builderator 1.2.3.pre.beta.1 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 83b75ce26deeb6612ec531be9a548b2b5c43f412
-  data.tar.gz: 1622ca8922bb3596167b1341d3f170ec3feba4e5
+  metadata.gz: 710962f091dbc4e8bdb78702764f537c5205d7bb
+  data.tar.gz: fb314bfd5f1aa4b35bb2204cb6def699ccc5030f
 SHA512:
-  metadata.gz: 16cc1d59457a54b2b86e6ae401b1d870fbb768ae3d61aae10a024a1da7927ef444d7721f1423edef5fa6fe9099ef2159c317766340f02a23d827bc7bf6783203
-  data.tar.gz: 6d1e30012ec43092c5cd1c3bdab195b1fdc4f6776840367c4b97dbdd7e2630dac6e4a3bc35467f18f25a19c53a6b3b8440e156184fe417619819c0f593b327c0
+  metadata.gz: 338681e36782e334d7e08bf6f463fafda8f186f11679b2d81dfdff03423a79d36094279b5987c28b270f16d1f18ec4276797bfd5368dd6c87e21fd824cef4070
+  data.tar.gz: 436d1936dccd2f2902aa8a2fbfe9ac564c07424df435314464575a082d4364d695c40c725e55b9c7b2c87c3a71de2bf84d3a89fc3de2fbaa8585a39630e58868

data/README.md

@@ -1,4 +1,4 @@
-# Builderator
+# Builderator [![Build Status](https://api.travis-ci.org/rapid7/builderator.svg?branch=master)](https://travis-ci.org/rapid7/builderator)
 
 Orchestration and configuration of the code development life-cycle.
 

data/lib/builderator/config/file.rb

@@ -262,6 +262,10 @@ module Builderator
             attribute :ami_users, :type => :list
             attribute :ami_regions, :type => :list
 
+            # Tagging
+            attribute :run_tags, :type => :hash
+            attribute :run_volume_tags, :type => :hash
+
             ## Assumable role for tagging AMIs in remote accounts
             attribute :tagging_role
           end

data/lib/builderator/interface/packer.rb

@@ -15,6 +15,7 @@ module Builderator
     class Packer < Interface
       command 'packer'
       attr_reader :packerfile
+      attr_reader :security_group_id
 
       def initialize(*_)
         super
@@ -60,6 +61,25 @@ module Builderator
             # This is not directly supported by Packer
             build_hash.delete(:tagging_role)
 
+            # Use a security group that doesn't suck if user didn't specify.
+            # Note that @security_group_id in this class will only ever be the one created here,
+            # and will be nil if the user specified their own
+            if build_hash.key?(:security_group_ids)
+              puts "Using SecurityGroups #{build_hash[:security_group_ids]}"
+            elsif build_hash.key?(:security_group_id)
+              puts "Using SecurityGroup #{build_hash[:security_group_id]}"
+            else
+              @security_group_id = Util.get_security_group_id(build_hash[:region])
+              build_hash[:security_group_id] = @security_group_id
+
+              # Delete the security group created above when on builderator exit.
+              # Note that for an unclean exit in which the instance was NOT terminated,
+              # Amazon will refuse to delete the security group, as it is still attached
+              # to an existing instance.  This is unfortunate, but is equivalent to packer's
+              # default behavior except that now you'll get an exception from aws-sdk.
+              at_exit { Util.remove_security_group(build_hash[:region], @security_group_id) }
+            end
+
             json[:builders] << build_hash
           end
 

data/lib/builderator/patch/thor-actions.rb

@@ -82,6 +82,12 @@ class Thor
       end
     end
 
+    alias_method :thor_run, :run
+    def run(command, config = {})
+      thor_run(command, config)
+      fail "Command failed: #{command}" if $?.exitstatus != 0
+    end
+
     ##
     # Make `template` load from a sane path and render in the context of Config
     ##

data/lib/builderator/tasks/packer.rb

@@ -1,5 +1,6 @@
 require 'aws-sdk'
 require 'thor'
+require 'retryable'
 
 require_relative '../control/data'
 require_relative '../interface/packer'
@@ -47,7 +48,7 @@ module Builderator
 
           build.ami_regions.each do |region|
             say_status :copy, "image #{image_name} (#{image.image_id}) from #{Config.aws.region} to #{region}"
-            Util.ec2(region).copy_image(parameters)
+            copy_image(region, parameters)
           end
         end
 
@@ -61,11 +62,6 @@ module Builderator
         invoke :configure, [profile], options
 
         images.each do |image_name, (image, build)|
-          filters = [{
-            :name => 'name',
-            :values => [image_name]
-          }]
-
           ## Add some additional tags about the regional source
           image.tags << {
             :key => 'source_region',
@@ -77,7 +73,7 @@ module Builderator
           }
 
           build.ami_regions.each do |region|
-            regional_image = Util.ec2(region).describe_images(:filters => filters).images.first
+            regional_image = find_image(region, image_name)
 
             say_status :tag, "AMI #{image_name} (#{regional_image.image_id}) in #{region}"
             Util.ec2(region).create_tags(:resources => [regional_image.image_id], :tags => image.tags)
@@ -99,13 +95,8 @@ module Builderator
           waiting = false
 
           images.each do |image_name, (image, build)|
-            filters = [{
-              :name => 'name',
-              :values => [image_name]
-            }]
-
             build.ami_regions.each do |region|
-              regional_image = Util.ec2(region).describe_images(:filters => filters).images.first
+              regional_image = find_image(region, image_name)
 
               ## It takes a few seconds for the new AMI to show up in the `describe_images` response-set
               state = regional_image.nil? ? 'unknown' : regional_image.state
@@ -123,7 +114,7 @@ module Builderator
           end
 
           ## If waiting == false, loop immediately to break
-          sleep(10) if waiting
+          sleep(20) if waiting
         end
 
         say_status :complete, 'All copied images are available'
@@ -143,17 +134,12 @@ module Builderator
 
             sts_client = Aws::STS::Client.new(region: region)
 
-            filters = [{
-              :name => 'name',
-              :values => [image_name]
-            }]
-
             if build.tagging_role.nil?
               say_status :complete, 'No remote tagging to be performed as no IAM role is defined'
               return
             end
 
-            regional_image = Util.ec2(region).describe_images(:filters => filters).images.first
+            regional_image = find_image(region, image_name)
 
             build.ami_users.each do |account|
               role_arn = "arn:aws:iam::#{account}:role/#{build.tagging_role}"
@@ -187,12 +173,7 @@ module Builderator
             build.ami_users.each do |user|
               shared = true
 
-              filters = [{
-                :name => 'name',
-                :values => [image_name]
-              }]
-
-              regional_image = Util.ec2(region).describe_images(:filters => filters).images.first
+              regional_image = find_image(region, image_name)
 
               say_status :share, "image #{image_name} (#{regional_image.image_id}) with #{user}"
 
@@ -222,6 +203,27 @@ module Builderator
           memo[build.ami_name] = [Control::Data.lookup(:image, :name => build.ami_name).first, build]
         end
       end
+
+      def copy_image(region, params)
+        Retryable.retryable(:sleep => lambda { |n| 4**n }, :tries => 4, :on => [Aws::EC2::Errors::ServiceError]) do |retries, _|
+          say_status :error, 'Error copying image', :red if retries.positive?
+          Util.ec2(region).copy_image(params)
+        end
+      end
+
+      def find_image(region, image_name)
+        filters = [{
+          :name => 'name',
+          :values => [image_name]
+        }]
+
+        image = nil
+        Retryable.retryable(:sleep => lambda { |n| 4**n }, :tries => 4, :on => [Aws::EC2::Errors::ServiceError]) do |retries, _|
+          say_status :error, 'Error finding image', :red if retries.positive?
+          image = Util.ec2(region).describe_images(:filters => filters).images.first
+        end
+        image
+      end
     end
   end
 end

data/lib/builderator/tasks/version.rb

@@ -19,7 +19,7 @@ module Builderator
       desc 'current', 'Print the current version and write it to file'
       def current
         unless Config.autoversion.search_tags
-          say_status :disabled, 'Automatically detecting version informantion '\
+          say_status :disabled, 'Automatically detecting version information '\
                                 'from SCM tags is disabled', :red
           return
         end

data/lib/builderator/util.rb

@@ -79,6 +79,52 @@ module Builderator
         clients["asg-#{region}"] ||= Aws::AutoScaling::Client.new(:region => region)
       end
 
+      def remove_security_group(region = Config.aws.region, group_id = nil)
+        if region.nil?
+          puts "Dry-run; skipping delete of group_id #{group_id}"
+          return
+        end
+        if group_id.nil?
+          puts "Not removing security group"
+          return
+        end
+        ec2 = ec2(region)
+        resp = ec2.delete_security_group(group_id: group_id)
+        puts "Deleted SecurityGroup #{group_id}"
+      end
+
+      def get_security_group_id(region = Config.aws.region)
+        group_id = nil
+        if region.nil?
+          group_id = 'sg-DRYRUNSG'
+          puts "Dry-run; skipping create and returning #{group_id}"
+          return group_id
+        end
+        ec2 = ec2(region)
+        group = nil
+        require 'open-uri'
+        external_ip = open('http://checkip.amazonaws.com').read.strip
+        cidr_ip = external_ip + '/32'
+
+        # Create a security group
+        resp = ec2.create_security_group(group_name: "BuilderatorSecurityGroupSSHOnly-#{Time.now.to_i}",
+                                         description: "Created by Builderator at #{Time.now}")
+        group_id = resp[:group_id]
+
+        resp = ec2.describe_security_groups(group_ids: [group_id])
+        groups = resp[:security_groups]
+        group = groups.first
+
+        # Ensure the group_id has the right permissions
+        resp = ec2.authorize_security_group_ingress(group_id: group_id,
+                                                    ip_protocol: 'tcp',
+                                                    from_port: 22,
+                                                    to_port: 22,
+                                                    cidr_ip: cidr_ip)
+        puts "Created SecurityGroup #{group_id}"
+        group_id
+      end
+
       private
 
       def clients

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: builderator
 version: !ruby/object:Gem::Version
-  version: 1.2.3.pre.beta.1
+  version: 1.3.0
 platform: ruby
 authors:
 - John Manero
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-02-03 00:00:00.000000000 Z
+date: 2017-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -178,6 +178,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.19.0
+- !ruby/object:Gem::Dependency
+  name: retryable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.4
 description: Builderator automates many of the common steps required to build VMs
   and images with Chef. It provides a common configuration layer for Chef, Berkshelf,
   Vagrant, and Packer, and tasks to orchestrate the usage of each. https://github.com/rapid7/builderator
@@ -260,9 +274,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.5.2