How about an optional argument defining a list of inbound ports to authorize at node creation? The default (for example [22]) should be the same across all drivers.
On Monday, January 25, 2010, Paul Querna <[email protected]> wrote: > Any thoughts about how we should make generic firewall configurations? > > For ec2 specifically, its kinda annoying if you boot a node and you > can't... access it at all :) > > > ---------- Forwarded message ---------- > From: <[email protected]> > Date: Mon, Jan 25, 2010 at 1:37 PM > Subject: svn commit: r902984 - > /incubator/libcloud/trunk/libcloud/drivers/ec2.py > To: [email protected] > > > Author: pquerna > Date: Mon Jan 25 21:37:44 2010 > New Revision: 902984 > > URL: http://svn.apache.org/viewvc?rev=902984&view=rev > Log: > Add create_security_group and authorize_security_group_permissive to ec2 > driver. > > Modified: > incubator/libcloud/trunk/libcloud/drivers/ec2.py > > Modified: incubator/libcloud/trunk/libcloud/drivers/ec2.py > URL: > http://svn.apache.org/viewvc/incubator/libcloud/trunk/libcloud/drivers/ec2.py?rev=902984&r1=902983&r2=902984&view=diff > ============================================================================== > --- incubator/libcloud/trunk/libcloud/drivers/ec2.py (original) > +++ incubator/libcloud/trunk/libcloud/drivers/ec2.py Mon Jan 25 21:37:44 2010 > @@ -270,6 +270,42 @@ > self.connection.request('/', params=params).object) > return images > > + def create_security_group(self, name, description): > + params = {'Action': 'CreateSecurityGroup', > + 'GroupName': name, > + 'GroupDescription': description} > + return self.connection.request('/', params=params).object > + > + def authorize_security_group_permissive(self, name): > + results = [] > + params = {'Action': 'AuthorizeSecurityGroupIngress', > + 'GroupName': name, > + 'IpProtocol': 'tcp', > + 'FromPort': '0', > + 'ToPort': '65535', > + 'CidrIp': '0.0.0.0/0'} > + try: > + results.append(self.connection.request('/', > params=params.copy()).object) > + except Exception, e: > + if e.args[0].find("InvalidPermission.Duplicate") == -1: > + raise e > + params['IpProtocol'] = 'udp' > + > + try: > + results.append(self.connection.request('/', > params=params.copy()).object) > + except Exception, e: > + if e.args[0].find("InvalidPermission.Duplicate") == -1: > + raise e > + > + params.update({'IpProtocol': 'icmp', 'FromPort': '-1', 'ToPort': > '-1'}) > + > + try: > + results.append(self.connection.request('/', > params=params.copy()).object) > + except Exception, e: > + if e.args[0].find("InvalidPermission.Duplicate") == -1: > + raise e > + return results > + > # name doesn't apply to EC2 nodes. > def create_node(self, **kwargs): > name = kwargs["name"] >
