def _tag(self, tagname, default=None): tags = self.tags() if tags.has_key(tagname): return tags[tagname] logger.warn("Unable to retrieve tag %s for instance %s, returning %s instead" % (tagname, self.id(), default)) return default
def list(self, all_credentials, node_predicate = all_nodes): nodes = [] for boto_instance in [i for i in self.connection_provider.get_all_boto_instances(self.public_api_key, self.private_api_key) if i.state == 'running']: if boto_instance.tags.has_key('env_def_name'): aws_security = AWSSecurity(self.connection_provider.ec2_connection_for_region(boto_instance.region.name, self.public_api_key, self.private_api_key), self._security_group_name(boto_instance.tags['env_def_name'], boto_instance.tags['env_name'])) aws_node = AWSRunningNode(boto_instance, aws_security) if node_predicate(aws_node): nodes.append(aws_node) else: logger.warn( "Unable to find env_def_name for %s:%s, will not be included in listing in state %s" % (boto_instance.id, boto_instance.region, boto_instance.state)) return nodes
def open_ports(self, service_name, connectivity): """ Uses Amazon security groups to open ports either to the world or to other services security groups service_name: the name of the service that we want to open ports for connectivity: the connectivity information for the given service - ports: a list of ports that are needed for the service to work - expects either an integer [80, 81] or a range [ 50-59, 65-70 ] - allowed: a list of services that have access to this service Note: WORLD is a special case that allows everybody to access the port - protocol: one of 'tcp', 'udp' or 'icmp' Method assumes that the security groups will all exist before it is called """ security_group_name = self._get_sec_group_name(service_name) cur_group = self._get_security_group(security_group_name) sources = [] for allowed in connectivity.allowed: if allowed == 'WORLD': sources.append('0.0.0.0/0') elif re.search("^(\d{1,3}\.){3}\d{1,3}(/\d{1,3})?$", allowed): # allow direct ip access if you'd like sources.append(allowed) else: source_sec_group = self._get_security_group(self._get_sec_group_name(allowed)) sources.append(source_sec_group) for port in connectivity.ports: if isinstance(port, basestring): from_port = port.split('-')[0] if '-' in port else port to_port = port.split('-')[1] if '-' in port else port else: from_port = port to_port = port for source in sources: try: cur_group.authorize(connectivity.protocol, from_port, to_port, source) if isinstance(source, basestring)\ else cur_group.authorize(connectivity.protocol, from_port, to_port, src_group=source) except EC2ResponseError as (error): #TODO: don't re-authorize existing rules logger.warn("An error has occurred during authorization %s\nThis may be expected if the rule has already been authorized" % error )
def _tag(self, tagname, default="Unknown"): if self.boto_instance.tags.has_key(tagname): return self.boto_instance.tags[tagname] logger.warn("Unable to retrieve tag %s for instance %s, returning %s instead" % (tagname, self.id(), default)) return default