class Epas::AutoSigner

Public Class Methods

new(file = "~/.awssecret", regions = []) click to toggle source

Creates a new auto_signer object tied to the specific ec2 account and regions provided.

Attributes

  • file - Path to a file containing only the EC2 id and secret access_keys in the two first lines and in this order. Defaults to “~/.awssecret”.

  • regions - Array containing all EC2 regions to check, defaults to all available.

Examples

Epas::Autosigner.new
Epas::AutoSigner.new myfile, [ 'eu-west-1', 'eu-east-1']
# File lib/epas.rb, line 24
def initialize(file = "~/.awssecret", regions = [])
  raise UnavailablePuppet unless command?('puppet') && command?('puppetca')
  @aws_id, @aws_key        = read_aws_credentials(file)
  @regions                 = regions.blank? ? get_all_ec2_regions : regions
  @awaiting_sign_instances = get_awaiting_sign_instances
end

Public Instance Methods

sign_ec2_instance_requests!() click to toggle source

Signs all pending requests in puppet initiated by ec2 machines.

# File lib/epas.rb, line 32
def sign_ec2_instance_requests!
  # TODO: Add logging to syslog
  unless @awaiting_sign_instances.blank?
    get_all_ec2_instances_ids.each do |instance_id|
      @awaiting_sign_instances.each do |hostname|
        sign_instance(hostname) if hostname.match /#{instance_id}/
      end
    end
  end
end

Private Instance Methods

command?(command) click to toggle source
# File lib/epas.rb, line 81
def command?(command)
  system("which #{command} > /dev/null 2>&1")
end
get_all_ec2_instances_ids() click to toggle source
# File lib/epas.rb, line 72
def get_all_ec2_instances_ids
  instances = @regions.map do |region|
   silence_stream STDOUT do
      Aws::Ec2.new(@aws_id, @aws_key, :region => region).describe_instances
    end
  end.flatten
  ids = instances.map { |i| i[:aws_instance_id] }
end
get_all_ec2_regions() click to toggle source
# File lib/epas.rb, line 68
def get_all_ec2_regions
  %w(eu-west-1 us-east-1 ap-northeast-1 us-west-1 ap-southeast-1)
end
get_awaiting_sign_instances() click to toggle source
# File lib/epas.rb, line 63
def get_awaiting_sign_instances
  # TODO: Run with sudo if not root
  `puppetca --list`.split("\n")
end
log(message) click to toggle source
# File lib/epas.rb, line 85
def log(message)
  # $0 is the current script name
  Syslog.open($0, Syslog::LOG_PID | Syslog::LOG_CONS) { |s| s.warning message }
end
read_aws_credentials(file) click to toggle source
# File lib/epas.rb, line 45
def read_aws_credentials(file)
  file = File.expand_path(file)
  raise UnavailableEC2Credentials unless File.exists?(file)
  id, key = File.read(file).split("\n")
  raise UnavailableEC2Credentials if id.blank? || key.blank?
  [id, key]
end
sign_instance(hostname) click to toggle source
# File lib/epas.rb, line 53
def sign_instance(hostname)
  # TODO: Run with sudo if not root
  result = system("puppet cert --sign #{hostname}")
  if result
    log "Server with hostname: #{hostname} signed succesfully."
  else
    log "Failed to sign server with hostname: #{hostname}"
  end
end