From 285ff6940ef3cfb26fbaf407f305b8f7f4e08832 Mon Sep 17 00:00:00 2001 From: Sander van Harmelen Date: Wed, 16 Nov 2016 10:30:32 +0100 Subject: [PATCH] Revert some changes made in #4149 (#4175) After some more research and testing it turns out we can support the use case where you want to reuse an associated IP address that already has port 22 or 5985 forwarded, by using a random public port. The correct port to open in the firewall is different for the type of firewall used. The standard firewall requires the public port to be opened and the network ACL requires the private port to be opened. So by partially reverting this code and updating which ports to open in which cases, we can support all use cases again. --- .../cloudstack/step_configure_networking.go | 38 +++++++++++++------ 1 file changed, 27 insertions(+), 11 deletions(-) diff --git a/builder/cloudstack/step_configure_networking.go b/builder/cloudstack/step_configure_networking.go index edc8ac037..71a71e1cc 100644 --- a/builder/cloudstack/step_configure_networking.go +++ b/builder/cloudstack/step_configure_networking.go @@ -2,14 +2,19 @@ package cloudstack import ( "fmt" + "math/rand" "strings" + "time" "github.com/mitchellh/multistep" "github.com/mitchellh/packer/packer" "github.com/xanzy/go-cloudstack/cloudstack" ) -type stepSetupNetworking struct{} +type stepSetupNetworking struct { + privatePort int + publicPort int +} func (s *stepSetupNetworking) Run(state multistep.StateBag) multistep.StepAction { client := state.Get("client").(*cloudstack.CloudStackClient) @@ -24,6 +29,21 @@ func (s *stepSetupNetworking) Run(state multistep.StateBag) multistep.StepAction return multistep.ActionContinue } + // Generate a random public port used to configure our port forward. + rand.Seed(time.Now().UnixNano()) + s.publicPort = 50000 + rand.Intn(10000) + + // Set the currently configured port to be the private port. + s.privatePort = config.Comm.Port() + + // Set the SSH or WinRM port to be the randomly generated public port. + switch config.Comm.Type { + case "ssh": + config.Comm.SSHPort = s.publicPort + case "winrm": + config.Comm.WinRMPort = s.publicPort + } + // Retrieve the instance ID from the previously saved state. instanceID, ok := state.Get("instance_id").(string) if !ok || instanceID == "" { @@ -54,10 +74,6 @@ func (s *stepSetupNetworking) Run(state multistep.StateBag) multistep.StepAction p.SetNetworkid(network.Id) } - if config.Zone != "" { - p.SetZoneid(config.Zone) - } - // Associate a new public IP address. ipAddr, err := client.Address.AssociateIpAddress(p) if err != nil { @@ -76,9 +92,9 @@ func (s *stepSetupNetworking) Run(state multistep.StateBag) multistep.StepAction ui.Message("Creating port forward...") p := client.Firewall.NewCreatePortForwardingRuleParams( config.PublicIPAddress, - config.Comm.Port(), + s.privatePort, "TCP", - config.Comm.Port(), + s.publicPort, instanceID, ) @@ -110,8 +126,8 @@ func (s *stepSetupNetworking) Run(state multistep.StateBag) multistep.StepAction p.SetAclid(network.Aclid) p.SetAction("allow") p.SetCidrlist(config.CIDRList) - p.SetStartport(config.Comm.Port()) - p.SetEndport(config.Comm.Port()) + p.SetStartport(s.privatePort) + p.SetEndport(s.privatePort) p.SetTraffictype("ingress") // Create the network ACL rule. @@ -131,8 +147,8 @@ func (s *stepSetupNetworking) Run(state multistep.StateBag) multistep.StepAction // Configure the firewall rule. p.SetCidrlist(config.CIDRList) - p.SetStartport(config.Comm.Port()) - p.SetEndport(config.Comm.Port()) + p.SetStartport(s.publicPort) + p.SetEndport(s.publicPort) fwRule, err := client.Firewall.CreateFirewallRule(p) if err != nil {