/**
* Loads IpRangeList from simple xml object
*
* @param \SimpleXMLElement $sxml
* @return IpRangeList Returns IpRangeList
*/
protected function _loadIpRangeList(\SimpleXMLElement $sxml)
{
$list = new IpRangeList();
$list->setEc2($this->ec2);
if (!empty($sxml->item)) {
foreach ($sxml->item as $v) {
$item = new IpRangeData($this->exist($v->cidrIp) ? (string) $v->cidrIp : null);
$item->setEc2($this->ec2);
$list->append($item);
unset($item);
}
}
return $list;
}
/**
* Gets the list of the security groups for the specified db server.
*
* If server does not have required security groups this method will create them.
*
* @param DBServer $DBServer The DB Server instance
* @param \Scalr\Service\Aws\Ec2 $ec2 Ec2 Client instance
* @param string $vpcId optional The ID of VPC
* @return array Returns array looks like array(groupid-1, groupid-2, ..., groupid-N)
*/
private function GetServerSecurityGroupsList(DBServer $DBServer, \Scalr\Service\Aws\Ec2 $ec2, $vpcId = "", \Scalr_Governance $governance = null)
{
$retval = array();
$checkGroups = array();
$sgGovernance = true;
$allowAdditionalSgs = true;
$vpcId = null;
if ($governance) {
$sgs = $governance->getValue(\SERVER_PLATFORMS::EUCALYPTUS, \Scalr_Governance::EUCALYPTUS_SECURITY_GROUPS);
if ($sgs !== null) {
$governanceSecurityGroups = @explode(",", $sgs);
if (!empty($governanceSecurityGroups)) {
foreach ($governanceSecurityGroups as $sg) {
if ($sg != '') {
array_push($checkGroups, trim($sg));
}
}
}
$sgGovernance = false;
$allowAdditionalSgs = $governance->getValue(\SERVER_PLATFORMS::EUCALYPTUS, \Scalr_Governance::EUCALYPTUS_SECURITY_GROUPS, 'allow_additional_sec_groups');
}
}
if (!$sgGovernance || $allowAdditionalSgs) {
if ($DBServer->farmRoleId != 0) {
$dbFarmRole = $DBServer->GetFarmRoleObject();
if ($dbFarmRole->GetSetting(DBFarmRole::SETTING_EUCA_SECURITY_GROUPS_LIST) !== null) {
// New SG management
$sgs = @json_decode($dbFarmRole->GetSetting(DBFarmRole::SETTING_EUCA_SECURITY_GROUPS_LIST));
if (!empty($sgs)) {
foreach ($sgs as $sg) {
if (stripos($sg, 'sg-') === 0) {
array_push($retval, $sg);
} else {
array_push($checkGroups, $sg);
}
}
}
}
} else {
array_push($checkGroups, 'scalr-rb-system');
}
}
// No name based security groups, return only SG ids.
if (empty($checkGroups)) {
return $retval;
}
// Filter groups
$filter = array(array('name' => SecurityGroupFilterNameType::groupName(), 'value' => $checkGroups));
// Get filtered list of SG required by scalr;
try {
$list = $ec2->securityGroup->describe(null, null, $filter);
$sgList = array();
foreach ($list as $sg) {
/* @var $sg \Scalr\Service\Aws\Ec2\DataType\SecurityGroupData */
if ($vpcId == '' && !$sg->vpcId || $vpcId && $sg->vpcId == $vpcId) {
$sgList[$sg->groupName] = $sg->groupId;
}
}
unset($list);
} catch (\Exception $e) {
throw new \Exception("Cannot get list of security groups (1): {$e->getMessage()}");
}
foreach ($checkGroups as $groupName) {
// Check default SG
if ($groupName == 'default') {
array_push($retval, $sgList[$groupName]);
// Check Roles builder SG
} elseif ($groupName == 'scalr-rb-system') {
if (!isset($sgList[$groupName])) {
try {
$securityGroupId = $ec2->securityGroup->create('scalr-rb-system', "Security group for Roles Builder", $vpcId);
$ipRangeList = new IpRangeList();
foreach (\Scalr::config('scalr.aws.ip_pool') as $ip) {
$ipRangeList->append(new IpRangeData($ip));
}
sleep(2);
$ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 22, 22, $ipRangeList), new IpPermissionData('tcp', 8008, 8013, $ipRangeList)), $securityGroupId);
$sgList['scalr-rb-system'] = $securityGroupId;
} catch (\Exception $e) {
throw new \Exception(sprintf(_("Cannot create security group '%s': %s"), 'scalr-rb-system', $e->getMessage()));
}
}
array_push($retval, $sgList[$groupName]);
//Check scalr-farm.* security group
} elseif (stripos($groupName, 'scalr-farm.') === 0) {
if (!isset($sgList[$groupName])) {
try {
$securityGroupId = $ec2->securityGroup->create($groupName, sprintf("Security group for FarmID N%s", $DBServer->farmId), $vpcId);
sleep(2);
$userIdGroupPairList = new UserIdGroupPairList(new UserIdGroupPairData($DBServer->GetEnvironmentObject()->getPlatformConfigValue(self::ACCOUNT_ID), null, $groupName));
$ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 0, 65535, null, $userIdGroupPairList), new IpPermissionData('udp', 0, 65535, null, $userIdGroupPairList)), $securityGroupId);
$sgList[$groupName] = $securityGroupId;
} catch (\Exception $e) {
throw new \Exception(sprintf(_("Cannot create security group '%s': %s"), $groupName, $e->getMessage()));
}
}
array_push($retval, $sgList[$groupName]);
//Check scalr-role.* security group
} elseif (stripos($groupName, 'scalr-role.') === 0) {
if (!isset($sgList[$groupName])) {
try {
$securityGroupId = $ec2->securityGroup->create($groupName, sprintf("Security group for FarmRoleID N%s on FarmID N%s", $DBServer->GetFarmRoleObject()->ID, $DBServer->farmId), $vpcId);
sleep(2);
// DB rules
$dbRules = $DBServer->GetFarmRoleObject()->GetRoleObject()->getSecurityRules();
$groupRules = array();
foreach ($dbRules as $rule) {
$groupRules[\Scalr_Util_CryptoTool::hash($rule['rule'])] = $rule;
}
// Behavior rules
foreach (\Scalr_Role_Behavior::getListForFarmRole($DBServer->GetFarmRoleObject()) as $bObj) {
$bRules = $bObj->getSecurityRules();
foreach ($bRules as $r) {
if ($r) {
$groupRules[\Scalr_Util_CryptoTool::hash($r)] = array('rule' => $r);
}
}
}
// Default rules
$userIdGroupPairList = new UserIdGroupPairList(new UserIdGroupPairData($DBServer->GetEnvironmentObject()->getPlatformConfigValue(self::ACCOUNT_ID), null, $groupName));
$rules = array(new IpPermissionData('tcp', 0, 65535, null, $userIdGroupPairList), new IpPermissionData('udp', 0, 65535, null, $userIdGroupPairList));
foreach ($groupRules as $rule) {
$group_rule = explode(":", $rule["rule"]);
$rules[] = new IpPermissionData($group_rule[0], $group_rule[1], $group_rule[2], new IpRangeData($group_rule[3]));
}
$ec2->securityGroup->authorizeIngress($rules, $securityGroupId);
$sgList[$groupName] = $securityGroupId;
} catch (\Exception $e) {
throw new \Exception(sprintf(_("Cannot create security group '%s': %s"), $groupName, $e->getMessage()));
}
}
array_push($retval, $sgList[$groupName]);
} elseif ($groupName == \Scalr::config('scalr.aws.security_group_name')) {
if (!isset($sgList[$groupName])) {
try {
$securityGroupId = $ec2->securityGroup->create($groupName, "Security rules needed by Scalr", $vpcId);
$ipRangeList = new IpRangeList();
foreach (\Scalr::config('scalr.aws.ip_pool') as $ip) {
$ipRangeList->append(new IpRangeData($ip));
}
// TODO: Open only FOR VPC ranges
$ipRangeList->append(new IpRangeData('10.0.0.0/8'));
sleep(2);
$ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 3306, 3306, $ipRangeList), new IpPermissionData('tcp', 8008, 8013, $ipRangeList), new IpPermissionData('udp', 8014, 8014, $ipRangeList)), $securityGroupId);
$sgList[$groupName] = $securityGroupId;
} catch (\Exception $e) {
throw new \Exception(sprintf(_("Cannot create security group '%s': %s"), $groupName, $e->getMessage()));
}
}
array_push($retval, $sgList[$groupName]);
} else {
if (!isset($sgList[$groupName])) {
throw new \Exception(sprintf(_("Security group '%s' is not found"), $groupName));
} else {
array_push($retval, $sgList[$groupName]);
}
}
}
return $retval;
}
/**
* Gets the list of the security groups for the specified db server.
*
* If server does not have required security groups this method will create them.
*
* @param DBServer $DBServer The DB Server instance
* @param \Scalr\Service\Aws\Ec2 $ec2 Ec2 Client instance
* @param string $vpcId optional The ID of VPC
* @param \Scalr_Governance $governance Governance
* @param string $osFamily optional OS family of the instance
* @return array Returns array looks like array(groupid-1, groupid-2, ..., groupid-N)
*/
private function GetServerSecurityGroupsList(DBServer $DBServer, \Scalr\Service\Aws\Ec2 $ec2, $vpcId = "", \Scalr_Governance $governance = null, $osFamily = null)
{
$retval = array();
$checkGroups = array();
$wildCardSgs = [];
$sgGovernance = false;
$allowAdditionalSgs = true;
$roleBuilderSgName = \Scalr::config('scalr.aws.security_group_name') . "-rb";
if ($governance && $DBServer->farmRoleId) {
$sgs = $governance->getValue(SERVER_PLATFORMS::EC2, \Scalr_Governance::AWS_SECURITY_GROUPS);
if ($osFamily == 'windows' && $governance->getValue(SERVER_PLATFORMS::EC2, \Scalr_Governance::AWS_SECURITY_GROUPS, 'windows')) {
$sgs = $governance->getValue(SERVER_PLATFORMS::EC2, \Scalr_Governance::AWS_SECURITY_GROUPS, 'windows');
}
if ($sgs !== null) {
$governanceSecurityGroups = @explode(",", $sgs);
if (!empty($governanceSecurityGroups)) {
foreach ($governanceSecurityGroups as $sg) {
if ($sg != '') {
array_push($checkGroups, trim($sg));
if (strpos($sg, '*') !== false) {
array_push($wildCardSgs, trim($sg));
}
}
}
}
if (!empty($checkGroups)) {
$sgGovernance = true;
}
$allowAdditionalSgs = $governance->getValue(SERVER_PLATFORMS::EC2, \Scalr_Governance::AWS_SECURITY_GROUPS, 'allow_additional_sec_groups');
}
}
if (!$sgGovernance || $allowAdditionalSgs) {
if ($DBServer->farmRoleId != 0) {
$dbFarmRole = $DBServer->GetFarmRoleObject();
if ($dbFarmRole->GetSetting(Entity\FarmRoleSetting::AWS_SECURITY_GROUPS_LIST) !== null) {
// New SG management
$sgs = @json_decode($dbFarmRole->GetSetting(Entity\FarmRoleSetting::AWS_SECURITY_GROUPS_LIST));
if (!empty($sgs)) {
foreach ($sgs as $sg) {
if (stripos($sg, 'sg-') === 0) {
array_push($retval, $sg);
} else {
array_push($checkGroups, $sg);
}
}
}
} else {
// Old SG management
array_push($checkGroups, 'default');
array_push($checkGroups, \Scalr::config('scalr.aws.security_group_name'));
if (!$vpcId) {
array_push($checkGroups, "scalr-farm.{$DBServer->farmId}");
array_push($checkGroups, "scalr-role.{$DBServer->farmRoleId}");
}
$additionalSgs = trim($dbFarmRole->GetSetting(Entity\FarmRoleSetting::AWS_SG_LIST));
if ($additionalSgs) {
$sgs = explode(",", $additionalSgs);
if (!empty($sgs)) {
foreach ($sgs as $sg) {
$sg = trim($sg);
if (stripos($sg, 'sg-') === 0) {
array_push($retval, $sg);
} else {
array_push($checkGroups, $sg);
}
}
}
}
}
} else {
array_push($checkGroups, $roleBuilderSgName);
}
}
// No name based security groups, return only SG ids.
if (empty($checkGroups)) {
return $retval;
}
// Filter groups
$filter = array(array('name' => SecurityGroupFilterNameType::groupName(), 'value' => $checkGroups));
// If instance run in VPC, add VPC filter
if ($vpcId != '') {
$filter[] = array('name' => SecurityGroupFilterNameType::vpcId(), 'value' => $vpcId);
}
// Get filtered list of SG required by scalr;
try {
$list = $ec2->securityGroup->describe(null, null, $filter);
$sgList = array();
foreach ($list as $sg) {
/* @var $sg \Scalr\Service\Aws\Ec2\DataType\SecurityGroupData */
if ($vpcId == '' && !$sg->vpcId || $vpcId && $sg->vpcId == $vpcId) {
$sgList[$sg->groupName] = $sg->groupId;
}
}
unset($list);
} catch (Exception $e) {
throw new Exception("Cannot get list of security groups (1): {$e->getMessage()}");
}
foreach ($checkGroups as $groupName) {
// Check default SG
if ($groupName == 'default') {
array_push($retval, $sgList[$groupName]);
// Check Roles builder SG
} elseif ($groupName == $roleBuilderSgName) {
if (!isset($sgList[$groupName])) {
try {
$securityGroupId = $ec2->securityGroup->create($roleBuilderSgName, "Security group for Roles Builder", $vpcId);
$ipRangeList = new IpRangeList();
foreach (\Scalr::config('scalr.aws.ip_pool') as $ip) {
$ipRangeList->append(new IpRangeData($ip));
}
sleep(2);
$ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 22, 22, $ipRangeList), new IpPermissionData('tcp', 8008, 8013, $ipRangeList)), $securityGroupId);
$sgList[$roleBuilderSgName] = $securityGroupId;
} catch (Exception $e) {
throw new Exception(sprintf(_("Cannot create security group '%s': %s"), $roleBuilderSgName, $e->getMessage()));
}
}
array_push($retval, $sgList[$groupName]);
//Check scalr-farm.* security group
} elseif (stripos($groupName, 'scalr-farm.') === 0) {
if (!isset($sgList[$groupName])) {
try {
$securityGroupId = $ec2->securityGroup->create($groupName, sprintf("Security group for FarmID N%s", $DBServer->farmId), $vpcId);
sleep(2);
$userIdGroupPairList = new UserIdGroupPairList(new UserIdGroupPairData($DBServer->GetEnvironmentObject()->keychain(SERVER_PLATFORMS::EC2)->properties[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID], null, $groupName));
$ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 0, 65535, null, $userIdGroupPairList), new IpPermissionData('udp', 0, 65535, null, $userIdGroupPairList)), $securityGroupId);
$sgList[$groupName] = $securityGroupId;
} catch (Exception $e) {
throw new Exception(sprintf(_("Cannot create security group '%s': %s"), $groupName, $e->getMessage()));
}
}
array_push($retval, $sgList[$groupName]);
//Check scalr-role.* security group
} elseif (stripos($groupName, 'scalr-role.') === 0) {
if (!isset($sgList[$groupName])) {
try {
$securityGroupId = $ec2->securityGroup->create($groupName, sprintf("Security group for FarmRoleID N%s on FarmID N%s", $DBServer->GetFarmRoleObject()->ID, $DBServer->farmId), $vpcId);
sleep(2);
// DB rules
$dbRules = $DBServer->GetFarmRoleObject()->GetRoleObject()->getSecurityRules();
$groupRules = array();
foreach ($dbRules as $rule) {
$groupRules[CryptoTool::hash($rule['rule'])] = $rule;
}
// Behavior rules
foreach (\Scalr_Role_Behavior::getListForFarmRole($DBServer->GetFarmRoleObject()) as $bObj) {
$bRules = $bObj->getSecurityRules();
foreach ($bRules as $r) {
if ($r) {
$groupRules[CryptoTool::hash($r)] = array('rule' => $r);
}
}
}
// Default rules
$userIdGroupPairList = new UserIdGroupPairList(new UserIdGroupPairData($DBServer->GetEnvironmentObject()->keychain(SERVER_PLATFORMS::EC2)->properties[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID], null, $groupName));
$rules = array(new IpPermissionData('tcp', 0, 65535, null, $userIdGroupPairList), new IpPermissionData('udp', 0, 65535, null, $userIdGroupPairList));
foreach ($groupRules as $rule) {
$group_rule = explode(":", $rule["rule"]);
$rules[] = new IpPermissionData($group_rule[0], $group_rule[1], $group_rule[2], new IpRangeData($group_rule[3]));
}
$ec2->securityGroup->authorizeIngress($rules, $securityGroupId);
$sgList[$groupName] = $securityGroupId;
} catch (Exception $e) {
throw new Exception(sprintf(_("Cannot create security group '%s': %s"), $groupName, $e->getMessage()));
}
}
array_push($retval, $sgList[$groupName]);
} elseif ($groupName == \Scalr::config('scalr.aws.security_group_name')) {
if (!isset($sgList[$groupName])) {
try {
$securityGroupId = $ec2->securityGroup->create($groupName, "Security rules needed by Scalr", $vpcId);
$ipRangeList = new IpRangeList();
foreach (\Scalr::config('scalr.aws.ip_pool') as $ip) {
$ipRangeList->append(new IpRangeData($ip));
}
// TODO: Open only FOR VPC ranges
$ipRangeList->append(new IpRangeData('10.0.0.0/8'));
sleep(2);
$ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 3306, 3306, $ipRangeList), new IpPermissionData('tcp', 8008, 8013, $ipRangeList), new IpPermissionData('udp', 8014, 8014, $ipRangeList)), $securityGroupId);
$sgList[$groupName] = $securityGroupId;
} catch (Exception $e) {
throw new Exception(sprintf(_("Cannot create security group '%s': %s"), $groupName, $e->getMessage()));
}
}
array_push($retval, $sgList[$groupName]);
} else {
if (!isset($sgList[$groupName])) {
if (!in_array($groupName, $wildCardSgs)) {
throw new Exception(sprintf(_("Security group '%s' is not found"), $groupName));
} else {
$wildCardMatchedSgs = [];
$groupNamePattern = \Scalr_Governance::convertAsteriskPatternToRegexp($groupName);
foreach ($sgList as $sgGroupName => $sgGroupId) {
if (preg_match($groupNamePattern, $sgGroupName) === 1) {
array_push($wildCardMatchedSgs, $sgGroupId);
}
}
if (empty($wildCardMatchedSgs)) {
throw new Exception(sprintf(_("Security group matched to pattern '%s' is not found."), $groupName));
} else {
if (count($wildCardMatchedSgs) > 1) {
throw new Exception(sprintf(_("There are more than one Security group matched to pattern '%s' found."), $groupName));
} else {
array_push($retval, $wildCardMatchedSgs[0]);
}
}
}
} else {
array_push($retval, $sgList[$groupName]);
}
}
}
return $retval;
}
public function onFarmSave(DBFarm $dbFarm, DBFarmRole $dbFarmRole)
{
$vpcId = $dbFarm->GetSetting(DBFarm::SETTING_EC2_VPC_ID);
if (!$vpcId) {
//REMOVE VPC RELATED SETTINGS
return;
}
if ($dbFarmRole->GetSetting(self::ROLE_VPC_ROUTER_CONFIGURED) == 1) {
// ALL OBJECTS ALREADY CONFIGURED
return true;
}
$aws = $dbFarm->GetEnvironmentObject()->aws($dbFarmRole->CloudLocation);
$filter = array(array('name' => SubnetFilterNameType::vpcId(), 'value' => $vpcId), array('name' => SubnetFilterNameType::tagKey(), 'value' => 'scalr-sn-type'), array('name' => SubnetFilterNameType::tagValue(), 'value' => self::INTERNET_ACCESS_FULL));
// Try to find scalr FULL subnet
$subnets = $aws->ec2->subnet->describe(null, $filter);
if ($subnets->count() > 0) {
$subnetId = $subnets->get(0)->subnetId;
}
if (!$subnetId) {
$platform = PlatformFactory::NewPlatform(SERVER_PLATFORMS::EC2);
$subnet = $platform->AllocateNewSubnet($aws->ec2, $vpcId, null);
$subnetId = $subnet->subnetId;
//ADD TAGS
try {
$subnet->createTags(array(array('key' => "scalr-id", 'value' => SCALR_ID), array('key' => "scalr-sn-type", 'value' => self::INTERNET_ACCESS_FULL), array('key' => "Name", 'value' => 'Scalr System Subnet')));
} catch (Exception $e) {
}
$routingTableId = $platform->getRoutingTable(self::INTERNET_ACCESS_FULL, $aws, null, $vpcId);
//Associate Routing table with subnet
$aws->ec2->routeTable->associate($routingTableId, $subnetId);
}
$niId = $dbFarmRole->GetSetting(self::ROLE_VPC_NID);
if (!$niId) {
//Create Network interface
$createNetworkInterfaceRequestData = new CreateNetworkInterfaceRequestData($subnetId);
// Check and create security group
$filter = array(array('name' => SecurityGroupFilterNameType::groupName(), 'value' => array('SCALR-VPC')), array('name' => SecurityGroupFilterNameType::vpcId(), 'value' => $vpcId));
try {
$list = $aws->ec2->securityGroup->describe(null, null, $filter);
if ($list->count() > 0 && $list->get(0)->groupName == 'SCALR-VPC') {
$sgId = $list->get(0)->groupId;
}
} catch (Exception $e) {
throw new Exception("Cannot get list of security groups (1): {$e->getMessage()}");
}
if (!$sgId) {
$sgId = $aws->ec2->securityGroup->create('SCALR-VPC', 'System SG for Scalr VPC integration', $vpcId);
$ipRangeList = new IpRangeList();
$ipRangeList->append(new IpRangeData('0.0.0.0/0'));
$ipRangeListLocal = new IpRangeList();
$ipRangeListLocal->append(new IpRangeData('10.0.0.0/8'));
$aws->ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 8008, 8013, $ipRangeList), new IpPermissionData('tcp', 80, 80, $ipRangeList), new IpPermissionData('tcp', 443, 443, $ipRangeList), new IpPermissionData('tcp', 0, 65535, $ipRangeListLocal), new IpPermissionData('udp', 0, 65535, $ipRangeListLocal)), $sgId);
}
$createNetworkInterfaceRequestData->setSecurityGroupId(array('groupId' => $sgId));
$networkInterface = $aws->ec2->networkInterface->create($createNetworkInterfaceRequestData);
// Disable sourceDeskCheck
$networkInterface->modifyAttribute(NetworkInterfaceAttributeType::sourceDestCheck(), 0);
$niId = $networkInterface->networkInterfaceId;
$dbFarmRole->SetSetting(self::ROLE_VPC_NID, $niId, DBFarmRole::TYPE_LCL);
try {
$networkInterface->createTags(array(array('key' => "scalr-id", 'value' => SCALR_ID), array('key' => "Name", 'value' => 'Scalr System ENI')));
} catch (Exception $e) {
}
}
// If there is no public IP allocate it and associate with NI
$publicIp = $dbFarmRole->GetSetting(self::ROLE_VPC_IP);
if ($niId && !$publicIp) {
$address = $aws->ec2->address->allocate('vpc');
$publicIp = $address->publicIp;
$dbFarmRole->SetSetting(self::ROLE_VPC_IP, $publicIp, DBFarmRole::TYPE_LCL);
$dbFarmRole->SetSetting(self::ROLE_VPC_AID, $address->allocationId, DBFarmRole::TYPE_LCL);
$associateAddressRequestData = new AssociateAddressRequestData();
$associateAddressRequestData->networkInterfaceId = $niId;
$associateAddressRequestData->allocationId = $address->allocationId;
//Associate PublicIP with NetworkInterface
$aws->ec2->address->associate($associateAddressRequestData);
}
$dbFarmRole->SetSetting(self::ROLE_VPC_ROUTER_CONFIGURED, 1, DBFarmRole::TYPE_LCL);
}
public function xCreateNetworkInterfaceAction()
{
$aws = $this->getEnvironment()->aws($this->getParam('cloudLocation'));
$ec2 = $aws->ec2;
try {
$subnetId = $this->getParam('subnetId');
$vpcId = $this->getParam('vpcId');
$vpcInfo = $ec2->vpc->describe($vpcId);
/* @var $vpc \Scalr\Service\Aws\Ec2\DataType\VpcData */
$vpc = $vpcInfo->get(0);
//Create Network interface
$createNetworkInterfaceRequestData = new CreateNetworkInterfaceRequestData($subnetId);
$routerSgName = Scalr::config('scalr.aws.security_group_prefix') . 'vpc-router';
// Check and create security group
$filter = array(array('name' => SecurityGroupFilterNameType::groupName(), 'value' => array($routerSgName, 'SCALR-VPC')), array('name' => SecurityGroupFilterNameType::vpcId(), 'value' => $vpcId));
try {
$list = $ec2->securityGroup->describe(null, null, $filter);
if ($list->count() > 0 && in_array($list->get(0)->groupName, array('SCALR-VPC', $routerSgName))) {
$sgId = $list->get(0)->groupId;
}
} catch (Exception $e) {
throw new Exception("Cannot get list of security groups (1): {$e->getMessage()}");
}
if (!$sgId) {
$sgId = $aws->ec2->securityGroup->create($routerSgName, 'System SG for Scalr VPC integration', $vpcId);
$ipRangeList = new IpRangeList();
$ipRangeList->append(new IpRangeData('0.0.0.0/0'));
$ipRangeListLocal = new IpRangeList();
$ipRangeListLocal->append(new IpRangeData($vpc->cidrBlock));
$attempts = 0;
while (true) {
$attempts++;
try {
$aws->ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 8008, 8013, $ipRangeList), new IpPermissionData('tcp', 80, 80, $ipRangeList), new IpPermissionData('tcp', 443, 443, $ipRangeList), new IpPermissionData('tcp', 0, 65535, $ipRangeListLocal), new IpPermissionData('udp', 0, 65535, $ipRangeListLocal)), $sgId);
break;
} catch (Exception $e) {
if ($attempts >= 3) {
throw $e;
} else {
sleep(1);
}
}
}
}
$createNetworkInterfaceRequestData->setSecurityGroupId(array('groupId' => $sgId));
$networkInterface = $ec2->networkInterface->create($createNetworkInterfaceRequestData);
// Disable sourceDeskCheck
$networkInterface->modifyAttribute(NetworkInterfaceAttributeType::sourceDestCheck(), 0);
$niId = $networkInterface->networkInterfaceId;
$attemptsCounter = 0;
while (true) {
try {
$networkInterface->createTags(array(array('key' => "scalr-id", 'value' => SCALR_ID), array('key' => "Name", 'value' => "VPC Router ENI")));
break;
} catch (Exception $e) {
$attemptsCounter++;
if ($attemptsCounter < 5) {
sleep(1);
continue;
} else {
throw new Exception($e->getMessage());
}
}
break;
}
//ASSOCIATE PUBLIC IP
$address = $ec2->address->allocate('vpc');
$publicIp = $address->publicIp;
$associateAddressRequestData = new AssociateAddressRequestData();
$associateAddressRequestData->networkInterfaceId = $niId;
$associateAddressRequestData->allocationId = $address->allocationId;
$associateAddressRequestData->allowReassociation = true;
//Associate PublicIP with NetworkInterface
$ec2->address->associate($associateAddressRequestData);
} catch (Exception $e) {
if ($niId) {
$ec2->networkInterface->delete($niId);
}
if ($publicIp) {
$ec2->address->release(null, $address->allocationId);
}
throw $e;
}
$this->response->success('Network interface successfully created');
$this->response->data(array('ni' => array('id' => $niId, 'publicIp' => $publicIp)));
}