central-cli 0.6.3

data/lib/central/machine/cert_helper.rb

@@ -0,0 +1,39 @@
+require 'openssl'
+
+module Central
+  module Machine
+    module CertHelper
+      def generate_self_signed_cert
+        key = OpenSSL::PKey::RSA.new(2048)
+        public_key = key.public_key
+
+        # subject = '/C=FI/O=Test/OU=Test/CN=Test'
+        subject = '/CN=api.bluebeluga.io/O=The BlueBeluga Company/C=US'
+
+        cert = OpenSSL::X509::Certificate.new
+        cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
+        cert.not_before = Time.now
+        cert.not_after = Time.now + (10 * 365 * 24 * 60 * 60)
+        cert.public_key = public_key
+        cert.serial = 0x0
+        cert.version = 2
+
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = cert
+        ef.issuer_certificate = cert
+        cert.extensions = [
+          ef.create_extension('basicConstraints', 'CA:TRUE', true),
+          ef.create_extension('subjectKeyIdentifier', 'hash')
+        ]
+        cert.add_extension ef.create_extension('authorityKeyIdentifier',
+                                               'keyid:always,issuer:always')
+
+        cert.sign key, OpenSSL::Digest::SHA1.new
+
+        pem = cert.to_pem
+        pem << key.to_s
+        pem
+      end
+    end
+  end
+end

data/lib/central/machine/cloud_config/cloudinit.yml

@@ -0,0 +1,70 @@
+#cloud-config
+write_files:
+  - path: /etc/central-agent.env
+    permissions: 0600
+    owner: root
+    content: |
+      CENTRAL_URI="<%= master_uri %>"
+      CENTRAL_TOKEN="<%= stack_token %>"
+      CENTRAL_PEER_INTERFACE=<%= peer_interface %>
+      CENTRAL_VERSION=<%= version %>
+  - path: /etc/systemd/system/docker.service.d/50-central.conf
+    content: |
+        [Service]
+        Environment='DOCKER_OPTS=--insecure-registry="10.81.0.0/19" --bip="<%= docker_bip %>"'
+  - path: /etc/sysctl.d/99-inotify.conf
+    owner: root
+    permissions: 0644
+    content: |
+      fs.inotify.max_user_instances = 8192
+coreos:
+  units:
+    - name: 00-eth.network
+      runtime: true
+      content: |
+        [Match]
+        Name=eth*
+        [Network]
+        DHCP=yes
+        <% dns_servers.each do |dns| %>DNS=<%= dns %>
+        <% end %>
+        DOMAINS=central.local
+        [DHCP]
+        UseDNS=false
+
+    - name: 10-weave.network
+      runtime: false
+      content: |
+        [Match]
+        Type=bridge
+        Name=weave*
+
+        [Network]
+    - name: central-agent.service
+      command: start
+      enable: true
+      content: |
+        [Unit]
+        Description=central-agent
+        After=network-online.target
+        After=docker.service
+        Description=Central Agent
+        Documentation=http://www.central.io/
+        Requires=network-online.target
+        Requires=docker.service
+
+        [Service]
+        Restart=always
+        RestartSec=5
+        EnvironmentFile=/etc/central-agent.env
+        ExecStartPre=-/usr/bin/docker stop central-agent
+        ExecStartPre=-/usr/bin/docker rm central-agent
+        ExecStartPre=/usr/bin/docker pull fishyard/agent:${CENTRAL_VERSION}
+        ExecStart=/usr/bin/docker run --name central-agent \
+            -e CENTRAL_URI=${CENTRAL_URI} \
+            -e CENTRAL_TOKEN=${CENTRAL_TOKEN} \
+            -e CENTRAL_PEER_INTERFACE=${CENTRAL_PEER_INTERFACE} \
+            -v=/var/run/docker.sock:/var/run/docker.sock \
+            -v=/etc/central-agent.env:/etc/central.env \
+            --net=host \
+            fishyard/agent:${CENTRAL_VERSION}

data/lib/central/machine/cloud_config/node_generator.rb

@@ -0,0 +1,27 @@
+require 'fileutils'
+require 'erb'
+
+module Central
+  module Machine
+    module CloudConfig
+      class NodeGenerator
+        # @param [Hash] opts
+        def generate(opts)
+          user_data(opts)
+        end
+
+        # @param [Hash] vars
+        def user_data(vars)
+          cloudinit_template = File.join(__dir__, '/cloudinit.yml')
+          erb(File.read(cloudinit_template), vars)
+        end
+
+        # @param [String] template
+        # @param [Hash] vars
+        def erb(template, vars)
+          ERB.new(template).result(OpenStruct.new(vars).instance_eval { binding })
+        end
+      end
+    end
+  end
+end

data/lib/central/machine/common.rb

@@ -0,0 +1,16 @@
+module Central
+  module Machine
+    module Common
+      def which(cmd)
+        exts = ENV['PATHEXT'] ? ENV['PATHEXT'].split(';') : ['']
+        ENV['PATH'].split(File::PATH_SEPARATOR).each do |path|
+          exts.each do |ext|
+            exe = File.join(path, "#{cmd}#{ext}")
+            return exe if File.executable?(exe) && !File.directory?(exe)
+          end
+        end
+        nil
+      end
+    end
+  end
+end

data/lib/central/machine/digital_ocean.rb

@@ -0,0 +1,13 @@
+begin
+  require 'droplet_kit'
+rescue LoadError
+  puts "It seems that you don't have Digital Ocean API installed."
+  puts 'Install it using: gem install droplet_kit'
+  exit 1
+end
+
+require_relative 'random_name'
+require_relative 'cert_helper'
+require_relative 'digital_ocean/node_provisioner'
+require_relative 'digital_ocean/node_destroyer'
+require_relative 'digital_ocean/master_provisioner'

data/lib/central/machine/digital_ocean/cloudinit.yml

@@ -0,0 +1,64 @@
+#cloud-config
+write_files:
+  - path: /etc/central-agent.env
+    permissions: 0600
+    owner: root
+    content: |
+      CENTRAL_URI="<%= master_uri %>"
+      CENTRAL_TOKEN="<%= stack_token %>"
+      CENTRAL_PEER_INTERFACE=eth1
+      CENTRAL_VERSION=<%= version %>
+  - path: /etc/systemd/system/docker.service.d/50-central.conf
+    content: |
+        [Service]
+        Environment='DOCKER_OPTS=--insecure-registry="10.81.0.0/19" --bip="172.17.43.1/16"'
+  - path: /etc/sysctl.d/99-inotify.conf
+    owner: root
+    permissions: 0644
+    content: |
+      fs.inotify.max_user_instances = 8192
+  - path: /etc/resolv.conf
+    permissions: 0644
+    owner: root
+    content: |
+      nameserver 172.17.43.1
+      nameserver 8.8.8.8
+      nameserver 8.8.4.4
+coreos:
+  units:
+    - name: 10-weave.network
+      runtime: false
+      content: |
+        [Match]
+        Type=bridge
+        Name=weave*
+
+        [Network]
+    - name: central-agent.service
+      command: start
+      enable: true
+      content: |
+        [Unit]
+        Description=central-agent
+        After=network-online.target
+        After=docker.service
+        Description=Central Agent
+        Documentation=http://www.central.io/
+        Requires=network-online.target
+        Requires=docker.service
+
+        [Service]
+        Restart=always
+        RestartSec=5
+        EnvironmentFile=/etc/central-agent.env
+        ExecStartPre=-/usr/bin/docker stop central-agent
+        ExecStartPre=-/usr/bin/docker rm central-agent
+        ExecStartPre=/usr/bin/docker pull fishyard/agent:${CENTRAL_VERSION}
+        ExecStart=/usr/bin/docker run --name central-agent \
+            -e CENTRAL_URI=${CENTRAL_URI} \
+            -e CENTRAL_TOKEN=${CENTRAL_TOKEN} \
+            -e CENTRAL_PEER_INTERFACE=${CENTRAL_PEER_INTERFACE} \
+            -v=/var/run/docker.sock:/var/run/docker.sock \
+            -v=/etc/central-agent.env:/etc/central.env \
+            --net=host \
+            fishyard/agent:${CENTRAL_VERSION}

data/lib/central/machine/digital_ocean/cloudinit_master.yml

@@ -0,0 +1,118 @@
+#cloud-config
+write_files:
+  - path: /etc/central-server.env
+    permissions: 0600
+    owner: root
+    content: |
+      CENTRAL_VERSION=<%= version %>
+      CENTRAL_VAULT_KEY=<%= vault_secret %>
+      CENTRAL_VAULT_IV=<%= vault_iv %>
+      <% if ssl_cert %>SSL_CERT="/etc/central-server.pem"
+
+  - path: /etc/central-server.pem
+    permissions: 0600
+    owner: root
+    content: | <% ssl_cert.split(/\n/).each do |row| %>
+      <%= row %><% end %><% end %>
+  - path: /opt/bin/central-haproxy.sh
+    permissions: 0755
+    owner: root
+    content: |
+      #!/bin/sh
+      if [ -n "$SSL_CERT" ]; then
+        SSL_CERT=$(awk 1 ORS='\\n' $SSL_CERT)
+      else
+        SSL_CERT="**None**"
+      fi
+      /usr/bin/docker run --name=central-server-haproxy \
+        --link central-server-api:central-server-api \
+        -e SSL_CERT="$SSL_CERT" \
+        -p 80:80 -p 443:443 fishyard/haproxy:latest
+coreos:
+  units:
+<% unless mongodb_uri -%>
+    - name: central-server-mongo.service
+      command: start
+      enable: true
+      content: |
+        [Unit]
+        Description=central-server-mongo
+        After=network-online.target
+        After=docker.service
+        Description=Central Server MongoDB
+        Documentation=http://www.mongodb.org/
+        Requires=network-online.target
+        Requires=docker.service
+
+        [Service]
+        Restart=always
+        RestartSec=5
+        ExecStartPre=/usr/bin/docker pull mongo:3.0
+        ExecStartPre=-/usr/bin/docker create --name=central-server-mongo-data mongo:3.0
+        ExecStartPre=-/usr/bin/docker stop central-server-mongo
+        ExecStartPre=-/usr/bin/docker rm central-server-mongo
+        ExecStart=/usr/bin/docker run --name=central-server-mongo \
+            --volumes-from=central-server-mongo-data \
+            mongo:3.0 mongod --smallfiles
+<% end -%>
+    - name: central-server-api.service
+      command: start
+      enable: true
+      content: |
+        [Unit]
+        Description=central-server-api
+        After=network-online.target
+        After=docker.service
+        After=central-server-mongo.service
+        Description=Central Machine
+        Documentation=http://www.central.io/
+        Before=central-server-haproxy.service
+        Wants=central-server-haproxy.service
+        Requires=network-online.target
+        Requires=docker.service
+<% unless mongodb_uri -%>
+        Requires=central-server-mongo.service
+<% end %>
+
+        [Service]
+        Restart=always
+        RestartSec=5
+        EnvironmentFile=/etc/central-server.env
+        ExecStartPre=-/usr/bin/docker stop central-server-api
+        ExecStartPre=-/usr/bin/docker rm central-server-api
+        ExecStartPre=/usr/bin/docker pull fishyard/server:${CENTRAL_VERSION}
+        ExecStart=/usr/bin/docker run --name central-server-api \
+<% if mongodb_uri -%>
+            -e MONGODB_URI=<%= mongodb_uri %> \
+<% else -%>
+            --link central-server-mongo:mongodb \
+            -e MONGODB_URI=mongodb://mongodb:27017/central_server \
+<% end -%>
+<% if auth_server %>
+            -e AUTH_API_URL=<%= auth_server %> \
+<% end -%>
+            -e VAULT_KEY=${CENTRAL_VAULT_KEY} -e VAULT_IV=${CENTRAL_VAULT_IV} \
+            fishyard/server:${CENTRAL_VERSION}
+
+    - name: central-server-haproxy.service
+      command: start
+      enable: true
+      content: |
+        [Unit]
+        Description=central-server-haproxy
+        After=network-online.target
+        After=docker.service
+        Description=Central Server HAProxy
+        Documentation=http://www.central.io/
+        Requires=network-online.target
+        Requires=docker.service
+        Requires=central-server-api.service
+
+        [Service]
+        Restart=always
+        RestartSec=5
+        EnvironmentFile=/etc/central-server.env
+        ExecStartPre=-/usr/bin/docker stop central-server-haproxy
+        ExecStartPre=-/usr/bin/docker rm central-server-haproxy
+        ExecStartPre=/usr/bin/docker pull fishyard/haproxy:latest
+        ExecStart=/opt/bin/central-haproxy.sh

data/lib/central/machine/digital_ocean/master_provisioner.rb

@@ -0,0 +1,99 @@
+require 'fileutils'
+require 'erb'
+require 'open3'
+require 'shell-spinner'
+
+module Central
+  module Machine
+    module DigitalOcean
+      class MasterProvisioner
+        include RandomName
+        include Machine::CertHelper
+
+        attr_reader :client, :http_client
+
+        # @param [String] token Digital Ocean token
+        def initialize(token)
+          @client = DropletKit::Client.new(access_token: token)
+        end
+
+        def run!(opts)
+          abort('Invalid ssh key') unless File.exist?(File.expand_path(opts[:ssh_key]))
+
+          ssh_key = ssh_key(File.read(File.expand_path(opts[:ssh_key])).strip)
+          abort('Ssh key does not exist in Digital Ocean') unless ssh_key
+
+          if opts[:ssl_cert]
+            abort('Invalid ssl cert') unless File.exist?(File.expand_path(opts[:ssl_cert]))
+            ssl_cert = File.read(File.expand_path(opts[:ssl_cert]))
+          else
+            ShellSpinner 'Generating self-signed SSL certificate' do
+              ssl_cert = generate_self_signed_cert
+            end
+          end
+
+          userdata_vars = {
+            ssl_cert: ssl_cert,
+            auth_server: opts[:auth_server],
+            version: opts[:version],
+            vault_secret: opts[:vault_secret],
+            vault_iv: opts[:vault_iv],
+            mongodb_uri: opts[:mongodb_uri]
+          }
+
+          droplet = DropletKit::Droplet.new(
+            name: generate_name,
+            region: opts[:region],
+            image: 'coreos-stable',
+            size: opts[:size],
+            private_networking: true,
+            user_data: user_data(userdata_vars),
+            ssh_keys: [ssh_key.id]
+          )
+
+          ShellSpinner "Creating DigitalOcean droplet #{droplet.name.colorize(:cyan)} " do
+            droplet = client.droplets.create(droplet)
+            until droplet.status == 'active'
+              droplet = client.droplets.find(id: droplet.id)
+              sleep 5
+            end
+          end
+
+          master_url = "https://#{droplet.public_ip}"
+          Excon.defaults[:ssl_verify_peer] = false
+          @http_client = Excon.new(master_url.to_s, connect_timeout: 10)
+
+          ShellSpinner "Waiting for #{droplet.name.colorize(:cyan)} to start" do
+            sleep 5 until master_running?
+          end
+
+          puts "Central Machine is now running at #{master_url}"
+          puts "Use #{"cm login --name=#{droplet.name.sub('central-machine-', '')} #{master_url}".colorize(:light_black)} to complete Central Machine setup"
+        end
+
+        def user_data(vars)
+          cloudinit_template = File.join(__dir__, '/cloudinit_master.yml')
+          erb(File.read(cloudinit_template), vars)
+        end
+
+        def generate_name
+          "central-machine-#{super}-#{rand(1..9)}"
+        end
+
+        def ssh_key(public_key)
+          client.ssh_keys.all.find { |key| key.public_key == public_key }
+        end
+
+        def master_running?
+          http_client.get(path: '/').status == 200
+        rescue
+          false
+        end
+
+        def erb(template, vars)
+          ERB.new(template, nil, '%<>-').result(OpenStruct.new(vars).instance_eval { binding })
+        end
+      end
+    end
+  end
+end