shiprails 0.1.7 → 0.1.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1c32b0a8dd0dfb9748f6638795d209ff1851e018
-  data.tar.gz: 558a8c9922e386130f411b446cb469018b6785fd
+  metadata.gz: 1878eb1296320d879905bda3093f0af3e5298398
+  data.tar.gz: e79061e717bf641b91d9d5df435f33bf1eefa6e4
 SHA512:
-  metadata.gz: f477b73820f0046ff2c42952482c5b8b28def379a3df2e5dec8f44bd165d9df05bc78c57e67f747d141a12cff85c984a04f95c0fbf0c5be9a360477d59f0e1d1
-  data.tar.gz: 37b8bb889c1d0ffe99f34163400b73321e54d8623feb8a4d356cf3725acecf34d3952f7509958b0ceb67fd516fcc95081ce998f55abef1a2d4d915c8279ce12a
+  metadata.gz: 7f3080cb6c49ab53da8d051b21d8f2338106abe3a1f5286cda7eaf8952f8b9a3b4059f3be770aa18b252c585b7355cb2ccd51c087b5e184e23cb71df9d79112b
+  data.tar.gz: b52e0f417d1858d24173a60ffb6af5140622d48970563fb1bd2942a95c486d80468e20459be478ca11b9709ac7f575af144ac36fb0ef80a34a9e66132cded8c7

data/lib/shiprails/ship/exec.rb

@@ -102,26 +102,44 @@ module Shiprails
         # get its current security groups to restory later
         security_group_ids = ec2_instance.security_groups.map(&:group_id)
 
-        # create security group for us
-        security_group_response = ec2.create_security_group({
-          group_name: "shiprails-exec-#{cluster}-#{Time.now.to_i}",
-          description: "SSH access to run interactive command (created by #{`whoami`.rstrip} via shiprails)",
-          vpc_id: ec2_instance.vpc_id
-        })
-        # get our public ip
-        my_ip_address = open('http://whatismyip.akamai.com').read
-        # authorize SSH access from our public ip
-        ec2.authorize_security_group_ingress({
-          group_id: security_group_response.group_id,
-          ip_protocol: "tcp",
-          from_port: 22,
-          to_port: 22,
-          cidr_ip: "#{my_ip_address}/32"
-        })
-        # add ec2 instance to our new security group
+        vpcs = ec2.describe_vpcs.vpcs
+        vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.try(:value) == cluster }
+        vpc_security_groups = ec2.describe_security_groups({
+          filters: [
+            {
+              name: "vpc-id",
+              values: [
+                vpc.vpc_id
+              ],
+            },
+          ],
+        }).security_groups
+        team_access_security_group = vpc_security_groups.find{ |group| group.group_name == "team-access-#{cluster}" }
+        if team_access_security_group.nil?
+          # create security group for us
+          team_access_security_group = ec2.create_security_group({
+            group_name: "team-access-#{cluster}",
+            description: "Ingress for team members",
+            vpc_id: vpc.vpc_id
+          })
+        end
+        begin
+          # get our public ip
+          my_ip_address = open('http://whatismyip.akamai.com').read
+          # authorize SSH access from our public ip
+          ec2.authorize_security_group_ingress({
+            group_id: team_access_security_group.group_id,
+            ip_protocol: "tcp",
+            from_port: 22,
+            to_port: 22,
+            cidr_ip: "#{my_ip_address}/32"
+          })
+        rescue Aws::EC2::Errors::InvalidPermissionDuplicate => e
+        end
+        # add ec2 instance to team access security group
         ec2.modify_instance_attribute({
           instance_id: ec2_instance_id,
-          groups: security_group_ids + [security_group_response.group_id]
+          groups: security_group_ids + [team_access_security_group.group_id]
         })
 
         # build the command we'll run on the instance
@@ -141,11 +159,12 @@ module Shiprails
         command_string = command_array.join ' '
 
         say "Waiting for AWS to setup networking..."
-        sleep 5 # AWS just needs a little bit to setup networking
+        # sleep 5 # AWS just needs a little bit to setup networking
         say "Connecting #{ssh_user}@#{ec2_instance.public_ip_address}..."
         say "Executing: $ #{command_string}"
         system "ssh -o ConnectTimeout=15 -o 'StrictHostKeyChecking no' -t -i #{ssh_private_key_path} #{ssh_user}@#{ec2_instance.public_ip_address} '#{command_string}'"
       rescue => e
+        puts e.inspect
         say "Error: #{e.message}", :red
       ensure
         say "Cleaning up SSH access..."
@@ -154,8 +173,6 @@ module Shiprails
           instance_id: ec2_instance_id,
           groups: security_group_ids
         }) rescue nil
-        # remove our access security group
-        ec2.delete_security_group({ group_id: security_group_response.group_id }) rescue nil
         say "Done.", :green
       end
 

data/lib/shiprails/ship/setup.rb

@@ -83,25 +83,36 @@ module Shiprails
                     break
                   end
                   cidr_blocks = NetAddr::CIDR.create(vpc_cidr_block).subnet(:Bits => bits, :NumSubnets => availability_zones.count)
+                  v6_cidr_blocks = NetAddr::CIDR.create(vpc.ipv_6_cidr_block_association_set.first.ipv_6_cidr_block).subnet(:Bits => 64, :NumSubnets => availability_zones.count)
                   availability_zones.each_with_index do |zone, idx|
                     ec2.create_subnet({
                       vpc_id: vpc.vpc_id,
                       cidr_block: cidr_blocks[idx],
-                      ipv_6_cidr_block: "2001:db8:1234:1a#{idx.to_s.rjust(2, '0')}::/64",
+                      ipv_6_cidr_block: v6_cidr_blocks[idx],
                       availability_zone: zone.zone_name,
                     })
                     say "Created subnet for #{zone.zone_name} availability zone (#{vpc_name})."
                   end
-                  ec2.create_route_table({
-                    vpc_id: vpc.vpc_id,
-                  })
-                  say "Created route table for #{vpc_name}."
                   ig = ec2.create_internet_gateway.internet_gateway
                   ec2.attach_internet_gateway({
                     internet_gateway_id: ig.internet_gateway_id,
                     vpc_id: vpc.vpc_id,
                   })
                   say "Created internet gateway for #{vpc_name}."
+                  route_table = ec2.create_route_table({
+                    vpc_id: vpc.vpc_id,
+                  }).route_table
+                  say "Created route table for #{vpc_name}."
+                  ec2.create_route({
+                    destination_cidr_block: "0.0.0.0/0",
+                    gateway_id: ig.internet_gateway_id,
+                    route_table_id: route_table.route_table_id,
+                  })
+                  ec2.create_route({
+                    destination_cidr_block: "::/0",
+                    gateway_id: ig.internet_gateway_id,
+                    route_table_id: route_table.route_table_id,
+                  })
                 # rescue Aws::IAM::Errors::EntityAlreadyExists => err
                 end
                 say "Created #{vpc_name} VPC."
@@ -124,63 +135,73 @@ module Shiprails
               unless completed_vpcs.include? vpc_name
                 begin
                   vpcs = ec2.describe_vpcs.vpcs
-                  vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.value == vpc_name }
+                  vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.try(:value) == vpc_name }
                   ecs_security_group_id = ec2.create_security_group({
                     group_name: "ecs-#{vpc_name}",
                     description: "ECS cluster instances",
                     vpc_id: vpc.vpc_id
                   }).group_id
+                  ecs_security_group = Aws::EC2::SecurityGroup.new(client: ec2, id: ecs_security_group_id)
                   elb_security_group_id = ec2.create_security_group({
                     group_name: "elb-#{vpc_name}",
                     description: "ELB instances",
                     vpc_id: vpc.vpc_id
                   }).group_id
+                  elb_security_group = Aws::EC2::SecurityGroup.new(client: ec2, id: elb_security_group_id)
                   public_web_security_group_id = ec2.create_security_group({
                     group_name: "public-web-#{vpc_name}",
                     description: "Public web ingress",
                     vpc_id: vpc.vpc_id
                   }).group_id
+                  public_web_security_group = Aws::EC2::SecurityGroup.new(client: ec2, id: public_web_security_group_id)
                   datastores_security_group_id = ec2.create_security_group({
                     group_name: "datastores-#{vpc_name}",
                     description: "RDS, ElastiCache, etc. instances",
                     vpc_id: vpc.vpc_id
                   }).group_id
+                  datastores_security_group = Aws::EC2::SecurityGroup.new(client: ec2, id: datastores_security_group_id)
                   team_access_security_group_id = ec2.create_security_group({
                     group_name: "team-access-#{vpc_name}",
                     description: "Ingress for team members",
                     vpc_id: vpc.vpc_id
                   }).group_id
+                  team_access_security_group = Aws::EC2::SecurityGroup.new(client: ec2, id: team_access_security_group_id)
                   # allow ECS instances to receive traffic from ELBs
-                  ec2.authorize_security_group_ingress({
-                    group_id: ecs_security_group_id,
-                    source_security_group_name: "elb-#{vpc_name}",
+                  ecs_security_group.authorize_ingress({
+                    ip_permissions: [
+                      {
+                        from_port: "-1",
+                        to_port: "-1",
+                        ip_protocol: "-1",
+                        user_id_group_pairs: [{
+                          group_id: elb_security_group.id,
+                          vpc_id: vpc.vpc_id,
+                        }],
+                      }
+                    ]
                   })
                   # allow public web group to receive traffic from the web
                   ec2.authorize_security_group_ingress({
                     group_id: public_web_security_group_id,
                     ip_permissions: [
                       {
-                        prefix_list_ids: [],
                         from_port: "80",
                         ip_ranges: [{
                           cidr_ip: "0.0.0.0/0"
                         }],
                         to_port: "80",
                         ip_protocol: "tcp",
-                        user_id_group_pairs: [],
                         ipv_6_ranges: [{
                           cidr_ipv_6: "::/0"
                         }]
                       },
                       {
-                        prefix_list_ids: [],
                         from_port: "443",
                         ip_ranges: [{
                           cidr_ip: "0.0.0.0/0"
                         }],
                         to_port: "443",
                         ip_protocol: "-1",
-                        user_id_group_pairs: [],
                         ipv_6_ranges: [{
                           cidr_ipv_6: "::/0"
                         }]
@@ -188,58 +209,32 @@ module Shiprails
                     ]
                   })
                   # allow datastore instances to receive traffic from ECS instances
-                  current_ip_address = `curl http://ipecho.net/plain`
+                  current_ip_address = open('http://whatismyip.akamai.com').read
                   ec2.authorize_security_group_ingress({
                     group_id: team_access_security_group_id,
                     ip_permissions: [
                       {
-                        prefix_list_ids: [],
                         from_port: "-1",
                         ip_ranges: [{
                           cidr_ip: "#{current_ip_address}/32"
                         }],
                         to_port: "-1",
                         ip_protocol: "-1",
-                        user_id_group_pairs: [],
-                        ipv_6_ranges: []
                       },
                     ]
                   })
                   # allow ELBs to access ECS instances
-                  ec2.authorize_security_group_egress({
-                    group_id: elb_security_group_id,
-                    source_security_group_name: "ecs-#{vpc_name}",
-                  })
-                  # allow ECS instances to access the public web
-                  ec2.authorize_security_group_egress({
-                    group_id: ecs_security_group_id,
+                  elb_security_group.authorize_egress({
                     ip_permissions: [
                       {
-                        prefix_list_ids: [],
-                        from_port: "80",
-                        ip_ranges: [{
-                          cidr_ip: "0.0.0.0/0"
-                        }],
-                        to_port: "80",
-                        ip_protocol: "tcp",
-                        user_id_group_pairs: [],
-                        ipv_6_ranges: [{
-                          cidr_ipv_6: "::/0"
-                        }]
-                      },
-                      {
-                        prefix_list_ids: [],
-                        from_port: "443",
-                        ip_ranges: [{
-                          cidr_ip: "0.0.0.0/0"
-                        }],
-                        to_port: "443",
+                        from_port: "-1",
+                        to_port: "-1",
                         ip_protocol: "-1",
-                        user_id_group_pairs: [],
-                        ipv_6_ranges: [{
-                          cidr_ipv_6: "::/0"
-                        }]
-                      },
+                        user_id_group_pairs: [{
+                          group_id: ecs_security_group.id,
+                          vpc_id: vpc.vpc_id,
+                        }],
+                      }
                     ]
                   })
                 rescue Aws::EC2::Errors::InvalidGroupDuplicate => err
@@ -269,7 +264,10 @@ module Shiprails
                   })
                   File.open("#{project_name}.pem", 'w') { |file| file.write(key_pair.key_material) }
                   FileUtils.chmod 0600, "#{project_name}.pem"
+                rescue Aws::EC2::Errors::InvalidKeyPairDuplicate => err
+                  say "Key pair #{project_name} already exists."
                 end
+                created_key_pairs << key_pair_name
               end
             end
           end
@@ -322,6 +320,13 @@ module Shiprails
                     path: "/",
                     role_name: role_name,
                   })
+                  iam.create_instance_profile({
+                    instance_profile_name: role_name,
+                  })
+                  iam.add_role_to_instance_profile({
+                    instance_profile_name: role_name,
+                    role_name: role_name,
+                  })
                   iam.attach_role_policy({
                     policy_arn: "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role",
                     role_name: role_name,
@@ -496,7 +501,7 @@ module Shiprails
                   }).images
                   image = images.sort_by(&:name).last # get the newest version
                   vpcs = ec2.describe_vpcs.vpcs
-                  vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.value == "#{project_name}_#{environment_name}" }
+                  vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.try(:value) == "#{project_name}_#{environment_name}" }
                   security_groups = ec2.describe_security_groups({
                     filters: [
                       {
@@ -529,7 +534,7 @@ module Shiprails
                     user_data: Base64.encode64("#!/bin/bash
 echo ECS_CLUSTER=#{project_name}_#{environment_name} >> /etc/ecs/ecs.config"),
                   })
-                rescue Aws::AutoScaling::Errors::AlreadyExistsFault
+                rescue Aws::AutoScaling::Errors::AlreadyExists
                   say "TODO: update LaunchConfiguration with latest stuff.", :blue
                 end
                 created_launch_configurations << launch_configuration_name
@@ -551,7 +556,7 @@ echo ECS_CLUSTER=#{project_name}_#{environment_name} >> /etc/ecs/ecs.config"),
               unless created_auto_scaling_groups.include? group_name
                 ec2 = Aws::EC2::Client.new region: region_name.to_s
                 vpcs = ec2.describe_vpcs.vpcs
-                vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.value == "#{project_name}_#{environment_name}" }
+                vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.try(:value) == "#{project_name}_#{environment_name}" }
                 subnets = ec2.describe_subnets({
                   filters: [
                     {
@@ -576,7 +581,7 @@ echo ECS_CLUSTER=#{project_name}_#{environment_name} >> /etc/ecs/ecs.config"),
                     min_size: 1,
                     vpc_zone_identifier: subnets_in_region.join(',')
                   })
-                rescue Aws::AutoScaling::Errors::AlreadyExistsFault
+                rescue Aws::AutoScaling::Errors::AlreadyExists
                   say "TODO: update AutoScaling Group with latest stuff like LaunchConfiguration name.", :blue
                 end
                 created_auto_scaling_groups << group_name

data/lib/shiprails/version.rb

@@ -1,3 +1,3 @@
 module Shiprails
-  VERSION = "0.1.7"
+  VERSION = "0.1.9"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shiprails
 version: !ruby/object:Gem::Version
-  version: 0.1.7
+  version: 0.1.9
 platform: ruby
 authors:
 - Zane Shannon
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-05-15 00:00:00.000000000 Z
+date: 2017-05-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport