def create_subnet(self, **kwargs):
""" create a subnet """
zone_name = kwargs.get('zone_name', {})
subnet_cidr = kwargs.get('subnet_cidr', {})
subnet_cidrv6 = kwargs.get('subnet_cidrv6', {})
subnet_type = kwargs.get('subnet_type', {})
try:
if self.ipv6 is True:
subnet = self.ec2_resource.create_subnet(
VpcId=self.vpc_id,
AvailabilityZone=zone_name,
CidrBlock=subnet_cidr,
Ipv6CidrBlock=subnet_cidrv6)
else:
subnet = self.ec2_resource.create_subnet(
VpcId=self.vpc_id,
AvailabilityZone=zone_name,
CidrBlock=subnet_cidr)
except Exception as err:
critical('Unable to create the subnet, error {}'.format(err))
return None
spin_message(
message='Waiting {} seconds for the subnet to become available.'.
format(WAIT_TIMER),
seconds=WAIT_TIMER)
self.subnet_id = subnet.id
set_tag(obj=subnet, tag=self.tag + '-' + zone_name + '-' + subnet_type)
return subnet.id
def _wait_for_it(cls, **kwargs):
""" spinner with wait information """
action = kwargs.get('action', 'unknown')
spin_message(
message='Waiting {} seconds for the instance to {}.'.format(WAIT_INSTANCE, action),
seconds=WAIT_INSTANCE
)
def _create_sec_groups(self):
""" create the security groups and make sure to remove the default egress rule
by default there is no igress rule
"""
sec_groups = {}
# create all security groups and make sure the default egress rule is removed
for sec_group in self.sec_cfg['security_groups']:
# if there is no description then create on based on the security group name
try:
description = self.sec_cfg[sec_group]['description']
except Exception:
description = sec_group
print('\t\tCreating security group {}'.format(sec_group))
try:
sec_group_resource = self.ec2_resource.create_security_group(
GroupName=sec_group,
Description=description,
VpcId=self.vpc_id)
except Exception as err:
critical('Unable to create security group {}, error {}'.format(
sec_group, err))
return None
spin_message(
message=
'Waiting {} seconds for the new security group to become available.'
.format(WAIT_SEC_GROUP),
seconds=WAIT_SEC_GROUP)
# remove the default outbound rule, hardcoded by AWS
if sec_group_resource:
sec_groups[sec_group] = sec_group_resource.group_id
try:
sec_group_resource.revoke_egress(IpPermissions=[{
'IpProtocol':
'-1',
'IpRanges': [{
'CidrIp': '0.0.0.0/0'
}],
}], )
sec_group_resource.revoke_egress(IpPermissions=[{
'IpProtocol':
'-1',
'Ipv6Ranges': [{
'CidrIpv6': '::/0'
}],
}], )
except Exception as err:
warning('Unable to revoke_egress, default rule, error {}'.
format(err))
set_tag(obj=sec_group_resource, tag=sec_group)
return sec_groups
def create(self):
""" create a VPC, check if we need to setup IPv6 """
try:
self.vpc = self.ec2_resource.create_vpc(
CidrBlock=self.cidr, AmazonProvidedIpv6CidrBlock=self.ipv6)
except Exception as err:
critical('Unable to create the VPC. Error: {}'.format(err))
return None
spin_message(
message='Waiting {} seconds for the VPC to become available.'.
format(WAIT_TIMER),
seconds=WAIT_TIMER)
self.vpc_id = self.vpc.id
set_tag(obj=self.vpc, tag=self.tag)
self._set_dns_options()
return self.vpc
def create_internet_gateway(self):
""" create a internet gateway """
try:
self.internet_gateway = self.ec2_resource.create_internet_gateway()
except Exception as err:
critical(
'Unable to create the internet gateway, error {}'.format(err))
return None
spin_message(
message=
'Waiting {} seconds for the internet gateway to become available.'.
format(WAIT_TIMER),
seconds=WAIT_TIMER)
self.internet_gateway_id = self.internet_gateway.id
set_tag(obj=self.internet_gateway, tag=self.tag)
return self.internet_gateway_id
def _create_route_table(self, **kwargs):
""" create a routing table """
route_table_tag = kwargs.get('tag', {})
try:
route_table = self.ec2_resource.create_route_table(
VpcId=self.vpc_id)
except Exception as err:
critical('Unable to create the route, error {}'.format(err))
return None
spin_message(
message=
'Waiting {} seconds for the routing table to become available.'.
format(WAIT_TIMER),
seconds=WAIT_TIMER)
set_tag(obj=route_table, tag=route_table_tag)
return route_table
def create_eip(self, **kwargs):
""" allocate an public IP """
tag = kwargs.get('tag', {})
try:
ip_info = self.ec2_client.allocate_address(Domain='vpc')
except Exception as err:
critical('Unable allocate_address, ignored, error {}'.format(err))
return None
# need to for the ip to be come available!
spin_message(
message='Waiting {} seconds for the EIP to become available.'.
format(WAIT_TIMER),
seconds=WAIT_TIMER)
set_tag_client(ec2_client=self.ec2_client,
resource_id=ip_info['AllocationId'],
tag=tag)
return ip_info['AllocationId']
def create_volume(self, **kwargs):
""" create a volume in the given zone and given size """
volume_size = int(kwargs.get('volume_size', {}))
volume_zone = kwargs.get('volume_zone', {})
volume_tag = kwargs.get('volume_tag', {})
try:
volume = self.ec2_resource.create_volume(
Size=volume_size,
AvailabilityZone=volume_zone,
)
except Exception as err:
critical('Unable to create_volume, error {}'.format(err))
return None
spin_message(
message='Waiting {} seconds for the volume to become available.'.
format(WAIT_TIMER),
seconds=WAIT_TIMER)
self.volume_id = volume.id
set_tag(obj=volume, tag=volume_tag)
return volume
def create_nat_gateway(self, **kwargs):
""" create a internet gateway """
eip_id = kwargs.get('eip_id', {})
tag = kwargs.get('tag', {})
subnet_id = kwargs.get('subnet_id', {})
try:
nat_gateway = self.ec2_client.create_nat_gateway(
AllocationId=eip_id, SubnetId=subnet_id)
except Exception as err:
critical('Unable to create the internet nat, error {}'.format(err))
return None
spin_message(
message='Waiting {} seconds for the NAT gateway to become available.'
.format(WAIT_TIMER),
seconds=WAIT_TIMER)
nat_gateway_id = nat_gateway['NatGateway']['NatGatewayId']
set_tag_client(ec2_client=self.ec2_client,
resource_id=nat_gateway_id,
tag=tag)
return nat_gateway_id
def modify(self, **kwargs):
""" - if a new security group, then add to the 'new' list
- if a security group no longer is both in the yaml and vpc,
then add to the 'delete' list
- if group exist in both the yaml and vpc,
then add to the 'modify' list
- remove all ingress and egress rules from 'modify' list
but exclude the exclude_list
- delete groups if delete_old was set to true (delete list)
- create the new groups (new list)
- add ingress and egress rules to groups in the 'new' and
'modify' list
"""
modify_group_list = []
new_group_list = []
delete_group_list = {}
exclude_list = []
vpc_id = kwargs.get('vpc_id', {})
delete_old = kwargs.get('delete_old', False)
if not vpc_id:
vpc_id = self.vpc_id
# current security groups
sec_groups_names = self.get(vpc_id=vpc_id)
# create the new, modify and delete lists
for in_config in self.sec_cfg['security_groups']:
if in_config not in sec_groups_names:
print('New Security Group {} has been tagged to be created!'.
format(in_config))
new_group_list.append(in_config)
if in_config in sec_groups_names:
print(
'Modify Security Group {} has been tagged to be modified!'.
format(in_config))
modify_group_list.append(in_config)
for curr_group in sec_groups_names:
if curr_group not in self.sec_cfg and curr_group != 'default':
print('Remove Security Group {} has been tagged to be removed is {}!'.\
format(curr_group, delete_old))
if delete_old:
delete_group_list[curr_group] = sec_groups_names[
curr_group]
else:
exclude_list.append(curr_group)
# destoy all ingress and egress rules
if self.destroy(delete_group=False, exclude_group=exclude_list):
spin_message(
message='Waiting {} seconds for the rules to be deleted.'.
format(WAIT_SEC_GROUP),
seconds=WAIT_SEC_GROUP)
# create the new group
for new_group in new_group_list:
self._create_sec_group(
sec_group=new_group,
description=self.sec_cfg[new_group]['description'])
# delete the group now there are empty and delete was requested
if delete_old:
for delete_group in delete_group_list:
self._delete_security_group(
sec_id=delete_group_list[delete_group])
# add all rules back to the groups
spin_message(
message=
'Waiting {} seconds for the new security group to become available.'
.format(WAIT_SEC_GROUP),
seconds=WAIT_SEC_GROUP)
return self.create(modify=True)
