Fix GCP firewall issue and increases banner timeout for SSH issue

scripts/requirements-gateway.txt

@@ -1,3 +1,7 @@
+azure-mgmt-resource
+azure-mgmt-compute
+azure-mgmt-network
+azure-identity
 awscrt
 boto3
 flask

skylark/compute/aws/aws_server.py

@@ -117,5 +117,12 @@ def terminate_instance_impl(self):
     def get_ssh_client_impl(self):
         client = paramiko.SSHClient()
         client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
-        client.connect(self.public_ip(), username="ubuntu", key_filename=str(self.local_keyfile), look_for_keys=False, allow_agent=False)
+        client.connect(
+            self.public_ip(),
+            username="ubuntu",
+            key_filename=str(self.local_keyfile),
+            look_for_keys=False,
+            allow_agent=False,
+            banner_timeout=200,
+        )
         return client

skylark/compute/azure/azure_server.py

@@ -156,5 +156,6 @@ def get_ssh_client_impl(self, uname=os.environ.get("USER"), ssh_key_password="sk
             key_filename=str(self.ssh_private_key),
             passphrase=ssh_key_password,
             look_for_keys=False,
+            banner_timeout=200,
         )
         return ssh_client

skylark/compute/gcp/gcp_cloud_provider.py

@@ -5,6 +5,8 @@
 from typing import List
 
 import googleapiclient
+from loguru import logger
+from oslo_concurrency import lockutils
 import paramiko
 
 from skylark import key_root
@@ -150,24 +152,37 @@ def configure_default_network(self):
     def configure_default_firewall(self, ip="0.0.0.0/0"):
         """Configure default firewall to allow access from all ports from all IPs (if not exists)."""
         compute = GCPServer.get_gcp_client()
+
+        @lockutils.synchronized(f"gcp_configure_default_firewall", external=True, lock_path="/tmp/skylark_locks")
+        def create_firewall(body, update_firewall=False):
+            if update_firewall:
+                op = compute.firewalls().update(project=self.gcp_project, firewall="default", body=fw_body).execute()
+            else:
+                op = compute.firewalls().insert(project=self.gcp_project, body=fw_body).execute()
+            self.wait_for_operation_to_complete("global", op["name"])
+
         try:
             current_firewall = compute.firewalls().get(project=self.gcp_project, firewall="default").execute()
         except googleapiclient.errors.HttpError as e:
             if e.resp.status == 404:
                 current_firewall = None
             else:
                 raise e
+
         fw_body = {
             "name": "default",
             "allowed": [{"IPProtocol": "tcp", "ports": ["1-65535"]}, {"IPProtocol": "udp", "ports": ["1-65535"]}, {"IPProtocol": "icmp"}],
             "description": "Allow all traffic from all IPs",
             "sourceRanges": [ip],
         }
         if current_firewall is None:
-            op = compute.firewalls().insert(project=self.gcp_project, body=fw_body).execute()
-        else:
-            op = compute.firewalls().update(project=self.gcp_project, firewall="default", body=fw_body).execute()
-        self.wait_for_operation_to_complete("global", op["name"])
+            logger.warning(f"[GCP] Creating new firewall")
+            create_firewall(fw_body, update_firewall=False)
+            logger.debug(f"[GCP] Created new firewall")
+        elif current_firewall["allowed"] != fw_body["allowed"]:
+            logger.warning(f"[GCP] Updating firewall, current rules do not match")
+            create_firewall(fw_body, update_firewall=True)
+            logger.debug(f"[GCP] Updated firewall")
 
     def get_operation_state(self, zone, operation_name):
         compute = GCPServer.get_gcp_client()

skylark/compute/gcp/gcp_server.py

@@ -101,5 +101,6 @@ def get_ssh_client_impl(self, uname=os.environ.get("USER"), ssh_key_password="sk
             key_filename=str(self.ssh_private_key),
             passphrase=ssh_key_password,
             look_for_keys=False,
+            banner_timeout=200,
         )
         return ssh_client