diff --git a/README.md b/README.md index e2de675..cded7ef 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,7 @@ Forge understands specific resource tags, and expects an instance to have them. If sufficient resource tags are not present, Forge will make reasonable guesses. It assumes security group naming like `your-project-name-role`, and infers implicit tags from this. Environment variables can provide additional data. + ### Example An untagged instance with two security groups named `your-project-name-application` and `your-project-name-managed`. diff --git a/bootstrap.py b/bootstrap.py index 0dd153c..697efe1 100644 --- a/bootstrap.py +++ b/bootstrap.py @@ -154,7 +154,6 @@ def get_vault(playbook): with open('/etc/ansible/hosts', 'a') as stream: stream.writelines(["\n[" + vault_name + "]\n", 'localhost\n']) - def configure_environment(): """ Exposes information from Resource Tags in Ansible vars """ get_vault('') @@ -164,14 +163,21 @@ def configure_environment(): stream.write("\nsystem_role: " + resource_tags()['Role']) +def record_exit(playbook, exit_status): + """ Saves exit status of playbook for notfication purposes""" + playbook_name = '/tmp/' + flat_path(playbook + 'playbook' + '.status') + with open(playbook_name, 'w+') as stream: + stream.write(str(exit_status)) + + def execute(playbook): """ Downloads and executes a playbook. """ path = '/tmp/' + flat_path(playbook) for hook in ['pre-', '', 'post-']: filename = hook + 'playbook.yml' download_from_s3(playbook + filename, path + filename) - call('ansible-playbook ' + path + filename, shell=True) - + exit_status = call('ansible-playbook ' + path + filename, shell=True) + record_exit(playbook, exit_status) def ssh_keyscan(host): """ Get the SSH host key from a remote server by connecting to it """ @@ -218,7 +224,7 @@ def configure_ansible(): download_from_s3('ansible.cfg', '/etc/ansible/ansible.cfg') download_from_s3('vault.key', '/etc/ansible/vault.key') files = ['/etc/ansible/ansible.cfg', '/etc/ansible/vault.key'] - set_permissions(files, 400) + set_permissions(files, 0400) add_to_known_hosts(ssh_host_key('github.com')) add_to_known_hosts(ssh_host_key('bitbucket.org')) @@ -237,17 +243,17 @@ def get_credentials(): """ Fetches credentials needed for private repositories """ download_from_s3('ssh.ed25519', '/root/.ssh/id_ed25519') download_from_s3('ssh.rsa', '/root/.ssh/id_rsa') - set_permissions(['/root/.ssh/id_ed25519', '/root/.ssh/id_rsa'], 400) + set_permissions(['/root/.ssh/id_ed25519', '/root/.ssh/id_rsa'], 0400) def preconfigure(): """ Configure everything needed to configure everything else. """ - install_with_pip(['ansible', 'awscli', 'boto']) + install_with_pip(['"ansible<2"', 'awscli', 'boto']) configure_ansible() configure_environment() get_credentials() download_from_s3('bin/reforge', '/usr/local/sbin/reforge') - set_permissions(['/usr/local/sbin/reforge'], 500) + set_permissions(['/usr/local/sbin/reforge'], 0500) def self_provision():