Permalink
Browse files

Update for AWS and EFS Feature

This update moves the AWS provider to the unified Kubernetes
based version templates. It also adds support for EFS.

To use EFS:

- You can simply specify the bool build option during build.
```
  {
    "aws_config": {
      "region": "us-east-1",
      "build_elastic_filesystem": true,
      "vpc_ip_range": "172.20.0.0/16"
    },
    "cloud_account_name": "aws",
    "master_node_size": "m4.large",
    "name": "test",
        "ssh_pub_key": "my_ssh_key",
    "node_sizes": [
      "m4.large",
      "m4.xlarge",
      "m4.2xlarge",
      "m4.4xlarge"
    ]
  }
```

- Or you can specify a EFS ID
```
  {
    "aws_config": {
      "region": "us-east-1",
      "elastic_filesystem_id": "my_efs_id",
      "vpc_ip_range": "172.20.0.0/16"
    },
    "cloud_account_name": "aws",
    "master_node_size": "m4.large",
    "name": "test",
        "ssh_pub_key": "my_ssh_key",
    "node_sizes": [
      "m4.large",
      "m4.xlarge",
      "m4.2xlarge",
      "m4.4xlarge"
    ]
  }
```

In either case, SG will create a mount target on the share for any kubes it creates.
When your kube is deleted the target is removed, but the EFS share is not... This
must be done manually.
  • Loading branch information...
gopherstein committed Jul 7, 2017
1 parent bffe9ad commit 4dd10ba1b49ca08d9267e012ea1f9de3b3fc5dac
View
@@ -5,7 +5,6 @@ import (
"os"
"path/filepath"
"github.com/urfave/cli"
"github.com/supergiant/supergiant/pkg/core"
"github.com/supergiant/supergiant/pkg/provider/aws"
"github.com/supergiant/supergiant/pkg/provider/digitalocean"
@@ -14,6 +13,7 @@ import (
"github.com/supergiant/supergiant/pkg/provider/openstack"
"github.com/supergiant/supergiant/pkg/provider/packet"
"github.com/supergiant/supergiant/pkg/server"
"github.com/urfave/cli"
)
var version = "unversioned"
@@ -41,6 +41,7 @@ func main() {
IAM: aws.IAM,
ELB: aws.ELB,
S3: aws.S3,
EFS: aws.EFS,
}
}
c.DOProvider = func(creds map[string]string) core.Provider {
@@ -0,0 +1,131 @@
#cloud-config
ssh_authorized_keys:
- "{{ .SSHPubKey }}"
write_files:
- path: "/opt/bin/oneshot"
permissions: "0755"
content: |
#!/bin/bash -e
# Initilize variables
init_vars() {
# For signature v4 signning purpose
timestamp=$(date -u "+%Y-%m-%d %H:%M:%S")
isoTimpstamp=$(date -ud "${timestamp}" "+%Y%m%dT%H%M%SZ")
dateScope=$(date -ud "${timestamp}" "+%Y%m%d")
#dateHeader=$(date -ud "${timestamp}" "+%a, %d %h %Y %T %Z")
signedHeaders="host;x-amz-content-sha256;x-amz-date;x-amz-security-token"
service="s3"
# Get instance auth token from meta-data
region=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document/ | jq -r '.region')
# Bucket
bucket={{ .AWSConfig.BucketName }}
roleProfile=kubernetes-master
# KeyId, secret, and token
accessKeyId=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$roleProfile | jq -r '.AccessKeyId')
secretAccessKey=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$roleProfile | jq -r '.SecretAccessKey')
stsToken=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$roleProfile | jq -r '.Token')
# Path to cloud-config.yaml. e.g. worker/cloud-config.yaml
cloudConfigYaml="build/master.yaml"
# Path to initial-cluster urls file to join cluster
initialCluster="etcd/initial-cluster"
workDir="/tmp"
# Empty payload hash (we are getting content, not upload)
payload=$(sha256_hash /dev/null)
if [[ $region == "us-east-1" ]]; then
PREFIX="s3"
else
PREFIX="s3-${region}"
fi
# Host header
hostHeader="${bucket}.${PREFIX}.amazonaws.com"
# Curl options
opts="-v -L --fail --retry 5 --retry-delay 3 --silent --show-error"
# Curl logs
bootstrapLog=${workDir}/bootstrap.log
}
# Untilities
hmac_sha256() {
key="$1"
data="$2"
echo -n "$data" | openssl dgst -sha256 -mac HMAC -macopt "$key" | sed 's/^.* //'
}
sha256_hash() {
echo $(sha256sum "$1" | awk '{print $1}')
}
curl_get() {
curl $opts -H "Host: ${hostHeader}" \
-H "Authorization: AWS4-HMAC-SHA256 \
Credential=${accessKeyId}/${dateScope}/${region}/s3/aws4_request, \
SignedHeaders=${signedHeaders}, Signature=${signature}" \
-H "x-amz-content-sha256: ${payload}" \
-H "x-amz-date: ${isoTimpstamp}" \
-H "x-amz-security-token:${stsToken}" \
https://${hostHeader}/${filePath}
}
canonical_request() {
echo "GET"
echo "/${filePath}"
echo ""
echo host:${hostHeader}
echo "x-amz-content-sha256:${payload}"
echo "x-amz-date:${isoTimpstamp}"
echo "x-amz-security-token:${stsToken}"
echo ""
echo "${signedHeaders}"
printf "${payload}"
}
string_to_sign() {
echo "AWS4-HMAC-SHA256"
echo "${isoTimpstamp}"
echo "${dateScope}/${region}/s3/aws4_request"
printf "$(canonical_request | sha256_hash -)"
}
signing_key() {
dateKey=$(hmac_sha256 key:"AWS4$secretAccessKey" $dateScope)
dateRegionKey=$(hmac_sha256 hexkey:$dateKey $region)
dateRegionServiceKey=$(hmac_sha256 hexkey:$dateRegionKey $service)
signingKey=$(hmac_sha256 hexkey:$dateRegionServiceKey "aws4_request")
printf "${signingKey}"
}
# Initlize varables
init_vars
cd ${workDir}
## Download File
filePath=${cloudConfigYaml}
signature=$(string_to_sign | openssl dgst -sha256 -mac HMAC -macopt hexkey:$(signing_key) | awk '{print $NF}')
curl_get 2>> ${bootstrapLog} > ${workDir}/cloud-config.yaml
# Run cloud-init
coreos-cloudinit --from-file=/tmp/cloud-config.yaml
coreos:
update:
reboot-strategy: off
units:
- name: bypass-user-data-limit.service
command: start
content: |
[Unit]
Description=Update the machine using our own cloud config as AWS user-data sucks
[Service]
EnvironmentFile=/etc/environment
ExecStart=/usr/bin/bash -c '/opt/bin/oneshot'
RemainAfterExit=yes
Type=oneshot
@@ -120,6 +120,7 @@ coreos:
[Unit]
Requires=flanneld.service
After=flanneld.service
{{- .Kube.ServiceString }}
- name: iscsid.service
enable: true
command: start
Oops, something went wrong.

0 comments on commit 4dd10ba

Please sign in to comment.