| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.brooklyn.entity.machine; |
| |
| import java.util.List; |
| |
| import org.apache.brooklyn.api.mgmt.Task; |
| import org.apache.brooklyn.core.entity.EntityInternal; |
| import org.apache.brooklyn.core.mgmt.BrooklynTaskTags; |
| import org.apache.brooklyn.util.core.task.system.ProcessTaskFactory; |
| import org.slf4j.Logger; |
| import org.slf4j.LoggerFactory; |
| |
| import com.google.common.annotations.Beta; |
| import com.google.common.collect.ImmutableList; |
| import com.google.common.collect.Iterables; |
| import com.google.common.collect.Lists; |
| |
| import org.apache.brooklyn.location.ssh.SshMachineLocation; |
| import org.apache.brooklyn.util.core.task.DynamicTasks; |
| import org.apache.brooklyn.util.core.task.Tasks; |
| import org.apache.brooklyn.util.core.task.ssh.SshTasks; |
| import org.apache.brooklyn.util.net.Protocol; |
| import org.apache.brooklyn.util.ssh.BashCommands; |
| import org.apache.brooklyn.util.ssh.IptablesCommands; |
| import org.apache.brooklyn.util.ssh.IptablesCommands.Chain; |
| import org.apache.brooklyn.util.ssh.IptablesCommands.Policy; |
| import org.apache.brooklyn.util.text.Strings; |
| |
| /** |
| * |
| */ |
| @Beta |
| public class MachineInitTasks { |
| |
| // TODO Move somewhere so code can also be called by JcloudsLocation! |
| |
| private static final Logger log = LoggerFactory.getLogger(MachineInitTasks.class); |
| |
| protected EntityInternal entity() { |
| return (EntityInternal) BrooklynTaskTags.getTargetOrContextEntity(Tasks.current()); |
| } |
| |
| /** |
| * Returns a queued {@link Task} which stops iptables on the given machine. |
| */ |
| public Task<Void> stopIptablesAsync(final SshMachineLocation machine) { |
| return DynamicTasks.queue("stop iptables", new Runnable() { |
| @Override |
| public void run() { |
| stopIptablesImpl(machine); |
| } |
| }); |
| } |
| |
| protected void stopIptablesImpl(final SshMachineLocation machine) { |
| |
| log.info("Stopping iptables for {} at {}", entity(), machine); |
| |
| List<String> cmds = ImmutableList.<String>of(); |
| |
| Task<Integer> checkFirewall = checkLocationFirewall(machine); |
| |
| if (checkFirewall.getUnchecked() == 0) { |
| cmds = ImmutableList.of(IptablesCommands.firewalldServiceStop(), IptablesCommands.firewalldServiceStatus()); |
| } else { |
| cmds = ImmutableList.of(IptablesCommands.iptablesServiceStop(), IptablesCommands.iptablesServiceStatus()); |
| } |
| |
| |
| subTaskHelperAllowingNonZeroExitCode("execute stop iptables", machine, cmds.toArray(new String[cmds.size()])); |
| } |
| |
| |
| /** |
| * See docs in {@link BashCommands#dontRequireTtyForSudo()} |
| */ |
| public Task<Boolean> dontRequireTtyForSudoAsync(final SshMachineLocation machine) { |
| return DynamicTasks.queue(SshTasks.dontRequireTtyForSudo(machine, true).newTask().asTask()); |
| } |
| |
| /** |
| * Returns a queued {@link Task} which opens the given ports in iptables on the given machine. |
| */ |
| public Task<Void> openIptablesAsync(final Iterable<Integer> inboundPorts, final SshMachineLocation machine) { |
| return DynamicTasks.queue("open iptables "+toTruncatedString(inboundPorts, 6), new Runnable() { |
| @Override |
| public void run() { |
| openIptablesImpl(inboundPorts, machine); |
| } |
| }); |
| } |
| |
| protected void openIptablesImpl(Iterable<Integer> inboundPorts, SshMachineLocation machine) { |
| if (inboundPorts == null || Iterables.isEmpty(inboundPorts)) { |
| log.info("No ports to open in iptables (no inbound ports) for {} at {}", machine, this); |
| } else { |
| log.info("Opening ports in iptables for {} at {}", entity(), machine); |
| |
| List<String> iptablesRules = Lists.newArrayList(); |
| String iptablesInstallCommands = null; |
| |
| Task<Integer> checkFirewall = checkLocationFirewall(machine); |
| |
| if (checkFirewall.getUnchecked() == 0) { |
| for (Integer port : inboundPorts) { |
| iptablesRules.add(IptablesCommands.addFirewalldRule(Chain.INPUT, Protocol.TCP, port, Policy.ACCEPT)); |
| } |
| } else { |
| iptablesRules = createIptablesRulesForNetworkInterface(inboundPorts); |
| iptablesInstallCommands = IptablesCommands.saveIptablesRules(); |
| } |
| |
| insertIptablesRules(iptablesRules, iptablesInstallCommands, machine); |
| listIptablesRules(machine); |
| } |
| } |
| |
| /** |
| * Returns a queued {@link Task} which checks if location firewall is enabled. |
| */ |
| public Task<Integer> checkLocationFirewall(final SshMachineLocation machine) { |
| return subTaskHelperAllowingNonZeroExitCode("check if firewall is active", machine, IptablesCommands.firewalldServiceIsActive()); |
| } |
| |
| /** |
| * Returns a queued {@link Task} which inserts iptables rules. |
| */ |
| private Task<Void> insertIptablesRules(final List<String> iptablesRules, final String installCommands, final SshMachineLocation machine) { |
| return DynamicTasks.queue("insert rules", new Runnable() { |
| @Override |
| public void run() { |
| insertIptablesRulesImpl(iptablesRules, installCommands, machine); |
| } |
| }); |
| } |
| |
| private void insertIptablesRulesImpl(List<String> iptablesRules, String installCommands, SshMachineLocation machine) { |
| |
| // Some entities, such as Riak (erlang based) have a huge range of ports, which leads to a script that |
| // is too large to run (fails with a broken pipe). Batch the rules into batches of 100 |
| List<List<String> > batches = Lists.partition(iptablesRules, 100); |
| |
| int batchNumber = 0; |
| for (List<String> batch : batches) { |
| batchNumber++; |
| insertIptablesRulesOnCommandBatches(batch, machine, batchNumber); |
| } |
| if (installCommands != null) { |
| serviceIptablesSave(installCommands, machine); |
| } |
| } |
| |
| /** |
| * Returns a queued {@link Task} which inserts iptables rules on command batches. |
| */ |
| private Task<Integer> insertIptablesRulesOnCommandBatches(final List<String> commandsBatch, final SshMachineLocation machine, int batchNumber) { |
| return subTaskHelperRequiringZeroExitCode("commands batch " + batchNumber, machine, commandsBatch.toArray(new String[commandsBatch.size()])); |
| } |
| |
| /** |
| * Returns a queued {@link Task} which runs iptables save commands. |
| */ |
| private Task<Integer> serviceIptablesSave(final String installCommands, final SshMachineLocation machine) { |
| return subTaskHelperRequiringZeroExitCode("save", machine, installCommands); |
| } |
| |
| /** |
| * Returns a queued {@link Task} which lists the iptables rules. |
| */ |
| private Task<Integer> listIptablesRules(final SshMachineLocation machine) { |
| return subTaskHelperRequiringZeroExitCode("list rules", machine, IptablesCommands.listIptablesRule()); |
| } |
| |
| private Task<Integer> subTaskHelperRequiringZeroExitCode(String taskName, SshMachineLocation machine, String... comands) { |
| ProcessTaskFactory<Integer> taskFactory = SshTasks.newSshExecTaskFactory(machine, comands) |
| .summary(taskName) |
| .requiringExitCodeZero(); |
| return DynamicTasks.queue(taskFactory).asTask(); |
| } |
| |
| private Task<Integer> subTaskHelperAllowingNonZeroExitCode(String taskName, SshMachineLocation machine, String... comands) { |
| ProcessTaskFactory<Integer> taskFactory = SshTasks.newSshExecTaskFactory(machine, comands) |
| .summary(taskName) |
| .allowingNonZeroExitCode(); |
| return DynamicTasks.queue(taskFactory).asTask(); |
| } |
| |
| private List<String> createIptablesRulesForNetworkInterface(Iterable<Integer> ports) { |
| List<String> iptablesRules = Lists.newArrayList(); |
| for (Integer port : ports) { |
| iptablesRules.add(IptablesCommands.insertIptablesRule(Chain.INPUT, Protocol.TCP, port, Policy.ACCEPT)); |
| } |
| return iptablesRules; |
| } |
| |
| protected String toTruncatedString(Iterable<?> vals, int maxShown) { |
| StringBuilder result = new StringBuilder("["); |
| int shown = 0; |
| for (Object val : (vals == null ? ImmutableList.of() : vals)) { |
| if (shown != 0) { |
| result.append(", "); |
| } |
| if (shown < maxShown) { |
| result.append(Strings.toString(val)); |
| shown++; |
| } else { |
| result.append("..."); |
| break; |
| } |
| } |
| result.append("]"); |
| return result.toString(); |
| } |
| } |