerMetadata.setCreateOptions(options);
    jCloudsContainerMetadata.setNodeId(nodeMetadata.getId());
    jCloudsContainerMetadata.setContainerName(containerName);
    jCloudsContainerMetadata.setPublicAddresses(copyOfPublicAddresses);
    jCloudsContainerMetadata.setHostname(nodeMetadata.getHostname());
    if (credentials != null) {
        jCloudsContainerMetadata.setIdentity(credentials.identity);
        jCloudsContainerMetadata.setCredential(credentials.credential);
    }
    String publicAddress = "";
    Properties addresses = new Properties();
    if (publicAddresses != null && !publicAddresses.isEmpty()) {
        publicAddress = publicAddresses.iterator().next();
        addresses.put(ZkDefs.PUBLIC_IP, publicAddress);
    }
    options.getSystemProperties().put(ContainerProviderUtils.ADDRESSES_PROPERTY_KEY, addresses);
    options.getMetadataMap().put(containerName, jCloudsContainerMetadata);
    // Setup firwall for node
    try {
        FirewallManager firewallManager = firewallManagerFactory.getFirewallManager(computeService);
        if (firewallManager.isSupported()) {
            listener.onStateChange("Configuring firewall.");
            String source = getOriginatingIp();
            Rule httpRule = Rule.create().source("0.0.0.0/0").destination(nodeMetadata).port(8181);
            firewallManager.addRules(httpRule);
            if (source != null) {
                Rule jmxRule = Rule.create().source(source).destination(nodeMetadata).ports(44444, 1099);
                Rule sshRule = Rule.create().source(source).destination(nodeMetadata).port(8101);
                Rule zookeeperRule = Rule.create().source(source).destination(nodeMetadata).port(2181);
                firewallManager.addRules(jmxRule, sshRule, zookeeperRule);
            }
            // where firewall configuration is shared among nodes of the same groups, e.g. EC2.
            if (!Strings.isNullOrEmpty(publicAddress)) {
                Rule zookeeperFromTargetRule = Rule.create().source(publicAddress + "/32").destination(nodeMetadata).port(2181);
                firewallManager.addRule(zookeeperFromTargetRule);
            }
        } else {
            listener.onStateChange(String.format("Skipping firewall configuration. Not supported for provider %s", options.getProviderName()));
        }
    } catch (FirewallNotSupportedOnProviderException e) {
        LOGGER.warn("Firewall manager not supported. Firewall will have to be manually configured.");
    } catch (IOException e) {
        LOGGER.warn("Could not lookup originating ip. Firewall will have to be manually configured.", e);
    } catch (Throwable t) {
        LOGGER.warn("Failed to setup firewall", t);
    }
    try {
        String script = buildInstallAndStartScript(containerName, options);
        listener.onStateChange(String.format("Installing fabric agent on container %s. It may take a while...", containerName));
        ExecResponse response = null;
        String uploadPath = "/tmp/fabric8-karaf-" + FabricConstants.FABRIC_VERSION + ".zip";
        URL distributionURL = options.getProxyUri().resolve("io/fabric8/fabric8-karaf/" + FabricConstants.FABRIC_VERSION + "/fabric8-karaf-" + FabricConstants.FABRIC_VERSION + ".zip").toURL();
        try {
            if (options.doUploadDistribution()) {
                uploadToNode(computeService.getContext(), nodeMetadata, credentials, distributionURL, uploadPath);
            }
            if (credentials != null) {
                response = computeService.runScriptOnNode(id, script, templateOptions.overrideLoginCredentials(credentials).runAsRoot(false));
            } else {
                response = computeService.runScriptOnNode(id, script, templateOptions);
            }
        } catch (AuthorizationException ex) {
            throw new Exception("Failed to connect to the container via ssh.");
        } catch (SshException ex) {
            throw new Exception("Failed to connect to the container via ssh.");
        }
        if (response != null && response.getOutput() != null) {
            if (response.getOutput().contains(ContainerProviderUtils.FAILURE_PREFIX)) {
                jCloudsContainerMetadata.setFailure(new Exception(ContainerProviderUtils.parseScriptFailure(response.getOutput())));
            }
            String overridenResolverValue = ContainerProviderUtils.parseResolverOverride(response.getOutput());
            if (overridenResolverValue != null) {
                jCloudsContainerMetadata.setOverridenResolver(overridenResolverValue);
                listener.onStateChange("Overriding resolver to " + overridenResolverValue + ".");
            }
        } else {
            jCloudsContainerMetadata.setFailure(new Exception("No response received for fabric install script."));
        }
    } catch (Throwable t) {
        jCloudsContainerMetadata.setFailure(t);
    }
    // Cleanup addresses.
    options.getSystemProperties().clear();
    return jCloudsContainerMetadata;
}
Also used : FirewallManager(io.fabric8.service.jclouds.firewall.FirewallManager) ExecResponse(org.jclouds.compute.domain.ExecResponse) AuthorizationException(org.jclouds.rest.AuthorizationException) FirewallNotSupportedOnProviderException(io.fabric8.service.jclouds.firewall.FirewallNotSupportedOnProviderException) IOException(java.io.IOException) SshException(org.jclouds.ssh.SshException) Properties(java.util.Properties) URL(java.net.URL) AuthorizationException(org.jclouds.rest.AuthorizationException) FirewallNotSupportedOnProviderException(io.fabric8.service.jclouds.firewall.FirewallNotSupportedOnProviderException) IOException(java.io.IOException) SshException(org.jclouds.ssh.SshException) LoginCredentials(org.jclouds.domain.LoginCredentials) Rule(io.fabric8.service.jclouds.firewall.Rule) HashSet(java.util.HashSet)

Example 2 with FirewallManager

use of io.fabric8.service.jclouds.firewall.FirewallManager in project fabric8 by jboss-fuse.

the class CloudFirewallEdit method doExecute.

@Override
protected Object doExecute() throws Exception {
    if (validateArguments()) {
        ComputeService computeService = findTargetComputeService();
        if (computeService == null) {
            return null;
        }
        Set<String> sourceCidrs = collectCirds();
        FirewallManager firewallManager = firewallManagerFactory.getFirewallManager(computeService);
        NodeMetadata node = null;
        if (!Strings.isNullOrEmpty(targetContainerName) && getCurator().getZookeeperClient().isConnected() && fabricService != null) {
            CreateJCloudsContainerMetadata metadata = getContainerCloudMetadata(targetContainerName);
            if (metadata != null && !Strings.isNullOrEmpty(metadata.getNodeId())) {
                targetNodeId = metadata.getNodeId();
            }
        }
        if (!Strings.isNullOrEmpty(targetNodeId)) {
            node = computeService.getNodeMetadata(targetNodeId);
        }
        if (node == null) {
            System.err.println("Could not find target node. Make sure you specified either --target-node-id or --target-container using a valid cloud container.");
            return null;
        }
        if (flush) {
            firewallManager.addRule(Rule.create().destination(node).flush());
            return null;
        }
        for (String cidr : sourceCidrs) {
            Rule rule = Rule.create().destination(node).source(cidr);
            if (port != null && port.length > 0) {
                rule = rule.ports(port);
            }
            if (revoke) {
                firewallManager.addRule(rule.revoke());
            } else {
                firewallManager.addRule(rule);
            }
        }
    }
    return null;
}
Also used : NodeMetadata(org.jclouds.compute.domain.NodeMetadata) FirewallManager(io.fabric8.service.jclouds.firewall.FirewallManager) CreateJCloudsContainerMetadata(io.fabric8.service.jclouds.CreateJCloudsContainerMetadata) Rule(io.fabric8.service.jclouds.firewall.Rule) ComputeService(org.jclouds.compute.ComputeService)

Example 3 with FirewallManager

use of io.fabric8.service.jclouds.firewall.FirewallManager in project fabric8 by jboss-fuse.

the class FirewallManagerFactoryImpl method getFirewallManager.

/**
 * Returns a {@link FirewallManager} for the specified {@link ComputeService}.
 */
@Override
public FirewallManager getFirewallManager(ComputeService computeService) throws FirewallNotSupportedOnProviderException {
    assertValid();
    ApiFirewallSupport firewallSupport = findApiFirewallSupport(computeService);
    if (firewallSupport == null) {
        throw new FirewallNotSupportedOnProviderException("Service is currently not supported for firewall operations");
    }
    FirewallManager firewallManager = new FirewallManager(computeService, firewallSupport);
    return firewallManager;
}
Also used : ApiFirewallSupport(io.fabric8.service.jclouds.firewall.ApiFirewallSupport) FirewallManager(io.fabric8.service.jclouds.firewall.FirewallManager) FirewallNotSupportedOnProviderException(io.fabric8.service.jclouds.firewall.FirewallNotSupportedOnProviderException)

Aggregations

FirewallManager (io.fabric8.service.jclouds.firewall.FirewallManager)3 FirewallNotSupportedOnProviderException (io.fabric8.service.jclouds.firewall.FirewallNotSupportedOnProviderException)2 Rule (io.fabric8.service.jclouds.firewall.Rule)2 CreateJCloudsContainerMetadata (io.fabric8.service.jclouds.CreateJCloudsContainerMetadata)1 ApiFirewallSupport (io.fabric8.service.jclouds.firewall.ApiFirewallSupport)1 IOException (java.io.IOException)1 URL (java.net.URL)1 HashSet (java.util.HashSet)1 Properties (java.util.Properties)1 ComputeService (org.jclouds.compute.ComputeService)1 ExecResponse (org.jclouds.compute.domain.ExecResponse)1 NodeMetadata (org.jclouds.compute.domain.NodeMetadata)1 LoginCredentials (org.jclouds.domain.LoginCredentials)1 AuthorizationException (org.jclouds.rest.AuthorizationException)1 SshException (org.jclouds.ssh.SshException)1