From ef874937ac594b8017a2c207c0a4a5a9f7ae8968 Mon Sep 17 00:00:00 2001 From: David Siaw Date: Mon, 8 Feb 2021 11:46:24 +0900 Subject: [PATCH 1/2] imdsv2 for nat --- lib/barcelona/network/nat_builder.rb | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/lib/barcelona/network/nat_builder.rb b/lib/barcelona/network/nat_builder.rb index 48ebb289..1a2178c0 100644 --- a/lib/barcelona/network/nat_builder.rb +++ b/lib/barcelona/network/nat_builder.rb @@ -40,6 +40,15 @@ def build_resources ] end + add_resource("AWS::EC2::LaunchTemplate", nat_launch_template_name) do |j| + j.LaunchTemplateName nat_launch_template_name + j.LaunchTemplateData do |d| + d.MetadataOptions do |m| + m.HttpTokens 'required' + end + end + end + add_resource("AWS::EC2::Instance", nat_name, depends_on: ["VPCGatewayAttachment"]) do |j| j.InstanceType options[:instance_type] || 't3.nano' @@ -53,8 +62,9 @@ def build_resources "GroupSet" => [ref("SecurityGroupNAT")] } ] - j.MetadataOptions do |m| - m.HttpTokens 'required' + j.LaunchTemplate do |t| + t.LaunchTemplateName nat_launch_template_name + t.Version get_attr(nat_launch_template_name, "LatestVersionNumber") end j.Tags [ tag("barcelona", stack.district.name), @@ -98,6 +108,10 @@ def eip_name def nat_name "NAT#{options[:type].to_s.classify}#{options[:nat_id]}" end + + def nat_launch_template_name + "NAT#{options[:type].to_s.classify}#{options[:nat_id]}LaunchTemplate" + end end end end From 908819aacaa261f1c8458428548051d0fadfd4cb Mon Sep 17 00:00:00 2001 From: David Siaw Date: Thu, 18 Feb 2021 15:36:09 +0900 Subject: [PATCH 2/2] fix bootstrap --- lib/tasks/bootstrap.rake | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/tasks/bootstrap.rake b/lib/tasks/bootstrap.rake index 7cc86427..61494fcb 100644 --- a/lib/tasks/bootstrap.rake +++ b/lib/tasks/bootstrap.rake @@ -14,6 +14,10 @@ namespace :bcn do end end + def secret_key_base + ENV["SECRET_KEY_BASE"] || SecureRandom.hex(64) + end + desc "Deploy Barcelona to the specified ECS cluster(local)" task :bootstrap => ["db:setup", :environment] do access_key_id = ENV["AWS_ACCESS_KEY_ID"] @@ -64,6 +68,7 @@ namespace :bcn do image_tag: "master" ) heritage.env_vars.build(key: "DATABASE_URL", value: ENV["BOOTSTRAP_DATABASE_URL"], secret: true) + heritage.env_vars.build(key: "SECRET_KEY_BASE", value: secret_key_base, secret: true) heritage.env_vars.build(key: "DISABLE_DATABASE_ENVIRONMENT_CHECK", value: "1", secret: false) heritage.env_vars.build(key: "AWS_REGION", value: region, secret: false) heritage.env_vars.build(key: "AWS_ACCESS_KEY_ID", value: access_key_id, secret: false) @@ -142,7 +147,7 @@ EOS {key: "RAILS_LOG_TO_STDOUT", value: "true", secret: false}, {key: "GITHUB_ORGANIZATION", value: ENV['GITHUB_ORGANIZATION'], secret: false}, {key: "DATABASE_URL", value: ENV["DATABASE_URL"], secret: true}, - {key: "SECRET_KEY_BASE", value: SecureRandom.hex(64), secret: true}, + {key: "SECRET_KEY_BASE", value: secret_key_base, secret: true}, {key: "ENCRYPTION_KEY", value: ENV["ENCRYPTION_KEY"], secret: true} ], services_attributes: [