in scripts/cpd_install.py [0:0]
def preparePXInstall(self,icpdInstallLogFile):
"""
This method does all required background work like creating policy required to spin up EBS volumes, updating security group with portworx specific ports.
"""
methodName = "preparePXInstall"
TR.info(methodName,"Pre requisite for Portworx Installation")
"""
#INST_PROFILE_NAME=`aws ec2 describe-instances --query 'Reservations[*].Instances[*].[IamInstanceProfile.Arn]' --output text | cut -d ':' -f 6 | cut -d '/' -f 2 | grep worker* | uniq`
"""
TR.info(methodName,"Get INST_PROFILE_NAME")
tag_value = self.clusterID+"-worker*"
TR.info(methodName,"Tag value of worker to look for %s"%tag_value)
response = self.ec2.describe_instances(Filters=[{'Name': 'tag:Name','Values': [tag_value]}])
TR.info(methodName,"response %s"%response)
reservation = response['Reservations']
TR.info(methodName,"reservation %s"%reservation)
for item in reservation:
instances = item['Instances']
TR.info(methodName,"instances %s"%instances)
for instance in instances:
if 'IamInstanceProfile' in instance:
instanceProfile = instance['IamInstanceProfile']['Arn'].split("/")[1]
TR.info(methodName,"instanceProfile %s"%instanceProfile)
TR.info(methodName,"Instance profile retrieved %s"%instanceProfile)
#ROLE_NAME=`aws iam get-instance-profile --instance-profile-name $INST_PROFILE_NAME --query 'InstanceProfile.Roles[*].[RoleName]' --output text`
TR.info(methodName,"Get Role name")
iamresponse = self.iam.get_instance_profile(InstanceProfileName=instanceProfile)
rolename = iamresponse['InstanceProfile']['Roles'][0]['RoleName']
TR.info(methodName,"Role name retrieved %s"%rolename)
#POLICY_ARN=`aws iam create-policy --policy-name portworx-policy-${VAR} --policy-document file://policy.json --query 'Policy.Arn' --output text`
policycontent = {'Version': '2012-10-17', 'Statement': [{'Action': ['ec2:AttachVolume', 'ec2:ModifyVolume', 'ec2:DetachVolume', 'ec2:CreateTags', 'ec2:CreateVolume', 'ec2:DeleteTags', 'ec2:DeleteVolume', 'ec2:DescribeTags', 'ec2:DescribeVolumeAttribute', 'ec2:DescribeVolumesModifications', 'ec2:DescribeVolumeStatus', 'ec2:DescribeVolumes', 'ec2:DescribeInstances'], 'Resource': ['*'], 'Effect': 'Allow'}]}
TR.info(methodName,"Get policy_arn")
policyName = "portworx-policy-"+self.ClusterName
policy = self.iam.create_policy(PolicyName=policyName,PolicyDocument=json.dumps(policycontent))
policy_arn = policy['Policy']['Arn']
destroy_sh = "/ibm/destroy.sh"
self.updateTemplateFile(destroy_sh,'$ROLE_NAME',rolename)
self.updateTemplateFile(destroy_sh,'$POLICY_ARN',policy_arn)
TR.info(methodName,"Policy_arn retrieved %s"%policy_arn)
# aws iam attach-role-policy --role-name $ROLE_NAME --policy-arn $POLICY_ARN
TR.info(methodName,"Attach IAM policy")
response = self.iam.attach_role_policy(RoleName=rolename,PolicyArn=policy_arn)
TR.info(methodName,"Attached role policy returned %s"%response)
"""
WORKER_TAG=`aws ec2 describe-security-groups --query 'SecurityGroups[*].Tags[*][Value]' --output text | grep worker`
MASTER_TAG=`aws ec2 describe-security-groups --query 'SecurityGroups[*].Tags[*][Value]' --output text | grep master`
WORKER_GROUP_ID=`aws ec2 describe-security-groups --filters Name=tag:Name,Values=$WORKER_TAG --query "SecurityGroups[*].{Name:GroupId}" --output text`
MASTER_GROUP_ID=`aws ec2 describe-security-groups --filters Name=tag:Name,Values=$MASTER_TAG --query "SecurityGroups[*].{Name:GroupId}" --output text`
"""
TR.info(methodName,"Retrieve tags and group id from security groups")
ret = self.ec2.describe_security_groups()
worker_sg_value = self.clusterID+"-worker-sg"
master_sg_value = self.clusterID+"-master-sg"
sec_groups = ret['SecurityGroups']
for sg in sec_groups:
if 'Tags' in sg:
tags = sg['Tags']
for tag in tags:
if worker_sg_value in tag['Value']:
worker_tag = tag['Value']
elif master_sg_value in tag['Value']:
master_tag = tag['Value']
worker_group = self.ec2.describe_security_groups(Filters=[{'Name':'tag:Name','Values':[worker_tag]}])
sec_groups = worker_group['SecurityGroups']
for sg in sec_groups:
worker_group_id = sg['GroupId']
master_group = self.ec2.describe_security_groups(Filters=[{'Name':'tag:Name','Values':[master_tag]}])
sec_groups = master_group['SecurityGroups']
for sg in sec_groups:
master_group_id = sg['GroupId']
TR.info(methodName,"Retrieved worker tag %s master tag %s and worker group id %s master group id %s from security groups"%(worker_tag,master_tag,worker_group_id,master_group_id))
"""
aws ec2 authorize-security-group-ingress --group-id $WORKER_GROUP_ID --protocol tcp --port 17001-17020 --source-group $MASTER_GROUP_ID
aws ec2 authorize-security-group-ingress --group-id $WORKER_GROUP_ID --protocol tcp --port 17001-17020 --source-group $WORKER_GROUP_ID
aws ec2 authorize-security-group-ingress --group-id $WORKER_GROUP_ID --protocol tcp --port 111 --source-group $MASTER_GROUP_ID
aws ec2 authorize-security-group-ingress --group-id $WORKER_GROUP_ID --protocol tcp --port 111 --source-group $WORKER_GROUP_ID
aws ec2 authorize-security-group-ingress --group-id $WORKER_GROUP_ID --protocol tcp --port 2049 --source-group $MASTER_GROUP_ID
aws ec2 authorize-security-group-ingress --group-id $WORKER_GROUP_ID --protocol tcp --port 2049 --source-group $WORKER_GROUP_ID
aws ec2 authorize-security-group-ingress --group-id $WORKER_GROUP_ID --protocol tcp --port 20048 --source-group $MASTER_GROUP_ID
aws ec2 authorize-security-group-ingress --group-id $WORKER_GROUP_ID --protocol tcp --port 20048 --source-group $WORKER_GROUP_ID
"""
TR.info(methodName,"Start authorize-security-group-ingress")
self.ec2.authorize_security_group_ingress(GroupId=worker_group_id,IpPermissions=[{'IpProtocol':'tcp','FromPort':17001,'ToPort':17020,'UserIdGroupPairs':[{'GroupId':master_group_id}]}])
self.ec2.authorize_security_group_ingress(GroupId=worker_group_id,IpPermissions=[{'IpProtocol':'tcp','FromPort':17001,'ToPort':17020,'UserIdGroupPairs':[{'GroupId':worker_group_id}]}])
self.ec2.authorize_security_group_ingress(GroupId=worker_group_id,IpPermissions=[{'IpProtocol':'tcp','FromPort':111,'ToPort':111,'UserIdGroupPairs':[{'GroupId':worker_group_id}]}])
self.ec2.authorize_security_group_ingress(GroupId=worker_group_id,IpPermissions=[{'IpProtocol':'tcp','FromPort':111,'ToPort':111,'UserIdGroupPairs':[{'GroupId':master_group_id}]}])
self.ec2.authorize_security_group_ingress(GroupId=worker_group_id,IpPermissions=[{'IpProtocol':'tcp','FromPort':2049,'ToPort':2049,'UserIdGroupPairs':[{'GroupId':worker_group_id}]}])
self.ec2.authorize_security_group_ingress(GroupId=worker_group_id,IpPermissions=[{'IpProtocol':'tcp','FromPort':2049,'ToPort':2049,'UserIdGroupPairs':[{'GroupId':master_group_id}]}])
self.ec2.authorize_security_group_ingress(GroupId=worker_group_id,IpPermissions=[{'IpProtocol':'tcp','FromPort':20048,'ToPort':20048,'UserIdGroupPairs':[{'GroupId':worker_group_id}]}])
self.ec2.authorize_security_group_ingress(GroupId=worker_group_id,IpPermissions=[{'IpProtocol':'tcp','FromPort':20048,'ToPort':20048,'UserIdGroupPairs':[{'GroupId':master_group_id}]}])
self.ec2.authorize_security_group_ingress(GroupId=worker_group_id,IpPermissions=[{'IpProtocol':'tcp','FromPort':9001,'ToPort':9022,'UserIdGroupPairs':[{'GroupId':worker_group_id}]}])
self.ec2.authorize_security_group_ingress(GroupId=worker_group_id,IpPermissions=[{'IpProtocol':'tcp','FromPort':9001,'ToPort':9022,'UserIdGroupPairs':[{'GroupId':master_group_id}]}])
TR.info(methodName,"End authorize-security-group-ingress")
TR.info(methodName,"Done Pre requisite for Portworx Installation")