private static void RemoveNetworks(DeploymentParameters parameters) { var containerServiceArguments = (parameters.UseContainerServiceArguments) ? (parameters.ContainerServiceArguments) : (FlatNetworkConstants.ContainerServiceArguments); #if !DotNetCoreClrLinux containerServiceArguments = (parameters.EnableContainerServiceDebugMode) ? (string.Format("{0} {1}", containerServiceArguments, FlatNetworkConstants.ContainerProviderServiceDebugModeArg)) : containerServiceArguments; #endif bool exceptionOccurred = false; string exceptionMsg = string.Empty; try { // Clean up container network set up var containerNetworkCleanupOperation = new ContainerNetworkCleanupOperation(); containerNetworkCleanupOperation.ExecuteOperation(parameters.ContainerNetworkName, containerServiceArguments, parameters.FabricDataRoot); } catch (Exception ex) { // we will throw this exception after isolated network clean up. exceptionOccurred = true; exceptionMsg = ex.Message; } try { // Clean up isolated network set up var isolatedNetworkCleanupOperation = new IsolatedNetworkCleanupOperation(); isolatedNetworkCleanupOperation.ExecuteOperation(parameters.IsolatedNetworkName, parameters.FabricBinRoot); } catch (Exception ex) { DeployerTrace.WriteError("Error occurred while cleaning up isolated network setup exception {0}", ex); } if (exceptionOccurred) { throw new InvalidDeploymentException(exceptionMsg); } }
protected void CleanupDeployment(DeploymentParameters parameters) { #if !DotNetCoreClr // Disable compiling on windows for now. Need to correct when porting FabricDeployer for windows. if (AccountHelper.IsAdminUser()) { CollectEventLogs(); FabricDeployerServiceController.DisableService(); if (!parameters.SkipFirewallConfiguration) { FirewallManager.DisableFirewallSettings(); } DeployerTrace.WriteInfo("Stopping data collectors"); PerformanceCounters.StopDataCollector(); DeployerTrace.WriteInfo("Deleting data collectors"); PerformanceCounters.DeleteDataCollector(); } else { DeployerTrace.WriteWarning( "Deployer is not run as Administrator. Skipping Firewall Management and Performance Counter Management. Possible Post remove cleanup required"); } if (FabricDeployerServiceController.IsRunning(parameters.MachineName)) { throw new InvalidDeploymentException(StringResources.Error_FabricDeployer_FabricHostStillRunning_Formatted); } #else DeployerTrace.WriteInfo("CoreClr: Skipping Firewall Management and Performance Counter Management cleanup on CoreClr."); #endif string targetInformationFileName = Path.Combine(parameters.FabricDataRoot, Constants.FileNames.TargetInformation); DeleteTargetInformationFile(targetInformationFileName); #if DotNetCoreClr // Disable compiling on windows for now. Need to correct when porting FabricDeployer for windows. bool skipDeleteFabricDataRoot = Utility.GetSkipDeleteFabricDataRoot() || (parameters.SkipDeleteFabricDataRoot != null && string.Equals(parameters.SkipDeleteFabricDataRoot, "true", StringComparison.OrdinalIgnoreCase)); #else bool skipDeleteFabricDataRoot = Utility.GetSkipDeleteFabricDataRoot() || (parameters.SkipDeleteFabricDataRoot != null && string.Equals(parameters.SkipDeleteFabricDataRoot, "true", StringComparison.InvariantCultureIgnoreCase)); #endif if (skipDeleteFabricDataRoot) { DeployerTrace.WriteInfo("Skipping deletion of Data Root."); } else { NetCloseResource(parameters.FabricDataRoot); SafeDeleteDirectory(parameters.FabricDataRoot, parameters.FabricLogRoot, Path.Combine(parameters.FabricDataRoot, Constants.FileNames.FabricHostSettings)); List <SettingsTypeSection> sections = new List <SettingsTypeSection>(); sections.Add(new SettingsTypeSection() { Name = Constants.SectionNames.Setup }); WriteFabricHostSettingsFile(parameters.FabricDataRoot, new SettingsType() { Section = sections.ToArray() }, parameters.MachineName); } #if !DotNetCoreClr // Disable compiling on windows for now. Need to correct when porting FabricDeployer for windows. SpnManager.CleanupSpn(); #else DeployerTrace.WriteInfo("CoreClrLinux: SPN cleanning skipped for Linux"); #endif #if !DotNetCoreClrIOT new DockerDnsHelper(parameters, string.Empty).CleanupAsync().GetAwaiter().GetResult(); // Clean up docker network set up var containerNetworkCleanupOperation = new ContainerNetworkCleanupOperation(); containerNetworkCleanupOperation.ExecuteOperation(parameters.ContainerNetworkName); #endif }
/// <summary> /// CreateOrUpdate operation inherits from RestartOperation. /// This api will invoke network reset only in the restart case. /// </summary> /// <param name="clusterManifest"></param> private void ResetNetworks(DeploymentParameters parameters, ClusterManifestType clusterManifest, Infrastructure infrastructure) { if (parameters.Operation == DeploymentOperations.None) { var lastBootUpTimeFromRegistry = Utility.GetNodeLastBootUpTimeFromRegistry(); var lastBootUpTimeFromSystem = Utility.GetNodeLastBootUpTimeFromSystem(); DeployerTrace.WriteInfo("Last boot up time from registry:{0} from system:{1}", lastBootUpTimeFromRegistry, lastBootUpTimeFromSystem); // This is a work around to handle the case where the flat network was not usable after VM reboot. #region Container Network Reset if (!parameters.SkipContainerNetworkResetOnReboot) { if (!string.Equals(lastBootUpTimeFromRegistry.ToString(), lastBootUpTimeFromSystem.ToString(), StringComparison.OrdinalIgnoreCase)) { DeployerTrace.WriteInfo("Invoking container network reset."); var containerServiceArguments = (parameters.UseContainerServiceArguments) ? (parameters.ContainerServiceArguments) : (FlatNetworkConstants.ContainerServiceArguments); containerServiceArguments = (parameters.EnableContainerServiceDebugMode) ? (string.Format("{0} {1}", containerServiceArguments, FlatNetworkConstants.ContainerProviderServiceDebugModeArg)) : containerServiceArguments; // This check is needed to allow clean up on azure. This is symmetrical to the set up condition. if (clusterManifest.Infrastructure.Item is ClusterManifestTypeInfrastructureWindowsAzure || clusterManifest.Infrastructure.Item is ClusterManifestTypeInfrastructurePaaS) { var containerNetworkCleanupOperation = new ContainerNetworkCleanupOperation(); containerNetworkCleanupOperation.ExecuteOperation(parameters.ContainerNetworkName, containerServiceArguments, parameters.FabricDataRoot, parameters.Operation); } if (parameters.ContainerNetworkSetup) { // Set up docker network. var containerNetworkSetupOperation = new ContainerNetworkSetupOperation(); containerNetworkSetupOperation.ExecuteOperation(parameters, clusterManifest, infrastructure); } // Record last boot up time. Utility.SaveNodeLastBootUpTimeToRegistry(lastBootUpTimeFromSystem); } } else { DeployerTrace.WriteInfo("Skipping container network reset on reboot because SkipContainerNetworkResetOnReboot flag is enabled."); } #endregion // This is a work around to handle the case where the isolated network was not usable after VM reboot. #region Isolated Network Reset if (parameters.EnableUnsupportedPreviewFeatures) { if (!parameters.SkipIsolatedNetworkResetOnReboot) { if (!string.Equals(lastBootUpTimeFromRegistry.ToString(), lastBootUpTimeFromSystem.ToString(), StringComparison.OrdinalIgnoreCase)) { DeployerTrace.WriteInfo("Invoking isolated network reset."); // Clean up isolated network set up var isolatedNetworkCleanupOperation = new IsolatedNetworkCleanupOperation(); isolatedNetworkCleanupOperation.ExecuteOperation(parameters.IsolatedNetworkName, parameters.FabricBinRoot, parameters.Operation); if (parameters.IsolatedNetworkSetup) { var isolatedNetworkSetupOperation = new IsolatedNetworkSetupOperation(); isolatedNetworkSetupOperation.ExecuteOperation(parameters, clusterManifest, infrastructure); } // Record last boot up time. Utility.SaveNodeLastBootUpTimeToRegistry(lastBootUpTimeFromSystem); } } else { DeployerTrace.WriteInfo("Skipping isolated network reset on reboot because SkipIsolatedNetworkResetOnReboot flag is enabled."); } } else { DeployerTrace.WriteInfo("Isolated Network preview feature disabled for the cluster."); } #endregion } }
protected override void OnExecuteOperation(DeploymentParameters parameters, ClusterManifestType clusterManifest, Infrastructure infrastructure) { var isRunningAsAdmin = AccountHelper.IsAdminUser(); if (!isRunningAsAdmin) { DeployerTrace.WriteWarning(StringResources.Warning_DeployerNotRunAsAdminSkipFirewallAndPerformanceCounter); return; } if (clusterManifest == null) { DeployerTrace.WriteError(StringResources.Error_FabricHostStartedWithoutConfiguringTheNode); throw new ArgumentException(StringResources.Error_FabricHostStartedWithoutConfiguringTheNode); } this.parameters = parameters; this.manifest = clusterManifest; this.infrastructure = infrastructure; this.fabricValidator = new FabricValidatorWrapper(parameters, manifest, infrastructure); fabricValidator.ValidateAndEnsureDefaultImageStore(); if (!parameters.SkipFirewallConfiguration) { var securitySection = manifest.FabricSettings.FirstOrDefault(fabSetting => fabSetting.Name.Equals(Constants.SectionNames.Security, StringComparison.OrdinalIgnoreCase)); #if DotNetCoreClrLinux if (isRunningAsAdmin && clusterManifest.Infrastructure.Item is ClusterManifestTypeInfrastructureLinux) { var currentInfrastructure = clusterManifest.Infrastructure.Item as ClusterManifestTypeInfrastructureLinux; #else if (isRunningAsAdmin && clusterManifest.Infrastructure.Item is ClusterManifestTypeInfrastructureWindowsServer) { var currentInfrastructure = clusterManifest.Infrastructure.Item as ClusterManifestTypeInfrastructureWindowsServer; #endif var nodeSettings = GetNodeSettings(); var isScaleMin = currentInfrastructure.IsScaleMin; FirewallManager.EnableFirewallSettings(nodeSettings, isScaleMin, securitySection, this is UpdateNodeStateOperation); NetworkApiHelper.ReduceDynamicPortRange(nodeSettings, isScaleMin); } else if (isRunningAsAdmin) { var nodeSettings = GetNodeSettings(); FirewallManager.EnableFirewallSettings(nodeSettings, false, securitySection, this is UpdateNodeStateOperation); NetworkApiHelper.ReduceDynamicPortRange(nodeSettings, false); } } #if !DotNetCoreClrIOT && !DotNetCoreClrLinux #region Container Network Reset // CreateOrUpdate operation inherits from RestartOperation. // This check will invoke network reset only in the restart case. // This is a work around to handle the case where the flat network was not usable after VM reboot. if (parameters.Operation == DeploymentOperations.None) { if (!parameters.SkipContainerNetworkResetOnReboot) { var lastBootUpTimeFromRegistry = Utility.GetNodeLastBootUpTimeFromRegistry(); var lastBootUpTimeFromSystem = Utility.GetNodeLastBootUpTimeFromSystem(); DeployerTrace.WriteInfo("Last boot up time from registry:{0} from system:{1}", lastBootUpTimeFromRegistry, lastBootUpTimeFromSystem); if (!string.Equals(lastBootUpTimeFromRegistry.ToString(), lastBootUpTimeFromSystem.ToString(), StringComparison.OrdinalIgnoreCase)) { DeployerTrace.WriteInfo("Invoking container network reset."); // This check is needed to allow clean up on azure. This is symmetrical to the set up condition. if (clusterManifest.Infrastructure.Item is ClusterManifestTypeInfrastructureWindowsAzure || clusterManifest.Infrastructure.Item is ClusterManifestTypeInfrastructurePaaS) { var containerNetworkCleanupOperation = new ContainerNetworkCleanupOperation(); containerNetworkCleanupOperation.ExecuteOperation(parameters.ContainerNetworkName, parameters.Operation); } if (parameters.ContainerNetworkSetup) { // set up docker network. var containerNetworkSetupOperation = new ContainerNetworkSetupOperation(); containerNetworkSetupOperation.ExecuteOperation(parameters, clusterManifest, infrastructure); } // Record last boot up time Utility.SaveNodeLastBootUpTimeToRegistry(lastBootUpTimeFromSystem); } } else { DeployerTrace.WriteInfo("Skipping container network reset on reboot because SkipContainerNetworkResetOnReboot flag is enabled."); } } #endregion #endif #if !DotNetCoreClrIOT if (parameters.ContainerDnsSetup == ContainerDnsSetup.Allow || parameters.ContainerDnsSetup == ContainerDnsSetup.Require) { try { string currentNodeIPAddressOrFQDN = string.Empty; if ((infrastructure != null) && (infrastructure.InfrastructureNodes != null)) { foreach (var infraNode in infrastructure.InfrastructureNodes) { DeployerTrace.WriteInfo("Infra node <{0}> params.NodeName <{1}>", infraNode.NodeName, parameters.NodeName); if (NetworkApiHelper.IsAddressForThisMachine(infraNode.IPAddressOrFQDN)) { currentNodeIPAddressOrFQDN = infraNode.IPAddressOrFQDN; DeployerTrace.WriteInfo("Found node IPAddressOrFQDN <{0}>", currentNodeIPAddressOrFQDN); break; } } } new DockerDnsHelper(parameters, currentNodeIPAddressOrFQDN).SetupAsync().GetAwaiter().GetResult(); } catch (Exception ex) { if (parameters.ContainerDnsSetup == ContainerDnsSetup.Require) { DeployerTrace.WriteError( StringResources.Error_FabricDeployer_DockerDnsSetup_ErrorNotContinuing, Constants.ParameterNames.ContainerDnsSetup, parameters.ContainerDnsSetup, ex); throw; } DeployerTrace.WriteWarning( StringResources.Warning_FabricDeployer_DockerDnsSetup_ErrorContinuing, Constants.ParameterNames.ContainerDnsSetup, parameters.ContainerDnsSetup, ex); } } else if (parameters.ContainerDnsSetup == ContainerDnsSetup.Disallow) { // cleanupasync catches all exceptions new DockerDnsHelper(parameters, string.Empty).CleanupAsync().GetAwaiter().GetResult(); } #endif #if !DotNetCoreClr // Disable compiling on windows for now. Need to correct when porting FabricDeployer for windows. if (!PerformanceCounters.StartCollection(clusterManifest.FabricSettings, parameters.DeploymentSpecification)) { DeployerTrace.WriteWarning(StringResources.Error_FabricDeployer_StartCounterCollectionFailed_Formatted); } if (fabricValidator.ShouldRegisterSpnForMachineAccount) { if (!SpnManager.EnsureSpn()) { throw new InvalidDeploymentException(StringResources.Error_FabricDeployer_FailedToRegisterSpn_Formatted); } } #endif }
protected override void OnExecuteOperation(DeploymentParameters parameters, ClusterManifestType clusterManifest, Infrastructure infrastructure) { var isRunningAsAdmin = AccountHelper.IsAdminUser(); if (infrastructure == null) { DeployerTrace.WriteError("Cannot continue creating or updating deployment without infrastructure information"); throw new InvalidDeploymentException(StringResources.Error_FabricDeployer_InvalidInfrastructure_Formatted); } if (parameters.Operation == DeploymentOperations.Update) { if (ShouldRemoveCurrentNode(parameters.NodeName, clusterManifest)) { #if !DotNetCoreClrLinux DeployerTrace.WriteError("Current node is not present in the manifest list for Windows Server deployments. Changing DeploymentOperation to RemoveNodeConfig"); throw new ChangeDeploymentOperationToRemoveException("Modify Operation to RemoveNodeConfig"); #else DeployerTrace.WriteInfo("CoreClrLinux: RemoveNodeConfigOperation is not enabled on Linux."); return; #endif } } AclClusterLevelCerts(clusterManifest); #if !DotNetCoreClrIOT #region Container Network Setup if (parameters.ContainerNetworkSetup) { var containerNetworkSetupOperation = new ContainerNetworkSetupOperation(); containerNetworkSetupOperation.ExecuteOperation(parameters, clusterManifest, infrastructure); } else { // Clean up docker network set up. This is needed for the SFRP scenario (there is no explicit uninstall) // when customers want to clean up container network set up through config upgrade. #if !DotNetCoreClrLinux // This check is needed to allow clean up on azure. This is symmetrical to the set up condition. if (clusterManifest.Infrastructure.Item is ClusterManifestTypeInfrastructureWindowsAzure || clusterManifest.Infrastructure.Item is ClusterManifestTypeInfrastructurePaaS) { var containerNetworkCleanupOperation = new ContainerNetworkCleanupOperation(); containerNetworkCleanupOperation.ExecuteOperation(parameters.ContainerNetworkName, parameters.Operation); } #else // This check is needed to disallow one box clean up on linux. This is symmetrical to the set up condition. // This was also needed because one box clean up resulted in an exception in the GetNetwork api. // Exception => System.Threading.Tasks.TaskCanceledException: A task was canceled if (clusterManifest.Infrastructure.Item is ClusterManifestTypeInfrastructurePaaS) { var containerNetworkCleanupOperation = new ContainerNetworkCleanupOperation(); containerNetworkCleanupOperation.ExecuteOperation(parameters.ContainerNetworkName, parameters.Operation); } #endif } #endregion #endif base.OnExecuteOperation(parameters, clusterManifest, infrastructure); if (fabricValidator.IsTVSEnabled) { #if !DotNetCoreClr // Disable compiling on windows. Need to correct when porting FabricDeployer. if (!TVSSetup.SetupInfrastructureForClaimsAuth(isRunningAsAdmin)) { DeployerTrace.WriteError("Enabling WIF failed when creating or updating deployment with claims authentication."); throw new InvalidDeploymentException(StringResources.Error_FabricDeployer_TVSSetupFailed_Formatted); } #else DeployerTrace.WriteInfo("CoreClr: Token validation service is not enabled on Linux."); #endif } }
/// <summary> /// Sets up or cleans up two types of networks - /// 1) Open Network /// 2) Isolated Network /// </summary> private void ManageNetworks(DeploymentParameters parameters, ClusterManifestType clusterManifest, Infrastructure infrastructure) { #region Container Network Setup if (parameters.ContainerNetworkSetup) { var containerNetworkSetupOperation = new ContainerNetworkSetupOperation(); containerNetworkSetupOperation.ExecuteOperation(parameters, clusterManifest, infrastructure); } else { // Clean up docker network set up. This is needed for the SFRP scenario (there is no explicit uninstall) // when customers want to clean up container network set up through config upgrade. var containerServiceArguments = (parameters.UseContainerServiceArguments) ? (parameters.ContainerServiceArguments) : (FlatNetworkConstants.ContainerServiceArguments); #if !DotNetCoreClrLinux containerServiceArguments = (parameters.EnableContainerServiceDebugMode) ? (string.Format("{0} {1}", containerServiceArguments, FlatNetworkConstants.ContainerProviderServiceDebugModeArg)) : containerServiceArguments; // This check is needed to allow clean up on azure. This is symmetrical to the set up condition. if (clusterManifest.Infrastructure.Item is ClusterManifestTypeInfrastructureWindowsAzure || clusterManifest.Infrastructure.Item is ClusterManifestTypeInfrastructurePaaS) { var containerNetworkCleanupOperation = new ContainerNetworkCleanupOperation(); containerNetworkCleanupOperation.ExecuteOperation(parameters.ContainerNetworkName, containerServiceArguments, parameters.FabricDataRoot, parameters.Operation); } #else // This check is needed to disallow one box clean up on linux. This is symmetrical to the set up condition. // This was also needed because one box clean up resulted in an exception in the GetNetwork api. // Exception => System.Threading.Tasks.TaskCanceledException: A task was canceled if (clusterManifest.Infrastructure.Item is ClusterManifestTypeInfrastructurePaaS) { var containerNetworkCleanupOperation = new ContainerNetworkCleanupOperation(); containerNetworkCleanupOperation.ExecuteOperation(parameters.ContainerNetworkName, containerServiceArguments, parameters.FabricDataRoot, parameters.Operation); } #endif // !DotNetCoreClrLinux } #endregion #region Isolated Network Setup if (parameters.EnableUnsupportedPreviewFeatures) { if (parameters.IsolatedNetworkSetup) { var isolatedNetworkSetupOperation = new IsolatedNetworkSetupOperation(); isolatedNetworkSetupOperation.ExecuteOperation(parameters, clusterManifest, infrastructure); } else { var isolatedNetworkCleanupOperation = new IsolatedNetworkCleanupOperation(); isolatedNetworkCleanupOperation.ExecuteOperation(parameters.IsolatedNetworkName, parameters.FabricBinRoot, parameters.Operation); } } else { DeployerTrace.WriteInfo("Isolated Network preview feature disabled for the cluster."); } #endregion }