iSharkFly-Docs
/
packer-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #6843 from gmmephisto/pr-master-aws-security-group 

aws: wait for temporary security group before authorize rules
This commit is contained in:
Megan Marsh 2018-10-17 14:08:49 -07:00 committed by GitHub
parent e7d3a30c0e 00c96fc400
commit 2266514408
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
builder/amazon/common/step_security_group.go
View File

@ -74,38 +74,7 @@ func (s *StepSecurityGroup) Run(_ context.Context, state multistep.StateBag) mul
// Set the group ID so we can delete it later // Set the group ID so we can delete it later
s.createdGroupId = *groupResp.GroupId s.createdGroupId = *groupResp.GroupId
// Authorize the SSH access for the security group // Wait for the security group become available for authorizing
req := &ec2.AuthorizeSecurityGroupIngressInput{
GroupId: groupResp.GroupId,
IpProtocol: aws.String("tcp"),
FromPort: aws.Int64(int64(port)),
ToPort: aws.Int64(int64(port)),
CidrIp: aws.String(s.TemporarySGSourceCidr),
}
// We loop and retry this a few times because sometimes the security
// group isn't available immediately because AWS resources are eventually
// consistent.
ui.Say(fmt.Sprintf(
"Authorizing access to port %d from %s in the temporary security group...",
port, s.TemporarySGSourceCidr))
for i := 0; i < 5; i++ {
_, err = ec2conn.AuthorizeSecurityGroupIngress(req)
if err == nil {
break
}
log.Printf("Error authorizing. Will sleep and retry. %s", err)
time.Sleep((time.Duration(i) * time.Second) + 1)
}
if err != nil {
err := fmt.Errorf("Error creating temporary security group: %s", err)
state.Put("error", err)
ui.Error(err.Error())
return multistep.ActionHalt
}
log.Printf("[DEBUG] Waiting for temporary security group: %s", s.createdGroupId) log.Printf("[DEBUG] Waiting for temporary security group: %s", s.createdGroupId)
err = waitUntilSecurityGroupExists(ec2conn, err = waitUntilSecurityGroupExists(ec2conn,
&ec2.DescribeSecurityGroupsInput{ &ec2.DescribeSecurityGroupsInput{
@ -121,6 +90,34 @@ func (s *StepSecurityGroup) Run(_ context.Context, state multistep.StateBag) mul
return multistep.ActionHalt return multistep.ActionHalt
} }
// Authorize the SSH access for the security group
groupRules := &ec2.AuthorizeSecurityGroupIngressInput{
GroupId: groupResp.GroupId,
IpPermissions: []*ec2.IpPermission{
{
FromPort: aws.Int64(int64(port)),
ToPort: aws.Int64(int64(port)),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String(s.TemporarySGSourceCidr),
},
},
IpProtocol: aws.String("tcp"),
},
},
}
ui.Say(fmt.Sprintf(
"Authorizing access to port %d from %s in the temporary security group...",
port, s.TemporarySGSourceCidr))
_, err = ec2conn.AuthorizeSecurityGroupIngress(groupRules)
if err != nil {
err := fmt.Errorf("Error authorizing temporary security group: %s", err)
state.Put("error", err)
ui.Error(err.Error())
return multistep.ActionHalt
}
// Set some state data for use in future steps // Set some state data for use in future steps
state.Put("securityGroupIds", []string{s.createdGroupId}) state.Put("securityGroupIds", []string{s.createdGroupId})