Menu

Chef Supermarket

Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

View our collection of guides, documentation, and articles

Cookbooks
Advanced Options

Select Badges

Select Supported Platforms

RSS

aws_ipsec_monitor (2) Versions 1.0.0

Installs/Configures aws_ipsec_monitor

Berkshelf
Policyfile
Knife 
cookbook 'aws_ipsec_monitor', '~> 1.0.0'
cookbook 'aws_ipsec_monitor', '~> 1.0.0', :supermarket
knife cookbook site install aws_ipsec_monitor
knife cookbook site download aws_ipsec_monitor
README
Dependencies
Quality 25%

aws_ipsec_monitor Cookbook

Creates an IPSec monitoring server specific to AWS VPC

Monitors one active and one failover IPSec node with a remote tunnel endpoint.

Requirements

  • VPC with at least one subnet to be routed
  • EIP for pair of IPSec instances
  • Two IPSec instances, built via Chef with some defined IPSec Chef role assigned to each
  • Monitor server will require IAM role with permissions necessary to stop/start instances, modify routing tables, and move an EIP
  • Must define a region attribute via recipe or on the node itself.

Attributes

default["aws_ipsec_monitor"]["cli_extract_dir"] = "/usr/local/ec2"
default["aws_ipsec_monitor"]["dir"] = "/usr/local/bin"

#The tag assigned to the two local IPSec servers
default["aws_ipsec_monitor"]["ipsec_tag"] = "ipsec_tunnel"

#EC2 (VPC) specific attributes that must be defined via role. 
#  The ID of the route tables for which VPC will direct remote subnet traffic
default["aws_ipsec_monitor"]["route_ids"] = []

#The local Elastic IP to be managed for the pair of IPSec servers
default["aws_ipsec_monitor"]["eip_id"] = nil

#The remote Elastic IP to which the local IPSec instances are connecting
default["aws_ipsec_monitor"]["remote_eip"] = nil

#A remote internal IP to ping for health checking the tunnel. 
#  If you have a failover pair on the remote end, DON'T use one of the instance 
#  IPs as a failure on the remote will cause a local failure
default["aws_ipsec_monitor"]["remote_ip"] = nil

#Remote subnets that we have VPC routing entries. These need to line up exactly.
default["aws_ipsec_monitor"]["remote_subnets"] = []

#How many time to ping the remote endpoint
default["aws_ipsec_monitor"]["num_pings"] = 20

default["aws_ipsec_monitor"]["ping_timeout"] = 3

#How long between each iteration of pings
default["aws_ipsec_monitor"]["wait_between_pings"] = 30

#How long to wait for a failed instance to be stopped
default["aws_ipsec_monitor"]["wait_for_instance_stop"] = 60

#How long to wait for a failed instance to be started
default["aws_ipsec_monitor"]["wait_for_instance_start"] = 300

Usage

aws_ipsec_monitor::default

Create a role with the following attributes. Do yourself a favor and have IPSec, Elastic IPs, routing tables all set up before defining the role.

Requires exactly two nodes to be tagged with the value of node["aws_ipsec_monitor"]["ipsec_tag"] attribute

name "ipsec_monitor"
description "The IPSec tunnel monitor for our VPC"

run_list(
  "recipe[aws_ipsec_monitor]"
)
default_attributes({
  "aws_ipsec_monitor" => {
    "route_ids" => [ "rtb-xxxxxxxx", "rtb-xxxxxxxx" ],
    "eip_id" => "eipalloc-xxxxxxxx",
    "remote_eip" => "xx.xx.xx.xx",
    "remote_ip" => "10.0.5.5",
    "remote_subnets" => [ "10.0.0.0/16" ]
  }
})

License and Authors

Authors: Matt Williams

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Collaborator Number Metric 
            
1.0.0 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric 
            
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric 
            
1.0.0 failed this metric
FC064: Ensure issues_url is set in metadata: aws_ipsec_monitor/metadata.rb:1
FC065: Ensure source_url is set in metadata: aws_ipsec_monitor/metadata.rb:1
FC066: Ensure chef_version is set in metadata: aws_ipsec_monitor/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: aws_ipsec_monitor/metadata.rb:1
FC069: Ensure standardized license defined in metadata: aws_ipsec_monitor/metadata.rb:1
Run with Foodcritic Version 13.1.1 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric 
            
1.0.0 passed this metric

Publish Metric 
            
1.0.0 passed this metric

Supported Platforms Metric 
            
1.0.0 failed this metric
aws_ipsec_monitor should declare what platform(s) it supports.

Testing File Metric 
            
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric 
            
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number

Matt Williams Matt Williams

Details

Updated Created on February 18, 2015

Platforms

License

GNU GPL

Download Cookbook