Ejemplo n.º 1
0
    def _tag(self, tagname, default=None):
        tags = self.tags()

        if tags.has_key(tagname):
            return tags[tagname]

        logger.warn("Unable to retrieve tag %s for instance %s, returning %s instead" % (tagname, self.id(), default))
        return default
Ejemplo n.º 2
0
    def list(self, all_credentials, node_predicate = all_nodes):
        nodes = []

        for boto_instance in [i for i in self.connection_provider.get_all_boto_instances(self.public_api_key, self.private_api_key) if i.state == 'running']:
            if boto_instance.tags.has_key('env_def_name'):
                aws_security = AWSSecurity(self.connection_provider.ec2_connection_for_region(boto_instance.region.name, self.public_api_key, self.private_api_key),
                    self._security_group_name(boto_instance.tags['env_def_name'], boto_instance.tags['env_name']))

                aws_node = AWSRunningNode(boto_instance, aws_security)
                if node_predicate(aws_node):
                    nodes.append(aws_node)
            else:
                logger.warn(
                    "Unable to find env_def_name for %s:%s, will not be included in listing in state %s" % (boto_instance.id, boto_instance.region, boto_instance.state))

        return nodes
Ejemplo n.º 3
0
    def open_ports(self, service_name, connectivity):
        """
        Uses Amazon security groups to open ports either to the world or to other services security groups
        service_name: the name of the service that we want to open ports for
        connectivity: the connectivity information for the given service
            - ports: a list of ports that are needed for the service to work - expects either an integer [80, 81] or a range [ 50-59, 65-70 ]
            - allowed: a list of services that have access to this service Note: WORLD is a special case that allows everybody to access the port
            - protocol: one of 'tcp', 'udp' or 'icmp'

        Method assumes that the security groups will all exist before it is called
        """
        security_group_name = self._get_sec_group_name(service_name)
        cur_group = self._get_security_group(security_group_name)
        sources = []

        for allowed in connectivity.allowed:
            if allowed == 'WORLD':
                sources.append('0.0.0.0/0')
            elif re.search("^(\d{1,3}\.){3}\d{1,3}(/\d{1,3})?$", allowed): # allow direct ip access if you'd like
                sources.append(allowed)
            else:
                source_sec_group = self._get_security_group(self._get_sec_group_name(allowed))
                sources.append(source_sec_group)
        for port in connectivity.ports:
            if isinstance(port, basestring):
                from_port = port.split('-')[0] if '-' in port else port
                to_port = port.split('-')[1] if '-' in port else port
            else:
                from_port = port
                to_port = port
            for source in sources:
                try:
                    cur_group.authorize(connectivity.protocol, from_port, to_port, source) if isinstance(source, basestring)\
                        else cur_group.authorize(connectivity.protocol, from_port, to_port, src_group=source)
                except EC2ResponseError as (error): #TODO: don't re-authorize existing rules
                    logger.warn("An error has occurred during authorization %s\nThis may be expected if the rule has already been authorized" % error   )
Ejemplo n.º 4
0
    def _tag(self, tagname, default="Unknown"):
        if self.boto_instance.tags.has_key(tagname):
            return self.boto_instance.tags[tagname]

        logger.warn("Unable to retrieve tag %s for instance %s, returning %s instead" % (tagname, self.id(), default))
        return default