List of usage examples for com.amazonaws.services.ec2.model AuthorizeSecurityGroupIngressRequest setGroupId
public void setGroupId(String groupId)
The ID of the security group.
From source file:org.apache.airavata.core.gfac.provider.impl.EC2Provider.java
License:Apache License
public EC2Provider(InvocationContext invocationContext) throws ProviderException { ExecutionContext execContext = invocationContext.getExecutionContext(); OMElement omSecurityContextHeader = execContext.getSecurityContextHeader(); ContextHeaderDocument document = null; try {//ww w .java2s . c o m document = ContextHeaderDocument.Factory.parse(omSecurityContextHeader.toStringWithConsume()); } catch (XMLStreamException e) { e.printStackTrace(); } catch (XmlException e) { e.printStackTrace(); } SecurityContextDocument.SecurityContext.AmazonWebservices amazonWebservices = document.getContextHeader() .getSecurityContext().getAmazonWebservices(); String access_key = amazonWebservices.getAccessKeyId(); String secret_key = amazonWebservices.getSecretAccessKey(); String ami_id = amazonWebservices.getAmiId(); String ins_id = amazonWebservices.getInstanceId(); String ins_type = amazonWebservices.getInstanceType(); this.username = amazonWebservices.getUsername(); log.info("ACCESS_KEY:" + access_key); log.info("SECRET_KEY:" + secret_key); log.info("AMI_ID:" + ami_id); log.info("INS_ID:" + ins_id); log.info("INS_TYPE:" + ins_type); log.info("USERNAME:" + username); /* * Validation */ if (access_key == null || access_key.isEmpty()) throw new ProviderException("Access Key is empty"); if (secret_key == null || secret_key.isEmpty()) throw new ProviderException("Secret Key is empty"); if ((ami_id == null && ins_id == null) || (ami_id != null && ami_id.isEmpty()) || (ins_id != null && ins_id.isEmpty())) throw new ProviderException("AMI or Instance ID is empty"); if (this.username == null || this.username.isEmpty()) throw new ProviderException("Username is empty"); /* * Need to start EC2 instance before running it */ AWSCredentials credential = new BasicAWSCredentials(access_key, secret_key); AmazonEC2Client ec2client = new AmazonEC2Client(credential); try { /* * Build key pair before start instance */ buildKeyPair(ec2client); // right now, we can run it on one host if (ami_id != null) this.instance = startInstances(ec2client, ami_id, ins_type, execContext).get(0); else { // already running instance DescribeInstancesRequest describeInstancesRequest = new DescribeInstancesRequest(); DescribeInstancesResult describeInstancesResult = ec2client .describeInstances(describeInstancesRequest.withInstanceIds(ins_id)); if (describeInstancesResult.getReservations().size() == 0 || describeInstancesResult.getReservations().get(0).getInstances().size() == 0) { throw new GfacException("Instance not found:" + ins_id); } this.instance = describeInstancesResult.getReservations().get(0).getInstances().get(0); // check instance keypair if (this.instance.getKeyName() == null || !this.instance.getKeyName().equals(KEY_PAIR_NAME)) throw new GfacException("Keypair for instance:" + ins_id + " is not valid"); } //TODO send out instance id //execContext.getNotificationService().sendResourceMappingNotifications(this.instance.getPublicDnsName(), "EC2 Instance " + this.instance.getInstanceId() + " is running with public name " + this.instance.getPublicDnsName(), this.instance.getInstanceId()); /* * Make sure port 22 is connectable */ for (GroupIdentifier g : this.instance.getSecurityGroups()) { IpPermission ip = new IpPermission(); ip.setIpProtocol("tcp"); ip.setFromPort(22); ip.setToPort(22); AuthorizeSecurityGroupIngressRequest r = new AuthorizeSecurityGroupIngressRequest(); r = r.withIpPermissions(ip.withIpRanges("0.0.0.0/0")); r.setGroupId(g.getGroupId()); try { ec2client.authorizeSecurityGroupIngress(r); } catch (AmazonServiceException as) { /* * If exception is from duplicate room, ignore it. */ if (!as.getErrorCode().equals("InvalidPermission.Duplicate")) throw as; } } } catch (Exception e) { throw new ProviderException("Invalied Request", e); } SSHSecurityContextImpl sshContext = ((SSHSecurityContextImpl) invocationContext .getSecurityContext(SSH_SECURITY_CONTEXT)); if (sshContext == null) { sshContext = new SSHSecurityContextImpl(); } sshContext.setUsername(username); sshContext.setKeyPass(""); sshContext.setPrivateKeyLoc(privateKeyFilePath); invocationContext.addSecurityContext(SSH_SECURITY_CONTEXT, sshContext); //set to super class /*setUsername(username); setPassword(""); setKnownHostsFileName(null); setKeyFileName(privateKeyFilePath);*/ // we need to erase gridftp URL since we will forcefully use SFTP // TODO /*execContext.setHost(this.instance.getPublicDnsName()); execContext.getHostDesc().getHostConfiguration().setGridFTPArray(null); execContext.setFileTransferService(new SshFileTransferService(execContext, this.username, privateKeyFilePath));*/ }
From source file:org.apache.airavata.gfac.ec2.EC2Provider.java
License:Apache License
/** * Checks whether the port 22 of the Amazon instance is accessible. * * @param instance Amazon instance id./*from w w w. j av a 2 s . com*/ * @param ec2client AmazonEC2Client object */ private void checkConnection(Instance instance, AmazonEC2Client ec2client) { /* Make sure port 22 is connectible */ for (GroupIdentifier g : instance.getSecurityGroups()) { IpPermission ip = new IpPermission(); ip.setIpProtocol("tcp"); ip.setFromPort(SSH_PORT); ip.setToPort(SSH_PORT); AuthorizeSecurityGroupIngressRequest r = new AuthorizeSecurityGroupIngressRequest(); r = r.withIpPermissions(ip.withIpRanges("0.0.0.0/0")); r.setGroupId(g.getGroupId()); try { ec2client.authorizeSecurityGroupIngress(r); } catch (AmazonServiceException as) { /* If exception is from duplicate room, ignore it. */ if (!as.getErrorCode().equals("InvalidPermission.Duplicate")) throw as; } } }
From source file:org.apache.stratos.aws.extension.AWSHelper.java
License:Apache License
/** * Adds inbound rule to the security group which allows users to access load * balancer at specified port and using the specified protocol. Port * specified should be a proxy port mentioned in the port mappings of the * cartridge.//from w ww . ja va 2s . c o m * * @param groupId to which this rule to be added * @param region of the security group * @param protocol with which load balancer can be accessed * @param port at which load balancer can be accessed * @throws LoadBalancerExtensionException */ public void addInboundRuleToSecurityGroup(String groupId, String region, String protocol, int port) throws LoadBalancerExtensionException { if (groupId == null || groupId.isEmpty()) { throw new LoadBalancerExtensionException( "Invalid security group Id for addInboundRuleToSecurityGroup."); } boolean ruleAlreadyPresent = false; DescribeSecurityGroupsRequest describeSecurityGroupsRequest = new DescribeSecurityGroupsRequest(); List<String> groupIds = new ArrayList<String>(); groupIds.add(groupId); describeSecurityGroupsRequest.setGroupIds(groupIds); SecurityGroup secirutyGroup = null; try { ec2Client.setEndpoint(String.format(Constants.EC2_ENDPOINT_URL_FORMAT, region)); DescribeSecurityGroupsResult describeSecurityGroupsResult = ec2Client .describeSecurityGroups(describeSecurityGroupsRequest); List<SecurityGroup> securityGroups = describeSecurityGroupsResult.getSecurityGroups(); if (securityGroups != null && securityGroups.size() > 0) { secirutyGroup = securityGroups.get(0); } else { log.warn("No Security Groups found for group id " + groupId); } } catch (AmazonClientException e) { log.error("Could not describe security groups.", e); } if (secirutyGroup != null) { List<IpPermission> existingPermissions = secirutyGroup.getIpPermissions(); IpPermission neededPermission = new IpPermission(); neededPermission.setFromPort(port); neededPermission.setToPort(port); neededPermission.setIpProtocol(protocol); Collection<String> ipRanges = new HashSet<String>(); ipRanges.add(this.allowedCidrIpForLBSecurityGroup); neededPermission.setIpRanges(ipRanges); if (existingPermissions.contains(neededPermission)) { ruleAlreadyPresent = true; } } if (!ruleAlreadyPresent) { AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest(); authorizeSecurityGroupIngressRequest.setGroupId(groupId); authorizeSecurityGroupIngressRequest.setCidrIp(this.allowedCidrIpForLBSecurityGroup); authorizeSecurityGroupIngressRequest.setFromPort(port); authorizeSecurityGroupIngressRequest.setToPort(port); authorizeSecurityGroupIngressRequest.setIpProtocol(protocol); try { ec2Client.setEndpoint(String.format(Constants.EC2_ENDPOINT_URL_FORMAT, region)); ec2Client.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest); } catch (AmazonClientException e) { throw new LoadBalancerExtensionException( "Could not add inbound rule to security group " + groupId + ".", e); } } else { log.info("Rules already present for security group " + groupId); } }