environs/ec2/ec2.go - Issue 6612054: environs/cloudinit: use --initial-password

Delta Between Two Patch Sets: environs/ec2/ec2.go

Issue 6612054: environs/cloudinit: use --initial-password

Left Patch Set: environs/cloudinit: use --initial-password Created 12 years, 6 months ago

Right Patch Set: environs/cloudinit: use --initial-password Created 12 years, 6 months ago

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.

Jump to:

Left: Side by side diff | Download
Right: Side by side diff | Download

LEFT	RIGHT
1 package ec2	1 package ec2

2	2

3 import (	3 import (

4 "fmt"	4 "fmt"

5 "io/ioutil"	5 "io/ioutil"

6 "launchpad.net/goamz/aws"	6 "launchpad.net/goamz/aws"

7 "launchpad.net/goamz/ec2"	7 "launchpad.net/goamz/ec2"

8 "launchpad.net/goamz/s3"	8 "launchpad.net/goamz/s3"

9 "launchpad.net/juju-core/environs"	9 "launchpad.net/juju-core/environs"

10 "launchpad.net/juju-core/environs/cloudinit"	10 "launchpad.net/juju-core/environs/cloudinit"

(...skipping 538 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
549 err = nil	549 err = nil

550 }	550 }

551 if err != nil && firstErr == nil {	551 if err != nil && firstErr == nil {

552 firstErr = err	552 firstErr = err

553 }	553 }

554 }	554 }

555 return firstErr	555 return firstErr

556 }	556 }

557	557

558 func (e *environ) machineGroupName(machineId int) string {	558 func (e *environ) machineGroupName(machineId int) string {

559 » return fmt.Sprintf("%s-%d", e.groupName(), machineId)	559 » if e.Config().FirewallMode() == config.FwDefault {

	560 » » return fmt.Sprintf("%s-%d", e.groupName(), machineId)

	561 » }

	562 » return fmt.Sprintf("%s-global", e.groupName())

560 }	563 }

561	564

562 func (e *environ) groupName() string {	565 func (e *environ) groupName() string {

563 return "juju-" + e.name	566 return "juju-" + e.name

564 }	567 }

565	568

566 func (inst *instance) OpenPorts(machineId int, ports []state.Port) error {	569 func (inst *instance) OpenPorts(machineId int, ports []state.Port) error {

567 if len(ports) == 0 {	570 if len(ports) == 0 {

568 return nil	571 return nil

569 }	572 }

570 // Give permissions for anyone to access the given ports.	573 // Give permissions for anyone to access the given ports.

571 // TODO(mue) Choose group depending on inst.e.Config().FirewallMode().

572 ipPerms := portsToIPPerms(ports)	574 ipPerms := portsToIPPerms(ports)

573 g := ec2.SecurityGroup{Name: inst.e.machineGroupName(machineId)}	575 g := ec2.SecurityGroup{Name: inst.e.machineGroupName(machineId)}

574 _, err := inst.e.ec2().AuthorizeSecurityGroup(g, ipPerms)	576 _, err := inst.e.ec2().AuthorizeSecurityGroup(g, ipPerms)

575 if err != nil && ec2ErrCode(err) == "InvalidPermission.Duplicate" {	577 if err != nil && ec2ErrCode(err) == "InvalidPermission.Duplicate" {

576 if len(ports) == 1 {	578 if len(ports) == 1 {

577 return nil	579 return nil

578 }	580 }

579 // If there's more than one port and we get a duplicate error,	581 // If there's more than one port and we get a duplicate error,

580 // then we go through authorizing each port individually,	582 // then we go through authorizing each port individually,

581 // otherwise the ports that were not duplicates will have	583 // otherwise the ports that were not duplicates will have

(...skipping 13 matching lines...) Expand all Loading...
595 return nil	597 return nil

596 }	598 }

597	599

598 func (inst *instance) ClosePorts(machineId int, ports []state.Port) error {	600 func (inst *instance) ClosePorts(machineId int, ports []state.Port) error {

599 if len(ports) == 0 {	601 if len(ports) == 0 {

600 return nil	602 return nil

601 }	603 }

602 // Revoke permissions for anyone to access the given ports.	604 // Revoke permissions for anyone to access the given ports.

603 // Note that ec2 allows the revocation of permissions that aren't	605 // Note that ec2 allows the revocation of permissions that aren't

604 // granted, so this is naturally idempotent.	606 // granted, so this is naturally idempotent.

605 // TODO(mue) Choose group depending on inst.e.Config().FirewallMode().

606 g := ec2.SecurityGroup{Name: inst.e.machineGroupName(machineId)}	607 g := ec2.SecurityGroup{Name: inst.e.machineGroupName(machineId)}

607 _, err := inst.e.ec2().RevokeSecurityGroup(g, portsToIPPerms(ports))	608 _, err := inst.e.ec2().RevokeSecurityGroup(g, portsToIPPerms(ports))

608 if err != nil {	609 if err != nil {

609 return fmt.Errorf("cannot close ports: %v", err)	610 return fmt.Errorf("cannot close ports: %v", err)

610 }	611 }

611 log.Printf("environs/ec2: closed ports in security group %s: %v", g.Name , ports)	612 log.Printf("environs/ec2: closed ports in security group %s: %v", g.Name , ports)

612 return nil	613 return nil

613 }	614 }

614	615

615 func portsToIPPerms(ports []state.Port) []ec2.IPPerm {	616 func portsToIPPerms(ports []state.Port) []ec2.IPPerm {

616 ipPerms := make([]ec2.IPPerm, len(ports))	617 ipPerms := make([]ec2.IPPerm, len(ports))

617 for i, p := range ports {	618 for i, p := range ports {

618 ipPerms[i] = ec2.IPPerm{	619 ipPerms[i] = ec2.IPPerm{

619 Protocol: p.Protocol,	620 Protocol: p.Protocol,

620 FromPort: p.Number,	621 FromPort: p.Number,

621 ToPort: p.Number,	622 ToPort: p.Number,

622 SourceIPs: []string{"0.0.0.0/0"},	623 SourceIPs: []string{"0.0.0.0/0"},

623 }	624 }

624 }	625 }

625 return ipPerms	626 return ipPerms

626 }	627 }

627	628

628 func (inst *instance) Ports(machineId int) (ports []state.Port, err error) {	629 func (inst *instance) Ports(machineId int) (ports []state.Port, err error) {

629 // TODO(mue) Choose group depending on inst.e.Config().FirewallMode().

630 g := ec2.SecurityGroup{Name: inst.e.machineGroupName(machineId)}	630 g := ec2.SecurityGroup{Name: inst.e.machineGroupName(machineId)}

631 resp, err := inst.e.ec2().SecurityGroups([]ec2.SecurityGroup{g}, nil)	631 resp, err := inst.e.ec2().SecurityGroups([]ec2.SecurityGroup{g}, nil)

632 if err != nil {	632 if err != nil {

633 return nil, err	633 return nil, err

634 }	634 }

635 if len(resp.Groups) != 1 {	635 if len(resp.Groups) != 1 {

636 return nil, fmt.Errorf("expected one security group, got %d", le n(resp.Groups))	636 return nil, fmt.Errorf("expected one security group, got %d", le n(resp.Groups))

637 }	637 }

638 for _, p := range resp.Groups[0].IPPerms {	638 for _, p := range resp.Groups[0].IPPerms {

639 if len(p.SourceIPs) != 1 {	639 if len(p.SourceIPs) != 1 {

(...skipping 43 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
683 {	683 {

684 Protocol: "icmp",	684 Protocol: "icmp",

685 FromPort: -1,	685 FromPort: -1,

686 ToPort: -1,	686 ToPort: -1,

687 SourceGroups: sourceGroups,	687 SourceGroups: sourceGroups,

688 },	688 },

689 })	689 })

690 if err != nil {	690 if err != nil {

691 return nil, err	691 return nil, err

692 }	692 }

693 // TODO(mue) Ensure machine group only if e.Config().FirewallMode()

694 // is config.FwDefault.

695 jujuMachineGroup, err := e.ensureGroup(e.machineGroupName(machineId), ni l)	693 jujuMachineGroup, err := e.ensureGroup(e.machineGroupName(machineId), ni l)

696 if err != nil {	694 if err != nil {

697 return nil, err	695 return nil, err

698 }	696 }

699 return []ec2.SecurityGroup{jujuGroup, jujuMachineGroup}, nil	697 return []ec2.SecurityGroup{jujuGroup, jujuMachineGroup}, nil

700 }	698 }

701	699

702 // zeroGroup holds the zero security group.	700 // zeroGroup holds the zero security group.

703 var zeroGroup ec2.SecurityGroup	701 var zeroGroup ec2.SecurityGroup

704	702

(...skipping 143 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
848 }	846 }

849 var data []byte	847 var data []byte

850 data, err = ioutil.ReadAll(resp.Body)	848 data, err = ioutil.ReadAll(resp.Body)

851 if err != nil {	849 if err != nil {

852 continue	850 continue

853 }	851 }

854 return strings.TrimSpace(string(data)), nil	852 return strings.TrimSpace(string(data)), nil

855 }	853 }

856 return	854 return

857 }	855 }

LEFT	RIGHT