SecurityGroupListener.java example

Explorer
CloudStack-archive-master
// Copyright 2012 Citrix Systems, Inc. Licensed under the
// Apache License, Version 2.0 (the "License"); you may not use this
// file except in compliance with the License.  Citrix Systems, Inc.
// reserves all rights not expressly granted by the License.
// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// 
// Automatically generated by addcopyright.py at 04/03/2012
package com.cloud.network.security;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.concurrent.ConcurrentHashMap;

import org.apache.log4j.Logger;

import com.cloud.agent.AgentManager;
import com.cloud.agent.Listener;
import com.cloud.agent.api.AgentControlAnswer;
import com.cloud.agent.api.AgentControlCommand;
import com.cloud.agent.api.Answer;
import com.cloud.agent.api.CleanupNetworkRulesCmd;
import com.cloud.agent.api.Command;
import com.cloud.agent.api.PingRoutingWithNwGroupsCommand;
import com.cloud.agent.api.SecurityGroupRuleAnswer;
import com.cloud.agent.api.StartupCommand;
import com.cloud.agent.api.StartupRoutingCommand;
import com.cloud.agent.api.SecurityGroupRuleAnswer.FailureReason;
import com.cloud.agent.manager.Commands;
import com.cloud.exception.AgentUnavailableException;
import com.cloud.host.HostVO;
import com.cloud.host.Status;
import com.cloud.network.security.SecurityGroupWork.Step;
import com.cloud.network.security.dao.SecurityGroupWorkDao;

/**
 * Listens for answers to ingress rules modification commands
 *
 */
public class SecurityGroupListener implements Listener {
    public static final Logger s_logger = Logger.getLogger(SecurityGroupListener.class.getName());

    private static final int MAX_RETRIES_ON_FAILURE = 3;
    private static final int MIN_TIME_BETWEEN_CLEANUPS = 30*60;//30 minutes
    private final Random _cleanupRandom = new Random();

    SecurityGroupManagerImpl _securityGroupManager;
    AgentManager _agentMgr;
    SecurityGroupWorkDao _workDao;
    Map<Long, Integer> _vmFailureCounts = new ConcurrentHashMap<Long, Integer>();

    private SecurityGroupWorkTracker _workTracker;


    public SecurityGroupListener(SecurityGroupManagerImpl securityGroupManager,
            AgentManager agentMgr, SecurityGroupWorkDao workDao) {
        super();
        _securityGroupManager = securityGroupManager;
        _agentMgr = agentMgr;
        _workDao = workDao;
    }


    @Override
    public int getTimeout() {
        return -1;
    }


    @Override
    public boolean isRecurring() {
        return true;
    }


    @Override
    public boolean processAnswers(long agentId, long seq, Answer[] answers) {
        List<Long> affectedVms = new ArrayList<Long>();
        int commandNum = 0;
        for (Answer ans: answers) {
            if (ans instanceof SecurityGroupRuleAnswer) {
                SecurityGroupRuleAnswer ruleAnswer = (SecurityGroupRuleAnswer) ans;
                if (ans.getResult()) {
                    s_logger.debug("Successfully programmed rule " + ruleAnswer.toString() + " into host " + agentId);
                    _workDao.updateStep(ruleAnswer.getVmId(), ruleAnswer.getLogSequenceNumber(), Step.Done);
                    recordSuccess(ruleAnswer.getVmId());
                } else {
                    _workDao.updateStep(ruleAnswer.getVmId(), ruleAnswer.getLogSequenceNumber(), Step.Error);;
                    s_logger.debug("Failed to program rule " + ruleAnswer.toString() + " into host " + agentId 
                            +" due to " + ruleAnswer.getDetails()
                            +" and updated  jobs");
                    if (ruleAnswer.getReason() == FailureReason.CANNOT_BRIDGE_FIREWALL) {
                        s_logger.debug("Not retrying security group rules for vm " + ruleAnswer.getVmId() + " on failure since host " + agentId + " cannot do bridge firewalling");
                    } else if (ruleAnswer.getReason() == FailureReason.PROGRAMMING_FAILED){
                        if (checkShouldRetryOnFailure(ruleAnswer.getVmId())) {
                            s_logger.debug("Retrying security group rules on failure for vm " + ruleAnswer.getVmId());
                            affectedVms.add(ruleAnswer.getVmId());
                        } else {
                            s_logger.debug("Not retrying security group rules for vm " + ruleAnswer.getVmId() + " on failure: too many retries");
                        }
                    }
                }
                commandNum++;
                if (_workTracker != null)
                    _workTracker.processAnswers(agentId, seq, answers);
            }
        }

        if (affectedVms.size() > 0) {
            _securityGroupManager.scheduleRulesetUpdateToHosts(affectedVms, false, new Long(10 * 1000l));
        }

        return true;
    }
    
    protected boolean checkShouldRetryOnFailure(long vmId) {
        Integer currCount = _vmFailureCounts.get(vmId);
        if (currCount == null) 
            currCount = 0;
        
        if (currCount.intValue() < MAX_RETRIES_ON_FAILURE) {
            _vmFailureCounts.put(vmId, ++currCount);
            return true;
        }
        
        return false;
    }
    
    protected void recordSuccess(long vmId) {
        _vmFailureCounts.remove(vmId);
    }

    @Override
    public boolean processCommands(long agentId, long seq, Command[] commands) {
        boolean processed = false;
        for (Command cmd : commands) {
            if (cmd instanceof PingRoutingWithNwGroupsCommand) {
                PingRoutingWithNwGroupsCommand ping = (PingRoutingWithNwGroupsCommand)cmd;
                if (ping.getNewGroupStates().size() > 0) {
                    _securityGroupManager.fullSync(agentId, ping.getNewGroupStates());
                }
                processed = true;
            }
        }
        return processed;
    }


    @Override
    public void processConnect(HostVO host, StartupCommand cmd, boolean forRebalance) {
        if(s_logger.isInfoEnabled())
            s_logger.info("Received a host startup notification");

        if (cmd instanceof StartupRoutingCommand) {
            //if (Boolean.toString(true).equals(host.getDetail("can_bridge_firewall"))) {
            try {
                int interval = MIN_TIME_BETWEEN_CLEANUPS + _cleanupRandom.nextInt(MIN_TIME_BETWEEN_CLEANUPS/2);
                CleanupNetworkRulesCmd cleanupCmd = new CleanupNetworkRulesCmd(interval);
                Commands c = new Commands(cleanupCmd);
                _agentMgr.send(host.getId(), c,  this);
                if(s_logger.isInfoEnabled())
                    s_logger.info("Scheduled network rules cleanup, interval=" + cleanupCmd.getInterval());
            } catch (AgentUnavailableException e) {
                //usually hypervisors that do not understand sec group rules.
                s_logger.debug("Unable to schedule network rules cleanup for host " + host.getId(), e);
            }
            if (_workTracker != null) {
                _workTracker.processConnect(host.getId());
            }
        }
    }


    @Override
    public AgentControlAnswer processControlCommand(long agentId,
            AgentControlCommand cmd) {
        return null;
    }


    @Override
    public boolean processDisconnect(long agentId, Status state) {
        if (_workTracker != null) {
            _workTracker.processDisconnect(agentId);
        }
        return true;
    }

    @Override
    public boolean processTimeout(long agentId, long seq) {
        if (_workTracker != null) {
            _workTracker.processTimeout(agentId, seq);
        }
        return true;
    }


    public void setWorkDispatcher(SecurityGroupWorkTracker workDispatcher) {
        this._workTracker = workDispatcher;
    }
}