def post_update(bosslet_config):
path = export_path(bosslet_config)
print("Waiting for Vault...")
if not bosslet_config.call.check_vault(90, exception=False):
print(
"Could not contact Vault, check networking and run the following command"
)
print("\tpython3 bastion.py vault.bosslet vault-init")
print(
"\tpython3 bastion.py vault.bosslet vault-import {}".format(path))
print("To verify that Vault is working correctly")
raise BossManageError("Could not contact Vault")
aws.route53_delete_records(bosslet_config.session,
bosslet_config.INTERNAL_DOMAIN,
'consul.' + bosslet_config.INTERNAL_DOMAIN)
with bosslet_config.call.vault() as vault:
is_init = False
try:
vault.initialize(bosslet_config.ACCOUNT_ID)
is_init = True
with open(path, 'r') as infile:
vault_data = json.load(infile)
vault.import_(vault_data)
except Exception as ex:
print("Problem updating Vault configuration")
print("Run the following commands to finalize the configuration")
if not is_init:
print("\tpython3 bastion.py vault.bosslet vault-init")
print("\tpython3 bastion.py vault.bosslet vault-import {}".format(
path))
raise
def pre_update(bosslet_config):
# With version 2 the DNS records are now part of the CloudFormation template, so
# remove the existing DNS record so the update can happen
console.warning(
"Removing existing Api public DNS entry, so CloudFormation can manage the DNS record"
)
aws.route53_delete_records(bosslet_config.session,
bosslet_config.EXTERNAL_DOMAIN,
bosslet_config.names.public_dns('api'))
def delete(bosslet_config):
# NOTE: CloudWatch logs for the DNS Lambda are not deleted
session = bosslet_config.session
domain = bosslet_config.INTERNAL_DOMAIN
names = bosslet_config.names
aws.route53_delete_records(session, domain, names.cachemanager.dns)
config = CloudFormationConfiguration("cachedb", bosslet_config)
config.delete()
def pre_init(bosslet_config):
# NOTE: In version 2 the public DNS records are managed by CloudFormation
# If the DNS record currently exists in Route53 the creation of the
# CloudFormation template will fail, so check to see if it exists
# due to previous launches of a Boss stack
session = bosslet_config.session
ext_domain = bosslet_config.EXTERNAL_DOMAIN
ext_cname = bosslet_config.names.public_dns('auth')
target = aws.get_dns_resource_for_domain_name(session, ext_cname,
ext_domain)
if target is not None:
console.warning(
"Removing existing Auth public DNS entry, so CloudFormation can manage the DNS record"
)
aws.route53_delete_records(session, ext_domain, ext_cname)
def delete(bosslet_config):
session = bosslet_config.session
domain = bosslet_config.INTERNAL_DOMAIN
names = bosslet_config.names
if not console.confirm(
"All data will be lost. Are you sure you want to proceed?"):
raise BossManageCanceled()
aws.route53_delete_records(session, domain, names.endpoint.dns)
# Other configs may define SQS queues and we shouldn't delete them
aws.sqs_delete_all(
session, domain) # !!! TODO FIX this so it doesn't bork the stack
aws.policy_delete_all(session, domain, '/ingest/')
config = CloudFormationConfiguration('api', bosslet_config)
config.delete()
def delete(session, domain):
# NOTE: CloudWatch logs for the DNS Lambda are not deleted
names = AWSNames(domain)
aws.route53_delete_records(session, domain, names.auth)
aws.route53_delete_records(session, domain, names.consul)
aws.route53_delete_records(session, domain, names.vault)
aws.sns_unsubscribe_all(session, names.dns)
CloudFormationConfiguration('core', domain).delete(session)
def pre_update(bosslet_config):
# Alert about the change that will happen
if not console.confirm(
"This updated will recreate the Vault cluster, proceed?",
default=False):
raise BossManageCanceled()
# Save the existing data do we can rebuild Vault
path = export_path(bosslet_config)
with bosslet_config.call.vault() as vault:
vault_data = vault.export("secret/")
with open(path, 'w') as outfile:
json.dump(vault_data, outfile, indent=3, sort_keys=True)
print("Vault data exported to {}".format(path))
# With version 2 the DNS records are now part of the CloudFormation template, so
# remove the existing DNS record so the update can happen
console.warning(
"Removing existing Auth public DNS entry, so CloudFormation can manage the DNS record"
)
aws.route53_delete_records(bosslet_config.session,
bosslet_config.EXTERNAL_DOMAIN,
bosslet_config.names.public_dns('auth'))
def delete(bosslet_config):
# NOTE: CloudWatch logs for the DNS Lambda are not deleted
if not console.confirm(
"All data will be lost. Are you sure you want to proceed?"):
raise BossManageCanceled()
session = bosslet_config.session
domain = bosslet_config.INTERNAL_DOMAIN
names = bosslet_config.names
aws.route53_delete_records(session, domain, names.auth.dns)
aws.route53_delete_records(session, domain, names.vault.dns)
aws.sns_unsubscribe_all(bosslet_config, names.dns.sns)
config = CloudFormationConfiguration('core', bosslet_config)
if config.existing_version(
) == 1: # Deleting a stack that has not been updated
aws.route53_delete_records(session, domain, 'consul.' + domain)
config.delete()
def delete(session, domain):
# NOTE: CloudWatch logs for the DNS Lambda are not deleted
names = AWSNames(domain)
aws.route53_delete_records(session, domain, names.cache_manager)
CloudFormationConfiguration("cachedb", domain).delete(session)
def delete(session, domain):
# NOTE: CloudWatch logs for the DNS Lambda are not deleted
names = AWSNames(domain)
aws.route53_delete_records(session, domain, names.cache_manager)
CloudFormationConfiguration("cachedb", domain).delete(session)
def delete(session, domain):
names = AWSNames(domain)
aws.route53_delete_records(session, domain, names.endpoint)
aws.sqs_delete_all(session, domain)
aws.policy_delete_all(session, domain, '/ingest/')
CloudFormationConfiguration('api', domain).delete(session)
