Puppet EC2 Security Group ENC

ec2_enc.rb

#!/usr/bin/ruby

##
# Classifies a puppet node based on its EC2 security group.
# Requires the AWS gem.
# Also requires a node_groups.yml file which specifies security groups
# and the classes/params that should be applied, in the following
# format (additionally keyed by security group name).
# http://docs.puppetlabs.com/guides/external_nodes.html
#
# To use this script, add the following two lines to your puppet.conf:
# node_terminus = exec
# external_nodes = /path/to/ec2_enc.rb
##

require 'rubygems'
require 'AWS'

ACCESS_KEY_ID     = 'xxxxxxxxxxxxxxxxxxxxxxxxxx'
SECRET_ACCESS_KEY = 'xxxxxxxxxxxxxxxxxxxxxxxxxx'
NODE_GROUPS_YAML  = '/path/to/node_groups.yml'

def classify_node(arg)

  node_groups = YAML::load( File.open( NODE_GROUPS_YAML ) )
    
  raise 'unknown node' unless arg

  begin
    ec2 = AWS::EC2::Base.new(:access_key_id => ACCESS_KEY_ID, :secret_access_key => SECRET_ACCESS_KEY)
    ec2.describe_instances.reservationSet.item.each do |reservation|
	    reservation.instancesSet.item.each do |instance|
        if instance.dnsName == arg
          group = reservation.groupSet.item.first.groupId
          return node_groups[group].to_yaml unless node_groups[group].nil?
        end
      end
    end
    raise 'unknown node'
  rescue
    raise 'unknown node'
  end
end

puts classify_node(ARGV[0])

node_groups.yml

puppetmaster:
  classes:
    puppetmaster:
appserver:
  classes:
    app_server:
      db_server_hostname: db.example.com
default:
  classes:
      base: