ironfan 4.2.3 → 4.3.0
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.md +4 -0
- data/VERSION +1 -1
- data/ironfan.gemspec +1 -1
- data/lib/ironfan/broker/computer.rb +1 -1
- data/lib/ironfan/provider/ec2/machine.rb +7 -1
- data/lib/ironfan/provider/ec2/security_group.rb +32 -11
- metadata +2 -2
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,7 @@
|
|
1
|
+
# v4.3.0: VPC support
|
2
|
+
* Launch instances in pre-existing VPC and subnet, with group support
|
3
|
+
* Refactored security_group to handle VPC groups (which must use ID, not name)
|
4
|
+
|
1
5
|
# v4.2.3
|
2
6
|
* Making aws_account_id unnecessary for security groups (its not needed by newer Fog)
|
3
7
|
* Removed redundant cloud_provider.rb (thanks @nickmarden)
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
4.
|
1
|
+
4.3.0
|
data/ironfan.gemspec
CHANGED
@@ -62,7 +62,7 @@ module Ironfan
|
|
62
62
|
target_resources = chosen_resources(options)
|
63
63
|
resources.each do |res|
|
64
64
|
next unless target_resources.include? res.class
|
65
|
-
descriptor = "#{res.class} named #{res.name}"
|
65
|
+
descriptor = "#{res.class.resource_type} named #{res.name}"
|
66
66
|
if res.shared?
|
67
67
|
Chef::Log.debug("Not killing shared resource #{descriptor}")
|
68
68
|
else
|
@@ -221,6 +221,7 @@ module Ironfan
|
|
221
221
|
:client_key => computer.private_key
|
222
222
|
}
|
223
223
|
|
224
|
+
|
224
225
|
# Fog does not actually create tags when it creates a server;
|
225
226
|
# they and permanence are applied during sync
|
226
227
|
description = {
|
@@ -228,7 +229,6 @@ module Ironfan
|
|
228
229
|
:flavor_id => cloud.flavor,
|
229
230
|
:vpc_id => cloud.vpc,
|
230
231
|
:subnet_id => cloud.subnet,
|
231
|
-
:groups => cloud.security_groups.keys,
|
232
232
|
:key_name => cloud.ssh_key_name(computer),
|
233
233
|
:user_data => JSON.pretty_generate(user_data_hsh),
|
234
234
|
:block_device_mapping => block_device_mapping(computer),
|
@@ -236,6 +236,12 @@ module Ironfan
|
|
236
236
|
:monitoring => cloud.monitoring,
|
237
237
|
}
|
238
238
|
|
239
|
+
# VPC security_groups can only be addressed by id (not name)
|
240
|
+
description[:security_group_ids] = cloud.security_groups.keys.map do |g|
|
241
|
+
group_name = cloud.vpc.nil? ? g.to_s : "#{cloud.vpc}:#{g}"
|
242
|
+
SecurityGroup.recall(group_name).group_id
|
243
|
+
end
|
244
|
+
|
239
245
|
if cloud.flavor_info[:placement_groupable]
|
240
246
|
ui.warn "1.3.1 and earlier versions of Fog don't correctly support placement groups, so your nodes will land willy-nilly. We're working on a fix"
|
241
247
|
description[:placement] = { 'groupName' => cloud.placement_group.to_s }
|
@@ -17,7 +17,15 @@ module Ironfan
|
|
17
17
|
def self.multiple?() true; end
|
18
18
|
def self.resource_type() :security_group; end
|
19
19
|
def self.expected_ids(computer)
|
20
|
-
computer.server.cloud(:ec2)
|
20
|
+
ec2 = computer.server.cloud(:ec2)
|
21
|
+
ec2.security_groups.keys.map do |name|
|
22
|
+
ec2.vpc ? "#{ec2.vpc}:#{name.to_s}" : name.to_s
|
23
|
+
end.uniq
|
24
|
+
end
|
25
|
+
|
26
|
+
def name()
|
27
|
+
return adaptee.name if adaptee.vpc_id.nil?
|
28
|
+
"#{adaptee.vpc_id}:#{adaptee.name}"
|
21
29
|
end
|
22
30
|
|
23
31
|
#
|
@@ -28,7 +36,7 @@ module Ironfan
|
|
28
36
|
next if raw.blank?
|
29
37
|
sg = SecurityGroup.new(:adaptee => raw)
|
30
38
|
remember(sg)
|
31
|
-
Chef::Log.debug("Loaded #{sg}")
|
39
|
+
Chef::Log.debug("Loaded #{sg}: #{sg.inspect}")
|
32
40
|
end
|
33
41
|
end
|
34
42
|
|
@@ -69,7 +77,10 @@ module Ironfan
|
|
69
77
|
groups.each do |group|
|
70
78
|
Ironfan.step(group, " creating #{group} security group", :blue)
|
71
79
|
begin
|
72
|
-
|
80
|
+
tokens = group.to_s.split(':')
|
81
|
+
group_id = tokens.pop
|
82
|
+
vpc_id = tokens.pop
|
83
|
+
Ec2.connection.create_security_group(group_id,"Ironfan created group #{group_id}",vpc_id)
|
73
84
|
rescue Fog::Compute::AWS::Error => e # InvalidPermission.Duplicate
|
74
85
|
Chef::Log.info("ignoring security group error: #{e}")
|
75
86
|
sleep 0.5 # quit racing so hard
|
@@ -78,11 +89,17 @@ module Ironfan
|
|
78
89
|
load! # Get the native groups via reload
|
79
90
|
end
|
80
91
|
|
92
|
+
def self.recall_with_vpc(name,vpc_id=nil)
|
93
|
+
group_name = vpc_id.nil? ? name : "#{vpc_id}:#{name}"
|
94
|
+
recall(group_name)
|
95
|
+
end
|
96
|
+
|
81
97
|
def self.save!(computer)
|
82
98
|
return unless Ec2.applicable computer
|
99
|
+
cloud = computer.server.cloud(:ec2)
|
83
100
|
|
84
101
|
create!(computer) # Make sure the security groups exist
|
85
|
-
security_groups =
|
102
|
+
security_groups = cloud.security_groups.values
|
86
103
|
dsl_groups = security_groups.select do |dsl_group|
|
87
104
|
not (recall? dsl_group or recall(dsl_group.name).ensured) and \
|
88
105
|
not (dsl_group.range_authorizations +
|
@@ -93,14 +110,19 @@ module Ironfan
|
|
93
110
|
|
94
111
|
Ironfan.step(computer.server.cluster_name, "ensuring security group permissions", :blue)
|
95
112
|
dsl_groups.each do |dsl_group|
|
113
|
+
dsl_group_fog = recall_with_vpc(dsl_group.name,cloud.vpc)
|
96
114
|
dsl_group.group_authorized.each do |other_group|
|
115
|
+
other_group_fog = recall_with_vpc(other_group,cloud.vpc)
|
97
116
|
Ironfan.step(dsl_group.name, " ensuring access from #{other_group}", :blue)
|
98
|
-
|
117
|
+
options = {:group => other_group_fog.group_id}
|
118
|
+
safely_authorize(dsl_group_fog, 1..65535, options)
|
99
119
|
end
|
100
120
|
|
101
121
|
dsl_group.group_authorized_by.each do |other_group|
|
122
|
+
other_group_fog = recall_with_vpc(other_group,cloud.vpc)
|
102
123
|
Ironfan.step(dsl_group.name, " ensuring access to #{other_group}", :blue)
|
103
|
-
|
124
|
+
options = {:group => dsl_group_fog.group_id}
|
125
|
+
safely_authorize(other_group_fog, 1..65535, options)
|
104
126
|
end
|
105
127
|
|
106
128
|
dsl_group.range_authorizations.each do |range_auth|
|
@@ -108,7 +130,7 @@ module Ironfan
|
|
108
130
|
step_message = " ensuring #{protocol} access from #{cidr} to #{range}"
|
109
131
|
Ironfan.step(dsl_group.name, step_message, :blue)
|
110
132
|
options = {:cidr_ip => cidr, :ip_protocol => protocol}
|
111
|
-
safely_authorize(
|
133
|
+
safely_authorize(dsl_group_fog, range, options)
|
112
134
|
end
|
113
135
|
end
|
114
136
|
end
|
@@ -131,14 +153,13 @@ module Ironfan
|
|
131
153
|
|
132
154
|
# Try an authorization, ignoring duplicates (this is easier than correlating).
|
133
155
|
# Do so for both TCP and UDP, unless only one is specified
|
134
|
-
def self.safely_authorize(
|
156
|
+
def self.safely_authorize(fog_group,range,options)
|
135
157
|
unless options[:ip_protocol]
|
136
|
-
safely_authorize(
|
137
|
-
safely_authorize(
|
158
|
+
safely_authorize(fog_group,range,options.merge(:ip_protocol => 'tcp'))
|
159
|
+
safely_authorize(fog_group,range,options.merge(:ip_protocol => 'udp'))
|
138
160
|
return
|
139
161
|
end
|
140
162
|
|
141
|
-
fog_group = recall(group_name) or raise "unrecognized group: #{group_name}"
|
142
163
|
begin
|
143
164
|
fog_group.authorize_port_range(range,options)
|
144
165
|
rescue Fog::Compute::AWS::Error => e # InvalidPermission.Duplicate
|
metadata
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
name: ironfan
|
3
3
|
version: !ruby/object:Gem::Version
|
4
4
|
prerelease:
|
5
|
-
version: 4.
|
5
|
+
version: 4.3.0
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- Infochimps
|
@@ -233,7 +233,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
233
233
|
requirements:
|
234
234
|
- - ">="
|
235
235
|
- !ruby/object:Gem::Version
|
236
|
-
hash:
|
236
|
+
hash: -131746219185203248
|
237
237
|
segments:
|
238
238
|
- 0
|
239
239
|
version: "0"
|