RubyGems - wakame-vdc-dcmgr - Versions diffs - 11.06.0 → 11.12.0 - Mend

wakame-vdc-dcmgr 11.06.0 → 11.12.0

Files changed (136) hide show

data/Rakefile +19 -31
data/bin/collector +6 -1
data/config/db/migrations/0001_v1110_origin.rb +446 -0
data/config/dcmgr.conf.example +51 -0
data/lib/dcmgr.rb +99 -22
data/lib/dcmgr/cli/base.rb +34 -1
data/lib/dcmgr/cli/host.rb +24 -20
data/lib/dcmgr/cli/image.rb +38 -19
data/lib/dcmgr/cli/keypair.rb +16 -12
data/lib/dcmgr/cli/network.rb +189 -81
data/lib/dcmgr/cli/quota.rb +2 -2
data/lib/dcmgr/cli/security_group.rb +106 -0
data/lib/dcmgr/cli/spec.rb +144 -39
data/lib/dcmgr/cli/storage.rb +16 -15
data/lib/dcmgr/cli/tag.rb +20 -14
data/lib/dcmgr/cli/vlan.rb +5 -5
data/lib/dcmgr/drivers/backing_store.rb +32 -0
data/lib/dcmgr/drivers/comstar.rb +81 -0
data/lib/dcmgr/drivers/iijgio_storage.rb +9 -19
data/lib/dcmgr/drivers/iscsi_target.rb +41 -0
data/lib/dcmgr/drivers/kvm.rb +161 -28
data/lib/dcmgr/drivers/linux_iscsi.rb +60 -0
data/lib/dcmgr/drivers/local_storage.rb +24 -0
data/lib/dcmgr/drivers/lxc.rb +167 -125
data/lib/dcmgr/drivers/raw.rb +74 -0
data/lib/dcmgr/drivers/s3_storage.rb +7 -19
data/lib/dcmgr/drivers/snapshot_storage.rb +18 -28
data/lib/dcmgr/drivers/storage_initiator.rb +28 -0
data/lib/dcmgr/drivers/sun_iscsi.rb +32 -0
data/lib/dcmgr/drivers/zfs.rb +77 -0
data/lib/dcmgr/endpoints/core_api.rb +315 -263
data/lib/dcmgr/endpoints/errors.rb +21 -10
data/lib/dcmgr/endpoints/metadata.rb +360 -23
data/lib/dcmgr/helpers/cli_helper.rb +6 -3
data/lib/dcmgr/helpers/ec2_metadata_helper.rb +9 -0
data/lib/dcmgr/helpers/nic_helper.rb +11 -0
data/lib/dcmgr/helpers/snapshot_storage_helper.rb +34 -0
data/lib/dcmgr/models/account.rb +0 -6
data/lib/dcmgr/models/account_resource.rb +0 -4
data/lib/dcmgr/models/base_new.rb +14 -2
data/lib/dcmgr/models/dhcp_range.rb +38 -0
data/lib/dcmgr/models/frontend_system.rb +0 -6
data/lib/dcmgr/models/history.rb +0 -11
data/lib/dcmgr/models/host_node.rb +131 -0
data/lib/dcmgr/models/hostname_lease.rb +0 -8
data/lib/dcmgr/models/image.rb +31 -18
data/lib/dcmgr/models/instance.rb +137 -143
data/lib/dcmgr/models/instance_nic.rb +52 -29
data/lib/dcmgr/models/instance_security_group.rb +9 -0
data/lib/dcmgr/models/instance_spec.rb +163 -31
data/lib/dcmgr/models/ip_lease.rb +10 -21
data/lib/dcmgr/models/mac_lease.rb +30 -11
data/lib/dcmgr/models/network.rb +148 -27
data/lib/dcmgr/models/physical_network.rb +18 -0
data/lib/dcmgr/models/quota.rb +0 -10
data/lib/dcmgr/models/request_log.rb +3 -18
data/lib/dcmgr/models/security_group.rb +66 -0
data/lib/dcmgr/models/security_group_rule.rb +145 -0
data/lib/dcmgr/models/ssh_key_pair.rb +16 -19
data/lib/dcmgr/models/{storage_pool.rb → storage_node.rb} +35 -25
data/lib/dcmgr/models/tag.rb +0 -14
data/lib/dcmgr/models/tag_mapping.rb +1 -7
data/lib/dcmgr/models/vlan_lease.rb +2 -8
data/lib/dcmgr/models/volume.rb +49 -37
data/lib/dcmgr/models/volume_snapshot.rb +15 -17
data/lib/dcmgr/node_modules/hva_collector.rb +69 -28
data/lib/dcmgr/node_modules/instance_ha.rb +23 -12
data/lib/dcmgr/node_modules/instance_monitor.rb +16 -2
data/lib/dcmgr/node_modules/openflow_controller.rb +784 -0
data/lib/dcmgr/node_modules/scheduler.rb +189 -0
data/lib/dcmgr/node_modules/service_netfilter.rb +452 -227
data/lib/dcmgr/node_modules/service_openflow.rb +731 -0
data/lib/dcmgr/node_modules/sta_collector.rb +20 -0
data/lib/dcmgr/node_modules/sta_tgt_initializer.rb +35 -0
data/lib/dcmgr/rack/request_logger.rb +11 -6
data/lib/dcmgr/rpc/hva_handler.rb +256 -110
data/lib/dcmgr/rpc/sta_handler.rb +244 -0
data/lib/dcmgr/scheduler.rb +122 -8
data/lib/dcmgr/scheduler/host_node/exclude_same.rb +24 -0
data/lib/dcmgr/scheduler/host_node/find_first.rb +12 -0
data/lib/dcmgr/scheduler/host_node/least_usage.rb +28 -0
data/lib/dcmgr/scheduler/host_node/per_instance.rb +18 -0
data/lib/dcmgr/scheduler/host_node/specify_node.rb +26 -0
data/lib/dcmgr/scheduler/network/flat_single.rb +23 -0
data/lib/dcmgr/scheduler/network/nat_one_to_one.rb +23 -0
data/lib/dcmgr/scheduler/network/per_instance.rb +39 -0
data/lib/dcmgr/scheduler/network/vif_template.rb +19 -0
data/lib/dcmgr/scheduler/storage_node/find_first.rb +13 -0
data/lib/dcmgr/scheduler/storage_node/least_usage.rb +23 -0
data/lib/dcmgr/storage_service.rb +39 -40
data/lib/dcmgr/tags.rb +3 -3
data/lib/dcmgr/version.rb +1 -1
data/lib/dcmgr/vnet.rb +105 -0
data/lib/dcmgr/vnet/factories.rb +141 -0
data/lib/dcmgr/vnet/isolators/by_securitygroup.rb +21 -0
data/lib/dcmgr/vnet/isolators/dummy.rb +17 -0
data/lib/dcmgr/vnet/netfilter/cache.rb +51 -0
data/lib/dcmgr/vnet/netfilter/chain.rb +66 -0
data/lib/dcmgr/vnet/netfilter/controller.rb +193 -0
data/lib/dcmgr/vnet/netfilter/ebtables_rule.rb +53 -0
data/lib/dcmgr/vnet/netfilter/iptables_rule.rb +45 -0
data/lib/dcmgr/vnet/netfilter/task_manager.rb +459 -0
data/lib/dcmgr/vnet/tasks/accept_all_dns.rb +19 -0
data/lib/dcmgr/vnet/tasks/accept_arp_broadcast.rb +24 -0
data/lib/dcmgr/vnet/tasks/accept_arp_from_friends.rb +34 -0
data/lib/dcmgr/vnet/tasks/accept_arp_from_gateway.rb +21 -0
data/lib/dcmgr/vnet/tasks/accept_arp_to_host.rb +30 -0
data/lib/dcmgr/vnet/tasks/accept_ip_from_friends.rb +26 -0
data/lib/dcmgr/vnet/tasks/accept_ip_from_gateway.rb +23 -0
data/lib/dcmgr/vnet/tasks/accept_ip_to_anywhere.rb +18 -0
data/lib/dcmgr/vnet/tasks/accept_related_established.rb +45 -0
data/lib/dcmgr/vnet/tasks/accept_wakame_dhcp_only.rb +33 -0
data/lib/dcmgr/vnet/tasks/accept_wakame_dns_only.rb +33 -0
data/lib/dcmgr/vnet/tasks/debug_iptables.rb +21 -0
data/lib/dcmgr/vnet/tasks/drop_arp_forwarding.rb +27 -0
data/lib/dcmgr/vnet/tasks/drop_arp_to_host.rb +24 -0
data/lib/dcmgr/vnet/tasks/drop_ip_from_anywhere.rb +18 -0
data/lib/dcmgr/vnet/tasks/drop_ip_spoofing.rb +34 -0
data/lib/dcmgr/vnet/tasks/drop_mac_spoofing.rb +33 -0
data/lib/dcmgr/vnet/tasks/exclude_from_nat.rb +47 -0
data/lib/dcmgr/vnet/tasks/security_group.rb +37 -0
data/lib/dcmgr/vnet/tasks/static_nat.rb +54 -0
data/lib/dcmgr/vnet/tasks/translate_metadata_address.rb +32 -0
data/web/metadata/config.ru +1 -1
metadata +174 -89
data/lib/dcmgr/cli/group.rb +0 -101
data/lib/dcmgr/endpoints/core_api_mock.rb +0 -865
data/lib/dcmgr/models/host_pool.rb +0 -122
data/lib/dcmgr/models/instance_netfilter_group.rb +0 -16
data/lib/dcmgr/models/netfilter_group.rb +0 -89
data/lib/dcmgr/models/netfilter_rule.rb +0 -21
data/lib/dcmgr/scheduler/find_last.rb +0 -16
data/lib/dcmgr/scheduler/find_random.rb +0 -16
data/lib/dcmgr/stm/instance.rb +0 -25
data/lib/dcmgr/stm/snapshot_context.rb +0 -33
data/lib/dcmgr/stm/volume_context.rb +0 -65

data/lib/dcmgr/scheduler/host_node/specify_node.rb ADDED

@@ -0,0 +1,26 @@
+# -*- coding: utf-8 -*-
+module Dcmgr
+  module Scheduler
+    module HostNode
+      # Find host node which has the same request_params[:host_node_id].
+      class SpecifyNode < HostNodeScheduler
+        include Dcmgr::Logger
+        def schedule(instance)
+          # TODO:
+          #  "host_id" and "host_pool_id" will be obsolete.
+          #  They are used in lib/dcmgr/endpoints/core_api.rb.
+          host_node_uuid = instance.request_params['host_id'] || instance.request_params['host_pool_id'] || instance.request_params['host_node_id']
+          ds = Models::HostNode.online_nodes.filter(:uuid=>Models::HostNode.trim_uuid(host_node_uuid))
+          host_node = ds.first
+          raise HostNodeSchedulingError if host_node.nil?
+          instance.host_node = host_node
+        end
+      end
+    end
+  end
+end

data/lib/dcmgr/scheduler/network/flat_single.rb ADDED

@@ -0,0 +1,23 @@
+# -*- coding: utf-8 -*-
+module Dcmgr
+  module Scheduler
+    module Network
+      # Simple network scheduler
+      # assign IP address from first found network to single interface.
+      class FlatSingle < NetworkScheduler
+        def schedule(instance)
+          # add single interface and set network
+          network = Models::Network.first
+          vif_template = instance.spec.vifs[instance.spec.vifs.keys.first] ||
+            {:index=>0, :bandwidth=>100000}
+          vnic = instance.add_nic(vif_template)
+          vnic.network = network
+          vnic.save
+        end
+      end
+    end
+  end
+end

data/lib/dcmgr/scheduler/network/nat_one_to_one.rb ADDED

@@ -0,0 +1,23 @@
+# -*- coding: utf-8 -*-
+module Dcmgr
+  module Scheduler
+    module Network
+      # One internal address + NAT external address to single interface.
+      class NatOneToOne < NetworkScheduler
+        def schedule(instance)
+          network = Models::Network[@options.network_id]
+          nat_network = Models::Network[@options.nat_network_id]
+          vif_template = instance.spec.vifs.find{ |name,v| v[:index] == 0 }.last
+          vnic = instance.add_nic(vif_template)
+          vnic.network = network
+          vnic.nat_network = nat_network
+          vnic.save
+        end
+      end
+    end
+  end
+end

data/lib/dcmgr/scheduler/network/per_instance.rb ADDED

@@ -0,0 +1,39 @@
+# -*- coding: utf-8 -*-
+module Dcmgr
+  module Scheduler
+    module Network
+      # Meta scheduler calls another scheduler specified by user.
+      class PerInstance < NetworkScheduler
+        include Dcmgr::Logger
+        def schedule(instance)
+          sched_opts = @options.to_hash || {}
+          sched_name = instance.request_params['network_scheduler']
+          if sched_name.nil? || sched_name == ''
+            if sched_opts.has_key?(:default)
+              sched_conf = @options.default
+            else
+              raise "Missing network_scheduler parameter from the request."
+            end
+          else
+            if sched_opts.has_key?(sched_name.to_sym)
+              sched_conf = @options.send(sched_name.to_sym)
+            else
+              raise "Unknown scheduler definition: #{sched_name} for the instance #{instance.canonical_uuid}"
+            end
+          end
+          sched_class = Scheduler.scheduler_class(sched_conf.scheduler, ::Dcmgr::Scheduler::Network)
+          sched = if sched_conf.respond_to?(:options)
+                    sched_class.new(sched_conf.options)
+                  else
+                    sched_class.new
+                   end
+          logger.info("Selected network scheduler: #{sched_name} #{sched_class} for the instance #{instance.canonical_uuid}")
+          sched.schedule(instance)
+        end
+      end
+    end
+  end
+end

data/lib/dcmgr/scheduler/network/vif_template.rb ADDED

@@ -0,0 +1,19 @@
+# -*- coding: utf-8 -*-
+module Dcmgr
+  module Scheduler
+    module Network
+      # Setup vnics by following InstanceSpec#vifs template.
+      class VifTemplate < NetworkScheduler
+        def schedule(instance)
+          instance.spec.vifs.each { |name, vif|
+            vnic = instance.add_nic(vif)
+            vnic.network = Models::Network[@options[name]]
+            vnic.save
+          }
+        end
+      end
+    end
+  end
+end

data/lib/dcmgr/scheduler/storage_node/find_first.rb ADDED

@@ -0,0 +1,13 @@
+# -*- coding: utf-8 -*-
+module Dcmgr; module Scheduler; module StorageNode
+  class FindFirst < StorageNodeScheduler
+    protected
+    def schedule_node(volume)
+      params = volume.request_params
+      volume.storage_node = Models::StorageNode.first
+    end
+  end
+end; end; end

data/lib/dcmgr/scheduler/storage_node/least_usage.rb ADDED

@@ -0,0 +1,23 @@
+# -*- coding: utf-8 -*-
+module Dcmgr
+  module Scheduler
+    module StorageNode
+      # Find storage node which has the largest available disk space.
+      class LeastUsage < StorageNodeScheduler
+        include Dcmgr::Logger
+        def schedule(volume)
+          storage_node = Models::StorageNode.online_nodes.all.find_all { |s|
+            s.free_disk_space >= volume.size
+          }.sort_by { |s|
+            s.free_disk_space
+          }.reverse.first
+          raise StorageNodeSchedulingError if storage_node.nil?
+          volume.storage_node = storage_node
+        end
+      end
+    end
+  end
+end

data/lib/dcmgr/storage_service.rb CHANGED

@@ -5,40 +5,39 @@ module Dcmgr
     @snapshot_repository_config = nil
-    def initialize(provider, access_key, secret_key)
+    def initialize(driver, options = {})
+      @driver = driver
       @account = {}
-      @account[:provider] = provider.upcase
-      @account[:access_key] = access_key
-      @account[:secret_key] = secret_key
+      @account[:id] = options[:account_id]
+      @account[:access_key] = options[:access_key]
+      @account[:secret_key] = options[:secret_key]
     end
     def self.snapshot_repository_config
       if @snapshot_repository_config.nil?
-        config_file = YAML.load_file(File.join(File.expand_path(DCMGR_ROOT), 'config', 'snapshot_repository.yml'))
+        config_file = YAML.load_file(File.join(File.expand_path('../../../', __FILE__), 'config', 'snapshot_repository.yml'))
         @snapshot_repository_config = config_file
       else
         @snapshot_repository_config
       end
     end
-    def self.has_driver?(driver)
-      %w(S3 IIJGIO).include? driver.upcase
-    end
-    def bucket(name)
-      case @account[:provider]
-        when 'S3'
-          @driver = Dcmgr::Drivers::S3Storage.new(name)
-        when 'IIJGIO'
-          @driver = Dcmgr::Drivers::IIJGIOStorage.new(name)
+    def snapshot_storage(bucket, path)
+      case @driver
+        when 'local'
+          @storage = Dcmgr::Drivers::LocalStorage.new(@account[:id], bucket, path)
+        when 's3'
+          @storage = Dcmgr::Drivers::S3Storage.new(@account[:id], bucket, path)
+        when 'iijgio'
+          @storage = Dcmgr::Drivers::IIJGIOStorage.new(@account[:id], bucket, path)
       else
-        raise "#{@account[:provider]} is not a recognized storage provider"
+        raise "#{@driver} is not a recognized storage driver"
       end
-      @driver.setenv('SERVICE', @account[:provider].downcase)
-      @driver.setenv('ACCESS_KEY_ID', @account[:access_key])
-      @driver.setenv('SECRET_ACCESS_KEY', @account[:secret_key])
-      @driver
+      @storage.setenv('SERVICE', @driver)
+      @storage.setenv('ACCESS_KEY_ID', @account[:access_key])
+      @storage.setenv('SECRET_ACCESS_KEY', @account[:secret_key])
+      @storage
     end
     def self.repository(repository_address)
@@ -47,32 +46,33 @@ module Dcmgr
       end
       tmp = repository_address.split(',')
       destination_key = tmp[0]
-      dest = destination_key.match(/^([a-z0-9_]+)@([a-z0-9_-]+):([a-z0-9_-]+):([a-z0-9_\-\/]+)(snap-[a-z0-9]+\.zsnap)+$/)
-      if dest.nil?
-        raise "Invalid format: #{repository_address}"
-      end
-      h = {
-        :destination => dest[1],
-        :driver => dest[2],
-        :bucket => dest[3],
-        :path => dest[4],
-        :filename => dest[5],
+      # ex. 'local@local:none:/home/ubuntu/work/repos/git/github.com/wakame-vdc/tmp/snap/a-shpoolxx/snap-gkosnc56.snap'
+      # dest = destination_key.match(/^([a-z0-9_]+)@([a-z0-9_-]+):([a-z0-9_-]+):([a-z0-9._\-\/]+)(snap-[a-z0-9]+\.snap)+$/)
+      results  = destination_key.split(':', 3)
+      accounts = results[0].split('@', 2)
+      h = {
+        :destination => accounts[0],
+        :driver => accounts[1],
+        :bucket => results[1],
+        :path => File.dirname(results[2]),
+        :filename => File.basename(results[2]),
         :access_key => tmp[1],
         :secret_key => tmp[2],
-      }
-    end
+      }
+    end
     def self.repository_address(destination_key)
       format = '%s,%s,%s'
       config_data = self.snapshot_repository_config
       destination = destination_key.split('@')[0]
-      if destination == 'local'
-        config = {:access_key => '', :secret_key => ''}
-      else
-        config = config_data[destination]
-      end
+      config = if destination == 'local'
+                 {'access_key' => '', 'secret_key' => ''}
+               else
+                 config_data[destination]
+               end
       sprintf(format, *[destination_key, config["access_key"], config["secret_key"]])
     end
@@ -90,9 +90,8 @@ module Dcmgr
         if config.nil?
           raise "Destination isn't exists"
         end
-        store_path = "snapshots/#{account_id}/"
       end
-      sprintf(format, *[destination, config["driver"], config["bucket"], File.join(store_path, filename)])
+      sprintf(format, *[destination, config["driver"], config["bucket"], File.join("#{store_path}/#{account_id}/", filename)])
     end
   end
 end

data/lib/dcmgr/tags.rb CHANGED

@@ -32,12 +32,12 @@ module Dcmgr::Tags
   class HostPool < Models::Tag
     def accept_mapping?(to)
-      to.is_a?(Dcmgr::Models::HostPool)
+      to.is_a?(Dcmgr::Models::HostNode)
     end
     def pick(spec)
       mapped_uuids.map { |t|
-        Dcmgr::Models::HostPool[t.uuid]
+        Dcmgr::Models::HostNode[t.uuid]
       }.find_all { |h|
         h.check_capacity(spec)
       }.sort_by { |h|
@@ -48,7 +48,7 @@ module Dcmgr::Tags
   class StoragePool < Models::Tag
     def accept_mapping?(to)
-      to.is_a?(Dcmgr::Models::StoragePool)
+      to.is_a?(Dcmgr::Models::StorageNode)
     end
   end
 end

data/lib/dcmgr/version.rb CHANGED

@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 module Dcmgr
-  VERSION_MAJOR="11.06"
+  VERSION_MAJOR="11.12"
   VERSION_MINOR=0
   VERSION="#{VERSION_MAJOR}.#{VERSION_MINOR}"

data/lib/dcmgr/vnet.rb ADDED

@@ -0,0 +1,105 @@
+# -*- coding: utf-8 -*-
+module Dcmgr
+  module VNet
+    # Abstract class for a Cache implementation to extend
+    class Cache
+      # Makes a call to the database and updates the Cache
+      def update
+        raise NotImplementedError
+      end
+      # Returns the cache
+      # if _force_update_ is set to true, the cache will be updated from the database
+      def get(force_update = false)
+        raise NotImplementedError
+      end
+      # Adds a newly started instance to the existing cache
+      def add_instance(inst_map)
+        raise NotImplementedError
+      end
+      # Removes a terminated instance from the existing cache
+      def remove_instance(inst_id)
+        raise NotImplementedError
+      end
+    end
+    # A controller interface to be implemented
+    class Controller
+      def apply_instance(instance)
+        raise NotImplementedError
+      end
+      def remove_instance(instance)
+        raise NotImplementedError
+      end
+      def join_security_group(instance,group)
+        raise NotImplementedError
+      end
+      def leave_security_group(instance,group)
+        raise NotImplementedError
+      end
+      def update_security_group(group)
+        raise NotImplementedError
+      end
+    end
+    class Rule
+    end
+    class Task
+      #Must be an array of rules
+      attr_accessor :rules
+      def initialize
+        @rules = []
+      end
+    end
+    # Abstract class for task managers to extend
+    # A task manager should be able to understand certain rules in a task and be able to apply those
+    class TaskManager
+      def apply_task(task)
+        raise NotImplementedError
+      end
+      def apply_tasks(tasks)
+        raise ArgumentError, "tasks must be an Array of Tasks." unless tasks.is_a?(Array)
+        tasks.each { |task|
+          next unless task.is_a?(Task)
+          apply_task(task)
+        }
+      end
+      def remove_task(task)
+        raise NotImplementedError
+      end
+      #TODO: Change Array to Enumerable
+      def remove_tasks(tasks)
+        raise ArgumentError, "tasks must be an Array of Tasks." unless tasks.is_a?(Array)
+        tasks.each { |task|
+          next unless task.is_a?(Task)
+          remove_task(task)
+        }
+      end
+    end
+    # Abstract class that determines how to isolate instances (vnics) from each other
+    class Isolator
+      def determine_friends(me,others)
+        raise notImplementedError
+      end
+    end
+  end
+end

data/lib/dcmgr/vnet/factories.rb ADDED

@@ -0,0 +1,141 @@
+# -*- coding: utf-8 -*-
+module Dcmgr
+  module VNet
+    # This file stores the factories. It is their job to read config files etc. to decide which implementation to use.
+    V = Dcmgr::VNet
+    class ControllerFactory
+      def self.create_controller(node)
+        V::Netfilter::NetfilterController.new(node)
+      end
+    end
+    class IsolatorFactory
+      def self.create_isolator
+        V::Isolators::BySecurityGroup.new
+        #V::Isolators::DummyIsolator.new
+      end
+    end
+    class TaskManagerFactory
+      def self.create_task_manager(node)
+        manager = V::Netfilter::VNicProtocolTaskManager.new
+        manager.enable_ebtables = node.manifest.config.enable_ebtables
+        manager.enable_iptables = node.manifest.config.enable_iptables
+        manager.verbose_commands = node.manifest.config.verbose_netfilter
+        manager
+      end
+    end
+    class TaskFactory
+      extend Dcmgr::Helpers::NicHelper
+      include V::Tasks
+      def self.create_tasks_for_isolation(vnic,friends,node)
+        tasks = []
+        enable_logging = node.manifest.config.packet_drop_log
+        ipset_enabled = node.manifest.config.use_ipset
+        friend_ips = friends.map {|vnic_map| vnic_map[:ipv4][:address]}
+        tasks << AcceptARPFromFriends.new(vnic[:ipv4][:address],friend_ips,enable_logging,"A arp friend #{vnic[:uuid]}")
+        #tasks << AcceptIpFromFriends(friend_ips)
+        if is_natted? vnic
+          # Friends don't use NAT, friends talk to each other with their REAL ip addresses.
+          # It's a heart warming scene, really
+          if ipset_enabled
+            # Not implemented yet
+            #tasks << ExcludeFromNatIpSet.new(friend_ips,vnic[:ipv4][:address])
+          else
+            tasks << ExcludeFromNat.new(friend_ips,vnic[:ipv4][:address])
+          end
+        end
+        tasks
+      end
+      # Returns the tasks required for applying this security group
+      def self.create_tasks_for_secgroup(secgroup)
+        [SecurityGroup.new(secgroup)]
+      end
+      # Returns the tasks that drop all traffic
+      def self.create_drop_tasks_for_vnic(vnic,node)
+        enable_logging = node.manifest.config.packet_drop_log
+        #TODO: Add logging to ip drops
+        [DropIpFromAnywhere.new, DropArpForwarding.new(enable_logging,"D arp #{vnic[:uuid]}: ")]
+      end
+      # Creates tasks related to network address translation
+      def self.create_nat_tasks_for_vnic(vnic,node)
+        #friend_ips = friends.map {|vnic_map| vnic_map[:ipv4][:address]}
+        #ipset_enabled = node.manifest.config.use_ipset
+        tasks = []
+        # Nat tasks
+        if is_natted? vnic
+          # Exclude instances in the same security group form using nat
+          #if ipset_enabled
+            # Not implemented yet
+            #tasks << ExcludeFromNatIpSet.new(friend_ips,vnic[:ipv4][:address])
+          #else
+            #tasks << ExcludeFromNat.new(friend_ips,vnic[:ipv4][:address])
+          #end
+          tasks << StaticNatLog.new(vnic[:ipv4][:address], vnic[:ipv4][:nat_address], "SNAT #{vnic[:uuid]}", "DNAT #{vnic[:uuid]}") if node.manifest.config.packet_drop_log
+          tasks << StaticNat.new(vnic[:ipv4][:address], vnic[:ipv4][:nat_address], clean_mac(vnic[:mac_addr]))
+        end
+        tasks << TranslateMetadataAddress.new(vnic[:uuid],vnic[:ipv4][:network][:metadata_server],vnic[:ipv4][:network][:metadata_server_port] || 80) unless vnic[:ipv4][:network][:metadata_server].nil?
+        tasks
+      end
+      #Returns the netfilter tasks required for this vnic
+      # The _friends_ parameter is an array of vnic_maps that should not be isolated from _vnic_
+      def self.create_tasks_for_vnic(vnic,friends,security_groups,node)
+        tasks = []
+        host_addr = Isono::Util.default_gw_ipaddr
+        enable_logging = node.manifest.config.packet_drop_log
+        ipset_enabled = node.manifest.config.use_ipset
+        # Drop all traffic that isn't explicitely accepted
+        tasks += self.create_drop_tasks_for_vnic(vnic,node)
+        # General data link layer tasks
+        tasks << AcceptARPToHost.new(host_addr,vnic[:ipv4][:address],enable_logging,"A arp to_host #{vnic[:uuid]}: ")
+        tasks << AcceptARPFromGateway.new(vnic[:ipv4][:network][:ipv4_gw],enable_logging,"A arp from_gw #{vnic[:uuid]}: ") unless vnic[:ipv4][:network][:ipv4_gw].nil?
+        tasks << DropIpSpoofing.new(vnic[:ipv4][:address],enable_logging,"D arp sp #{vnic[:uuid]}: ")
+        tasks << DropMacSpoofing.new(clean_mac(vnic[:mac_addr]),enable_logging,"D ip sp #{vnic[:uuid]}: ")
+        tasks << AcceptArpBroadcast.new(host_addr,enable_logging,"A arp bc #{vnic[:uuid]}: ")
+        # General ip layer tasks
+        tasks << AcceptIcmpRelatedEstablished.new
+        tasks << AcceptTcpRelatedEstablished.new
+        tasks << AcceptUdpEstablished.new
+        tasks << AcceptAllDNS.new
+        tasks << AcceptWakameDHCPOnly.new(vnic[:ipv4][:network][:dhcp_server]) unless vnic[:ipv4][:network][:dhcp_server].nil?
+        # Accept OUTGOING traffic from instances to anywhere in the network
+        #tasks << AcceptIpToAnywhere.new
+        # VM isolation based
+        tasks += self.create_tasks_for_isolation(vnic,friends,node)
+        tasks += self.create_nat_tasks_for_vnic(vnic,node)
+        # Accept ip traffic from the gateway that isn't blocked by other tasks
+        tasks << AcceptIpFromGateway.new(vnic[:ipv4][:network][:ipv4_gw]) unless vnic[:ipv4][:network][:ipv4_gw].nil?
+        # Security group tasks
+        security_groups.each { |secgroup|
+          tasks += self.create_tasks_for_secgroup(secgroup)
+        }
+        tasks
+      end
+    end
+  end
+end