kontena-cli 0.12.0 → 0.12.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 09a43f90d845f6046491b8b9636cae6201fc0602
-  data.tar.gz: 357fcf2a78efd43d5371056837a188b7225bd016
+  metadata.gz: b4c7616444c2dfd31cc66c625d49168d8ab8623d
+  data.tar.gz: f28c78f100bed2695c99b12d5ed757dfd0e4eaa3
 SHA512:
-  metadata.gz: 076aa681b8e39964cbe93b9ae29279ee443f36fa0e73e6a054aef32852f93e5bb1502a318c556da5505eb6aaa13ec1b80a0d6d617b00466c8529c8f3cbeb80ba
-  data.tar.gz: 40fe038531ef0e8cda9fa1af4c1a1df6f25a79088e7f8311b3d1c29b833762d145d26441e09f9ddc105419ae414866cd077a88dfd9a51fbc0b087c2cfad64e85
+  metadata.gz: b594019efe570386ebbf644888636a28f31ed88c0fe01425322dce0057fd232f1707d70e82899aefac3576a179ebccc87726a4b90e53a5c473bc354320947dcb
+  data.tar.gz: 9202690e4f3cff809576272a11108351266b97c421c189fbfe742c4f7d0ccc1c90e143a182f754c09a586f37a4f1a23a33724ea8f848352f0167fce50045c06f

data/VERSION

@@ -1 +1 @@
-0.12.0
+0.12.1

data/lib/kontena/cli/grids/common.rb

@@ -21,10 +21,8 @@ module Kontena::Cli::Grids
       puts "    load: #{(loads[:'1m'] || 0.0).round(2)} #{(loads[:'5m'] || 0.0).round(2)} #{(loads[:'15m'] || 0.0).round(2)}"
 
       mem_total = nodes.map{|n| n['mem_total'].to_i}.inject(:+)
-      mem_wired = nodes.map{|n|
-        n.dig('resource_usage', 'memory', 'active').to_f
-      }.inject(:+)
-      puts "    memory: #{to_gigabytes(mem_wired)} of #{to_gigabytes(mem_total)} GB"
+      mem_used = calculate_mem_used(nodes)
+      puts "    memory: #{to_gigabytes(mem_used)} of #{to_gigabytes(mem_total)} GB"
 
       total_fs = calculate_filesystem_stats(nodes)
       puts "    filesystem: #{to_gigabytes(total_fs['used'])} of #{to_gigabytes(total_fs['total'])} GB"
@@ -55,6 +53,19 @@ module Kontena::Cli::Grids
       loads
     end
 
+    # @param [Array<Hash>] nodes
+    # @return [Float]
+    def calculate_mem_used(nodes)
+      nodes.map{|n|
+        mem = n.dig('resource_usage', 'memory')
+        if mem
+          mem['used'] - (mem['cached'] + mem['buffers'])
+        else
+          0.0
+        end
+      }.inject(:+)
+    end
+
     # @param [Array<Hash>] nodes
     # @return [Hash]
     def calculate_filesystem_stats(nodes)

data/lib/kontena/cli/grids/list_command.rb

@@ -9,7 +9,7 @@ module Kontena::Cli::Grids
       require_api_url
 
       if grids['grids'].size == 0
-        puts "You don't have any grids yet. Create first one with 'kontena grids create' command".colorize(:yellow)
+        puts "You don't have any grids yet. Create first one with 'kontena grid create' command".colorize(:yellow)
       end
 
       puts '%-30.30s %-8s %-12s %-10s' % ['Name', 'Nodes', 'Services', 'Users']

data/lib/kontena/cli/master/aws/create_command.rb

@@ -6,18 +6,18 @@ module Kontena::Cli::Master::Aws
 
     option "--access-key", "ACCESS_KEY", "AWS access key ID", required: true
     option "--secret-key", "SECRET_KEY", "AWS secret key", required: true
-    option "--key-pair", "KEY_PAIR", "EC2 Key Pair", required: true
-    option "--ssl-cert", "SSL CERT", "SSL certificate file"
+    option "--key-pair", "KEY_PAIR", "EC2 key pair name", required: true
+    option "--ssl-cert", "SSL CERT", "SSL certificate file (default: generate self-signed cert)"
     option "--region", "REGION", "EC2 Region", default: 'eu-west-1'
     option "--zone", "ZONE", "EC2 Availability Zone", default: 'a'
-    option "--vpc-id", "VPC ID", "Virtual Private Cloud (VPC) ID"
-    option "--subnet-id", "SUBNET ID", "VPC option to specify subnet to launch instance into"
+    option "--vpc-id", "VPC ID", "Virtual Private Cloud (VPC) ID (default: default vpc)"
+    option "--subnet-id", "SUBNET ID", "VPC option to specify subnet to launch instance into (default: first subnet from vpc/az)"
     option "--type", "SIZE", "Instance type", default: 't2.small'
     option "--storage", "STORAGE", "Storage size (GiB)", default: '30'
-    option "--vault-secret", "VAULT_SECRET", "Secret key for Vault"
-    option "--vault-iv", "VAULT_IV", "Initialization vector for Vault"
+    option "--vault-secret", "VAULT_SECRET", "Secret key for Vault (default: generate random secret)"
+    option "--vault-iv", "VAULT_IV", "Initialization vector for Vault (default: generate random iv)"
     option "--version", "VERSION", "Define installed Kontena version", default: 'latest'
-    option "--auth-provider-url", "AUTH_PROVIDER_URL", "Define authentication provider url"
+    option "--auth-provider-url", "AUTH_PROVIDER_URL", "Define authentication provider url (optional)"
 
     def execute
       require 'kontena/machine/aws'

data/lib/kontena/cli/master/users/remove_command.rb

@@ -0,0 +1,22 @@
+require_relative '../../common'
+
+module Kontena::Cli::Master::Users
+  class RemoveCommand < Clamp::Command
+    include Kontena::Cli::Common
+
+    parameter "EMAIL ...", "List of emails"
+
+    def execute
+      require_api_url
+      token = require_token
+      email_list.each do |email|
+        begin
+          client(token).delete("users/#{email}")
+        rescue => exc
+          STDERR.puts "Failed to remove user #{email}".colorize(:red)
+          STDERR.puts exc.message
+        end
+      end
+    end
+  end
+end

data/lib/kontena/cli/master/users_command.rb

@@ -1,12 +1,14 @@
 module Kontena::Cli::Master
 
-  require_relative 'users/add_role_command'
   require_relative 'users/invite_command'
+  require_relative 'users/remove_command'
   require_relative 'users/list_command'
+  require_relative 'users/add_role_command'
   require_relative 'users/remove_role_command'
 
   class UsersCommand < Clamp::Command
     subcommand "invite", "Invite user to Kontena Master", Users::InviteCommand
+    subcommand ["remove", "rm"], "Remove user from Kontena Master", Users::RemoveCommand
     subcommand ["list", "ls"], "List users", Users::ListCommand
     subcommand "add-role", "Add role to user", Users::AddRoleCommand
     subcommand "remove-role", "Remove role from user", Users::RemoveRoleCommand

data/lib/kontena/cli/nodes/aws/create_command.rb

@@ -6,11 +6,11 @@ module Kontena::Cli::Nodes::Aws
     parameter "[NAME]", "Node name"
     option "--access-key", "ACCESS_KEY", "AWS access key ID", required: true
     option "--secret-key", "SECRET_KEY", "AWS secret key", required: true
+    option "--key-pair", "KEY_PAIR", "EC2 Key Pair", required: true
     option "--region", "REGION", "EC2 Region", default: 'eu-west-1'
     option "--zone", "ZONE", "EC2 Availability Zone", default: 'a'
-    option "--vpc-id", "VPC ID", "Virtual Private Cloud (VPC) ID"
-    option "--subnet-id", "SUBNET ID", "VPC option to specify subnet to launch instance into"
-    option "--key-pair", "KEY_PAIR", "EC2 Key Pair", required: true
+    option "--vpc-id", "VPC ID", "Virtual Private Cloud (VPC) ID (default: default vpc)"
+    option "--subnet-id", "SUBNET ID", "VPC option to specify subnet to launch instance into (default: first subnet in vpc/az)"
     option "--type", "SIZE", "Instance type", default: 't2.small'
     option "--storage", "STORAGE", "Storage size (GiB)", default: '30'
     option "--version", "VERSION", "Define installed Kontena version", default: 'latest'

data/lib/kontena/cli/nodes/aws/terminate_command.rb

@@ -6,7 +6,7 @@ module Kontena::Cli::Nodes::Aws
     parameter "NAME", "Node name"
     option "--access-key", "ACCESS_KEY", "AWS access key ID", required: true
     option "--secret-key", "SECRET_KEY", "AWS secret key", required: true
-    option "--region", "REGION", "EC2 Region", required: true
+    option "--region", "REGION", "EC2 Region", default: 'eu-west-1'
 
     def execute
       require_api_url

data/lib/kontena/cli/services/containers_command.rb

@@ -18,7 +18,7 @@ module Kontena::Cli::Services
         puts "  rev: #{container['deploy_rev']}"
         puts "  node: #{container['node']['name']}"
         puts "  dns: #{container['name']}.#{current_grid}.kontena.local"
-        puts "  ip: #{container['overlay_cidr'].split('/')[0]}"
+        puts "  ip: #{container['overlay_cidr'].to_s.split('/')[0]}"
         puts "  public ip: #{container['node']['public_ip']}"
         if container['status'] == 'unknown'
           puts "  status: #{container['status'].colorize(:yellow)}"

data/lib/kontena/cli/vault/list_command.rb

@@ -7,9 +7,11 @@ module Kontena::Cli::Vault
       require_api_url
       token = require_token
       result = client(token).get("grids/#{current_grid}/secrets")
-      puts '%-30.30s %-30.30s' % ['NAME', 'CREATED AT']
+
+      column_width_paddings = '%-54s %-25.25s'
+      puts column_width_paddings % ['NAME', 'CREATED AT']
       result['secrets'].each do |secret|
-        puts '%-30.30s %-30.30s' % [secret['name'], secret['created_at']]
+        puts column_width_paddings % [secret['name'], secret['created_at']]
       end
     end
   end

data/lib/kontena/machine/aws.rb

@@ -1,13 +1,13 @@
 begin
-  require "fog/aws"
+  require "aws-sdk"
 rescue LoadError
   puts "It seems that you don't have gem for AWS API installed."
-  puts "Install it using: gem install fog-aws"
+  puts "Install it using: gem install aws-sdk"
   exit 1
 end
 
 require_relative 'random_name'
+require_relative 'cert_helper'
 require_relative 'aws/master_provisioner'
 require_relative 'aws/node_provisioner'
 require_relative 'aws/node_destroyer'
-

data/lib/kontena/machine/aws/common.rb

@@ -20,7 +20,23 @@ module Kontena
           }
           images[region]
         end
-        
+
+        # @param [String] vpc_id
+        # @param [String] zone
+        # @return [Aws::EC2::Types::Subnet, NilClass]
+        def default_subnet(vpc_id, zone)
+          ec2.subnets({
+            filters: [
+              {name: "vpc-id", values: [vpc_id]},
+              {name: "availability-zone", values: [zone]}
+            ]
+          }).first
+        end
+
+        # @return [Aws::EC2::Types::Vpc, NilClass]
+        def default_vpc
+          ec2.vpcs({filters: [{name: "is-default", values: ["true"]}]}).first
+        end
       end
     end
   end

data/lib/kontena/machine/aws/master_provisioner.rb

@@ -10,35 +10,37 @@ module Kontena
       class MasterProvisioner
         include RandomName
         include Common
-        attr_reader :client, :http_client, :region
+        include Machine::CertHelper
+        attr_reader :ec2, :http_client, :region
 
         # @param [String] access_key_id aws_access_key_id
         # @param [String] secret_key aws_secret_access_key
         # @param [String] region
         def initialize(access_key_id, secret_key, region)
-          @client = Fog::Compute.new(
-            :provider => 'AWS',
-            :aws_access_key_id => access_key_id,
-            :aws_secret_access_key => secret_key,
-            :region => region
+          @ec2 = ::Aws::EC2::Resource.new(
+            region: region, credentials: ::Aws::Credentials.new(access_key_id, secret_key)
           )
         end
 
         # @param [Hash] opts
         def run!(opts)
+          ssl_cert = nil
           if opts[:ssl_cert]
             abort('Invalid ssl cert') unless File.exists?(File.expand_path(opts[:ssl_cert]))
             ssl_cert = File.read(File.expand_path(opts[:ssl_cert]))
+          else
+            ShellSpinner "Generating self-signed SSL certificate" do
+              ssl_cert = generate_self_signed_cert
+            end
           end
 
-          ami = resolve_ami(client.region)
+          ami = resolve_ami(region)
           abort('No valid AMI found for region') unless ami
-          opts[:vpc] = default_vpc.id unless opts[:vpc]
+          opts[:vpc] = default_vpc.vpc_id unless opts[:vpc]
           if opts[:subnet].nil?
-            subnet = default_subnet(opts[:vpc], client.region+opts[:zone])
-            opts[:subnet] = subnet.subnet_id
+            subnet = default_subnet(opts[:vpc], region+opts[:zone])
           else
-            subnet = client.subnets.get(opts[:subnet])
+            subnet = ec2.subnet(opts[:subnet])
           end
           userdata_vars = {
               ssl_cert: ssl_cert,
@@ -50,41 +52,39 @@ module Kontena
 
           security_group = ensure_security_group(opts[:vpc])
           name = generate_name
-          response = client.run_instances(
-              ami,
-              1,
-              1,
-              'InstanceType'  => opts[:type],
-              'SecurityGroupId' => security_group.group_id,
-              'KeyName'       => opts[:key_pair],
-              'SubnetId'      => opts[:subnet],
-              'UserData'      => user_data(userdata_vars),
-              'BlockDeviceMapping' => [
-                  {
-                      'DeviceName' => '/dev/xvda',
-                      'VirtualName' => 'Root',
-                      'Ebs.VolumeSize' => opts[:storage],
-                      'Ebs.VolumeType' => 'gp2'
-                  }
-              ]
-
-          )
-          instance_id = response.body['instancesSet'].first['instanceId']
-
-          instance = client.servers.get(instance_id)
+          ec2_instance = ec2.create_instances({
+            image_id: ami,
+            min_count: 1,
+            max_count: 1,
+            instance_type: opts[:type],
+            security_group_ids: [security_group.group_id],
+            key_name: opts[:key_pair],
+            subnet_id: subnet.subnet_id,
+            user_data: Base64.encode64(user_data(userdata_vars)),
+            block_device_mappings: [
+              {
+                device_name: '/dev/xvda',
+                virtual_name: 'Root',
+                ebs: {
+                  volume_size: opts[:storage],
+                  volume_type: 'gp2'
+                }
+              }
+            ]
+          }).first
+          ec2_instance.create_tags({
+            tags: [
+              {key: 'Name', value: name}
+            ]
+          })
           ShellSpinner "Creating AWS instance #{name.colorize(:cyan)} " do
-            instance.wait_for { ready? }
-          end
-          if opts[:ssl_cert]
-            master_url = "https://#{instance.public_ip_address}"
-          else
-            master_url = "http://#{instance.public_ip_address}"
+            sleep 5 until ec2_instance.reload.state.name == 'running'
           end
+          master_url = "https://#{ec2_instance.public_ip_address}"
           Excon.defaults[:ssl_verify_peer] = false
-          @http_client = Excon.new("#{master_url}", :connect_timeout => 10)
-
+          http_client = Excon.new(master_url, :connect_timeout => 10)
           ShellSpinner "Waiting for #{name.colorize(:cyan)} to start" do
-            sleep 5 until master_running?
+            sleep 5 until master_running?(http_client)
           end
 
           puts "Kontena Master is now running at #{master_url}"
@@ -92,38 +92,57 @@ module Kontena
         end
 
         ##
-        # @param [String] grid
-        # @return Fog::Compute::AWS::SecurityGroup
+        # @param [String] vpc_id
+        # @return [Aws::EC2::SecurityGroup]
         def ensure_security_group(vpc_id)
           group_name = "kontena_master"
-          if vpc_id
-            client.security_groups.all({'group-name' => group_name, 'vpc-id' => vpc_id}).first || create_security_group(group_name, vpc_id)
-          else
-            client.security_groups.get(group_name) || create_security_group(group_name)
+          sg = ec2.security_groups({
+            filters: [
+              {name: 'group-name', values: [group_name]},
+              {name: 'vpc-id', values: [vpc_id]}
+            ]
+          }).first
+          unless sg
+            ShellSpinner "Creating AWS security group" do
+              sg = create_security_group(group_name, vpc_id)
+            end
           end
+          sg
         end
 
         ##
         # creates security_group and authorizes default port ranges
         #
         # @param [String] name
-        # @return Fog::Compute::AWS::SecurityGroup
+        # @param [String, NilClass] vpc_id
+        # @return Aws::EC2::SecurityGroup
         def create_security_group(name, vpc_id = nil)
-          security_group = client.security_groups.new(:name => name, :description => "Kontena Master", :vpc_id => vpc_id)
-          security_group.save
-
-          security_group.authorize_port_range(80..80)
-          security_group.authorize_port_range(443..443)
-          security_group.authorize_port_range(22..22)
-          security_group
+          sg = ec2.create_security_group({
+            group_name: name,
+            description: "Kontena Master",
+            vpc_id: vpc_id
+          })
+
+          sg.authorize_ingress({
+            ip_protocol: 'tcp',
+            from_port: 443,
+            to_port: 443,
+            cidr_ip: '0.0.0.0/0'
+          })
+
+          sg.authorize_ingress({
+            ip_protocol: 'tcp',
+            from_port: 22,
+            to_port: 22,
+            cidr_ip: '0.0.0.0/0'
+          })
+
+          sg
         end
 
-        def default_subnet(vpc, zone)
-          client.subnets.all('vpc-id' => vpc, 'availabilityZone' => zone).first
-        end
-
-        def default_vpc
-          client.vpcs.all('isDefault' => true).first
+        # @return [String]
+        def region
+          ec2.client.config.region
         end
 
         def user_data(vars)
@@ -135,14 +154,16 @@ module Kontena
           "kontena-master-#{super}-#{rand(1..99)}"
         end
 
-        def master_running?
+        def master_running?(http_client)
           http_client.get(path: '/').status == 200
         rescue
           false
         end
 
         def erb(template, vars)
-          ERB.new(template).result(OpenStruct.new(vars).instance_eval { binding })
+          ERB.new(template).result(
+            OpenStruct.new(vars).instance_eval { binding }
+          )
         end
       end
     end

data/lib/kontena/machine/aws/node_destroyer.rb

@@ -5,7 +5,7 @@ module Kontena
     module Aws
       class NodeDestroyer
 
-        attr_reader :client, :api_client
+        attr_reader :ec2, :api_client
 
         # @param [Kontena::Client] api_client Kontena api client
         # @param [String] access_key_id aws_access_key_id
@@ -13,15 +13,27 @@ module Kontena
         # @param [String] region
         def initialize(api_client, access_key_id, secret_key, region = 'eu-west-1')
           @api_client = api_client
-          @client = Fog::Compute.new(:provider => 'AWS', :aws_access_key_id => access_key_id, :aws_secret_access_key => secret_key, :region => region)
+          @ec2 = ::Aws::EC2::Resource.new(
+            region: region,
+            credentials: ::Aws::Credentials.new(access_key_id, secret_key)
+          )
         end
 
         def run!(grid, name)
-          instance = client.servers.all({'tag:Name' => name}).first
+          instances = ec2.instances({
+            filters: [
+              {name: 'tag:Name', values: [name]}
+            ]
+          })
+          abort("Cannot find AWS instance #{name}") if instances.to_a.size == 0
+          abort("There are multiple instances with name #{name}") if instances.to_a.size > 1
+          instance = instances.first
           if instance
             ShellSpinner "Terminating AWS instance #{name.colorize(:cyan)} " do
-              instance.destroy
-              sleep 2 until client.servers.get(instance.id).state == 'terminated'
+              instance.terminate
+              until instance.reload.state.name.to_s == 'terminated'
+                sleep 2
+              end
             end
           else
             abort "Cannot find instance #{name.colorize(:cyan)} in AWS"

data/lib/kontena/machine/aws/node_provisioner.rb

@@ -11,7 +11,7 @@ module Kontena
         include RandomName
         include Common
 
-        attr_reader :client, :api_client, :region
+        attr_reader :ec2, :api_client
 
         # @param [Kontena::Client] api_client Kontena api client
         # @param [String] access_key_id aws_access_key_id
@@ -19,106 +19,141 @@ module Kontena
         # @param [String] region
         def initialize(api_client, access_key_id, secret_key, region)
           @api_client = api_client
-          @client = Fog::Compute.new(
-            :provider => 'AWS', :aws_access_key_id => access_key_id,
-            :aws_secret_access_key => secret_key, :region => region
+          @ec2 = ::Aws::EC2::Resource.new(
+            region: region, credentials: ::Aws::Credentials.new(access_key_id, secret_key)
           )
         end
 
         # @param [Hash] opts
         def run!(opts)
-          ami = resolve_ami(client.region)
+          ami = resolve_ami(region)
           abort('No valid AMI found for region') unless ami
 
+          opts[:vpc] = default_vpc.vpc_id unless opts[:vpc]
+
           security_group = ensure_security_group(opts[:grid], opts[:vpc])
           name = opts[:name ] || generate_name
 
-          opts[:vpc] = default_vpc.id unless opts[:vpc]
+
           if opts[:subnet].nil?
-            subnet = default_subnet(opts[:vpc], client.region+opts[:zone])
-            opts[:subnet] = subnet.subnet_id
+            subnet = default_subnet(opts[:vpc], region+opts[:zone])
           else
-            subnet = client.subnets.get(opts[:subnet])
+            subnet = ec2.subnet(opts[:subnet])
           end
           dns_server = aws_dns_supported?(opts[:vpc]) ? '169.254.169.253' : '8.8.8.8'
           userdata_vars = {
-              name: name,
-              version: opts[:version],
-              master_uri: opts[:master_uri],
-              grid_token: opts[:grid_token],
-              dns_server: dns_server
+            name: name,
+            version: opts[:version],
+            master_uri: opts[:master_uri],
+            grid_token: opts[:grid_token],
+            dns_server: dns_server
           }
 
-          response = client.run_instances(
-              ami,
-              1,
-              1,
-              'InstanceType'  => opts[:type],
-              'SecurityGroupId' => security_group.group_id,
-              'KeyName'       => opts[:key_pair],
-              'SubnetId'      => opts[:subnet],
-              'UserData'      => user_data(userdata_vars),
-              'BlockDeviceMapping' => [
-                  {
-                      'DeviceName' => '/dev/xvda',
-                      'VirtualName' => 'Root',
-                      'Ebs.VolumeSize' => opts[:storage],
-                      'Ebs.VolumeType' => 'gp2'
-                  }
-              ]
-
-          )
-          instance_id = response.body['instancesSet'].first['instanceId']
+          ec2_instance = ec2.create_instances({
+            image_id: ami,
+            min_count: 1,
+            max_count: 1,
+            instance_type: opts[:type],
+            security_group_ids: [security_group.group_id],
+            key_name: opts[:key_pair],
+            subnet_id: subnet.subnet_id,
+            user_data: Base64.encode64(user_data(userdata_vars)),
+            block_device_mappings: [
+              {
+                device_name: '/dev/xvda',
+                virtual_name: 'Root',
+                ebs: {
+                  volume_size: opts[:storage],
+                  volume_type: 'gp2'
+                }
+              }
+            ]
+          }).first
+          ec2_instance.create_tags({
+            tags: [
+              {key: 'Name', value: name},
+              {key: 'kontena_grid', value: opts[:grid]}
+            ]
+          })
 
-          instance = client.servers.get(instance_id)
           ShellSpinner "Creating AWS instance #{name.colorize(:cyan)} " do
-            instance.wait_for { ready? }
+            sleep 5 until ec2_instance.reload.state.name == 'running'
           end
-          client.create_tags(instance.id, {'Name' => name, 'kontena_grid' => opts[:grid]})
           node = nil
           ShellSpinner "Waiting for node #{name.colorize(:cyan)} join to grid #{opts[:grid].colorize(:cyan)} " do
             sleep 2 until node = instance_exists_in_grid?(opts[:grid], name)
           end
-          labels = ["region=#{client.region}", "az=#{opts[:zone]}"]
+          labels = ["region=#{region}", "az=#{opts[:zone]}"]
           set_labels(node, labels)
         end
 
         ##
         # @param [String] grid
-        # @return Fog::Compute::AWS::SecurityGroup
+        # @return [Aws::EC2::SecurityGroup]
         def ensure_security_group(grid, vpc_id)
           group_name = "kontena_grid_#{grid}"
-          if vpc_id
-            client.security_groups.all({'group-name' => group_name, 'vpc-id' => vpc_id}).first || create_security_group(group_name, vpc_id)
-          else
-            client.security_groups.get(group_name) || create_security_group(group_name)
+          sg = ec2.security_groups({
+            filters: [
+              {name: 'group-name', values: [group_name]},
+              {name: 'vpc-id', values: [vpc_id]}
+            ]
+          }).first
+          unless sg
+            ShellSpinner "Creating AWS security group" do
+              sg = create_security_group(group_name, vpc_id)
+            end
           end
+          sg
         end
 
         ##
         # creates security_group and authorizes default port ranges
         #
         # @param [String] name
-        # @return Fog::Compute::AWS::SecurityGroup
-        def create_security_group(name, vpc_id = nil)
-          security_group = client.security_groups.new(:name => name, :description => "Kontena Node", :vpc_id => vpc_id)
-          security_group.save
-
-          security_group.authorize_port_range(80..80)
-          security_group.authorize_port_range(443..443)
-          security_group.authorize_port_range(22..22)
-          security_group.authorize_port_range(1194..1194, ip_protocol: 'udp')
-          security_group.authorize_port_range(6783..6783, group: {security_group.owner_id => security_group.group_id}, ip_protocol: 'tcp')
-          security_group.authorize_port_range(6783..6784, group: {security_group.owner_id => security_group.group_id}, ip_protocol: 'udp')
-          security_group
-        end
-
-        def default_subnet(vpc, zone)
-          client.subnets.all('vpc-id' => vpc, 'availabilityZone' => zone).first
+        # @param [String] vpc_id
+        # @return [Aws::EC2::SecurityGroup]
+        def create_security_group(name, vpc_id)
+          sg = ec2.create_security_group({
+            group_name: name,
+            description: "Kontena Grid",
+            vpc_id: vpc_id
+          })
+
+          sg.authorize_ingress({ # SSH
+            ip_protocol: 'tcp', from_port: 22, to_port: 22, cidr_ip: '0.0.0.0/0'
+          })
+          sg.authorize_ingress({ # HTTP
+            ip_protocol: 'tcp', from_port: 80, to_port: 80, cidr_ip: '0.0.0.0/0'
+          })
+          sg.authorize_ingress({ # HTTPS
+            ip_protocol: 'tcp', from_port: 443, to_port: 443, cidr_ip: '0.0.0.0/0'
+          })
+          sg.authorize_ingress({ # OpenVPN
+            ip_protocol: 'udp', from_port: 1194, to_port: 1194, cidr_ip: '0.0.0.0/0'
+          })
+          sg.authorize_ingress({ # Overlay / Weave network
+            ip_permissions: [
+              {
+                from_port: 6783, to_port: 6783, ip_protocol: 'tcp',
+                user_id_group_pairs: [
+                  { group_id: sg.group_id, vpc_id: vpc_id }
+                ]
+              },
+              {
+                from_port: 6783, to_port: 6784, ip_protocol: 'udp',
+                user_id_group_pairs: [
+                  { group_id: sg.group_id, vpc_id: vpc_id }
+                ]
+              }
+            ]
+          })
+
+          sg
         end
 
-        def default_vpc
-          client.vpcs.all('isDefault' => true).first
+        # @return [String]
+        def region
+          ec2.client.config.region
         end
 
         def user_data(vars)
@@ -138,15 +173,20 @@ module Kontena
           ERB.new(template).result(OpenStruct.new(vars).instance_eval { binding })
         end
 
+        # @param [Hash] node
+        # @param [Array<String>] labels
         def set_labels(node, labels)
           data = {}
           data[:labels] = labels
           api_client.put("nodes/#{node['id']}", data, {}, {'Kontena-Grid-Token' => node['grid']['token']})
         end
 
+        # @param [String] vpc_id
+        # @return [Boolean]
         def aws_dns_supported?(vpc_id)
-          response = client.describe_vpc_attribute(vpc_id,'enableDnsSupport')
-          response.data[:body]['enableDnsSupport']
+          vpc = ec2.vpc(vpc_id)
+          response = vpc.describe_attribute({attribute: 'enableDnsSupport'})
+          response.enable_dns_support
         end
       end
     end

data/lib/kontena/machine/cert_helper.rb

@@ -0,0 +1,39 @@
+require 'openssl'
+
+module Kontena
+  module Machine
+    module CertHelper
+
+      def generate_self_signed_cert
+        key = OpenSSL::PKey::RSA.new(2048)
+        public_key = key.public_key
+
+        subject = "/C=FI/O=Test/OU=Test/CN=Test"
+
+        cert = OpenSSL::X509::Certificate.new
+        cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
+        cert.not_before = Time.now
+        cert.not_after = Time.now + (10 * 365 * 24 * 60 * 60)
+        cert.public_key = public_key
+        cert.serial = 0x0
+        cert.version = 2
+
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = cert
+        ef.issuer_certificate = cert
+        cert.extensions = [
+          ef.create_extension("basicConstraints","CA:TRUE", true),
+          ef.create_extension("subjectKeyIdentifier", "hash")
+        ]
+        cert.add_extension ef.create_extension("authorityKeyIdentifier",
+                                               "keyid:always,issuer:always")
+
+        cert.sign key, OpenSSL::Digest::SHA1.new
+
+        pem = cert.to_pem
+        pem << key.to_s
+        pem
+      end
+    end
+  end
+end

data/spec/kontena/cli/master/users/remove_command_spec.rb

@@ -0,0 +1,28 @@
+require_relative "../../../../spec_helper"
+require 'kontena/cli/master/users_command'
+require "kontena/cli/master/users/remove_command"
+
+describe Kontena::Cli::Master::Users::RemoveCommand do
+
+  include ClientHelpers
+
+  describe '#execute' do
+
+    it 'requires api url' do
+      expect(subject).to receive(:require_api_url).once
+      subject.run(['john@domain.com'])
+    end
+
+    it 'requires token' do
+      expect(subject).to receive(:require_token).and_return(token)
+      subject.run(['john@domain.com'])
+    end
+
+    it 'sends email to master' do
+      expect(client).to receive(:delete).with(
+        'users/john@domain.com'
+      )
+      subject.run(['john@domain.com'])
+    end
+  end
+end

data/spec/kontena/cli/services/containers_command_spec.rb

@@ -0,0 +1,48 @@
+require_relative "../../../spec_helper"
+require "kontena/cli/services/containers_command"
+
+describe Kontena::Cli::Services::ContainersCommand do
+
+  include ClientHelpers
+
+  describe '#execute' do
+
+    before(:each) do
+      allow(client).to receive(:get).and_return({
+        'containers' => []
+      })
+    end
+
+    it 'requires api url' do
+      expect(subject).to receive(:require_api_url).once
+      subject.run(['service-a'])
+    end
+
+    it 'requires token' do
+      expect(subject).to receive(:require_token).and_return(token)
+      subject.run(['service-a'])
+    end
+
+    it 'to not throw on missing "overlay_cidr" property' do
+      allow(client).to receive(:get).and_return({
+        'containers' => [
+          {'id' => "service-a-id", 'node' => {'public_ip' => ""}}
+        ]
+      })
+      expect {
+        subject.run(['service-a'])
+      }.to_not raise_error(NoMethodError)
+    end
+
+    it 'to not throw on nil "overlay_cidr" property' do
+      allow(client).to receive(:get).and_return({
+        'containers' => [
+          {'id' => "service-a-id", 'node' => {'public_ip' => ""}, 'overlay_cidr' => nil}
+        ]
+      })
+      expect {
+        subject.run(['service-a'])
+      }.to_not raise_error(NoMethodError)
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kontena-cli
 version: !ruby/object:Gem::Version
-  version: 0.12.0
+  version: 0.12.1
 platform: ruby
 authors:
 - Kontena, Inc
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-04-04 00:00:00.000000000 Z
+date: 2016-04-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -205,6 +205,7 @@ files:
 - lib/kontena/cli/master/users/add_role_command.rb
 - lib/kontena/cli/master/users/invite_command.rb
 - lib/kontena/cli/master/users/list_command.rb
+- lib/kontena/cli/master/users/remove_command.rb
 - lib/kontena/cli/master/users/remove_role_command.rb
 - lib/kontena/cli/master/users_command.rb
 - lib/kontena/cli/master/vagrant/create_command.rb
@@ -305,6 +306,7 @@ files:
 - lib/kontena/machine/azure/master_provisioner.rb
 - lib/kontena/machine/azure/node_destroyer.rb
 - lib/kontena/machine/azure/node_provisioner.rb
+- lib/kontena/machine/cert_helper.rb
 - lib/kontena/machine/cloud_config/cloudinit.yml
 - lib/kontena/machine/cloud_config/node_generator.rb
 - lib/kontena/machine/common.rb
@@ -339,9 +341,11 @@ files:
 - spec/kontena/cli/master/use_command_spec.rb
 - spec/kontena/cli/master/users/add_role_command_spec.rb
 - spec/kontena/cli/master/users/invite_command_spec.rb
+- spec/kontena/cli/master/users/remove_command_spec.rb
 - spec/kontena/cli/master/users/remove_role_command_spec.rb
 - spec/kontena/cli/register_command_spec.rb
 - spec/kontena/cli/services/add_secret_command_spec.rb
+- spec/kontena/cli/services/containers_command_spec.rb
 - spec/kontena/cli/services/link_command_spec.rb
 - spec/kontena/cli/services/remove_secret_command_spec.rb
 - spec/kontena/cli/services/restart_command_spec.rb
@@ -391,9 +395,11 @@ test_files:
 - spec/kontena/cli/master/use_command_spec.rb
 - spec/kontena/cli/master/users/add_role_command_spec.rb
 - spec/kontena/cli/master/users/invite_command_spec.rb
+- spec/kontena/cli/master/users/remove_command_spec.rb
 - spec/kontena/cli/master/users/remove_role_command_spec.rb
 - spec/kontena/cli/register_command_spec.rb
 - spec/kontena/cli/services/add_secret_command_spec.rb
+- spec/kontena/cli/services/containers_command_spec.rb
 - spec/kontena/cli/services/link_command_spec.rb
 - spec/kontena/cli/services/remove_secret_command_spec.rb
 - spec/kontena/cli/services/restart_command_spec.rb