Skip to content

Instantly share code, notes, and snippets.

@cwebberOps

cwebberOps/Berksfile

Created November 25, 2015 16:59
Show Gist options
  • Save cwebberOps/b7c352c71e63a081d65a to your computer and use it in GitHub Desktop.
Save cwebberOps/b7c352c71e63a081d65a to your computer and use it in GitHub Desktop.
Download ZIP
RDS build
Raw
_build_db_instance.rb
require 'securerandom'
load_delivery_chef_config
aws_creds = encrypted_data_bag_item_for_environment('cia-creds','chef-cia')
Chef::Log.info('Check to see if the creds data bag exists')
begin
database_creds = data_bag_item('cia-creds', "#{node['delivery']['change']['project']}-database").to_hash
Chef::Log.info('Data bag found.')
rescue Net::HTTPServerException => http_e
raise http_e unless http_e.response.code == "404"
Chef::Log.info('Data bag wasn\'t found. Creating hash')
database_creds = {
'id' => "#{node['delivery']['change']['project']}-database",
node['delivery']['change']['stage'] => {}
}
end
# Notes about RDS setup
#######################
#
# As a general rule, we are still managing "network" concerns as a manual step.
# This will change as time goes by but until then, buyer beware, the VPC and SG
# resources are all hand configured...
aws_db_subnet_group = 'subnet_group_name'
aws_sg = ['sg-valid_sg_id']
rds_name = instance_name
if database_creds[node['delivery']['change']['stage']] &&
database_creds[node['delivery']['change']['stage']][rds_name] &&
database_creds[node['delivery']['change']['stage']][rds_name]['username']
username = database_creds[node['delivery']['change']['stage']][rds_name]['username']
password = database_creds[node['delivery']['change']['stage']][rds_name]['password']
else
username = instance_name.gsub(/-/, '_')
password = SecureRandom.hex(32)
unless database_creds[node['delivery']['change']['stage']]
database_creds[node['delivery']['change']['stage']] = {}
end
database_creds[node['delivery']['change']['stage']][rds_name] = {
'username' => username,
'password' => password
}
creds_dbag_item = Chef::DataBagItem.new
creds_dbag_item.data_bag('cia-creds')
creds_dbag_item.raw_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item(
database_creds,
Chef::EncryptedDataBagItem.load_secret
)
creds_dbag_item.save
end
# As of the writing of this comment, the aws_rds instance doesn't support update
# actions, just creation.
aws_rds rds_name do
aws_access_key aws_creds['access_key_id']
aws_secret_access_key aws_creds['secret_access_key']
engine 'postgres'
db_instance_class 'db.t2.small'
allocated_storage 20
master_username username
master_user_password password
multi_az aws_multi_az
db_subnet_group_name aws_db_subnet_group
publicly_accessible false
tags [
{key: 'X-Project', value: node['delivery']['change']['project']},
{key: 'X-Contact', value: 'cia'}
]
vpc_security_group_ids aws_sg
storage_type 'gp2'
sensitive true
end
data_bag_prep = {}
ruby_block 'rds info' do
block do
require 'pp'
db_info = node[:aws_rds].to_h[rds_name]
cred_info = database_creds[node['delivery']['change']['stage']][rds_name]
data_bag_prep = {rds_name => db_info.merge(cred_info)}
end
end
ruby_block 'upload data bag' do
block do
with_server_config do
dbag_item = Chef::DataBagItem.new
dbag_item.data_bag('cia-creds')
dbag_data = data_bag_item('cia-creds',"#{node['delivery']['change']['project']}-database").to_hash
dbag_data[node['delivery']['change']['stage']] = data_bag_prep
dbag_item.raw_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item(
dbag_data,
Chef::EncryptedDataBagItem.load_secret
)
dbag_item.save
end
end
end
Raw
Berksfile
cookbook 'delivery-sugar', github: 'chef-cookbooks/delivery-sugar'
cookbook 'aws-rds', github: 'cwebberOps/aws-rds-cookbook'
Raw
metadata.rb
depends 'aws-rds'
depends 'delivery-sugar'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment