stackforge-attic/murano-conductor
Code Issues Proposed changes

Added Default Murano Security group (workaround for MRN-630)

Browse Source 
A new security group (called MuranoDefaultSecurityGroup) added.
This group has tcp ports 22 an 3389 open, as well as icmp enabled.
All murano-deployed instances are added to this group.
SQLServer instances additionally are added to MsSqlSecurityGroup

Change-Id: I7cec5a44d95ae9e24a631a13504859125c01bbb5
This commit is contained in:
Alexander Tivelkov 2013-09-12 12:50:34 +04:00
parent 52d7886037
commit 912b5b8653
3 changed files with 57 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
data/templates/cf/Windows-w-SQL-security.template → data/templates/cf/SQL-security.template
View File

@ -1,26 +1,11 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"KeyName": {
"Description": "Key Pair name for Load Balancer",
"Type": "String",
"Default": "murano-lb-key"
}
},
"Resources": {
"$instanceName": {
"Type": "AWS::EC2::Instance",
"Properties": {
"InstanceType": "$instanceType",
"ImageId": "$imageName",
"AvailabilityZone": "$availabilityZone",
"UserData": "$userData",
"SecurityGroups" : [ {"Ref" : "MsSqlSecuritygroup"} ]
"SecurityGroups" : [ {"Ref" : "MsSqlSecurityGroup"} ]
}
},
"MsSqlSecuritygroup": {
"MsSqlSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"SecurityGroupIngress": [
@ -52,8 +37,5 @@
"GroupDescription": "Enable MS SQL access"
}
}
},
"Outputs": {
}
}

31
data/templates/cf/Windows.template
View File

@ -16,9 +16,36 @@
"InstanceType" : "$instanceType",
"ImageId" : "$imageName",
"AvailabilityZone" : "$availabilityZone",
"UserData": "$userData"
"UserData": "$userData",
"SecurityGroups" : [ {"Ref" : "MuranoDefaultSecurityGroup"} ]
}
}
},
"MuranoDefaultSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"SecurityGroupIngress": [
{
"ToPort": 3389,
"IpProtocol": "tcp",
"FromPort": 3389,
"CidrIp": "0.0.0.0/0"
},
{
"ToPort": 22,
"IpProtocol": "tcp",
"FromPort": 22,
"CidrIp": "0.0.0.0/0"
},
{
"ToPort": -1,
"IpProtocol": "icmp",
"FromPort": -1,
"CidrIp": "0.0.0.0/0"
}
],
"GroupDescription": "Default security group for Murano Environments"
}
}
},
"Outputs" : {

27
data/workflows/MsSqlServer.xml
View File

@ -13,7 +13,7 @@
<parameter name="id"><select path="id"/></parameter>
<parameter name="text">Creating instance <select path="state.hostname"/> (<select path="name"/>)</parameter>
</report>
<update-cf-stack template="Windows-w-SQL-security" error="exception">
<update-cf-stack template="Windows" error="exception">
<parameter name="mappings">
<map>
<mapping name="instanceName"><select path="state.hostname"/></mapping>
@ -44,6 +44,31 @@
<stop/>
</failure>
</update-cf-stack>
<report entity="unit">
<parameter name="id"><select path="id"/></parameter>
<parameter name="text">Openining SQL ports on <select path="state.hostname"/> (<select path="name"/>)</parameter>
</report>
<update-cf-stack template="SQL-security" error="exception">
<parameter name="mappings">
<map>
<mapping name="instanceName"><select path="state.hostname"/></mapping>
</map>
</parameter>
<success>
<report entity="unit">
<parameter name="id"><select path="id"/></parameter>
<parameter name="text">SQL ports open on <select path="state.hostname"/> (<select path="name"/>)</parameter>
</report>
</success>
<failure>
<report entity="unit" level="error">
<parameter name="id"><select path="id"/></parameter>
<parameter name="text">Unable to open SQL ports on instance <select path="state.hostname"/> (<select path="name"/>) due to <select source="exception" path="message" default="unknown Heat error"/> </parameter>
</report>
<stop/>
</failure>
</update-cf-stack>
</rule>
<rule match="$.services[?(@.type == 'msSqlServer' and @.adminPassword and @.adminPassword != @.state.adminPassword)].units[?(@.temp.instanceName)]"