hashicorptools 0.0.3

data/lib/hashicorptools/host.rb

@@ -0,0 +1,114 @@
+module Hashicorptools
+  class Host < Thor
+    
+    desc 'hosts', 'list running instances'
+    option :environment, required: false
+    option :role, required: false
+    option :name, required: false
+    def hosts
+      ec2 = Aws::EC2::Client.new(region: 'us-east-1')
+
+      resp = ec2.describe_instances(filters: filters) 
+      resp.reservations.each do |reservation|
+        reservation.instances.each do |instance|
+          name = instance.tags.find{|t| t.key == 'Name'}.value
+          puts "#{name} #{instance.public_dns_name}"
+        end
+      end
+    end
+
+    desc 'ssh', 'ssh to the first matching instance'
+    option :environment, required: false
+    option :role, required: false
+    option :name, required: false
+    def ssh(role = '')
+      ec2 = Aws::EC2::Client.new(region: 'us-east-1')
+
+      resp = ec2.describe_instances(filters: filters(role))
+      if resp.reservations.any?
+        instance = resp.reservations.first.instances.first
+        dns = if instance.public_dns_name.present?
+          instance.public_dns_name
+        else
+          instance.private_dns_name
+        end
+
+        exec "ssh #{ssh_user_fragment}#{dns}"
+      else
+        puts "no instances with #{role} role found"
+      end
+    end
+
+    desc 'console', 'run the agra rails console'
+    option :environment, required: false
+    def console
+      ec2 = Aws::EC2::Client.new(region: 'us-east-1')
+
+      bastion_dns = dns_from_reservations(ec2.describe_instances(filters: filters('console', 'maintenance')))
+      agra_console_dns = dns_from_reservations(ec2.describe_instances(filters: filters('console', 'agra')))
+
+
+      if bastion_dns &&  agra_console_dns
+        exec "ssh -t #{ssh_user_fragment}#{bastion_dns} 'ssh -t #{ssh_user_fragment}#{agra_console_dns}'"
+      else
+        puts "no instances found"
+      end
+    end
+
+    private
+
+    def dns_from_reservations(resp)
+      if resp.reservations.any?
+        instance = resp.reservations.first.instances.first
+        if instance.public_dns_name.present?
+          instance.public_dns_name
+        else
+          instance.private_dns_name
+        end
+      end
+    end
+
+
+    def application_environment
+      if options[:environment].present?
+        options[:environment]
+      elsif ENV['CHANGESPROUT_APP_ENVIRONMENT'].present?
+        ENV['CHANGESPROUT_APP_ENVIRONMENT']
+      else
+        'staging'
+      end
+    end
+
+    def ssh_user_fragment
+      ENV['AWS_SSH_USERNAME'].present? ? "#{ENV['AWS_SSH_USERNAME']}@" : ''
+    end
+
+    def filters(role = '', kind='')
+      filters = []
+
+      filters << {name: 'instance-state-name', values: ['running']}
+
+      if application_environment.present?
+        filters << {name: 'tag:environment', values: [ application_environment ]}
+      end
+
+      if options[:name].present?
+        filters << {name: 'tag:Name', values: [ options[:name] ]}
+      end
+
+      if role.blank?
+        role = options[:role].present?
+      end
+
+      if role.present?
+        filters << {name: 'tag:role', values: [ role ]}
+      end
+
+      if kind.present?
+        filters << {name: 'tag:kind', values: [ kind ]}
+      end
+
+      filters
+    end
+  end
+end

data/lib/hashicorptools/packer.rb

@@ -0,0 +1,129 @@
+module Hashicorptools
+  NUMBER_OF_AMIS_TO_KEEP = 2
+
+  class Packer < Thor
+    include Ec2Utilities
+    include Variables
+
+    desc "build", "creates an AMI from the current config"
+    option :debug, :required => false
+    def build
+      _build
+    end
+
+    desc "validate", "validates the packer config"
+    def validate
+      system "packer validate #{ami_config_path}"
+    end
+
+    desc "console", "interactive session"
+    def console
+      require 'byebug'
+      byebug
+    end
+
+    desc "list", "list all available telize amis"
+    def list
+      amis.each do |ami|
+        puts ami.image_id
+      end
+    end
+
+    desc "clean", "clean old AMIs that are no longer needed"
+    def clean
+      clean_amis
+    end
+
+    desc "boot", "start up an instance of the latest version of AMI" 
+    def boot
+      run_instances_resp = ec2.run_instances(image_id: current_ami('base-image').image_id,
+        min_count: 1,
+        max_count: 1,
+        instance_type: "t2.micro")
+
+      ec2.create_tags( resources: run_instances_resp.instances.collect{|i| i.instance_id },
+          tags: [ {key: 'Name', value: "packer test boot #{tag_name}"}, {key: 'environment', value: 'packer-development'}, {key: 'temporary', value: 'kill me'}])
+
+      require 'byebug'
+      byebug
+    end
+
+    protected
+
+    def _build(settings_overrides={})
+      settings_overrides.merge!({source_ami: source_ami_id, ami_tag: tag_name, cookbook_name: cookbook_name})
+
+      if options[:debug]
+        puts "[DEBUG] Executing 'packer build -debug #{variables(settings_overrides)} #{ami_config_path}'"
+        system "packer build -debug \
+          #{variables(settings_overrides)} \
+          #{ami_config_path}"
+      else
+        system "packer build \
+          #{variables(settings_overrides)} \
+          #{ami_config_path}"
+      end
+
+      clean_amis
+    end
+
+    def source_ami_id
+      current_ami('base-image').image_id
+    end
+
+    def tag_name
+      raise 'implement me'
+    end
+
+    def cookbook_name
+      raise 'implement me'
+    end
+
+    def ami_config_path
+      datadir_path = Gem.datadir('hashicorptools')
+      File.join(datadir_path, 'standard-ami.json')
+    end
+
+    def auto_scaling
+      @auto_scaling ||= Aws::AutoScaling::Client.new(region: 'us-east-1')
+    end
+
+    def ec2_v2
+      @ec2 ||= Aws::EC2::Client.new(region: 'us-east-1')
+    end
+
+    def amis_in_use
+      launch_configs = auto_scaling.describe_launch_configurations
+      image_ids = launch_configs.data['launch_configurations'].collect{|lc| lc.image_id}.flatten
+
+      ec2_reservations = ec2_v2.describe_instances
+      image_ids << ec2_reservations.reservations.collect{|res| res.instances.collect{|r| r.image_id}}.flatten
+      image_ids.flatten
+    end
+
+    def clean_amis
+      ami_ids = amis.collect{|a| a.image_id}
+      ami_ids_to_remove = ami_ids - amis_in_use
+      potential_amis_to_remove = amis
+      potential_amis_to_remove.keep_if {|a| ami_ids_to_remove.include?(a.image_id) }
+
+      if potential_amis_to_remove.size > NUMBER_OF_AMIS_TO_KEEP
+        amis_to_remove = potential_amis_to_remove[NUMBER_OF_AMIS_TO_KEEP..-1]
+        amis_to_keep = potential_amis_to_remove[0..(NUMBER_OF_AMIS_TO_KEEP-1)]
+
+        puts "Deregistering old AMIs..."
+        amis_to_remove.each do |ami|
+          puts "Deregistering #{ami.image_id}"
+          ami.deregister
+        end
+
+        puts "Currently active AMIs..."
+        amis_to_keep.each do |ami|
+          puts ami.image_id
+        end
+      else
+        puts "no AMIs to clean."
+      end
+    end
+  end
+end

data/lib/hashicorptools/terraform.rb

@@ -0,0 +1,283 @@
+module Hashicorptools
+  class Terraform < Thor
+    TERRAFORM_VERSION = '0.6.8'
+
+    include Ec2Utilities
+    include Variables
+
+    desc 'bootstrap', 'terraform a new infrastructure from scratch'
+    option :environment, :required => true
+    def bootstrap
+      apply
+    end
+
+    [:apply, :plan, :destroy, :pull, :refresh].each do |cmd|
+      desc cmd, "terraform #{cmd}"
+      option :environment, :required => true
+      option :debug, :required => false
+
+      define_method cmd do
+        send("_#{cmd}")
+      end
+
+      no_commands do
+        define_method "_#{cmd}" do |settings_overrides = {}|
+          enforce_version!
+          raise 'invalid environment' unless ['staging', 'production'].include?(options[:environment])
+
+          settings_overrides
+            .merge!({ app_environment: options[:environment] }
+            .merge(env_variable_keys)
+            .merge(settings)
+            .merge(shared_plan_variables))
+
+          decrypt_file(state_path)
+          decrypt_file(var_file_path)
+
+
+          begin
+            send("before_#{cmd}")
+
+            terraform_command = "terraform #{cmd} #{variables(settings_overrides)} -state #{state_path} #{var_file_param} #{config_directory}"
+
+            if (options[:debug])
+              puts "[DEBUG] running command: '#{terraform_command}"
+            end
+            if system terraform_command
+              send("after_#{cmd}")
+            end
+          rescue StandardError => e
+            puts e.message
+            puts e.backtrace
+          ensure
+            # need to always ensure the most recent tfstate is encrypted again.
+            encrypt_file(state_path)
+            delete_decrypted_var_file
+          end
+
+        end
+
+        define_method "before_#{cmd}" do
+          # no-op
+        end
+      end
+
+      no_commands do
+        define_method "after_#{cmd}" do
+          # no-op
+        end
+      end
+
+      desc cmd, "terraform #{cmd} for shared plan"
+      define_method "shared_#{cmd}" do
+        enforce_version!
+
+        decrypt_file(shared_state_path)
+
+        begin
+          system "terraform #{cmd} #{variables(env_variable_keys.merge(settings))} -state #{shared_state_path} #{shared_config_directory}"
+        rescue StandardError => e
+          puts e.message
+          puts e.backtrace
+        ensure
+          # need to always ensure the most recent tfstate is encrypted again.
+          encrypt_file(shared_state_path)
+        end
+      end
+    end
+
+    [:shared_apply, :shared_plan, :shared_destroy, :shared_pull, :shared_refresh].each do |cmd|
+
+    end
+
+    desc 'output', 'terraform output'
+    option :environment, :required => true
+    option :name, :required => true
+    def output
+      system output_cmd(state_path, options[:name])
+    end
+
+    desc 'taint', 'terraform taint'
+    option :environment, :required => true
+    option :name, :required => true
+    def taint
+      system "terraform taint -state #{state_path} #{options[:name]}"
+    end
+
+    desc 'show', 'terraform show'
+    option :environment, :required => true
+    def show
+      system "terraform show #{state_path}"
+    end
+
+    [ {commands: [:decrypt, :encrypt], file_path_method: :state_path, desc: 'upstream terraform changes'},
+      {commands: [:shared_decrypt, :shared_encrypt], file_path_method: :shared_state_path, desc: 'upstream shared terraform changes'},
+      {commands: [:var_file_decrypt, :var_file_encrypt], file_path_method: :var_file_path, desc: 'tfvars file'} ].each do |crypto_commands|
+
+        desc crypto_commands[:commands][0], "decrypt #{crypto_commands[:desc]}"
+        option :environment, :required => true
+        define_method crypto_commands[:commands][0] do
+          file_path = send(crypto_commands[:file_path_method])
+          decrypt_file(file_path)
+        end
+
+        desc crypto_commands[:commands][1], "encrypt #{crypto_commands[:desc]}"
+        option :environment, :required => true
+        define_method crypto_commands[:commands][1] do
+          file_path = send(crypto_commands[:file_path_method])
+          encrypt_file(file_path)
+        end
+    end
+
+    desc "console", "interactive session"
+    def console
+      require 'pry-byebug'
+      binding.pry
+    end
+
+    protected
+
+    def var_file_param
+      File.exist?(var_file_path) ?
+        "-var-file #{var_file_path}" :
+        ""
+    end
+
+    def delete_decrypted_var_file
+      return unless File.exist?(var_file_path)
+
+      enforce_cryptography_dependencies
+      if !File.exist?("#{var_file_path}.enc")
+        encrypt_file(var_file_path)
+      end
+
+      File.delete(var_file_path)
+    end
+
+    def encrypt_file(file_path)
+      enforce_cryptography_dependencies
+      if File.exist?(file_path)
+        system "openssl enc -aes-256-cbc -salt -in #{file_path} -out #{file_path}.enc -k #{ENV['TFSTATE_ENCRYPTION_PASSWORD']}"
+      end
+    end
+
+    def decrypt_file(file_path, enforce_file_existence=false)
+      enforce_cryptography_dependencies
+      if File.exist?("#{file_path}.enc")
+        system "openssl enc -aes-256-cbc -d -in #{file_path}.enc -out #{file_path} -k #{ENV['TFSTATE_ENCRYPTION_PASSWORD']}"
+      elsif enforce_file_existence
+        raise "Could not find #{file_path}.enc"
+      end
+    end
+
+    def state_path
+      "#{config_environment_path}/#{options[:environment]}.tfstate"
+    end
+
+    def shared_state_path
+      "#{shared_config_directory}/shared.tfstate"
+    end
+
+    def var_file_path
+      "#{config_environment_path}/variables.tfvars"
+    end
+
+    def config_directory
+      "config/infrastructure/#{infrastructure}"
+    end
+
+    def shared_config_directory
+      "config/infrastructure/#{infrastructure}/shared"
+    end
+
+    def config_environment_path
+      "#{config_directory}/environments/#{options[:environment]}"
+    end
+
+    def infrastructure
+      raise 'implement me'
+    end
+
+    def output_cmd(state_file_path, name=nil)
+      "terraform output -state=#{state_file_path} #{name}"
+    end
+
+    def output_variable(state_file_path, name)
+      `#{output_cmd(state_file_path, name)}`.chomp
+    end
+
+    def output_variables(state_file_path)
+      raw_plan_output = `#{output_cmd(state_file_path)}`
+      output_vars = {}
+      raw_plan_output.split("\n").each do |output_var|
+        key, value = output_var.split("=")
+        output_vars[key.strip] = value.strip
+      end
+
+      output_vars
+    end
+
+    def terraform_version
+      version_string = `terraform version`.chomp
+      version = /(\d+.\d+.\d+)/.match(version_string)
+      version[0]
+    end
+
+    def enforce_version!
+      if Gem::Version.new(terraform_version) < Gem::Version.new(TERRAFORM_VERSION)
+        raise "Terraform #{terraform_version} is out of date, please upgrade"
+      end
+    end
+
+    def enforce_cryptography_dependencies
+      raise "must supply TFSTATE_ENCRYPTION_PASSWORD environmental variable" if ENV['TFSTATE_ENCRYPTION_PASSWORD'].blank?
+    end
+
+    def settings
+      {} # override me to pass more variables into the terraform plan.
+    end
+
+    def asg_launch_config_name(asg_name)
+      asg_client = Aws::AutoScaling::Client.new(region: 'us-east-1')
+      group = asg_client.describe_auto_scaling_groups(auto_scaling_group_names: [asg_name]).auto_scaling_groups.first
+      group.try(:launch_configuration_name)
+    end
+
+    def env_variable_keys
+      {} # override me to pass environmental variables into the terraform plan
+    end
+
+    def shared_plan_variables
+      decrypt_file(shared_state_path, false)
+      if File.exist?(shared_state_path)
+        output_variables(shared_state_path)
+      else
+        {}
+      end
+    end
+
+    def fetch_terraform_modules
+      system "terraform get -update=true #{config_directory}"
+    end
+
+    def current_tfstate
+      return @current_tfstate if defined?(@current_tfstate)
+      raw_conf = File.read(state_path)
+      @current_tfstate = JSON.parse(raw_conf)
+    end
+
+    def read_config_file(path)
+      File.new('config/' + path).read
+      template = ERB.new File.new("config/#{path}").read, nil, "%"
+      template.result(OpenStruct.new(options).instance_eval { binding })
+    end
+
+    def dynect
+      @dynect ||= DynectRest.new("controlshiftlabs", ENV['DYNECT_USERNAME'], ENV['DYNECT_PASSWORD'], "controlshiftlabs.com")
+    end
+
+    def dns_record_exists?(parent_node_fqdn, record)
+      dynect.node_list(nil, parent_node_fqdn).include?(record.fqdn)
+    end
+  end
+end

data/lib/hashicorptools/update_launch_configuration.rb

@@ -0,0 +1,22 @@
+module Hashicorptools
+  class UpdateLaunchConfiguration < Thor
+    desc 'deploy ASG_NAME', 'recycle instances in the ASG with no downtime'
+    def deploy(asg_name)
+      asg = AutoScalingGroup.new(name: asg_name)
+      if asg.group.nil?
+        raise "could not find asg #{asg_name}"
+      end
+      current_count = asg.group.instances.size || 1
+
+      if asg.group.max_size < (current_count * 2)
+        raise "max size must be more than twice current count to deploy a new AMI"
+      else
+        # first doulbe the instance count to get new launch config live.
+        asg.set_desired_instances(current_count * 2)
+
+        # then bring the instance count back down again.
+        asg.set_desired_instances(current_count)
+      end
+    end
+  end
+end

data/lib/hashicorptools/variables.rb

@@ -0,0 +1,12 @@
+module Hashicorptools
+  module Variables
+    def aws_credentials_settings(settings_overrides = {})
+      {aws_access_key: ENV['AWS_ACCESS_KEY_ID'],
+       aws_secret_key: ENV['AWS_SECRET_ACCESS_KEY']}.merge(settings_overrides)
+    end
+
+    def variables(settings_overrides = {})
+      aws_credentials_settings(settings_overrides).collect{|key,value| "-var '#{key}=#{value}'" }.join(' ')
+    end
+  end
+end

data/lib/hashicorptools.rb

@@ -0,0 +1,19 @@
+require 'bundler/setup'
+require 'dotenv'
+require 'thor'
+require 'active_support/all'
+require 'aws-sdk-v1'
+require 'aws-sdk'
+require 'dynect_rest'
+
+module Hashicorptools
+end
+
+require_relative 'hashicorptools/variables'
+require_relative 'hashicorptools/ec2_utilities'
+require_relative 'hashicorptools/auto_scaling_group'
+require_relative 'hashicorptools/packer'
+require_relative 'hashicorptools/terraform'
+require_relative 'hashicorptools/host'
+require_relative 'hashicorptools/update_launch_configuration'
+require_relative 'hashicorptools/code_deploy'

data/spec/hashicorptools_spec.rb

@@ -0,0 +1,7 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "Hashicorptools" do
+  it "fails" do
+    fail "hey buddy, you should probably rename this file and start specing for real"
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,29 @@
+require 'simplecov'
+
+module SimpleCov::Configuration
+  def clean_filters
+    @filters = []
+  end
+end
+
+SimpleCov.configure do
+  clean_filters
+  load_adapter 'test_frameworks'
+end
+
+ENV["COVERAGE"] && SimpleCov.start do
+  add_filter "/.rvm/"
+end
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+
+require 'rspec'
+require 'hashicorptools'
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories.
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+
+RSpec.configure do |config|
+
+end