formatron 0.1.0

data/lib/formatron/aws.rb

@@ -0,0 +1,197 @@
+require 'aws-sdk'
+
+class Formatron
+  # shared AWS clients
+  # rubocop:disable Metrics/ClassLength
+  class AWS
+    attr_reader :region
+
+    REGIONS = {
+      'us-east-1' => {
+        ami: 'ami-ff02509a'
+      },
+      'us-west-2' => {
+        ami: 'ami-8ee605bd'
+      },
+      'us-west-1' => {
+        ami: 'ami-198a495d'
+      },
+      'eu-west-1' => {
+        ami: 'ami-37360a40'
+      },
+      'eu-central-1' => {
+        ami: 'ami-46272b5b'
+      },
+      'ap-southeast-1' => {
+        ami: 'ami-42170410'
+      },
+      'ap-southeast-2' => {
+        ami: 'ami-6d6c2657'
+      },
+      'ap-northeast-1' => {
+        ami: 'ami-402e4c40'
+      },
+      'sa-east-1' => {
+        ami: 'ami-1f4bda02'
+      }
+    }
+
+    CAPABILITIES = %w(CAPABILITY_IAM)
+
+    STACK_READY_STATES = %w(
+      CREATE_COMPLETE
+      UPDATE_COMPLETE
+      UPDATE_ROLLBACK_COMPLETE
+      ROLLBACK_COMPLETE
+    )
+
+    def initialize(credentials:)
+      @credentials = JSON.parse(File.read(credentials))
+      @region = @credentials['region']
+      _create_aws_credentials
+      _create_s3_client
+      _create_cloudformation_client
+      _create_route53_client
+    end
+
+    def upload_file(kms_key:, bucket:, key:, content:)
+      @s3_client.put_object(
+        bucket: bucket,
+        key: key,
+        body: content,
+        server_side_encryption: 'aws:kms',
+        ssekms_key_id: kms_key
+      )
+    end
+
+    def delete_file(bucket:, key:)
+      @s3_client.delete_object(
+        bucket: bucket,
+        key: key
+      )
+    end
+
+    def download_file(bucket:, key:, path:)
+      @s3_client.get_object(
+        bucket: bucket,
+        key: key,
+        response_target: path
+      )
+    end
+
+    def get_file(bucket:, key:)
+      @s3_client.get_object(
+        bucket: bucket,
+        key: key
+      ).body.read
+    end
+
+    # rubocop:disable Metrics/MethodLength
+    def deploy_stack(stack_name:, template_url:, parameters:)
+      aws_parameters = parameters.map do |key, value|
+        {
+          parameter_key: key,
+          parameter_value: value,
+          use_previous_value: false
+        }
+      end
+      @cloudformation_client.create_stack(
+        stack_name: stack_name,
+        template_url: template_url,
+        capabilities: CAPABILITIES,
+        on_failure: 'DO_NOTHING',
+        parameters: aws_parameters
+      )
+    rescue Aws::CloudFormation::Errors::AlreadyExistsException
+      _update_stack(
+        stack_name: stack_name,
+        template_url: template_url,
+        parameters: aws_parameters
+      )
+    end
+    # rubocop:enable Metrics/MethodLength
+
+    def hosted_zone_name(hosted_zone_id)
+      @route53_client.get_hosted_zone(
+        id: hosted_zone_id
+      ).hosted_zone.name.chomp '.'
+    end
+
+    def _update_stack(stack_name:, template_url:, parameters:)
+      @cloudformation_client.update_stack(
+        stack_name: stack_name,
+        template_url: template_url,
+        capabilities: CAPABILITIES,
+        parameters: parameters
+      )
+    rescue Aws::CloudFormation::Errors::ValidationError => error
+      raise error unless error.message.eql?(
+        'No updates are to be performed.'
+      )
+    end
+
+    def delete_stack(stack_name:)
+      @cloudformation_client.delete_stack(
+        stack_name: stack_name
+      )
+    end
+
+    def stack_outputs(stack_name:)
+      description = @cloudformation_client.describe_stacks(
+        stack_name: stack_name
+      ).stacks[0]
+      status = description.stack_status
+      fail "CloudFormation stack, #{stack_name}, " \
+           "is not ready: #{status}" unless STACK_READY_STATES.include? status
+      description.outputs.each_with_object({}) do |output, outputs|
+        outputs[output.output_key] = output.output_value
+      end
+    end
+
+    def stack_ready!(stack_name:)
+      status = @cloudformation_client.describe_stacks(
+        stack_name: stack_name
+      ).stacks[0].stack_status
+      fail "CloudFormation stack, #{stack_name}, " \
+           "is not ready: #{status}" unless STACK_READY_STATES.include? status
+    end
+
+    def _create_aws_credentials
+      @aws_credentials = Aws::Credentials.new(
+        @credentials['access_key_id'],
+        @credentials['secret_access_key']
+      )
+    end
+
+    def _create_s3_client
+      @s3_client = ::Aws::S3::Client.new(
+        region: @region,
+        signature_version: 'v4',
+        credentials: @aws_credentials
+      )
+    end
+
+    def _create_cloudformation_client
+      @cloudformation_client = ::Aws::CloudFormation::Client.new(
+        region: @region,
+        credentials: @aws_credentials
+      )
+    end
+
+    def _create_route53_client
+      @route53_client = ::Aws::Route53::Client.new(
+        region: @region,
+        credentials: @aws_credentials
+      )
+    end
+
+    private(
+      :_create_aws_credentials,
+      :_create_s3_client,
+      :_create_cloudformation_client,
+      :_create_route53_client,
+      :_update_stack
+    )
+  end
+  # rubocop:enable Metrics/ClassLength
+end

data/lib/formatron/chef.rb

@@ -0,0 +1,156 @@
+require 'formatron/cloud_formation'
+require 'formatron/logger'
+require_relative 'chef/keys'
+require_relative 'chef/berkshelf'
+require_relative 'chef/knife'
+
+class Formatron
+  # manage the instance provisioning with Chef
+  # rubocop:disable Metrics/ClassLength
+  class Chef
+    # rubocop:disable Metrics/MethodLength
+    # rubocop:disable Metrics/ParameterLists
+    def initialize(
+      aws:,
+      bucket:,
+      name:,
+      target:,
+      ec2_key:,
+      username:,
+      organization:,
+      ssl_verify:,
+      chef_sub_domain:,
+      bastions:,
+      hosted_zone_name:,
+      server_stack:,
+      guid:,
+      configuration:,
+      databag_secret:
+    )
+      @aws = aws
+      @name = name
+      @target = target
+      @chef_sub_domain = chef_sub_domain
+      @hosted_zone_name = hosted_zone_name
+      @organization = organization
+      @server_stack = server_stack
+      @bastions = bastions
+      chef_server_url = _chef_server_url
+      @keys = Keys.new(
+        aws: @aws,
+        bucket: bucket,
+        name: server_stack,
+        target: @target,
+        guid: guid,
+        ec2_key: ec2_key
+      )
+      @knife = Knife.new(
+        keys: @keys,
+        chef_server_url: chef_server_url,
+        username: username,
+        organization: organization,
+        ssl_verify: ssl_verify,
+        name: @name,
+        databag_secret: databag_secret,
+        configuration: configuration
+      )
+      @berkshelf = Berkshelf.new(
+        keys: @keys,
+        chef_server_url: chef_server_url,
+        username: username,
+        ssl_verify: ssl_verify
+      )
+    end
+    # rubocop:enable Metrics/ParameterLists
+    # rubocop:enable Metrics/MethodLength
+
+    def init
+      CloudFormation.stack_ready!(
+        aws: @aws,
+        name: @server_stack,
+        target: @target
+      )
+      @keys.init
+      @knife.init
+      @berkshelf.init
+    end
+
+    def deploy_databag
+      Formatron::LOG.info do
+        "Deploying data bag to chef server: #{@chef_sub_domain}"
+      end
+      @knife.deploy_databag
+    end
+
+    def delete_databag
+      Formatron::LOG.info do
+        "Deleting data bag from chef server: #{@chef_sub_domain}"
+      end
+      @knife.delete_databag
+    end
+
+    # rubocop:disable Metrics/MethodLength
+    def provision(
+      sub_domain:,
+      cookbook:,
+      bastion:
+    )
+      Formatron::LOG.info do
+        "Provision #{sub_domain} with Chef cookbook: #{cookbook}"
+      end
+      bastion ||= @bastions.keys[0]
+      bastion_hostname = _hostname(
+        sub_domain: @bastions[bastion]
+      )
+      CloudFormation.stack_ready!(
+        aws: @aws,
+        name: @name,
+        target: @target
+      )
+      cookbook_name = File.basename cookbook
+      hostname = _hostname(
+        sub_domain: sub_domain
+      )
+      @knife.create_environment environment: sub_domain
+      @berkshelf.upload environment: sub_domain, cookbook: cookbook
+      @knife.bootstrap(
+        bastion_hostname: bastion_hostname,
+        environment: sub_domain,
+        cookbook: cookbook_name,
+        hostname: hostname
+      )
+    end
+    # rubocop:enable Metrics/ParameterLists
+    # rubocop:enable Metrics/MethodLength
+
+    def destroy(sub_domain:)
+      Formatron::LOG.info do
+        "Delete Chef configuration for node: #{sub_domain}"
+      end
+      @knife.delete_node node: sub_domain
+      @knife.delete_client client: sub_domain
+      @knife.delete_environment environment: sub_domain
+    end
+
+    def unlink
+      @keys.unlink
+      @knife.unlink
+      @berkshelf.unlink
+    end
+
+    def _chef_server_url
+      "https://#{@chef_sub_domain}.#{@hosted_zone_name}" \
+      "/organizations/#{@organization}"
+    end
+
+    def _hostname(sub_domain:)
+      "#{sub_domain}.#{@hosted_zone_name}"
+    end
+
+    private(
+      :_chef_server_url,
+      :_hostname
+    )
+  end
+  # rubocop:enable Metrics/ClassLength
+end

data/lib/formatron/chef/berkshelf.rb

@@ -0,0 +1,55 @@
+require 'formatron/util/shell'
+require 'English'
+
+class Formatron
+  class Chef
+    # Wrapper for the berkshelf cli
+    class Berkshelf
+      CONFIG_FILE_CONTENTS = <<-EOH.gsub(/^ {8}/, '')
+        {
+          "chef": {
+            "chef_server_url": "%{server_url}",
+            "node_name": "%{user}",
+            "client_key": "%{key_file}"
+          },
+          "ssl": {
+            "verify": %{ssl_verify}
+          }
+        }
+      EOH
+
+      def initialize(keys:, chef_server_url:, username:, ssl_verify:)
+        @keys = keys
+        @chef_server_url = chef_server_url
+        @username = username
+        @ssl_verify = ssl_verify
+      end
+
+      def init
+        @config_file = Tempfile.new 'formatron-berkshelf-'
+        @config_file.write CONFIG_FILE_CONTENTS % {
+          server_url: @chef_server_url,
+          user: @username,
+          key_file: @keys.user_key,
+          ssl_verify: @ssl_verify
+        }
+        @config_file.close
+      end
+
+      def upload(cookbook:, environment:)
+        # rubocop:disable Metrics/LineLength
+        command = "berks install -b #{File.join(cookbook, 'Berksfile')}"
+        fail "failed to download cookbooks for opscode environment: #{environment}" unless Util::Shell.exec command
+        command = "berks upload -c #{@config_file.path} -b #{File.join(cookbook, 'Berksfile')}"
+        fail "failed to upload cookbooks for opscode environment: #{environment}" unless Util::Shell.exec command
+        command = "berks apply #{environment} -c #{@config_file.path} -b #{File.join(cookbook, 'Berksfile.lock')}"
+        fail "failed to apply cookbooks to opscode environment: #{environment}" unless Util::Shell.exec command
+        # rubocop:enable Metrics/LineLength
+      end
+
+      def unlink
+        @config_file.unlink unless @config_file.nil?
+      end
+    end
+  end
+end

data/lib/formatron/chef/keys.rb

@@ -0,0 +1,48 @@
+require 'formatron/s3/chef_server_keys'
+
+class Formatron
+  class Chef
+    # Download the Chef Server keys
+    class Keys
+      # rubocop:disable Metrics/ParameterLists
+      def initialize(aws:, bucket:, name:, target:, guid:, ec2_key:)
+        @aws = aws
+        @bucket = bucket
+        @name = name
+        @target = target
+        @guid = guid
+        @ec2_key = ec2_key
+      end
+      # rubocop:enable Metrics/ParameterLists
+
+      def init
+        @directory = Dir.mktmpdir 'formatron-chef-server-keys-'
+        S3::ChefServerKeys.get(
+          aws: @aws,
+          bucket: @bucket,
+          name: @name,
+          target: @target,
+          guid: @guid,
+          directory: @directory
+        )
+        File.write ec2_key, @ec2_key
+      end
+
+      def user_key
+        S3::ChefServerKeys.user_pem_path directory: @directory
+      end
+
+      def organization_key
+        S3::ChefServerKeys.organization_pem_path directory: @directory
+      end
+
+      def ec2_key
+        File.join @directory, 'ec2_key'
+      end
+
+      def unlink
+        FileUtils.rm_rf @directory unless @directory.nil?
+      end
+    end
+  end
+end