sp-nat-monitor 1.0.9

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5ded3db6cc435026f25c6276fbe1d6a0fdff521a
+  data.tar.gz: d57e17569e4f95473c312fa544fdff62fa9953fb
+SHA512:
+  metadata.gz: c823c3af135b0cd57f622bf3a3c784d701f8947cb254f32410c3ad93d11a78cd6553932c3cfb33067add7f05dea3cadf5008ea2106d275ee11800bd69046c9e3
+  data.tar.gz: 33cbd2c344b42165bb391bbfcab2da8a943e177102c33c84367980250532ff0b51ff621220545b1a92baa4d2795c2f5996acdcedb8bd58c410fb080b05ab3d18

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in nat-monitor.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Eric Herot
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,55 @@
+# nat-monitor
+
+Monitors a quorum of NAT servers for an outage and reassigns the specified EC2 route table to point to a working server.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'nat-monitor'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install nat-monitor
+
+## Usage
+
+Run it as a service after creating the configuration YAML file.
+
+E.g.:
+
+    $ nat-monitor [OPTIONAL CONF_FILE]
+
+By default it will check `/etc/nat_monitor.yml` for its configuration.
+
+## Example Configuration
+
+```yaml
+---
+route_table_id: rtb-00000001
+nodes:
+  i-00000001: 10.0.0.1
+  i-00000002: 10.0.1.1
+  i-00000003: 10.0.2.1
+```
+
+Optional properties include:
+```yaml
+pings: 3
+ping_timeout: 1
+heartbeat_interval: 10
+```
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/nat-monitor/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require 'bundler/gem_tasks'

data/bin/nat-monitor

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require 'nat-monitor'
+
+EtTools::NatMonitor.new(ARGV[0]).run

data/lib/nat-monitor/version.rb

@@ -0,0 +1,5 @@
+module EtTools
+  class NatMonitor
+    VERSION = '1.0.9'
+  end
+end

data/lib/nat-monitor.rb

@@ -0,0 +1,160 @@
+module EtTools
+  class NatMonitor
+    require 'net/http'
+    require 'net/ping'
+    require 'fog'
+    require 'yaml'
+    require 'syslog'
+
+    def initialize(conf_file = nil)
+      @conf = defaults.merge load_conf(conf_file)
+    end
+
+    def load_conf(conf_file = nil)
+      YAML.load_file(conf_file || '/etc/nat_monitor.yml')
+    end
+
+    def run
+      validate!
+      output 'Starting NAT Monitor'
+      main_loop
+    end
+
+    def validate!
+      case
+      when !@conf['route_table_id']
+        output 'route_table_id not specified'
+        exit 1
+      when !route_exists?(@conf['route_table_id'])
+        output "Route #{@conf['route_table_id']} not found"
+        exit 2
+      when @conf['nodes'].count < 2
+        output '2 or more nodes are required to create a quorum'
+        exit 3
+      end
+    end
+
+    def defaults
+      { 'pings' => 3,
+        'ping_timeout' => 1,
+        'heartbeat_interval' => 10 }
+    end
+
+    def main_loop
+      loop do
+        begin
+          heartbeat
+        rescue => e
+          output "Caught #{e.class} exception: #{e.message}"
+          output e.backtrace
+        end
+        sleep @conf['heartbeat_interval']
+      end
+    end
+
+    def heartbeat
+      if am_i_master?
+        output "Looks like I'm the master"
+        return
+      end
+      un = unreachable_nodes
+      return if un.empty?
+      if un.count == other_nodes.keys.count # return if I'm unreachable...
+        output "No nodes are reachable. Seems I'm the unreachable one."
+        return
+      end
+      cm = current_master
+      unless un.include?(cm) # ...unless master is unreachable
+        output "Unreachable nodes: #{un.inspect}"
+        output "Current master (#{cm}) is still reachable"
+        return
+      end
+      steal_route
+    end
+
+    def steal_route
+      output 'Stealing route 0.0.0.0/0 on route table ' \
+             "#{@conf['route_table_id']}"
+      return if @conf['mocking']
+      connection.replace_route(
+        @conf['route_table_id'],
+        '0.0.0.0/0',
+        'InstanceId' => my_instance_id
+      )
+    end
+
+    def unreachable_nodes
+      other_nodes.select { |_node, ip| !pingable?(ip) }
+    end
+
+    def other_nodes
+      @other_nodes ||= begin
+        nodes = @conf['nodes'].dup
+        nodes.delete my_instance_id
+        nodes
+      end
+    end
+
+    def pingable?(ip)
+      p = Net::Ping::External.new(ip)
+      p.timeout = @conf['ping_timeout']
+      p.ping?
+    end
+
+    def route_exists?(route_id)
+      connection.route_tables.map(&:id).include? route_id
+    end
+
+    def connection
+      @connection ||= begin
+        if @conf['aws_access_key_id']
+          options = { aws_access_key_id: @conf['aws_access_key_id'],
+                      aws_secret_access_key: @conf['aws_secret_access_key'] }
+        else
+          options = { use_iam_profile: true }
+        end
+
+        options[:endpoint] = @conf['aws_url'] if @conf['aws_url']
+        Fog::Compute::AWS.new(options)
+      end
+    end
+
+    def current_master
+      default_r =
+        connection.route_tables.get(@conf['route_table_id']).routes.find do |r|
+          r['destinationCidrBlock'] == '0.0.0.0/0'
+        end
+      default_r['instanceId']
+    end
+
+    def my_instance_id
+      @my_instance_id ||= begin
+        Net::HTTP.get(
+          '169.254.169.254',
+          '/latest/meta-data/instance-id'
+        )
+      end
+    end
+
+    def am_i_master?
+      master_node? my_instance_id
+    end
+
+    def master_node?(node_id)
+      current_master == node_id
+    end
+
+    private
+
+    def output(message)
+      puts message
+      log message
+    end
+
+    def log(message, level = 'info')
+      Syslog.open('nat-monitor', Syslog::LOG_PID | Syslog::LOG_CONS) do |s|
+        s.send(level, message)
+      end
+    end
+  end
+end

data/nat-monitor.gemspec

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'nat-monitor/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'sp-nat-monitor'
+  spec.version       = EtTools::NatMonitor::VERSION
+  spec.authors       = ['Eric Herot']
+  spec.email         = ['eric.github@herot.com']
+  spec.summary       = 'A service for providing an HA NAT in EC2'
+  spec.description   = spec.summary
+  spec.homepage      = ''
+  spec.license       = 'Apache 2.0'
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(/^bin\//) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(/^(test|spec|features)\//)
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'byebug'
+  spec.add_development_dependency 'bundler', '~> 1.7'
+  spec.add_development_dependency 'rake', '~> 10.0'
+
+  spec.add_runtime_dependency 'net-ping'
+  spec.add_runtime_dependency 'fog', '~> 1.23'
+end

data/spec/lib/nat-monitor_spec.rb

@@ -0,0 +1,197 @@
+require 'spec_helper'
+require 'byebug'
+require 'nat-monitor'
+
+describe EtTools::NatMonitor do
+  before(:each) do
+    @route_table_id = 'rtb-00000000'
+    @my_instance_id = 'i-00000001'
+
+    @other_nodes = { 'i-00000002' => '1.1.1.2',
+                     'i-00000003' => '1.1.1.3' }
+
+    @yaml_conf = { 'route_table_id' => @route_table_id,
+                   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
+                   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
+                   'nodes' => (
+                     { @my_instance_id => '1.1.1.1' }
+                   ).merge(@other_nodes) }
+
+    filepath = 'bogus_filename.yml'
+
+    allow_any_instance_of(EtTools::NatMonitor).to receive(:load_conf)
+      .with(filepath).and_return(@yaml_conf)
+
+    @nat_monitor = EtTools::NatMonitor.new(filepath)
+
+    @defaults = { 'pings' => 3,
+                  'ping_timeout' => 1,
+                  'heartbeat_interval' => 10 }
+
+    allow(@nat_monitor).to receive(:my_instance_id).and_return(@my_instance_id)
+  end
+
+  context 'fewer than 3 nodes are specified' do
+    before do
+      allow(YAML).to receive(:load_file).with(any_args)
+      @nat_monitor.instance_variable_set(
+        :@conf,
+        ({ 'route_table_id' => @route_table_id,
+           'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
+           'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
+           'nodes' => @other_nodes })
+      )
+      allow(@nat_monitor).to receive(:route_exists?).with(any_args)
+        .and_return true
+    end
+
+    it 'exits with status 3' do
+      expect(@nat_monitor).to receive(:exit).with(3)
+      @nat_monitor.validate!
+    end
+  end
+
+  context 'invalid route is specified' do
+    before do
+      expect(@nat_monitor.connection).to receive(:route_tables)
+        .and_return [
+          double('route_tables',
+                 id: 'rtb-99999999')
+        ]
+    end
+
+    it 'exits with status 2' do
+      expect(@nat_monitor).to receive(:exit).with(2)
+      @nat_monitor.validate!
+    end
+  end
+
+  context 'no route is specified' do
+    before do
+      @nat_monitor.instance_variable_set(
+        :@conf,
+        'nodes' => ({ @my_instance_id => '1.1.1.1' }).merge(@other_nodes)
+      )
+    end
+
+    it 'exits with status 1' do
+      expect(@nat_monitor).to receive(:exit).with(1)
+      @nat_monitor.validate!
+    end
+  end
+
+  context 'local node is the master' do
+    before do
+      allow(@nat_monitor).to(
+        receive(:current_master).and_return(@my_instance_id)
+      )
+    end
+
+    it 'sets @conf correctly' do
+      expect(@nat_monitor.instance_variable_get(:@conf)).to eq(
+        @yaml_conf.merge(@defaults)
+      )
+    end
+
+    it 'and knows that it is master' do
+      expect(@nat_monitor).to receive(:am_i_master?).and_return(true)
+      @nat_monitor.heartbeat
+    end
+
+    it 'and does not check for unreachable nodes' do
+      expect(@nat_monitor).to_not receive(:unreachable_nodes)
+      @nat_monitor.heartbeat
+    end
+  end
+
+  context 'local node is not master' do
+    before do
+      allow(@nat_monitor).to(
+        receive(:current_master).and_return('i-00000002')
+      )
+    end
+
+    context 'and can ping everything' do
+      before do
+        allow(@nat_monitor).to receive(:pingable?).with(any_args)
+          .and_return true
+      end
+
+      it 'does not try to steal the route' do
+        expect(@nat_monitor).to_not receive(:steal_route)
+        @nat_monitor.heartbeat
+      end
+    end
+
+    context 'and can\'t ping anything' do
+      before do
+        allow(@nat_monitor).to receive(:pingable?).with(any_args)
+          .and_return false
+      end
+
+      it 'counts unreachable nodes correctly' do
+        expect(@nat_monitor).to receive(:unreachable_nodes)
+          .and_return(@other_nodes)
+        @nat_monitor.heartbeat
+      end
+
+      it 'does not try to steal the route' do
+        expect(@nat_monitor).to receive(:unreachable_nodes)
+          .and_return(@other_nodes)
+        expect(@nat_monitor).to_not receive(:steal_route)
+        @nat_monitor.heartbeat
+      end
+    end
+
+    context 'and only can\'t ping the master' do
+      before do
+        allow(@nat_monitor).to receive(:pingable?).with('1.1.1.2')
+          .and_return false
+        allow(@nat_monitor).to receive(:pingable?).with('1.1.1.3')
+          .and_return true
+      end
+
+      it 'computes the list of other nodes correctly' do
+        allow(@nat_monitor).to receive(:steal_route).and_return true
+        expect(@nat_monitor).to receive(:other_nodes)
+          .exactly(2).times.and_return(@other_nodes)
+        @nat_monitor.heartbeat
+      end
+
+      it 'finds i-00000002 unreachable' do
+        allow(@nat_monitor).to receive(:steal_route).and_return true
+        expect(@nat_monitor).to receive(:unreachable_nodes)
+          .and_return('i-00000002' => '1.1.1.2')
+        @nat_monitor.heartbeat
+      end
+
+      it 'tries to steal the route' do
+        expect(@nat_monitor).to receive(:steal_route)
+        @nat_monitor.heartbeat
+      end
+
+      it 'sends correct replace route command' do
+        expect(@nat_monitor.connection).to receive(:replace_route)
+          .with(@route_table_id,
+                '0.0.0.0/0',
+                'InstanceId' => @my_instance_id)
+          .and_return true
+        @nat_monitor.heartbeat
+      end
+    end
+
+    context 'mocking and can\'t ping the master' do
+      before do
+        @nat_monitor.instance_variable_set(
+          :@conf,
+          @yaml_conf.merge('mocking' => true).merge(@defaults)
+        )
+      end
+
+      it 'does not steal the route when mocking is enabled' do
+        expect(@nat_monitor.connection).to_not receive(:replace_route)
+        @nat_monitor.heartbeat
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,4 @@
+require 'rspec'
+require 'simplecov'
+
+SimpleCov.start

metadata

@@ -0,0 +1,157 @@
+--- !ruby/object:Gem::Specification
+name: sp-nat-monitor
+version: !ruby/object:Gem::Version
+  version: 1.0.9
+platform: ruby
+authors:
+- Eric Herot
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-05-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: net-ping
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: fog
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.23'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.23'
+description: A service for providing an HA NAT in EC2
+email:
+- eric.github@herot.com
+executables:
+- nat-monitor
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/nat-monitor
+- lib/nat-monitor.rb
+- lib/nat-monitor/version.rb
+- nat-monitor.gemspec
+- spec/lib/nat-monitor_spec.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses:
+- Apache 2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: A service for providing an HA NAT in EC2
+test_files:
+- spec/lib/nat-monitor_spec.rb
+- spec/spec_helper.rb
+has_rdoc: