Module: RDSBackup::Config
- Defined in:
- lib/rds_backup_service/config.rb
Overview
models logic for post-configuration setup
Class Method Summary collapse
-
.setup_security_groups(logger = nil) ⇒ Object
Attempts to set up the EC2 and RDS security groups as specified in the configuration.
Class Method Details
.setup_security_groups(logger = nil) ⇒ Object
Attempts to set up the EC2 and RDS security groups as specified in the configuration. Raises an Exception on errors. Best if run from EC2.
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 |
# File 'lib/rds_backup_service/config.rb', line 8 def self.setup_security_groups(logger = nil) log = logger || RDSBackup.default_logger(STDOUT) # Configuration log.info "Scanning system..." (system = Ohai::System.new).all_plugins FileUtils.rm_f("1") log.info "Reading config files..." settings = RDSBackup.settings ec2_group_name = settings['ec2_security_group'] rds_group_name = settings['rds_security_group'] ec2 = RDSBackup.ec2 # EC2 Security Group creation log.info "Checking EC2 for Security Group #{ec2_group_name}" unless ec2_group = ec2.security_groups.get(ec2_group_name) log.info "Creating EC2 Security group #{ec2_group_name}" ec2_group = ec2.security_groups.create(:name => ec2_group_name, :description => 'Created by rds_backup_service') end # RDS Security Group creation and authorization RDSBackup.rds_accounts.each do |account_name, account_data| log.info "Checking account #{account_name} for "+ "RDS Security group #{rds_group_name}" rds = ::Fog::AWS::RDS.new(account_data[:credentials]) rds_group = rds.security_groups.get rds_group_name unless rds_group log.info "Creating security group #{rds_group_name} in #{account_name}" rds_group = rds.security_groups.create(:id => rds_group_name, :description => 'Created by rds_backup_service') end # Apply EC2 authorization to RDS Security Groups owner = ec2.security_groups.first.owner_id = false rds_group.ec2_security_groups.each do || if (['EC2SecurityGroupName'] == ec2_group_name) && (['EC2SecurityGroupOwnerId'] == owner) = true end end unless log.info "Authorizing EC2 Group for #{account_name}/#{rds_group_name}" rds_group.(ec2_group_name, owner) end end # EC2 Security Group check for this host unless system[:ec2] log.warn "Not running in EC2 - open RDS groups to this host!" else unless this_host = ec2.servers.get(system[:ec2][:instance_id]) accts = RDSBackup.read_accounts.select{|id,acc| acc[:service] == 'Compute'} raise "At least one S3 account must be defined" if accts.empty? log.warn "Not running in EC2 account #{accts.first[0]}!" else log.info "Running in EC2. Current Security Groups = #{this_host.groups}" unless this_host.groups.include? ec2_group_name log.warn "This host is not in Security Group #{ec2_group_name}!" end end end end |