libcloud-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Solomon Hykes <solomon.hy...@gmail.com>
Subject Re: [libcloud] Firewall Configurations, was Fwd: svn commit: r902984 - /incubator/libcloud/trunk/libcloud/drivers/ec2.py
Date Mon, 25 Jan 2010 22:00:51 GMT
How about an optional argument defining a list of inbound ports to
authorize at node creation? The default (for example [22]) should be
the same across all drivers.

On Monday, January 25, 2010, Paul Querna <pquerna@apache.org> wrote:
> Any thoughts about how we should make generic firewall configurations?
>
> For ec2 specifically, its kinda annoying if you boot a node and you
> can't... access it at all :)
>
>
> ---------- Forwarded message ----------
> From:  <pquerna@apache.org>
> Date: Mon, Jan 25, 2010 at 1:37 PM
> Subject: svn commit: r902984 - /incubator/libcloud/trunk/libcloud/drivers/ec2.py
> To: libcloud-commits@incubator.apache.org
>
>
> Author: pquerna
> Date: Mon Jan 25 21:37:44 2010
> New Revision: 902984
>
> URL: http://svn.apache.org/viewvc?rev=902984&view=rev
> Log:
> Add create_security_group and authorize_security_group_permissive to ec2 driver.
>
> Modified:
>    incubator/libcloud/trunk/libcloud/drivers/ec2.py
>
> Modified: incubator/libcloud/trunk/libcloud/drivers/ec2.py
> URL: http://svn.apache.org/viewvc/incubator/libcloud/trunk/libcloud/drivers/ec2.py?rev=902984&r1=902983&r2=902984&view=diff
> ==============================================================================
> --- incubator/libcloud/trunk/libcloud/drivers/ec2.py (original)
> +++ incubator/libcloud/trunk/libcloud/drivers/ec2.py Mon Jan 25 21:37:44 2010
> @@ -270,6 +270,42 @@
>                     self.connection.request('/', params=params).object)
>         return images
>
> +    def create_security_group(self, name, description):
> +        params = {'Action': 'CreateSecurityGroup',
> +                  'GroupName': name,
> +                  'GroupDescription': description}
> +        return self.connection.request('/', params=params).object
> +
> +    def authorize_security_group_permissive(self, name):
> +        results = []
> +        params = {'Action': 'AuthorizeSecurityGroupIngress',
> +                  'GroupName': name,
> +                  'IpProtocol': 'tcp',
> +                  'FromPort': '0',
> +                  'ToPort': '65535',
> +                  'CidrIp': '0.0.0.0/0'}
> +        try:
> +            results.append(self.connection.request('/',
> params=params.copy()).object)
> +        except Exception, e:
> +            if e.args[0].find("InvalidPermission.Duplicate") == -1:
> +                raise e
> +        params['IpProtocol'] = 'udp'
> +
> +        try:
> +            results.append(self.connection.request('/',
> params=params.copy()).object)
> +        except Exception, e:
> +            if e.args[0].find("InvalidPermission.Duplicate") == -1:
> +                raise e
> +
> +        params.update({'IpProtocol': 'icmp', 'FromPort': '-1', 'ToPort': '-1'})
> +
> +        try:
> +            results.append(self.connection.request('/',
> params=params.copy()).object)
> +        except Exception, e:
> +            if e.args[0].find("InvalidPermission.Duplicate") == -1:
> +                raise e
> +        return results
> +
>     # name doesn't apply to EC2 nodes.
>     def create_node(self, **kwargs):
>         name = kwargs["name"]
>

Mime
View raw message