private static string TryGetRunAsAccountName(ClusterManifestType clusterManifest)
{
SettingsOverridesTypeSection runAsSection = clusterManifest.FabricSettings.FirstOrDefault(p => p.Name == Constants.SectionNames.RunAs);
if (runAsSection != null && runAsSection.Parameter != null)
{
SettingsOverridesTypeSectionParameter parameter = runAsSection.Parameter.FirstOrDefault(p => p.Name == Constants.ParameterNames.RunAsAccountType);
if (parameter != null && parameter.Value == Constants.ManagedServiceAccount)
{
parameter = runAsSection.Parameter.FirstOrDefault(p => p.Name == Constants.ParameterNames.RunAsAccountName);
if (parameter != null)
{
return(parameter.Value);
}
}
}
return(null);
}
public static SettingsTypeSection ToSettingsTypeSection(SettingsOverridesTypeSection overridesSection)
{
List <SettingsTypeSectionParameter> parameters = new List <SettingsTypeSectionParameter>();
if ((overridesSection != null) && (overridesSection.Parameter != null))
{
foreach (SettingsOverridesTypeSectionParameter parameter in overridesSection.Parameter)
{
parameters.Add(new SettingsTypeSectionParameter()
{
Name = parameter.Name, Value = parameter.Value, MustOverride = false, IsEncrypted = parameter.IsEncrypted
});
}
}
return(new SettingsTypeSection()
{
Name = overridesSection.Name, Parameter = parameters.ToArray()
});
}
internal static void ApplyUserSettings(List <SettingsOverridesTypeSection> targetFabricSettings, List <SettingsSectionDescription> userFabricSettings)
{
foreach (SettingsSectionDescription section in userFabricSettings)
{
var targetSection = targetFabricSettings.FirstOrDefault(x => x.Name == section.Name);
if (targetSection == null)
{
targetSection = new SettingsOverridesTypeSection
{
Name = section.Name,
Parameter = new SettingsOverridesTypeSectionParameter[0]
};
targetFabricSettings.Add(targetSection);
}
List <SettingsOverridesTypeSectionParameter> targetParamList = targetSection.Parameter.ToList();
foreach (SettingsParameterDescription param in section.Parameters)
{
var targetParam = targetParamList.FirstOrDefault(x => x.Name == param.Name);
if (targetParam != null)
{
targetParam.Value = param.Value;
}
else
{
targetParamList.Add(new SettingsOverridesTypeSectionParameter
{
Name = param.Name,
Value = param.Value
});
}
}
targetSection.Parameter = targetParamList.ToArray();
}
}
private ContainerDnsSetup GetValueFromManifest(
SettingsOverridesTypeSection section,
ContainerDnsSetup defaultValue)
{
var value = GetValueFromManifest(section, Constants.ParameterNames.ContainerDnsSetup);
ContainerDnsSetup setupValue;
if (value == null)
{
setupValue = defaultValue;
}
else
{
ContainerDnsSetup parsedValue;
bool success = Enum.TryParse(value, true, out parsedValue);
if (success)
{
setupValue = parsedValue;
}
else
{
setupValue = defaultValue;
DeployerTrace.WriteWarning(
"Setup section, parameter: {0}, value: {1} could not be interpreted. Using default value: {2}",
Constants.ParameterNames.ContainerDnsSetup, value, defaultValue);
}
}
DeployerTrace.WriteInfo(
"Setup section, parameter: {0}, value: {1}, interpreted value: {2}",
Constants.ParameterNames.ContainerDnsSetup, value ?? "<null>", setupValue);
return(setupValue);
}
public static List <FirewallRule> GetRulesForNode(string nodeName,
string leaseDriverPort,
string applicationPorts,
string httpGatewayPort,
string httpAppGatewayPort,
string fabricPath,
string dcaPath,
string fileStoreServicePath,
string fabricGatewayPath,
string fabricAppGatewayPath,
string faultAnalysisServicePath,
string backupRestoreServicePath,
string fabricUpgradeServicePath,
string fabricRepairServicePath,
string fabricInfrastructureServicePath,
string upgradeOrchestrationServicePath,
string centralSecretServicePath,
string eventStoreServicePath,
string gatewayResourceManagerPath,
string dynamicPorts,
SettingsOverridesTypeSection securitySection)
{
FabricNodeFirewallRules nodeRules = new FabricNodeFirewallRules()
{
ApplicationPorts = applicationPorts,
FabricPath = fabricPath,
LeaseDriverPort = leaseDriverPort,
NodeName = nodeName,
DCAPath = dcaPath,
FileStoreServicePath = fileStoreServicePath,
HttpGatewayPort = httpGatewayPort,
FabricGatewayPath = fabricGatewayPath,
HttpAppGatewayPort = httpAppGatewayPort,
FabricAppGatewayPath = fabricAppGatewayPath,
FaultAnalysisServicePath = faultAnalysisServicePath,
BackupRestoreServicePath = backupRestoreServicePath,
FabricUpgradeServicePath = fabricUpgradeServicePath,
FabricRepairServicePath = fabricRepairServicePath,
FabricInfrastructureServicePath = fabricInfrastructureServicePath,
UpgradeOrchestrationServicePath = upgradeOrchestrationServicePath,
CentralSecretServicePath = centralSecretServicePath,
EventStoreServicePath = eventStoreServicePath,
GatewayResourceManagerPath = gatewayResourceManagerPath,
DynamicPorts = dynamicPorts
};
#if !DotNetCoreClrLinux && !DotNetCoreClrIOT
policy = (INetFwPolicy2)Activator.CreateInstance(policyType);
#endif
fwProfileSet = GetAllRequiredProfiles(securitySection);
List <FirewallRule> rules = new List <FirewallRule>();
#if !DotNetCoreClrLinux && !DotNetCoreClrIOT // Application Path specific rules are not valid for Linux
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricExceptionTemplate, nodeRules.FabricPath, FabricNodeFirewallRules.inDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricExceptionTemplate, nodeRules.FabricPath, FabricNodeFirewallRules.outDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricDCaExceptionTemplate, nodeRules.DCAPath, FabricNodeFirewallRules.outDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FileStoreServiceExceptionTemplate, nodeRules.FileStoreServicePath, FabricNodeFirewallRules.inDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FileStoreServiceExceptionTemplate, nodeRules.FileStoreServicePath, FabricNodeFirewallRules.outDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricGatewayExceptionTemplate, nodeRules.FabricGatewayPath, FabricNodeFirewallRules.inDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricGatewayExceptionTemplate, nodeRules.FabricGatewayPath, FabricNodeFirewallRules.outDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FaultAnalysisServiceExceptionTemplate, nodeRules.FaultAnalysisServicePath, FabricNodeFirewallRules.inDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FaultAnalysisServiceExceptionTemplate, nodeRules.FaultAnalysisServicePath, FabricNodeFirewallRules.outDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.BackupRestoreServiceExceptionTemplate, nodeRules.BackupRestoreServicePath, FabricNodeFirewallRules.inDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.BackupRestoreServiceExceptionTemplate, nodeRules.BackupRestoreServicePath, FabricNodeFirewallRules.outDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.UpgradeOrchestrationServiceExceptionTemplate, nodeRules.UpgradeOrchestrationServicePath, FabricNodeFirewallRules.inDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.UpgradeOrchestrationServiceExceptionTemplate, nodeRules.UpgradeOrchestrationServicePath, FabricNodeFirewallRules.outDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.CentralSecretServiceExceptionTemplate, nodeRules.CentralSecretServicePath, FabricNodeFirewallRules.inDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.CentralSecretServiceExceptionTemplate, nodeRules.CentralSecretServicePath, FabricNodeFirewallRules.outDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricUpgradeServiceExceptionTemplate, nodeRules.FabricUpgradeServicePath, FabricNodeFirewallRules.inDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricUpgradeServiceExceptionTemplate, nodeRules.FabricUpgradeServicePath, FabricNodeFirewallRules.outDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricRepairServiceExceptionTemplate, nodeRules.FabricRepairServicePath, FabricNodeFirewallRules.inDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricRepairServiceExceptionTemplate, nodeRules.FabricRepairServicePath, FabricNodeFirewallRules.outDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricInfrastructureServiceExceptionTemplate, nodeRules.FabricInfrastructureServicePath, FabricNodeFirewallRules.inDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricInfrastructureServiceExceptionTemplate, nodeRules.FabricInfrastructureServicePath, FabricNodeFirewallRules.outDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.EventStoreServiceExceptionTemplate, nodeRules.EventStoreServicePath, FabricNodeFirewallRules.inDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.EventStoreServiceExceptionTemplate, nodeRules.EventStoreServicePath, FabricNodeFirewallRules.outDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.GatewayResourceManagerExceptionTemplate, nodeRules.GatewayResourceManagerPath, FabricNodeFirewallRules.inDirection);
AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.GatewayResourceManagerExceptionTemplate, nodeRules.GatewayResourceManagerPath, FabricNodeFirewallRules.outDirection);
#endif
AddLeaseDriverExceptionProfileRule(rules, nodeRules, FabricNodeFirewallRules.inDirection);
AddLeaseDriverExceptionProfileRule(rules, nodeRules, FabricNodeFirewallRules.outDirection);
if (!string.IsNullOrEmpty(httpGatewayPort))
{
AddHttpGatewayExceptionProfilesRule(rules, nodeRules);
}
if (!string.IsNullOrEmpty(httpAppGatewayPort))
{
AddHttpAppGatewayExceptionProfilesRule(rules, nodeRules);
}
if (!string.IsNullOrEmpty(applicationPorts))
{
AddApplicationPortRangeExceptionProfileRules(rules, nodeRules);
}
if (!string.IsNullOrEmpty(dynamicPorts))
{
AddDynamicPortRangeExceptionProfileRules(rules, nodeRules);
}
return(rules);
}
private static void AddDisabledFirewallProfileRules(HashSet <NET_FW_PROFILE_TYPE2_> profileSet, SettingsOverridesTypeSection securitySection)
{
if (securitySection != null && securitySection.Parameter != null && securitySection.Parameter.Length > 1)
{
foreach (var parameter in securitySection.Parameter)
{
if (parameter.Name.Equals(Constants.ParameterNames.DisableFirewallRuleForDomainProfile, StringComparison.OrdinalIgnoreCase) &&
parameter.Value.Equals(bool.FalseString, StringComparison.OrdinalIgnoreCase))
{
profileSet.Add(NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_DOMAIN);
}
if (parameter.Name.Equals(Constants.ParameterNames.DisableFirewallRuleForPrivateProfile, StringComparison.OrdinalIgnoreCase) &&
parameter.Value.Equals(bool.FalseString, StringComparison.OrdinalIgnoreCase))
{
profileSet.Add(NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_PRIVATE);
}
if (parameter.Name.Equals(Constants.ParameterNames.DisableFirewallRuleForPublicProfile, StringComparison.OrdinalIgnoreCase) &&
parameter.Value.Equals(bool.FalseString, StringComparison.OrdinalIgnoreCase))
{
profileSet.Add(NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_PUBLIC);
}
}
}
}
private void ValidateConfiguration(ApplicationTypeContext context)
{
Dictionary <string, IEnumerable <ConfigPackage> > configurationPackageDictionary = new Dictionary <string, IEnumerable <ConfigPackage> >();
foreach (var serviceManifest in context.ServiceManifests)
{
configurationPackageDictionary.Add(serviceManifest.ServiceManifestType.Name, serviceManifest.ConfigPackages);
}
ApplicationManifestTypeServiceManifestImport[] serviceManifestImports = context.ApplicationManifest.ServiceManifestImport;
bool hasEncryptedParameter = false;
foreach (KeyValuePair <string, IEnumerable <ConfigPackage> > configKeyValuePair in configurationPackageDictionary)
{
if (configKeyValuePair.Value != null)
{
ApplicationManifestTypeServiceManifestImport matchingServiceManifestImport = serviceManifestImports.FirstOrDefault <ApplicationManifestTypeServiceManifestImport>(
serviceManifestImport => ImageBuilderUtility.Equals(serviceManifestImport.ServiceManifestRef.ServiceManifestName, configKeyValuePair.Key));
ReleaseAssert.AssertIf(
matchingServiceManifestImport == null,
"Could not find matching ServiceManifest with Name {0}",
configKeyValuePair.Key);
foreach (ConfigPackage configurationPackage in configKeyValuePair.Value)
{
ImageBuilder.TraceSource.WriteInfo(
TraceType,
"Validating the configuration. ApplicationTypeName:{0}, ServiceManifestName:{1}, ConfigPackageName:{2}",
context.ApplicationManifest.ApplicationTypeName,
matchingServiceManifestImport.ServiceManifestRef.ServiceManifestName,
configurationPackage.ConfigPackageType.Name);
if (configurationPackage.SettingsType != null && configurationPackage.SettingsType.Section != null)
{
string configPackageDirectory = context.BuildLayoutSpecification.GetConfigPackageFolder(configKeyValuePair.Key, configurationPackage.ConfigPackageType.Name);
string configPackageArchive = context.BuildLayoutSpecification.GetSubPackageArchiveFile(configPackageDirectory);
if (!FabricDirectory.Exists(configPackageDirectory) && !FabricFile.Exists(configPackageArchive))
{
continue;
}
ConfigOverrideType matchingConfigOverride = null;
if (matchingServiceManifestImport.ConfigOverrides != null)
{
matchingConfigOverride = matchingServiceManifestImport.ConfigOverrides.FirstOrDefault <ConfigOverrideType>(
configOverride => ImageBuilderUtility.Equals(configOverride.Name, configurationPackage.ConfigPackageType.Name));
}
string settingsFileName = context.BuildLayoutSpecification.GetSettingsFile(configPackageDirectory);
DuplicateDetector sectionDuplicateDetector = new DuplicateDetector("Section", "Name", settingsFileName);
foreach (SettingsTypeSection section in configurationPackage.SettingsType.Section)
{
sectionDuplicateDetector.Add(section.Name);
SettingsOverridesTypeSection matchingConfigOverrideSection = null;
if (matchingConfigOverride != null && matchingConfigOverride.Settings != null)
{
matchingConfigOverrideSection = matchingConfigOverride.Settings.FirstOrDefault <SettingsOverridesTypeSection>(
configOverrideSection => ImageBuilderUtility.Equals(configOverrideSection.Name, section.Name));
}
if (section.Parameter != null)
{
DuplicateDetector settingDuplicateDetector = new DuplicateDetector("Parameter", "Name", settingsFileName);
foreach (SettingsTypeSectionParameter parameter in section.Parameter)
{
settingDuplicateDetector.Add(parameter.Name);
if (!hasEncryptedParameter)
{
hasEncryptedParameter = parameter.IsEncrypted;
}
if (parameter.MustOverride)
{
SettingsOverridesTypeSectionParameter matchingOverrideParameter = null;
if (matchingConfigOverrideSection != null && matchingConfigOverrideSection.Parameter != null)
{
matchingOverrideParameter = matchingConfigOverrideSection.Parameter.FirstOrDefault <SettingsOverridesTypeSectionParameter>(
configOverrideSetting => ImageBuilderUtility.Equals(configOverrideSetting.Name, parameter.Name));
}
if (matchingOverrideParameter == null)
{
ImageBuilderUtility.TraceAndThrowValidationErrorWithFileName(
TraceType,
settingsFileName,
StringResources.ImageBuilderError_ParameterNotOverriden,
parameter.Name);
}
}
if (!String.IsNullOrEmpty(parameter.Type))
{
this.VerifySourceLocation(parameter.Name, "Settings.xml", parameter.Type);
}
}
}
}
}
}
}
}
if (hasEncryptedParameter &&
RequireCertACLingForUsers(context.ApplicationManifest.Principals) &&
(context.ApplicationManifest.Certificates == null || context.ApplicationManifest.Certificates.SecretsCertificate == null))
{
ImageBuilderUtility.TraceAndThrowValidationErrorWithFileName(
TraceType,
context.GetApplicationManifestFileName(),
StringResources.ImageBuilderError_EncryptedSettingsNoCertInAppManifest);
}
}
private static List <FirewallRule> GetRulesForNodes(List <NodeSettings> nodes, SettingsOverridesTypeSection securitySection)
{
List <FirewallRule> newRules = new List <FirewallRule>();
foreach (NodeSettings setting in nodes)
{
string fabricPath = Path.Combine(
setting.DeploymentFoldersInfo.GetCodeDeploymentDirectory(Constants.FabricService),
Constants.ServiceExes[Constants.FabricService]);
string dcaPath = Path.Combine(
setting.DeploymentFoldersInfo.GetCodeDeploymentDirectory(Constants.DCAService),
Constants.ServiceExes[Constants.DCAService]);
string fileStoreServicePath = Path.Combine(
GetFabricSystemApplicationCodeFolder(setting.DeploymentFoldersInfo, Constants.FileStoreService, Constants.SystemServiceCodePackageName, Constants.SystemServiceCodePackageVersion),
Constants.ServiceExes[Constants.FileStoreService]);
string fabricGatewayPath = Path.Combine(
setting.DeploymentFoldersInfo.GetCodeDeploymentDirectory(Constants.FabricService),
Constants.ServiceExes[Constants.FabricGatewayService]);
string fabricAppGatewayPath = Path.Combine(
setting.DeploymentFoldersInfo.GetCodeDeploymentDirectory(Constants.FabricService),
Constants.ServiceExes[Constants.FabricApplicationGatewayService]);
string faultAnalysisServicePath = Path.Combine(
GetFabricSystemApplicationCodeFolder(setting.DeploymentFoldersInfo, Constants.FaultAnalysisService, Constants.SystemServiceCodePackageName, Constants.SystemServiceCodePackageVersion),
Constants.ServiceExes[Constants.FaultAnalysisService]);
#if !DotNetCoreClrLinux
string backupRestoreServicePath = Path.Combine(
GetFabricSystemApplicationCodeFolder(setting.DeploymentFoldersInfo, Constants.BackupRestoreService, Constants.SystemServiceCodePackageName, Constants.SystemServiceCodePackageVersion),
Constants.ServiceExes[Constants.BackupRestoreService]);
#else
string backupRestoreServicePath = null;
#endif
string fabricUpgradeServicePath = Path.Combine(
GetFabricSystemApplicationCodeFolder(setting.DeploymentFoldersInfo, Constants.FabricUpgradeService, Constants.SystemServiceCodePackageName, Constants.SystemServiceCodePackageVersion),
Constants.ServiceExes[Constants.FabricUpgradeService]);
string fabricRepairServicePath = Path.Combine(
GetFabricSystemApplicationCodeFolder(setting.DeploymentFoldersInfo, Constants.FabricRepairManagerService, Constants.SystemServiceCodePackageName, Constants.SystemServiceCodePackageVersion),
Constants.ServiceExes[Constants.FabricRepairManagerService]);
string fabricInfrastructureServicePath = Path.Combine(
GetFabricSystemApplicationCodeFolder(setting.DeploymentFoldersInfo, Constants.FabricInfrastructureService, Constants.SystemServiceCodePackageName, Constants.SystemServiceCodePackageVersion),
Constants.ServiceExes[Constants.FabricInfrastructureService]);
#if !DotNetCoreClrLinux && !DotNetCoreClrIOT
string centralsecretServicePath = Path.Combine(
GetFabricSystemApplicationCodeFolder(setting.DeploymentFoldersInfo, Constants.CentralSecretService, Constants.SystemServiceCodePackageName, Constants.SystemServiceCodePackageVersion),
Constants.ServiceExes[Constants.CentralSecretService]);
#else
string centralsecretServicePath = null;
#endif
#if !DotNetCoreClrLinux
string upgradeOrchestrationServicePath = Path.Combine(
GetFabricSystemApplicationCodeFolder(setting.DeploymentFoldersInfo, Constants.UpgradeOrchestrationService, Constants.SystemServiceCodePackageName, Constants.SystemServiceCodePackageVersion),
Constants.ServiceExes[Constants.UpgradeOrchestrationService]);
#else
string upgradeOrchestrationServicePath = null;
#endif
string leaseDriverPort = null;
string applicationPortRange = null;
string dynamicPortRange = null;
string httpGatewayPort = null;
string httpAppGatewayPort = null;
GetPorts(
setting,
out leaseDriverPort,
out applicationPortRange,
out httpGatewayPort,
out httpAppGatewayPort,
out dynamicPortRange);
var rulesForNode = FabricNodeFirewallRules.GetRulesForNode(
setting.NodeName,
leaseDriverPort,
applicationPortRange,
httpGatewayPort,
httpAppGatewayPort,
fabricPath,
dcaPath,
fileStoreServicePath,
fabricGatewayPath,
fabricAppGatewayPath,
faultAnalysisServicePath,
backupRestoreServicePath,
fabricUpgradeServicePath,
fabricRepairServicePath,
fabricInfrastructureServicePath,
upgradeOrchestrationServicePath,
centralsecretServicePath,
dynamicPortRange,
securitySection);
newRules.AddRange(rulesForNode);
#if DotNetCoreClrLinux
string clientConnectionPort = null;
string clusterConnectionPort = null;
string serviceConnectionPort = null;
string clusterManagerReplicatorPort = null;
string repairManagerReplicatorPort = null;
string namingReplicatorPort = null;
string failoverManagerReplicatorPort = null;
string imageStoreServiceReplicatorPort = null;
string upgradeServiceReplicatorPort = null;
GetPorts2(
setting,
out clientConnectionPort,
out serviceConnectionPort,
out clusterConnectionPort,
out clusterManagerReplicatorPort,
out repairManagerReplicatorPort,
out namingReplicatorPort,
out failoverManagerReplicatorPort,
out imageStoreServiceReplicatorPort,
out upgradeServiceReplicatorPort);
var rulesForNode2 = FabricNodeFirewallRules.GetRulesForNode2(
setting.NodeName,
clientConnectionPort,
serviceConnectionPort,
clusterConnectionPort,
clusterManagerReplicatorPort,
repairManagerReplicatorPort,
namingReplicatorPort,
failoverManagerReplicatorPort,
imageStoreServiceReplicatorPort,
upgradeServiceReplicatorPort);
newRules.AddRange(rulesForNode2);
#endif
}
return(newRules);
}
/// <summary>
/// This function enables the firewall exceptions for all the nodes provied. The exceptions are for lease driver port, application ports and fabric process.
/// </summary>
/// <param name="nodes">The list of nodes for which exceptions need to be provided.</param>
/// <param name="isScaleMin">Whether te deployment is scale min or not.</param>
/// <param name="securitySection"> The security section which specifies what type of firewall profiles to set.</param>
/// <param name="removeRulesIfNotRequired">Should we delete the existing rules that are not required.</param>
/// <returns>true if exceptions are all enabled, false otherwise.</returns>
public static bool EnableFirewallSettings(List <NodeSettings> nodes, bool isScaleMin, SettingsOverridesTypeSection securitySection, bool removeRulesIfNotrequired)
{
Firewall fw = new Firewall();
if (!fw.IsEnabled())
{
return(true);
}
if (isScaleMin && NetworkApiHelper.IsAddressLoopback(nodes[0].IPAddressOrFQDN))
{
return(true);
}
List <FirewallRule> newRules = GetRulesForNodes(nodes, securitySection);
fw.UpdateRules(newRules, removeRulesIfNotrequired);
return(true);
}
// The FabricSettings require some hard coding to make the generated clustermanifest exactly the same as sdk clustermanifest
internal static void TuneGeneratedManifest(ClusterManifestType clustermanifest, List <SettingsSectionDescription> userFabricSettings)
{
ClusterManifestTypeInfrastructureWindowsServer winserverinfra = clustermanifest.Infrastructure.Item as ClusterManifestTypeInfrastructureWindowsServer;
if (winserverinfra != null)
{
if (clustermanifest.NodeTypes.Count() == 1)
{
winserverinfra.IsScaleMin = true;
}
else if (clustermanifest.NodeTypes.Count() == 5)
{
// Manually set the last two nodes to be non-seed nodes.
winserverinfra.NodeList[3].IsSeedNode = false;
winserverinfra.NodeList[4].IsSeedNode = false;
}
}
List <SettingsOverridesTypeSection> targetFabricSettings = new List <SettingsOverridesTypeSection>();
List <string> consumerInstances = new List <string>();
List <string> producerInstances = new List <string>();
foreach (SettingsOverridesTypeSection sourceSetting in clustermanifest.FabricSettings)
{
if (IsSectionToDrop(clustermanifest.NodeTypes.Count(), sourceSetting.Name))
{
continue;
}
else if (sourceSetting.Name == StringConstants.SectionName.Diagnostics)
{
List <SettingsOverridesTypeSectionParameter> parameters = new List <SettingsOverridesTypeSectionParameter>();
SettingsOverridesTypeSectionParameter param = sourceSetting.Parameter.FirstOrDefault(x => x.Name == StringConstants.ParameterName.ConsumerInstances);
if (param != null)
{
foreach (string item in param.Value.Split(','))
{
consumerInstances.Add(item.Trim());
}
}
param = sourceSetting.Parameter.FirstOrDefault(x => x.Name == StringConstants.ParameterName.ProducerInstances);
if (param != null)
{
foreach (string item in param.Value.Split(','))
{
if (!item.Contains("CrashDump"))
{
producerInstances.Add(item.Trim().Replace("WinFab", "ServiceFabric"));
}
else
{
consumerInstances.Add(item.Trim().Replace("ServiceFabric", "WinFab"));
}
}
param.Value = string.Join(", ", producerInstances.ToArray());
parameters.Add(param);
}
param = sourceSetting.Parameter.FirstOrDefault(x => x.Name == StringConstants.ParameterName.MaxDiskQuotaInMb);
if (param != null)
{
parameters.Add(param);
}
param = sourceSetting.Parameter.FirstOrDefault(x => x.Name == StringConstants.ParameterName.EnableCircularTraceSession);
if (param != null)
{
parameters.Add(param);
}
sourceSetting.Parameter = parameters.ToArray();
}
else if (sourceSetting.Name == StringConstants.SectionName.Hosting)
{
List <SettingsOverridesTypeSectionParameter> parameters = sourceSetting.Parameter.ToList();
SettingsOverridesTypeSectionParameter param = parameters.FirstOrDefault(x => x.Name == StringConstants.ParameterName.FirewallPolicyEnabled);
parameters.Remove(param);
sourceSetting.Parameter = parameters.ToArray();
}
else if (sourceSetting.Name == StringConstants.SectionName.Security)
{
List <SettingsOverridesTypeSectionParameter> parameters = sourceSetting.Parameter.ToList();
foreach (string securityparam in securityParamsToDrop)
{
SettingsOverridesTypeSectionParameter param = parameters.FirstOrDefault(x => x.Name == securityparam);
parameters.Remove(param);
}
sourceSetting.Parameter = parameters.ToArray();
}
else if (sourceSetting.Name == StringConstants.SectionName.HttpApplicationGateway)
{
List <SettingsOverridesTypeSectionParameter> parameters = sourceSetting.Parameter.ToList();
SettingsOverridesTypeSectionParameter param = parameters.FirstOrDefault(x => x.Name == StringConstants.ParameterName.GatewayX509CertificateStoreName);
parameters.Remove(param);
sourceSetting.Parameter = parameters.ToArray();
}
else if (sourceSetting.Name == StringConstants.SectionName.PlacementAndLoadBalancing)
{
List <SettingsOverridesTypeSectionParameter> parameters = sourceSetting.Parameter.ToList();
SettingsOverridesTypeSectionParameter param = parameters.FirstOrDefault(x => x.Name == StringConstants.ParameterName.QuorumBasedReplicaDistributionPerUpgradeDomains);
parameters.Remove(param);
sourceSetting.Parameter = parameters.ToArray();
}
else if (sourceSetting.Name == StringConstants.SectionName.ClusterManager)
{
List <SettingsOverridesTypeSectionParameter> parameters = sourceSetting.Parameter.ToList();
SettingsOverridesTypeSectionParameter param = parameters.FirstOrDefault(x => x.Name == StringConstants.ParameterName.EnableAutomaticBaseline);
parameters.Remove(param);
sourceSetting.Parameter = parameters.ToArray();
}
List <SettingsOverridesTypeSectionParameter> paramList = sourceSetting.Parameter.ToList();
SettingsOverridesTypeSectionParameter placementConstraintsparam = paramList.FirstOrDefault(x => x.Name == StringConstants.ParameterName.PlacementConstraints);
paramList.Remove(placementConstraintsparam);
SettingsOverridesTypeSectionParameter targetReplicaSetSize = paramList.FirstOrDefault(x => x.Name == StringConstants.ParameterName.TargetReplicaSetSize);
if (targetReplicaSetSize != null)
{
targetReplicaSetSize.Value = Math.Min(Convert.ToInt32(targetReplicaSetSize.Value), 3).ToString();
}
sourceSetting.Parameter = paramList.ToArray();
targetFabricSettings.Add(sourceSetting);
}
ApplyParamOverride(targetFabricSettings, clustermanifest.NodeTypes.Count(), IsSecureCluster(clustermanifest.FabricSettings), IsWin7());
foreach (string settingName in consumerInstances)
{
SettingsOverridesTypeSection item = targetFabricSettings.FirstOrDefault(x => x.Name == settingName);
targetFabricSettings.Remove(item);
}
foreach (string settingName in producerInstances)
{
SettingsOverridesTypeSection settingLegacy = targetFabricSettings.FirstOrDefault(x => x.Name == settingName.Replace("ServiceFabric", "WinFab"));
if (settingLegacy == null)
{
continue;
}
SettingsOverridesTypeSection settingNew = targetFabricSettings.FirstOrDefault(x => x.Name == settingName);
if (settingNew == null)
{
settingLegacy.Name = settingName;
SettingsOverridesTypeSectionParameter param = settingLegacy.Parameter.FirstOrDefault(x => x.Name == StringConstants.ParameterName.FolderType);
if (param != null)
{
param.Value = param.Value.Replace("WindowsFabric", "ServiceFabric");
}
}
else
{
List <SettingsOverridesTypeSectionParameter> paramNewList = settingNew.Parameter.ToList();
foreach (SettingsOverridesTypeSectionParameter paramLegacy in settingLegacy.Parameter)
{
SettingsOverridesTypeSectionParameter param = paramNewList.FirstOrDefault(x => x.Name == paramLegacy.Name);
if (param == null)
{
paramNewList.Add(paramLegacy);
}
}
targetFabricSettings.Remove(settingLegacy);
}
}
ApplyUserSettings(targetFabricSettings, userFabricSettings);
clustermanifest.FabricSettings = targetFabricSettings.ToArray();
}
internal static void ApplyParamOverride(List <SettingsOverridesTypeSection> targetFabricSettings, int nodeCount, bool isSecure, bool isWin7)
{
int offset = 0;
if (isSecure)
{
offset += 2;
}
if (isWin7)
{
offset += 1;
}
foreach (var item in settingsList)
{
Dictionary <string, string> paramOverride = null;
switch (nodeCount)
{
case 5:
{
paramOverride = item.Value[offset];
break;
}
case 1:
{
paramOverride = item.Value[4 + offset];
break;
}
default:
{
throw new ValidationException(ClusterManagementErrorCode.DevClusterSizeNotSupported, nodeCount);
}
}
if (paramOverride == null)
{
continue;
}
string settingName = item.Key;
SettingsOverridesTypeSection setting = targetFabricSettings.FirstOrDefault(x => x.Name == settingName);
if (setting == null)
{
setting = new SettingsOverridesTypeSection
{
Name = settingName
};
targetFabricSettings.Add(setting);
}
List <SettingsOverridesTypeSectionParameter> parameters = null;
if (setting.Parameter == null)
{
parameters = new List <SettingsOverridesTypeSectionParameter>();
}
else
{
parameters = setting.Parameter.ToList();
}
foreach (var paramItem in paramOverride)
{
SettingsOverridesTypeSectionParameter param = parameters.FirstOrDefault(x => x.Name == paramItem.Key);
if (param != null)
{
param.Value = paramItem.Value;
}
else
{
param = new SettingsOverridesTypeSectionParameter
{
Name = paramItem.Key,
Value = paramItem.Value
};
parameters.Add(param);
}
}
setting.Parameter = parameters.ToArray();
}
}
internal static bool StartCollection(SettingsOverridesTypeSection[] fabricSettings, FabricDeploymentSpecification deploymentSpecification)
{
if (!StopDataCollector())
{
return(false);
}
if (!DeleteDataCollector())
{
return(false);
}
var samplingInterval = PerformanceCounterCommon.DefaultSamplingInterval;
HashSet <string> counters = null;
int maxFileSizeInMB = PerformanceCounterCommon.MaxPerformanceCountersBinaryFileSizeInMB;
var newFileCreationInterval = PerformanceCounterCommon.NewPerfCounterBinaryFileCreationInterval;
string outputFolderPath = deploymentSpecification.GetPerformanceCountersBinaryFolder();
string outputFileNamePrefix = CounterFileNamePrefix;
bool includeMachineNameInOuputFile = false;
bool enableCircularTraceSession = FabricEnvironment.GetEnableCircularTraceSession();
SettingsOverridesTypeSection manifestSection = fabricSettings.FirstOrDefault(section => section.Name.Equals(Constants.SectionNames.PerformanceCounterLocalStore, StringComparison.OrdinalIgnoreCase));
if (manifestSection != null)
{
var isEnabledParameter = manifestSection.Parameter.FirstOrDefault(param => param.Name.Equals(System.Fabric.FabricValidatorConstants.ParameterNames.IsEnabled, StringComparison.OrdinalIgnoreCase));
if (isEnabledParameter != null)
{
bool isEnabled = bool.Parse(isEnabledParameter.Value);
if (!isEnabled)
{
DeployerTrace.WriteInfo(
"Performance counter collection is not enabled because parameter {0} in section {1} is set to false.",
System.Fabric.FabricValidatorConstants.ParameterNames.IsEnabled,
Constants.SectionNames.PerformanceCounterLocalStore);
return(true);
}
}
var samplingIntervalSecondsParameter = manifestSection.Parameter.FirstOrDefault(param => param.Name.Equals(Constants.ParameterNames.SamplingIntervalInSeconds, StringComparison.OrdinalIgnoreCase));
if (samplingIntervalSecondsParameter != null)
{
samplingInterval = TimeSpan.FromSeconds(int.Parse(samplingIntervalSecondsParameter.Value, CultureInfo.InvariantCulture));
}
var countersParameter = manifestSection.Parameter.FirstOrDefault(param => param.Name.Equals(System.Fabric.FabricValidatorConstants.ParameterNames.Counters, StringComparison.OrdinalIgnoreCase));
if (countersParameter != null)
{
PerformanceCounterCommon.ParseCounterList(countersParameter.Value, out counters);
}
var maxFileSizeInMBParameter = manifestSection.Parameter.FirstOrDefault(param => param.Name.Equals(Constants.ParameterNames.MaxCounterBinaryFileSizeInMB, StringComparison.OrdinalIgnoreCase));
if (maxFileSizeInMBParameter != null)
{
maxFileSizeInMB = int.Parse(maxFileSizeInMBParameter.Value, CultureInfo.InvariantCulture);
}
var newFileCreationIntervalMinutesParameter = manifestSection.Parameter.FirstOrDefault(param => param.Name.Equals(System.Fabric.FabricValidatorConstants.ParameterNames.NewCounterBinaryFileCreationIntervalMinutes, StringComparison.OrdinalIgnoreCase));
if (newFileCreationIntervalMinutesParameter != null)
{
newFileCreationInterval = TimeSpan.FromMinutes(int.Parse(newFileCreationIntervalMinutesParameter.Value, CultureInfo.InvariantCulture));
}
var testOnlyCounterFilePath = manifestSection.Parameter.FirstOrDefault(param => param.Name.Equals(System.Fabric.FabricValidatorConstants.ParameterNames.TestOnlyCounterFilePath, StringComparison.OrdinalIgnoreCase));
if (testOnlyCounterFilePath != null)
{
outputFolderPath = testOnlyCounterFilePath.Value;
}
var testOnlyCounterFileNamePrefix = manifestSection.Parameter.FirstOrDefault(param => param.Name.Equals(System.Fabric.FabricValidatorConstants.ParameterNames.TestOnlyCounterFileNamePrefix, StringComparison.OrdinalIgnoreCase));
if (testOnlyCounterFileNamePrefix != null)
{
outputFileNamePrefix = testOnlyCounterFileNamePrefix.Value;
}
var testOnlyIncludeMachineNameInCounterFileName = manifestSection.Parameter.FirstOrDefault(param => param.Name.Equals(Constants.ParameterNames.TestOnlyIncludeMachineNameInCounterFileName, StringComparison.OrdinalIgnoreCase));
if (testOnlyIncludeMachineNameInCounterFileName != null)
{
includeMachineNameInOuputFile = bool.Parse(testOnlyIncludeMachineNameInCounterFileName.Value);
}
}
if (counters == null)
{
PerformanceCounterCommon.ParseCounterList(PerformanceCounterCommon.LabelDefault, out counters);
}
DeployerTrace.WriteInfo("Performance counter sampling interval: {0} seconds.", samplingInterval);
if (!StartCollectionForCounterSet(
counters,
outputFolderPath,
outputFileNamePrefix,
includeMachineNameInOuputFile,
(int)samplingInterval.TotalSeconds,
maxFileSizeInMB,
(int)newFileCreationInterval.TotalMinutes,
enableCircularTraceSession))
{
return(false);
}
return(true);
}
