formatron 0.1.0

data/lib/formatron/cloud_formation/resources/iam.rb

@@ -0,0 +1,94 @@
+require_relative '../template'
+
+class Formatron
+  module CloudFormation
+    module Resources
+      # Generates CloudFormation template IAM resources
+      module IAM
+        # rubocop:disable Metrics/MethodLength
+        def self.role
+          {
+            Type: 'AWS::IAM::Role',
+            Properties: {
+              AssumeRolePolicyDocument: {
+                Version: '2012-10-17',
+                Statement: [{
+                  Effect: 'Allow',
+                  Principal: { Service: ['ec2.amazonaws.com'] },
+                  Action: ['sts:AssumeRole']
+                }]
+              },
+              Path: '/'
+            }
+          }
+        end
+        # rubocop:enable Metrics/MethodLength
+
+        def self.instance_profile(role:)
+          {
+            Type: 'AWS::IAM::InstanceProfile',
+            Properties: {
+              Path: '/',
+              Roles: [Template.ref(role)]
+            }
+          }
+        end
+
+        # rubocop:disable Metrics/MethodLength
+        def self.policy(role:, name:, statements:)
+          {
+            Type: 'AWS::IAM::Policy',
+            Properties: {
+              Roles: [Template.ref(role)],
+              PolicyName: name,
+              PolicyDocument: {
+                Version: '2012-10-17',
+                Statement: statements.collect do |statement|
+                  {
+                    Effect: 'Allow',
+                    Action: statement[:actions],
+                    Resource: statement[:resources]
+                  }
+                end
+              }
+            }
+          }
+        end
+        # rubocop:enable Metrics/MethodLength
+
+        # rubocop:disable Metrics/MethodLength
+        def self.user(policy_name:, statements:)
+          {
+            Type: 'AWS::IAM::User',
+            Properties: {
+              Path: '/',
+              Policies: [{
+                PolicyName: policy_name,
+                PolicyDocument: {
+                  Version: '2012-10-17',
+                  Statement: statements.collect do |statement|
+                    {
+                      Effect: 'Allow',
+                      Action: statement[:actions],
+                      Resource: statement[:resources]
+                    }
+                  end
+                }
+              }]
+            }
+          }
+        end
+        # rubocop:enable Metrics/MethodLength
+
+        def self.access_key(user_name:)
+          {
+            Type: 'AWS::IAM::AccessKey',
+            Properties: {
+              UserName: user_name
+            }
+          }
+        end
+      end
+    end
+  end
+end

data/lib/formatron/cloud_formation/resources/route53.rb

@@ -0,0 +1,54 @@
+require_relative '../template'
+
+class Formatron
+  module CloudFormation
+    module Resources
+      # Generates CloudFormation template Route53 resources
+      module Route53
+        # rubocop:disable Metrics/MethodLength
+        def self.hosted_zone(name:, vpc:)
+          {
+            Type: 'AWS::Route53::HostedZone',
+            Properties: {
+              HostedZoneConfig: {
+                Comment: Template.join(
+                  'Private Hosted Zone for CloudFormation Stack: ',
+                  Template.ref('AWS::StackName')
+                )
+              },
+              Name: name,
+              VPCs: [{
+                VPCId: Template.ref(vpc),
+                VPCRegion: Template.ref('AWS::Region')
+              }]
+            }
+          }
+        end
+        # rubocop:enable Metrics/MethodLength
+
+        # rubocop:disable Metrics/MethodLength
+        def self.record_set(
+          hosted_zone_id:,
+          sub_domain:,
+          hosted_zone_name:,
+          instance:,
+          attribute:
+        )
+          {
+            Type: 'AWS::Route53::RecordSet',
+            Properties: {
+              HostedZoneId: hosted_zone_id,
+              Name: "#{sub_domain}.#{hosted_zone_name}",
+              ResourceRecords: [
+                Template.get_attribute(instance, attribute)
+              ],
+              TTL: '900',
+              Type: 'A'
+            }
+          }
+        end
+        # rubocop:enable Metrics/MethodLength
+      end
+    end
+  end
+end

data/lib/formatron/cloud_formation/scripts.rb

@@ -0,0 +1,128 @@
+class Formatron
+  module CloudFormation
+    # Generates scripts for setting up instances with CloudFormation init
+    module Scripts
+      def self.hostname(sub_domain:, hosted_zone_name:)
+        # rubocop:disable Metrics/LineLength
+        <<-EOH.gsub(/^ {10}/, '')
+          #/bin/bash -v
+          set -e
+          SHORTNAME=#{sub_domain}
+          PUBLIC_DNS=${SHORTNAME}.#{hosted_zone_name}
+          PRIVATE_IPV4=`(curl http://169.254.169.254/latest/meta-data/local-ipv4)`
+          hostname $SHORTNAME
+          echo $PUBLIC_DNS | tee /etc/hostname
+          echo "$PRIVATE_IPV4 $PUBLIC_DNS $SHORTNAME" >> /etc/hosts
+        EOH
+        # rubocop:enable Metrics/LineLength
+      end
+
+      # rubocop:disable Metrics/MethodLength
+      def self.nat(cidr:)
+        # rubocop:disable Metrics/LineLength
+        <<-EOH.gsub(/^ {10}/, '')
+          #/bin/bash -v
+          set -e
+          if ! grep --quiet '^net.ipv4.ip_forward=1$' /etc/sysctl.conf; then
+            sed -i '/^#net.ipv4.ip_forward=1$/c\\net.ipv4.ip_forward=1' /etc/sysctl.conf
+            sysctl -p /etc/sysctl.conf
+          fi
+          iptables -t nat -A POSTROUTING -o eth0 -s #{cidr} -j MASQUERADE
+          iptables-save > /etc/iptables.rules
+          cat << EOF > /etc/network/if-pre-up.d/iptablesload
+          #!/bin/sh
+          iptables-restore < /etc/iptables.rules
+          exit 0
+          EOF
+          chmod +x /etc/network/if-pre-up.d/iptablesload
+        EOH
+        # rubocop:enable Metrics/LineLength
+      end
+      # rubocop:enable Metrics/MethodLength
+
+      # rubocop:disable Metrics/MethodLength
+      # rubocop:disable Metrics/ParameterLists
+      def self.chef_server(
+        username:,
+        first_name:,
+        last_name:,
+        email:,
+        password:,
+        organization_short_name:,
+        organization_full_name:,
+        bucket:,
+        user_pem_key:,
+        organization_pem_key:,
+        kms_key:,
+        chef_server_version:,
+        ssl_cert_key:,
+        ssl_key_key:,
+        cookbooks_bucket:
+      )
+        # rubocop:disable Metrics/LineLength
+        <<-EOH.gsub(/^ {10}/, '')
+          #!/bin/bash -v
+
+          set -e
+
+          export HOME=/root
+
+          source /tmp/formatron/script-variables
+
+          apt-get -y update
+          apt-get -y install wget ntp cron git libfreetype6 libpng3 python-pip
+          pip install awscli
+
+          mkdir -p $HOME/.aws
+          cat << EOF > $HOME/.aws/config
+          [default]
+          s3 =
+              signature_version = s3v4
+          region = ${REGION}
+          EOF
+
+          mkdir -p /etc/opscode
+          cat << EOF > /etc/opscode/chef-server.rb
+          bookshelf['enable'] = false
+          bookshelf['external_url'] = 'https://s3-${REGION}.amazonaws.com'
+          bookshelf['vip'] = 's3-${REGION}.amazonaws.com'
+          bookshelf['access_key_id'] = '${ACCESS_KEY_ID}'
+          bookshelf['secret_access_key'] = '${SECRET_ACCESS_KEY}'
+          opscode_erchef['s3_bucket'] = '#{cookbooks_bucket}'
+          nginx['ssl_certificate'] = '/etc/nginx/ssl/chef.crt'
+          nginx['ssl_certificate_key'] = '/etc/nginx/ssl/chef.key'
+          EOF
+
+          mkdir -p /etc/nginx/ssl
+          aws s3api get-object --bucket #{bucket} --key #{ssl_cert_key} /etc/nginx/ssl/chef.crt
+          aws s3api get-object --bucket #{bucket} --key #{ssl_key_key} /etc/nginx/ssl/chef.key
+
+          wget -O /tmp/chef-server-core.deb https://web-dl.packagecloud.io/chef/stable/packages/ubuntu/trusty/chef-server-core_#{chef_server_version}_amd64.deb
+          dpkg -i /tmp/chef-server-core.deb
+
+          chef-server-ctl reconfigure >> /var/log/chef-install.log
+          chef-server-ctl user-create #{username} #{first_name} #{last_name} #{email} #{password} --filename $HOME/user.pem >> /var/log/chef-install.log
+          chef-server-ctl org-create #{organization_short_name} "#{organization_full_name}" --association_user #{username} --filename $HOME/organization.pem >> /var/log/chef-install.log
+
+          chef-server-ctl install opscode-manage >> /var/log/chef-install.log
+          chef-server-ctl reconfigure >> /var/log/chef-install.log
+          opscode-manage-ctl reconfigure >> /var/log/chef-install.log
+
+          chef-server-ctl install opscode-push-jobs-server >> /var/log/chef-install.log
+          chef-server-ctl reconfigure >> /var/log/chef-install.log
+          opscode-push-jobs-server-ctl reconfigure >> /var/log/chef-install.log
+
+          chef-server-ctl install opscode-reporting >> /var/log/chef-install.log
+          chef-server-ctl reconfigure >> /var/log/chef-install.log
+          opscode-reporting-ctl reconfigure >> /var/log/chef-install.log
+
+          aws s3api put-object --bucket #{bucket} --key #{user_pem_key} --body $HOME/user.pem --ssekms-key-id #{kms_key} --server-side-encryption aws:kms
+          aws s3api put-object --bucket #{bucket} --key #{organization_pem_key} --body $HOME/organization.pem --ssekms-key-id #{kms_key} --server-side-encryption aws:kms
+        EOH
+        # rubocop:enable Metrics/LineLength
+      end
+      # rubocop:enable Metrics/ParameterLists
+      # rubocop:enable Metrics/MethodLength
+    end
+  end
+end

data/lib/formatron/cloud_formation/template.rb

@@ -0,0 +1,114 @@
+require_relative 'template/vpc'
+require_relative 'template/parameters'
+require 'formatron/aws'
+
+class Formatron
+  module CloudFormation
+    # generates a CloudFormation template
+    class Template
+      REGION_MAP = 'regionMap'
+
+      # rubocop:disable Metrics/MethodLength
+      # rubocop:disable Metrics/ParameterLists
+      def initialize(
+        formatron:,
+        external:,
+        hosted_zone_name:,
+        key_pair:,
+        kms_key:,
+        hosted_zone_id:,
+        target:
+      )
+        @formatron = formatron
+        @external = external
+        @external_formatron = external.formatron
+        @external_outputs = external.outputs
+        @hosted_zone_name = hosted_zone_name
+        @key_pair = key_pair
+        @kms_key = kms_key
+        @hosted_zone_id = hosted_zone_id
+        @bucket = formatron.bucket
+        @name = formatron.name
+        @target = target
+      end
+      # rubocop:enable Metrics/ParameterLists
+      # rubocop:enable Metrics/MethodLength
+
+      # rubocop:disable Metrics/MethodLength
+      def hash
+        resources = {}
+        outputs = {}
+        parameters = {}
+        @formatron.vpc.each do |key, vpc|
+          template_vpc = VPC.new(
+            vpc: vpc,
+            external: @external_formatron.vpc[key],
+            hosted_zone_name: @hosted_zone_name,
+            key_pair: @key_pair,
+            kms_key: @kms_key,
+            hosted_zone_id: @hosted_zone_id,
+            bucket: @bucket,
+            name: @name,
+            target: @target
+          )
+          template_vpc.merge resources: resources, outputs: outputs
+        end
+        template_parameters = Parameters.new keys: @external_outputs.hash.keys
+        template_parameters.merge parameters: parameters
+        {
+          AWSTemplateFormatVersion: '2010-09-09',
+          Description: "Formatron stack: #{@formatron.name}",
+          Mappings: {
+            REGION_MAP => AWS::REGIONS
+          },
+          Parameters: parameters,
+          Resources: resources,
+          Outputs: outputs
+        }
+      end
+      # rubocop:enable Metrics/MethodLength
+
+      def self.ref(logical_id)
+        {
+          Ref: logical_id
+        }
+      end
+
+      def self.join(*items)
+        {
+          'Fn::Join' => [
+            '', items
+          ]
+        }
+      end
+
+      def self.find_in_map(map, key, property)
+        {
+          'Fn::FindInMap' => [
+            map,
+            key,
+            property
+          ]
+        }
+      end
+
+      def self.base_64(value)
+        {
+          'Fn::Base64' => value
+        }
+      end
+
+      def self.get_attribute(resource, attribute)
+        {
+          'Fn::GetAtt' => [resource, attribute]
+        }
+      end
+
+      def self.output(value)
+        {
+          Value: value
+        }
+      end
+    end
+  end
+end

data/lib/formatron/cloud_formation/template/parameters.rb

@@ -0,0 +1,20 @@
+class Formatron
+  module CloudFormation
+    class Template
+      # generates CloudFormation parameter declarations
+      class Parameters
+        def initialize(keys:)
+          @keys = keys
+        end
+
+        def merge(parameters:)
+          @keys.each do |key|
+            parameters[key] = {
+              Type: 'String'
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/formatron/cloud_formation/template/vpc.rb

@@ -0,0 +1,181 @@
+require_relative 'vpc/subnet'
+require 'formatron/cloud_formation/resources/ec2'
+require 'formatron/cloud_formation/resources/route53'
+require 'formatron/util/vpc'
+
+class Formatron
+  module CloudFormation
+    class Template
+      # generates CloudFormation VPC resources
+      # rubocop:disable Metrics/ClassLength
+      class VPC
+        VPC_PREFIX = 'vpc'
+        INTERNET_GATEWAY_PREFIX = 'internetGateway'
+        VPC_GATEWAY_ATTACHMENT_PREFIX = 'vpcGatewayAttachment'
+        ROUTE_TABLE_PREFIX = 'routeTable'
+        ROUTE_PREFIX = 'route'
+        HOSTED_ZONE_PREFIX = 'hostedZone'
+
+        # rubocop:disable Metrics/MethodLength
+        # rubocop:disable Metrics/ParameterLists
+        def initialize(
+          vpc:,
+          external:,
+          hosted_zone_name:,
+          key_pair:,
+          kms_key:,
+          hosted_zone_id:,
+          bucket:,
+          name:,
+          target:
+        )
+          @vpc = vpc
+          @external = external
+          @hosted_zone_name = hosted_zone_name
+          @key_pair = key_pair
+          @kms_key = kms_key
+          @hosted_zone_id = hosted_zone_id
+          @bucket = bucket
+          @name = name
+          @target = target
+        end
+        # rubocop:enable Metrics/ParameterLists
+        # rubocop:enable Metrics/MethodLength
+
+        def merge(resources:, outputs:)
+          @guid = @vpc.guid
+          if @guid.nil?
+            @guid = @external.guid
+            _merge_external resources: resources, outputs: outputs
+          else
+            _merge_local resources: resources, outputs: outputs
+          end
+        end
+
+        # rubocop:disable Metrics/MethodLength
+        def _merge_local(resources:, outputs:)
+          @cidr = @vpc.cidr
+          @logical_id = "#{VPC_PREFIX}#{@guid}"
+          @internet_gateway_id = "#{INTERNET_GATEWAY_PREFIX}#{@guid}"
+          @vpc_gateway_attachment_id =
+            "#{VPC_GATEWAY_ATTACHMENT_PREFIX}#{@guid}"
+          @route_table_id =
+            "#{ROUTE_TABLE_PREFIX}#{@guid}"
+          @route_id =
+            "#{ROUTE_PREFIX}#{@guid}"
+          @private_hosted_zone_id =
+            "#{HOSTED_ZONE_PREFIX}#{@guid}"
+          @vpc.subnet.each do |_, subnet|
+            template_subnet = Subnet.new(
+              subnet: subnet,
+              external: nil,
+              vpc_guid: @guid,
+              vpc_cidr: @cidr,
+              key_pair: @key_pair,
+              hosted_zone_name: @hosted_zone_name,
+              kms_key: @kms_key,
+              nats: Util::VPC.instances(:nat, @vpc),
+              private_hosted_zone_id: @private_hosted_zone_id,
+              public_hosted_zone_id: @hosted_zone_id,
+              bucket: @bucket,
+              name: @name,
+              target: @target
+            )
+            template_subnet.merge resources: resources, outputs: outputs
+          end
+          _add_vpc resources, outputs
+          _add_internet_gateway resources
+          _add_vpc_gateway_attachment resources
+          _add_route_table resources
+          _add_route resources
+          _add_private_hosted_zone resources, outputs
+        end
+        # rubocop:enable Metrics/MethodLength
+
+        # rubocop:disable Metrics/MethodLength
+        def _merge_external(resources:, outputs:)
+          @cidr = @external.cidr
+          @private_hosted_zone_id =
+            "#{HOSTED_ZONE_PREFIX}#{@guid}"
+          @vpc.subnet.each do |key, subnet|
+            template_subnet = Subnet.new(
+              subnet: subnet,
+              external: @external.subnet[key],
+              vpc_guid: @guid,
+              vpc_cidr: @cidr,
+              key_pair: @key_pair,
+              hosted_zone_name: @hosted_zone_name,
+              kms_key: @kms_key,
+              nats: Util::VPC.instances(:nat, @external, @vpc),
+              private_hosted_zone_id: @private_hosted_zone_id,
+              public_hosted_zone_id: @hosted_zone_id,
+              bucket: @bucket,
+              name: @name,
+              target: @target
+            )
+            template_subnet.merge resources: resources, outputs: outputs
+          end
+        end
+        # rubocop:enable Metrics/MethodLength
+
+        def _add_vpc(resources, outputs)
+          resources[@logical_id] = Resources::EC2.vpc cidr: @cidr
+          outputs[@logical_id] = Template.output Template.ref(@logical_id)
+        end
+
+        def _add_internet_gateway(resources)
+          resources[@internet_gateway_id] = Resources::EC2.internet_gateway
+        end
+
+        def _add_vpc_gateway_attachment(resources)
+          resources[
+            @vpc_gateway_attachment_id
+          ] = Resources::EC2.vpc_gateway_attachment(
+            vpc: @logical_id,
+            gateway: @internet_gateway_id
+          )
+        end
+
+        def _add_route_table(resources)
+          resources[
+            @route_table_id
+          ] = Resources::EC2.route_table(
+            vpc: @logical_id
+          )
+        end
+
+        def _add_route(resources)
+          resources[
+            @route_id
+          ] = Resources::EC2.route(
+            vpc_gateway_attachment: @vpc_gateway_attachment_id,
+            internet_gateway: @internet_gateway_id,
+            route_table: @route_table_id
+          )
+        end
+
+        def _add_private_hosted_zone(resources, outputs)
+          resources[@private_hosted_zone_id] = Resources::Route53.hosted_zone(
+            name: @hosted_zone_name,
+            vpc: @logical_id
+          )
+          outputs[@private_hosted_zone_id] = Template.output(
+            Template.ref(@private_hosted_zone_id)
+          )
+        end
+
+        private(
+          :_merge_local,
+          :_merge_external,
+          :_add_vpc,
+          :_add_internet_gateway,
+          :_add_vpc_gateway_attachment,
+          :_add_route_table,
+          :_add_route,
+          :_add_private_hosted_zone
+        )
+      end
+      # rubocop:enable Metrics/ClassLength
+    end
+  end
+end