Class: Ec2Helper

Inherits:
Object
  • Object
show all
Defined in:
lib/help/ec2_helper.rb

Instance Method Summary collapse

Constructor Details

#initialize(ec2_api) ⇒ Ec2Helper

expects an instance of AWS::EC2::Base from the amazon-ec2 gem



17
18
19
 
# File 'lib/help/ec2_helper.rb', line 17

def initialize(ec2_api)
  @ec2_api = ec2_api
end

Instance Method Details

#ami_prop(ami_id, prop) ⇒ Object 



97
98
99
100
101
102
103
104
105
106
107
 
# File 'lib/help/ec2_helper.rb', line 97

def ami_prop(ami_id, prop)
  amis = @ec2_api.describe_images(:image_id => ami_id)
  begin
    if amis['imagesSet']['item'].size == 0
      raise Exception.new("image #{ami_id} not found")
    end
    return amis['imagesSet']['item'][0][prop.to_s]
  rescue
      raise Exception.new("image #{ami_id} not found")
  end
end

#check_open_port(security_group, port, range = "0.0.0.0/0") ⇒ Object

Checks if all ports are opened for the security group on range “0.0.0.0/0”. If an additional range is specified in the parameter, a check returns true if a port is opened for either range 0.0.0.0/0 or the additional range specified. Returns true or false.



128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
 
# File 'lib/help/ec2_helper.rb', line 128

def check_open_port(security_group, port, range = "0.0.0.0/0")
  res = @ec2_api.describe_security_groups(:group_name => security_group)
  #puts "res = #{res.inspect}"
  groups = res['securityGroupInfo']['item']
  if groups.size == 0
    raise Exception.new("security group '#{security_group}' not found")
  end
  permissions = groups[0]['ipPermissions']['item']
  if permissions.size == 0
    # no permissions at all
    return false
  end
  permissions.each() {|permission|
    #puts "permission: #{permission.inspect}"
    if permission['ipRanges'] == nil
      #no IP-Ranges defined (group based mode): ignore
      next
    end
    from_port = permission['fromPort'].to_i
    to_port = permission['toPort'].to_i
    prot = permission['ipProtocol']
    if port >= from_port && port <= to_port && prot == "tcp"
      permission['ipRanges']['item'].each() {|ipRange|
        if ipRange['cidrIp'] != "0.0.0.0/0" && ipRange['cidrIp'] != range
          next
        else
          return true
        end
      }
    end
  }
  false
end

#get_attached_volumes(instance_id) ⇒ Object 



55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
# File 'lib/help/ec2_helper.rb', line 55

def get_attached_volumes(instance_id)
  instances = @ec2_api.describe_instances(:instance_id => instance_id)
  begin
    if instances['reservationSet']['item'][0]['instancesSet']['item'].size == 0
      raise Exception.new("instance #{instance_id} not found")
    end
    puts "instances = #{instances.inspect}"
    puts "attachments: #{instances['reservationSet']['item'][0]['instancesSet']['item'][0]['blockDeviceMapping']['item'].inspect}"
    attached = instances['reservationSet']['item'][0]['instancesSet']['item'][0]['blockDeviceMapping']['item'].collect() { |item|
      #
      puts "item = #{item['ebs'].inspect}"
      item['ebs']
    }
    puts "going to return #{attached.size.to_s}"
    return attached
  rescue Exception => e
    puts "exception: #{e.inspect}"
    puts e.backtrace.join("\n")
    raise Exception.new("error during retrieving attachments from instance #{instance_id} not found")
  end
end

#get_instance_id(instance_info) ⇒ Object

Looks up the instanceId for the output retrieved by EC2::describe_instances(:instance_id => xxx) without the reservation set.



211
212
213
214
 
# File 'lib/help/ec2_helper.rb', line 211

def get_instance_id(instance_info)
  puts "look up instanceId in #{instance_info.inspect}"
  instance_info['instancesSet']['item'][0]['instanceId']
end

#get_instance_prop(instance_info, prop) ⇒ Object

Looks up the instanceId for the output retrieved by EC2::describe_instances(:instance_id => xxx) without the reservation set.



218
219
220
221
 
# File 'lib/help/ec2_helper.rb', line 218

def get_instance_prop(instance_info, prop)
  puts "look up #{prop} in #{instance_info.inspect}"
  instance_info['instancesSet']['item'][0][prop.to_s]
end

#get_security_group_info(group_name, group_infos) ⇒ Object

From the information retrieved via EC2::describe_security_groups, look up all open ports for the group specified



164
165
166
167
168
169
 
# File 'lib/help/ec2_helper.rb', line 164

def get_security_group_info(group_name, group_infos)
  group_infos['securityGroupInfo']['item'].each() do |group_info|
    return group_info if group_info['groupName'] == group_name
  end
  nil
end

#instance_prop(instance_id, prop, instances = nil) ⇒ Object 



109
110
111
112
113
114
115
116
117
118
119
120
121
 
# File 'lib/help/ec2_helper.rb', line 109

def instance_prop(instance_id, prop, instances = nil)
  if instances == nil
    instances = @ec2_api.describe_instances(:instance_id => instance_id)
  end
  begin
    if instances['reservationSet']['item'][0]['instancesSet']['item'].size == 0
      raise Exception.new("instance #{instance_id} not found")
    end
    return instances['reservationSet']['item'][0]['instancesSet']['item'][0][prop.to_s]
  rescue
    raise Exception.new("instance #{instance_id} not found")
  end
end

#is_root_device?(volume_id) ⇒ Boolean

Checks if the specified volume is acting as a root-device for the instance to which it is attached. It therefore first calls ec2_describe_volumes() to retrieve the instance linked to the volume specified, then calls ec2_describe_instance_attribute() to retrieve the rootDeviceName of that instance, and finally calls describe_instances() to retrieve all volumes to check against volume_id and rootDeviceName.

Returns:

  • (Boolean) 


27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/help/ec2_helper.rb', line 27

def is_root_device?(volume_id)
  vols = @ec2_api.describe_volumes(:volume_id => volume_id)
  if vols['volumeSet']['item'][0]['attachmentSet'] == nil || vols['volumeSet']['item'][0]['attachmentSet']['item'].size == 0
    #not linked to any instance, cannot be a root-device
    return false
  end
  instance_id = vols['volumeSet']['item'][0]['attachmentSet']['item'][0]['instanceId']
  res = @ec2_api.describe_instance_attribute(:instance_id => instance_id, :attributes => {:rootDeviceName => true})
  if res["rootDeviceName"] == nil
    return false
  end
  rdn = res['rootDeviceName']['value']
  res = @ec2_api.describe_instances(:instance_id => instance_id)
  if res['reservationSet']['item'][0]['instancesSet']['item'][0]['blockDeviceMapping']['item'].size == 0
    # volume unattached in the meantime
    return false
  end
  attached = res['reservationSet']['item'][0]['instancesSet']['item'][0]['blockDeviceMapping']['item']
  attached.each() {|ebs|
    volume = ebs['ebs']['volumeId']
    device_name = ebs['deviceName']
    if volume == volume_id && rdn == device_name
      return true
    end
  }
  return false
end

#lookup_open_ports(group_name, group_infos) ⇒ Object

From the information retrieved via EC2::describe_security_groups, look up all open ports for the group specified



185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
 
# File 'lib/help/ec2_helper.rb', line 185

def lookup_open_ports(group_name, group_infos)
  puts "group_infos = #{group_infos.inspect}"
  group_info = get_security_group_info(group_name, group_infos)
  puts "group_info for #{group_name} = #{group_info.inspect}"
  open_ports = []
  group_info['ipPermissions']['item'].each() {|permission|
    if permission['ipRanges'] == nil
      #no IP-Ranges defined (group based mode): ignore
      next
    end
    prot = permission['ipProtocol']
    from_port = permission['fromPort'].to_i
    to_port = permission['toPort'].to_i
    next if from_port != to_port #ignore port ranges
    permission['ipRanges']['item'].each() {|ipRange|
      if ipRange['cidrIp'] == "0.0.0.0/0"
        #found one
        open_ports << {:protocol => prot, :port => from_port}
      end
    }
  }
  open_ports
end

#lookup_security_group_names(instance_info) ⇒ Object

From the information retrieved via EC2::describe_instances for a specific instance, retrieve the names of the security groups belonging to that instance.



173
174
175
176
177
178
179
180
181
 
# File 'lib/help/ec2_helper.rb', line 173

def lookup_security_group_names(instance_info)
  group_names = []
  puts "lookup_security_group_names(#{instance_info.inspect})"
  instance_info['groupSet']['item'].each() {|group_info|
    group_name = group_info['groupName'] || group_info['groupId']
    group_names << group_name
  }
  group_names
end

#snapshot_prop(snapshot_id, prop) ⇒ Object 



85
86
87
88
89
90
91
92
93
94
95
 
# File 'lib/help/ec2_helper.rb', line 85

def snapshot_prop(snapshot_id, prop)
  snaps = @ec2_api.describe_snapshots(:snapshot_id => snapshot_id)
  begin
    if snaps['snapshotSet']['item'].size == 0
      raise Exception.new("snapshot #{snapshot_id} not found")
    end
    return snaps['snapshotSet']['item'][0][prop.to_s]
  rescue
    raise Exception.new("snapshot #{snapshot_id} not found")
  end
end

#volume_prop(volume_id, prop) ⇒ Object 



77
78
79
80
81
82
83
 
# File 'lib/help/ec2_helper.rb', line 77

def volume_prop(volume_id, prop)
  vols = @ec2_api.describe_volumes(:volume_id => volume_id)
  if vols['volumeSet']['item'].size == 0
    raise Exception.new("volume #{volume_id} not found")
  end
  return vols['volumeSet']['item'][0][prop.to_s]
end