Generate ec2 security group programmatically
This commit is contained in:
parent
3f14466965
commit
1e714eb6b2
|
@ -476,6 +476,8 @@ EOF
|
||||||
bootstrapLeaderAddress=$customAddress
|
bootstrapLeaderAddress=$customAddress
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
cloud_Initialize "$prefix"
|
||||||
|
|
||||||
cloud_CreateInstances "$prefix" "$prefix-bootstrap-leader" 1 \
|
cloud_CreateInstances "$prefix" "$prefix-bootstrap-leader" 1 \
|
||||||
"$imageName" "$bootstrapLeaderMachineType" "$fullNodeBootDiskSizeInGb" \
|
"$imageName" "$bootstrapLeaderMachineType" "$fullNodeBootDiskSizeInGb" \
|
||||||
"$startupScript" "$bootstrapLeaderAddress" "$bootDiskType"
|
"$startupScript" "$bootstrapLeaderAddress" "$bootDiskType"
|
||||||
|
|
|
@ -101,6 +101,33 @@ cloud_FindInstance() {
|
||||||
__cloud_FindInstances "$name"
|
__cloud_FindInstances "$name"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# cloud_Initialize [networkName]
|
||||||
|
#
|
||||||
|
# Perform one-time initialization that may be required for the given testnet.
|
||||||
|
#
|
||||||
|
# networkName - unique name of this testnet
|
||||||
|
#
|
||||||
|
# This function will be called before |cloud_CreateInstances|
|
||||||
|
cloud_Initialize() {
|
||||||
|
declare networkName="$1"
|
||||||
|
|
||||||
|
__cloud_SshPrivateKeyCheck
|
||||||
|
(
|
||||||
|
set -x
|
||||||
|
aws ec2 delete-key-pair --region "$region" --key-name "$networkName"
|
||||||
|
aws ec2 import-key-pair --region "$region" --key-name "$networkName" \
|
||||||
|
--public-key-material file://"${sshPrivateKey}".pub
|
||||||
|
)
|
||||||
|
|
||||||
|
(
|
||||||
|
set -x
|
||||||
|
aws ec2 delete-security-group --region "$region" --group-name "$networkName" || true
|
||||||
|
aws ec2 create-security-group --region "$region" --group-name "$networkName" --description "Created automatically by $0"
|
||||||
|
rules=$(cat "$(dirname "${BASH_SOURCE[0]}")"/ec2-security-group-config.json)
|
||||||
|
aws ec2 authorize-security-group-ingress --region "$region" --group-name "$networkName" --cli-input-json "$rules"
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# cloud_CreateInstances [networkName] [namePrefix] [numNodes] [imageName]
|
# cloud_CreateInstances [networkName] [namePrefix] [numNodes] [imageName]
|
||||||
|
@ -131,21 +158,13 @@ cloud_CreateInstances() {
|
||||||
declare optionalStartupScript="$7"
|
declare optionalStartupScript="$7"
|
||||||
declare optionalAddress="$8"
|
declare optionalAddress="$8"
|
||||||
|
|
||||||
__cloud_SshPrivateKeyCheck
|
|
||||||
(
|
|
||||||
set -x
|
|
||||||
aws ec2 delete-key-pair --region "$region" --key-name "$networkName"
|
|
||||||
aws ec2 import-key-pair --region "$region" --key-name "$networkName" \
|
|
||||||
--public-key-material file://"${sshPrivateKey}".pub
|
|
||||||
)
|
|
||||||
|
|
||||||
declare -a args
|
declare -a args
|
||||||
args=(
|
args=(
|
||||||
--key-name "$networkName"
|
--key-name "$networkName"
|
||||||
--count "$numNodes"
|
--count "$numNodes"
|
||||||
--region "$region"
|
--region "$region"
|
||||||
--placement "AvailabilityZone=$zone"
|
--placement "AvailabilityZone=$zone"
|
||||||
--security-groups testnet
|
--security-groups "$networkName"
|
||||||
--image-id "$imageName"
|
--image-id "$imageName"
|
||||||
--instance-type "$machineType"
|
--instance-type "$machineType"
|
||||||
--tag-specifications "ResourceType=instance,Tags=[{Key=name,Value=$namePrefix}]"
|
--tag-specifications "ResourceType=instance,Tags=[{Key=name,Value=$namePrefix}]"
|
||||||
|
|
|
@ -0,0 +1,137 @@
|
||||||
|
{
|
||||||
|
"IpPermissions": [
|
||||||
|
{
|
||||||
|
"PrefixListIds": [],
|
||||||
|
"FromPort": 80,
|
||||||
|
"IpRanges": [
|
||||||
|
{
|
||||||
|
"CidrIp": "0.0.0.0/0",
|
||||||
|
"Description": "http for block explorer"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"ToPort": 80,
|
||||||
|
"IpProtocol": "tcp",
|
||||||
|
"UserIdGroupPairs": [],
|
||||||
|
"Ipv6Ranges": [
|
||||||
|
{
|
||||||
|
"CidrIpv6": "::/0",
|
||||||
|
"Description": "http for block explorer"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"PrefixListIds": [],
|
||||||
|
"FromPort": 8000,
|
||||||
|
"IpRanges": [
|
||||||
|
{
|
||||||
|
"Description": "fullnode UDP range",
|
||||||
|
"CidrIp": "0.0.0.0/0"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"ToPort": 10000,
|
||||||
|
"IpProtocol": "udp",
|
||||||
|
"UserIdGroupPairs": [],
|
||||||
|
"Ipv6Ranges": [
|
||||||
|
{
|
||||||
|
"CidrIpv6": "::/0",
|
||||||
|
"Description": "fullnode UDP range"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"PrefixListIds": [],
|
||||||
|
"FromPort": 22,
|
||||||
|
"IpRanges": [
|
||||||
|
{
|
||||||
|
"CidrIp": "0.0.0.0/0",
|
||||||
|
"Description": "ssh"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"ToPort": 22,
|
||||||
|
"IpProtocol": "tcp",
|
||||||
|
"UserIdGroupPairs": [],
|
||||||
|
"Ipv6Ranges": [
|
||||||
|
{
|
||||||
|
"CidrIpv6": "::/0",
|
||||||
|
"Description": "ssh"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"PrefixListIds": [],
|
||||||
|
"FromPort": 873,
|
||||||
|
"IpRanges": [
|
||||||
|
{
|
||||||
|
"Description": "rsync",
|
||||||
|
"CidrIp": "0.0.0.0/0"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"ToPort": 873,
|
||||||
|
"IpProtocol": "tcp",
|
||||||
|
"UserIdGroupPairs": [],
|
||||||
|
"Ipv6Ranges": [
|
||||||
|
{
|
||||||
|
"CidrIpv6": "::/0",
|
||||||
|
"Description": "rsync"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"PrefixListIds": [],
|
||||||
|
"FromPort": 3001,
|
||||||
|
"IpRanges": [
|
||||||
|
{
|
||||||
|
"Description": "blockexplorer API port",
|
||||||
|
"CidrIp": "0.0.0.0/0"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"ToPort": 3001,
|
||||||
|
"IpProtocol": "tcp",
|
||||||
|
"UserIdGroupPairs": [],
|
||||||
|
"Ipv6Ranges": [
|
||||||
|
{
|
||||||
|
"CidrIpv6": "::/0",
|
||||||
|
"Description": "blockexplorer API port"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"PrefixListIds": [],
|
||||||
|
"FromPort": 8000,
|
||||||
|
"IpRanges": [
|
||||||
|
{
|
||||||
|
"Description": "fullnode TCP range",
|
||||||
|
"CidrIp": "0.0.0.0/0"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"ToPort": 10000,
|
||||||
|
"IpProtocol": "tcp",
|
||||||
|
"UserIdGroupPairs": [],
|
||||||
|
"Ipv6Ranges": [
|
||||||
|
{
|
||||||
|
"CidrIpv6": "::/0",
|
||||||
|
"Description": "fullnode TCP range"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"PrefixListIds": [],
|
||||||
|
"FromPort": 8,
|
||||||
|
"IpRanges": [
|
||||||
|
{
|
||||||
|
"CidrIp": "0.0.0.0/0",
|
||||||
|
"Description": "allow ping"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"ToPort": -1,
|
||||||
|
"IpProtocol": "icmp",
|
||||||
|
"UserIdGroupPairs": [],
|
||||||
|
"Ipv6Ranges": [
|
||||||
|
{
|
||||||
|
"CidrIpv6": "::/0",
|
||||||
|
"Description": "allow ping"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -76,6 +76,21 @@ cloud_FindInstance() {
|
||||||
__cloud_FindInstances "name=$name"
|
__cloud_FindInstances "name=$name"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# cloud_Initialize [networkName]
|
||||||
|
#
|
||||||
|
# Perform one-time initialization that may be required for the given testnet.
|
||||||
|
#
|
||||||
|
# networkName - unique name of this testnet
|
||||||
|
#
|
||||||
|
# This function will be called before |cloud_CreateInstances|
|
||||||
|
cloud_Initialize() {
|
||||||
|
declare networkName="$1"
|
||||||
|
# ec2-provider.sh creates firewall rules programmatically, should to the same
|
||||||
|
# here.
|
||||||
|
echo "TODO: create $networkName firewall rules programmatically instead of assuming the 'testnet' tag exists"
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# cloud_CreateInstances [networkName] [namePrefix] [numNodes] [imageName]
|
# cloud_CreateInstances [networkName] [namePrefix] [numNodes] [imageName]
|
||||||
# [machineType] [bootDiskSize] [enableGpu]
|
# [machineType] [bootDiskSize] [enableGpu]
|
||||||
|
|
Loading…
Reference in New Issue