Google Git
Sign in
apache / incubator-datalab / refs/heads/DLAB-1379 / . / infrastructure-provisioning / src / general / scripts / gcp / ssn_prepare.py
blob: be55481861565a7e8f4ba0e9f4e2dd49534b850b [file] [log] [blame]
#!/usr/bin/python
# *****************************************************************************
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# ******************************************************************************
from dlab.fab import *
from dlab.actions_lib import *
from dlab.meta_lib import *
import sys, os
from fabric.api import *
from dlab.ssn_lib import *
import json
if __name__ == "__main__":
local_log_filename = "{}_{}.log".format(os.environ['conf_resource'], os.environ['request_id'])
local_log_filepath = "/logs/" + os.environ['conf_resource'] + "/" + local_log_filename
logging.basicConfig(format='%(levelname)-8s [%(asctime)s] %(message)s',
level=logging.DEBUG,
filename=local_log_filepath)
instance = 'ssn'
pre_defined_vpc = False
pre_defined_subnet = False
pre_defined_firewall = False
logging.info('[DERIVING NAMES]')
print('[DERIVING NAMES]')
ssn_conf = dict()
ssn_conf['service_base_name'] = os.environ['conf_service_base_name'] = replace_multi_symbols(
os.environ['conf_service_base_name'].lower().replace('_', '-')[:12], '-', True)
ssn_conf['region'] = os.environ['gcp_region']
ssn_conf['zone'] = os.environ['gcp_zone']
ssn_conf['ssn_bucket_name'] = '{}-ssn-bucket'.format(ssn_conf['service_base_name'])
ssn_conf['default_endpoint_name'] = os.environ['default_endpoint_name']
ssn_conf['shared_bucket_name'] = '{0}-{1}-shared-bucket'.format(ssn_conf['service_base_name'],
ssn_conf['default_endpoint_name'])
ssn_conf['instance_name'] = '{}-ssn'.format(ssn_conf['service_base_name'])
ssn_conf['instance_size'] = os.environ['gcp_ssn_instance_size']
ssn_conf['vpc_name'] = '{}-ssn-vpc'.format(ssn_conf['service_base_name'])
ssn_conf['subnet_name'] = '{}-ssn-subnet'.format(ssn_conf['service_base_name'])
ssn_conf['vpc_cidr'] = os.environ['conf_vpc_cidr']
ssn_conf['subnet_prefix'] = '20'
ssn_conf['firewall_name'] = '{}-ssn-firewall'.format(ssn_conf['service_base_name'])
ssn_conf['ssh_key_path'] = '{0}{1}.pem'.format(os.environ['conf_key_dir'], os.environ['conf_key_name'])
ssn_conf['service_account_name'] = '{}-ssn-sa'.format(ssn_conf['service_base_name']).replace('_', '-')
ssn_conf['image_name'] = os.environ['gcp_{}_image_name'.format(os.environ['conf_os_family'])]
ssn_conf['role_name'] = ssn_conf['service_base_name'] + '-ssn-role'
ssn_conf['static_address_name'] = '{}-ssn-ip'.format(ssn_conf['service_base_name'])
ssn_conf['ssn_policy_path'] = '/root/files/ssn_policy.json'
ssn_conf['ssn_roles_path'] = '/root/files/ssn_roles.json'
ssn_conf['network_tag'] = ssn_conf['instance_name']
ssn_conf['instance_labels'] = {"name": ssn_conf['instance_name'],
"sbn": ssn_conf['service_base_name'],
os.environ['conf_billing_tag_key']: os.environ['conf_billing_tag_value']}
ssn_conf['allowed_ip_cidr'] = os.environ['conf_allowed_ip_cidr']
if GCPMeta().get_instance(ssn_conf['instance_name']):
print("Service base name should be unique and less or equal 12 symbols. Please try again.")
sys.exit(1)
try:
if os.environ['gcp_vpc_name'] == '':
raise KeyError
else:
ssn_conf['vpc_name'] = os.environ['gcp_vpc_name']
except KeyError:
try:
pre_defined_vpc = True
logging.info('[CREATE VPC]')
print('[CREATE VPC]')
params = "--vpc_name {}".format(ssn_conf['vpc_name'])
try:
local("~/scripts/{}.py {}".format('ssn_create_vpc', params))
os.environ['gcp_vpc_name'] = ssn_conf['vpc_name']
except:
traceback.print_exc()
raise Exception
except Exception as err:
print('Error: {0}'.format(err))
append_result("Failed to create VPC. Exception:" + str(err))
if pre_defined_vpc:
try:
GCPActions().remove_vpc(ssn_conf['vpc_name'])
except:
print("VPC hasn't been created.")
sys.exit(1)
try:
ssn_conf['vpc_selflink'] = GCPMeta().get_vpc(ssn_conf['vpc_name'])['selfLink']
if os.environ['gcp_subnet_name'] == '':
raise KeyError
else:
ssn_conf['subnet_name'] = os.environ['gcp_subnet_name']
except KeyError:
try:
pre_defined_subnet = True
logging.info('[CREATE SUBNET]')
print('[CREATE SUBNET]')
params = "--subnet_name {} --region {} --vpc_selflink {} --prefix {} --vpc_cidr {}".\
format(ssn_conf['subnet_name'], ssn_conf['region'], ssn_conf['vpc_selflink'], ssn_conf['subnet_prefix'],
ssn_conf['vpc_cidr'])
try:
local("~/scripts/{}.py {}".format('common_create_subnet', params))
os.environ['gcp_subnet_name'] = ssn_conf['subnet_name']
except:
traceback.print_exc()
raise Exception
except Exception as err:
print('Error: {0}'.format(err))
append_result("Failed to create Subnet.", str(err))
if pre_defined_vpc:
try:
GCPActions().remove_subnet(ssn_conf['subnet_name'], ssn_conf['region'])
except:
print("Subnet hasn't been created.")
GCPActions().remove_vpc(ssn_conf['vpc_name'])
sys.exit(1)
try:
if os.environ['gcp_firewall_name'] == '':
raise KeyError
else:
ssn_conf['firewall_name'] = os.environ['gcp_firewall_name']
except KeyError:
try:
pre_defined_firewall = True
logging.info('[CREATE FIREWALL]')
print('[CREATE FIREWALL]')
firewall_rules = dict()
firewall_rules['ingress'] = []
firewall_rules['egress'] = []
ingress_rule = dict()
ingress_rule['name'] = ssn_conf['firewall_name'] + '-ingress'
ingress_rule['targetTags'] = [ssn_conf['network_tag']]
ingress_rule['sourceRanges'] = [ssn_conf['allowed_ip_cidr']]
rules = [
{
'IPProtocol': 'tcp',
'ports': ['22', '80', '443']
}
]
ingress_rule['allowed'] = rules
ingress_rule['network'] = ssn_conf['vpc_selflink']
ingress_rule['direction'] = 'INGRESS'
firewall_rules['ingress'].append(ingress_rule)
egress_rule = dict()
egress_rule['name'] = ssn_conf['firewall_name'] + '-egress'
egress_rule['targetTags'] = [ssn_conf['network_tag']]
egress_rule['destinationRanges'] = [ssn_conf['allowed_ip_cidr']]
rules = [
{
'IPProtocol': 'all',
}
]
egress_rule['allowed'] = rules
egress_rule['network'] = ssn_conf['vpc_selflink']
egress_rule['direction'] = 'EGRESS'
firewall_rules['egress'].append(egress_rule)
params = "--firewall '{}'".format(json.dumps(firewall_rules))
try:
local("~/scripts/{}.py {}".format('common_create_firewall', params))
os.environ['gcp_firewall_name'] = ssn_conf['firewall_name']
except:
traceback.print_exc()
raise Exception
except Exception as err:
print('Error: {0}'.format(err))
append_result("Failed to create Firewall.", str(err))
if pre_defined_vpc:
GCPActions().remove_subnet(ssn_conf['subnet_name'], ssn_conf['region'])
GCPActions().remove_vpc(ssn_conf['vpc_name'])
sys.exit(1)
try:
logging.info('[CREATE SERVICE ACCOUNT AND ROLE]')
print('[CREATE SERVICE ACCOUNT AND ROLE]')
params = "--service_account_name {} --role_name {} --policy_path {} --roles_path {}".format(
ssn_conf['service_account_name'], ssn_conf['role_name'],
ssn_conf['ssn_policy_path'], ssn_conf['ssn_roles_path'])
try:
local("~/scripts/{}.py {}".format('common_create_service_account', params))
except:
traceback.print_exc()
raise Exception
except Exception as err:
print('Error: {0}'.format(err))
append_result("Unable to create Service account and role.", str(err))
try:
GCPActions().remove_service_account(ssn_conf['service_account_name'])
GCPActions().remove_role(ssn_conf['role_name'])
except:
print("Service account hasn't been created")
if pre_defined_firewall:
GCPActions().remove_firewall(ssn_conf['firewall_name'] + '-ingress')
GCPActions().remove_firewall(ssn_conf['firewall_name'] + '-egress')
if pre_defined_subnet:
GCPActions().remove_subnet(ssn_conf['subnet_name'], ssn_conf['region'])
if pre_defined_vpc:
GCPActions().remove_vpc(ssn_conf['vpc_name'])
sys.exit(1)
try:
logging.info('[CREATE BUCKETS]')
print('[CREATE BUCKETS]')
params = "--bucket_name {}".format(ssn_conf['ssn_bucket_name'])
try:
local("~/scripts/{}.py {}".format('common_create_bucket', params))
except:
traceback.print_exc()
raise Exception
params = "--bucket_name {}".format(ssn_conf['shared_bucket_name'])
try:
local("~/scripts/{}.py {}".format('common_create_bucket', params))
except:
traceback.print_exc()
raise Exception
except Exception as err:
print('Error: {0}'.format(err))
append_result("Unable to create bucket.", str(err))
GCPActions().remove_service_account(ssn_conf['service_account_name'])
GCPActions().remove_role(ssn_conf['role_name'])
if pre_defined_firewall:
GCPActions().remove_firewall(ssn_conf['firewall_name'] + '-ingress')
GCPActions().remove_firewall(ssn_conf['firewall_name'] + '-egress')
if pre_defined_subnet:
GCPActions().remove_subnet(ssn_conf['subnet_name'], ssn_conf['region'])
if pre_defined_vpc:
GCPActions().remove_vpc(ssn_conf['vpc_name'])
sys.exit(1)
try:
logging.info('[SET PERMISSIONS FOR SSN BUCKET]')
print('[SET PERMISSIONS FOR SSN BUCKET]')
GCPActions().set_bucket_owner(ssn_conf['ssn_bucket_name'], ssn_conf['service_account_name'])
except Exception as err:
print('Error: {0}'.format(err))
append_result("Unable to set bucket permissions.", str(err))
GCPActions().remove_service_account(ssn_conf['service_account_name'])
GCPActions().remove_role(ssn_conf['role_name'])
GCPActions().remove_bucket(ssn_conf['ssn_bucket_name'])
GCPActions().remove_bucket(ssn_conf['shared_bucket_name'])
if pre_defined_firewall:
GCPActions().remove_firewall(ssn_conf['firewall_name'] + '-ingress')
GCPActions().remove_firewall(ssn_conf['firewall_name'] + '-egress')
if pre_defined_subnet:
GCPActions().remove_subnet(ssn_conf['subnet_name'], ssn_conf['region'])
if pre_defined_vpc:
GCPActions().remove_vpc(ssn_conf['vpc_name'])
sys.exit(1)
try:
logging.info('[CREATING STATIC IP ADDRESS]')
print('[CREATING STATIC IP ADDRESS]')
params = "--address_name {} --region {}".format(ssn_conf['static_address_name'], ssn_conf['region'])
try:
local("~/scripts/{}.py {}".format('ssn_create_static_ip', params))
except:
traceback.print_exc()
raise Exception
except Exception as err:
print('Error: {0}'.format(err))
append_result("Failed to create static ip.", str(err))
try:
GCPActions().remove_static_address(ssn_conf['static_address_name'], ssn_conf['region'])
except:
print("Static IP address hasn't been created.")
GCPActions().remove_service_account(ssn_conf['service_account_name'])
GCPActions().remove_role(ssn_conf['role_name'])
GCPActions().remove_bucket(ssn_conf['ssn_bucket_name'])
GCPActions().remove_bucket(ssn_conf['shared_bucket_name'])
if pre_defined_firewall:
GCPActions().remove_firewall(ssn_conf['firewall_name'] + '-ingress')
GCPActions().remove_firewall(ssn_conf['firewall_name'] + '-egress')
if pre_defined_subnet:
GCPActions().remove_subnet(ssn_conf['subnet_name'], ssn_conf['region'])
if pre_defined_vpc:
GCPActions().remove_vpc(ssn_conf['vpc_name'])
sys.exit(1)
if os.environ['conf_os_family'] == 'debian':
initial_user = 'ubuntu'
sudo_group = 'sudo'
if os.environ['conf_os_family'] == 'redhat':
initial_user = 'ec2-user'
sudo_group = 'wheel'
try:
ssn_conf['static_ip'] = \
GCPMeta().get_static_address(ssn_conf['region'], ssn_conf['static_address_name'])['address']
logging.info('[CREATE SSN INSTANCE]')
print('[CREATE SSN INSTANCE]')
params = "--instance_name {0} --region {1} --zone {2} --vpc_name {3} --subnet_name {4} --instance_size {5}"\
" --ssh_key_path {6} --initial_user {7} --service_account_name {8} --image_name {9}"\
" --instance_class {10} --static_ip {11} --network_tag {12} --labels '{13}' --primary_disk_size {14}".\
format(ssn_conf['instance_name'], ssn_conf['region'], ssn_conf['zone'], ssn_conf['vpc_name'],
ssn_conf['subnet_name'], ssn_conf['instance_size'], ssn_conf['ssh_key_path'], initial_user,
ssn_conf['service_account_name'], ssn_conf['image_name'], 'ssn', ssn_conf['static_ip'],
ssn_conf['network_tag'], json.dumps(ssn_conf['instance_labels']), '20')
try:
local("~/scripts/{}.py {}".format('common_create_instance', params))
except:
traceback.print_exc()
raise Exception
except Exception as err:
print('Error: {0}'.format(err))
append_result("Unable to create ssn instance.", str(err))
GCPActions().remove_service_account(ssn_conf['service_account_name'])
GCPActions().remove_role(ssn_conf['role_name'])
GCPActions().remove_static_address(ssn_conf['static_address_name'], ssn_conf['region'])
GCPActions().remove_bucket(ssn_conf['ssn_bucket_name'])
GCPActions().remove_bucket(ssn_conf['shared_bucket_name'])
if pre_defined_firewall:
GCPActions().remove_firewall(ssn_conf['firewall_name'] + '-ingress')
GCPActions().remove_firewall(ssn_conf['firewall_name'] + '-egress')
if pre_defined_subnet:
GCPActions().remove_subnet(ssn_conf['subnet_name'], ssn_conf['region'])
if pre_defined_vpc:
GCPActions().remove_vpc(ssn_conf['vpc_name'])
sys.exit(1)