deltacloud-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mar...@apache.org
Subject git commit: fgcp: take fw out of instance list
Date Mon, 29 Oct 2012 13:43:10 GMT
Updated Branches:
  refs/heads/master 3c5a74ae2 -> b0a01c5bd


fgcp: take fw out of instance list


Project: http://git-wip-us.apache.org/repos/asf/deltacloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/deltacloud/commit/b0a01c5b
Tree: http://git-wip-us.apache.org/repos/asf/deltacloud/tree/b0a01c5b
Diff: http://git-wip-us.apache.org/repos/asf/deltacloud/diff/b0a01c5b

Branch: refs/heads/master
Commit: b0a01c5bd8874ab00d091c4f781e32ccb338742f
Parents: 3c5a74a
Author: Dies Koper <diesk@fast.au.fujitsu.com>
Authored: Tue Oct 23 01:04:33 2012 +1100
Committer: marios <marios@redhat.com>
Committed: Mon Oct 29 15:14:15 2012 +0200

----------------------------------------------------------------------
 server/lib/cimi/models/machine_configuration.rb   |    2 +-
 server/lib/deltacloud/drivers/exceptions.rb       |    8 +
 server/lib/deltacloud/drivers/fgcp/fgcp_driver.rb |  158 ++++++++++------
 3 files changed, 107 insertions(+), 61 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/deltacloud/blob/b0a01c5b/server/lib/cimi/models/machine_configuration.rb
----------------------------------------------------------------------
diff --git a/server/lib/cimi/models/machine_configuration.rb b/server/lib/cimi/models/machine_configuration.rb
index 36ebcf7..84c966f 100644
--- a/server/lib/cimi/models/machine_configuration.rb
+++ b/server/lib/cimi/models/machine_configuration.rb
@@ -51,7 +51,7 @@ class CIMI::Model::MachineConfiguration < CIMI::Model::Base
     storage = profile.storage ? context.to_kibibyte((profile.storage.value || profile.storage.default),
profile.storage.unit) :  nil
     machine_hash = {
       :name => profile.name,
-      :description => "Machine Configuration with #{memory} #{profile.memory.unit} "+
+      :description => "Machine Configuration with #{memory} KiB "+
         "of memory and #{cpu} CPU",
       :cpu => ( cpu if cpu ) ,
       :created => Time.now.to_s,  # FIXME: DC hardware_profile has no mention about created_at

http://git-wip-us.apache.org/repos/asf/deltacloud/blob/b0a01c5b/server/lib/deltacloud/drivers/exceptions.rb
----------------------------------------------------------------------
diff --git a/server/lib/deltacloud/drivers/exceptions.rb b/server/lib/deltacloud/drivers/exceptions.rb
index 0664c5f..7bbf510 100644
--- a/server/lib/deltacloud/drivers/exceptions.rb
+++ b/server/lib/deltacloud/drivers/exceptions.rb
@@ -30,6 +30,13 @@ module Deltacloud
 
     end
 
+    class AcceptedButNotCompletedError < DeltacloudException
+      def initialize(e, message=nil)
+        message ||= e.message
+        super(202, e.class.name, message, e.backtrace)
+      end
+    end
+
     class AuthenticationFailure < DeltacloudException
       def initialize(e, message=nil)
         message ||= e.message
@@ -143,6 +150,7 @@ module Deltacloud
       def handler(e)
         return @handler if @handler
         case @status
+          when 202 then AcceptedButNotCompletedError.new(e, @message)
           when 401 then AuthenticationFailure.new(e, @message)
           when 403 then ForbiddenError.new(e, @message)
           when 404 then ObjectNotFound.new(e, @message)

http://git-wip-us.apache.org/repos/asf/deltacloud/blob/b0a01c5b/server/lib/deltacloud/drivers/fgcp/fgcp_driver.rb
----------------------------------------------------------------------
diff --git a/server/lib/deltacloud/drivers/fgcp/fgcp_driver.rb b/server/lib/deltacloud/drivers/fgcp/fgcp_driver.rb
index ea91762..7399c13 100644
--- a/server/lib/deltacloud/drivers/fgcp/fgcp_driver.rb
+++ b/server/lib/deltacloud/drivers/fgcp/fgcp_driver.rb
@@ -237,14 +237,17 @@ class FgcpDriver < Deltacloud::BaseDriver
           # :realm_id can point to system or network
           if vsys_id == opts[:realm_id] or vserver['vserverId'][0] == opts[:id] or network_id
== opts[:realm_id]
 
-            # check state first as it may be filtered on
-            state_data = instance_state_data(vserver, client)
-            if opts[:state].nil? or opts[:state] == state_data[:state]
+            # skip firewall if filtering by realm
+            unless opts[:realm_id] and determine_server_type(vserver) == 'FW'
+              # check state first as it may be filtered on
+              state_data = instance_state_data(vserver, client)
+              if opts[:state].nil? or opts[:state] == state_data[:state]
 
-              instance = convert_to_instance(client, vserver, state_data)
-              add_instance_details(instance, client, vserver)
+                instance = convert_to_instance(client, vserver, state_data)
+                add_instance_details(instance, client, vserver)
 
-              instances << instance
+                instances << instance
+              end
             end
           end
         end
@@ -257,12 +260,16 @@ class FgcpDriver < Deltacloud::BaseDriver
           vsys_config = client.get_vsys_configuration(vsys['vsysId'][0])
           vsys_config['vsys'][0]['vservers'][0]['vserver'].each do |vserver|
 
-            # to keep the response time of this method acceptable, retrieve state
-            # only if required because state is filtered on
-            state_data = opts[:state] ? instance_state_data(vserver, client) : nil
-            # filter on state
-            if opts[:state].nil? or opts[:state] == state_data[:state]
-              instances << convert_to_instance(client, vserver, state_data)
+            # skip firewalls - they probably don't belong here and their new type ('firewall'
instead of 
+            # 'economy') causes errors when trying to map to available profiles)
+            unless determine_server_type(vserver) == 'FW'
+              # to keep the response time of this method acceptable, retrieve state
+              # only if required because state is filtered on
+              state_data = opts[:state] ? instance_state_data(vserver, client) : nil
+              # filter on state
+              if opts[:state].nil? or opts[:state] == state_data[:state]
+                instances << convert_to_instance(client, vserver, state_data)
+              end
             end
           end
         end
@@ -854,44 +861,46 @@ eofwpxml
         fw_owner_id = fw['efm'][0]['creator'][0]
         rule50000_log = true
 
-        fw['efm'][0]['firewall'][0]['directions'][0]['direction'].each do |direction|
+        if fw['efm'][0]['firewall'][0]['directions'] and fw['efm'][0]['firewall'][0]['directions'][0]['direction']
+          fw['efm'][0]['firewall'][0]['directions'][0]['direction'].each do |direction|
 
-          direction['policies'][0]['policy'].each do |policy|
+            direction['policies'][0]['policy'].each do |policy|
 
-            sources = []
-            ['src', 'dst'].each do |e|
+              sources = []
+              ['src', 'dst'].each do |e|
 
-              if policy[e] and policy[e][0] and not policy[e][0].empty?
+                if policy[e] and policy[e][0] and not policy[e][0].empty?
 
-                ip_address_type = policy["#{e}Type"][0]
-                address = policy[e][0]
-                address.sub!('any', '0.0.0.0/0') if ip_address_type == 'IP'
-                address += '/32' if ip_address_type == 'IP' and not address =~ /.*\/.*/
+                  ip_address_type = policy["#{e}Type"][0]
+                  address = policy[e][0]
+                  address.sub!('any', '0.0.0.0/0') if ip_address_type == 'IP'
+                  address += '/32' if ip_address_type == 'IP' and not address =~ /.*\/.*/
 
-                sources << {
-                  :type    => 'address',
-                  :family  => 'ipv4',
-                  :address => address.split('/').first,
-                  :prefix  => ip_address_type == 'IP' ? address.split('/').last : nil
-                }
+                  sources << {
+                    :type    => 'address',
+                    :family  => 'ipv4',
+                    :address => address.split('/').first,
+                    :prefix  => ip_address_type == 'IP' ? address.split('/').last : nil
+                  }
+                end
               end
-            end
 
-            # defining ingress as access going from Internet/Intranet -> DMZ -> SECURE1
-> SECURE2
-            ingress = policy['id'][0] =~ /[13].*/ ? 'ingress' : 'egress'
-
-            rules << FirewallRule.new({
-              :id             => policy['id'][0],
-              :rule_action    => policy['action'][0].downcase,
-              :log_rule       => policy['log'][0] == 'On',
-              :allow_protocol => policy['protocol'][0],
-              :port_from      => policy['srcPort'] ? policy['srcPort'][0] : nil, # not
set for e.g. ICMP
-              :port_to        => policy['dstPort'] ? policy['dstPort'][0] : nil, # not
set for e.g. ICMP
-              :direction      => ingress,
-              :sources        => sources
-            }) unless policy['id'][0] == '50000' # special case added later
-
-            rule50000_log = (policy['log'][0] == 'On') if policy['id'][0] == '50000'
+              # defining ingress as access going from Internet/Intranet -> DMZ -> SECURE1
-> SECURE2
+              ingress = policy['id'][0] =~ /[13].*/ ? 'ingress' : 'egress'
+
+              rules << FirewallRule.new({
+                :id             => policy['id'][0],
+                :rule_action    => policy['action'][0].downcase,
+                :log_rule       => policy['log'][0] == 'On',
+                :allow_protocol => policy['protocol'][0],
+                :port_from      => policy['srcPort'] ? policy['srcPort'][0] : nil, # not
set for e.g. ICMP
+                :port_to        => policy['dstPort'] ? policy['dstPort'][0] : nil, # not
set for e.g. ICMP
+                :direction      => ingress,
+                :sources        => sources
+              }) unless policy['id'][0] == '50000' # special case added later
+
+              rule50000_log = (policy['log'][0] == 'On') if policy['id'][0] == '50000'
+            end
           end
         end
 
@@ -962,7 +971,31 @@ eofwpxml
   def delete_firewall(credentials, opts={})
     safely do
       client = new_client(credentials)
-      client.destroy_vsys(client.extract_vsys_id(opts[:id]))
+      begin
+        # try to stop FW first
+        opts[:id] =~ /^(.*-S-)\d\d\d\d/
+        fw_id = $1 + '0001'
+        client.stop_efm(fw_id)
+      rescue Exception => ex
+        raise ex if not ex.message =~ /ALREADY_STOPPED.*/
+        client.destroy_vsys(client.extract_vsys_id(opts[:id]))
+        return
+      end
+
+      Thread.new {
+        attempts = 0
+        begin
+          sleep 30
+          # this may fail if the FW is still stopping
+          client.destroy_vsys(client.extract_vsys_id(opts[:id]))
+        rescue Exception => ex
+          raise unless attempts < 20 and ex.message =~ /SERVER_RUNNING.*/
+          # Stopping takes a few minutes, so keep trying for a while
+          attempts += 1
+          retry
+        end
+      }
+      raise 'Firewall will be deleted once it has stopped'
     end
   end
 
@@ -1293,47 +1326,47 @@ eofwopxml
 
   exceptions do
 
+    # FW will be deleted in async polling thread, so can't guarantee successful completion
+    on /Firewall will be deleted once it has stopped/ do
+      status 202 # Accepted
+    end
+
     on /ALREADY_STARTED/ do
-      status 405
+      status 405 # Method Not Allowed
     end
 
     # trying to start a running vserver, etc.
     on /ILLEGAL_STATE/ do
-      status 405
+      status 405 # Method Not Allowed
     end
 
     on /AuthFailure/ do
-      status 401
+      status 401 # Unauthorized
     end
 
     # User not found: using certificate with wrong region
     on /User not found in selectData./ do
-      status 401
+      status 401 # Unauthorized
     end
 
     # if user doesn't have privileges to view or operate a particular resource
     on /User doesn.t have the right of access./ do
-      status 400
-    end
-
-    # time out of sync with ntp
-    on /VALIDATION_ERROR.*synchronized.*API-Server time/ do
-      status 502
+      status 403 # Forbidden
     end
 
     # wrong vserverId, etc.
     on /VALIDATION_ERROR/ do
-      status 404
+      status 404 # Not Found
     end
 
     # wrong vdiskId, etc.
     on /RESOURCE_NOT_FOUND/ do
-      status 404
+      status 404 # Not Found
     end
 
     # wrong FW description (vsys descriptor)
     on /does not exist. Specify one of / do
-      status 404
+      status 404 # Not Found
     end
 
     # trying an operation that is not supported (yet) by the target region
@@ -1341,19 +1374,24 @@ eofwopxml
       status 501 # Not Implemented
     end
 
+    # time out of sync with ntp
+    on /VALIDATION_ERROR.*synchronized.*API-Server time/ do
+      status 502 # Bad Gateway
+    end
+
     # destroying a running SLB, etc.
     on /ALREADY_STARTED/ do
-      status 502 #?
+      status 502 # Bad Gateway?
     end
 
     # trying to start a running vserver, etc.
     on /ILLEGAL_STATE/ do
-      status 502
+      status 502 # Bad Gateway
     end
 
     # endpoint for country of certificate subject not found
     on /API endpoint not found/ do
-      status 502
+      status 502 # Bad Gateway
     end
 
     on /.*/ do


Mime
View raw message