zepplen_aws 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +57 -2
- data/bin/test.yaml +19 -0
- data/bin/zepplen_users +49 -0
- data/bin/zepplen_users_admin +257 -0
- data/lib/zepplen_aws.rb +50 -0
- data/lib/zepplen_aws/auto_dns.rb +2 -0
- data/lib/zepplen_aws/aws.rb +4 -0
- data/lib/zepplen_aws/aws/dynamo_db.rb +29 -0
- data/lib/zepplen_aws/aws/instance_data.rb +76 -0
- data/lib/zepplen_aws/aws/s3.rb +29 -0
- data/lib/zepplen_aws/env.rb +10 -2
- data/lib/zepplen_aws/exceptions.rb +6 -0
- data/lib/zepplen_aws/exceptions/base.rb +6 -0
- data/lib/zepplen_aws/exceptions/users.rb +10 -0
- data/lib/zepplen_aws/server_local_users.rb +256 -0
- data/lib/zepplen_aws/server_user.rb +395 -0
- data/lib/zepplen_aws/server_users.rb +259 -0
- metadata +20 -6
data/README.md
CHANGED
@@ -1,7 +1,62 @@
|
|
1
1
|
aws-tools
|
2
2
|
=========
|
3
3
|
|
4
|
-
Ruby AWS tools for common tasks
|
4
|
+
#Ruby AWS tools for common tasks
|
5
|
+
|
6
|
+
##Ubuntu/Debian Install
|
7
|
+
You will need the following apt-get packages to install all the required gems:
|
8
|
+
1. ruby1.9.1-dev
|
9
|
+
2. build-essential
|
10
|
+
3. libxml2-dev
|
11
|
+
4. libxslt1-dev
|
5
12
|
|
6
13
|
Tools
|
7
|
-
|
14
|
+
1. Automatic Route53 DNS Creation: zepplen_dns
|
15
|
+
2. Centralized User Management: zepplen_users, zepplen_users_admin
|
16
|
+
|
17
|
+
The goal of ZepplenAWS is to provide useful tools for maintaining Linux instances in AWS.
|
18
|
+
Development and testing is currently being done on Ubuntu instances, however they should on any
|
19
|
+
flavor of *nix.
|
20
|
+
|
21
|
+
= Zepplen Users
|
22
|
+
Required zepplen_users_admin Permissions
|
23
|
+
1. DynamoDB
|
24
|
+
* dynamodb:BatchGetItem
|
25
|
+
* dynamodb:DeleteItem
|
26
|
+
* dynamodb:DescribeTable
|
27
|
+
* dynamodb:GetItem
|
28
|
+
* dynamodb:PutItem
|
29
|
+
* dynamodb:Query
|
30
|
+
* dynamodb:UpdateItem
|
31
|
+
2. EC2
|
32
|
+
* ec2:DescribeInstances
|
33
|
+
* ec2:DescribeTags
|
34
|
+
3. S3 (optional)
|
35
|
+
* s3:GetObject
|
36
|
+
* s3:PutObject
|
37
|
+
* s3:DeleteObject
|
38
|
+
|
39
|
+
Required zepplen_users Permissions
|
40
|
+
1. DynamoDB
|
41
|
+
* dynamodb:BatchGetItem
|
42
|
+
* dynamodb:DescribeTable
|
43
|
+
* dynamodb:GetItem
|
44
|
+
* dynamodb:Query
|
45
|
+
2. EC2
|
46
|
+
* ec2:DescribeInstances
|
47
|
+
* ec2:DescribeTags
|
48
|
+
3. S3 (optional)
|
49
|
+
* s3:GetObject
|
50
|
+
|
51
|
+
Required zepplen_dns Permissions
|
52
|
+
1. EC2
|
53
|
+
* ec2:DescribeInstances
|
54
|
+
* ec2:DescribeTags
|
55
|
+
2. Elastic Load Ballancing
|
56
|
+
* elasticloadbalancing:DescribeLoadBalancers
|
57
|
+
3. Route53
|
58
|
+
* route53:ChangeResourceRecordSets
|
59
|
+
* route53:GetHostedZone
|
60
|
+
* route53:ListHostedZones
|
61
|
+
* route53:ListResourceRecordSets
|
62
|
+
|
data/bin/test.yaml
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
---
|
2
|
+
:metadata:
|
3
|
+
:identity: 74
|
4
|
+
:max_key_age: 80
|
5
|
+
:sudo_group: '125'
|
6
|
+
:local_users:
|
7
|
+
mtrimmer:
|
8
|
+
:user_name: mtrimmer
|
9
|
+
:shell: /bin/bash
|
10
|
+
:public_key: KKDFDJF
|
11
|
+
:public_key_expire: '2013-06-28'
|
12
|
+
:user_id: 1007
|
13
|
+
:identity: 6
|
14
|
+
:sudo:
|
15
|
+
:files:
|
16
|
+
.bashrc:
|
17
|
+
s3_path: mtrimmer/.bashrc
|
18
|
+
mode: '600'
|
19
|
+
content_length: 3489
|
data/bin/zepplen_users
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
#!/usr/bin/env ruby1.9.1
|
2
|
+
require 'zepplen_aws'
|
3
|
+
require 'optparse'
|
4
|
+
|
5
|
+
options = {}
|
6
|
+
|
7
|
+
OptionParser.new do |opts|
|
8
|
+
opts.banner = "Zepplen Tools: Local Linux Users Update"
|
9
|
+
|
10
|
+
options[:config_file] = nil
|
11
|
+
opts.on('--config-file FILE', 'YAML config file with options to load') do |file|
|
12
|
+
options[:config_file] = file
|
13
|
+
end
|
14
|
+
|
15
|
+
options[:aws_access_key_id] = nil
|
16
|
+
opts.on('--access-key-id AWS_ACCESS_KEY', 'AWS Access Key ID (Leave blank to use IAM Role auth)') do |key|
|
17
|
+
options[:aws_access_key_id] = key
|
18
|
+
end
|
19
|
+
|
20
|
+
options[:aws_secret_access_key] = nil
|
21
|
+
opts.on('--secret-access-key AWS_SECRET_KEY', 'AWS Secret Key (Leave blank to use IAM Role auth)') do |key|
|
22
|
+
options[:aws_secret_access_key] = key
|
23
|
+
end
|
24
|
+
|
25
|
+
options[:dynamo_table] = nil
|
26
|
+
opts.on('--dynamo-table TABLE', 'Dynamo table name') do |table|
|
27
|
+
options[:dynamo_table] = table
|
28
|
+
end
|
29
|
+
|
30
|
+
options[:local_users] = nil
|
31
|
+
opts.on('--local-users-file FILE', 'Location to store local state cache (default: /etc/zeppeln_aws/local_users.yaml)') do |file|
|
32
|
+
options[:local_users] = file
|
33
|
+
end
|
34
|
+
|
35
|
+
end.parse!
|
36
|
+
|
37
|
+
#TODO: Add checks to validate the parameters
|
38
|
+
ZepplenAWS::Env.options = options
|
39
|
+
if(ZepplenAWS::Env[:dynamo_table] == nil)
|
40
|
+
ZepplenAWS::Env[:dynamo_table] = 'users'
|
41
|
+
end
|
42
|
+
|
43
|
+
if(ZepplenAWS::Env[:local_users] == nil)
|
44
|
+
ZepplenAWS::Env[:local_users] = '/etc/zeppeln_aws/local_users.yaml'
|
45
|
+
end
|
46
|
+
|
47
|
+
server_users = ZepplenAWS::ServerLocalUsers.new()
|
48
|
+
server_users.local_user_file = ZepplenAWS::Env[:local_users]
|
49
|
+
server_users.update!()
|
@@ -0,0 +1,257 @@
|
|
1
|
+
#!/usr/bin/env ruby1.9.1
|
2
|
+
require 'zepplen_aws'
|
3
|
+
require 'optparse'
|
4
|
+
|
5
|
+
options = {}
|
6
|
+
|
7
|
+
OptionParser.new do |opts|
|
8
|
+
opts.banner = "Zepplen Tools: User Database Management Tool"
|
9
|
+
|
10
|
+
options[:config_file] = nil
|
11
|
+
opts.on('--config-file FILE', 'YAML config file with options to load') do |file|
|
12
|
+
options[:config_file] = file
|
13
|
+
end
|
14
|
+
|
15
|
+
options[:aws_access_key_id] = nil
|
16
|
+
opts.on('--access-key-id AWS_ACCESS_KEY', 'AWS Access Key ID (Leave blank to use IAM Role auth)') do |key|
|
17
|
+
options[:aws_access_key_id] = key
|
18
|
+
end
|
19
|
+
|
20
|
+
options[:aws_secret_access_key] = nil
|
21
|
+
opts.on('--secret-access-key AWS_SECRET_KEY', 'AWS Secret Key (Leave blank to use IAM Role auth)') do |key|
|
22
|
+
options[:aws_secret_access_key] = key
|
23
|
+
end
|
24
|
+
|
25
|
+
options[:dynamo_table] = nil
|
26
|
+
opts.on('--dynamo-table TABLE', 'Dynamo table name (default: users)') do |table|
|
27
|
+
options[:dynamo_table] = table
|
28
|
+
end
|
29
|
+
|
30
|
+
options[:dynamo_primary_key] = 'user_name'
|
31
|
+
opts.on('--dynamo-primary-key KEY_NAME', 'Column name of table primary key (default: user_name)') do |key|
|
32
|
+
options[:dynamo_primary_key] = key
|
33
|
+
end
|
34
|
+
|
35
|
+
options[:configure] = false
|
36
|
+
opts.on('--configure', 'Create and Configure User Environment') do
|
37
|
+
options[:configure] = true
|
38
|
+
end
|
39
|
+
|
40
|
+
options[:user_file_bucket] = nil
|
41
|
+
opts.on('--user-file-bucket S3_PATH', "Defines S3 bucket used to store user's files") do |s3_path|
|
42
|
+
options[:user_file_bucket] = s3_path
|
43
|
+
end
|
44
|
+
|
45
|
+
options[:user] = nil
|
46
|
+
opts.on('-u', '--user USER', 'User To Edit') do |user|
|
47
|
+
options[:user] = user
|
48
|
+
end
|
49
|
+
|
50
|
+
options[:public_key] = nil
|
51
|
+
opts.on('--public-key KEY', "Users SSH public key") do |key|
|
52
|
+
options[:public_key] = key
|
53
|
+
end
|
54
|
+
|
55
|
+
options[:full_name] = nil
|
56
|
+
opts.on('--full-name NAME', "User's name") do |name|
|
57
|
+
options[:full_name] = name
|
58
|
+
end
|
59
|
+
|
60
|
+
options[:access_tag] = []
|
61
|
+
opts.on('--add-access-tag TAG', 'EC2 Tag Name') do |tag_name|
|
62
|
+
options[:access_tag] << tag_name
|
63
|
+
end
|
64
|
+
|
65
|
+
options[:access_tag_value] = []
|
66
|
+
opts.on('--add-access-value VALUE', 'Value to match to EC2 Tag Name') do |tag_value|
|
67
|
+
options[:access_tag_value] << tag_value
|
68
|
+
end
|
69
|
+
|
70
|
+
options[:sudo_access] = []
|
71
|
+
opts.on('--add-sudo [SUDO]', 'Pass a flag to give sudo access to use') do |sudo|
|
72
|
+
options[:sudo_access] << sudo
|
73
|
+
end
|
74
|
+
|
75
|
+
options[:remove_access_tag] = []
|
76
|
+
opts.on('--remove-access-tag TAG', 'EC2 Tag Name') do |tag_name|
|
77
|
+
options[:remove_access_tag] << tag_name
|
78
|
+
end
|
79
|
+
|
80
|
+
options[:remove_access_tag_value] = []
|
81
|
+
opts.on('--remove-access-value VALUE', 'Value to remove access from') do |tag_value|
|
82
|
+
options[:remove_access_tag_value] << tag_value
|
83
|
+
end
|
84
|
+
|
85
|
+
options[:state] = nil
|
86
|
+
opts.on('--state STATE', [:ACTIVE, :INACTIVE], 'User State (ACTIVE, INACTIVE)') do |state|
|
87
|
+
options[:state] = state
|
88
|
+
end
|
89
|
+
|
90
|
+
options[:files] = []
|
91
|
+
opts.on('--add-file FILE_PATH', 'Path to file on local server') do |file|
|
92
|
+
options[:files] << file
|
93
|
+
end
|
94
|
+
|
95
|
+
options[:remote_file_paths] = []
|
96
|
+
opts.on('--remote-file-path FILE_PATH', 'Path of where file to live on remote servers') do |file|
|
97
|
+
options[:remote_file_paths] << file
|
98
|
+
end
|
99
|
+
|
100
|
+
options[:remote_file_mode] = []
|
101
|
+
opts.on('--remote-file-mode MODE', 'Permissions to set on file (default: 0600)') do |mode|
|
102
|
+
options[:remote_file_mode] << mode
|
103
|
+
end
|
104
|
+
|
105
|
+
options[:remove_files] = []
|
106
|
+
opts.on('--remove-file FILE', 'File to remove from profile (File will not be removed from server)') do |file|
|
107
|
+
options[:remove_files] << file
|
108
|
+
end
|
109
|
+
|
110
|
+
#TODO: Figure out a good way to set this.... aws-sdk does not seem to have a good method at the moment
|
111
|
+
end.parse!
|
112
|
+
|
113
|
+
#TODO: Add checks to validate the parameters
|
114
|
+
ZepplenAWS::Env.options = options
|
115
|
+
|
116
|
+
if(ZepplenAWS::Env[:dynamo_table] == nil)
|
117
|
+
ZepplenAWS::Env[:dynamo_table] = 'users'
|
118
|
+
end
|
119
|
+
|
120
|
+
if(ZepplenAWS::Env[:dynamo_primary_key] == nil)
|
121
|
+
ZepplenAWS::Env[:dynamo_primary_key] = 'user_name'
|
122
|
+
end
|
123
|
+
|
124
|
+
server_users = ZepplenAWS::ServerUsers.new()
|
125
|
+
if(!server_users.exists?)
|
126
|
+
puts "Configuration Not Found!"
|
127
|
+
options[:configure] = true
|
128
|
+
end
|
129
|
+
|
130
|
+
if(options[:configure])
|
131
|
+
configs = {}
|
132
|
+
puts "Welcome To Zepplen User Administration"
|
133
|
+
puts
|
134
|
+
puts "We will start by gathering the infomration we need to configure your environment"
|
135
|
+
puts
|
136
|
+
|
137
|
+
print "DynamoDB Table Name [#{ZepplenAWS::Env[:dynamo_table]}]: "
|
138
|
+
dynamo_table = gets.chomp
|
139
|
+
if(dynamo_table != '')
|
140
|
+
ZepplenAWS::Env[:dynamo_table] = dynamo_table
|
141
|
+
end
|
142
|
+
|
143
|
+
puts
|
144
|
+
print "Max age (days) of public keys [90]: "
|
145
|
+
configs[:max_key_age] = gets.chomp
|
146
|
+
if(configs[:max_key_age] == '')
|
147
|
+
configs[:max_key_age] = 90
|
148
|
+
else
|
149
|
+
configs[:max_key_age] = configs[:max_key_age].to_i
|
150
|
+
end
|
151
|
+
|
152
|
+
puts
|
153
|
+
if(server_users.tags && server_users.tags.length > 0)
|
154
|
+
default = server_users.tags
|
155
|
+
else
|
156
|
+
default = ['Name', 'Env']
|
157
|
+
end
|
158
|
+
print "Supported EC2 Tags to taget on (seperate with spaces)[#{default.join(' ')}]: "
|
159
|
+
tags = gets.chomp
|
160
|
+
if(tags == '')
|
161
|
+
configs[:tags] = default
|
162
|
+
else
|
163
|
+
configs[:tags] = tags.split(' ')
|
164
|
+
end
|
165
|
+
|
166
|
+
puts
|
167
|
+
if(server_users.next_uid != 0)
|
168
|
+
default = server_users.next_uid
|
169
|
+
else
|
170
|
+
default = 2000
|
171
|
+
end
|
172
|
+
print "Starting UID [#{default}]: "
|
173
|
+
next_uid = gets.chomp
|
174
|
+
if(next_uid == '')
|
175
|
+
configs[:next_uid] = default
|
176
|
+
else
|
177
|
+
configs[:next_uid] = next_uid.to_i
|
178
|
+
end
|
179
|
+
|
180
|
+
puts
|
181
|
+
if(server_users.user_file_bucket)
|
182
|
+
default = server_users.user_file_bucket
|
183
|
+
else
|
184
|
+
default = nil
|
185
|
+
end
|
186
|
+
print "S3 Bucket for user files (leave blank to disable user files) [#{default}]: "
|
187
|
+
user_files = gets.chomp
|
188
|
+
if(user_files == '')
|
189
|
+
configs[:user_file_bucket] = default
|
190
|
+
else
|
191
|
+
configs[:user_file_bucket] = user_files
|
192
|
+
end
|
193
|
+
|
194
|
+
puts
|
195
|
+
if(server_users.sudo_group)
|
196
|
+
default = server_users.sudo_group
|
197
|
+
else
|
198
|
+
default = 'sudo'
|
199
|
+
end
|
200
|
+
print "Sudo Group [#{default}]: "
|
201
|
+
sudo_group = gets.chomp
|
202
|
+
if(sudo_group == '')
|
203
|
+
sudo_group = default
|
204
|
+
end
|
205
|
+
configs[:sudo_group] = sudo_group
|
206
|
+
|
207
|
+
puts configs.to_yaml
|
208
|
+
puts
|
209
|
+
server_users.configure(configs)
|
210
|
+
puts "All Done!"
|
211
|
+
end
|
212
|
+
if(options[:user_file_bucket])
|
213
|
+
server_users.user_file_bucket = options[:user_file_bucket]
|
214
|
+
end
|
215
|
+
if(options[:user])
|
216
|
+
user = ZepplenAWS::ServerUser.new(options[:user])
|
217
|
+
if(options[:public_key])
|
218
|
+
user.public_key = options[:public_key]
|
219
|
+
end
|
220
|
+
if(options[:full_name])
|
221
|
+
user.full_name = options[:full_name]
|
222
|
+
end
|
223
|
+
if(options[:state])
|
224
|
+
user.state = options[:state]
|
225
|
+
end
|
226
|
+
options[:access_tag].each_with_index do |tag, index|
|
227
|
+
sudo = (options[:sudo_access].length >= index && options[:sudo_access][index])
|
228
|
+
if(!options[:access_tag_value][index])
|
229
|
+
raise '--add-access-value Required'
|
230
|
+
end
|
231
|
+
user.add_access(tag, options[:access_tag_value][index], sudo)
|
232
|
+
end
|
233
|
+
options[:remove_access_tag].each_with_index do |tag, index|
|
234
|
+
user.remove_access(tag, options[:remove_access_tag_value][index])
|
235
|
+
end
|
236
|
+
options[:files].each_with_index do |file, index|
|
237
|
+
file_permissions = '600'
|
238
|
+
if(options[:remote_file_paths][index])
|
239
|
+
remote_file_path = options[:remote_file_paths][index]
|
240
|
+
else
|
241
|
+
raise '--remote-file-path Required with --add-file'
|
242
|
+
end
|
243
|
+
if(options[:remote_file_mode][index])
|
244
|
+
file_permissions = options[:remote_file_mode][index]
|
245
|
+
end
|
246
|
+
user.add_file_path(file, remote_file_path, file_permissions)
|
247
|
+
end
|
248
|
+
options[:remove_files].each do |file|
|
249
|
+
user.remove_file(file)
|
250
|
+
end
|
251
|
+
user.save()
|
252
|
+
user.display()
|
253
|
+
else
|
254
|
+
server_users.users.each_pair do |user_name,user|
|
255
|
+
user.display()
|
256
|
+
end
|
257
|
+
end
|
data/lib/zepplen_aws.rb
CHANGED
@@ -17,9 +17,59 @@ require 'yaml'
|
|
17
17
|
require 'colorize'
|
18
18
|
require 'zepplen_aws/env'
|
19
19
|
|
20
|
+
# The goal of ZepplenAWS is to provide useful tools for maintaining Linux instances in AWS.
|
21
|
+
# Development and testing is currently being done on Ubuntu instances, however they should on any
|
22
|
+
# flavor of *nix.
|
23
|
+
#
|
24
|
+
# = Zepplen Users
|
25
|
+
# Required zepplen_users_admin Permissions
|
26
|
+
# 1. DynamoDB
|
27
|
+
# * dynamodb:BatchGetItem
|
28
|
+
# * dynamodb:DeleteItem
|
29
|
+
# * dynamodb:DescribeTable
|
30
|
+
# * dynamodb:GetItem
|
31
|
+
# * dynamodb:PutItem
|
32
|
+
# * dynamodb:Query
|
33
|
+
# * dynamodb:UpdateItem
|
34
|
+
# 2. EC2
|
35
|
+
# * ec2:DescribeInstances
|
36
|
+
# * ec2:DescribeTags
|
37
|
+
# 3. S3 (optional)
|
38
|
+
# * s3:GetObject
|
39
|
+
# * s3:PutObject
|
40
|
+
# * s3:DeleteObject
|
41
|
+
#
|
42
|
+
# Required zepplen_users Permissions
|
43
|
+
# 1. DynamoDB
|
44
|
+
# * dynamodb:BatchGetItem
|
45
|
+
# * dynamodb:DescribeTable
|
46
|
+
# * dynamodb:GetItem
|
47
|
+
# * dynamodb:Query
|
48
|
+
# 2. EC2
|
49
|
+
# * ec2:DescribeInstances
|
50
|
+
# * ec2:DescribeTags
|
51
|
+
# 3. S3 (optional)
|
52
|
+
# * s3:GetObject
|
53
|
+
#
|
54
|
+
# Required zepplen_dns Permissions
|
55
|
+
# 1. EC2
|
56
|
+
# * ec2:DescribeInstances
|
57
|
+
# * ec2:DescribeTags
|
58
|
+
# 2. Elastic Load Ballancing
|
59
|
+
# * elasticloadbalancing:DescribeLoadBalancers
|
60
|
+
# 3. Route53
|
61
|
+
# * route53:ChangeResourceRecordSets
|
62
|
+
# * route53:GetHostedZone
|
63
|
+
# * route53:ListHostedZones
|
64
|
+
# * route53:ListResourceRecordSets
|
65
|
+
|
20
66
|
module ZepplenAWS
|
21
67
|
autoload :AWS, 'zepplen_aws/aws'
|
22
68
|
autoload :AutoDNS, 'zepplen_aws/auto_dns'
|
69
|
+
autoload :ServerUsers, 'zepplen_aws/server_users'
|
70
|
+
autoload :ServerLocalUsers, 'zepplen_aws/server_local_users'
|
71
|
+
autoload :ServerUser, 'zepplen_aws/server_user'
|
72
|
+
autoload :Exceptions, 'zepplen_aws/exceptions'
|
23
73
|
end
|
24
74
|
|
25
75
|
ZepplenAWS::Env.init!
|