Merge pull request #23 from biondizzle/CLOUD-1876

biondizzle · web-flow · commit 970411f7aad4 · 2022-08-25T01:45:40.000-04:00
Fix issues on Rancher versions &gt; v2.x
diff --git a/machine/driver/driver.go b/machine/driver/driver.go
@@ -21,14 +21,12 @@ import (
 )
 
 const (
-	defaultOSID        = 352 // Currently only works on debian 10
+	defaultOSID        = 387 // Ubuntu 20.04
 	defaultRegion      = "ewr"
 	defaultPlan        = "vc2-1c-2gb"
 	defaultDockerPort  = 2376
 	defaultBackups     = "disabled"
 	defaultLabelPrefix = "vultr-rancher-node-"
-	rancherCatalogPort = 443
-	k8APIServer        = 6443
 )
 
 // VultrDriver ... driver struct
@@ -40,8 +38,15 @@ type VultrDriver struct {
 	ResponsePayloads struct {
 		Instance *govultr.Instance
 	}
-	APIKey     string
-	DockerPort int
+	APIKey         string
+	DockerPort     int
+	UFWPortsToOpen []string
+	DisableUFW     bool
+}
+
+// getDefaultUFWPortsToOpen ...
+func (d *VultrDriver) getDefaultUFWPortsToOpen() []string {
+	return []string{"22", "80", "443", "2376", "2379", "2380", "6443", "9099", "9796", "10250", "10254", "30000:32767/tcp", "8472/udp", "30000:32767/udp"}
 }
 
 // GetCreateFlags ... returns the mcnflag.Flag slice representing the flags
@@ -78,7 +83,7 @@ func (d *VultrDriver) GetCreateFlags() []mcnflag.Flag {
 		mcnflag.IntFlag{
 			EnvVar: "VULTR_OSID",
 			Name:   "vultr-os-id",
-			Usage:  "Operating system ID (default: [352] Debian 10)",
+			Usage:  "Operating system ID (default: [387] Ubuntu 20.04)",
 			Value:  defaultOSID,
 		},
 		mcnflag.StringFlag{
@@ -173,6 +178,17 @@ func (d *VultrDriver) GetCreateFlags() []mcnflag.Flag {
 			Usage:  "Port the docker machine will host on (default: 2376)",
 			Value:  defaultDockerPort,
 		},
+		mcnflag.BoolFlag{
+			EnvVar: "VULTR_DISABLE_OS_FIREWALL",
+			Name:   "vultr-disable-os-firewall",
+			Usage:  "Disable the UFW firewall that comes standard on every Vultr OS (default: false)",
+		},
+		mcnflag.StringSliceFlag{
+			EnvVar: "VULTR_PORTS_TO_OPEN_ON_OS_FIREWALL",
+			Name:   "vultr-ports-to-open-on-os-firewall",
+			Usage:  "Comma delimited list of ports to open on the UFW firewall that comes standard on every Vultr OS (default: " + strings.Join(d.getDefaultUFWPortsToOpen()[:], ",") + " )",
+			Value:  d.getDefaultUFWPortsToOpen(),
+		},
 	}
 }
 
@@ -237,6 +253,8 @@ func (d *VultrDriver) SetConfigFromFlags(opts drivers.DriverOptions) error {
 	d.RequestPayloads.InstanceCreateReq.ReservedIPv4 = opts.String("vultr-floating-ipv4-id")
 	d.RequestPayloads.InstanceCreateReq.ActivationEmail = utils.BoolPtr(opts.Bool("vultr-send-activation-email"))
 	d.DockerPort = opts.Int("vultr-docker-port")
+	d.DisableUFW = opts.Bool("vultr-disable-os-firewall")
+	d.UFWPortsToOpen = opts.StringSlice("vultr-ports-to-open-on-os-firewall")
 
 	return nil
 }
@@ -266,8 +284,8 @@ func (d *VultrDriver) Create() (err error) {
 		d.addSSHKeyToCloudInitUserData()
 	}
 
-	// Allow docker through the firewall. Every vultr OS uses ufw
-	d.appendToCloudInitUserDataCloudConfig([]byte("\r\nruncmd:\r\n  - ufw allow " + cast.ToString(d.DockerPort) + "\r\n  - ufw allow " + cast.ToString(rancherCatalogPort) + "\r\n  - ufw allow " + cast.ToString(rancherCatalogPort)))
+	// Add all the UFW commands to the cloud init user config
+	d.addUFWCommandsToCloudInitUserDataCloudConfig()
 
 	// Create instance
 	d.ResponsePayloads.Instance, err = vultrClient.Instance.Create(context.Background(), &d.RequestPayloads.InstanceCreateReq)
@@ -290,6 +308,9 @@ func (d *VultrDriver) Create() (err error) {
 		break
 	}
 
+	// We need to also set the IP in the base driver
+	d.IPAddress, _ = d.GetIP()
+
 	return nil
 }
 
@@ -522,6 +543,38 @@ func (d *VultrDriver) validatePlan() error {
 	return notAvailableErr
 }
 
+// addUFWCommandsToCloudInitUserDataCloudConfig ...
+func (d *VultrDriver) addUFWCommandsToCloudInitUserDataCloudConfig() {
+
+	// First add the run command
+	d.appendToCloudInitUserDataCloudConfig([]byte("\r\nruncmd:"))
+
+	// Lets keep track of this
+	var dockerPortWasOpened bool
+	dockerPortAsString := cast.ToString(d.DockerPort)
+
+	// Now add all the UFW rules
+	for _, _port := range d.UFWPortsToOpen {
+		// A little insurance to make sure we opened the docker port
+		if _port == dockerPortAsString {
+			dockerPortWasOpened = true
+		}
+
+		// Add to the cloud init user data cloud config
+		d.appendToCloudInitUserDataCloudConfig([]byte("\r\n  - ufw allow " + _port))
+	}
+
+	// Docker port was NOT opened, lets do that
+	if !dockerPortWasOpened {
+		d.appendToCloudInitUserDataCloudConfig([]byte("\r\n  - ufw allow " + dockerPortAsString))
+	}
+
+	// Disable firewall
+	if d.DisableUFW {
+		d.appendToCloudInitUserDataCloudConfig([]byte("\r\n  - ufw disable"))
+	}
+}
+
 // appendToCloudInitUserDataCloudConfig ... appends to the #cloud-config of the userdata
 func (d *VultrDriver) appendToCloudInitUserDataCloudConfig(additionalCloudConfig []byte) {
 	var userData []byte
