hawser 0.0.1 → 0.1.0

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    MzNhN2RlMTZiMDFhYzE2YjI5ZDdlMDRiZTg4NDdlN2FlY2E0NDdkNQ==
+  data.tar.gz: !binary |-
+    ZWExZDdlZTAyOTMzZGUxNTIwNTY0ZmMyNDliZjAzMmI2YmQ0ZmM3MA==
+!binary "U0hBNTEy":
+  metadata.gz: !binary |-
+    ZTc2YWJlYzllZGMxMjJjMmE1ZTcxZjg5YmI4MGY1ODljNmRkYTk0Y2Q3Yjkz
+    ZTFlOWVjZTJiMjZhMzE0MTVmNDhkMWJkODUwZWRmZjU3ODM2ODBjZjNmMDgz
+    MjJmYWFhMTFjZTcxNDQ4MWQ4YWJhNDRhMjJmNjk1MTBjZmM0Yjg=
+  data.tar.gz: !binary |-
+    NTNlNmUzOTg1YWY4MGNjNjk1MWRiNDBjZWRkY2E5OGFhNmMwODQ5MWRmY2Mw
+    NzI4ZjA0ZDkxMmIzZTMyZGY4OThkOTZiYTRjZDM3ZGIyMzdhNjg1MGE5ODhl
+    NGVhOTk2MmM1NmJkMGIyODYwMDBjZGVjOTUzOWIyMmYwMDJkZGY=

data/lib/hawser.rb

@@ -0,0 +1,4 @@
+require 'hawser/credentialing'
+require 'hawser/baking'
+require 'hawser/servers'
+require 'hawser/cluster'

data/lib/hawser/baking-command.rb

@@ -0,0 +1,85 @@
+require 'mattock'
+
+module Hawser
+  class BakingCommand < Mattock::Rake::RemoteCommandTask
+    setting :arch, "x86_64"
+    setting :ec2_version_pattern, "1.4.0.5 20071010"
+
+    setting :absolute_path, "/"
+
+    setting :region, "us-west-1"
+
+    dir(:ephemeral_dir, "mnt",
+        dir(:keyfile_dir, "keys",
+            path(:private_key, "pk.pem"),
+            path(:certificate_file, "cert.pem")))
+
+    runtime_setting :image_name
+    runtime_setting :prefix
+
+    runtime_setting :bucket
+    runtime_setting :access_key
+    runtime_setting :secret_key
+    runtime_setting :aws_account_id
+
+    runtime_setting :manifest_name
+    runtime_setting :manifest_path
+
+    def resolve_configuration
+      super
+
+      resolve_paths
+    end
+
+    def resolve_runtime_configuration
+      if field_unset?(:prefix)
+        self.prefix = image_name
+      end
+
+      if field_unset?(:manifest_name)
+        self.manifest_name = "#{prefix}.manifest.xml"
+      end
+
+      if field_unset?(:manifest_path)
+        self.manifest_path = File::join(ephemeral_dir.abspath, manifest_name)
+      end
+
+      super
+    end
+
+    def command
+      cmd("(ec2-bundle-vol --version | grep \"#{ec2_version_pattern}\")") &
+        (cmd("rm") {|rm|
+        rm.options = ["-f", File::join(ephemeral_dir.abspath, prefix || "no-such-file") ]
+      }) &
+        (cmd("ec2-bundle-vol") { |bundle|
+        bundle.options += ["-k", private_key.abspath ]
+        bundle.options += ["-c", certificate_file.abspath ]
+        bundle.options += ["--user", aws_account_id ]
+
+        bundle.options += ["--destination", ephemeral_dir.abspath ]
+        bundle.options += ["--prefix", prefix ]
+        bundle.options += ["--arch", arch ]
+        bundle.options += %w{-i /etc/ec2/amitools/cert-ec2.pem}
+        bundle.options += ["-i", '$(ls /etc/ssl/certs/*.pem | tr \\\\n ,)']
+        bundle.options += %w{--ec2cert /etc/ec2/amitools/cert-ec2.pem}
+        bundle.options += ["-e", keyfile_dir.abspath]
+      }) &
+        (cmd("ec2-upload-bundle") {|upload|
+        upload.options += ["-b", bucket ]
+        upload.options += ["-m", manifest_path]
+        upload.options += ["-a", access_key ]
+        upload.options += ["-s", secret_key ]
+        upload.options += ["--location", region ]
+        upload.options += ["--retry"]
+      }) &
+        (cmd("ec2-register") {|register|
+        register.options << "#{bucket}/#{manifest_name}"
+        register.options += ["-n", image_name]
+        register.options += ["--region", region]
+        register.options += ["--aws-access-key", access_key]
+        register.options += ["--aws-secret-key", secret_key]
+      })
+    end
+  end
+end

data/lib/hawser/baking.rb

@@ -0,0 +1,85 @@
+require 'mattock'
+require 'hawser/baking-command'
+
+module Hawser
+  class Baking < Mattock::Tasklib
+    include Caliph::CommandLineDSL
+
+    default_namespace :baking
+
+    setting :location, "us-west-1"
+
+    setting :arch, "x86_64"
+    setting :ec2_version_pattern, "1.4.0.5 20071010"
+
+    dir(:ephemeral_dir, "/mnt",
+        dir(:keyfile_dir, "keys",
+            path(:private_key, "pk.pem"),
+            path(:certificate_file, "cert.pem")))
+
+    path(:signing_cert, "cert.pem")
+    path(:signing_key, "key.pem")
+
+    setting(:image_name).isnt(:required)
+    setting(:bucket)
+
+    setting :access_key
+    setting :secret_key
+    setting :aws_account_id
+
+    setting(:remote_server, nested{
+      setting(:address).isnt(:required)
+      setting :port, 22
+      setting :user, nil
+    })
+
+    def resolve_configuration
+      ephemeral_dir.absolute_path = ephemeral_dir.relative_path
+
+      super
+      resolve_paths
+    end
+
+    def define
+      in_namespace do
+        Mattock::Rake::RemoteCommandTask.define_task(:create_dirs => :collect) do |task|
+          task.remote_server = proxy_value.remote_server
+          task.command = cmd("mkdir") do |mkdir|
+            mkdir.options << "-p" #ok
+            mkdir.options << keyfile_dir.abspath
+          end
+        end
+
+        Mattock::Rake::CommandTask.define_task(:copy_cert => [:collect, :create_dirs]) do |task|
+          task.runtime_definition do |task|
+            task.command = cmd("scp") do |scp|
+              scp.options << signing_cert.abspath
+              scp.options << "#{remote_server.address}:#{certificate_file.abspath}"
+            end
+          end
+        end
+
+        Mattock::Rake::CommandTask.define_task(:copy_key => [:collect, :create_dirs]) do |task|
+          task.runtime_definition do |task|
+            task.command = cmd("scp") do |scp|
+              scp.options << signing_key.abspath
+              scp.options << "#{remote_server.address}:#{private_key.abspath}"
+            end
+          end
+        end
+
+        task :collect, [:target, :name] do |task, args|
+          self.remote_server.address = args[:target]
+          self.image_name = args[:name]
+        end
+
+        BakingCommand.define_task(:bake, [:target, :name] => [:collect, :copy_cert, :copy_key]) do |task|
+          self.copy_settings_to(task)
+          proxied = self.proxy_settings
+          proxied.field_names = [:remote_server, :image_name, :bucket]
+          proxied.to(task)
+        end
+      end
+    end
+  end
+end

data/lib/hawser/cluster.rb

@@ -0,0 +1,63 @@
+require 'mattock'
+require 'hawser/credentialing'
+require 'hawser/baking'
+require 'hawser/servers'
+
+module Hawser
+  # Represents a cluster of servers on AWS
+  #
+  # @example in Rakefile
+  # Hawser::Cluster.new do |bollard|
+  #   bollard.name = "bollard"
+  #   bollard.user = "ahab"
+  # end
+  #
+  # @example at console
+  # > rake bollard:servers:list
+  # > rake bollard:bake[app1.bollard.com,app1-number1]
+  #
+  class Cluster < Mattock::Tasklib
+    setting :name
+    setting :user
+    setting :bucket
+
+    def resolve_configuration
+      @namespace ||= name.downcase
+      self.bucket ||= "#{name.downcase}-amis"
+      super
+    end
+
+    def define
+      in_namespace do
+        creds = Hawser::Credentialing.new do |creds|
+          copy_settings_to(creds)
+          creds.cluster_name = name
+        end
+
+        Hawser::Baking.new do |bake|
+          copy_settings_to(bake)
+          creds.copy_settings_to(bake)
+          creds.credentials.proxy_settings_to(bake)
+        end
+
+        Hawser::Servers.new do |servers|
+          copy_settings_to(servers)
+          servers.cluster_name = name
+          creds.copy_settings_to(servers)
+          creds.credentials.proxy_settings_to(servers)
+        end
+
+        namespace :baking do
+          task :bake => "credentials:establish"
+        end
+
+        namespace :servers do
+          task :list => "credentials:establish"
+        end
+
+        desc "Make an AMI copy of the running instance at :target. Name the AMI :name and store it in :bucket"
+        task :bake, [:target, :name] => "baking:bake"
+      end
+    end
+  end
+end

data/lib/hawser/credentialing.rb

@@ -0,0 +1,208 @@
+require 'mattock'
+require 'aws-sdk'
+
+module Hawser
+  class Credentialing < Mattock::TaskLib
+    default_namespace :credentials
+
+    setting :user
+    setting :cluster_name
+
+    setting :credentials, nested{
+      nil_fields :access_key, :secret_key, :certificate_id, :password, :aws_account_id
+      setting :mfa, true
+    }
+
+    setting :key_size, 4096
+
+    setting :cert, nested{
+      setting :lifetime, nested{
+        setting :years, 1
+        setting :days, 0
+        setting :hours, 0
+        setting :minutes, 0
+        setting :seconds, 0
+        setting :total_seconds
+    }
+    }
+
+    setting :iam, nil
+    setting :iam_user, nil
+
+    dir(:creds_root, "credentials",
+        dir(:cluster_dir,
+            dir(:user_dir,
+                path(:creds_csv, "creds.csv"),
+                path(:config_yaml, "config.yaml"),
+                path(:signing_cert, "cert.pem"),
+                path(:signing_key, "key.pem"))))
+
+    def resolve_configuration
+      cluster_dir.relative_path = cluster_name
+      user_dir.relative_path = user
+
+      cert.lifetime.total_seconds =
+        cert.lifetime.seconds + 60 * (
+          cert.lifetime.minutes + 60 * (
+            cert.lifetime.hours + 24 * (
+              cert.lifetime.days + 365 * cert.lifetime.years)))
+
+      super
+
+      resolve_paths
+    end
+
+    def signing_key_content
+      require 'openssl'
+      if key_size <= 1024
+        raise "Refusing to create an insecure RSA key"
+      end
+
+      #XXX Consider using a passphrase here - although #managment for baking
+      #etc...
+      key = OpenSSL::PKey::RSA.generate(key_size)
+
+      key.to_pem
+    end
+
+    def signing_cert_content(key_string)
+      require 'openssl'
+
+      key = OpenSSL::PKey.read(key_string)
+
+      cert = OpenSSL::X509::Certificate.new
+      cert.version = 2
+      cert.serial = 2
+      cert.public_key = key.public_key
+      cert.not_before = Time.now
+      cert.not_after = cert.not_before + self.cert.lifetime.total_seconds
+
+      File.open(task.name, "w") do |pem_file|
+        pem_file.write(cert.to_pem)
+      end
+    end
+
+    def load_from_yaml(string)
+      require 'yaml'
+      config = YAML::load(string)
+
+      credentials.aws_account_id = config["aws_account_id"] if config.has_key? "aws_account_id"
+      credentials.access_key = config["access_key"] if config.has_key? "access_key"
+      credentials.secret_key = config["secret_key"] if config.has_key? "secret_key"
+      credentials.password = config["password"] if config.has_key? "password"
+      credentials.certificate_id = config["certificate_id"] if config.has_key? "certificate_id"
+      credentials.mfa = config["mfa"] if config.has_key? "mfa"
+    end
+
+    def load_from_csv(string)
+      require 'csv'
+
+      rows = CSV.new(string).to_a
+
+      rows.shift #headers
+      row = rows.find do |name, key, secret|
+        name =~ /^#{user}$/i
+      end
+      if row.nil?
+        fail "Couldn't find Access credentials line for #{user.inspect} in #{rows.map{|name, _,_| name}.inspect}"
+      end
+
+      _, key, secret = *row
+
+      credentials.access_key = key
+      credentials.secret_key = secret
+    end
+
+    def find_cert_id(cert_body)
+      remote_cert = iam_user.signing_certificates.find do |certificate|
+        certificate.contents == cert_body
+      end
+
+      unless remote_cert.nil?
+        credentials.certificate_id = remote_cert.id
+      end
+    end
+
+    def define
+      in_namespace do
+        directory user_dir.abspath
+
+        file signing_cert.abspath => signing_key.abspath do |task|
+          key = File::read(signing_key.abspath)
+          File.write(task.name, signing_cert_content(key))
+        end
+
+        file signing_key.abspath do |task|
+          File.write(task.name, signing_key_content)
+        end
+
+        task :load do
+          if File::exists?(config_yaml.abspath)
+            load_from_yaml(File::read(config_yaml.abspath))
+          end
+        end
+
+        task :store do
+          require 'yaml'
+
+          File::open(config_yaml.abspath, "w") do |config|
+            config.write YAML.dump(Hash[credentials.to_hash.map do |key,value|
+              [key.to_s, value]
+            end])
+          end
+        end
+
+        task :iam => "get:access" do
+          self.iam = AWS::IAM.new(:access_key_id => credentials.access_key, :secret_access_key => credentials.secret_key)
+        end
+
+        task :iam_user => :iam do
+          self.iam_user = iam.users[user]
+        end
+
+        namespace :get do
+          task :access => :load do
+            if credentials.access_key.nil? or not credentials.secret_key.nil?
+              load_from_csv(File.read(creds_csv.abspath))
+            end
+          end
+
+          task :aws_account_id => :iam do
+            credentials.aws_account_id = iam.users.first.arn.split(":")[4]
+          end
+
+          task :certificate_id => [:iam_user, signing_cert.abspath] do
+            if credentials.certificate_id.nil?
+              find_cert_id(File::read(signing_cert.abspath))
+            end
+          end
+        end
+        task :get => %w{get:access get:certificate_id get:aws_account_id}
+
+        namespace :set do
+          task :password => :iam_user do
+            unless credentials.password.nil?
+              iam_user.login_policy.password = credentials.password
+            end
+          end
+
+          task :certificate => [:iam_user, signing_cert.abspath, "get:certificate_id"] do
+            if !credentials.certificate_id.nil?
+              begin
+                iam_user.signing_certificates[credentials.certificate_id].contents
+                next
+              rescue AWS::Core::Resource::NotFound
+              end
+            end
+
+            cert = iam_user.signing_certificates.upload(File::read(signing_cert.abspath))
+            credentials.certificate_id = cert.id
+          end
+        end
+
+        desc "Set up credentials for #{user} on cluster_name #{cluster_name}"
+        task :establish => %w{get set:certificate store}
+      end
+    end
+  end
+end

data/lib/hawser/servers.rb

@@ -0,0 +1,36 @@
+require "mattock"
+require 'aws-sdk'
+
+module Hawser
+  class Servers < Mattock::Tasklib
+    default_namespace :servers
+
+    setting :cluster_name
+    setting :access_key
+    setting :secret_key
+    setting :region, "us-west-1"
+
+    def define
+      in_namespace do
+        task :list do
+          require 'yaml'
+          ec2 = AWS::EC2.new(:region => region, :access_key_id => access_key, :secret_access_key => secret_key)
+          puts(YAML::dump( ec2.instances.map do |instance|
+            { "cluster_name" => cluster_name,
+              "platform" => "aws",
+              "id_from_platform" => instance.instance_id,
+              "private_dns_name" => instance.public_dns_name,
+              "public_dns_name" => instance.public_dns_name,
+              "private_ip_address" => instance.private_ip_address,
+              "public_ip_address" => instance.public_ip_address,
+              "architecture" => instance.architecture.to_s,
+              "availability_zone" => instance.placement[:availability_zone],
+              "launch_time" => instance.launch_time,
+              "image_id" => instance.image_id,
+              "key_name" => instance.key_name }
+          end))
+        end
+      end
+    end
+  end
+end

data/spec/hawser_spec.rb

@@ -0,0 +1,10 @@
+require 'hawser'
+
+describe Hawser do
+  it "should create some rake tasks" do
+    Hawser::Cluster.new do |cluster|
+      cluster.name = "test"
+      cluster.user = "testy-mctester"
+    end
+  end
+end

metadata

@@ -1,32 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: hawser
 version: !ruby/object:Gem::Version
-  prerelease: 
-  version: 0.0.1
+  version: 0.1.0
 platform: ruby
 authors:
 - Judson Lester
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-10-22 00:00:00.000000000 Z
+date: 2014-08-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  version_requirements: !ruby/object:Gem::Requirement
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>'
       - !ruby/object:Gem::Version
         version: '0'
-    none: false
-  name: aws-sdk
   type: :runtime
   prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>'
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mattock
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>'
       - !ruby/object:Gem::Version
         version: '0'
-    none: false
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>'
+      - !ruby/object:Gem::Version
+        version: '0'
 description: ! '  A toolbelt of utilities for doing stuff with AWS
 
 '
@@ -36,17 +47,25 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- lib/hawser.rb
+- lib/hawser/cluster.rb
+- lib/hawser/credentialing.rb
+- lib/hawser/servers.rb
+- lib/hawser/baking-command.rb
+- lib/hawser/baking.rb
+- spec/hawser_spec.rb
 - spec_help/gem_test_suite.rb
 homepage: http://nyarly.github.com/hawser
 licenses:
 - MIT
+metadata: {}
 post_install_message: 
 rdoc_options:
 - --inline-source
 - --main
 - doc/README
 - --title
-- hawser-0.0.1 Documentation
+- hawser-0.1.0 Documentation
 require_paths:
 - lib/
 required_ruby_version: !ruby/object:Gem::Requirement
@@ -54,19 +73,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
-  none: false
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
-  none: false
 requirements: []
 rubyforge_project: hawser
-rubygems_version: 1.8.24
+rubygems_version: 2.0.14
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: AWS tools for towing your servers around
 test_files:
 - spec_help/gem_test_suite.rb
-has_rdoc: true