Procházet zdrojové kódy

Improvements to the Test Environment Stopping/Starting

* Script can now start individual instances by name or ID
* Openvpn and Teleport are now 24x7
* Modelclient indexers no longer shut down at night
* Splunk clusters for C2 and modelclient are now only 2 instances
Fred Damstra [afs macbook] před 3 roky
rodič
revize
635524cef2

+ 11 - 5
bin/xdrtest

@@ -13,6 +13,8 @@
 # At the end of your shift:
 #   xdrtest stop
 #
+# You can also start/stop individual instances by ID (provided the tag _also_ matches):
+#   xdrtest start openvpn
 import argparse
 import boto3
 import json
@@ -114,7 +116,8 @@ if __name__ == "__main__":
     parser.add_argument('--config', help='AWS Config File', default='~/.aws/config')
     parser.add_argument('--profile', help='Profile to Use', default=None)
     parser.add_argument('--tagname', help='Tag Name to Filter On', default='Schedule')
-    parser.add_argument('tagvalue', help='Tag Value to Filter On', nargs='?', default='MSOC')
+    parser.add_argument('--tagvalue', help='Tag Value to Filter On', default='MSOC')
+    parser.add_argument('instancename', help='Instance Name or ID to action on', nargs='?', default=None)
     parser.add_argument('--commercial', help='Include Commercial Accounts', action='store_true')
     parser.add_argument('--dry-run', help='Dry Run', action='store_true')
     parser.add_argument('--debug', help='Output Debug Information', action='store_true')
@@ -138,7 +141,7 @@ if __name__ == "__main__":
     ec2 = dict()
     instances = dict()
     instance_count = 0
-    print(f'Instances to Start:')
+    print(f'Instances to { args.action }:')
     for p in profiles:
         logger.debug(f'Gathering from profile {p}...')
         try:
@@ -155,9 +158,10 @@ if __name__ == "__main__":
        
         instances[p] = list()
         for instance in gather_instances(ec2[p], args.tagname, args.tagvalue, exclude_state):
-            print(f'{p:<30}\t{ instance["instance_id"] }\t{instance["state"]:<10}\t{instance["name"]}')
-            instances[p].append(instance['instance_id'])
-            instance_count += 1
+            if args.instancename is None or args.instancename == instance['name'] or args.instancename == instance['instance_id']:
+                print(f'{p:<30}\t{ instance["instance_id"] }\t{instance["state"]:<10}\t{instance["name"]}')
+                instances[p].append(instance['instance_id'])
+                instance_count += 1
 
     if instance_count == 0:
         print('')
@@ -178,11 +182,13 @@ if __name__ == "__main__":
         if len(instances[p]) > 0:
             for i in ec2[p].instances.filter(InstanceIds=instances[p]):
                 if args.action == 'start':
+                    print(f'Starting instances in profile { p }: { instances[p] }')
                     try:
                         i.start(DryRun=args.dry_run)
                     except Exception as e:
                         print(f'An error occured while starting instance {i.id}. Error: {e}. Skipping.')
                 elif args.action == 'stop':
+                    print(f'Stopping instances in profile { p }: { instances[p] }')
                     try:
                         i.stop(DryRun=args.dry_run)
                     except Exception as e:

+ 1 - 0
test/aws-us-gov/mdr-test-c2/090-instance-openvpn/terragrunt.hcl

@@ -33,6 +33,7 @@ inputs = {
   tags = {
     Purpose = "OpenVPN - Employee Access"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+    Schedule = "24x7x365"
   }
   instance_name = "openvpn" # TODO: Fix this when actual swap is taking place.
   instance_type = local.account_vars.locals.openvpn_instance_type

+ 1 - 0
test/aws-us-gov/mdr-test-c2/090-instance-teleport/terragrunt.hcl

@@ -33,6 +33,7 @@ inputs = {
   tags = {
     Purpose = "Proxy Access via SSH"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+    Schedule = "24x7x365"
   }
   instance_name = "teleport"
   instance_type = "t3a.large"

+ 1 - 0
test/aws-us-gov/mdr-test-c2/160-splunk-indexer-cluster/terragrunt.hcl

@@ -33,6 +33,7 @@ inputs = {
   tags = {
     Purpose = "Splunk Indexer Cluster"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+    Schedule = "24x7x365"
   }
   prefix = local.account_vars.locals.splunk_prefix
   instance_type = local.account_vars.locals.instance_types["splunk-indexer"]

+ 1 - 1
test/aws-us-gov/mdr-test-c2/account.hcl

@@ -22,7 +22,7 @@ locals {
   splunk_legacy_cidr = [ # Allow splunk ports to/from here, too
     "10.96.0.0/16",
   ]
-  splunk_asg_sizes = [ 1, 1, 1 ] # How many?
+  splunk_asg_sizes = [ 1, 1, 0 ] # How many?
   splunk_volume_sizes = {
     "cluster_master" = {
       "swap": 8,  # minimum: 8

+ 1 - 1
test/aws-us-gov/mdr-test-malware/account.hcl

@@ -27,5 +27,5 @@ locals {
     "vmray-worker" = "c5n.metal"
   }
 
-  vmray_worker_instance_count = 1
+  vmray_worker_instance_count = 0
 }

+ 1 - 0
test/aws-us-gov/mdr-test-modelclient/160-splunk-indexer-cluster/terragrunt.hcl

@@ -34,6 +34,7 @@ inputs = {
   tags = {
     Purpose = "Splunk Indexer Cluster"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+    Schedule = "24x7x365"
   }
   prefix = local.account_vars.locals.splunk_prefix
   instance_type = local.account_vars.locals.instance_types["splunk-indexer"]

+ 1 - 1
test/aws-us-gov/mdr-test-modelclient/account.hcl

@@ -10,7 +10,7 @@ locals {
   splunk_data_sources = [
   ]
   splunk_legacy_cidr = [ ] # Should not be needed for new customers
-  splunk_asg_sizes   = [ 1, 1, 1 ] # How many indexers in each site
+  splunk_asg_sizes   = [ 1, 1, 0 ] # How many indexers in each site
   
   account_tags = {
     "Client": local.splunk_prefix