public function onFarmSave(DBFarm $dbFarm, DBFarmRole $dbFarmRole)
{
$vpcId = $dbFarm->GetSetting(DBFarm::SETTING_EC2_VPC_ID);
if (!$vpcId) {
//REMOVE VPC RELATED SETTINGS
return;
}
if ($dbFarmRole->GetSetting(self::ROLE_VPC_ROUTER_CONFIGURED) == 1) {
// ALL OBJECTS ALREADY CONFIGURED
return true;
}
$aws = $dbFarm->GetEnvironmentObject()->aws($dbFarmRole->CloudLocation);
$filter = array(array('name' => SubnetFilterNameType::vpcId(), 'value' => $vpcId), array('name' => SubnetFilterNameType::tagKey(), 'value' => 'scalr-sn-type'), array('name' => SubnetFilterNameType::tagValue(), 'value' => self::INTERNET_ACCESS_FULL));
// Try to find scalr FULL subnet
$subnets = $aws->ec2->subnet->describe(null, $filter);
if ($subnets->count() > 0) {
$subnetId = $subnets->get(0)->subnetId;
}
if (!$subnetId) {
$platform = PlatformFactory::NewPlatform(SERVER_PLATFORMS::EC2);
$subnet = $platform->AllocateNewSubnet($aws->ec2, $vpcId, null);
$subnetId = $subnet->subnetId;
//ADD TAGS
try {
$subnet->createTags(array(array('key' => "scalr-id", 'value' => SCALR_ID), array('key' => "scalr-sn-type", 'value' => self::INTERNET_ACCESS_FULL), array('key' => "Name", 'value' => 'Scalr System Subnet')));
} catch (Exception $e) {
}
$routingTableId = $platform->getRoutingTable(self::INTERNET_ACCESS_FULL, $aws, null, $vpcId);
//Associate Routing table with subnet
$aws->ec2->routeTable->associate($routingTableId, $subnetId);
}
$niId = $dbFarmRole->GetSetting(self::ROLE_VPC_NID);
if (!$niId) {
//Create Network interface
$createNetworkInterfaceRequestData = new CreateNetworkInterfaceRequestData($subnetId);
// Check and create security group
$filter = array(array('name' => SecurityGroupFilterNameType::groupName(), 'value' => array('SCALR-VPC')), array('name' => SecurityGroupFilterNameType::vpcId(), 'value' => $vpcId));
try {
$list = $aws->ec2->securityGroup->describe(null, null, $filter);
if ($list->count() > 0 && $list->get(0)->groupName == 'SCALR-VPC') {
$sgId = $list->get(0)->groupId;
}
} catch (Exception $e) {
throw new Exception("Cannot get list of security groups (1): {$e->getMessage()}");
}
if (!$sgId) {
$sgId = $aws->ec2->securityGroup->create('SCALR-VPC', 'System SG for Scalr VPC integration', $vpcId);
$ipRangeList = new IpRangeList();
$ipRangeList->append(new IpRangeData('0.0.0.0/0'));
$ipRangeListLocal = new IpRangeList();
$ipRangeListLocal->append(new IpRangeData('10.0.0.0/8'));
$aws->ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 8008, 8013, $ipRangeList), new IpPermissionData('tcp', 80, 80, $ipRangeList), new IpPermissionData('tcp', 443, 443, $ipRangeList), new IpPermissionData('tcp', 0, 65535, $ipRangeListLocal), new IpPermissionData('udp', 0, 65535, $ipRangeListLocal)), $sgId);
}
$createNetworkInterfaceRequestData->setSecurityGroupId(array('groupId' => $sgId));
$networkInterface = $aws->ec2->networkInterface->create($createNetworkInterfaceRequestData);
// Disable sourceDeskCheck
$networkInterface->modifyAttribute(NetworkInterfaceAttributeType::sourceDestCheck(), 0);
$niId = $networkInterface->networkInterfaceId;
$dbFarmRole->SetSetting(self::ROLE_VPC_NID, $niId, DBFarmRole::TYPE_LCL);
try {
$networkInterface->createTags(array(array('key' => "scalr-id", 'value' => SCALR_ID), array('key' => "Name", 'value' => 'Scalr System ENI')));
} catch (Exception $e) {
}
}
// If there is no public IP allocate it and associate with NI
$publicIp = $dbFarmRole->GetSetting(self::ROLE_VPC_IP);
if ($niId && !$publicIp) {
$address = $aws->ec2->address->allocate('vpc');
$publicIp = $address->publicIp;
$dbFarmRole->SetSetting(self::ROLE_VPC_IP, $publicIp, DBFarmRole::TYPE_LCL);
$dbFarmRole->SetSetting(self::ROLE_VPC_AID, $address->allocationId, DBFarmRole::TYPE_LCL);
$associateAddressRequestData = new AssociateAddressRequestData();
$associateAddressRequestData->networkInterfaceId = $niId;
$associateAddressRequestData->allocationId = $address->allocationId;
//Associate PublicIP with NetworkInterface
$aws->ec2->address->associate($associateAddressRequestData);
}
$dbFarmRole->SetSetting(self::ROLE_VPC_ROUTER_CONFIGURED, 1, DBFarmRole::TYPE_LCL);
}
public function xCreateNetworkInterfaceAction()
{
$aws = $this->getEnvironment()->aws($this->getParam('cloudLocation'));
$ec2 = $aws->ec2;
try {
$subnetId = $this->getParam('subnetId');
$vpcId = $this->getParam('vpcId');
$vpcInfo = $ec2->vpc->describe($vpcId);
/* @var $vpc \Scalr\Service\Aws\Ec2\DataType\VpcData */
$vpc = $vpcInfo->get(0);
//Create Network interface
$createNetworkInterfaceRequestData = new CreateNetworkInterfaceRequestData($subnetId);
$routerSgName = Scalr::config('scalr.aws.security_group_prefix') . 'vpc-router';
// Check and create security group
$filter = array(array('name' => SecurityGroupFilterNameType::groupName(), 'value' => array($routerSgName, 'SCALR-VPC')), array('name' => SecurityGroupFilterNameType::vpcId(), 'value' => $vpcId));
try {
$list = $ec2->securityGroup->describe(null, null, $filter);
if ($list->count() > 0 && in_array($list->get(0)->groupName, array('SCALR-VPC', $routerSgName))) {
$sgId = $list->get(0)->groupId;
}
} catch (Exception $e) {
throw new Exception("Cannot get list of security groups (1): {$e->getMessage()}");
}
if (!$sgId) {
$sgId = $aws->ec2->securityGroup->create($routerSgName, 'System SG for Scalr VPC integration', $vpcId);
$ipRangeList = new IpRangeList();
$ipRangeList->append(new IpRangeData('0.0.0.0/0'));
$ipRangeListLocal = new IpRangeList();
$ipRangeListLocal->append(new IpRangeData($vpc->cidrBlock));
$attempts = 0;
while (true) {
$attempts++;
try {
$aws->ec2->securityGroup->authorizeIngress(array(new IpPermissionData('tcp', 8008, 8013, $ipRangeList), new IpPermissionData('tcp', 80, 80, $ipRangeList), new IpPermissionData('tcp', 443, 443, $ipRangeList), new IpPermissionData('tcp', 0, 65535, $ipRangeListLocal), new IpPermissionData('udp', 0, 65535, $ipRangeListLocal)), $sgId);
break;
} catch (Exception $e) {
if ($attempts >= 3) {
throw $e;
} else {
sleep(1);
}
}
}
}
$createNetworkInterfaceRequestData->setSecurityGroupId(array('groupId' => $sgId));
$networkInterface = $ec2->networkInterface->create($createNetworkInterfaceRequestData);
// Disable sourceDeskCheck
$networkInterface->modifyAttribute(NetworkInterfaceAttributeType::sourceDestCheck(), 0);
$niId = $networkInterface->networkInterfaceId;
$attemptsCounter = 0;
while (true) {
try {
$networkInterface->createTags(array(array('key' => "scalr-id", 'value' => SCALR_ID), array('key' => "Name", 'value' => "VPC Router ENI")));
break;
} catch (Exception $e) {
$attemptsCounter++;
if ($attemptsCounter < 5) {
sleep(1);
continue;
} else {
throw new Exception($e->getMessage());
}
}
break;
}
//ASSOCIATE PUBLIC IP
$address = $ec2->address->allocate('vpc');
$publicIp = $address->publicIp;
$associateAddressRequestData = new AssociateAddressRequestData();
$associateAddressRequestData->networkInterfaceId = $niId;
$associateAddressRequestData->allocationId = $address->allocationId;
$associateAddressRequestData->allowReassociation = true;
//Associate PublicIP with NetworkInterface
$ec2->address->associate($associateAddressRequestData);
} catch (Exception $e) {
if ($niId) {
$ec2->networkInterface->delete($niId);
}
if ($publicIp) {
$ec2->address->release(null, $address->allocationId);
}
throw $e;
}
$this->response->success('Network interface successfully created');
$this->response->data(array('ni' => array('id' => $niId, 'publicIp' => $publicIp)));
}