You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

241 lines
8.8 KiB

5 years ago
  1. import boto3
  2. from botocore.exceptions import ClientError
  3. region = 'eu-central-1'
  4. availabilityZone = 'eu-central-1b'
  5. imageId = 'ami-0cc293023f983ed53'
  6. instanceType = 't3.nano'
  7. keyName = 'srieger-pub'
  8. userData = ('#!/bin/bash\n'
  9. 'COTURN_VERSION="4.5.1.1"\n'
  10. 'LIBEVENT_VERSION="2.0.21"\n'
  11. '\n'
  12. '# extra repo for RedHat rpms\n'
  13. 'yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm\n'
  14. '# essential tools\n'
  15. 'yum install -y joe htop git\n'
  16. '# coturn requirements\n'
  17. 'yum install -y gcc openssl-devel\n'
  18. 'yum install -y sqlite-devel mysql-devel hiredis-devel mongo-c-driver-devel\n'
  19. '\n'
  20. '### libevent installation ###\n'
  21. 'wget https://github.com/downloads/libevent/libevent/libevent-$LIBEVENT_VERSION-stable.tar.gz\n'
  22. '\n'
  23. 'tar xvfz libevent-$LIBEVENT_VERSION-stable.tar.gz\n'
  24. 'cd libevent-$LIBEVENT_VERSION-stable\n'
  25. './configure\n'
  26. 'make\n'
  27. 'make install\n'
  28. '\n'
  29. '### turnserver installation ###\n'
  30. 'wget https://coturn.net/turnserver/v$COTURN_VERSION/turnserver-$COTURN_VERSION.tar.gz\n'
  31. 'tar xvfz turnserver-$COTURN_VERSION.tar.gz\n'
  32. 'cd turnserver-$COTURN_VERSION\n'
  33. './configure\n'
  34. 'make\n'
  35. 'make install\n'
  36. '\n'
  37. 'openssl req -new -subj "/CN=coturn" -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out /usr/local/etc/turn_server_cert.pem -keyout /usr/local/etc/turn_server_pkey.pem\n'
  38. '\n'
  39. '/usr/local/bin/turnadmin -a -u srieger -r hs-fulda.de -p coturnserver2019\n'
  40. '/usr/local/bin/turnadmin -A -u srieger -p coturnserver2019\n'
  41. '\n'
  42. 'MAC_ETH0=$(cat /sys/class/net/eth0/address)\n'
  43. 'MAC_ETH1=$(cat /sys/class/net/eth1/address)\n'
  44. 'LOCAL_IPV4S_ETH0=$(curl http://169.254.169.254/latest/meta-data/network/interfaces/macs/$MAC_ETH0/local-ipv4s)\n'
  45. 'LOCAL_IPV4S_ETH1=$(curl http://169.254.169.254/latest/meta-data/network/interfaces/macs/$MAC_ETH1/local-ipv4s)\n'
  46. 'PUBLIC_IPV4S_ETH0=$(curl http://169.254.169.254/latest/meta-data/network/interfaces/macs/$MAC_ETH0/public-ipv4s)\n'
  47. 'PUBLIC_IPV4S_ETH1=$(curl http://169.254.169.254/latest/meta-data/network/interfaces/macs/$MAC_ETH1/public-ipv4s)\n'
  48. '\n'
  49. 'cat <<EOF > /usr/local/etc/turnserver.conf\n'
  50. 'verbose\n'
  51. 'listening-ip=$LOCAL_IPV4S_ETH0\n'
  52. 'listening-ip=$LOCAL_IPV4S_ETH1\n'
  53. 'relay-ip=$LOCAL_IPV4S_ETH0\n'
  54. 'relay-ip=$LOCAL_IPV4S_ETH1\n'
  55. 'external-ip=$PUBLIC_IPV4S_ETH0/$LOCAL_IPV4S_ETH0\n'
  56. 'external-ip=$PUBLIC_IPV4S_ETH1/$LOCAL_IPV4S_ETH1\n'
  57. 'fingerprint\n'
  58. 'lt-cred-mech\n'
  59. '#use-auth-secret\n'
  60. '#static-auth-secret=751c45cae60a2839711a94c8d6bf0089e78b2149ca602fdXXXXXXXXXXXXXXXXX\n'
  61. 'realm=hs-fulda.de\n'
  62. 'total-quota=100\n'
  63. 'stale-nonce\n'
  64. 'cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5"\n'
  65. '#no-stun\n'
  66. '#no-loopback-peers\n'
  67. '#no-multicast-peers\n'
  68. 'cli-password=coturnserver2019\n'
  69. 'web-admin\n'
  70. 'web-admin-ip=$LOCAL_IPV4S_ETH0\n'
  71. 'EOF\n'
  72. '\n'
  73. '/usr/local/bin/turnserver\n'
  74. )
  75. # convert with: cat install-coturn | sed "s/^/'/; s/$/\\\n'/"
  76. client = boto3.setup_default_session(region_name=region)
  77. ec2Client = boto3.client("ec2")
  78. ec2Resource = boto3.resource('ec2')
  79. response = ec2Client.describe_vpcs()
  80. vpc_id = response.get('Vpcs', [{}])[0].get('VpcId', '')
  81. subnet_id = ec2Client.describe_subnets(
  82. Filters=[
  83. {
  84. 'Name': 'availability-zone', 'Values': [availabilityZone]
  85. }
  86. ])['Subnets'][0]['SubnetId']
  87. print("Deleting old instance...")
  88. print("------------------------------------")
  89. response = ec2Client.describe_instances(Filters=[{'Name': 'tag-key', 'Values': ['coturn']}])
  90. print(response)
  91. reservations = response['Reservations']
  92. for reservation in reservations:
  93. for instance in reservation['Instances']:
  94. if instance['State']['Name'] == "running" or instance['State']['Name'] == "pending":
  95. response = ec2Client.terminate_instances(InstanceIds=[instance['InstanceId']])
  96. print(response)
  97. instanceToTerminate = ec2Resource.Instance(instance['InstanceId'])
  98. instanceToTerminate.wait_until_terminated()
  99. print("Delete old security group...")
  100. print("------------------------------------")
  101. try:
  102. response = ec2Client.delete_security_group(GroupName='coturn')
  103. except ClientError as e:
  104. print(e)
  105. print("Delete old elastic ips...")
  106. print("------------------------------------")
  107. try:
  108. response = ec2Client.describe_addresses(Filters=[{'Name': 'tag-key', 'Values': ['coturn']}])
  109. addresses = response['Addresses']
  110. for address in addresses:
  111. ec2Client.release_address(AllocationId=address['AllocationId'])
  112. except ClientError as e:
  113. print(e)
  114. print("Create security group...")
  115. print("------------------------------------")
  116. try:
  117. response = ec2Client.create_security_group(GroupName='coturn',
  118. Description='coturn',
  119. VpcId=vpc_id)
  120. security_group_id = response['GroupId']
  121. print('Security Group Created %s in vpc %s.' % (security_group_id, vpc_id))
  122. data = ec2Client.authorize_security_group_ingress(
  123. GroupId=security_group_id,
  124. IpPermissions=[
  125. {'IpProtocol': 'tcp',
  126. 'FromPort': 3478,
  127. 'ToPort': 3478,
  128. 'IpRanges': [{'CidrIp': '0.0.0.0/0'}]},
  129. {'IpProtocol': 'udp',
  130. 'FromPort': 3478,
  131. 'ToPort': 3478,
  132. 'IpRanges': [{'CidrIp': '0.0.0.0/0'}]},
  133. {'IpProtocol': 'tcp',
  134. 'FromPort': 5349,
  135. 'ToPort': 5349,
  136. 'IpRanges': [{'CidrIp': '0.0.0.0/0'}]},
  137. {'IpProtocol': 'udp',
  138. 'FromPort': 5349,
  139. 'ToPort': 5349,
  140. 'IpRanges': [{'CidrIp': '0.0.0.0/0'}]},
  141. {'IpProtocol': 'tcp',
  142. 'FromPort': 8080,
  143. 'ToPort': 8080,
  144. 'IpRanges': [{'CidrIp': '0.0.0.0/0'}]},
  145. {'IpProtocol': 'udp',
  146. 'FromPort': 49152,
  147. 'ToPort': 65535,
  148. 'IpRanges': [{'CidrIp': '0.0.0.0/0'}]},
  149. {'IpProtocol': 'tcp',
  150. 'FromPort': 22,
  151. 'ToPort': 22,
  152. 'IpRanges': [{'CidrIp': '0.0.0.0/0'}]}
  153. ])
  154. print('Ingress Successfully Set %s' % data)
  155. except ClientError as e:
  156. print(e)
  157. print("Allocate additional elastic ips...")
  158. print("------------------------------------")
  159. response = ec2Client.allocate_address(
  160. Domain='vpc',
  161. )
  162. firstIpAddressAllocationId = response['AllocationId']
  163. ec2Client.create_tags(Resources=[firstIpAddressAllocationId], Tags=[{'Key': 'coturn', 'Value': 'installed'}])
  164. response = ec2Client.allocate_address(
  165. Domain='vpc',
  166. )
  167. secondIpAddressAllocationId = response['AllocationId']
  168. ec2Client.create_tags(Resources=[secondIpAddressAllocationId], Tags=[{'Key': 'coturn', 'Value': 'installed'}])
  169. print("Running new instance...")
  170. print("------------------------------------")
  171. response = ec2Client.run_instances(
  172. ImageId=imageId,
  173. InstanceType=instanceType,
  174. Placement={'AvailabilityZone': availabilityZone, },
  175. KeyName=keyName,
  176. MinCount=1,
  177. MaxCount=1,
  178. UserData=userData,
  179. NetworkInterfaces=[
  180. {
  181. 'DeviceIndex': 0,
  182. 'Groups': [
  183. security_group_id,
  184. ],
  185. 'SubnetId': subnet_id,
  186. },
  187. {
  188. 'DeviceIndex': 1,
  189. 'Groups': [
  190. security_group_id,
  191. ],
  192. 'SubnetId': subnet_id,
  193. },
  194. ],
  195. TagSpecifications=[
  196. {
  197. 'ResourceType': 'instance',
  198. 'Tags': [
  199. {'Key': 'coturn', 'Value': 'installed'}
  200. ],
  201. }
  202. ],
  203. )
  204. instanceId = response['Instances'][0]['InstanceId']
  205. firstNetworkInterfaceId = response['Instances'][0]['NetworkInterfaces'][0]['NetworkInterfaceId']
  206. secondNetworkInterfaceId = response['Instances'][0]['NetworkInterfaces'][1]['NetworkInterfaceId']
  207. instance = ec2Resource.Instance(instanceId)
  208. instance.wait_until_running()
  209. response = ec2Client.associate_address(
  210. AllocationId=firstIpAddressAllocationId,
  211. NetworkInterfaceId=firstNetworkInterfaceId,
  212. )
  213. response = ec2Client.associate_address(
  214. AllocationId=secondIpAddressAllocationId,
  215. NetworkInterfaceId=secondNetworkInterfaceId,
  216. )
  217. print(instanceId)