def deactivate_nodes(cf_conn, stackname):
ec2_conn = AWS.get_ec2_connection()
pm_instance = utils.get_puppetmaster_instance(ec2_conn)
if pm_instance is None:
return
puppetmaster_ip = pm_instance.ip_address
print "Deactivating nodes on puppetmaster (%s)" % puppetmaster_ip
instance_ids = set()
resources = cf_conn.list_stack_resources(stack_name_or_id=stackname)
for r in resources:
if r.resource_type == "AWS::EC2::Instance":
instance_ids.add(r.physical_resource_id)
password = fetch_secrets("secrets/hcs-root")
ssh_conn = SSHable(puppetmaster_ip)
ssh_conn.connect()
for i in ec2_conn.get_only_instances():
if i.id in instance_ids:
hostname = i.tags["Name"]
print "Deactivating node: " + hostname
streams = ssh_conn.ssh(
"echo {0} | sudo -S puppet node clean {1}; echo {0} | sudo -S puppet node deactivate {1}".format(
password, hostname
)
)
print streams[1].read()
ssh_conn.disconnect()
def post_create_hooks(self):
ip = self.get_public_ip_address()
password = fetch_secrets('secrets/hcs-root')
ssh_conn = SSHable(ip)
while True:
try:
ssh_conn.connect()
break
except:
print "Waiting to connect to: " + ip
sleep(30) # Wait 30 seconds before polling again.
ssh_conn.ssh("echo {0} | sudo -S mkdir -p /etc/puppet/secure/keys".format(password))
sftp = ssh_conn.sftp()
print "Transferring puppetmaster keys."
for key in ['private', 'public']:
key_string = fetch_secrets('secrets/puppetmaster_%s_key.pkcs7.pem' % key)
key_file = sftp.file('%s_key.pkcs7.pem' % key, 'w')
key_file.write(key_string)
key_file.close()
ssh_conn.ssh("echo {0} | sudo -S mv {1}_key.pkcs7.pem /etc/puppet/secure/keys/{1}_key.pkcs7.pem".format(password, key))
ssh_conn.ssh("echo {0} | sudo -S chmod 0400 /etc/puppet/secure/keys/*.pem".format(password))
ssh_conn.ssh("echo {0} | sudo -S chmod 0500 /etc/puppet/secure/keys".format(password))
ssh_conn.ssh("echo {0} | sudo -S chown -R puppet:puppet /etc/puppet/secure/keys".format(password))