def _tag(self, tagname, default=None):
tags = self.tags()
if tags.has_key(tagname):
return tags[tagname]
logger.warn("Unable to retrieve tag %s for instance %s, returning %s instead" % (tagname, self.id(), default))
return default
def list(self, all_credentials, node_predicate = all_nodes):
nodes = []
for boto_instance in [i for i in self.connection_provider.get_all_boto_instances(self.public_api_key, self.private_api_key) if i.state == 'running']:
if boto_instance.tags.has_key('env_def_name'):
aws_security = AWSSecurity(self.connection_provider.ec2_connection_for_region(boto_instance.region.name, self.public_api_key, self.private_api_key),
self._security_group_name(boto_instance.tags['env_def_name'], boto_instance.tags['env_name']))
aws_node = AWSRunningNode(boto_instance, aws_security)
if node_predicate(aws_node):
nodes.append(aws_node)
else:
logger.warn(
"Unable to find env_def_name for %s:%s, will not be included in listing in state %s" % (boto_instance.id, boto_instance.region, boto_instance.state))
return nodes
def open_ports(self, service_name, connectivity):
"""
Uses Amazon security groups to open ports either to the world or to other services security groups
service_name: the name of the service that we want to open ports for
connectivity: the connectivity information for the given service
- ports: a list of ports that are needed for the service to work - expects either an integer [80, 81] or a range [ 50-59, 65-70 ]
- allowed: a list of services that have access to this service Note: WORLD is a special case that allows everybody to access the port
- protocol: one of 'tcp', 'udp' or 'icmp'
Method assumes that the security groups will all exist before it is called
"""
security_group_name = self._get_sec_group_name(service_name)
cur_group = self._get_security_group(security_group_name)
sources = []
for allowed in connectivity.allowed:
if allowed == 'WORLD':
sources.append('0.0.0.0/0')
elif re.search("^(\d{1,3}\.){3}\d{1,3}(/\d{1,3})?$", allowed): # allow direct ip access if you'd like
sources.append(allowed)
else:
source_sec_group = self._get_security_group(self._get_sec_group_name(allowed))
sources.append(source_sec_group)
for port in connectivity.ports:
if isinstance(port, basestring):
from_port = port.split('-')[0] if '-' in port else port
to_port = port.split('-')[1] if '-' in port else port
else:
from_port = port
to_port = port
for source in sources:
try:
cur_group.authorize(connectivity.protocol, from_port, to_port, source) if isinstance(source, basestring)\
else cur_group.authorize(connectivity.protocol, from_port, to_port, src_group=source)
except EC2ResponseError as (error): #TODO: don't re-authorize existing rules
logger.warn("An error has occurred during authorization %s\nThis may be expected if the rule has already been authorized" % error )
def _tag(self, tagname, default="Unknown"):
if self.boto_instance.tags.has_key(tagname):
return self.boto_instance.tags[tagname]
logger.warn("Unable to retrieve tag %s for instance %s, returning %s instead" % (tagname, self.id(), default))
return default
