// reconcileInstances compares the initially started watcher for machines,
// units and services with the opened and closed ports of the instances and
// opens and closes the appropriate ports for each instance.
func (fw *Firewaller) reconcileInstances() error {
for _, machined := range fw.machineds {
m, err := machined.machine()
if params.IsCodeNotFound(err) {
if err := fw.forgetMachine(machined); err != nil {
return err
}
continue
} else if err != nil {
return err
}
instanceId, err := m.InstanceId()
if err != nil {
return err
}
instances, err := fw.environ.Instances([]instance.Id{instanceId})
if err == environs.ErrNoInstances {
return nil
} else if err != nil {
return err
}
machineId := machined.tag.Id()
initialPortRanges, err := instances[0].Ports(machineId)
if err != nil {
return err
}
initialPorts := network.PortRangesToPorts(initialPortRanges)
// Check which ports to open or to close.
toOpen := Diff(machined.ports, initialPorts)
toClose := Diff(initialPorts, machined.ports)
if len(toOpen) > 0 {
logger.Infof("opening instance ports %v for %q",
toOpen, machined.tag)
if err := instances[0].OpenPorts(machineId, network.PortsToPortRanges(toOpen)); err != nil {
// TODO(mue) Add local retry logic.
return err
}
network.SortPorts(toOpen)
}
if len(toClose) > 0 {
logger.Infof("closing instance ports %v for %q",
toClose, machined.tag)
if err := instances[0].ClosePorts(machineId, network.PortsToPortRanges(toClose)); err != nil {
// TODO(mue) Add local retry logic.
return err
}
network.SortPorts(toClose)
}
}
return nil
}
// assertEnvironPorts retrieves the open ports of environment and compares them
// to the expected.
func (s *FirewallerSuite) assertEnvironPorts(c *gc.C, expected []network.Port) {
s.BackingState.StartSync()
start := time.Now()
for {
got, err := s.Environ.Ports()
if err != nil {
c.Fatal(err)
return
}
network.SortPorts(network.PortRangesToPorts(got))
network.SortPorts(expected)
if reflect.DeepEqual(got, expected) {
c.Succeed()
return
}
if time.Since(start) > coretesting.LongWait {
c.Fatalf("timed out: expected %q; got %q", expected, got)
return
}
time.Sleep(coretesting.ShortWait)
}
}
// reconcileGlobal compares the initially started watcher for machines,
// units and services with the opened and closed ports globally and
// opens and closes the appropriate ports for the whole environment.
func (fw *Firewaller) reconcileGlobal() error {
initialPortRanges, err := fw.environ.Ports()
if err != nil {
return err
}
initialPorts := network.PortRangesToPorts(initialPortRanges)
collector := make(map[network.Port]bool)
for _, unitd := range fw.unitds {
if unitd.serviced.exposed {
for _, port := range unitd.ports {
collector[port] = true
}
}
}
wantedPorts := []network.Port{}
for port := range collector {
wantedPorts = append(wantedPorts, port)
}
// Check which ports to open or to close.
toOpen := Diff(wantedPorts, initialPorts)
toClose := Diff(initialPorts, wantedPorts)
if len(toOpen) > 0 {
logger.Infof("opening global ports %v", toOpen)
if err := fw.environ.OpenPorts(network.PortsToPortRanges(toOpen)); err != nil {
return err
}
network.SortPorts(toOpen)
}
if len(toClose) > 0 {
logger.Infof("closing global ports %v", toClose)
if err := fw.environ.ClosePorts(network.PortsToPortRanges(toClose)); err != nil {
return err
}
network.SortPorts(toClose)
}
return nil
}
