-
Notifications
You must be signed in to change notification settings - Fork 4
/
nfs-server.py
133 lines (120 loc) · 5.22 KB
/
nfs-server.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
import os
from stratosphere.resources import Template
from stratosphere.compute import Firewall, Instance
from stratosphere.compute_properties import FirewallAllowedPorts, InstanceTemplateMetadataProperty, \
InstanceTemplateDisksProperty, InstanceTemplateDiskInitializeParamsProperty, \
InstanceTemplateNetworkInterfaceProperty, InstanceTemplateNetworkInterfaceAccessConfigProperty, \
InstanceTemplateTagsProperty, MetadataProperty
from stratosphere.common import ResourceNames
from stratosphere.utils import get_latest_image, load_startup_script
import constants
name = "nfs-server"
startup_script_path = os.path.join(os.path.dirname(__file__), 'startup-scripts', '{}.sh'.format(name))
class NFSServer(Template):
"""
This creates a new instance, attaches a disk, and runs the startup script in
startup-scripts/nfs-server.sh on boot.
This particular implementation expects a constants that is structured like this:
ENV = {
'dev': {
'nfs-server': {
'zone': 'us-central1-b',
'machine_type': 'n1-standard-1',
}
}
It also assumes a persistent disk in the same zone that's called the same value as `name`,
which in this case is 'nfs-server'.
"""
TEMPLATE_TYPE = name
def configure(self):
# Use ResourceNames to get names for networks and subnetworks to be consistent
names = ResourceNames(self.project, self.env)
config = constants.ENV[self.env][name]
instance = Instance(
name=name,
canIpForward=False,
disks=[
InstanceTemplateDisksProperty(
autoDelete=True,
boot=True,
initializeParams=InstanceTemplateDiskInitializeParamsProperty(
sourceImage=get_latest_image(self.project, 'debian-8'),
diskSizeGb=10
),
type=InstanceTemplateDisksProperty.PERSISTENT
),
# This disk was created independently so that DM isn't able to delete it.
# You'll need to manually format the persistent volume before the startup
# script will be able to use it for the first time, since the
# startup script tries to do a mount on boot.
InstanceTemplateDisksProperty(
autoDelete=False,
boot=False,
deviceName=name + '-data', # Shows up as /dev/disk/by-id/google-<deviceName>
source="projects/{project}/zones/{zone}/disks/{disk_name}".format(**{
'project': names.project,
'zone': config['zone'],
'disk_name': name + '-data'}),
type=InstanceTemplateDisksProperty.PERSISTENT,
),
],
machineType='zones/{}/machineTypes/{}'.format(config['zone'], config['machine_type']),
metadata=InstanceTemplateMetadataProperty(
items=[
MetadataProperty(
key='startup-script',
value=load_startup_script(startup_script_path),
)
]
),
networkInterfaces=[
InstanceTemplateNetworkInterfaceProperty(
accessConfigs=[
InstanceTemplateNetworkInterfaceAccessConfigProperty(
name='External Access',
type=InstanceTemplateNetworkInterfaceAccessConfigProperty.ONE_TO_ONE_NAT
)
],
network="projects/{}/global/networks/{}".format(names.project, names.networkName),
subnetwork='regions/{region}/subnetworks/{env}-{region}-subnetwork'.format(**{
'region': names.zone_to_region(config['zone']),
'env': self.env})
)
],
tags=InstanceTemplateTagsProperty(
items=[
'nfs-server',
config['zone']
]
),
zone=config['zone']
)
self.add_resource(instance)
firewall_rules = [
Firewall(
name='{}-nfs-server'.format(self.env),
network="projects/{}/global/networks/{}".format(names.project, names.networkName),
allowed=[
FirewallAllowedPorts(
IPProtocol=FirewallAllowedPorts.TCP,
ports=[
"111",
"2049"
]
),
FirewallAllowedPorts(
IPProtocol=FirewallAllowedPorts.UDP,
ports=[
"111",
"2049"
]
),
FirewallAllowedPorts(
IPProtocol=FirewallAllowedPorts.ICMP
)
],
sourceRanges=[constants.ENV[self.env]['cidr']]
)
]
for rule in firewall_rules:
self.add_resource(rule)