From e17487862a1d06aa6c876e90afe510f14407574a Mon Sep 17 00:00:00 2001 From: Nilanjan Roy Date: Thu, 30 Apr 2015 10:09:22 +0300 Subject: [PATCH 01/12] Added support for using IAM roles instead of passing AWS credentials --- attributes/default.rb | 1 + recipes/volumes.rb | 14 ++++++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/attributes/default.rb b/attributes/default.rb index 36fbd15..12f2914 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -8,6 +8,7 @@ default[:ebs][:mdadm_chunk_size] = '256' default[:ebs][:md_read_ahead] = '65536' # 64k default[:ebs][:initrd_md5] = '' +default[:ebs][:use_IAM_profiles] = false if BlockDevice.on_kvm? && ebs[:devices] diff --git a/recipes/volumes.rb b/recipes/volumes.rb index f990655..17e66d4 100644 --- a/recipes/volumes.rb +++ b/recipes/volumes.rb @@ -1,8 +1,8 @@ node[:ebs][:volumes].each do |mount_point, options| - + # skip volumes that already exist next if File.read('/etc/mtab').split("\n").any?{|line| line.match(" #{mount_point} ")} - + # create ebs volume if !options[:device] && options[:size] if node[:ebs][:creds][:encrypted] @@ -15,10 +15,16 @@ devices = ['/dev/xvdf'] if devices.empty? devid = devices.sort.last[-1,1].succ device = "/dev/sd#{devid}" + else + devices = ["#{options[:device]}"] + devid = devices.sort.last[-1,1] + end vol = aws_ebs_volume device do - aws_access_key credentials[node.ebs.creds.aki] - aws_secret_access_key credentials[node.ebs.creds.sak] + if !node[:ebs][:use_IAM_profiles] + aws_access_key credentials[node.ebs.creds.aki] + aws_secret_access_key credentials[node.ebs.creds.sak] + end size options[:size] device device availability_zone node[:ec2][:placement_availability_zone] From 6aeceeb57e87988dd29427a63a7d5d6b8a028773 Mon Sep 17 00:00:00 2001 From: Nilanjan Roy Date: Thu, 30 Apr 2015 11:34:23 +0300 Subject: [PATCH 02/12] Fixed some bug --- recipes/volumes.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/recipes/volumes.rb b/recipes/volumes.rb index 17e66d4..9de67a2 100644 --- a/recipes/volumes.rb +++ b/recipes/volumes.rb @@ -4,7 +4,7 @@ next if File.read('/etc/mtab').split("\n").any?{|line| line.match(" #{mount_point} ")} # create ebs volume - if !options[:device] && options[:size] + if !options[:device] if node[:ebs][:creds][:encrypted] credentials = Chef::EncryptedDataBagItem.load(node[:ebs][:creds][:databag], node[:ebs][:creds][:item]) else @@ -20,6 +20,9 @@ devid = devices.sort.last[-1,1] end + device = "/dev/sd#{devid}" + + if options[:size] vol = aws_ebs_volume device do if !node[:ebs][:use_IAM_profiles] aws_access_key credentials[node.ebs.creds.aki] From 521763978f7377bf08781c17c66f9571c71fbf1b Mon Sep 17 00:00:00 2001 From: Nilanjan Roy Date: Thu, 30 Apr 2015 11:56:52 +0300 Subject: [PATCH 03/12] Changed the name of attribute --- attributes/default.rb | 2 +- recipes/volumes.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/attributes/default.rb b/attributes/default.rb index 12f2914..8ff512f 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -8,7 +8,7 @@ default[:ebs][:mdadm_chunk_size] = '256' default[:ebs][:md_read_ahead] = '65536' # 64k default[:ebs][:initrd_md5] = '' -default[:ebs][:use_IAM_profiles] = false +default[:ebs][:iam_roles] = false if BlockDevice.on_kvm? && ebs[:devices] diff --git a/recipes/volumes.rb b/recipes/volumes.rb index 9de67a2..540a88d 100644 --- a/recipes/volumes.rb +++ b/recipes/volumes.rb @@ -24,7 +24,7 @@ if options[:size] vol = aws_ebs_volume device do - if !node[:ebs][:use_IAM_profiles] + if !node[:ebs][:iam_roles] aws_access_key credentials[node.ebs.creds.aki] aws_secret_access_key credentials[node.ebs.creds.sak] end From f0bcad9f28dd7ed0c191da01b8e2cf3aaae74776 Mon Sep 17 00:00:00 2001 From: Nilanjan Roy Date: Thu, 30 Apr 2015 13:20:57 +0300 Subject: [PATCH 04/12] Minor change --- recipes/volumes.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/recipes/volumes.rb b/recipes/volumes.rb index 540a88d..7b8aa24 100644 --- a/recipes/volumes.rb +++ b/recipes/volumes.rb @@ -8,7 +8,9 @@ if node[:ebs][:creds][:encrypted] credentials = Chef::EncryptedDataBagItem.load(node[:ebs][:creds][:databag], node[:ebs][:creds][:item]) else - credentials = data_bag_item node[:ebs][:creds][:databag], node[:ebs][:creds][:item] + if !node[:ebs][:iam_roles] + credentials = data_bag_item node[:ebs][:creds][:databag], node[:ebs][:creds][:item] + end end devices = Dir.glob('/dev/xvd?') From e1a5d3917b2aca89719ca662d691db59bee9ae3f Mon Sep 17 00:00:00 2001 From: Nilanjan Roy Date: Thu, 30 Apr 2015 13:44:05 +0300 Subject: [PATCH 05/12] Changed attribute name for checking am_role --- attributes/default.rb | 3 ++- recipes/persistent.rb | 10 +++++++--- recipes/volumes.rb | 4 ++-- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/attributes/default.rb b/attributes/default.rb index 8ff512f..1536c8d 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -3,12 +3,13 @@ default[:ebs][:creds][:aki] = "aws_access_key_id" default[:ebs][:creds][:sak] = "aws_secret_access_key" default[:ebs][:creds][:encrypted] = true +default[:ebs][:creds][:iam_roles] = false default[:ebs][:volumes] = {} default[:ebs][:raids] = {} default[:ebs][:mdadm_chunk_size] = '256' default[:ebs][:md_read_ahead] = '65536' # 64k default[:ebs][:initrd_md5] = '' -default[:ebs][:iam_roles] = false + if BlockDevice.on_kvm? && ebs[:devices] diff --git a/recipes/persistent.rb b/recipes/persistent.rb index be15c14..2b222cb 100644 --- a/recipes/persistent.rb +++ b/recipes/persistent.rb @@ -6,7 +6,11 @@ include_recipe "aws" # get aws credentials -aws = data_bag_item(node['ebs']['creds']['databag'], node['ebs']['creds']['item']) +if !node[:ebs][:creds][:iam_roles] + aws = data_bag_item(node['ebs']['creds']['databag'], node['ebs']['creds']['item']) +else + aws = nil +end devices = Dir.glob('/dev/xvd*') if devices.empty? @@ -29,8 +33,8 @@ next_mount.succ! Chef::Log.info("Attaching #{thisvol} to #{mount}") aws_ebs_volume mount do - aws_access_key aws['aws_access_key_id'] - aws_secret_access_key aws['aws_secret_access_key'] + aws_access_key aws['aws_access_key_id'] if aws + aws_secret_access_key aws['aws_secret_access_key'] if aws device mount volume_id thisvol action :nothing diff --git a/recipes/volumes.rb b/recipes/volumes.rb index 7b8aa24..656a931 100644 --- a/recipes/volumes.rb +++ b/recipes/volumes.rb @@ -8,7 +8,7 @@ if node[:ebs][:creds][:encrypted] credentials = Chef::EncryptedDataBagItem.load(node[:ebs][:creds][:databag], node[:ebs][:creds][:item]) else - if !node[:ebs][:iam_roles] + if !node[:ebs][:creds][:iam_roles] credentials = data_bag_item node[:ebs][:creds][:databag], node[:ebs][:creds][:item] end end @@ -26,7 +26,7 @@ if options[:size] vol = aws_ebs_volume device do - if !node[:ebs][:iam_roles] + if !node[:ebs][:creds][:iam_roles] aws_access_key credentials[node.ebs.creds.aki] aws_secret_access_key credentials[node.ebs.creds.sak] end From cc4a0c71b59ff089ab184e224519dd7d8eeb5857 Mon Sep 17 00:00:00 2001 From: Nilanjan Roy Date: Tue, 4 Aug 2015 14:33:52 +0300 Subject: [PATCH 06/12] Added support for gp2 volume --- recipes/raids.rb | 8 +++++--- recipes/volumes.rb | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/recipes/raids.rb b/recipes/raids.rb index 4963a58..85e9f61 100644 --- a/recipes/raids.rb +++ b/recipes/raids.rb @@ -28,12 +28,14 @@ next_mount = next_mount.succ aws_ebs_volume mount do - aws_access_key credentials[node.ebs.creds.aki] - aws_secret_access_key credentials[node.ebs.creds.sak] + if !node[:ebs][:creds][:iam_roles] + aws_access_key credentials[node.ebs.creds.aki] + aws_secret_access_key credentials[node.ebs.creds.sak] + end size options[:disk_size] device mount availability_zone node[:ec2][:placement_availability_zone] - volume_type options[:piops] ? 'io1' : 'standard' + volume_type options[:piops] ? 'io1' : options[:gp2] ? 'gp2' : 'standard' piops options[:piops] action [ :create, :attach ] end diff --git a/recipes/volumes.rb b/recipes/volumes.rb index 656a931..c77a22c 100644 --- a/recipes/volumes.rb +++ b/recipes/volumes.rb @@ -33,7 +33,7 @@ size options[:size] device device availability_zone node[:ec2][:placement_availability_zone] - volume_type options[:piops] ? 'io1' : 'standard' + volume_type options[:piops] ? 'io1' : options[:gp2] ? 'gp2' : 'standard' piops options[:piops] action :nothing end From 486b3e5bdd5783c5e258b2074a0ca0d91085d40a Mon Sep 17 00:00:00 2001 From: Nilanjan Roy Date: Mon, 23 May 2016 13:32:00 +0300 Subject: [PATCH 07/12] Enabled volume delete on termination --- metadata.rb | 2 +- recipes/volumes.rb | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/metadata.rb b/metadata.rb index 2725a4e..400348e 100644 --- a/metadata.rb +++ b/metadata.rb @@ -11,5 +11,5 @@ recipe "ebs::raids", "Mounts attached EBS RAIDs" recipe "ebs::persistent", "Mounts volumes defined in attributes" -depends 'aws', '>= 0.101.0' +depends 'aws', '>= 3.3.3' depends 'delayed_evaluator' diff --git a/recipes/volumes.rb b/recipes/volumes.rb index c77a22c..d62ac99 100644 --- a/recipes/volumes.rb +++ b/recipes/volumes.rb @@ -36,6 +36,7 @@ volume_type options[:piops] ? 'io1' : options[:gp2] ? 'gp2' : 'standard' piops options[:piops] action :nothing + delete_on_termination options[:delete_on_termination] end vol.run_action(:create) vol.run_action(:attach) From 39a1d2751b64fa3339bafc31c6a67ae65918a03d Mon Sep 17 00:00:00 2001 From: Nilanjan Roy Date: Thu, 30 Jun 2016 15:33:07 +0300 Subject: [PATCH 08/12] Added encryption support --- recipes/volumes.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/recipes/volumes.rb b/recipes/volumes.rb index d62ac99..686be73 100644 --- a/recipes/volumes.rb +++ b/recipes/volumes.rb @@ -35,6 +35,10 @@ availability_zone node[:ec2][:placement_availability_zone] volume_type options[:piops] ? 'io1' : options[:gp2] ? 'gp2' : 'standard' piops options[:piops] + if node[:ebs][:encryption] + encrypted true + kms_key_id options[:kms_key_id] + end action :nothing delete_on_termination options[:delete_on_termination] end From 2cbb8cca149fc171fcc4f063eb0ddc8221ded89a Mon Sep 17 00:00:00 2001 From: Nilanjan Roy Date: Fri, 1 Jul 2016 10:03:57 +0300 Subject: [PATCH 09/12] Using different attributes for encryption stuff --- recipes/volumes.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes/volumes.rb b/recipes/volumes.rb index 686be73..da3fd55 100644 --- a/recipes/volumes.rb +++ b/recipes/volumes.rb @@ -35,9 +35,9 @@ availability_zone node[:ec2][:placement_availability_zone] volume_type options[:piops] ? 'io1' : options[:gp2] ? 'gp2' : 'standard' piops options[:piops] - if node[:ebs][:encryption] + if node[:ebs][:volume][:encryption] encrypted true - kms_key_id options[:kms_key_id] + kms_key_id node[:ebs][:volume][:kms_key_id] end action :nothing delete_on_termination options[:delete_on_termination] From 65b0bc438f4b187941c1bca648c80e5717aa8db5 Mon Sep 17 00:00:00 2001 From: Updating README Date: Wed, 9 Aug 2017 16:13:16 +0300 Subject: [PATCH 10/12] Added a guard clause for mounting a filesystem --- recipes/volumes.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/recipes/volumes.rb b/recipes/volumes.rb index da3fd55..5ec794e 100644 --- a/recipes/volumes.rb +++ b/recipes/volumes.rb @@ -73,6 +73,7 @@ device device options 'noatime,nobootwait' action [:mount, :enable] + only_if { device and options.has_key?(:fstype) } end end From 8996533e9d0de4abc7111ff2cbfa5ce1a0f6aee8 Mon Sep 17 00:00:00 2001 From: Nilanjan Roy Date: Fri, 26 Jan 2018 12:48:17 +0200 Subject: [PATCH 11/12] Updated aws cookbook version to 6.1.1 --- metadata.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.rb b/metadata.rb index 400348e..2bec97f 100644 --- a/metadata.rb +++ b/metadata.rb @@ -11,5 +11,5 @@ recipe "ebs::raids", "Mounts attached EBS RAIDs" recipe "ebs::persistent", "Mounts volumes defined in attributes" -depends 'aws', '>= 3.3.3' +depends 'aws', '>= 6.1.1' depends 'delayed_evaluator' From 47a5f4d904c291975eaf2540b06e0a3a12df9176 Mon Sep 17 00:00:00 2001 From: Nilanjan Roy Date: Thu, 15 Feb 2018 14:43:55 +0200 Subject: [PATCH 12/12] Reverted last commit --- metadata.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.rb b/metadata.rb index 2bec97f..400348e 100644 --- a/metadata.rb +++ b/metadata.rb @@ -11,5 +11,5 @@ recipe "ebs::raids", "Mounts attached EBS RAIDs" recipe "ebs::persistent", "Mounts volumes defined in attributes" -depends 'aws', '>= 6.1.1' +depends 'aws', '>= 3.3.3' depends 'delayed_evaluator'