Feature #3175: Unify the way the filter driver is called and handled

src/vnm_mad/remotes/802.1Q/clean

@@ -20,15 +20,14 @@ $: << File.dirname(__FILE__)
 $: << File.join(File.dirname(__FILE__), "..")
 
 require 'OpenNebulaNetwork'
-require 'SecurityGroups'
-require 'Firewall'
 
 template64 = ARGV[0]
 
-if OpenNebulaNetwork.has_fw_attrs?(template64)
-    fw = OpenNebulaFirewall.from_base64(template64)
-    fw.deactivate
-else
-    sg = OpenNebulaSG.from_base64(template64)
-    sg.deactivate
+begin
+    filter_driver = OpenNebulaNetwork.filter_driver(template64)
+    filter_driver.deactivate
+rescue Exception => e
+    OpenNebula.log_error(e.message)
+    OpenNebula.log_error(e.backtrace)
+    exit 1
 end

src/vnm_mad/remotes/802.1Q/post

@@ -20,38 +20,15 @@ $: << File.dirname(__FILE__)
 $: << File.join(File.dirname(__FILE__), "..")
 
 require 'OpenNebulaNetwork'
-require 'SecurityGroups'
-require 'Firewall'
 
 template64 = ARGV[0]
 deploy_id  = ARGV[1]
 
-if OpenNebulaNetwork.has_fw_attrs?(template64)
-    fw = OpenNebulaFirewall.from_base64(template64, deploy_id)
-    fw.activate
-else
-    sg = OpenNebulaSG.from_base64(template64, deploy_id)
-    begin
-        sg.activate
-    rescue OpenNebulaSGError => e
-        error = e.error
-        stage = e.stage
-
-        OpenNebula.log_error(error.message)
-        OpenNebula.log_error(error.backtrace)
-
-        case stage
-        when :bootstrap, :security_groups
-            OpenNebula.log_info("Deactivating security groups for #{deploy_id}.")
-
-            sg.deactivate
-        when :deactivate
-            OpenNebula.log_error("Error deactivating security group rules for #{deploy_id}. Please verify manually.")
-        end
-        exit 1
-    rescue Exception => error
-        OpenNebula.log_error(error.message)
-        OpenNebula.log_error(error.backtrace)
-        exit 1
-    end
+begin
+    filter_driver = OpenNebulaNetwork.filter_driver(template64, deploy_id)
+    filter_driver.activate
+rescue Exception => e
+    OpenNebula.log_error(e.message)
+    OpenNebula.log_error(e.backtrace)
+    exit 1
 end

src/vnm_mad/remotes/Firewall.rb

@@ -17,7 +17,8 @@
 class OpenNebulaFirewall < OpenNebulaNetwork
     DRIVER = "fw"
 
-    XPATH_FILTER =  OpenNebulaNetwork::FW_ATTRS
+    XPATH_FILTER =  "TEMPLATE/NIC[ICMP|WHITE_PORTS_TCP|WHITE_PORTS_UDP|" <<
+                    "BLACK_PORTS_TCP|BLACK_PORTS_UDP]"
 
     def initialize(vm, deploy_id = nil, hypervisor = nil)
         super(vm,XPATH_FILTER,deploy_id,hypervisor)

src/vnm_mad/remotes/OpenNebulaNetwork.rb

@@ -18,10 +18,11 @@ $: << File.dirname(__FILE__)
 $: << File.join(File.dirname(__FILE__), '..')
 
 require 'rexml/document'
-require 'OpenNebulaNic'
 require 'base64'
 require 'yaml'
 
+require 'OpenNebulaNic'
+
 require 'scripts_common'
 
 include OpenNebula
@@ -134,14 +135,21 @@ end
 class OpenNebulaNetwork
     attr_reader :hypervisor, :vm
 
-    FW_ATTRS =  "TEMPLATE/NIC[ICMP|WHITE_PORTS_TCP|WHITE_PORTS_UDP|" <<
-                "BLACK_PORTS_TCP|BLACK_PORTS_UDP]"
-
     def self.from_base64(vm_64, deploy_id = nil, hypervisor = nil)
         vm_xml =  Base64::decode64(vm_64)
         self.new(vm_xml, deploy_id, hypervisor)
     end
 
+    def self.filter_driver(vm_64, deploy_id = nil, hypervisor = nil)
+        vm_xml =  Base64::decode64(vm_64)
+
+        if self.has_fw_attrs?(vm_xml)
+            OpenNebulaFirewall.new(vm_xml, deploy_id, hypervisor)
+        else
+            OpenNebulaSG.new(vm_xml, deploy_id, hypervisor)
+        end
+    end
+
     def initialize(vm_tpl, xpath_filter, deploy_id = nil, hypervisor = nil)
         @locking = false
 
@@ -206,6 +214,24 @@ class OpenNebulaNetwork
 
         bridges
     end
+end
+
+# Dynamic factory method for the filter class
+require 'Firewall'
+require 'SecurityGroups'
+class OpenNebulaNetwork
+    # Returns a filter object based on the contents of the template
+    #
+    # @return OpenNebulaFirewall or OpenNebulaSG object
+    def self.filter_driver(vm_64, deploy_id = nil, hypervisor = nil)
+        vm_xml =  Base64::decode64(vm_64)
+
+        if self.has_fw_attrs?(vm_xml)
+            OpenNebulaFirewall.new(vm_xml, deploy_id, hypervisor)
+        else
+            OpenNebulaSG.new(vm_xml, deploy_id, hypervisor)
+        end
+    end
 
     # Returns true if the template contains the deprecated firewall attributes:
     # - ICMP
@@ -215,9 +241,8 @@ class OpenNebulaNetwork
     # - BLACK_PORTS_UDP
     #
     # @return Boolean
-    def self.has_fw_attrs?(vm_64)
-        vm_xml =  Base64::decode64(vm_64)
+    def self.has_fw_attrs?(vm_xml)
         vm_root = REXML::Document.new(vm_xml).root
-        !vm_root.elements[FW_ATTRS].nil?
+        !vm_root.elements[OpenNebulaFirewall::XPATH_FILTER].nil?
     end
 end

src/vnm_mad/remotes/SecurityGroups.rb

@@ -514,14 +514,6 @@ end
 # OpenNebula Firewall with Security Groups Based on IPTables (KVM and Xen)
 ################################################################################
 
-class OpenNebulaSGError < StandardError
-    attr_reader :stage, :error
-    def initialize(stage, error = nil)
-        @stage = stage
-        @error = error
-    end
-end
-
 class OpenNebulaSG < OpenNebulaNetwork
     DRIVER = "sg"
     XPATH_FILTER =  "TEMPLATE/NIC"
@@ -578,7 +570,8 @@ class OpenNebulaSG < OpenNebulaNetwork
                     sg.run!
                 rescue Exception => e
                     unlock
-                    raise OpenNebulaSGError.new(:security_groups, e)
+                    deactivate
+                    raise e
                 end
             end
 
@@ -596,7 +589,7 @@ class OpenNebulaSG < OpenNebulaNetwork
                 SECURITY_GROUP_CLASS.nic_deactivate(@vm, nic)
             end
         rescue Exception => e
-            raise OpenNebulaSGError.new(:deactivate, e)
+            raise e
         ensure
             unlock
         end

src/vnm_mad/remotes/ebtables/clean

@@ -21,18 +21,11 @@ $: << File.join(File.dirname(__FILE__), "..")
 
 require 'OpenNebulaNetwork'
 require 'Ebtables'
-require 'Firewall'
-require 'SecurityGroups'
 
 template64 = ARGV[0]
 
 onevlan = EbtablesVLAN.from_base64(template64)
 onevlan.deactivate
 
-if OpenNebulaNetwork.has_fw_attrs?(template64)
-    fw = OpenNebulaFirewall.from_base64(template64)
-    fw.deactivate
-else
-    sg = OpenNebulaSG.from_base64(template64)
-    sg.deactivate
-end
+filter_driver = OpenNebulaNetwork.filter_driver(template64)
+filter_driver.deactivate

src/vnm_mad/remotes/ebtables/post

@@ -21,8 +21,6 @@ $: << File.join(File.dirname(__FILE__), "..")
 
 require 'OpenNebulaNetwork'
 require 'Ebtables'
-require 'SecurityGroups'
-require 'Firewall'
 
 template64 = ARGV[0]
 deploy_id  = ARGV[1]
@@ -30,33 +28,11 @@ deploy_id  = ARGV[1]
 onevlan = EbtablesVLAN.from_base64(template64, deploy_id)
 onevlan.activate
 
-if OpenNebulaNetwork.has_fw_attrs?(template64)
-    fw = OpenNebulaFirewall.from_base64(template64, deploy_id)
-    fw.activate
-else
-    sg = OpenNebulaSG.from_base64(template64, deploy_id)
-    begin
-        sg.activate
-    rescue OpenNebulaSGError => e
-        error = e.error
-        stage = e.stage
-
-        OpenNebula.log_error(error.message)
-        OpenNebula.log_error(error.backtrace)
-
-        case stage
-        when :bootstrap, :security_groups
-            OpenNebula.log_info("Deactivating security groups for #{deploy_id}.")
-
-            sg.deactivate
-        when :deactivate
-            OpenNebula.log_error("Error deactivating security group rules for #{deploy_id}. Please verify manually.")
-        end
-        exit 1
-    rescue Exception => error
-        OpenNebula.log_error(error.message)
-        OpenNebula.log_error(error.backtrace)
-        exit 1
-    end
+begin
+    filter_driver = OpenNebulaNetwork.filter_driver(template64, deploy_id)
+    filter_driver.activate
+rescue Exception => e
+    OpenNebula.log_error(e.message)
+    OpenNebula.log_error(e.backtrace)
+    exit 1
 end
-

src/vnm_mad/remotes/fw/clean

@@ -25,10 +25,11 @@ require 'Firewall'
 
 template64 = ARGV[0]
 
-if OpenNebulaNetwork.has_fw_attrs?(template64)
-    fw = OpenNebulaFirewall.from_base64(template64)
-    fw.deactivate
-else
-    sg = OpenNebulaSG.from_base64(template64)
-    sg.deactivate
+begin
+    filter_driver = OpenNebulaNetwork.filter_driver(template64)
+    filter_driver.deactivate
+rescue Exception => e
+    OpenNebula.log_error(e.message)
+    OpenNebula.log_error(e.backtrace)
+    exit 1
 end

src/vnm_mad/remotes/fw/post

@@ -20,38 +20,15 @@ $: << File.dirname(__FILE__)
 $: << File.join(File.dirname(__FILE__), "..")
 
 require 'OpenNebulaNetwork'
-require 'SecurityGroups'
-require 'Firewall'
 
 template64 = ARGV[0]
 deploy_id  = ARGV[1]
 
-if OpenNebulaNetwork.has_fw_attrs?(template64)
-    fw = OpenNebulaFirewall.from_base64(template64, deploy_id)
-    fw.activate
-else
-    sg = OpenNebulaSG.from_base64(template64, deploy_id)
-    begin
-        sg.activate
-    rescue OpenNebulaSGError => e
-        error = e.error
-        stage = e.stage
-
-        OpenNebula.log_error(error.message)
-        OpenNebula.log_error(error.backtrace)
-
-        case stage
-        when :bootstrap, :security_groups
-            OpenNebula.log_info("Deactivating security groups for #{deploy_id}.")
-
-            sg.deactivate
-        when :deactivate
-            OpenNebula.log_error("Error deactivating security group rules for #{deploy_id}. Please verify manually.")
-        end
-        exit 1
-    rescue Exception => error
-        OpenNebula.log_error(error.message)
-        OpenNebula.log_error(error.backtrace)
-        exit 1
-    end
+begin
+    filter_driver = OpenNebulaNetwork.filter_driver(template64, deploy_id)
+    filter_driver.activate
+rescue Exception => e
+    OpenNebula.log_error(e.message)
+    OpenNebula.log_error(e.backtrace)
+    exit 1
 end