Beispiel #1
0
    def create_ecs_resources(self):
        t = self.template

        # Give the instances access that the Empire daemon needs.
        t.add_resource(
            PolicyType(
                "AccessPolicy",
                PolicyName="empire",
                PolicyDocument=empire_policy({
                    "Environment":
                    Ref("Environment"),
                    "CustomResourcesTopic":
                    Ref("CustomResourcesTopic"),
                    "CustomResourcesQueue": (GetAtt("CustomResourcesQueue",
                                                    "Arn")),
                    "TemplateBucket":
                    (Join("", ["arn:aws:s3:::",
                               Ref("TemplateBucket"), "/*"]))
                }),
                Roles=[Ref("InstanceRole")]))

        t.add_resource(
            sns.Topic(
                EVENTS_TOPIC,
                DisplayName="Empire events",
                Condition="CreateSNSTopic",
            ))
        t.add_output(
            Output("EventsSNSTopic",
                   Value=Ref(EVENTS_TOPIC),
                   Condition="CreateSNSTopic"))

        # Add SNS Events policy if Events are enabled
        t.add_resource(
            PolicyType("SNSEventsPolicy",
                       PolicyName="EmpireSNSEventsPolicy",
                       Condition="EnableSNSEvents",
                       PolicyDocument=sns_events_policy(
                           If("CreateSNSTopic", Ref(EVENTS_TOPIC),
                              Ref("EventsSNSTopicName"))),
                       Roles=[Ref("InstanceRole")]))

        # Add run logs policy if run logs are enabled
        t.add_resource(
            PolicyType("RunLogsPolicy",
                       PolicyName="EmpireRunLogsPolicy",
                       Condition="EnableCloudwatchLogs",
                       PolicyDocument=runlogs_policy(
                           If("CreateRunLogsGroup", Ref(RUN_LOGS),
                              Ref("RunLogsCloudwatchGroup"))),
                       Roles=[Ref("InstanceRole")]))

        # Allow the controller to write empire events to kinesis if kinesis is
        # enabled.
        t.add_resource(
            PolicyType("AppEventStreamPolicy",
                       PolicyName="EmpireAppEventStreamPolicy",
                       Condition="EnableAppEventStream",
                       PolicyDocument=logstream_policy(),
                       Roles=[Ref("InstanceRole")]))

        t.add_resource(
            ecs.TaskDefinition(
                "TaskDefinition",
                Volumes=[
                    ecs.Volume(
                        Name="dockerSocket",
                        Host=ecs.Host(SourcePath="/var/run/docker.sock")),
                    ecs.Volume(Name="dockerCfg",
                               Host=ecs.Host(SourcePath="/root/.dockercfg"))
                ],
                ContainerDefinitions=[
                    ecs.ContainerDefinition(
                        Command=["server", "-automigrate=true"],
                        Name="empire",
                        Environment=self.get_empire_environment(),
                        Essential=True,
                        Image=Ref("DockerImage"),
                        MountPoints=[
                            ecs.MountPoint(
                                SourceVolume="dockerSocket",
                                ContainerPath="/var/run/docker.sock",
                                ReadOnly=False),
                            ecs.MountPoint(SourceVolume="dockerCfg",
                                           ContainerPath="/root/.dockercfg",
                                           ReadOnly=False)
                        ],
                        PortMappings=[
                            ecs.PortMapping(HostPort=8081, ContainerPort=8081)
                        ],
                        Cpu=Ref("TaskCPU"),
                        Memory=Ref("TaskMemory"))
                ]))

        t.add_resource(
            Role("ServiceRole",
                 AssumeRolePolicyDocument=get_ecs_assumerole_policy(),
                 Path="/",
                 Policies=[
                     Policy(PolicyName="ecs-service-role",
                            PolicyDocument=service_role_policy())
                 ]))

        t.add_resource(
            ecs.Service(
                "Service",
                Cluster=Ref("ControllerCluster"),
                DeploymentConfiguration=ecs.DeploymentConfiguration(
                    MaximumPercent=Ref("ServiceMaximumPercent"),
                    MinimumHealthyPercent=Ref("ServiceMinimumHealthyPercent"),
                ),
                DesiredCount=Ref("DesiredCount"),
                LoadBalancers=[
                    ecs.LoadBalancer(ContainerName="empire",
                                     ContainerPort=8081,
                                     LoadBalancerName=Ref("LoadBalancer"))
                ],
                Role=Ref("ServiceRole"),
                TaskDefinition=Ref("TaskDefinition")))
Beispiel #2
0
 def __init__(self, title, key, **kwargs):
     super(ECSVolume, self).__init__(title, **kwargs)
     self.Name = self.title
     self.Host = ecs.Host(
         SourcePath=key['SourcePath']
     )