List of usage examples for com.amazonaws.services.ec2.model AuthorizeSecurityGroupIngressRequest withIpPermissions
public AuthorizeSecurityGroupIngressRequest withIpPermissions(
java.util.Collection<IpPermission> ipPermissions)
The sets of IP permissions.
From source file:com.netflix.dynomitemanager.sidecore.aws.AWSMembership.java
License:Apache License
/** * Adding peers' IPs as ingress to the running instance SG. The running instance could be in "classic" or "vpc" *///w w w.j a v a 2 s . c om public void addACL(Collection<String> listIPs, int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<IpPermission> ipPermissions = new ArrayList<IpPermission>(); ipPermissions.add(new IpPermission().withFromPort(from).withIpProtocol("tcp").withIpRanges(listIPs) .withToPort(to)); if (this.insEnvIdentity.isClassic()) { client.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest(config.getACLGroupName(), ipPermissions)); logger.info("Done adding ACL to classic: " + StringUtils.join(listIPs, ",")); } else { AuthorizeSecurityGroupIngressRequest sgIngressRequest = new AuthorizeSecurityGroupIngressRequest(); sgIngressRequest.withGroupId(getVpcGroupId()); //fetch SG group id for VPC account of the running instances. client.authorizeSecurityGroupIngress(sgIngressRequest.withIpPermissions(ipPermissions)); //Adding peers' IPs as ingress to the SG that the running instance belongs to logger.info("Done adding ACL to vpc: " + StringUtils.join(listIPs, ",")); } } finally { if (client != null) client.shutdown(); } }
From source file:org.apache.airavata.core.gfac.provider.impl.EC2Provider.java
License:Apache License
public EC2Provider(InvocationContext invocationContext) throws ProviderException { ExecutionContext execContext = invocationContext.getExecutionContext(); OMElement omSecurityContextHeader = execContext.getSecurityContextHeader(); ContextHeaderDocument document = null; try {//w w w . j ava2 s.co m document = ContextHeaderDocument.Factory.parse(omSecurityContextHeader.toStringWithConsume()); } catch (XMLStreamException e) { e.printStackTrace(); } catch (XmlException e) { e.printStackTrace(); } SecurityContextDocument.SecurityContext.AmazonWebservices amazonWebservices = document.getContextHeader() .getSecurityContext().getAmazonWebservices(); String access_key = amazonWebservices.getAccessKeyId(); String secret_key = amazonWebservices.getSecretAccessKey(); String ami_id = amazonWebservices.getAmiId(); String ins_id = amazonWebservices.getInstanceId(); String ins_type = amazonWebservices.getInstanceType(); this.username = amazonWebservices.getUsername(); log.info("ACCESS_KEY:" + access_key); log.info("SECRET_KEY:" + secret_key); log.info("AMI_ID:" + ami_id); log.info("INS_ID:" + ins_id); log.info("INS_TYPE:" + ins_type); log.info("USERNAME:" + username); /* * Validation */ if (access_key == null || access_key.isEmpty()) throw new ProviderException("Access Key is empty"); if (secret_key == null || secret_key.isEmpty()) throw new ProviderException("Secret Key is empty"); if ((ami_id == null && ins_id == null) || (ami_id != null && ami_id.isEmpty()) || (ins_id != null && ins_id.isEmpty())) throw new ProviderException("AMI or Instance ID is empty"); if (this.username == null || this.username.isEmpty()) throw new ProviderException("Username is empty"); /* * Need to start EC2 instance before running it */ AWSCredentials credential = new BasicAWSCredentials(access_key, secret_key); AmazonEC2Client ec2client = new AmazonEC2Client(credential); try { /* * Build key pair before start instance */ buildKeyPair(ec2client); // right now, we can run it on one host if (ami_id != null) this.instance = startInstances(ec2client, ami_id, ins_type, execContext).get(0); else { // already running instance DescribeInstancesRequest describeInstancesRequest = new DescribeInstancesRequest(); DescribeInstancesResult describeInstancesResult = ec2client .describeInstances(describeInstancesRequest.withInstanceIds(ins_id)); if (describeInstancesResult.getReservations().size() == 0 || describeInstancesResult.getReservations().get(0).getInstances().size() == 0) { throw new GfacException("Instance not found:" + ins_id); } this.instance = describeInstancesResult.getReservations().get(0).getInstances().get(0); // check instance keypair if (this.instance.getKeyName() == null || !this.instance.getKeyName().equals(KEY_PAIR_NAME)) throw new GfacException("Keypair for instance:" + ins_id + " is not valid"); } //TODO send out instance id //execContext.getNotificationService().sendResourceMappingNotifications(this.instance.getPublicDnsName(), "EC2 Instance " + this.instance.getInstanceId() + " is running with public name " + this.instance.getPublicDnsName(), this.instance.getInstanceId()); /* * Make sure port 22 is connectable */ for (GroupIdentifier g : this.instance.getSecurityGroups()) { IpPermission ip = new IpPermission(); ip.setIpProtocol("tcp"); ip.setFromPort(22); ip.setToPort(22); AuthorizeSecurityGroupIngressRequest r = new AuthorizeSecurityGroupIngressRequest(); r = r.withIpPermissions(ip.withIpRanges("0.0.0.0/0")); r.setGroupId(g.getGroupId()); try { ec2client.authorizeSecurityGroupIngress(r); } catch (AmazonServiceException as) { /* * If exception is from duplicate room, ignore it. */ if (!as.getErrorCode().equals("InvalidPermission.Duplicate")) throw as; } } } catch (Exception e) { throw new ProviderException("Invalied Request", e); } SSHSecurityContextImpl sshContext = ((SSHSecurityContextImpl) invocationContext .getSecurityContext(SSH_SECURITY_CONTEXT)); if (sshContext == null) { sshContext = new SSHSecurityContextImpl(); } sshContext.setUsername(username); sshContext.setKeyPass(""); sshContext.setPrivateKeyLoc(privateKeyFilePath); invocationContext.addSecurityContext(SSH_SECURITY_CONTEXT, sshContext); //set to super class /*setUsername(username); setPassword(""); setKnownHostsFileName(null); setKeyFileName(privateKeyFilePath);*/ // we need to erase gridftp URL since we will forcefully use SFTP // TODO /*execContext.setHost(this.instance.getPublicDnsName()); execContext.getHostDesc().getHostConfiguration().setGridFTPArray(null); execContext.setFileTransferService(new SshFileTransferService(execContext, this.username, privateKeyFilePath));*/ }
From source file:org.apache.airavata.gfac.ec2.EC2Provider.java
License:Apache License
/** * Checks whether the port 22 of the Amazon instance is accessible. * * @param instance Amazon instance id./*w w w.j a va2 s . co m*/ * @param ec2client AmazonEC2Client object */ private void checkConnection(Instance instance, AmazonEC2Client ec2client) { /* Make sure port 22 is connectible */ for (GroupIdentifier g : instance.getSecurityGroups()) { IpPermission ip = new IpPermission(); ip.setIpProtocol("tcp"); ip.setFromPort(SSH_PORT); ip.setToPort(SSH_PORT); AuthorizeSecurityGroupIngressRequest r = new AuthorizeSecurityGroupIngressRequest(); r = r.withIpPermissions(ip.withIpRanges("0.0.0.0/0")); r.setGroupId(g.getGroupId()); try { ec2client.authorizeSecurityGroupIngress(r); } catch (AmazonServiceException as) { /* If exception is from duplicate room, ignore it. */ if (!as.getErrorCode().equals("InvalidPermission.Duplicate")) throw as; } } }