gmariette · March 27, 2021 20:03
diff --git a/main_drp.py b/main_drp.py
 if __name__ == "__main__":
    c = DRP("MY_ACCOUNT")
    for az in c.describeAZ():
        main_logger = logging.getLogger('MAIN')
        main_logger.info('Begin of the operations on az: %s', az)

        waitUserInput()
        c.addActionToDf("[{} / {}] Begin of the operations".format(c.env, az))

        # 0) Create a new az_list without our AZ

        remaining_az = [ x for x in c.describeAZ() if x != az]

        # 1) Identify the subnets from the az

        subnet_list = c.describeSubnets(az)
        main_logger.info('Following subnets (%s) will be removed from ASGs: %s',len(subnet_list), ' - '.join(subnet_list))

        # 2) Create a NACL
        # 2a) Identify VPC id

        vpc_id = c.describeVPC()

        # 2b) Creation of the network ACL
        main_logger.info('Creating a network ACL to block all trafic from %s', az)
        c.addActionToDf("[{} / {}] NACL creation".format(c.env, az))
        drp_network_acl = c.createNACL(vpc_id, az)

        # 2c) Get the current list of network ACL associations for these subnets
        initial_nacl_id, initial_nacl_association_ids = c.describeNACL(subnet_list)
        c.dumpConfigToDisk('nacl', az)
        
        # 2d) Associate desirated subnets with new network ACL

        new_nacl_association = []
        for nacl_association_id in initial_nacl_association_ids:
            new_nacl_association.append({"NetworkAclAssociationId" : c.replaceNACLAssociation(drp_network_acl, nacl_association_id['NetworkAclAssociationId']), "NetworkAclId": drp_network_acl, 'SubnetId': nacl_association_id['SubnetId']})

        
        if c.createDenyAllNACLEntry(drp_network_acl):
            main_logger.info('Ingress rule DENY all created for NACL %s', drp_network_acl)
            if c.createDenyAllNACLEntry(drp_network_acl, egress=True):
                main_logger.info('Egress rule DENY all created for NACL %s', drp_network_acl)

        # 3a) Saving the ASGs configs

        c.saveASGConfig()
        c.addActionToDf("[{} / {}] Save of ASGs configs".format(c.env, az))
        c.dumpConfigToDisk('asg', az)

        # 3b) Update the ASGs by removing the subnets

        for item in c.describeASG():
            if c.env.replace('-','') in item['AutoScalingGroupName']:
                asg_subnets = (item['VPCZoneIdentifier'].split(','))
                common_subnet = ''.join([ x for x in asg_subnets if x in subnet_list])
                new_subnet_list = ','.join([ x for x in asg_subnets if x not in subnet_list])
                main_logger.info('The subnet %s will be removed from ASG %s', item['AutoScalingGroupName'], common_subnet)
                c.updateASGAZ(item['AutoScalingGroupName'], remaining_az, new_subnet_list)
                c.addActionToDf("[{} / {}] Update of ASG {} config".format(c.env, az, item['AutoScalingGroupName']))

        # 4) Terminating instances on our AZ (force kill in case they are not part of an ASG !)

        instances_list = c.describeInstances(az)

        if instances_list:
            c.terminateInstance(instances_list)
            for instance in instances_list:
                c.addActionToDf("[{} / {}] Terminating instance {}".format(c.env, az, instance))

        # 5) Trigger DBs failovers which are in the AZ we want to stop (multithreaded)

        db_list = c.describeRDSinstances()
        restarted_dbs = []
        with concurrent.futures.ThreadPoolExecutor() as executor:
            for db in db_list:
                if db_list[db]['Subnet'] == az:
                    main_logger.info('Database %s is in fall AZ !', db)
                    if db_list[db]['MultiAZ']:
                        main_logger.info('Triggering a db failover.')
                        c.addActionToDf("[{} / {}] Failover DB {}".format(c.env, az, db))
                        threadStartRDS = executor.submit(c.restartRDSinstance, db, True)
                        restarted_dbs.append(db)
                    else:
                        main_logger.error('This database is not multi AZ !')
        if restarted_dbs:
            with concurrent.futures.ThreadPoolExecutor() as executor:
                for db in restarted_dbs:
                    threadWaitRDS = executor.submit(c.waitRDSavailable, db)

        ### ROLLBACK AZ

        main_logger.info('Begin rollback of operations made on az: %s', az)

        waitUserInput()
        c.addActionToDf("[{} / {}] Begin rollback of the operations".format(c.env, az))

        # 1) Restore NACL parameters

        c.addActionToDf("[{} / {}] NACL rollback".format(c.env, az))
        for nacl_association_id in new_nacl_association:
            main_logger.info('Restoring subnet %s to main NACL (%s)', nacl_association_id['SubnetId'], initial_nacl_id)
            c.replaceNACLAssociation(initial_nacl_id, nacl_association_id['NetworkAclAssociationId'])

        # 2) Delete DRP_NACL

        c.deleteNACL(drp_network_acl)

        # 3) Restore ASG config

        c.restoreASGConfig()
        c.addActionToDf("[{} / {}] Restore ASGs configs".format(c.env, az))
        c.dumpDfToDisk()
	if __name__ == "__main__":
	c = DRP("MY_ACCOUNT")
	for az in c.describeAZ():
	main_logger = logging.getLogger('MAIN')
	main_logger.info('Begin of the operations on az: %s', az)

	waitUserInput()
	c.addActionToDf("[{} / {}] Begin of the operations".format(c.env, az))

	# 0) Create a new az_list without our AZ

	remaining_az = [ x for x in c.describeAZ() if x != az]

	# 1) Identify the subnets from the az

	subnet_list = c.describeSubnets(az)
	main_logger.info('Following subnets (%s) will be removed from ASGs: %s',len(subnet_list), ' - '.join(subnet_list))

	# 2) Create a NACL
	# 2a) Identify VPC id

	vpc_id = c.describeVPC()

	# 2b) Creation of the network ACL
	main_logger.info('Creating a network ACL to block all trafic from %s', az)
	c.addActionToDf("[{} / {}] NACL creation".format(c.env, az))
	drp_network_acl = c.createNACL(vpc_id, az)

	# 2c) Get the current list of network ACL associations for these subnets
	initial_nacl_id, initial_nacl_association_ids = c.describeNACL(subnet_list)
	c.dumpConfigToDisk('nacl', az)

	# 2d) Associate desirated subnets with new network ACL

	new_nacl_association = []
	for nacl_association_id in initial_nacl_association_ids:
	new_nacl_association.append({"NetworkAclAssociationId" : c.replaceNACLAssociation(drp_network_acl, nacl_association_id['NetworkAclAssociationId']), "NetworkAclId": drp_network_acl, 'SubnetId': nacl_association_id['SubnetId']})


	if c.createDenyAllNACLEntry(drp_network_acl):
	main_logger.info('Ingress rule DENY all created for NACL %s', drp_network_acl)
	if c.createDenyAllNACLEntry(drp_network_acl, egress=True):
	main_logger.info('Egress rule DENY all created for NACL %s', drp_network_acl)

	# 3a) Saving the ASGs configs

	c.saveASGConfig()
	c.addActionToDf("[{} / {}] Save of ASGs configs".format(c.env, az))
	c.dumpConfigToDisk('asg', az)

	# 3b) Update the ASGs by removing the subnets

	for item in c.describeASG():
	if c.env.replace('-','') in item['AutoScalingGroupName']:
	asg_subnets = (item['VPCZoneIdentifier'].split(','))
	common_subnet = ''.join([ x for x in asg_subnets if x in subnet_list])
	new_subnet_list = ','.join([ x for x in asg_subnets if x not in subnet_list])
	main_logger.info('The subnet %s will be removed from ASG %s', item['AutoScalingGroupName'], common_subnet)
	c.updateASGAZ(item['AutoScalingGroupName'], remaining_az, new_subnet_list)
	c.addActionToDf("[{} / {}] Update of ASG {} config".format(c.env, az, item['AutoScalingGroupName']))

	# 4) Terminating instances on our AZ (force kill in case they are not part of an ASG !)

	instances_list = c.describeInstances(az)

	if instances_list:
	c.terminateInstance(instances_list)
	for instance in instances_list:
	c.addActionToDf("[{} / {}] Terminating instance {}".format(c.env, az, instance))

	# 5) Trigger DBs failovers which are in the AZ we want to stop (multithreaded)

	db_list = c.describeRDSinstances()
	restarted_dbs = []
	with concurrent.futures.ThreadPoolExecutor() as executor:
	for db in db_list:
	if db_list[db]['Subnet'] == az:
	main_logger.info('Database %s is in fall AZ !', db)
	if db_list[db]['MultiAZ']:
	main_logger.info('Triggering a db failover.')
	c.addActionToDf("[{} / {}] Failover DB {}".format(c.env, az, db))
	threadStartRDS = executor.submit(c.restartRDSinstance, db, True)
	restarted_dbs.append(db)
	else:
	main_logger.error('This database is not multi AZ !')
	if restarted_dbs:
	with concurrent.futures.ThreadPoolExecutor() as executor:
	for db in restarted_dbs:
	threadWaitRDS = executor.submit(c.waitRDSavailable, db)

	### ROLLBACK AZ

	main_logger.info('Begin rollback of operations made on az: %s', az)

	waitUserInput()
	c.addActionToDf("[{} / {}] Begin rollback of the operations".format(c.env, az))

	# 1) Restore NACL parameters

	c.addActionToDf("[{} / {}] NACL rollback".format(c.env, az))
	for nacl_association_id in new_nacl_association:
	main_logger.info('Restoring subnet %s to main NACL (%s)', nacl_association_id['SubnetId'], initial_nacl_id)
	c.replaceNACLAssociation(initial_nacl_id, nacl_association_id['NetworkAclAssociationId'])

	# 2) Delete DRP_NACL

	c.deleteNACL(drp_network_acl)

	# 3) Restore ASG config

	c.restoreASGConfig()
	c.addActionToDf("[{} / {}] Restore ASGs configs".format(c.env, az))
	c.dumpDfToDisk()
No results found