def configure_instance_security(self, parameters): """ Setup EC2 security keys and groups. Required input values are read from the parameters dictionary. More specifically, this method expects to find a 'keyname' parameter and a 'group' parameter in the parameters dictionary. Using these provided values, this method will create a new EC2 key-pair and a security group. Security group will be granted permission to access any port on the instantiated VMs. (Also see documentation for the BaseAgent class) Args: parameters: A dictionary of parameters. """ keyname = parameters[self.PARAM_KEYNAME] group = parameters[self.PARAM_GROUP] AppScaleLogger.log("Verifying that keyname {0}".format(keyname) + \ " is not already registered.") conn = self.open_connection(parameters) if conn.get_key_pair(keyname): self.handle_failure("SSH keyname {0} is already registered. Please " \ "change the 'keyname' specified in your AppScalefile to a different " \ "value, or erase it to have one automatically generated for you." \ .format(keyname)) security_groups = conn.get_all_security_groups() for security_group in security_groups: if security_group.name == group: self.handle_failure("Security group {0} is already registered. Please" \ " change the 'group' specified in your AppScalefile to a different " \ "value, or erase it to have one automatically generated for you." \ .format(group)) AppScaleLogger.log("Creating key pair: {0}".format(keyname)) key_pair = conn.create_key_pair(keyname) ssh_key = '{0}{1}.key'.format(LocalState.LOCAL_APPSCALE_PATH, keyname) LocalState.write_key_file(ssh_key, key_pair.material) self.create_security_group(parameters, group) self.authorize_security_group(parameters, group, from_port=1, to_port=65535, ip_protocol='udp', cidr_ip='0.0.0.0/0') self.authorize_security_group(parameters, group, from_port=1, to_port=65535, ip_protocol='tcp', cidr_ip='0.0.0.0/0') self.authorize_security_group(parameters, group, from_port=-1, to_port=-1, ip_protocol='icmp', cidr_ip='0.0.0.0/0') return True
def configure_instance_security(self, parameters): """ Setup EC2 security keys and groups. Required input values are read from the parameters dictionary. More specifically, this method expects to find a 'keyname' parameter and a 'group' parameter in the parameters dictionary. Using these provided values, this method will create a new EC2 key-pair and a security group. Security group will be granted permission to access any port on the instantiated VMs. (Also see documentation for the BaseAgent class) Args: parameters: A dictionary of parameters. """ keyname = parameters[self.PARAM_KEYNAME] group = parameters[self.PARAM_GROUP] is_autoscale = parameters['autoscale_agent'] AppScaleLogger.log("Verifying that keyname {0}".format(keyname) + \ " is not already registered.") conn = self.open_connection(parameters) # While creating instances during autoscaling, we do not need to create a # new keypair or a security group. We just make use of the existing one. if is_autoscale in ['True', True]: return if conn.get_key_pair(keyname): self.handle_failure("SSH keyname {0} is already registered. Please " \ "change the 'keyname' specified in your AppScalefile to a different " \ "value, or erase it to have one automatically generated for you." \ .format(keyname)) security_groups = conn.get_all_security_groups() for security_group in security_groups: if security_group.name == group: self.handle_failure("Security group {0} is already registered. Please" \ " change the 'group' specified in your AppScalefile to a different " \ "value, or erase it to have one automatically generated for you." \ .format(group)) AppScaleLogger.log("Creating key pair: {0}".format(keyname)) key_pair = conn.create_key_pair(keyname) ssh_key = '{0}{1}.key'.format(LocalState.LOCAL_APPSCALE_PATH, keyname) LocalState.write_key_file(ssh_key, key_pair.material) self.create_security_group(parameters, group) self.authorize_security_group(parameters, group, from_port=1, to_port=65535, ip_protocol='udp', cidr_ip='0.0.0.0/0') self.authorize_security_group(parameters, group, from_port=1, to_port=65535, ip_protocol='tcp', cidr_ip='0.0.0.0/0') self.authorize_security_group(parameters, group, from_port=-1, to_port=-1, ip_protocol='icmp', cidr_ip='0.0.0.0/0') return True
def configure_instance_security(self, parameters): """ Setup EC2 security keys and groups. Required input values are read from the parameters dictionary. More specifically, this method expects to find a 'keyname' parameter and a 'group' parameter in the parameters dictionary. Using these provided values, this method will create a new EC2 key-pair and a security group. Security group will be granted permission to access any port on the instantiated VMs. (Also see documentation for the BaseAgent class) Args: parameters: A dictionary of parameters. """ keyname = parameters[self.PARAM_KEYNAME] group = parameters[self.PARAM_GROUP] is_autoscale = parameters[self.PARAM_AUTOSCALE_AGENT] AppScaleLogger.log("Verifying that keyname {0}".format(keyname) + \ " is not already registered.") conn = self.open_connection(parameters) # While creating instances during autoscaling, we do not need to create a # new keypair or a security group. We just make use of the existing one. if is_autoscale in ['True', True]: return if conn.get_key_pair(keyname): self.handle_failure("SSH keyname {0} is already registered. Please " \ "change the 'keyname' specified in your AppScalefile to a different " \ "value, or erase it to have one automatically generated for you." \ .format(keyname)) try: self.get_security_group_by_name(conn, group, parameters.get(self.PARAM_VPC_ID)) except SecurityGroupNotFoundException: # If this is raised, the group does not exist. pass else: self.handle_failure( "Security group {0} is already registered. Please " "change the 'group' specified in your AppScalefile " "to a different value, or erase it to have one " "automatically generated for you.".format(group)) AppScaleLogger.log("Creating key pair: {0}".format(keyname)) key_pair = conn.create_key_pair(keyname) ssh_key = '{0}{1}.key'.format(LocalState.LOCAL_APPSCALE_PATH, keyname) LocalState.write_key_file(ssh_key, key_pair.material) sg = self.create_security_group(parameters, group) self.authorize_security_group(parameters, sg.id, from_port=1, to_port=65535, ip_protocol='udp', cidr_ip='0.0.0.0/0') self.authorize_security_group(parameters, sg.id, from_port=1, to_port=65535, ip_protocol='tcp', cidr_ip='0.0.0.0/0') self.authorize_security_group(parameters, sg.id, from_port=-1, to_port=-1, ip_protocol='icmp', cidr_ip='0.0.0.0/0') return True