shiprails 0.1.7 → 0.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1c32b0a8dd0dfb9748f6638795d209ff1851e018
4
- data.tar.gz: 558a8c9922e386130f411b446cb469018b6785fd
3
+ metadata.gz: 1878eb1296320d879905bda3093f0af3e5298398
4
+ data.tar.gz: e79061e717bf641b91d9d5df435f33bf1eefa6e4
5
5
  SHA512:
6
- metadata.gz: f477b73820f0046ff2c42952482c5b8b28def379a3df2e5dec8f44bd165d9df05bc78c57e67f747d141a12cff85c984a04f95c0fbf0c5be9a360477d59f0e1d1
7
- data.tar.gz: 37b8bb889c1d0ffe99f34163400b73321e54d8623feb8a4d356cf3725acecf34d3952f7509958b0ceb67fd516fcc95081ce998f55abef1a2d4d915c8279ce12a
6
+ metadata.gz: 7f3080cb6c49ab53da8d051b21d8f2338106abe3a1f5286cda7eaf8952f8b9a3b4059f3be770aa18b252c585b7355cb2ccd51c087b5e184e23cb71df9d79112b
7
+ data.tar.gz: b52e0f417d1858d24173a60ffb6af5140622d48970563fb1bd2942a95c486d80468e20459be478ca11b9709ac7f575af144ac36fb0ef80a34a9e66132cded8c7
@@ -102,26 +102,44 @@ module Shiprails
102
102
  # get its current security groups to restory later
103
103
  security_group_ids = ec2_instance.security_groups.map(&:group_id)
104
104
 
105
- # create security group for us
106
- security_group_response = ec2.create_security_group({
107
- group_name: "shiprails-exec-#{cluster}-#{Time.now.to_i}",
108
- description: "SSH access to run interactive command (created by #{`whoami`.rstrip} via shiprails)",
109
- vpc_id: ec2_instance.vpc_id
110
- })
111
- # get our public ip
112
- my_ip_address = open('http://whatismyip.akamai.com').read
113
- # authorize SSH access from our public ip
114
- ec2.authorize_security_group_ingress({
115
- group_id: security_group_response.group_id,
116
- ip_protocol: "tcp",
117
- from_port: 22,
118
- to_port: 22,
119
- cidr_ip: "#{my_ip_address}/32"
120
- })
121
- # add ec2 instance to our new security group
105
+ vpcs = ec2.describe_vpcs.vpcs
106
+ vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.try(:value) == cluster }
107
+ vpc_security_groups = ec2.describe_security_groups({
108
+ filters: [
109
+ {
110
+ name: "vpc-id",
111
+ values: [
112
+ vpc.vpc_id
113
+ ],
114
+ },
115
+ ],
116
+ }).security_groups
117
+ team_access_security_group = vpc_security_groups.find{ |group| group.group_name == "team-access-#{cluster}" }
118
+ if team_access_security_group.nil?
119
+ # create security group for us
120
+ team_access_security_group = ec2.create_security_group({
121
+ group_name: "team-access-#{cluster}",
122
+ description: "Ingress for team members",
123
+ vpc_id: vpc.vpc_id
124
+ })
125
+ end
126
+ begin
127
+ # get our public ip
128
+ my_ip_address = open('http://whatismyip.akamai.com').read
129
+ # authorize SSH access from our public ip
130
+ ec2.authorize_security_group_ingress({
131
+ group_id: team_access_security_group.group_id,
132
+ ip_protocol: "tcp",
133
+ from_port: 22,
134
+ to_port: 22,
135
+ cidr_ip: "#{my_ip_address}/32"
136
+ })
137
+ rescue Aws::EC2::Errors::InvalidPermissionDuplicate => e
138
+ end
139
+ # add ec2 instance to team access security group
122
140
  ec2.modify_instance_attribute({
123
141
  instance_id: ec2_instance_id,
124
- groups: security_group_ids + [security_group_response.group_id]
142
+ groups: security_group_ids + [team_access_security_group.group_id]
125
143
  })
126
144
 
127
145
  # build the command we'll run on the instance
@@ -141,11 +159,12 @@ module Shiprails
141
159
  command_string = command_array.join ' '
142
160
 
143
161
  say "Waiting for AWS to setup networking..."
144
- sleep 5 # AWS just needs a little bit to setup networking
162
+ # sleep 5 # AWS just needs a little bit to setup networking
145
163
  say "Connecting #{ssh_user}@#{ec2_instance.public_ip_address}..."
146
164
  say "Executing: $ #{command_string}"
147
165
  system "ssh -o ConnectTimeout=15 -o 'StrictHostKeyChecking no' -t -i #{ssh_private_key_path} #{ssh_user}@#{ec2_instance.public_ip_address} '#{command_string}'"
148
166
  rescue => e
167
+ puts e.inspect
149
168
  say "Error: #{e.message}", :red
150
169
  ensure
151
170
  say "Cleaning up SSH access..."
@@ -154,8 +173,6 @@ module Shiprails
154
173
  instance_id: ec2_instance_id,
155
174
  groups: security_group_ids
156
175
  }) rescue nil
157
- # remove our access security group
158
- ec2.delete_security_group({ group_id: security_group_response.group_id }) rescue nil
159
176
  say "Done.", :green
160
177
  end
161
178
 
@@ -83,25 +83,36 @@ module Shiprails
83
83
  break
84
84
  end
85
85
  cidr_blocks = NetAddr::CIDR.create(vpc_cidr_block).subnet(:Bits => bits, :NumSubnets => availability_zones.count)
86
+ v6_cidr_blocks = NetAddr::CIDR.create(vpc.ipv_6_cidr_block_association_set.first.ipv_6_cidr_block).subnet(:Bits => 64, :NumSubnets => availability_zones.count)
86
87
  availability_zones.each_with_index do |zone, idx|
87
88
  ec2.create_subnet({
88
89
  vpc_id: vpc.vpc_id,
89
90
  cidr_block: cidr_blocks[idx],
90
- ipv_6_cidr_block: "2001:db8:1234:1a#{idx.to_s.rjust(2, '0')}::/64",
91
+ ipv_6_cidr_block: v6_cidr_blocks[idx],
91
92
  availability_zone: zone.zone_name,
92
93
  })
93
94
  say "Created subnet for #{zone.zone_name} availability zone (#{vpc_name})."
94
95
  end
95
- ec2.create_route_table({
96
- vpc_id: vpc.vpc_id,
97
- })
98
- say "Created route table for #{vpc_name}."
99
96
  ig = ec2.create_internet_gateway.internet_gateway
100
97
  ec2.attach_internet_gateway({
101
98
  internet_gateway_id: ig.internet_gateway_id,
102
99
  vpc_id: vpc.vpc_id,
103
100
  })
104
101
  say "Created internet gateway for #{vpc_name}."
102
+ route_table = ec2.create_route_table({
103
+ vpc_id: vpc.vpc_id,
104
+ }).route_table
105
+ say "Created route table for #{vpc_name}."
106
+ ec2.create_route({
107
+ destination_cidr_block: "0.0.0.0/0",
108
+ gateway_id: ig.internet_gateway_id,
109
+ route_table_id: route_table.route_table_id,
110
+ })
111
+ ec2.create_route({
112
+ destination_cidr_block: "::/0",
113
+ gateway_id: ig.internet_gateway_id,
114
+ route_table_id: route_table.route_table_id,
115
+ })
105
116
  # rescue Aws::IAM::Errors::EntityAlreadyExists => err
106
117
  end
107
118
  say "Created #{vpc_name} VPC."
@@ -124,63 +135,73 @@ module Shiprails
124
135
  unless completed_vpcs.include? vpc_name
125
136
  begin
126
137
  vpcs = ec2.describe_vpcs.vpcs
127
- vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.value == vpc_name }
138
+ vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.try(:value) == vpc_name }
128
139
  ecs_security_group_id = ec2.create_security_group({
129
140
  group_name: "ecs-#{vpc_name}",
130
141
  description: "ECS cluster instances",
131
142
  vpc_id: vpc.vpc_id
132
143
  }).group_id
144
+ ecs_security_group = Aws::EC2::SecurityGroup.new(client: ec2, id: ecs_security_group_id)
133
145
  elb_security_group_id = ec2.create_security_group({
134
146
  group_name: "elb-#{vpc_name}",
135
147
  description: "ELB instances",
136
148
  vpc_id: vpc.vpc_id
137
149
  }).group_id
150
+ elb_security_group = Aws::EC2::SecurityGroup.new(client: ec2, id: elb_security_group_id)
138
151
  public_web_security_group_id = ec2.create_security_group({
139
152
  group_name: "public-web-#{vpc_name}",
140
153
  description: "Public web ingress",
141
154
  vpc_id: vpc.vpc_id
142
155
  }).group_id
156
+ public_web_security_group = Aws::EC2::SecurityGroup.new(client: ec2, id: public_web_security_group_id)
143
157
  datastores_security_group_id = ec2.create_security_group({
144
158
  group_name: "datastores-#{vpc_name}",
145
159
  description: "RDS, ElastiCache, etc. instances",
146
160
  vpc_id: vpc.vpc_id
147
161
  }).group_id
162
+ datastores_security_group = Aws::EC2::SecurityGroup.new(client: ec2, id: datastores_security_group_id)
148
163
  team_access_security_group_id = ec2.create_security_group({
149
164
  group_name: "team-access-#{vpc_name}",
150
165
  description: "Ingress for team members",
151
166
  vpc_id: vpc.vpc_id
152
167
  }).group_id
168
+ team_access_security_group = Aws::EC2::SecurityGroup.new(client: ec2, id: team_access_security_group_id)
153
169
  # allow ECS instances to receive traffic from ELBs
154
- ec2.authorize_security_group_ingress({
155
- group_id: ecs_security_group_id,
156
- source_security_group_name: "elb-#{vpc_name}",
170
+ ecs_security_group.authorize_ingress({
171
+ ip_permissions: [
172
+ {
173
+ from_port: "-1",
174
+ to_port: "-1",
175
+ ip_protocol: "-1",
176
+ user_id_group_pairs: [{
177
+ group_id: elb_security_group.id,
178
+ vpc_id: vpc.vpc_id,
179
+ }],
180
+ }
181
+ ]
157
182
  })
158
183
  # allow public web group to receive traffic from the web
159
184
  ec2.authorize_security_group_ingress({
160
185
  group_id: public_web_security_group_id,
161
186
  ip_permissions: [
162
187
  {
163
- prefix_list_ids: [],
164
188
  from_port: "80",
165
189
  ip_ranges: [{
166
190
  cidr_ip: "0.0.0.0/0"
167
191
  }],
168
192
  to_port: "80",
169
193
  ip_protocol: "tcp",
170
- user_id_group_pairs: [],
171
194
  ipv_6_ranges: [{
172
195
  cidr_ipv_6: "::/0"
173
196
  }]
174
197
  },
175
198
  {
176
- prefix_list_ids: [],
177
199
  from_port: "443",
178
200
  ip_ranges: [{
179
201
  cidr_ip: "0.0.0.0/0"
180
202
  }],
181
203
  to_port: "443",
182
204
  ip_protocol: "-1",
183
- user_id_group_pairs: [],
184
205
  ipv_6_ranges: [{
185
206
  cidr_ipv_6: "::/0"
186
207
  }]
@@ -188,58 +209,32 @@ module Shiprails
188
209
  ]
189
210
  })
190
211
  # allow datastore instances to receive traffic from ECS instances
191
- current_ip_address = `curl http://ipecho.net/plain`
212
+ current_ip_address = open('http://whatismyip.akamai.com').read
192
213
  ec2.authorize_security_group_ingress({
193
214
  group_id: team_access_security_group_id,
194
215
  ip_permissions: [
195
216
  {
196
- prefix_list_ids: [],
197
217
  from_port: "-1",
198
218
  ip_ranges: [{
199
219
  cidr_ip: "#{current_ip_address}/32"
200
220
  }],
201
221
  to_port: "-1",
202
222
  ip_protocol: "-1",
203
- user_id_group_pairs: [],
204
- ipv_6_ranges: []
205
223
  },
206
224
  ]
207
225
  })
208
226
  # allow ELBs to access ECS instances
209
- ec2.authorize_security_group_egress({
210
- group_id: elb_security_group_id,
211
- source_security_group_name: "ecs-#{vpc_name}",
212
- })
213
- # allow ECS instances to access the public web
214
- ec2.authorize_security_group_egress({
215
- group_id: ecs_security_group_id,
227
+ elb_security_group.authorize_egress({
216
228
  ip_permissions: [
217
229
  {
218
- prefix_list_ids: [],
219
- from_port: "80",
220
- ip_ranges: [{
221
- cidr_ip: "0.0.0.0/0"
222
- }],
223
- to_port: "80",
224
- ip_protocol: "tcp",
225
- user_id_group_pairs: [],
226
- ipv_6_ranges: [{
227
- cidr_ipv_6: "::/0"
228
- }]
229
- },
230
- {
231
- prefix_list_ids: [],
232
- from_port: "443",
233
- ip_ranges: [{
234
- cidr_ip: "0.0.0.0/0"
235
- }],
236
- to_port: "443",
230
+ from_port: "-1",
231
+ to_port: "-1",
237
232
  ip_protocol: "-1",
238
- user_id_group_pairs: [],
239
- ipv_6_ranges: [{
240
- cidr_ipv_6: "::/0"
241
- }]
242
- },
233
+ user_id_group_pairs: [{
234
+ group_id: ecs_security_group.id,
235
+ vpc_id: vpc.vpc_id,
236
+ }],
237
+ }
243
238
  ]
244
239
  })
245
240
  rescue Aws::EC2::Errors::InvalidGroupDuplicate => err
@@ -269,7 +264,10 @@ module Shiprails
269
264
  })
270
265
  File.open("#{project_name}.pem", 'w') { |file| file.write(key_pair.key_material) }
271
266
  FileUtils.chmod 0600, "#{project_name}.pem"
267
+ rescue Aws::EC2::Errors::InvalidKeyPairDuplicate => err
268
+ say "Key pair #{project_name} already exists."
272
269
  end
270
+ created_key_pairs << key_pair_name
273
271
  end
274
272
  end
275
273
  end
@@ -322,6 +320,13 @@ module Shiprails
322
320
  path: "/",
323
321
  role_name: role_name,
324
322
  })
323
+ iam.create_instance_profile({
324
+ instance_profile_name: role_name,
325
+ })
326
+ iam.add_role_to_instance_profile({
327
+ instance_profile_name: role_name,
328
+ role_name: role_name,
329
+ })
325
330
  iam.attach_role_policy({
326
331
  policy_arn: "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role",
327
332
  role_name: role_name,
@@ -496,7 +501,7 @@ module Shiprails
496
501
  }).images
497
502
  image = images.sort_by(&:name).last # get the newest version
498
503
  vpcs = ec2.describe_vpcs.vpcs
499
- vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.value == "#{project_name}_#{environment_name}" }
504
+ vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.try(:value) == "#{project_name}_#{environment_name}" }
500
505
  security_groups = ec2.describe_security_groups({
501
506
  filters: [
502
507
  {
@@ -529,7 +534,7 @@ module Shiprails
529
534
  user_data: Base64.encode64("#!/bin/bash
530
535
  echo ECS_CLUSTER=#{project_name}_#{environment_name} >> /etc/ecs/ecs.config"),
531
536
  })
532
- rescue Aws::AutoScaling::Errors::AlreadyExistsFault
537
+ rescue Aws::AutoScaling::Errors::AlreadyExists
533
538
  say "TODO: update LaunchConfiguration with latest stuff.", :blue
534
539
  end
535
540
  created_launch_configurations << launch_configuration_name
@@ -551,7 +556,7 @@ echo ECS_CLUSTER=#{project_name}_#{environment_name} >> /etc/ecs/ecs.config"),
551
556
  unless created_auto_scaling_groups.include? group_name
552
557
  ec2 = Aws::EC2::Client.new region: region_name.to_s
553
558
  vpcs = ec2.describe_vpcs.vpcs
554
- vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.value == "#{project_name}_#{environment_name}" }
559
+ vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.try(:value) == "#{project_name}_#{environment_name}" }
555
560
  subnets = ec2.describe_subnets({
556
561
  filters: [
557
562
  {
@@ -576,7 +581,7 @@ echo ECS_CLUSTER=#{project_name}_#{environment_name} >> /etc/ecs/ecs.config"),
576
581
  min_size: 1,
577
582
  vpc_zone_identifier: subnets_in_region.join(',')
578
583
  })
579
- rescue Aws::AutoScaling::Errors::AlreadyExistsFault
584
+ rescue Aws::AutoScaling::Errors::AlreadyExists
580
585
  say "TODO: update AutoScaling Group with latest stuff like LaunchConfiguration name.", :blue
581
586
  end
582
587
  created_auto_scaling_groups << group_name
@@ -1,3 +1,3 @@
1
1
  module Shiprails
2
- VERSION = "0.1.7"
2
+ VERSION = "0.1.9"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shiprails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.7
4
+ version: 0.1.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Zane Shannon
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-05-15 00:00:00.000000000 Z
11
+ date: 2017-05-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport