mirror of
https://github.com/bigchaindb/bigchaindb.git
synced 2024-06-28 00:27:45 +02:00
New option to bind http to localhost on AWS
This commit is contained in:
parent
7e8e6ca430
commit
db257199bb
|
@ -48,6 +48,7 @@ if [ "$USING_EBS" = True ]; then
|
|||
echo "EBS_VOLUME_SIZE = "$EBS_VOLUME_SIZE
|
||||
echo "EBS_OPTIMIZED = "$EBS_OPTIMIZED
|
||||
fi
|
||||
echo "BIND_HTTP_TO_LOCALHOST = "$BIND_HTTP_TO_LOCALHOST
|
||||
|
||||
# Check for the SSH private key file
|
||||
if [ ! -f "$HOME/.ssh/$SSH_KEY_NAME" ]; then
|
||||
|
@ -116,7 +117,7 @@ fab upgrade_setuptools
|
|||
|
||||
if [ "$WHAT_TO_DEPLOY" == "servers" ]; then
|
||||
# (Re)create the RethinkDB configuration file conf/rethinkdb.conf
|
||||
python create_rethinkdb_conf.py
|
||||
python create_rethinkdb_conf.py --bind-http-to-localhost $BIND_HTTP_TO_LOCALHOST
|
||||
# Rollout RethinkDB and start it
|
||||
fab prep_rethinkdb_storage:$USING_EBS
|
||||
fab install_rethinkdb
|
||||
|
|
|
@ -8,8 +8,19 @@ from __future__ import unicode_literals
|
|||
import os
|
||||
import os.path
|
||||
import shutil
|
||||
import argparse
|
||||
from hostlist import public_dns_names
|
||||
|
||||
# Parse the command-line arguments
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument("--bind-http-to-localhost",
|
||||
help="should RethinkDB web interface be bound to localhost?",
|
||||
required=True)
|
||||
args = parser.parse_args()
|
||||
bind_http_to_localhost = args.bind_http_to_localhost
|
||||
|
||||
print('bind_http_to_localhost = {}'.format(bind_http_to_localhost))
|
||||
|
||||
# cwd = current working directory
|
||||
old_cwd = os.getcwd()
|
||||
os.chdir('conf')
|
||||
|
@ -24,6 +35,10 @@ with open('rethinkdb.conf', 'a') as f:
|
|||
f.write('## The host:port of a node that RethinkDB will connect to\n')
|
||||
for public_dns_name in public_dns_names:
|
||||
f.write('join=' + public_dns_name + ':29015\n')
|
||||
if bind_http_to_localhost:
|
||||
f.write('## Bind the web interface port to localhost\n')
|
||||
# 127.0.0.1 is the usual IP address for localhost
|
||||
f.write('bind-http=127.0.0.1\n')
|
||||
|
||||
os.chdir(old_cwd)
|
||||
|
||||
|
|
|
@ -74,3 +74,8 @@ EBS_VOLUME_SIZE=30
|
|||
# Setting EBS_OPTIMIZED=True may cost more, but not always.
|
||||
# If USING_EBS=False, EBS_OPTIMIZED is irrelevant and not used
|
||||
EBS_OPTIMIZED=False
|
||||
|
||||
# BIND_HTTP_TO_LOCALHOST is True or False, depending on whether
|
||||
# you want the RethinkDB web interface port to be bound to localhost
|
||||
# (which is more secure). See https://www.rethinkdb.com/docs/security/
|
||||
BIND_HTTP_TO_LOCALHOST=False
|
|
@ -28,7 +28,7 @@ from awscommon import get_naeips
|
|||
|
||||
SETTINGS = ['NUM_NODES', 'BRANCH', 'WHAT_TO_DEPLOY', 'SSH_KEY_NAME',
|
||||
'USE_KEYPAIRS_FILE', 'IMAGE_ID', 'INSTANCE_TYPE', 'SECURITY_GROUP',
|
||||
'USING_EBS', 'EBS_VOLUME_SIZE', 'EBS_OPTIMIZED']
|
||||
'USING_EBS', 'EBS_VOLUME_SIZE', 'EBS_OPTIMIZED', 'BIND_HTTP_TO_LOCALHOST']
|
||||
|
||||
|
||||
class SettingsTypeError(TypeError):
|
||||
|
@ -104,6 +104,10 @@ if not isinstance(EBS_VOLUME_SIZE, int):
|
|||
if not isinstance(EBS_OPTIMIZED, bool):
|
||||
raise SettingsTypeError('EBS_OPTIMIZED should be a boolean (True or False)')
|
||||
|
||||
if not isinstance(BIND_HTTP_TO_LOCALHOST, bool):
|
||||
raise SettingsTypeError('BIND_HTTP_TO_LOCALHOST should be a boolean '
|
||||
'(True or False)')
|
||||
|
||||
if NUM_NODES > 64:
|
||||
raise ValueError('NUM_NODES should be less than or equal to 64. '
|
||||
'The AWS deployment configuration file sets it to {}'.
|
||||
|
|
|
@ -132,6 +132,7 @@ SECURITY_GROUP="bigchaindb"
|
|||
USING_EBS=True
|
||||
EBS_VOLUME_SIZE=30
|
||||
EBS_OPTIMIZED=False
|
||||
BIND_HTTP_TO_LOCALHOST=False
|
||||
```
|
||||
|
||||
Make a copy of that file and call it whatever you like (e.g. `cp example_deploy_conf.py my_deploy_conf.py`). You can leave most of the settings at their default values, but you must change the value of `SSH_KEY_NAME` to the name of your private SSH key. You can do that with a text editor. Set `SSH_KEY_NAME` to the name you used for `<key-name>` when you generated an RSA key pair for SSH (in basic AWS setup).
|
||||
|
|
Loading…
Reference in New Issue
Block a user