def create_processing_control_server(eb_environment_name, aws_server_type):
""" The differences between a data processing worker server and a processing controller
server is that the controller needs to allow connections from the processors. """
get_rds_security_groups_by_eb_name(
eb_environment_name)["instance_sec_grp"]['GroupId']
# TODO: functions that terminate all worker and all manager servers for an environment
manager_info = get_manager_instance_by_eb_environment_name(
eb_environment_name)
if manager_info is not None and manager_info['State'][
'Name'] != 'terminated':
if manager_info['InstanceType'] == aws_server_type:
msg = "A manager server, %s, already exists for this environment, and it is of the provided type (%s)." % (
manager_info['InstanceId'], aws_server_type)
else:
msg = "A manager server, %s, already exists for this environment." % manager_info[
'InstanceId']
log.error(msg)
msg = "You must terminate all worker and manager servers before you can create a new manager."
log.error(msg)
sleep(
0.1
) # sometimes log has problems if you don't give it a second, the error messages above are critical
raise Exception(msg)
rabbit_mq_sec_grp_id = get_or_create_rabbit_mq_security_group(
eb_environment_name)['GroupId']
instance_sec_grp_id = get_rds_security_groups_by_eb_name(
eb_environment_name)["instance_sec_grp"]['GroupId']
try:
open_tcp_port(instance_sec_grp_id, 22)
except ClientError:
# we need to open the ssh port for future worker servers, but it blows up with duplicate
# if a user ever creates two managers during the life of the environment.
pass
instance_info = create_server(
eb_environment_name,
aws_server_type,
security_groups=[rabbit_mq_sec_grp_id, instance_sec_grp_id])
instance_resource = create_ec2_resource().Instance(
instance_info["InstanceId"])
instance_resource.create_tags(
Tags=[{
"Key": "Name",
"Value": PROCESSING_MANAGER_NAME % eb_environment_name
}, {
"Key": "is_processing_manager",
"Value": "1"
}])
return instance_info
def get_or_create_rabbit_mq_security_group(eb_environment_name):
rabbit_mq_sec_grp_name = construct_rabbit_mq_security_group_name(eb_environment_name)
# we assume that the group was created correctly, don't attempt to add rules if we find it
try:
return get_security_group_by_name(rabbit_mq_sec_grp_name)
except InvalidSecurityGroupNameException:
log.info("Did not find a security group named '%s,' creating it." % rabbit_mq_sec_grp_name)
instance_sec_grp_id = get_rds_security_groups_by_eb_name(eb_environment_name)["instance_sec_grp"]['GroupId']
ingress_params = create_sec_grp_rule_parameters_allowing_traffic_from_another_security_group(
tcp_port=RABBIT_MQ_PORT, sec_grp_id=instance_sec_grp_id
)
sec_grp = create_security_group(
rabbit_mq_sec_grp_name,
RABBIT_MQ_SEC_GRP_DESCRIPTION % instance_sec_grp_id,
list_of_dicts_of_ingress_kwargs=[ingress_params]
)
open_tcp_port(sec_grp['GroupId'], 22)
return get_security_group_by_id(sec_grp['GroupId'])
def allow_443_traffic_to_load_balancer(eb_environment_name):
""" Opens port 443 on the load balancer (this was missing for a while... oops.) """
sec_grp_id = get_eb_load_balancer_security_group_identifier(
eb_environment_name)
open_tcp_port(sec_grp_id, 443)
