Google Git
Sign in
apache / incubator-datalab / 34483ee52cf8b79c4e51a54c82171564e5b8d50a / . / infrastructure-provisioning / src / general / scripts / aws / ssn_prepare.py
blob: 0996ba9cd4affafdcb73e68f00a232b4ead3541a [file] [log] [blame]
#!/usr/bin/python
# *****************************************************************************
#
# Copyright (c) 2016, EPAM SYSTEMS INC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# ******************************************************************************
from dlab.fab import *
from dlab.actions_lib import *
import sys, os
from fabric.api import *
from dlab.ssn_lib import *
if __name__ == "__main__":
local_log_filename = "{}_{}.log".format(os.environ['conf_resource'], os.environ['request_id'])
local_log_filepath = "/logs/" + os.environ['conf_resource'] + "/" + local_log_filename
logging.basicConfig(format='%(levelname)-8s [%(asctime)s] %(message)s',
level=logging.DEBUG,
filename=local_log_filepath)
instance = 'ssn'
pre_defined_vpc = False
pre_defined_subnet = False
pre_defined_sg = False
try:
logging.info('[CREATE AWS CONFIG FILE]')
print('[CREATE AWS CONFIG FILE]')
if 'aws_access_key' in os.environ and 'aws_secret_access_key' in os.environ:
create_aws_config_files(generate_full_config=True)
else:
create_aws_config_files()
except:
logging.info('Unable to create configuration')
append_result("Unable to create configuration")
traceback.print_exc()
sys.exit(1)
try:
logging.info('[DERIVING NAMES]')
print('[DERIVING NAMES]')
service_base_name = os.environ['conf_service_base_name']
role_name = service_base_name.lower().replace('-', '_') + '-ssn-Role'
role_profile_name = service_base_name.lower().replace('-', '_') + '-ssn-Profile'
policy_name = service_base_name.lower().replace('-', '_') + '-ssn-Policy'
user_bucket_name = (service_base_name + '-ssn-bucket').lower().replace('_', '-')
shared_bucket_name = (service_base_name + '-shared-bucket').lower().replace('_', '-')
tag_name = service_base_name + '-Tag'
instance_name = service_base_name + '-ssn'
region = os.environ['aws_region']
ssn_image_name = os.environ['aws_{}_image_name'.format(os.environ['conf_os_family'])]
ssn_ami_id = get_ami_id(ssn_image_name)
policy_path = '/root/files/ssn_policy.json'
vpc_cidr = os.environ['conf_vpc_cidr']
allowed_ip_cidr = os.environ['conf_allowed_ip_cidr']
sg_name = instance_name + '-SG'
network_type = os.environ['conf_network_type']
all_ip_cidr = '0.0.0.0/0'
try:
if os.environ['aws_vpc_id'] == '':
raise KeyError
except KeyError:
try:
pre_defined_vpc = True
logging.info('[CREATE VPC AND ROUTE TABLE]')
print('[CREATE VPC AND ROUTE TABLE]')
params = "--vpc {} --region {} --infra_tag_name {} --infra_tag_value {}".format(vpc_cidr, region, tag_name, service_base_name)
try:
local("~/scripts/{}.py {}".format('ssn_create_vpc', params))
except:
traceback.print_exc()
raise Exception
os.environ['aws_vpc_id'] = get_vpc_by_tag(tag_name, service_base_name)
except Exception as err:
append_result("Failed to create VPC. Exception:" + str(err))
sys.exit(1)
try:
if os.environ['aws_subnet_id'] == '':
raise KeyError
except KeyError:
try:
pre_defined_subnet = True
logging.info('[CREATE SUBNET]')
print('[CREATE SUBNET]')
params = "--vpc_id {} --username {} --infra_tag_name {} --infra_tag_value {} --prefix {} --ssn {}".format(os.environ['aws_vpc_id'], 'ssn', tag_name, service_base_name, '20', True)
try:
local("~/scripts/{}.py {}".format('common_create_subnet', params))
except:
traceback.print_exc()
raise Exception
with open('/tmp/ssn_subnet_id', 'r') as f:
os.environ['aws_subnet_id'] = f.read()
enable_auto_assign_ip(os.environ['aws_subnet_id'])
except Exception as err:
append_result("Failed to create Subnet.", str(err))
if pre_defined_vpc:
remove_internet_gateways(os.environ['aws_vpc_id'], tag_name, service_base_name)
remove_route_tables(tag_name, True)
try:
remove_subnets(service_base_name + "-subnet")
except:
print("Subnet hasn't been created.")
remove_vpc(os.environ['aws_vpc_id'])
sys.exit(1)
try:
if os.environ['aws_security_groups_ids'] == '':
raise KeyError
except KeyError:
try:
pre_defined_sg = True
logging.info('[CREATE SG FOR SSN]')
print('[CREATE SG FOR SSN]')
ingress_sg_rules_template = [
{
"PrefixListIds": [],
"FromPort": 80,
"IpRanges": [{"CidrIp": allowed_ip_cidr}],
"ToPort": 80, "IpProtocol": "tcp", "UserIdGroupPairs": []
},
{
"PrefixListIds": [],
"FromPort": 8080,
"IpRanges": [{"CidrIp": allowed_ip_cidr}],
"ToPort": 8080, "IpProtocol": "tcp", "UserIdGroupPairs": []
},
{
"PrefixListIds": [],
"FromPort": 22,
"IpRanges": [{"CidrIp": allowed_ip_cidr}],
"ToPort": 22, "IpProtocol": "tcp", "UserIdGroupPairs": []
},
{
"PrefixListIds": [],
"FromPort": 3128,
"IpRanges": [{"CidrIp": vpc_cidr}],
"ToPort": 3128, "IpProtocol": "tcp", "UserIdGroupPairs": []
},
{
"PrefixListIds": [],
"FromPort": 443,
"IpRanges": [{"CidrIp": allowed_ip_cidr}],
"ToPort": 443, "IpProtocol": "tcp", "UserIdGroupPairs": []
},
{
"PrefixListIds": [],
"FromPort": -1,
"IpRanges": [{"CidrIp": allowed_ip_cidr}],
"ToPort": -1, "IpProtocol": "icmp", "UserIdGroupPairs": []
},
{
"PrefixListIds": [],
"FromPort": 80,
"IpRanges": [{"CidrIp": vpc_cidr}],
"ToPort": 80, "IpProtocol": "tcp", "UserIdGroupPairs": []
},
{
"PrefixListIds": [],
"FromPort": 443,
"IpRanges": [{"CidrIp": vpc_cidr}],
"ToPort": 443, "IpProtocol": "tcp", "UserIdGroupPairs": []
}
]
egress_sg_rules_template = [
{"IpProtocol": "-1", "IpRanges": [{"CidrIp": all_ip_cidr}], "UserIdGroupPairs": [], "PrefixListIds": []}
]
params = "--name {} --vpc_id {} --security_group_rules '{}' --egress '{}' --infra_tag_name {} --infra_tag_value {} --force {} --ssn {}". \
format(sg_name, os.environ['aws_vpc_id'], json.dumps(ingress_sg_rules_template), json.dumps(egress_sg_rules_template), service_base_name, tag_name, False, True)
try:
local("~/scripts/{}.py {}".format('common_create_security_group', params))
except:
traceback.print_exc()
raise Exception
with open('/tmp/ssn_sg_id', 'r') as f:
os.environ['aws_security_groups_ids'] = f.read()
except Exception as err:
append_result("Failed creating security group for SSN.", str(err))
if pre_defined_vpc:
remove_internet_gateways(os.environ['aws_vpc_id'], tag_name, service_base_name)
remove_subnets(service_base_name + "-subnet")
remove_route_tables(tag_name, True)
remove_vpc(os.environ['aws_vpc_id'])
sys.exit(1)
logging.info('[CREATE ROLES]')
print('[CREATE ROLES]')
params = "--role_name {} --role_profile_name {} --policy_name {} --policy_file_name {} --region {}".\
format(role_name, role_profile_name, policy_name, policy_path, os.environ['aws_region'])
try:
local("~/scripts/{}.py {}".format('common_create_role_policy', params))
except:
traceback.print_exc()
raise Exception
except Exception as err:
append_result("Unable to create roles.", str(err))
if pre_defined_sg:
remove_sgroups(tag_name)
if pre_defined_subnet:
remove_internet_gateways(os.environ['aws_vpc_id'], tag_name, service_base_name)
remove_subnets(service_base_name + "-subnet")
if pre_defined_vpc:
remove_route_tables(tag_name, True)
remove_vpc(os.environ['aws_vpc_id'])
sys.exit(1)
try:
logging.info('[CREATE ENDPOINT AND ROUTE-TABLE]')
print('[CREATE ENDPOINT AND ROUTE-TABLE]')
params = "--vpc_id {} --region {} --infra_tag_name {} --infra_tag_value {}".format(
os.environ['aws_vpc_id'], os.environ['aws_region'], tag_name, service_base_name)
try:
local("~/scripts/{}.py {}".format('ssn_create_endpoint', params))
except:
traceback.print_exc()
raise Exception
except Exception as err:
append_result("Unable to create an endpoint.", str(err))
remove_all_iam_resources(instance)
if pre_defined_sg:
remove_sgroups(tag_name)
if pre_defined_subnet:
remove_internet_gateways(os.environ['aws_vpc_id'], tag_name, service_base_name)
remove_subnets(service_base_name + "-subnet")
if pre_defined_vpc:
remove_route_tables(tag_name, True)
remove_vpc(os.environ['aws_vpc_id'])
sys.exit(1)
try:
logging.info('[CREATE BUCKETS]')
print('[CREATE BUCKETS]')
params = "--bucket_name {} --infra_tag_name {} --infra_tag_value {} --region {}". \
format(user_bucket_name, tag_name, user_bucket_name, region)
try:
local("~/scripts/{}.py {}".format('common_create_bucket', params))
except:
traceback.print_exc()
raise Exception
params = "--bucket_name {} --infra_tag_name {} --infra_tag_value {} --region {}". \
format(shared_bucket_name, tag_name, shared_bucket_name, region)
try:
local("~/scripts/{}.py {}".format('common_create_bucket', params))
except:
traceback.print_exc()
raise Exception
except Exception as err:
append_result("Unable to create bucket.", str(err))
remove_all_iam_resources(instance)
if pre_defined_sg:
remove_sgroups(tag_name)
if pre_defined_subnet:
remove_internet_gateways(os.environ['aws_vpc_id'], tag_name, service_base_name)
remove_subnets(service_base_name + "-subnet")
if pre_defined_vpc:
remove_vpc_endpoints(os.environ['aws_vpc_id'])
remove_route_tables(tag_name, True)
remove_vpc(os.environ['aws_vpc_id'])
sys.exit(1)
try:
logging.info('[CREATE SSN INSTANCE]')
print('[CREATE SSN INSTANCE]')
params = "--node_name {} --ami_id {} --instance_type {} --key_name {} --security_group_ids {} --subnet_id {} --iam_profile {} --infra_tag_name {} --infra_tag_value {}".\
format(instance_name, ssn_ami_id, os.environ['aws_ssn_instance_size'], os.environ['conf_key_name'],
os.environ['aws_security_groups_ids'], os.environ['aws_subnet_id'],
role_profile_name, tag_name, instance_name)
try:
local("~/scripts/{}.py {}".format('common_create_instance', params))
except:
traceback.print_exc()
raise Exception
except Exception as err:
append_result("Unable to create ssn instance.", str(err))
remove_all_iam_resources(instance)
remove_s3(instance)
if pre_defined_sg:
remove_sgroups(tag_name)
if pre_defined_subnet:
remove_internet_gateways(os.environ['aws_vpc_id'], tag_name, service_base_name)
remove_subnets(service_base_name + "-subnet")
if pre_defined_vpc:
remove_vpc_endpoints(os.environ['aws_vpc_id'])
remove_route_tables(tag_name, True)
remove_vpc(os.environ['aws_vpc_id'])
sys.exit(1)
if network_type == 'public':
try:
logging.info('[ASSOCIATING ELASTIC IP]')
print('[ASSOCIATING ELASTIC IP]')
ssn_id = get_instance_by_name(tag_name, instance_name)
try:
elastic_ip = os.environ['ssn_elastic_ip']
except:
elastic_ip = 'None'
params = "--elastic_ip {} --ssn_id {}".format(elastic_ip, ssn_id)
try:
local("~/scripts/{}.py {}".format('ssn_associate_elastic_ip', params))
except:
traceback.print_exc()
raise Exception
except Exception as err:
append_result("Failed to associate elastic ip.", str(err))
remove_ec2(tag_name, instance_name)
remove_all_iam_resources(instance)
remove_s3(instance)
if pre_defined_sg:
remove_sgroups(tag_name)
if pre_defined_subnet:
remove_internet_gateways(os.environ['aws_vpc_id'], tag_name, service_base_name)
remove_subnets(service_base_name + "-subnet")
if pre_defined_vpc:
remove_vpc_endpoints(os.environ['aws_vpc_id'])
remove_route_tables(tag_name, True)
remove_vpc(os.environ['aws_vpc_id'])
sys.exit(1)