Skip to content

Commit

Permalink
Added etcd and powerstrip ports to security group
Browse files Browse the repository at this point in the history
  • Loading branch information
@grkvlt
grkvlt committed Apr 28, 2015
1 parent 158db09 commit 8bed4e8
Show file tree
Hide file tree
Showing 5 changed files with 28 additions and 9 deletions.
8 changes: 4 additions & 4 deletions docker/src/main/java/brooklyn/entity/container/docker/DockerHostSshDriver.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,18 +196,18 @@ public void configureSecurityGroups() {
* @return Extra IP permissions to be configured on this entity's location.
*/
protected Collection<IpPermission> getIpPermissions() {
String localhost = LocalhostExternalIpLoader.getLocalhostIpWithin(Duration.minutes(1));
String localhost = LocalhostExternalIpLoader.getLocalhostIpWithin(Duration.minutes(1)) + "/32";
IpPermission dockerPort = IpPermission.builder()
.ipProtocol(IpProtocol.TCP)
.fromPort(getEntity().getAttribute(DockerHost.DOCKER_PORT))
.toPort(getEntity().getAttribute(DockerHost.DOCKER_PORT))
.cidrBlock(localhost + "/32")
.cidrBlock(localhost)
.build();
IpPermission dockerSslPort = IpPermission.builder()
.ipProtocol(IpProtocol.TCP)
.fromPort(getEntity().getAttribute(DockerHost.DOCKER_SSL_PORT))
.toPort(getEntity().getAttribute(DockerHost.DOCKER_SSL_PORT))
.cidrBlock(localhost + "/32")
.cidrBlock(localhost)
.build();
IpPermission dockerPortForwarding = IpPermission.builder()
.ipProtocol(IpProtocol.TCP)
Expand All @@ -219,7 +219,7 @@ protected Collection<IpPermission> getIpPermissions() {

if (getEntity().config().get(SdnAttributes.SDN_ENABLE)) {
SdnProvider provider = (SdnProvider) (entity.getAttribute(DockerHost.DOCKER_INFRASTRUCTURE).getAttribute(DockerInfrastructure.SDN_PROVIDER));
Collection<IpPermission> sdnPermissions = provider.getIpPermissions();
Collection<IpPermission> sdnPermissions = provider.getIpPermissions(localhost);
permissions.addAll(sdnPermissions);
}

Expand Down
2 changes: 1 addition & 1 deletion docker/src/main/java/brooklyn/networking/sdn/SdnProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ public interface SdnProvider extends BasicStartable, NetworkProvisioningExtensio
AttributeSensor<Group> SDN_NETWORKS = Sensors.newSensor(Group.class, "sdn.networks.managed", "Collection of virtual network entites managed by this SDN");
AttributeSensor<Group> SDN_APPLICATIONS = Sensors.newSensor(Group.class, "sdn.networks.applications", "Groupings of application containers attached to each managed network");

Collection<IpPermission> getIpPermissions();
Collection<IpPermission> getIpPermissions(String source);

DynamicCluster getDockerHostCluster();

Expand Down
23 changes: 21 additions & 2 deletions docker/src/main/java/brooklyn/networking/sdn/calico/CalicoNetworkImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
import brooklyn.entity.nosql.etcd.EtcdCluster;
import brooklyn.entity.nosql.etcd.EtcdNode;
import brooklyn.entity.proxying.EntitySpec;
import brooklyn.location.PortRange;
import brooklyn.location.basic.SshMachineLocation;
import brooklyn.networking.sdn.SdnAgent;
import brooklyn.networking.sdn.SdnProvider;
Expand Down Expand Up @@ -91,14 +92,32 @@ public void init() {
}

@Override
public Collection<IpPermission> getIpPermissions() {
public Collection<IpPermission> getIpPermissions(String source) {
Collection<IpPermission> permissions = MutableList.of();
PortRange etcdClientPortConfig = config().get(EtcdNode.ETCD_CLIENT_PORT);
Integer etcdClientPort = etcdClientPortConfig.iterator().next();
IpPermission etcdClientTcpPort = IpPermission.builder()
.ipProtocol(IpProtocol.TCP)
.fromPort(etcdClientPort)
.toPort(etcdClientPort)
.cidrBlock(Cidr.UNIVERSAL.toString()) // TODO could be tighter restricted?
.build();
permissions.add(etcdClientTcpPort);
PortRange etcdPeerPortConfig = config().get(EtcdNode.ETCD_PEER_PORT);
Integer etcdPeerPort = etcdPeerPortConfig.iterator().next();
IpPermission etcdPeerTcpPort = IpPermission.builder()
.ipProtocol(IpProtocol.TCP)
.fromPort(etcdPeerPort)
.toPort(etcdPeerPort)
.cidrBlock(Cidr.UNIVERSAL.toString()) // TODO could be tighter restricted?
.build();
permissions.add(etcdPeerTcpPort);
Integer powerstripPort = config().get(CalicoNode.POWERSTRIP_PORT);
IpPermission powerstripTcpPort = IpPermission.builder()
.ipProtocol(IpProtocol.TCP)
.fromPort(powerstripPort)
.toPort(powerstripPort)
.cidrBlock(Cidr.UNIVERSAL.toString()) // TODO could be tighter restricted?
.cidrBlock(source)
.build();
permissions.add(powerstripTcpPort);
return permissions;
Expand Down
2 changes: 1 addition & 1 deletion docker/src/main/java/brooklyn/networking/sdn/ibm/SdnVeNetworkImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ public void init() {
}

@Override
public Collection<IpPermission> getIpPermissions() {
public Collection<IpPermission> getIpPermissions(String source) {
Collection<IpPermission> permissions = MutableList.of();
return permissions;
}
Expand Down
2 changes: 1 addition & 1 deletion docker/src/main/java/brooklyn/networking/sdn/weave/WeaveNetworkImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ public void init() {
}

@Override
public Collection<IpPermission> getIpPermissions() {
public Collection<IpPermission> getIpPermissions(String source) {
Collection<IpPermission> permissions = MutableList.of();
Integer weavePort = config().get(WeaveContainer.WEAVE_PORT);
IpPermission weaveTcpPort = IpPermission.builder()
Expand Down

0 comments on commit 8bed4e8

Please sign in to comment.