Updated Branches: refs/heads/trunk 32481db44 -> 8b36d8973
WHIRR-711. Add security group support for OpenStack. Project: http://git-wip-us.apache.org/repos/asf/whirr/repo Commit: http://git-wip-us.apache.org/repos/asf/whirr/commit/8b36d897 Tree: http://git-wip-us.apache.org/repos/asf/whirr/tree/8b36d897 Diff: http://git-wip-us.apache.org/repos/asf/whirr/diff/8b36d897 Branch: refs/heads/trunk Commit: 8b36d8973e56518ebfe0d4c6f88965d109e279bd Parents: 32481db Author: Andrew Bayer <andrew.ba...@gmail.com> Authored: Sun Mar 24 15:03:53 2013 -0700 Committer: Andrew Bayer <andrew.ba...@gmail.com> Committed: Mon Mar 25 09:11:18 2013 -0700 ---------------------------------------------------------------------- CHANGES.txt | 2 + .../org/apache/whirr/service/FirewallManager.java | 44 +++++++++++++++ 2 files changed, 46 insertions(+), 0 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/whirr/blob/8b36d897/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index a465421..171098a 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -4,6 +4,8 @@ Release 0.8.2 (unreleased changes) IMPROVEMENTS + WHIRR-711. Add security group support for OpenStack. (abayer) + WHIRR-681. Enhance puppet service with an ability to export cluster topology to the puppet code. (Roman Shaposhnik via abayer) http://git-wip-us.apache.org/repos/asf/whirr/blob/8b36d897/core/src/main/java/org/apache/whirr/service/FirewallManager.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/whirr/service/FirewallManager.java b/core/src/main/java/org/apache/whirr/service/FirewallManager.java index 27b7705..0599e43 100644 --- a/core/src/main/java/org/apache/whirr/service/FirewallManager.java +++ b/core/src/main/java/org/apache/whirr/service/FirewallManager.java @@ -36,12 +36,17 @@ import org.jclouds.compute.ComputeServiceContext; import org.jclouds.ec2.EC2ApiMetadata; import org.jclouds.ec2.EC2Client; import org.jclouds.ec2.domain.IpProtocol; +import org.jclouds.openstack.nova.v2_0.NovaApiMetadata; +import org.jclouds.openstack.nova.v2_0.domain.Ingress; +import org.jclouds.openstack.nova.v2_0.domain.SecurityGroup; +import org.jclouds.openstack.nova.v2_0.extensions.SecurityGroupApi; import org.jclouds.javax.annotation.Nullable; import org.jclouds.scriptbuilder.domain.Statement; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.google.common.base.Function; +import com.google.common.base.Optional; import com.google.common.base.Predicate; import com.google.common.collect.Iterables; import com.google.common.collect.Lists; @@ -298,6 +303,45 @@ public class FirewallManager { } } } + } else if (NovaApiMetadata.CONTEXT_TOKEN.isAssignableFrom(computeServiceContext.getBackendType())) { + // This code (or something like it) may be added to jclouds (see + // http://code.google.com/p/jclouds/issues/detail?id=336). + // Until then we need this temporary workaround. + Optional<? extends SecurityGroupApi> securityGroupApi = computeServiceContext.unwrap(NovaApiMetadata.CONTEXT_TOKEN) + .getApi() + .getSecurityGroupExtensionForZone(clusterSpec.getTemplate().getLocationId()); + + if (securityGroupApi.isPresent()) { + final String groupName = "jclouds-" + clusterSpec.getClusterName(); + Optional<? extends SecurityGroup> group = securityGroupApi.get().list().firstMatch(new Predicate<SecurityGroup>() { + @Override + public boolean apply(SecurityGroup secGrp) { + return secGrp.getName().equals(groupName); + } + }); + + if (group.isPresent()) { + for (String cidr : cidrs) { + for (int port : ports) { + try { + securityGroupApi.get().createRuleAllowingCidrBlock(group.get().getId(), + Ingress.builder() + .ipProtocol(org.jclouds.openstack.nova.v2_0.domain.IpProtocol.TCP) + .fromPort(port).toPort(port).build(), + cidr); + + } catch(IllegalStateException e) { + LOG.warn(e.getMessage()); + /* ignore, it means that this permission was already granted */ + } + } + } + } else { + LOG.warn("Expected security group " + groupName + " does not exist."); + } + } else { + LOG.warn("OpenStack security group extension not available for this cloud."); + } } } }
