blockworks-foundation
/
solana
mirror of https://github.com/blockworks-foundation/solana.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Generate ec2 security group programmatically

This commit is contained in:
Michael Vines 2019-02-18 17:43:03 -08:00
parent 3f14466965
commit 1e714eb6b2
4 changed files with 182 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
net/gce.sh
View File

@ -476,6 +476,8 @@ EOF
bootstrapLeaderAddress=$customAddress
fi
cloud_Initialize "$prefix"
cloud_CreateInstances "$prefix" "$prefix-bootstrap-leader" 1 \
"$imageName" "$bootstrapLeaderMachineType" "$fullNodeBootDiskSizeInGb" \
"$startupScript" "$bootstrapLeaderAddress" "$bootDiskType"

37
net/scripts/ec2-provider.sh
View File

@ -101,6 +101,33 @@ cloud_FindInstance() {
__cloud_FindInstances "$name"
}
#
# cloud_Initialize [networkName]
#
# Perform one-time initialization that may be required for the given testnet.
#
# networkName - unique name of this testnet
#
# This function will be called before |cloud_CreateInstances|
cloud_Initialize() {
declare networkName="$1"
__cloud_SshPrivateKeyCheck
(
set -x
aws ec2 delete-key-pair --region "$region" --key-name "$networkName"
aws ec2 import-key-pair --region "$region" --key-name "$networkName" \
--public-key-material file://"${sshPrivateKey}".pub
)
(
set -x
aws ec2 delete-security-group --region "$region" --group-name "$networkName" || true
aws ec2 create-security-group --region "$region" --group-name "$networkName" --description "Created automatically by $0"
rules=$(cat "$(dirname "${BASH_SOURCE[0]}")"/ec2-security-group-config.json)
aws ec2 authorize-security-group-ingress --region "$region" --group-name "$networkName" --cli-input-json "$rules"
)
}
#
# cloud_CreateInstances [networkName] [namePrefix] [numNodes] [imageName]
@ -131,21 +158,13 @@ cloud_CreateInstances() {
declare optionalStartupScript="$7"
declare optionalAddress="$8"
__cloud_SshPrivateKeyCheck
(
set -x
aws ec2 delete-key-pair --region "$region" --key-name "$networkName"
aws ec2 import-key-pair --region "$region" --key-name "$networkName" \
--public-key-material file://"${sshPrivateKey}".pub
)
declare -a args
args=(
--key-name "$networkName"
--count "$numNodes"
--region "$region"
--placement "AvailabilityZone=$zone"
--security-groups testnet
--security-groups "$networkName"
--image-id "$imageName"
--instance-type "$machineType"
--tag-specifications "ResourceType=instance,Tags=[{Key=name,Value=$namePrefix}]"

137
net/scripts/ec2-security-group-config.json Normal file
View File

@ -0,0 +1,137 @@
{
"IpPermissions": [
{
"PrefixListIds": [],
"FromPort": 80,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0",
"Description": "http for block explorer"
}
],
"ToPort": 80,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": [
{
"CidrIpv6": "::/0",
"Description": "http for block explorer"
}
]
},
{
"PrefixListIds": [],
"FromPort": 8000,
"IpRanges": [
{
"Description": "fullnode UDP range",
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 10000,
"IpProtocol": "udp",
"UserIdGroupPairs": [],
"Ipv6Ranges": [
{
"CidrIpv6": "::/0",
"Description": "fullnode UDP range"
}
]
},
{
"PrefixListIds": [],
"FromPort": 22,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0",
"Description": "ssh"
}
],
"ToPort": 22,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": [
{
"CidrIpv6": "::/0",
"Description": "ssh"
}
]
},
{
"PrefixListIds": [],
"FromPort": 873,
"IpRanges": [
{
"Description": "rsync",
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 873,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": [
{
"CidrIpv6": "::/0",
"Description": "rsync"
}
]
},
{
"PrefixListIds": [],
"FromPort": 3001,
"IpRanges": [
{
"Description": "blockexplorer API port",
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 3001,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": [
{
"CidrIpv6": "::/0",
"Description": "blockexplorer API port"
}
]
},
{
"PrefixListIds": [],
"FromPort": 8000,
"IpRanges": [
{
"Description": "fullnode TCP range",
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 10000,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": [
{
"CidrIpv6": "::/0",
"Description": "fullnode TCP range"
}
]
},
{
"PrefixListIds": [],
"FromPort": 8,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0",
"Description": "allow ping"
}
],
"ToPort": -1,
"IpProtocol": "icmp",
"UserIdGroupPairs": [],
"Ipv6Ranges": [
{
"CidrIpv6": "::/0",
"Description": "allow ping"
}
]
}
]
}

15
net/scripts/gce-provider.sh
View File

@ -76,6 +76,21 @@ cloud_FindInstance() {
__cloud_FindInstances "name=$name"
}
#
# cloud_Initialize [networkName]
#
# Perform one-time initialization that may be required for the given testnet.
#
# networkName - unique name of this testnet
#
# This function will be called before |cloud_CreateInstances|
cloud_Initialize() {
declare networkName="$1"
# ec2-provider.sh creates firewall rules programmatically, should to the same
# here.
echo "TODO: create $networkName firewall rules programmatically instead of assuming the 'testnet' tag exists"
}
#
# cloud_CreateInstances [networkName] [namePrefix] [numNodes] [imageName]
# [machineType] [bootDiskSize] [enableGpu]