Class: Central::Machine::Aws::AuthProvisioner

Inherits:

Object

• Object
• Central::Machine::Aws::AuthProvisioner

Includes:

Common, CertHelper, RandomName

Defined in:

lib/central/machine/aws/auth_provisioner.rb

Instance Attribute Summary

• #ec2 ⇒ Object readonly

  Returns the value of attribute ec2.

• #http_client ⇒ Object readonly

  Returns the value of attribute http_client.

• #region ⇒ String readonly

Instance Method Summary

• #create_security_group(name, vpc_id = nil) ⇒ Object

  creates security_group and authorizes default port ranges.

• #ensure_security_group(vpc_id) ⇒ Aws::EC2::SecurityGroup
• #erb(template, vars) ⇒ Object
• #generate_name ⇒ Object
• #initialize(access_key_id, secret_key, region) ⇒ AuthProvisioner constructor

  A new instance of AuthProvisioner.

• #master_running?(http_client) ⇒ Boolean
• #run!(opts) ⇒ Object
• #user_data(vars) ⇒ Object

Methods included from CertHelper

#generate_self_signed_cert

Methods included from Common

#default_subnet, #default_vpc, #resolve_ami

Constructor Details

#initialize(access_key_id, secret_key, region) ⇒ AuthProvisioner

Returns a new instance of AuthProvisioner.

Parameters:

• access_key_id (String) —

  aws_access_key_id

• secret_key (String) —

  aws_secret_access_key

• region (String)

# File 'lib/central/machine/aws/auth_provisioner.rb', line 19

def initialize(access_key_id, secret_key, region)
  @ec2 = ::Aws::EC2::Resource.new(
    region: region,
    credentials: ::Aws::Credentials.new(access_key_id, secret_key)
  )
end

Instance Attribute Details

#ec2 ⇒ Object (readonly)

Returns the value of attribute ec2.

# File 'lib/central/machine/aws/auth_provisioner.rb', line 14

def ec2
  @ec2
end

#http_client ⇒ Object (readonly)

Returns the value of attribute http_client.

# File 'lib/central/machine/aws/auth_provisioner.rb', line 14

def http_client
  @http_client
end

#region ⇒ String (readonly)

Returns:

• (String)

# File 'lib/central/machine/aws/auth_provisioner.rb', line 134

def region
  @region
end

Instance Method Details

#create_security_group(name, vpc_id = nil) ⇒ Object

creates security_group and authorizes default port ranges

Parameters:

• name (String)
• vpc_id (String, NilClass) (defaults to: nil)

Returns:

• Aws::EC2::SecurityGroup

# File 'lib/central/machine/aws/auth_provisioner.rb', line 112

def create_security_group(name, vpc_id = nil)
  sg = ec2.create_security_group(
    group_name: name,
    description: 'Central Machine OAuth',
    vpc_id: vpc_id)
  sg.create_tags(tags: [
                   { key: 'Name', value: name }
                 ])
  sg.authorize_ingress( # SSHD
    ip_protocol: 'tcp',
    from_port: 22,
    to_port: 22,
    cidr_ip: '24.7.32.100/32')
  sg.authorize_ingress( # HTTPS
    ip_protocol: 'tcp',
    from_port: 443,
    to_port: 443,
    cidr_ip: '0.0.0.0/0')
  sg
end

#ensure_security_group(vpc_id) ⇒ Aws::EC2::SecurityGroup

Parameters:

• vpc_id (String)

Returns:

• (Aws::EC2::SecurityGroup)

# File 'lib/central/machine/aws/auth_provisioner.rb', line 91

def ensure_security_group(vpc_id)
  group_name = 'central_machine_oauth'
  sg = ec2.security_groups(
    filters: [
      { name: 'group-name', values: [group_name] },
      { name: 'vpc-id', values: [vpc_id] }
    ]
  ).first
  unless sg
    ShellSpinner 'Creating AWS security group' do
      sg = create_security_group(group_name, vpc_id)
    end
  end
  sg
end

#erb(template, vars) ⇒ Object

# File 'lib/central/machine/aws/auth_provisioner.rb', line 153

def erb(template, vars)
  ERB.new(template).result(
    OpenStruct.new(vars).instance_eval { binding }
  )
end

#generate_name ⇒ Object

# File 'lib/central/machine/aws/auth_provisioner.rb', line 143

def generate_name
  "central-machine-oauth-#{super}-#{rand(1..99)}"
end

#master_running?(http_client) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/central/machine/aws/auth_provisioner.rb', line 147

def master_running?(http_client)
  http_client.get(path: '/v1/ping').status == 200
rescue
  false
end

#run!(opts) ⇒ Object

Parameters:

• opts (Hash)

# File 'lib/central/machine/aws/auth_provisioner.rb', line 27

def run!(opts)
  ssl_cert = nil
  if opts[:ssl_cert]
    unless File.exist?(File.expand_path(opts[:ssl_cert]))
      abort('Invalid ssl cert')
    end
    ssl_cert = File.read(File.expand_path(opts[:ssl_cert]))
  else
    ShellSpinner 'Generating self-signed SSL certificate' do
      ssl_cert = generate_self_signed_cert
    end
  end

  ami = resolve_ami(region)
  abort('No valid AMI found for region') unless ami
  opts[:vpc] = default_vpc.vpc_id unless opts[:vpc]
  subnet = if opts[:subnet].nil?
             default_subnet(opts[:vpc], region + opts[:zone])
           else
             ec2.subnet(opts[:subnet])
           end
  userdata_vars = {
    ssl_cert: ssl_cert,
    version: opts[:version]
  }

  security_group = ensure_security_group(opts[:vpc])
  name = generate_name
  ec2_instance = ec2.create_instances(
    image_id: ami,
    min_count: 1,
    max_count: 1,
    instance_type: opts[:type],
    security_group_ids: [security_group.group_id],
    key_name: opts[:key_pair],
    subnet_id: subnet.subnet_id,
    user_data: Base64.encode64(user_data(userdata_vars)),
    block_device_mappings: [
      {
        device_name: '/dev/xvda',
        virtual_name: 'Root',
        ebs: {
          volume_size: opts[:storage],
          volume_type: 'gp2'
        }
      }
    ]
  ).first
  ec2_instance.create_tags(tags: [{ key: 'Name', value: name }])
  ShellSpinner "Creating AWS instance #{name.colorize(:cyan)} " do
    sleep 5 until ec2_instance.reload.state.name == 'running'
  end
  auth_url = "https://#{ec2_instance.public_ip_address}"
  Excon.defaults[:ssl_verify_peer] = false
  http_client = Excon.new(auth_url, connect_timeout: 10)
  ShellSpinner "Waiting for #{name.colorize(:cyan)} to start" do
    sleep 5 until master_running?(http_client)
  end

  puts 'Central Machine OAuth Agent is now running'
end

#user_data(vars) ⇒ Object

# File 'lib/central/machine/aws/auth_provisioner.rb', line 138

def user_data(vars)
  cloudinit_template = File.join(__dir__, '/cloudinit_oauth.yml')
  erb(File.read(cloudinit_template), vars)
end