def configure_instance_security(self, parameters):
""" Creates a GCE network and firewall with the specified name, and opens
the ports on that firewall as needed for AppScale.
We expect both the network and the firewall to not exist before this point,
to avoid accidentally placing AppScale instances from different deployments
in the same network and firewall (thus enabling them to see each other's web
traffic).
Args:
parameters: A dict with keys for each parameter needed to connect to
Google Compute Engine, and an additional key indicating the name of the
network and firewall that we should create in GCE.
Returns:
True, if the named network and firewall was created successfully.
Raises:
AgentRuntimeException: If the named network or firewall already exist in
GCE.
"""
is_autoscale_agent = parameters.get(self.PARAM_AUTOSCALE_AGENT, False)
# While creating instances during autoscaling, we do not need to create a
# new keypair or a network. We just make use of the existing one.
if is_autoscale_agent:
return
AppScaleLogger.log("Verifying that SSH key exists locally")
keyname = parameters[self.PARAM_KEYNAME]
private_key = LocalState.LOCAL_APPSCALE_PATH + keyname
public_key = private_key + ".pub"
if os.path.exists(private_key) or os.path.exists(public_key):
raise AgentRuntimeException("SSH key already found locally - please " +
"use a different keyname")
LocalState.generate_rsa_key(keyname, parameters[self.PARAM_VERBOSE])
ssh_key_exists, all_ssh_keys = self.does_ssh_key_exist(parameters)
if not ssh_key_exists:
self.create_ssh_key(parameters, all_ssh_keys)
if self.does_network_exist(parameters):
raise AgentRuntimeException("Network already exists - please use a " + \
"different group name.")
if self.does_firewall_exist(parameters):
raise AgentRuntimeException("Firewall already exists - please use a " + \
"different group name.")
network_url = self.create_network(parameters)
self.create_firewall(parameters, network_url)
def configure_instance_security(self, parameters):
""" Creates a GCE network and firewall with the specified name, and opens
the ports on that firewall as needed for AppScale.
We expect both the network and the firewall to not exist before this point,
to avoid accidentally placing AppScale instances from different deployments
in the same network and firewall (thus enabling them to see each other's web
traffic).
Args:
parameters: A dict with keys for each parameter needed to connect to
Google Compute Engine, and an additional key indicating the name of the
network and firewall that we should create in GCE.
Returns:
True, if the named network and firewall was created successfully.
Raises:
AgentRuntimeException: If the named network or firewall already exist in
GCE.
"""
AppScaleLogger.log("Verifying that SSH key exists locally")
keyname = parameters[self.PARAM_KEYNAME]
private_key = LocalState.LOCAL_APPSCALE_PATH + keyname
public_key = private_key + ".pub"
if os.path.exists(private_key) or os.path.exists(public_key):
raise AgentRuntimeException("SSH key already found locally - please " +
"use a different keyname")
LocalState.generate_rsa_key(keyname, parameters[self.PARAM_VERBOSE])
ssh_key_exists, all_ssh_keys = self.does_ssh_key_exist(parameters)
if not ssh_key_exists:
self.create_ssh_key(parameters, all_ssh_keys)
if self.does_network_exist(parameters):
raise AgentRuntimeException("Network already exists - please use a " + \
"different group name.")
if self.does_firewall_exist(parameters):
raise AgentRuntimeException("Firewall already exists - please use a " + \
"different group name.")
network_url = self.create_network(parameters)
self.create_firewall(parameters, network_url)
def configure_instance_security(self, parameters):
""" Configure the resource group and storage account needed to create the
network interface for the VMs to be spawned. This method is called before
starting virtual machines.
Args:
parameters: A dict containing values necessary to authenticate with the
underlying cloud.
Returns:
True, if the group and account were created successfully.
False, otherwise.
Raises:
AgentRuntimeException: If security features could not be successfully
configured in the underlying cloud.
"""
credentials = self.open_connection(parameters)
resource_group = parameters[self.PARAM_RESOURCE_GROUP]
storage_account = parameters[self.PARAM_STORAGE_ACCOUNT]
zone = parameters[self.PARAM_ZONE]
subscription_id = parameters[self.PARAM_SUBSCRIBER_ID]
AppScaleLogger.log("Verifying that SSH key exists locally.")
keyname = parameters[self.PARAM_KEYNAME]
private_key = LocalState.LOCAL_APPSCALE_PATH + keyname
public_key = private_key + ".pub"
if os.path.exists(private_key) or os.path.exists(public_key):
raise AgentRuntimeException(
"SSH key already found locally - please "
"use a different keyname.")
LocalState.generate_rsa_key(keyname, parameters[self.PARAM_VERBOSE])
AppScaleLogger.log("Configuring network for machine/s under "
"resource group '{0}' with storage account '{1}' "
"in zone '{2}'".format(resource_group,
storage_account, zone))
# Create a resource group and an associated storage account to access resources.
self.create_resource_group(parameters, credentials)
resource_client = ResourceManagementClient(credentials,
subscription_id)
resource_client.providers.register(self.MICROSOFT_COMPUTE_RESOURCE)
resource_client.providers.register(self.MICROSOFT_NETWORK_RESOURCE)
def configure_instance_security(self, parameters):
""" Configure the resource group and storage account needed to create the
network interface for the VMs to be spawned. This method is called before
starting virtual machines.
Args:
parameters: A dict containing values necessary to authenticate with the
underlying cloud.
Returns:
True, if the group and account were created successfully.
False, otherwise.
Raises:
AgentRuntimeException: If security features could not be successfully
configured in the underlying cloud.
"""
credentials = self.open_connection(parameters)
resource_group = parameters[self.PARAM_RESOURCE_GROUP]
storage_account = parameters[self.PARAM_STORAGE_ACCOUNT]
zone = parameters[self.PARAM_ZONE]
subscription_id = parameters[self.PARAM_SUBSCRIBER_ID]
AppScaleLogger.log("Verifying that SSH key exists locally.")
keyname = parameters[self.PARAM_KEYNAME]
private_key = LocalState.LOCAL_APPSCALE_PATH + keyname
public_key = private_key + ".pub"
if os.path.exists(private_key) or os.path.exists(public_key):
raise AgentRuntimeException("SSH key already found locally - please "
"use a different keyname.")
LocalState.generate_rsa_key(keyname, parameters[self.PARAM_VERBOSE])
AppScaleLogger.log("Configuring network for machine/s under "
"resource group '{0}' with storage account '{1}' "
"in zone '{2}'".format(resource_group, storage_account, zone))
# Create a resource group and an associated storage account to access resources.
self.create_resource_group(parameters, credentials)
resource_client = ResourceManagementClient(credentials, subscription_id)
resource_client.providers.register(self.MICROSOFT_COMPUTE_RESOURCE)
resource_client.providers.register(self.MICROSOFT_NETWORK_RESOURCE)
def add_keypair(cls, options):
"""Sets up passwordless SSH login to the machines used in a virtualized
cluster deployment.
Args:
options: A Namespace that has fields for each parameter that can be
passed in via the command-line interface.
Raises:
AppScaleException: If any of the machines named in the ips_layout are
not running, or do not have the SSH daemon running.
"""
LocalState.require_ssh_commands(options.auto)
LocalState.make_appscale_directory()
path = LocalState.LOCAL_APPSCALE_PATH + options.keyname
if options.add_to_existing:
private_key = path
else:
_, private_key = LocalState.generate_rsa_key(options.keyname)
if options.auto:
if 'root_password' in options:
AppScaleLogger.log("Using the provided root password to log into " + \
"your VMs.")
password = options.root_password
else:
AppScaleLogger.log("Please enter the password for the root user on" + \
" your VMs:")
password = getpass.getpass()
node_layout = NodeLayout(options)
all_ips = [node.public_ip for node in node_layout.nodes]
for ip in all_ips:
# first, make sure ssh is actually running on the host machine
if not RemoteHelper.is_port_open(ip, RemoteHelper.SSH_PORT):
raise AppScaleException("SSH does not appear to be running at {0}. " \
"Is the machine at {0} up and running? Make sure your IPs are " \
"correct!".format(ip))
# next, set up passwordless ssh
AppScaleLogger.log("Executing ssh-copy-id for host: {0}".format(ip))
if options.auto:
LocalState.shell("{0} root@{1} {2} {3}".format(cls.EXPECT_SCRIPT, ip,
private_key, password))
else:
LocalState.shell("ssh-copy-id -i {0} root@{1}".format(private_key, ip))
AppScaleLogger.success("Generated a new SSH key for this deployment " + \
"at {0}".format(private_key))
