Return-Path: X-Original-To: apmail-brooklyn-dev-archive@minotaur.apache.org Delivered-To: apmail-brooklyn-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2574118732 for ; Wed, 24 Jun 2015 18:20:58 +0000 (UTC) Received: (qmail 81376 invoked by uid 500); 24 Jun 2015 18:20:58 -0000 Delivered-To: apmail-brooklyn-dev-archive@brooklyn.apache.org Received: (qmail 81342 invoked by uid 500); 24 Jun 2015 18:20:58 -0000 Mailing-List: contact dev-help@brooklyn.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@brooklyn.incubator.apache.org Delivered-To: mailing list dev@brooklyn.incubator.apache.org Received: (qmail 81331 invoked by uid 99); 24 Jun 2015 18:20:57 -0000 Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Jun 2015 18:20:57 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 349BACFF51 for ; Wed, 24 Jun 2015 18:20:57 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.447 X-Spam-Level: X-Spam-Status: No, score=-0.447 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.428, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-us-east.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id FamjI-HW1icF for ; Wed, 24 Jun 2015 18:20:44 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with SMTP id 99B394C0DB for ; Wed, 24 Jun 2015 18:20:41 +0000 (UTC) Received: (qmail 81053 invoked by uid 99); 24 Jun 2015 18:20:41 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Jun 2015 18:20:41 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id DCBDAE05D1; Wed, 24 Jun 2015 18:20:40 +0000 (UTC) From: mikezaccardo To: dev@brooklyn.incubator.apache.org Reply-To: dev@brooklyn.incubator.apache.org References: In-Reply-To: Subject: [GitHub] incubator-brooklyn pull request: [BROOKLYN-99] add support for Nov... Content-Type: text/plain Message-Id: <20150624182040.DCBDAE05D1@git1-us-west.apache.org> Date: Wed, 24 Jun 2015 18:20:40 +0000 (UTC) Github user mikezaccardo commented on a diff in the pull request: https://github.com/apache/incubator-brooklyn/pull/694#discussion_r33178718 --- Diff: locations/jclouds/src/main/java/brooklyn/location/jclouds/networking/JcloudsLocationSecurityGroupCustomizer.java --- @@ -225,41 +238,47 @@ void addPermissionsToLocation(Iterable permissions, final String n * {@link #sharedGroupCache} if no mapping for the shared group's location previously * existed (e.g. Brooklyn was restarted and rebound to an existing application). * + * Notice that jclouds will attach 2 securityGroups to the node if the locationId is `aws-ec2` so it needs to + * look for the uniqueSecurityGroup rather than the shared securityGroup. + * * @param nodeId The id of the node in question + * @param locationId The id of the location in question * @param securityApi The API to use to list security groups * @return the security group unique to the given node, or null if one could not be determined. */ - private SecurityGroup getUniqueSecurityGroupForNodeCachingSharedGroupIfPreviouslyUnknown( - String nodeId, SecurityGroupExtension securityApi) { + private SecurityGroup getUniqueSecurityGroupForNodeCachingSharedGroupIfPreviouslyUnknown(String nodeId, String locationId, SecurityGroupExtension securityApi) { Set groupsOnNode = securityApi.listSecurityGroupsForNode(nodeId); - if (groupsOnNode.size() != 2) { - LOG.warn("Expected to find two security groups on node {} in app {} (one shared, one unique). Found {}: {}", - new Object[]{nodeId, applicationId, groupsOnNode.size(), groupsOnNode}); - return null; - } - String expectedSharedName = getNameForSharedSecurityGroup(); - Iterator it = groupsOnNode.iterator(); - SecurityGroup shared = it.next(); SecurityGroup unique; - if (shared.getName().endsWith(expectedSharedName)) { - unique = it.next(); - } else { - unique = shared; - shared = it.next(); - } - if (!shared.getName().endsWith(expectedSharedName)) { - LOG.warn("Couldn't determine which security group is shared between instances in app {}. Expected={}, found={}", - new Object[]{applicationId, expectedSharedName, groupsOnNode}); - return null; - } - // Shared entry might be missing if Brooklyn has rebound to an application - SecurityGroup old = sharedGroupCache.asMap().putIfAbsent(shared.getLocation(), shared); - LOG.info("Loaded unique security group for node {} (in {}): {}", - new Object[]{nodeId, applicationId, unique}); - if (old == null) { - LOG.info("Proactively set shared group for app {} to: {}", applicationId, shared); + if (locationId.equals("aws-ec2")) { --- End diff -- It may be nice to extract this AWS-specific functionality into a new method. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastructure@apache.org or file a JIRA ticket with INFRA. ---