def configure_fabric(eb_environment_name, ip_address, key_filename=None): if eb_environment_name is not None: get_finalized_environment_variables(eb_environment_name) if key_filename is None: key_filename = get_global_config()['DEPLOYMENT_KEY_FILE_PATH'] fabric_env.host_string = ip_address fabric_env.user = REMOTE_USERNAME fabric_env.key_filename = key_filename retry(run, "# waiting for ssh to be connectable...") run("echo >> {log}".format(log=LOG_FILE)) sudo("chmod 666 {log}".format(log=LOG_FILE))
def encrypt_eb_s3_bucket(): ''' This function obtain the account ID and the region, constructs the elasticbeanstalk s3 bucket name and applies a encrypt by default policy to the bucket. ''' global_config = get_global_config() sts_client = create_sts_client() account_id = sts_client.get_caller_identity().get('Account') # There ought to be an easier way to get this name, but this works. s3_eb_bucket = 'elasticbeanstalk-{}-{}'.format(global_config['AWS_REGION'], account_id) log.info('Enabling encryption on S3 bucket: %s' % s3_eb_bucket) s3_encrypt_bucket(s3_eb_bucket)
def construct_eb_environment_variables(eb_environment_name): global_config = get_global_config() try: environment_variables = get_finalized_environment_variables( eb_environment_name) except Exception as e: log.error("could not get your environment settings.") log.error(e) raise try: server_settings = get_server_configuration_file(eb_environment_name) except Exception as e: log.error("could not get your server settings.") log.error(e) raise # This needs to be a comma separated list of environment variables declared as "var=value" env_var_string = ",".join( ["%s=%s" % (k, v) for k, v in environment_variables.iteritems()]) generated_configuration_details = { "ServiceRole": get_or_create_eb_service_role()['Arn'], "IamInstanceProfile": get_or_create_eb_instance_profile()['Arn'], "EnvironmentVariables": env_var_string, "EC2KeyName": global_config["DEPLOYMENT_KEY_NAME"], "InstanceType": server_settings['ELASTIC_BEANSTALK_INSTANCE_TYPE'], "Notification Endpoint": global_config['SYSTEM_ADMINISTRATOR_EMAIL'] } configuration = get_base_eb_configuration() for option in configuration: if isinstance(option['Value'], DynamicParameter): option['Value'] = generated_configuration_details.pop( option['OptionName']) if generated_configuration_details: pprint(generated_configuration_details) raise Exception( "encountered unused autogenerated configs, see print statement above to debug." ) return configuration
from time import sleep from botocore.exceptions import ClientError from deployment_helpers.aws.boto_helpers import create_ec2_client, create_ec2_resource from deployment_helpers.aws.rds import (get_rds_security_groups_by_eb_name) from deployment_helpers.aws.security_groups import ( create_sec_grp_rule_parameters_allowing_traffic_from_another_security_group, create_security_group, get_security_group_by_name, InvalidSecurityGroupNameException, open_tcp_port, get_security_group_by_id) from deployment_helpers.constants import get_global_config, RABBIT_MQ_PORT from deployment_helpers.general_utils import log GLOBAL_CONFIGURATION = get_global_config() RABBIT_MQ_SEC_GRP_DESCRIPTION = "allows connections to rabbitmq from servers with security group %s" PROCESSING_MANAGER_NAME = "%s data processing manager" #################################################################################################### ######################################## Accessors ################################################# #################################################################################################### def get_instance_by_id(instance_id): ec2_client = create_ec2_client() return ec2_client.describe_instances(InstanceIds=[instance_id])['Reservations'][0]["Instances"][0] def get_manager_private_ip(eb_environment_name): instance = get_manager_instance_by_eb_environment_name(eb_environment_name) print instance['NetworkInterfaces']
def validate_beiwe_environment_config(eb_environment_name): # DOMAIN_NAME # SENTRY_ANDROID_DSN # SENTRY_DATA_PROCESSING_DSN # SENTRY_ELASTIC_BEANSTALK_DSN # SENTRY_JAVASCRIPT_DSN # SYSADMIN_EMAILS errors = [] try: aws_credentials = get_aws_credentials() global_config = get_global_config() beiwe_variables = get_beiwe_environment_variables(eb_environment_name) except Exception as e: log.error( "encountered an error while trying to read configuration files.") log.error(e) EXIT(1) beiwe_variables_name = os.path.basename( get_beiwe_python_environment_variables_file_path(eb_environment_name)) reference_environment_configuration_keys = reference_environment_configuration_file( ).keys() # Validate the data sysadmin_email = global_config.get('SYSTEM_ADMINISTRATOR_EMAIL', "") if not sysadmin_email: errors.append( '(Global Configuration) System administrator email cannot be empty.' ) else: if not re.match('^[\S]+@[\S]+\.[\S]+$', sysadmin_email): errors.append( '(Global Configuration) Invalid email address: {}'.format( sysadmin_email)) # check sentry urls sentry_dsns = { "SENTRY_ELASTIC_BEANSTALK_DSN": beiwe_variables.get('SENTRY_ELASTIC_BEANSTALK_DSN', ''), "SENTRY_DATA_PROCESSING_DSN": beiwe_variables.get('SENTRY_DATA_PROCESSING_DSN', ''), "SENTRY_ANDROID_DSN": beiwe_variables.get('SENTRY_ANDROID_DSN', ''), "SENTRY_JAVASCRIPT_DSN": beiwe_variables.get('SENTRY_JAVASCRIPT_DSN', ''), } for name, dsn in sentry_dsns.iteritems(): if ensure_nonempty_string(dsn, name, errors, beiwe_variables_name): if not DSN_REGEX.match(dsn): errors.append('({}) Invalid DSN: {}'.format( beiwe_variables_name, dsn)) # if name == "SENTRY_JAVASCRIPT_DSN": # if not PUBLIC_DSN_REGEX.match(dsn): # errors.append('({}) Invalid DSN: {}'.format(beiwe_variables_name, dsn)) # elif not PRIVATE_DSN_REGEX.match(dsn): # errors.append('({}) Invalid DSN: {}'.format(beiwe_variables_name, dsn)) domain_name = beiwe_variables.get('DOMAIN', None) ensure_nonempty_string(domain_name, 'Domain name', errors, beiwe_variables_name) for key in reference_environment_configuration_keys: if key not in beiwe_variables: errors.append("{} is missing.".format(key)) for key in beiwe_variables: if key not in reference_environment_configuration_keys: errors.append("{} is present but was not expected.".format(key)) # Raise any errors if errors: for e in errors: log.error(e) sleep( 0.1 ) # python logging has some issues if you exit too fast... isn't it supposed to be synchronous? EXIT(1) # forcibly exit, do not continue to run any code. # Check for presence of the server settings file: if not file_exists( get_server_configuration_file_path(eb_environment_name)): log.error("No server settings file exists at %s." % get_server_configuration_file_path(eb_environment_name)) EXIT(1) # Put the data into one dict to be returned return { 'DOMAIN_NAME': domain_name, 'SYSADMIN_EMAILS': sysadmin_email, 'SENTRY_ELASTIC_BEANSTALK_DSN': sentry_dsns['SENTRY_ELASTIC_BEANSTALK_DSN'], 'SENTRY_DATA_PROCESSING_DSN': sentry_dsns['SENTRY_DATA_PROCESSING_DSN'], 'SENTRY_ANDROID_DSN': sentry_dsns['SENTRY_ANDROID_DSN'], 'SENTRY_JAVASCRIPT_DSN': sentry_dsns['SENTRY_JAVASCRIPT_DSN'] }