Exemple #1
0
def get_instance_sec_group(vpc_id):

    grp_details = ec2.get_all_security_groups(
        filters={
            'vpc_id': vpc_id,
            'tag:play': args.play
        }
    )

    if len(grp_details) < 1:
        #
        # try scheme for non-cloudformation builds
        #

        grp_details = ec2.get_all_security_groups(
            filters={
                'tag:play': args.play,
                'tag:environment': args.environment,
                'tag:deployment': args.deployment}
        )

    if len(grp_details) < 1:
        sys.stderr.write("ERROR: Expected atleast one security group, got {}\n".format(
            len(grp_details)))

    return grp_details[0].id
Exemple #2
0
def get_instance_sec_group(vpc_id):

    grp_details = ec2.get_all_security_groups(filters={
        'vpc_id': vpc_id,
        'tag:play': args.play
    })

    if len(grp_details) < 1:
        #
        # try scheme for non-cloudformation builds
        #

        grp_details = ec2.get_all_security_groups(
            filters={
                'tag:play': args.play,
                'tag:environment': args.environment,
                'tag:deployment': args.deployment
            })

    if len(grp_details) < 1:
        sys.stderr.write(
            "ERROR: Expected atleast one security group, got {}\n".format(
                len(grp_details)))

    return grp_details[0].id
Exemple #3
0
def security_group(name, description):
    try:
        group = ec2.get_all_security_groups(groupnames=[name])[0]
    except boto.exception.EC2ResponseError:
        group = None
    if group is None:
        ec2.create_security_group(name, description)
        group = ec2.get_all_security_groups(groupnames=[name])[0]
    return group
Exemple #4
0
    def get_security_groups(self, group_ids=None):
        if group_ids is None:
            group_ids = []

        if not isinstance(group_ids, list):
            group_ids = [group_ids]

        ec2 = self.connect_ec2()
        try:
            groups = ec2.get_all_security_groups(group_ids=group_ids)
        except boto.exception.EC2ResponseError as e:
            raise GroupNotFoundException(e.message)

        result = []
        for group in groups:
            # Skip the group if it's the wrong kind
            if self.account.vpc_enabled and not group.vpc_id:
                continue
            if not self.account.vpc_enabled and group.vpc_id:
                continue

            rules = self.get_rules_list(group.rules)
            rules_egress = self.get_rules_list(group.rules_egress)

            result.append(SecurityGroup(
                group.name,
                group.description,
                group.id,
                group.vpc_id,
                rules,
                rules_egress,
            ))

        return result
def main():
    argument_spec = ec2_argument_spec()
    argument_spec.update(
        dict(
            name=dict(required=True),
            description=dict(required=True),
            vpc_id=dict(),
            rules=dict(),
            rules_egress=dict(),
            state=dict(default='present', choices=['present', 'absent']),
            purge_rules=dict(default=True, required=False, type='bool'),
            purge_rules_egress=dict(default=True, required=False, type='bool'),
        ))
    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=True,
    )

    if not HAS_BOTO:
        module.fail_json(msg='boto required for this module')

    name = module.params['name']
    description = module.params['description']
    vpc_id = module.params['vpc_id']
    rules = module.params['rules']
    rules_egress = module.params['rules_egress']
    state = module.params.get('state')
    purge_rules = module.params['purge_rules']
    purge_rules_egress = module.params['purge_rules_egress']

    changed = False

    ec2 = ec2_connect(module)

    # find the group if present
    group = None
    groups = {}
    for curGroup in ec2.get_all_security_groups():
        groups[curGroup.id] = curGroup
        groups[curGroup.name] = curGroup

        if curGroup.name == name and (vpc_id is None
                                      or curGroup.vpc_id == vpc_id):
            group = curGroup

    # Ensure requested group is absent
    if state == 'absent':
        if group:
            '''found a match, delete it'''
            try:
                group.delete()
            except Exception, e:
                module.fail_json(
                    msg="Unable to delete security group '%s' - %s" %
                    (group, e))
            else:
                group = None
                changed = True
        else:
            '''no match found, no changes required'''
def edit(group_id, ec2=None, rds=None):
    security_groups = ec2.get_all_security_groups(group_ids=[group_id])

    if len(security_groups) == 0:
        return "Missing security groups"

    security_group = security_groups[0]

    for rule in security_group.rules:
        grants_with_cidrs = []

        for grant in rule.grants:
            if grant.cidr_ip:
                ttl = rds.get(GRANT_KEY_FORMULA.format(security_group_id=group_id, protocol=rule.ip_protocol, from_port=rule.from_port, to_port=rule.to_port, cidr=grant.cidr_ip))

                if ttl is None or ttl == 0:
                    grant.time_left = ttl
                else:
                    grant.time_left = int(float(ttl) - time.time())

                grants_with_cidrs.append(grant)

        rule.grants = grants_with_cidrs
    
    if 'X-Forwarded-For' in request.headers:
        ip = request.headers['X-Forwarded-For']
    else:
        ip = request.remote_addr

    return render_template('edit.html', ip=ip, security_group=security_group)
Exemple #7
0
    def get_security_groups(self, group_ids=None):
        if group_ids is None:
            group_ids = []

        if not isinstance(group_ids, list):
            group_ids = [group_ids]

        ec2 = self.connect_ec2()
        try:
            groups = ec2.get_all_security_groups(group_ids=group_ids)
        except boto.exception.EC2ResponseError as e:
            raise GroupNotFoundException(e.message)

        result = []
        for group in groups:
            # Skip the group if it's the wrong kind
            if self.account.vpc_enabled and not group.vpc_id:
                continue
            if not self.account.vpc_enabled and group.vpc_id:
                continue

            rules = self.get_rules_list(group.rules)
            rules_egress = self.get_rules_list(group.rules_egress)

            result.append(
                SecurityGroup(
                    group.name,
                    group.description,
                    group.id,
                    group.vpc_id,
                    rules,
                    rules_egress,
                ))

        return result
Exemple #8
0
def createSG(ec2, name, rules):
    """
	Create a new SecurityGroup
	"""
    # check if the security group exists
    group = None
    sgGroups = [sg for sg in ec2.get_all_security_groups() if sg.name == name]
    if sgGroups:
        group = sgGroups[0]
        ec2.delete_security_group(name=name, group_id=group)
    print "Creating %s Security Group" % name
    group = ec2.create_security_group(name, 'group for %s' % name)
    if group:
        # Set the inbound rules
        for rule in rules:
            if rule.src_group_name:
                group.authorize(ip_protocol=rule.ip_protocol,
                                from_port=rule.from_port,
                                to_port=rule.to_port,
                                cidr_ip=rule.cidr_ip,
                                src_group=group)
            else:
                group.authorize(ip_protocol=rule.ip_protocol,
                                from_port=rule.from_port,
                                to_port=rule.to_port,
                                cidr_ip=rule.cidr_ip,
                                src_group=None)
        return True
    else:
        logError('Error during ' + name + ' Security Group update')
        return False
Exemple #9
0
def get_cluster_state(ec2):
    try:
        groups = ec2.get_all_security_groups(groupnames=["@sc-%s" % config['CLUSTER_NAME']])
    except boto.exception.EC2ResponseError:
        return "stopped"
    assert len(groups) > 0
    return "running"
def _get_security_group_id_abort_on_error(name):
    ec2 = boto.ec2.connect_to_region(env.ec2_region)
    for security_group in ec2.get_all_security_groups():
        if security_group.name == name and \
                security_group.vpc_id == env.ec2_vpc_id:
            return security_group.id
    abort('Unable to get id for "%s" security group. '
          'Did you create it yet?' % name)
Exemple #11
0
def get_instance_sec_group(vpc_id):

    grp_details = ec2.get_all_security_groups(filters={"vpc_id": vpc_id, "tag:play": args.play})

    if len(grp_details) < 1:
        sys.stderr.write("ERROR: Expected atleast one security group, got {}\n".format(len(grp_details)))

    return grp_details[0].id
Exemple #12
0
def main():
    argument_spec = ec2_argument_spec()
    argument_spec.update(dict(
            name=dict(required=True),
            description=dict(required=True),
            vpc_id=dict(),
            rules=dict(),
            rules_egress=dict(),
            state = dict(default='present', choices=['present', 'absent']),
            purge_rules=dict(default=True, required=False, type='bool'),
            purge_rules_egress=dict(default=True, required=False, type='bool'),

        )
    )
    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=True,
    )

    if not HAS_BOTO:
        module.fail_json(msg='boto required for this module')

    name = module.params['name']
    description = module.params['description']
    vpc_id = module.params['vpc_id']
    rules = module.params['rules']
    rules_egress = module.params['rules_egress']
    state = module.params.get('state')
    purge_rules = module.params['purge_rules']
    purge_rules_egress = module.params['purge_rules_egress']

    changed = False

    ec2 = ec2_connect(module)

    # find the group if present
    group = None
    groups = {}
    for curGroup in ec2.get_all_security_groups():
        groups[curGroup.id] = curGroup
        groups[curGroup.name] = curGroup

        if curGroup.name == name and (vpc_id is None or curGroup.vpc_id == vpc_id):
            group = curGroup

    # Ensure requested group is absent
    if state == 'absent':
        if group:
            '''found a match, delete it'''
            try:
                group.delete()
            except Exception, e:
                module.fail_json(msg="Unable to delete security group '%s' - %s" % (group, e))
            else:
                group = None
                changed = True
        else:
            '''no match found, no changes required'''
Exemple #13
0
def security_group_salt():

	groups = ec2.get_all_security_groups()
	for group in groups:
		if group.name == DEMO_SECURITY_GROUP:
			for i in range(1, DEMO_MINIONS+1):	
				group.authorize('tcp', 4505, 4506, hosts[i].private_ip_address + '/32')

	return;
def revoque_from_security_group(
    ip_protocol="tcp", region="us-west-2", name=None, from_port=None, to_port=None, cidr_ip=None
):
    """
    Revoque cidr_ip access to a certain security group
    """
    ec2 = boto.ec2.connect_to_region(region)
    group = ec2.get_all_security_groups(groupnames=[name])[0]
    return group.revoke(ip_protocol=ip_protocol, from_port=from_port, to_port=to_port, cidr_ip=cidr_ip)
Exemple #15
0
def get_security_groups(region):
    # EC2 security groups
    sg_info = []
    ec2 = boto.ec2.connect_to_region(region)
    groups = ec2.get_all_security_groups()
    for group in groups:
        for rule in group.rules:
            for grant in rule.grants:
                sg_info.append(config_line(region + " ec2:security_group", group.name, str(rule), str(grant)))

    return sorted(sg_info)
Exemple #16
0
def create_security_group(group_name="mqlibtest"):
    """
    Instances are pretty locked down by default. We can assign them to
    security groups to give access rights. This group allows us to access
    our instances over SSH
    """
    ec2 = boto.ec2.connect_to_region(AWS_REGION)
    for g in ec2.get_all_security_groups():
        if g.name == group_name:
            return  # We already have this group setup
    group = ec2.create_security_group(group_name, "MQLib SSH access group")
    group.authorize("tcp", 22, 22, "0.0.0.0/0")  # SSH is on port 22, all IPs
    print "Created new security group"
Exemple #17
0
def get_instance_sec_group(vpc_id):

    grp_details = ec2.get_all_security_groups(filters={
        'vpc_id': vpc_id,
        'tag:play': args.play
    })

    if len(grp_details) < 1:
        sys.stderr.write(
            "ERROR: Expected atleast one security group, got {}\n".format(
                len(grp_details)))

    return grp_details[0].id
def get_or_create_security_group(region ,group_name):
    """
    Search by group_name, if doesn't exits, it is created
    """
    try:
        ec2 = boto.ec2.connect_to_region(region)
        group = ec2.get_all_security_groups(groupnames=[group_name])[0]
    except ec2.ResponseError, e:
        if e.code == 'InvalidGroup.NotFound':
            group = ec2.create_security_group(
                group_name, 'group {} for region {}'.format(group_name, region))
        else:
            raise
Exemple #19
0
def create_security_group(group_name="mqlibtest"):
    """
    Instances are pretty locked down by default. We can assign them to
    security groups to give access rights. This group allows us to access
    our instances over SSH
    """
    ec2 = boto.ec2.connect_to_region(AWS_REGION)
    for g in ec2.get_all_security_groups():
        if g.name == group_name:
            return  # We already have this group setup
    group = ec2.create_security_group(
                group_name, "MQLib SSH access group")
    group.authorize("tcp", 22, 22, "0.0.0.0/0")  # SSH is on port 22, all IPs
    print "Created new security group"
Exemple #20
0
def get_security_group(security_group):
    """
    Find security group by name or id
    :type security_group: str
    :rtype: boto.ec2.securitygroup.SecurityGroup
    """
    ec2 = boto.ec2.connect_to_region(region)
    rs = ec2.get_all_security_groups()
    for sg in rs:
        if sg.name == security_group:
            return sg
        if sg.id == security_group:
            return sg
    return None
Exemple #21
0
def create_database(name):
    prep_paths(env.ssh_directory, env.deploy_directory)

    print(_green("Started creating database {}...".format(name)))
    print(_yellow("...Creating RDS instance..."))

    ec2 = connect_to_ec2()
    rds = connect_to_rds()

    try:
        # key = conn.get_all_key_pairs(keynames=[env.aws_ssh_key_name])[0]
        group = ec2.get_all_security_groups(groupnames=[env.aws_rds_security_group_name])[0]  # noqa
    except ec2.ResponseError, e:
        setup_aws_account()
Exemple #22
0
def get_security_groups(region):
    # EC2 security groups
    sg_info = []
    ec2 = boto.ec2.connect_to_region(region,
 aws_access_key_id=assume_role.credentials.access_key,
 aws_secret_access_key=assume_role.credentials.secret_key,
 security_token=assume_role.credentials.session_token)
    groups = ec2.get_all_security_groups()
    for group in groups:
        for rule in group.rules:
            for grant in rule.grants:
                sg_info.append(config_line(region + " ec2:security_group", group.name, str(rule), str(grant)))

    return sorted(sg_info)
Exemple #23
0
def security_group_ssh():

	# If the demo security group exists, purge so it's known to be clean.
	groups = ec2.get_all_security_groups()
	for group in groups:
		if group.name == DEMO_SECURITY_GROUP:
			ec2.delete_security_group(DEMO_SECURITY_GROUP)

	# create new security group opening up ssh and tomcat7 ports
	group = ec2.create_security_group(DEMO_SECURITY_GROUP, 'Security group for demonstration')
	my_cidr = get_external_ip() + '/32'
	group.authorize('tcp', 22, 22, my_cidr)
	group.authorize('tcp', 8080, 8080, my_cidr)
	return;
Exemple #24
0
def get_security_group(security_group):
    """
    Find security group by name or id
    :type security_group: str
    :rtype: boto.ec2.securitygroup.SecurityGroup
    """
    ec2 = boto.ec2.connect_to_region(region)
    rs = ec2.get_all_security_groups()
    for sg in rs:
        if sg.name == security_group:
            return sg
        if sg.id == security_group:
            return sg
    return None
Exemple #25
0
    def get_default_opsworks_security_groups(self):
        """
        Return default OpsWorks security groups
        :rtype: list of boto.ec2.securitygroup.SecurityGroup
        """
        def filter_opsworks(sg):
            """
            :type sg: boto.ec2.securitygroup.SecurityGroup
            :rtype: bool
            """
            return sg.name.startswith('AWS-OpsWorks-')

        ec2 = boto.ec2.connect_to_region(region)
        return filter(filter_opsworks, ec2.get_all_security_groups())
def revoke(ec2=None, rds=None):
    security_group_id, protocol, cidr, from_port, to_port = request.args.get('security_group_id'), request.args.get('protocol'), request.args.get('cidr'), request.args.get('from_port'), request.args.get('to_port')

    security_groups = ec2.get_all_security_groups(group_ids=[security_group_id])

    if len(security_groups) == 0:
        return "Security group not found"

    security_group = security_groups[0]

    if _revoke(rds, security_group, protocol, from_port, to_port, cidr):
        return redirect("/edit/" + security_group_id)
    else:
        return "An error occurred"
Exemple #27
0
def get_or_create_security_group(region, group_name):
    """
    Search by group_name, if doesn't exits, it is created
    """
    try:
        ec2 = boto.ec2.connect_to_region(region)
        group = ec2.get_all_security_groups(groupnames=[group_name])[0]
    except ec2.ResponseError, e:
        if e.code == 'InvalidGroup.NotFound':
            group = ec2.create_security_group(
                group_name,
                'group {} for region {}'.format(group_name, region))
        else:
            raise
def create_security_group(group_name):
    """
    Instances are pretty locked down by default. We can assign them to
    security groups to give access rights.
    """
    ec2 = boto.ec2.connect_to_region(AWS_REGION)
    for g in ec2.get_all_security_groups():
        if g.name == group_name:
            return  # We already have this group setup
    group = ec2.create_security_group(group_name,
                                      "%s SSH access group" % group_name)
    group.authorize("tcp", 22, 22, "0.0.0.0/0")  # SSH is on port 22, all IPs
    group.authorize("tcp", 80, 80, "0.0.0.0/0")
    group.authorize("tcp", 61000, 65000, "0.0.0.0/0")
    print "Created new security group"
Exemple #29
0
def revoque_from_security_group(ip_protocol='tcp',
                                region='us-west-2',
                                name=None,
                                from_port=None,
                                to_port=None,
                                cidr_ip=None):
    """
    Authorize cidr_ip access to a certain security group
    """
    ec2 = boto.ec2.connect_to_region(region)
    group = ec2.get_all_security_groups(groupnames=[name])[0]
    return group.authorize(ip_protocol=ip_protocol,
                           from_port=from_port,
                           to_port=to_port,
                           cidr_ip=cidr_ip)
def create_security_rule(ec2,vpc,group,protocol,start,end,cidr):
    # Check to see if specified security group already exists.
    # If we get an InvalidGroup.NotFound error back from EC2,
    # it means that it doesn't exist and we need to create it.

    print 'Creating security rule %s:%s[%s,%s]->%s'%(group,protocol,start,end,cidr)
    try:
        ec2_group = ec2.get_all_security_groups(groupnames=[group])[0]
    except ec2.ResponseError, e:
        if e.code == 'InvalidGroup.NotFound':
            print 'Creating Security Group: %s' % group
            # Create a security group to control access to instance via SSH.
            ec2_group = ec2.create_security_group(group, group, vpc_id=vpc)
        else:
            raise
Exemple #31
0
    def get_default_opsworks_security_groups(self):
        """
        Return default OpsWorks security groups
        :rtype: list of boto.ec2.securitygroup.SecurityGroup
        """

        def filter_opsworks(sg):
            """
            :type sg: boto.ec2.securitygroup.SecurityGroup
            :rtype: bool
            """
            return sg.name.startswith('AWS-OpsWorks-')

        ec2 = boto.ec2.connect_to_region(region)
        return filter(filter_opsworks, ec2.get_all_security_groups())
Exemple #32
0
def create_database(name):
    prep_paths(env.ssh_directory, env.deploy_directory)

    print(_green("Started creating database {}...".format(name)))
    print(_yellow("...Creating RDS instance..."))

    ec2 = connect_to_ec2()
    rds = connect_to_rds()

    try:
        # key = conn.get_all_key_pairs(keynames=[env.aws_ssh_key_name])[0]
        group = ec2.get_all_security_groups(
            groupnames=[env.aws_rds_security_group_name])[0]  # noqa
    except ec2.ResponseError, e:
        setup_aws_account()
Exemple #33
0
    def get_security_groups(self, group_ids=[]):  # NOQA
        if not isinstance(group_ids, list):
            group_ids = [group_ids]

        ec2 = self.connect_ec2()
        groups = ec2.get_all_security_groups(group_ids=group_ids)

        result = {}
        for group in groups:
            if self.obj.vpc_enabled and not group.vpc_id:
                continue
            if not self.obj.vpc_enabled and group.vpc_id:
                continue

            rules_ingress, rules_egress = [], []
            group_rules = [(0, r) for r in group.rules] + \
                [(1, r) for r in group.rules_egress]
            for rule_type, rule in group_rules:
                for grant in rule.grants:
                    if grant.cidr_ip:
                        rule_string = grant.cidr_ip
                    elif grant.name:
                        rule_string = '{0.owner_id}:{0.name}'.format(grant)
                    else:
                        rule_string = None

                    d = {
                        'protocol': rule.ip_protocol,
                        'from_port': rule.from_port,
                        'to_port': rule.to_port,
                        'rule': rule_string,
                    }
                    if rule_type == 0:
                        rules_ingress.append(d)
                    else:
                        rules_egress.append(d)

            result[group.name] = {
                'group_id': group.id,
                'name': group.name,
                'description': group.description,
                'rules': rules_ingress,
                'rules_egress': rules_egress,
                'vpc_id': group.vpc_id,
            }

        return result
Exemple #34
0
def get_security_groups(region):
    # EC2 security groups
    sg_info = []
    ec2 = boto.ec2.connect_to_region(
        region,
        aws_access_key_id=assume_role.credentials.access_key,
        aws_secret_access_key=assume_role.credentials.secret_key,
        security_token=assume_role.credentials.session_token)
    groups = ec2.get_all_security_groups()
    for group in groups:
        for rule in group.rules:
            for grant in rule.grants:
                sg_info.append(
                    config_line(region + " ec2:security_group", group.name,
                                str(rule), str(grant)))

    return sorted(sg_info)
Exemple #35
0
def get_instance_sec_group(vpc_id, security_group):

    security_group_id = None

    grp_details = ec2.get_all_security_groups(filters={'vpc_id': vpc_id})

    for grp in grp_details:
        if grp.name == security_group:
            security_group_id = grp.id
            break

    if not security_group_id:
        print "Unable to lookup id for security group {}".format(
            security_group)
        sys.exit(1)

    return security_group_id
Exemple #36
0
def ec2run_completers(self, event):
    cmd_param = event.line.split()
    if event.line.endswith(' '):
        cmd_param.append('')
    arg = cmd_param.pop()

    arg = cmd_param.pop()
    if arg in ('-t', '--instance-type'):
        return [
            'm1.small', 'm1.large', 'm1.xlarge', 'c1.medium', 'c1.xlarge',
            'm2.xlarge', 'm2.2xlarge', 'm2.4xlarge', 'cc1.4xlarge', 't1.micro'
        ]
    elif arg in ('-k', '--keys'):
        return [k.name for k in ec2.get_all_key_pairs()]
    elif arg in ('-n', '--instance-count'):
        return ['1', '1-']  # just examples really
    elif arg in ('-g', '--group'):
        return [g.name for g in ec2.get_all_security_groups()]
    elif arg in ('-d', '--user-data'):
        return []
    elif arg in ('-f', '--user-data-file'):
        return []  # TODO hook normal file complete
    elif arg in ('-z', '--availability-zone'):
        return [z.name for z in ec2.get_all_zones()]
    elif arg in ('--instance-initiated-shutdown-behavior'):
        return ['stop', 'terminate']
    elif arg in ('--placement-group'):
        return [g.name for g in ec2.get_all_placement_groups()]
    elif arg in ('--private-ip-address'):
        return []
    elif arg in ('--kernel'):
        return []  # TODO
    elif arg in ('--ramdisk'):
        return []  # TODO
    elif arg in ('--subnet'):
        return []  # TODO
    else:
        params = ec2run_parameters[:]
        # drop from params any already used
        for c in cmd_param:
            o = ec2run_parser.get_option(c)
            if o:
                for v in o._short_opts + o._long_opts:
                    if v in params: params.remove(v)
        return params + ami.keys()
def authorize(ec2=None, rds=None):
    security_group_id, protocol, cidr, from_port, to_port, duration = request.form['security_group_id'], request.form['protocol'], request.form['cidr'], int(request.form['from_port']), int(request.form['to_port']), int(request.form['duration'])

    cidr_fixed = fix_cidr(cidr)

    security_groups = ec2.get_all_security_groups(group_ids=[security_group_id])

    if len(security_groups) == 0:
        return "Security group not found"

    security_group = security_groups[0]

    if security_group.authorize(ip_protocol=protocol, from_port=from_port, to_port=to_port, cidr_ip=cidr_fixed):
        grant_key = GRANT_KEY_FORMULA.format(security_group_id=security_group_id, protocol=protocol, from_port=from_port, to_port=to_port, cidr=cidr_fixed)
        rds.set(grant_key, str(time.time() + duration))
        return redirect("/edit/" + security_group_id)
    else:
        return "An error occurred"
Exemple #38
0
	def __init__(self, boto, account_info):
		"""Initialize with a reference to the boto module (so adding this class
doesn't break existing code that already calls boto) and the account
info that will be connected to.
		"""
		ec2                      = boto.connect_ec2(account_info[0], account_info[1])
		self.reservations        = ec2.get_all_instances()
		self.groups              = ec2.get_all_security_groups()
		self.instances           = all_instances(ec2)
		self.by_instance_id      = dict()
		self.by_private_ip       = dict()
		self.by_private_dns_name = dict()
		self.by_public_ip        = dict()
		self.by_public_dns_name  = dict()
		self._build_instance_id_map()
		self._build_private_ip_map()
		self._build_private_dns_name_map()
		self._build_public_ip_map()
		self._build_public_dns_name_map()
Exemple #39
0
def ec2run_completers(self, event):
    cmd_param = event.line.split()
    if event.line.endswith(' '):
        cmd_param.append('')
    arg = cmd_param.pop()
    
    arg = cmd_param.pop()
    if arg in ('-t', '--instance-type'):
        return ['m1.small', 'm1.large', 'm1.xlarge', 'c1.medium', 'c1.xlarge', 'm2.xlarge', 'm2.2xlarge', 'm2.4xlarge', 'cc1.4xlarge', 't1.micro']
    elif arg in ('-k', '--keys'):
        return [k.name for k in ec2.get_all_key_pairs()]
    elif arg in ('-n', '--instance-count'):
        return ['1', '1-'] # just examples really
    elif arg in ('-g', '--group'):
        return [g.name for g in ec2.get_all_security_groups()]
    elif arg in ('-d', '--user-data'):
        return []
    elif arg in ('-f', '--user-data-file'):
        return [] # TODO hook normal file complete
    elif arg in ('-z', '--availability-zone'):
        return [z.name for z in ec2.get_all_zones()]
    elif arg in ('--instance-initiated-shutdown-behavior'):
        return ['stop', 'terminate']
    elif arg in ('--placement-group'):
        return [g.name for g in ec2.get_all_placement_groups()]
    elif arg in ('--private-ip-address'):
        return []
    elif arg in ('--kernel'):
        return [] # TODO
    elif arg in ('--ramdisk'):
        return [] # TODO
    elif arg in ('--subnet'):
        return [] # TODO
    else:
        params = ec2run_parameters[:]
        # drop from params any already used
        for c in cmd_param:
            o = ec2run_parser.get_option(c)
            if o:
                for v in o._short_opts + o._long_opts:
                    if v in params: params.remove(v)
        return params + ami.keys()
Exemple #40
0
def auto_vpn(ami=ami,
             instance_type=instance_type,
             key_name=keyname,
             group_name="vpn_2",
             ssh_port="22",
             vpn_port="1194",
             cidr="0.0.0.0/0",
             tag="auto_vpn",
             user_data=None):

    ec2 = conn_region

    try:
        group = ec2.get_all_security_groups(groupnames=[group_name])[0]
    except ec2.ResponseError, e:
        if e.code == 'InvalidGroup.NotFound':
            group = ec2.create_security_group(
                group_name, 'A group that allows VPN access')
        else:
            raise
Exemple #41
0
def auto_vpn(ami=ami,
                    instance_type=instance_type,
                    key_name=keyname,
                   	group_name="vpn_2",
                    ssh_port="22",
                    vpn_port="1194",
                    cidr="0.0.0.0/0",
                    tag="auto_vpn",
                    user_data=None):
	

	ec2 = conn_region 
 
	try:
    		group = ec2.get_all_security_groups(groupnames=[group_name])[0]
	except ec2.ResponseError, e:
    		if e.code == 'InvalidGroup.NotFound':
        		group = ec2.create_security_group(group_name,
                                                'A group that allows VPN access')
    		else:
        		raise
Exemple #42
0
def get_instance_sec_group(vpc_id, security_group):

    security_group_id = None

    grp_details = ec2.get_all_security_groups(
        filters={
            'vpc_id':vpc_id
        }
    )

    for grp in grp_details:
        if grp.name == security_group:
            security_group_id = grp.id
            break

    if not security_group_id:
        print "Unable to lookup id for security group {}".format(
            security_group)
        sys.exit(1)

    return security_group_id
Exemple #43
0
def createSG(ec2,name,rules):
	"""
	Create a new SecurityGroup
	"""
	# check if the security group exists
	group = None
	sgGroups = [sg for sg in ec2.get_all_security_groups() if sg.name == name]
	if sgGroups:
		group = sgGroups[0]
		ec2.delete_security_group(name=name, group_id=group)	
	print "Creating %s Security Group" % name
	group = ec2.create_security_group(name, 'group for %s' % name)
	if group:
		# Set the inbound rules
		for rule in rules:
			if rule.src_group_name:
				group.authorize(ip_protocol=rule.ip_protocol,from_port=rule.from_port,to_port=rule.to_port,cidr_ip=rule.cidr_ip,src_group=group)
			else:
				group.authorize(ip_protocol=rule.ip_protocol,from_port=rule.from_port,to_port=rule.to_port,cidr_ip=rule.cidr_ip,src_group=None)
		return True
	else:
		logError('Error during '+name+' Security Group update')
		return False
def clean_security_rules(ec2_region=defaults.EC2_REGION, group_name='myucsc'):
    # Create a connection to EC2 service.
    # You can pass credentials in to the connect_ec2 method explicitly
    # or you can use the default credentials in your ~/.boto config file
    # as we are doing here.
    #ec2 = boto.connect_ec2()
    ec2 = boto.ec2.connect_to_region(ec2_region)

    group = ec2.get_all_security_groups(groupnames=[group_name])[0]

    print "Revoking "
    print vars(group)

    for rule in group.rules:
        print vars(rule)
        print 'Rule protocol %s' % rule.ip_protocol
        print 'Rule from port %s' % rule.from_port
        print 'Rule to port %s' % rule.to_port
        print 'Rule cidr %s' % rule.grants[0]
        group.revoke(ip_protocol=rule.ip_protocol,
                     from_port=rule.from_port,
                     to_port=rule.to_port,
                     cidr_ip=rule.grants[0])
Exemple #45
0
def create_instances(module, ec2, vpc, override_count=None):
    """
    Creates new instances

    module : AnsibleModule object
    ec2: authenticated ec2 connection object

    Returns:
        A list of dictionaries with instance information
        about the instances that were launched
    """

    key_name = module.params.get('key_name')
    id = module.params.get('id')
    group_name = module.params.get('group')
    group_id = module.params.get('group_id')
    zone = module.params.get('zone')
    instance_type = module.params.get('instance_type')
    tenancy = module.params.get('tenancy')
    spot_price = module.params.get('spot_price')
    spot_type = module.params.get('spot_type')
    image = module.params.get('image')
    if override_count:
        count = override_count
    else:
        count = module.params.get('count')
    monitoring = module.params.get('monitoring')
    kernel = module.params.get('kernel')
    ramdisk = module.params.get('ramdisk')
    wait = module.params.get('wait')
    wait_timeout = int(module.params.get('wait_timeout'))
    spot_wait_timeout = int(module.params.get('spot_wait_timeout'))
    placement_group = module.params.get('placement_group')
    user_data = module.params.get('user_data')
    instance_tags = module.params.get('instance_tags')
    vpc_subnet_id = module.params.get('vpc_subnet_id')
    assign_public_ip = module.boolean(module.params.get('assign_public_ip'))
    private_ip = module.params.get('private_ip')
    instance_profile_name = module.params.get('instance_profile_name')
    volumes = module.params.get('volumes')
    ebs_optimized = module.params.get('ebs_optimized')
    exact_count = module.params.get('exact_count')
    count_tag = module.params.get('count_tag')
    source_dest_check = module.boolean(module.params.get('source_dest_check'))
    termination_protection = module.boolean(module.params.get('termination_protection'))

    # group_id and group_name are exclusive of each other
    if group_id and group_name:
        module.fail_json(msg = str("Use only one type of parameter (group_name) or (group_id)"))

    vpc_id = None
    if vpc_subnet_id:
        if not vpc:
            module.fail_json(msg="region must be specified")
        else:
            vpc_id = vpc.get_all_subnets(subnet_ids=[vpc_subnet_id])[0].vpc_id
    else:
        vpc_id = None

    try:
        # Here we try to lookup the group id from the security group name - if group is set.
        if group_name:
            if vpc_id:
                grp_details = ec2.get_all_security_groups(filters={'vpc_id': vpc_id})
            else:
                grp_details = ec2.get_all_security_groups()
            if isinstance(group_name, basestring):
                group_name = [group_name]
            group_id = [ str(grp.id) for grp in grp_details if str(grp.name) in group_name ]
        # Now we try to lookup the group id testing if group exists.
        elif group_id:
            #wrap the group_id in a list if it's not one already
            if isinstance(group_id, basestring):
                group_id = [group_id]
            grp_details = ec2.get_all_security_groups(group_ids=group_id)
            group_name = [grp_item.name for grp_item in grp_details]
    except boto.exception.NoAuthHandlerFound, e:
            module.fail_json(msg = str(e))
Exemple #46
0
def main():
    argument_spec = ec2_argument_spec()
    argument_spec.update(
        dict(
            name=dict(),
            group_id=dict(),
            description=dict(),
            vpc_id=dict(),
            rules=dict(type='list'),
            rules_egress=dict(type='list'),
            state=dict(default='present',
                       type='str',
                       choices=['present', 'absent']),
            purge_rules=dict(default=True, required=False, type='bool'),
            purge_rules_egress=dict(default=True, required=False, type='bool'),
        ))
    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=True,
        required_one_of=[['name', 'group_id']],
        required_if=[['state', 'present', ['name']]],
    )

    if not HAS_BOTO:
        module.fail_json(msg='boto required for this module')

    name = module.params['name']
    group_id = module.params['group_id']
    description = module.params['description']
    vpc_id = module.params['vpc_id']
    rules = deduplicate_rules_args(
        rules_expand_sources(rules_expand_ports(module.params['rules'])))
    rules_egress = deduplicate_rules_args(
        rules_expand_sources(rules_expand_ports(
            module.params['rules_egress'])))
    state = module.params.get('state')
    purge_rules = module.params['purge_rules']
    purge_rules_egress = module.params['purge_rules_egress']

    if state == 'present' and not description:
        module.fail_json(msg='Must provide description when state is present.')

    changed = False

    ec2 = ec2_connect(module)

    # find the group if present
    group = None
    groups = {}

    try:
        security_groups = ec2.get_all_security_groups()
    except BotoServerError as e:
        module.fail_json(msg="Error in get_all_security_groups: %s" %
                         e.message,
                         exception=traceback.format_exc())

    for curGroup in security_groups:
        groups[curGroup.id] = curGroup
        if curGroup.name in groups:
            # Prioritise groups from the current VPC
            if vpc_id is None or curGroup.vpc_id == vpc_id:
                groups[curGroup.name] = curGroup
        else:
            groups[curGroup.name] = curGroup

        if group_id:
            if curGroup.id == group_id:
                group = curGroup
        else:
            if curGroup.name == name and (vpc_id is None
                                          or curGroup.vpc_id == vpc_id):
                group = curGroup

    # Ensure requested group is absent
    if state == 'absent':
        if group:
            # found a match, delete it
            try:
                if not module.check_mode:
                    group.delete()
            except BotoServerError as e:
                module.fail_json(
                    msg="Unable to delete security group '%s' - %s" %
                    (group, e.message),
                    exception=traceback.format_exc())
            else:
                group = None
                changed = True
        else:
            # no match found, no changes required
            pass

    # Ensure requested group is present
    elif state == 'present':
        if group:
            # existing group
            if group.description != description:
                module.fail_json(
                    msg=
                    "Group description does not match existing group. ec2_group does not support this case."
                )

        # if the group doesn't exist, create it now
        else:
            # no match found, create it
            if not module.check_mode:
                group = ec2.create_security_group(name,
                                                  description,
                                                  vpc_id=vpc_id)

                # When a group is created, an egress_rule ALLOW ALL
                # to 0.0.0.0/0 is added automatically but it's not
                # reflected in the object returned by the AWS API
                # call. We re-read the group for getting an updated object
                # amazon sometimes takes a couple seconds to update the security group so wait till it exists
                while len(
                        ec2.get_all_security_groups(
                            filters={'group_id': group.id})) == 0:
                    time.sleep(0.1)

                group = ec2.get_all_security_groups(group_ids=(group.id, ))[0]
            changed = True
    else:
        module.fail_json(msg="Unsupported state requested: %s" % state)

    # create a lookup for all existing rules on the group
    if group:

        # Manage ingress rules
        groupRules = {}
        addRulesToLookup(group.rules, 'in', groupRules)

        # Now, go through all provided rules and ensure they are there.
        if rules is not None:
            for rule in rules:
                validate_rule(module, rule)

                group_id, ip, target_group_created = get_target_from_rule(
                    module, ec2, rule, name, group, groups, vpc_id)
                if target_group_created:
                    changed = True

                if rule['proto'] in ('all', '-1', -1):
                    rule['proto'] = -1
                    rule['from_port'] = None
                    rule['to_port'] = None

                # Convert ip to list we can iterate over
                if not isinstance(ip, list):
                    ip = [ip]

                # If rule already exists, don't later delete it
                for thisip in ip:
                    ruleId = make_rule_key('in', rule, group_id, thisip)
                    if ruleId not in groupRules:
                        grantGroup = None
                        if group_id:
                            grantGroup = groups[group_id]

                        if not module.check_mode:
                            group.authorize(rule['proto'], rule['from_port'],
                                            rule['to_port'], thisip,
                                            grantGroup)
                        changed = True
                    else:
                        del groupRules[ruleId]

        # Finally, remove anything left in the groupRules -- these will be defunct rules
        if purge_rules:
            for (rule, grant) in groupRules.values():
                grantGroup = None
                if grant.group_id:
                    if grant.owner_id != group.owner_id:
                        # this is a foreign Security Group. Since you can't fetch it you must create an instance of it
                        group_instance = SecurityGroup(owner_id=grant.owner_id,
                                                       name=grant.name,
                                                       id=grant.group_id)
                        groups[grant.group_id] = group_instance
                        groups[grant.name] = group_instance
                    grantGroup = groups[grant.group_id]
                if not module.check_mode:
                    group.revoke(rule.ip_protocol, rule.from_port,
                                 rule.to_port, grant.cidr_ip, grantGroup)
                changed = True

        # Manage egress rules
        groupRules = {}
        addRulesToLookup(group.rules_egress, 'out', groupRules)

        # Now, go through all provided rules and ensure they are there.
        if rules_egress is not None:
            for rule in rules_egress:
                validate_rule(module, rule)

                group_id, ip, target_group_created = get_target_from_rule(
                    module, ec2, rule, name, group, groups, vpc_id)
                if target_group_created:
                    changed = True

                if rule['proto'] in ('all', '-1', -1):
                    rule['proto'] = -1
                    rule['from_port'] = None
                    rule['to_port'] = None

                # Convert ip to list we can iterate over
                if not isinstance(ip, list):
                    ip = [ip]

                # If rule already exists, don't later delete it
                for thisip in ip:
                    ruleId = make_rule_key('out', rule, group_id, thisip)
                    if ruleId in groupRules:
                        del groupRules[ruleId]
                    # Otherwise, add new rule
                    else:
                        grantGroup = None
                        if group_id:
                            grantGroup = groups[group_id].id

                        if not module.check_mode:
                            ec2.authorize_security_group_egress(
                                group_id=group.id,
                                ip_protocol=rule['proto'],
                                from_port=rule['from_port'],
                                to_port=rule['to_port'],
                                src_group_id=grantGroup,
                                cidr_ip=thisip)
                        changed = True
        else:
            # when no egress rules are specified,
            # we add in a default allow all out rule, which was the
            # default behavior before egress rules were added
            default_egress_rule = 'out--1-None-None-None-0.0.0.0/0'
            if default_egress_rule not in groupRules:
                if not module.check_mode:
                    ec2.authorize_security_group_egress(group_id=group.id,
                                                        ip_protocol=-1,
                                                        from_port=None,
                                                        to_port=None,
                                                        src_group_id=None,
                                                        cidr_ip='0.0.0.0/0')
                changed = True
            else:
                # make sure the default egress rule is not removed
                del groupRules[default_egress_rule]

        # Finally, remove anything left in the groupRules -- these will be defunct rules
        if purge_rules_egress:
            for (rule, grant) in groupRules.values():
                grantGroup = None
                if grant.group_id:
                    grantGroup = groups[grant.group_id].id
                if not module.check_mode:
                    ec2.revoke_security_group_egress(
                        group_id=group.id,
                        ip_protocol=rule.ip_protocol,
                        from_port=rule.from_port,
                        to_port=rule.to_port,
                        src_group_id=grantGroup,
                        cidr_ip=grant.cidr_ip)
                changed = True

    if group:
        module.exit_json(changed=changed, group_id=group.id)
    else:
        module.exit_json(changed=changed, group_id=None)
Exemple #47
0
def create_instance_args():
    """
    Looks up security group, subnet
    and returns arguments to pass into
    ec2.run_instances() including
    user data
    """

    security_group_id = None

    grp_details = ec2.get_all_security_groups()

    for grp in grp_details:
        if grp.name == args.security_group:
            security_group_id = grp.id
            break
    if not security_group_id:
        print "Unable to lookup id for security group {}".format(
            args.security_group)
        sys.exit(1)

    vpc = VPCConnection()
    subnet = vpc.get_all_subnets(
        filters={
            'tag:aws:cloudformation:stack-name': stack_name,
            'tag:Application': args.application}
    )
    if len(subnet) != 1:
        sys.stderr.write("ERROR: Expected 1 admin subnet, got {}\n".format(
            len(subnet)))
        sys.exit(1)
    subnet_id = subnet[0].id

    if args.identity:
        config_secure = 'true'
        with open(args.identity) as f:
            identity_file = f.read()
    else:
        config_secure = 'false'
        identity_file = "dummy"

    user_data = """#!/bin/bash
set -x
set -e
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
base_dir="/var/tmp/edx-cfg"
extra_vars="$base_dir/extra-vars-$$.yml"
secure_identity="$base_dir/secure-identity"
git_ssh="$base_dir/git_ssh.sh"
configuration_version="{configuration_version}"
configuration_secure_version="{configuration_secure_version}"
environment="{environment}"
deployment="{deployment}"
play="{play}"
config_secure={config_secure}
secure_vars_file="$base_dir/configuration-secure\\
/ansible/vars/$environment/$environment-$deployment.yml"
instance_id=\\
$(curl http://169.254.169.254/latest/meta-data/instance-id 2>/dev/null)
instance_ip=\\
$(curl http://169.254.169.254/latest/meta-data/local-ipv4 2>/dev/null)
instance_type=\\
$(curl http://169.254.169.254/latest/meta-data/instance-type 2>/dev/null)
playbook_dir="$base_dir/configuration/playbooks/edx-east"
git_repo="https://github.com/edx/configuration"
git_repo_secure="[email protected]:edx/configuration-secure"

if $config_secure; then
    git_cmd="env GIT_SSH=$git_ssh git"
else
    git_cmd="git"
fi

ANSIBLE_ENABLE_SQS=true
SQS_NAME={queue_name}
SQS_REGION=us-east-1
SQS_MSG_PREFIX="[ $instance_id $instance_ip $environment-$deployment $play ]"
PYTHONUNBUFFERED=1

# environment for ansible
export ANSIBLE_ENABLE_SQS SQS_NAME SQS_REGION SQS_MSG_PREFIX PYTHONUNBUFFERED

if [[ ! -x /usr/bin/git || ! -x /usr/bin/pip ]]; then
    echo "Installing pkg dependencies"
    /usr/bin/apt-get update
    /usr/bin/apt-get install -y git python-pip python-apt \\
        git-core build-essential python-dev libxml2-dev \\
        libxslt-dev curl --force-yes
fi


rm -rf $base_dir
mkdir -p $base_dir
cd $base_dir

cat << EOF > $git_ssh
#!/bin/sh
exec /usr/bin/ssh -o StrictHostKeyChecking=no -i "$secure_identity" "\$@"
EOF

chmod 755 $git_ssh

if $config_secure; then
    cat << EOF > $secure_identity
{identity_file}
EOF
fi

cat << EOF >> $extra_vars
{extra_vars_yml}
secure_vars: $secure_vars_file
EOF

chmod 400 $secure_identity

$git_cmd clone -b $configuration_version $git_repo

if $config_secure; then
    $git_cmd clone -b $configuration_secure_version \\
        $git_repo_secure
fi

cd $base_dir/configuration
sudo pip install -r requirements.txt

cd $playbook_dir

ansible-playbook -vvvv -c local -i "localhost," $play.yml -e@$extra_vars

rm -rf $base_dir

    """.format(
                configuration_version=args.configuration_version,
                configuration_secure_version=args.configuration_secure_version,
                environment=args.environment,
                deployment=args.deployment,
                play=args.play,
                config_secure=config_secure,
                identity_file=identity_file,
                queue_name=run_id,
                extra_vars_yml=extra_vars_yml)

    ec2_args = {
        'security_group_ids': [security_group_id],
        'subnet_id': subnet_id,
        'key_name': args.keypair,
        'image_id': args.base_ami,
        'instance_type': args.instance_type,
        'instance_profile_name': args.role_name,
        'user_data': user_data,
    }

    return ec2_args
Exemple #48
0
def _lookup_security_group_ids(ec2, names):
    if not names:
        return None
    return [x.id for x in ec2.get_all_security_groups(filters={'group_name': names})]
Exemple #49
0
            if not os.path.isdir(key_dir):
                os.mkdir(key_dir, 0700)

            # AWS will store the public key but the private key is
            # generated and returned and needs to be stored locally.
            # The save method will also chmod the file to protect
            # your private key.
            key.save(key_dir)
        else:
            raise

    # Check to see if specified security group already exists.
    # If we get an InvalidGroup.NotFound error back from EC2,
    # it means that it doesn't exist and we need to create it.
    try:
        group = ec2.get_all_security_groups(groupnames=[aws_cfg["group_name"]])[0]
    except ec2.ResponseError, e:
        if e.code == 'InvalidGroup.NotFound':
            print 'Creating Security Group: %s' % aws_cfg["group_name"]
            # Create a security group to control access to instance via SSH.
            group = ec2.create_security_group(aws_cfg["group_name"],
                                              'A group that allows SSH access')
        else:
            raise

    # Add a rule to the security group to authorize SSH traffic
    # on the specified port.
    for port in ["80", aws_cfg["ssh_port"]]:
        try:
            group.authorize('tcp', port, port, "0.0.0.0/0")
        except ec2.ResponseError, e:
Exemple #50
0
            if group.description != description:
                if group_in_use:
                    module.fail_json(msg="Group description does not match, but it is in use so cannot be changed.")

        # if the group doesn't exist, create it now
        else:
            '''no match found, create it'''
            if not module.check_mode:
                group = ec2.create_security_group(name, description, vpc_id=vpc_id)

                # When a group is created, an egress_rule ALLOW ALL
                # to 0.0.0.0/0 is added automatically but it's not
                # reflected in the object returned by the AWS API
                # call. We re-read the group for getting an updated object
                # amazon sometimes takes a couple seconds to update the security group so wait till it exists
                while len(ec2.get_all_security_groups(filters={ 'group_id': group.id, })) == 0:
                    time.sleep(0.1)

                group = ec2.get_all_security_groups(group_ids=(group.id,))[0]
            changed = True
    else:
        module.fail_json(msg="Unsupported state requested: %s" % state)

    # create a lookup for all existing rules on the group
    if group:

        # Manage ingress rules
        groupRules = {}
        addRulesToLookup(group.rules, 'in', groupRules)

        # Now, go through all provided rules and ensure they are there.
    except ec2.ResponseError, e:
        if e.code == 'InvalidKeyPair.NotFound':
            print 'Creating keypair: %s' % key_name
            # Create an SSH key to use when logging into instances.
            key = ec2.create_key_pair(key_name)
            # AWS will store the public key but the private key is
            # generated and returned and needs to be stored locally.
            # The save method will also chmod the file to protect # your private key.
            key.save(key_dir)
        else:
            raise
    # Check to see if specified security group already exists.
    # If we get an InvalidGroup.NotFound error back from EC2,
    # it means that it doesn't exist and we need to create it.
    try:
        group = ec2.get_all_security_groups(groupnames=[group_name])[0]
    except ec2.ResponseError, e:
        if e.code == 'InvalidGroup.NotFound':
            print 'Creating Security Group: %s' % group_name
            # Create a security group to control access to instance via SSH.
            group = ec2.create_security_group(
                group_name, 'A group that allows SSH access')
        else:
            raise

    # Add a rule to the security group to authorize SSH traffic
    # on the specified port.
    try:
        group.authorize('tcp', ssh_port, ssh_port, cidr)
    except ec2.ResponseError, e:
        if e.code == 'InvalidPermission.Duplicate':
Exemple #52
0
            # Create an SSH key to use when logging into instances.
            key = ec2.create_key_pair(env.aws_ssh_key_name)

            # AWS will store the public key but the private key is
            # generated and returned and needs to be stored locally.
            # The save method will also chmod the file to protect
            # your private key.
            key.save(directory_path=env.ssh_directory)
        else:
            raise

    # Check to see if specified security group already exists.
    # If we get an InvalidGroup.NotFound error back from EC2,
    # it means that it doesn't exist and we need to create it.
    try:
        ec2_group = ec2.get_all_security_groups(
            groupnames=[env.aws_ec2_security_group_name])[0]  # noqa
    except ec2.ResponseError, e:
        if e.code == 'InvalidGroup.NotFound':
            print 'Creating EC2 Security Group: %s' % env.aws_ec2_security_group_name
            # Create a security group to control access to instance via SSH.
            ec2_group = ec2.create_security_group(
                env.aws_ec2_security_group_name,
                'A group that allows SSH and HTTP access')
        else:
            raise

    # Add a rule to the security group to authorize SSH traffic
    # on the specified port.
    for port in ["80", env.aws_ssh_port]:
        try:
            ec2_group.authorize('tcp', port, port, "0.0.0.0/0")
Exemple #53
0
import config
import socket

# TODO better exception handling in completers
# TODO handle spaces in tags (completion)
# TODO autogenerate ec2run docstring

ip = IPython.ipapi.get()
region = getattr(config, 'DEFAULT_REGION', 'us-east-1')
creds = dict(aws_access_key_id=config.AWS_ACCESS_KEY_ID,
             aws_secret_access_key=config.AWS_SECRET_ACCESS_KEY)
ec2 = boto.ec2.connect_to_region(region, **creds)
ip.user_ns['ec2'] = ec2

# Find out our user id - query for a security group
sg = ec2.get_all_security_groups()[0]
owner_id = sg.owner_id

######################################################
# Helper functions
######################################################

re_allowed_chars = re.compile(r'[^a-z0-9_]+')


def to_slug(n):
    n = n.lower()
    n = re_allowed_chars.sub('_', n)
    return n

log = logging.getLogger('botocross')
bc.configure_logging(log, args.log_level)
credentials = bc.parse_credentials(args)
regions = bc.filter_regions(boto.ec2.regions(), args.region)

# execute business logic
groupname = args.name if args.name else ""
group_id = args.id if args.id else ""
log.info("Deleting EC2 security groups '" + groupname + group_id + "':")

groupnames = [args.name] if args.name else None
group_ids = [args.id] if args.id else None

for region in regions:
    pprint(region.name, indent=2)
    try:
        ec2 = boto.connect_ec2(region=region, **credentials)
        groups = ec2.get_all_security_groups(groupnames=groupnames,
                                             group_ids=group_ids)
        for group in groups:
            num_instances = " with " + str(len(
                group.instances())) + " instances assigned" if len(
                    group.instances()) else ""
            if group.instances() and not args.force:
                print 'NOT deleting security group ' + group.name + "(" + group.id + ")" + num_instances + " (use --force to override)"
            else:
                print 'Deleting security group ' + group.name + "(" + group.id + ")" + num_instances
                ec2.delete_security_group(name=args.name, group_id=args.id)
    except boto.exception.BotoServerError, e:
        log.error(e.error_message)
Exemple #55
0
def deploy():
    ec2 = boto.ec2.connect_to_region('us-east-1',
                                     aws_access_key_id='',
                                     aws_secret_access_key='')
    ec2_key_pair = ec2.get_key_pair("key_pair")
    print ec2_key_pair
    if ec2_key_pair == None:
        ec2_key_pair = ec2.create_key_pair("key_pair")
        ec2_key_pair.save(".")

    group = ec2.get_all_security_groups(filters={'group-name': 'group'})
    if not group:
        group = ec2.create_security_group("csc326-groupg326-2-006",
                                          "a group for ec2")
        group.authorize("icmp", -1, -1, "0.0.0.0/0")
        group.authorize("tcp", 22, 22, "0.0.0.0/0")
        group.authorize("tcp", 80, 80, "0.0.0.0/0")
        group.authorize('tcp', 8080, 8080, '0.0.0.0/0')
    else:
        group = group[0]

    instances = ec2.get_only_instances()
    runninginstances = [i for i in instances if i.state == 'running']
    instance = None
    if not instances or (instances and not runninginstances):
        instances = ec2.run_instances(
            image_id='ami-8caa1ce4',
            key_name='key_pair',
            security_groups=['csc326-groupg326-2-006'],
            instance_type='t1.micro')
        instances = instances.instances[0]
    else:
        instances = instances[0]
    instance = instances

    print "Waiting for instance to be ready to run.."
    while instance.update() != 'running':
        time.sleep(10)

    print "Instance is ready and running"

    os.system("ssh -i key_pair.pem ubuntu@%s sudo apt-get update" %
              (instance.ip_address))
    os.system(
        "ssh -i key_pair.pem ubuntu@%s sudo apt-get install -y python-pip" %
        (instance.ip_address))
    os.system("ssh -i key_pair.pem ubuntu@%s sudo pip install bottle" %
              (instance.ip_address))
    os.system("ssh -i key_pair.pem ubuntu@%s sudo pip install beaker" %
              (instance.ip_address))
    os.system(
        "ssh -i key_pair.pem ubuntu@%s sudo pip install google-api-python-client"
        % (instance.ip_address))
    os.system("ssh -i key_pair.pem ubuntu@%s sudo pip install oauth2client" %
              (instance.ip_address))
    os.system("ssh -i key_pair.pem ubuntu@%s sudo pip install BeautifulSoup4" %
              (instance.ip_address))
    os.system("ssh -i key_pair.pem ubuntu@%s sudo pip install BeautifulSoup4" %
              (instance.ip_address))
    os.system("ssh -i key_pair.pem ubuntu@%s mkdir app" %
              (instance.ip_address))
    os.system("scp -i key_pair.pem ~/RandomSearch/Lab2/* ubuntu@%s:~/app" %
              (instance.ip_address))
    os.system(
        "ssh -i key_pair.pem ubuntu@%s sudo nohup python app/frontEnd.py" %
        (instance.ip_address))
    #elasticIPaddr = ec2.allocate_address()
    #elasticIPaddr.associate(instance.id)
    return instance.ip_address
Exemple #56
0
    "us-east-1": "ami-1b135e72",
    "us-west-1": "ami-1cf1db59",
    "us-west-2": "ami-f8ec70c8"
}

image_id = regionToAMIs[region_name]

print(u"Connecting to EC2 in region %s" % region_name)
ec2 = boto.ec2.connect_to_region(region_name=region_name,
                                 aws_access_key_id=aws_access_key_id,
                                 aws_secret_access_key=aws_secret_access_key)

print(u"Establishing security group voodoovpn")
voodoovpngroup_name = u'voodoovpn'
matching_security_groups = [
    sg for sg in ec2.get_all_security_groups()
    if sg.name == voodoovpngroup_name
]
if len(matching_security_groups) > 0:
    print(u"Found security group voodoovpn")
    voodoovpngroup = matching_security_groups[0]
else:
    print(u"Creating security group voodoovpn")
    voodoovpngroup = ec2.create_security_group(voodoovpngroup_name,
                                               'Voodoo VPN access')
    voodoovpngroup.authorize('tcp', 500, 500, '0.0.0.0/0')
    voodoovpngroup.authorize('udp', 500, 500, '0.0.0.0/0')
    voodoovpngroup.authorize('udp', 4500, 4500, '0.0.0.0/0')
    if key_name is not None:
        # open an ssh port, if we provided an ssh key
        voodoovpngroup.authorize('tcp', 22, 22, '0.0.0.0/0')
Exemple #57
0
import boto
import boto.ec2
import sys
import subprocess
account=['vid', 'lmn']
for acc in account:
                if acc == "vid":
                        AK="AKIAIFVGUARTUV6HPHTQ"
                        SAK="2nYqGL7ehSMkugZX3gl/TtMofQ+PzKKHhTE/uynE"
						f = open('/home/akohale/arpit/unused_SG/vid', 'w')
						sys.stdout = f
                else:
                        AK="AKIAJGCNJXKN7NPIQSOQ"
                        SAK="n/QbNZpu8kwnP98u8PjYHX8rCEjsDl/BYcPk6Fa5"
						f=open('/home/akohale/arpit/unused_SG/lmn', 'w')
						sys.stdout = f
                REGION=['eu-west-1','sa-east-1','us-east-1','ap-northeast-1','us-west-1','us-west-2','ap-southeast-1','ap-southeast-2']
                for EC2_REGION in REGION:
                        ec2region = boto.ec2.get_region(EC2_REGION)
                        ec2 = boto.connect_ec2(region=ec2region, aws_access_key_id=AK, aws_secret_access_key=SAK)
                        sgs = ec2.get_all_security_groups()
                        print "========== %s-REGION=%s=========" % (acc, EC2_REGION)
                        for sg in sgs:
                                if len(sg.instances()) == 0:
                                        print ("{0}\t{1}\t{2} instances".format(sg.id, sg.name, len(sg.instances())))
                                        
def send_message(recipient, subject, body):
    process = subprocess.Popen(['mail', '-s', subject, '-a', '/home/akohale/arpit/unused_SG/lmn', '-a', '/home/akohale/arpit/unused_SG/vid', recipient],stdin=subprocess.PIPE)
    process.communicate(body)

send_message ('*****@*****.**', 'Test_mail', 'Hello')
Exemple #58
0
def launch_spot_instance(id,
                         profile,
                         spot_wait_sleep=5,
                         instance_wait_sleep=3):
    ec2 = boto.ec2.connect_to_region(profile['region'])

    if not 'key_pair' in profile:
        print('key pair {0} does not exist'.format(profile['key_pair'][0]))
        profile['key_pair'] = ('KP-' + id, 'KP-' + id + '.pem')
        try:
            print >> sys.stderr, 'Creating key pair...',
            keypair = ec2.create_key_pair('KP-' + id)
            keypair.save('.')
            print >> sys.stderr, 'created'
        except boto.exception.EC2ResponseError as e:
            if e.code == 'InvalidKeyPair.Duplicate':
                print >> sys.stderr, 'already exists'
            else:
                raise e

    if not 'security_group' in profile:
        try:
            print >> sys.stderr, 'Creating security group...',
            sc = ec2.create_security_group('SG-' + id,
                                           'Security Group for ' + id)
            for proto, fromport, toport, ip in profile['firewall']:
                sc.authorize(proto, fromport, toport, ip)
            profile['security_group'] = (sc.id, sc.name)
            print >> sys.stderr, 'created'
        except boto.exception.EC2ResponseError as e:
            if e.code == 'InvalidGroup.Duplicate':
                print >> sys.stderr, 'already exists'
                sc = ec2.get_all_security_groups(groupnames=['SG-' + id])[0]
                profile['security_group'] = (sc.id, sc.name)
            else:
                raise e

    existing_requests = ec2.get_all_spot_instance_requests(
        filters={
            'launch.group-id': profile['security_group'][0],
            'state': ['open', 'active']
        })
    if existing_requests:
        if len(existing_requests) > 1:
            raise Exception('Too many existing spot requests')
        print >> sys.stderr, 'Reusing existing spot request'
        spot_req_id = existing_requests[0].id
    else:
        bdm = boto.ec2.blockdevicemapping.BlockDeviceMapping()
        bdm['/dev/sda1'] = boto.ec2.blockdevicemapping.BlockDeviceType(
            volume_type='gp2',
            size=profile['disk_size'],
            delete_on_termination=profile['disk_delete_on_termination'])
        bdm['/dev/sdb'] = boto.ec2.blockdevicemapping.BlockDeviceType(
            ephemeral_name='ephemeral0')
        print >> sys.stderr, 'Requesting spot instance'
        spot_reqs = ec2.request_spot_instances(
            price=profile['price'],
            image_id=profile['image_id'],
            instance_type=profile['type'],
            placement=profile['region'] + profile['availability_zone'],
            security_groups=[profile['security_group'][1]],
            key_name=profile['key_pair'][0],
            block_device_map=bdm,
            instance_profile_arn=
            'arn:aws:iam::720533437540:instance-profile/ec2_ml')
        spot_req_id = spot_reqs[0].id

    print >> sys.stderr, 'Waiting for launch',
    instance_id = None
    spot_tag_added = False
    while not instance_id:
        spot_req = ec2.get_all_spot_instance_requests(
            request_ids=[spot_req_id])[0]
        if not spot_tag_added:
            spot_req.add_tag('Name', id)
            spot_tag_added = True
        if spot_req.state == 'failed':
            # print(dir(spot_req))
            raise Exception('spto request failed')
            print('Spot request failed - {0}'.format(spot_req.status))
            sys.exit(0)
        instance_id = spot_req.instance_id
        if not instance_id:
            print >> sys.stderr, '.',
            time.sleep(spot_wait_sleep)
    print >> sys.stderr

    print >> sys.stderr, 'Retrieving instance by id'
    reservations = ec2.get_all_instances(instance_ids=[instance_id])
    instance = reservations[0].instances[0]
    instance.add_tag('Name', id)
    print >> sys.stderr, 'Got instance: ' + str(
        instance.id) + ' [' + instance.state + ']'
    print >> sys.stderr, 'Waiting for instance to boot',
    while not instance.state in ['running', 'terminated', 'shutting-down']:
        print >> sys.stderr, '.',
        time.sleep(instance_wait_sleep)
        instance.update()
    print >> sys.stderr
    if instance.state != 'running':
        raise Exception('Instance was terminated')
    return instance