diff --git a/core/src/epicli/cli/epicli.py b/core/src/epicli/cli/epicli.py index c8ad612acf..2b6158c457 100644 --- a/core/src/epicli/cli/epicli.py +++ b/core/src/epicli/cli/epicli.py @@ -16,7 +16,6 @@ def main(): - config = Config() parser = argparse.ArgumentParser( description=__doc__, @@ -38,14 +37,15 @@ def main(): help='Roleover count where each CLI run will generate a new log.') parser.add_argument('--log-type', choices=['plain', 'json'], default='plain', dest='log_type', action='store', help='Type of logs.') - parser.add_argument('--validate-certs', choices=['true', 'false'], default='true', action='store', dest='validate_certs', + parser.add_argument('--validate-certs', choices=['true', 'false'], default='true', action='store', + dest='validate_certs', help='''[Experimental]: Disables certificate checks for certain Ansible operations which might have issues behind proxies (https://github.com/ansible/ansible/issues/32750). Should NOT be used in production for security reasons.''') parser.add_argument('--debug', dest='debug', action="store_true", - help='Set this to output extensive debug information. Carries over to Ansible and Terraform.') + help='Set this to output extensive debug information. Carries over to Ansible and Terraform.') parser.add_argument('--auto-approve', dest='auto_approve', action="store_true", - help='Auto approve any user input queries asked by Epicli') + help='Auto approve any user input queries asked by Epicli') # some arguments we don't want available when running from the docker image. if not config.docker_cli: parser.add_argument('-o', '--output', dest='output_dir', type=str, @@ -88,9 +88,11 @@ def main(): logger.error(e, exc_info=config.debug) return 1 + def init_parser(subparsers): sub_parser = subparsers.add_parser('init', description='Creates configuration file in working directory.') - sub_parser.add_argument('-p', '--provider', dest='provider', choices=['aws', 'azure', 'any'], default='any', type=str, + sub_parser.add_argument('-p', '--provider', dest='provider', choices=['aws', 'azure', 'any'], default='any', + type=str, required=True, help='One of the supported providers: azure|aws|any') sub_parser.add_argument('-n', '--name', dest='name', type=str, required=True, help='Name of the cluster.') @@ -103,7 +105,7 @@ def run_init(args): with InitEngine(args) as engine: return engine.init() - sub_parser.set_defaults(func=run_init) + sub_parser.set_defaults(func=run_init) def apply_parser(subparsers): @@ -116,7 +118,7 @@ def apply_parser(subparsers): def run_apply(args): adjust_paths_from_file(args) with BuildEngine(args) as engine: - return engine.apply() + return engine.apply() sub_parser.set_defaults(func=run_apply) @@ -147,13 +149,14 @@ def run_delete(args): return 0 adjust_paths_from_build(args) with DeleteEngine(args) as engine: - return engine.delete() + return engine.delete() - sub_parser.set_defaults(func=run_delete) + sub_parser.set_defaults(func=run_delete) def upgrade_parser(subparsers): - sub_parser = subparsers.add_parser('upgrade', description='[Experimental]: Upgrades existing Epiphany Platform to latest version.') + sub_parser = subparsers.add_parser('upgrade', + description='[Experimental]: Upgrades existing Epiphany Platform to latest version.') sub_parser.add_argument('-b', '--build', dest='build_directory', type=str, required=True, help='Absolute path to directory with build artifacts.') @@ -167,7 +170,8 @@ def run_upgrade(args): def backup_parser(subparsers): - sub_parser = subparsers.add_parser('backup', description='[Experimental]: Backups existing Epiphany Platform components.') + sub_parser = subparsers.add_parser('backup', + description='[Experimental]: Backups existing Epiphany Platform components.') sub_parser.add_argument('-b', '--build', dest='build_directory', type=str, required=True, help='Absolute path to directory with build artifacts.') @@ -196,15 +200,15 @@ def run_recovery(args): def experimental_query(): if not query_yes_no('This is an experimental feature and could change at any time. Do you want to continue?'): - sys.exit(0) + sys.exit(0) def adjust_paths_from_file(args): if not os.path.isabs(args.file): args.file = os.path.join(os.getcwd(), args.file) if not os.path.isfile(args.file): - Config().output_dir = os.getcwd() # Default to working dir so we can at least write logs. - raise Exception(f'File "{args.file}" does not excist') + Config().output_dir = os.getcwd() # Default to working dir so we can at least write logs. + raise Exception(f'File "{args.file}" does not excist') if Config().output_dir is None: Config().output_dir = os.path.join(os.path.dirname(args.file), 'build') dump_config(Config()) @@ -214,9 +218,9 @@ def adjust_paths_from_build(args): if not os.path.isabs(args.build_directory): args.build_directory = os.path.join(os.getcwd(), args.build_directory) if not os.path.exists(args.build_directory): - Config().output_dir = os.getcwd() # Default to working dir so we can at least write logs. - raise Exception(f'Build directory "{args.build_directory}" does not excist') - if args.build_directory[-1:] == '/': + Config().output_dir = os.getcwd() # Default to working dir so we can at least write logs. + raise Exception(f'Build directory "{args.build_directory}" does not excist') + if args.build_directory[-1:] == '/': args.build_directory = args.build_directory.rstrip('/') if Config().output_dir is None: Config().output_dir = os.path.split(args.build_directory)[0] @@ -227,7 +231,7 @@ def dump_config(config): logger = Log('config') for attr in config.__dict__: if attr.startswith('_'): - logger.info ('%s = %r' % (attr[1:], getattr(config, attr))) + logger.info('%s = %r' % (attr[1:], getattr(config, attr))) if __name__ == '__main__': diff --git a/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml b/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml index 5c7aa2787c..f80c701298 100644 --- a/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml +++ b/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml @@ -41,6 +41,16 @@ specification: destination_port_range: "22" source_address_prefix: "0.0.0.0/0" destination_address_prefix: "0.0.0.0/0" + - name: node_exporter + description: Allow node_exporter traffic + priority: 302 + direction: Inbound + access: Allow + protocol: Tcp + source_port_range: "*" + destination_port_range: "9100" + source_address_prefix: "10.1.0.0/20" + destination_address_prefix: "0.0.0.0/0" - name: out description: Allow out priority: 101 @@ -65,6 +75,16 @@ specification: os_type: linux security: rules: + - name: ssh + description: Allow SSH + priority: 101 + direction: Inbound + access: Allow + protocol: Tcp + source_port_range: "*" + destination_port_range: "22" + source_address_prefix: "0.0.0.0/0" + destination_address_prefix: "0.0.0.0/0" - name: node_exporter description: Allow node_exporter traffic priority: 302 @@ -80,6 +100,49 @@ kind: infrastructure/virtual-machine version: 0.3.0 title: "Virtual Machine Infra" provider: aws +name: rabbitmq-machine +specification: + tags: + - version: 0.3.0 + size: t3.micro + os_type: linux + security: + rules: + - name: ssh + description: Allow SSH + priority: 101 + direction: Inbound + access: Allow + protocol: Tcp + source_port_range: "*" + destination_port_range: "22" + source_address_prefix: "0.0.0.0/0" + destination_address_prefix: "0.0.0.0/0" + - name: node_exporter + description: Allow node_exporter traffic + priority: 302 + direction: Inbound + access: Allow + protocol: Tcp + source_port_range: "*" + destination_port_range: "9100" + source_address_prefix: "10.1.0.0/20" + destination_address_prefix: "0.0.0.0/0" + - name: rabbitmq + description: Allow rabbitmq traffic + priority: 303 + direction: Inbound + access: Allow + protocol: Tcp + source_port_range: "*" + destination_port_range: "5672" + source_address_prefix: "10.1.0.0/20" + destination_address_prefix: "0.0.0.0/0" +--- +kind: infrastructure/virtual-machine +version: 0.3.0 +title: "Virtual Machine Infra" +provider: aws name: load-balancer-machine specification: tags: diff --git a/core/src/epicli/data/common/defaults/configuration/feature-mapping.yml b/core/src/epicli/data/common/defaults/configuration/feature-mapping.yml index 531f7e3a33..9c79a0152e 100644 --- a/core/src/epicli/data/common/defaults/configuration/feature-mapping.yml +++ b/core/src/epicli/data/common/defaults/configuration/feature-mapping.yml @@ -51,7 +51,6 @@ specification: rabbitmq: - rabbitmq - node-exporter - - kafka-exporter - filebeat logging: - elasticsearch diff --git a/core/src/epicli/data/common/defaults/epiphany-cluster.yml b/core/src/epicli/data/common/defaults/epiphany-cluster.yml index 19934a2d31..410ce94eca 100644 --- a/core/src/epicli/data/common/defaults/epiphany-cluster.yml +++ b/core/src/epicli/data/common/defaults/epiphany-cluster.yml @@ -65,7 +65,6 @@ specification: subnets: - availability_zone: eu-west-2a address_pool: 10.1.6.0/24 - load_balancer: count: 1 machine: load-balancer-machine @@ -75,7 +74,7 @@ specification: address_pool: 10.1.7.0/24 rabbitmq: count: 0 - machine: default + machine: rabbitmq-machine configuration: default subnets: - availability_zone: eu-west-2a