CloudyScripts 2.14.52 → 2.14.54

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2010-2011 SecludIT (http://secludit.com)
+Copyright (c) 2010-2012 SecludIT (http://secludit.com)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 

data/README.rdoc

@@ -19,9 +19,13 @@
 # =Scripts
 # Here are the scripts implemented so far:
 # * #DmEncrypt (encrypt Amazon EBS Storage using dm-encrypt)
+# * #CopyAmi (copy Amazon AMI between Regions)
+# * #CopySnapshot (copy Amazon Snapshot between Regions)
+# * #Ami2EbsConversion (create an EBS-Backed Amazon AMI from an Instance-Store Amazon AMI)
+# * #CriticalPortsAudit (check Amazon SecurityGroups for publicly opened critical ports)
+# * #OpenPortChecker (check Amazon SecurityGroups and Instances to found opened port without service running behind)
 #
 # =Questions and Suggestions
-# Matthias Jung
-# matthias.jung@gmail.com
+# Frederic Donnat
+# frederic.donnat@secludit.com
 # http://elastic-security.com
-

data/Rakefile

@@ -12,7 +12,7 @@ require 'rake/testtask'
 
 spec = Gem::Specification.new do |s|
   s.name = 'CloudyScripts'
-  s.version = '2.14.52' #<number cloud-stacks supported>.<number cloud-scripts>.<counting releases>
+  s.version = '2.14.54' #<number cloud-stacks supported>.<number cloud-scripts>.<counting releases>
   s.has_rdoc = true
   s.extra_rdoc_files = ['README.rdoc', 'LICENSE']
   s.summary = 'Scripts to facilitate programming for infrastructure clouds.'

data/lib/help/remote_command_handler.rb

@@ -43,9 +43,10 @@ class RemoteCommandHandler
   # * ip: ip address of the machine to connect to
   # * user: user name
   # * key_data: key_data to be used for authentication
+  # NB: set paranoid to false in order to avoid server key verification, thus avoiding probleme when IP are reused
   def connect(ip, user, key_data, timeout = 30)
     @use_sudo = false
-    @ssh_session = Net::SSH.start(ip, user, :key_data => [key_data], :timeout => timeout, :verbose => :warn)
+    @ssh_session = Net::SSH.start(ip, user, :key_data => [key_data], :timeout => timeout, :paranoid => false, :verbose => :warn)
     @use_sudo = true unless user.strip == 'root'
   end
 

data/lib/help/state_transition_helper.rb

@@ -178,7 +178,7 @@ module StateTransitionHelper
       @logger.debug "start instance #{instance_id}"
       ec2_handler().start_instances(:instance_id => instance_id)
     end
-      while timeout > 0 && !done
+    while timeout > 1 && !done
       res = ec2_handler().describe_instances(:instance_id => instance_id)
       state = res['reservationSet']['item'][0]['instancesSet']['item'][0]['instanceState']
       @logger.debug "instance in state '#{state['name']}' (#{state['code']})"
@@ -208,6 +208,36 @@ module StateTransitionHelper
     post_message("#{msg}")
     return instance_id, dns_name
   end
+
+  def describe_instance(instance_id)
+    res = ec2_handler.describe_instances(:instance_id => instance_id)
+    state = res['reservationSet']['item'][0]['instancesSet']['item'][0]['instanceState']
+    @logger.info "instance is in state #{state['name']} (#{state['code']})"
+    dns_name = ""
+    availability_zone = ""
+    kernel_id = ""
+    ramdisk_id = ""
+    architecture = ""
+    root_device_name = ""
+    if state['code'].to_i == 16
+      started = true
+      post_message("instance is up and running")
+      dns_name = res['reservationSet']['item'][0]['instancesSet']['item'][0]['dnsName']
+      availability_zone = res['reservationSet']['item'][0]['instancesSet']['item'][0]['placement']['availabilityZone']
+      kernel_id = res['reservationSet']['item'][0]['instancesSet']['item'][0]['kernelId']
+      ramdisk_id = res['reservationSet']['item'][0]['instancesSet']['item'][0]['ramdiskId']
+      architecture = res['reservationSet']['item'][0]['instancesSet']['item'][0]['architecture']
+      root_device_name = res['reservationSet']['item'][0]['instancesSet']['item'][0]['rootDeviceName']
+    else
+      post_message("instance is not up and running: code #{state['code'].to_i}")
+      availability_zone = res['reservationSet']['item'][0]['instancesSet']['item'][0]['placement']['availabilityZone']
+      kernel_id = res['reservationSet']['item'][0]['instancesSet']['item'][0]['kernelId']
+      ramdisk_id = res['reservationSet']['item'][0]['instancesSet']['item'][0]['ramdiskId']
+      architecture = res['reservationSet']['item'][0]['instancesSet']['item'][0]['architecture']
+      root_device_name = res['reservationSet']['item'][0]['instancesSet']['item'][0]['rootDeviceName']
+    end
+    return instance_id, dns_name, availability_zone, kernel_id, ramdisk_id, architecture, root_device_name
+  end
    
   # Shuts down an instance.
   # Input Parameters:
@@ -1175,6 +1205,16 @@ module StateTransitionHelper
     return region
   end
 
+  # Check if string is not more than 255 character and contains wide char
+  def check_string_alnum(str)
+    if str.match(/^[0-9a-z\-\_\ ]{1,255}$/i)
+      return 0
+    else
+      return 1
+    end
+    return 1
+  end
+
   #setting/retrieving handlers
 
   def remote_handler()

data/lib/scripts/ec2/check_cloudyscripts.rb

@@ -0,0 +1,142 @@
+require "help/script_execution_state"
+require "scripts/ec2/ec2_script"
+require "help/remote_command_handler"
+require "help/dm_crypt_helper"
+require "help/ec2_helper"
+require "AWS"
+
+# Goal: check internal piece of CloudyScripts without launching the full scripts
+#
+
+class CheckCloudyScripts < Ec2Script
+  
+  def initialize(input_params)
+    super(input_params)
+  end
+
+  def check_input_parameters()
+    if @input_params[:ami_id] == nil && !(@input_params[:ami_id] =~ /^ami-.*$/)
+      raise Exception.new("Invalid AMI ID specified: #{@input_params[:ami_id]}")
+    end
+    ec2_helper = Ec2Helper.new(@input_params[:ec2_api_handler])
+    if ec2_helper.ami_prop(@input_params[:ami_id], 'rootDeviceType') != "ebs"
+      raise Exception.new("must be an EBS type image")
+    end
+    local_ec2_helper = ec2_helper
+    if !local_ec2_helper.check_open_port('default', 22)
+      raise Exception.new("Port 22 must be opened for security group 'default' to connect via SSH in source-region")
+    end
+    remote_ec2_helper = Ec2Helper.new(@input_params[:target_ec2_handler])
+    if !remote_ec2_helper.check_open_port('default', 22)
+      raise Exception.new("Port 22 must be opened for security group 'default' to connect via SSH in target-region")
+    end
+    if @input_params[:root_device_name] == nil
+      @input_params[:root_device_name] = "/dev/sda1"
+    end
+    if @input_params[:temp_device_name] == nil
+      @input_params[:temp_device_name] = "/dev/sdj"
+    end
+    if @input_params[:source_ssh_username] == nil
+      @input_params[:source_ssh_username] = "root"
+    end
+    if @input_params[:target_ssh_username] == nil
+      @input_params[:target_ssh_username] = "root"
+    end
+  end
+
+  # Load the initial state for the script.
+  # Abstract method to be implemented by extending classes.
+  def load_initial_state()
+    CheckCloudyScriptsState.load_state(@input_params)
+  end
+
+  private
+
+  # Here begins the state machine implementation
+  class CheckCloudyScriptsState < ScriptExecutionState
+
+    def self.load_state(context)
+      InitialState.new(context)
+    end
+
+    def local_region
+      self.ec2_handler=(@context[:ec2_api_handler])
+    end
+
+    def remote_region
+      self.ec2_handler=(@context[:target_ec2_handler])
+    end
+  end
+
+  # Initial state: start up AMI in source region
+  class InitialState < CheckCloudyScriptsState
+    def enter()
+      post_message("INFO: Entering InitialState...")
+
+      #@context[:source_instance_id], @context[:source_dns_name], @context[:source_availability_zone], 
+      #  @context[:kernel_id], @context[:ramdisk_id], @context[:architecture], @context[:root_device_name] =
+      #  launch_instance(@context[:ami_id], @context[:source_key_name], "default")
+      start_instance(@context[:source_instance_id])
+      res = describe_instance(@context[:source_instance_id])
+      puts "DEBUG: instance: #{res.inspect}"
+      #@context[:source_instance_id] = "i-0a663643" 
+      @context[:source_dns_name] = res[1]
+      @context[:source_availability_zone] = res[2]
+      @context[:kernel_id] = res[3]
+      @context[:ramdisk_id] = res[4]
+      @context[:architecture] = res[5]
+      @context[:root_device_name] = res[6]
+
+      ec2_helper = Ec2Helper.new(@context[:ec2_api_handler])
+      puts "DEBUG: get_attached returns: #{ec2_helper.get_attached_volumes(@context[:source_instance_id]).inspect}"
+      @context[:ebs_volume_id] = ec2_helper.get_attached_volumes(@context[:source_instance_id])[0]['volumeId']#TODO: what when more root devices?
+
+      CSTestingState.new(@context)
+    end
+  end
+
+  # Snapshot is created from the AMI. Create a volume from the snapshot, attach and mount the volume as second device.
+  class CSTestingState < CheckCloudyScriptsState
+    def enter()
+      post_message("INFO: Entering CSTestingState...")
+
+      #@context[:source_volume_id] = create_volume_from_snapshot(@context[:snapshot_id],
+      #  @context[:source_availability_zone])
+      @context[:source_volume_id] = "vol-6eb34b06" 
+
+      device = @context[:temp_device_name]
+      mount_point = "/mnt/tmp_#{@context[:source_volume_id]}"
+      attach_volume(@context[:source_volume_id], @context[:source_instance_id], device)
+      connect(@context[:source_dns_name], @context[:source_ssh_username], nil, @context[:source_ssh_keydata]) 
+      # detect if there is a shift for device mapping (between AWS and the operating system of the system)
+      root_device_name = get_root_device_name()
+      # detect letters
+      aws_root_device = @context[:root_device_name]
+      aws_letter = aws_root_device.split('/')[2].gsub('sd', '').gsub('xvd', '').gsub(/[0-9]/, '')
+      os_letter = root_device_name.split('/')[2].gsub('sd', '').gsub('xvd', '').gsub(/[0-9]/, '')
+      aws_device_letter = device.split('/')[2].gsub('sd', '').gsub('xvd', '').gsub(/[0-9]/, '')
+      puts "DEBUG: AWS info: #{aws_root_device}, #{aws_letter}"
+      puts "DEBUG: OS info: #{root_device_name}, #{os_letter}"
+      if !aws_letter.eql?(os_letter)
+        post_message("Detected specific kernel with shift between AWS and Kernel OS for device naming")
+        puts "Detected specific kernel with shift between AWS and Kernel OS for device naming (#{aws_root_device} vs #{root_device_name})"
+      end
+      while !aws_letter.eql?(os_letter)
+        aws_letter.succ!
+        aws_device_letter.succ!
+      end
+      device = "/dev/sd#{aws_device_letter}" 
+      post_message("Using AWS name '#{@context[:temp_device_name]}' and OS name '#{device}'")
+      puts "Using AWS name '#{@context[:temp_device_name]}' and OS name '#{device}'"
+      mount_fs(mount_point, device)
+      # get root partition label and filesystem type
+      #@context[:label] = get_root_partition_label()
+      #@context[:fs_type] = get_root_partition_fs_type()
+      @context[:fs_type], @context[:label] = get_root_partition_fs_type_and_label()
+      disconnect()
+
+      Done.new()
+    end
+  end
+
+end

data/lib/scripts/ec2/copy_ami.rb

@@ -65,6 +65,9 @@ class CopyAmi < Ec2Script
     if @input_params[:target_ssh_username] == nil
       @input_params[:target_ssh_username] = "root"
     end
+    if @input_params[:description] == nil || check_string_alnum(@input_params[:description])
+      @input_params[:description] = "Created by Cloudy_Scripts - copy_ami"
+    end
   end
 
   # Load the initial state for the script.
@@ -230,7 +233,8 @@ class CopyAmi < Ec2Script
   class DataCopiedState < CopyAmiState
     def enter()
       remote_region()
-      @context[:new_snapshot_id] = create_snapshot(@context[:target_volume_id], "Created by Cloudy_Scripts - copy_snapshot")
+      #@context[:new_snapshot_id] = create_snapshot(@context[:target_volume_id], "Created by Cloudy_Scripts - copy_ami")
+      @context[:new_snapshot_id] = create_snapshot(@context[:target_volume_id], @context[:description])
       TargetSnapshotCreatedState.new(@context)
     end
   end

data/lib/scripts/ec2/copy_mswindows_ami.rb

@@ -102,6 +102,9 @@ class CopyMsWindowsAmi < Ec2Script
     if @input_params[:fs_type] == nil
       @input_params[:fs_type] = "ext3"
     end
+    if @input_params[:description] == nil || check_string_alnum(@input_params[:description])
+      @input_params[:description] = "Created by Cloudy_Scripts - copy_mswindows_ami"
+    end
   end
 
   # Load the initial state for the script.

data/lib/scripts/ec2/copy_mswindows_snapshot.rb

@@ -4,7 +4,7 @@ require "help/remote_command_handler"
 require "help/dm_crypt_helper"
 require "help/ec2_helper"
 require "AWS"
-require 'pp'
+#require 'pp'
 
 # Copy a given snapshot to another region
 # * start up instance in source-region, create a snapshot from the mounted EBS
@@ -83,6 +83,9 @@ class CopyMsWindowsSnapshot < Ec2Script
     if @input_params[:fs_type] == nil
       @input_params[:fs_type] = "ext3"
     end
+    if @input_params[:description] == nil || check_string_alnum(@input_params[:description])
+      @input_params[:description] = "Created by Cloudy_Scripts - copy_mswindows_snapshot"
+    end
   end
 
   # Load the initial state for the script.
@@ -122,7 +125,7 @@ class CopyMsWindowsSnapshot < Ec2Script
       local_region()
       post_message("Retrieving Snapshot parammeters (volume size)")
       @context[:volume_size] = @local_ec2_helper.snapshot_prop(@context[:snapshot_id], :volumeSize).to_i
-  
+ 
       InitialStateDone.new(@context)
     end
   end
@@ -131,7 +134,7 @@ class CopyMsWindowsSnapshot < Ec2Script
   class InitialStateDone < CopyMsWindowsSnapshotState 
     def enter()
       local_region()
-      post_mesage("Lunching an Helper instance in source Region...")
+      post_message("Lunching an Helper instance in source Region...")
       result = launch_instance(@context[:source_ami_id], @context[:source_key_name], @context[:source_security_groups])
       @context[:source_instance_id] = result.first
       @context[:source_dns_name] = result[1]
@@ -348,7 +351,8 @@ class CopyMsWindowsSnapshot < Ec2Script
     def enter()
       remote_region()
       detach_volume(@context[:target_volume_id], @context[:target_instance_id])
-      @context[:new_snapshot_id] = create_snapshot(@context[:target_volume_id], "Created by CloudyScripts - copy_mswindows_ami")
+      #@context[:new_snapshot_id] = create_snapshot(@context[:target_volume_id], "Created by CloudyScripts - copy_mswindows_ami")
+      @context[:new_snapshot_id] = create_snapshot(@context[:target_volume_id], @context[:description])
       @context[:result][:snapshot_id] = @context[:new_snapshot_id]
 
       TargetSnapshotCreatedState.new(@context)

data/lib/scripts/ec2/copy_snapshot.rb

@@ -49,6 +49,9 @@ class CopySnapshot< Ec2Script
     if @input_params[:target_ssh_username] == nil
       @input_params[:target_ssh_username] = "root"
     end
+    if @input_params[:description] == nil || check_string_alnum(@input_params[:description])
+      @input_params[:description] = "Created by Cloudy_Scripts - copy_snapshot"
+    end
   end
 
   # Load the initial state for the script.
@@ -191,7 +194,8 @@ class CopySnapshot< Ec2Script
   class DataCopiedState < CopySnapshotState
     def enter()
       remote_region()
-      @context[:new_snapshot_id] = create_snapshot(@context[:target_volume_id], "Created by Cloudy_Scripts - copy_snapshot")
+      #@context[:new_snapshot_id] = create_snapshot(@context[:target_volume_id], "Created by Cloudy_Scripts - copy_snapshot")
+      @context[:new_snapshot_id] = create_snapshot(@context[:target_volume_id], @context[:description])
       @context[:result][:snapshot_id] = @context[:new_snapshot_id]
       SnapshotCreatedState.new(@context)
     end

data/lib/scripts/ec2/vpc_critical_ports_audit.rb

@@ -4,7 +4,7 @@ require "help/remote_command_handler"
 #require "help/dm_crypt_helper"
 require "help/ec2_helper"
 require "AWS"
-require 'pp'
+#require 'pp'
 
 # Checks for all security groups if sensible ports are opened for the wide
 # public.

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: CloudyScripts
 version: !ruby/object:Gem::Version 
-  hash: 95
+  hash: 91
   prerelease: false
   segments: 
   - 2
   - 14
-  - 52
-  version: 2.14.52
+  - 54
+  version: 2.14.54
 platform: ruby
 authors: 
 - Matthias Jung
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-02-23 00:00:00 +00:00
+date: 2012-06-25 00:00:00 +00:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -257,6 +257,7 @@ files:
 - lib/scripts/ec2/vpc_critical_ports_audit.rb
 - lib/scripts/ec2/ami2_ebs_conversion.rb
 - lib/scripts/ec2/copy_mswindows_ami.rb
+- lib/scripts/ec2/check_cloudyscripts.rb
 - lib/scripts/ec2/audit_via_ssh.rb
 - lib/scripts/ec2/open_port_checker.rb
 - lib/scripts/ec2/copy_ami.rb