cookbook 'aws_ipsec_monitor', '~> 1.0.0'
aws_ipsec_monitor (2) Versions 1.0.0 Follow0
Installs/Configures aws_ipsec_monitor
cookbook 'aws_ipsec_monitor', '~> 1.0.0', :supermarket
knife supermarket install aws_ipsec_monitor
knife supermarket download aws_ipsec_monitor
aws_ipsec_monitor Cookbook
Creates an IPSec monitoring server specific to AWS VPC
Monitors one active and one failover IPSec node with a remote tunnel endpoint.
Requirements
- VPC with at least one subnet to be routed
- EIP for pair of IPSec instances
- Two IPSec instances, built via Chef with some defined IPSec Chef role assigned to each
- Monitor server will require IAM role with permissions necessary to stop/start instances, modify routing tables, and move an EIP
- Must define a region attribute via recipe or on the node itself.
Attributes
default["aws_ipsec_monitor"]["cli_extract_dir"] = "/usr/local/ec2" default["aws_ipsec_monitor"]["dir"] = "/usr/local/bin" #The tag assigned to the two local IPSec servers default["aws_ipsec_monitor"]["ipsec_tag"] = "ipsec_tunnel" #EC2 (VPC) specific attributes that must be defined via role. # The ID of the route tables for which VPC will direct remote subnet traffic default["aws_ipsec_monitor"]["route_ids"] = [] #The local Elastic IP to be managed for the pair of IPSec servers default["aws_ipsec_monitor"]["eip_id"] = nil #The remote Elastic IP to which the local IPSec instances are connecting default["aws_ipsec_monitor"]["remote_eip"] = nil #A remote internal IP to ping for health checking the tunnel. # If you have a failover pair on the remote end, DON'T use one of the instance # IPs as a failure on the remote will cause a local failure default["aws_ipsec_monitor"]["remote_ip"] = nil #Remote subnets that we have VPC routing entries. These need to line up exactly. default["aws_ipsec_monitor"]["remote_subnets"] = [] #How many time to ping the remote endpoint default["aws_ipsec_monitor"]["num_pings"] = 20 default["aws_ipsec_monitor"]["ping_timeout"] = 3 #How long between each iteration of pings default["aws_ipsec_monitor"]["wait_between_pings"] = 30 #How long to wait for a failed instance to be stopped default["aws_ipsec_monitor"]["wait_for_instance_stop"] = 60 #How long to wait for a failed instance to be started default["aws_ipsec_monitor"]["wait_for_instance_start"] = 300
Usage
aws_ipsec_monitor::default
Create a role with the following attributes. Do yourself a favor and have IPSec, Elastic IPs, routing tables all set up before defining the role.
Requires exactly two nodes to be tagged with the value of node["aws_ipsec_monitor"]["ipsec_tag"] attribute
name "ipsec_monitor" description "The IPSec tunnel monitor for our VPC" run_list( "recipe[aws_ipsec_monitor]" ) default_attributes({ "aws_ipsec_monitor" => { "route_ids" => [ "rtb-xxxxxxxx", "rtb-xxxxxxxx" ], "eip_id" => "eipalloc-xxxxxxxx", "remote_eip" => "xx.xx.xx.xx", "remote_ip" => "10.0.5.5", "remote_subnets" => [ "10.0.0.0/16" ] } })
License and Authors
Authors: Matt Williams
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
1.0.0 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.0.0 failed this metric
FC064: Ensure issues_url is set in metadata: aws_ipsec_monitor/metadata.rb:1
FC065: Ensure source_url is set in metadata: aws_ipsec_monitor/metadata.rb:1
FC066: Ensure chef_version is set in metadata: aws_ipsec_monitor/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: aws_ipsec_monitor/metadata.rb:1
FC069: Ensure standardized license defined in metadata: aws_ipsec_monitor/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
1.0.0 passed this metric
Testing File Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.0 failed this metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.0.0 failed this metric
FC064: Ensure issues_url is set in metadata: aws_ipsec_monitor/metadata.rb:1
FC065: Ensure source_url is set in metadata: aws_ipsec_monitor/metadata.rb:1
FC066: Ensure chef_version is set in metadata: aws_ipsec_monitor/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: aws_ipsec_monitor/metadata.rb:1
FC069: Ensure standardized license defined in metadata: aws_ipsec_monitor/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
1.0.0 passed this metric
Testing File Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.0 failed this metric
FC065: Ensure source_url is set in metadata: aws_ipsec_monitor/metadata.rb:1
FC066: Ensure chef_version is set in metadata: aws_ipsec_monitor/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: aws_ipsec_monitor/metadata.rb:1
FC069: Ensure standardized license defined in metadata: aws_ipsec_monitor/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
1.0.0 passed this metric
Testing File Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.0 failed this metric
1.0.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number