diff --git a/install.sh b/install.sh index 0ec5fa42f5..04017cb22f 100755 --- a/install.sh +++ b/install.sh @@ -934,6 +934,8 @@ AUTH_PLAIN_FILES="src/authm_mad/remotes/plain/authenticate" NETWORK_FILES="src/vnm_mad/remotes/OpenNebulaNetwork.rb \ src/vnm_mad/remotes/OpenNebulaNetwork.conf \ src/vnm_mad/remotes/Firewall.rb \ + src/vnm_mad/remotes/SecurityGroups.rb \ + src/vnm_mad/remotes/IPNetmask.rb \ src/vnm_mad/remotes/OpenNebulaNic.rb" NETWORK_8021Q_FILES="src/vnm_mad/remotes/802.1Q/clean \ @@ -971,8 +973,7 @@ NETWORK_VMWARE_FILES="src/vnm_mad/remotes/vmware/clean \ NETWORK_SG_FILES="src/vnm_mad/remotes/security_groups/clean \ src/vnm_mad/remotes/security_groups/post \ - src/vnm_mad/remotes/security_groups/pre \ - src/vnm_mad/remotes/security_groups/SecurityGroups.rb" + src/vnm_mad/remotes/security_groups/pre" #------------------------------------------------------------------------------- # Transfer Manager commands, to be installed under $LIB_LOCATION/tm_commands diff --git a/src/vnm_mad/remotes/802.1Q/clean b/src/vnm_mad/remotes/802.1Q/clean index e7cac108b9..6a454dda31 100755 --- a/src/vnm_mad/remotes/802.1Q/clean +++ b/src/vnm_mad/remotes/802.1Q/clean @@ -20,8 +20,15 @@ $: << File.dirname(__FILE__) $: << File.join(File.dirname(__FILE__), "..") require 'OpenNebulaNetwork' +require 'SecurityGroups' require 'Firewall' -fw = OpenNebulaFirewall.from_base64(ARGV[0]) +template64 = ARGV[0] -fw.deactivate +if OpenNebulaNetwork.has_fw_attrs?(template64) + fw = OpenNebulaFirewall.from_base64(template64) + fw.deactivate +else + sg = OpenNebulaSG.from_base64(template64) + sg.deactivate +end diff --git a/src/vnm_mad/remotes/802.1Q/post b/src/vnm_mad/remotes/802.1Q/post index f14405d711..8fae58c232 100755 --- a/src/vnm_mad/remotes/802.1Q/post +++ b/src/vnm_mad/remotes/802.1Q/post @@ -20,11 +20,38 @@ $: << File.dirname(__FILE__) $: << File.join(File.dirname(__FILE__), "..") require 'OpenNebulaNetwork' +require 'SecurityGroups' require 'Firewall' template64 = ARGV[0] deploy_id = ARGV[1] -fw = OpenNebulaFirewall.from_base64(template64, deploy_id) +if OpenNebulaNetwork.has_fw_attrs?(template64) + fw = OpenNebulaFirewall.from_base64(template64, deploy_id) + fw.activate +else + sg = OpenNebulaSG.from_base64(template64, deploy_id) + begin + sg.activate + rescue OpenNebulaSGError => e + error = e.error + stage = e.stage -fw.activate + OpenNebula.log_error(error.message) + OpenNebula.log_error(error.backtrace) + + case stage + when :bootstrap, :security_groups + OpenNebula.log_info("Deactivating security groups for #{deploy_id}.") + + sg.deactivate + when :deactivate + OpenNebula.log_error("Error deactivating security group rules for #{deploy_id}. Please verify manually.") + end + exit 1 + rescue Exception => error + OpenNebula.log_error(error.message) + OpenNebula.log_error(error.backtrace) + exit 1 + end +end diff --git a/src/vnm_mad/remotes/ebtables/clean b/src/vnm_mad/remotes/ebtables/clean index f051b09504..37e5a7694a 100755 --- a/src/vnm_mad/remotes/ebtables/clean +++ b/src/vnm_mad/remotes/ebtables/clean @@ -19,13 +19,20 @@ $: << File.dirname(__FILE__) $: << File.join(File.dirname(__FILE__), "..") +require 'OpenNebulaNetwork' require 'Ebtables' require 'Firewall' +require 'SecurityGroups' -onevlan = EbtablesVLAN.from_base64(ARGV[0]) +template64 = ARGV[0] +onevlan = EbtablesVLAN.from_base64(template64) onevlan.deactivate -fw = OpenNebulaFirewall.from_base64(ARGV[0]) - -fw.deactivate +if OpenNebulaNetwork.has_fw_attrs?(template64) + fw = OpenNebulaFirewall.from_base64(template64) + fw.deactivate +else + sg = OpenNebulaSG.from_base64(template64) + sg.deactivate +end diff --git a/src/vnm_mad/remotes/ebtables/post b/src/vnm_mad/remotes/ebtables/post index 84b719c173..d25e88358d 100755 --- a/src/vnm_mad/remotes/ebtables/post +++ b/src/vnm_mad/remotes/ebtables/post @@ -19,16 +19,44 @@ $: << File.dirname(__FILE__) $: << File.join(File.dirname(__FILE__), "..") +require 'OpenNebulaNetwork' require 'Ebtables' +require 'SecurityGroups' require 'Firewall' template64 = ARGV[0] deploy_id = ARGV[1] onevlan = EbtablesVLAN.from_base64(template64, deploy_id) - onevlan.activate -fw = OpenNebulaFirewall.from_base64(template64, deploy_id) +if OpenNebulaNetwork.has_fw_attrs?(template64) + fw = OpenNebulaFirewall.from_base64(template64, deploy_id) + fw.activate +else + sg = OpenNebulaSG.from_base64(template64, deploy_id) + begin + sg.activate + rescue OpenNebulaSGError => e + error = e.error + stage = e.stage + + OpenNebula.log_error(error.message) + OpenNebula.log_error(error.backtrace) + + case stage + when :bootstrap, :security_groups + OpenNebula.log_info("Deactivating security groups for #{deploy_id}.") + + sg.deactivate + when :deactivate + OpenNebula.log_error("Error deactivating security group rules for #{deploy_id}. Please verify manually.") + end + exit 1 + rescue Exception => error + OpenNebula.log_error(error.message) + OpenNebula.log_error(error.backtrace) + exit 1 + end +end -fw.activate diff --git a/src/vnm_mad/remotes/fw/clean b/src/vnm_mad/remotes/fw/clean index e7cac108b9..8082ba65aa 100755 --- a/src/vnm_mad/remotes/fw/clean +++ b/src/vnm_mad/remotes/fw/clean @@ -23,5 +23,4 @@ require 'OpenNebulaNetwork' require 'Firewall' fw = OpenNebulaFirewall.from_base64(ARGV[0]) - fw.deactivate diff --git a/src/vnm_mad/remotes/fw/post b/src/vnm_mad/remotes/fw/post index f14405d711..8e5a29a6f1 100755 --- a/src/vnm_mad/remotes/fw/post +++ b/src/vnm_mad/remotes/fw/post @@ -26,5 +26,4 @@ template64 = ARGV[0] deploy_id = ARGV[1] fw = OpenNebulaFirewall.from_base64(template64, deploy_id) - fw.activate diff --git a/src/vnm_mad/remotes/security_groups/clean b/src/vnm_mad/remotes/security_groups/clean index ce9da6325f..6a454dda31 100755 --- a/src/vnm_mad/remotes/security_groups/clean +++ b/src/vnm_mad/remotes/security_groups/clean @@ -21,6 +21,14 @@ $: << File.join(File.dirname(__FILE__), "..") require 'OpenNebulaNetwork' require 'SecurityGroups' +require 'Firewall' -sg = OpenNebulaSG.from_base64(ARGV[0]) -sg.deactivate +template64 = ARGV[0] + +if OpenNebulaNetwork.has_fw_attrs?(template64) + fw = OpenNebulaFirewall.from_base64(template64) + fw.deactivate +else + sg = OpenNebulaSG.from_base64(template64) + sg.deactivate +end diff --git a/src/vnm_mad/remotes/security_groups/post b/src/vnm_mad/remotes/security_groups/post index 1186b997ef..8fae58c232 100755 --- a/src/vnm_mad/remotes/security_groups/post +++ b/src/vnm_mad/remotes/security_groups/post @@ -21,32 +21,37 @@ $: << File.join(File.dirname(__FILE__), "..") require 'OpenNebulaNetwork' require 'SecurityGroups' +require 'Firewall' template64 = ARGV[0] deploy_id = ARGV[1] -sg = OpenNebulaSG.from_base64(template64, deploy_id) -begin - sg.activate -rescue OpenNebulaSGError => e - error = e.error - stage = e.stage +if OpenNebulaNetwork.has_fw_attrs?(template64) + fw = OpenNebulaFirewall.from_base64(template64, deploy_id) + fw.activate +else + sg = OpenNebulaSG.from_base64(template64, deploy_id) + begin + sg.activate + rescue OpenNebulaSGError => e + error = e.error + stage = e.stage - OpenNebula.log_error(error.message) - OpenNebula.log_error(error.backtrace) + OpenNebula.log_error(error.message) + OpenNebula.log_error(error.backtrace) - case stage - when :bootstrap, :security_groups - OpenNebula.log_info("Deactivating security groups for #{deploy_id}.") + case stage + when :bootstrap, :security_groups + OpenNebula.log_info("Deactivating security groups for #{deploy_id}.") - sg.deactivate - when :deactivate - OpenNebula.log_error("Error deactivating security group rules for #{deploy_id}. Please verify manually.") + sg.deactivate + when :deactivate + OpenNebula.log_error("Error deactivating security group rules for #{deploy_id}. Please verify manually.") + end + exit 1 + rescue Exception => error + OpenNebula.log_error(error.message) + OpenNebula.log_error(error.backtrace) + exit 1 end - exit 1 - -rescue Exception => error - OpenNebula.log_error(error.message) - OpenNebula.log_error(error.backtrace) - exit 1 end