Class: Prepd::Project

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• Prepd::Project

Defined in:

lib/prepd/models.rb

Instance Attribute Summary

• #ansible_creds ⇒ Object

  Returns the value of attribute ansible_creds.

• #ansible_key ⇒ Object

  Returns the value of attribute ansible_key.

• #ansible_secret ⇒ Object

  Returns the value of attribute ansible_secret.

• #tf_creds ⇒ Object

  Returns the value of attribute tf_creds.

• #tf_key ⇒ Object

  Returns the value of attribute tf_key.

• #tf_secret ⇒ Object

  Returns the value of attribute tf_secret.

Instance Method Summary

• #archive(type = :credentials) ⇒ Object
• #clone_submodules ⇒ Object

  Clone ansible roles and terraform modules.

• #copy_developer_yml ⇒ Object

  Copy developer credentials or create them if the file doesn’t already exists TODO: Maybe the creation of developer creds should be done at startup of prepd.

• #create_project ⇒ Object

  Initialize the prepd-project or just copy in developer credentials if the project already exists.

• #data_path ⇒ Object
• #decrypt(type = :credentials) ⇒ Object
• #destroy_project ⇒ Object

  Destory the VM and remove the project from the file system.

• #encrypt(mode = :vault) ⇒ Object
• #encrypt_data ⇒ Object
• #encrypt_vault_files ⇒ Object

  Use ansible-vault to encrypt the inventory group_vars.

• #executable?(name = 'gpg') ⇒ Boolean
• #file_list(mode) ⇒ Object
• #generate_ansible_creds ⇒ Object
• #generate_credentials ⇒ Object

  Create AWS credential files for Terraform and Ansible, ssh keys and and ansible-vault encryption key NOTE: The path to credentials is used in the ansible-role prepd.

• #generate_ssh_keys(file_name = '.id_rsa') ⇒ Object

  Generate a key pair to be used as the EC2 key pair.

• #generate_tf_creds ⇒ Object
• #generate_vault_password(file_name = '.vault-password.txt') ⇒ Object

  Generate the key to encrypt ansible-vault files.

• #path ⇒ Object
• #setup_git ⇒ Object

  Clone prepd-project, remove the git history and start with a clean repository.

Instance Attribute Details

#ansible_creds ⇒ Object

Returns the value of attribute ansible_creds.

# File 'lib/prepd/models.rb', line 29

def ansible_creds
  @ansible_creds
end

#ansible_key ⇒ Object

Returns the value of attribute ansible_key.

# File 'lib/prepd/models.rb', line 29

def ansible_key
  @ansible_key
end

#ansible_secret ⇒ Object

Returns the value of attribute ansible_secret.

# File 'lib/prepd/models.rb', line 29

def ansible_secret
  @ansible_secret
end

#tf_creds ⇒ Object

Returns the value of attribute tf_creds.

# File 'lib/prepd/models.rb', line 29

def tf_creds
  @tf_creds
end

#tf_key ⇒ Object

Returns the value of attribute tf_key.

# File 'lib/prepd/models.rb', line 29

def tf_key
  @tf_key
end

#tf_secret ⇒ Object

Returns the value of attribute tf_secret.

# File 'lib/prepd/models.rb', line 29

def tf_secret
  @tf_secret
end

Instance Method Details

#archive(type = :credentials) ⇒ Object

# File 'lib/prepd/models.rb', line 230

def archive(type = :credentials)
  "#{data_path}/#{client.name}-#{name}-#{type}.tar"
end

#clone_submodules ⇒ Object

Clone ansible roles and terraform modules

# File 'lib/prepd/models.rb', line 79

def clone_submodules
  Dir.chdir("#{path}/ansible") do
    system('git submodule add git@github.com:rjayroach/ansible-roles.git roles')
  end
  Dir.chdir("#{path}/terraform") do
    system('git submodule add git@github.com:rjayroach/terraform-modules.git modules')
  end
end

#copy_developer_yml ⇒ Object

Copy developer credentials or create them if the file doesn’t already exists TODO: Maybe the creation of developer creds should be done at startup of prepd

# File 'lib/prepd/models.rb', line 92

def copy_developer_yml
  return if File.exists?("#{path}/.developer.yml")
  Dir.chdir(path) do
    if File.exists?("#{Prepd.work_dir}/developer.yml")
      FileUtils.cp("#{Prepd.work_dir}/developer.yml", '.developer.yml')
    elsif File.exists?("#{Dir.home}/.prepd-developer.yml")
      FileUtils.cp("#{Dir.home}/.prepd-developer.yml", '.developer.yml')
    else
      File.open('.developer.yml', 'w') do |f|
        f.puts('---')
        f.puts("git_username: #{`git config --get user.name`.chomp}")
        f.puts("git_email: #{`git config --get user.email`.chomp}")
        f.puts("docker_username: ")
        f.puts("docker_password: ")
      end
    end
  end
end

#create_project ⇒ Object

Initialize the prepd-project or just copy in developer credentials if the project already exists

# File 'lib/prepd/models.rb', line 42

def create_project
  if Dir.exists?(path)
    copy_developer_yml
    return
  end
  setup_git
  clone_submodules
  copy_developer_yml
  generate_credentials
  encrypt_vault_files
end

#data_path ⇒ Object

# File 'lib/prepd/models.rb', line 234

def data_path
  "#{path}/data"
end

#decrypt(type = :credentials) ⇒ Object

# File 'lib/prepd/models.rb', line 202

def decrypt(type = :credentials)
  return unless %i(credentials data).include? type
  return unless executable?('gpg')
  unless File.exists?("#{archive(type)}.gpg")
    STDOUT.puts "File not found: #{archive(type)}.gpg"
    return
  end
  system "gpg #{archive(type)}.gpg"
  Dir.chdir(path) do
    system "tar xf #{archive(type)}"
  end
  FileUtils.rm(archive(type))
  "File processed: #{archive(type)}.gpg"
end

#destroy_project ⇒ Object

Destory the VM and remove the project from the file system

# File 'lib/prepd/models.rb', line 57

def destroy_project
  Dir.chdir(path) { system('vagrant destroy') }
  FileUtils.rm_rf(path)
end

#encrypt(mode = :vault) ⇒ Object

# File 'lib/prepd/models.rb', line 180

def encrypt(mode = :vault)
  return unless executable?('gpg')
  Dir.chdir(path) do
    system "tar cf #{archive(:credentials)} #{file_list(mode)}"
  end
  system "gpg -c #{archive(:credentials)}"
  FileUtils.rm(archive(:credentials))
  "File created: #{archive(:credentials)}.gpg"
end

#encrypt_data ⇒ Object

# File 'lib/prepd/models.rb', line 190

def encrypt_data
  return unless executable?('gpg')
  archive_path = "#{path}/#{client.name}-#{name}-data.tar"
  Dir.chdir(path) do
    system "tar cf #{archive_path} data"
  end
  system "gpg -c #{archive_path}"
  FileUtils.rm(archive_path)
  FileUtils.mv("#{archive_path}.gpg", "#{archive(:data)}.gpg")
  "File created: #{archive(:data)}.gpg"
end

#encrypt_vault_files ⇒ Object

Use ansible-vault to encrypt the inventory group_vars

# File 'lib/prepd/models.rb', line 172

def encrypt_vault_files
  Dir.chdir("#{path}/ansible") do
    %w(all development local production staging).each do |env|
      system("ansible-vault encrypt inventory/group_vars/#{env}/vault")
    end
  end
end

#executable?(name = 'gpg') ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/prepd/models.rb', line 217

def executable?(name = 'gpg')
  require 'mkmf'
  rv = find_executable(name)
  STDOUT.puts "#{name} executable not found" unless rv
  FileUtils.rm('mkmf.log')
  rv
end

#file_list(mode) ⇒ Object

# File 'lib/prepd/models.rb', line 225

def file_list(mode)
  return ".boto .id_rsa .id_rsa.pub .terraform-vars.txt .vault-password.txt" if mode.eql?(:all)
  ".vault-password.txt"
end

#generate_ansible_creds ⇒ Object

# File 'lib/prepd/models.rb', line 139

def generate_ansible_creds
  self.ansible_key, self.ansible_secret = CSV.read(ansible_creds).last.slice(2,2) if ansible_creds
  unless ansible_key and ansible_secret
    STDOUT.puts 'ansible_key and ansible_secret need to be set (or set ansible_creds to path to CSV file)'
    return
  end
  Dir.chdir(path) do
    File.open('.boto', 'w') do |f|
      f.puts('[Credentials]')
      f.puts("aws_access_key_id = #{ansible_key}")
      f.puts("aws_secret_access_key = #{ansible_secret}")
    end
  end
end

#generate_credentials ⇒ Object

Create AWS credential files for Terraform and Ansible, ssh keys and and ansible-vault encryption key NOTE: The path to credentials is used in the ansible-role prepd

# File 'lib/prepd/models.rb', line 115

def generate_credentials
  # self.tf_creds = '/Users/rjayroach/Documents/c2p4/aws/legos-terraform.csv'
  # self.ansible_creds = '/Users/rjayroach/Documents/c2p4/aws/legos-ansible.csv'
  generate_tf_creds
  generate_ansible_creds
  generate_ssh_keys
  generate_vault_password
end

#generate_ssh_keys(file_name = '.id_rsa') ⇒ Object

Generate a key pair to be used as the EC2 key pair

# File 'lib/prepd/models.rb', line 157

def generate_ssh_keys(file_name = '.id_rsa')
  Dir.chdir(path) { system("ssh-keygen -b 2048 -t rsa -f #{file_name} -q -N '' -C 'ansible@#{name}.#{client.name}.local'") }
end

#generate_tf_creds ⇒ Object

# File 'lib/prepd/models.rb', line 124

def generate_tf_creds
  self.tf_key, self.tf_secret = CSV.read(tf_creds).last.slice(2,2) if tf_creds
  unless tf_key and tf_secret
    STDOUT.puts 'tf_key and tf_secret need to be set (or set tf_creds to path to CSV file)'
    return
  end
  require 'csv'
  Dir.chdir(path) do
    File.open('.terraform-vars.txt', 'w') do |f|
      f.puts("aws_access_key_id = \"#{tf_key}\"")
      f.puts("aws_secret_access_key = \"#{tf_secret}\"")
    end
  end
end

#generate_vault_password(file_name = '.vault-password.txt') ⇒ Object

Generate the key to encrypt ansible-vault files

# File 'lib/prepd/models.rb', line 164

def generate_vault_password(file_name = '.vault-password.txt')
  require 'securerandom'
  Dir.chdir(path) { File.open(file_name, 'w') { |f| f.puts(SecureRandom.uuid) } }
end

#path ⇒ Object

# File 'lib/prepd/models.rb', line 238

def path
 "#{client.path}/#{name}"
end

#setup_git ⇒ Object

Clone prepd-project, remove the git history and start with a clean repository

# File 'lib/prepd/models.rb', line 65

def setup_git
  Dir.chdir(client.path) { system("git clone git@github.com:rjayroach/prepd-project.git #{name}") }
  Dir.chdir(path) do
    FileUtils.rm_rf("#{path}/.git")
    system('git init')
    system('git add .')
    system("git commit -m 'First commit from Prepd'")
    system("git remote add origin #{repo_url}") if repo_url
  end
end