ironfan 6.0.4 → 6.0.5

Sign up to get free protection for your applications and to get access to all the features.
data/ironfan.gemspec CHANGED
@@ -20,8 +20,8 @@ Gem::Specification.new do |gem|
20
20
  gem.require_paths = %w[ lib ]
21
21
 
22
22
  gem.add_dependency('chef', '10.30.4')
23
- gem.add_dependency('fog', '1.10.1')
24
- gem.add_dependency('excon', '0.21.0')
23
+ gem.add_dependency('fog', '1.21.0')
24
+ gem.add_dependency('excon', '0.32.1')
25
25
  gem.add_dependency('formatador', '0.2.4')
26
26
  gem.add_dependency('gorillib', '0.5.0')
27
27
  gem.add_dependency('rbvmomi', '1.8.1')
@@ -42,7 +42,9 @@ module Ironfan
42
42
  #
43
43
  def self.load!(cluster=nil)
44
44
  Ec2.connection.security_groups.reject { |raw| raw.blank? }.each do |raw|
45
- remember SecurityGroup.new(:adaptee => raw)
45
+ sg = SecurityGroup.new(:adaptee => raw)
46
+ remember sg
47
+ remember(sg, :id => sg.name.gsub( /^vpc-[^:]+:/, '') )
46
48
  end
47
49
  end
48
50
 
@@ -211,21 +213,43 @@ module Ironfan
211
213
  def self.safely_authorize(fog_group,range,options)
212
214
 
213
215
  if options[:group_alias]
216
+ # In this case, we must first extract the group name
217
+ # before recursively calling this function with it.
218
+
214
219
  owner, group = options.delete(:group_alias).split(/\//)
215
220
  Chef::Log.debug("authorizing group alias #{options[:group_alias].inspect} to group #{fog_group.name}")
216
221
  group_id = Ec2.connection.security_groups.get(group).group_id
217
222
  safely_authorize(fog_group, range, options.merge(group: group_id))
218
223
  elsif options[:ip_protocol]
224
+ # In this case, we've received the ip_protocol. With or
225
+ # without a group name, we have enough information to open
226
+ # the security group.
227
+
219
228
  Chef::Log.debug("authorizing to #{fog_group.name} with options #{options.inspect}")
220
- self.patiently(fog_group.name, Fog::Compute::AWS::Error, :ignore => Proc.new { |e| e.message =~ /InvalidPermission\.Duplicate/ }) do
229
+ self.patiently(fog_group.name, Fog::Compute::AWS::Error, :ignore => Proc.new { |e| e.message =~ /Duplicate/ }) do
221
230
  fog_group.authorize_port_range(range,options)
222
231
  end
223
232
  else
233
+ # Without an IP protocol, we'll open all of the relevant
234
+ # ones. On non-VPC, that means tcp, udp, and icmp. On VPC,
235
+ # that means -1 for all protocols.
236
+
224
237
  Chef::Log.debug([
225
238
  "didn't receive ip_protocol for authorization to #{fog_group.name} ",
226
239
  "with options #{options.inspect}. assuming all protocols"
227
240
  ].join)
228
- safely_authorize(fog_group,range,options.merge(:ip_protocol => -1))
241
+ if fog_group.vpc_id.nil?
242
+ # Non-VPC does not support -1 for all protocols, so
243
+ # we'll need to do each protocol indendently. If we
244
+ # haven't received an ip_protocol, we'll assume the user
245
+ # meant to open everything.
246
+ safely_authorize(fog_group, 1..65535, options.merge(:ip_protocol => 'tcp'))
247
+ safely_authorize(fog_group, 1..65535, options.merge(:ip_protocol => 'udp'))
248
+ safely_authorize(fog_group, -1..-1, options.merge(:ip_protocol => 'icmp'))
249
+ else
250
+ # In VPC, we should use only one rule to conserve rules.
251
+ safely_authorize(fog_group,range,options.merge(:ip_protocol => -1))
252
+ end
229
253
  end
230
254
  end
231
255
  end
@@ -180,7 +180,7 @@ module Ironfan
180
180
  def self.validate_resources!(computers)
181
181
  recall.each_value do |machine|
182
182
  next unless machine.users.empty? and machine.name
183
- if machine.name.match("^#{computers.cluster.name}-")
183
+ if computers.clusters.any?{ |comp| machine.name.match("^#{comp.name}-") }
184
184
  machine.bogus << :unexpected_machine
185
185
  end
186
186
  next unless machine.bogus?
@@ -274,15 +274,7 @@ module Ironfan
274
274
 
275
275
  def self.launch_description(computer)
276
276
  cloud = computer.server.cloud(:openstack)
277
- user_data_hsh = {
278
- :chef_server => Chef::Config[:chef_server_url],
279
- :node_name => computer.name,
280
- :organization => Chef::Config[:organization],
281
- :cluster_name => computer.server.cluster_name,
282
- :facet_name => computer.server.facet_name,
283
- :facet_index => computer.server.index,
284
- :client_key => computer.private_key
285
- }
277
+ user_data = self.cloud_init_user_data(computer)
286
278
 
287
279
  # main machine info
288
280
  # note that Fog does not actually create tags when it creates a
@@ -293,7 +285,7 @@ module Ironfan
293
285
  #:vpc_id => cloud.vpc,
294
286
  #:subnet_id => cloud.subnet,
295
287
  :key_name => cloud.ssh_key_name(computer),
296
- :user_data => JSON.pretty_generate(user_data_hsh),
288
+ :user_data => user_data,
297
289
  #:block_device_mapping => block_device_mapping(computer),
298
290
  :availability_zone => cloud.default_availability_zone,
299
291
  #:monitoring => cloud.monitoring,
@@ -181,20 +181,21 @@ module Ironfan
181
181
  #
182
182
  # Utility
183
183
  #
184
- def self.ensure_groups(computer)
184
+ def self.ensure_groups computer
185
185
  return unless OpenStack.applicable computer
186
186
  # Ensure the security_groups include those for cluster & facet
187
187
  # FIXME: This violates the DSL's immutability; it should be
188
188
  # something calculated from within the DSL construction
189
189
  Ironfan.todo("CODE SMELL: violation of DSL immutability: #{caller}")
190
190
  server = computer.server
191
- c_group = server.security_group(computer.server.cluster_name)
192
- c_group.authorized_by_group(c_group.name)
193
- facet_name = "#{computer.server.cluster_name}-#{computer.server.facet_name}"
194
- server.security_group(facet_name)
191
+ cluster_name = "#{computer.server.realm_name}-#{computer.server.cluster_name}"
192
+ server.security_group computer.server.realm_name
193
+ realm_group = server.security_group cluster_name
194
+ realm_group.authorized_by_group realm_group.name
195
+ facet_name = "#{computer.server.realm_name}-#{computer.server.cluster_name}-#{computer.server.facet_name}"
196
+ server.security_group facet_name
195
197
  end
196
198
 
197
-
198
199
  # Try an authorization, ignoring duplicates (this is easier than correlating).
199
200
  # Do so for both TCP and UDP, unless only one is specified
200
201
  def self.safely_authorize(fog_group,range,options)
@@ -225,7 +225,6 @@ cloud_init_modules:
225
225
  - set_hostname
226
226
  - update_hostname
227
227
  - update_etc_hosts
228
- - write-files
229
228
  - ca-certs
230
229
  - rsyslog
231
230
  - ssh
@@ -1,3 +1,3 @@
1
1
  module Ironfan
2
- VERSION = '6.0.4'
2
+ VERSION = '6.0.5'
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ironfan
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.0.4
4
+ version: 6.0.5
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2014-03-20 00:00:00.000000000 Z
12
+ date: 2014-03-21 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: chef
@@ -34,7 +34,7 @@ dependencies:
34
34
  requirements:
35
35
  - - '='
36
36
  - !ruby/object:Gem::Version
37
- version: 1.10.1
37
+ version: 1.21.0
38
38
  type: :runtime
39
39
  prerelease: false
40
40
  version_requirements: !ruby/object:Gem::Requirement
@@ -42,7 +42,7 @@ dependencies:
42
42
  requirements:
43
43
  - - '='
44
44
  - !ruby/object:Gem::Version
45
- version: 1.10.1
45
+ version: 1.21.0
46
46
  - !ruby/object:Gem::Dependency
47
47
  name: excon
48
48
  requirement: !ruby/object:Gem::Requirement
@@ -50,7 +50,7 @@ dependencies:
50
50
  requirements:
51
51
  - - '='
52
52
  - !ruby/object:Gem::Version
53
- version: 0.21.0
53
+ version: 0.32.1
54
54
  type: :runtime
55
55
  prerelease: false
56
56
  version_requirements: !ruby/object:Gem::Requirement
@@ -58,7 +58,7 @@ dependencies:
58
58
  requirements:
59
59
  - - '='
60
60
  - !ruby/object:Gem::Version
61
- version: 0.21.0
61
+ version: 0.32.1
62
62
  - !ruby/object:Gem::Dependency
63
63
  name: formatador
64
64
  requirement: !ruby/object:Gem::Requirement
@@ -318,7 +318,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
318
318
  version: '0'
319
319
  segments:
320
320
  - 0
321
- hash: -4288097787655203651
321
+ hash: -3391490905831760675
322
322
  required_rubygems_version: !ruby/object:Gem::Requirement
323
323
  none: false
324
324
  requirements:
@@ -327,7 +327,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
327
327
  version: '0'
328
328
  segments:
329
329
  - 0
330
- hash: -4288097787655203651
330
+ hash: -3391490905831760675
331
331
  requirements: []
332
332
  rubyforge_project:
333
333
  rubygems_version: 1.8.25