Merge lp:~themue/juju-core/go-firewaller-global-mode into lp:~juju/juju-core/trunk
Status: | Rejected |
---|---|
Rejected by: | Gustavo Niemeyer |
Proposed branch: | lp:~themue/juju-core/go-firewaller-global-mode |
Merge into: | lp:~juju/juju-core/trunk |
Diff against target: |
269 lines (+148/-10) 3 files modified
environs/dummy/environs.go (+45/-10) worker/firewaller/firewaller.go (+31/-0) worker/firewaller/firewaller_test.go (+72/-0) |
To merge this branch: | bzr merge lp:~themue/juju-core/go-firewaller-global-mode |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
The Go Language Gophers | Pending | ||
Review via email: mp+128529@code.launchpad.net |
Description of the change
firewaller: added port counter for global mode
For the global mode the firewaller now counts the
number of port usages and only opens a port once and
closes it when its usage is closed the last time.
Also found that the dummy provider not yet handles
the global mode (one test failed) and fixed that.
Unmerged revisions
- 628. By Frank Mueller
-
firewaller: added port counter for global mode
- 627. By Roger Peppe
-
trivial: add PasswordHash and RandomBytes
R=niemeyer
CC=
https://codereview. appspot. com/6615047 - 626. By Roger Peppe
-
cmd/jujud: make bootstrap-state accept password
This makes bootstrap-state accept all the same flags
as the agents (including --data-dir which it doesn't use;
but it seems to me that it may well use it in the future).R=fwereade, niemeyer
CC=
https://codereview. appspot. com/6623047 - 625. By Roger Peppe
-
state: make SetAdminPasswor
d("") idempotent R=TheMue, niemeyer
CC=
https://codereview. appspot. com/6622047 - 624. By Frank Mueller
-
ec2: integrated firewall mode configuration
After the adding of a configuration switch for default
or global firewall mode this behavior is now integrated
in EC2. If the mode is "global", then instead of a group
per machine one group "juju-<name>-global" is created
additionally to the juju group. All machines share this
global group then and opening and closing ports on it
so effect all machines.R=niemeyer
CC=
https://codereview. appspot. com/6589073 - 623. By Dave Cheney
-
cmd: add tests for --format=nnn
Add checks for --format=nnn flag parsing.
This will break for people who have not updated gnuflag to the latest version, this is a good thing.
R=fwereade, niemeyer
CC=
https://codereview. appspot. com/6601056 - 622. By William Reade
-
uniter: integrate filter type
By tweaking the filter slightly, to provide more carefully-tailored events,
the uniter Modes have been radically simplified.Note that state.Unit was previously mis-specified, and is now fixed: it's
fine (in fact, potentially necessary) to resolve errors when the unit is
Dying.Also note that there are roughly 50% more full Uniter tests than the
previous branch, but they run in roughly the same amount of time. Win!
But! This is actually a significant slowdown, because I fixed a bunch of
happy-path 500ms waits in the uniter tests. It's true that this variant does
more unnecessary work in the service of simpler Mode code, and I haven't been
able to find any obvious hotspots (apart from the pre-existing one) so if
reviewers would bear subtle performance implications in mind I would be most
grateful :).R=rog, niemeyer
CC=
https://codereview. appspot. com/6588053 - 621. By Dave Cheney
-
cmd/jujuc: config-get: return default values
As discussed on IRC, this proposal is not the solution to the complex issue of versioned configuration settings. It is not even a start. However with this patch in place I am able to get charms running on ec2 and fix integration issues.
R=niemeyer
CC=
https://codereview. appspot. com/6591080 - 620. By William Reade
-
jujuc: move from cmd/jujuc/server
as discussed on IRC
R=niemeyer
CC=
https://codereview. appspot. com/6607043 - 619. By Roger Peppe
-
environs/config: add admin-secret attribute
R=niemeyer
CC=
https://codereview. appspot. com/6587085
looks good. a few remarks below.
https:/ /codereview. appspot. com/6635043/ diff/1/ environs/ dummy/environs. go dummy/environs. go (right):
File environs/
https:/ /codereview. appspot. com/6635043/ diff/1/ environs/ dummy/environs. go#newcode590 dummy/environs. go:590: if inst.defaultFir ewall() {
environs/
i think this would be clearer (and easier to change if we ever add
modes) as:
switch inst.e. Config( ).FirewallMode( ) {
case config.FwDefault:
....
case config.FwGlobal:
....
default:
panic("unknown mode")
}
FWIW, i think config.FwDefault is not a great name. FwPerInstance would
make it clearer what the default behaviour is intended to be.
https:/ /codereview. appspot. com/6635043/ diff/1/ environs/ dummy/environs. go#newcode618 dummy/environs. go:618: if inst.defaultFir ewall() {
environs/
ditto
https:/ /codereview. appspot. com/6635043/ diff/1/ environs/ dummy/environs. go#newcode640 dummy/environs. go:640: if inst.defaultFir ewall() {
environs/
ditto
https:/ /codereview. appspot. com/6635043/ diff/1/ environs/ dummy/environs. go#newcode656 dummy/environs. go:656: func (inst *instance) defaultFirewall()
environs/
bool {
i'm not sure this method pulls its weight.
https:/ /codereview. appspot. com/6635043/ diff/1/ worker/ firewaller/ firewaller. go firewaller/ firewaller. go (right):
File worker/
https:/ /codereview. appspot. com/6635043/ diff/1/ worker/ firewaller/ firewaller. go#newcode214 firewaller/ firewaller. go:214: // already open (for opening) and
worker/
which are still needed (for closing).
// filterGlobalPorts returns the ports that actually need
// opening and closing, given the ports that have been opened
// and closed on a particular machine.
?
https:/ /codereview. appspot. com/6635043/ diff/1/ worker/ firewaller/ firewaller. go#newcode220 firewaller/ firewaller. go:220: openOut = []state.Port{}
worker/
d
https:/ /codereview. appspot. com/6635043/ diff/1/ worker/ firewaller/ firewaller. go#newcode221 firewaller/ firewaller. go:221: closeOut = []state.Port{}
worker/
d
https:/ /codereview. appspot. com/6635043/ diff/1/ worker/ firewaller/ firewaller. go#newcode224 firewaller/ firewaller. go:224: // Open only the first one.
worker/
// The port is not already open.
?
https:/ /codereview. appspot. com/6635043/ diff/1/ worker/ firewaller/ firewaller. go#newcode230 firewaller/ firewaller. go:230: if fw.globalPorts[ port] == 1 {
worker/
i'd prefer to see this after the decrement, so it's obvious we're
looking for zero.
https:/ /codereview. appspot. com/6635043/ diff/1/ worker/ firewaller/ firewaller. go#newcode231 firewaller/ firewaller. go:231: // Close only the last one.
worker/
// The last reference to the port is gone,
// so close the port globally.
https:/ /codereview. appspot. com/6635043/