toquen 0.0.8 → 0.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/README.md +8 -0
- data/lib/toquen.rb +1 -0
- data/lib/toquen/aws.rb +22 -1
- data/lib/toquen/capistrano.rb +64 -0
- data/lib/toquen/stunning.rb +48 -0
- data/lib/toquen/version.rb +1 -1
- metadata +18 -35
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 8f1cb31452676748b9908bc91b8300250ecf6393
|
4
|
+
data.tar.gz: 97434ad4686d0633abfb322a1e2fa3583a0ef76f
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 1f7e6927a983aaed9da271e43d28e5ec348c09d4b18803424c7b38ace8c6c92d4f38082b3dcbe728c9988acde0cd2e1a86f095974794fa05f27b1ab14c74bf99
|
7
|
+
data.tar.gz: e2753fccf28f0bed35b2141981056480fd915270150b61635cc9c702247cf5fb552a4f7a3cb1d401e6203960eae987286b5c032709d71ae11c64755cde093c20
|
data/README.md
CHANGED
@@ -111,3 +111,11 @@ Or for a given server with:
|
|
111
111
|
|
112
112
|
$ cap server-<server name> details
|
113
113
|
|
114
|
+
## Open SSH to Current Machine
|
115
|
+
To allow an SSH connection from your current machine (based on your internet visible IP, as determined using [this method](http://findingscience.com/internet/ruby/2014/05/17/stunning:-determining-your-public-ip.html)), use the open_ssh/close_ssh capistrano tasks.
|
116
|
+
|
117
|
+
$ cap databases open_ssh
|
118
|
+
|
119
|
+
And then, when you're finished:
|
120
|
+
|
121
|
+
$ cap databases close_ssh
|
data/lib/toquen.rb
CHANGED
data/lib/toquen/aws.rb
CHANGED
@@ -20,6 +20,26 @@ module Toquen
|
|
20
20
|
}
|
21
21
|
end
|
22
22
|
|
23
|
+
def authorize_ingress(secgroup, protocol, port, ip)
|
24
|
+
# test if exists first
|
25
|
+
return false if secgroup.ingress_ip_permissions.to_a.select { |p|
|
26
|
+
p.protocol == protocol and p.port_range.include?(port) and p.ip_ranges.include?(ip)
|
27
|
+
}.length > 0
|
28
|
+
|
29
|
+
secgroup.authorize_ingress(protocol, port, ip)
|
30
|
+
true
|
31
|
+
end
|
32
|
+
|
33
|
+
def revoke_ingress(secgroup, protocol, port, ip)
|
34
|
+
# test if exists first
|
35
|
+
return false unless secgroup.ingress_ip_permissions.to_a.select { |p|
|
36
|
+
p.protocol == protocol and p.port_range.include?(port) and p.ip_ranges.include?(ip)
|
37
|
+
}.length > 0
|
38
|
+
|
39
|
+
secgroup.revoke_ingress(protocol, port, ip)
|
40
|
+
true
|
41
|
+
end
|
42
|
+
|
23
43
|
def server_details_in(region)
|
24
44
|
AWS.config(:access_key_id => @key_id, :secret_access_key => @key, :region => region)
|
25
45
|
AWS::EC2.new.instances.map do |i|
|
@@ -31,7 +51,8 @@ module Toquen
|
|
31
51
|
:roles => Toquen.config.aws_roles_extractor.call(i),
|
32
52
|
:type => i.instance_type,
|
33
53
|
:external_dns => i.public_dns_name,
|
34
|
-
:internal_dns => i.private_dns_name
|
54
|
+
:internal_dns => i.private_dns_name,
|
55
|
+
:security_groups => i.security_groups
|
35
56
|
}
|
36
57
|
end
|
37
58
|
end
|
data/lib/toquen/capistrano.rb
CHANGED
@@ -80,6 +80,70 @@ task :cook do
|
|
80
80
|
end
|
81
81
|
before :cook, :update_kitchen
|
82
82
|
|
83
|
+
desc "Open SSH ingress to current machine"
|
84
|
+
task :open_ssh do
|
85
|
+
secgroups = {}
|
86
|
+
filter_roles = Set.new fetch(:filter)[:roles]
|
87
|
+
aws = Toquen::AWSProxy.new
|
88
|
+
aws.regions.each do |region|
|
89
|
+
aws.server_details_in(region).each do |instance|
|
90
|
+
instance_roles = instance[:roles] + ["all", "server-#{instance[:name]}"]
|
91
|
+
unless (filter_roles.intersection instance_roles.to_set).empty?
|
92
|
+
instance[:security_groups].each { |sg| secgroups[sg.id] = sg }
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
run_locally do
|
98
|
+
ivip = StunClient.get_ip
|
99
|
+
if ivip.nil?
|
100
|
+
error "Could not fetch internet visible IP of this host."
|
101
|
+
return
|
102
|
+
end
|
103
|
+
|
104
|
+
ivip = "#{ivip}/32"
|
105
|
+
secgroups.values.each do |sg|
|
106
|
+
if aws.authorize_ingress sg, :tcp, 22, ivip
|
107
|
+
info "Opened port tcp:22 on security group '#{sg.name}' (#{sg.id}) to #{ivip}"
|
108
|
+
else
|
109
|
+
warn "Port tcp:22 in security group '#{sg.name}' (#{sg.id}) already open to #{ivip}"
|
110
|
+
end
|
111
|
+
end
|
112
|
+
end
|
113
|
+
end
|
114
|
+
|
115
|
+
desc "Close SSH ingress to current machine"
|
116
|
+
task :close_ssh do
|
117
|
+
secgroups = {}
|
118
|
+
filter_roles = Set.new fetch(:filter)[:roles]
|
119
|
+
aws = Toquen::AWSProxy.new
|
120
|
+
aws.regions.each do |region|
|
121
|
+
aws.server_details_in(region).each do |instance|
|
122
|
+
instance_roles = instance[:roles] + ["all", "server-#{instance[:name]}"]
|
123
|
+
unless (filter_roles.intersection instance_roles.to_set).empty?
|
124
|
+
instance[:security_groups].each { |sg| secgroups[sg.id] = sg }
|
125
|
+
end
|
126
|
+
end
|
127
|
+
end
|
128
|
+
|
129
|
+
run_locally do
|
130
|
+
ivip = StunClient.get_ip
|
131
|
+
if ivip.nil?
|
132
|
+
error "Could not fetch internet visible IP of this host."
|
133
|
+
return
|
134
|
+
end
|
135
|
+
|
136
|
+
ivip = "#{ivip}/32"
|
137
|
+
secgroups.values.each do |sg|
|
138
|
+
if aws.revoke_ingress sg, :tcp, 22, ivip
|
139
|
+
info "Closed port tcp:22 on security group '#{sg.name}' (#{sg.id}) to #{ivip}"
|
140
|
+
else
|
141
|
+
warn "Port tcp:22 in security group '#{sg.name}' (#{sg.id}) already closed to #{ivip}"
|
142
|
+
end
|
143
|
+
end
|
144
|
+
end
|
145
|
+
end
|
146
|
+
|
83
147
|
desc "install toquen capistrano setup to current directory"
|
84
148
|
task :toquen_install do
|
85
149
|
unless Dir.exists?('config')
|
@@ -0,0 +1,48 @@
|
|
1
|
+
require 'socket'
|
2
|
+
require 'timeout'
|
3
|
+
|
4
|
+
class StunClient
|
5
|
+
def initialize(host, port)
|
6
|
+
@host = host
|
7
|
+
@port = port
|
8
|
+
end
|
9
|
+
|
10
|
+
def get_ip
|
11
|
+
begin
|
12
|
+
Timeout::timeout(0.5) {
|
13
|
+
socket = UDPSocket.new
|
14
|
+
data = [0x0001,0].pack("nn") + Random.new.bytes(16)
|
15
|
+
socket.send(data, 0, @host, @port)
|
16
|
+
data, _ = socket.recvfrom(1000)
|
17
|
+
type, length = data.unpack("nn")
|
18
|
+
|
19
|
+
# if not a message binding response
|
20
|
+
return nil unless type == 0x0101
|
21
|
+
|
22
|
+
data = data[20..-1]
|
23
|
+
while data.size > 0
|
24
|
+
type, length = data.unpack("nn")
|
25
|
+
# if attr type is ATTR_MAPPED_ADDRESS, return it
|
26
|
+
if type == 0x0001
|
27
|
+
values = data[4...4+length].unpack("CCnCCCC")
|
28
|
+
return values[3..-1]*"."
|
29
|
+
end
|
30
|
+
data = data[4+length..-1]
|
31
|
+
end
|
32
|
+
|
33
|
+
return nil
|
34
|
+
}
|
35
|
+
rescue Timeout::Error
|
36
|
+
return nil
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
def self.get_ip
|
41
|
+
servers = [["stun.l.google.com", 19302], ["stun.ekiga.net", 3478], ["stunserver.org", 3478]]
|
42
|
+
servers.each do |host, port|
|
43
|
+
ip = StunClient.new(host, port).get_ip
|
44
|
+
return ip unless ip.nil?
|
45
|
+
end
|
46
|
+
nil
|
47
|
+
end
|
48
|
+
end
|
data/lib/toquen/version.rb
CHANGED
metadata
CHANGED
@@ -1,20 +1,18 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: toquen
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
5
|
-
prerelease:
|
4
|
+
version: 0.0.9
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
8
7
|
- Brian Muller
|
9
8
|
autorequire:
|
10
9
|
bindir: bin
|
11
10
|
cert_chain: []
|
12
|
-
date: 2014-
|
11
|
+
date: 2014-05-17 00:00:00.000000000 Z
|
13
12
|
dependencies:
|
14
13
|
- !ruby/object:Gem::Dependency
|
15
14
|
name: capistrano
|
16
15
|
requirement: !ruby/object:Gem::Requirement
|
17
|
-
none: false
|
18
16
|
requirements:
|
19
17
|
- - ~>
|
20
18
|
- !ruby/object:Gem::Version
|
@@ -22,7 +20,6 @@ dependencies:
|
|
22
20
|
type: :runtime
|
23
21
|
prerelease: false
|
24
22
|
version_requirements: !ruby/object:Gem::Requirement
|
25
|
-
none: false
|
26
23
|
requirements:
|
27
24
|
- - ~>
|
28
25
|
- !ruby/object:Gem::Version
|
@@ -30,68 +27,60 @@ dependencies:
|
|
30
27
|
- !ruby/object:Gem::Dependency
|
31
28
|
name: aws-sdk
|
32
29
|
requirement: !ruby/object:Gem::Requirement
|
33
|
-
none: false
|
34
30
|
requirements:
|
35
|
-
- -
|
31
|
+
- - '>='
|
36
32
|
- !ruby/object:Gem::Version
|
37
33
|
version: '0'
|
38
34
|
type: :runtime
|
39
35
|
prerelease: false
|
40
36
|
version_requirements: !ruby/object:Gem::Requirement
|
41
|
-
none: false
|
42
37
|
requirements:
|
43
|
-
- -
|
38
|
+
- - '>='
|
44
39
|
- !ruby/object:Gem::Version
|
45
40
|
version: '0'
|
46
41
|
- !ruby/object:Gem::Dependency
|
47
42
|
name: terminal-table
|
48
43
|
requirement: !ruby/object:Gem::Requirement
|
49
|
-
none: false
|
50
44
|
requirements:
|
51
|
-
- -
|
45
|
+
- - '>='
|
52
46
|
- !ruby/object:Gem::Version
|
53
47
|
version: '0'
|
54
48
|
type: :runtime
|
55
49
|
prerelease: false
|
56
50
|
version_requirements: !ruby/object:Gem::Requirement
|
57
|
-
none: false
|
58
51
|
requirements:
|
59
|
-
- -
|
52
|
+
- - '>='
|
60
53
|
- !ruby/object:Gem::Version
|
61
54
|
version: '0'
|
62
55
|
- !ruby/object:Gem::Dependency
|
63
56
|
name: term-ansicolor
|
64
57
|
requirement: !ruby/object:Gem::Requirement
|
65
|
-
none: false
|
66
58
|
requirements:
|
67
|
-
- -
|
59
|
+
- - '>='
|
68
60
|
- !ruby/object:Gem::Version
|
69
61
|
version: '0'
|
70
62
|
type: :runtime
|
71
63
|
prerelease: false
|
72
64
|
version_requirements: !ruby/object:Gem::Requirement
|
73
|
-
none: false
|
74
65
|
requirements:
|
75
|
-
- -
|
66
|
+
- - '>='
|
76
67
|
- !ruby/object:Gem::Version
|
77
68
|
version: '0'
|
78
69
|
- !ruby/object:Gem::Dependency
|
79
70
|
name: rdoc
|
80
71
|
requirement: !ruby/object:Gem::Requirement
|
81
|
-
none: false
|
82
72
|
requirements:
|
83
|
-
- -
|
73
|
+
- - '>='
|
84
74
|
- !ruby/object:Gem::Version
|
85
75
|
version: '0'
|
86
76
|
type: :development
|
87
77
|
prerelease: false
|
88
78
|
version_requirements: !ruby/object:Gem::Requirement
|
89
|
-
none: false
|
90
79
|
requirements:
|
91
|
-
- -
|
80
|
+
- - '>='
|
92
81
|
- !ruby/object:Gem::Version
|
93
82
|
version: '0'
|
94
|
-
description:
|
83
|
+
description: 'Toquen: Capistrano + AWS + Chef-Solo'
|
95
84
|
email:
|
96
85
|
- bamuller@gmail.com
|
97
86
|
executables: []
|
@@ -109,38 +98,32 @@ files:
|
|
109
98
|
- lib/toquen/capistrano.rb
|
110
99
|
- lib/toquen/details_table.rb
|
111
100
|
- lib/toquen/local_writer.rb
|
101
|
+
- lib/toquen/stunning.rb
|
112
102
|
- lib/toquen/templates/deploy.rb
|
113
103
|
- lib/toquen/templates/ubuntu_bootstrap.erb
|
114
104
|
- lib/toquen/version.rb
|
115
105
|
- toquen.gemspec
|
116
106
|
homepage: https://github.com/bmuller/toquen
|
117
107
|
licenses: []
|
108
|
+
metadata: {}
|
118
109
|
post_install_message:
|
119
110
|
rdoc_options: []
|
120
111
|
require_paths:
|
121
112
|
- lib
|
122
113
|
required_ruby_version: !ruby/object:Gem::Requirement
|
123
|
-
none: false
|
124
114
|
requirements:
|
125
|
-
- -
|
115
|
+
- - '>='
|
126
116
|
- !ruby/object:Gem::Version
|
127
117
|
version: '0'
|
128
|
-
segments:
|
129
|
-
- 0
|
130
|
-
hash: 544724606650520311
|
131
118
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
132
|
-
none: false
|
133
119
|
requirements:
|
134
|
-
- -
|
120
|
+
- - '>='
|
135
121
|
- !ruby/object:Gem::Version
|
136
122
|
version: '0'
|
137
|
-
segments:
|
138
|
-
- 0
|
139
|
-
hash: 544724606650520311
|
140
123
|
requirements: []
|
141
124
|
rubyforge_project:
|
142
|
-
rubygems_version:
|
125
|
+
rubygems_version: 2.2.2
|
143
126
|
signing_key:
|
144
|
-
specification_version:
|
145
|
-
summary:
|
127
|
+
specification_version: 4
|
128
|
+
summary: 'Toquen: Capistrano + AWS + Chef-Solo'
|
146
129
|
test_files: []
|