Class: Ironfan::Dsl::Ec2::ElasticLoadBalancer
- Inherits:
-
Ironfan::Dsl
- Object
- Builder
- Ironfan::Dsl
- Ironfan::Dsl::Ec2::ElasticLoadBalancer
- Defined in:
- lib/ironfan/dsl/ec2.rb,
lib/ironfan/headers.rb
Defined Under Namespace
Classes: HealthCheck
Constant Summary collapse
- DISALLOWED_SSL_CIPHERS =
Remove ciphers which are vulnerable to the BEAST attack. en.wikipedia.org/wiki/Transport_Layer_Security#BEAST_attack
%w[ Protocol-SSLv2 ADH-AES128-SHA ADH-AES256-SHA ADH-CAMELLIA128-SHA ADH-CAMELLIA256-SHA ADH-DES-CBC-SHA ADH-DES-CBC3-SHA ADH-RC4-MD5 ADH-SEED-SHA DES-CBC-MD5 DES-CBC-SHA DES-CBC3-MD5 DHE-DSS-AES128-SHA DHE-DSS-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA EDH-DSS-DES-CBC-SHA EDH-DSS-DES-CBC3-SHA EDH-RSA-DES-CBC-SHA EDH-RSA-DES-CBC3-SHA EXP-ADH-DES-CBC-SHA EXP-ADH-RC4-MD5 EXP-DES-CBC-SHA EXP-EDH-DSS-DES-CBC-SHA EXP-EDH-RSA-DES-CBC-SHA EXP-KRB5-DES-CBC-MD5 EXP-KRB5-DES-CBC-SHA EXP-KRB5-RC2-CBC-MD5 EXP-KRB5-RC2-CBC-SHA EXP-RC2-CBC-MD5 IDEA-CBC-SHA KRB5-DES-CBC-MD5 KRB5-DES-CBC-SHA KRB5-DES-CBC3-MD5 KRB5-DES-CBC3-SHA PSK-3DES-EDE-CBC-SHA PSK-AES128-CBC-SHA PSK-AES256-CBC-SHA RC2-CBC-MD5 ] + # Remove all RC4 ciphers # http://en.wikipedia.org/wiki/Transport_Layer_Security#RC4_attacks %w[ ADH-RC4-MD5 EXP-ADH-RC4-MD5 EXP-KRB5-RC4-MD5 EXP-KRB5-RC4-SHA EXP-RC4-MD5 KRB5-RC4-MD5 KRB5-RC4-SHA PSK-RC4-SHA RC4-MD5 RC4-SHA ]
- ALLOWED_SSL_CIPHERS =
TODO: Move over to Elliptic Curve Cipher Suites (ECDHE ciphers) as soon as ELB supports them.
%w[ Protocol-SSLv3 Protocol-TLSv1 AES128-SHA AES256-SHA CAMELLIA128-SHA CAMELLIA256-SHA DES-CBC3-SHA DHE-DSS-CAMELLIA128-SHA DHE-DSS-CAMELLIA256-SHA DHE-DSS-SEED-SHA DHE-RSA-CAMELLIA128-SHA DHE-RSA-CAMELLIA256-SHA DHE-RSA-SEED-SHA SEED-SHA ]
Instance Attribute Summary
Attributes included from Gorillib::Resolution
Instance Method Summary collapse
- #listeners_to_fog(cert_lookup) ⇒ Object
- #map_port(load_balancer_protocol = 'HTTP', load_balancer_port = 80, internal_protocol = 'HTTP', internal_port = 80, iam_server_certificate = nil) ⇒ Object
- #ssl_policy_to_fog ⇒ Object
Methods inherited from Ironfan::Dsl
#_skip_fields, #skip_fields, #to_manifest
Methods included from Gorillib::Resolution
#deep_resolve, #merge_resolve, #merge_values, #read_resolved_attribute, #read_set_attribute, #read_set_or_underlay_attribute, #read_underlay_attribute, #resolve, #resolve!, #resolve_value
Methods included from CookbookRequirements
#_cookbook_reqs, #children, #cookbook_req, #cookbook_reqs, #join_req
Methods inherited from Builder
Instance Method Details
#listeners_to_fog(cert_lookup) ⇒ Object
264 265 266 267 268 269 270 271 272 273 274 275 |
# File 'lib/ironfan/dsl/ec2.rb', line 264 def listeners_to_fog(cert_lookup) port_mappings.map do |pm| result = { 'Protocol' => pm[0], # load_balancer_protocl 'LoadBalancerPort' => pm[1], # load_balancer_port 'InstanceProtocol' => pm[2], # internal_protocol 'InstancePort' => pm[3], # internal_port } result['SSLCertificateId'] = cert_lookup[pm[4]] if pm[4] result end end |
#map_port(load_balancer_protocol = 'HTTP', load_balancer_port = 80, internal_protocol = 'HTTP', internal_port = 80, iam_server_certificate = nil) ⇒ Object
250 251 252 253 254 |
# File 'lib/ironfan/dsl/ec2.rb', line 250 def map_port(load_balancer_protocol = 'HTTP', load_balancer_port = 80, internal_protocol = 'HTTP', internal_port = 80, iam_server_certificate = nil) port_mappings << [ load_balancer_protocol, load_balancer_port, internal_protocol, internal_port, iam_server_certificate ] port_mappings.compact! port_mappings.uniq! end |
#ssl_policy_to_fog ⇒ Object
256 257 258 259 260 261 262 |
# File 'lib/ironfan/dsl/ec2.rb', line 256 def ssl_policy_to_fog result = { } allowed_ciphers.each { |a| result[a] = true } disallowed_ciphers.each { |d| result[d] = false } uuid = Digest::MD5.hexdigest("ALLOWED:#{allowed_ciphers.sort.join('')};DISALLOWED:#{disallowed_ciphers.sort.join('')}") return { :name => uuid, :attributes => result } end |