aws-eni 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: b7f9bdc9bb5d6c7427d50f1354b77317a5a4f1bc
+  data.tar.gz: fe7568417322ab7bfa41be38041efaf1e0aeeae7
+SHA512:
+  metadata.gz: f86aba30d2b1b0e564810648c701f144c098388d8e349ae1143817b4ee58a07c3d86008be3b79b8e9cca66bc5a92ca801b68907711914a32eeece675894f30f4
+  data.tar.gz: bd60223a0bc09962fb82db2cd7c413da1a08f37ff603a85b716723eaa3fecbf983de317155e8c451badf50063fa59df417d3f7c3e7b6df181651026e2be6696f

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in aws-eni.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Mike Greiling
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,63 @@
+# aws-eni
+
+A command line tool and client library to manage AWS Elastic Network Interfaces from within an EC2 instance.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'aws-eni'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install aws-eni
+
+## Usage
+
+Synchronize your EC2 instance network interface config with AWS.
+
+    $ aws-eni sync
+
+List all interface cards, their IPs, and their associations
+
+    $ aws-eni list
+    eth0:
+      10.0.1.23
+    eth1:
+      10.0.2.54 => 54.25.169.87 (EIP)
+      10.0.2.72 => 52.82.17.251 (EIP)
+
+Add a new private IP
+
+    $ aws-eni add eth1
+    added 10.0.2.81
+
+Associate a new elastic IP
+
+    $ aws-eni associate 10.0.2.81
+    associated 10.0.2.81 => 52.171.254.36
+
+Dissociate an elastic IP
+
+    $ aws-eni dissociate 10.0.2.81
+    dissociated 52.171.254.36 from 10.0.2.81
+
+Remove a private IP
+
+    $ aws-eni remove 10.0.2.81
+    removed 10.0.2.81 from eth1
+
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/aws-eni/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/aws-eni.gemspec

@@ -0,0 +1,26 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'aws-eni/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "aws-eni"
+  spec.version       = Aws::ENI::VERSION
+  spec.authors       = ["Mike Greiling"]
+  spec.email         = ["mike@pixelcog.com"]
+  spec.summary       = "Manage and sync local network config with AWS Elastic Network Interfaces"
+  spec.description   = "A command line tool and client library to manage AWS Elastic Network Interfaces from within an EC2 instance"
+  spec.homepage      = "http://pixelcog.com/"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "gli", "~> 2.5"
+  spec.add_dependency "aws-sdk", "~> 2.0"
+
+  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "rake", "~> 10.0"
+end

data/bin/aws-eni

@@ -0,0 +1,442 @@
+#!/usr/bin/env ruby
+require 'gli'
+require 'resolv'
+require 'ipaddr'
+require 'aws-eni'
+
+include GLI::App
+
+program_desc 'Manage and sync local network config with AWS Elastic Network Interfaces'
+
+version Aws::ENI::VERSION
+
+autocomplete_commands true
+subcommand_option_handling :normal
+arguments :loose
+sort_help :manually
+
+# global options
+
+desc 'Display all system commands and warnings'
+switch [:v,:verbose], negatable: false
+
+pre do |opt|
+  Aws::ENI::IFconfig.verbose = opt[:verbose]
+  true
+end
+
+# arg parser methods
+
+def local_ip?(ip)
+  IPAddr.new(Aws::ENI.environment[:vpc_cidr]) === IPAddr.new(ip)
+end
+
+def parse_args(args, *accept)
+  params = {}
+  args.each do |arg|
+    if arg =~ /^eth[0-9]+/ && accept.include?(:device_name)
+      help_now! "You may only specify one device name." if params[:device_name]
+      params[:device_name] = arg
+    elsif arg =~ /^eni-/ && accept.include?(:interface_id)
+      help_now! "You may only specify one interface ID." if params[:interface_id]
+      params[:interface_id] = arg
+    elsif arg =~ /^subnet-/ && accept.include?(:subnet_id)
+      help_now! "You may only specify one subnet." if params[:subnet_id]
+      params[:subnet_id] = arg
+    elsif arg =~ /^sg-/ && accept.include?(:security_groups)
+      params[:security_groups] ||= []
+      params[:security_groups] << arg
+    elsif arg =~ /^eipalloc-/ && accept.include?(:allocation_id)
+      help_now! "You may only specify one allocation ID" if params[:allocation_id]
+      params[:allocation_id] = arg
+    elsif arg =~ /^eipassoc-/ && accept.include?(:association_id)
+      help_now! "You may only specify one association ID" if params[:association_id]
+      params[:association_id] = arg
+    elsif arg =~ Resolv::IPv4::Regex
+      if local_ip? arg
+        if accept.include?(:primary_ip)
+          help_now! "You may only specify one primary IP address." if params[:primary_ip]
+          params[:primary_ip] = arg
+        elsif accept.include?(:private_ip)
+          help_now! "You may only specify one private IP address." if params[:private_ip]
+          params[:private_ip] = arg
+        else
+          help_now! "Invalid IP address: #{arg}"
+        end
+      elsif accept.include?(:public_ip)
+        help_now! "You may only specify one public IP address." if params[:public_ip]
+        params[:public_ip] = arg
+      else
+        help_now! "Invalid IP address: #{arg}"
+      end
+    else
+      help_now! "Invalid argument: #{arg}"
+    end
+  end
+  params
+end
+
+# commands
+
+desc 'List current interface configuration'
+long_desc %{
+  List information about a set of interfaces including interface ID, interface
+  name, MAC address, and a list of primary and secondary IP addresses along with
+  any public ips associated with them.
+
+  Use the optional filter argument to limit the listing to interfaces with a
+  matching name, interface ID, subnet ID, or MAC address (default 'all').
+}
+arg 'filter', :optional
+command [:list,:ls] do |c|
+  c.action do |global,opts,args|
+    help_now! "Too many arguments" if args.count > 1
+    args.delete('all')
+    Aws::ENI.list(args.first).each do |interface|
+      print "#{interface[:name]}:"
+      print "\tID #{interface[:interface_id]}"
+      print "  HWaddr #{interface[:hwaddr]}"
+      print "  Status " << (interface[:enabled] ? "UP" : "DOWN") << "\n"
+      interface[:local_ips].each do |local_ip|
+        if interface[:public_ips][local_ip]
+          puts "\t#{local_ip} => #{interface[:public_ips][local_ip]}"
+        else
+          puts "\t#{local_ip}"
+        end
+      end
+    end
+    puts "\ninterface config is out of sync" if Aws::ENI.configure(nil, dry_run: true) > 0
+  end
+end
+
+desc 'Configure network interfaces'
+long_desc %{
+  Syncronize configuration for a set of interfaces to match their configuration
+  on AWS by managing secondary ips, routes, and rules.
+
+  Use the optional filter argument to limit this action to interfaces with a
+  matching name, interface ID, subnet ID, or MAC address (default 'all').
+}
+arg 'filter', :optional
+command [:config] do |c|
+  c.action do |global,opts,args|
+    help_now! "Too many arguments" if args.count > 1
+    args.delete('all')
+    if Aws::ENI.configure(args.first) != 0
+      puts 'synchronized interface config'
+    else
+      puts 'network interface config already in sync'
+    end
+  end
+end
+
+desc 'Remove custom configuration from network interfaces'
+long_desc %{
+  Remove custom configuration for a set of interfaces removing any custom ips,
+  routes, and rules previously added (the 'eth0' primary IP is always left
+  untouched for safety).
+
+  Use the optional filter argument to limit this action to interfaces with a
+  matching name, interface ID, subnet ID, or MAC address (default 'all').
+}
+arg 'filter', :optional
+command [:deconfig] do |c|
+  c.action do |global,opts,args|
+    help_now! "Too many arguments" if args.count > 1
+    args.delete('all')
+    Aws::ENI.deconfigure(args.first)
+  end
+end
+
+desc 'Enable network interface'
+long_desc %{
+  Enable one or more network interfaces (similar to 'ifup').
+
+  Specify one name, interface ID, subnet ID, or MAC address to enable any
+  matching interfaces, or specify 'all' to enable all interfaces.
+}
+arg 'filter'
+command [:enable,:up] do |c|
+  c.action do |global,opts,args|
+    help_now! "Incorrect number of arguments" unless args.count.between?(0,1)
+    args.delete('all')
+    Aws::ENI::IFconfig.filter(args.first).each(&:enable)
+    puts "interfaces enabled"
+  end
+end
+
+desc 'Disable network interface'
+long_desc %{
+  Disable one or more network interfaces (similar to 'ifdown').
+
+  Specify one name, interface ID, subnet ID, or MAC address to disable any
+  matching interfaces, or specify 'all' to disable all interfaces.
+
+  eth0 cannot be disabled.
+}
+arg 'filter'
+command [:disable,:down] do |c|
+  c.action do |global,opts,args|
+    help_now! "Incorrect number of arguments" unless args.count.between?(0,1)
+    args.delete('all')
+    Aws::ENI::IFconfig.filter(args.first).each do |dev|
+      if dev.name == 'eth0'
+        warn 'skipping eth0'
+      else
+        dev.disable
+        puts "interface #{dev.name} disabled"
+      end
+    end
+  end
+end
+
+desc 'Create new network interface'
+long_desc %{
+  Create a new Elastic Network Interface with a given set of parameters.
+
+  Optional arguments include subnet ID, security group IDs, and a primary ip
+  address.
+
+  If no subnet ID is provided (e.g. subnet-1a2b3c4d) the subnet for eth0 will
+  be used. If no security group is provided (e.g. sg-1a2b3c4d) the VPC default
+  security group will be used. If a private IP is provided, it must fall within
+  the subnet's CIDR block. Arguments can be provided in any order.
+}
+arg 'subnet', :optional
+arg 'security-groups', :optional
+arg 'ip-address', :optional
+command [:create] do |c|
+  c.action do |global,opts,args|
+    params = parse_args args, :subnet_id, :security_groups, :primary_ip
+    interface = Aws::ENI.create_interface(params)
+    puts "interface #{interface[:id]} created on #{interface[:subnet_id]}"
+  end
+end
+
+desc 'Attach network interface'
+long_desc %{
+  Attach an Elastic Network Interface to our instance.
+
+  If interface ID provided (e.g. eni-1a2b3c4d), that interface will be attached,
+  otherwise a new interface will be created with the provided parameters which
+  may include a subnet ID, security group IDs, and a primary IP address.
+
+  If no subnet ID is provided (e.g. subnet-1a2b3c4d) the subnet for eth0 will
+  be used. If no security group is provided (e.g. sg-1a2b3c4d) the VPC default
+  security group will be used. If a private IP is provided, it must fall within
+  the subnet's CIDR block. Arguments can be provided in any order.
+}
+arg 'interface-id', :optional
+arg 'subnet-id', :optional
+arg 'security-groups', :optional
+arg 'ip-address', :optional
+command [:attach] do |c|
+  c.desc 'Refresh the interface configuration after attachment'
+  c.switch [:r,:c,:config], negatable: false
+
+  c.action do |global,opts,args|
+    if args.first =~ /^eni-/
+      help_now! 'Too many arguments' if args.count > 1
+      id = args.first
+    else
+      params = parse_args args, :subnet_id, :security_groups, :primary_ip
+      interface = Aws::ENI.create_interface(params)
+      puts "interface #{interface[:id]} created on #{interface[:subnet_id]}"
+      id = interface[:id]
+    end
+    device = Aws::ENI.attach_interface(id, enable: opts[:config], configure: opts[:config])
+    puts "interface #{device[:id]} attached to #{device[:name]}"
+    puts "device #{device[:name]} enabled and configured" if opts[:config]
+  end
+end
+
+desc 'Detach network interface'
+long_desc %{
+  Detach an Elastic Network Interface from our instance.
+
+  You must provide the interface ID (e.g. eni-1a2b3c4d) or the device name
+  (e.g. eth1) or both.
+
+  If no flag is present, the default action is to destroy the network interface
+  after detachment only if it was originally created by aws-eni.
+}
+arg 'interface-id OR device-name'
+command [:detach] do |c|
+  c.desc 'Delete (or preserve) the unused ENI resource after dataching'
+  c.switch [:d,:delete], default_value: :not_provided # GLI behavior workaround
+
+  c.action do |global,opts,args|
+    help_now! "Missing argument" if args.empty?
+    params = parse_args args, :interface_id, :device_name
+    params[:delete] = opts[:delete] unless opts[:delete] == :not_provided
+    id = params[:interface_id] || params[:device_name]
+
+    device = Aws::ENI.detach_interface(id, params)
+    if device[:deleted]
+      puts "interface #{device[:id]} detached from #{device[:name]} and destroyed"
+    else
+      puts "interface #{device[:id]} detached from #{device[:name]}"
+    end
+  end
+end
+
+desc 'Clean unattached network interfaces'
+long_desc %{
+  Delete unused Elastic Network Interfaces based on provided criteria.
+
+  You may provide a specific interface ID (e.g. eni-1a2b3c4d), a subnet ID
+  (e.g. subnet-1a2b3c4d), or an availability zone from this region (e.g.
+  us-east-1a) to act as search criteria.
+
+  By default, this will only delete ENIs which were originally created with this
+  script.
+}
+arg 'filter', :optional
+command [:clean] do |c|
+  c.desc 'Force deletion of all unattached interfaces which meet our criteria'
+  c.switch [:f,:force], negatable: false
+
+  c.action do |global,opts,args|
+    help_now! "Too many arguments" if args.count > 1
+    deleted = Aws::ENI.clean_interfaces(args.first, safe_mode: !opts[:force])
+    puts "#{deleted[:count]} interfaces deleted"
+  end
+end
+
+desc 'Assign a new secondary private IP address'
+long_desc %{
+  Assign an additional private IP address to a given interface.
+
+  You may optionally specify a private IP in the interface's subnet CIDR range
+  to assign, otherwise one will be generated automatically.
+}
+arg 'ip-address', :optional
+arg 'interface-id OR device-name'
+command [:assign] do |c|
+  c.action do |global,opts,args|
+    help_now! "Missing argument" if args.empty?
+    params = parse_args args, :interface_id, :device_name, :private_ip
+    device = params[:interface_id] || params[:device_name]
+    assignment = Aws::ENI.assign_secondary_ip(device, params)
+    puts "IP #{assignment[:private_ip]} assigned to #{assignment[:device_name]} (#{assignment[:interface_id]})"
+  end
+end
+
+desc 'Unassign a secondary private IP address'
+long_desc %{
+  Remove a private IP address from a given interface.  Any associated public ip
+  address will be dissociated first and optionally released.
+
+  If no interface is specified, it will be inferred by the IP address.
+}
+arg 'ip-address'
+arg 'interface-id', :optional
+arg 'device-name', :optional
+command [:unassign] do |c|
+  c.desc 'Release any associated public IP address'
+  c.switch [:r,:release], negatable: false
+
+  c.action do |global,opts,args|
+    help_now! "Missing argument" if args.empty?
+    params = parse_args args, :interface_id, :device_name, :private_ip
+    params[:release] = opts[:release]
+    unassign = Aws::ENI.unassign_secondary_ip(params[:private_ip], params)
+    if unassign[:released]
+      puts "EIP #{unassign[:public_ip]} (#{unassign[:allocation_id]}) dissociated from #{unassign[:private_ip]} and released"
+    elsif unassign[:public_ip]
+      puts "EIP #{unassign[:public_ip]} (#{unassign[:allocation_id]}) dissociated from #{unassign[:private_ip]}"
+    end
+    puts "IP #{unassign[:private_ip]} removed from #{unassign[:device_name]} (#{unassign[:interface_id]})"
+  end
+end
+
+desc 'Associate a public IP address with a private IP address'
+long_desc %{
+  Associate a private IP address with a new or existing public IP address.
+
+  If no public IP or allocation ID is provided, a new Elastic IP Address will be
+  allocated and used.
+
+  If no interface ID or device name provided, it will be inferred from the ip
+  address.
+}
+arg 'private-ip'
+arg 'public-ip', :optional
+arg 'allocation-id', :optional
+arg 'interface-id', :optional
+arg 'device-name', :optional
+command [:associate] do |c|
+  c.action do |global,opts,args|
+    help_now! "Missing argument" if args.empty?
+    params = parse_args args, :private_ip, :public_ip, :allocation_id, :interface_id, :device_name
+    assoc = Aws::ENI.associate_elastic_ip(params[:private_ip], params)
+    puts "EIP #{assoc[:public_ip]} (#{assoc[:allocation_id]}) associated with #{assoc[:private_ip]} on #{assoc[:device_name]} (#{assoc[:interface_id]})"
+  end
+end
+
+desc 'Dissociate a public IP address from a private IP address'
+long_desc %{
+  Remove an association between a given public IP address or private IP address
+  and their counterpart.  The public IP address is then optionally released.
+}
+arg 'private-ip OR public-ip OR allocation-id'
+arg 'interface-id', :optional
+arg 'device-name', :optional
+command [:dissociate] do |c|
+  c.desc 'Release the associated public IP address'
+  c.switch [:r,:release], negatable: false
+
+  c.action do |global,opts,args|
+    help_now! "Missing argument" if args.empty?
+    params = parse_args args, :private_ip, :public_ip, :allocation_id, :association_id, :interface_id, :device_name
+    ip = params[:private_ip] || params[:public_ip] || params[:association_id] || params[:allocation_id]
+    dissoc = Aws::ENI.dissociate_elastic_ip(ip, params)
+    if dissoc[:released]
+      puts "EIP #{dissoc[:public_ip]} (#{dissoc[:allocation_id]}) dissociated from #{dissoc[:private_ip]} on #{dissoc[:device_name]} (#{dissoc[:interface_id]}) and released"
+    else
+      puts "EIP #{dissoc[:public_ip]} (#{dissoc[:allocation_id]}) dissociated from #{dissoc[:private_ip]} on #{dissoc[:device_name]} (#{dissoc[:interface_id]})"
+    end
+  end
+end
+
+desc 'Allocate a new Elastic IP address'
+long_desc %{
+  Allocate a new Elastic IP address for use
+}
+command [:allocate] do |c|
+  c.action do |global,opts,args|
+    alloc = Aws::ENI.allocate_elastic_ip
+    puts "EIP #{alloc[:public_ip]} allocated as #{alloc[:allocation_id]}"
+  end
+end
+
+desc 'Release one or more unassigned Elastic IP addresses'
+long_desc %{
+  Release one or more unassigned Elastic IP addresses.  If IP address or
+  allication, will release only that EIP, otherwise will clean all unassigned
+  EIPs.
+}
+arg 'ip-address OR allocation-id'
+command [:release] do |c|
+  c.action do |global,opts,args|
+    help_now! "Missing argument" if args.empty?
+    params = parse_args args, :public_ip, :allocation_id
+    eip = params[:public_ip] || params[:allocation_id]
+    release = Aws::ENI.release_elastic_ip(eip, params)
+    puts "EIP #{release[:public_ip]} (#{release[:allocation_id]}) released"
+  end
+end
+
+# error handling
+
+on_error do |exception|
+  if Aws::ENI::PermissionError === exception
+    warn 'error: This action requires super-user privileges (try sudo)'
+    false
+  else
+    true
+  end
+end
+
+ARGV << 'ls' if ARGV.empty?
+exit run(ARGV)