示例#1
0
    def run(self, values):
        gce_svc = gce_service.GCEService(values.project, None, log)
        instance_config = instance_config_from_values(
            values, mode=INSTANCE_METAVISOR_MODE, cli_config=self.config)
        if values.startup_script:
            extra_items = [{
                'key': 'startup-script',
                'value': values.startup_script
            }]
        else:
            extra_items = None
        brkt_userdata = instance_config.make_userdata()
        metadata = gce_service.gce_metadata_from_userdata(
            brkt_userdata, extra_items=extra_items)
        if not values.verbose:
            logging.getLogger('googleapiclient').setLevel(logging.ERROR)

        if values.instance_name:
            gce_service.validate_image_name(values.instance_name)

        encrypted_instance_id = launch_gce_image.launch(log,
                                gce_svc,
                                values.image,
                                values.instance_name,
                                values.zone,
                                values.delete_boot,
                                values.instance_type,
                                values.network,
                                values.subnetwork,
                                metadata)
        print(encrypted_instance_id)
        return 0
示例#2
0
def do_encryption(gce_svc,
                  enc_svc_cls,
                  zone,
                  encryptor,
                  encryptor_image,
                  instance_name,
                  instance_config,
                  encrypted_image_disk,
                  network,
                  status_port=ENCRYPTOR_STATUS_PORT):
    metadata = gce_metadata_from_userdata(instance_config.make_userdata())
    log.info('Launching encryptor instance')
    gce_svc.run_instance(zone=zone,
                         name=encryptor,
                         image=encryptor_image,
                         network=network,
                         disks=[
                             gce_svc.get_disk(zone, instance_name),
                             gce_svc.get_disk(zone, encrypted_image_disk)
                         ],
                         metadata=metadata)

    try:
        enc_svc = enc_svc_cls([gce_svc.get_instance_ip(encryptor, zone)],
                              port=status_port)
        wait_for_encryptor_up(enc_svc, Deadline(600))
        wait_for_encryption(enc_svc)
    except Exception as e:
        f = gce_svc.write_serial_console_file(zone, encryptor)
        if f:
            log.info('Encryption failed. Writing console to %s' % f)
        raise e
    retry(function=gce_svc.delete_instance,
          on=[httplib.BadStatusLine, socket.error,
              errors.HttpError])(zone, encryptor)
示例#3
0
def do_encryption(gce_svc,
                  enc_svc_cls,
                  zone,
                  encryptor,
                  encryptor_image,
                  instance_name,
                  instance_config,
                  encrypted_image_disk,
                  network,
                  status_port=ENCRYPTOR_STATUS_PORT):
    metadata = gce_metadata_from_userdata(instance_config.make_userdata())
    log.info('Launching encryptor instance')
    gce_svc.run_instance(zone=zone,
                         name=encryptor,
                         image=encryptor_image,
                         network=network,
                         disks=[gce_svc.get_disk(zone, instance_name),
                                gce_svc.get_disk(zone, encrypted_image_disk)],
                         metadata=metadata)

    try:
        enc_svc = enc_svc_cls([gce_svc.get_instance_ip(encryptor, zone)],
                              port=status_port)
        wait_for_encryptor_up(enc_svc, Deadline(600))
        wait_for_encryption(enc_svc)
    except Exception as e:
        f = gce_svc.write_serial_console_file(zone, encryptor)
        if f:
            log.info('Encryption failed. Writing console to %s' % f)
        raise e
    retry(function=gce_svc.delete_instance,
            on=[httplib.BadStatusLine, socket.error, errors.HttpError])(zone, encryptor)
示例#4
0
def command_launch_gce_image(values, log):
    gce_svc = gce_service.GCEService(values.project, None, log)
    brkt_env = brkt_cli.brkt_env_from_values(values)
    instance_config = make_instance_config(values,
                                           brkt_env,
                                           mode=INSTANCE_METAVISOR_MODE)
    if values.startup_script:
        extra_items = [{
            'key': 'startup-script',
            'value': values.startup_script
        }]
    else:
        extra_items = None
    brkt_userdata = instance_config.make_userdata()
    metadata = gce_service.gce_metadata_from_userdata(brkt_userdata,
                                                      extra_items=extra_items)
    if not values.verbose:
        logging.getLogger('googleapiclient').setLevel(logging.ERROR)

    launch_gce_image.launch(log, gce_svc, values.image, values.instance_name,
                            values.zone, values.delete_boot,
                            values.instance_type, metadata)
    return 0
示例#5
0
def command_launch_gce_image(values, log):
    gce_svc = gce_service.GCEService(values.project, None, log)
    brkt_env = brkt_cli.brkt_env_from_values(values)
    instance_config = make_instance_config(values, brkt_env,
                                           mode=INSTANCE_METAVISOR_MODE)
    if values.startup_script:
        extra_items = [{'key': 'startup-script', 'value': values.startup_script}]
    else:
        extra_items = None
    brkt_userdata = instance_config.make_userdata()
    metadata = gce_service.gce_metadata_from_userdata(brkt_userdata,
                                                      extra_items=extra_items)
    if not values.verbose:
        logging.getLogger('googleapiclient').setLevel(logging.ERROR)

    launch_gce_image.launch(log,
                            gce_svc,
                            values.image,
                            values.instance_name,
                            values.zone,
                            values.delete_boot,
                            values.instance_type,
                            metadata)
    return 0
示例#6
0
def update_gce_image(gce_svc, enc_svc_cls, image_id, encryptor_image,
                     encrypted_image_name, zone, instance_config,
                     keep_encryptor=False, image_file=None,
                     image_bucket=None, network=None,
                     status_port=ENCRYPTOR_STATUS_PORT):
    snap_created = None
    try:
        # create image from file in GCS bucket
        log.info('Retrieving encryptor image from GCS bucket')
        if not encryptor_image:
            encryptor_image = gce_svc.get_latest_encryptor_image(zone,
                image_bucket, image_file=image_file)
        else:
            # Keep user provided encryptor image
            keep_encryptor = True

        instance_name = 'brkt-updater-' + gce_svc.get_session_id()
        updater = instance_name + '-metavisor'
        encrypted_image_disk = instance_name + '-guest'

        # Create disk from encrypted guest snapshot. This disk
        # won't be altered. It will be re-snapshotted and paired
        # with the new encryptor image.
        gce_svc.disk_from_snapshot(zone, image_id, encrypted_image_disk)
        gce_svc.wait_for_disk(zone, encrypted_image_disk)
        log.info("Creating snapshot of encrypted image disk")
        gce_svc.create_snapshot(zone, encrypted_image_disk, encrypted_image_name)
        snap_created = True

        log.info("Launching encrypted updater")
        instance_config.brkt_config['solo_mode'] = 'updater'
        user_data = gce_metadata_from_userdata(instance_config.make_userdata())
        gce_svc.run_instance(zone,
                             updater,
                             encryptor_image,
                             network=network,
                             disks=[],
                             metadata=user_data)
        enc_svc = enc_svc_cls([gce_svc.get_instance_ip(updater, zone)],
                              port=status_port)

        # wait for updater to finish and guest root disk
        wait_for_encryptor_up(enc_svc, Deadline(600))
        try:
            wait_for_encryption(enc_svc)
        except:
            raise

        # delete updater instance
        log.info('Deleting updater instance')
        gce_svc.delete_instance(zone, updater)

        # wait for updater root disk
        gce_svc.wait_for_detach(zone, updater)

        # create image from mv root disk and snapshot
        # encrypted guest root disk
        log.info("Creating updated metavisor image")
        gce_svc.create_gce_image_from_disk(zone, encrypted_image_name, updater)
        gce_svc.wait_image(encrypted_image_name)
        gce_svc.wait_snapshot(encrypted_image_name)
    except:
        f = gce_svc.write_serial_console_file(zone, updater)
        if f:
            log.info('Update failed. Writing console to %s' % f)
        log.info("Update failed. Cleaning up")
        if snap_created:
            gce_svc.delete_snapshot(encrypted_image_name)
        gce_svc.cleanup(zone, encryptor_image, keep_encryptor)
        raise
    finally:
        gce_svc.cleanup(zone, encryptor_image, keep_encryptor)
    return encrypted_image_name
示例#7
0
def update_gce_image(gce_svc,
                     enc_svc_cls,
                     image_id,
                     encryptor_image,
                     encrypted_image_name,
                     zone,
                     instance_config,
                     keep_encryptor=False,
                     image_file=None,
                     image_bucket=None,
                     network=None,
                     status_port=ENCRYPTOR_STATUS_PORT):
    snap_created = None
    try:
        # create image from file in GCS bucket
        log.info('Retrieving encryptor image from GCS bucket')
        if not encryptor_image:
            encryptor_image = gce_svc.get_latest_encryptor_image(
                zone, image_bucket, image_file=image_file)
        else:
            # Keep user provided encryptor image
            keep_encryptor = True

        instance_name = 'brkt-updater-' + gce_svc.get_session_id()
        updater = instance_name + '-metavisor'
        encrypted_image_disk = instance_name + '-guest'

        # Create disk from encrypted guest snapshot. This disk
        # won't be altered. It will be re-snapshotted and paired
        # with the new encryptor image.
        gce_svc.disk_from_snapshot(zone, image_id, encrypted_image_disk)
        gce_svc.wait_for_disk(zone, encrypted_image_disk)
        log.info("Creating snapshot of encrypted image disk")
        gce_svc.create_snapshot(zone, encrypted_image_disk,
                                encrypted_image_name)
        snap_created = True

        log.info("Launching encrypted updater")
        instance_config.brkt_config['solo_mode'] = 'updater'
        user_data = gce_metadata_from_userdata(instance_config.make_userdata())
        gce_svc.run_instance(zone,
                             updater,
                             encryptor_image,
                             network=network,
                             disks=[],
                             metadata=user_data)
        enc_svc = enc_svc_cls([gce_svc.get_instance_ip(updater, zone)],
                              port=status_port)

        # wait for updater to finish and guest root disk
        wait_for_encryptor_up(enc_svc, Deadline(600))
        try:
            wait_for_encryption(enc_svc)
        except:
            raise

        # delete updater instance
        log.info('Deleting updater instance')
        gce_svc.delete_instance(zone, updater)

        # wait for updater root disk
        gce_svc.wait_for_detach(zone, updater)

        # create image from mv root disk and snapshot
        # encrypted guest root disk
        log.info("Creating updated metavisor image")
        gce_svc.create_gce_image_from_disk(zone, encrypted_image_name, updater)
        gce_svc.wait_image(encrypted_image_name)
        gce_svc.wait_snapshot(encrypted_image_name)
    except:
        f = gce_svc.write_serial_console_file(zone, updater)
        if f:
            log.info('Update failed. Writing console to %s' % f)
        log.info("Update failed. Cleaning up")
        if snap_created:
            gce_svc.delete_snapshot(encrypted_image_name)
        gce_svc.cleanup(zone, encryptor_image, keep_encryptor)
        raise
    finally:
        gce_svc.cleanup(zone, encryptor_image, keep_encryptor)
    return encrypted_image_name