Browse files

Use warden API to create iptables rules

Change-Id: I867fed544d786b281405a2cd79c4005dc5775983
  • Loading branch information...
1 parent c1a412f commit 68e85d31eabdf24195cb63df41d665207645d911 Tang Rui committed Oct 3, 2012
Showing with 24 additions and 51 deletions.
  1. +2 −2 Gemfile
  2. +9 −9 Gemfile.lock
  3. +11 −38 lib/base/warden.rb
  4. +2 −2 vcap_services_base.gemspec
View
4 Gemfile
@@ -12,6 +12,6 @@ group :test do
gem 'eventmachine', :git => 'git://github.com/cloudfoundry/eventmachine.git', :branch => 'release-0.12.11-cf'
gem 'vcap_common', :require => ['vcap/common', 'vcap/component'], :git => 'git://github.com/cloudfoundry/vcap-common.git', :ref => 'fd6b6d91'
gem 'vcap_logging', :require => ['vcap/logging'], :git => 'git://github.com/cloudfoundry/common.git', :ref => 'b96ec1192d'
- gem 'warden-client', :require => ['warden/client'], :git => 'git://github.com/cloudfoundry/warden.git', :ref => 'ab5f67aa'
- gem 'warden-protocol', :require => ['warden/protocol'], :git => 'git://github.com/cloudfoundry/warden.git', :ref => 'ab5f67aa'
+ gem 'warden-client', :require => ['warden/client'], :git => 'git://github.com/cloudfoundry/warden.git', :ref => 'fe6cb51'
+ gem 'warden-protocol', :require => ['warden/protocol'], :git => 'git://github.com/cloudfoundry/warden.git', :ref => 'fe6cb51'
end
View
18 Gemfile.lock
@@ -32,8 +32,8 @@ GIT
GIT
remote: git://github.com/cloudfoundry/warden.git
- revision: ab5f67aa07d0d750790d73c08950781447eeaad9
- ref: ab5f67aa
+ revision: fe6cb5130388fd3117de9b16e830d45844cf05c9
+ ref: fe6cb51
specs:
warden-client (0.0.7)
warden-protocol
@@ -61,8 +61,8 @@ PATH
uuidtools (~> 2.1.2)
vcap_common (>= 1.0.8)
vcap_logging (>= 1.0.2)
- warden-client (~> 0.0.6)
- warden-protocol (~> 0.0.5)
+ warden-client (~> 0.0.7)
+ warden-protocol (~> 0.0.9)
GEM
remote: http://rubygems.org/
@@ -75,7 +75,7 @@ GEM
builder (>= 2.1.2)
curb (0.7.18)
daemons (1.1.9)
- data_objects (0.10.8)
+ data_objects (0.10.10)
addressable (~> 2.1)
datamapper (1.1.0)
dm-aggregates (= 1.1.0)
@@ -113,8 +113,8 @@ GEM
uuidtools (~> 2.1.2)
dm-validations (1.1.0)
dm-core (~> 1.1.0)
- do_sqlite3 (0.10.8)
- data_objects (= 0.10.8)
+ do_sqlite3 (0.10.10)
+ data_objects (= 0.10.10)
em-http-request (1.0.0.beta.3)
addressable (>= 2.2.3)
em-socksify
@@ -142,13 +142,13 @@ GEM
posix-spawn (0.3.6)
rack (1.4.1)
rake (0.8.7)
- redis (3.0.1)
+ redis (3.0.2)
redis-namespace (1.2.1)
redis (~> 3.0.0)
redisk (0.2.2)
redis (>= 0.1.1)
redis-namespace (>= 0.1.0)
- resque (1.22.0)
+ resque (1.23.0)
multi_json (~> 1.0)
redis-namespace (~> 1.0)
sinatra (>= 0.9.2)
View
49 lib/base/warden.rb
@@ -104,12 +104,20 @@ def bind_mount_request(src, dst)
bind.mode = Warden::Protocol::CreateRequest::BindMount::Mode::RW
bind
end
+
+ def map_port(handle, src_port, dest_port)
+ warden = self.class.warden_connect
+ req = Warden::Protocol::NetInRequest.new
+ req.handle = handle
+ req.host_port = src_port
+ req.container_port = dest_port
+ warden.call(req)
+ warden.disconnect
+ end
end
class VCAP::Services::Base::WardenService
- @@iptables_lock = Mutex.new
-
include VCAP::Services::Base::Utils
include VCAP::Services::Base::Warden
@@ -244,7 +252,7 @@ def run
bind_mounts << bind_mount_request(log_dir, "/store/log")
self[:container], self[:ip] = container_start(service_script, bind_mounts)
save!
- map_port(self[:port], self[:ip], service_port)
+ map_port(self[:container], self[:port], service_port)
true
end
@@ -253,48 +261,13 @@ def running?
end
def stop
- unmap_port(self[:port], self[:ip], service_port)
container_stop(self[:container])
container_destroy(self[:container])
self[:container] = ''
save
loop_setdown if self.class.quota
end
- # port map helper
- def iptable(add, src_port, dest_ip, dest_port)
- rule = [ "--protocol tcp",
- "--dport #{src_port}",
- "--jump DNAT",
- "--to-destination #{dest_ip}:#{dest_port}" ]
-
- iptables_option = add ? "-A":"-D"
- cmd1 = "iptables -t nat #{iptables_option} PREROUTING #{rule.join(" ")}"
- cmd2 = "iptables -t nat #{iptables_option} OUTPUT #{rule.join(" ")}"
-
- # iptables exit code:
- # The exit code is 0 for correct functioning.
- # Errors which appear to be caused by invalid or abused command line parameters cause an exit code of 2,
- # and other errors cause an exit code of 1.
- #
- # We add a thread lock here, since iptables may return resource unavailable temporary in multi-threads
- # iptables command issued.
- @@iptables_lock.synchronize do
- ret = self.class.sh(cmd1, :raise => false)
- logger.warn("cmd \"#{cmd1}\" invalid") if ret == 2
- ret = self.class.sh(cmd2, :raise => false)
- logger.warn("cmd \"#{cmd2}\" invalid") if ret == 2
- end
- end
-
- def map_port(src_port, dest_ip, dest_port)
- iptable(true, src_port, dest_ip, dest_port)
- end
-
- def unmap_port(src_port, dest_ip, dest_port)
- iptable(false, src_port, dest_ip, dest_port)
- end
-
# directory helper
def image_file
return File.join(self.class.image_dir, "#{self[:name]}.img") if self.class.image_dir
View
4 vcap_services_base.gemspec
@@ -30,6 +30,6 @@ Gem::Specification.new do |s|
s.add_dependency "resque-status", "~> 0.3.2"
s.add_dependency "curb", "~> 0.7.16"
s.add_dependency "rubyzip", "~> 0.9.8"
- s.add_dependency "warden-client", "~> 0.0.6"
- s.add_dependency "warden-protocol", "~> 0.0.5"
+ s.add_dependency "warden-client", "~> 0.0.7"
+ s.add_dependency "warden-protocol", "~> 0.0.9"
end

0 comments on commit 68e85d3

Please sign in to comment.