def create_processing_control_server(eb_environment_name, aws_server_type): """ The differences between a data processing worker server and a processing controller server is that the controller needs to allow connections from the processors. """ get_rds_security_groups_by_eb_name( eb_environment_name)["instance_sec_grp"]['GroupId'] # TODO: functions that terminate all worker and all manager servers for an environment manager_info = get_manager_instance_by_eb_environment_name( eb_environment_name) if manager_info is not None and manager_info['State'][ 'Name'] != 'terminated': if manager_info['InstanceType'] == aws_server_type: msg = "A manager server, %s, already exists for this environment, and it is of the provided type (%s)." % ( manager_info['InstanceId'], aws_server_type) else: msg = "A manager server, %s, already exists for this environment." % manager_info[ 'InstanceId'] log.error(msg) msg = "You must terminate all worker and manager servers before you can create a new manager." log.error(msg) sleep( 0.1 ) # sometimes log has problems if you don't give it a second, the error messages above are critical raise Exception(msg) rabbit_mq_sec_grp_id = get_or_create_rabbit_mq_security_group( eb_environment_name)['GroupId'] instance_sec_grp_id = get_rds_security_groups_by_eb_name( eb_environment_name)["instance_sec_grp"]['GroupId'] try: open_tcp_port(instance_sec_grp_id, 22) except ClientError: # we need to open the ssh port for future worker servers, but it blows up with duplicate # if a user ever creates two managers during the life of the environment. pass instance_info = create_server( eb_environment_name, aws_server_type, security_groups=[rabbit_mq_sec_grp_id, instance_sec_grp_id]) instance_resource = create_ec2_resource().Instance( instance_info["InstanceId"]) instance_resource.create_tags( Tags=[{ "Key": "Name", "Value": PROCESSING_MANAGER_NAME % eb_environment_name }, { "Key": "is_processing_manager", "Value": "1" }]) return instance_info
def get_or_create_rabbit_mq_security_group(eb_environment_name): rabbit_mq_sec_grp_name = construct_rabbit_mq_security_group_name(eb_environment_name) # we assume that the group was created correctly, don't attempt to add rules if we find it try: return get_security_group_by_name(rabbit_mq_sec_grp_name) except InvalidSecurityGroupNameException: log.info("Did not find a security group named '%s,' creating it." % rabbit_mq_sec_grp_name) instance_sec_grp_id = get_rds_security_groups_by_eb_name(eb_environment_name)["instance_sec_grp"]['GroupId'] ingress_params = create_sec_grp_rule_parameters_allowing_traffic_from_another_security_group( tcp_port=RABBIT_MQ_PORT, sec_grp_id=instance_sec_grp_id ) sec_grp = create_security_group( rabbit_mq_sec_grp_name, RABBIT_MQ_SEC_GRP_DESCRIPTION % instance_sec_grp_id, list_of_dicts_of_ingress_kwargs=[ingress_params] ) open_tcp_port(sec_grp['GroupId'], 22) return get_security_group_by_id(sec_grp['GroupId'])
def allow_443_traffic_to_load_balancer(eb_environment_name): """ Opens port 443 on the load balancer (this was missing for a while... oops.) """ sec_grp_id = get_eb_load_balancer_security_group_identifier( eb_environment_name) open_tcp_port(sec_grp_id, 443)