ecs_deployer 0.1.10 → 0.1.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +45 -3
- data/ecs_deployer.gemspec +1 -0
- data/example/sample.rb +2 -2
- data/lib/ecs_deployer.rb +1 -0
- data/lib/ecs_deployer/cli.rb +49 -3
- data/lib/ecs_deployer/client.rb +42 -18
- data/lib/ecs_deployer/version.rb +1 -1
- metadata +16 -3
- data/example/fixtures/task.yml +0 -20
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f39f6fb29ced22c5963b3de48db83c401289d556
|
|
4
|
+
data.tar.gz: 6088d0a59625590d39742ab54898427ca51150a7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 33720d4303bc71e4b47ab5ee364513a323a3c847399e19ef3a6a734724a0d9bb43f193723e64b76516b81087e32a5c1f67524f7a92a853c2f82500abaf896371
|
|
7
|
+
data.tar.gz: adcea48cfb981cc8743105667bb48cdfb285e763ba84c40290d402c8aeb6283d296c0e86b14d69f41e57d7d9b53724c781bf0a3e163ef28828da75f91b5bcf62
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# EcsDeployer
|
|
2
2
|
|
|
3
|
-
This package provides
|
|
3
|
+
This package provides service deployment function of ECS.
|
|
4
4
|
|
|
5
5
|
## Installation
|
|
6
6
|
|
|
@@ -22,7 +22,6 @@ Or install it yourself as:
|
|
|
22
22
|
|
|
23
23
|
Write task definition in YAML format.
|
|
24
24
|
For available parameters see [Task Definition Parameters](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html).
|
|
25
|
-
The sample file is in `example/fixtures/task.yml`.
|
|
26
25
|
|
|
27
26
|
```
|
|
28
27
|
container_definitions:
|
|
@@ -47,10 +46,53 @@ container_definitions:
|
|
|
47
46
|
family: hello_world
|
|
48
47
|
```
|
|
49
48
|
|
|
50
|
-
|
|
49
|
+
### Encrypt of environment variables
|
|
50
|
+
|
|
51
|
+
`environment` parameter supports KMS encrypted values.
|
|
52
|
+
Encrypted values must be enclosed in `${XXX}`.
|
|
53
|
+
|
|
54
|
+
```
|
|
55
|
+
- environment:
|
|
56
|
+
- name: MYSQL_ROOT_PASSWORD
|
|
57
|
+
value: ${fiSAIfIFxd...}
|
|
58
|
+
```
|
|
59
|
+
|
|
60
|
+
Values are decrypted when task is created.
|
|
61
|
+
|
|
62
|
+
## Usage (API)
|
|
63
|
+
|
|
64
|
+
This sample file is in `example/fixtures/task.yml`.
|
|
51
65
|
|
|
52
66
|
```
|
|
53
67
|
ecs_deployer = EcsDeployer::Client.new
|
|
54
68
|
ecs_deployer.register_task('development.yml')
|
|
55
69
|
ecs_deployer.update_service('cluster', 'development')
|
|
56
70
|
```
|
|
71
|
+
|
|
72
|
+
## Usage (CLI)
|
|
73
|
+
|
|
74
|
+
### Register a new task
|
|
75
|
+
|
|
76
|
+
```
|
|
77
|
+
$ bundle exec ecs_deployer task-register --path=example/fixtures/task.yml
|
|
78
|
+
```
|
|
79
|
+
|
|
80
|
+
### Encrypt environment value
|
|
81
|
+
|
|
82
|
+
```
|
|
83
|
+
$ bundle exec ecs_deployer encrypt --master-key=master --value='test'
|
|
84
|
+
Encrypted value: ${xxx}
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
### Decrypt encironment value
|
|
88
|
+
|
|
89
|
+
```
|
|
90
|
+
$ bundle exec ecs_deployer decrypt --value='${xxx}'
|
|
91
|
+
Decrypted value: xxx
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
### Update a service
|
|
95
|
+
|
|
96
|
+
```
|
|
97
|
+
$ bundle exec ecs_deployer update-service --cluster=xxx --service=xxx --wait --timeout=600
|
|
98
|
+
```
|
data/ecs_deployer.gemspec
CHANGED
|
@@ -34,6 +34,7 @@ Gem::Specification.new do |spec|
|
|
|
34
34
|
spec.add_dependency "thor"
|
|
35
35
|
spec.add_dependency "aws-sdk"
|
|
36
36
|
spec.add_dependency "aws_config"
|
|
37
|
+
spec.add_dependency "json_spec"
|
|
37
38
|
spec.add_development_dependency "bundler", "~> 1.14"
|
|
38
39
|
spec.add_development_dependency "rake", "~> 10.0"
|
|
39
40
|
spec.add_development_dependency "rspec", "~> 3.0"
|
data/example/sample.rb
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
require 'bundler/setup'
|
|
2
2
|
require 'ecs_deployer'
|
|
3
3
|
|
|
4
|
-
|
|
4
|
+
path = File.expand_path('../spec/fixtures/task.yml', File.dirname(File.realpath(__FILE__)))
|
|
5
5
|
|
|
6
6
|
deployer = EcsDeployer::Client.new
|
|
7
|
-
deployer.register_task(
|
|
7
|
+
deployer.register_task(path)
|
|
8
8
|
#deployer.update_service('sandbox', 'production')
|
data/lib/ecs_deployer.rb
CHANGED
|
@@ -7,6 +7,7 @@ module EcsDeployer
|
|
|
7
7
|
class ServiceNotFoundError < EcsDeployer::Error; end
|
|
8
8
|
class TaskNotFoundError < EcsDeployer::Error; end
|
|
9
9
|
class TaskDefinitionValidateError < EcsDeployer::Error; end
|
|
10
|
+
class KmsEncryptError < EcsDeployer::Error; end
|
|
10
11
|
class KmsDecryptError < EcsDeployer::Error; end
|
|
11
12
|
class DeployTimeoutError < EcsDeployer::Error; end
|
|
12
13
|
end
|
data/lib/ecs_deployer/cli.rb
CHANGED
|
@@ -2,9 +2,55 @@ require 'thor'
|
|
|
2
2
|
|
|
3
3
|
module EcsDeployer
|
|
4
4
|
class CLI < Thor
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
5
|
+
class_option :profile, type: :string
|
|
6
|
+
class_option :region, type: :string
|
|
7
|
+
|
|
8
|
+
def initialize(*args)
|
|
9
|
+
super
|
|
10
|
+
|
|
11
|
+
aws_options = {}
|
|
12
|
+
aws_options[:profile] = options[:profile] if options[:profile]
|
|
13
|
+
aws_options[:region] = options[:region] if options[:region]
|
|
14
|
+
|
|
15
|
+
@deployer = EcsDeployer::Client.new(aws_options)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
desc 'task_register', 'Create new task definition'
|
|
19
|
+
option :path, required: true
|
|
20
|
+
def task_register
|
|
21
|
+
path = File.expand_path(options[:path], Dir.pwd)
|
|
22
|
+
result = @deployer.register_task(path)
|
|
23
|
+
|
|
24
|
+
puts "Registered task: #{result}"
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
desc 'update_service', 'Update service difinition.'
|
|
28
|
+
option :cluster, required: true
|
|
29
|
+
option :service, required: true
|
|
30
|
+
option :wait, type: :boolean, default: true
|
|
31
|
+
option :timeout, type: :numeric, default: EcsDeployer::Client::DEPLOY_TIMEOUT
|
|
32
|
+
def update_service
|
|
33
|
+
result = @deployer.update_service(
|
|
34
|
+
options[:cluster],
|
|
35
|
+
options[:service],
|
|
36
|
+
options[:wait],
|
|
37
|
+
options[:timeout]
|
|
38
|
+
)
|
|
39
|
+
|
|
40
|
+
puts "Update service: #{result}"
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
desc 'encrypt', 'Encrypt value of argument with KMS.'
|
|
44
|
+
option :master_key, required: true
|
|
45
|
+
option :value, required: true
|
|
46
|
+
def encrypt
|
|
47
|
+
puts "Encrypted value: #{@deployer.encrypt(options[:master_key], options[:value])}"
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
desc 'encrypt', 'Decrypt value of argument with KMS.'
|
|
51
|
+
option :value, required: true
|
|
52
|
+
def decrypt
|
|
53
|
+
puts "Decrypted value: #{@deployer.decrypt(options[:value])}"
|
|
8
54
|
end
|
|
9
55
|
end
|
|
10
56
|
end
|
data/lib/ecs_deployer/client.rb
CHANGED
|
@@ -6,26 +6,52 @@ require 'runtime_command'
|
|
|
6
6
|
module EcsDeployer
|
|
7
7
|
class Client
|
|
8
8
|
PAULING_INTERVAL = 20
|
|
9
|
+
DEPLOY_TIMEOUT = 600
|
|
10
|
+
ENCRYPT_PATTERN = /^\${(.+)}$/
|
|
9
11
|
|
|
10
12
|
attr_reader :cli
|
|
11
13
|
|
|
12
|
-
# @param [Hash]
|
|
13
|
-
# @option
|
|
14
|
-
# @option
|
|
14
|
+
# @param [Hash] aws_options
|
|
15
|
+
# @option aws_options [String] :profile
|
|
16
|
+
# @option aws_options [String] :region
|
|
15
17
|
# @return [EcsDeployer::Client]
|
|
16
|
-
def initialize(
|
|
18
|
+
def initialize(aws_options = {})
|
|
17
19
|
@command = RuntimeCommand::Builder.new
|
|
18
|
-
@
|
|
19
|
-
@
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
20
|
+
@cli = Aws::ECS::Client.new(aws_options)
|
|
21
|
+
@kms = Aws::KMS::Client.new(aws_options)
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
# @param [String] mater_key
|
|
25
|
+
# @param [String] value
|
|
26
|
+
# @return [String]
|
|
27
|
+
def encrypt(master_key, value)
|
|
28
|
+
begin
|
|
29
|
+
encode = @kms.encrypt(key_id: "alias/#{master_key}", plaintext: value)
|
|
30
|
+
"${#{Base64.strict_encode64(encode.ciphertext_blob)}}"
|
|
31
|
+
rescue => e
|
|
32
|
+
raise KmsEncryptError.new(e.to_s)
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
# @param [String] value
|
|
37
|
+
# @return [String]
|
|
38
|
+
def decrypt(value)
|
|
39
|
+
if match = value.match(ENCRYPT_PATTERN)
|
|
40
|
+
begin
|
|
41
|
+
@kms.decrypt(ciphertext_blob: Base64.strict_decode64(match[1])).plaintext
|
|
42
|
+
rescue => e
|
|
43
|
+
raise KmsDecryptError.new(e.to_s)
|
|
44
|
+
end
|
|
45
|
+
else
|
|
46
|
+
raise KmsDecryptError.new('Encrypted string is invalid.')
|
|
47
|
+
end
|
|
23
48
|
end
|
|
24
49
|
|
|
25
50
|
# @param [String] path
|
|
26
51
|
# @return [String]
|
|
27
52
|
def register_task(path)
|
|
28
53
|
raise IOError.new("File does not exist. [#{path}]") if !File.exist?(path)
|
|
54
|
+
|
|
29
55
|
register_task_hash(YAML.load(File.read(path)))
|
|
30
56
|
end
|
|
31
57
|
|
|
@@ -76,15 +102,17 @@ module EcsDeployer
|
|
|
76
102
|
# @param [String] cluster
|
|
77
103
|
# @param [String] service
|
|
78
104
|
# @param [Fixnum] timeout
|
|
79
|
-
|
|
80
|
-
|
|
105
|
+
# @return [String]
|
|
106
|
+
def update_service(cluster, service, wait = true, timeout = DEPLOY_TIMEOUT)
|
|
107
|
+
register_clone_task(cluster, service) if @new_task_definition_arn.nil?
|
|
81
108
|
|
|
82
|
-
@cli.update_service({
|
|
109
|
+
result = @cli.update_service({
|
|
83
110
|
cluster: cluster,
|
|
84
111
|
service: service,
|
|
85
112
|
task_definition: @family + ':' + @revision.to_s
|
|
86
113
|
})
|
|
87
114
|
wait_for_deploy(cluster, service, timeout) if wait
|
|
115
|
+
result.service.service_arn
|
|
88
116
|
end
|
|
89
117
|
|
|
90
118
|
private
|
|
@@ -95,12 +123,8 @@ module EcsDeployer
|
|
|
95
123
|
next unless container_definition.has_key?(:environment)
|
|
96
124
|
|
|
97
125
|
container_definition[:environment].each do |environment|
|
|
98
|
-
if match = environment[:value].match(
|
|
99
|
-
|
|
100
|
-
environment[:value] = @kms.decrypt(ciphertext_blob: Base64.strict_decode64(match[1])).plaintext
|
|
101
|
-
rescue => e
|
|
102
|
-
raise KmsDecryptError.new(e.to_s)
|
|
103
|
-
end
|
|
126
|
+
if match = environment[:value].match(ENCRYPT_PATTERN)
|
|
127
|
+
environment[:value] = decrypt(match[0])
|
|
104
128
|
end
|
|
105
129
|
end
|
|
106
130
|
end
|
data/lib/ecs_deployer/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ecs_deployer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- naomichi-y
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-03-
|
|
11
|
+
date: 2017-03-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: runtime_command
|
|
@@ -80,6 +80,20 @@ dependencies:
|
|
|
80
80
|
- - ">="
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
82
|
version: '0'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: json_spec
|
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - ">="
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '0'
|
|
90
|
+
type: :runtime
|
|
91
|
+
prerelease: false
|
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
+
requirements:
|
|
94
|
+
- - ">="
|
|
95
|
+
- !ruby/object:Gem::Version
|
|
96
|
+
version: '0'
|
|
83
97
|
- !ruby/object:Gem::Dependency
|
|
84
98
|
name: bundler
|
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -139,7 +153,6 @@ files:
|
|
|
139
153
|
- bin/console
|
|
140
154
|
- bin/setup
|
|
141
155
|
- ecs_deployer.gemspec
|
|
142
|
-
- example/fixtures/task.yml
|
|
143
156
|
- example/sample.rb
|
|
144
157
|
- exe/ecs_deployer
|
|
145
158
|
- lib/ecs_deployer.rb
|
data/example/fixtures/task.yml
DELETED
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
container_definitions:
|
|
2
|
-
- name: wordpress
|
|
3
|
-
links:
|
|
4
|
-
- mysql
|
|
5
|
-
image: wordpress
|
|
6
|
-
essential: true
|
|
7
|
-
port_mappings:
|
|
8
|
-
- container_port: 80
|
|
9
|
-
host_port: 80
|
|
10
|
-
memory: 500
|
|
11
|
-
cpu: 10
|
|
12
|
-
- environment:
|
|
13
|
-
- name: MYSQL_ROOT_PASSWORD
|
|
14
|
-
value: password
|
|
15
|
-
name: mysql
|
|
16
|
-
image: mysql
|
|
17
|
-
cpu: 10
|
|
18
|
-
memory: 500
|
|
19
|
-
essential: true
|
|
20
|
-
family: hello_world
|