New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support EBS encryption in BlockDeviceType. #2587

Merged
merged 1 commit into from Sep 2, 2014

Conversation

Projects
None yet
3 participants
@jcrobak
Contributor

jcrobak commented Sep 2, 2014

Support an optional configuration of ebs encryption in the
BlockDeviceType (which is used to build a BlockDeviceMapping).

The encrypted flag is optional (defaulting to None), as the AWS
API doesn't support any value for this flag for the root device
of a new instance.

Related to: #2480

Joe Crobak
Support EBS encryption in BlockDeviceType.
Support an optional configuration of ebs encryption in the
BlockDeviceType (which is used to build a BlockDeviceMapping).

The encrypted flag is optional (defaulting to `None`), as the AWS
API doesn't support any value for this flag for the root device
of a new instance.

@danielgtaylor danielgtaylor self-assigned this Sep 2, 2014

@danielgtaylor

This comment has been minimized.

Show comment
Hide comment
@danielgtaylor

danielgtaylor Sep 2, 2014

Member

This looks great, thanks for taking the time to fix up the tests! 👍

Member

danielgtaylor commented Sep 2, 2014

This looks great, thanks for taking the time to fix up the tests! 👍

danielgtaylor added a commit that referenced this pull request Sep 2, 2014

Merge pull request #2587 from jcrobak/block-device-mapping-ebs-encrypted
Support EBS encryption in BlockDeviceType. Fixes #2587, #2480.

@danielgtaylor danielgtaylor merged commit 7a39741 into boto:develop Sep 2, 2014

1 check passed

continuous-integration/travis-ci The Travis CI build passed
Details
@cariaso

This comment has been minimized.

Show comment
Hide comment
@cariaso

cariaso Oct 23, 2014

Contributor

throws a <Response><Errors><Error><Code>InvalidParameter</Code><Message>Parameter encrypted is invalid. You cannot specify the encrypted flag if specifying a snapshot id in a block device mapping.</Message>
as block_dev.encrypted is False but is not None. Removing the else on 162 and 163 resolves it for me

Contributor

cariaso commented on boto/ec2/blockdevicemapping.py in 2e771c1 Oct 23, 2014

throws a <Response><Errors><Error><Code>InvalidParameter</Code><Message>Parameter encrypted is invalid. You cannot specify the encrypted flag if specifying a snapshot id in a block device mapping.</Message>
as block_dev.encrypted is False but is not None. Removing the else on 162 and 163 resolves it for me

This comment has been minimized.

Show comment
Hide comment
@jcrobak

jcrobak Oct 24, 2014

Contributor

IIUC, you should be able to say BlockDeviceMapping(encrypted=None,snapshot_id=some_snapshot_id, ...). Does that not work? If not, do you know where the encrypted flag is being set to a not-None value?

Contributor

jcrobak replied Oct 24, 2014

IIUC, you should be able to say BlockDeviceMapping(encrypted=None,snapshot_id=some_snapshot_id, ...). Does that not work? If not, do you know where the encrypted flag is being set to a not-None value?

This comment has been minimized.

Show comment
Hide comment
@cariaso

cariaso Oct 24, 2014

Contributor

Here is the relevant code. Perhaps you'll see a better way?

from boto.ec2.blockdevicemapping import BlockDeviceType, BlockDeviceMapping

image1 = ec2.get_image(image_id)
mapping = image1.block_device_mapping

if '/dev/xvda' in mapping:
    mapping['/dev/xvda'].volume_type = 'gp2'
else:
    mapping['/dev/sda1'].volume_type = 'gp2'

eph0 = BlockDeviceType()
eph1 = BlockDeviceType()
eph0.ephemeral_name = 'ephemeral0'
eph1.ephemeral_name = 'ephemeral1'
mapping['/dev/sdb'] = eph0
mapping['/dev/sdc'] = eph1

reservation = ec2.run_instances(
    image_id=image_id,
    instance_type=instance_type,
    key_name=keypairname,
    placement=placement,
    block_device_map=mapping,
    network_interfaces=interfaces,
    instance_profile_name='webserverrole',
)
Contributor

cariaso replied Oct 24, 2014

Here is the relevant code. Perhaps you'll see a better way?

from boto.ec2.blockdevicemapping import BlockDeviceType, BlockDeviceMapping

image1 = ec2.get_image(image_id)
mapping = image1.block_device_mapping

if '/dev/xvda' in mapping:
    mapping['/dev/xvda'].volume_type = 'gp2'
else:
    mapping['/dev/sda1'].volume_type = 'gp2'

eph0 = BlockDeviceType()
eph1 = BlockDeviceType()
eph0.ephemeral_name = 'ephemeral0'
eph1.ephemeral_name = 'ephemeral1'
mapping['/dev/sdb'] = eph0
mapping['/dev/sdc'] = eph1

reservation = ec2.run_instances(
    image_id=image_id,
    instance_type=instance_type,
    key_name=keypairname,
    placement=placement,
    block_device_map=mapping,
    network_interfaces=interfaces,
    instance_profile_name='webserverrole',
)

This comment has been minimized.

Show comment
Hide comment
@jcrobak

jcrobak Oct 25, 2014

Contributor

Ah, so a mapping returned from the AMI ha the encrypted field specified, but you're not allowed to specify it when creating a new instance. I guess you either need to mutate the mapping (e.g. for dev in mapping.values(): dev.encrypted = None) or create a new copy of the mapping and only copy over the parts you care about (e.g. new_mapping = dict(name, BlockDeviceMapping(snapshot_id=dev.snapshot_id, volume_type=dev.volume_type, ...) for name, dev in mapping.iteritems())

Contributor

jcrobak replied Oct 25, 2014

Ah, so a mapping returned from the AMI ha the encrypted field specified, but you're not allowed to specify it when creating a new instance. I guess you either need to mutate the mapping (e.g. for dev in mapping.values(): dev.encrypted = None) or create a new copy of the mapping and only copy over the parts you care about (e.g. new_mapping = dict(name, BlockDeviceMapping(snapshot_id=dev.snapshot_id, volume_type=dev.volume_type, ...) for name, dev in mapping.iteritems())

This comment has been minimized.

Show comment
Hide comment
@cariaso

cariaso Oct 29, 2014

Contributor

I've updated my code to explicitly set
mapping['/dev/sda1'].encrypted = None
and this is here as a record of an acceptable, but unexpected change in behavior.
I consider this closed. thanks.

Contributor

cariaso replied Oct 29, 2014

I've updated my code to explicitly set
mapping['/dev/sda1'].encrypted = None
and this is here as a record of an acceptable, but unexpected change in behavior.
I consider this closed. thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment