You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@datalab.apache.org by lf...@apache.org on 2022/02/09 10:03:30 UTC
[incubator-datalab] branch DATALAB-2674 created (now b875dc5)
This is an automated email from the ASF dual-hosted git repository.
lfrolov pushed a change to branch DATALAB-2674
in repository https://gitbox.apache.org/repos/asf/incubator-datalab.git.
at b875dc5 [DATALAB-2674]: added disk and image encryption with wrapped csek
This branch includes the following new commits:
new b875dc5 [DATALAB-2674]: added disk and image encryption with wrapped csek
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@datalab.apache.org
For additional commands, e-mail: commits-help@datalab.apache.org
[incubator-datalab] 01/01: [DATALAB-2674]: added disk and image encryption with wrapped csek
Posted by lf...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lfrolov pushed a commit to branch DATALAB-2674
in repository https://gitbox.apache.org/repos/asf/incubator-datalab.git
commit b875dc5254b25673c09bea1093c48bda3ce54038
Author: leonidfrolov <fr...@gmail.com>
AuthorDate: Wed Feb 9 12:03:19 2022 +0200
[DATALAB-2674]: added disk and image encryption with wrapped csek
---
.../scripts/deploy_datalab.py | 3 +++
.../src/general/conf/datalab.ini | 2 ++
.../src/general/lib/gcp/actions_lib.py | 28 ++++++++++++++++++----
.../general/scripts/gcp/common_create_instance.py | 4 +++-
.../scripts/gcp/common_create_notebook_image.py | 10 ++++----
.../general/scripts/gcp/common_prepare_notebook.py | 9 ++++---
.../src/general/scripts/gcp/dataengine_prepare.py | 17 ++++++++-----
.../general/scripts/gcp/deeplearning_configure.py | 3 ++-
.../src/general/scripts/gcp/jupyter_configure.py | 3 ++-
.../general/scripts/gcp/jupyterlab_configure.py | 3 ++-
.../src/general/scripts/gcp/project_prepare.py | 6 +++--
.../src/general/scripts/gcp/rstudio_configure.py | 3 ++-
.../src/general/scripts/gcp/ssn_prepare.py | 5 ++--
.../src/general/scripts/gcp/superset_configure.py | 3 ++-
.../scripts/gcp/tensor-rstudio_configure.py | 3 ++-
.../src/general/scripts/gcp/tensor_configure.py | 3 ++-
.../src/general/scripts/gcp/zeppelin_configure.py | 3 ++-
17 files changed, 77 insertions(+), 31 deletions(-)
diff --git a/infrastructure-provisioning/scripts/deploy_datalab.py b/infrastructure-provisioning/scripts/deploy_datalab.py
index f4587a8..8f55428 100644
--- a/infrastructure-provisioning/scripts/deploy_datalab.py
+++ b/infrastructure-provisioning/scripts/deploy_datalab.py
@@ -268,6 +268,9 @@ def build_parser():
gcp_parser.add_argument('--gcp_cmek_resource_name', type=str, default='',
help='customer managed encryption key resource name '
'e.g. projects/{project_name}/locations/{us}/keyRings/{keyring_name}/cryptoKeys/{key_name}')
+ gcp_parser.add_argument('--gcp_wrapped_csek', type=str, default='',
+ help='customer supplied encryption key for disk/image encryption in RFC 4648 base64 '
+ 'encoded, RSA-wrapped 2048-bit format as rsaEncryptedKey')
gcp_required_args = gcp_parser.add_argument_group('Required arguments')
gcp_required_args.add_argument('--gcp_region', type=str, required=True, help='GCP region')
diff --git a/infrastructure-provisioning/src/general/conf/datalab.ini b/infrastructure-provisioning/src/general/conf/datalab.ini
index 681384b..1ebe64c 100644
--- a/infrastructure-provisioning/src/general/conf/datalab.ini
+++ b/infrastructure-provisioning/src/general/conf/datalab.ini
@@ -236,6 +236,8 @@ block_project_ssh_keys = FALSE
bucket_enable_versioning = false
### gcp customer managed encryption key to use
cmek_resource_name = ''
+### gcp customer supplied wrapped encryption key to use
+gcp_wrapped_csek = ''
### GCP region name for whole DataLab provisioning
region = us-west1
### GCP zone name for whole DataLab provisioning
diff --git a/infrastructure-provisioning/src/general/lib/gcp/actions_lib.py b/infrastructure-provisioning/src/general/lib/gcp/actions_lib.py
index 9bec18a..53df959 100644
--- a/infrastructure-provisioning/src/general/lib/gcp/actions_lib.py
+++ b/infrastructure-provisioning/src/general/lib/gcp/actions_lib.py
@@ -274,7 +274,7 @@ class GCPActions:
file=sys.stdout)}))
traceback.print_exc(file=sys.stdout)
- def create_disk(self, instance_name, zone, size, secondary_image_name):
+ def create_disk(self, instance_name, zone, size, secondary_image_name, rsa_encrypted_csek=''):
try:
if secondary_image_name == 'None':
params = {"sizeGb": size, "name": instance_name + '-secondary',
@@ -283,6 +283,8 @@ class GCPActions:
params = {"sizeGb": size, "name": instance_name + '-secondary',
"type": "projects/{0}/zones/{1}/diskTypes/pd-ssd".format(self.project, zone),
"sourceImage": secondary_image_name}
+ if rsa_encrypted_csek:
+ params['diskEncryptionKey'] = {"rsaEncryptedKey": rsa_encrypted_csek}
request = self.service.disks().insert(project=self.project, zone=zone, body=params)
result = request.execute()
datalab.meta_lib.GCPMeta().wait_for_operation(result['name'], zone=zone)
@@ -324,7 +326,7 @@ class GCPActions:
network_tag, labels, static_ip='',
primary_disk_size='12', secondary_disk_size='30',
gpu_accelerator_type='None', gpu_accelerator_count='1',
- os_login_enabled='FALSE', block_project_ssh_keys='FALSE'):
+ os_login_enabled='FALSE', block_project_ssh_keys='FALSE', rsa_encrypted_csek=''):
key = RSA.importKey(open(ssh_key_path, 'rb').read())
ssh_key = key.publickey().exportKey("OpenSSH").decode('UTF-8')
unique_index = datalab.meta_lib.GCPMeta().get_index_by_service_account_name(service_account_name)
@@ -341,7 +343,7 @@ class GCPActions:
"natIP": static_ip
}]
if instance_class == 'notebook':
- GCPActions().create_disk(instance_name, zone, secondary_disk_size, secondary_image_name)
+ GCPActions().create_disk(instance_name, zone, secondary_disk_size, secondary_image_name, rsa_encrypted_csek)
disks = [
{
"name": instance_name,
@@ -371,7 +373,7 @@ class GCPActions:
}
]
elif instance_class == 'dataengine':
- GCPActions().create_disk(instance_name, zone, secondary_disk_size, secondary_image_name)
+ GCPActions().create_disk(instance_name, zone, secondary_disk_size, secondary_image_name, rsa_encrypted_csek)
disks = [{
"name": instance_name,
"tag_name": cluster_name + '-volume-primary',
@@ -411,6 +413,15 @@ class GCPActions:
"boot": 'true',
"mode": "READ_WRITE"
}]
+
+ if service_base_name in image_name and rsa_encrypted_csek:
+ for disk in disks:
+ disk["initializeParams"]["sourceImageEncryptionKey"] = {"rsaEncryptedKey": rsa_encrypted_csek}
+ disk["diskEncryptionKey"] = {"rsaEncryptedKey": rsa_encrypted_csek}
+ elif rsa_encrypted_csek:
+ for disk in disks:
+ disk["diskEncryptionKey"] = {"rsaEncryptedKey": rsa_encrypted_csek}
+
instance_params = {
"name": instance_name,
"machineType": "zones/{}/machineTypes/{}".format(zone, instance_size),
@@ -804,14 +815,21 @@ class GCPActions:
file=sys.stdout)}))
traceback.print_exc(file=sys.stdout)
- def create_image_from_instance_disks(self, primary_image_name, secondary_image_name, instance_name, zone, labels):
+ def create_image_from_instance_disks(self, primary_image_name, secondary_image_name, instance_name, zone, labels,
+ rsa_encrypted_csek=''):
primary_disk_name = "projects/{0}/zones/{1}/disks/{2}".format(self.project, zone, instance_name)
secondary_disk_name = "projects/{0}/zones/{1}/disks/{2}-secondary".format(self.project, zone, instance_name)
labels.update({"name": primary_image_name})
primary_params = {"name": primary_image_name, "sourceDisk": primary_disk_name, "labels": labels}
+ if rsa_encrypted_csek:
+ primary_params["imageEncryptionKey"] = {"rsaEncryptedKey": rsa_encrypted_csek}
+ primary_params["sourceDiskEncryptionKey"] = {"rsaEncryptedKey": rsa_encrypted_csek}
primary_request = self.service.images().insert(project=self.project, body=primary_params)
labels.update({"name": secondary_image_name})
secondary_params = {"name": secondary_image_name, "sourceDisk": secondary_disk_name, "labels": labels}
+ if rsa_encrypted_csek:
+ secondary_params["imageEncryptionKey"] = {"rsaEncryptedKey": rsa_encrypted_csek}
+ secondary_params["sourceDiskEncryptionKey"] = {"rsaEncryptedKey": rsa_encrypted_csek}
secondary_request = self.service.images().insert(project=self.project, body=secondary_params)
id_list=[]
try:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/common_create_instance.py b/infrastructure-provisioning/src/general/scripts/gcp/common_create_instance.py
index adf2bf5..1890c98 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/common_create_instance.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/common_create_instance.py
@@ -52,6 +52,7 @@ parser.add_argument('--cluster_name', type=str, default='')
parser.add_argument('--service_base_name', type=str, default='')
parser.add_argument('--os_login_enabled', type=str, default='FALSE')
parser.add_argument('--block_project_ssh_keys', type=str, default='FALSE')
+parser.add_argument('--rsa_encrypted_csek', type=str, default='')
args = parser.parse_args()
@@ -67,7 +68,8 @@ if __name__ == "__main__":
args.secondary_image_name, args.service_account_name, args.instance_class,
args.network_tag, json.loads(args.labels), args.static_ip,
args.primary_disk_size, args.secondary_disk_size, args.gpu_accelerator_type,
- args.gpu_accelerator_count, args.os_login_enabled, args.block_project_ssh_keys)
+ args.gpu_accelerator_count, args.os_login_enabled, args.block_project_ssh_keys,
+ args.rsa_encrypted_csek)
else:
parser.print_help()
sys.exit(2)
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/common_create_notebook_image.py b/infrastructure-provisioning/src/general/scripts/gcp/common_create_notebook_image.py
index 1be0d2e..25c8a54 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/common_create_notebook_image.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/common_create_notebook_image.py
@@ -60,16 +60,18 @@ if __name__ == "__main__":
"image": image_conf['image_name'],
os.environ['conf_billing_tag_key']: os.environ['conf_billing_tag_value']}
image_conf['instance_name'] = '{0}-{1}-{2}-nb-{3}'.format(image_conf['service_base_name'],
- image_conf['project_name'],
- image_conf['endpoint_name'],
- image_conf['exploratory_name'])
+ image_conf['project_name'],
+ image_conf['endpoint_name'],
+ image_conf['exploratory_name'])
+
image_conf['zone'] = os.environ['gcp_zone']
logging.info('[CREATING IMAGE]')
primary_image_id = GCPMeta.get_image_by_name(image_conf['expected_primary_image_name'])
if primary_image_id == '':
image_id_list = GCPActions.create_image_from_instance_disks(
image_conf['expected_primary_image_name'], image_conf['expected_secondary_image_name'],
- image_conf['instance_name'], image_conf['zone'], image_conf['image_labels'])
+ image_conf['instance_name'], image_conf['zone'], image_conf['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/common_prepare_notebook.py b/infrastructure-provisioning/src/general/scripts/gcp/common_prepare_notebook.py
index 4b8c104..6d8e3d3 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/common_prepare_notebook.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/common_prepare_notebook.py
@@ -150,6 +150,7 @@ if __name__ == "__main__":
notebook_config['gcp_os_login_enabled'] = os.environ['gcp_os_login_enabled']
notebook_config['gcp_block_project_ssh_keys'] = os.environ['gcp_block_project_ssh_keys']
+ notebook_config['gcp_wrapped_csek'] = os.environ['gcp_wrapped_csek']
notebook_config['gpu_accelerator_type'] = 'None'
notebook_config['gpu_accelerator_count'] = 'None'
@@ -194,8 +195,9 @@ if __name__ == "__main__":
params = "--instance_name {0} --region {1} --zone {2} --vpc_name {3} --subnet_name {4} --instance_size {5} " \
"--ssh_key_path {6} --initial_user {7} --service_account_name {8} --image_name {9} " \
"--secondary_image_name {10} --instance_class {11} --primary_disk_size {12} " \
- "--secondary_disk_size {13} --gpu_accelerator_type {14} --gpu_accelerator_count {15} --network_tag {16} --labels '{17}' " \
- "--service_base_name {18} --os_login_enabled {19} --block_project_ssh_keys {20}".\
+ "--secondary_disk_size {13} --gpu_accelerator_type {14} --gpu_accelerator_count {15} " \
+ "--network_tag {16} --labels '{17}' --service_base_name {18} --os_login_enabled {19} " \
+ "--block_project_ssh_keys {20} --rsa_encrypted_csek '{21}'".\
format(notebook_config['instance_name'], notebook_config['region'], notebook_config['zone'],
notebook_config['vpc_name'], notebook_config['subnet_name'], notebook_config['instance_size'],
notebook_config['ssh_key_path'], notebook_config['initial_user'],
@@ -204,7 +206,8 @@ if __name__ == "__main__":
notebook_config['secondary_disk_size'], notebook_config['gpu_accelerator_type'],
notebook_config['gpu_accelerator_count'], notebook_config['network_tag'],
json.dumps(notebook_config['labels']), notebook_config['service_base_name'],
- notebook_config['gcp_os_login_enabled'], notebook_config['gcp_block_project_ssh_keys'])
+ notebook_config['gcp_os_login_enabled'], notebook_config['gcp_block_project_ssh_keys'],
+ notebook_config['gcp_wrapped_csek'])
try:
subprocess.run("~/scripts/{}.py {}".format('common_create_instance', params), shell=True, check=True)
except:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/dataengine_prepare.py b/infrastructure-provisioning/src/general/scripts/gcp/dataengine_prepare.py
index 078f442..d2cd931 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/dataengine_prepare.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/dataengine_prepare.py
@@ -100,6 +100,7 @@ if __name__ == "__main__":
data_engine['gcp_os_login_enabled'] = os.environ['gcp_os_login_enabled']
data_engine['gcp_block_project_ssh_keys'] = os.environ['gcp_block_project_ssh_keys']
+ data_engine['gcp_wrapped_csek'] = os.environ['gcp_wrapped_csek']
data_engine['cluster_name'] = "{}-{}-{}-de-{}".format(data_engine['service_base_name'],
data_engine['project_name'],
data_engine['endpoint_name'],
@@ -191,8 +192,9 @@ if __name__ == "__main__":
params = "--instance_name {0} --region {1} --zone {2} --vpc_name {3} --subnet_name {4} --instance_size {5} " \
"--ssh_key_path {6} --initial_user {7} --service_account_name {8} --image_name {9} " \
"--secondary_image_name {10} --instance_class {11} --primary_disk_size {12} " \
- "--secondary_disk_size {13} --gpu_accelerator_type {14} --gpu_accelerator_count {15} --network_tag {16} --cluster_name {17} " \
- "--labels '{18}' --service_base_name {19} --os_login_enabled {20} --block_project_ssh_keys {21}". \
+ "--secondary_disk_size {13} --gpu_accelerator_type {14} --gpu_accelerator_count {15} " \
+ "--network_tag {16} --cluster_name {17} --labels '{18}' --service_base_name {19} " \
+ "--os_login_enabled {20} --block_project_ssh_keys {21} --rsa_encrypted_csek '{22}'". \
format(data_engine['master_node_name'], data_engine['region'], data_engine['zone'], data_engine['vpc_name'],
data_engine['subnet_name'], data_engine['master_size'], data_engine['ssh_key_path'], initial_user,
data_engine['dataengine_service_account_name'], data_engine['primary_image_name'],
@@ -200,7 +202,8 @@ if __name__ == "__main__":
data_engine['secondary_disk_size'], data_engine['gpu_master_accelerator_type'],
data_engine['gpu_master_accelerator_count'], data_engine['network_tag'], data_engine['cluster_name'],
json.dumps(data_engine['master_labels']), data_engine['service_base_name'],
- data_engine['gcp_os_login_enabled'], data_engine['gcp_block_project_ssh_keys'])
+ data_engine['gcp_os_login_enabled'], data_engine['gcp_block_project_ssh_keys'],
+ data_engine['gcp_wrapped_csek'])
try:
subprocess.run("~/scripts/{}.py {}".format('common_create_instance', params), shell=True, check=True)
except:
@@ -218,8 +221,9 @@ if __name__ == "__main__":
params = "--instance_name {0} --region {1} --zone {2} --vpc_name {3} --subnet_name {4} " \
"--instance_size {5} --ssh_key_path {6} --initial_user {7} --service_account_name {8} " \
"--image_name {9} --secondary_image_name {10} --instance_class {11} --primary_disk_size {12} " \
- "--secondary_disk_size {13} --gpu_accelerator_type {14} --gpu_accelerator_count {15} --network_tag {16} --cluster_name {17} " \
- "--labels '{18}' --service_base_name {19} --os_login_enabled {20} --block_project_ssh_keys {21}". \
+ "--secondary_disk_size {13} --gpu_accelerator_type {14} --gpu_accelerator_count {15} " \
+ "--network_tag {16} --cluster_name {17} --labels '{18}' --service_base_name {19} " \
+ "--os_login_enabled {20} --block_project_ssh_keys {21} --rsa_encrypted_csek '{22}'". \
format(slave_name, data_engine['region'], data_engine['zone'],
data_engine['vpc_name'], data_engine['subnet_name'], data_engine['slave_size'],
data_engine['ssh_key_path'], initial_user, data_engine['dataengine_service_account_name'],
@@ -228,7 +232,8 @@ if __name__ == "__main__":
data_engine['secondary_disk_size'], data_engine['gpu_slave_accelerator_type'],
data_engine['gpu_slave_accelerator_count'], data_engine['network_tag'],
data_engine['cluster_name'], json.dumps(data_engine['slave_labels']),
- data_engine['service_base_name'], data_engine['gcp_os_login_enabled'], data_engine['gcp_block_project_ssh_keys'])
+ data_engine['service_base_name'], data_engine['gcp_os_login_enabled'],
+ data_engine['gcp_block_project_ssh_keys'], data_engine['gcp_wrapped_csek'])
try:
subprocess.run("~/scripts/{}.py {}".format('common_create_instance', params), shell=True, check=True)
except:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/deeplearning_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/deeplearning_configure.py
index be615de..6c3258d 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/deeplearning_configure.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/deeplearning_configure.py
@@ -208,7 +208,8 @@ if __name__ == "__main__":
logging.info("Looks like it's first time we configure notebook server. Creating images.")
image_id_list = GCPActions.create_image_from_instance_disks(
notebook_config['expected_primary_image_name'], notebook_config['expected_secondary_image_name'],
- notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'])
+ notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/jupyter_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/jupyter_configure.py
index 9a85703..05d7c51 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/jupyter_configure.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/jupyter_configure.py
@@ -210,7 +210,8 @@ if __name__ == "__main__":
logging.info("Looks like it's first time we configure notebook server. Creating images.")
image_id_list = GCPActions.create_image_from_instance_disks(
notebook_config['expected_primary_image_name'], notebook_config['expected_secondary_image_name'],
- notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'])
+ notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/jupyterlab_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/jupyterlab_configure.py
index 100999a..d85930d 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/jupyterlab_configure.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/jupyterlab_configure.py
@@ -208,7 +208,8 @@ if __name__ == "__main__":
logging.info("Looks like it's first time we configure notebook server. Creating images.")
image_id_list = GCPActions.create_image_from_instance_disks(
notebook_config['expected_primary_image_name'], notebook_config['expected_secondary_image_name'],
- notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'])
+ notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/project_prepare.py b/infrastructure-provisioning/src/general/scripts/gcp/project_prepare.py
index 56591cf..446c8e6 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/project_prepare.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/project_prepare.py
@@ -513,6 +513,7 @@ if __name__ == "__main__":
project_conf['gcp_os_login_enabled'] = os.environ['gcp_os_login_enabled']
project_conf['gcp_block_project_ssh_keys'] = os.environ['gcp_block_project_ssh_keys']
+ project_conf['gcp_wrapped_csek'] = os.environ['gcp_wrapped_csek']
try:
project_conf['static_ip'] = \
@@ -521,13 +522,14 @@ if __name__ == "__main__":
params = "--instance_name {} --region {} --zone {} --vpc_name {} --subnet_name {} --instance_size {} " \
"--ssh_key_path {} --initial_user {} --service_account_name {} --image_name {} --instance_class {} " \
"--static_ip {} --network_tag {} --labels '{}' --service_base_name {} --os_login_enabled {} " \
- "--block_project_ssh_keys {}".format(
+ "--block_project_ssh_keys {} --rsa_encrypted_csek '{}'".format(
project_conf['instance_name'], project_conf['region'], project_conf['zone'], project_conf['vpc_name'],
project_conf['subnet_name'], project_conf['instance_size'], project_conf['ssh_key_path'],
project_conf['initial_user'], project_conf['edge_service_account_name'], project_conf['image_name'],
'edge', project_conf['static_ip'], project_conf['network_tag'],
json.dumps(project_conf['instance_labels']), project_conf['service_base_name'],
- project_conf['gcp_os_login_enabled'], project_conf['gcp_block_project_ssh_keys'])
+ project_conf['gcp_os_login_enabled'], project_conf['gcp_block_project_ssh_keys'],
+ project_conf['gcp_wrapped_csek'])
try:
subprocess.run("~/scripts/{}.py {}".format('common_create_instance', params), shell=True, check=True)
except:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/rstudio_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/rstudio_configure.py
index dae62df..f1ae637 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/rstudio_configure.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/rstudio_configure.py
@@ -212,7 +212,8 @@ if __name__ == "__main__":
logging.info("Looks like it's first time we configure notebook server. Creating images.")
image_id_list = GCPActions.create_image_from_instance_disks(
notebook_config['expected_primary_image_name'], notebook_config['expected_secondary_image_name'],
- notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'])
+ notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/ssn_prepare.py b/infrastructure-provisioning/src/general/scripts/gcp/ssn_prepare.py
index f485a51..54fddef 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/ssn_prepare.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/ssn_prepare.py
@@ -73,6 +73,7 @@ if __name__ == "__main__":
ssn_conf['allowed_ip_cidr'] = os.environ['conf_allowed_ip_cidr']
ssn_conf['gcp_os_login_enabled'] = os.environ['gcp_os_login_enabled']
ssn_conf['gcp_block_project_ssh_keys'] = os.environ['gcp_block_project_ssh_keys']
+ ssn_conf['gcp_wrapped_csek'] = os.environ['gcp_wrapped_csek']
except Exception as err:
datalab.fab.append_result("Failed to generate variables dictionary.", str(err))
@@ -269,13 +270,13 @@ if __name__ == "__main__":
" --ssh_key_path {6} --initial_user {7} --service_account_name {8} --image_name {9}"\
" --instance_class {10} --static_ip {11} --network_tag {12} --labels '{13}' " \
"--primary_disk_size {14} --service_base_name {15} --os_login_enabled {16} " \
- "--block_project_ssh_keys {17}".\
+ "--block_project_ssh_keys {17} --rsa_encrypted_csek '{18}'".\
format(ssn_conf['instance_name'], ssn_conf['region'], ssn_conf['zone'], ssn_conf['vpc_name'],
ssn_conf['subnet_name'], ssn_conf['instance_size'], ssn_conf['ssh_key_path'],
ssn_conf['initial_user'], ssn_conf['service_account_name'], ssn_conf['image_name'], 'ssn',
ssn_conf['static_ip'], ssn_conf['network_tag'], json.dumps(ssn_conf['instance_labels']), '20',
ssn_conf['service_base_name'], ssn_conf['gcp_os_login_enabled'],
- ssn_conf['gcp_block_project_ssh_keys'])
+ ssn_conf['gcp_block_project_ssh_keys'], ssn_conf['gcp_wrapped_csek'])
try:
subprocess.run("~/scripts/{}.py {}".format('common_create_instance', params), shell=True, check=True)
except:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/superset_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/superset_configure.py
index 709a534..8680bee 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/superset_configure.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/superset_configure.py
@@ -254,7 +254,8 @@ if __name__ == "__main__":
logging.info("Looks like it's first time we configure notebook server. Creating images.")
image_id_list = GCPActions.create_image_from_instance_disks(
notebook_config['expected_primary_image_name'], notebook_config['expected_secondary_image_name'],
- notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'])
+ notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/tensor-rstudio_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/tensor-rstudio_configure.py
index a1a990d..d29af7b 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/tensor-rstudio_configure.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/tensor-rstudio_configure.py
@@ -214,7 +214,8 @@ if __name__ == "__main__":
logging.info("Looks like it's first time we configure notebook server. Creating images.")
image_id_list = GCPActions.create_image_from_instance_disks(
notebook_config['expected_primary_image_name'], notebook_config['expected_secondary_image_name'],
- notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'])
+ notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/tensor_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/tensor_configure.py
index dd67bfa..4c3dfec 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/tensor_configure.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/tensor_configure.py
@@ -219,7 +219,8 @@ if __name__ == "__main__":
logging.info("Looks like it's first time we configure notebook server. Creating images.")
image_id_list = GCPActions.create_image_from_instance_disks(
notebook_config['expected_primary_image_name'], notebook_config['expected_secondary_image_name'],
- notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'])
+ notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/zeppelin_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/zeppelin_configure.py
index 78a96a1..5bdc344 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/zeppelin_configure.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/zeppelin_configure.py
@@ -219,7 +219,8 @@ if __name__ == "__main__":
logging.info("Looks like it's first time we configure notebook server. Creating images.")
image_id_list = GCPActions.create_image_from_instance_disks(
notebook_config['expected_primary_image_name'], notebook_config['expected_secondary_image_name'],
- notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'])
+ notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@datalab.apache.org
For additional commands, e-mail: commits-help@datalab.apache.org