central-cli 0.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.dockerignore +3 -0
- data/.gitignore +15 -0
- data/.rspec +6 -0
- data/.rubocop.yml +5 -0
- data/Dockerfile +15 -0
- data/Gemfile +10 -0
- data/LICENSE +191 -0
- data/README.md +39 -0
- data/Rakefile +9 -0
- data/VERSION +1 -0
- data/bin/cm +85 -0
- data/central-cli.gemspec +35 -0
- data/central-docker.sh +6 -0
- data/lib/central/cli/app_command.rb +29 -0
- data/lib/central/cli/apps/build_command.rb +24 -0
- data/lib/central/cli/apps/central_yml_generator.rb +88 -0
- data/lib/central/cli/apps/common.rb +166 -0
- data/lib/central/cli/apps/deploy_command.rb +191 -0
- data/lib/central/cli/apps/docker_compose_generator.rb +48 -0
- data/lib/central/cli/apps/docker_helper.rb +85 -0
- data/lib/central/cli/apps/dockerfile_generator.rb +15 -0
- data/lib/central/cli/apps/init_command.rb +91 -0
- data/lib/central/cli/apps/list_command.rb +68 -0
- data/lib/central/cli/apps/logs_command.rb +76 -0
- data/lib/central/cli/apps/monitor_command.rb +93 -0
- data/lib/central/cli/apps/remove_command.rb +80 -0
- data/lib/central/cli/apps/restart_command.rb +38 -0
- data/lib/central/cli/apps/scale_command.rb +31 -0
- data/lib/central/cli/apps/show_command.rb +23 -0
- data/lib/central/cli/apps/start_command.rb +39 -0
- data/lib/central/cli/apps/stop_command.rb +39 -0
- data/lib/central/cli/auth/aws/create_command.rb +34 -0
- data/lib/central/cli/auth/aws_command.rb +7 -0
- data/lib/central/cli/auth/list_command.rb +28 -0
- data/lib/central/cli/auth_command.rb +9 -0
- data/lib/central/cli/bytes_helper.rb +38 -0
- data/lib/central/cli/common.rb +148 -0
- data/lib/central/cli/container_command.rb +10 -0
- data/lib/central/cli/containers/exec_command.rb +21 -0
- data/lib/central/cli/containers/inspect_command.rb +22 -0
- data/lib/central/cli/etcd/common.rb +7 -0
- data/lib/central/cli/etcd/get_command.rb +26 -0
- data/lib/central/cli/etcd/list_command.rb +31 -0
- data/lib/central/cli/etcd/mkdir_command.rb +21 -0
- data/lib/central/cli/etcd/remove_command.rb +25 -0
- data/lib/central/cli/etcd/set_command.rb +22 -0
- data/lib/central/cli/etcd_command.rb +16 -0
- data/lib/central/cli/external_registries/add_command.rb +21 -0
- data/lib/central/cli/external_registries/delete_command.rb +15 -0
- data/lib/central/cli/external_registries/list_command.rb +27 -0
- data/lib/central/cli/external_registries/remove_command.rb +13 -0
- data/lib/central/cli/external_registry_command.rb +14 -0
- data/lib/central/cli/login_command.rb +121 -0
- data/lib/central/cli/logout_command.rb +7 -0
- data/lib/central/cli/master/aws/create_command.rb +41 -0
- data/lib/central/cli/master/aws_command.rb +7 -0
- data/lib/central/cli/master/azure/create_command.rb +39 -0
- data/lib/central/cli/master/azure_command.rb +11 -0
- data/lib/central/cli/master/digital_ocean/create_command.rb +35 -0
- data/lib/central/cli/master/digital_ocean_command.rb +11 -0
- data/lib/central/cli/master/list_command.rb +28 -0
- data/lib/central/cli/master/use_command.rb +34 -0
- data/lib/central/cli/master/users/add_role_command.rb +26 -0
- data/lib/central/cli/master/users/invite_command.rb +24 -0
- data/lib/central/cli/master/users/list_command.rb +18 -0
- data/lib/central/cli/master/users/remove_command.rb +22 -0
- data/lib/central/cli/master/users/remove_role_command.rb +25 -0
- data/lib/central/cli/master/users_command.rb +15 -0
- data/lib/central/cli/master/vagrant/create_command.rb +25 -0
- data/lib/central/cli/master/vagrant/restart_command.rb +20 -0
- data/lib/central/cli/master/vagrant/ssh_command.rb +15 -0
- data/lib/central/cli/master/vagrant/start_command.rb +20 -0
- data/lib/central/cli/master/vagrant/stop_command.rb +20 -0
- data/lib/central/cli/master/vagrant/terminate_command.rb +13 -0
- data/lib/central/cli/master/vagrant_command.rb +21 -0
- data/lib/central/cli/master_command.rb +19 -0
- data/lib/central/cli/node_command.rb +30 -0
- data/lib/central/cli/nodes/add_label_command.rb +19 -0
- data/lib/central/cli/nodes/aws/create_command.rb +40 -0
- data/lib/central/cli/nodes/aws/restart_command.rb +29 -0
- data/lib/central/cli/nodes/aws/terminate_command.rb +21 -0
- data/lib/central/cli/nodes/aws_command.rb +14 -0
- data/lib/central/cli/nodes/azure/create_command.rb +40 -0
- data/lib/central/cli/nodes/azure/restart_command.rb +31 -0
- data/lib/central/cli/nodes/azure/terminate_command.rb +21 -0
- data/lib/central/cli/nodes/azure_command.rb +14 -0
- data/lib/central/cli/nodes/digital_ocean/create_command.rb +32 -0
- data/lib/central/cli/nodes/digital_ocean/restart_command.rb +27 -0
- data/lib/central/cli/nodes/digital_ocean/terminate_command.rb +19 -0
- data/lib/central/cli/nodes/digital_ocean_command.rb +14 -0
- data/lib/central/cli/nodes/label_command.rb +12 -0
- data/lib/central/cli/nodes/labels/add_command.rb +19 -0
- data/lib/central/cli/nodes/labels/remove_command.rb +23 -0
- data/lib/central/cli/nodes/list_command.rb +62 -0
- data/lib/central/cli/nodes/remove_command.rb +16 -0
- data/lib/central/cli/nodes/remove_label_command.rb +23 -0
- data/lib/central/cli/nodes/show_command.rb +49 -0
- data/lib/central/cli/nodes/ssh_command.rb +31 -0
- data/lib/central/cli/nodes/update_command.rb +20 -0
- data/lib/central/cli/nodes/vagrant/create_command.rb +27 -0
- data/lib/central/cli/nodes/vagrant/restart_command.rb +26 -0
- data/lib/central/cli/nodes/vagrant/ssh_command.rb +21 -0
- data/lib/central/cli/nodes/vagrant/start_command.rb +26 -0
- data/lib/central/cli/nodes/vagrant/stop_command.rb +26 -0
- data/lib/central/cli/nodes/vagrant/terminate_command.rb +17 -0
- data/lib/central/cli/nodes/vagrant_command.rb +20 -0
- data/lib/central/cli/register_command.rb +21 -0
- data/lib/central/cli/registry/create_command.rb +144 -0
- data/lib/central/cli/registry/delete_command.rb +22 -0
- data/lib/central/cli/registry/remove_command.rb +19 -0
- data/lib/central/cli/registry_command.rb +11 -0
- data/lib/central/cli/service_command.rb +49 -0
- data/lib/central/cli/services/add_env_command.rb +19 -0
- data/lib/central/cli/services/add_secret_command.rb +24 -0
- data/lib/central/cli/services/container_command.rb +8 -0
- data/lib/central/cli/services/containers_command.rb +32 -0
- data/lib/central/cli/services/create_command.rb +90 -0
- data/lib/central/cli/services/delete_command.rb +19 -0
- data/lib/central/cli/services/deploy_command.rb +21 -0
- data/lib/central/cli/services/env_command.rb +11 -0
- data/lib/central/cli/services/envs/add_command.rb +19 -0
- data/lib/central/cli/services/envs/list_command.rb +20 -0
- data/lib/central/cli/services/envs/remove_command.rb +18 -0
- data/lib/central/cli/services/envs_command.rb +20 -0
- data/lib/central/cli/services/link_command.rb +26 -0
- data/lib/central/cli/services/list_command.rb +42 -0
- data/lib/central/cli/services/logs_command.rb +57 -0
- data/lib/central/cli/services/monitor_command.rb +58 -0
- data/lib/central/cli/services/remove_command.rb +17 -0
- data/lib/central/cli/services/remove_env_command.rb +18 -0
- data/lib/central/cli/services/remove_secret_command.rb +28 -0
- data/lib/central/cli/services/restart_command.rb +17 -0
- data/lib/central/cli/services/scale_command.rb +17 -0
- data/lib/central/cli/services/secret_command.rb +9 -0
- data/lib/central/cli/services/secrets/link_command.rb +24 -0
- data/lib/central/cli/services/secrets/unlink_command.rb +28 -0
- data/lib/central/cli/services/services_helper.rb +360 -0
- data/lib/central/cli/services/show_command.rb +18 -0
- data/lib/central/cli/services/start_command.rb +17 -0
- data/lib/central/cli/services/stats_command.rb +74 -0
- data/lib/central/cli/services/stop_command.rb +17 -0
- data/lib/central/cli/services/unlink_command.rb +25 -0
- data/lib/central/cli/services/update_command.rb +78 -0
- data/lib/central/cli/stack_command.rb +32 -0
- data/lib/central/cli/stack_options.rb +11 -0
- data/lib/central/cli/stacks/add_user_command.rb +18 -0
- data/lib/central/cli/stacks/audit_log_command.rb +21 -0
- data/lib/central/cli/stacks/cloud_config_command.rb +41 -0
- data/lib/central/cli/stacks/common.rb +95 -0
- data/lib/central/cli/stacks/create_command.rb +26 -0
- data/lib/central/cli/stacks/current_command.rb +25 -0
- data/lib/central/cli/stacks/env_command.rb +32 -0
- data/lib/central/cli/stacks/list_command.rb +35 -0
- data/lib/central/cli/stacks/list_users_command.rb +26 -0
- data/lib/central/cli/stacks/logs_command.rb +81 -0
- data/lib/central/cli/stacks/remove_command.rb +26 -0
- data/lib/central/cli/stacks/remove_user_command.rb +17 -0
- data/lib/central/cli/stacks/show_command.rb +19 -0
- data/lib/central/cli/stacks/trusted_subnets/add_command.rb +16 -0
- data/lib/central/cli/stacks/trusted_subnets/list_command.rb +17 -0
- data/lib/central/cli/stacks/trusted_subnets/remove_command.rb +20 -0
- data/lib/central/cli/stacks/update_command.rb +27 -0
- data/lib/central/cli/stacks/use_command.rb +21 -0
- data/lib/central/cli/stacks/user_command.rb +11 -0
- data/lib/central/cli/stacks/users/add_command.rb +18 -0
- data/lib/central/cli/stacks/users/list_command.rb +18 -0
- data/lib/central/cli/stacks/users/remove_command.rb +17 -0
- data/lib/central/cli/user/forgot_password_command.rb +16 -0
- data/lib/central/cli/user/reset_password_command.rb +21 -0
- data/lib/central/cli/user/verify_command.rb +22 -0
- data/lib/central/cli/user_command.rb +12 -0
- data/lib/central/cli/vault/list_command.rb +25 -0
- data/lib/central/cli/vault/read_command.rb +17 -0
- data/lib/central/cli/vault/remove_command.rb +14 -0
- data/lib/central/cli/vault/update_command.rb +18 -0
- data/lib/central/cli/vault/write_command.rb +22 -0
- data/lib/central/cli/vault_command.rb +16 -0
- data/lib/central/cli/version.rb +5 -0
- data/lib/central/cli/version_command.rb +22 -0
- data/lib/central/cli/vpn/config_command.rb +25 -0
- data/lib/central/cli/vpn/create_command.rb +71 -0
- data/lib/central/cli/vpn/delete_command.rb +21 -0
- data/lib/central/cli/vpn/remove_command.rb +19 -0
- data/lib/central/cli/vpn_command.rb +13 -0
- data/lib/central/cli/whoami_command.rb +20 -0
- data/lib/central/client.rb +208 -0
- data/lib/central/errors.rb +10 -0
- data/lib/central/machine/aws.rb +14 -0
- data/lib/central/machine/aws/auth_provisioner.rb +161 -0
- data/lib/central/machine/aws/cloudinit.yml +71 -0
- data/lib/central/machine/aws/cloudinit_master.yml +118 -0
- data/lib/central/machine/aws/cloudinit_oauth.yml +76 -0
- data/lib/central/machine/aws/common.rb +31 -0
- data/lib/central/machine/aws/master_provisioner.rb +171 -0
- data/lib/central/machine/aws/node_destroyer.rb +46 -0
- data/lib/central/machine/aws/node_provisioner.rb +214 -0
- data/lib/central/machine/azure.rb +13 -0
- data/lib/central/machine/azure/cloudinit.yml +64 -0
- data/lib/central/machine/azure/cloudinit_master.yml +106 -0
- data/lib/central/machine/azure/logger.rb +26 -0
- data/lib/central/machine/azure/master_provisioner.rb +125 -0
- data/lib/central/machine/azure/node_destroyer.rb +52 -0
- data/lib/central/machine/azure/node_provisioner.rb +126 -0
- data/lib/central/machine/cert_helper.rb +39 -0
- data/lib/central/machine/cloud_config/cloudinit.yml +70 -0
- data/lib/central/machine/cloud_config/node_generator.rb +27 -0
- data/lib/central/machine/common.rb +16 -0
- data/lib/central/machine/digital_ocean.rb +13 -0
- data/lib/central/machine/digital_ocean/cloudinit.yml +64 -0
- data/lib/central/machine/digital_ocean/cloudinit_master.yml +118 -0
- data/lib/central/machine/digital_ocean/master_provisioner.rb +99 -0
- data/lib/central/machine/digital_ocean/node_destroyer.rb +40 -0
- data/lib/central/machine/digital_ocean/node_provisioner.rb +81 -0
- data/lib/central/machine/random_name.rb +39 -0
- data/lib/central/machine/vagrant.rb +12 -0
- data/lib/central/machine/vagrant/Vagrantfile.master.rb.erb +116 -0
- data/lib/central/machine/vagrant/Vagrantfile.node.rb.erb +32 -0
- data/lib/central/machine/vagrant/cloudinit.yml +73 -0
- data/lib/central/machine/vagrant/master_destroyer.rb +34 -0
- data/lib/central/machine/vagrant/master_provisioner.rb +79 -0
- data/lib/central/machine/vagrant/node_destroyer.rb +38 -0
- data/lib/central/machine/vagrant/node_provisioner.rb +68 -0
- data/lib/central/scripts/completer +157 -0
- data/lib/central/scripts/init +11 -0
- data/spec/central/cli/app/common_spec.rb +150 -0
- data/spec/central/cli/app/deploy_command_spec.rb +598 -0
- data/spec/central/cli/app/docker_helper_spec.rb +102 -0
- data/spec/central/cli/app/scale_spec.rb +49 -0
- data/spec/central/cli/common_spec.rb +117 -0
- data/spec/central/cli/login_command_spec.rb +31 -0
- data/spec/central/cli/master/current_command_spec.rb +55 -0
- data/spec/central/cli/master/use_command_spec.rb +37 -0
- data/spec/central/cli/master/users/invite_command_spec.rb +34 -0
- data/spec/central/cli/master/users/remove_command_spec.rb +26 -0
- data/spec/central/cli/master/users/roles/add_command_spec.rb +34 -0
- data/spec/central/cli/master/users/roles/remove_command_spec.rb +34 -0
- data/spec/central/cli/register_command_spec.rb +56 -0
- data/spec/central/cli/services/containers_command_spec.rb +40 -0
- data/spec/central/cli/services/link_command_spec.rb +38 -0
- data/spec/central/cli/services/restart_command_spec.rb +27 -0
- data/spec/central/cli/services/secrets/link_command_spec.rb +59 -0
- data/spec/central/cli/services/secrets/unlink_command_spec.rb +48 -0
- data/spec/central/cli/services/services_helper_spec.rb +170 -0
- data/spec/central/cli/services/unlink_command_spec.rb +38 -0
- data/spec/central/cli/stacks/trusted_subnets/add_command_spec.rb +37 -0
- data/spec/central/cli/stacks/trusted_subnets/list_command_spec.rb +30 -0
- data/spec/central/cli/stacks/trusted_subnets/remove_command_spec.rb +37 -0
- data/spec/central/cli/version_command_spec.rb +16 -0
- data/spec/fixtures/central.yml +17 -0
- data/spec/fixtures/docker-compose.yml +8 -0
- data/spec/fixtures/mysql.yml +3 -0
- data/spec/fixtures/wordpress-scaled.yml +3 -0
- data/spec/fixtures/wordpress.yml +2 -0
- data/spec/spec_helper.rb +27 -0
- data/spec/support/client_helpers.rb +30 -0
- data/spec/support/fixtures_helpers.rb +7 -0
- data/tasks/rspec.rake +5 -0
- metadata +463 -0
@@ -0,0 +1,14 @@
|
|
1
|
+
begin
|
2
|
+
require 'aws-sdk'
|
3
|
+
rescue LoadError
|
4
|
+
puts "It seems that you don't have gem for AWS API installed."
|
5
|
+
puts 'Install it using: gem install aws-sdk'
|
6
|
+
exit 1
|
7
|
+
end
|
8
|
+
|
9
|
+
require_relative 'random_name'
|
10
|
+
require_relative 'cert_helper'
|
11
|
+
require_relative 'aws/auth_provisioner'
|
12
|
+
require_relative 'aws/master_provisioner'
|
13
|
+
require_relative 'aws/node_provisioner'
|
14
|
+
require_relative 'aws/node_destroyer'
|
@@ -0,0 +1,161 @@
|
|
1
|
+
require 'fileutils'
|
2
|
+
require 'erb'
|
3
|
+
require 'open3'
|
4
|
+
require 'shell-spinner'
|
5
|
+
require_relative 'common'
|
6
|
+
|
7
|
+
module Central
|
8
|
+
module Machine
|
9
|
+
module Aws
|
10
|
+
class AuthProvisioner
|
11
|
+
include RandomName
|
12
|
+
include Common
|
13
|
+
include Machine::CertHelper
|
14
|
+
attr_reader :ec2, :http_client, :region
|
15
|
+
|
16
|
+
# @param [String] access_key_id aws_access_key_id
|
17
|
+
# @param [String] secret_key aws_secret_access_key
|
18
|
+
# @param [String] region
|
19
|
+
def initialize(access_key_id, secret_key, region)
|
20
|
+
@ec2 = ::Aws::EC2::Resource.new(
|
21
|
+
region: region,
|
22
|
+
credentials: ::Aws::Credentials.new(access_key_id, secret_key)
|
23
|
+
)
|
24
|
+
end
|
25
|
+
|
26
|
+
# @param [Hash] opts
|
27
|
+
def run!(opts)
|
28
|
+
ssl_cert = nil
|
29
|
+
if opts[:ssl_cert]
|
30
|
+
unless File.exist?(File.expand_path(opts[:ssl_cert]))
|
31
|
+
abort('Invalid ssl cert')
|
32
|
+
end
|
33
|
+
ssl_cert = File.read(File.expand_path(opts[:ssl_cert]))
|
34
|
+
else
|
35
|
+
ShellSpinner 'Generating self-signed SSL certificate' do
|
36
|
+
ssl_cert = generate_self_signed_cert
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
ami = resolve_ami(region)
|
41
|
+
abort('No valid AMI found for region') unless ami
|
42
|
+
opts[:vpc] = default_vpc.vpc_id unless opts[:vpc]
|
43
|
+
subnet = if opts[:subnet].nil?
|
44
|
+
default_subnet(opts[:vpc], region + opts[:zone])
|
45
|
+
else
|
46
|
+
ec2.subnet(opts[:subnet])
|
47
|
+
end
|
48
|
+
userdata_vars = {
|
49
|
+
ssl_cert: ssl_cert,
|
50
|
+
version: opts[:version]
|
51
|
+
}
|
52
|
+
|
53
|
+
security_group = ensure_security_group(opts[:vpc])
|
54
|
+
name = generate_name
|
55
|
+
ec2_instance = ec2.create_instances(
|
56
|
+
image_id: ami,
|
57
|
+
min_count: 1,
|
58
|
+
max_count: 1,
|
59
|
+
instance_type: opts[:type],
|
60
|
+
security_group_ids: [security_group.group_id],
|
61
|
+
key_name: opts[:key_pair],
|
62
|
+
subnet_id: subnet.subnet_id,
|
63
|
+
user_data: Base64.encode64(user_data(userdata_vars)),
|
64
|
+
block_device_mappings: [
|
65
|
+
{
|
66
|
+
device_name: '/dev/xvda',
|
67
|
+
virtual_name: 'Root',
|
68
|
+
ebs: {
|
69
|
+
volume_size: opts[:storage],
|
70
|
+
volume_type: 'gp2'
|
71
|
+
}
|
72
|
+
}
|
73
|
+
]
|
74
|
+
).first
|
75
|
+
ec2_instance.create_tags(tags: [{ key: 'Name', value: name }])
|
76
|
+
ShellSpinner "Creating AWS instance #{name.colorize(:cyan)} " do
|
77
|
+
sleep 5 until ec2_instance.reload.state.name == 'running'
|
78
|
+
end
|
79
|
+
auth_url = "https://#{ec2_instance.public_ip_address}"
|
80
|
+
Excon.defaults[:ssl_verify_peer] = false
|
81
|
+
http_client = Excon.new(auth_url, connect_timeout: 10)
|
82
|
+
ShellSpinner "Waiting for #{name.colorize(:cyan)} to start" do
|
83
|
+
sleep 5 until master_running?(http_client)
|
84
|
+
end
|
85
|
+
|
86
|
+
puts 'Central Machine OAuth Agent is now running'
|
87
|
+
end
|
88
|
+
|
89
|
+
# @param [String] vpc_id
|
90
|
+
# @return [Aws::EC2::SecurityGroup]
|
91
|
+
def ensure_security_group(vpc_id)
|
92
|
+
group_name = 'central_machine_oauth'
|
93
|
+
sg = ec2.security_groups(
|
94
|
+
filters: [
|
95
|
+
{ name: 'group-name', values: [group_name] },
|
96
|
+
{ name: 'vpc-id', values: [vpc_id] }
|
97
|
+
]
|
98
|
+
).first
|
99
|
+
unless sg
|
100
|
+
ShellSpinner 'Creating AWS security group' do
|
101
|
+
sg = create_security_group(group_name, vpc_id)
|
102
|
+
end
|
103
|
+
end
|
104
|
+
sg
|
105
|
+
end
|
106
|
+
|
107
|
+
# creates security_group and authorizes default port ranges
|
108
|
+
#
|
109
|
+
# @param [String] name
|
110
|
+
# @param [String, NilClass] vpc_id
|
111
|
+
# @return Aws::EC2::SecurityGroup
|
112
|
+
def create_security_group(name, vpc_id = nil)
|
113
|
+
sg = ec2.create_security_group(
|
114
|
+
group_name: name,
|
115
|
+
description: 'Central Machine OAuth',
|
116
|
+
vpc_id: vpc_id)
|
117
|
+
sg.create_tags(tags: [
|
118
|
+
{ key: 'Name', value: name }
|
119
|
+
])
|
120
|
+
sg.authorize_ingress( # SSHD
|
121
|
+
ip_protocol: 'tcp',
|
122
|
+
from_port: 22,
|
123
|
+
to_port: 22,
|
124
|
+
cidr_ip: '24.7.32.100/32')
|
125
|
+
sg.authorize_ingress( # HTTPS
|
126
|
+
ip_protocol: 'tcp',
|
127
|
+
from_port: 443,
|
128
|
+
to_port: 443,
|
129
|
+
cidr_ip: '0.0.0.0/0')
|
130
|
+
sg
|
131
|
+
end
|
132
|
+
|
133
|
+
# @return [String]
|
134
|
+
def region
|
135
|
+
ec2.client.config.region
|
136
|
+
end
|
137
|
+
|
138
|
+
def user_data(vars)
|
139
|
+
cloudinit_template = File.join(__dir__, '/cloudinit_oauth.yml')
|
140
|
+
erb(File.read(cloudinit_template), vars)
|
141
|
+
end
|
142
|
+
|
143
|
+
def generate_name
|
144
|
+
"central-machine-oauth-#{super}-#{rand(1..99)}"
|
145
|
+
end
|
146
|
+
|
147
|
+
def master_running?(http_client)
|
148
|
+
http_client.get(path: '/v1/ping').status == 200
|
149
|
+
rescue
|
150
|
+
false
|
151
|
+
end
|
152
|
+
|
153
|
+
def erb(template, vars)
|
154
|
+
ERB.new(template).result(
|
155
|
+
OpenStruct.new(vars).instance_eval { binding }
|
156
|
+
)
|
157
|
+
end
|
158
|
+
end
|
159
|
+
end
|
160
|
+
end
|
161
|
+
end
|
@@ -0,0 +1,71 @@
|
|
1
|
+
#cloud-config
|
2
|
+
hostname: <%= name %>
|
3
|
+
write_files:
|
4
|
+
- path: /etc/central-agent.env
|
5
|
+
permissions: 0600
|
6
|
+
owner: root
|
7
|
+
content: |
|
8
|
+
CENTRAL_URI="<%= master_uri %>"
|
9
|
+
CENTRAL_TOKEN="<%= stack_token %>"
|
10
|
+
CENTRAL_PEER_INTERFACE=eth1
|
11
|
+
CENTRAL_VERSION=<%= version %>
|
12
|
+
- path: /etc/systemd/system/docker.service.d/50-central.conf
|
13
|
+
content: |
|
14
|
+
[Service]
|
15
|
+
Environment='DOCKER_OPTS=--insecure-registry="10.81.0.0/19" --bip="172.17.43.1/16"'
|
16
|
+
- path: /etc/sysctl.d/99-inotify.conf
|
17
|
+
owner: root
|
18
|
+
permissions: 0644
|
19
|
+
content: |
|
20
|
+
fs.inotify.max_user_instances = 8192
|
21
|
+
coreos:
|
22
|
+
units:
|
23
|
+
- name: 00-eth.network
|
24
|
+
runtime: true
|
25
|
+
content: |
|
26
|
+
[Match]
|
27
|
+
Name=eth*
|
28
|
+
[Network]
|
29
|
+
DHCP=yes
|
30
|
+
DNS=172.17.43.1
|
31
|
+
DNS=<%= dns_server %>
|
32
|
+
DOMAINS=central.local
|
33
|
+
[DHCP]
|
34
|
+
UseDNS=false
|
35
|
+
|
36
|
+
- name: 10-weave.network
|
37
|
+
runtime: false
|
38
|
+
content: |
|
39
|
+
[Match]
|
40
|
+
Type=bridge
|
41
|
+
Name=weave*
|
42
|
+
|
43
|
+
[Network]
|
44
|
+
- name: central-agent.service
|
45
|
+
command: start
|
46
|
+
enable: true
|
47
|
+
content: |
|
48
|
+
[Unit]
|
49
|
+
Description=central-agent
|
50
|
+
After=network-online.target
|
51
|
+
After=docker.service
|
52
|
+
Description=Central Agent
|
53
|
+
Documentation=http://www.central.io/
|
54
|
+
Requires=network-online.target
|
55
|
+
Requires=docker.service
|
56
|
+
|
57
|
+
[Service]
|
58
|
+
Restart=always
|
59
|
+
RestartSec=5
|
60
|
+
EnvironmentFile=/etc/central-agent.env
|
61
|
+
ExecStartPre=-/usr/bin/docker stop central-agent
|
62
|
+
ExecStartPre=-/usr/bin/docker rm central-agent
|
63
|
+
ExecStartPre=/usr/bin/docker pull fishyard/agent:${CENTRAL_VERSION}
|
64
|
+
ExecStart=/usr/bin/docker run --name central-agent \
|
65
|
+
-e CENTRAL_URI=${CENTRAL_URI} \
|
66
|
+
-e CENTRAL_TOKEN=${CENTRAL_TOKEN} \
|
67
|
+
-e CENTRAL_PEER_INTERFACE=${CENTRAL_PEER_INTERFACE} \
|
68
|
+
-v=/var/run/docker.sock:/var/run/docker.sock \
|
69
|
+
-v=/etc/central-agent.env:/etc/central.env \
|
70
|
+
--net=host \
|
71
|
+
fishyard/agent:${CENTRAL_VERSION}
|
@@ -0,0 +1,118 @@
|
|
1
|
+
#cloud-config
|
2
|
+
write_files:
|
3
|
+
- path: /etc/central-server.env
|
4
|
+
permissions: 0600
|
5
|
+
owner: root
|
6
|
+
content: |
|
7
|
+
CENTRAL_VERSION=<%= version %>
|
8
|
+
CENTRAL_VAULT_KEY=<%= vault_secret %>
|
9
|
+
CENTRAL_VAULT_IV=<%= vault_iv %>
|
10
|
+
<% if ssl_cert %>SSL_CERT="/etc/central-server.pem"
|
11
|
+
|
12
|
+
- path: /etc/central-server.pem
|
13
|
+
permissions: 0600
|
14
|
+
owner: root
|
15
|
+
content: | <% ssl_cert.split(/\n/).each do |row| %>
|
16
|
+
<%= row %><% end %><% end %>
|
17
|
+
- path: /opt/bin/central-haproxy.sh
|
18
|
+
permissions: 0755
|
19
|
+
owner: root
|
20
|
+
content: |
|
21
|
+
#!/bin/sh
|
22
|
+
if [ -n "$SSL_CERT" ]; then
|
23
|
+
SSL_CERT=$(awk 1 ORS='\\n' $SSL_CERT)
|
24
|
+
else
|
25
|
+
SSL_CERT="**None**"
|
26
|
+
fi
|
27
|
+
/usr/bin/docker run --name=central-server-haproxy \
|
28
|
+
--link central-server-api:central-server-api \
|
29
|
+
-e SSL_CERT="$SSL_CERT" \
|
30
|
+
-p 80:80 -p 443:443 fishyard/haproxy:latest
|
31
|
+
coreos:
|
32
|
+
units:
|
33
|
+
<% unless mongodb_uri -%>
|
34
|
+
- name: central-server-mongo.service
|
35
|
+
command: start
|
36
|
+
enable: true
|
37
|
+
content: |
|
38
|
+
[Unit]
|
39
|
+
Description=central-server-mongo
|
40
|
+
After=network-online.target
|
41
|
+
After=docker.service
|
42
|
+
Description=Central Server MongoDB
|
43
|
+
Documentation=http://www.mongodb.org/
|
44
|
+
Requires=network-online.target
|
45
|
+
Requires=docker.service
|
46
|
+
|
47
|
+
[Service]
|
48
|
+
Restart=always
|
49
|
+
RestartSec=5
|
50
|
+
ExecStartPre=/usr/bin/docker pull mongo:3.0
|
51
|
+
ExecStartPre=-/usr/bin/docker create --name=central-server-mongo-data mongo:3.0
|
52
|
+
ExecStartPre=-/usr/bin/docker stop central-server-mongo
|
53
|
+
ExecStartPre=-/usr/bin/docker rm central-server-mongo
|
54
|
+
ExecStart=/usr/bin/docker run --name=central-server-mongo \
|
55
|
+
--volumes-from=central-server-mongo-data \
|
56
|
+
mongo:3.0 mongod --smallfiles
|
57
|
+
<% end -%>
|
58
|
+
- name: central-server-api.service
|
59
|
+
command: start
|
60
|
+
enable: true
|
61
|
+
content: |
|
62
|
+
[Unit]
|
63
|
+
Description=central-server-api
|
64
|
+
After=network-online.target
|
65
|
+
After=docker.service
|
66
|
+
After=central-server-mongo.service
|
67
|
+
Description=Central Machine
|
68
|
+
Documentation=http://www.central.io/
|
69
|
+
Before=central-server-haproxy.service
|
70
|
+
Wants=central-server-haproxy.service
|
71
|
+
Requires=network-online.target
|
72
|
+
Requires=docker.service
|
73
|
+
<% unless mongodb_uri -%>
|
74
|
+
Requires=central-server-mongo.service
|
75
|
+
<% end %>
|
76
|
+
|
77
|
+
[Service]
|
78
|
+
Restart=always
|
79
|
+
RestartSec=5
|
80
|
+
EnvironmentFile=/etc/central-server.env
|
81
|
+
ExecStartPre=-/usr/bin/docker stop central-server-api
|
82
|
+
ExecStartPre=-/usr/bin/docker rm central-server-api
|
83
|
+
ExecStartPre=/usr/bin/docker pull fishyard/server:${CENTRAL_VERSION}
|
84
|
+
ExecStart=/usr/bin/docker run --name central-server-api \
|
85
|
+
<% if mongodb_uri -%>
|
86
|
+
-e MONGODB_URI=<%= mongodb_uri %> \
|
87
|
+
<% else -%>
|
88
|
+
--link central-server-mongo:mongodb \
|
89
|
+
-e MONGODB_URI=mongodb://mongodb:27017/central_server \
|
90
|
+
<% end -%>
|
91
|
+
<% if auth_server %>
|
92
|
+
-e AUTH_API_URL=<%= auth_server %> \
|
93
|
+
<% end -%>
|
94
|
+
-e VAULT_KEY=${CENTRAL_VAULT_KEY} -e VAULT_IV=${CENTRAL_VAULT_IV} \
|
95
|
+
fishyard/server:${CENTRAL_VERSION}
|
96
|
+
|
97
|
+
- name: central-server-haproxy.service
|
98
|
+
command: start
|
99
|
+
enable: true
|
100
|
+
content: |
|
101
|
+
[Unit]
|
102
|
+
Description=central-server-haproxy
|
103
|
+
After=network-online.target
|
104
|
+
After=docker.service
|
105
|
+
Description=Central Server HAProxy
|
106
|
+
Documentation=http://www.central.io/
|
107
|
+
Requires=network-online.target
|
108
|
+
Requires=docker.service
|
109
|
+
Requires=central-server-api.service
|
110
|
+
|
111
|
+
[Service]
|
112
|
+
Restart=always
|
113
|
+
RestartSec=5
|
114
|
+
EnvironmentFile=/etc/central-server.env
|
115
|
+
ExecStartPre=-/usr/bin/docker stop central-server-haproxy
|
116
|
+
ExecStartPre=-/usr/bin/docker rm central-server-haproxy
|
117
|
+
ExecStartPre=/usr/bin/docker pull fishyard/haproxy:latest
|
118
|
+
ExecStart=/opt/bin/central-haproxy.sh
|
@@ -0,0 +1,76 @@
|
|
1
|
+
#cloud-config
|
2
|
+
write_files:
|
3
|
+
- path: /etc/central-machine.env
|
4
|
+
permissions: 0600
|
5
|
+
owner: root
|
6
|
+
content: |
|
7
|
+
CENTRAL_VERSION=<%= version %>
|
8
|
+
<% if ssl_cert %>SSL_CERT="/etc/central-machine.pem"
|
9
|
+
|
10
|
+
- path: /etc/central-machine.pem
|
11
|
+
permissions: 0600
|
12
|
+
owner: root
|
13
|
+
content: | <% ssl_cert.split(/\n/).each do |row| %>
|
14
|
+
<%= row %><% end %><% end %>
|
15
|
+
- path: /opt/bin/central-haproxy.sh
|
16
|
+
permissions: 0755
|
17
|
+
owner: root
|
18
|
+
content: |
|
19
|
+
#!/bin/sh
|
20
|
+
if [ -n "$SSL_CERT" ]; then
|
21
|
+
SSL_CERT=$(awk 1 ORS='\\n' $SSL_CERT)
|
22
|
+
else
|
23
|
+
SSL_CERT="**None**"
|
24
|
+
fi
|
25
|
+
/usr/bin/docker run --name=central-machine-haproxy \
|
26
|
+
--link central-machine-auth \
|
27
|
+
-e SSL_CERT="$SSL_CERT" \
|
28
|
+
-e BACKENDS=central-machine-auth:5000 \
|
29
|
+
-p 80:80 -p 443:443 fishyard/haproxy:latest
|
30
|
+
coreos:
|
31
|
+
units:
|
32
|
+
- name: central-machine-auth.service
|
33
|
+
command: start
|
34
|
+
enable: true
|
35
|
+
content: |
|
36
|
+
[Unit]
|
37
|
+
Description=central-machine-auth
|
38
|
+
After=network-online.target
|
39
|
+
After=docker.service
|
40
|
+
Description=Central Server oAuth
|
41
|
+
Documentation=http://www.central.io/
|
42
|
+
Requires=network-online.target
|
43
|
+
Requires=docker.service
|
44
|
+
|
45
|
+
[Service]
|
46
|
+
Restart=always
|
47
|
+
RestartSec=5
|
48
|
+
EnvironmentFile=/etc/central-machine.env
|
49
|
+
ExecStartPre=-/usr/bin/docker stop central-machine-auth
|
50
|
+
ExecStartPre=-/usr/bin/docker rm central-machine-auth
|
51
|
+
ExecStartPre=/usr/bin/docker pull fishyard/auth:${CENTRAL_VERSION}
|
52
|
+
ExecStart=/usr/bin/docker run --name central-machine-auth \
|
53
|
+
-e PORT=5000 -p 5000:5000 fishyard/auth:${CENTRAL_VERSION}
|
54
|
+
|
55
|
+
- name: central-machine-haproxy.service
|
56
|
+
command: start
|
57
|
+
enable: true
|
58
|
+
content: |
|
59
|
+
[Unit]
|
60
|
+
Description=central-machine-haproxy
|
61
|
+
After=network-online.target
|
62
|
+
After=docker.service
|
63
|
+
Description=Central Server HAProxy
|
64
|
+
Documentation=http://www.central.io/
|
65
|
+
Requires=network-online.target
|
66
|
+
Requires=docker.service
|
67
|
+
Requires=central-machine-auth.service
|
68
|
+
|
69
|
+
[Service]
|
70
|
+
Restart=always
|
71
|
+
RestartSec=5
|
72
|
+
EnvironmentFile=/etc/central-machine.env
|
73
|
+
ExecStartPre=-/usr/bin/docker stop central-machine-haproxy
|
74
|
+
ExecStartPre=-/usr/bin/docker rm central-machine-haproxy
|
75
|
+
ExecStartPre=/usr/bin/docker pull fishyard/haproxy:${CENTRAL_VERSION}
|
76
|
+
ExecStart=/opt/bin/central-haproxy.sh
|