module Formatron::CloudFormation::Scripts
Generates scripts for setting up instances with CloudFormation
init rubocop:disable Metrics/ModuleLength
Public Class Methods
chef_server( username:, first_name:, last_name:, email:, password:, organization_short_name:, organization_full_name:, bucket:, user_pem_key:, organization_pem_key:, kms_key:, chef_server_version:, ssl_cert_key:, ssl_key_key:, cookbooks_bucket: )
click to toggle source
rubocop:disable Metrics/MethodLength rubocop:disable Metrics/ParameterLists
# File lib/formatron/cloud_formation/scripts.rb, line 115 def self.chef_server( username:, first_name:, last_name:, email:, password:, organization_short_name:, organization_full_name:, bucket:, user_pem_key:, organization_pem_key:, kms_key:, chef_server_version:, ssl_cert_key:, ssl_key_key:, cookbooks_bucket: ) # rubocop:disable Metrics/LineLength <<-EOH.gsub(/^ {10}/, '') #!/bin/bash -v set -e export HOME=/root export PATH=$PATH:/usr/local/sbin/ export PATH=$PATH:/usr/sbin/ export PATH=$PATH:/sbin apt-get -y update apt-get -y install wget ntp cron git libfreetype6 libpng3 python-pip pip install awscli mkdir -p $HOME/.aws cat << EOF > $HOME/.aws/config [default] s3 = signature_version = s3v4 region = ${REGION} EOF mkdir -p /etc/opscode/chef-server.rb.d cat << EOF > /etc/opscode/chef-server.rb Dir[File.dirname(__FILE__) + '/chef-server.rb.d/*.rb'].each do |file| self.instance_eval File.read(file), file end EOF cat << EOF > /etc/opscode/chef-server.rb.d/s3_cookbooks_bucket.rb bookshelf['enable'] = false bookshelf['external_url'] = 'https://s3-${REGION}.amazonaws.com' bookshelf['vip'] = 's3-${REGION}.amazonaws.com' bookshelf['access_key_id'] = '${ACCESS_KEY_ID}' bookshelf['secret_access_key'] = '${SECRET_ACCESS_KEY}' opscode_erchef['s3_bucket'] = '#{cookbooks_bucket}' EOF cat << EOF > /etc/opscode/chef-server.rb.d/ssl_certificate.rb nginx['ssl_certificate'] = '/etc/nginx/ssl/chef.crt' nginx['ssl_certificate_key'] = '/etc/nginx/ssl/chef.key' EOF mkdir -p /etc/nginx/ssl aws s3api get-object --bucket #{bucket} --key #{ssl_cert_key} /etc/nginx/ssl/chef.crt aws s3api get-object --bucket #{bucket} --key #{ssl_key_key} /etc/nginx/ssl/chef.key wget -O /tmp/chef-server-core.deb https://web-dl.packagecloud.io/chef/stable/packages/ubuntu/trusty/chef-server-core_#{chef_server_version}_amd64.deb dpkg -i /tmp/chef-server-core.deb chef-server-ctl reconfigure >> /var/log/chef-install.log chef-server-ctl user-create #{username} #{first_name} #{last_name} #{email} #{password} --filename $HOME/user.pem >> /var/log/chef-install.log chef-server-ctl org-create #{organization_short_name} "#{organization_full_name}" --association_user #{username} --filename $HOME/organization.pem >> /var/log/chef-install.log chef-server-ctl install opscode-manage >> /var/log/chef-install.log chef-server-ctl reconfigure >> /var/log/chef-install.log opscode-manage-ctl reconfigure >> /var/log/chef-install.log chef-server-ctl install opscode-push-jobs-server >> /var/log/chef-install.log chef-server-ctl reconfigure >> /var/log/chef-install.log opscode-push-jobs-server-ctl reconfigure >> /var/log/chef-install.log chef-server-ctl install opscode-reporting >> /var/log/chef-install.log chef-server-ctl reconfigure >> /var/log/chef-install.log opscode-reporting-ctl reconfigure >> /var/log/chef-install.log aws s3api put-object --bucket #{bucket} --key #{user_pem_key} --body $HOME/user.pem --ssekms-key-id #{kms_key} --server-side-encryption aws:kms aws s3api put-object --bucket #{bucket} --key #{organization_pem_key} --body $HOME/organization.pem --ssekms-key-id #{kms_key} --server-side-encryption aws:kms EOH # rubocop:enable Metrics/LineLength end
linux_common(sub_domain:, hosted_zone_name:)
click to toggle source
# File lib/formatron/cloud_formation/scripts.rb, line 6 def self.linux_common(sub_domain:, hosted_zone_name:) # rubocop:disable Metrics/LineLength <<-EOH.gsub(/^ {10}/, '') #/bin/bash -v set -e SHORTNAME=#{sub_domain} PUBLIC_DNS=${SHORTNAME}.#{hosted_zone_name} PRIVATE_IPV4=`(curl http://169.254.169.254/latest/meta-data/local-ipv4)` hostname $SHORTNAME echo $PUBLIC_DNS | tee /etc/hostname echo "$PRIVATE_IPV4 $PUBLIC_DNS $SHORTNAME" >> /etc/hosts EOH # rubocop:enable Metrics/LineLength end
nat(cidr:)
click to toggle source
rubocop:disable Metrics/MethodLength
# File lib/formatron/cloud_formation/scripts.rb, line 91 def self.nat(cidr:) # rubocop:disable Metrics/LineLength <<-EOH.gsub(/^ {10}/, '') #/bin/bash -v set -e if ! grep --quiet '^net.ipv4.ip_forward=1$' /etc/sysctl.conf; then sed -i '/^#net.ipv4.ip_forward=1$/c\\net.ipv4.ip_forward=1' /etc/sysctl.conf sysctl -p /etc/sysctl.conf fi iptables -t nat -A POSTROUTING -o eth0 -s #{cidr} -j MASQUERADE iptables-save > /etc/iptables.rules cat << EOF > /etc/network/if-pre-up.d/iptablesload #!/bin/sh iptables-restore < /etc/iptables.rules exit 0 EOF chmod +x /etc/network/if-pre-up.d/iptablesload EOH # rubocop:enable Metrics/LineLength end
windows_administrator(name:, password:)
click to toggle source
rubocop:disable Metrics/MethodLength
# File lib/formatron/cloud_formation/scripts.rb, line 32 def self.windows_administrator(name:, password:) # rubocop:disable Metrics/LineLength <<-EOH.gsub(/^ {10}/, '') $newAdminName = '#{name}' $adminPassword = '#{password}' # disable password policy secedit /export /cfg c:\\secpol.cfg (gc C:\\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\\secpol.cfg secedit /configure /db c:\\windows\\security\\local.sdb /cfg c:\\secpol.cfg /areas SECURITYPOLICY rm -force c:\\secpol.cfg -confirm:$false # find the local administrator user $computerName = $env:COMPUTERNAME $computer = [ADSI] "WinNT://$computerName,Computer" foreach ( $childObject in $computer.Children ) { # Skip objects that are not users. if ( $childObject.Class -ne "User" ) { continue } $type = "System.Security.Principal.SecurityIdentifier" $childObjectSID = new-object $type($childObject.objectSid[0],0) if ( $childObjectSID.Value.EndsWith("-500") ) { $adminName = $childObject.Name[0] # set the new password $adminUser = [ADSI] "WinNT://$computerName/$adminName,User" $adminUser.SetPassword($adminPassword) # set the new name $user = Get-WMIObject Win32_UserAccount -Filter "Name='$adminName'" $result = $user.Rename($newAdminName) break } } EOH # rubocop:enable Metrics/LineLength end
windows_common(sub_domain:, hosted_zone_name:)
click to toggle source
# File lib/formatron/cloud_formation/scripts.rb, line 21 def self.windows_common(sub_domain:, hosted_zone_name:) # rubocop:disable Metrics/LineLength <<-EOH.gsub(/^ {10}/, '') wmic computersystem where name="%COMPUTERNAME%" call rename name="#{sub_domain}" REG ADD HKLM\\SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters /v Domain /t REG_SZ /d #{hosted_zone_name} /f shutdown.exe /r /t 00 EOH # rubocop:enable Metrics/LineLength end
windows_signal(wait_condition_handle:)
click to toggle source
rubocop:disable Metrics/MethodLength
# File lib/formatron/cloud_formation/scripts.rb, line 74 def self.windows_signal(wait_condition_handle:) { 'Fn::Join' => [ '', [ 'cfn-signal.exe -e 0 ', { 'Fn::Base64' => { Ref: wait_condition_handle } } ] ] } end