示例#1
0
def put_janus_config():
    import yaml
    execute('ec2.set_instance_roles')
    config_fn = 'config/aws.yml'
    config = yaml.load(open(config_fn).read())
    config['host'] = {}
    host = config['host']
    created_instances = get_created_instances()
    leader_ip_address = env.roledefs['leaders'][0]
    for region, instances in created_instances.iteritems():
        cnt = 0
        for instance in instances:
            proc_name = "{region}-{cnt}".format(region=region, cnt=cnt)
            if instance.public_ip_address != leader_ip_address:
                host[proc_name] = instance.public_ip_address
                cnt += 1
    config_contents = StringIO.StringIO(yaml.dump(config, default_flow_style=False))
    put(config_contents, "{}/config/aws.yml".format(env.nfs_home))
示例#2
0
def load_security_grp_ips():
    execute('ec2.load_instances')
    execute('cluster.setup_security_groups')
    sec_group_ids = env.security_groups
    created_instances = get_created_instances()
    logging.info("created instances: {}".format(created_instances))
    regions = created_instances.keys()
    logging.info("setup security group for regions: {}".format(regions))
    for region in regions:
        ec2 = boto3.resource('ec2', region_name=region)
        logging.info("adding ips to security group {}".format(sec_grp_name(region)))
        security_group = ec2.SecurityGroup(sec_group_ids[region])
        if security_group is not None:
            security_group.load()

            permissions = {
                'IpProtocol': '-1',
                'FromPort': -1,
                'ToPort': -1,
                'IpRanges': []
            }
            
            for region2 in regions:
                for instance in created_instances[region2]:
                    cidr = instance.public_ip_address + "/32"
                    permissions['IpRanges'].append({ 'CidrIp': cidr })
            
            for cidr in ALLOWED_IP_RANGES:
                permissions['IpRanges'].append({ 'CidrIp': cidr })

            logging.info("add rules to security group {}:\n{}".format(
                sec_grp_name(region), permissions))
            try:
                security_group.authorize_ingress(SourceSecurityGroupName=sec_grp_name(region))
                security_group.authorize_ingress(IpPermissions=[permissions])
            except:
                traceback.print_exc()
            
        else:
            raise RuntimeError("could not load security group")