toquen 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -0
- data/lib/toquen/aws.rb +7 -1
- data/lib/toquen/capistrano.rb +26 -36
- data/lib/toquen/local_writer.rb +4 -1
- data/lib/toquen/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4170f1693c5c6bfaa962826d43179a5f6eee4583
|
4
|
+
data.tar.gz: 541031a124b960ed711485f99805ccda367f00e6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d794d3149af0c9ad3b1002109496b9bc1f94959b29a8e9e8963062a7c2a84d1d695e886f823c35ad0859df0592baeddf1ee109e5f84766d9f7f63777892fdfac
|
7
|
+
data.tar.gz: b9067b1456a24d82bd83485f0229b4cc45d302098328dab95cb0180251fc03ae0bb38ed07fc80f12ac6d73878d9d92b4051ba3acfaf81d42b0956911ffec7c2d
|
data/README.md
CHANGED
data/lib/toquen/aws.rb
CHANGED
@@ -8,6 +8,7 @@ module Toquen
|
|
8
8
|
@key_id = fetch(:aws_access_key_id)
|
9
9
|
@key = fetch(:aws_secret_access_key)
|
10
10
|
@regions = fetch(:aws_regions, ['us-east-1'])
|
11
|
+
AWS.config(:access_key_id => @key_id, :secret_access_key => @key)
|
11
12
|
end
|
12
13
|
|
13
14
|
def server_details
|
@@ -20,6 +21,11 @@ module Toquen
|
|
20
21
|
}
|
21
22
|
end
|
22
23
|
|
24
|
+
def get_security_groups(ids)
|
25
|
+
ectwo = AWS::EC2.new
|
26
|
+
ids.map { |id| ectwo.security_groups[id] }
|
27
|
+
end
|
28
|
+
|
23
29
|
def authorize_ingress(secgroup, protocol, port, ip)
|
24
30
|
# test if exists first
|
25
31
|
return false if secgroup.ingress_ip_permissions.to_a.select { |p|
|
@@ -52,7 +58,7 @@ module Toquen
|
|
52
58
|
:type => i.instance_type,
|
53
59
|
:external_dns => i.public_dns_name,
|
54
60
|
:internal_dns => i.private_dns_name,
|
55
|
-
:security_groups => i.security_groups
|
61
|
+
:security_groups => i.security_groups.to_a.map(&:id)
|
56
62
|
}
|
57
63
|
end
|
58
64
|
end
|
data/lib/toquen/capistrano.rb
CHANGED
@@ -81,20 +81,9 @@ task :cook do
|
|
81
81
|
end
|
82
82
|
before :cook, :update_kitchen
|
83
83
|
|
84
|
-
desc "Open
|
85
|
-
task :
|
86
|
-
|
87
|
-
filter_roles = Set.new fetch(:filter)[:roles]
|
88
|
-
aws = Toquen::AWSProxy.new
|
89
|
-
aws.regions.each do |region|
|
90
|
-
aws.server_details_in(region).each do |instance|
|
91
|
-
instance_roles = instance[:roles] + ["all", "server-#{instance[:name]}"]
|
92
|
-
unless (filter_roles.intersection instance_roles.to_set).empty?
|
93
|
-
instance[:security_groups].each { |sg| secgroups[sg.id] = sg }
|
94
|
-
end
|
95
|
-
end
|
96
|
-
end
|
97
|
-
|
84
|
+
desc "Open a port of ingress to the current machine"
|
85
|
+
task :open_port, :port do |t, args|
|
86
|
+
port = (args[:port] || 22).to_i
|
98
87
|
run_locally do
|
99
88
|
ivip = StunClient.get_ip
|
100
89
|
if ivip.nil?
|
@@ -103,30 +92,20 @@ task :open_ssh do
|
|
103
92
|
end
|
104
93
|
|
105
94
|
ivip = "#{ivip}/32"
|
106
|
-
|
107
|
-
|
108
|
-
|
95
|
+
aws = Toquen::AWSProxy.new
|
96
|
+
aws.get_security_groups(fetch(:filter)[:secgroups]).each do |sg|
|
97
|
+
if aws.authorize_ingress sg, :tcp, port, ivip
|
98
|
+
info "Opened port tcp:#{port} on security group '#{sg.name}' (#{sg.id}) to #{ivip}"
|
109
99
|
else
|
110
|
-
warn "Port tcp
|
100
|
+
warn "Port tcp:#{port} in security group '#{sg.name}' (#{sg.id}) already open to #{ivip}"
|
111
101
|
end
|
112
102
|
end
|
113
103
|
end
|
114
104
|
end
|
115
105
|
|
116
|
-
desc "Close
|
117
|
-
task :
|
118
|
-
|
119
|
-
filter_roles = Set.new fetch(:filter)[:roles]
|
120
|
-
aws = Toquen::AWSProxy.new
|
121
|
-
aws.regions.each do |region|
|
122
|
-
aws.server_details_in(region).each do |instance|
|
123
|
-
instance_roles = instance[:roles] + ["all", "server-#{instance[:name]}"]
|
124
|
-
unless (filter_roles.intersection instance_roles.to_set).empty?
|
125
|
-
instance[:security_groups].each { |sg| secgroups[sg.id] = sg }
|
126
|
-
end
|
127
|
-
end
|
128
|
-
end
|
129
|
-
|
106
|
+
desc "Close a port of ingress to the current machine"
|
107
|
+
task :close_port, :port do |t, args|
|
108
|
+
port = (args[:port] || 22).to_i
|
130
109
|
run_locally do
|
131
110
|
ivip = StunClient.get_ip
|
132
111
|
if ivip.nil?
|
@@ -135,16 +114,27 @@ task :close_ssh do
|
|
135
114
|
end
|
136
115
|
|
137
116
|
ivip = "#{ivip}/32"
|
138
|
-
|
139
|
-
|
140
|
-
|
117
|
+
aws = Toquen::AWSProxy.new
|
118
|
+
aws.get_security_groups(fetch(:filter)[:secgroups]).each do |sg|
|
119
|
+
if aws.revoke_ingress sg, :tcp, port, ivip
|
120
|
+
info "Closed port tcp:#{port} on security group '#{sg.name}' (#{sg.id}) to #{ivip}"
|
141
121
|
else
|
142
|
-
warn "Port tcp
|
122
|
+
warn "Port tcp:#{port} in security group '#{sg.name}' (#{sg.id}) already closed to #{ivip}"
|
143
123
|
end
|
144
124
|
end
|
145
125
|
end
|
146
126
|
end
|
147
127
|
|
128
|
+
desc "Open SSH ingress to current machine"
|
129
|
+
task :open_ssh do
|
130
|
+
invoke "open_port", "22"
|
131
|
+
end
|
132
|
+
|
133
|
+
desc "Close SSH ingress to current machine"
|
134
|
+
task :close_ssh do
|
135
|
+
invoke "close_port", "22"
|
136
|
+
end
|
137
|
+
|
148
138
|
desc "install toquen capistrano setup to current directory"
|
149
139
|
task :toquen_install do
|
150
140
|
unless Dir.exists?('config')
|
data/lib/toquen/local_writer.rb
CHANGED
@@ -13,11 +13,14 @@ module Toquen
|
|
13
13
|
open("config/deploy/#{name}.rb", 'w') do |f|
|
14
14
|
f.write("# This file will be overwritten by toquen! Don't put anything here.\n")
|
15
15
|
f.write("set :stage, '#{name}'.intern\n")
|
16
|
+
secgroups = []
|
16
17
|
servers.each { |details|
|
17
18
|
rstring = (details[:roles] + [ "all", "server-#{details[:name]}" ]).join(' ')
|
18
19
|
f.write("server '#{details[:external_ip]}', roles: %w{#{rstring}}, awsname: '#{details[:name]}'\n")
|
20
|
+
secgroups += details[:security_groups]
|
19
21
|
}
|
20
|
-
|
22
|
+
secstring = secgroups.uniq.join(' ')
|
23
|
+
f.write("set :filter, roles: %w{#{name}}, secgroups: %w{#{secstring}}\n")
|
21
24
|
end
|
22
25
|
end
|
23
26
|
|
data/lib/toquen/version.rb
CHANGED