Last active
August 29, 2015 14:06
-
-
Save Sjeanpierre/6ad5d906ed7b99f3395e to your computer and use it in GitHub Desktop.
run ss_update.sh and follow the prompts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :access_key_id: 'ACCESS_KEY' | |
| :secret_key: 'SECRET_KEY' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| echo "Performing system dependancy checks" | |
| echo "Checking for presense of aws-sdk gem" | |
| if ! gem list aws-sdk -i; then | |
| echo "Could not find gem, installing" | |
| gem install aws-sdk --no-ri --no-rdoc | |
| fi | |
| echo "Checking for presense of formatador gem" | |
| if ! gem list formatador -i; then | |
| echo "Could not find gem, installing" | |
| gem install formatador --no-ri --no-rdoc | |
| fi | |
| echo "Checking for presense of colorize gem" | |
| if ! gem list colorize -i; then | |
| echo "Could not find gem, installing" | |
| gem install colorize --no-ri --no-rdoc | |
| fi | |
| clear | |
| echo "System dependancy checks completed" | |
| ruby update-elb.rb |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'aws-sdk' | |
| require 'formatador' | |
| require 'colorize' | |
| #Research | |
| #http://docs.aws.amazon.com/AWSRubySDK/latest/AWS/IAM/ServerCertificateCollection.html | |
| #http://docs.aws.amazon.com/AWSRubySDK/latest/AWS/ELB/Client/V20120601.html#set_load_balancer_listener_ssl_certificate-instance_method | |
| #http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/US_UpdatingLoadBalancerSSL.html#us-update-lb-SSLcert-api | |
| aws_credentials = YAML.load_file('credentials.yml') | |
| if aws_credentials[:access_key_id].nil? | |
| puts 'Please enter credentials into the credentials.yml file'.colorize(:red) | |
| exit(0) | |
| end | |
| AWS.config( | |
| :access_key_id => aws_credentials[:access_key_id], | |
| :secret_access_key => aws_credentials[:secret_key]) | |
| def question_loop | |
| puts "Please type 'existing' or 'new' to make selection".colorize(:light_blue) | |
| input = gets.chomp | |
| case input.downcase | |
| when 'existing' | |
| begin | |
| puts 'you have selected to use an existing certificate'.colorize(:green) | |
| puts 'Please select the cert you want to use (New cert)'.colorize(:green) | |
| new_cert_details = list_current_certificates | |
| puts 'Please select the cert that you want to replace (Old cert)'.colorize(:green) | |
| cert_to_be_replaced_details = list_current_certificates | |
| puts "The following ELBs currently use #{cert_to_be_replaced_details[:name]} and will be updated to use #{new_cert_details[:name]}".colorize(:green) | |
| elbs_to_be_modified = list_current_elbs(cert_to_be_replaced_details[:arn]) | |
| puts 'Continue? y/n'.colorize(:light_blue) | |
| continue = gets.chomp.downcase | |
| exit(0) if continue == 'n' | |
| elb_client = AWS::ELB::Client.new(region: $region) | |
| elbs_to_be_modified.each do |elb| | |
| puts "updating #{elb[:name]}".colorize(:green) | |
| elb_client.set_load_balancer_listener_ssl_certificate(:load_balancer_name => elb[:name], | |
| :load_balancer_port => 443, | |
| :ssl_certificate_id => new_cert_details[:arn]) | |
| end | |
| puts 'Update complete, please review new settings'.colorize(:green) | |
| list_current_elbs(new_cert_details[:arn]) | |
| end | |
| when 'new' | |
| puts 'you have selected to upload a new certificate'.colorize(:green) | |
| upload_new_cert | |
| puts 'Your new certificate has been uploaded, please proceed with elb update process by selecting the existing option next' | |
| question_loop | |
| #go to method that requests the file names for each part of the certificate | |
| else | |
| exit(0) if %w(exit quit).include?(input.downcase) | |
| puts 'You have made an invalid selection, please try again'.colorize(:red) | |
| question_loop | |
| end | |
| end | |
| def cert_selection_loop(certificate_listing) | |
| puts 'Option number:'.colorize(:light_blue) | |
| input = gets.chomp | |
| if input.to_i > certificate_listing.count | |
| puts 'Selection is not within provided list exiting'.colorize(:red) | |
| exit(0) | |
| end | |
| selected_cert = certificate_listing.select { |cert_hash| cert_hash[:option] == input.to_i } | |
| puts 'You have selected the following cert'.colorize(:green) | |
| Formatador.display_table(selected_cert, [:option, :arn, :name]) | |
| selected_cert.first | |
| end | |
| def list_current_elbs(arn) | |
| elb_client = AWS::ELB::Client.new(region: $region) | |
| elbs = elb_client.describe_load_balancers | |
| matched_elbs = [] | |
| elbs.data[:load_balancer_descriptions].each do |elb| | |
| elb_data = {:name => elb[:load_balancer_name], :dns_name => elb[:dns_name], :region => elb[:availability_zones].first.gsub(/[a-z]+$/, '')} | |
| matched_elbs.push(elb_data) if matched_arn?(elb, arn) | |
| end | |
| Formatador.display_table(matched_elbs, [:region, :name, :dns_name]) | |
| matched_elbs | |
| end | |
| def matched_arn?(elb, arn) | |
| ssl_listeners = elb[:listener_descriptions].select { |ld| ld[:listener][:load_balancer_port] == 443 } | |
| !!ssl_listeners.detect { |ssl_listener| ssl_listener[:listener][:ssl_certificate_id].downcase == arn.downcase } | |
| end | |
| def upload_new_cert | |
| cert = {} | |
| puts 'please provide a name for the new certificate'.colorize(:light_blue) | |
| cert[:server_certificate_name] = gets.chomp | |
| puts 'Please provide path to private key (.key) file'.colorize(:light_blue) | |
| cert[:private_key] = read_file(gets.chomp) | |
| puts 'Please provide path to public key (.crt) file'.colorize(:light_blue) | |
| cert[:certificate_body] = read_file(gets.chomp) | |
| puts 'please provide path to certificate chain'.colorize(:light_blue) | |
| cert[:certificate_chain] = read_file(gets.chomp) | |
| iam = AWS::IAM::Client.new | |
| begin | |
| iam.upload_server_certificate(cert) | |
| rescue => e | |
| puts 'An error was encountered while uploading the certificate'.colorize(:red) | |
| puts e | |
| puts 'Please try again'.colorize(:red) | |
| upload_new_cert | |
| end | |
| end | |
| def read_file(path) | |
| if File.exists?(path) | |
| puts "loading data from #{path}" | |
| File.read(path) | |
| else | |
| puts "Could not read file at #{path}, please try again".colorize(:red) | |
| exit(0) | |
| end | |
| end | |
| def list_current_certificates | |
| iam = AWS::IAM::Client.new | |
| certificates = iam.list_server_certificates | |
| cert_results = [] | |
| count = 0 | |
| certificates.data[:server_certificate_metadata_list].each do |cert| | |
| count += 1 | |
| details = {:name => cert[:server_certificate_name], :arn => cert[:arn], :option => count} | |
| cert_results.push(details) | |
| end | |
| Formatador.display_table(cert_results, [:option, :arn, :name]) | |
| cert_selection_loop(cert_results) | |
| end | |
| puts 'Please select the region you would like to work in' | |
| puts 'east or west or oregon' | |
| region_selection = gets.chomp | |
| $region = case region_selection.downcase | |
| when 'east' | |
| 'us-east-1' | |
| when 'west' | |
| 'us-west-1' | |
| when 'oregon' | |
| 'us-west-2' | |
| end | |
| puts 'Are we using an existing cert or are we uploading a new one?'.colorize(:green) | |
| sleep 1 | |
| question_loop |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment