ironfan 6.0.1 → 6.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/ironfan/dsl/cluster.rb +5 -1
- data/lib/ironfan/dsl/component.rb +10 -18
- data/lib/ironfan/dsl/compute.rb +8 -0
- data/lib/ironfan/dsl/facet.rb +2 -2
- data/lib/ironfan/dsl/server.rb +2 -2
- data/lib/ironfan/provider/ec2/security_group.rb +12 -13
- data/lib/ironfan/version.rb +1 -1
- data/spec/ironfan/plugin_spec.rb +11 -11
- data/spec/ironfan/realm_spec.rb +1 -1
- metadata +4 -5
- data/Gemfile.lock +0 -193
data/lib/ironfan/dsl/cluster.rb
CHANGED
@@ -22,9 +22,9 @@ module Ironfan
|
|
22
22
|
|
23
23
|
def initialize(attrs = {}, &blk)
|
24
24
|
super
|
25
|
-
self.cluster_role Ironfan::Dsl::Role.new(name: "#{attrs[:name]}-cluster")
|
26
25
|
self.realm_name attrs[:owner].name unless attrs[:owner].nil?
|
27
26
|
self.cluster_names attrs[:owner].cluster_names unless attrs[:owner].nil?
|
27
|
+
self.cluster_role Ironfan::Dsl::Role.new(name: Compute.cluster_role_name(realm_name, cluster_name))
|
28
28
|
end
|
29
29
|
|
30
30
|
# Utility method to reference all servers from constituent facets
|
@@ -41,6 +41,10 @@ module Ironfan
|
|
41
41
|
def cluster_name
|
42
42
|
name
|
43
43
|
end
|
44
|
+
|
45
|
+
def full_name
|
46
|
+
"#{realm_name}-#{name}"
|
47
|
+
end
|
44
48
|
end
|
45
49
|
end
|
46
50
|
end
|
@@ -96,7 +96,7 @@ module Ironfan
|
|
96
96
|
|
97
97
|
def set_discovery(compute, keys)
|
98
98
|
if server_cluster
|
99
|
-
wire_to(compute,
|
99
|
+
wire_to(compute, keys)
|
100
100
|
else
|
101
101
|
# I'm defanging automatic discovery for now.
|
102
102
|
raise StandardError.new("must explicitly specify a server_cluster for discovery")
|
@@ -106,37 +106,29 @@ module Ironfan
|
|
106
106
|
end
|
107
107
|
end
|
108
108
|
|
109
|
-
def wire_to(compute,
|
110
|
-
discovery = {discovers: keys.reverse.inject(
|
109
|
+
def wire_to(compute, keys)
|
110
|
+
discovery = {discovers: keys.reverse.inject(compute.realm_name){|hsh,key| {key => hsh}}}
|
111
111
|
(compute.facet_role || compute.cluster_role).override_attributes(discovery)
|
112
112
|
|
113
|
-
client_group_v =
|
114
|
-
server_group_v =
|
113
|
+
client_group_v = compute.full_name
|
114
|
+
server_group_v = "#{realm_name}-#{server_cluster}"
|
115
115
|
|
116
116
|
group_edge(compute, client_group_v, :authorized_by_group, server_group_v)
|
117
|
-
|
117
|
+
Chef::Log.debug("#{client_group_v} authorized by #{server_group_v}")
|
118
|
+
if bidirectional
|
119
|
+
group_edge(compute, client_group_v, :authorize_group, server_group_v)
|
120
|
+
Chef::Log.debug("#{client_group_v} authorizes #{server_group_v}")
|
121
|
+
end
|
118
122
|
|
119
123
|
Chef::Log.debug("discovered #{announce_name} for #{cluster_name}: #{discovery}")
|
120
124
|
end
|
121
125
|
|
122
126
|
protected
|
123
127
|
|
124
|
-
def client_group(compute)
|
125
|
-
security_group(compute.cluster_name, (compute.name if compute.is_a?(Facet)))
|
126
|
-
end
|
127
|
-
|
128
|
-
def full_server_cluster
|
129
|
-
server_cluster
|
130
|
-
end
|
131
|
-
|
132
128
|
def group_edge(cloud, group_1, method, group_2)
|
133
129
|
cloud.security_group(group_1).send(method, group_2)
|
134
130
|
Chef::Log.debug("component.rb: allowing access from security group #{group_1} to #{group_2}")
|
135
131
|
end
|
136
|
-
|
137
|
-
def security_group(*target_components)
|
138
|
-
target_components.compact.join('-')
|
139
|
-
end
|
140
132
|
end
|
141
133
|
|
142
134
|
module Announcement
|
data/lib/ironfan/dsl/compute.rb
CHANGED
@@ -96,6 +96,14 @@ module Ironfan
|
|
96
96
|
clouds.values.first
|
97
97
|
end
|
98
98
|
|
99
|
+
def self.cluster_role_name realm_name, cluster_name
|
100
|
+
"#{realm_name}-#{cluster_name}-cluster"
|
101
|
+
end
|
102
|
+
|
103
|
+
def self.facet_role_name realm_name, cluster_name, facet_name
|
104
|
+
"#{realm_name}-#{cluster_name}-#{facet_name}-facet"
|
105
|
+
end
|
106
|
+
|
99
107
|
protected
|
100
108
|
|
101
109
|
def add_to_run_list(item, placement=nil)
|
data/lib/ironfan/dsl/facet.rb
CHANGED
@@ -18,7 +18,7 @@ module Ironfan
|
|
18
18
|
self.realm_name attrs[:owner].realm_name unless attrs[:owner].nil?
|
19
19
|
self.cluster_name = attrs[:owner].cluster_name unless attrs[:owner].nil?
|
20
20
|
self.name = attrs[:name] unless attrs[:name].nil?
|
21
|
-
self.facet_role Ironfan::Dsl::Role.new(name:
|
21
|
+
self.facet_role Ironfan::Dsl::Role.new(name: Compute.facet_role_name(realm_name, cluster_name, name))
|
22
22
|
super
|
23
23
|
(0..instances - 1).each{ |idx| server idx }
|
24
24
|
end
|
@@ -28,7 +28,7 @@ module Ironfan
|
|
28
28
|
end
|
29
29
|
|
30
30
|
def full_name
|
31
|
-
"#{cluster_name}-#{name}"
|
31
|
+
"#{realm_name}-#{cluster_name}-#{name}"
|
32
32
|
end
|
33
33
|
end
|
34
34
|
end
|
data/lib/ironfan/dsl/server.rb
CHANGED
@@ -226,8 +226,8 @@ module Ironfan
|
|
226
226
|
self.cluster_name = attrs[:owner].cluster_name
|
227
227
|
self.facet_name = attrs[:owner].name
|
228
228
|
|
229
|
-
self.role
|
230
|
-
self.role
|
229
|
+
self.role Compute.cluster_role_name(realm_name, cluster_name), :last
|
230
|
+
self.role Compute.facet_role_name(realm_name, cluster_name, facet_name), :last
|
231
231
|
end
|
232
232
|
super
|
233
233
|
end
|
@@ -4,7 +4,7 @@ module Ironfan
|
|
4
4
|
|
5
5
|
class SecurityGroup < Ironfan::Provider::Resource
|
6
6
|
|
7
|
-
WIDE_OPEN =
|
7
|
+
WIDE_OPEN = (-1..-1)
|
8
8
|
|
9
9
|
delegate :_dump, :authorize_group_and_owner, :authorize_port_range,
|
10
10
|
:collection, :collection=, :connection, :connection=, :description,
|
@@ -209,24 +209,23 @@ module Ironfan
|
|
209
209
|
# Try an authorization, ignoring duplicates (this is easier than correlating).
|
210
210
|
# Do so for both TCP and UDP, unless only one is specified
|
211
211
|
def self.safely_authorize(fog_group,range,options)
|
212
|
+
|
212
213
|
if options[:group_alias]
|
213
|
-
owner, group = options
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
'SourceSecurityGroupName' => group,
|
218
|
-
'SourceSecurityGroupOwnerId' => owner
|
219
|
-
)
|
220
|
-
end
|
214
|
+
owner, group = options.delete(:group_alias).split(/\//)
|
215
|
+
Chef::Log.debug("authorizing group alias #{options[:group_alias].inspect} to group #{fog_group.name}")
|
216
|
+
group_id = Ec2.connection.security_groups.get(group).group_id
|
217
|
+
safely_authorize(fog_group, range, options.merge(group: group_id))
|
221
218
|
elsif options[:ip_protocol]
|
219
|
+
Chef::Log.debug("authorizing to #{fog_group.name} with options #{options.inspect}")
|
222
220
|
self.patiently(fog_group.name, Fog::Compute::AWS::Error, :ignore => Proc.new { |e| e.message =~ /InvalidPermission\.Duplicate/ }) do
|
223
221
|
fog_group.authorize_port_range(range,options)
|
224
222
|
end
|
225
223
|
else
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
|
224
|
+
Chef::Log.debug([
|
225
|
+
"didn't receive ip_protocol for authorization to #{fog_group.name} ",
|
226
|
+
"with options #{options.inspect}. assuming all protocols"
|
227
|
+
].join)
|
228
|
+
safely_authorize(fog_group,range,options.merge(:ip_protocol => -1))
|
230
229
|
end
|
231
230
|
end
|
232
231
|
end
|
data/lib/ironfan/version.rb
CHANGED
data/spec/ironfan/plugin_spec.rb
CHANGED
@@ -177,28 +177,28 @@ describe Ironfan::Dsl::Component do
|
|
177
177
|
end
|
178
178
|
|
179
179
|
it 'configures the correct security groups during discovery' do
|
180
|
-
foo_group = Ironfan.realm(:wap).cluster(:foo).security_group('foo')
|
181
|
-
bar_group = Ironfan.realm(:wap).cluster(:bar).security_group('bar')
|
180
|
+
foo_group = Ironfan.realm(:wap).cluster(:foo).security_group('wap-foo')
|
181
|
+
bar_group = Ironfan.realm(:wap).cluster(:bar).security_group('wap-bar')
|
182
182
|
|
183
|
-
foo_group.group_authorized_by.should include('bar')
|
184
|
-
bar_group.group_authorized_by.should include('foo')
|
183
|
+
foo_group.group_authorized_by.should include('wap-bar')
|
184
|
+
bar_group.group_authorized_by.should include('wap-foo')
|
185
185
|
end
|
186
186
|
|
187
187
|
it 'configures the correct security groups during bidirectional discovery' do
|
188
|
-
baz_group = Ironfan.realm(:wap).cluster(:baz).security_group('baz')
|
189
|
-
bif_group = Ironfan.realm(:wap).cluster(:bif).security_group('bif')
|
188
|
+
baz_group = Ironfan.realm(:wap).cluster(:baz).security_group('wap-baz')
|
189
|
+
bif_group = Ironfan.realm(:wap).cluster(:bif).security_group('wap-bif')
|
190
190
|
|
191
|
-
baz_group.group_authorized_by.should include('bif')
|
192
|
-
baz_group.group_authorized.should include('bif')
|
191
|
+
baz_group.group_authorized_by.should include('wap-bif')
|
192
|
+
baz_group.group_authorized.should include('wap-bif')
|
193
193
|
end
|
194
194
|
|
195
195
|
it 'does not configure extra security groups during bidirectional discovery' do
|
196
|
-
Ironfan.realm(:wap).cluster(:baz).security_groups.keys.should_not include('
|
196
|
+
Ironfan.realm(:wap).cluster(:baz).security_groups.keys.should_not include('wap-bif')
|
197
197
|
end
|
198
198
|
|
199
199
|
it 'correctly sets the server cluster even when the client and server facets differ' do
|
200
|
-
bam_wak_group = Ironfan.realm(:wap).cluster(:bam).facet(:wak).security_group('bam-wak')
|
201
|
-
bam_wak_group.group_authorized_by.should include('bop')
|
200
|
+
bam_wak_group = Ironfan.realm(:wap).cluster(:bam).facet(:wak).security_group('wap-bam-wak')
|
201
|
+
bam_wak_group.group_authorized_by.should include('wap-bop')
|
202
202
|
end
|
203
203
|
|
204
204
|
end
|
data/spec/ironfan/realm_spec.rb
CHANGED
@@ -120,7 +120,7 @@ describe Ironfan::Dsl::Realm do
|
|
120
120
|
it 'should create clusters with attributes correctly applied' do
|
121
121
|
manifest.cluster_override_attributes.should == {a: 1}
|
122
122
|
manifest.facet_override_attributes.should == {b: 1}
|
123
|
-
manifest.run_list.should == %w[role[blah] role[bar-cluster] role[bar-baz-facet]]
|
123
|
+
manifest.run_list.should == %w[role[blah] role[foo-bar-cluster] role[foo-bar-baz-facet]]
|
124
124
|
end
|
125
125
|
|
126
126
|
it 'should create clusters with the correct ssh user' do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ironfan
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.0.
|
4
|
+
version: 6.0.3
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2014-03-
|
12
|
+
date: 2014-03-19 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: chef
|
@@ -169,7 +169,6 @@ files:
|
|
169
169
|
- CHANGELOG.md
|
170
170
|
- ELB.md
|
171
171
|
- Gemfile
|
172
|
-
- Gemfile.lock
|
173
172
|
- Guardfile
|
174
173
|
- LICENSE.md
|
175
174
|
- NOTES-REALM.md
|
@@ -319,7 +318,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
319
318
|
version: '0'
|
320
319
|
segments:
|
321
320
|
- 0
|
322
|
-
hash:
|
321
|
+
hash: 1692087169834386324
|
323
322
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
324
323
|
none: false
|
325
324
|
requirements:
|
@@ -328,7 +327,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
328
327
|
version: '0'
|
329
328
|
segments:
|
330
329
|
- 0
|
331
|
-
hash:
|
330
|
+
hash: 1692087169834386324
|
332
331
|
requirements: []
|
333
332
|
rubyforge_project:
|
334
333
|
rubygems_version: 1.8.25
|
data/Gemfile.lock
DELETED
@@ -1,193 +0,0 @@
|
|
1
|
-
PATH
|
2
|
-
remote: .
|
3
|
-
specs:
|
4
|
-
ironfan (6.0.1)
|
5
|
-
chef (= 10.30.4)
|
6
|
-
diff-lcs (= 1.2.5)
|
7
|
-
excon (= 0.21.0)
|
8
|
-
fog (= 1.10.1)
|
9
|
-
formatador (= 0.2.4)
|
10
|
-
gorillib (= 0.5.0)
|
11
|
-
json (= 1.5.4)
|
12
|
-
rbvmomi (= 1.8.1)
|
13
|
-
|
14
|
-
GEM
|
15
|
-
remote: https://rubygems.org/
|
16
|
-
specs:
|
17
|
-
archive-tar-minitar (0.5.2)
|
18
|
-
builder (3.2.2)
|
19
|
-
bunny (0.7.9)
|
20
|
-
chef (10.30.4)
|
21
|
-
bunny (>= 0.6.0, < 0.8.0)
|
22
|
-
erubis
|
23
|
-
highline (~> 1.6, >= 1.6.9)
|
24
|
-
json (>= 1.4.4, <= 1.7.7)
|
25
|
-
mime-types (~> 1.16)
|
26
|
-
mixlib-authentication (~> 1.3)
|
27
|
-
mixlib-cli (~> 1.1)
|
28
|
-
mixlib-config (~> 1.1, >= 1.1.2)
|
29
|
-
mixlib-log (~> 1.3)
|
30
|
-
mixlib-shellout (~> 1.3)
|
31
|
-
moneta (< 0.7.0)
|
32
|
-
net-ssh (~> 2.6)
|
33
|
-
net-ssh-multi (~> 1.1.0)
|
34
|
-
ohai (>= 0.6.0, < 7.0.0)
|
35
|
-
rest-client (>= 1.0.4, < 1.7.0)
|
36
|
-
treetop (~> 1.4.9)
|
37
|
-
uuidtools
|
38
|
-
yajl-ruby (~> 1.1)
|
39
|
-
chef-zero (1.5.1)
|
40
|
-
hashie (~> 2.0)
|
41
|
-
json
|
42
|
-
mixlib-log (~> 1.3)
|
43
|
-
moneta (< 0.7.0)
|
44
|
-
puma (~> 1.6)
|
45
|
-
coderay (1.0.9)
|
46
|
-
columnize (0.3.6)
|
47
|
-
configliere (0.4.18)
|
48
|
-
highline (>= 1.5.2)
|
49
|
-
multi_json (>= 1.1)
|
50
|
-
diff-lcs (1.2.5)
|
51
|
-
erubis (2.7.0)
|
52
|
-
excon (0.21.0)
|
53
|
-
ffi (1.9.0)
|
54
|
-
fog (1.10.1)
|
55
|
-
builder
|
56
|
-
excon (~> 0.20)
|
57
|
-
formatador (~> 0.2.0)
|
58
|
-
mime-types
|
59
|
-
multi_json (~> 1.0)
|
60
|
-
net-scp (~> 1.1)
|
61
|
-
net-ssh (>= 2.1.3)
|
62
|
-
nokogiri (~> 1.5.0)
|
63
|
-
ruby-hmac
|
64
|
-
formatador (0.2.4)
|
65
|
-
gorillib (0.5.0)
|
66
|
-
configliere (>= 0.4.13)
|
67
|
-
json
|
68
|
-
multi_json (>= 1.1)
|
69
|
-
guard (1.8.1)
|
70
|
-
formatador (>= 0.2.4)
|
71
|
-
listen (>= 1.0.0)
|
72
|
-
lumberjack (>= 1.0.2)
|
73
|
-
pry (>= 0.9.10)
|
74
|
-
thor (>= 0.14.6)
|
75
|
-
guard-rspec (3.0.2)
|
76
|
-
guard (>= 1.8)
|
77
|
-
rspec (~> 2.13)
|
78
|
-
guard-yard (2.1.0)
|
79
|
-
guard (>= 1.1.0)
|
80
|
-
yard (>= 0.7.0)
|
81
|
-
hashie (2.0.5)
|
82
|
-
highline (1.6.21)
|
83
|
-
ipaddress (0.8.0)
|
84
|
-
json (1.5.4)
|
85
|
-
linecache19 (0.5.12)
|
86
|
-
ruby_core_source (>= 0.1.4)
|
87
|
-
listen (1.2.2)
|
88
|
-
rb-fsevent (>= 0.9.3)
|
89
|
-
rb-inotify (>= 0.9)
|
90
|
-
rb-kqueue (>= 0.2)
|
91
|
-
lumberjack (1.0.3)
|
92
|
-
method_source (0.8.1)
|
93
|
-
mime-types (1.25.1)
|
94
|
-
mixlib-authentication (1.3.0)
|
95
|
-
mixlib-log
|
96
|
-
mixlib-cli (1.4.0)
|
97
|
-
mixlib-config (1.1.2)
|
98
|
-
mixlib-log (1.6.0)
|
99
|
-
mixlib-shellout (1.3.0)
|
100
|
-
moneta (0.6.0)
|
101
|
-
multi_json (1.8.2)
|
102
|
-
net-scp (1.1.2)
|
103
|
-
net-ssh (>= 2.6.5)
|
104
|
-
net-ssh (2.8.0)
|
105
|
-
net-ssh-gateway (1.2.0)
|
106
|
-
net-ssh (>= 2.6.5)
|
107
|
-
net-ssh-multi (1.1)
|
108
|
-
net-ssh (>= 2.1.4)
|
109
|
-
net-ssh-gateway (>= 0.99.0)
|
110
|
-
nokogiri (1.5.11)
|
111
|
-
ohai (6.20.0)
|
112
|
-
ipaddress
|
113
|
-
mixlib-cli
|
114
|
-
mixlib-config
|
115
|
-
mixlib-log
|
116
|
-
mixlib-shellout
|
117
|
-
systemu (~> 2.5.2)
|
118
|
-
yajl-ruby
|
119
|
-
oj (2.1.2)
|
120
|
-
polyglot (0.3.4)
|
121
|
-
pry (0.9.12.2)
|
122
|
-
coderay (~> 1.0.5)
|
123
|
-
method_source (~> 0.8)
|
124
|
-
slop (~> 3.4)
|
125
|
-
puma (1.6.3)
|
126
|
-
rack (~> 1.2)
|
127
|
-
rack (1.5.2)
|
128
|
-
rake (10.1.0)
|
129
|
-
rb-fsevent (0.9.3)
|
130
|
-
rb-inotify (0.9.0)
|
131
|
-
ffi (>= 0.5.0)
|
132
|
-
rb-kqueue (0.2.0)
|
133
|
-
ffi (>= 0.5.0)
|
134
|
-
rbvmomi (1.8.1)
|
135
|
-
builder
|
136
|
-
nokogiri (>= 1.4.1)
|
137
|
-
trollop
|
138
|
-
redcarpet (2.3.0)
|
139
|
-
rest-client (1.6.7)
|
140
|
-
mime-types (>= 1.16)
|
141
|
-
rspec (2.14.1)
|
142
|
-
rspec-core (~> 2.14.0)
|
143
|
-
rspec-expectations (~> 2.14.0)
|
144
|
-
rspec-mocks (~> 2.14.0)
|
145
|
-
rspec-core (2.14.7)
|
146
|
-
rspec-expectations (2.14.4)
|
147
|
-
diff-lcs (>= 1.1.3, < 2.0)
|
148
|
-
rspec-mocks (2.14.4)
|
149
|
-
ruby-debug-base19 (0.11.25)
|
150
|
-
columnize (>= 0.3.1)
|
151
|
-
linecache19 (>= 0.5.11)
|
152
|
-
ruby_core_source (>= 0.1.4)
|
153
|
-
ruby-debug19 (0.11.6)
|
154
|
-
columnize (>= 0.3.1)
|
155
|
-
linecache19 (>= 0.5.11)
|
156
|
-
ruby-debug-base19 (>= 0.11.19)
|
157
|
-
ruby-hmac (0.4.0)
|
158
|
-
ruby_core_source (0.1.5)
|
159
|
-
archive-tar-minitar (>= 0.5.2)
|
160
|
-
ruby_gntp (0.3.4)
|
161
|
-
simplecov (0.7.1)
|
162
|
-
multi_json (~> 1.0)
|
163
|
-
simplecov-html (~> 0.7.1)
|
164
|
-
simplecov-html (0.7.1)
|
165
|
-
slop (3.4.5)
|
166
|
-
systemu (2.5.2)
|
167
|
-
thor (0.18.1)
|
168
|
-
treetop (1.4.15)
|
169
|
-
polyglot
|
170
|
-
polyglot (>= 0.3.1)
|
171
|
-
trollop (2.0)
|
172
|
-
uuidtools (2.1.4)
|
173
|
-
yajl-ruby (1.2.0)
|
174
|
-
yard (0.8.6.1)
|
175
|
-
|
176
|
-
PLATFORMS
|
177
|
-
ruby
|
178
|
-
|
179
|
-
DEPENDENCIES
|
180
|
-
bundler (~> 1.0)
|
181
|
-
chef-zero
|
182
|
-
guard (~> 1)
|
183
|
-
guard-rspec
|
184
|
-
guard-yard
|
185
|
-
ironfan!
|
186
|
-
oj (>= 1.2)
|
187
|
-
rake
|
188
|
-
redcarpet (>= 2.1)
|
189
|
-
rspec (~> 2.8)
|
190
|
-
ruby-debug19
|
191
|
-
ruby_gntp
|
192
|
-
simplecov (>= 0.5)
|
193
|
-
yard (>= 0.7)
|