Beispiel #1
0
 /**
  * Loads IpRangeList from simple xml object
  *
  * @param   \SimpleXMLElement $sxml
  * @return  IpRangeList  Returns IpRangeList
  */
 protected function _loadIpRangeList(\SimpleXMLElement $sxml)
 {
     $list = new IpRangeList();
     $list->setEc2($this->ec2);
     if (!empty($sxml->item)) {
         foreach ($sxml->item as $v) {
             $item = new IpRangeData($this->exist($v->cidrIp) ? (string) $v->cidrIp : null);
             $item->setEc2($this->ec2);
             $list->append($item);
             unset($item);
         }
     }
     return $list;
 }
 /**
  * Gets the list of the security groups for the specified db server.
  *
  * If server does not have required security groups this method will create them.
  *
  * @param   DBServer               $DBServer The DB Server instance
  * @param   \Scalr\Service\Aws\Ec2 $ec2      Ec2 Client instance
  * @param   string                 $vpcId    optional The ID of VPC
  * @return  array  Returns array looks like array(groupid-1, groupid-2, ..., groupid-N)
  */
 private function GetServerSecurityGroupsList(DBServer $DBServer, \Scalr\Service\Aws\Ec2 $ec2, $vpcId = "", \Scalr_Governance $governance = null)
 {
     $retval = array();
     $checkGroups = array();
     $sgGovernance = true;
     $allowAdditionalSgs = true;
     $vpcId = null;
     if ($governance) {
         $sgs = $governance->getValue(\SERVER_PLATFORMS::EUCALYPTUS, \Scalr_Governance::EUCALYPTUS_SECURITY_GROUPS);
         if ($sgs !== null) {
             $governanceSecurityGroups = @explode(",", $sgs);
             if (!empty($governanceSecurityGroups)) {
                 foreach ($governanceSecurityGroups as $sg) {
                     if ($sg != '') {
                         array_push($checkGroups, trim($sg));
                     }
                 }
             }
             $sgGovernance = false;
             $allowAdditionalSgs = $governance->getValue(\SERVER_PLATFORMS::EUCALYPTUS, \Scalr_Governance::EUCALYPTUS_SECURITY_GROUPS, 'allow_additional_sec_groups');
         }
     }
     if (!$sgGovernance || $allowAdditionalSgs) {
         if ($DBServer->farmRoleId != 0) {
             $dbFarmRole = $DBServer->GetFarmRoleObject();
             if ($dbFarmRole->GetSetting(DBFarmRole::SETTING_EUCA_SECURITY_GROUPS_LIST) !== null) {
                 // New SG management
                 $sgs = @json_decode($dbFarmRole->GetSetting(DBFarmRole::SETTING_EUCA_SECURITY_GROUPS_LIST));
                 if (!empty($sgs)) {
                     foreach ($sgs as $sg) {
                         if (stripos($sg, 'sg-') === 0) {
                             array_push($retval, $sg);
                         } else {
                             array_push($checkGroups, $sg);
                         }
                     }
                 }
             }
         } else {
             array_push($checkGroups, 'scalr-rb-system');
         }
     }
     // No name based security groups, return only SG ids.
     if (empty($checkGroups)) {
         return $retval;
     }
     // Filter groups
     $filter = array(array('name' => SecurityGroupFilterNameType::groupName(), 'value' => $checkGroups));
     // Get filtered list of SG required by scalr;
     try {
         $list = $ec2->securityGroup->describe(null, null, $filter);
         $sgList = array();
         foreach ($list as $sg) {
             /* @var $sg \Scalr\Service\Aws\Ec2\DataType\SecurityGroupData */
             if ($vpcId == '' && !$sg->vpcId || $vpcId && $sg->vpcId == $vpcId) {
                 $sgList[$sg->groupName] = $sg->groupId;
             }
         }
         unset($list);
     } catch (\Exception $e) {
         throw new \Exception("Cannot get list of security groups (1): {$e->getMessage()}");
     }
     foreach ($checkGroups as $groupName) {
         // Check default SG
         if ($groupName == 'default') {
             array_push($retval, $sgList[$groupName]);
             // Check Roles builder SG
         } elseif ($groupName == 'scalr-rb-system') {
             if (!isset($sgList[$groupName])) {
                 try {
                     $securityGroupId = $ec2->securityGroup->create('scalr-rb-system', "Security group for Roles Builder", $vpcId);
                     $ipRangeList = new IpRangeList();
                     foreach (\Scalr::config('scalr.aws.ip_pool') as $ip) {
                         $ipRangeList->append(new IpRangeData($ip));
                     }
                     sleep(2);
                     $ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 22, 22, $ipRangeList), new IpPermissionData('tcp', 8008, 8013, $ipRangeList)), $securityGroupId);
                     $sgList['scalr-rb-system'] = $securityGroupId;
                 } catch (\Exception $e) {
                     throw new \Exception(sprintf(_("Cannot create security group '%s': %s"), 'scalr-rb-system', $e->getMessage()));
                 }
             }
             array_push($retval, $sgList[$groupName]);
             //Check scalr-farm.* security group
         } elseif (stripos($groupName, 'scalr-farm.') === 0) {
             if (!isset($sgList[$groupName])) {
                 try {
                     $securityGroupId = $ec2->securityGroup->create($groupName, sprintf("Security group for FarmID N%s", $DBServer->farmId), $vpcId);
                     sleep(2);
                     $userIdGroupPairList = new UserIdGroupPairList(new UserIdGroupPairData($DBServer->GetEnvironmentObject()->getPlatformConfigValue(self::ACCOUNT_ID), null, $groupName));
                     $ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 0, 65535, null, $userIdGroupPairList), new IpPermissionData('udp', 0, 65535, null, $userIdGroupPairList)), $securityGroupId);
                     $sgList[$groupName] = $securityGroupId;
                 } catch (\Exception $e) {
                     throw new \Exception(sprintf(_("Cannot create security group '%s': %s"), $groupName, $e->getMessage()));
                 }
             }
             array_push($retval, $sgList[$groupName]);
             //Check scalr-role.* security group
         } elseif (stripos($groupName, 'scalr-role.') === 0) {
             if (!isset($sgList[$groupName])) {
                 try {
                     $securityGroupId = $ec2->securityGroup->create($groupName, sprintf("Security group for FarmRoleID N%s on FarmID N%s", $DBServer->GetFarmRoleObject()->ID, $DBServer->farmId), $vpcId);
                     sleep(2);
                     // DB rules
                     $dbRules = $DBServer->GetFarmRoleObject()->GetRoleObject()->getSecurityRules();
                     $groupRules = array();
                     foreach ($dbRules as $rule) {
                         $groupRules[\Scalr_Util_CryptoTool::hash($rule['rule'])] = $rule;
                     }
                     // Behavior rules
                     foreach (\Scalr_Role_Behavior::getListForFarmRole($DBServer->GetFarmRoleObject()) as $bObj) {
                         $bRules = $bObj->getSecurityRules();
                         foreach ($bRules as $r) {
                             if ($r) {
                                 $groupRules[\Scalr_Util_CryptoTool::hash($r)] = array('rule' => $r);
                             }
                         }
                     }
                     // Default rules
                     $userIdGroupPairList = new UserIdGroupPairList(new UserIdGroupPairData($DBServer->GetEnvironmentObject()->getPlatformConfigValue(self::ACCOUNT_ID), null, $groupName));
                     $rules = array(new IpPermissionData('tcp', 0, 65535, null, $userIdGroupPairList), new IpPermissionData('udp', 0, 65535, null, $userIdGroupPairList));
                     foreach ($groupRules as $rule) {
                         $group_rule = explode(":", $rule["rule"]);
                         $rules[] = new IpPermissionData($group_rule[0], $group_rule[1], $group_rule[2], new IpRangeData($group_rule[3]));
                     }
                     $ec2->securityGroup->authorizeIngress($rules, $securityGroupId);
                     $sgList[$groupName] = $securityGroupId;
                 } catch (\Exception $e) {
                     throw new \Exception(sprintf(_("Cannot create security group '%s': %s"), $groupName, $e->getMessage()));
                 }
             }
             array_push($retval, $sgList[$groupName]);
         } elseif ($groupName == \Scalr::config('scalr.aws.security_group_name')) {
             if (!isset($sgList[$groupName])) {
                 try {
                     $securityGroupId = $ec2->securityGroup->create($groupName, "Security rules needed by Scalr", $vpcId);
                     $ipRangeList = new IpRangeList();
                     foreach (\Scalr::config('scalr.aws.ip_pool') as $ip) {
                         $ipRangeList->append(new IpRangeData($ip));
                     }
                     // TODO: Open only FOR VPC ranges
                     $ipRangeList->append(new IpRangeData('10.0.0.0/8'));
                     sleep(2);
                     $ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 3306, 3306, $ipRangeList), new IpPermissionData('tcp', 8008, 8013, $ipRangeList), new IpPermissionData('udp', 8014, 8014, $ipRangeList)), $securityGroupId);
                     $sgList[$groupName] = $securityGroupId;
                 } catch (\Exception $e) {
                     throw new \Exception(sprintf(_("Cannot create security group '%s': %s"), $groupName, $e->getMessage()));
                 }
             }
             array_push($retval, $sgList[$groupName]);
         } else {
             if (!isset($sgList[$groupName])) {
                 throw new \Exception(sprintf(_("Security group '%s' is not found"), $groupName));
             } else {
                 array_push($retval, $sgList[$groupName]);
             }
         }
     }
     return $retval;
 }
Beispiel #3
0
 /**
  * Gets the list of the security groups for the specified db server.
  *
  * If server does not have required security groups this method will create them.
  *
  * @param   DBServer               $DBServer    The DB Server instance
  * @param   \Scalr\Service\Aws\Ec2 $ec2         Ec2 Client instance
  * @param   string                 $vpcId       optional The ID of VPC
  * @param   \Scalr_Governance      $governance  Governance
  * @param   string                 $osFamily    optional OS family of the instance
  * @return  array  Returns array looks like array(groupid-1, groupid-2, ..., groupid-N)
  */
 private function GetServerSecurityGroupsList(DBServer $DBServer, \Scalr\Service\Aws\Ec2 $ec2, $vpcId = "", \Scalr_Governance $governance = null, $osFamily = null)
 {
     $retval = array();
     $checkGroups = array();
     $wildCardSgs = [];
     $sgGovernance = false;
     $allowAdditionalSgs = true;
     $roleBuilderSgName = \Scalr::config('scalr.aws.security_group_name') . "-rb";
     if ($governance && $DBServer->farmRoleId) {
         $sgs = $governance->getValue(SERVER_PLATFORMS::EC2, \Scalr_Governance::AWS_SECURITY_GROUPS);
         if ($osFamily == 'windows' && $governance->getValue(SERVER_PLATFORMS::EC2, \Scalr_Governance::AWS_SECURITY_GROUPS, 'windows')) {
             $sgs = $governance->getValue(SERVER_PLATFORMS::EC2, \Scalr_Governance::AWS_SECURITY_GROUPS, 'windows');
         }
         if ($sgs !== null) {
             $governanceSecurityGroups = @explode(",", $sgs);
             if (!empty($governanceSecurityGroups)) {
                 foreach ($governanceSecurityGroups as $sg) {
                     if ($sg != '') {
                         array_push($checkGroups, trim($sg));
                         if (strpos($sg, '*') !== false) {
                             array_push($wildCardSgs, trim($sg));
                         }
                     }
                 }
             }
             if (!empty($checkGroups)) {
                 $sgGovernance = true;
             }
             $allowAdditionalSgs = $governance->getValue(SERVER_PLATFORMS::EC2, \Scalr_Governance::AWS_SECURITY_GROUPS, 'allow_additional_sec_groups');
         }
     }
     if (!$sgGovernance || $allowAdditionalSgs) {
         if ($DBServer->farmRoleId != 0) {
             $dbFarmRole = $DBServer->GetFarmRoleObject();
             if ($dbFarmRole->GetSetting(Entity\FarmRoleSetting::AWS_SECURITY_GROUPS_LIST) !== null) {
                 // New SG management
                 $sgs = @json_decode($dbFarmRole->GetSetting(Entity\FarmRoleSetting::AWS_SECURITY_GROUPS_LIST));
                 if (!empty($sgs)) {
                     foreach ($sgs as $sg) {
                         if (stripos($sg, 'sg-') === 0) {
                             array_push($retval, $sg);
                         } else {
                             array_push($checkGroups, $sg);
                         }
                     }
                 }
             } else {
                 // Old SG management
                 array_push($checkGroups, 'default');
                 array_push($checkGroups, \Scalr::config('scalr.aws.security_group_name'));
                 if (!$vpcId) {
                     array_push($checkGroups, "scalr-farm.{$DBServer->farmId}");
                     array_push($checkGroups, "scalr-role.{$DBServer->farmRoleId}");
                 }
                 $additionalSgs = trim($dbFarmRole->GetSetting(Entity\FarmRoleSetting::AWS_SG_LIST));
                 if ($additionalSgs) {
                     $sgs = explode(",", $additionalSgs);
                     if (!empty($sgs)) {
                         foreach ($sgs as $sg) {
                             $sg = trim($sg);
                             if (stripos($sg, 'sg-') === 0) {
                                 array_push($retval, $sg);
                             } else {
                                 array_push($checkGroups, $sg);
                             }
                         }
                     }
                 }
             }
         } else {
             array_push($checkGroups, $roleBuilderSgName);
         }
     }
     // No name based security groups, return only SG ids.
     if (empty($checkGroups)) {
         return $retval;
     }
     // Filter groups
     $filter = array(array('name' => SecurityGroupFilterNameType::groupName(), 'value' => $checkGroups));
     // If instance run in VPC, add VPC filter
     if ($vpcId != '') {
         $filter[] = array('name' => SecurityGroupFilterNameType::vpcId(), 'value' => $vpcId);
     }
     // Get filtered list of SG required by scalr;
     try {
         $list = $ec2->securityGroup->describe(null, null, $filter);
         $sgList = array();
         foreach ($list as $sg) {
             /* @var $sg \Scalr\Service\Aws\Ec2\DataType\SecurityGroupData */
             if ($vpcId == '' && !$sg->vpcId || $vpcId && $sg->vpcId == $vpcId) {
                 $sgList[$sg->groupName] = $sg->groupId;
             }
         }
         unset($list);
     } catch (Exception $e) {
         throw new Exception("Cannot get list of security groups (1): {$e->getMessage()}");
     }
     foreach ($checkGroups as $groupName) {
         // Check default SG
         if ($groupName == 'default') {
             array_push($retval, $sgList[$groupName]);
             // Check Roles builder SG
         } elseif ($groupName == $roleBuilderSgName) {
             if (!isset($sgList[$groupName])) {
                 try {
                     $securityGroupId = $ec2->securityGroup->create($roleBuilderSgName, "Security group for Roles Builder", $vpcId);
                     $ipRangeList = new IpRangeList();
                     foreach (\Scalr::config('scalr.aws.ip_pool') as $ip) {
                         $ipRangeList->append(new IpRangeData($ip));
                     }
                     sleep(2);
                     $ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 22, 22, $ipRangeList), new IpPermissionData('tcp', 8008, 8013, $ipRangeList)), $securityGroupId);
                     $sgList[$roleBuilderSgName] = $securityGroupId;
                 } catch (Exception $e) {
                     throw new Exception(sprintf(_("Cannot create security group '%s': %s"), $roleBuilderSgName, $e->getMessage()));
                 }
             }
             array_push($retval, $sgList[$groupName]);
             //Check scalr-farm.* security group
         } elseif (stripos($groupName, 'scalr-farm.') === 0) {
             if (!isset($sgList[$groupName])) {
                 try {
                     $securityGroupId = $ec2->securityGroup->create($groupName, sprintf("Security group for FarmID N%s", $DBServer->farmId), $vpcId);
                     sleep(2);
                     $userIdGroupPairList = new UserIdGroupPairList(new UserIdGroupPairData($DBServer->GetEnvironmentObject()->keychain(SERVER_PLATFORMS::EC2)->properties[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID], null, $groupName));
                     $ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 0, 65535, null, $userIdGroupPairList), new IpPermissionData('udp', 0, 65535, null, $userIdGroupPairList)), $securityGroupId);
                     $sgList[$groupName] = $securityGroupId;
                 } catch (Exception $e) {
                     throw new Exception(sprintf(_("Cannot create security group '%s': %s"), $groupName, $e->getMessage()));
                 }
             }
             array_push($retval, $sgList[$groupName]);
             //Check scalr-role.* security group
         } elseif (stripos($groupName, 'scalr-role.') === 0) {
             if (!isset($sgList[$groupName])) {
                 try {
                     $securityGroupId = $ec2->securityGroup->create($groupName, sprintf("Security group for FarmRoleID N%s on FarmID N%s", $DBServer->GetFarmRoleObject()->ID, $DBServer->farmId), $vpcId);
                     sleep(2);
                     // DB rules
                     $dbRules = $DBServer->GetFarmRoleObject()->GetRoleObject()->getSecurityRules();
                     $groupRules = array();
                     foreach ($dbRules as $rule) {
                         $groupRules[CryptoTool::hash($rule['rule'])] = $rule;
                     }
                     // Behavior rules
                     foreach (\Scalr_Role_Behavior::getListForFarmRole($DBServer->GetFarmRoleObject()) as $bObj) {
                         $bRules = $bObj->getSecurityRules();
                         foreach ($bRules as $r) {
                             if ($r) {
                                 $groupRules[CryptoTool::hash($r)] = array('rule' => $r);
                             }
                         }
                     }
                     // Default rules
                     $userIdGroupPairList = new UserIdGroupPairList(new UserIdGroupPairData($DBServer->GetEnvironmentObject()->keychain(SERVER_PLATFORMS::EC2)->properties[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID], null, $groupName));
                     $rules = array(new IpPermissionData('tcp', 0, 65535, null, $userIdGroupPairList), new IpPermissionData('udp', 0, 65535, null, $userIdGroupPairList));
                     foreach ($groupRules as $rule) {
                         $group_rule = explode(":", $rule["rule"]);
                         $rules[] = new IpPermissionData($group_rule[0], $group_rule[1], $group_rule[2], new IpRangeData($group_rule[3]));
                     }
                     $ec2->securityGroup->authorizeIngress($rules, $securityGroupId);
                     $sgList[$groupName] = $securityGroupId;
                 } catch (Exception $e) {
                     throw new Exception(sprintf(_("Cannot create security group '%s': %s"), $groupName, $e->getMessage()));
                 }
             }
             array_push($retval, $sgList[$groupName]);
         } elseif ($groupName == \Scalr::config('scalr.aws.security_group_name')) {
             if (!isset($sgList[$groupName])) {
                 try {
                     $securityGroupId = $ec2->securityGroup->create($groupName, "Security rules needed by Scalr", $vpcId);
                     $ipRangeList = new IpRangeList();
                     foreach (\Scalr::config('scalr.aws.ip_pool') as $ip) {
                         $ipRangeList->append(new IpRangeData($ip));
                     }
                     // TODO: Open only FOR VPC ranges
                     $ipRangeList->append(new IpRangeData('10.0.0.0/8'));
                     sleep(2);
                     $ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 3306, 3306, $ipRangeList), new IpPermissionData('tcp', 8008, 8013, $ipRangeList), new IpPermissionData('udp', 8014, 8014, $ipRangeList)), $securityGroupId);
                     $sgList[$groupName] = $securityGroupId;
                 } catch (Exception $e) {
                     throw new Exception(sprintf(_("Cannot create security group '%s': %s"), $groupName, $e->getMessage()));
                 }
             }
             array_push($retval, $sgList[$groupName]);
         } else {
             if (!isset($sgList[$groupName])) {
                 if (!in_array($groupName, $wildCardSgs)) {
                     throw new Exception(sprintf(_("Security group '%s' is not found"), $groupName));
                 } else {
                     $wildCardMatchedSgs = [];
                     $groupNamePattern = \Scalr_Governance::convertAsteriskPatternToRegexp($groupName);
                     foreach ($sgList as $sgGroupName => $sgGroupId) {
                         if (preg_match($groupNamePattern, $sgGroupName) === 1) {
                             array_push($wildCardMatchedSgs, $sgGroupId);
                         }
                     }
                     if (empty($wildCardMatchedSgs)) {
                         throw new Exception(sprintf(_("Security group matched to pattern '%s' is not found."), $groupName));
                     } else {
                         if (count($wildCardMatchedSgs) > 1) {
                             throw new Exception(sprintf(_("There are more than one Security group matched to pattern '%s' found."), $groupName));
                         } else {
                             array_push($retval, $wildCardMatchedSgs[0]);
                         }
                     }
                 }
             } else {
                 array_push($retval, $sgList[$groupName]);
             }
         }
     }
     return $retval;
 }
Beispiel #4
0
 public function onFarmSave(DBFarm $dbFarm, DBFarmRole $dbFarmRole)
 {
     $vpcId = $dbFarm->GetSetting(DBFarm::SETTING_EC2_VPC_ID);
     if (!$vpcId) {
         //REMOVE VPC RELATED SETTINGS
         return;
     }
     if ($dbFarmRole->GetSetting(self::ROLE_VPC_ROUTER_CONFIGURED) == 1) {
         // ALL OBJECTS ALREADY CONFIGURED
         return true;
     }
     $aws = $dbFarm->GetEnvironmentObject()->aws($dbFarmRole->CloudLocation);
     $filter = array(array('name' => SubnetFilterNameType::vpcId(), 'value' => $vpcId), array('name' => SubnetFilterNameType::tagKey(), 'value' => 'scalr-sn-type'), array('name' => SubnetFilterNameType::tagValue(), 'value' => self::INTERNET_ACCESS_FULL));
     // Try to find scalr FULL subnet
     $subnets = $aws->ec2->subnet->describe(null, $filter);
     if ($subnets->count() > 0) {
         $subnetId = $subnets->get(0)->subnetId;
     }
     if (!$subnetId) {
         $platform = PlatformFactory::NewPlatform(SERVER_PLATFORMS::EC2);
         $subnet = $platform->AllocateNewSubnet($aws->ec2, $vpcId, null);
         $subnetId = $subnet->subnetId;
         //ADD TAGS
         try {
             $subnet->createTags(array(array('key' => "scalr-id", 'value' => SCALR_ID), array('key' => "scalr-sn-type", 'value' => self::INTERNET_ACCESS_FULL), array('key' => "Name", 'value' => 'Scalr System Subnet')));
         } catch (Exception $e) {
         }
         $routingTableId = $platform->getRoutingTable(self::INTERNET_ACCESS_FULL, $aws, null, $vpcId);
         //Associate Routing table with subnet
         $aws->ec2->routeTable->associate($routingTableId, $subnetId);
     }
     $niId = $dbFarmRole->GetSetting(self::ROLE_VPC_NID);
     if (!$niId) {
         //Create Network interface
         $createNetworkInterfaceRequestData = new CreateNetworkInterfaceRequestData($subnetId);
         // Check and create security group
         $filter = array(array('name' => SecurityGroupFilterNameType::groupName(), 'value' => array('SCALR-VPC')), array('name' => SecurityGroupFilterNameType::vpcId(), 'value' => $vpcId));
         try {
             $list = $aws->ec2->securityGroup->describe(null, null, $filter);
             if ($list->count() > 0 && $list->get(0)->groupName == 'SCALR-VPC') {
                 $sgId = $list->get(0)->groupId;
             }
         } catch (Exception $e) {
             throw new Exception("Cannot get list of security groups (1): {$e->getMessage()}");
         }
         if (!$sgId) {
             $sgId = $aws->ec2->securityGroup->create('SCALR-VPC', 'System SG for Scalr VPC integration', $vpcId);
             $ipRangeList = new IpRangeList();
             $ipRangeList->append(new IpRangeData('0.0.0.0/0'));
             $ipRangeListLocal = new IpRangeList();
             $ipRangeListLocal->append(new IpRangeData('10.0.0.0/8'));
             $aws->ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 8008, 8013, $ipRangeList), new IpPermissionData('tcp', 80, 80, $ipRangeList), new IpPermissionData('tcp', 443, 443, $ipRangeList), new IpPermissionData('tcp', 0, 65535, $ipRangeListLocal), new IpPermissionData('udp', 0, 65535, $ipRangeListLocal)), $sgId);
         }
         $createNetworkInterfaceRequestData->setSecurityGroupId(array('groupId' => $sgId));
         $networkInterface = $aws->ec2->networkInterface->create($createNetworkInterfaceRequestData);
         // Disable sourceDeskCheck
         $networkInterface->modifyAttribute(NetworkInterfaceAttributeType::sourceDestCheck(), 0);
         $niId = $networkInterface->networkInterfaceId;
         $dbFarmRole->SetSetting(self::ROLE_VPC_NID, $niId, DBFarmRole::TYPE_LCL);
         try {
             $networkInterface->createTags(array(array('key' => "scalr-id", 'value' => SCALR_ID), array('key' => "Name", 'value' => 'Scalr System ENI')));
         } catch (Exception $e) {
         }
     }
     // If there is no public IP allocate it and associate with NI
     $publicIp = $dbFarmRole->GetSetting(self::ROLE_VPC_IP);
     if ($niId && !$publicIp) {
         $address = $aws->ec2->address->allocate('vpc');
         $publicIp = $address->publicIp;
         $dbFarmRole->SetSetting(self::ROLE_VPC_IP, $publicIp, DBFarmRole::TYPE_LCL);
         $dbFarmRole->SetSetting(self::ROLE_VPC_AID, $address->allocationId, DBFarmRole::TYPE_LCL);
         $associateAddressRequestData = new AssociateAddressRequestData();
         $associateAddressRequestData->networkInterfaceId = $niId;
         $associateAddressRequestData->allocationId = $address->allocationId;
         //Associate PublicIP with NetworkInterface
         $aws->ec2->address->associate($associateAddressRequestData);
     }
     $dbFarmRole->SetSetting(self::ROLE_VPC_ROUTER_CONFIGURED, 1, DBFarmRole::TYPE_LCL);
 }
Beispiel #5
0
 public function xCreateNetworkInterfaceAction()
 {
     $aws = $this->getEnvironment()->aws($this->getParam('cloudLocation'));
     $ec2 = $aws->ec2;
     try {
         $subnetId = $this->getParam('subnetId');
         $vpcId = $this->getParam('vpcId');
         $vpcInfo = $ec2->vpc->describe($vpcId);
         /* @var $vpc \Scalr\Service\Aws\Ec2\DataType\VpcData */
         $vpc = $vpcInfo->get(0);
         //Create Network interface
         $createNetworkInterfaceRequestData = new CreateNetworkInterfaceRequestData($subnetId);
         $routerSgName = Scalr::config('scalr.aws.security_group_prefix') . 'vpc-router';
         // Check and create security group
         $filter = array(array('name' => SecurityGroupFilterNameType::groupName(), 'value' => array($routerSgName, 'SCALR-VPC')), array('name' => SecurityGroupFilterNameType::vpcId(), 'value' => $vpcId));
         try {
             $list = $ec2->securityGroup->describe(null, null, $filter);
             if ($list->count() > 0 && in_array($list->get(0)->groupName, array('SCALR-VPC', $routerSgName))) {
                 $sgId = $list->get(0)->groupId;
             }
         } catch (Exception $e) {
             throw new Exception("Cannot get list of security groups (1): {$e->getMessage()}");
         }
         if (!$sgId) {
             $sgId = $aws->ec2->securityGroup->create($routerSgName, 'System SG for Scalr VPC integration', $vpcId);
             $ipRangeList = new IpRangeList();
             $ipRangeList->append(new IpRangeData('0.0.0.0/0'));
             $ipRangeListLocal = new IpRangeList();
             $ipRangeListLocal->append(new IpRangeData($vpc->cidrBlock));
             $attempts = 0;
             while (true) {
                 $attempts++;
                 try {
                     $aws->ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 8008, 8013, $ipRangeList), new IpPermissionData('tcp', 80, 80, $ipRangeList), new IpPermissionData('tcp', 443, 443, $ipRangeList), new IpPermissionData('tcp', 0, 65535, $ipRangeListLocal), new IpPermissionData('udp', 0, 65535, $ipRangeListLocal)), $sgId);
                     break;
                 } catch (Exception $e) {
                     if ($attempts >= 3) {
                         throw $e;
                     } else {
                         sleep(1);
                     }
                 }
             }
         }
         $createNetworkInterfaceRequestData->setSecurityGroupId(array('groupId' => $sgId));
         $networkInterface = $ec2->networkInterface->create($createNetworkInterfaceRequestData);
         // Disable sourceDeskCheck
         $networkInterface->modifyAttribute(NetworkInterfaceAttributeType::sourceDestCheck(), 0);
         $niId = $networkInterface->networkInterfaceId;
         $attemptsCounter = 0;
         while (true) {
             try {
                 $networkInterface->createTags(array(array('key' => "scalr-id", 'value' => SCALR_ID), array('key' => "Name", 'value' => "VPC Router ENI")));
                 break;
             } catch (Exception $e) {
                 $attemptsCounter++;
                 if ($attemptsCounter < 5) {
                     sleep(1);
                     continue;
                 } else {
                     throw new Exception($e->getMessage());
                 }
             }
             break;
         }
         //ASSOCIATE PUBLIC IP
         $address = $ec2->address->allocate('vpc');
         $publicIp = $address->publicIp;
         $associateAddressRequestData = new AssociateAddressRequestData();
         $associateAddressRequestData->networkInterfaceId = $niId;
         $associateAddressRequestData->allocationId = $address->allocationId;
         $associateAddressRequestData->allowReassociation = true;
         //Associate PublicIP with NetworkInterface
         $ec2->address->associate($associateAddressRequestData);
     } catch (Exception $e) {
         if ($niId) {
             $ec2->networkInterface->delete($niId);
         }
         if ($publicIp) {
             $ec2->address->release(null, $address->allocationId);
         }
         throw $e;
     }
     $this->response->success('Network interface successfully created');
     $this->response->data(array('ni' => array('id' => $niId, 'publicIp' => $publicIp)));
 }