shiprails 0.1.7 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/shiprails/ship/exec.rb +38 -21
- data/lib/shiprails/ship/setup.rb +57 -52
- data/lib/shiprails/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1878eb1296320d879905bda3093f0af3e5298398
|
4
|
+
data.tar.gz: e79061e717bf641b91d9d5df435f33bf1eefa6e4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7f3080cb6c49ab53da8d051b21d8f2338106abe3a1f5286cda7eaf8952f8b9a3b4059f3be770aa18b252c585b7355cb2ccd51c087b5e184e23cb71df9d79112b
|
7
|
+
data.tar.gz: b52e0f417d1858d24173a60ffb6af5140622d48970563fb1bd2942a95c486d80468e20459be478ca11b9709ac7f575af144ac36fb0ef80a34a9e66132cded8c7
|
data/lib/shiprails/ship/exec.rb
CHANGED
@@ -102,26 +102,44 @@ module Shiprails
|
|
102
102
|
# get its current security groups to restory later
|
103
103
|
security_group_ids = ec2_instance.security_groups.map(&:group_id)
|
104
104
|
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
105
|
+
vpcs = ec2.describe_vpcs.vpcs
|
106
|
+
vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.try(:value) == cluster }
|
107
|
+
vpc_security_groups = ec2.describe_security_groups({
|
108
|
+
filters: [
|
109
|
+
{
|
110
|
+
name: "vpc-id",
|
111
|
+
values: [
|
112
|
+
vpc.vpc_id
|
113
|
+
],
|
114
|
+
},
|
115
|
+
],
|
116
|
+
}).security_groups
|
117
|
+
team_access_security_group = vpc_security_groups.find{ |group| group.group_name == "team-access-#{cluster}" }
|
118
|
+
if team_access_security_group.nil?
|
119
|
+
# create security group for us
|
120
|
+
team_access_security_group = ec2.create_security_group({
|
121
|
+
group_name: "team-access-#{cluster}",
|
122
|
+
description: "Ingress for team members",
|
123
|
+
vpc_id: vpc.vpc_id
|
124
|
+
})
|
125
|
+
end
|
126
|
+
begin
|
127
|
+
# get our public ip
|
128
|
+
my_ip_address = open('http://whatismyip.akamai.com').read
|
129
|
+
# authorize SSH access from our public ip
|
130
|
+
ec2.authorize_security_group_ingress({
|
131
|
+
group_id: team_access_security_group.group_id,
|
132
|
+
ip_protocol: "tcp",
|
133
|
+
from_port: 22,
|
134
|
+
to_port: 22,
|
135
|
+
cidr_ip: "#{my_ip_address}/32"
|
136
|
+
})
|
137
|
+
rescue Aws::EC2::Errors::InvalidPermissionDuplicate => e
|
138
|
+
end
|
139
|
+
# add ec2 instance to team access security group
|
122
140
|
ec2.modify_instance_attribute({
|
123
141
|
instance_id: ec2_instance_id,
|
124
|
-
groups: security_group_ids + [
|
142
|
+
groups: security_group_ids + [team_access_security_group.group_id]
|
125
143
|
})
|
126
144
|
|
127
145
|
# build the command we'll run on the instance
|
@@ -141,11 +159,12 @@ module Shiprails
|
|
141
159
|
command_string = command_array.join ' '
|
142
160
|
|
143
161
|
say "Waiting for AWS to setup networking..."
|
144
|
-
sleep 5 # AWS just needs a little bit to setup networking
|
162
|
+
# sleep 5 # AWS just needs a little bit to setup networking
|
145
163
|
say "Connecting #{ssh_user}@#{ec2_instance.public_ip_address}..."
|
146
164
|
say "Executing: $ #{command_string}"
|
147
165
|
system "ssh -o ConnectTimeout=15 -o 'StrictHostKeyChecking no' -t -i #{ssh_private_key_path} #{ssh_user}@#{ec2_instance.public_ip_address} '#{command_string}'"
|
148
166
|
rescue => e
|
167
|
+
puts e.inspect
|
149
168
|
say "Error: #{e.message}", :red
|
150
169
|
ensure
|
151
170
|
say "Cleaning up SSH access..."
|
@@ -154,8 +173,6 @@ module Shiprails
|
|
154
173
|
instance_id: ec2_instance_id,
|
155
174
|
groups: security_group_ids
|
156
175
|
}) rescue nil
|
157
|
-
# remove our access security group
|
158
|
-
ec2.delete_security_group({ group_id: security_group_response.group_id }) rescue nil
|
159
176
|
say "Done.", :green
|
160
177
|
end
|
161
178
|
|
data/lib/shiprails/ship/setup.rb
CHANGED
@@ -83,25 +83,36 @@ module Shiprails
|
|
83
83
|
break
|
84
84
|
end
|
85
85
|
cidr_blocks = NetAddr::CIDR.create(vpc_cidr_block).subnet(:Bits => bits, :NumSubnets => availability_zones.count)
|
86
|
+
v6_cidr_blocks = NetAddr::CIDR.create(vpc.ipv_6_cidr_block_association_set.first.ipv_6_cidr_block).subnet(:Bits => 64, :NumSubnets => availability_zones.count)
|
86
87
|
availability_zones.each_with_index do |zone, idx|
|
87
88
|
ec2.create_subnet({
|
88
89
|
vpc_id: vpc.vpc_id,
|
89
90
|
cidr_block: cidr_blocks[idx],
|
90
|
-
ipv_6_cidr_block:
|
91
|
+
ipv_6_cidr_block: v6_cidr_blocks[idx],
|
91
92
|
availability_zone: zone.zone_name,
|
92
93
|
})
|
93
94
|
say "Created subnet for #{zone.zone_name} availability zone (#{vpc_name})."
|
94
95
|
end
|
95
|
-
ec2.create_route_table({
|
96
|
-
vpc_id: vpc.vpc_id,
|
97
|
-
})
|
98
|
-
say "Created route table for #{vpc_name}."
|
99
96
|
ig = ec2.create_internet_gateway.internet_gateway
|
100
97
|
ec2.attach_internet_gateway({
|
101
98
|
internet_gateway_id: ig.internet_gateway_id,
|
102
99
|
vpc_id: vpc.vpc_id,
|
103
100
|
})
|
104
101
|
say "Created internet gateway for #{vpc_name}."
|
102
|
+
route_table = ec2.create_route_table({
|
103
|
+
vpc_id: vpc.vpc_id,
|
104
|
+
}).route_table
|
105
|
+
say "Created route table for #{vpc_name}."
|
106
|
+
ec2.create_route({
|
107
|
+
destination_cidr_block: "0.0.0.0/0",
|
108
|
+
gateway_id: ig.internet_gateway_id,
|
109
|
+
route_table_id: route_table.route_table_id,
|
110
|
+
})
|
111
|
+
ec2.create_route({
|
112
|
+
destination_cidr_block: "::/0",
|
113
|
+
gateway_id: ig.internet_gateway_id,
|
114
|
+
route_table_id: route_table.route_table_id,
|
115
|
+
})
|
105
116
|
# rescue Aws::IAM::Errors::EntityAlreadyExists => err
|
106
117
|
end
|
107
118
|
say "Created #{vpc_name} VPC."
|
@@ -124,63 +135,73 @@ module Shiprails
|
|
124
135
|
unless completed_vpcs.include? vpc_name
|
125
136
|
begin
|
126
137
|
vpcs = ec2.describe_vpcs.vpcs
|
127
|
-
vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.value == vpc_name }
|
138
|
+
vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.try(:value) == vpc_name }
|
128
139
|
ecs_security_group_id = ec2.create_security_group({
|
129
140
|
group_name: "ecs-#{vpc_name}",
|
130
141
|
description: "ECS cluster instances",
|
131
142
|
vpc_id: vpc.vpc_id
|
132
143
|
}).group_id
|
144
|
+
ecs_security_group = Aws::EC2::SecurityGroup.new(client: ec2, id: ecs_security_group_id)
|
133
145
|
elb_security_group_id = ec2.create_security_group({
|
134
146
|
group_name: "elb-#{vpc_name}",
|
135
147
|
description: "ELB instances",
|
136
148
|
vpc_id: vpc.vpc_id
|
137
149
|
}).group_id
|
150
|
+
elb_security_group = Aws::EC2::SecurityGroup.new(client: ec2, id: elb_security_group_id)
|
138
151
|
public_web_security_group_id = ec2.create_security_group({
|
139
152
|
group_name: "public-web-#{vpc_name}",
|
140
153
|
description: "Public web ingress",
|
141
154
|
vpc_id: vpc.vpc_id
|
142
155
|
}).group_id
|
156
|
+
public_web_security_group = Aws::EC2::SecurityGroup.new(client: ec2, id: public_web_security_group_id)
|
143
157
|
datastores_security_group_id = ec2.create_security_group({
|
144
158
|
group_name: "datastores-#{vpc_name}",
|
145
159
|
description: "RDS, ElastiCache, etc. instances",
|
146
160
|
vpc_id: vpc.vpc_id
|
147
161
|
}).group_id
|
162
|
+
datastores_security_group = Aws::EC2::SecurityGroup.new(client: ec2, id: datastores_security_group_id)
|
148
163
|
team_access_security_group_id = ec2.create_security_group({
|
149
164
|
group_name: "team-access-#{vpc_name}",
|
150
165
|
description: "Ingress for team members",
|
151
166
|
vpc_id: vpc.vpc_id
|
152
167
|
}).group_id
|
168
|
+
team_access_security_group = Aws::EC2::SecurityGroup.new(client: ec2, id: team_access_security_group_id)
|
153
169
|
# allow ECS instances to receive traffic from ELBs
|
154
|
-
|
155
|
-
|
156
|
-
|
170
|
+
ecs_security_group.authorize_ingress({
|
171
|
+
ip_permissions: [
|
172
|
+
{
|
173
|
+
from_port: "-1",
|
174
|
+
to_port: "-1",
|
175
|
+
ip_protocol: "-1",
|
176
|
+
user_id_group_pairs: [{
|
177
|
+
group_id: elb_security_group.id,
|
178
|
+
vpc_id: vpc.vpc_id,
|
179
|
+
}],
|
180
|
+
}
|
181
|
+
]
|
157
182
|
})
|
158
183
|
# allow public web group to receive traffic from the web
|
159
184
|
ec2.authorize_security_group_ingress({
|
160
185
|
group_id: public_web_security_group_id,
|
161
186
|
ip_permissions: [
|
162
187
|
{
|
163
|
-
prefix_list_ids: [],
|
164
188
|
from_port: "80",
|
165
189
|
ip_ranges: [{
|
166
190
|
cidr_ip: "0.0.0.0/0"
|
167
191
|
}],
|
168
192
|
to_port: "80",
|
169
193
|
ip_protocol: "tcp",
|
170
|
-
user_id_group_pairs: [],
|
171
194
|
ipv_6_ranges: [{
|
172
195
|
cidr_ipv_6: "::/0"
|
173
196
|
}]
|
174
197
|
},
|
175
198
|
{
|
176
|
-
prefix_list_ids: [],
|
177
199
|
from_port: "443",
|
178
200
|
ip_ranges: [{
|
179
201
|
cidr_ip: "0.0.0.0/0"
|
180
202
|
}],
|
181
203
|
to_port: "443",
|
182
204
|
ip_protocol: "-1",
|
183
|
-
user_id_group_pairs: [],
|
184
205
|
ipv_6_ranges: [{
|
185
206
|
cidr_ipv_6: "::/0"
|
186
207
|
}]
|
@@ -188,58 +209,32 @@ module Shiprails
|
|
188
209
|
]
|
189
210
|
})
|
190
211
|
# allow datastore instances to receive traffic from ECS instances
|
191
|
-
current_ip_address =
|
212
|
+
current_ip_address = open('http://whatismyip.akamai.com').read
|
192
213
|
ec2.authorize_security_group_ingress({
|
193
214
|
group_id: team_access_security_group_id,
|
194
215
|
ip_permissions: [
|
195
216
|
{
|
196
|
-
prefix_list_ids: [],
|
197
217
|
from_port: "-1",
|
198
218
|
ip_ranges: [{
|
199
219
|
cidr_ip: "#{current_ip_address}/32"
|
200
220
|
}],
|
201
221
|
to_port: "-1",
|
202
222
|
ip_protocol: "-1",
|
203
|
-
user_id_group_pairs: [],
|
204
|
-
ipv_6_ranges: []
|
205
223
|
},
|
206
224
|
]
|
207
225
|
})
|
208
226
|
# allow ELBs to access ECS instances
|
209
|
-
|
210
|
-
group_id: elb_security_group_id,
|
211
|
-
source_security_group_name: "ecs-#{vpc_name}",
|
212
|
-
})
|
213
|
-
# allow ECS instances to access the public web
|
214
|
-
ec2.authorize_security_group_egress({
|
215
|
-
group_id: ecs_security_group_id,
|
227
|
+
elb_security_group.authorize_egress({
|
216
228
|
ip_permissions: [
|
217
229
|
{
|
218
|
-
|
219
|
-
|
220
|
-
ip_ranges: [{
|
221
|
-
cidr_ip: "0.0.0.0/0"
|
222
|
-
}],
|
223
|
-
to_port: "80",
|
224
|
-
ip_protocol: "tcp",
|
225
|
-
user_id_group_pairs: [],
|
226
|
-
ipv_6_ranges: [{
|
227
|
-
cidr_ipv_6: "::/0"
|
228
|
-
}]
|
229
|
-
},
|
230
|
-
{
|
231
|
-
prefix_list_ids: [],
|
232
|
-
from_port: "443",
|
233
|
-
ip_ranges: [{
|
234
|
-
cidr_ip: "0.0.0.0/0"
|
235
|
-
}],
|
236
|
-
to_port: "443",
|
230
|
+
from_port: "-1",
|
231
|
+
to_port: "-1",
|
237
232
|
ip_protocol: "-1",
|
238
|
-
user_id_group_pairs: [
|
239
|
-
|
240
|
-
|
241
|
-
}]
|
242
|
-
}
|
233
|
+
user_id_group_pairs: [{
|
234
|
+
group_id: ecs_security_group.id,
|
235
|
+
vpc_id: vpc.vpc_id,
|
236
|
+
}],
|
237
|
+
}
|
243
238
|
]
|
244
239
|
})
|
245
240
|
rescue Aws::EC2::Errors::InvalidGroupDuplicate => err
|
@@ -269,7 +264,10 @@ module Shiprails
|
|
269
264
|
})
|
270
265
|
File.open("#{project_name}.pem", 'w') { |file| file.write(key_pair.key_material) }
|
271
266
|
FileUtils.chmod 0600, "#{project_name}.pem"
|
267
|
+
rescue Aws::EC2::Errors::InvalidKeyPairDuplicate => err
|
268
|
+
say "Key pair #{project_name} already exists."
|
272
269
|
end
|
270
|
+
created_key_pairs << key_pair_name
|
273
271
|
end
|
274
272
|
end
|
275
273
|
end
|
@@ -322,6 +320,13 @@ module Shiprails
|
|
322
320
|
path: "/",
|
323
321
|
role_name: role_name,
|
324
322
|
})
|
323
|
+
iam.create_instance_profile({
|
324
|
+
instance_profile_name: role_name,
|
325
|
+
})
|
326
|
+
iam.add_role_to_instance_profile({
|
327
|
+
instance_profile_name: role_name,
|
328
|
+
role_name: role_name,
|
329
|
+
})
|
325
330
|
iam.attach_role_policy({
|
326
331
|
policy_arn: "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role",
|
327
332
|
role_name: role_name,
|
@@ -496,7 +501,7 @@ module Shiprails
|
|
496
501
|
}).images
|
497
502
|
image = images.sort_by(&:name).last # get the newest version
|
498
503
|
vpcs = ec2.describe_vpcs.vpcs
|
499
|
-
vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.value == "#{project_name}_#{environment_name}" }
|
504
|
+
vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.try(:value) == "#{project_name}_#{environment_name}" }
|
500
505
|
security_groups = ec2.describe_security_groups({
|
501
506
|
filters: [
|
502
507
|
{
|
@@ -529,7 +534,7 @@ module Shiprails
|
|
529
534
|
user_data: Base64.encode64("#!/bin/bash
|
530
535
|
echo ECS_CLUSTER=#{project_name}_#{environment_name} >> /etc/ecs/ecs.config"),
|
531
536
|
})
|
532
|
-
rescue Aws::AutoScaling::Errors::
|
537
|
+
rescue Aws::AutoScaling::Errors::AlreadyExists
|
533
538
|
say "TODO: update LaunchConfiguration with latest stuff.", :blue
|
534
539
|
end
|
535
540
|
created_launch_configurations << launch_configuration_name
|
@@ -551,7 +556,7 @@ echo ECS_CLUSTER=#{project_name}_#{environment_name} >> /etc/ecs/ecs.config"),
|
|
551
556
|
unless created_auto_scaling_groups.include? group_name
|
552
557
|
ec2 = Aws::EC2::Client.new region: region_name.to_s
|
553
558
|
vpcs = ec2.describe_vpcs.vpcs
|
554
|
-
vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.value == "#{project_name}_#{environment_name}" }
|
559
|
+
vpc = vpcs.find{ |v| v.tags.find{|t| t.key == "Name" }.try(:value) == "#{project_name}_#{environment_name}" }
|
555
560
|
subnets = ec2.describe_subnets({
|
556
561
|
filters: [
|
557
562
|
{
|
@@ -576,7 +581,7 @@ echo ECS_CLUSTER=#{project_name}_#{environment_name} >> /etc/ecs/ecs.config"),
|
|
576
581
|
min_size: 1,
|
577
582
|
vpc_zone_identifier: subnets_in_region.join(',')
|
578
583
|
})
|
579
|
-
rescue Aws::AutoScaling::Errors::
|
584
|
+
rescue Aws::AutoScaling::Errors::AlreadyExists
|
580
585
|
say "TODO: update AutoScaling Group with latest stuff like LaunchConfiguration name.", :blue
|
581
586
|
end
|
582
587
|
created_auto_scaling_groups << group_name
|
data/lib/shiprails/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: shiprails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Zane Shannon
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-05-
|
11
|
+
date: 2017-05-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|