def get_instance_sec_group(vpc_id):
grp_details = ec2.get_all_security_groups(
filters={
'vpc_id': vpc_id,
'tag:play': args.play
}
)
if len(grp_details) < 1:
#
# try scheme for non-cloudformation builds
#
grp_details = ec2.get_all_security_groups(
filters={
'tag:play': args.play,
'tag:environment': args.environment,
'tag:deployment': args.deployment}
)
if len(grp_details) < 1:
sys.stderr.write("ERROR: Expected atleast one security group, got {}\n".format(
len(grp_details)))
return grp_details[0].id
def get_instance_sec_group(vpc_id):
grp_details = ec2.get_all_security_groups(filters={
'vpc_id': vpc_id,
'tag:play': args.play
})
if len(grp_details) < 1:
#
# try scheme for non-cloudformation builds
#
grp_details = ec2.get_all_security_groups(
filters={
'tag:play': args.play,
'tag:environment': args.environment,
'tag:deployment': args.deployment
})
if len(grp_details) < 1:
sys.stderr.write(
"ERROR: Expected atleast one security group, got {}\n".format(
len(grp_details)))
return grp_details[0].id
def security_group(name, description):
try:
group = ec2.get_all_security_groups(groupnames=[name])[0]
except boto.exception.EC2ResponseError:
group = None
if group is None:
ec2.create_security_group(name, description)
group = ec2.get_all_security_groups(groupnames=[name])[0]
return group
def get_security_groups(self, group_ids=None):
if group_ids is None:
group_ids = []
if not isinstance(group_ids, list):
group_ids = [group_ids]
ec2 = self.connect_ec2()
try:
groups = ec2.get_all_security_groups(group_ids=group_ids)
except boto.exception.EC2ResponseError as e:
raise GroupNotFoundException(e.message)
result = []
for group in groups:
# Skip the group if it's the wrong kind
if self.account.vpc_enabled and not group.vpc_id:
continue
if not self.account.vpc_enabled and group.vpc_id:
continue
rules = self.get_rules_list(group.rules)
rules_egress = self.get_rules_list(group.rules_egress)
result.append(SecurityGroup(
group.name,
group.description,
group.id,
group.vpc_id,
rules,
rules_egress,
))
return result
def main():
argument_spec = ec2_argument_spec()
argument_spec.update(
dict(
name=dict(required=True),
description=dict(required=True),
vpc_id=dict(),
rules=dict(),
rules_egress=dict(),
state=dict(default='present', choices=['present', 'absent']),
purge_rules=dict(default=True, required=False, type='bool'),
purge_rules_egress=dict(default=True, required=False, type='bool'),
))
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
if not HAS_BOTO:
module.fail_json(msg='boto required for this module')
name = module.params['name']
description = module.params['description']
vpc_id = module.params['vpc_id']
rules = module.params['rules']
rules_egress = module.params['rules_egress']
state = module.params.get('state')
purge_rules = module.params['purge_rules']
purge_rules_egress = module.params['purge_rules_egress']
changed = False
ec2 = ec2_connect(module)
# find the group if present
group = None
groups = {}
for curGroup in ec2.get_all_security_groups():
groups[curGroup.id] = curGroup
groups[curGroup.name] = curGroup
if curGroup.name == name and (vpc_id is None
or curGroup.vpc_id == vpc_id):
group = curGroup
# Ensure requested group is absent
if state == 'absent':
if group:
'''found a match, delete it'''
try:
group.delete()
except Exception, e:
module.fail_json(
msg="Unable to delete security group '%s' - %s" %
(group, e))
else:
group = None
changed = True
else:
'''no match found, no changes required'''
def edit(group_id, ec2=None, rds=None):
security_groups = ec2.get_all_security_groups(group_ids=[group_id])
if len(security_groups) == 0:
return "Missing security groups"
security_group = security_groups[0]
for rule in security_group.rules:
grants_with_cidrs = []
for grant in rule.grants:
if grant.cidr_ip:
ttl = rds.get(GRANT_KEY_FORMULA.format(security_group_id=group_id, protocol=rule.ip_protocol, from_port=rule.from_port, to_port=rule.to_port, cidr=grant.cidr_ip))
if ttl is None or ttl == 0:
grant.time_left = ttl
else:
grant.time_left = int(float(ttl) - time.time())
grants_with_cidrs.append(grant)
rule.grants = grants_with_cidrs
if 'X-Forwarded-For' in request.headers:
ip = request.headers['X-Forwarded-For']
else:
ip = request.remote_addr
return render_template('edit.html', ip=ip, security_group=security_group)
def get_security_groups(self, group_ids=None):
if group_ids is None:
group_ids = []
if not isinstance(group_ids, list):
group_ids = [group_ids]
ec2 = self.connect_ec2()
try:
groups = ec2.get_all_security_groups(group_ids=group_ids)
except boto.exception.EC2ResponseError as e:
raise GroupNotFoundException(e.message)
result = []
for group in groups:
# Skip the group if it's the wrong kind
if self.account.vpc_enabled and not group.vpc_id:
continue
if not self.account.vpc_enabled and group.vpc_id:
continue
rules = self.get_rules_list(group.rules)
rules_egress = self.get_rules_list(group.rules_egress)
result.append(
SecurityGroup(
group.name,
group.description,
group.id,
group.vpc_id,
rules,
rules_egress,
))
return result
def createSG(ec2, name, rules):
"""
Create a new SecurityGroup
"""
# check if the security group exists
group = None
sgGroups = [sg for sg in ec2.get_all_security_groups() if sg.name == name]
if sgGroups:
group = sgGroups[0]
ec2.delete_security_group(name=name, group_id=group)
print "Creating %s Security Group" % name
group = ec2.create_security_group(name, 'group for %s' % name)
if group:
# Set the inbound rules
for rule in rules:
if rule.src_group_name:
group.authorize(ip_protocol=rule.ip_protocol,
from_port=rule.from_port,
to_port=rule.to_port,
cidr_ip=rule.cidr_ip,
src_group=group)
else:
group.authorize(ip_protocol=rule.ip_protocol,
from_port=rule.from_port,
to_port=rule.to_port,
cidr_ip=rule.cidr_ip,
src_group=None)
return True
else:
logError('Error during ' + name + ' Security Group update')
return False
def get_cluster_state(ec2):
try:
groups = ec2.get_all_security_groups(groupnames=["@sc-%s" % config['CLUSTER_NAME']])
except boto.exception.EC2ResponseError:
return "stopped"
assert len(groups) > 0
return "running"
def _get_security_group_id_abort_on_error(name):
ec2 = boto.ec2.connect_to_region(env.ec2_region)
for security_group in ec2.get_all_security_groups():
if security_group.name == name and \
security_group.vpc_id == env.ec2_vpc_id:
return security_group.id
abort('Unable to get id for "%s" security group. '
'Did you create it yet?' % name)
def get_instance_sec_group(vpc_id):
grp_details = ec2.get_all_security_groups(filters={"vpc_id": vpc_id, "tag:play": args.play})
if len(grp_details) < 1:
sys.stderr.write("ERROR: Expected atleast one security group, got {}\n".format(len(grp_details)))
return grp_details[0].id
def main():
argument_spec = ec2_argument_spec()
argument_spec.update(dict(
name=dict(required=True),
description=dict(required=True),
vpc_id=dict(),
rules=dict(),
rules_egress=dict(),
state = dict(default='present', choices=['present', 'absent']),
purge_rules=dict(default=True, required=False, type='bool'),
purge_rules_egress=dict(default=True, required=False, type='bool'),
)
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
if not HAS_BOTO:
module.fail_json(msg='boto required for this module')
name = module.params['name']
description = module.params['description']
vpc_id = module.params['vpc_id']
rules = module.params['rules']
rules_egress = module.params['rules_egress']
state = module.params.get('state')
purge_rules = module.params['purge_rules']
purge_rules_egress = module.params['purge_rules_egress']
changed = False
ec2 = ec2_connect(module)
# find the group if present
group = None
groups = {}
for curGroup in ec2.get_all_security_groups():
groups[curGroup.id] = curGroup
groups[curGroup.name] = curGroup
if curGroup.name == name and (vpc_id is None or curGroup.vpc_id == vpc_id):
group = curGroup
# Ensure requested group is absent
if state == 'absent':
if group:
'''found a match, delete it'''
try:
group.delete()
except Exception, e:
module.fail_json(msg="Unable to delete security group '%s' - %s" % (group, e))
else:
group = None
changed = True
else:
'''no match found, no changes required'''
def security_group_salt():
groups = ec2.get_all_security_groups()
for group in groups:
if group.name == DEMO_SECURITY_GROUP:
for i in range(1, DEMO_MINIONS+1):
group.authorize('tcp', 4505, 4506, hosts[i].private_ip_address + '/32')
return;
def revoque_from_security_group(
ip_protocol="tcp", region="us-west-2", name=None, from_port=None, to_port=None, cidr_ip=None
):
"""
Revoque cidr_ip access to a certain security group
"""
ec2 = boto.ec2.connect_to_region(region)
group = ec2.get_all_security_groups(groupnames=[name])[0]
return group.revoke(ip_protocol=ip_protocol, from_port=from_port, to_port=to_port, cidr_ip=cidr_ip)
def get_security_groups(region):
# EC2 security groups
sg_info = []
ec2 = boto.ec2.connect_to_region(region)
groups = ec2.get_all_security_groups()
for group in groups:
for rule in group.rules:
for grant in rule.grants:
sg_info.append(config_line(region + " ec2:security_group", group.name, str(rule), str(grant)))
return sorted(sg_info)
def create_security_group(group_name="mqlibtest"):
"""
Instances are pretty locked down by default. We can assign them to
security groups to give access rights. This group allows us to access
our instances over SSH
"""
ec2 = boto.ec2.connect_to_region(AWS_REGION)
for g in ec2.get_all_security_groups():
if g.name == group_name:
return # We already have this group setup
group = ec2.create_security_group(group_name, "MQLib SSH access group")
group.authorize("tcp", 22, 22, "0.0.0.0/0") # SSH is on port 22, all IPs
print "Created new security group"
def get_instance_sec_group(vpc_id):
grp_details = ec2.get_all_security_groups(filters={
'vpc_id': vpc_id,
'tag:play': args.play
})
if len(grp_details) < 1:
sys.stderr.write(
"ERROR: Expected atleast one security group, got {}\n".format(
len(grp_details)))
return grp_details[0].id
def get_or_create_security_group(region ,group_name):
"""
Search by group_name, if doesn't exits, it is created
"""
try:
ec2 = boto.ec2.connect_to_region(region)
group = ec2.get_all_security_groups(groupnames=[group_name])[0]
except ec2.ResponseError, e:
if e.code == 'InvalidGroup.NotFound':
group = ec2.create_security_group(
group_name, 'group {} for region {}'.format(group_name, region))
else:
raise
def create_security_group(group_name="mqlibtest"):
"""
Instances are pretty locked down by default. We can assign them to
security groups to give access rights. This group allows us to access
our instances over SSH
"""
ec2 = boto.ec2.connect_to_region(AWS_REGION)
for g in ec2.get_all_security_groups():
if g.name == group_name:
return # We already have this group setup
group = ec2.create_security_group(
group_name, "MQLib SSH access group")
group.authorize("tcp", 22, 22, "0.0.0.0/0") # SSH is on port 22, all IPs
print "Created new security group"
def get_security_group(security_group):
"""
Find security group by name or id
:type security_group: str
:rtype: boto.ec2.securitygroup.SecurityGroup
"""
ec2 = boto.ec2.connect_to_region(region)
rs = ec2.get_all_security_groups()
for sg in rs:
if sg.name == security_group:
return sg
if sg.id == security_group:
return sg
return None
def create_database(name):
prep_paths(env.ssh_directory, env.deploy_directory)
print(_green("Started creating database {}...".format(name)))
print(_yellow("...Creating RDS instance..."))
ec2 = connect_to_ec2()
rds = connect_to_rds()
try:
# key = conn.get_all_key_pairs(keynames=[env.aws_ssh_key_name])[0]
group = ec2.get_all_security_groups(groupnames=[env.aws_rds_security_group_name])[0] # noqa
except ec2.ResponseError, e:
setup_aws_account()
def get_security_groups(region):
# EC2 security groups
sg_info = []
ec2 = boto.ec2.connect_to_region(region,
aws_access_key_id=assume_role.credentials.access_key,
aws_secret_access_key=assume_role.credentials.secret_key,
security_token=assume_role.credentials.session_token)
groups = ec2.get_all_security_groups()
for group in groups:
for rule in group.rules:
for grant in rule.grants:
sg_info.append(config_line(region + " ec2:security_group", group.name, str(rule), str(grant)))
return sorted(sg_info)
def security_group_ssh():
# If the demo security group exists, purge so it's known to be clean.
groups = ec2.get_all_security_groups()
for group in groups:
if group.name == DEMO_SECURITY_GROUP:
ec2.delete_security_group(DEMO_SECURITY_GROUP)
# create new security group opening up ssh and tomcat7 ports
group = ec2.create_security_group(DEMO_SECURITY_GROUP, 'Security group for demonstration')
my_cidr = get_external_ip() + '/32'
group.authorize('tcp', 22, 22, my_cidr)
group.authorize('tcp', 8080, 8080, my_cidr)
return;
def get_security_group(security_group):
"""
Find security group by name or id
:type security_group: str
:rtype: boto.ec2.securitygroup.SecurityGroup
"""
ec2 = boto.ec2.connect_to_region(region)
rs = ec2.get_all_security_groups()
for sg in rs:
if sg.name == security_group:
return sg
if sg.id == security_group:
return sg
return None
def get_default_opsworks_security_groups(self):
"""
Return default OpsWorks security groups
:rtype: list of boto.ec2.securitygroup.SecurityGroup
"""
def filter_opsworks(sg):
"""
:type sg: boto.ec2.securitygroup.SecurityGroup
:rtype: bool
"""
return sg.name.startswith('AWS-OpsWorks-')
ec2 = boto.ec2.connect_to_region(region)
return filter(filter_opsworks, ec2.get_all_security_groups())
def revoke(ec2=None, rds=None):
security_group_id, protocol, cidr, from_port, to_port = request.args.get('security_group_id'), request.args.get('protocol'), request.args.get('cidr'), request.args.get('from_port'), request.args.get('to_port')
security_groups = ec2.get_all_security_groups(group_ids=[security_group_id])
if len(security_groups) == 0:
return "Security group not found"
security_group = security_groups[0]
if _revoke(rds, security_group, protocol, from_port, to_port, cidr):
return redirect("/edit/" + security_group_id)
else:
return "An error occurred"
def get_or_create_security_group(region, group_name):
"""
Search by group_name, if doesn't exits, it is created
"""
try:
ec2 = boto.ec2.connect_to_region(region)
group = ec2.get_all_security_groups(groupnames=[group_name])[0]
except ec2.ResponseError, e:
if e.code == 'InvalidGroup.NotFound':
group = ec2.create_security_group(
group_name,
'group {} for region {}'.format(group_name, region))
else:
raise
def create_security_group(group_name):
"""
Instances are pretty locked down by default. We can assign them to
security groups to give access rights.
"""
ec2 = boto.ec2.connect_to_region(AWS_REGION)
for g in ec2.get_all_security_groups():
if g.name == group_name:
return # We already have this group setup
group = ec2.create_security_group(group_name,
"%s SSH access group" % group_name)
group.authorize("tcp", 22, 22, "0.0.0.0/0") # SSH is on port 22, all IPs
group.authorize("tcp", 80, 80, "0.0.0.0/0")
group.authorize("tcp", 61000, 65000, "0.0.0.0/0")
print "Created new security group"
def revoque_from_security_group(ip_protocol='tcp',
region='us-west-2',
name=None,
from_port=None,
to_port=None,
cidr_ip=None):
"""
Authorize cidr_ip access to a certain security group
"""
ec2 = boto.ec2.connect_to_region(region)
group = ec2.get_all_security_groups(groupnames=[name])[0]
return group.authorize(ip_protocol=ip_protocol,
from_port=from_port,
to_port=to_port,
cidr_ip=cidr_ip)
def create_security_rule(ec2,vpc,group,protocol,start,end,cidr):
# Check to see if specified security group already exists.
# If we get an InvalidGroup.NotFound error back from EC2,
# it means that it doesn't exist and we need to create it.
print 'Creating security rule %s:%s[%s,%s]->%s'%(group,protocol,start,end,cidr)
try:
ec2_group = ec2.get_all_security_groups(groupnames=[group])[0]
except ec2.ResponseError, e:
if e.code == 'InvalidGroup.NotFound':
print 'Creating Security Group: %s' % group
# Create a security group to control access to instance via SSH.
ec2_group = ec2.create_security_group(group, group, vpc_id=vpc)
else:
raise
def get_default_opsworks_security_groups(self):
"""
Return default OpsWorks security groups
:rtype: list of boto.ec2.securitygroup.SecurityGroup
"""
def filter_opsworks(sg):
"""
:type sg: boto.ec2.securitygroup.SecurityGroup
:rtype: bool
"""
return sg.name.startswith('AWS-OpsWorks-')
ec2 = boto.ec2.connect_to_region(region)
return filter(filter_opsworks, ec2.get_all_security_groups())
def create_database(name):
prep_paths(env.ssh_directory, env.deploy_directory)
print(_green("Started creating database {}...".format(name)))
print(_yellow("...Creating RDS instance..."))
ec2 = connect_to_ec2()
rds = connect_to_rds()
try:
# key = conn.get_all_key_pairs(keynames=[env.aws_ssh_key_name])[0]
group = ec2.get_all_security_groups(
groupnames=[env.aws_rds_security_group_name])[0] # noqa
except ec2.ResponseError, e:
setup_aws_account()
def get_security_groups(self, group_ids=[]): # NOQA
if not isinstance(group_ids, list):
group_ids = [group_ids]
ec2 = self.connect_ec2()
groups = ec2.get_all_security_groups(group_ids=group_ids)
result = {}
for group in groups:
if self.obj.vpc_enabled and not group.vpc_id:
continue
if not self.obj.vpc_enabled and group.vpc_id:
continue
rules_ingress, rules_egress = [], []
group_rules = [(0, r) for r in group.rules] + \
[(1, r) for r in group.rules_egress]
for rule_type, rule in group_rules:
for grant in rule.grants:
if grant.cidr_ip:
rule_string = grant.cidr_ip
elif grant.name:
rule_string = '{0.owner_id}:{0.name}'.format(grant)
else:
rule_string = None
d = {
'protocol': rule.ip_protocol,
'from_port': rule.from_port,
'to_port': rule.to_port,
'rule': rule_string,
}
if rule_type == 0:
rules_ingress.append(d)
else:
rules_egress.append(d)
result[group.name] = {
'group_id': group.id,
'name': group.name,
'description': group.description,
'rules': rules_ingress,
'rules_egress': rules_egress,
'vpc_id': group.vpc_id,
}
return result
def get_security_groups(region):
# EC2 security groups
sg_info = []
ec2 = boto.ec2.connect_to_region(
region,
aws_access_key_id=assume_role.credentials.access_key,
aws_secret_access_key=assume_role.credentials.secret_key,
security_token=assume_role.credentials.session_token)
groups = ec2.get_all_security_groups()
for group in groups:
for rule in group.rules:
for grant in rule.grants:
sg_info.append(
config_line(region + " ec2:security_group", group.name,
str(rule), str(grant)))
return sorted(sg_info)
def get_instance_sec_group(vpc_id, security_group):
security_group_id = None
grp_details = ec2.get_all_security_groups(filters={'vpc_id': vpc_id})
for grp in grp_details:
if grp.name == security_group:
security_group_id = grp.id
break
if not security_group_id:
print "Unable to lookup id for security group {}".format(
security_group)
sys.exit(1)
return security_group_id
def ec2run_completers(self, event):
cmd_param = event.line.split()
if event.line.endswith(' '):
cmd_param.append('')
arg = cmd_param.pop()
arg = cmd_param.pop()
if arg in ('-t', '--instance-type'):
return [
'm1.small', 'm1.large', 'm1.xlarge', 'c1.medium', 'c1.xlarge',
'm2.xlarge', 'm2.2xlarge', 'm2.4xlarge', 'cc1.4xlarge', 't1.micro'
]
elif arg in ('-k', '--keys'):
return [k.name for k in ec2.get_all_key_pairs()]
elif arg in ('-n', '--instance-count'):
return ['1', '1-'] # just examples really
elif arg in ('-g', '--group'):
return [g.name for g in ec2.get_all_security_groups()]
elif arg in ('-d', '--user-data'):
return []
elif arg in ('-f', '--user-data-file'):
return [] # TODO hook normal file complete
elif arg in ('-z', '--availability-zone'):
return [z.name for z in ec2.get_all_zones()]
elif arg in ('--instance-initiated-shutdown-behavior'):
return ['stop', 'terminate']
elif arg in ('--placement-group'):
return [g.name for g in ec2.get_all_placement_groups()]
elif arg in ('--private-ip-address'):
return []
elif arg in ('--kernel'):
return [] # TODO
elif arg in ('--ramdisk'):
return [] # TODO
elif arg in ('--subnet'):
return [] # TODO
else:
params = ec2run_parameters[:]
# drop from params any already used
for c in cmd_param:
o = ec2run_parser.get_option(c)
if o:
for v in o._short_opts + o._long_opts:
if v in params: params.remove(v)
return params + ami.keys()
def authorize(ec2=None, rds=None):
security_group_id, protocol, cidr, from_port, to_port, duration = request.form['security_group_id'], request.form['protocol'], request.form['cidr'], int(request.form['from_port']), int(request.form['to_port']), int(request.form['duration'])
cidr_fixed = fix_cidr(cidr)
security_groups = ec2.get_all_security_groups(group_ids=[security_group_id])
if len(security_groups) == 0:
return "Security group not found"
security_group = security_groups[0]
if security_group.authorize(ip_protocol=protocol, from_port=from_port, to_port=to_port, cidr_ip=cidr_fixed):
grant_key = GRANT_KEY_FORMULA.format(security_group_id=security_group_id, protocol=protocol, from_port=from_port, to_port=to_port, cidr=cidr_fixed)
rds.set(grant_key, str(time.time() + duration))
return redirect("/edit/" + security_group_id)
else:
return "An error occurred"
def __init__(self, boto, account_info): """Initialize with a reference to the boto module (so adding this class doesn't break existing code that already calls boto) and the account info that will be connected to. """ ec2 = boto.connect_ec2(account_info[0], account_info[1]) self.reservations = ec2.get_all_instances() self.groups = ec2.get_all_security_groups() self.instances = all_instances(ec2) self.by_instance_id = dict() self.by_private_ip = dict() self.by_private_dns_name = dict() self.by_public_ip = dict() self.by_public_dns_name = dict() self._build_instance_id_map() self._build_private_ip_map() self._build_private_dns_name_map() self._build_public_ip_map() self._build_public_dns_name_map()
def ec2run_completers(self, event):
cmd_param = event.line.split()
if event.line.endswith(' '):
cmd_param.append('')
arg = cmd_param.pop()
arg = cmd_param.pop()
if arg in ('-t', '--instance-type'):
return ['m1.small', 'm1.large', 'm1.xlarge', 'c1.medium', 'c1.xlarge', 'm2.xlarge', 'm2.2xlarge', 'm2.4xlarge', 'cc1.4xlarge', 't1.micro']
elif arg in ('-k', '--keys'):
return [k.name for k in ec2.get_all_key_pairs()]
elif arg in ('-n', '--instance-count'):
return ['1', '1-'] # just examples really
elif arg in ('-g', '--group'):
return [g.name for g in ec2.get_all_security_groups()]
elif arg in ('-d', '--user-data'):
return []
elif arg in ('-f', '--user-data-file'):
return [] # TODO hook normal file complete
elif arg in ('-z', '--availability-zone'):
return [z.name for z in ec2.get_all_zones()]
elif arg in ('--instance-initiated-shutdown-behavior'):
return ['stop', 'terminate']
elif arg in ('--placement-group'):
return [g.name for g in ec2.get_all_placement_groups()]
elif arg in ('--private-ip-address'):
return []
elif arg in ('--kernel'):
return [] # TODO
elif arg in ('--ramdisk'):
return [] # TODO
elif arg in ('--subnet'):
return [] # TODO
else:
params = ec2run_parameters[:]
# drop from params any already used
for c in cmd_param:
o = ec2run_parser.get_option(c)
if o:
for v in o._short_opts + o._long_opts:
if v in params: params.remove(v)
return params + ami.keys()
def auto_vpn(ami=ami,
instance_type=instance_type,
key_name=keyname,
group_name="vpn_2",
ssh_port="22",
vpn_port="1194",
cidr="0.0.0.0/0",
tag="auto_vpn",
user_data=None):
ec2 = conn_region
try:
group = ec2.get_all_security_groups(groupnames=[group_name])[0]
except ec2.ResponseError, e:
if e.code == 'InvalidGroup.NotFound':
group = ec2.create_security_group(
group_name, 'A group that allows VPN access')
else:
raise
def auto_vpn(ami=ami,
instance_type=instance_type,
key_name=keyname,
group_name="vpn_2",
ssh_port="22",
vpn_port="1194",
cidr="0.0.0.0/0",
tag="auto_vpn",
user_data=None):
ec2 = conn_region
try:
group = ec2.get_all_security_groups(groupnames=[group_name])[0]
except ec2.ResponseError, e:
if e.code == 'InvalidGroup.NotFound':
group = ec2.create_security_group(group_name,
'A group that allows VPN access')
else:
raise
def get_instance_sec_group(vpc_id, security_group):
security_group_id = None
grp_details = ec2.get_all_security_groups(
filters={
'vpc_id':vpc_id
}
)
for grp in grp_details:
if grp.name == security_group:
security_group_id = grp.id
break
if not security_group_id:
print "Unable to lookup id for security group {}".format(
security_group)
sys.exit(1)
return security_group_id
def createSG(ec2,name,rules):
"""
Create a new SecurityGroup
"""
# check if the security group exists
group = None
sgGroups = [sg for sg in ec2.get_all_security_groups() if sg.name == name]
if sgGroups:
group = sgGroups[0]
ec2.delete_security_group(name=name, group_id=group)
print "Creating %s Security Group" % name
group = ec2.create_security_group(name, 'group for %s' % name)
if group:
# Set the inbound rules
for rule in rules:
if rule.src_group_name:
group.authorize(ip_protocol=rule.ip_protocol,from_port=rule.from_port,to_port=rule.to_port,cidr_ip=rule.cidr_ip,src_group=group)
else:
group.authorize(ip_protocol=rule.ip_protocol,from_port=rule.from_port,to_port=rule.to_port,cidr_ip=rule.cidr_ip,src_group=None)
return True
else:
logError('Error during '+name+' Security Group update')
return False
def clean_security_rules(ec2_region=defaults.EC2_REGION, group_name='myucsc'):
# Create a connection to EC2 service.
# You can pass credentials in to the connect_ec2 method explicitly
# or you can use the default credentials in your ~/.boto config file
# as we are doing here.
#ec2 = boto.connect_ec2()
ec2 = boto.ec2.connect_to_region(ec2_region)
group = ec2.get_all_security_groups(groupnames=[group_name])[0]
print "Revoking "
print vars(group)
for rule in group.rules:
print vars(rule)
print 'Rule protocol %s' % rule.ip_protocol
print 'Rule from port %s' % rule.from_port
print 'Rule to port %s' % rule.to_port
print 'Rule cidr %s' % rule.grants[0]
group.revoke(ip_protocol=rule.ip_protocol,
from_port=rule.from_port,
to_port=rule.to_port,
cidr_ip=rule.grants[0])
def create_instances(module, ec2, vpc, override_count=None):
"""
Creates new instances
module : AnsibleModule object
ec2: authenticated ec2 connection object
Returns:
A list of dictionaries with instance information
about the instances that were launched
"""
key_name = module.params.get('key_name')
id = module.params.get('id')
group_name = module.params.get('group')
group_id = module.params.get('group_id')
zone = module.params.get('zone')
instance_type = module.params.get('instance_type')
tenancy = module.params.get('tenancy')
spot_price = module.params.get('spot_price')
spot_type = module.params.get('spot_type')
image = module.params.get('image')
if override_count:
count = override_count
else:
count = module.params.get('count')
monitoring = module.params.get('monitoring')
kernel = module.params.get('kernel')
ramdisk = module.params.get('ramdisk')
wait = module.params.get('wait')
wait_timeout = int(module.params.get('wait_timeout'))
spot_wait_timeout = int(module.params.get('spot_wait_timeout'))
placement_group = module.params.get('placement_group')
user_data = module.params.get('user_data')
instance_tags = module.params.get('instance_tags')
vpc_subnet_id = module.params.get('vpc_subnet_id')
assign_public_ip = module.boolean(module.params.get('assign_public_ip'))
private_ip = module.params.get('private_ip')
instance_profile_name = module.params.get('instance_profile_name')
volumes = module.params.get('volumes')
ebs_optimized = module.params.get('ebs_optimized')
exact_count = module.params.get('exact_count')
count_tag = module.params.get('count_tag')
source_dest_check = module.boolean(module.params.get('source_dest_check'))
termination_protection = module.boolean(module.params.get('termination_protection'))
# group_id and group_name are exclusive of each other
if group_id and group_name:
module.fail_json(msg = str("Use only one type of parameter (group_name) or (group_id)"))
vpc_id = None
if vpc_subnet_id:
if not vpc:
module.fail_json(msg="region must be specified")
else:
vpc_id = vpc.get_all_subnets(subnet_ids=[vpc_subnet_id])[0].vpc_id
else:
vpc_id = None
try:
# Here we try to lookup the group id from the security group name - if group is set.
if group_name:
if vpc_id:
grp_details = ec2.get_all_security_groups(filters={'vpc_id': vpc_id})
else:
grp_details = ec2.get_all_security_groups()
if isinstance(group_name, basestring):
group_name = [group_name]
group_id = [ str(grp.id) for grp in grp_details if str(grp.name) in group_name ]
# Now we try to lookup the group id testing if group exists.
elif group_id:
#wrap the group_id in a list if it's not one already
if isinstance(group_id, basestring):
group_id = [group_id]
grp_details = ec2.get_all_security_groups(group_ids=group_id)
group_name = [grp_item.name for grp_item in grp_details]
except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg = str(e))
def main():
argument_spec = ec2_argument_spec()
argument_spec.update(
dict(
name=dict(),
group_id=dict(),
description=dict(),
vpc_id=dict(),
rules=dict(type='list'),
rules_egress=dict(type='list'),
state=dict(default='present',
type='str',
choices=['present', 'absent']),
purge_rules=dict(default=True, required=False, type='bool'),
purge_rules_egress=dict(default=True, required=False, type='bool'),
))
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_one_of=[['name', 'group_id']],
required_if=[['state', 'present', ['name']]],
)
if not HAS_BOTO:
module.fail_json(msg='boto required for this module')
name = module.params['name']
group_id = module.params['group_id']
description = module.params['description']
vpc_id = module.params['vpc_id']
rules = deduplicate_rules_args(
rules_expand_sources(rules_expand_ports(module.params['rules'])))
rules_egress = deduplicate_rules_args(
rules_expand_sources(rules_expand_ports(
module.params['rules_egress'])))
state = module.params.get('state')
purge_rules = module.params['purge_rules']
purge_rules_egress = module.params['purge_rules_egress']
if state == 'present' and not description:
module.fail_json(msg='Must provide description when state is present.')
changed = False
ec2 = ec2_connect(module)
# find the group if present
group = None
groups = {}
try:
security_groups = ec2.get_all_security_groups()
except BotoServerError as e:
module.fail_json(msg="Error in get_all_security_groups: %s" %
e.message,
exception=traceback.format_exc())
for curGroup in security_groups:
groups[curGroup.id] = curGroup
if curGroup.name in groups:
# Prioritise groups from the current VPC
if vpc_id is None or curGroup.vpc_id == vpc_id:
groups[curGroup.name] = curGroup
else:
groups[curGroup.name] = curGroup
if group_id:
if curGroup.id == group_id:
group = curGroup
else:
if curGroup.name == name and (vpc_id is None
or curGroup.vpc_id == vpc_id):
group = curGroup
# Ensure requested group is absent
if state == 'absent':
if group:
# found a match, delete it
try:
if not module.check_mode:
group.delete()
except BotoServerError as e:
module.fail_json(
msg="Unable to delete security group '%s' - %s" %
(group, e.message),
exception=traceback.format_exc())
else:
group = None
changed = True
else:
# no match found, no changes required
pass
# Ensure requested group is present
elif state == 'present':
if group:
# existing group
if group.description != description:
module.fail_json(
msg=
"Group description does not match existing group. ec2_group does not support this case."
)
# if the group doesn't exist, create it now
else:
# no match found, create it
if not module.check_mode:
group = ec2.create_security_group(name,
description,
vpc_id=vpc_id)
# When a group is created, an egress_rule ALLOW ALL
# to 0.0.0.0/0 is added automatically but it's not
# reflected in the object returned by the AWS API
# call. We re-read the group for getting an updated object
# amazon sometimes takes a couple seconds to update the security group so wait till it exists
while len(
ec2.get_all_security_groups(
filters={'group_id': group.id})) == 0:
time.sleep(0.1)
group = ec2.get_all_security_groups(group_ids=(group.id, ))[0]
changed = True
else:
module.fail_json(msg="Unsupported state requested: %s" % state)
# create a lookup for all existing rules on the group
if group:
# Manage ingress rules
groupRules = {}
addRulesToLookup(group.rules, 'in', groupRules)
# Now, go through all provided rules and ensure they are there.
if rules is not None:
for rule in rules:
validate_rule(module, rule)
group_id, ip, target_group_created = get_target_from_rule(
module, ec2, rule, name, group, groups, vpc_id)
if target_group_created:
changed = True
if rule['proto'] in ('all', '-1', -1):
rule['proto'] = -1
rule['from_port'] = None
rule['to_port'] = None
# Convert ip to list we can iterate over
if not isinstance(ip, list):
ip = [ip]
# If rule already exists, don't later delete it
for thisip in ip:
ruleId = make_rule_key('in', rule, group_id, thisip)
if ruleId not in groupRules:
grantGroup = None
if group_id:
grantGroup = groups[group_id]
if not module.check_mode:
group.authorize(rule['proto'], rule['from_port'],
rule['to_port'], thisip,
grantGroup)
changed = True
else:
del groupRules[ruleId]
# Finally, remove anything left in the groupRules -- these will be defunct rules
if purge_rules:
for (rule, grant) in groupRules.values():
grantGroup = None
if grant.group_id:
if grant.owner_id != group.owner_id:
# this is a foreign Security Group. Since you can't fetch it you must create an instance of it
group_instance = SecurityGroup(owner_id=grant.owner_id,
name=grant.name,
id=grant.group_id)
groups[grant.group_id] = group_instance
groups[grant.name] = group_instance
grantGroup = groups[grant.group_id]
if not module.check_mode:
group.revoke(rule.ip_protocol, rule.from_port,
rule.to_port, grant.cidr_ip, grantGroup)
changed = True
# Manage egress rules
groupRules = {}
addRulesToLookup(group.rules_egress, 'out', groupRules)
# Now, go through all provided rules and ensure they are there.
if rules_egress is not None:
for rule in rules_egress:
validate_rule(module, rule)
group_id, ip, target_group_created = get_target_from_rule(
module, ec2, rule, name, group, groups, vpc_id)
if target_group_created:
changed = True
if rule['proto'] in ('all', '-1', -1):
rule['proto'] = -1
rule['from_port'] = None
rule['to_port'] = None
# Convert ip to list we can iterate over
if not isinstance(ip, list):
ip = [ip]
# If rule already exists, don't later delete it
for thisip in ip:
ruleId = make_rule_key('out', rule, group_id, thisip)
if ruleId in groupRules:
del groupRules[ruleId]
# Otherwise, add new rule
else:
grantGroup = None
if group_id:
grantGroup = groups[group_id].id
if not module.check_mode:
ec2.authorize_security_group_egress(
group_id=group.id,
ip_protocol=rule['proto'],
from_port=rule['from_port'],
to_port=rule['to_port'],
src_group_id=grantGroup,
cidr_ip=thisip)
changed = True
else:
# when no egress rules are specified,
# we add in a default allow all out rule, which was the
# default behavior before egress rules were added
default_egress_rule = 'out--1-None-None-None-0.0.0.0/0'
if default_egress_rule not in groupRules:
if not module.check_mode:
ec2.authorize_security_group_egress(group_id=group.id,
ip_protocol=-1,
from_port=None,
to_port=None,
src_group_id=None,
cidr_ip='0.0.0.0/0')
changed = True
else:
# make sure the default egress rule is not removed
del groupRules[default_egress_rule]
# Finally, remove anything left in the groupRules -- these will be defunct rules
if purge_rules_egress:
for (rule, grant) in groupRules.values():
grantGroup = None
if grant.group_id:
grantGroup = groups[grant.group_id].id
if not module.check_mode:
ec2.revoke_security_group_egress(
group_id=group.id,
ip_protocol=rule.ip_protocol,
from_port=rule.from_port,
to_port=rule.to_port,
src_group_id=grantGroup,
cidr_ip=grant.cidr_ip)
changed = True
if group:
module.exit_json(changed=changed, group_id=group.id)
else:
module.exit_json(changed=changed, group_id=None)
def create_instance_args():
"""
Looks up security group, subnet
and returns arguments to pass into
ec2.run_instances() including
user data
"""
security_group_id = None
grp_details = ec2.get_all_security_groups()
for grp in grp_details:
if grp.name == args.security_group:
security_group_id = grp.id
break
if not security_group_id:
print "Unable to lookup id for security group {}".format(
args.security_group)
sys.exit(1)
vpc = VPCConnection()
subnet = vpc.get_all_subnets(
filters={
'tag:aws:cloudformation:stack-name': stack_name,
'tag:Application': args.application}
)
if len(subnet) != 1:
sys.stderr.write("ERROR: Expected 1 admin subnet, got {}\n".format(
len(subnet)))
sys.exit(1)
subnet_id = subnet[0].id
if args.identity:
config_secure = 'true'
with open(args.identity) as f:
identity_file = f.read()
else:
config_secure = 'false'
identity_file = "dummy"
user_data = """#!/bin/bash
set -x
set -e
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
base_dir="/var/tmp/edx-cfg"
extra_vars="$base_dir/extra-vars-$$.yml"
secure_identity="$base_dir/secure-identity"
git_ssh="$base_dir/git_ssh.sh"
configuration_version="{configuration_version}"
configuration_secure_version="{configuration_secure_version}"
environment="{environment}"
deployment="{deployment}"
play="{play}"
config_secure={config_secure}
secure_vars_file="$base_dir/configuration-secure\\
/ansible/vars/$environment/$environment-$deployment.yml"
instance_id=\\
$(curl http://169.254.169.254/latest/meta-data/instance-id 2>/dev/null)
instance_ip=\\
$(curl http://169.254.169.254/latest/meta-data/local-ipv4 2>/dev/null)
instance_type=\\
$(curl http://169.254.169.254/latest/meta-data/instance-type 2>/dev/null)
playbook_dir="$base_dir/configuration/playbooks/edx-east"
git_repo="https://github.com/edx/configuration"
git_repo_secure="[email protected]:edx/configuration-secure"
if $config_secure; then
git_cmd="env GIT_SSH=$git_ssh git"
else
git_cmd="git"
fi
ANSIBLE_ENABLE_SQS=true
SQS_NAME={queue_name}
SQS_REGION=us-east-1
SQS_MSG_PREFIX="[ $instance_id $instance_ip $environment-$deployment $play ]"
PYTHONUNBUFFERED=1
# environment for ansible
export ANSIBLE_ENABLE_SQS SQS_NAME SQS_REGION SQS_MSG_PREFIX PYTHONUNBUFFERED
if [[ ! -x /usr/bin/git || ! -x /usr/bin/pip ]]; then
echo "Installing pkg dependencies"
/usr/bin/apt-get update
/usr/bin/apt-get install -y git python-pip python-apt \\
git-core build-essential python-dev libxml2-dev \\
libxslt-dev curl --force-yes
fi
rm -rf $base_dir
mkdir -p $base_dir
cd $base_dir
cat << EOF > $git_ssh
#!/bin/sh
exec /usr/bin/ssh -o StrictHostKeyChecking=no -i "$secure_identity" "\$@"
EOF
chmod 755 $git_ssh
if $config_secure; then
cat << EOF > $secure_identity
{identity_file}
EOF
fi
cat << EOF >> $extra_vars
{extra_vars_yml}
secure_vars: $secure_vars_file
EOF
chmod 400 $secure_identity
$git_cmd clone -b $configuration_version $git_repo
if $config_secure; then
$git_cmd clone -b $configuration_secure_version \\
$git_repo_secure
fi
cd $base_dir/configuration
sudo pip install -r requirements.txt
cd $playbook_dir
ansible-playbook -vvvv -c local -i "localhost," $play.yml -e@$extra_vars
rm -rf $base_dir
""".format(
configuration_version=args.configuration_version,
configuration_secure_version=args.configuration_secure_version,
environment=args.environment,
deployment=args.deployment,
play=args.play,
config_secure=config_secure,
identity_file=identity_file,
queue_name=run_id,
extra_vars_yml=extra_vars_yml)
ec2_args = {
'security_group_ids': [security_group_id],
'subnet_id': subnet_id,
'key_name': args.keypair,
'image_id': args.base_ami,
'instance_type': args.instance_type,
'instance_profile_name': args.role_name,
'user_data': user_data,
}
return ec2_args
def _lookup_security_group_ids(ec2, names):
if not names:
return None
return [x.id for x in ec2.get_all_security_groups(filters={'group_name': names})]
if not os.path.isdir(key_dir):
os.mkdir(key_dir, 0700)
# AWS will store the public key but the private key is
# generated and returned and needs to be stored locally.
# The save method will also chmod the file to protect
# your private key.
key.save(key_dir)
else:
raise
# Check to see if specified security group already exists.
# If we get an InvalidGroup.NotFound error back from EC2,
# it means that it doesn't exist and we need to create it.
try:
group = ec2.get_all_security_groups(groupnames=[aws_cfg["group_name"]])[0]
except ec2.ResponseError, e:
if e.code == 'InvalidGroup.NotFound':
print 'Creating Security Group: %s' % aws_cfg["group_name"]
# Create a security group to control access to instance via SSH.
group = ec2.create_security_group(aws_cfg["group_name"],
'A group that allows SSH access')
else:
raise
# Add a rule to the security group to authorize SSH traffic
# on the specified port.
for port in ["80", aws_cfg["ssh_port"]]:
try:
group.authorize('tcp', port, port, "0.0.0.0/0")
except ec2.ResponseError, e:
if group.description != description:
if group_in_use:
module.fail_json(msg="Group description does not match, but it is in use so cannot be changed.")
# if the group doesn't exist, create it now
else:
'''no match found, create it'''
if not module.check_mode:
group = ec2.create_security_group(name, description, vpc_id=vpc_id)
# When a group is created, an egress_rule ALLOW ALL
# to 0.0.0.0/0 is added automatically but it's not
# reflected in the object returned by the AWS API
# call. We re-read the group for getting an updated object
# amazon sometimes takes a couple seconds to update the security group so wait till it exists
while len(ec2.get_all_security_groups(filters={ 'group_id': group.id, })) == 0:
time.sleep(0.1)
group = ec2.get_all_security_groups(group_ids=(group.id,))[0]
changed = True
else:
module.fail_json(msg="Unsupported state requested: %s" % state)
# create a lookup for all existing rules on the group
if group:
# Manage ingress rules
groupRules = {}
addRulesToLookup(group.rules, 'in', groupRules)
# Now, go through all provided rules and ensure they are there.
except ec2.ResponseError, e:
if e.code == 'InvalidKeyPair.NotFound':
print 'Creating keypair: %s' % key_name
# Create an SSH key to use when logging into instances.
key = ec2.create_key_pair(key_name)
# AWS will store the public key but the private key is
# generated and returned and needs to be stored locally.
# The save method will also chmod the file to protect # your private key.
key.save(key_dir)
else:
raise
# Check to see if specified security group already exists.
# If we get an InvalidGroup.NotFound error back from EC2,
# it means that it doesn't exist and we need to create it.
try:
group = ec2.get_all_security_groups(groupnames=[group_name])[0]
except ec2.ResponseError, e:
if e.code == 'InvalidGroup.NotFound':
print 'Creating Security Group: %s' % group_name
# Create a security group to control access to instance via SSH.
group = ec2.create_security_group(
group_name, 'A group that allows SSH access')
else:
raise
# Add a rule to the security group to authorize SSH traffic
# on the specified port.
try:
group.authorize('tcp', ssh_port, ssh_port, cidr)
except ec2.ResponseError, e:
if e.code == 'InvalidPermission.Duplicate':
# Create an SSH key to use when logging into instances.
key = ec2.create_key_pair(env.aws_ssh_key_name)
# AWS will store the public key but the private key is
# generated and returned and needs to be stored locally.
# The save method will also chmod the file to protect
# your private key.
key.save(directory_path=env.ssh_directory)
else:
raise
# Check to see if specified security group already exists.
# If we get an InvalidGroup.NotFound error back from EC2,
# it means that it doesn't exist and we need to create it.
try:
ec2_group = ec2.get_all_security_groups(
groupnames=[env.aws_ec2_security_group_name])[0] # noqa
except ec2.ResponseError, e:
if e.code == 'InvalidGroup.NotFound':
print 'Creating EC2 Security Group: %s' % env.aws_ec2_security_group_name
# Create a security group to control access to instance via SSH.
ec2_group = ec2.create_security_group(
env.aws_ec2_security_group_name,
'A group that allows SSH and HTTP access')
else:
raise
# Add a rule to the security group to authorize SSH traffic
# on the specified port.
for port in ["80", env.aws_ssh_port]:
try:
ec2_group.authorize('tcp', port, port, "0.0.0.0/0")
import config
import socket
# TODO better exception handling in completers
# TODO handle spaces in tags (completion)
# TODO autogenerate ec2run docstring
ip = IPython.ipapi.get()
region = getattr(config, 'DEFAULT_REGION', 'us-east-1')
creds = dict(aws_access_key_id=config.AWS_ACCESS_KEY_ID,
aws_secret_access_key=config.AWS_SECRET_ACCESS_KEY)
ec2 = boto.ec2.connect_to_region(region, **creds)
ip.user_ns['ec2'] = ec2
# Find out our user id - query for a security group
sg = ec2.get_all_security_groups()[0]
owner_id = sg.owner_id
######################################################
# Helper functions
######################################################
re_allowed_chars = re.compile(r'[^a-z0-9_]+')
def to_slug(n):
n = n.lower()
n = re_allowed_chars.sub('_', n)
return n
log = logging.getLogger('botocross')
bc.configure_logging(log, args.log_level)
credentials = bc.parse_credentials(args)
regions = bc.filter_regions(boto.ec2.regions(), args.region)
# execute business logic
groupname = args.name if args.name else ""
group_id = args.id if args.id else ""
log.info("Deleting EC2 security groups '" + groupname + group_id + "':")
groupnames = [args.name] if args.name else None
group_ids = [args.id] if args.id else None
for region in regions:
pprint(region.name, indent=2)
try:
ec2 = boto.connect_ec2(region=region, **credentials)
groups = ec2.get_all_security_groups(groupnames=groupnames,
group_ids=group_ids)
for group in groups:
num_instances = " with " + str(len(
group.instances())) + " instances assigned" if len(
group.instances()) else ""
if group.instances() and not args.force:
print 'NOT deleting security group ' + group.name + "(" + group.id + ")" + num_instances + " (use --force to override)"
else:
print 'Deleting security group ' + group.name + "(" + group.id + ")" + num_instances
ec2.delete_security_group(name=args.name, group_id=args.id)
except boto.exception.BotoServerError, e:
log.error(e.error_message)
def deploy():
ec2 = boto.ec2.connect_to_region('us-east-1',
aws_access_key_id='',
aws_secret_access_key='')
ec2_key_pair = ec2.get_key_pair("key_pair")
print ec2_key_pair
if ec2_key_pair == None:
ec2_key_pair = ec2.create_key_pair("key_pair")
ec2_key_pair.save(".")
group = ec2.get_all_security_groups(filters={'group-name': 'group'})
if not group:
group = ec2.create_security_group("csc326-groupg326-2-006",
"a group for ec2")
group.authorize("icmp", -1, -1, "0.0.0.0/0")
group.authorize("tcp", 22, 22, "0.0.0.0/0")
group.authorize("tcp", 80, 80, "0.0.0.0/0")
group.authorize('tcp', 8080, 8080, '0.0.0.0/0')
else:
group = group[0]
instances = ec2.get_only_instances()
runninginstances = [i for i in instances if i.state == 'running']
instance = None
if not instances or (instances and not runninginstances):
instances = ec2.run_instances(
image_id='ami-8caa1ce4',
key_name='key_pair',
security_groups=['csc326-groupg326-2-006'],
instance_type='t1.micro')
instances = instances.instances[0]
else:
instances = instances[0]
instance = instances
print "Waiting for instance to be ready to run.."
while instance.update() != 'running':
time.sleep(10)
print "Instance is ready and running"
os.system("ssh -i key_pair.pem ubuntu@%s sudo apt-get update" %
(instance.ip_address))
os.system(
"ssh -i key_pair.pem ubuntu@%s sudo apt-get install -y python-pip" %
(instance.ip_address))
os.system("ssh -i key_pair.pem ubuntu@%s sudo pip install bottle" %
(instance.ip_address))
os.system("ssh -i key_pair.pem ubuntu@%s sudo pip install beaker" %
(instance.ip_address))
os.system(
"ssh -i key_pair.pem ubuntu@%s sudo pip install google-api-python-client"
% (instance.ip_address))
os.system("ssh -i key_pair.pem ubuntu@%s sudo pip install oauth2client" %
(instance.ip_address))
os.system("ssh -i key_pair.pem ubuntu@%s sudo pip install BeautifulSoup4" %
(instance.ip_address))
os.system("ssh -i key_pair.pem ubuntu@%s sudo pip install BeautifulSoup4" %
(instance.ip_address))
os.system("ssh -i key_pair.pem ubuntu@%s mkdir app" %
(instance.ip_address))
os.system("scp -i key_pair.pem ~/RandomSearch/Lab2/* ubuntu@%s:~/app" %
(instance.ip_address))
os.system(
"ssh -i key_pair.pem ubuntu@%s sudo nohup python app/frontEnd.py" %
(instance.ip_address))
#elasticIPaddr = ec2.allocate_address()
#elasticIPaddr.associate(instance.id)
return instance.ip_address
"us-east-1": "ami-1b135e72",
"us-west-1": "ami-1cf1db59",
"us-west-2": "ami-f8ec70c8"
}
image_id = regionToAMIs[region_name]
print(u"Connecting to EC2 in region %s" % region_name)
ec2 = boto.ec2.connect_to_region(region_name=region_name,
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key)
print(u"Establishing security group voodoovpn")
voodoovpngroup_name = u'voodoovpn'
matching_security_groups = [
sg for sg in ec2.get_all_security_groups()
if sg.name == voodoovpngroup_name
]
if len(matching_security_groups) > 0:
print(u"Found security group voodoovpn")
voodoovpngroup = matching_security_groups[0]
else:
print(u"Creating security group voodoovpn")
voodoovpngroup = ec2.create_security_group(voodoovpngroup_name,
'Voodoo VPN access')
voodoovpngroup.authorize('tcp', 500, 500, '0.0.0.0/0')
voodoovpngroup.authorize('udp', 500, 500, '0.0.0.0/0')
voodoovpngroup.authorize('udp', 4500, 4500, '0.0.0.0/0')
if key_name is not None:
# open an ssh port, if we provided an ssh key
voodoovpngroup.authorize('tcp', 22, 22, '0.0.0.0/0')
import boto
import boto.ec2
import sys
import subprocess
account=['vid', 'lmn']
for acc in account:
if acc == "vid":
AK="AKIAIFVGUARTUV6HPHTQ"
SAK="2nYqGL7ehSMkugZX3gl/TtMofQ+PzKKHhTE/uynE"
f = open('/home/akohale/arpit/unused_SG/vid', 'w')
sys.stdout = f
else:
AK="AKIAJGCNJXKN7NPIQSOQ"
SAK="n/QbNZpu8kwnP98u8PjYHX8rCEjsDl/BYcPk6Fa5"
f=open('/home/akohale/arpit/unused_SG/lmn', 'w')
sys.stdout = f
REGION=['eu-west-1','sa-east-1','us-east-1','ap-northeast-1','us-west-1','us-west-2','ap-southeast-1','ap-southeast-2']
for EC2_REGION in REGION:
ec2region = boto.ec2.get_region(EC2_REGION)
ec2 = boto.connect_ec2(region=ec2region, aws_access_key_id=AK, aws_secret_access_key=SAK)
sgs = ec2.get_all_security_groups()
print "========== %s-REGION=%s=========" % (acc, EC2_REGION)
for sg in sgs:
if len(sg.instances()) == 0:
print ("{0}\t{1}\t{2} instances".format(sg.id, sg.name, len(sg.instances())))
def send_message(recipient, subject, body):
process = subprocess.Popen(['mail', '-s', subject, '-a', '/home/akohale/arpit/unused_SG/lmn', '-a', '/home/akohale/arpit/unused_SG/vid', recipient],stdin=subprocess.PIPE)
process.communicate(body)
send_message ('*****@*****.**', 'Test_mail', 'Hello')
def launch_spot_instance(id,
profile,
spot_wait_sleep=5,
instance_wait_sleep=3):
ec2 = boto.ec2.connect_to_region(profile['region'])
if not 'key_pair' in profile:
print('key pair {0} does not exist'.format(profile['key_pair'][0]))
profile['key_pair'] = ('KP-' + id, 'KP-' + id + '.pem')
try:
print >> sys.stderr, 'Creating key pair...',
keypair = ec2.create_key_pair('KP-' + id)
keypair.save('.')
print >> sys.stderr, 'created'
except boto.exception.EC2ResponseError as e:
if e.code == 'InvalidKeyPair.Duplicate':
print >> sys.stderr, 'already exists'
else:
raise e
if not 'security_group' in profile:
try:
print >> sys.stderr, 'Creating security group...',
sc = ec2.create_security_group('SG-' + id,
'Security Group for ' + id)
for proto, fromport, toport, ip in profile['firewall']:
sc.authorize(proto, fromport, toport, ip)
profile['security_group'] = (sc.id, sc.name)
print >> sys.stderr, 'created'
except boto.exception.EC2ResponseError as e:
if e.code == 'InvalidGroup.Duplicate':
print >> sys.stderr, 'already exists'
sc = ec2.get_all_security_groups(groupnames=['SG-' + id])[0]
profile['security_group'] = (sc.id, sc.name)
else:
raise e
existing_requests = ec2.get_all_spot_instance_requests(
filters={
'launch.group-id': profile['security_group'][0],
'state': ['open', 'active']
})
if existing_requests:
if len(existing_requests) > 1:
raise Exception('Too many existing spot requests')
print >> sys.stderr, 'Reusing existing spot request'
spot_req_id = existing_requests[0].id
else:
bdm = boto.ec2.blockdevicemapping.BlockDeviceMapping()
bdm['/dev/sda1'] = boto.ec2.blockdevicemapping.BlockDeviceType(
volume_type='gp2',
size=profile['disk_size'],
delete_on_termination=profile['disk_delete_on_termination'])
bdm['/dev/sdb'] = boto.ec2.blockdevicemapping.BlockDeviceType(
ephemeral_name='ephemeral0')
print >> sys.stderr, 'Requesting spot instance'
spot_reqs = ec2.request_spot_instances(
price=profile['price'],
image_id=profile['image_id'],
instance_type=profile['type'],
placement=profile['region'] + profile['availability_zone'],
security_groups=[profile['security_group'][1]],
key_name=profile['key_pair'][0],
block_device_map=bdm,
instance_profile_arn=
'arn:aws:iam::720533437540:instance-profile/ec2_ml')
spot_req_id = spot_reqs[0].id
print >> sys.stderr, 'Waiting for launch',
instance_id = None
spot_tag_added = False
while not instance_id:
spot_req = ec2.get_all_spot_instance_requests(
request_ids=[spot_req_id])[0]
if not spot_tag_added:
spot_req.add_tag('Name', id)
spot_tag_added = True
if spot_req.state == 'failed':
# print(dir(spot_req))
raise Exception('spto request failed')
print('Spot request failed - {0}'.format(spot_req.status))
sys.exit(0)
instance_id = spot_req.instance_id
if not instance_id:
print >> sys.stderr, '.',
time.sleep(spot_wait_sleep)
print >> sys.stderr
print >> sys.stderr, 'Retrieving instance by id'
reservations = ec2.get_all_instances(instance_ids=[instance_id])
instance = reservations[0].instances[0]
instance.add_tag('Name', id)
print >> sys.stderr, 'Got instance: ' + str(
instance.id) + ' [' + instance.state + ']'
print >> sys.stderr, 'Waiting for instance to boot',
while not instance.state in ['running', 'terminated', 'shutting-down']:
print >> sys.stderr, '.',
time.sleep(instance_wait_sleep)
instance.update()
print >> sys.stderr
if instance.state != 'running':
raise Exception('Instance was terminated')
return instance
