// reconcileInstances compares the initially started watcher for machines, // units and services with the opened and closed ports of the instances and // opens and closes the appropriate ports for each instance. func (fw *Firewaller) reconcileInstances() error { for _, machined := range fw.machineds { m, err := machined.machine() if params.IsCodeNotFound(err) { if err := fw.forgetMachine(machined); err != nil { return err } continue } else if err != nil { return err } instanceId, err := m.InstanceId() if err != nil { return err } instances, err := fw.environ.Instances([]instance.Id{instanceId}) if err == environs.ErrNoInstances { return nil } else if err != nil { return err } machineId := machined.tag.Id() initialPortRanges, err := instances[0].Ports(machineId) if err != nil { return err } initialPorts := network.PortRangesToPorts(initialPortRanges) // Check which ports to open or to close. toOpen := Diff(machined.ports, initialPorts) toClose := Diff(initialPorts, machined.ports) if len(toOpen) > 0 { logger.Infof("opening instance ports %v for %q", toOpen, machined.tag) if err := instances[0].OpenPorts(machineId, network.PortsToPortRanges(toOpen)); err != nil { // TODO(mue) Add local retry logic. return err } network.SortPorts(toOpen) } if len(toClose) > 0 { logger.Infof("closing instance ports %v for %q", toClose, machined.tag) if err := instances[0].ClosePorts(machineId, network.PortsToPortRanges(toClose)); err != nil { // TODO(mue) Add local retry logic. return err } network.SortPorts(toClose) } } return nil }
// assertEnvironPorts retrieves the open ports of environment and compares them // to the expected. func (s *FirewallerSuite) assertEnvironPorts(c *gc.C, expected []network.Port) { s.BackingState.StartSync() start := time.Now() for { got, err := s.Environ.Ports() if err != nil { c.Fatal(err) return } network.SortPorts(network.PortRangesToPorts(got)) network.SortPorts(expected) if reflect.DeepEqual(got, expected) { c.Succeed() return } if time.Since(start) > coretesting.LongWait { c.Fatalf("timed out: expected %q; got %q", expected, got) return } time.Sleep(coretesting.ShortWait) } }
// reconcileGlobal compares the initially started watcher for machines, // units and services with the opened and closed ports globally and // opens and closes the appropriate ports for the whole environment. func (fw *Firewaller) reconcileGlobal() error { initialPortRanges, err := fw.environ.Ports() if err != nil { return err } initialPorts := network.PortRangesToPorts(initialPortRanges) collector := make(map[network.Port]bool) for _, unitd := range fw.unitds { if unitd.serviced.exposed { for _, port := range unitd.ports { collector[port] = true } } } wantedPorts := []network.Port{} for port := range collector { wantedPorts = append(wantedPorts, port) } // Check which ports to open or to close. toOpen := Diff(wantedPorts, initialPorts) toClose := Diff(initialPorts, wantedPorts) if len(toOpen) > 0 { logger.Infof("opening global ports %v", toOpen) if err := fw.environ.OpenPorts(network.PortsToPortRanges(toOpen)); err != nil { return err } network.SortPorts(toOpen) } if len(toClose) > 0 { logger.Infof("closing global ports %v", toClose) if err := fw.environ.ClosePorts(network.PortsToPortRanges(toClose)); err != nil { return err } network.SortPorts(toClose) } return nil }