AWS PHP Service Discovery

GadElKareem

8 years ago

Service Discovery is a simple PHP command to collect and store AWS information such as EC2s and RDSs in the current region and save them with their credentials into an encrypted JSON file on S3. The script later notifies each service via SSH and executes the service discovery client on each instance. Each client downloads the JSON file and uses it to configure different applications. It can easily be automated through Rundeck or Jenkins to be executed after each deploy.

Service Discovery is part of AWS PHP Commands.

Usage:

> php console.php aws:services:discover -h
Usage:
  aws:services:discover [options]

Options:
  -f, --forceNotify[=FORCENOTIFY]          Force Notify [default: false]
  -e, --notifyOnly[=NOTIFYONLY]            Notify only one of dev,prod [default: false]
  -c, --continueOnError[=CONTINUEONERROR]  Continue to next EC2 on client failure [default: false]
  -h, --help                               Display this help message
  -q, --quiet                              Do not output any message
  -V, --version                            Display this application version
      --ansi                               Force ANSI output
      --no-ansi                            Disable ANSI output
  -n, --no-interaction                     Do not ask any interactive question
  -v|vv|vvv, --verbose                     Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug

Help:
 Discovers services information and credentials.

Configuration

Required Environment Variables

AWS Keys: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
Encryption passwords : DEV_ENC_PASS for dev environment and PROD_ENC_PASS for production environment (currently set as “prod_test”).

endec.sh:

AwsPhpCommands/data/endec/endec.sh is bash script that uses OpenSSL for encrypting/decrypting files.
The password used for encryption ENC_PASS should be added to your environment variables depending on the environment to use with Service Discovery Client.

Services Credentials:

All services credentials are saved and encrypted using endec.sh script in keys/service-discovery/credentials.json.enc file.

To decrypt the file use

export $PROD_ENC_PASS=prod_test; ./data/endec/endec.sh -o keys/service-discovery/ -d keys/service-discovery/credentials.json.enc

To encrypt back use

export $PROD_ENC_PASS=prod_test; ./data/endec/endec.sh -o keys/service-discovery/ -e keys/service-discovery/credentials.json

\AwsPhpCommands\ServiceDiscovery\ServiceDiscoveryCommand::S3_BUCKET is the S3 bucket name.

\AwsPhpCommands\ServiceDiscovery\ServiceDiscoveryCommand::$WHITE_LIST_CIDRS contains a whitelist of IP ranges.

Services Discovery Client:

The service logs into each instance via SSH and executes /root/service-discovery-client.sh script to download the services-info.json.enc file from S3 and decrypt it.
All private keys should be added in /root/.ssh/ directory on the same server running the Service Discovery.
\AwsPhpCommands\ServiceDiscovery\ServiceDiscoveryCommand::$KEYNAME_LOGINS contains the EC2 key name as key and login username as value.

Example JSON

{
  "servicesInfo": {
    "ec2s": {
      "instance-name-prod": [
        {
          "id": "i-62882e2f",
          "name": "instance-name-prod",
          "keyName": "key-example",
          "publicIp": "74.125.224.72",
          "privateIp": "172.31.5.119",
          "securityGroup": "group_prod",
          "vpcId": "vpc-cd4x23ef",
          "tags": {
            "Name": "instance-name-prod"
          },
          "credentials": {
            "someService": {
              "username": "user_prod",
              "password": "prod_pass"
            }
          }
        }
      ]
    },
    "rdss": {
      "rds-name-prod": {
        "id": "rds-name-prod",
        "name": "rds-name-prod",
        "endpoint": "rds-name-prod.dfgadfg4df.us-west-1.rds.amazonaws.com",
        "securityGroup": "sg-2b2c86fd",
        "port": 3306,
        "credentials": {
          "dbOne": {
            "username": "user_prod",
            "dbName": "db_prod",
            "password": "prod_pass"
          },
          "dbTwo": {
            "username": "user_prod",
            "dbName": "db_prod",
            "password": "prod_pass"
          }
        }
      }
    },
    "servicesCredentials": {
      "instance-name-prod": {
        "someService": {
          "username": "user_prod",
          "password": "prod_pass"
        }
      },
      "instance-name-dev": {
        "someService": {
          "username": "user_dev",
          "password": "dev_pass"
        }
      },
      "rds-name-prod": {
        "dbOne": {
          "username": "user_prod",
          "dbName": "db_prod",
          "password": "prod_pass"
        },
        "dbTwo": {
          "username": "user_prod",
          "dbName": "db_prod",
          "password": "prod_pass"
        }
      },
      "rds-name-dev": {
        "dbOne": {
          "username": "user_dev",
          "dbName": "db_dev",
          "password": "dev_pass"
        },
        "dbTwo": {
          "username": "user_dev",
          "dbName": "db_dev",
          "password": "dev_pass"
        }
      }
    },
    "publicIps": [
      "74.125.224.72"
    ],
    "privateIps": [
      "172.31.5.119",
      "172.31.1.10"
    ],
    "whiteListCidrs": [
      "64.18.0.0\/20",
      "172.31.0.0\/16",
      "74.125.224.72\/32",
    ]
  }
}