513cebe7b7
* Add Virtual Kubelet provider for VIC Initial virtual kubelet provider for VMware VIC. This provider currently handles creating and starting of a pod VM via the VIC portlayer and persona server. Image store handling via the VIC persona server. This provider currently requires the feature/wolfpack branch of VIC. * Added pod stop and delete. Also added node capacity. Added the ability to stop and delete pod VMs via VIC. Also retrieve node capacity information from the VCH. * Cleanup and readme file Some file clean up and added a Readme.md markdown file for the VIC provider. * Cleaned up errors, added function comments, moved operation code 1. Cleaned up error handling. Set standard for creating errors. 2. Added method prototype comments for all interface functions. 3. Moved PodCreator, PodStarter, PodStopper, and PodDeleter to a new folder. * Add mocking code and unit tests for podcache, podcreator, and podstarter Used the unit test framework used in VIC to handle assertions in the provider's unit test. Mocking code generated using OSS project mockery, which is compatible with the testify assertion framework. * Vendored packages for the VIC provider Requires feature/wolfpack branch of VIC and a few specific commit sha of projects used within VIC. * Implementation of POD Stopper and Deleter unit tests (#4) * Updated files for initial PR
186 lines
5.2 KiB
Go
186 lines
5.2 KiB
Go
// Copyright 2017 VMware, Inc. All Rights Reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package update
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"gopkg.in/urfave/cli.v1"
|
|
|
|
"github.com/vmware/vic/cmd/vic-machine/common"
|
|
"github.com/vmware/vic/lib/install/data"
|
|
"github.com/vmware/vic/lib/install/management"
|
|
"github.com/vmware/vic/lib/install/validate"
|
|
"github.com/vmware/vic/pkg/errors"
|
|
"github.com/vmware/vic/pkg/trace"
|
|
)
|
|
|
|
// UpdateFw has all input parameters for vic-machine update firewall command
|
|
type UpdateFw struct {
|
|
*data.Data
|
|
|
|
executor *management.Dispatcher
|
|
|
|
enableFw bool
|
|
disableFw bool
|
|
}
|
|
|
|
func NewUpdateFw() *UpdateFw {
|
|
i := &UpdateFw{}
|
|
i.Data = data.NewData()
|
|
return i
|
|
}
|
|
|
|
// Flags return all cli flags for update firewall
|
|
func (i *UpdateFw) Flags() []cli.Flag {
|
|
update := []cli.Flag{
|
|
cli.DurationFlag{
|
|
Name: "timeout",
|
|
Value: 3 * time.Minute,
|
|
Usage: "Time to wait for update firewall",
|
|
Destination: &i.Timeout,
|
|
},
|
|
cli.BoolFlag{
|
|
Name: "allow",
|
|
Usage: "Enable a firewall rule on target host(s) to allow VIC communication",
|
|
Destination: &i.enableFw,
|
|
},
|
|
cli.BoolFlag{
|
|
Name: "deny",
|
|
Usage: "Disable the firewall rule on target host(s) that allows VIC communication",
|
|
Destination: &i.disableFw,
|
|
},
|
|
}
|
|
|
|
target := i.TargetFlags()
|
|
compute := i.ComputeFlagsNoName()
|
|
debug := i.DebugFlags(true)
|
|
|
|
// flag arrays are declared, now combined
|
|
var flags []cli.Flag
|
|
for _, f := range [][]cli.Flag{target, compute, update, debug} {
|
|
flags = append(flags, f...)
|
|
}
|
|
|
|
return flags
|
|
}
|
|
|
|
func (i *UpdateFw) processParams(op trace.Operation) error {
|
|
defer trace.End(trace.Begin("", op))
|
|
|
|
if err := i.HasCredentials(op); err != nil {
|
|
return err
|
|
}
|
|
|
|
if i.enableFw && i.disableFw {
|
|
return errors.New("Only one of --allow and --deny can be set")
|
|
}
|
|
|
|
if !i.enableFw && !i.disableFw {
|
|
return errors.New("No command selected")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (i *UpdateFw) Run(clic *cli.Context) (err error) {
|
|
op := common.NewOperation(clic, i.Debug.Debug)
|
|
defer func() {
|
|
// urfave/cli will print out exit in error handling, so no more information in main method can be printed out.
|
|
err = common.LogErrorIfAny(op, clic, err)
|
|
}()
|
|
op, cancel := trace.WithTimeout(&op, i.Timeout, clic.App.Name)
|
|
defer cancel()
|
|
defer func() {
|
|
if op.Err() != nil && op.Err() == context.DeadlineExceeded {
|
|
//context deadline exceeded, replace returned error message
|
|
err = errors.Errorf("Update timed out: use --timeout to add more time")
|
|
}
|
|
}()
|
|
|
|
if err = i.processParams(op); err != nil {
|
|
return err
|
|
}
|
|
|
|
if len(clic.Args()) > 0 {
|
|
op.Errorf("Unknown argument: %s", clic.Args()[0])
|
|
return errors.New("invalid CLI arguments")
|
|
}
|
|
|
|
op.Infof("### Updating Firewall ####")
|
|
|
|
var validator *validate.Validator
|
|
if validator, err = validate.NewValidator(op, i.Data); err != nil {
|
|
op.Errorf("Update cannot continue - failed to create validator: %s", err)
|
|
return errors.New("update firewall failed")
|
|
}
|
|
defer validator.Session.Logout(op)
|
|
|
|
_, err = validator.ValidateTarget(op, i.Data)
|
|
if err != nil {
|
|
op.Errorf("Update cannot continue - target validation failed: %s", err)
|
|
return errors.New("update firewall failed")
|
|
}
|
|
_, err = validator.ValidateCompute(op, i.Data, true)
|
|
if err != nil {
|
|
op.Errorf("Update cannot continue - compute resource validation failed: %s", err)
|
|
return errors.New("update firewall failed")
|
|
}
|
|
|
|
executor := management.NewDispatcher(validator.Context, validator.Session, nil, false)
|
|
|
|
if i.enableFw {
|
|
op.Info("")
|
|
op.Warn("### WARNING ###")
|
|
op.Warn("\tThis command modifies the host firewall on the target machine or cluster")
|
|
op.Warnf("\tThe ruleset %q will be enabled", management.RulesetID)
|
|
op.Warn("\tThis allows all outbound TCP traffic from the target")
|
|
op.Warn("\tTo undo this modification use --deny")
|
|
op.Info("")
|
|
|
|
err := executor.EnableFirewallRuleset()
|
|
if err != nil {
|
|
op.Errorf("Failed to enable VIC firewall rule: %s", err)
|
|
return errors.New("failed to enable firewall rule")
|
|
}
|
|
}
|
|
|
|
if i.disableFw {
|
|
op.Info("")
|
|
op.Warn("### WARNING ###")
|
|
op.Warn("\tThis command modifies the host firewall on the target machine or cluster")
|
|
op.Warnf("\tThe ruleset %q will be disabled", management.RulesetID)
|
|
op.Warn("\tThis disables the ruleset that allows all outbound TCP traffic from the target")
|
|
op.Warn("\tVIC Engine will not function unless 2377/tcp outbound is allowed")
|
|
op.Warn("\tTo undo this modification use --allow")
|
|
op.Info("")
|
|
|
|
err := executor.DisableFirewallRuleset()
|
|
if err != nil {
|
|
op.Errorf("Failed to disable VIC firewall rule: %s", err)
|
|
return errors.New("failed to disable firewall rule")
|
|
}
|
|
}
|
|
op.Info("")
|
|
|
|
if i.enableFw || i.disableFw {
|
|
op.Infof("Firewall changes complete")
|
|
}
|
|
|
|
op.Infof("Command completed successfully")
|
|
return nil
|
|
}
|