Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 75100200BAC for ; Wed, 26 Oct 2016 17:25:07 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 72244160AEE; Wed, 26 Oct 2016 15:25:07 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id E9279160ACA for ; Wed, 26 Oct 2016 17:25:05 +0200 (CEST) Received: (qmail 25807 invoked by uid 500); 26 Oct 2016 15:25:05 -0000 Mailing-List: contact user-help@jclouds.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@jclouds.apache.org Delivered-To: mailing list user@jclouds.apache.org Received: (qmail 25797 invoked by uid 99); 26 Oct 2016 15:25:05 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 26 Oct 2016 15:25:05 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 9E42D180682 for ; Wed, 26 Oct 2016 15:25:04 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3.68 X-Spam-Level: *** X-Spam-Status: No, score=3.68 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, KAM_BADIPHTTP=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, WEIRD_PORT=0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id OtMI27Ikv1np for ; Wed, 26 Oct 2016 15:25:01 +0000 (UTC) Received: from mail-lf0-f50.google.com (mail-lf0-f50.google.com [209.85.215.50]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 50ABC5FBE1 for ; Wed, 26 Oct 2016 15:25:00 +0000 (UTC) Received: by mail-lf0-f50.google.com with SMTP id x79so8693959lff.0 for ; Wed, 26 Oct 2016 08:25:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=ZZbjaL29YJ9N7rGPwOulfc0oxDCyR3LU1mgUmyNZpzs=; b=dGtqh7dNmor1McLtQMPWqjuIdbFJClDCJhzEfmx2FVlTnFNLm5GvXqsOzMzi6OgpKu yml1X2cu6r2wbnkJ/6ed+HPhpaxA8pAlD66mYthEmXBAIkZMOCW2z2TTsiA/6r5hIBqf 4KU7lUjaPXhQ9IrGCAbw1T3pWzV6FpzvQKoWNucmFCkwT6wNYzR7QKd0AW2vJ1O2sdtn dsVRmUmJ+Eqj6Ih7pEdGbvMHXeJZAbij8jKwAGmPBa2GziGwH1lM1hmZAA+2J2KbnnnD eUERkIGdQcCq6rtyNzPDKxXwOFk7lEoLC7AIemvXHG2DjDSn9yKnY9eGR/DQ9eE5BpRM M55g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=ZZbjaL29YJ9N7rGPwOulfc0oxDCyR3LU1mgUmyNZpzs=; b=BQ9gUDREguqBBzWbA1o8ZuA92YuYt4KQYp9OlkjdBPGrr3juZW/GO/paZRb6unsAxG 553IrlWL6KrUwcp0GkRP1bIV1Ba+IhR4lSU7V1L7Aea4HyU3OS8sGcQpZ7IQoGJJQzM/ EbGIt1DVZxJtePm+cP+Ei1ksy8+RwwkBT4v+7P7jtLMOioLnuAxjNgkFuVVSzw/hmhH4 Slev85G60QEshEYKrWTdd/E/213NvHYZdacHSKdMiCVjq2qBbjDaTAyZ3WuBEI16VFhT abcf8yP2HoJ2bILMvobBtp6EzKSbUmwJ9JIukek9E1TDY+Y4o/WgRnNRNBMkVkaaEEZA zuGg== X-Gm-Message-State: ABUngveG+xDHTALemtKqzWDA0G1aZTXiyNcf/EfUP+83uLn/AUk51q0h3onF0TsyIyb0iEBnpuBubuVfPANhBg== X-Received: by 10.25.141.3 with SMTP id p3mr1952813lfd.157.1477495496978; Wed, 26 Oct 2016 08:24:56 -0700 (PDT) MIME-Version: 1.0 Received: by 10.25.202.66 with HTTP; Wed, 26 Oct 2016 08:24:56 -0700 (PDT) In-Reply-To: References: From: Ken Date: Wed, 26 Oct 2016 17:24:56 +0200 Message-ID: Subject: Re: FWaaS examples To: user@jclouds.apache.org, Andrea Turli , nacx@apache.org Content-Type: multipart/alternative; boundary=001a1140241a4136d8053fc63a4d archived-at: Wed, 26 Oct 2016 15:25:07 -0000 --001a1140241a4136d8053fc63a4d Content-Type: text/plain; charset=UTF-8 Hi , I have tried to get the example above to work using a basic openstack installation. However, I get the error below : Exception in thread "main" java.lang.IllegalArgumentException: requested location [Ljava.lang.String;@2631f68c, which is not in the configured locations: {RegionOne=Suppliers.ofInstance(http://172.16.18.171:9696/)}. I used the string "RegionOne" since I couldn't figure out how to get the region_id , maybe this is the problem ? My code example is : public static void main(String[] args) { > > neutronApi = ContextBuilder.newBuilder(new NeutronApiMetadata()) > > .endpoint("http:/xx.xx.xx.xx:5000/v2.0") > > .credentials(identity,credential ) >> > .modules(ImmutableSet.of( > > new SshjSshClientModule(), > > new SLF4JLoggingModule(), > > new BouncyCastleCryptoModule())) > > .buildApi(NeutronApi.class); > > regions = neutronApi.getConfiguredRegions(); > > > > System.out.println("Connected !!"); > > System.out.println("regions" + regions); > > regionNow = regions.toArray(new String[regions.size()]); > > System.out.println("the region : " + regionNow[0]); > > createFireWall(); > > } > > public static void createFireWall() { > > String [] addresses = {"172.24.4.3", "1.2.3.4"}; > > String [] ports = {"80", "23"}; > > FWaaSApi fWaaSApi = neutronApi.getFWaaSApi(regionNow.toString()).get(); > > System.out.println(fWaaSApi); > > FirewallPolicy firewallPolicy = >> fWaaSApi.createFirewallPolicy(CreateFirewallPolicy.builder() > > .name(String.format(JCLOUDS_FW_POLICY_PATTERN, name)) > > .build()); > > for (String address : addresses) { > > for (String inboundPort : ports) { > > FirewallRule firewallRule = >> fWaaSApi.createFirewallRule(CreateFirewallRule.builder() > > .name(ruleName) > > .destinationIpAddress(address) > > .destinationPort(inboundPort) > > .enabled(true) > > .action("allow") > > .protocol("tcp") > > .build()); > > fWaaSApi.insertFirewallRuleToPolicy(firewallPolicy.getId(), >> firewallRule.getId()); > > } > > } > > } > > Many thanks in advance. Regards, Ken.. On Sun, Oct 23, 2016 at 11:19 PM, Ken wrote: > Hi Andrea & Ignasi, > > Many thanks for quickly responding to my enquiries. > Sorry, I didn't make it very clear that my focus was more in the direction > of OpenStack yet Andrea provided an apt response. > Also, the Ignasi's information about security groups is very useful > because this equally falls within my purview. > > I am already reading though the references .... > > > Many thanks !! > > Regards, > > Kennedy > > > On Sun, Oct 23, 2016 at 8:51 PM, Andrea Turli > wrote: > >> Hi Ken, >> >> in addition to Ignasi' suggestions I can add also the following >> (hopefully) useful links for FWaaS API, presuming you are in the context of >> Openstack. >> >> Recently we add the support for those API to Openstack Neutron [4]. As >> usual you can create instantiate a NeutronApi with something like >> >> NeutronApi neutronApi = ContextBuilder.newBuilder(new >> NeutronApiMetadata()) >> .endpoint(endpoint) >> .credentials(credentials) >> .modules(ImmutableSet.of( >> new SshjSshClientModule(), >> new SLF4JLoggingModule(), >> new BouncyCastleCryptoModule())) >> .buildApi(NeutronApi.class) >> >> and for example use it to create a firewall and add a rule like >> >> FWaaSApi fWaaSApi = neutronApi.getFWaaSApi(regionId).get(); >> FirewallPolicy firewallPolicy = fWaaSApi.createFirewallPolicy( >> CreateFirewallPolicy.builder() >> .name(String.format(JCLOUDS_FW_POLICY_PATTERN, name)) >> .build()); >> >> for (String address : addresses) { >> for (String inboundPort : ports) { >> FirewallRule firewallRule = fWaaSApi.createFirewallRule(Cr >> eateFirewallRule.builder() >> .name(ruleName) >> .destinationIpAddress(address) >> .destinationPort(inboundPort) >> .enabled(true) >> .action("allow") >> .protocol("tcp") >> .build()); >> fWaaSApi.insertFirewallRuleToPolicy(firewallPolicy.getId(), >> firewallRule.getId()); >> } >> } >> >> >> HTH, >> Andrea >> >> [4]: https://github.com/jclouds/jclouds-labs-openstack/pull/196 >> >> On Sun, Oct 23, 2016 at 6:07 PM, Ignasi Barrera wrote: >> >>> Hi Ken, >>> >>> Not all providers have an API to effectively manage firewalls, but >>> most that do, implement the jclouds SecurityGroupExtension [1]. You >>> can get it by calling: >>> >>> context.getComputeService().getSecurityGroupExtension(); >>> >>> That will return an optional that will be present if the extension is >>> supported by the provider. You'll see in the javadocs that it has >>> methods to create and manage security groups, and also to configure >>> the ruleset set for each. Once you have configured the security >>> groups, you can create nodes and assign them to the desired security >>> groups by using the TemplateOptions#securityGroups() method [2]. >>> >>> Alternatively, in some providers that don't support the security >>> groups extension, you can still use the TemplateOptions#inboundPorts >>> [3] to open ports in the nodes you create. >>> >>> >>> HTH! >>> >>> I. >>> >>> >>> [1] http://jclouds-javadocs.elasticbeanstalk.com/org/jclouds/com >>> pute/extensions/SecurityGroupExtension.html >>> [2] http://jclouds-javadocs.elasticbeanstalk.com/org/jclouds/com >>> pute/options/TemplateOptions.html#securityGroups(java.lang.Iterable) >>> [3] http://jclouds-javadocs.elasticbeanstalk.com/org/jclouds/com >>> pute/options/TemplateOptions.html#inboundPorts(int...) >>> >>> On 22 October 2016 at 21:40, Ken wrote: >>> > Hi, I am trying to use jclouds FWaaS API, I cannot find examples like >>> there >>> > are for swift etc. Can someone point me to where such is available or >>> maybe >>> > give me a basic examples....e.g creating a firewall. >>> > >>> > Many thanks. >>> >> >> > --001a1140241a4136d8053fc63a4d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi ,

I have tried to get the example ab= ove to work using a basic openstack installation.
However, I get = the error below=C2=A0=C2=A0:

Exception in thread &= quot;main" java.lang.IllegalArgumentException: requested location [Lja= va.lang.String;@2631f68c, which is not in the configured locations: {Region= One=3DSuppliers.ofInstance(http://1= 72.16.18.171:9696/)}.

I used the string &q= uot;RegionOne" since I couldn't figure out how to get the region_i= d , maybe this is the problem ?

My code example is= :

public static void main(Str= ing[] args) {
neutronApi =3D ContextBuilder.n= ewBuilder(new NeutronApiMetadata())
.endpoint("http:/xx.xx.xx.xx:5000/v2.0")
=C2=A0 =C2=A0 = =C2=A0 =C2=A0 .credentials(identity,credential )
=C2=A0 =C2=A0 =C2=A0 =C2=A0 .modules(= ImmutableSet.<Module>of(
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 new= SshjSshClientModule(),
= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 new SLF4JL= oggingModule(),
= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 new BouncyCastleCr= yptoModule()))
= =C2=A0 =C2=A0 =C2=A0 =C2=A0 .buildApi(NeutronApi.class);
regions =3D neutronApi.getConfigu= redRegions();
= =C2=A0
System.o= ut.println("Connected !!");
System.out.println("regions" + regions);
regionNow =3D re= gions.toArray(new String[regions.size()]);
System.out.println("the region : " + = regionNow[0]);
= createFireWall();
}
<= blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l= eft:1px solid rgb(204,204,204);padding-left:1ex">
pub= lic static void createFireWall() {
String [] addresses =3D {"172.24.4.3", "1= .2.3.4"};
S= tring [] ports =3D {"80", "23"};
FWaaSApi fWaaSApi =3D neutronApi.getFWaaSApi(regionNo= w.toString()).get();
System.out.println(fWaaSApi);
FirewallPolicy firewallPolicy =3D fWaaSApi.createFirewal= lPolicy(CreateFirewallPolicy.builder()
=C2=A0 =C2=A0 =C2=A0 =C2=A0.name(String.format(JCLO= UDS_FW_POLICY_PATTERN, name))
=C2=A0 =C2=A0 =C2=A0 =C2=A0.build());
for (String address : addresses) {
=C2=A0for (String = inboundPort : ports) {
= =C2=A0 =C2=A0 FirewallRule firewallRule =3D fWaaSApi.createFirewal= lRule(CreateFirewallRule.builder()
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 .name(ruleNam= e)
=C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 .destinationIpAddress(address)
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 .destinationPort(inboundPort)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 .e= nabled(true)
= = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 .action("allow")
=C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 .protocol("tcp")
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = .build());
=C2= =A0 =C2=A0 fWaaSApi.insertFirewallRuleToPolicy(firewallPolicy.getId(), fire= wallRule.getId());
=C2=A0}
<= span class=3D"gmail-Apple-tab-span" style=3D"white-space:pre"> }
}

Many thanks in advance.

Regards,

Ken.. =C2=A0

<= br>

On= Sun, Oct 23, 2016 at 11:19 PM, Ken <run2obtain@gmail.com> wrote:
Hi Andrea & Ig= nasi,

Many thanks for=C2=A0quickly=C2=A0resp= onding=C2=A0to my enquiries.=C2=A0
Sorry, I didn&#= 39;t make it very clear that my focus was more in the direction of OpenStac= k yet Andrea provided an apt response.
Also, the = Ignasi's =C2=A0information about security groups is very useful because= this equally falls within my purview.

I am already reading though the references ....<= /font>


Many thanks !!

Re= gards,

Kennedy


On= Sun, Oct 23, 2016 at 8:51 PM, Andrea Turli <andrea.turli@gmail.com= > wrote:
H= i Ken,

in addition to Ignasi' suggestions I can add = also the following (hopefully) useful links for FWaaS API, presuming you ar= e in the context of Openstack.

Recently we add the= support for those API to Openstack Neutron [4]. As usual you can create in= stantiate a NeutronApi with something like

NeutronApi neutronApi =3D= ContextBuilder.newBuilder(new NeutronApiMetadata())
=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0.endpoint(endpoint)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0.= credentials(credentials)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0.modules(Immu= tableSet.<Module>of(
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0new SshjSshClientModule(),
=C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0new SLF4JLoggingModule(),
=C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0new BouncyCastle= CryptoModule()))
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0.buildApi(NeutronApi.= class)

and for example use it to create a fire= wall and add a rule like

FWaaSApi=C2=A0fWaaSApi=C2= =A0=3D neutronApi.getFWaaSApi(regionId).get();
FirewallPolicy firew= allPolicy =3D fWaaSApi.createFirewallPolicy(CreateFirewallPolicy.build= er()
=C2=A0 =C2=A0 =C2=A0 =C2=A0 .name(String.format(JCLOUDS_FW_P= OLICY_PATTERN, name))
=C2=A0 =C2=A0 =C2=A0 =C2=A0 .build());

for = (String address : addresses) {
=C2=A0 for (String inboundPort : ports) {=
=C2=A0 =C2=A0 =C2=A0FirewallRule firewallRule =3D fWaaSApi.createFirewa= llRule(CreateFirewallRule.builder()
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0.name(ruleName)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0.destinationIpAddress(address)
=C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0.destinationPort(inboundPort)
=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0.enabled(true)
=C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0.action("allow")
=C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0.protocol("tcp")
=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0.build());
=C2=A0 =C2=A0 =C2=A0fWaaSApi.i= nsertFirewallRuleToPolicy(firewallPolicy.getId(), firewallRule.getId()= );
=C2=A0 }
}


HTH,
Andrea=


On Sun, Oct 23, 2016 at 6:07 PM, Ignasi Barrera <= nacx@apache.org>= ; wrote:
Hi Ken= ,

Not all providers have an API to effectively manage firewalls, but
most that do, implement the jclouds SecurityGroupExtension [1]. You
can get it by calling:

context.getComputeService().getSecurityGroupExtension();

That will return an optional that will be present if the extension is
supported by the provider. You'll see in the javadocs that it has
methods to create and manage security groups, and also to configure
the ruleset set for each. Once you have configured the security
groups, you can create nodes and assign them to the desired security
groups by using the TemplateOptions#securityGroups() method [2].

Alternatively, in some providers that don't support the security
groups extension, you can still use the TemplateOptions#inboundPorts
[3] to open ports in the nodes you create.


HTH!

I.


[1] http://jclouds-javadocs.elasticbeanstalk.com/org/jclouds/compute/extensions/SecurityGroupExtension.html
[2] http://jclouds-javadocs.elasticbeans= talk.com/org/jclouds/compute/options/TemplateOptions.html#securit= yGroups(java.lang.Iterable)
[3] http://jclouds-javadocs.elasticbeanstalk.com/org/jclou= ds/compute/options/TemplateOptions.html#inboundPorts(int...)<= br>

On 22 October 2016 at 21:40, Ken <run2obtain@gmail.com> wrote:
> Hi, I am trying to use jclouds FWaaS API, I cannot find examples like = there
> are for swift etc. Can someone point me to where such is available or = maybe
> give me a basic examples....e.g creating a firewall.
>
> Many thanks.



--001a1140241a4136d8053fc63a4d--