cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kous...@apache.org
Subject [4/6] git commit: updated refs/heads/master to d1def0a
Date Mon, 11 Apr 2016 16:55:02 GMT
deal with PMD warnings


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d39182f9
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d39182f9
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d39182f9

Branch: refs/heads/master
Commit: d39182f9d432ff477b7021ce805980c35ba39408
Parents: d1c1bde
Author: Daan Hoogland <daan@onecht.net>
Authored: Fri Dec 25 16:47:14 2015 +0100
Committer: Daan Hoogland <daan@onecht.net>
Committed: Sat Dec 26 09:02:30 2015 +0100

----------------------------------------------------------------------
 .../cloud/agent/api/SecurityGroupRulesCmd.java  | 168 ++++----
 .../networkservice/SecurityGroupHttpClient.java | 410 +++++++++----------
 ...LibvirtSecurityGroupRulesCommandWrapper.java |   2 +-
 .../resource/LibvirtComputingResourceTest.java  |  22 +-
 .../cloud/ovm/hypervisor/OvmResourceBase.java   |   4 +-
 .../cloud/agent/manager/MockVmManagerImpl.java  |   2 +-
 .../CitrixSecurityGroupRulesCommandWrapper.java |   2 +-
 .../xenbase/CitrixRequestWrapperTest.java       |  14 +-
 .../security/SecurityGroupManagerImpl2.java     |   4 +-
 9 files changed, 329 insertions(+), 299 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/core/src/com/cloud/agent/api/SecurityGroupRulesCmd.java
----------------------------------------------------------------------
diff --git a/core/src/com/cloud/agent/api/SecurityGroupRulesCmd.java b/core/src/com/cloud/agent/api/SecurityGroupRulesCmd.java
index fbc3835..a7f4425 100644
--- a/core/src/com/cloud/agent/api/SecurityGroupRulesCmd.java
+++ b/core/src/com/cloud/agent/api/SecurityGroupRulesCmd.java
@@ -21,6 +21,7 @@ package com.cloud.agent.api;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.util.ArrayList;
 import java.util.List;
 import java.util.zip.DeflaterOutputStream;
 
@@ -32,34 +33,47 @@ import com.cloud.agent.api.LogLevel.Log4jLevel;
 import com.cloud.utils.net.NetUtils;
 
 public class SecurityGroupRulesCmd extends Command {
-    static final String EGRESS_RULE = "E:";
-    static final String INGRESS_RULE = "I:";
-    private static Logger s_logger = Logger.getLogger(SecurityGroupRulesCmd.class);
+    private static final char RULE_TARGET_SEPARATOR = ',';
+    private static final char RULE_COMMAND_SEPARATOR = ':';
+    protected static final String EGRESS_RULE = "E:";
+    protected static final String INGRESS_RULE = "I:";
+    private static final Logger LOGGER = Logger.getLogger(SecurityGroupRulesCmd.class);
+
+    private final String guestIp;
+    private final String vmName;
+    private final String guestMac;
+    private final String signature;
+    private final Long seqNum;
+    private final Long vmId;
+    private Long msId;
+    private List<IpPortAndProto> ingressRuleSet;
+    private List<IpPortAndProto> egressRuleSet;
+    private final List<String> secIps;
 
     public static class IpPortAndProto {
-        private String proto;
-        private int startPort;
-        private int endPort;
+        private final String proto;
+        private final int startPort;
+        private final int endPort;
         @LogLevel(Log4jLevel.Trace)
-        private String[] allowedCidrs;
+        private List<String> allowedCidrs;
 
-        public IpPortAndProto() {
-        }
-
-        public IpPortAndProto(String proto, int startPort, int endPort, String[] allowedCidrs)
{
-            this();
+        public IpPortAndProto(final String proto, final int startPort, final int endPort,
final String... allowedCidrs) {
+            super();
             this.proto = proto;
             this.startPort = startPort;
             this.endPort = endPort;
-            this.allowedCidrs = allowedCidrs;
+            setAllowedCidrs(allowedCidrs);
         }
 
-        public String[] getAllowedCidrs() {
+        public List<String> getAllowedCidrs() {
             return allowedCidrs;
         }
 
-        public void setAllowedCidrs(String[] allowedCidrs) {
-            this.allowedCidrs = allowedCidrs;
+        public void setAllowedCidrs(final String... allowedCidrs) {
+            this.allowedCidrs = new ArrayList<String>();
+            for (final String allowedCidr : allowedCidrs) {
+                this.allowedCidrs.add(allowedCidr);
+            }
         }
 
         public String getProto() {
@@ -76,41 +90,29 @@ public class SecurityGroupRulesCmd extends Command {
 
     }
 
-    String guestIp;
-    String vmName;
-    String guestMac;
-    String signature;
-    Long seqNum;
-    Long vmId;
-    Long msId;
-    IpPortAndProto[] ingressRuleSet;
-    IpPortAndProto[] egressRuleSet;
-    private List<String> secIps;
-
-    public SecurityGroupRulesCmd() {
-        super();
-    }
-
-    public SecurityGroupRulesCmd(String guestIp, String guestMac, String vmName, Long vmId,
String signature, Long seqNum, IpPortAndProto[] ingressRuleSet,
-            IpPortAndProto[] egressRuleSet) {
-        this();
+    public SecurityGroupRulesCmd(
+            final String guestIp,
+            final String guestMac,
+            final String vmName,
+            final Long vmId,
+            final String signature,
+            final Long seqNum,
+            final IpPortAndProto[] ingressRuleSet,
+            final IpPortAndProto[] egressRuleSet,
+            final List<String> secIps) {
         this.guestIp = guestIp;
         this.vmName = vmName;
-        this.ingressRuleSet = ingressRuleSet;
-        this.egressRuleSet = egressRuleSet;
+        setIngressRuleSet(ingressRuleSet);
+        this.setEgressRuleSet(egressRuleSet);
         this.guestMac = guestMac;
-        this.signature = signature;
         this.seqNum = seqNum;
         this.vmId = vmId;
         if (signature == null) {
-            String stringified = stringifyRules();
+            final String stringified = stringifyRules();
             this.signature = DigestUtils.md5Hex(stringified);
+        } else {
+            this.signature = signature;
         }
-    }
-
-    public SecurityGroupRulesCmd(String guestIp, String guestMac, String vmName, Long vmId,
String signature, Long seqNum, IpPortAndProto[] ingressRuleSet,
-            IpPortAndProto[] egressRuleSet, List<String> secIps) {
-        this(guestIp, guestMac, vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet);
         this.secIps = secIps;
     }
 
@@ -119,20 +121,26 @@ public class SecurityGroupRulesCmd extends Command {
         return true;
     }
 
-    public IpPortAndProto[] getIngressRuleSet() {
+    public List<IpPortAndProto> getIngressRuleSet() {
         return ingressRuleSet;
     }
 
-    public void setIngressRuleSet(IpPortAndProto[] ingressRuleSet) {
-        this.ingressRuleSet = ingressRuleSet;
+    public void setIngressRuleSet(final IpPortAndProto... ingressRuleSet) {
+        this.ingressRuleSet = new ArrayList<IpPortAndProto>();
+        for(final IpPortAndProto rule: ingressRuleSet) {
+            this.ingressRuleSet.add(rule);
+        }
     }
 
-    public IpPortAndProto[] getEgressRuleSet() {
+    public List<IpPortAndProto> getEgressRuleSet() {
         return egressRuleSet;
     }
 
-    public void setEgressRuleSet(IpPortAndProto[] egressRuleSet) {
-        this.egressRuleSet = egressRuleSet;
+    public void setEgressRuleSet(final IpPortAndProto... egressRuleSet) {
+        this.egressRuleSet = new ArrayList<IpPortAndProto>();
+        for(final IpPortAndProto rule: egressRuleSet) {
+            this.egressRuleSet.add(rule);
+        }
     }
 
     public String getGuestIp() {
@@ -148,35 +156,35 @@ public class SecurityGroupRulesCmd extends Command {
     }
 
     //convert cidrs in the form "a.b.c.d/e" to "hexvalue of 32bit ip/e"
-    private String compressCidr(String cidr) {
-        String[] toks = cidr.split("/");
-        long ipnum = NetUtils.ip2Long(toks[0]);
+    private String compressCidr(final String cidr) {
+        final String[] toks = cidr.split("/");
+        final long ipnum = NetUtils.ip2Long(toks[0]);
         return Long.toHexString(ipnum) + "/" + toks[1];
     }
 
     public String getSecIpsString() {
-        StringBuilder sb = new StringBuilder();
-        List<String> ips = getSecIps();
+        final StringBuilder sb = new StringBuilder();
+        final List<String> ips = getSecIps();
         if (ips == null) {
-            return "0:";
+            sb.append("0:");
         } else {
-            for (String ip : ips) {
-                sb.append(ip).append(":");
+            for (final String ip : ips) {
+                sb.append(ip).append(RULE_COMMAND_SEPARATOR);
             }
         }
         return sb.toString();
     }
 
     public String stringifyRules() {
-        StringBuilder ruleBuilder = new StringBuilder();
+        final StringBuilder ruleBuilder = new StringBuilder();
         stringifyRulesFor(getIngressRuleSet(), INGRESS_RULE, false, ruleBuilder);
         stringifyRulesFor(getEgressRuleSet(), EGRESS_RULE, false, ruleBuilder);
         return ruleBuilder.toString();
     }
 
     public String stringifyCompressedRules() {
-        StringBuilder ruleBuilder = new StringBuilder();
-        stringifyRulesFor(getEgressRuleSet(), INGRESS_RULE, true, ruleBuilder);
+        final StringBuilder ruleBuilder = new StringBuilder();
+        stringifyRulesFor(getIngressRuleSet(), INGRESS_RULE, true, ruleBuilder);
         stringifyRulesFor(getEgressRuleSet(), EGRESS_RULE, true, ruleBuilder);
         return ruleBuilder.toString();
     }
@@ -187,14 +195,17 @@ public class SecurityGroupRulesCmd extends Command {
      * @param compress
      * @param ruleBuilder
      */
-    void stringifyRulesFor(SecurityGroupRulesCmd.IpPortAndProto[] ipPandPs, String gression,
boolean compress, StringBuilder ruleBuilder) {
-        for (SecurityGroupRulesCmd.IpPortAndProto ipPandP : ipPandPs) {
-            ruleBuilder.append(gression).append(ipPandP.getProto()).append(":").append(ipPandP.getStartPort()).append(":").append(ipPandP.getEndPort()).append(":");
-            for (String cidr : ipPandP.getAllowedCidrs()) {
-                ruleBuilder.append(compress?compressCidr(cidr):cidr).append(",");
+    private void stringifyRulesFor(
+            final List<IpPortAndProto> ipPandPs,
+            final String gression,
+            final boolean compress,
+            final StringBuilder ruleBuilder) {
+        for (final IpPortAndProto ipPandP : ipPandPs) {
+            ruleBuilder.append(gression).append(ipPandP.getProto()).append(RULE_COMMAND_SEPARATOR).append(ipPandP.getStartPort()).append(RULE_COMMAND_SEPARATOR).append(ipPandP.getEndPort()).append(RULE_COMMAND_SEPARATOR);
+            for (final String cidr : ipPandP.getAllowedCidrs()) {
+                ruleBuilder.append(compress?compressCidr(cidr):cidr).append(RULE_TARGET_SEPARATOR);
             }
-            ruleBuilder.append("NEXT");
-            ruleBuilder.append(" ");
+            ruleBuilder.append("NEXT ");
         }
     }
 
@@ -203,19 +214,20 @@ public class SecurityGroupRulesCmd extends Command {
      * to scale beyond 8k cidrs.
      */
     public String compressStringifiedRules() {
-        String stringified = stringifyRules();
-        ByteArrayOutputStream out = new ByteArrayOutputStream();
+        final String stringified = stringifyRules();
+        final ByteArrayOutputStream out = new ByteArrayOutputStream();
+        String encodedResult = null;
         try {
             //Note : not using GZipOutputStream since that is for files
             //GZipOutputStream gives a different header, although the compression is the
same
-            DeflaterOutputStream dzip = new DeflaterOutputStream(out);
+            final DeflaterOutputStream dzip = new DeflaterOutputStream(out);
             dzip.write(stringified.getBytes());
             dzip.close();
+            encodedResult = Base64.encodeBase64String(out.toByteArray());
         } catch (IOException e) {
-            s_logger.warn("Exception while compressing security group rules");
-            return null;
+            LOGGER.warn("Exception while compressing security group rules");
         }
-        return Base64.encodeBase64String(out.toByteArray());
+        return encodedResult;
     }
 
     public String getSignature() {
@@ -237,16 +249,16 @@ public class SecurityGroupRulesCmd extends Command {
     public int getTotalNumCidrs() {
         //useful for logging
         int count = 0;
-        for (IpPortAndProto i : ingressRuleSet) {
-            count += i.allowedCidrs.length;
+        for (final IpPortAndProto i : ingressRuleSet) {
+            count += i.allowedCidrs.size();
         }
-        for (IpPortAndProto i : egressRuleSet) {
-            count += i.allowedCidrs.length;
+        for (final IpPortAndProto i : egressRuleSet) {
+            count += i.allowedCidrs.size();
         }
         return count;
     }
 
-    public void setMsId(long msId) {
+    public void setMsId(final long msId) {
         this.msId = msId;
     }
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/SecurityGroupHttpClient.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/SecurityGroupHttpClient.java
b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/SecurityGroupHttpClient.java
index b9e4858..b100929 100644
--- a/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/SecurityGroupHttpClient.java
+++ b/plugins/hypervisors/baremetal/src/com/cloud/baremetal/networkservice/SecurityGroupHttpClient.java
@@ -1,205 +1,205 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-//
-// Automatically generated by addcopyright.py at 01/29/2013
-// Apache License, Version 2.0 (the "License"); you may not use this
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//
-// Automatically generated by addcopyright.py at 04/03/2012
-
-package com.cloud.baremetal.networkservice;
-
-import com.cloud.agent.api.SecurityGroupRuleAnswer;
-import com.cloud.agent.api.SecurityGroupRulesCmd;
-import com.cloud.agent.api.SecurityGroupRulesCmd.IpPortAndProto;
-import com.cloud.baremetal.networkservice.schema.SecurityGroupRule;
-import com.cloud.baremetal.networkservice.schema.SecurityGroupVmRuleSet;
-import com.cloud.utils.Pair;
-import com.cloud.utils.exception.CloudRuntimeException;
-import org.apache.commons.httpclient.HttpClient;
-import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
-import org.apache.commons.httpclient.methods.PostMethod;
-import org.apache.commons.httpclient.methods.StringRequestEntity;
-import org.apache.log4j.Logger;
-
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.Marshaller;
-import java.io.StringWriter;
-import java.net.SocketTimeoutException;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.concurrent.TimeUnit;
-
-public class SecurityGroupHttpClient {
-    private static final Logger logger = Logger.getLogger(SecurityGroupHttpClient.class);
-    private static final String ARG_NAME = "args";
-    private static final String COMMAND = "command";
-    private JAXBContext context;
-    private int port;
-    private static HttpClient httpClient;
-    static {
-        MultiThreadedHttpConnectionManager connman = new MultiThreadedHttpConnectionManager();
-        httpClient = new HttpClient(connman);
-        httpClient.setConnectionTimeout(5000);
-    }
-
-    private enum OpConstant {
-        setRules, echo,
-    }
-
-    public SecurityGroupHttpClient() {
-        try {
-            context = JAXBContext.newInstance(SecurityGroupRule.class, SecurityGroupVmRuleSet.class);
-            port = 9988;
-        } catch (Exception e) {
-            throw new CloudRuntimeException(
-                    "Unable to create JAXBContext for security group", e);
-        }
-    }
-
-    private List<SecurityGroupRule> generateRules(IpPortAndProto[] ipps) {
-        List<SecurityGroupRule> rules = new ArrayList<SecurityGroupRule>(
-                ipps.length);
-        for (SecurityGroupRulesCmd.IpPortAndProto ipp : ipps) {
-            SecurityGroupRule r = new SecurityGroupRule();
-            r.setProtocol(ipp.getProto());
-            r.setStartPort(ipp.getStartPort());
-            r.setEndPort(ipp.getEndPort());
-            for (String cidr : ipp.getAllowedCidrs()) {
-                r.getIp().add(cidr);
-            }
-            rules.add(r);
-        }
-        return rules;
-    }
-
-    public HashMap<String, Pair<Long, Long>> sync(String vmName, Long vmId, String
agentIp) {
-        HashMap<String, Pair<Long, Long>> states = new HashMap<String, Pair<Long,
Long>>();
-        PostMethod post = new PostMethod(String.format("http://%s:%s/", agentIp, getPort()));
-        try {
-            post.addRequestHeader("command", "sync");
-            if (httpClient.executeMethod(post) != 200) {
-                logger.debug(String.format("echoing baremetal security group agent on %s
got error: %s", agentIp, post.getResponseBodyAsString()));
-            } else {
-                String res = post.getResponseBodyAsString();
-                // res = ';'.join([vmName, vmId, seqno])
-                String[] rulelogs = res.split(",");
-                if (rulelogs.length != 6) {
-                    logger.debug(String.format("host[%s] returns invalid security group sync
document[%s], reset rules", agentIp, res));
-                    states.put(vmName, new Pair<Long, Long>(vmId, -1L));
-                    return states;
-                }
-                Pair<Long, Long> p = new Pair<Long, Long>(Long.valueOf(rulelogs[1]),
Long.valueOf(rulelogs[5]));
-                states.put(rulelogs[0], p);
-                return states;
-            }
-        } catch (SocketTimeoutException se) {
-            logger.warn(String.format("unable to sync security group rules on host[%s], %s",
agentIp, se.getMessage()));
-        } catch (Exception e) {
-            logger.warn(String.format("unable to sync security group rules on host[%s]",
agentIp), e);
-        } finally {
-            if (post != null) {
-                post.releaseConnection();
-            }
-        }
-        return states;
-    }
-
-
-    public boolean echo(String agentIp, long l, long m) {
-        boolean ret = false;
-        int count = 1;
-        while (true) {
-            try {
-                Thread.sleep(m);
-                count++;
-            } catch (InterruptedException e1) {
-                logger.warn("", e1);
-                break;
-            }
-            PostMethod post = new PostMethod(String.format("http://%s:%s/", agentIp, getPort()));
-            try {
-                post.addRequestHeader("command", "echo");
-                if (httpClient.executeMethod(post) != 200) {
-                    logger.debug(String.format("echoing baremetal security group agent on
%s got error: %s", agentIp, post.getResponseBodyAsString()));
-                } else {
-                    ret = true;
-                }
-                break;
-            } catch (Exception e) {
-                if (count*m >= l) {
-                    logger.debug(String.format("ping security group agent on vm[%s] timeout
after %s minutes, starting vm failed, count=%s", agentIp, TimeUnit.MILLISECONDS.toSeconds(l),
count));
-                    break;
-                } else {
-                    logger.debug(String.format("Having pinged security group agent on vm[%s]
%s times, continue to wait...", agentIp, count));
-                }
-            } finally {
-                if (post != null) {
-                    post.releaseConnection();
-                }
-            }
-        }
-        return ret;
-    }
-
-    public SecurityGroupRuleAnswer call(String agentIp, SecurityGroupRulesCmd cmd) {
-        PostMethod post = new PostMethod(String.format(
-                "http://%s:%s", agentIp, getPort()));
-        try {
-            SecurityGroupVmRuleSet rset = new SecurityGroupVmRuleSet();
-            rset.getEgressRules().addAll(generateRules(cmd.getEgressRuleSet()));
-            rset.getIngressRules().addAll(
-                    generateRules(cmd.getIngressRuleSet()));
-            rset.setVmName(cmd.getVmName());
-            rset.setVmIp(cmd.getGuestIp());
-            rset.setVmMac(cmd.getGuestMac());
-            rset.setVmId(cmd.getVmId());
-            rset.setSignature(cmd.getSignature());
-            rset.setSequenceNumber(cmd.getSeqNum());
-            Marshaller marshaller = context.createMarshaller();
-            StringWriter writer = new StringWriter();
-            marshaller.marshal(rset, writer);
-            String xmlContents = writer.toString();
-            logger.debug(xmlContents);
-
-            post.addRequestHeader("command", "set_rules");
-            StringRequestEntity entity = new StringRequestEntity(xmlContents);
-            post.setRequestEntity(entity);
-            if (httpClient.executeMethod(post) != 200) {
-                return new SecurityGroupRuleAnswer(cmd, false,
-                        post.getResponseBodyAsString());
-            } else {
-                return new SecurityGroupRuleAnswer(cmd);
-            }
-        } catch (Exception e) {
-            return new SecurityGroupRuleAnswer(cmd, false, e.getMessage());
-        } finally {
-            if (post != null) {
-                post.releaseConnection();
-            }
-        }
-    }
-
-    public int getPort() {
-        return port;
-    }
-
-    public void setPort(int port) {
-        this.port = port;
-    }
-}
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+// Automatically generated by addcopyright.py at 01/29/2013
+// Apache License, Version 2.0 (the "License"); you may not use this
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//
+// Automatically generated by addcopyright.py at 04/03/2012
+
+package com.cloud.baremetal.networkservice;
+
+import com.cloud.agent.api.SecurityGroupRuleAnswer;
+import com.cloud.agent.api.SecurityGroupRulesCmd;
+import com.cloud.agent.api.SecurityGroupRulesCmd.IpPortAndProto;
+import com.cloud.baremetal.networkservice.schema.SecurityGroupRule;
+import com.cloud.baremetal.networkservice.schema.SecurityGroupVmRuleSet;
+import com.cloud.utils.Pair;
+import com.cloud.utils.exception.CloudRuntimeException;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.commons.httpclient.methods.StringRequestEntity;
+import org.apache.log4j.Logger;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+import java.io.StringWriter;
+import java.net.SocketTimeoutException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+
+public class SecurityGroupHttpClient {
+    private static final Logger logger = Logger.getLogger(SecurityGroupHttpClient.class);
+    private static final String ARG_NAME = "args";
+    private static final String COMMAND = "command";
+    private JAXBContext context;
+    private int port;
+    private static HttpClient httpClient;
+    static {
+        MultiThreadedHttpConnectionManager connman = new MultiThreadedHttpConnectionManager();
+        httpClient = new HttpClient(connman);
+        httpClient.setConnectionTimeout(5000);
+    }
+
+    private enum OpConstant {
+        setRules, echo,
+    }
+
+    public SecurityGroupHttpClient() {
+        try {
+            context = JAXBContext.newInstance(SecurityGroupRule.class, SecurityGroupVmRuleSet.class);
+            port = 9988;
+        } catch (Exception e) {
+            throw new CloudRuntimeException(
+                    "Unable to create JAXBContext for security group", e);
+        }
+    }
+
+    private List<SecurityGroupRule> generateRules(final List<IpPortAndProto>
ipps) {
+        List<SecurityGroupRule> rules = new ArrayList<SecurityGroupRule>(
+                ipps.size());
+        for (SecurityGroupRulesCmd.IpPortAndProto ipp : ipps) {
+            SecurityGroupRule r = new SecurityGroupRule();
+            r.setProtocol(ipp.getProto());
+            r.setStartPort(ipp.getStartPort());
+            r.setEndPort(ipp.getEndPort());
+            for (String cidr : ipp.getAllowedCidrs()) {
+                r.getIp().add(cidr);
+            }
+            rules.add(r);
+        }
+        return rules;
+    }
+
+    public HashMap<String, Pair<Long, Long>> sync(String vmName, Long vmId, String
agentIp) {
+        HashMap<String, Pair<Long, Long>> states = new HashMap<String, Pair<Long,
Long>>();
+        PostMethod post = new PostMethod(String.format("http://%s:%s/", agentIp, getPort()));
+        try {
+            post.addRequestHeader("command", "sync");
+            if (httpClient.executeMethod(post) != 200) {
+                logger.debug(String.format("echoing baremetal security group agent on %s
got error: %s", agentIp, post.getResponseBodyAsString()));
+            } else {
+                String res = post.getResponseBodyAsString();
+                // res = ';'.join([vmName, vmId, seqno])
+                String[] rulelogs = res.split(",");
+                if (rulelogs.length != 6) {
+                    logger.debug(String.format("host[%s] returns invalid security group sync
document[%s], reset rules", agentIp, res));
+                    states.put(vmName, new Pair<Long, Long>(vmId, -1L));
+                    return states;
+                }
+                Pair<Long, Long> p = new Pair<Long, Long>(Long.valueOf(rulelogs[1]),
Long.valueOf(rulelogs[5]));
+                states.put(rulelogs[0], p);
+                return states;
+            }
+        } catch (SocketTimeoutException se) {
+            logger.warn(String.format("unable to sync security group rules on host[%s], %s",
agentIp, se.getMessage()));
+        } catch (Exception e) {
+            logger.warn(String.format("unable to sync security group rules on host[%s]",
agentIp), e);
+        } finally {
+            if (post != null) {
+                post.releaseConnection();
+            }
+        }
+        return states;
+    }
+
+
+    public boolean echo(String agentIp, long l, long m) {
+        boolean ret = false;
+        int count = 1;
+        while (true) {
+            try {
+                Thread.sleep(m);
+                count++;
+            } catch (InterruptedException e1) {
+                logger.warn("", e1);
+                break;
+            }
+            PostMethod post = new PostMethod(String.format("http://%s:%s/", agentIp, getPort()));
+            try {
+                post.addRequestHeader("command", "echo");
+                if (httpClient.executeMethod(post) != 200) {
+                    logger.debug(String.format("echoing baremetal security group agent on
%s got error: %s", agentIp, post.getResponseBodyAsString()));
+                } else {
+                    ret = true;
+                }
+                break;
+            } catch (Exception e) {
+                if (count*m >= l) {
+                    logger.debug(String.format("ping security group agent on vm[%s] timeout
after %s minutes, starting vm failed, count=%s", agentIp, TimeUnit.MILLISECONDS.toSeconds(l),
count));
+                    break;
+                } else {
+                    logger.debug(String.format("Having pinged security group agent on vm[%s]
%s times, continue to wait...", agentIp, count));
+                }
+            } finally {
+                if (post != null) {
+                    post.releaseConnection();
+                }
+            }
+        }
+        return ret;
+    }
+
+    public SecurityGroupRuleAnswer call(String agentIp, SecurityGroupRulesCmd cmd) {
+        PostMethod post = new PostMethod(String.format(
+                "http://%s:%s", agentIp, getPort()));
+        try {
+            SecurityGroupVmRuleSet rset = new SecurityGroupVmRuleSet();
+            rset.getEgressRules().addAll(generateRules(cmd.getEgressRuleSet()));
+            rset.getIngressRules().addAll(
+                    generateRules(cmd.getIngressRuleSet()));
+            rset.setVmName(cmd.getVmName());
+            rset.setVmIp(cmd.getGuestIp());
+            rset.setVmMac(cmd.getGuestMac());
+            rset.setVmId(cmd.getVmId());
+            rset.setSignature(cmd.getSignature());
+            rset.setSequenceNumber(cmd.getSeqNum());
+            Marshaller marshaller = context.createMarshaller();
+            StringWriter writer = new StringWriter();
+            marshaller.marshal(rset, writer);
+            String xmlContents = writer.toString();
+            logger.debug(xmlContents);
+
+            post.addRequestHeader("command", "set_rules");
+            StringRequestEntity entity = new StringRequestEntity(xmlContents);
+            post.setRequestEntity(entity);
+            if (httpClient.executeMethod(post) != 200) {
+                return new SecurityGroupRuleAnswer(cmd, false,
+                        post.getResponseBodyAsString());
+            } else {
+                return new SecurityGroupRuleAnswer(cmd);
+            }
+        } catch (Exception e) {
+            return new SecurityGroupRuleAnswer(cmd, false, e.getMessage());
+        } finally {
+            if (post != null) {
+                post.releaseConnection();
+            }
+        }
+    }
+
+    public int getPort() {
+        return port;
+    }
+
+    public void setPort(int port) {
+        this.port = port;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSecurityGroupRulesCommandWrapper.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSecurityGroupRulesCommandWrapper.java
b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSecurityGroupRulesCommandWrapper.java
index f1a2e02..ef9fd89 100644
--- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSecurityGroupRulesCommandWrapper.java
+++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSecurityGroupRulesCommandWrapper.java
@@ -62,7 +62,7 @@ public final class LibvirtSecurityGroupRulesCommandWrapper extends CommandWrappe
             return new SecurityGroupRuleAnswer(command, false, "programming network rules
failed");
         } else {
             s_logger.debug("Programmed network rules for vm " + command.getVmName() + " guestIp="
+ command.getGuestIp() + ",ingress numrules="
-                    + command.getIngressRuleSet().length + ",egress numrules=" + command.getEgressRuleSet().length);
+                    + command.getIngressRuleSet().size() + ",egress numrules=" + command.getEgressRuleSet().size());
             return new SecurityGroupRuleAnswer(command);
         }
     }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/plugins/hypervisors/kvm/test/com/cloud/hypervisor/kvm/resource/LibvirtComputingResourceTest.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/kvm/test/com/cloud/hypervisor/kvm/resource/LibvirtComputingResourceTest.java
b/plugins/hypervisors/kvm/test/com/cloud/hypervisor/kvm/resource/LibvirtComputingResourceTest.java
index 04a27f3..66efdf2 100644
--- a/plugins/hypervisors/kvm/test/com/cloud/hypervisor/kvm/resource/LibvirtComputingResourceTest.java
+++ b/plugins/hypervisors/kvm/test/com/cloud/hypervisor/kvm/resource/LibvirtComputingResourceTest.java
@@ -39,6 +39,7 @@ import java.util.Arrays;
 import java.util.List;
 import java.util.Random;
 import java.util.UUID;
+import java.util.Vector;
 
 import javax.naming.ConfigurationException;
 import javax.xml.parsers.DocumentBuilderFactory;
@@ -2893,8 +2894,11 @@ public class LibvirtComputingResourceTest {
         final Long seqNum = 1l;
         final IpPortAndProto[] ingressRuleSet = new IpPortAndProto[]{Mockito.mock(IpPortAndProto.class)};
         final IpPortAndProto[] egressRuleSet = new IpPortAndProto[]{Mockito.mock(IpPortAndProto.class)};
+        final List<String> secIps = new Vector<String>();
+        final List<String> cidrs = new Vector<String>();
+        cidrs.add("0.0.0.0/0");
 
-        final SecurityGroupRulesCmd command = new SecurityGroupRulesCmd(guestIp, guestMac,
vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet);
+        final SecurityGroupRulesCmd command = new SecurityGroupRulesCmd(guestIp, guestMac,
vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet, secIps);
 
         final LibvirtUtilitiesHelper libvirtUtilitiesHelper = Mockito.mock(LibvirtUtilitiesHelper.class);
         final Connect conn = Mockito.mock(Connect.class);
@@ -2914,12 +2918,12 @@ public class LibvirtComputingResourceTest {
         when(ingressRuleSet[0].getProto()).thenReturn("tcp");
         when(ingressRuleSet[0].getStartPort()).thenReturn(22);
         when(ingressRuleSet[0].getEndPort()).thenReturn(22);
-        when(ingressRuleSet[0].getAllowedCidrs()).thenReturn(new String[]{"0.0.0.0/0"});
+        when(ingressRuleSet[0].getAllowedCidrs()).thenReturn(cidrs);
 
         when(egressRuleSet[0].getProto()).thenReturn("tcp");
         when(egressRuleSet[0].getStartPort()).thenReturn(22);
         when(egressRuleSet[0].getEndPort()).thenReturn(22);
-        when(egressRuleSet[0].getAllowedCidrs()).thenReturn(new String[]{"0.0.0.0/0"});
+        when(egressRuleSet[0].getAllowedCidrs()).thenReturn(cidrs);
 
         final LibvirtRequestWrapper wrapper = LibvirtRequestWrapper.getInstance();
         assertNotNull(wrapper);
@@ -2945,8 +2949,11 @@ public class LibvirtComputingResourceTest {
         final Long seqNum = 1l;
         final IpPortAndProto[] ingressRuleSet = new IpPortAndProto[]{Mockito.mock(IpPortAndProto.class)};
         final IpPortAndProto[] egressRuleSet = new IpPortAndProto[]{Mockito.mock(IpPortAndProto.class)};
+        final List<String> secIps = new Vector<String>();
+        final List<String> cidrs = new Vector<String>();
+        cidrs.add("0.0.0.0/0");
 
-        final SecurityGroupRulesCmd command = new SecurityGroupRulesCmd(guestIp, guestMac,
vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet);
+        final SecurityGroupRulesCmd command = new SecurityGroupRulesCmd(guestIp, guestMac,
vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet, secIps);
 
         final LibvirtUtilitiesHelper libvirtUtilitiesHelper = Mockito.mock(LibvirtUtilitiesHelper.class);
         final Connect conn = Mockito.mock(Connect.class);
@@ -2972,12 +2979,12 @@ public class LibvirtComputingResourceTest {
         when(ingressRuleSet[0].getProto()).thenReturn("tcp");
         when(ingressRuleSet[0].getStartPort()).thenReturn(22);
         when(ingressRuleSet[0].getEndPort()).thenReturn(22);
-        when(ingressRuleSet[0].getAllowedCidrs()).thenReturn(new String[]{"0.0.0.0/0"});
+        when(ingressRuleSet[0].getAllowedCidrs()).thenReturn(cidrs);
 
         when(egressRuleSet[0].getProto()).thenReturn("tcp");
         when(egressRuleSet[0].getStartPort()).thenReturn(22);
         when(egressRuleSet[0].getEndPort()).thenReturn(22);
-        when(egressRuleSet[0].getAllowedCidrs()).thenReturn(new String[]{"0.0.0.0/0"});
+        when(egressRuleSet[0].getAllowedCidrs()).thenReturn(cidrs);
 
         when(libvirtComputingResource.addNetworkRules(command.getVmName(), Long.toString(command.getVmId()),
command.getGuestIp(), command.getSignature(),
                 Long.toString(command.getSeqNum()), command.getGuestMac(), command.stringifyRules(),
vif, brname, command.getSecIpsString())).thenReturn(true);
@@ -3007,8 +3014,9 @@ public class LibvirtComputingResourceTest {
         final Long seqNum = 1l;
         final IpPortAndProto[] ingressRuleSet = new IpPortAndProto[]{Mockito.mock(IpPortAndProto.class)};
         final IpPortAndProto[] egressRuleSet = new IpPortAndProto[]{Mockito.mock(IpPortAndProto.class)};
+        final List<String> secIps = new Vector<String>();
 
-        final SecurityGroupRulesCmd command = new SecurityGroupRulesCmd(guestIp, guestMac,
vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet);
+        final SecurityGroupRulesCmd command = new SecurityGroupRulesCmd(guestIp, guestMac,
vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet, secIps);
 
         final LibvirtUtilitiesHelper libvirtUtilitiesHelper = Mockito.mock(LibvirtUtilitiesHelper.class);
         final Connect conn = Mockito.mock(Connect.class);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/plugins/hypervisors/ovm/src/com/cloud/ovm/hypervisor/OvmResourceBase.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/ovm/src/com/cloud/ovm/hypervisor/OvmResourceBase.java b/plugins/hypervisors/ovm/src/com/cloud/ovm/hypervisor/OvmResourceBase.java
index 0541b7e..648bf7f 100644
--- a/plugins/hypervisors/ovm/src/com/cloud/ovm/hypervisor/OvmResourceBase.java
+++ b/plugins/hypervisors/ovm/src/com/cloud/ovm/hypervisor/OvmResourceBase.java
@@ -940,8 +940,8 @@ public class OvmResourceBase implements ServerResource, HypervisorResource
{
             s_logger.warn("Failed to program network rules for vm " + cmd.getVmName());
             return new SecurityGroupRuleAnswer(cmd, false, "programming network rules failed");
         } else {
-            s_logger.info("Programmed network rules for vm " + cmd.getVmName() + " guestIp="
+ cmd.getGuestIp() + ":ingress num rules=" + cmd.getIngressRuleSet().length +
-                ":egress num rules=" + cmd.getEgressRuleSet().length);
+            s_logger.info("Programmed network rules for vm " + cmd.getVmName() + " guestIp="
+ cmd.getGuestIp() + ":ingress num rules=" + cmd.getIngressRuleSet().size() +
+                ":egress num rules=" + cmd.getEgressRuleSet().size());
             return new SecurityGroupRuleAnswer(cmd);
         }
     }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/plugins/hypervisors/simulator/src/com/cloud/agent/manager/MockVmManagerImpl.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/simulator/src/com/cloud/agent/manager/MockVmManagerImpl.java
b/plugins/hypervisors/simulator/src/com/cloud/agent/manager/MockVmManagerImpl.java
index 6602e1f..5efcd3b 100644
--- a/plugins/hypervisors/simulator/src/com/cloud/agent/manager/MockVmManagerImpl.java
+++ b/plugins/hypervisors/simulator/src/com/cloud/agent/manager/MockVmManagerImpl.java
@@ -626,7 +626,7 @@ public class MockVmManagerImpl extends ManagerBase implements MockVmManager
{
             reason = ", seqno_new";
         }
         s_logger.info("Programmed network rules for vm " + cmd.getVmName() + " seqno=" +
cmd.getSeqNum() + " signature=" + cmd.getSignature() + " guestIp=" +
-                cmd.getGuestIp() + ", numIngressRules=" + cmd.getIngressRuleSet().length
+ ", numEgressRules=" + cmd.getEgressRuleSet().length + " total cidrs=" +
+                cmd.getGuestIp() + ", numIngressRules=" + cmd.getIngressRuleSet().size()
+ ", numEgressRules=" + cmd.getEgressRuleSet().size() + " total cidrs=" +
                 cmd.getTotalNumCidrs() + action + reason);
         return updateSeqnoAndSig;
     }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixSecurityGroupRulesCommandWrapper.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixSecurityGroupRulesCommandWrapper.java
b/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixSecurityGroupRulesCommandWrapper.java
index 0f8e6b5..b189ba0 100644
--- a/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixSecurityGroupRulesCommandWrapper.java
+++ b/plugins/hypervisors/xenserver/src/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixSecurityGroupRulesCommandWrapper.java
@@ -56,7 +56,7 @@ public final class CitrixSecurityGroupRulesCommandWrapper extends CommandWrapper
             return new SecurityGroupRuleAnswer(command, false, "programming network rules
failed");
         } else {
             s_logger.info("Programmed network rules for vm " + command.getVmName() + " guestIp="
+ command.getGuestIp() + ", ingress numrules="
-                    + command.getIngressRuleSet().length + ", egress numrules=" + command.getEgressRuleSet().length);
+                    + command.getIngressRuleSet().size() + ", egress numrules=" + command.getEgressRuleSet().size());
             return new SecurityGroupRuleAnswer(command);
         }
     }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/plugins/hypervisors/xenserver/test/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixRequestWrapperTest.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/xenserver/test/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixRequestWrapperTest.java
b/plugins/hypervisors/xenserver/test/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixRequestWrapperTest.java
index ca58f35..0e512fb 100644
--- a/plugins/hypervisors/xenserver/test/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixRequestWrapperTest.java
+++ b/plugins/hypervisors/xenserver/test/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixRequestWrapperTest.java
@@ -33,6 +33,7 @@ import java.util.HashMap;
 import java.util.Hashtable;
 import java.util.List;
 import java.util.Map;
+import java.util.Vector;
 
 import org.apache.cloudstack.storage.command.AttachAnswer;
 import org.apache.cloudstack.storage.command.AttachCommand;
@@ -101,6 +102,7 @@ import com.cloud.agent.api.UnPlugNicCommand;
 import com.cloud.agent.api.UpdateHostPasswordCommand;
 import com.cloud.agent.api.UpgradeSnapshotCommand;
 import com.cloud.agent.api.VMSnapshotTO;
+import com.cloud.agent.api.SecurityGroupRulesCmd.IpPortAndProto;
 import com.cloud.agent.api.check.CheckSshCommand;
 import com.cloud.agent.api.proxy.CheckConsoleProxyLoadCommand;
 import com.cloud.agent.api.proxy.WatchConsoleProxyLoadCommand;
@@ -740,7 +742,17 @@ public class CitrixRequestWrapperTest {
         final Connection conn = Mockito.mock(Connection.class);
         final XsHost xsHost = Mockito.mock(XsHost.class);
 
-        final SecurityGroupRulesCmd sshCommand = new SecurityGroupRulesCmd();
+        final String guestIp = "127.0.0.1";
+        final String guestMac = "00:00:00:00";
+        final String vmName = "Test";
+        final Long vmId = 1l;
+        final String signature = "signature";
+        final Long seqNum = 1l;
+        final IpPortAndProto[] ingressRuleSet = new IpPortAndProto[]{Mockito.mock(IpPortAndProto.class)};
+        final IpPortAndProto[] egressRuleSet = new IpPortAndProto[]{Mockito.mock(IpPortAndProto.class)};
+        final List<String> secIps = new Vector<String>();
+
+        final SecurityGroupRulesCmd sshCommand = new SecurityGroupRulesCmd(guestIp, guestMac,
vmName, vmId, signature, seqNum, ingressRuleSet, egressRuleSet, secIps);
 
         final CitrixRequestWrapper wrapper = CitrixRequestWrapper.getInstance();
         assertNotNull(wrapper);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d39182f9/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java
index 64204fe..64bbb75 100644
--- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java
+++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java
@@ -182,8 +182,6 @@ public class SecurityGroupManagerImpl2 extends SecurityGroupManagerImpl
{
                 List<String> nicSecIps = null;
                 if (nic != null) {
                     if (nic.getSecondaryIp()) {
-                        //get secondary ips of the vm
-                        long networkId = nic.getNetworkId();
                         nicSecIps = _nicSecIpDao.getSecondaryIpAddressesForNic(nic.getId());
                     }
                 }
@@ -193,7 +191,7 @@ public class SecurityGroupManagerImpl2 extends SecurityGroupManagerImpl
{
                 cmd.setMsId(_serverId);
                 if (s_logger.isDebugEnabled()) {
                     s_logger.debug("SecurityGroupManager v2: sending ruleset update for vm
" + vm.getInstanceName() + ":ingress num rules=" +
-                        cmd.getIngressRuleSet().length + ":egress num rules=" + cmd.getEgressRuleSet().length
+ " num cidrs=" + cmd.getTotalNumCidrs() + " sig=" +
+                        cmd.getIngressRuleSet().size() + ":egress num rules=" + cmd.getEgressRuleSet().size()
+ " num cidrs=" + cmd.getTotalNumCidrs() + " sig=" +
                         cmd.getSignature());
                 }
                 Commands cmds = new Commands(cmd);


Mime
View raw message