/**
   * Applies the given security group permissions to the given node with the given compute service.
   *
   * <p>Takes no action if the compute service does not have a security group extension.
   *
   * @param permissions The set of permissions to be applied to the node
   * @param nodeId The id of the node to update
   * @param computeService The compute service to use to apply the changes
   */
  @VisibleForTesting
  Map<String, SecurityGroup> addPermissionsToLocation(
      Iterable<IpPermission> permissions, final String nodeId, ComputeService computeService) {
    if (!computeService.getSecurityGroupExtension().isPresent()) {
      LOG.warn(
          "Security group extension for {} absent; cannot update node {} with {}",
          new Object[] {computeService, nodeId, permissions});
      return ImmutableMap.of();
    }
    final SecurityGroupExtension securityApi = computeService.getSecurityGroupExtension().get();
    final String locationId = computeService.getContext().unwrap().getId();

    // Expect to have two security groups on the node: one shared between all nodes in the location,
    // that is cached in sharedGroupCache, and one created by Jclouds that is unique to the node.
    // Relies on customize having been called before. This should be safe because the arguments
    // needed to call this method are not available until post-instance creation.
    SecurityGroup machineUniqueSecurityGroup = getSecurityGroup(nodeId, securityApi, locationId);
    MutableList<IpPermission> newPermissions = MutableList.copyOf(permissions);
    Iterables.removeAll(newPermissions, machineUniqueSecurityGroup.getIpPermissions());
    MutableMap<String, SecurityGroup> addedSecurityGroups = MutableMap.of();
    for (IpPermission permission : newPermissions) {
      SecurityGroup addedPermission =
          addPermission(permission, machineUniqueSecurityGroup, securityApi);
      addedSecurityGroups.put(addedPermission.getId(), addedPermission);
    }
    return addedSecurityGroups;
  }
Exemplo n.º 2
0
  // Suggest at least 15 minutes for timeout
  public static String waitForPasswordOnAws(
      ComputeService computeService, final NodeMetadata node, long timeout, TimeUnit timeUnit)
      throws TimeoutException {
    ComputeServiceContext computeServiceContext = computeService.getContext();
    AWSEC2Api ec2Client = computeServiceContext.unwrapApi(AWSEC2Api.class);
    final WindowsApi client = ec2Client.getWindowsApi().get();
    final String region = node.getLocation().getParent().getId();

    // The Administrator password will take some time before it is ready - Amazon says sometimes 15
    // minutes.
    // So we create a predicate that tests if the password is ready, and wrap it in a retryable
    // predicate.
    Predicate<String> passwordReady =
        new Predicate<String>() {
          @Override
          public boolean apply(String s) {
            if (Strings.isNullOrEmpty(s)) return false;
            PasswordData data = client.getPasswordDataInRegion(region, s);
            if (data == null) return false;
            return !Strings.isNullOrEmpty(data.getPasswordData());
          }
        };

    LOG.info("Waiting for password, for " + node.getProviderId() + ":" + node.getId());
    Predicate<String> passwordReadyRetryable =
        Predicates2.retry(
            passwordReady, timeUnit.toMillis(timeout), 10 * 1000, TimeUnit.MILLISECONDS);
    boolean ready = passwordReadyRetryable.apply(node.getProviderId());
    if (!ready)
      throw new TimeoutException(
          "Password not available for "
              + node
              + " in region "
              + region
              + " after "
              + timeout
              + " "
              + timeUnit.name());

    // Now pull together Amazon's encrypted password blob, and the private key that jclouds
    // generated
    PasswordDataAndPrivateKey dataAndKey =
        new PasswordDataAndPrivateKey(
            client.getPasswordDataInRegion(region, node.getProviderId()),
            node.getCredentials().getPrivateKey());

    // And apply it to the decryption function
    WindowsLoginCredentialsFromEncryptedData f =
        computeServiceContext
            .utils()
            .injector()
            .getInstance(WindowsLoginCredentialsFromEncryptedData.class);
    LoginCredentials credentials = f.apply(dataAndKey);

    return credentials.getPassword();
  }
  /**
   * Removes the given security group permissions from the given node with the given compute
   * service.
   *
   * <p>Takes no action if the compute service does not have a security group extension.
   *
   * @param permissions The set of permissions to be removed from the node
   * @param nodeId The id of the node to update
   * @param computeService The compute service to use to apply the changes
   */
  @VisibleForTesting
  void removePermissionsFromLocation(
      Iterable<IpPermission> permissions, final String nodeId, ComputeService computeService) {
    if (!computeService.getSecurityGroupExtension().isPresent()) {
      LOG.warn(
          "Security group extension for {} absent; cannot update node {} with {}",
          new Object[] {computeService, nodeId, permissions});
      return;
    }

    final SecurityGroupExtension securityApi = computeService.getSecurityGroupExtension().get();
    final String locationId = computeService.getContext().unwrap().getId();
    SecurityGroup machineUniqueSecurityGroup = getSecurityGroup(nodeId, securityApi, locationId);

    for (IpPermission permission : permissions) {
      removePermission(permission, machineUniqueSecurityGroup, securityApi);
    }
  }
  @Override
  public ComputeService findComputeService(ConfigBag conf, boolean allowReuse) {
    String provider = checkNotNull(conf.get(CLOUD_PROVIDER), "provider must not be null");
    String identity =
        checkNotNull(conf.get(CloudLocationConfig.ACCESS_IDENTITY), "identity must not be null");
    String credential =
        checkNotNull(
            conf.get(CloudLocationConfig.ACCESS_CREDENTIAL), "credential must not be null");

    Properties properties = new Properties();
    properties.setProperty(Constants.PROPERTY_TRUST_ALL_CERTS, Boolean.toString(true));
    properties.setProperty(Constants.PROPERTY_RELAX_HOSTNAME, Boolean.toString(true));
    properties.setProperty(
        "jclouds.ssh.max-retries",
        conf.getStringKey("jclouds.ssh.max-retries") != null
            ? conf.getStringKey("jclouds.ssh.max-retries").toString()
            : "50");
    // Enable aws-ec2 lazy image fetching, if given a specific imageId; otherwise customize for
    // specific owners; or all as a last resort
    // See https://issues.apache.org/jira/browse/WHIRR-416
    if ("aws-ec2".equals(provider)) {
      // TODO convert AWS-only flags to config keys
      if (groovyTruth(conf.get(IMAGE_ID))) {
        properties.setProperty(PROPERTY_EC2_AMI_QUERY, "");
        properties.setProperty(PROPERTY_EC2_CC_AMI_QUERY, "");
      } else if (groovyTruth(conf.getStringKey("imageOwner"))) {
        properties.setProperty(
            PROPERTY_EC2_AMI_QUERY,
            "owner-id=" + conf.getStringKey("imageOwner") + ";state=available;image-type=machine");
      } else if (groovyTruth(conf.getStringKey("anyOwner"))) {
        // set `anyOwner: true` to override the default query (which is restricted to certain owners
        // as per below),
        // allowing the AMI query to bind to any machine
        // (note however, we sometimes pick defaults in JcloudsLocationFactory);
        // (and be careful, this can give a LOT of data back, taking several minutes,
        // and requiring extra memory allocated on the command-line)
        properties.setProperty(PROPERTY_EC2_AMI_QUERY, "state=available;image-type=machine");
        /*
         * by default the following filters are applied:
         * Filter.1.Name=owner-id&Filter.1.Value.1=137112412989&
         * Filter.1.Value.2=063491364108&
         * Filter.1.Value.3=099720109477&
         * Filter.1.Value.4=411009282317&
         * Filter.2.Name=state&Filter.2.Value.1=available&
         * Filter.3.Name=image-type&Filter.3.Value.1=machine&
         */
      }

      // occasionally can get com.google.common.util.concurrent.UncheckedExecutionException:
      // java.lang.RuntimeException:
      //     security group eu-central-1/jclouds#brooklyn-bxza-alex-eu-central-shoul-u2jy-nginx-ielm
      // is not available after creating
      // the default timeout was 500ms so let's raise it in case that helps
      properties.setProperty(
          EC2Constants.PROPERTY_EC2_TIMEOUT_SECURITYGROUP_PRESENT,
          "" + Duration.seconds(30).toMilliseconds());
    }

    // FIXME Deprecated mechanism, should have a ConfigKey for overrides
    Map<String, Object> extra =
        Maps.filterKeys(conf.getAllConfig(), Predicates.containsPattern("^jclouds\\."));
    if (extra.size() > 0) {
      LOG.warn("Jclouds using deprecated property overrides: " + Sanitizer.sanitize(extra));
    }
    properties.putAll(extra);

    String endpoint = conf.get(CloudLocationConfig.CLOUD_ENDPOINT);
    if (!groovyTruth(endpoint)) endpoint = getDeprecatedProperty(conf, Constants.PROPERTY_ENDPOINT);
    if (groovyTruth(endpoint)) properties.setProperty(Constants.PROPERTY_ENDPOINT, endpoint);

    Map<?, ?> cacheKey =
        MutableMap.builder()
            .putAll(properties)
            .put("provider", provider)
            .put("identity", identity)
            .put("credential", credential)
            .putIfNotNull("endpoint", endpoint)
            .build()
            .asUnmodifiable();

    if (allowReuse) {
      ComputeService result = cachedComputeServices.get(cacheKey);
      if (result != null) {
        LOG.trace(
            "jclouds ComputeService cache hit for compute service, for "
                + Sanitizer.sanitize(properties));
        return result;
      }
      LOG.debug(
          "jclouds ComputeService cache miss for compute service, creating, for "
              + Sanitizer.sanitize(properties));
    }

    Iterable<Module> modules = getCommonModules();

    // Synchronizing to avoid deadlock from sun.reflect.annotation.AnnotationType.
    // See https://github.com/brooklyncentral/brooklyn/issues/974
    ComputeServiceContext computeServiceContext;
    synchronized (createComputeServicesMutex) {
      computeServiceContext =
          ContextBuilder.newBuilder(provider)
              .modules(modules)
              .credentials(identity, credential)
              .overrides(properties)
              .build(ComputeServiceContext.class);
    }
    final ComputeService computeService = computeServiceContext.getComputeService();
    if (allowReuse) {
      synchronized (cachedComputeServices) {
        ComputeService result = cachedComputeServices.get(cacheKey);
        if (result != null) {
          LOG.debug(
              "jclouds ComputeService cache recovery for compute service, for "
                  + Sanitizer.sanitize(cacheKey));
          // keep the old one, discard the new one
          computeService.getContext().close();
          return result;
        }
        LOG.debug(
            "jclouds ComputeService created "
                + computeService
                + ", adding to cache, for "
                + Sanitizer.sanitize(properties));
        cachedComputeServices.put(cacheKey, computeService);
      }
    }
    return computeService;
  }
 public String getApiName() {
   return computeService != null
       ? computeService.getContext().unwrap().getProviderMetadata().getApiMetadata().getId()
       : apiName;
 }
  // TODO: finish me!
  @Test(enabled = false)
  public void
      testCreateNodeUsingVCloud1_0ApiAgainstVCloudDirector1_5WhenVAppTemplateHasNetworkNamedNone()
          throws Exception {

    String group = "group";
    String name = "group-abcd";

    String instantiateXML =
        XMLBuilder.create("InstantiateVAppTemplateParams")
            .a("xmlns", ns)
            .a("xmlns:ovf", "http://schemas.dmtf.org/ovf/envelope/1")
            .a("deploy", "false")
            .a("name", name)
            .a("powerOn", "false")
            .e("Description")
            .up()
            .e("InstantiationParams")
            .e("NetworkConfigSection")
            .e("ovf:Info")
            .t("Configuration parameters for logical networks")
            .up()
            .e("NetworkConfig")
            .a("networkName", "orgNet-jclouds-External") // NOTE not "None"
            .e("Configuration")
            .e("ParentNetwork")
            .a("href", ENDPOINT + "/v1.0/network/" + networkId)
            .up()
            .e("FenceMode")
            .t("bridged")
            .up()
            .up()
            .up()
            .up()
            .up()
            .e("Source")
            .a("href", ENDPOINT + "/v1.0/vAppTemplate/" + templateId)
            .up()
            .e("AllEULAsAccepted")
            .t("true")
            .up()
            .asString(outputProperties);

    HttpRequest version1_0InstantiateWithNetworkNamedSameAsOrgNetwork =
        HttpRequest.builder()
            .method("POST")
            .endpoint(ENDPOINT + "/v1.0/vdc/" + vdcId + "/action/instantiateVAppTemplate")
            .addHeader(HttpHeaders.ACCEPT, "application/vnd.vmware.vcloud.vApp+xml")
            .addHeader("x-vcloud-authorization", sessionToken)
            .addHeader(HttpHeaders.COOKIE, "vcloud-token=" + sessionToken)
            .payload(
                payloadFromStringWithContentType(
                    instantiateXML,
                    "application/vnd.vmware.vcloud.instantiateVAppTemplateParams+xml"))
            .build();

    ComputeService compute =
        requestsSendResponses(
            ImmutableMap.<HttpRequest, HttpResponse>builder()
                .put(versionsRequest, versionsResponseFromVCD1_5)
                .put(
                    version1_0LoginRequest,
                    successfulVersion1_0LoginResponseFromVCD1_5WithSingleOrg)
                .put(
                    version1_0GetOrgRequest,
                    successfulVersion1_0GetOrgResponseFromVCD1_5WithSingleTasksListVDCAndNetwork)
                .put(
                    version1_0GetCatalogRequest,
                    successfulVersion1_0GetCatalogResponseFromVCD1_5WithSingleTemplate)
                .put(
                    version1_0GetCatalogItemRequest,
                    successfulVersion1_0GetCatalogItemResponseFromVCD1_5ForTemplate)
                .put(
                    version1_0GetVDCRequest,
                    successfulVersion1_0GetVDCResponseFromVCD1_5WithSingleTemplateAndNetwork)
                .put(
                    version1_0GetVAppTemplateRequest,
                    successfulVersion1_0GetVAppTemplateResponseFromVCD1_5WithSingleVMAndVDCParent)
                .put(
                    version1_0GetOVFForVAppTemplateRequest,
                    successfulVersion1_0GetOVFForVAppTemplateResponseFromVCD1_5WithSingleVM)
                .put(
                    version1_0InstantiateWithNetworkNamedSameAsOrgNetwork,
                    successfulVersion1_0InstantiatedVApp)
                .build());

    InstantiateVAppTemplateWithGroupEncodedIntoNameThenCustomizeDeployAndPowerOn starter =
        compute
            .getContext()
            .utils()
            .injector()
            .getInstance(
                InstantiateVAppTemplateWithGroupEncodedIntoNameThenCustomizeDeployAndPowerOn.class);

    NodeAndInitialCredentials<VApp> appAndCreds =
        starter.createNodeWithGroupEncodedIntoName(group, name, compute.templateBuilder().build());

    assertEquals(appAndCreds.getNode().getName(), name);
    assertEquals(
        appAndCreds.getCredentials(),
        LoginCredentials.builder().user("root").password("fromVApp").build());
  }
  public void testInstantiateVAppFromTemplateWhenUsingOverriddenNetworkAndFenceMode()
      throws Exception {

    String name = "group-abcd";
    FenceMode fenceMode = FenceMode.NAT_ROUTED;
    URI parentNetwork = URI.create(ENDPOINT + "/v1.0/network/" + "foooooooo");

    String instantiateXML =
        XMLBuilder.create("InstantiateVAppTemplateParams")
            .a("xmlns", ns)
            .a("xmlns:ovf", "http://schemas.dmtf.org/ovf/envelope/1")
            .a("deploy", "false")
            .a("name", name)
            .a("powerOn", "false")
            .e("Description")
            .up()
            .e("InstantiationParams")
            .e("NetworkConfigSection")
            .e("ovf:Info")
            .t("Configuration parameters for logical networks")
            .up()
            .e("NetworkConfig")
            .a("networkName", "jclouds") // NOTE not "None"
            .e("Configuration")
            .e("ParentNetwork")
            .a("href", parentNetwork.toASCIIString())
            .up()
            .e("FenceMode")
            .t(fenceMode.toString())
            .up()
            .up()
            .up()
            .up()
            .up()
            .e("Source")
            .a("href", ENDPOINT + "/v1.0/vAppTemplate/" + templateId)
            .up()
            .e("AllEULAsAccepted")
            .t("true")
            .up()
            .asString(outputProperties);

    HttpRequest version1_0InstantiateWithCustomizedNetwork =
        HttpRequest.builder()
            .method("POST")
            .endpoint(ENDPOINT + "/v1.0/vdc/" + vdcId + "/action/instantiateVAppTemplate")
            .addHeader(HttpHeaders.ACCEPT, "application/vnd.vmware.vcloud.vApp+xml")
            .addHeader("x-vcloud-authorization", sessionToken)
            .addHeader(HttpHeaders.COOKIE, "vcloud-token=" + sessionToken)
            .payload(
                payloadFromStringWithContentType(
                    instantiateXML,
                    "application/vnd.vmware.vcloud.instantiateVAppTemplateParams+xml"))
            .build();

    ComputeService compute =
        requestsSendResponses(
            ImmutableMap.<HttpRequest, HttpResponse>builder()
                .put(versionsRequest, versionsResponseFromVCD1_5)
                .put(
                    version1_0LoginRequest,
                    successfulVersion1_0LoginResponseFromVCD1_5WithSingleOrg)
                .put(
                    version1_0GetOrgRequest,
                    successfulVersion1_0GetOrgResponseFromVCD1_5WithSingleTasksListVDCAndNetwork)
                .put(
                    version1_0GetCatalogRequest,
                    successfulVersion1_0GetCatalogResponseFromVCD1_5WithSingleTemplate)
                .put(
                    version1_0GetCatalogItemRequest,
                    successfulVersion1_0GetCatalogItemResponseFromVCD1_5ForTemplate)
                .put(
                    version1_0GetVDCRequest,
                    successfulVersion1_0GetVDCResponseFromVCD1_5WithSingleTemplateAndNetwork)
                .put(
                    version1_0GetVAppTemplateRequest,
                    successfulVersion1_0GetVAppTemplateResponseFromVCD1_5WithSingleVMAndVDCParent)
                .put(
                    version1_0GetOVFForVAppTemplateRequest,
                    successfulVersion1_0GetOVFForVAppTemplateResponseFromVCD1_5WithSingleVM)
                .put(
                    version1_0InstantiateWithCustomizedNetwork,
                    successfulVersion1_0InstantiatedVApp)
                .build());

    InstantiateVAppTemplateWithGroupEncodedIntoNameThenCustomizeDeployAndPowerOn starter =
        compute
            .getContext()
            .utils()
            .injector()
            .getInstance(
                InstantiateVAppTemplateWithGroupEncodedIntoNameThenCustomizeDeployAndPowerOn.class);

    Template template = compute.templateBuilder().build();
    template
        .getOptions()
        .as(VCloudTemplateOptions.class)
        .parentNetwork(parentNetwork)
        .fenceMode(fenceMode);
    starter.instantiateVAppFromTemplate(name, template);
  }
 /** Always close your service when you're done with it. */
 public void close() throws IOException {
   Closeables.close(computeService.getContext(), true);
 }