예제 #1
0
    def configure_instance_security(self, parameters):
        """
        Setup EC2 security keys and groups. Required input values are read from
        the parameters dictionary. More specifically, this method expects to
        find a 'keyname' parameter and a 'group' parameter in the parameters
        dictionary. Using these provided values, this method will create a new
        EC2 key-pair and a security group. Security group will be granted permissions
        to access any port on the instantiated VMs. (Also see documentation for the
        BaseAgent class)

        Args:
        parameters  A dictionary of parameters
        """
        keyname = parameters[self.PARAM_KEYNAME]
        #keyname = "cloudrunner-keypair"
        group = parameters[self.PARAM_GROUP]
        #group = "cloudrunner-security-group"
        key_path = '{0}.key'.format(keyname)
        ssh_key = os.path.abspath(key_path)
        utils.log(
            'About to spawn EC2 instances - Expecting to find a key at {0}'.format(ssh_key)
        )
        try:
            conn = self.open_connection(parameters)
            if os.path.exists(ssh_key):
                utils.log('SSH keys found in the local system - Not initializing EC2 security')
            else:
                utils.log('Creating key pair: ' + keyname)
                key_pair = conn.create_key_pair(keyname)
                utils.write_key_file(ssh_key, key_pair.material)

            security_groups = conn.get_all_security_groups()
            group_exists = False
            for security_group in security_groups:
                if security_group.name == group:
                    group_exists = True
                    break
            if not group_exists:
                utils.log('Creating security group: ' + group)
                newgroup = conn.create_security_group(group, 'CloudRunner security group')
                newgroup.authorize('tcp', 22, 22, '0.0.0.0/0')
                newgroup.authorize('tcp', 5672, 5672, '0.0.0.0/0')
                newgroup.authorize('tcp', 6379, 6379, '0.0.0.0/0')
                newgroup.authorize('tcp', 11211, 11211, '0.0.0.0/0')
                newgroup.authorize('tcp', 55672, 55672, '0.0.0.0/0')
            result = {
                'success': True,
                'absolute_key_path': ssh_key
            }
            return result
        except EC2ResponseError as exception:
            self.handle_failure(
                'EC2 response error while initializing security: {0}'.format(exception.error_message)
            )
        except Exception as exception:
            self.handle_failure(
                'Error while initializing EC2 security: {0}'.format(exception.message)
            )
예제 #2
0
    def configure_instance_security(self, parameters):
        """
        Setup EC2 security keys and groups. Required input values are read from
        the parameters dictionary. More specifically, this method expects to
        find a 'keyname' parameter and a 'group' parameter in the parameters
        dictionary. Using these provided values, this method will create a new
        EC2 key-pair and a security group. Security group will be granted permissions
        to access any port on the instantiated VMs. (Also see documentation for the
        BaseAgent class)

        Args:
          parameters  A dictionary of parameters
        """
        keyname = parameters[self.PARAM_KEYNAME]
        group = parameters[self.PARAM_GROUP]

        key_path = '{0}.key'.format(keyname)
        ssh_key = os.path.abspath(key_path)
        logging.info('About to configure EC2 instance security - ' \
                  'Expecting to find a key at {0}'.format(ssh_key))

        try:
            conn = self.open_connection(parameters)
            if os.path.exists(ssh_key):
                logging.info('SSH keys found in the local system - '
                          'Not initializing EC2 security')
            else:
                logging.info('Creating key pair: ' + keyname)
                key_pair = conn.create_key_pair(keyname)
                utils.write_key_file(ssh_key, key_pair.material)

            security_groups = conn.get_all_security_groups()
            group_exists = False
            for security_group in security_groups:
                if security_group.name == group:
                    group_exists = True
                    break

            if not group_exists:
                logging.info('Creating security group: ' + group)
                newgroup = conn.create_security_group(group, 'stochSS security group')
                # wait for some time before security group is all set
                for x in (0, 10):
                    continue
                newgroup.authorize('tcp', 22, 22, '0.0.0.0/0')
                newgroup.authorize('tcp', 5672, 5672, '0.0.0.0/0')
                newgroup.authorize('tcp', 6379, 6379, '0.0.0.0/0')
                newgroup.authorize('tcp', 11211, 11211, '0.0.0.0/0')
                newgroup.authorize('tcp', 55672, 55672, '0.0.0.0/0')
            return True

        except EC2ResponseError as exception:
            self.handle_failure('EC2 response error while initializing '
                                'security: ' + exception.error_message)

        except Exception as exception:
            self.handle_failure('Error while initializing EC2 '
                                'security: ' + exception.message)
예제 #3
0
  def configure_instance_security(self, parameters):
    """
    Setup EC2 security keys and groups. Required input values are read from
    the parameters dictionary. More specifically, this method expects to
    find a 'keyname' parameter and a 'group' parameter in the parameters
    dictionary. Using these provided values, this method will create a new
    EC2 key-pair and a security group. Security group will be granted permissions
    to access any port on the instantiated VMs. (Also see documentation for the
    BaseAgent class)

    Args:
      parameters  A dictionary of parameters
    """
    keyname = parameters[self.PARAM_KEYNAME]
    group = parameters[self.PARAM_GROUP]

    key_path = '/etc/appscale/keys/cloud1/{0}.key'.format(keyname)
    ssh_key = os.path.abspath(key_path)
    utils.log('About to spawn EC2 instances - ' \
              'Expecting to find a key at {0}'.format(ssh_key))
    if os.path.exists(ssh_key):
      utils.log('SSH keys found in the local system - '
                'Not initializing EC2 security')
      return False

    try:
      conn = self.open_connection(parameters)
      key_pair = conn.get_key_pair(keyname)
      if key_pair is None:
        utils.log('Creating key pair: ' + keyname)
        key_pair = conn.create_key_pair(keyname)
      utils.write_key_file(ssh_key, key_pair.material)

      security_groups = conn.get_all_security_groups()
      group_exists = False
      for security_group in security_groups:
        if security_group.name == group:
          group_exists = True
          break

      if not group_exists:
        utils.log('Creating security group: ' + group)
        conn.create_security_group(group, 'AppScale security group')
        conn.authorize_security_group(group, from_port=1,
          to_port=65535, ip_protocol='udp')
        conn.authorize_security_group(group, from_port=1,
          to_port=65535, ip_protocol='tcp')
        conn.authorize_security_group(group, ip_protocol='icmp',
          cidr_ip='0.0.0.0/0')

      return True
    except EC2ResponseError as exception:
      self.handle_failure('EC2 response error while initializing '
                          'security: ' + exception.error_message)
    except Exception as exception:
      self.handle_failure('Error while initializing EC2 '
                          'security: ' + exception.message)
예제 #4
0
  def configure_instance_security(self, parameters):
    """
    Setup EC2 security keys and groups. Required input values are read from
    the parameters dictionary. More specifically, this method expects to
    find a 'keyname' parameter and a 'group' parameter in the parameters
    dictionary. Using these provided values, this method will create a new
    EC2 key-pair and a security group. Security group will be granted permissions
    to access any port on the instantiated VMs. (Also see documentation for the
    BaseAgent class)

    Args:
      parameters  A dictionary of parameters
    """
    keyname = parameters[self.PARAM_KEYNAME]
    group = parameters[self.PARAM_GROUP]
    ssh_key = os.path.abspath('/etc/appscale/keys/cloud1/{0}.key'.format(keyname))
    utils.log('About to spawn EC2 instances - Expecting to find a key at {0}'.format(ssh_key))
    utils.log(utils.get_obscured_env(['EC2_ACCESS_KEY', 'EC2_SECRET_KEY']))
    if not os.path.exists(ssh_key):
      utils.log('Creating keys/security group')
      ec2_output = ''
      while True:
        ec2_output = utils.shell('{0}-add-keypair {1} 2>&1'.format(self.prefix, keyname))
        if ec2_output.find('BEGIN RSA PRIVATE KEY') != -1:
          break
        utils.log('Trying again. Saw this from {0}-add-keypair: {1}'.format(
          self.prefix, ec2_output))
        utils.shell('{0}-delete-keypair {1} 2>&1'.format(self.prefix, keyname))
      utils.write_key_file(ssh_key, ec2_output)
      utils.shell('{0}-add-group {1} -d appscale 2>&1'.format(self.prefix, group))
      utils.shell('{0}-authorize {1} -p 1-65535 -P udp 2>&1'.format(self.prefix, group))
      utils.shell('{0}-authorize {1} -p 1-65535 -P tcp 2>&1'.format(self.prefix, group))
      utils.shell('{0}-authorize {1} -s 0.0.0.0/0 -P icmp -t -1:-1 2>&1'.format(self.prefix, group))
      return True
    else:
      utils.log('Not creating keys/security group')
      return False
예제 #5
0
    def configure_instance_security(self, parameters):
        """
    Setup EC2 security keys and groups. Required input values are read from
    the parameters dictionary. More specifically, this method expects to
    find a 'keyname' parameter and a 'group' parameter in the parameters
    dictionary. Using these provided values, this method will create a new
    EC2 key-pair and a security group. Security group will be granted permissions
    to access any port on the instantiated VMs. (Also see documentation for the
    BaseAgent class)

    Args:
      parameters  A dictionary of parameters
    """
        keyname = parameters[self.PARAM_KEYNAME]
        group = parameters[self.PARAM_GROUP]

        key_path = '/etc/appscale/keys/cloud1/{0}.key'.format(keyname)
        ssh_key = os.path.abspath(key_path)
        utils.log('About to spawn EC2 instances - ' \
                  'Expecting to find a key at {0}'.format(ssh_key))
        if os.path.exists(ssh_key):
            utils.log('SSH keys found in the local system - '
                      'Not initializing EC2 security')
            return False

        try:
            conn = self.open_connection(parameters)
            key_pair = conn.get_key_pair(keyname)
            if key_pair is None:
                utils.log('Creating key pair: ' + keyname)
                key_pair = conn.create_key_pair(keyname)
            utils.write_key_file(ssh_key, key_pair.material)

            security_groups = conn.get_all_security_groups()
            group_exists = False
            for security_group in security_groups:
                if security_group.name == group:
                    group_exists = True
                    break

            if not group_exists:
                utils.log('Creating security group: ' + group)
                conn.create_security_group(group, 'AppScale security group')
                conn.authorize_security_group(group,
                                              from_port=1,
                                              to_port=65535,
                                              ip_protocol='udp')
                conn.authorize_security_group(group,
                                              from_port=1,
                                              to_port=65535,
                                              ip_protocol='tcp')
                conn.authorize_security_group(group,
                                              ip_protocol='icmp',
                                              cidr_ip='0.0.0.0/0')

            return True
        except EC2ResponseError as exception:
            self.handle_failure('EC2 response error while initializing '
                                'security: ' + exception.error_message)
        except Exception as exception:
            self.handle_failure('Error while initializing EC2 '
                                'security: ' + exception.message)
예제 #6
0
    def configure_instance_security(self, parameters):
        """
    Setup OpenStack security keys and groups. Required input values are 
    read from the parameters dictionary. More specifically, this method 
    expects tofind a 'keyname' parameter and a 'group' parameter in the 
    parameters dictionary. Using these provided values, this method will 
    create a new OpenStack key-pair and a security group. Security group 
    will be granted permissions to access any port on the instantiated 
    VMs. (Also see documentation for the BaseAgent class).

    This method differs from its OpenStack counterpart because in OpenStack 
    the security group definition for icmp must include the port range.

    Args:
      parameters: A dictionary of parameters.
    Returns: 
      False if the SSH keys already exist, True if successful.
    """
        keyname = parameters[self.PARAM_KEYNAME]
        group = parameters[self.PARAM_GROUP]

        key_path = '{}/{}.key'.format(KEY_DIRECTORY, keyname)
        ssh_key = os.path.abspath(key_path)
        utils.log('About to spawn OpenStack instances - ' \
                  'Expecting to find a key at {0}'.format(ssh_key))
        if os.path.exists(ssh_key):
            utils.log('SSH keys found in the local system - '
                      'Not initializing OpenStack security')
            return False

        try:
            conn = self.open_connection(parameters)
            key_pair = conn.get_key_pair(keyname)
            if key_pair is None:
                utils.log('Creating key pair: {0}'.format(keyname))
                key_pair = conn.create_key_pair(keyname)
            utils.write_key_file(ssh_key, key_pair.material)

            security_groups = conn.get_all_security_groups()
            group_exists = False
            for security_group in security_groups:
                if security_group.name == group:
                    group_exists = True
                    break

            if not group_exists:
                utils.log('Creating security group: {0}'.format(group))
                conn.create_security_group(group, 'AppScale security group')
                conn.authorize_security_group(group, from_port=1,\
                  to_port=65535, ip_protocol='udp')
                conn.authorize_security_group(group, from_port=1,\
                  to_port=65535, ip_protocol='tcp')
                #TODO: Check if ec2_agent can be change to include the from_port
                # and the to_port. If yes, remove this method.
                conn.authorize_security_group(group, from_port=-1, to_port=-1, \
                                      ip_protocol='icmp', cidr_ip='0.0.0.0/0')
            return True

        except EC2ResponseError as exception:
            self.handle_failure('OpenStack response error while initializing '
                                'security: {0}'.format(
                                    exception.error_message))
        except Exception as exception:
            self.handle_failure('Error while initializing OpenStack '
                                'security: {0}'.format(exception.message))
예제 #7
0
  def configure_instance_security(self, parameters):
    """
    Setup OpenStack security keys and groups. Required input values are 
    read from the parameters dictionary. More specifically, this method 
    expects tofind a 'keyname' parameter and a 'group' parameter in the 
    parameters dictionary. Using these provided values, this method will 
    create a new OpenStack key-pair and a security group. Security group 
    will be granted permissions to access any port on the instantiated 
    VMs. (Also see documentation for the BaseAgent class).

    This method differs from its OpenStack counterpart because in OpenStack 
    the security group definition for icmp must include the port range.

    Args:
      parameters: A dictionary of parameters.
    Returns: 
      False if the SSH keys already exist, True if successful.
    """
    keyname = parameters[self.PARAM_KEYNAME]
    group = parameters[self.PARAM_GROUP]

    key_path = '{}/{}.key'.format(utils.KEY_DIRECTORY, keyname)
    ssh_key = os.path.abspath(key_path)
    utils.log('About to spawn OpenStack instances - ' \
              'Expecting to find a key at {0}'.format(ssh_key))
    if os.path.exists(ssh_key):
      utils.log('SSH keys found in the local system - '
                'Not initializing OpenStack security')
      return False

    try:
      conn = self.open_connection(parameters)
      key_pair = conn.get_key_pair(keyname)
      if key_pair is None:
        utils.log('Creating key pair: {0}'.format(keyname))
        key_pair = conn.create_key_pair(keyname)
      utils.write_key_file(ssh_key, key_pair.material)

      security_groups = conn.get_all_security_groups()
      group_exists = False
      for security_group in security_groups:
        if security_group.name == group:
          group_exists = True
          break

      if not group_exists:
        utils.log('Creating security group: {0}'.format(group))
        conn.create_security_group(group, 'AppScale security group')
        conn.authorize_security_group(group, from_port=1,\
          to_port=65535, ip_protocol='udp')
        conn.authorize_security_group(group, from_port=1,\
          to_port=65535, ip_protocol='tcp')
        #TODO: Check if ec2_agent can be change to include the from_port
        # and the to_port. If yes, remove this method.
        conn.authorize_security_group(group, from_port=-1, to_port=-1, \
                              ip_protocol='icmp', cidr_ip='0.0.0.0/0')
      return True

    except EC2ResponseError as exception:
      self.handle_failure('OpenStack response error while initializing '
                          'security: {0}'.format(exception.error_message))
    except Exception as exception:
      self.handle_failure('Error while initializing OpenStack '
                          'security: {0}'.format(exception.message))