Class: Ironfan::Dsl::Ec2::ElasticLoadBalancer

Inherits:
Ironfan::Dsl show all
Defined in:
lib/ironfan/dsl/ec2.rb,
lib/ironfan/headers.rb

Defined Under Namespace

Classes: HealthCheck

Constant Summary collapse

DISALLOWED_SSL_CIPHERS =

Remove ciphers which are vulnerable to the BEAST attack. en.wikipedia.org/wiki/Transport_Layer_Security#BEAST_attack

%w[
Protocol-SSLv2
ADH-AES128-SHA
ADH-AES256-SHA
ADH-CAMELLIA128-SHA
ADH-CAMELLIA256-SHA
ADH-DES-CBC-SHA
ADH-DES-CBC3-SHA
ADH-RC4-MD5
ADH-SEED-SHA
DES-CBC-MD5
DES-CBC-SHA
DES-CBC3-MD5
DHE-DSS-AES128-SHA
DHE-DSS-AES256-SHA
DHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA
EDH-DSS-DES-CBC-SHA
EDH-DSS-DES-CBC3-SHA
EDH-RSA-DES-CBC-SHA
EDH-RSA-DES-CBC3-SHA
EXP-ADH-DES-CBC-SHA
EXP-ADH-RC4-MD5
EXP-DES-CBC-SHA
EXP-EDH-DSS-DES-CBC-SHA
EXP-EDH-RSA-DES-CBC-SHA
EXP-KRB5-DES-CBC-MD5
EXP-KRB5-DES-CBC-SHA
EXP-KRB5-RC2-CBC-MD5
EXP-KRB5-RC2-CBC-SHA
EXP-RC2-CBC-MD5
IDEA-CBC-SHA
KRB5-DES-CBC-MD5
KRB5-DES-CBC-SHA
KRB5-DES-CBC3-MD5
KRB5-DES-CBC3-SHA
PSK-3DES-EDE-CBC-SHA
PSK-AES128-CBC-SHA
PSK-AES256-CBC-SHA
RC2-CBC-MD5
        ] +
        # Remove all RC4 ciphers
        # http://en.wikipedia.org/wiki/Transport_Layer_Security#RC4_attacks
        %w[
ADH-RC4-MD5
EXP-ADH-RC4-MD5
EXP-KRB5-RC4-MD5
EXP-KRB5-RC4-SHA
EXP-RC4-MD5
KRB5-RC4-MD5
KRB5-RC4-SHA
PSK-RC4-SHA
RC4-MD5
RC4-SHA
ALLOWED_SSL_CIPHERS =

TODO: Move over to Elliptic Curve Cipher Suites (ECDHE ciphers) as soon as ELB supports them.

%w[
Protocol-SSLv3
Protocol-TLSv1
AES128-SHA
AES256-SHA
CAMELLIA128-SHA
CAMELLIA256-SHA
DES-CBC3-SHA
DHE-DSS-CAMELLIA128-SHA
DHE-DSS-CAMELLIA256-SHA
DHE-DSS-SEED-SHA
DHE-RSA-CAMELLIA128-SHA
DHE-RSA-CAMELLIA256-SHA
DHE-RSA-SEED-SHA
SEED-SHA

Instance Attribute Summary

Attributes included from Gorillib::Resolution

#underlay

Instance Method Summary collapse

Methods inherited from Ironfan::Dsl

#_skip_fields, #skip_fields, #to_manifest

Methods included from Gorillib::Resolution

#deep_resolve, #merge_resolve, #merge_values, #read_resolved_attribute, #read_set_attribute, #read_set_or_underlay_attribute, #read_underlay_attribute, #resolve, #resolve!, #resolve_value

Methods included from CookbookRequirements

#_cookbook_reqs, #children, #cookbook_req, #cookbook_reqs, #join_req

Methods inherited from Builder

ui, #ui

Instance Method Details

#listeners_to_fog(cert_lookup) ⇒ Object


264
265
266
267
268
269
270
271
272
273
274
275
# File 'lib/ironfan/dsl/ec2.rb', line 264

def listeners_to_fog(cert_lookup)
  port_mappings.map do |pm|
    result = {
      'Protocol'         => pm[0], # load_balancer_protocl
      'LoadBalancerPort' => pm[1], # load_balancer_port
      'InstanceProtocol' => pm[2], # internal_protocol
      'InstancePort'     => pm[3], # internal_port
    }
    result['SSLCertificateId'] = cert_lookup[pm[4]] if pm[4]
    result
  end
end

#map_port(load_balancer_protocol = 'HTTP', load_balancer_port = 80, internal_protocol = 'HTTP', internal_port = 80, iam_server_certificate = nil) ⇒ Object


250
251
252
253
254
# File 'lib/ironfan/dsl/ec2.rb', line 250

def map_port(load_balancer_protocol = 'HTTP', load_balancer_port = 80, internal_protocol = 'HTTP', internal_port = 80, iam_server_certificate = nil)
  port_mappings << [ load_balancer_protocol, load_balancer_port, internal_protocol, internal_port, iam_server_certificate ]
  port_mappings.compact!
  port_mappings.uniq!
end

#ssl_policy_to_fogObject


256
257
258
259
260
261
262
# File 'lib/ironfan/dsl/ec2.rb', line 256

def ssl_policy_to_fog
  result = { }
  allowed_ciphers.each { |a| result[a] = true }
  disallowed_ciphers.each { |d| result[d] = false }
  uuid = Digest::MD5.hexdigest("ALLOWED:#{allowed_ciphers.sort.join('')};DISALLOWED:#{disallowed_ciphers.sort.join('')}")
  return { :name => uuid, :attributes => result }
end