ironfan 4.2.3 → 4.3.0

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+# v4.3.0: VPC support
+* Launch instances in pre-existing VPC and subnet, with group support
+* Refactored security_group to handle VPC groups (which must use ID, not name)
+
 # v4.2.3
 * Making aws_account_id unnecessary for security groups (its not needed by newer Fog)
 * Removed redundant cloud_provider.rb (thanks @nickmarden)

data/VERSION

@@ -1 +1 @@
-4.2.3
+4.3.0

data/ironfan.gemspec

@@ -5,7 +5,7 @@
 
 Gem::Specification.new do |s|
   s.name = "ironfan"
-  s.version = "4.2.3"
+  s.version = "4.3.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Infochimps"]

data/lib/ironfan/broker/computer.rb

@@ -62,7 +62,7 @@ module Ironfan
         target_resources = chosen_resources(options)
         resources.each do |res|
           next unless target_resources.include? res.class
-          descriptor = "#{res.class} named #{res.name}"
+          descriptor = "#{res.class.resource_type} named #{res.name}"
           if res.shared?
             Chef::Log.debug("Not killing shared resource #{descriptor}")
           else

data/lib/ironfan/provider/ec2/machine.rb

@@ -221,6 +221,7 @@ module Ironfan
             :client_key =>              computer.private_key
           }
 
+
           # Fog does not actually create tags when it creates a server;
           #  they and permanence are applied during sync
           description = {
@@ -228,7 +229,6 @@ module Ironfan
             :flavor_id            => cloud.flavor,
             :vpc_id               => cloud.vpc,
             :subnet_id            => cloud.subnet,
-            :groups               => cloud.security_groups.keys,
             :key_name             => cloud.ssh_key_name(computer),
             :user_data            => JSON.pretty_generate(user_data_hsh),
             :block_device_mapping => block_device_mapping(computer),
@@ -236,6 +236,12 @@ module Ironfan
             :monitoring           => cloud.monitoring,
           }
 
+          # VPC security_groups can only be addressed by id (not name)
+          description[:security_group_ids] = cloud.security_groups.keys.map do |g|
+            group_name = cloud.vpc.nil? ? g.to_s : "#{cloud.vpc}:#{g}"
+            SecurityGroup.recall(group_name).group_id
+          end
+
           if cloud.flavor_info[:placement_groupable]
             ui.warn "1.3.1 and earlier versions of Fog don't correctly support placement groups, so your nodes will land willy-nilly. We're working on a fix"
             description[:placement] = { 'groupName' => cloud.placement_group.to_s }

data/lib/ironfan/provider/ec2/security_group.rb

@@ -17,7 +17,15 @@ module Ironfan
         def self.multiple?()    true;   end
         def self.resource_type()        :security_group;   end
         def self.expected_ids(computer)
-          computer.server.cloud(:ec2).security_groups.keys.map{|k| k.to_s}.uniq
+          ec2 = computer.server.cloud(:ec2)
+          ec2.security_groups.keys.map do |name|
+            ec2.vpc ? "#{ec2.vpc}:#{name.to_s}" : name.to_s
+          end.uniq
+        end
+
+        def name()
+          return adaptee.name if adaptee.vpc_id.nil?
+          "#{adaptee.vpc_id}:#{adaptee.name}"
         end
 
         #
@@ -28,7 +36,7 @@ module Ironfan
             next if raw.blank?
             sg = SecurityGroup.new(:adaptee => raw)
             remember(sg)
-            Chef::Log.debug("Loaded #{sg}")
+            Chef::Log.debug("Loaded #{sg}: #{sg.inspect}")
           end
         end
 
@@ -69,7 +77,10 @@ module Ironfan
           groups.each do |group|
             Ironfan.step(group, "  creating #{group} security group", :blue)
             begin
-              Ec2.connection.create_security_group(group.to_s,"Ironfan created group #{group}")
+              tokens    = group.to_s.split(':')
+              group_id  = tokens.pop
+              vpc_id    = tokens.pop
+              Ec2.connection.create_security_group(group_id,"Ironfan created group #{group_id}",vpc_id)
             rescue Fog::Compute::AWS::Error => e # InvalidPermission.Duplicate
               Chef::Log.info("ignoring security group error: #{e}")
               sleep 0.5  # quit racing so hard
@@ -78,11 +89,17 @@ module Ironfan
           load! # Get the native groups via reload
         end
 
+        def self.recall_with_vpc(name,vpc_id=nil)
+          group_name = vpc_id.nil? ? name : "#{vpc_id}:#{name}"
+          recall(group_name)
+        end
+
         def self.save!(computer)
           return unless Ec2.applicable computer
+          cloud = computer.server.cloud(:ec2)
 
           create!(computer)            # Make sure the security groups exist
-          security_groups = computer.server.cloud(:ec2).security_groups.values
+          security_groups = cloud.security_groups.values
           dsl_groups = security_groups.select do |dsl_group|
             not (recall? dsl_group or recall(dsl_group.name).ensured) and \
             not (dsl_group.range_authorizations +
@@ -93,14 +110,19 @@ module Ironfan
 
           Ironfan.step(computer.server.cluster_name, "ensuring security group permissions", :blue)
           dsl_groups.each do |dsl_group|
+            dsl_group_fog = recall_with_vpc(dsl_group.name,cloud.vpc)
             dsl_group.group_authorized.each do |other_group|
+              other_group_fog = recall_with_vpc(other_group,cloud.vpc)
               Ironfan.step(dsl_group.name, "  ensuring access from #{other_group}", :blue)
-              safely_authorize(dsl_group.name, 1..65535, :group => other_group)
+              options = {:group => other_group_fog.group_id}
+              safely_authorize(dsl_group_fog, 1..65535, options)
             end
 
             dsl_group.group_authorized_by.each do |other_group|
+              other_group_fog = recall_with_vpc(other_group,cloud.vpc)
               Ironfan.step(dsl_group.name, "  ensuring access to #{other_group}", :blue)
-              safely_authorize(other_group, 1..65535, :group => dsl_group.name)
+              options = {:group => dsl_group_fog.group_id}
+              safely_authorize(other_group_fog, 1..65535, options)
             end
 
             dsl_group.range_authorizations.each do |range_auth|
@@ -108,7 +130,7 @@ module Ironfan
               step_message = "  ensuring #{protocol} access from #{cidr} to #{range}"
               Ironfan.step(dsl_group.name, step_message, :blue)
               options = {:cidr_ip => cidr, :ip_protocol => protocol}
-              safely_authorize(dsl_group.name,range,options)
+              safely_authorize(dsl_group_fog, range, options)
             end
           end
         end
@@ -131,14 +153,13 @@ module Ironfan
 
         # Try an authorization, ignoring duplicates (this is easier than correlating).
         # Do so for both TCP and UDP, unless only one is specified
-        def self.safely_authorize(group_name,range,options)
+        def self.safely_authorize(fog_group,range,options)
           unless options[:ip_protocol]
-            safely_authorize(group_name,range,options.merge(:ip_protocol => 'tcp'))
-            safely_authorize(group_name,range,options.merge(:ip_protocol => 'udp'))
+            safely_authorize(fog_group,range,options.merge(:ip_protocol => 'tcp'))
+            safely_authorize(fog_group,range,options.merge(:ip_protocol => 'udp'))
             return
           end
 
-          fog_group = recall(group_name) or raise "unrecognized group: #{group_name}"
           begin
             fog_group.authorize_port_range(range,options)
           rescue Fog::Compute::AWS::Error => e      # InvalidPermission.Duplicate

metadata

@@ -2,7 +2,7 @@
 name: ironfan
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 4.2.3
+  version: 4.3.0
 platform: ruby
 authors: 
 - Infochimps
@@ -233,7 +233,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 4307969691364696392
+      hash: -131746219185203248
       segments: 
       - 0
       version: "0"