WHIRR-711. Add security group support for OpenStack.
Project: http://git-wip-us.apache.org/repos/asf/whirr/repo Commit: http://git-wip-us.apache.org/repos/asf/whirr/commit/265d98ea Tree: http://git-wip-us.apache.org/repos/asf/whirr/tree/265d98ea Diff: http://git-wip-us.apache.org/repos/asf/whirr/diff/265d98ea Branch: refs/heads/branch-0.8 Commit: 265d98ea506b1490fbec5e4872304d9969c0716e Parents: 9d3efed Author: Andrew Bayer <andrew.ba...@gmail.com> Authored: Sun Mar 24 15:03:53 2013 -0700 Committer: Andrew Bayer <andrew.ba...@gmail.com> Committed: Mon Mar 25 09:12:33 2013 -0700 ---------------------------------------------------------------------- CHANGES.txt | 2 + .../org/apache/whirr/service/FirewallManager.java | 44 +++++++++++++++ 2 files changed, 46 insertions(+), 0 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/whirr/blob/265d98ea/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index a465421..171098a 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -4,6 +4,8 @@ Release 0.8.2 (unreleased changes) IMPROVEMENTS + WHIRR-711. Add security group support for OpenStack. (abayer) + WHIRR-681. Enhance puppet service with an ability to export cluster topology to the puppet code. (Roman Shaposhnik via abayer) http://git-wip-us.apache.org/repos/asf/whirr/blob/265d98ea/core/src/main/java/org/apache/whirr/service/FirewallManager.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/whirr/service/FirewallManager.java b/core/src/main/java/org/apache/whirr/service/FirewallManager.java index e3d53df..d9f780f 100644 --- a/core/src/main/java/org/apache/whirr/service/FirewallManager.java +++ b/core/src/main/java/org/apache/whirr/service/FirewallManager.java @@ -34,11 +34,16 @@ import org.jclouds.compute.ComputeServiceContext; import org.jclouds.ec2.EC2ApiMetadata; import org.jclouds.ec2.EC2Client; import org.jclouds.ec2.domain.IpProtocol; +import org.jclouds.openstack.nova.v2_0.NovaApiMetadata; +import org.jclouds.openstack.nova.v2_0.domain.Ingress; +import org.jclouds.openstack.nova.v2_0.domain.SecurityGroup; +import org.jclouds.openstack.nova.v2_0.extensions.SecurityGroupApi; import org.jclouds.javax.annotation.Nullable; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.google.common.base.Function; +import com.google.common.base.Optional; import com.google.common.base.Predicate; import com.google.common.collect.Iterables; import com.google.common.collect.Lists; @@ -220,6 +225,45 @@ public class FirewallManager { } } } + } else if (NovaApiMetadata.CONTEXT_TOKEN.isAssignableFrom(computeServiceContext.getBackendType())) { + // This code (or something like it) may be added to jclouds (see + // http://code.google.com/p/jclouds/issues/detail?id=336). + // Until then we need this temporary workaround. + Optional<? extends SecurityGroupApi> securityGroupApi = computeServiceContext.unwrap(NovaApiMetadata.CONTEXT_TOKEN) + .getApi() + .getSecurityGroupExtensionForZone(clusterSpec.getTemplate().getLocationId()); + + if (securityGroupApi.isPresent()) { + final String groupName = "jclouds-" + clusterSpec.getClusterName(); + Optional<? extends SecurityGroup> group = securityGroupApi.get().list().firstMatch(new Predicate<SecurityGroup>() { + @Override + public boolean apply(SecurityGroup secGrp) { + return secGrp.getName().equals(groupName); + } + }); + + if (group.isPresent()) { + for (String cidr : cidrs) { + for (int port : ports) { + try { + securityGroupApi.get().createRuleAllowingCidrBlock(group.get().getId(), + Ingress.builder() + .ipProtocol(org.jclouds.openstack.nova.v2_0.domain.IpProtocol.TCP) + .fromPort(port).toPort(port).build(), + cidr); + + } catch(IllegalStateException e) { + LOG.warn(e.getMessage()); + /* ignore, it means that this permission was already granted */ + } + } + } + } else { + LOG.warn("Expected security group " + groupName + " does not exist."); + } + } else { + LOG.warn("OpenStack security group extension not available for this cloud."); + } } } }
