diff --git a/net/gce.sh b/net/gce.sh index 9433bc894b..337a1b9a52 100755 --- a/net/gce.sh +++ b/net/gce.sh @@ -476,6 +476,8 @@ EOF bootstrapLeaderAddress=$customAddress fi + cloud_Initialize "$prefix" + cloud_CreateInstances "$prefix" "$prefix-bootstrap-leader" 1 \ "$imageName" "$bootstrapLeaderMachineType" "$fullNodeBootDiskSizeInGb" \ "$startupScript" "$bootstrapLeaderAddress" "$bootDiskType" diff --git a/net/scripts/ec2-provider.sh b/net/scripts/ec2-provider.sh index 316501f777..1334a7ce14 100644 --- a/net/scripts/ec2-provider.sh +++ b/net/scripts/ec2-provider.sh @@ -101,6 +101,33 @@ cloud_FindInstance() { __cloud_FindInstances "$name" } +# +# cloud_Initialize [networkName] +# +# Perform one-time initialization that may be required for the given testnet. +# +# networkName - unique name of this testnet +# +# This function will be called before |cloud_CreateInstances| +cloud_Initialize() { + declare networkName="$1" + + __cloud_SshPrivateKeyCheck + ( + set -x + aws ec2 delete-key-pair --region "$region" --key-name "$networkName" + aws ec2 import-key-pair --region "$region" --key-name "$networkName" \ + --public-key-material file://"${sshPrivateKey}".pub + ) + + ( + set -x + aws ec2 delete-security-group --region "$region" --group-name "$networkName" || true + aws ec2 create-security-group --region "$region" --group-name "$networkName" --description "Created automatically by $0" + rules=$(cat "$(dirname "${BASH_SOURCE[0]}")"/ec2-security-group-config.json) + aws ec2 authorize-security-group-ingress --region "$region" --group-name "$networkName" --cli-input-json "$rules" + ) +} # # cloud_CreateInstances [networkName] [namePrefix] [numNodes] [imageName] @@ -131,21 +158,13 @@ cloud_CreateInstances() { declare optionalStartupScript="$7" declare optionalAddress="$8" - __cloud_SshPrivateKeyCheck - ( - set -x - aws ec2 delete-key-pair --region "$region" --key-name "$networkName" - aws ec2 import-key-pair --region "$region" --key-name "$networkName" \ - --public-key-material file://"${sshPrivateKey}".pub - ) - declare -a args args=( --key-name "$networkName" --count "$numNodes" --region "$region" --placement "AvailabilityZone=$zone" - --security-groups testnet + --security-groups "$networkName" --image-id "$imageName" --instance-type "$machineType" --tag-specifications "ResourceType=instance,Tags=[{Key=name,Value=$namePrefix}]" diff --git a/net/scripts/ec2-security-group-config.json b/net/scripts/ec2-security-group-config.json new file mode 100644 index 0000000000..f70e1812bc --- /dev/null +++ b/net/scripts/ec2-security-group-config.json @@ -0,0 +1,137 @@ +{ + "IpPermissions": [ + { + "PrefixListIds": [], + "FromPort": 80, + "IpRanges": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "http for block explorer" + } + ], + "ToPort": 80, + "IpProtocol": "tcp", + "UserIdGroupPairs": [], + "Ipv6Ranges": [ + { + "CidrIpv6": "::/0", + "Description": "http for block explorer" + } + ] + }, + { + "PrefixListIds": [], + "FromPort": 8000, + "IpRanges": [ + { + "Description": "fullnode UDP range", + "CidrIp": "0.0.0.0/0" + } + ], + "ToPort": 10000, + "IpProtocol": "udp", + "UserIdGroupPairs": [], + "Ipv6Ranges": [ + { + "CidrIpv6": "::/0", + "Description": "fullnode UDP range" + } + ] + }, + { + "PrefixListIds": [], + "FromPort": 22, + "IpRanges": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "ssh" + } + ], + "ToPort": 22, + "IpProtocol": "tcp", + "UserIdGroupPairs": [], + "Ipv6Ranges": [ + { + "CidrIpv6": "::/0", + "Description": "ssh" + } + ] + }, + { + "PrefixListIds": [], + "FromPort": 873, + "IpRanges": [ + { + "Description": "rsync", + "CidrIp": "0.0.0.0/0" + } + ], + "ToPort": 873, + "IpProtocol": "tcp", + "UserIdGroupPairs": [], + "Ipv6Ranges": [ + { + "CidrIpv6": "::/0", + "Description": "rsync" + } + ] + }, + { + "PrefixListIds": [], + "FromPort": 3001, + "IpRanges": [ + { + "Description": "blockexplorer API port", + "CidrIp": "0.0.0.0/0" + } + ], + "ToPort": 3001, + "IpProtocol": "tcp", + "UserIdGroupPairs": [], + "Ipv6Ranges": [ + { + "CidrIpv6": "::/0", + "Description": "blockexplorer API port" + } + ] + }, + { + "PrefixListIds": [], + "FromPort": 8000, + "IpRanges": [ + { + "Description": "fullnode TCP range", + "CidrIp": "0.0.0.0/0" + } + ], + "ToPort": 10000, + "IpProtocol": "tcp", + "UserIdGroupPairs": [], + "Ipv6Ranges": [ + { + "CidrIpv6": "::/0", + "Description": "fullnode TCP range" + } + ] + }, + { + "PrefixListIds": [], + "FromPort": 8, + "IpRanges": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "allow ping" + } + ], + "ToPort": -1, + "IpProtocol": "icmp", + "UserIdGroupPairs": [], + "Ipv6Ranges": [ + { + "CidrIpv6": "::/0", + "Description": "allow ping" + } + ] + } + ] +} diff --git a/net/scripts/gce-provider.sh b/net/scripts/gce-provider.sh index a0ec63b2ab..66ab58093c 100644 --- a/net/scripts/gce-provider.sh +++ b/net/scripts/gce-provider.sh @@ -76,6 +76,21 @@ cloud_FindInstance() { __cloud_FindInstances "name=$name" } +# +# cloud_Initialize [networkName] +# +# Perform one-time initialization that may be required for the given testnet. +# +# networkName - unique name of this testnet +# +# This function will be called before |cloud_CreateInstances| +cloud_Initialize() { + declare networkName="$1" + # ec2-provider.sh creates firewall rules programmatically, should to the same + # here. + echo "TODO: create $networkName firewall rules programmatically instead of assuming the 'testnet' tag exists" +} + # # cloud_CreateInstances [networkName] [namePrefix] [numNodes] [imageName] # [machineType] [bootDiskSize] [enableGpu]