def configure_instance_security(self, parameters): """ Creates a GCE network and firewall with the specified name, and opens the ports on that firewall as needed for AppScale. We expect both the network and the firewall to not exist before this point, to avoid accidentally placing AppScale instances from different deployments in the same network and firewall (thus enabling them to see each other's web traffic). Args: parameters: A dict with keys for each parameter needed to connect to Google Compute Engine, and an additional key indicating the name of the network and firewall that we should create in GCE. Returns: True, if the named network and firewall was created successfully. Raises: AgentRuntimeException: If the named network or firewall already exist in GCE. """ is_autoscale_agent = parameters.get(self.PARAM_AUTOSCALE_AGENT, False) # While creating instances during autoscaling, we do not need to create a # new keypair or a network. We just make use of the existing one. if is_autoscale_agent: return AppScaleLogger.log("Verifying that SSH key exists locally") keyname = parameters[self.PARAM_KEYNAME] private_key = LocalState.LOCAL_APPSCALE_PATH + keyname public_key = private_key + ".pub" if os.path.exists(private_key) or os.path.exists(public_key): raise AgentRuntimeException("SSH key already found locally - please " + "use a different keyname") LocalState.generate_rsa_key(keyname, parameters[self.PARAM_VERBOSE]) ssh_key_exists, all_ssh_keys = self.does_ssh_key_exist(parameters) if not ssh_key_exists: self.create_ssh_key(parameters, all_ssh_keys) if self.does_network_exist(parameters): raise AgentRuntimeException("Network already exists - please use a " + \ "different group name.") if self.does_firewall_exist(parameters): raise AgentRuntimeException("Firewall already exists - please use a " + \ "different group name.") network_url = self.create_network(parameters) self.create_firewall(parameters, network_url)
def configure_instance_security(self, parameters): """ Creates a GCE network and firewall with the specified name, and opens the ports on that firewall as needed for AppScale. We expect both the network and the firewall to not exist before this point, to avoid accidentally placing AppScale instances from different deployments in the same network and firewall (thus enabling them to see each other's web traffic). Args: parameters: A dict with keys for each parameter needed to connect to Google Compute Engine, and an additional key indicating the name of the network and firewall that we should create in GCE. Returns: True, if the named network and firewall was created successfully. Raises: AgentRuntimeException: If the named network or firewall already exist in GCE. """ AppScaleLogger.log("Verifying that SSH key exists locally") keyname = parameters[self.PARAM_KEYNAME] private_key = LocalState.LOCAL_APPSCALE_PATH + keyname public_key = private_key + ".pub" if os.path.exists(private_key) or os.path.exists(public_key): raise AgentRuntimeException("SSH key already found locally - please " + "use a different keyname") LocalState.generate_rsa_key(keyname, parameters[self.PARAM_VERBOSE]) ssh_key_exists, all_ssh_keys = self.does_ssh_key_exist(parameters) if not ssh_key_exists: self.create_ssh_key(parameters, all_ssh_keys) if self.does_network_exist(parameters): raise AgentRuntimeException("Network already exists - please use a " + \ "different group name.") if self.does_firewall_exist(parameters): raise AgentRuntimeException("Firewall already exists - please use a " + \ "different group name.") network_url = self.create_network(parameters) self.create_firewall(parameters, network_url)
def configure_instance_security(self, parameters): """ Configure the resource group and storage account needed to create the network interface for the VMs to be spawned. This method is called before starting virtual machines. Args: parameters: A dict containing values necessary to authenticate with the underlying cloud. Returns: True, if the group and account were created successfully. False, otherwise. Raises: AgentRuntimeException: If security features could not be successfully configured in the underlying cloud. """ credentials = self.open_connection(parameters) resource_group = parameters[self.PARAM_RESOURCE_GROUP] storage_account = parameters[self.PARAM_STORAGE_ACCOUNT] zone = parameters[self.PARAM_ZONE] subscription_id = parameters[self.PARAM_SUBSCRIBER_ID] AppScaleLogger.log("Verifying that SSH key exists locally.") keyname = parameters[self.PARAM_KEYNAME] private_key = LocalState.LOCAL_APPSCALE_PATH + keyname public_key = private_key + ".pub" if os.path.exists(private_key) or os.path.exists(public_key): raise AgentRuntimeException( "SSH key already found locally - please " "use a different keyname.") LocalState.generate_rsa_key(keyname, parameters[self.PARAM_VERBOSE]) AppScaleLogger.log("Configuring network for machine/s under " "resource group '{0}' with storage account '{1}' " "in zone '{2}'".format(resource_group, storage_account, zone)) # Create a resource group and an associated storage account to access resources. self.create_resource_group(parameters, credentials) resource_client = ResourceManagementClient(credentials, subscription_id) resource_client.providers.register(self.MICROSOFT_COMPUTE_RESOURCE) resource_client.providers.register(self.MICROSOFT_NETWORK_RESOURCE)
def configure_instance_security(self, parameters): """ Configure the resource group and storage account needed to create the network interface for the VMs to be spawned. This method is called before starting virtual machines. Args: parameters: A dict containing values necessary to authenticate with the underlying cloud. Returns: True, if the group and account were created successfully. False, otherwise. Raises: AgentRuntimeException: If security features could not be successfully configured in the underlying cloud. """ credentials = self.open_connection(parameters) resource_group = parameters[self.PARAM_RESOURCE_GROUP] storage_account = parameters[self.PARAM_STORAGE_ACCOUNT] zone = parameters[self.PARAM_ZONE] subscription_id = parameters[self.PARAM_SUBSCRIBER_ID] AppScaleLogger.log("Verifying that SSH key exists locally.") keyname = parameters[self.PARAM_KEYNAME] private_key = LocalState.LOCAL_APPSCALE_PATH + keyname public_key = private_key + ".pub" if os.path.exists(private_key) or os.path.exists(public_key): raise AgentRuntimeException("SSH key already found locally - please " "use a different keyname.") LocalState.generate_rsa_key(keyname, parameters[self.PARAM_VERBOSE]) AppScaleLogger.log("Configuring network for machine/s under " "resource group '{0}' with storage account '{1}' " "in zone '{2}'".format(resource_group, storage_account, zone)) # Create a resource group and an associated storage account to access resources. self.create_resource_group(parameters, credentials) resource_client = ResourceManagementClient(credentials, subscription_id) resource_client.providers.register(self.MICROSOFT_COMPUTE_RESOURCE) resource_client.providers.register(self.MICROSOFT_NETWORK_RESOURCE)
def add_keypair(cls, options): """Sets up passwordless SSH login to the machines used in a virtualized cluster deployment. Args: options: A Namespace that has fields for each parameter that can be passed in via the command-line interface. Raises: AppScaleException: If any of the machines named in the ips_layout are not running, or do not have the SSH daemon running. """ LocalState.require_ssh_commands(options.auto) LocalState.make_appscale_directory() path = LocalState.LOCAL_APPSCALE_PATH + options.keyname if options.add_to_existing: private_key = path else: _, private_key = LocalState.generate_rsa_key(options.keyname) if options.auto: if 'root_password' in options: AppScaleLogger.log("Using the provided root password to log into " + \ "your VMs.") password = options.root_password else: AppScaleLogger.log("Please enter the password for the root user on" + \ " your VMs:") password = getpass.getpass() node_layout = NodeLayout(options) all_ips = [node.public_ip for node in node_layout.nodes] for ip in all_ips: # first, make sure ssh is actually running on the host machine if not RemoteHelper.is_port_open(ip, RemoteHelper.SSH_PORT): raise AppScaleException("SSH does not appear to be running at {0}. " \ "Is the machine at {0} up and running? Make sure your IPs are " \ "correct!".format(ip)) # next, set up passwordless ssh AppScaleLogger.log("Executing ssh-copy-id for host: {0}".format(ip)) if options.auto: LocalState.shell("{0} root@{1} {2} {3}".format(cls.EXPECT_SCRIPT, ip, private_key, password)) else: LocalState.shell("ssh-copy-id -i {0} root@{1}".format(private_key, ip)) AppScaleLogger.success("Generated a new SSH key for this deployment " + \ "at {0}".format(private_key))