def configure_instance_security(self, parameters):
"""
Setup EC2 security keys and groups. Required input values are read from
the parameters dictionary. More specifically, this method expects to
find a 'keyname' parameter and a 'group' parameter in the parameters
dictionary. Using these provided values, this method will create a new
EC2 key-pair and a security group. Security group will be granted permissions
to access any port on the instantiated VMs. (Also see documentation for the
BaseAgent class)
Args:
parameters A dictionary of parameters
"""
keyname = parameters[self.PARAM_KEYNAME]
#keyname = "cloudrunner-keypair"
group = parameters[self.PARAM_GROUP]
#group = "cloudrunner-security-group"
key_path = '{0}.key'.format(keyname)
ssh_key = os.path.abspath(key_path)
utils.log(
'About to spawn EC2 instances - Expecting to find a key at {0}'.format(ssh_key)
)
try:
conn = self.open_connection(parameters)
if os.path.exists(ssh_key):
utils.log('SSH keys found in the local system - Not initializing EC2 security')
else:
utils.log('Creating key pair: ' + keyname)
key_pair = conn.create_key_pair(keyname)
utils.write_key_file(ssh_key, key_pair.material)
security_groups = conn.get_all_security_groups()
group_exists = False
for security_group in security_groups:
if security_group.name == group:
group_exists = True
break
if not group_exists:
utils.log('Creating security group: ' + group)
newgroup = conn.create_security_group(group, 'CloudRunner security group')
newgroup.authorize('tcp', 22, 22, '0.0.0.0/0')
newgroup.authorize('tcp', 5672, 5672, '0.0.0.0/0')
newgroup.authorize('tcp', 6379, 6379, '0.0.0.0/0')
newgroup.authorize('tcp', 11211, 11211, '0.0.0.0/0')
newgroup.authorize('tcp', 55672, 55672, '0.0.0.0/0')
result = {
'success': True,
'absolute_key_path': ssh_key
}
return result
except EC2ResponseError as exception:
self.handle_failure(
'EC2 response error while initializing security: {0}'.format(exception.error_message)
)
except Exception as exception:
self.handle_failure(
'Error while initializing EC2 security: {0}'.format(exception.message)
)
def configure_instance_security(self, parameters):
"""
Setup EC2 security keys and groups. Required input values are read from
the parameters dictionary. More specifically, this method expects to
find a 'keyname' parameter and a 'group' parameter in the parameters
dictionary. Using these provided values, this method will create a new
EC2 key-pair and a security group. Security group will be granted permissions
to access any port on the instantiated VMs. (Also see documentation for the
BaseAgent class)
Args:
parameters A dictionary of parameters
"""
keyname = parameters[self.PARAM_KEYNAME]
group = parameters[self.PARAM_GROUP]
key_path = '{0}.key'.format(keyname)
ssh_key = os.path.abspath(key_path)
logging.info('About to configure EC2 instance security - ' \
'Expecting to find a key at {0}'.format(ssh_key))
try:
conn = self.open_connection(parameters)
if os.path.exists(ssh_key):
logging.info('SSH keys found in the local system - '
'Not initializing EC2 security')
else:
logging.info('Creating key pair: ' + keyname)
key_pair = conn.create_key_pair(keyname)
utils.write_key_file(ssh_key, key_pair.material)
security_groups = conn.get_all_security_groups()
group_exists = False
for security_group in security_groups:
if security_group.name == group:
group_exists = True
break
if not group_exists:
logging.info('Creating security group: ' + group)
newgroup = conn.create_security_group(group, 'stochSS security group')
# wait for some time before security group is all set
for x in (0, 10):
continue
newgroup.authorize('tcp', 22, 22, '0.0.0.0/0')
newgroup.authorize('tcp', 5672, 5672, '0.0.0.0/0')
newgroup.authorize('tcp', 6379, 6379, '0.0.0.0/0')
newgroup.authorize('tcp', 11211, 11211, '0.0.0.0/0')
newgroup.authorize('tcp', 55672, 55672, '0.0.0.0/0')
return True
except EC2ResponseError as exception:
self.handle_failure('EC2 response error while initializing '
'security: ' + exception.error_message)
except Exception as exception:
self.handle_failure('Error while initializing EC2 '
'security: ' + exception.message)
def configure_instance_security(self, parameters):
"""
Setup EC2 security keys and groups. Required input values are read from
the parameters dictionary. More specifically, this method expects to
find a 'keyname' parameter and a 'group' parameter in the parameters
dictionary. Using these provided values, this method will create a new
EC2 key-pair and a security group. Security group will be granted permissions
to access any port on the instantiated VMs. (Also see documentation for the
BaseAgent class)
Args:
parameters A dictionary of parameters
"""
keyname = parameters[self.PARAM_KEYNAME]
group = parameters[self.PARAM_GROUP]
key_path = '/etc/appscale/keys/cloud1/{0}.key'.format(keyname)
ssh_key = os.path.abspath(key_path)
utils.log('About to spawn EC2 instances - ' \
'Expecting to find a key at {0}'.format(ssh_key))
if os.path.exists(ssh_key):
utils.log('SSH keys found in the local system - '
'Not initializing EC2 security')
return False
try:
conn = self.open_connection(parameters)
key_pair = conn.get_key_pair(keyname)
if key_pair is None:
utils.log('Creating key pair: ' + keyname)
key_pair = conn.create_key_pair(keyname)
utils.write_key_file(ssh_key, key_pair.material)
security_groups = conn.get_all_security_groups()
group_exists = False
for security_group in security_groups:
if security_group.name == group:
group_exists = True
break
if not group_exists:
utils.log('Creating security group: ' + group)
conn.create_security_group(group, 'AppScale security group')
conn.authorize_security_group(group, from_port=1,
to_port=65535, ip_protocol='udp')
conn.authorize_security_group(group, from_port=1,
to_port=65535, ip_protocol='tcp')
conn.authorize_security_group(group, ip_protocol='icmp',
cidr_ip='0.0.0.0/0')
return True
except EC2ResponseError as exception:
self.handle_failure('EC2 response error while initializing '
'security: ' + exception.error_message)
except Exception as exception:
self.handle_failure('Error while initializing EC2 '
'security: ' + exception.message)
def configure_instance_security(self, parameters):
"""
Setup EC2 security keys and groups. Required input values are read from
the parameters dictionary. More specifically, this method expects to
find a 'keyname' parameter and a 'group' parameter in the parameters
dictionary. Using these provided values, this method will create a new
EC2 key-pair and a security group. Security group will be granted permissions
to access any port on the instantiated VMs. (Also see documentation for the
BaseAgent class)
Args:
parameters A dictionary of parameters
"""
keyname = parameters[self.PARAM_KEYNAME]
group = parameters[self.PARAM_GROUP]
ssh_key = os.path.abspath('/etc/appscale/keys/cloud1/{0}.key'.format(keyname))
utils.log('About to spawn EC2 instances - Expecting to find a key at {0}'.format(ssh_key))
utils.log(utils.get_obscured_env(['EC2_ACCESS_KEY', 'EC2_SECRET_KEY']))
if not os.path.exists(ssh_key):
utils.log('Creating keys/security group')
ec2_output = ''
while True:
ec2_output = utils.shell('{0}-add-keypair {1} 2>&1'.format(self.prefix, keyname))
if ec2_output.find('BEGIN RSA PRIVATE KEY') != -1:
break
utils.log('Trying again. Saw this from {0}-add-keypair: {1}'.format(
self.prefix, ec2_output))
utils.shell('{0}-delete-keypair {1} 2>&1'.format(self.prefix, keyname))
utils.write_key_file(ssh_key, ec2_output)
utils.shell('{0}-add-group {1} -d appscale 2>&1'.format(self.prefix, group))
utils.shell('{0}-authorize {1} -p 1-65535 -P udp 2>&1'.format(self.prefix, group))
utils.shell('{0}-authorize {1} -p 1-65535 -P tcp 2>&1'.format(self.prefix, group))
utils.shell('{0}-authorize {1} -s 0.0.0.0/0 -P icmp -t -1:-1 2>&1'.format(self.prefix, group))
return True
else:
utils.log('Not creating keys/security group')
return False
def configure_instance_security(self, parameters):
"""
Setup EC2 security keys and groups. Required input values are read from
the parameters dictionary. More specifically, this method expects to
find a 'keyname' parameter and a 'group' parameter in the parameters
dictionary. Using these provided values, this method will create a new
EC2 key-pair and a security group. Security group will be granted permissions
to access any port on the instantiated VMs. (Also see documentation for the
BaseAgent class)
Args:
parameters A dictionary of parameters
"""
keyname = parameters[self.PARAM_KEYNAME]
group = parameters[self.PARAM_GROUP]
key_path = '/etc/appscale/keys/cloud1/{0}.key'.format(keyname)
ssh_key = os.path.abspath(key_path)
utils.log('About to spawn EC2 instances - ' \
'Expecting to find a key at {0}'.format(ssh_key))
if os.path.exists(ssh_key):
utils.log('SSH keys found in the local system - '
'Not initializing EC2 security')
return False
try:
conn = self.open_connection(parameters)
key_pair = conn.get_key_pair(keyname)
if key_pair is None:
utils.log('Creating key pair: ' + keyname)
key_pair = conn.create_key_pair(keyname)
utils.write_key_file(ssh_key, key_pair.material)
security_groups = conn.get_all_security_groups()
group_exists = False
for security_group in security_groups:
if security_group.name == group:
group_exists = True
break
if not group_exists:
utils.log('Creating security group: ' + group)
conn.create_security_group(group, 'AppScale security group')
conn.authorize_security_group(group,
from_port=1,
to_port=65535,
ip_protocol='udp')
conn.authorize_security_group(group,
from_port=1,
to_port=65535,
ip_protocol='tcp')
conn.authorize_security_group(group,
ip_protocol='icmp',
cidr_ip='0.0.0.0/0')
return True
except EC2ResponseError as exception:
self.handle_failure('EC2 response error while initializing '
'security: ' + exception.error_message)
except Exception as exception:
self.handle_failure('Error while initializing EC2 '
'security: ' + exception.message)
def configure_instance_security(self, parameters):
"""
Setup OpenStack security keys and groups. Required input values are
read from the parameters dictionary. More specifically, this method
expects tofind a 'keyname' parameter and a 'group' parameter in the
parameters dictionary. Using these provided values, this method will
create a new OpenStack key-pair and a security group. Security group
will be granted permissions to access any port on the instantiated
VMs. (Also see documentation for the BaseAgent class).
This method differs from its OpenStack counterpart because in OpenStack
the security group definition for icmp must include the port range.
Args:
parameters: A dictionary of parameters.
Returns:
False if the SSH keys already exist, True if successful.
"""
keyname = parameters[self.PARAM_KEYNAME]
group = parameters[self.PARAM_GROUP]
key_path = '{}/{}.key'.format(KEY_DIRECTORY, keyname)
ssh_key = os.path.abspath(key_path)
utils.log('About to spawn OpenStack instances - ' \
'Expecting to find a key at {0}'.format(ssh_key))
if os.path.exists(ssh_key):
utils.log('SSH keys found in the local system - '
'Not initializing OpenStack security')
return False
try:
conn = self.open_connection(parameters)
key_pair = conn.get_key_pair(keyname)
if key_pair is None:
utils.log('Creating key pair: {0}'.format(keyname))
key_pair = conn.create_key_pair(keyname)
utils.write_key_file(ssh_key, key_pair.material)
security_groups = conn.get_all_security_groups()
group_exists = False
for security_group in security_groups:
if security_group.name == group:
group_exists = True
break
if not group_exists:
utils.log('Creating security group: {0}'.format(group))
conn.create_security_group(group, 'AppScale security group')
conn.authorize_security_group(group, from_port=1,\
to_port=65535, ip_protocol='udp')
conn.authorize_security_group(group, from_port=1,\
to_port=65535, ip_protocol='tcp')
#TODO: Check if ec2_agent can be change to include the from_port
# and the to_port. If yes, remove this method.
conn.authorize_security_group(group, from_port=-1, to_port=-1, \
ip_protocol='icmp', cidr_ip='0.0.0.0/0')
return True
except EC2ResponseError as exception:
self.handle_failure('OpenStack response error while initializing '
'security: {0}'.format(
exception.error_message))
except Exception as exception:
self.handle_failure('Error while initializing OpenStack '
'security: {0}'.format(exception.message))
def configure_instance_security(self, parameters):
"""
Setup OpenStack security keys and groups. Required input values are
read from the parameters dictionary. More specifically, this method
expects tofind a 'keyname' parameter and a 'group' parameter in the
parameters dictionary. Using these provided values, this method will
create a new OpenStack key-pair and a security group. Security group
will be granted permissions to access any port on the instantiated
VMs. (Also see documentation for the BaseAgent class).
This method differs from its OpenStack counterpart because in OpenStack
the security group definition for icmp must include the port range.
Args:
parameters: A dictionary of parameters.
Returns:
False if the SSH keys already exist, True if successful.
"""
keyname = parameters[self.PARAM_KEYNAME]
group = parameters[self.PARAM_GROUP]
key_path = '{}/{}.key'.format(utils.KEY_DIRECTORY, keyname)
ssh_key = os.path.abspath(key_path)
utils.log('About to spawn OpenStack instances - ' \
'Expecting to find a key at {0}'.format(ssh_key))
if os.path.exists(ssh_key):
utils.log('SSH keys found in the local system - '
'Not initializing OpenStack security')
return False
try:
conn = self.open_connection(parameters)
key_pair = conn.get_key_pair(keyname)
if key_pair is None:
utils.log('Creating key pair: {0}'.format(keyname))
key_pair = conn.create_key_pair(keyname)
utils.write_key_file(ssh_key, key_pair.material)
security_groups = conn.get_all_security_groups()
group_exists = False
for security_group in security_groups:
if security_group.name == group:
group_exists = True
break
if not group_exists:
utils.log('Creating security group: {0}'.format(group))
conn.create_security_group(group, 'AppScale security group')
conn.authorize_security_group(group, from_port=1,\
to_port=65535, ip_protocol='udp')
conn.authorize_security_group(group, from_port=1,\
to_port=65535, ip_protocol='tcp')
#TODO: Check if ec2_agent can be change to include the from_port
# and the to_port. If yes, remove this method.
conn.authorize_security_group(group, from_port=-1, to_port=-1, \
ip_protocol='icmp', cidr_ip='0.0.0.0/0')
return True
except EC2ResponseError as exception:
self.handle_failure('OpenStack response error while initializing '
'security: {0}'.format(exception.error_message))
except Exception as exception:
self.handle_failure('Error while initializing OpenStack '
'security: {0}'.format(exception.message))
