def stack():
t = template.create(description='openshift')
keypair = template.add_keypair_parameter(t)
vpc_param = template.add_vpcid_parameter(t)
hostedzonename = template.add_parameter(t, name='ClusterDnsDomainName', description='Domain name for cluster')
hostedzonename_video = template.add_parameter(t, name='VideoDnsDomainName', description='Domain name for cluster')
worker_ami = template.add_parameter(t, name='workerami', description='ami used for worker, master instance')
deployer_ami = template.add_parameter(t, name='deployerami', description='ami used for deployer instance')
public_net_1 = template.add_publicsubnet_parameter(t, "PublicSubnet01")
public_net_2 = template.add_publicsubnet_parameter(t, "PublicSubnet02")
public_net_3 = template.add_publicsubnet_parameter(t, "PublicSubnet03")
public_nets = [public_net_1, public_net_2, public_net_3]
private_net_1 = template.add_privatesubnet_parameter(t, "PrivateSubnet01")
private_net_2 = template.add_privatesubnet_parameter(t, "PrivateSubnet02")
private_net_3 = template.add_privatesubnet_parameter(t, "PrivateSubnet03")
private_nets = [private_net_1, private_net_2, private_net_3]
iam_role_ecr = iam.InstanceProfiles.ecr_full(template=t)
# security groups
private_sg = security.get_private_security_group(template=t, vpc=vpc_param, cidr='10.242.0.0/16', desc='private')
video_elb_sg = security.get_http_security_group(template=t, vpc=vpc_param, sg_name='CiscoVideo')
video_elb_sg_osn = security.get_http_security_group(template=t, vpc=vpc_param, sg_name='OSNVideo',
cidr=['80.227.100.0/23', '80.227.119.0/24'])
master_elb_sg = security.get_elb_security_group(template=t, vpc=vpc_param, cidr=security.CISCO_CIDR)
# deployer
ec2.instance_with_interfaces(template=t, name='deployer', ami=deployer_ami, type='c4.2xlarge',
keypair=keypair, role='deployer', iam_role=iam_role_ecr,
interfaces=[(private_net_1, '10.242.2.6', private_sg, None)], volume_size=64)
masters = []
num_masters = 3
for i in range(0, num_masters):
zone = i % 3
master = ec2.instance_with_interfaces(template=t, name='master{}'.format(i+1), ami=worker_ami,
type='c4.2xlarge', keypair=keypair, role='master',
interfaces=[(private_nets[zone], None, private_sg, None)],
volume_size=64)
masters.append(master)
masterelb = elb.elastic_lb(template=t, name="masterELB", instances=masters,
subnets=public_nets,
instance_port=8443, load_balancer_port=8443,
instance_proto='TCP', load_balancer_proto='TCP',
securitygroups=[master_elb_sg])
masterelbint = elb.elastic_lb(template=t, name="masterELBint", instances=masters,
subnets=private_nets,
instance_port=8443, load_balancer_port=8443,
instance_proto='TCP', load_balancer_proto='TCP',
securitygroups=[private_sg], scheme="internal")
route53.elb(template=t, name="masterdns", hostedzonename=hostedzonename, elasticLB=masterelb,
dns='master',)
route53.elb(template=t, name="masterdnsint", hostedzonename=hostedzonename, elasticLB=masterelbint,
dns='int-master')
nodes = []
num_nodes = 2
for i in range(0, num_nodes):
zone = i % 3
worker = ec2.instance_with_interfaces(template=t, name='node{}'.format(i+1), ami=worker_ami,
type='c4.4xlarge', keypair=keypair, role='worker',
volume_size=32,
interfaces=[(private_nets[zone], None, private_sg, None)])
nodes.append(worker)
mpeelb = elb.elastic_lb(template=t, name="mpeELB", instances=nodes,
subnets=public_nets,
instance_port=80, load_balancer_port=80,
instance_proto="HTTP", load_balancer_proto="HTTP",
securitygroups=[video_elb_sg, video_elb_sg_osn])
route53.elb(template=t, name="mpeRoute", hostedzonename=hostedzonename_video, elasticLB=mpeelb, subdomain='*')
return t
def stack():
t = template.create(description='openshift')
keypair = template.add_keypair_parameter(t)
hostedzonename = template.add_parameter(
t, name='ClusterDnsDomainName', description='Domain name for cluster')
deployer_ami = template.add_parameter(
t, name='deployerami', description='ami used for deployer instance')
worker_ami = template.add_parameter(
t,
name='workerami',
description='ami used for worker, master instance')
centos_hardned = template.add_parameter(
t, name='centoshardned', description='ami used for bastion instance')
zone1 = template.add_parameter(t,
name='zone1',
description='availability zone 1')
template.add_parameter(t, name='zone2', description='availability zone 2')
# iam & placement group
group = ec2.placement_group(template=t, name='openshiftgroup')
iam_role = iam.InstanceProfiles.ecr_full(template=t)
# network & subnets
network = ec2.vpc(template=t, name='vpc', cidr='10.0.0.0/16')
ig, iga = ec2.internet_gateway(template=t, vpc=network)
public = ec2.subnet(template=t,
name='public',
availability_zone=zone1,
cidr='10.0.0.0/24',
vpc=network,
gateway=ig)
ng = ec2.nat_gateway(template=t,
public_subnet=public,
gateway_attachement=iga)
private = ec2.subnet(template=t,
name='private',
availability_zone=zone1,
cidr='10.0.100.0/24',
vpc=network,
nat=ng)
# security groups
bastion_sg = security.get_bastion_security_group(template=t, vpc=network)
private_sg = security.get_private_security_group(template=t,
vpc=network,
cidr='10.0.0.0/16',
desc='private')
elb_sg = security.get_elb_security_group(template=t, vpc=network)
openshift_gui = security.rule(protocol='tcp',
from_port='8443',
to_port='8443',
cidr='0.0.0.0/0')
mpe_out = security.rule(protocol='tcp',
from_port='80',
to_port='80',
cidr='0.0.0.0/0')
elb_sg.SecurityGroupIngress.append(openshift_gui)
elb_sg.SecurityGroupIngress.append(mpe_out)
# bastion
ec2.instance_with_interfaces(template=t,
name='bastion',
ami=centos_hardned,
type='c4.large',
keypair=keypair,
role='bastion',
placement_group=group,
iam_role=iam_role,
interfaces=[(public, '10.0.0.4', bastion_sg,
iga)],
volume_size=64)
# deployer
ec2.instance_with_interfaces(template=t,
name='deployer',
ami=deployer_ami,
type='c4.2xlarge',
keypair=keypair,
role='deployer',
placement_group=group,
iam_role=iam_role,
interfaces=[(private, '10.0.100.5',
private_sg, None)],
volume_size=64)
instances = []
masters = 1
for i in range(0, masters):
master = ec2.instance_with_interfaces(
template=t,
name='master{}'.format(i + 1),
ami=worker_ami,
type='c4.2xlarge',
keypair=keypair,
role='master',
placement_group=group,
iam_role=iam_role,
interfaces=[(private, '10.0.100.1{}'.format(i), private_sg, None)],
volume_size=64)
instances.append(master)
masterlb = elb.elastic_lb(
template=t,
name="masterELB",
instances=instances,
subnets=[public],
instance_port=8443,
load_balancer_port=8443,
securitygroups=[elb_sg],
instance_proto="TCP",
load_balancer_proto="TCP",
health_check=elb.health_check(name='masterlbhealthcheck'))
route53.elb(template=t,
name="masterRoute",
hostedzonename=hostedzonename,
elasticLB=masterlb,
dns='master')
instances = []
nodes = 2
for i in range(0, nodes):
worker = ec2.instance_with_interfaces(
template=t,
name='node{}'.format(i + 1),
ami=worker_ami,
type='c4.4xlarge',
keypair=keypair,
role='worker',
placement_group=group,
iam_role=iam_role,
volume_size=32,
interfaces=[(private, '10.0.100.2{}'.format(i), private_sg, None)])
instances.append(worker)
mpelb = elb.elastic_lb(
template=t,
name="mpeELB",
instances=instances,
subnets=[public],
instance_port=80,
load_balancer_port=80,
instance_proto="TCP",
load_balancer_proto="TCP",
securitygroups=[elb_sg],
health_check=elb.health_check(name='masterlbhealthcheck'))
route53.elb(template=t,
name="mpeRoute",
hostedzonename=hostedzonename,
elasticLB=mpelb,
subdomain='*')
return t
def stack():
t = template.create(description='helloansible webservers')
keypair = template.add_keypair_parameter(t)
hostedzonename = template.add_parameter(t, name='ClusterDnsDomainName', description='Domain name')
webserverami = template.add_parameter(t, name='webserverami', description='ami used for worker, master instance')
centos_hardned = template.add_parameter(t, name='centoshardned', description='ami used for bastion instance')
zone1 = template.add_parameter(t, name='zone1', description='availability zone 1')
zone2 = template.add_parameter(t, name='zone2', description='availability zone 2')
# iam & placement group
group = ec2.placement_group(template=t, name='helloansible')
iam_role = iam.InstanceProfiles.ecr_full(template=t)
# network & subnets
network = ec2.vpc(template=t, name='vpc', cidr='10.0.0.0/16')
ig, iga = ec2.internet_gateway(template=t, vpc=network)
# zone a
public1 = ec2.subnet(template=t, name='public1', availability_zone=zone1, cidr='10.0.1.0/24', vpc=network,
gateway=ig)
nat1 = ec2.nat_gateway(template=t, public_subnet=public1, gateway_attachement=iga, name='nat1')
private1 = ec2.subnet(template=t, name='private1', availability_zone=zone1, cidr='10.0.100.0/24', vpc=network,
nat=nat1)
# zone b
public2 = ec2.subnet(template=t, name='public2', availability_zone=zone2, cidr='10.0.2.0/24', vpc=network,
gateway=ig)
nat2 = ec2.nat_gateway(template=t, public_subnet=public2, gateway_attachement=iga, name='nat2')
private2 = ec2.subnet(template=t, name='private2', availability_zone=zone2, cidr='10.0.200.0/24', vpc=network,
nat=nat2)
# security groups
bastion_sg = security.get_bastion_security_group(template=t, vpc=network)
private_sg = security.get_private_security_group(template=t, vpc=network, cidr='10.0.0.0/16', desc='private')
elb_sg = security.get_elb_security_group(template=t, vpc=network)
rule1 = security.rule(protocol='tcp', from_port='8443', to_port='8443', cidr='0.0.0.0/0')
rule2 = security.rule(protocol='tcp', from_port='80', to_port='80', cidr='0.0.0.0/0')
elb_sg.SecurityGroupIngress.append(rule1)
elb_sg.SecurityGroupIngress.append(rule2)
# bastion
ec2.instance_with_interfaces(template=t, name='bastion', ami=centos_hardned, type='c4.large',
keypair=keypair, role='bastion', placement_group=group, iam_role=iam_role,
interfaces=[(public1, '10.0.1.4', bastion_sg, iga)], volume_size=64)
# webservers
instances = []
count = 2
for i in range(0, count):
if i % 2 == 0:
# zone a
webserver_network = private1
webserver_ip = '10.0.100.2{}'
else:
# zone b
webserver_network = private2
webserver_ip = '10.0.200.2{}'
webserver = ec2.instance_with_interfaces(template=t, name='webserver{}'.format(i+1), ami=webserverami,
type='c4.large', keypair=keypair, role='webserver',
volume_size=32,
interfaces=[(webserver_network, webserver_ip.format(i), private_sg, None)])
instances.append(webserver)
websrvelb = elb.elastic_lb(template=t, name="websrvelb", instances=instances, subnets=[public1,public2], instance_port=80,
load_balancer_port=80, instance_proto="TCP", load_balancer_proto="TCP",
securitygroups=[elb_sg], health_check=elb.health_check(name='masterlbhealthcheck'))
route53.elb(template=t, name="webserverRoute", hostedzonename=hostedzonename, elasticLB=websrvelb, subdomain='*')
return t
def stack():
t = template.create(description='URCsmxPOC')
keypair = template.add_keypair_parameter(t)
hostedzonename = template.add_parameter(t, name='ClusterDnsDomainName', description='Domain name for cluster')
zone1 = template.add_parameter(t, name='zone1', description='availability zone 1')
template.add_parameter(t, name='zone2', description='availability zone 2')
centos_hardned = template.add_parameter(t, name='centoshardned', description='ami used for bastion instance')
worker_ami = template.add_parameter(t, name='workerami', description='ami used for worker, master instance')
vdcm_ami = template.add_parameter(t, name='vdcmv8', description='ami used for vdcm instance')
# iam & placement group
group = ec2.placement_group(template=t, name='urcsmxgrp')
iam_role = iam.InstanceProfiles.s3_full(template=t)
# network & subnets
network = ec2.vpc(template=t, name='vpc', cidr='10.0.0.0/16')
ig, iga = ec2.internet_gateway(template=t, vpc=network)
public = ec2.subnet(template=t, name='public', availability_zone=zone1, cidr='10.0.0.0/24', vpc=network, gateway=ig)
ng = ec2.nat_gateway(template=t, public_subnet=public, gateway_attachement=iga)
private = ec2.subnet(template=t, name='private', availability_zone=zone1, cidr='10.0.100.0/24', vpc=network, nat=ng)
video = ec2.subnet(template=t, name='video', availability_zone=zone1, cidr='10.0.200.0/24', vpc=network, nat=ng)
# security groups
bastion_sg = security.get_bastion_security_group(template=t, vpc=network)
vsm_sg = security.get_vsm_security_group(template=t, vpc=network)
private_sg = security.get_private_security_group(template=t, vpc=network, cidr='10.0.0.0/16', desc='private')
video_sg = security.get_private_security_group(template=t, vpc=network, cidr='10.0.200.0/24', desc='video')
# bastion
bastion = ec2.instance_with_interfaces(template=t, name='bastion', ami=centos_hardned, type='c4.large',
keypair=keypair, role='bastion', placement_group=group, iam_role=iam_role,
interfaces=[(public, '10.0.0.4', bastion_sg, iga)], volume_size=64)
route53.route53(template=t, hostedzonename=hostedzonename, instance=bastion, subdomain='bastion',
depends='bastioneth0EIPAssociation')
# lisa
ec2.instance_with_interfaces(template=t, name='lisaeth0', ami=worker_ami, type='c4.xlarge',
keypair=keypair, role='lisa', placement_group=group, iam_role=iam_role,
interfaces=[(private, '10.0.100.5', private_sg, None)], volume_size=32)
# VSM
vsm = ec2.instance_with_interfaces(template=t, name='vsm', ami=worker_ami, type='c4.2xlarge',
keypair=keypair, role='vsm', placement_group=group, iam_role=iam_role,
interfaces=[(public, '10.0.0.8', vsm_sg, iga),
(private, '10.0.100.8', private_sg, None)],
volume_size=64)
route53.route53(template=t, hostedzonename=hostedzonename, instance=vsm, subdomain='vsm',
depends='vsmeth0EIPAssociation')
# IP streamer
ec2.instance_with_interfaces(template=t, name='ips', ami=worker_ami, type='c4.2xlarge',
keypair=keypair, role='ips', placement_group=group, iam_role=iam_role,
interfaces=[(private, '10.0.100.9', private_sg, None),
(video, '10.0.200.9', video_sg, None)],
volume_size=32)
# DCM DEMUX-MUX pool
for i, name in enumerate(('demux', 'mux')):
ec2.instance_with_interfaces(template=t, name='{}'.format(name), ami=vdcm_ami, type='c4.2xlarge',
keypair=keypair, role='vdcm', placement_group=group, iam_role=iam_role,
interfaces=[(private, '10.0.100.{}'.format(i + 10), private_sg, None),
(video, '10.0.200.{}'.format(i + 10), video_sg, None)],
volume_size=64)
# DCM pool
vdcm = 10
for i in range(0, vdcm):
ec2.instance_with_interfaces(template=t, name='vdcm{}'.format(i), ami=vdcm_ami, type='c4.2xlarge',
keypair=keypair, role='xcdr', placement_group=group, iam_role=iam_role,
interfaces=[(private, '10.0.100.{}'.format(i + 20), private_sg, None),
(video, '10.0.200.{}'.format(i + 20), video_sg, None)],
volume_size=64)
return t
def stack():
# deployer_ami = 'ami-9501bcec' # cloud-init fixed
deployer_ami = 'ami-e167e298' # cloud-init fixed, disabled NM
worker_ami = ec2.AMI.centos_sriov
t = template.create(description='Monitoring test setup')
keypair = template.add_keypair_parameter(t)
group = ec2.placement_group(template=t, name='monitorgroup')
iam_role = 'ECRFACC'
hostedzonename = 'kortrijkprodops.com.'
# network & subnets
cidr = '10.0.0.0/16'
network = ec2.vpc(template=t, name='vpc', cidr=cidr)
ig, iga = ec2.internet_gateway(template=t, vpc=network)
public_subnet = ec2.subnet(template=t,
name='public',
cidr='10.0.0.0/24',
vpc=network,
gateway=ig)
ng = ec2.nat_gateway(template=t,
public_subnet=public_subnet,
gateway_attachement=iga)
private_subnet = ec2.subnet(template=t,
name='management',
cidr='10.0.10.0/24',
vpc=network,
nat=ng)
# security groups
bastion_sg = security.get_bastion_security_group(template=t, vpc=network)
private_sg = security.get_private_security_group(template=t,
vpc=network,
cidr=cidr,
desc='vdcmmanagement')
vsm_sg = security.get_vsm_security_group(template=t, vpc=network)
# bastion
ec2.instance_with_interfaces(template=t,
name='bastion',
ami=ec2.AMI.centos_hardned,
type='t2.micro',
keypair=keypair,
role='bastion',
placement_group=None,
interfaces=[
(public_subnet, '10.0.0.6', bastion_sg,
iga),
])
# deployer
ec2.instance_with_interfaces(template=t,
name='deployer',
ami=deployer_ami,
type='c3.2xlarge',
keypair=keypair,
role='deployer',
iam_role=iam_role,
interfaces=[(private_subnet, '10.0.10.5',
private_sg, None)],
volume_size=64)
master_instances = []
masters = 1
for i in range(0, masters):
private_if = ec2.interface(template=t,
name='master{}eth1'.format(i),
subnet=private_subnet,
ip_address='10.0.10.1{}'.format(i),
security_groups=private_sg)
master = ec2.instance(
template=t,
name='master{}'.format(i + 1),
ami=worker_ami,
type='c4.2xlarge',
keypair=keypair,
role='master',
placement_group=group,
iam_role=iam_role,
interfaces=[private_if],
volume_size=64,
)
master_instances.append(master)
elasticLB = elb.elastic_lb(template=t,
name='masterlb',
instances=master_instances,
subnets=[public_subnet],
load_balancer_port=8443,
instance_port=8443,
securitygroups=[vsm_sg])
route53.elb(template=t,
name='master',
hostedzonename=hostedzonename,
elasticLB=elasticLB,
dns='master')
worker_instances = []
workers = 2
for i in range(0, workers):
worker = ec2.instance_with_interfaces(template=t,
name='worker{}'.format(i + 1),
ami=worker_ami,
type='c4.2xlarge',
keypair=keypair,
role='worker',
placement_group=group,
iam_role=iam_role,
interfaces=[
(private_subnet,
'10.0.10.2{}'.format(i),
private_sg, None)
],
volume_size=32)
worker_instances.append(worker)
elasticLB = elb.elastic_lb(template=t,
name='workerlb',
instances=worker_instances,
subnets=[public_subnet],
load_balancer_port=80,
instance_port=30101,
instance_proto="HTTP",
load_balancer_proto="HTTP",
securitygroups=[vsm_sg])
route53.elb(template=t,
name='worker',
hostedzonename=hostedzonename,
elasticLB=elasticLB,
subdomain='linear.rock')
return t
def stack():
t = template.create(description='IPS')
keypair = template.add_keypair_parameter(t)
template.add_parameter(t,
name='ClusterDnsDomainName',
description='Domain name for cluster')
centos_hardned = template.add_parameter(
t, name='centoshardned', description='ami used for bastion instance')
vdcm_ami = template.add_parameter(t,
name='vdcm8',
description='ami used for vdcm instance')
zone1 = template.add_parameter(t,
name='zone1',
description='availability zone 1')
template.add_parameter(t, name='zone2', description='availability zone 2')
# iam & placement group
group = ec2.placement_group(template=t, name='ipsgroup')
iam_role = iam.InstanceProfiles.s3_full(template=t)
# network & subnets
network = ec2.vpc(template=t, name='vpc', cidr='10.0.0.0/16')
ig, iga = ec2.internet_gateway(template=t, vpc=network)
public = ec2.subnet(template=t,
name='public',
availability_zone=zone1,
cidr='10.0.0.0/24',
vpc=network,
gateway=ig)
ng = ec2.nat_gateway(template=t,
public_subnet=public,
gateway_attachement=iga)
private = ec2.subnet(template=t,
name='private',
availability_zone=zone1,
cidr='10.0.100.0/24',
vpc=network,
nat=ng)
# security groups
bastion_sg = security.get_bastion_security_group(template=t, vpc=network)
private_sg = security.get_private_security_group(template=t,
vpc=network,
cidr='10.0.0.0/16',
desc='private')
# bastion
ec2.instance_with_interfaces(template=t,
name='bastion',
ami=centos_hardned,
type='c4.large',
keypair=keypair,
role='bastion',
placement_group=group,
iam_role=iam_role,
interfaces=[(public, '10.0.0.4', bastion_sg,
iga)],
volume_size=64)
# streamer
ec2.instance_with_interfaces(template=t,
name='ipstreamer',
ami=centos_hardned,
type='c4.2xlarge',
keypair=keypair,
role='ips',
placement_group=group,
iam_role=iam_role,
interfaces=[(private, '10.0.100.5',
private_sg, None)],
volume_size=64)
# vdcm
ec2.instance_with_interfaces(template=t,
name='vdcm',
ami=vdcm_ami,
type='c4.2xlarge',
keypair=keypair,
role='vdcm',
placement_group=group,
iam_role=iam_role,
interfaces=[(private, '10.0.100.10',
private_sg, None)],
volume_size=64)
return t
def stack():
t = template.create(description='ABRE2E')
keypair = template.add_keypair_parameter(t)
group = ec2.placement_group(template=t, name='abre2egrp')
iam_role = 'S3FACC'
hostzoneID = 'Z32UL3FL00PEML'
# network & subnets
network = ec2.vpc(template=t, name='vpc', cidr='10.0.0.0/16')
ig, iga = ec2.internet_gateway(template=t, vpc=network)
public_sn = ec2.subnet(template=t, name='public', cidr='10.0.0.0/24', vpc=network, gateway=ig)
ng = ec2.nat_gateway(template=t, public_subnet=public_sn, gateway_attachement=iga)
private_sn = ec2.subnet(template=t, name='private', cidr='10.0.100.0/24', vpc=network, nat=ng)
# security groups
a = [(security.CISCO_CIDR, 'sgbastionkor')]
bastion_sg = [security.get_bastion_security_group(template=t, vpc=network, sg_name=name, cidr=cidr)
for cidr, name in a]
b = [(security.CISCO_CIDR, 'sgvsmkor')]
vsm_sg = [security.get_vsm_security_group(template=t, vpc=network, sg_name=namevsm, cidr=cidrvsm)
for cidrvsm, namevsm in b]
c = [(security.CISCO_CIDR, 'sgmpekor')]
mpe_sg = [security.get_vsm_security_group(template=t, vpc=network, sg_name=namempe, cidr=cidrmpe)
for cidrmpe, namempe in c]
private_sg = security.get_private_security_group(template=t, vpc=network, cidr='10.0.100.0/24', desc='private')
# create bastion
public_if = ec2.interface(template=t, name='bastioneth0', subnet=public_sn, gateway_attachment=iga,
ip_address='10.0.0.4', security_groups=bastion_sg)
private_if = ec2.interface(template=t, name='bastioneth1', subnet=private_sn, ip_address='10.0.100.4',
security_groups=private_sg)
bastion = ec2.instance(template=t, name='bastion', ami=ec2.AMI.centos_sriov, type='c4.large', keypair=keypair,
interfaces=[public_if, private_if], iam_role=iam_role, placement_group=group, role='bastion')
route53.route53(template=t, hostedzonename=hostzoneID, instance=bastion, depends='bastioneth0EIPAssociation')
# VSM
public_if = ec2.interface(template=t, name='vsmeth0', subnet=public_sn, gateway_attachment=iga,
ip_address='10.0.0.8', security_groups=vsm_sg)
private_if = ec2.interface(template=t, name='vsmeth1', subnet=private_sn, ip_address='10.0.100.8',
security_groups=private_sg)
vsm = ec2.instance(template=t, name='vsm', ami=ec2.AMI.centos_sriov, type='c4.large', keypair=keypair,
user_data=ec2.ETH1_USER_DATA,
interfaces=[public_if, private_if], iam_role=iam_role, placement_group=group, role='vsm')
route53.route53(template=t, hostedzonename=hostzoneID, instance=vsm, depends='vsmeth0EIPAssociation')
# v2pc
for i, name in enumerate(('launcher', 'repo', 'master')):
mgmt = ec2.interface(template=t, name='{}eth0'.format(name), subnet=private_sn,
ip_address='10.0.100.{}'.format(i + 5), security_groups=private_sg)
ec2.instance(template=t, name='{}'.format(name), ami=ec2.AMI.v2pc_image, type='c4.large', keypair=keypair,
interfaces=[mgmt], role=name, iam_role=iam_role, user_data=ec2.ETH1_USER_DATA,
placement_group=group)
# am-mce
for i, name in enumerate(('am', 'mce')):
mgmt = ec2.interface(template=t, name='{}eth0'.format(name), subnet=private_sn,
ip_address='10.0.100.{}'.format(i + 20),
security_groups=private_sg)
ec2.instance(template=t, name='{}'.format(name), ami=ec2.AMI.v2pc_image, type='c4.large', keypair=keypair,
interfaces=[mgmt], placement_group=group, role=name, iam_role=iam_role,
user_data=ec2.ETH1_USER_DATA)
# mpe
public_if = ec2.interface(template=t, name='mpeeth0', subnet=public_sn, gateway_attachment=iga,
ip_address='10.0.0.22', security_groups=mpe_sg)
private_if = ec2.interface(template=t, name='mpeeth1', subnet=private_sn,
ip_address='10.0.100.22', security_groups=private_sg)
mpe = ec2.instance(template=t, name='mpe', ami=ec2.AMI.v2pc_image, type='c4.large', keypair=keypair,
interfaces=[public_if, private_if], placement_group=group, role='mpe', iam_role=iam_role,
user_data=ec2.ETH1_USER_DATA)
route53.route53(template=t, hostedzonename=hostzoneID, instance=mpe, depends='mpeeth0EIPAssociation')
# vdcm
private_if = ec2.interface(template=t, name='vdcmeth0', subnet=private_sn, ip_address='10.0.100.10',
security_groups=private_sg)
ec2.instance(template=t, name='vdcm', ami=ec2.AMI.vdcm_8, type='c4.2xlarge', keypair=keypair,
interfaces=[private_if], placement_group=group, role='vdcm', iam_role=iam_role)
return t
def stack():
t = template.create(description='openshift-ha')
keypair = template.add_keypair_parameter(t)
hostedzonename = template.add_parameter(
t, name='ClusterDnsDomainName', description='Domain name for cluster')
deployer_ami = template.add_parameter(
t, name='deployerami', description='ami used for deployer instance')
worker_ami = template.add_parameter(
t,
name='workerami',
description='ami used for worker, master instance')
centos_hardned = template.add_parameter(
t, name='centoshardned', description='ami used for bastion instance')
zone1 = template.add_parameter(t,
name='zone1',
description='availability zone 1')
zone2 = template.add_parameter(t,
name='zone2',
description='availability zone 2')
# iam & placement group
# group = ec2.placement_group(template=t, name='openshiftgroup')
iam_role = iam.InstanceProfiles.ecr_full(template=t)
# network & subnets
network = ec2.vpc(template=t, name='vpc', cidr='10.0.0.0/16')
ig, iga = ec2.internet_gateway(template=t, vpc=network)
# zone a
public1 = ec2.subnet(template=t,
name='public1',
availability_zone=zone1,
cidr='10.0.1.0/24',
vpc=network,
gateway=ig)
nat1 = ec2.nat_gateway(template=t,
public_subnet=public1,
gateway_attachement=iga,
name='nat1')
private1 = ec2.subnet(template=t,
name='private1',
availability_zone=zone1,
cidr='10.0.100.0/24',
vpc=network,
nat=nat1)
# zone b
public2 = ec2.subnet(template=t,
name='public2',
availability_zone=zone2,
cidr='10.0.2.0/24',
vpc=network,
gateway=ig)
nat2 = ec2.nat_gateway(template=t,
public_subnet=public2,
gateway_attachement=iga,
name='nat2')
private2 = ec2.subnet(template=t,
name='private2',
availability_zone=zone2,
cidr='10.0.200.0/24',
vpc=network,
nat=nat2)
publicnets = [public1, public2]
privatenets = [private1, private2]
# security groups
bastion_sg = security.get_bastion_security_group(template=t, vpc=network)
private_sg = security.get_private_security_group(template=t,
vpc=network,
cidr='10.0.0.0/16',
desc='private')
elb_sg = security.get_elb_security_group(template=t, vpc=network)
mpe_out = security.rule(protocol='tcp',
from_port='80',
to_port='80',
cidr='0.0.0.0/0')
elb_sg.SecurityGroupIngress = [mpe_out]
master_elb_sg = security.get_elb_security_group(
template=t,
vpc=network,
sg_name='mastersecuritygroup',
cidr=security.CISCO_CIDR)
# bastion
ec2.instance_with_interfaces(template=t,
name='bastion',
ami=centos_hardned,
type='c4.large',
keypair=keypair,
role='bastion',
interfaces=[(public1, '10.0.1.4', bastion_sg,
iga)],
volume_size=64)
# deployer
ec2.instance_with_interfaces(template=t,
name='deployer',
ami=deployer_ami,
type='c4.2xlarge',
keypair=keypair,
role='deployer',
iam_role=iam_role,
interfaces=[(private1, '10.0.100.5',
private_sg, None)],
volume_size=64)
# masters
master1 = ec2.instance_with_interfaces(template=t,
name='master1',
ami=worker_ami,
type='c4.2xlarge',
keypair=keypair,
role='master',
interfaces=[
(private1, '10.0.100.11',
private_sg, None)
],
volume_size=64)
master2 = ec2.instance_with_interfaces(template=t,
name='master2',
ami=worker_ami,
type='c4.2xlarge',
keypair=keypair,
role='master',
interfaces=[
(private2, '10.0.200.11',
private_sg, None)
],
volume_size=64)
masterlb = elb.elastic_lb(
template=t,
name="masterLB",
instances=[master1, master2],
subnets=publicnets,
instance_port=8443,
load_balancer_port=8443,
securitygroups=[master_elb_sg],
load_balancer_proto='TCP',
instance_proto='TCP',
health_check=elb.health_check(name='masterlbhealthcheck'))
route53.elb(template=t,
name="masterDns",
hostedzonename=hostedzonename,
elasticLB=masterlb,
dns='master')
masterlbint = elb.elastic_lb(
template=t,
name="masterLBint",
instances=[master1, master2],
subnets=privatenets,
instance_port=8443,
load_balancer_port=8443,
securitygroups=[private_sg],
load_balancer_proto='TCP',
instance_proto='TCP',
health_check=elb.health_check(name='masterlbhealthcheck'),
scheme="internal")
route53.elb(template=t,
name="masterDnsInt",
hostedzonename=hostedzonename,
elasticLB=masterlbint,
dns='int-master')
# workers
instances = []
nodes = 2
for i in range(0, nodes):
if i % 2 == 0:
# zone a
node_network = private1
node_ip = '10.0.100.2{}'
else:
# zone b
node_network = private2
node_ip = '10.0.200.2{}'
worker = ec2.instance_with_interfaces(template=t,
name='node{}'.format(i + 1),
ami=worker_ami,
type='c4.4xlarge',
keypair=keypair,
role='worker',
volume_size=32,
interfaces=[(node_network,
node_ip.format(i),
private_sg, None)])
instances.append(worker)
mpelb = elb.app_elb(template=t,
name="mpeLB",
subnets=publicnets,
instances=instances,
vpc=network,
securitygroups=[elb_sg],
instance_port=80,
load_balancer_port=80,
instance_proto="HTTP",
load_balancer_proto="HTTP")
route53.elb(template=t,
name="mpeRoute",
hostedzonename=hostedzonename,
elasticLB=mpelb,
subdomain='*')
return t
def stack():
t = template.create(description='Lisa test setup')
keypair = template.add_keypair_parameter(t)
group = ec2.placement_group(template=t, name='lisagroup')
iam_s3_full = iam.InstanceProfiles.s3_full(template=t)
iam_ec2_full = iam.InstanceProfiles.ec2_full(template=t)
# network & subnets
cidr = '10.0.0.0/16'
network = ec2.vpc(template=t, name='vpc', cidr=cidr)
ig, iga = ec2.internet_gateway(template=t, vpc=network)
public_subnet = ec2.subnet(template=t, name='public', cidr='10.0.0.0/24', vpc=network, gateway=ig)
ng = ec2.nat_gateway(template=t, public_subnet=public_subnet, gateway_attachement=iga)
private_subnet = ec2.subnet(template=t, name='management', cidr='10.0.10.0/24', vpc=network, nat=ng)
video_subnet = ec2.subnet(template=t, name='video', cidr='10.0.100.0/24', vpc=network)
# security groups
bastion_sg = security.get_bastion_security_group(template=t, vpc=network)
# in order for the pyaws magic to find this network to work, this needs to be called 'vdcmmanagement'
mgmt_sg = security.get_private_security_group(template=t, vpc=network, cidr=cidr, desc='vdcmmanagement')
# in order for the pyaws magic to find this network to work, this needs to be called vdcmvideo
video_sg = security.get_private_security_group(template=t, vpc=network, cidr=cidr, desc='vdcmvideo')
# bastion
ec2.instance_with_interfaces(template=t, name='bastion', ami=ec2.AMI.centos_hardned, type='t2.micro',
keypair=keypair, role='bastion', placement_group=None,
interfaces=[
(public_subnet, '10.0.0.6', bastion_sg, iga),
])
# testserver
testserver = ec2.instance_with_interfaces(template=t, name='testserver', ami=ec2.AMI.public_centos,
type='t2.medium',
keypair=keypair, role='maggie', volume_size=32, iam_role=iam_ec2_full,
interfaces=[(private_subnet, '10.0.10.5', mgmt_sg, None),
]
)
# ips
ec2.instance_with_interfaces(template=t, name='streamer', ami=ec2.AMI.centos_sriov, type='c4.2xlarge',
keypair=keypair,
role='ips', user_data=ec2.ETH1_USER_DATA, placement_group=group, iam_role=iam_s3_full,
volume_size=64,
interfaces=[(private_subnet, '10.0.10.9', mgmt_sg, None),
(video_subnet, '10.0.100.9', video_sg, None)])
# vdcm used to stream
ec2.instance_with_interfaces(template=t, name='vdcmstreamer', ami=ec2.AMI.vdcm_8, type='c4.2xlarge',
keypair=keypair,
role='vdcmstreamer', placement_group=group, iam_role=iam_s3_full,
interfaces=[(private_subnet, '10.0.10.10', mgmt_sg, None),
(video_subnet, '10.0.100.10', video_sg, None)])
pool_of_vdcm = 0
for i in range(0, pool_of_vdcm):
ec2.instance_with_interfaces(template=t, name='vdcm{}'.format(i), ami=ec2.AMI.vdcm_9, type='c4.4xlarge',
keypair=keypair, role='vdcm', placement_group=group,
interfaces=[(private_subnet, '10.0.10.{}'.format(100 + i), mgmt_sg, None),
(video_subnet, '10.0.100.{}'.format(100 + i), video_sg, None)])
hostedzonename = 'kortrijkprodops.com.'
elasticLB = elb.elastic_lb(template=t, name='elb' + testserver.title, instances=[testserver],
subnets=[public_subnet],
instance_port=443, load_balancer_port=443, securitygroups=[bastion_sg])
route53.elb(template=t, name='testserverdns', hostedzonename=hostedzonename, elasticLB=elasticLB, dns='testserver')
return t