Module: RDSBackup::Config

Defined in:
lib/rds_backup_service/config.rb

Overview

models logic for post-configuration setup

Class Method Summary collapse

Class Method Details

.setup_security_groups(logger = nil) ⇒ Object

Attempts to set up the EC2 and RDS security groups as specified in the configuration. Raises an Exception on errors. Best if run from EC2.



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# File 'lib/rds_backup_service/config.rb', line 8

def self.setup_security_groups(logger = nil)
  log = logger || RDSBackup.default_logger(STDOUT)
  # Configuration
  log.info "Scanning system..."
  (system = Ohai::System.new).all_plugins
  FileUtils.rm_f("1")
  log.info "Reading config files..."
  settings = RDSBackup.settings
  ec2_group_name = settings['ec2_security_group']
  rds_group_name = settings['rds_security_group']
  ec2 = RDSBackup.ec2

  # EC2 Security Group creation
  log.info "Checking EC2 for Security Group #{ec2_group_name}"
  unless ec2_group = ec2.security_groups.get(ec2_group_name)
    log.info "Creating EC2 Security group #{ec2_group_name}"
    ec2_group = ec2.security_groups.create(:name => ec2_group_name,
      :description => 'Created by rds_backup_service')
  end

  # RDS Security Group creation and authorization
  RDSBackup.rds_accounts.each do |, |
    log.info "Checking account #{} for "+
      "RDS Security group #{rds_group_name}"
    rds = ::Fog::AWS::RDS.new([:credentials])
    rds_group = rds.security_groups.get rds_group_name
    unless rds_group
      log.info "Creating security group #{rds_group_name} in #{}"
      rds_group = rds.security_groups.create(:id => rds_group_name,
        :description => 'Created by rds_backup_service')
    end
    # Apply EC2 authorization to RDS Security Groups
    owner = ec2.security_groups.first.owner_id
    authorized = false
    rds_group.ec2_security_groups.each do |authorization|
      if (authorization['EC2SecurityGroupName'] == ec2_group_name) &&
        (authorization['EC2SecurityGroupOwnerId'] == owner)
          authorized = true
      end
    end
    unless authorized
      log.info "Authorizing EC2 Group for #{}/#{rds_group_name}"
      rds_group.authorize_ec2_security_group(ec2_group_name, owner)
    end
  end

  # EC2 Security Group check for this host
  unless system[:ec2]
    log.warn "Not running in EC2 - open RDS groups to this host!"
  else
    unless this_host = ec2.servers.get(system[:ec2][:instance_id])
      accts = RDSBackup.read_accounts.select{|id,acc| acc[:service] == 'Compute'}
      raise "At least one S3 account must be defined" if accts.empty?
      log.warn "Not running in EC2 account #{accts.first[0]}!"
    else
      log.info "Running in EC2. Current Security Groups = #{this_host.groups}"
      unless this_host.groups.include? ec2_group_name
        log.warn "This host is not in Security Group #{ec2_group_name}!"
      end
    end
  end

end