From 549749a2d7cf71eaccef8ec61552730ea3ee4a74 Mon Sep 17 00:00:00 2001 From: Chiradeep Vittal Date: Wed, 31 Aug 2011 13:17:30 -0700 Subject: [PATCH] Add ability to trigger ruleset updates from JMX --- .../security/SecurityGroupManagerImpl.java | 2 +- .../security/SecurityGroupManagerImpl2.java | 2 +- .../security/SecurityGroupManagerMBean.java | 6 +++- .../security/SecurityManagerMBeanImpl.java | 31 +++++++++++++++++-- 4 files changed, 36 insertions(+), 5 deletions(-) diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java index 549cf581641..1aa6981bb0b 100755 --- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java +++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java @@ -360,7 +360,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG return DigestUtils.md5Hex(ruleset); } - protected void handleVmStarted(VMInstanceVO vm) { + public void handleVmStarted(VMInstanceVO vm) { if (vm.getType() != VirtualMachine.Type.User || !isVmSecurityGroupEnabled(vm.getId())) return; List affectedVms = getAffectedVmsForVmStart(vm); diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java index 166243e5558..d8df508146e 100644 --- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java +++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java @@ -153,7 +153,7 @@ public class SecurityGroupManagerImpl2 extends SecurityGroupManagerImpl{ } - protected void sendRulesetUpdates(SecurityGroupWork work){ + public void sendRulesetUpdates(SecurityGroupWork work){ Long userVmId = work.getInstanceId(); UserVm vm = _userVMDao.findById(userVmId); diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerMBean.java b/server/src/com/cloud/network/security/SecurityGroupManagerMBean.java index 9d5a6f5a412..0be76881fbd 100644 --- a/server/src/com/cloud/network/security/SecurityGroupManagerMBean.java +++ b/server/src/com/cloud/network/security/SecurityGroupManagerMBean.java @@ -43,6 +43,10 @@ public interface SecurityGroupManagerMBean { int getQueueSize(); List getVmsInQueue(); - + void scheduleRulesetUpdateForVm(Long vmId); + + void tryRulesetUpdateForVmBypassSchedulerVeryDangerous(Long vmId, Long seqno); + + void simulateVmStart(Long vmId); } diff --git a/server/src/com/cloud/network/security/SecurityManagerMBeanImpl.java b/server/src/com/cloud/network/security/SecurityManagerMBeanImpl.java index b20908ab062..5ae97cc6ed1 100644 --- a/server/src/com/cloud/network/security/SecurityManagerMBeanImpl.java +++ b/server/src/com/cloud/network/security/SecurityManagerMBeanImpl.java @@ -1,5 +1,6 @@ package com.cloud.network.security; +import java.util.ArrayList; import java.util.Date; import java.util.List; import java.util.Map; @@ -8,6 +9,12 @@ import java.util.concurrent.ConcurrentHashMap; import javax.management.StandardMBean; +import com.cloud.hypervisor.Hypervisor.HypervisorType; +import com.cloud.network.security.LocalSecurityGroupWorkQueue.LocalSecurityGroupWork; +import com.cloud.network.security.SecurityGroupWork.Step; +import com.cloud.vm.VMInstanceVO; +import com.cloud.vm.VirtualMachine.Type; + public class SecurityManagerMBeanImpl extends StandardMBean implements SecurityGroupManagerMBean, RuleUpdateLog { SecurityGroupManagerImpl2 _sgMgr; boolean _monitoringEnabled = false; @@ -93,12 +100,32 @@ public class SecurityManagerMBeanImpl extends StandardMBean implements SecurityG } - - @Override public void enableSchedulerForAllVms() { _sgMgr.enableAllVmsForScheduler(); } + + @Override + public void scheduleRulesetUpdateForVm(Long vmId) { + List affectedVms = new ArrayList(1); + affectedVms.add(vmId); + _sgMgr.scheduleRulesetUpdateToHosts(affectedVms, true, null); + } + + + @Override + public void tryRulesetUpdateForVmBypassSchedulerVeryDangerous(Long vmId, Long seqno) { + LocalSecurityGroupWork work = new LocalSecurityGroupWorkQueue.LocalSecurityGroupWork(vmId, seqno, Step.Scheduled); + _sgMgr.sendRulesetUpdates(work); + } + + @Override + public void simulateVmStart(Long vmId) { + //all we need is the vmId + VMInstanceVO vm = new VMInstanceVO(vmId, 5, "foo", "foo", Type.User, null, HypervisorType.Any, 8, 1, 1, false, false); + _sgMgr.handleVmStarted(vm); + } + }