Example #1
0
// NewFirewaller returns a new Firewaller.
func NewFirewaller(st *apifirewaller.State) (*Firewaller, error) {
	environWatcher, err := st.WatchForEnvironConfigChanges()
	if err != nil {
		return nil, err
	}
	machinesWatcher, err := st.WatchEnvironMachines()
	if err != nil {
		return nil, err
	}
	fw := &Firewaller{
		st:              st,
		environWatcher:  environWatcher,
		machinesWatcher: machinesWatcher,
		machineds:       make(map[string]*machineData),
		unitsChange:     make(chan *unitsChange),
		unitds:          make(map[string]*unitData),
		portsChange:     make(chan *portsChange),
		serviceds:       make(map[string]*serviceData),
		exposedChange:   make(chan *exposedChange),
	}
	go func() {
		defer fw.tomb.Done()
		fw.tomb.Kill(fw.loop())
	}()
	return fw, nil
}
Example #2
0
// NewFirewaller returns a new Firewaller or a new FirewallerV0,
// depending on what the API supports.
func NewFirewaller(st *apifirewaller.State) (_ worker.Worker, err error) {
	fw := &Firewaller{
		st:            st,
		machineds:     make(map[names.MachineTag]*machineData),
		unitsChange:   make(chan *unitsChange),
		unitds:        make(map[names.UnitTag]*unitData),
		serviceds:     make(map[names.ServiceTag]*serviceData),
		exposedChange: make(chan *exposedChange),
		machinePorts:  make(map[names.MachineTag]machineRanges),
	}
	defer func() {
		if err != nil {
			fw.stopWatchers()
		}
	}()

	fw.environWatcher, err = st.WatchForEnvironConfigChanges()
	if err != nil {
		return nil, err
	}

	fw.machinesWatcher, err = st.WatchEnvironMachines()
	if err != nil {
		return nil, err
	}

	fw.portsWatcher, err = st.WatchOpenedPorts()
	if err != nil {
		return nil, errors.Annotatef(err, "failed to start ports watcher")
	}
	logger.Debugf("started watching opened port ranges for the environment")

	// We won't "wait" actually, because the environ is already
	// available and has a guaranteed valid config, but until
	// WaitForEnviron goes away, this code needs to stay.
	fw.environ, err = worker.WaitForEnviron(fw.environWatcher, fw.st, fw.tomb.Dying())
	if err != nil {
		return nil, err
	}

	switch fw.environ.Config().FirewallMode() {
	case config.FwGlobal:
		fw.globalMode = true
		fw.globalPortRef = make(map[network.PortRange]int)
	case config.FwNone:
		logger.Warningf("stopping firewaller - firewall-mode is %q", config.FwNone)
		return nil, errors.Errorf("firewaller is disabled when firewall-mode is %q", config.FwNone)
	}

	go func() {
		defer fw.tomb.Done()
		fw.tomb.Kill(fw.loop())
	}()
	return fw, nil
}