chemtrail 0.3.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7c327599b79192343d3993d9b30c9a5535e711ff
-  data.tar.gz: 0f2e7925ba1bcb70e468e9059a004dc78325205c
+  metadata.gz: da5e94625a540c598754777705713135aed7b298
+  data.tar.gz: 570c93e465273a2a6a23eaa19cde303ebcddfb20
 SHA512:
-  metadata.gz: fee99fa18b8a65a03fe64fdc5e1ba13a21a2e85628b1ede78a092e946dbe6a8c76ba268131184865d0d27187ab1bc8c019b48d1844ff53f1cb1f6dc9f8f7c6d9
-  data.tar.gz: 90fdf39a9da0d664ea6a7eb4f49a497fd7f31696a3ecf0fd2cd5a329f66e5f6f4aeab6df61dd4e69345e8cefd078f716ab593242dab53af38ce1176a80a62f79
+  metadata.gz: e16c9ae30693142fa40c50d5d17e7d3dee6880390f02743bffb3af23943bf4097e7b902a66f6243315742d9211b8c91c3d8758bb768d2e8223a9eee6512809a7
+  data.tar.gz: 2046dabd55f6dae8f7c8589f6bc884e9b1e17e4ad4c4bd8928505fe45cda76062c986d9487e33bdf628d86631518057da12d5ad46165e67ef182c02f38780cb7

data/examples/lib/templates/config/load_balancer.yml

@@ -0,0 +1,23 @@
+LoadBalancerSecurityGroup:
+  SecurityGroupIngress:
+    - IpProtocol: tcp
+      FromPort: "80"
+      ToPort: "80"
+      CidrIp: 0.0.0.0/0
+  SecurityGroupEgress:
+    - IpProtocol: tcp
+      FromPort: "80"
+      ToPort: "80"
+      CidrIp: 0.0.0.0/0
+
+ElasticLoadBalancer:
+  Listeners:
+    - LoadBalancerPort: "80"
+      InstancePort: "80"
+      Protocol: HTTP
+  HealthCheck:
+    Target: HTTP:80/
+    HealthyThreshold: "3"
+    UnhealthyThreshold: "5"
+    Interval: "90"
+    Timeout: "60"

data/examples/lib/templates/config/nat_device.yml

@@ -0,0 +1,49 @@
+AWSNATAMI:
+  us-east-1:
+    AMI: ami-c6699baf
+  us-west-2:
+    AMI: ami-52ff7262
+  us-west-1:
+    AMI: ami-3bcc9e7e
+  eu-west-1:
+    AMI: ami-0b5b6c7f
+  ap-southeast-1:
+    AMI: ami-02eb9350
+  ap-southeast-2:
+    AMI: ami-ab990e91
+  ap-northeast-1:
+    AMI: ami-14d86d15
+  sa-east-1:
+    AMI: ami-0439e619
+
+NATIPAddress:
+  Domain: vpc
+
+NATDevice:
+  SourceDestCheck: "false"
+
+NATSecurityGroup:
+  GroupDescription: Enable internal access to the NAT device
+  SecurityGroupIngress:
+    - IpProtocol: tcp
+      FromPort: "80"
+      ToPort: "80"
+    - IpProtocol: tcp
+      FromPort: "9418"
+      ToPort: "9418"
+    - IpProtocol: tcp
+      FromPort: "443"
+      ToPort: "443"
+  SecurityGroupEgress:
+    - IpProtocol: tcp
+      FromPort: "80"
+      ToPort: "80"
+      CidrIp: 0.0.0.0/0
+    - IpProtocol: tcp
+      FromPort: "9418"
+      ToPort: "9418"
+      CidrIp: 0.0.0.0/0
+    - IpProtocol: tcp
+      FromPort: "443"
+      ToPort: "443"
+      CidrIp: 0.0.0.0/0

data/examples/lib/templates/config/opsworks.yml

@@ -0,0 +1,5 @@
+OpsWorksSecurityGroup:
+  SecurityGroupIngress:
+    - IpProtocol: tcp
+      FromPort: "80"
+      ToPort: "80"

data/examples/lib/templates/config/private_network.yml

@@ -0,0 +1,34 @@
+PrivateSubnet:
+  Tags:
+    - Key: Network
+      Value: Private
+
+PrivateRouteTable:
+  Tags:
+    - Key: Network
+      Value: Private
+
+PrivateNetworkAcl:
+  Tags:
+    - Key: Network
+      Value: Private
+
+InboundPrivateNetworkAclEntry:
+  RuleNumber: "100"
+  Protocol: "6"
+  RuleAction: allow
+  Egress: "false"
+  CidrBlock: 0.0.0.0/0
+  PortRange:
+    From: "0"
+    To: "65535"
+
+OutBoundPrivateNetworkAclEntry:
+  RuleNumber: "100"
+  Protocol: "6"
+  RuleAction: allow
+  Egress: "true"
+  CidrBlock: 0.0.0.0/0
+  PortRange:
+    From: "0"
+    To: "65535"

data/examples/lib/templates/config/{resources.yml → public_network.yml}

@@ -1,8 +1,3 @@
-VPC:
-  Tags:
-    - Key: Network
-      Value: Public
-
 PublicSubnet:
   Tags:
     - Key: Network
@@ -16,12 +11,7 @@ InternetGateway:
 PublicRoute:
   DestinationCidrBlock: 0.0.0.0/0
 
-InboundHTTPPublicNetworkAclEntry:
-  RuleNumber: "100"
-  Protocol: "6"
-  RuleAction: allow
-  Egress: false
-  CidrBlock: 0.0.0.0/0
-  PortRange:
-    From: "80"
-    To: "80"
+PublicRouteTable:
+  Tags:
+    - Key: Network
+      Value: Public

data/examples/lib/templates/config/public_network_acl.yml

@@ -0,0 +1,54 @@
+PublicNetworkAcl:
+  Tags:
+    - Key: Network
+      Value: Public
+
+InboundHTTPPublicNetworkAclEntry:
+  RuleNumber: "100"
+  Protocol: "6"
+  RuleAction: allow
+  Egress: "false"
+  CidrBlock: 0.0.0.0/0
+  PortRange:
+    From: "80"
+    To: "80"
+
+InboundHTTPSPublicNetworkAclEntry:
+  RuleNumber: "101"
+  Protocol: "6"
+  RuleAction: allow
+  Egress: "false"
+  CidrBlock: 0.0.0.0/0
+  PortRange:
+    From: "443"
+    To: "443"
+
+InboundSSHPublicNetworkAclEntry:
+  RuleNumber: "102"
+  Protocol: "6"
+  RuleAction: allow
+  Egress: "false"
+  CidrBlock: 0.0.0.0/0
+  PortRange:
+    From: "22"
+    To: "22"
+
+InboundEmphemeralPublicNetworkAclEntry:
+  RuleNumber: "103"
+  Protocol: "6"
+  RuleAction: allow
+  Egress: "false"
+  CidrBlock: 0.0.0.0/0
+  PortRange:
+    From: "1024"
+    To: "65535"
+
+OutboundPublicNetworkAclEntry:
+  RuleNumber: "100"
+  Protocol: "6"
+  RuleAction: allow
+  Egress: "true"
+  CidrBlock: 0.0.0.0/0
+  PortRange:
+    From: "0"
+    To: "65535"

data/examples/lib/templates/config/{mappings.yml → stack.yml}

@@ -1,20 +1,21 @@
-AWSNATAMI:
-  us-east-1:
-    AMI: ami-c6699baf
-  us-west-2:
-    AMI: ami-52ff7262
-  us-west-1:
-    AMI: ami-3bcc9e7e
-  eu-west-1:
-    AMI: ami-0b5b6c7f
-  ap-southeast-1:
-    AMI: ami-02eb9350
-  ap-southeast-2:
-    AMI: ami-ab990e91
-  ap-northeast-1:
-    AMI: ami-14d86d15
-  sa-east-1:
-    AMI: ami-0439e619
+NATInstanceType:
+  Default: m1.small
+  Description: NAT Device EC2 instance type
+  ConstraintDescription: must be a valid EC2 instance type.
+  AllowedValues:
+    - t1.micro
+    - m1.small
+    - m1.medium
+    - m1.large
+    - m1.xlarge
+    - m2.xlarge
+    - m2.2xlarge
+    - m2.4xlarge
+    - c1.medium
+    - c1.xlarge
+    - cc1.4xlarge
+    - cc2.8xlarge
+    - cg1.4xlarge
 
 AWSInstanceType2Arch:
   t1.micro:
@@ -51,3 +52,9 @@ SubnetConfig:
     CIDR: 10.0.0.0/24
   Private:
     CIDR: 10.0.1.0/24
+
+VPC:
+  Tags:
+    - Key: Network
+      Value: Public
+

data/examples/lib/templates/opsworks_vpc/load_balancer.rb

@@ -0,0 +1,36 @@
+module OpsworksVpc
+  class LoadBalancer
+    attr_reader :vpc, :public_subnet
+
+    def initialize(vpc, public_subnet)
+      @vpc = vpc
+      @public_subnet = public_subnet
+    end
+
+    def resources
+      [
+        security_group,
+        elb
+      ]
+    end
+
+    def security_group
+      @security_group ||= Chemtrail::Resource.new("LoadBalancerSecurityGroup", "AWS::EC2::SecurityGroup", resources_config["LoadBalancerSecurityGroup"]).tap do |config|
+        config.properties["VpcId"] = vpc
+      end
+    end
+
+    def elb
+      @elb ||= Chemtrail::Resource.new("ElasticLoadBalancer", "AWS::ElasticLoadBalancing::LoadBalancer", resources_config["ElasticLoadBalancer"]).tap do |config|
+        config.properties["Subnets"] = [public_subnet]
+        config.properties["SecurityGroups"] = [security_group]
+      end
+    end
+
+    protected
+
+    def resources_config
+      @resources_config ||= YAML.load_file(File.expand_path("../../config/load_balancer.yml", __FILE__))
+    end
+  end
+end

data/examples/lib/templates/opsworks_vpc/nat_device.rb

@@ -0,0 +1,58 @@
+module OpsworksVpc
+  class NatDevice
+    attr_reader :vpc, :public_subnet, :opsworks_security_group, :nat_instance_type
+
+    def initialize(vpc, public_subnet, opsworks_security_group, nat_instance_type)
+      @vpc = vpc
+      @public_subnet = public_subnet
+      @opsworks_security_group = opsworks_security_group
+      @nat_instance_type = nat_instance_type
+    end
+
+    def mappings
+      [nat_ami]
+    end
+
+    def resources
+      [security_group, device, ip]
+    end
+
+    def nat_ami
+      @nat_ami ||= Chemtrail::Mapping.new("AWSNATAMI", nat_device_config["AWSNATAMI"])
+    end
+
+    def device
+      @device ||= Chemtrail::Resource.new("NATDevice", "AWS::EC2::Instance", nat_device_config["NATDevice"]).tap do |config|
+        config.properties["InstanceType"] = nat_instance_type
+        config.properties["SubnetId"] = public_subnet
+        config.properties["ImageId"] = nat_ami.find(region, "AMI")
+        config.properties["SecurityGroupIds"] = [security_group]
+      end
+    end
+
+    def ip
+      @ip ||= Chemtrail::Resource.new("NATIPAddress", "AWS::EC2::EIP", nat_device_config["NATIPAddress"]).tap do |config|
+        config.properties["VpcId"] = vpc
+      end
+    end
+
+    def security_group
+      @security_group ||= Chemtrail::Resource.new("NATSecurityGroup", "AWS::EC2::SecurityGroup", nat_device_config["NATSecurityGroup"]).tap do |config|
+        config.properties["VpcId"] = vpc
+        config.properties["SecurityGroupIngress"].each do |group|
+          group["SourceSecurityGroupId"] = opsworks_security_group
+        end
+      end
+    end
+
+    protected
+
+    def region
+      @region ||= Chemtrail::Intrinsic.new("AWS::Region")
+    end
+
+    def nat_device_config
+      @nat_device_config ||= YAML.load_file(File.expand_path("../../config/nat_device.yml", __FILE__))
+    end
+  end
+end

data/examples/lib/templates/opsworks_vpc/opsworks.rb

@@ -0,0 +1,27 @@
+module OpsworksVpc
+  class Opsworks
+    attr_reader :vpc, :elb_security_group
+
+    def initialize(vpc, elb_security_group)
+      @vpc = vpc
+      @elb_security_group = elb_security_group
+    end
+
+    def resources
+      [security_group]
+    end
+
+    def security_group
+      @security_group ||= Chemtrail::Resource.new("OpsWorksSecurityGroup", "AWS::EC2::SecurityGroup", resources_config["OpsWorksSecurityGroup"]).tap do |config|
+        config.properties["VpcId"] = vpc
+        config.properties["SecurityGroupIngress"].first["SourceSecurityGroupId"] = elb_security_group
+      end
+    end
+
+    protected
+
+    def resources_config
+      @resources_config ||= YAML.load_file(File.expand_path("../../config/opsworks.yml", __FILE__))
+    end
+  end
+end

data/examples/lib/templates/opsworks_vpc/private_network.rb

@@ -0,0 +1,89 @@
+module OpsworksVpc
+  class PrivateNetwork
+    attr_reader :vpc, :subnet_config, :nat_device
+
+    def initialize(vpc, subnet_config, nat_device)
+      @vpc = vpc
+      @subnet_config = subnet_config
+      @nat_device = nat_device
+    end
+
+    def resources
+      [
+        subnet,
+        route_table,
+        route,
+        subnet_route_table_association,
+        network_acl,
+        network_acl_association,
+        inbound_entry,
+        outbound_entry
+      ]
+    end
+
+    def subnet
+      @subnet ||= Chemtrail::Resource.new("PrivateSubnet", "AWS::EC2::Subnet", resources_config["PrivateSubnet"]).tap do |config|
+        config.properties["VpcId"] = vpc
+        config.properties["CidrBlock"] = subnet_config.find("Private", "CIDR")
+        config.properties["Tags"] << stack_name.as_tag("Application")
+      end
+    end
+
+    def route_table
+      @route_table ||= Chemtrail::Resource.new("PrivateRouteTable", "AWS::EC2::RouteTable", resources_config["PrivateRouteTable"]).tap do |config|
+        config.properties["VpcId"] = vpc
+        config.properties["Tags"] << stack_name.as_tag("Application")
+      end
+    end
+
+    def route
+      @route ||= Chemtrail::Resource.new("PrivateRoute", "AWS::EC2::Route", resources_config["PrivateRoute"]).tap do |config|
+        config.properties["RouteTableId"] = route_table
+        config.properties["InstanceId"] = nat_device
+      end
+    end
+
+    def subnet_route_table_association
+      @subnet_route_table_association ||= Chemtrail::Resource.new("PrivateSubnetRouteTableAssociation", "AWS::EC2::SubnetRouteTableAssociation", resources_config["PrivateSubnetRouteTableAssociation"]).tap do |config|
+        config.properties["RouteTableId"] = route_table
+        config.properties["SubnetId"] = subnet
+      end
+    end
+
+    def network_acl
+      @network_acl ||= Chemtrail::Resource.new("PrivateNetworkAcl", "AWS::EC2::NetworkAcl", resources_config["PrivateNetworkAcl"]).tap do |config|
+        config.properties["VpcId"] = vpc
+        config.properties["Tags"] << stack_name.as_tag("Application")
+      end
+    end
+
+    def network_acl_association
+      @network_acl_association ||= Chemtrail::Resource.new("PrivateSubnetNetworkAclAssociation", "AWS::EC2::SubnetNetworkAclAssociation", resources_config["PrivateSubnetNetworkAclAssociation"]).tap do |config|
+        config.properties["SubnetId"] = subnet
+        config.properties["NetworkAclId"] = network_acl
+      end
+    end
+
+    def inbound_entry
+      @inbound_entry ||= Chemtrail::Resource.new("InboundPrivateNetworkAclEntry", "AWS::EC2::NetworkAclEntry", resources_config["InboundPrivateNetworkAclEntry"]).tap do |config|
+        config.properties["NetworkAclId"] = network_acl
+      end
+    end
+
+    def outbound_entry
+      @outbound_entry ||= Chemtrail::Resource.new("OutBoundPrivateNetworkAclEntry", "AWS::EC2::NetworkAclEntry", resources_config["OutBoundPrivateNetworkAclEntry"]).tap do |config|
+        config.properties["NetworkAclId"] = network_acl
+      end
+    end
+
+    protected
+
+    def stack_name
+      @stack_name ||= Chemtrail::Intrinsic.new("AWS::StackName")
+    end
+
+    def resources_config
+      @resources_config ||= YAML.load_file(File.expand_path("../../config/private_network.yml", __FILE__))
+    end
+  end
+end