You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@datalab.apache.org by lf...@apache.org on 2022/02/09 10:03:31 UTC
[incubator-datalab] 01/01: [DATALAB-2674]: added disk and image encryption with wrapped csek
This is an automated email from the ASF dual-hosted git repository.
lfrolov pushed a commit to branch DATALAB-2674
in repository https://gitbox.apache.org/repos/asf/incubator-datalab.git
commit b875dc5254b25673c09bea1093c48bda3ce54038
Author: leonidfrolov <fr...@gmail.com>
AuthorDate: Wed Feb 9 12:03:19 2022 +0200
[DATALAB-2674]: added disk and image encryption with wrapped csek
---
.../scripts/deploy_datalab.py | 3 +++
.../src/general/conf/datalab.ini | 2 ++
.../src/general/lib/gcp/actions_lib.py | 28 ++++++++++++++++++----
.../general/scripts/gcp/common_create_instance.py | 4 +++-
.../scripts/gcp/common_create_notebook_image.py | 10 ++++----
.../general/scripts/gcp/common_prepare_notebook.py | 9 ++++---
.../src/general/scripts/gcp/dataengine_prepare.py | 17 ++++++++-----
.../general/scripts/gcp/deeplearning_configure.py | 3 ++-
.../src/general/scripts/gcp/jupyter_configure.py | 3 ++-
.../general/scripts/gcp/jupyterlab_configure.py | 3 ++-
.../src/general/scripts/gcp/project_prepare.py | 6 +++--
.../src/general/scripts/gcp/rstudio_configure.py | 3 ++-
.../src/general/scripts/gcp/ssn_prepare.py | 5 ++--
.../src/general/scripts/gcp/superset_configure.py | 3 ++-
.../scripts/gcp/tensor-rstudio_configure.py | 3 ++-
.../src/general/scripts/gcp/tensor_configure.py | 3 ++-
.../src/general/scripts/gcp/zeppelin_configure.py | 3 ++-
17 files changed, 77 insertions(+), 31 deletions(-)
diff --git a/infrastructure-provisioning/scripts/deploy_datalab.py b/infrastructure-provisioning/scripts/deploy_datalab.py
index f4587a8..8f55428 100644
--- a/infrastructure-provisioning/scripts/deploy_datalab.py
+++ b/infrastructure-provisioning/scripts/deploy_datalab.py
@@ -268,6 +268,9 @@ def build_parser():
gcp_parser.add_argument('--gcp_cmek_resource_name', type=str, default='',
help='customer managed encryption key resource name '
'e.g. projects/{project_name}/locations/{us}/keyRings/{keyring_name}/cryptoKeys/{key_name}')
+ gcp_parser.add_argument('--gcp_wrapped_csek', type=str, default='',
+ help='customer supplied encryption key for disk/image encryption in RFC 4648 base64 '
+ 'encoded, RSA-wrapped 2048-bit format as rsaEncryptedKey')
gcp_required_args = gcp_parser.add_argument_group('Required arguments')
gcp_required_args.add_argument('--gcp_region', type=str, required=True, help='GCP region')
diff --git a/infrastructure-provisioning/src/general/conf/datalab.ini b/infrastructure-provisioning/src/general/conf/datalab.ini
index 681384b..1ebe64c 100644
--- a/infrastructure-provisioning/src/general/conf/datalab.ini
+++ b/infrastructure-provisioning/src/general/conf/datalab.ini
@@ -236,6 +236,8 @@ block_project_ssh_keys = FALSE
bucket_enable_versioning = false
### gcp customer managed encryption key to use
cmek_resource_name = ''
+### gcp customer supplied wrapped encryption key to use
+gcp_wrapped_csek = ''
### GCP region name for whole DataLab provisioning
region = us-west1
### GCP zone name for whole DataLab provisioning
diff --git a/infrastructure-provisioning/src/general/lib/gcp/actions_lib.py b/infrastructure-provisioning/src/general/lib/gcp/actions_lib.py
index 9bec18a..53df959 100644
--- a/infrastructure-provisioning/src/general/lib/gcp/actions_lib.py
+++ b/infrastructure-provisioning/src/general/lib/gcp/actions_lib.py
@@ -274,7 +274,7 @@ class GCPActions:
file=sys.stdout)}))
traceback.print_exc(file=sys.stdout)
- def create_disk(self, instance_name, zone, size, secondary_image_name):
+ def create_disk(self, instance_name, zone, size, secondary_image_name, rsa_encrypted_csek=''):
try:
if secondary_image_name == 'None':
params = {"sizeGb": size, "name": instance_name + '-secondary',
@@ -283,6 +283,8 @@ class GCPActions:
params = {"sizeGb": size, "name": instance_name + '-secondary',
"type": "projects/{0}/zones/{1}/diskTypes/pd-ssd".format(self.project, zone),
"sourceImage": secondary_image_name}
+ if rsa_encrypted_csek:
+ params['diskEncryptionKey'] = {"rsaEncryptedKey": rsa_encrypted_csek}
request = self.service.disks().insert(project=self.project, zone=zone, body=params)
result = request.execute()
datalab.meta_lib.GCPMeta().wait_for_operation(result['name'], zone=zone)
@@ -324,7 +326,7 @@ class GCPActions:
network_tag, labels, static_ip='',
primary_disk_size='12', secondary_disk_size='30',
gpu_accelerator_type='None', gpu_accelerator_count='1',
- os_login_enabled='FALSE', block_project_ssh_keys='FALSE'):
+ os_login_enabled='FALSE', block_project_ssh_keys='FALSE', rsa_encrypted_csek=''):
key = RSA.importKey(open(ssh_key_path, 'rb').read())
ssh_key = key.publickey().exportKey("OpenSSH").decode('UTF-8')
unique_index = datalab.meta_lib.GCPMeta().get_index_by_service_account_name(service_account_name)
@@ -341,7 +343,7 @@ class GCPActions:
"natIP": static_ip
}]
if instance_class == 'notebook':
- GCPActions().create_disk(instance_name, zone, secondary_disk_size, secondary_image_name)
+ GCPActions().create_disk(instance_name, zone, secondary_disk_size, secondary_image_name, rsa_encrypted_csek)
disks = [
{
"name": instance_name,
@@ -371,7 +373,7 @@ class GCPActions:
}
]
elif instance_class == 'dataengine':
- GCPActions().create_disk(instance_name, zone, secondary_disk_size, secondary_image_name)
+ GCPActions().create_disk(instance_name, zone, secondary_disk_size, secondary_image_name, rsa_encrypted_csek)
disks = [{
"name": instance_name,
"tag_name": cluster_name + '-volume-primary',
@@ -411,6 +413,15 @@ class GCPActions:
"boot": 'true',
"mode": "READ_WRITE"
}]
+
+ if service_base_name in image_name and rsa_encrypted_csek:
+ for disk in disks:
+ disk["initializeParams"]["sourceImageEncryptionKey"] = {"rsaEncryptedKey": rsa_encrypted_csek}
+ disk["diskEncryptionKey"] = {"rsaEncryptedKey": rsa_encrypted_csek}
+ elif rsa_encrypted_csek:
+ for disk in disks:
+ disk["diskEncryptionKey"] = {"rsaEncryptedKey": rsa_encrypted_csek}
+
instance_params = {
"name": instance_name,
"machineType": "zones/{}/machineTypes/{}".format(zone, instance_size),
@@ -804,14 +815,21 @@ class GCPActions:
file=sys.stdout)}))
traceback.print_exc(file=sys.stdout)
- def create_image_from_instance_disks(self, primary_image_name, secondary_image_name, instance_name, zone, labels):
+ def create_image_from_instance_disks(self, primary_image_name, secondary_image_name, instance_name, zone, labels,
+ rsa_encrypted_csek=''):
primary_disk_name = "projects/{0}/zones/{1}/disks/{2}".format(self.project, zone, instance_name)
secondary_disk_name = "projects/{0}/zones/{1}/disks/{2}-secondary".format(self.project, zone, instance_name)
labels.update({"name": primary_image_name})
primary_params = {"name": primary_image_name, "sourceDisk": primary_disk_name, "labels": labels}
+ if rsa_encrypted_csek:
+ primary_params["imageEncryptionKey"] = {"rsaEncryptedKey": rsa_encrypted_csek}
+ primary_params["sourceDiskEncryptionKey"] = {"rsaEncryptedKey": rsa_encrypted_csek}
primary_request = self.service.images().insert(project=self.project, body=primary_params)
labels.update({"name": secondary_image_name})
secondary_params = {"name": secondary_image_name, "sourceDisk": secondary_disk_name, "labels": labels}
+ if rsa_encrypted_csek:
+ secondary_params["imageEncryptionKey"] = {"rsaEncryptedKey": rsa_encrypted_csek}
+ secondary_params["sourceDiskEncryptionKey"] = {"rsaEncryptedKey": rsa_encrypted_csek}
secondary_request = self.service.images().insert(project=self.project, body=secondary_params)
id_list=[]
try:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/common_create_instance.py b/infrastructure-provisioning/src/general/scripts/gcp/common_create_instance.py
index adf2bf5..1890c98 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/common_create_instance.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/common_create_instance.py
@@ -52,6 +52,7 @@ parser.add_argument('--cluster_name', type=str, default='')
parser.add_argument('--service_base_name', type=str, default='')
parser.add_argument('--os_login_enabled', type=str, default='FALSE')
parser.add_argument('--block_project_ssh_keys', type=str, default='FALSE')
+parser.add_argument('--rsa_encrypted_csek', type=str, default='')
args = parser.parse_args()
@@ -67,7 +68,8 @@ if __name__ == "__main__":
args.secondary_image_name, args.service_account_name, args.instance_class,
args.network_tag, json.loads(args.labels), args.static_ip,
args.primary_disk_size, args.secondary_disk_size, args.gpu_accelerator_type,
- args.gpu_accelerator_count, args.os_login_enabled, args.block_project_ssh_keys)
+ args.gpu_accelerator_count, args.os_login_enabled, args.block_project_ssh_keys,
+ args.rsa_encrypted_csek)
else:
parser.print_help()
sys.exit(2)
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/common_create_notebook_image.py b/infrastructure-provisioning/src/general/scripts/gcp/common_create_notebook_image.py
index 1be0d2e..25c8a54 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/common_create_notebook_image.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/common_create_notebook_image.py
@@ -60,16 +60,18 @@ if __name__ == "__main__":
"image": image_conf['image_name'],
os.environ['conf_billing_tag_key']: os.environ['conf_billing_tag_value']}
image_conf['instance_name'] = '{0}-{1}-{2}-nb-{3}'.format(image_conf['service_base_name'],
- image_conf['project_name'],
- image_conf['endpoint_name'],
- image_conf['exploratory_name'])
+ image_conf['project_name'],
+ image_conf['endpoint_name'],
+ image_conf['exploratory_name'])
+
image_conf['zone'] = os.environ['gcp_zone']
logging.info('[CREATING IMAGE]')
primary_image_id = GCPMeta.get_image_by_name(image_conf['expected_primary_image_name'])
if primary_image_id == '':
image_id_list = GCPActions.create_image_from_instance_disks(
image_conf['expected_primary_image_name'], image_conf['expected_secondary_image_name'],
- image_conf['instance_name'], image_conf['zone'], image_conf['image_labels'])
+ image_conf['instance_name'], image_conf['zone'], image_conf['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/common_prepare_notebook.py b/infrastructure-provisioning/src/general/scripts/gcp/common_prepare_notebook.py
index 4b8c104..6d8e3d3 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/common_prepare_notebook.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/common_prepare_notebook.py
@@ -150,6 +150,7 @@ if __name__ == "__main__":
notebook_config['gcp_os_login_enabled'] = os.environ['gcp_os_login_enabled']
notebook_config['gcp_block_project_ssh_keys'] = os.environ['gcp_block_project_ssh_keys']
+ notebook_config['gcp_wrapped_csek'] = os.environ['gcp_wrapped_csek']
notebook_config['gpu_accelerator_type'] = 'None'
notebook_config['gpu_accelerator_count'] = 'None'
@@ -194,8 +195,9 @@ if __name__ == "__main__":
params = "--instance_name {0} --region {1} --zone {2} --vpc_name {3} --subnet_name {4} --instance_size {5} " \
"--ssh_key_path {6} --initial_user {7} --service_account_name {8} --image_name {9} " \
"--secondary_image_name {10} --instance_class {11} --primary_disk_size {12} " \
- "--secondary_disk_size {13} --gpu_accelerator_type {14} --gpu_accelerator_count {15} --network_tag {16} --labels '{17}' " \
- "--service_base_name {18} --os_login_enabled {19} --block_project_ssh_keys {20}".\
+ "--secondary_disk_size {13} --gpu_accelerator_type {14} --gpu_accelerator_count {15} " \
+ "--network_tag {16} --labels '{17}' --service_base_name {18} --os_login_enabled {19} " \
+ "--block_project_ssh_keys {20} --rsa_encrypted_csek '{21}'".\
format(notebook_config['instance_name'], notebook_config['region'], notebook_config['zone'],
notebook_config['vpc_name'], notebook_config['subnet_name'], notebook_config['instance_size'],
notebook_config['ssh_key_path'], notebook_config['initial_user'],
@@ -204,7 +206,8 @@ if __name__ == "__main__":
notebook_config['secondary_disk_size'], notebook_config['gpu_accelerator_type'],
notebook_config['gpu_accelerator_count'], notebook_config['network_tag'],
json.dumps(notebook_config['labels']), notebook_config['service_base_name'],
- notebook_config['gcp_os_login_enabled'], notebook_config['gcp_block_project_ssh_keys'])
+ notebook_config['gcp_os_login_enabled'], notebook_config['gcp_block_project_ssh_keys'],
+ notebook_config['gcp_wrapped_csek'])
try:
subprocess.run("~/scripts/{}.py {}".format('common_create_instance', params), shell=True, check=True)
except:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/dataengine_prepare.py b/infrastructure-provisioning/src/general/scripts/gcp/dataengine_prepare.py
index 078f442..d2cd931 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/dataengine_prepare.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/dataengine_prepare.py
@@ -100,6 +100,7 @@ if __name__ == "__main__":
data_engine['gcp_os_login_enabled'] = os.environ['gcp_os_login_enabled']
data_engine['gcp_block_project_ssh_keys'] = os.environ['gcp_block_project_ssh_keys']
+ data_engine['gcp_wrapped_csek'] = os.environ['gcp_wrapped_csek']
data_engine['cluster_name'] = "{}-{}-{}-de-{}".format(data_engine['service_base_name'],
data_engine['project_name'],
data_engine['endpoint_name'],
@@ -191,8 +192,9 @@ if __name__ == "__main__":
params = "--instance_name {0} --region {1} --zone {2} --vpc_name {3} --subnet_name {4} --instance_size {5} " \
"--ssh_key_path {6} --initial_user {7} --service_account_name {8} --image_name {9} " \
"--secondary_image_name {10} --instance_class {11} --primary_disk_size {12} " \
- "--secondary_disk_size {13} --gpu_accelerator_type {14} --gpu_accelerator_count {15} --network_tag {16} --cluster_name {17} " \
- "--labels '{18}' --service_base_name {19} --os_login_enabled {20} --block_project_ssh_keys {21}". \
+ "--secondary_disk_size {13} --gpu_accelerator_type {14} --gpu_accelerator_count {15} " \
+ "--network_tag {16} --cluster_name {17} --labels '{18}' --service_base_name {19} " \
+ "--os_login_enabled {20} --block_project_ssh_keys {21} --rsa_encrypted_csek '{22}'". \
format(data_engine['master_node_name'], data_engine['region'], data_engine['zone'], data_engine['vpc_name'],
data_engine['subnet_name'], data_engine['master_size'], data_engine['ssh_key_path'], initial_user,
data_engine['dataengine_service_account_name'], data_engine['primary_image_name'],
@@ -200,7 +202,8 @@ if __name__ == "__main__":
data_engine['secondary_disk_size'], data_engine['gpu_master_accelerator_type'],
data_engine['gpu_master_accelerator_count'], data_engine['network_tag'], data_engine['cluster_name'],
json.dumps(data_engine['master_labels']), data_engine['service_base_name'],
- data_engine['gcp_os_login_enabled'], data_engine['gcp_block_project_ssh_keys'])
+ data_engine['gcp_os_login_enabled'], data_engine['gcp_block_project_ssh_keys'],
+ data_engine['gcp_wrapped_csek'])
try:
subprocess.run("~/scripts/{}.py {}".format('common_create_instance', params), shell=True, check=True)
except:
@@ -218,8 +221,9 @@ if __name__ == "__main__":
params = "--instance_name {0} --region {1} --zone {2} --vpc_name {3} --subnet_name {4} " \
"--instance_size {5} --ssh_key_path {6} --initial_user {7} --service_account_name {8} " \
"--image_name {9} --secondary_image_name {10} --instance_class {11} --primary_disk_size {12} " \
- "--secondary_disk_size {13} --gpu_accelerator_type {14} --gpu_accelerator_count {15} --network_tag {16} --cluster_name {17} " \
- "--labels '{18}' --service_base_name {19} --os_login_enabled {20} --block_project_ssh_keys {21}". \
+ "--secondary_disk_size {13} --gpu_accelerator_type {14} --gpu_accelerator_count {15} " \
+ "--network_tag {16} --cluster_name {17} --labels '{18}' --service_base_name {19} " \
+ "--os_login_enabled {20} --block_project_ssh_keys {21} --rsa_encrypted_csek '{22}'". \
format(slave_name, data_engine['region'], data_engine['zone'],
data_engine['vpc_name'], data_engine['subnet_name'], data_engine['slave_size'],
data_engine['ssh_key_path'], initial_user, data_engine['dataengine_service_account_name'],
@@ -228,7 +232,8 @@ if __name__ == "__main__":
data_engine['secondary_disk_size'], data_engine['gpu_slave_accelerator_type'],
data_engine['gpu_slave_accelerator_count'], data_engine['network_tag'],
data_engine['cluster_name'], json.dumps(data_engine['slave_labels']),
- data_engine['service_base_name'], data_engine['gcp_os_login_enabled'], data_engine['gcp_block_project_ssh_keys'])
+ data_engine['service_base_name'], data_engine['gcp_os_login_enabled'],
+ data_engine['gcp_block_project_ssh_keys'], data_engine['gcp_wrapped_csek'])
try:
subprocess.run("~/scripts/{}.py {}".format('common_create_instance', params), shell=True, check=True)
except:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/deeplearning_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/deeplearning_configure.py
index be615de..6c3258d 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/deeplearning_configure.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/deeplearning_configure.py
@@ -208,7 +208,8 @@ if __name__ == "__main__":
logging.info("Looks like it's first time we configure notebook server. Creating images.")
image_id_list = GCPActions.create_image_from_instance_disks(
notebook_config['expected_primary_image_name'], notebook_config['expected_secondary_image_name'],
- notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'])
+ notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/jupyter_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/jupyter_configure.py
index 9a85703..05d7c51 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/jupyter_configure.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/jupyter_configure.py
@@ -210,7 +210,8 @@ if __name__ == "__main__":
logging.info("Looks like it's first time we configure notebook server. Creating images.")
image_id_list = GCPActions.create_image_from_instance_disks(
notebook_config['expected_primary_image_name'], notebook_config['expected_secondary_image_name'],
- notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'])
+ notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/jupyterlab_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/jupyterlab_configure.py
index 100999a..d85930d 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/jupyterlab_configure.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/jupyterlab_configure.py
@@ -208,7 +208,8 @@ if __name__ == "__main__":
logging.info("Looks like it's first time we configure notebook server. Creating images.")
image_id_list = GCPActions.create_image_from_instance_disks(
notebook_config['expected_primary_image_name'], notebook_config['expected_secondary_image_name'],
- notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'])
+ notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/project_prepare.py b/infrastructure-provisioning/src/general/scripts/gcp/project_prepare.py
index 56591cf..446c8e6 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/project_prepare.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/project_prepare.py
@@ -513,6 +513,7 @@ if __name__ == "__main__":
project_conf['gcp_os_login_enabled'] = os.environ['gcp_os_login_enabled']
project_conf['gcp_block_project_ssh_keys'] = os.environ['gcp_block_project_ssh_keys']
+ project_conf['gcp_wrapped_csek'] = os.environ['gcp_wrapped_csek']
try:
project_conf['static_ip'] = \
@@ -521,13 +522,14 @@ if __name__ == "__main__":
params = "--instance_name {} --region {} --zone {} --vpc_name {} --subnet_name {} --instance_size {} " \
"--ssh_key_path {} --initial_user {} --service_account_name {} --image_name {} --instance_class {} " \
"--static_ip {} --network_tag {} --labels '{}' --service_base_name {} --os_login_enabled {} " \
- "--block_project_ssh_keys {}".format(
+ "--block_project_ssh_keys {} --rsa_encrypted_csek '{}'".format(
project_conf['instance_name'], project_conf['region'], project_conf['zone'], project_conf['vpc_name'],
project_conf['subnet_name'], project_conf['instance_size'], project_conf['ssh_key_path'],
project_conf['initial_user'], project_conf['edge_service_account_name'], project_conf['image_name'],
'edge', project_conf['static_ip'], project_conf['network_tag'],
json.dumps(project_conf['instance_labels']), project_conf['service_base_name'],
- project_conf['gcp_os_login_enabled'], project_conf['gcp_block_project_ssh_keys'])
+ project_conf['gcp_os_login_enabled'], project_conf['gcp_block_project_ssh_keys'],
+ project_conf['gcp_wrapped_csek'])
try:
subprocess.run("~/scripts/{}.py {}".format('common_create_instance', params), shell=True, check=True)
except:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/rstudio_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/rstudio_configure.py
index dae62df..f1ae637 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/rstudio_configure.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/rstudio_configure.py
@@ -212,7 +212,8 @@ if __name__ == "__main__":
logging.info("Looks like it's first time we configure notebook server. Creating images.")
image_id_list = GCPActions.create_image_from_instance_disks(
notebook_config['expected_primary_image_name'], notebook_config['expected_secondary_image_name'],
- notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'])
+ notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/ssn_prepare.py b/infrastructure-provisioning/src/general/scripts/gcp/ssn_prepare.py
index f485a51..54fddef 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/ssn_prepare.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/ssn_prepare.py
@@ -73,6 +73,7 @@ if __name__ == "__main__":
ssn_conf['allowed_ip_cidr'] = os.environ['conf_allowed_ip_cidr']
ssn_conf['gcp_os_login_enabled'] = os.environ['gcp_os_login_enabled']
ssn_conf['gcp_block_project_ssh_keys'] = os.environ['gcp_block_project_ssh_keys']
+ ssn_conf['gcp_wrapped_csek'] = os.environ['gcp_wrapped_csek']
except Exception as err:
datalab.fab.append_result("Failed to generate variables dictionary.", str(err))
@@ -269,13 +270,13 @@ if __name__ == "__main__":
" --ssh_key_path {6} --initial_user {7} --service_account_name {8} --image_name {9}"\
" --instance_class {10} --static_ip {11} --network_tag {12} --labels '{13}' " \
"--primary_disk_size {14} --service_base_name {15} --os_login_enabled {16} " \
- "--block_project_ssh_keys {17}".\
+ "--block_project_ssh_keys {17} --rsa_encrypted_csek '{18}'".\
format(ssn_conf['instance_name'], ssn_conf['region'], ssn_conf['zone'], ssn_conf['vpc_name'],
ssn_conf['subnet_name'], ssn_conf['instance_size'], ssn_conf['ssh_key_path'],
ssn_conf['initial_user'], ssn_conf['service_account_name'], ssn_conf['image_name'], 'ssn',
ssn_conf['static_ip'], ssn_conf['network_tag'], json.dumps(ssn_conf['instance_labels']), '20',
ssn_conf['service_base_name'], ssn_conf['gcp_os_login_enabled'],
- ssn_conf['gcp_block_project_ssh_keys'])
+ ssn_conf['gcp_block_project_ssh_keys'], ssn_conf['gcp_wrapped_csek'])
try:
subprocess.run("~/scripts/{}.py {}".format('common_create_instance', params), shell=True, check=True)
except:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/superset_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/superset_configure.py
index 709a534..8680bee 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/superset_configure.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/superset_configure.py
@@ -254,7 +254,8 @@ if __name__ == "__main__":
logging.info("Looks like it's first time we configure notebook server. Creating images.")
image_id_list = GCPActions.create_image_from_instance_disks(
notebook_config['expected_primary_image_name'], notebook_config['expected_secondary_image_name'],
- notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'])
+ notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/tensor-rstudio_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/tensor-rstudio_configure.py
index a1a990d..d29af7b 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/tensor-rstudio_configure.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/tensor-rstudio_configure.py
@@ -214,7 +214,8 @@ if __name__ == "__main__":
logging.info("Looks like it's first time we configure notebook server. Creating images.")
image_id_list = GCPActions.create_image_from_instance_disks(
notebook_config['expected_primary_image_name'], notebook_config['expected_secondary_image_name'],
- notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'])
+ notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/tensor_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/tensor_configure.py
index dd67bfa..4c3dfec 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/tensor_configure.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/tensor_configure.py
@@ -219,7 +219,8 @@ if __name__ == "__main__":
logging.info("Looks like it's first time we configure notebook server. Creating images.")
image_id_list = GCPActions.create_image_from_instance_disks(
notebook_config['expected_primary_image_name'], notebook_config['expected_secondary_image_name'],
- notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'])
+ notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
diff --git a/infrastructure-provisioning/src/general/scripts/gcp/zeppelin_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/zeppelin_configure.py
index 78a96a1..5bdc344 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/zeppelin_configure.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/zeppelin_configure.py
@@ -219,7 +219,8 @@ if __name__ == "__main__":
logging.info("Looks like it's first time we configure notebook server. Creating images.")
image_id_list = GCPActions.create_image_from_instance_disks(
notebook_config['expected_primary_image_name'], notebook_config['expected_secondary_image_name'],
- notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'])
+ notebook_config['instance_name'], notebook_config['zone'], notebook_config['image_labels'],
+ os.environ['gcp_wrapped_csek'])
if image_id_list and image_id_list[0] != '':
logging.info("Image of primary disk was successfully created. It's ID is {}".format(image_id_list[0]))
else:
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@datalab.apache.org
For additional commands, e-mail: commits-help@datalab.apache.org