toquen 0.0.8 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 8f1cb31452676748b9908bc91b8300250ecf6393
4
+ data.tar.gz: 97434ad4686d0633abfb322a1e2fa3583a0ef76f
5
+ SHA512:
6
+ metadata.gz: 1f7e6927a983aaed9da271e43d28e5ec348c09d4b18803424c7b38ace8c6c92d4f38082b3dcbe728c9988acde0cd2e1a86f095974794fa05f27b1ab14c74bf99
7
+ data.tar.gz: e2753fccf28f0bed35b2141981056480fd915270150b61635cc9c702247cf5fb552a4f7a3cb1d401e6203960eae987286b5c032709d71ae11c64755cde093c20
data/README.md CHANGED
@@ -111,3 +111,11 @@ Or for a given server with:
111
111
 
112
112
  $ cap server-<server name> details
113
113
 
114
+ ## Open SSH to Current Machine
115
+ To allow an SSH connection from your current machine (based on your internet visible IP, as determined using [this method](http://findingscience.com/internet/ruby/2014/05/17/stunning:-determining-your-public-ip.html)), use the open_ssh/close_ssh capistrano tasks.
116
+
117
+ $ cap databases open_ssh
118
+
119
+ And then, when you're finished:
120
+
121
+ $ cap databases close_ssh
@@ -1,4 +1,5 @@
1
1
  require "toquen/version"
2
+ require "toquen/stunning"
2
3
  require "toquen/aws"
3
4
  require "toquen/local_writer"
4
5
  require "toquen/bootstrapper"
@@ -20,6 +20,26 @@ module Toquen
20
20
  }
21
21
  end
22
22
 
23
+ def authorize_ingress(secgroup, protocol, port, ip)
24
+ # test if exists first
25
+ return false if secgroup.ingress_ip_permissions.to_a.select { |p|
26
+ p.protocol == protocol and p.port_range.include?(port) and p.ip_ranges.include?(ip)
27
+ }.length > 0
28
+
29
+ secgroup.authorize_ingress(protocol, port, ip)
30
+ true
31
+ end
32
+
33
+ def revoke_ingress(secgroup, protocol, port, ip)
34
+ # test if exists first
35
+ return false unless secgroup.ingress_ip_permissions.to_a.select { |p|
36
+ p.protocol == protocol and p.port_range.include?(port) and p.ip_ranges.include?(ip)
37
+ }.length > 0
38
+
39
+ secgroup.revoke_ingress(protocol, port, ip)
40
+ true
41
+ end
42
+
23
43
  def server_details_in(region)
24
44
  AWS.config(:access_key_id => @key_id, :secret_access_key => @key, :region => region)
25
45
  AWS::EC2.new.instances.map do |i|
@@ -31,7 +51,8 @@ module Toquen
31
51
  :roles => Toquen.config.aws_roles_extractor.call(i),
32
52
  :type => i.instance_type,
33
53
  :external_dns => i.public_dns_name,
34
- :internal_dns => i.private_dns_name
54
+ :internal_dns => i.private_dns_name,
55
+ :security_groups => i.security_groups
35
56
  }
36
57
  end
37
58
  end
@@ -80,6 +80,70 @@ task :cook do
80
80
  end
81
81
  before :cook, :update_kitchen
82
82
 
83
+ desc "Open SSH ingress to current machine"
84
+ task :open_ssh do
85
+ secgroups = {}
86
+ filter_roles = Set.new fetch(:filter)[:roles]
87
+ aws = Toquen::AWSProxy.new
88
+ aws.regions.each do |region|
89
+ aws.server_details_in(region).each do |instance|
90
+ instance_roles = instance[:roles] + ["all", "server-#{instance[:name]}"]
91
+ unless (filter_roles.intersection instance_roles.to_set).empty?
92
+ instance[:security_groups].each { |sg| secgroups[sg.id] = sg }
93
+ end
94
+ end
95
+ end
96
+
97
+ run_locally do
98
+ ivip = StunClient.get_ip
99
+ if ivip.nil?
100
+ error "Could not fetch internet visible IP of this host."
101
+ return
102
+ end
103
+
104
+ ivip = "#{ivip}/32"
105
+ secgroups.values.each do |sg|
106
+ if aws.authorize_ingress sg, :tcp, 22, ivip
107
+ info "Opened port tcp:22 on security group '#{sg.name}' (#{sg.id}) to #{ivip}"
108
+ else
109
+ warn "Port tcp:22 in security group '#{sg.name}' (#{sg.id}) already open to #{ivip}"
110
+ end
111
+ end
112
+ end
113
+ end
114
+
115
+ desc "Close SSH ingress to current machine"
116
+ task :close_ssh do
117
+ secgroups = {}
118
+ filter_roles = Set.new fetch(:filter)[:roles]
119
+ aws = Toquen::AWSProxy.new
120
+ aws.regions.each do |region|
121
+ aws.server_details_in(region).each do |instance|
122
+ instance_roles = instance[:roles] + ["all", "server-#{instance[:name]}"]
123
+ unless (filter_roles.intersection instance_roles.to_set).empty?
124
+ instance[:security_groups].each { |sg| secgroups[sg.id] = sg }
125
+ end
126
+ end
127
+ end
128
+
129
+ run_locally do
130
+ ivip = StunClient.get_ip
131
+ if ivip.nil?
132
+ error "Could not fetch internet visible IP of this host."
133
+ return
134
+ end
135
+
136
+ ivip = "#{ivip}/32"
137
+ secgroups.values.each do |sg|
138
+ if aws.revoke_ingress sg, :tcp, 22, ivip
139
+ info "Closed port tcp:22 on security group '#{sg.name}' (#{sg.id}) to #{ivip}"
140
+ else
141
+ warn "Port tcp:22 in security group '#{sg.name}' (#{sg.id}) already closed to #{ivip}"
142
+ end
143
+ end
144
+ end
145
+ end
146
+
83
147
  desc "install toquen capistrano setup to current directory"
84
148
  task :toquen_install do
85
149
  unless Dir.exists?('config')
@@ -0,0 +1,48 @@
1
+ require 'socket'
2
+ require 'timeout'
3
+
4
+ class StunClient
5
+ def initialize(host, port)
6
+ @host = host
7
+ @port = port
8
+ end
9
+
10
+ def get_ip
11
+ begin
12
+ Timeout::timeout(0.5) {
13
+ socket = UDPSocket.new
14
+ data = [0x0001,0].pack("nn") + Random.new.bytes(16)
15
+ socket.send(data, 0, @host, @port)
16
+ data, _ = socket.recvfrom(1000)
17
+ type, length = data.unpack("nn")
18
+
19
+ # if not a message binding response
20
+ return nil unless type == 0x0101
21
+
22
+ data = data[20..-1]
23
+ while data.size > 0
24
+ type, length = data.unpack("nn")
25
+ # if attr type is ATTR_MAPPED_ADDRESS, return it
26
+ if type == 0x0001
27
+ values = data[4...4+length].unpack("CCnCCCC")
28
+ return values[3..-1]*"."
29
+ end
30
+ data = data[4+length..-1]
31
+ end
32
+
33
+ return nil
34
+ }
35
+ rescue Timeout::Error
36
+ return nil
37
+ end
38
+ end
39
+
40
+ def self.get_ip
41
+ servers = [["stun.l.google.com", 19302], ["stun.ekiga.net", 3478], ["stunserver.org", 3478]]
42
+ servers.each do |host, port|
43
+ ip = StunClient.new(host, port).get_ip
44
+ return ip unless ip.nil?
45
+ end
46
+ nil
47
+ end
48
+ end
@@ -1,3 +1,3 @@
1
1
  module Toquen
2
- VERSION = "0.0.8"
2
+ VERSION = "0.0.9"
3
3
  end
metadata CHANGED
@@ -1,20 +1,18 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: toquen
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.8
5
- prerelease:
4
+ version: 0.0.9
6
5
  platform: ruby
7
6
  authors:
8
7
  - Brian Muller
9
8
  autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2014-04-06 00:00:00.000000000 Z
11
+ date: 2014-05-17 00:00:00.000000000 Z
13
12
  dependencies:
14
13
  - !ruby/object:Gem::Dependency
15
14
  name: capistrano
16
15
  requirement: !ruby/object:Gem::Requirement
17
- none: false
18
16
  requirements:
19
17
  - - ~>
20
18
  - !ruby/object:Gem::Version
@@ -22,7 +20,6 @@ dependencies:
22
20
  type: :runtime
23
21
  prerelease: false
24
22
  version_requirements: !ruby/object:Gem::Requirement
25
- none: false
26
23
  requirements:
27
24
  - - ~>
28
25
  - !ruby/object:Gem::Version
@@ -30,68 +27,60 @@ dependencies:
30
27
  - !ruby/object:Gem::Dependency
31
28
  name: aws-sdk
32
29
  requirement: !ruby/object:Gem::Requirement
33
- none: false
34
30
  requirements:
35
- - - ! '>='
31
+ - - '>='
36
32
  - !ruby/object:Gem::Version
37
33
  version: '0'
38
34
  type: :runtime
39
35
  prerelease: false
40
36
  version_requirements: !ruby/object:Gem::Requirement
41
- none: false
42
37
  requirements:
43
- - - ! '>='
38
+ - - '>='
44
39
  - !ruby/object:Gem::Version
45
40
  version: '0'
46
41
  - !ruby/object:Gem::Dependency
47
42
  name: terminal-table
48
43
  requirement: !ruby/object:Gem::Requirement
49
- none: false
50
44
  requirements:
51
- - - ! '>='
45
+ - - '>='
52
46
  - !ruby/object:Gem::Version
53
47
  version: '0'
54
48
  type: :runtime
55
49
  prerelease: false
56
50
  version_requirements: !ruby/object:Gem::Requirement
57
- none: false
58
51
  requirements:
59
- - - ! '>='
52
+ - - '>='
60
53
  - !ruby/object:Gem::Version
61
54
  version: '0'
62
55
  - !ruby/object:Gem::Dependency
63
56
  name: term-ansicolor
64
57
  requirement: !ruby/object:Gem::Requirement
65
- none: false
66
58
  requirements:
67
- - - ! '>='
59
+ - - '>='
68
60
  - !ruby/object:Gem::Version
69
61
  version: '0'
70
62
  type: :runtime
71
63
  prerelease: false
72
64
  version_requirements: !ruby/object:Gem::Requirement
73
- none: false
74
65
  requirements:
75
- - - ! '>='
66
+ - - '>='
76
67
  - !ruby/object:Gem::Version
77
68
  version: '0'
78
69
  - !ruby/object:Gem::Dependency
79
70
  name: rdoc
80
71
  requirement: !ruby/object:Gem::Requirement
81
- none: false
82
72
  requirements:
83
- - - ! '>='
73
+ - - '>='
84
74
  - !ruby/object:Gem::Version
85
75
  version: '0'
86
76
  type: :development
87
77
  prerelease: false
88
78
  version_requirements: !ruby/object:Gem::Requirement
89
- none: false
90
79
  requirements:
91
- - - ! '>='
80
+ - - '>='
92
81
  - !ruby/object:Gem::Version
93
82
  version: '0'
94
- description: ! 'Toquen: Capistrano + AWS + Chef-Solo'
83
+ description: 'Toquen: Capistrano + AWS + Chef-Solo'
95
84
  email:
96
85
  - bamuller@gmail.com
97
86
  executables: []
@@ -109,38 +98,32 @@ files:
109
98
  - lib/toquen/capistrano.rb
110
99
  - lib/toquen/details_table.rb
111
100
  - lib/toquen/local_writer.rb
101
+ - lib/toquen/stunning.rb
112
102
  - lib/toquen/templates/deploy.rb
113
103
  - lib/toquen/templates/ubuntu_bootstrap.erb
114
104
  - lib/toquen/version.rb
115
105
  - toquen.gemspec
116
106
  homepage: https://github.com/bmuller/toquen
117
107
  licenses: []
108
+ metadata: {}
118
109
  post_install_message:
119
110
  rdoc_options: []
120
111
  require_paths:
121
112
  - lib
122
113
  required_ruby_version: !ruby/object:Gem::Requirement
123
- none: false
124
114
  requirements:
125
- - - ! '>='
115
+ - - '>='
126
116
  - !ruby/object:Gem::Version
127
117
  version: '0'
128
- segments:
129
- - 0
130
- hash: 544724606650520311
131
118
  required_rubygems_version: !ruby/object:Gem::Requirement
132
- none: false
133
119
  requirements:
134
- - - ! '>='
120
+ - - '>='
135
121
  - !ruby/object:Gem::Version
136
122
  version: '0'
137
- segments:
138
- - 0
139
- hash: 544724606650520311
140
123
  requirements: []
141
124
  rubyforge_project:
142
- rubygems_version: 1.8.25
125
+ rubygems_version: 2.2.2
143
126
  signing_key:
144
- specification_version: 3
145
- summary: ! 'Toquen: Capistrano + AWS + Chef-Solo'
127
+ specification_version: 4
128
+ summary: 'Toquen: Capistrano + AWS + Chef-Solo'
146
129
  test_files: []