initial

.gitignore

@@ -0,0 +1,7 @@
+.librarian
+.tmp
+.vagrant
+/modules
+pkg/
+.exports
+.volume_id

Gemfile

@@ -0,0 +1,9 @@
+source 'https://rubygems.org'
+
+puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 3.3']
+gem 'puppet', puppetversion
+gem 'puppetlabs_spec_helper', '>= 0.1.0'
+gem 'puppet-lint', '>= 0.3.2'
+gem 'facter', '>= 1.7.0'
+gem 'metadata-json-lint'
+gem 'librarian-puppet'

Gemfile.lock

@@ -0,0 +1,93 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    CFPropertyList (2.2.8)
+    activemodel (4.2.0)
+      activesupport (= 4.2.0)
+      builder (~> 3.1)
+    activesupport (4.2.0)
+      i18n (~> 0.7)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
+    builder (3.2.2)
+    diff-lcs (1.2.5)
+    facter (2.4.4)
+      CFPropertyList (~> 2.2.6)
+    faraday (0.9.1)
+      multipart-post (>= 1.2, < 3)
+    her (0.7.3)
+      activemodel (>= 3.0.0, <= 4.2)
+      activesupport (>= 3.0.0, <= 4.2)
+      faraday (>= 0.8, < 1.0)
+      multi_json (~> 1.7)
+    hiera (3.0.1)
+      json_pure
+    i18n (0.7.0)
+    json (1.8.3)
+    json_pure (1.8.2)
+    librarian-puppet (2.2.1)
+      librarianp (>= 0.6.3)
+      puppet_forge (~> 1.0)
+      rsync
+    librarianp (0.6.3)
+      thor (~> 0.15)
+    metaclass (0.0.4)
+    metadata-json-lint (0.0.11)
+      json
+      spdx-licenses (~> 1.0)
+    minitest (5.5.1)
+    mocha (1.1.0)
+      metaclass (~> 0.0.1)
+    multi_json (1.11.2)
+    multipart-post (2.0.0)
+    puppet (4.2.2)
+      facter (> 2.0, < 4)
+      hiera (>= 2.0, < 4)
+      json_pure
+    puppet-lint (1.1.0)
+    puppet-syntax (2.0.0)
+      rake
+    puppet_forge (1.0.4)
+      her (~> 0.6)
+    puppetlabs_spec_helper (0.10.3)
+      mocha
+      puppet-lint
+      puppet-syntax
+      rake
+      rspec-puppet
+    rake (10.4.2)
+    rspec (3.3.0)
+      rspec-core (~> 3.3.0)
+      rspec-expectations (~> 3.3.0)
+      rspec-mocks (~> 3.3.0)
+    rspec-core (3.3.2)
+      rspec-support (~> 3.3.0)
+    rspec-expectations (3.3.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.3.0)
+    rspec-mocks (3.3.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.3.0)
+    rspec-puppet (2.2.0)
+      rspec
+    rspec-support (3.3.0)
+    rsync (1.0.9)
+    spdx-licenses (1.0.0)
+      json
+    thor (0.19.1)
+    thread_safe (0.3.5)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  facter (>= 1.7.0)
+  librarian-puppet
+  metadata-json-lint
+  puppet (>= 3.3)
+  puppet-lint (>= 0.3.2)
+  puppetlabs_spec_helper (>= 0.1.0)

Makefile

@@ -0,0 +1,40 @@
+default:
+	bundle exec rake validate
+	vagrant provision
+
+install: volume instance
+
+instance:
+	. .exports && vagrant up
+
+volume: .volume_id
+	aws ec2 create-tags --resources `cat .volume_id` \
+	  --tags Key=name,Value=vagrant_test
+
+.volume_id:
+	. .exports && aws ec2 create-volume --availability-zone $${AWS_DEFAULT_REGION}a \
+	  --size 1 --encrypted --volume-type standard \
+	  --query '{id:VolumeId}' \
+	  | grep '"id"' | awk '{print $$2}' \
+	  | tr -d '"' | perl -pe chomp > .volume_id
+
+clean: cleanebs
+	. .exports && vagrant destroy -f
+
+cleanebs:
+	-vagrant ssh -c 'sudo umount /mnt/ebs_vagrant_test'
+	-. .exports && aws ec2 detach-volume --volume-id `cat .volume_id`
+	. .exports && aws ec2 delete-volume --volume-id `cat .volume_id` && \
+	  rm -f .volume_id
+
+installdeps:
+	mkdir -p modules
+	bundle exec librarian-puppet install --path=./modules
+
+pkg:
+	puppet module build
+
+debug:
+	VAGRANT_LOG=DEBUG vagrant provision
+
+.PHONY: default install debug pkg instance volume clean install cleanebs

Puppetfile

@@ -0,0 +1,3 @@
+forge "https://forgeapi.puppetlabs.com"
+
+metadata

Puppetfile.lock

@@ -0,0 +1,12 @@
+FORGE
+  remote: https://forgeapi.puppetlabs.com
+  specs:
+    ignis-awscli_bundled (0.1.0)
+      maestrodev-wget (>= 1.7.1)
+    maestrodev-wget (1.7.1)
+    puppetlabs-stdlib (4.9.0)
+
+DEPENDENCIES
+  ignis-awscli_bundled (>= 0.1.0)
+  puppetlabs-stdlib (>= 1.0.0)
+

README.md

@@ -0,0 +1,90 @@
+# ecryptfs
+
+#### Table of Contents
+
+1. [Overview](#overview)
+2. [Usage - Configuration options and additional functionality](#usage)
+3. [Limitations - OS compatibility, etc.](#limitations)
+
+## Overview
+
+This module provides allows to manage EBS volumes (attach, format, mount).
+Volumes should be created outside of puppet, for example, using CloudFormation.
+The module performs a lookup searching for a volume in question by a 'name' tag's
+value.
+
+All the interactions with AWS API are performed with aws commandline utilities.
+
+## Usage
+
+Be sure to create a volume beforehand. E.g., here is a snippet for CloudFormation:
+
+```json
+"JenkinsMasterStorageVolume": {
+  "Type": "AWS::EC2::Volume",
+  "Properties": {
+    "Encrypted": true,
+    "AvailabilityZone": "eu-west-1a",
+    "Size": 100,
+    "Tags": [
+      {
+        "Key": "name",
+        "Value": "jenkins"
+      }
+    ]
+  }
+},
+```
+
+Or awscli:
+
+```bash
+aws ec2 create-volume --availability-zone $${AWS_DEFAULT_REGION}a \
+  --size 1 --encrypted --volume-type standard \
+  --query '{id:VolumeId}' \
+  | grep '"id"' | awk '{print $$2}' \
+  | tr -d '"' | perl -pe chomp > .volume_id
+aws ec2 create-tags --resources `cat .volume_id` \
+  --tags Key=name,Value=jenkins
+```
+
+And then in your puppet code you can create resources like this:
+
+```puppet
+ebs::volume { 'jenkins':             # so we look for an EBS volume that has name:jenkins tag set
+  device         => '/dev/sdj',      # /dev/sdb by default
+  format         => 'ext3',          # ext3 by default
+  format_options => '-L jenkins',    # this will be passed to mkfs.ext3 AS IS, string format
+  mount_dir      => '/mnt/jenkins',  # /mnt by default
+  mount_options  => 'nodev, noatime' # single string, fstab format, 'noatime' by default
+}
+```
+
+`mount_dir` directory will be created if it doesn't exist (so manage it
+outside of this module to ensure custom owner/group/mode parameters).
+
+## Limitations
+
+This module was tested on CentOS 6.x so far. For the AWS API authorization to work,
+you have to assign a proper IAM role to an ec2 instance you're running this code on.
+Example policy (tune Resource parameter to your liking):
+
+```json
+
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "Stmt1444046341000",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeVolumes",
+                "ec2:AttachVolume"
+            ],
+            "Resource": [
+                "*"
+            ]
+        }
+    ]
+}
+```
+

Rakefile

@@ -0,0 +1,18 @@
+require 'rubygems'
+require 'puppetlabs_spec_helper/rake_tasks'
+require 'puppet-lint/tasks/puppet-lint'
+PuppetLint.configuration.send('disable_80chars')
+PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]
+
+desc "Validate manifests, templates, and ruby files"
+task :validate do
+  Dir['manifests/**/*.pp'].each do |manifest|
+    sh "puppet parser validate --noop #{manifest}"
+  end
+  Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file|
+    sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/
+  end
+  Dir['templates/**/*.erb'].each do |template|
+    sh "erb -P -x -T '-' #{template} | ruby -c"
+  end
+end

Vagrantfile

@@ -0,0 +1,64 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+$user_data = File.read("user_data.sh")
+
+$puppet_install = <<SCRIPT
+  if [ ! -x /usr/bin/puppet ]; then
+    rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
+    yum install -y puppet
+  fi
+SCRIPT
+
+$bats_install = <<SCRIPT
+if [ ! -x /usr/local/bin/bats ]; then
+  cd /tmp
+  rm -rf bats
+  wget -q -O v0.4.0.tar.gz https://github.com/sstephenson/bats/archive/v0.4.0.tar.gz
+  tar xzf v0.4.0.tar.gz
+  cd bats-0.4.0
+  ./install.sh /usr/local
+fi
+SCRIPT
+
+$bats_run = <<SCRIPT
+/usr/local/bin/bats /vagrant/bats
+SCRIPT
+
+Vagrant.configure(2) do |config|
+  config.vm.box = "puppetlabs/centos-6.6-64-nocm"
+
+  config.vm.box = 'dummy'
+  config.vm.provider :aws do |aws, override|
+    aws.access_key_id            = ENV['AWS_ACCESS_KEY_ID']
+    aws.secret_access_key        = ENV['AWS_SECRET_ACCESS_KEY']
+    aws.region                   = ENV['AWS_DEFAULT_REGION']
+    aws.keypair_name             = ENV['AWS_KEYPAIR']
+    aws.ami                      = ENV['AWS_AMI']
+    aws.associate_public_ip      = true
+    aws.instance_type            = 't2.micro'
+    aws.subnet_id                = ENV['AWS_SUBNET_ID']
+    aws.security_groups          = ENV['AWS_SECURITY_GROUPS'].split.to_a  # ssh, egress
+    aws.iam_instance_profile_arn = ENV['AWS_IAM_PROFILE']
+    aws.user_data                = $user_data
+    aws.tags = {
+      "vagrant"                    => true,
+    }
+
+    override.ssh.username         = ENV['AWS_SSH_USERNAME']
+    override.ssh.private_key_path = ENV['AWS_SSH_KEY']
+  end
+
+
+  config.vm.provision 'shell', inline: $puppet_install
+  config.vm.provision 'shell', inline: $bats_install
+
+  config.vm.provision "puppet" do |puppet|
+    puppet.module_path    = [ '..', 'modules' ]
+    puppet.options        = '--verbose --debug' if ENV['VAGRANT_DEBUG']
+    puppet.manifests_path = "manifests"
+    puppet.manifest_file  = "vagrant.pp"
+  end
+
+  config.vm.provision 'shell', inline: $bats_run
+end

manifests/init.pp

@@ -0,0 +1,12 @@
+class ebs (
+  $skip_awscli_install = false
+) inherits ebs::params {
+
+  if $skip_awscli_install == false {
+    require awscli_bundled
+  }
+
+  package { $util_linux_package:
+    ensure => present
+  }
+}

manifests/params.pp

@@ -0,0 +1,6 @@
+class ebs::params {
+
+  $util_linux_package = $::osfamily ? {
+    default => 'util-linux-ng'
+  }
+}

manifests/vagrant.pp

@@ -0,0 +1,11 @@
+node default {
+
+  ebs::volume { 'vagrant_test':
+    format    => 'ext3',
+    mount_dir => '/mnt/ebs_vagrant_test'
+  } ->
+
+  file { '/mnt/ebs_vagrant_test/file01':
+    content => 'foo'
+  }
+}