def emit_configuration():
# Parameters here
jenkins_instance_class = template.add_parameter(
Parameter(
'JenkinsInstanceType',
Type='String',
Default='t2.micro',
Description='Chef jenkins instance type',
AllowedValues=cfn.usable_instances(),
ConstraintDescription='Instance size must be a valid instance type'
))
# jenkins IAM role
jenkins_role_name = '.'.join(['jenkins', CLOUDNAME, CLOUDENV])
jenkins_iam_role = template.add_resource(
iam.Role('JenkinsIamRole',
AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
Path="/",
Policies=[
iam.Policy(PolicyName='JenkinsPolicy',
PolicyDocument=json.loads(
cfn.load_template(
"jenkins_policy.json.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"region": "us-east-1"
}))),
iam.Policy(PolicyName='JenkinsDefaultPolicy',
PolicyDocument=json.loads(
cfn.load_template(
"default_policy.json.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"region": "us-east-1"
})))
],
DependsOn=cfn.vpcs[0].title))
jenkins_instance_profile = template.add_resource(
iam.InstanceProfile("JenkinsInstanceProfile",
Path="/",
Roles=[Ref(jenkins_iam_role)],
DependsOn=jenkins_iam_role.title))
jenkins_user_data = cfn.load_template("default-init.bash.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"deploy": "jenkins"
})
ingress_rules = [
ec2.SecurityGroupRule(IpProtocol=p[0],
CidrIp=DEFAULT_ROUTE,
FromPort=p[1],
ToPort=p[1])
for p in [('tcp', 22), ('tcp', 80), ('tcp', 443)]
]
security_group = template.add_resource(
ec2.SecurityGroup(
"JenkinsSecurityGroup",
GroupDescription='Security Group for jenkins instances',
VpcId=Ref(cfn.vpcs[0]),
SecurityGroupIngress=ingress_rules,
DependsOn=cfn.vpcs[0].title,
Tags=Tags(Name='.'.join(['jenkins-sg', CLOUDNAME, CLOUDENV]))))
launch_cfg = template.add_resource(
autoscaling.LaunchConfiguration(
"JenkinsLaunchConfiguration",
ImageId=FindInMap('RegionMap', Ref("AWS::Region"),
int(cfn.Amis.EBS)),
InstanceType=Ref(jenkins_instance_class),
IamInstanceProfile=Ref(jenkins_instance_profile),
AssociatePublicIpAddress=not USE_PRIVATE_SUBNETS,
BlockDeviceMappings=[
ec2.BlockDeviceMapping(
DeviceName='/dev/sda1',
Ebs=ec2.EBSBlockDevice(DeleteOnTermination=True))
],
KeyName=Ref(cfn.keyname),
SecurityGroups=[Ref(security_group)],
DependsOn=[jenkins_instance_profile.title, security_group.title],
UserData=Base64(jenkins_user_data)))
asg_name = '.'.join(['jenkins', CLOUDNAME, CLOUDENV])
asg = template.add_resource(
autoscaling.AutoScalingGroup(
"JenkinsASG",
AvailabilityZones=cfn.get_asg_azs(),
DesiredCapacity="1",
LaunchConfigurationName=Ref(launch_cfg),
MinSize="1",
MaxSize="1",
NotificationConfiguration=autoscaling.NotificationConfiguration(
TopicARN=Ref(cfn.alert_topic),
NotificationTypes=[
EC2_INSTANCE_TERMINATE, EC2_INSTANCE_TERMINATE_ERROR,
EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR
]),
VPCZoneIdentifier=[
Ref(sn) for sn in cfn.get_vpc_subnets(cfn.vpcs[0],
cfn.SubnetTypes.PLATFORM)
]))
def emit_configuration():
vpc = cfn.vpcs[0]
region = Ref("AWS::Region")
chefserver_instance_class = template.add_parameter(
Parameter(
'ChefServerInstanceType', Type='String', Default='t2.medium',
Description='Chef Server instance type',
AllowedValues=cfn.usable_instances(),
ConstraintDescription='Instance size must be a valid instance type'
)
)
# Create IAM role for the chefserver instance
# load the policies
default_policy = json.loads(cfn.load_template("default_policy.json.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"}
))
chefserver_role_name = '.'.join(['chefserver', CLOUDNAME, CLOUDENV])
chefserver_iam_role = template.add_resource(
Role(
"ChefServerIamRole",
AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
Path="/",
Policies=[
Policy(
PolicyName="ChefServerPolicy",
PolicyDocument=json.loads(
cfn.load_template("chefserver_policy.json.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"}
)
)
),
Policy(
PolicyName="ChefserverDefaultPolicy",
PolicyDocument=default_policy
)
],
DependsOn=vpc.title
)
)
chefserver_instance_profile = template.add_resource(
InstanceProfile(
"chefserverInstanceProfile",
Path="/",
Roles=[Ref(chefserver_iam_role)],
DependsOn=chefserver_iam_role.title
)
)
chefserver_user_data = cfn.load_template("chefserver-init.bash.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "chefserver"}
)
chefserver_ingress_rules = [
SecurityGroupRule(
IpProtocol=p[0], CidrIp='{0}.0.0/16'.format(CIDR_PREFIX), FromPort=p[1], ToPort=p[1]
) for p in [('tcp', 80), ('tcp', 443)]
]
chefserver_sg = template.add_resource(
SecurityGroup(
"ChefServer",
GroupDescription="Security Group for the Chef server",
VpcId=Ref(vpc),
SecurityGroupIngress=chefserver_ingress_rules,
DependsOn=vpc.title
)
)
chefserver_name = cfn.sanitize_id("ChefServer", CLOUDNAME, CLOUDENV)
chefserver_instance = template.add_resource(Instance(
chefserver_name,
DependsOn=vpc.title,
InstanceType=Ref(chefserver_instance_class),
KeyName=Ref(cfn.keyname),
SourceDestCheck=False,
ImageId=FindInMap('RegionMap', region, int(cfn.Amis.EBS)),
NetworkInterfaces=[
NetworkInterfaceProperty(
Description='Network interface for {0}'.format(chefserver_name),
GroupSet=[Ref(chefserver_sg)],
SubnetId=Ref(cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM)[0]),
AssociatePublicIpAddress=True,
DeviceIndex=0,
DeleteOnTermination=True
)
],
BlockDeviceMappings=[
BlockDeviceMapping(
DeviceName="/dev/sda1",
Ebs=EBSBlockDevice(
VolumeSize=50,
DeleteOnTermination=False
)
)
]
))
def emit_configuration():
vpc = cfn.vpcs[0]
region = Ref("AWS::Region")
mesos_instance_class = template.add_parameter(
Parameter(
'MesosInstanceType', Type='String', Default='m3.large',
Description='Mesos instance type (for workers and masters)',
AllowedValues=cfn.usable_instances(),
ConstraintDescription='Instance size must be a valid instance type'
)
)
ingress_rules = [
SecurityGroupRule(
IpProtocol=p[0], CidrIp=DEFAULT_ROUTE, FromPort=p[1], ToPort=p[1]
) for p in [('tcp', 22), ('tcp', 5050), ('tcp', 8080)]
]
mesos_security_group = template.add_resource(
SecurityGroup(
"Mesos",
GroupDescription="Security Group for Mesos instances",
VpcId=Ref(vpc),
SecurityGroupIngress=ingress_rules,
DependsOn=vpc.title
)
)
# Allow any mesos instances to talk to each other
template.add_resource(
SecurityGroupIngress(
"MesosSelfIngress",
IpProtocol='-1',
FromPort=0,
ToPort=65535,
GroupId=Ref(mesos_security_group),
SourceSecurityGroupId=Ref(mesos_security_group),
DependsOn=mesos_security_group.title
)
)
default_policy = json.loads(cfn.load_template("default_policy.json.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"}
))
mesos_policy = json.loads(cfn.load_template("mesos_policy.json.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"}
))
# IAM role here
iam_role = template.add_resource(
Role(
"MesosIamRole",
AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
Path="/",
Policies=[
Policy(
PolicyName='MesosDefaultPolicy',
PolicyDocument=default_policy
),
Policy(
PolicyName='MesosIamPolicy',
PolicyDocument=mesos_policy
)
],
DependsOn=vpc.title
)
)
# Instance profile here
instance_profile = template.add_resource(
InstanceProfile(
"mesosInstanceProfile",
Path="/",
Roles=[Ref(iam_role)],
DependsOn=iam_role.title
)
)
# UserData here
master_user_data = cfn.load_template("default-init.bash.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "mesos_master"}
)
# LaunchConfiguration for master mesos
master_launch_configuration = template.add_resource(
LaunchConfiguration(
"MesosMasterLaunchConfiguration",
ImageId=FindInMap('RegionMap', region, int(cfn.Amis.INSTANCE)),
InstanceType=Ref(mesos_instance_class),
IamInstanceProfile=Ref(instance_profile),
KeyName=Ref(cfn.keyname),
SecurityGroups=[Ref(mesos_security_group)],
DependsOn=[instance_profile.title, mesos_security_group.title],
AssociatePublicIpAddress=False,
UserData=Base64(master_user_data)
)
)
# Autoscaling Group for master Mesos
master_asg_name = '.'.join(['mesos-master', CLOUDNAME, CLOUDENV])
master_asg = template.add_resource(
AutoScalingGroup(
"MesosMasterASG",
AvailabilityZones=cfn.get_asg_azs(),
DesiredCapacity="3",
LaunchConfigurationName=Ref(master_launch_configuration),
MinSize="3",
MaxSize="3",
NotificationConfiguration=NotificationConfiguration(
TopicARN=Ref(cfn.alert_topic),
NotificationTypes=[
EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR
]
),
VPCZoneIdentifier=[Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.MASTER)],
DependsOn=[sn.title for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.MASTER)]
)
)
# Worker Mesos
worker_user_data = cfn.load_template("default-init.bash.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "mesos_slave"}
)
worker_launch_configuration = template.add_resource(
LaunchConfiguration(
"MesosWorkerLaunchConfiguration",
ImageId=FindInMap('RegionMap', region, int(cfn.Amis.INSTANCE)),
InstanceType=Ref(mesos_instance_class),
IamInstanceProfile=Ref(instance_profile),
KeyName=Ref(cfn.keyname),
SecurityGroups=[Ref(mesos_security_group)],
DependsOn=[instance_profile.title, mesos_security_group.title],
AssociatePublicIpAddress=False,
UserData=Base64(worker_user_data)
)
)
worker_asg_name = '.'.join(['mesos-worker', CLOUDNAME, CLOUDENV]),
worker_asg = template.add_resource(
AutoScalingGroup(
"MesosWorkerASG",
AvailabilityZones=cfn.get_asg_azs(),
DesiredCapacity="3",
LaunchConfigurationName=Ref(worker_launch_configuration),
MinSize="3",
MaxSize="12",
NotificationConfiguration=NotificationConfiguration(
TopicARN=Ref(cfn.alert_topic),
NotificationTypes=[
EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR
]
),
VPCZoneIdentifier=[Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.WORKER)],
DependsOn=[sn.title for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.WORKER)]
)
)
def emit_configuration():
vpc = cfn.vpcs[0]
region = Ref("AWS::Region")
zookeeper_instance_class = template.add_parameter(
Parameter(
'ZookeeperInstanceType', Type='String', Default='m3.medium',
Description='Zookeeper instance type',
AllowedValues=cfn.usable_instances(),
ConstraintDescription='Instance size must be a valid instance type'
)
)
create_zookeeper_bucket = template.add_parameter(
Parameter(
'CreateZookeeperBucket',
Type='String',
Description='Whether or not to create the Zookeeper bucket. This option is provided in case the bucket already exists.',
Default='no',
AllowedValues=['yes', 'no'],
ConstraintDescription='Answer must be yes or no'
)
)
conditions = {
"ZookeeperBucketCondition": Equals(
Ref(create_zookeeper_bucket), "yes"
)
}
for c in conditions:
template.add_condition(c, conditions[c])
ingress_rules = [
SecurityGroupRule(
IpProtocol='tcp', CidrIp='{0}.0.0/16'.format(CIDR_PREFIX), FromPort=p, ToPort=p
) for p in [2181, 8080]
]
ingress_rules.append(
SecurityGroupRule(
IpProtocol='tcp', CidrIp=DEFAULT_ROUTE, FromPort=22, ToPort=2222
)
)
zookeeper_sg = template.add_resource(
SecurityGroup(
"Zookeeper",
GroupDescription="Security Group for ZooKeeper instances",
VpcId=Ref(vpc),
SecurityGroupIngress=ingress_rules,
DependsOn=vpc.title
)
)
# Now add in another ingress rule that allows zookeepers to talk to each other
# in the same SG
for port in [2888, 3888]:
template.add_resource(
SecurityGroupIngress(
"ZookeeperSelfIngress{0}".format(port),
IpProtocol='tcp',
FromPort=port,
ToPort=port,
GroupId=Ref(zookeeper_sg),
SourceSecurityGroupId=Ref(zookeeper_sg),
DependsOn=zookeeper_sg.title
)
)
# Create the zookeeper s3 bucket
zookeeper_bucket_name = Join('.', ['zookeeper', CLOUDNAME, region, CLOUDENV, 'leafme'])
zookeeper_bucket = template.add_resource(
Bucket(
"ZookeeperBucket",
BucketName=zookeeper_bucket_name,
DeletionPolicy='Retain',
Condition="ZookeeperBucketCondition"
)
)
zookeeper_role_name = '.'.join(['zookeeper', CLOUDNAME, CLOUDENV])
zookeeper_iam_role = template.add_resource(
Role(
"ZookeeperIamRole",
AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
Path="/",
Policies=[
Policy(
PolicyName="ZookeeperDefaultPolicy",
PolicyDocument=json.loads(cfn.load_template("default_policy.json.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1" }
))
),
Policy(
PolicyName="ZookeeperPolicy",
PolicyDocument=json.loads(cfn.load_template("zookeeper_policy.json.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"}
))
)
],
DependsOn=vpc.title
)
)
zookeeper_instance_profile = template.add_resource(
InstanceProfile(
"zookeeperInstanceProfile",
Path="/",
Roles=[Ref(zookeeper_iam_role)],
DependsOn=zookeeper_iam_role.title
)
)
zookeeper_user_data = cfn.load_template("default-init.bash.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "zookeeper"}
)
# Launch Configuration for zookeepers
zookeeper_launchcfg = template.add_resource(
LaunchConfiguration(
"ZookeeperLaunchConfiguration",
ImageId=FindInMap('RegionMap', region, int(cfn.Amis.INSTANCE)),
InstanceType=Ref(zookeeper_instance_class),
IamInstanceProfile=Ref(zookeeper_instance_profile),
AssociatePublicIpAddress=not USE_PRIVATE_SUBNETS,
KeyName=Ref(cfn.keyname),
SecurityGroups=[Ref(zookeeper_sg)],
DependsOn=[zookeeper_instance_profile.title, zookeeper_sg.title],
UserData=Base64(zookeeper_user_data)
)
)
# Create the zookeeper autoscaling group
zookeeper_asg_name = '.'.join(['zookeeper', CLOUDNAME, CLOUDENV])
zookeeper_asg = template.add_resource(
AutoScalingGroup(
"ZookeeperASG",
AvailabilityZones=cfn.get_asg_azs(),
DesiredCapacity="3",
LaunchConfigurationName=Ref(zookeeper_launchcfg),
MinSize="3",
MaxSize="3",
NotificationConfiguration=autoscaling.NotificationConfiguration(
TopicARN=Ref(cfn.alert_topic),
NotificationTypes=[
EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR
]
),
VPCZoneIdentifier=[Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.MASTER)]
)
)
def emit_configuration():
vpc = cfn.vpcs[0]
region = Ref("AWS::Region")
vpn_instance_class = template.add_parameter(
Parameter(
'VPNInstanceType',
Type='String',
Default='m3.medium',
Description='VPN instance type',
AllowedValues=cfn.usable_instances(),
ConstraintDescription='Instance size must be a valid instance type'
))
vpn_ingress_rules = [
SecurityGroupRule(IpProtocol=p[0],
CidrIp=DEFAULT_ROUTE,
FromPort=p[1],
ToPort=p[1]) for p in [('tcp', 22), ('udp', 1194)]
]
vpn_sg = template.add_resource(
SecurityGroup("VPN",
GroupDescription="Security Group for VPN ingress.",
VpcId=Ref(vpc),
SecurityGroupIngress=vpn_ingress_rules,
DependsOn=vpc.title))
# IAM role for vpn
vpn_policy = json.loads(
cfn.load_template("vpn_policy.json.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"region": "us-west-2"
}))
default_policy = json.loads(
cfn.load_template("default_policy.json.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"region": "us-west-2"
}))
vpn_role_name = '.'.join(['vpn', CLOUDNAME, CLOUDENV])
vpn_iam_role = template.add_resource(
Role("VPNIamRole",
AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
Path="/",
Policies=[
Policy(PolicyName="VPNDefaultPolicy",
PolicyDocument=default_policy),
Policy(PolicyName="VPNPolicy", PolicyDocument=vpn_policy)
],
DependsOn=vpc.title))
vpn_instance_profile = template.add_resource(
InstanceProfile("vpnInstanceProfile",
Path="/",
Roles=[Ref(vpn_iam_role)],
DependsOn=vpn_iam_role.title))
vpn_user_data = cfn.load_template("default-init.bash.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"deploy": "vpn"
})
# Launch Configuration for vpns
vpn_launchcfg = template.add_resource(
LaunchConfiguration(
"VPNLaunchConfiguration",
ImageId=FindInMap('RegionMap', region, int(cfn.Amis.INSTANCE)),
InstanceType=Ref(vpn_instance_class),
IamInstanceProfile=Ref(vpn_instance_profile),
KeyName=Ref(cfn.keyname),
SecurityGroups=[Ref(vpn_sg)],
DependsOn=[vpn_instance_profile.title, vpn_sg.title],
AssociatePublicIpAddress=True,
UserData=Base64(vpn_user_data)))
# Create the babysitter autoscaling group
vpn_asg_name = '.'.join(['vpn', CLOUDNAME, CLOUDENV])
vpn_asg = template.add_resource(
AutoScalingGroup(
"VPNASG",
AvailabilityZones=cfn.get_asg_azs(),
DesiredCapacity="1",
LaunchConfigurationName=Ref(vpn_launchcfg),
MinSize="1",
MaxSize="1",
NotificationConfiguration=NotificationConfiguration(
TopicARN=Ref(cfn.alert_topic),
NotificationTypes=[
EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH,
EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR
]),
VPCZoneIdentifier=[
Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.VPN)
],
DependsOn=[
sn.title
for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.VPN)
]))
def emit_configuration():
vpc = cfn.vpcs[0]
region = Ref("AWS::Region")
vpn_instance_class = template.add_parameter(
Parameter(
'VPNInstanceType', Type='String', Default='m3.medium',
Description='VPN instance type',
AllowedValues=cfn.usable_instances(),
ConstraintDescription='Instance size must be a valid instance type'
)
)
vpn_ingress_rules = [
SecurityGroupRule(
IpProtocol=p[0], CidrIp=DEFAULT_ROUTE, FromPort=p[1], ToPort=p[1]
) for p in [('tcp', 22), ('udp', 1194)]
]
vpn_sg = template.add_resource(
SecurityGroup(
"VPN",
GroupDescription="Security Group for VPN ingress.",
VpcId=Ref(vpc),
SecurityGroupIngress=vpn_ingress_rules,
DependsOn=vpc.title
)
)
# IAM role for vpn
vpn_policy = json.loads(cfn.load_template("vpn_policy.json.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-west-2"}
))
default_policy = json.loads(cfn.load_template("default_policy.json.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-west-2"}
))
vpn_role_name = '.'.join(['vpn', CLOUDNAME, CLOUDENV])
vpn_iam_role = template.add_resource(
Role(
"VPNIamRole",
AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
Path="/",
Policies=[
Policy(
PolicyName="VPNDefaultPolicy",
PolicyDocument=default_policy
),
Policy(
PolicyName="VPNPolicy",
PolicyDocument=vpn_policy
)
],
DependsOn=vpc.title
)
)
vpn_instance_profile = template.add_resource(
InstanceProfile(
"vpnInstanceProfile",
Path="/",
Roles=[Ref(vpn_iam_role)],
DependsOn=vpn_iam_role.title
)
)
vpn_user_data = cfn.load_template("default-init.bash.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "vpn"}
)
# Launch Configuration for vpns
vpn_launchcfg = template.add_resource(
LaunchConfiguration(
"VPNLaunchConfiguration",
ImageId=FindInMap('RegionMap', region, int(cfn.Amis.INSTANCE)),
InstanceType=Ref(vpn_instance_class),
IamInstanceProfile=Ref(vpn_instance_profile),
KeyName=Ref(cfn.keyname),
SecurityGroups=[Ref(vpn_sg)],
DependsOn=[vpn_instance_profile.title, vpn_sg.title],
AssociatePublicIpAddress=True,
UserData=Base64(vpn_user_data)
)
)
# Create the babysitter autoscaling group
vpn_asg_name = '.'.join(['vpn', CLOUDNAME, CLOUDENV])
vpn_asg = template.add_resource(
AutoScalingGroup(
"VPNASG",
AvailabilityZones=cfn.get_asg_azs(),
DesiredCapacity="1",
LaunchConfigurationName=Ref(vpn_launchcfg),
MinSize="1",
MaxSize="1",
NotificationConfiguration=NotificationConfiguration(
TopicARN=Ref(cfn.alert_topic),
NotificationTypes=[
EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR
]
),
VPCZoneIdentifier=[Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.VPN)],
DependsOn=[sn.title for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.VPN)]
)
)
def emit_configuration():
# Parameters here
jenkins_instance_class = template.add_parameter(
Parameter(
'JenkinsInstanceType', Type='String', Default='t2.micro',
Description='Chef jenkins instance type',
AllowedValues=cfn.usable_instances(),
ConstraintDescription='Instance size must be a valid instance type'
)
)
# jenkins IAM role
jenkins_role_name = '.'.join(['jenkins', CLOUDNAME, CLOUDENV])
jenkins_iam_role = template.add_resource(
iam.Role(
'JenkinsIamRole',
AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
Path="/",
Policies=[
iam.Policy(
PolicyName='JenkinsPolicy',
PolicyDocument=json.loads(cfn.load_template("jenkins_policy.json.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"}
))
),
iam.Policy(
PolicyName='JenkinsDefaultPolicy',
PolicyDocument=json.loads(cfn.load_template("default_policy.json.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"}
))
)
],
DependsOn=cfn.vpcs[0].title
)
)
jenkins_instance_profile = template.add_resource(
iam.InstanceProfile(
"JenkinsInstanceProfile",
Path="/",
Roles=[Ref(jenkins_iam_role)],
DependsOn=jenkins_iam_role.title
)
)
jenkins_user_data = cfn.load_template("default-init.bash.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "jenkins"}
)
ingress_rules = [
ec2.SecurityGroupRule(
IpProtocol=p[0], CidrIp=DEFAULT_ROUTE, FromPort=p[1], ToPort=p[1]
) for p in [('tcp', 22), ('tcp', 80), ('tcp', 443)]
]
security_group = template.add_resource(
ec2.SecurityGroup(
"JenkinsSecurityGroup",
GroupDescription='Security Group for jenkins instances',
VpcId=Ref(cfn.vpcs[0]),
SecurityGroupIngress=ingress_rules,
DependsOn=cfn.vpcs[0].title,
Tags=Tags(Name='.'.join(['jenkins-sg', CLOUDNAME, CLOUDENV]))
)
)
launch_cfg = template.add_resource(
autoscaling.LaunchConfiguration(
"JenkinsLaunchConfiguration",
ImageId=FindInMap('RegionMap', Ref("AWS::Region"), int(cfn.Amis.EBS)),
InstanceType=Ref(jenkins_instance_class),
IamInstanceProfile=Ref(jenkins_instance_profile),
AssociatePublicIpAddress=not USE_PRIVATE_SUBNETS,
BlockDeviceMappings=[
ec2.BlockDeviceMapping(
DeviceName='/dev/sda1',
Ebs=ec2.EBSBlockDevice(
DeleteOnTermination=True
)
)
],
KeyName=Ref(cfn.keyname),
SecurityGroups=[Ref(security_group)],
DependsOn=[jenkins_instance_profile.title, security_group.title],
UserData=Base64(jenkins_user_data)
)
)
asg_name = '.'.join(['jenkins', CLOUDNAME, CLOUDENV])
asg = template.add_resource(
autoscaling.AutoScalingGroup(
"JenkinsASG",
AvailabilityZones=cfn.get_asg_azs(),
DesiredCapacity="1",
LaunchConfigurationName=Ref(launch_cfg),
MinSize="1",
MaxSize="1",
NotificationConfiguration=autoscaling.NotificationConfiguration(
TopicARN=Ref(cfn.alert_topic),
NotificationTypes=[
EC2_INSTANCE_TERMINATE,
EC2_INSTANCE_TERMINATE_ERROR,
EC2_INSTANCE_LAUNCH,
EC2_INSTANCE_LAUNCH_ERROR
]
),
VPCZoneIdentifier=[Ref(sn) for sn in cfn.get_vpc_subnets(cfn.vpcs[0], cfn.SubnetTypes.PLATFORM)]
)
)
def emit_configuration():
# Build the VPC here
template = cfn.template
# Parameters here
nat_instance_class = template.add_parameter(
Parameter(
'NatInstanceType', Type='String', Default='t2.micro',
Description='NAT instance type',
AllowedValues=cfn.usable_instances(),
ConstraintDescription='Instance size must be a valid instance type'
)
)
keyname_param = template.add_parameter(
Parameter(
'KeyName', Type='AWS::EC2::KeyPair::KeyName',
Description='Name of an existing EC2 KeyPair to enable SSH access into machines'
)
)
cfn.keyname = keyname_param
vpc = template.add_resource(
ec2.VPC(
'VPC',
CidrBlock='{0}.0.0/16'.format(cfn.CIDR_PREFIX),
EnableDnsSupport=True,
EnableDnsHostnames=True,
Tags=Tags(Name=Join('-', [cfn.VPC_NAME, Ref('AWS::Region')]))
)
)
# Add the VPC to cloudformation
cfn.vpcs.append(vpc)
gateway = template.add_resource(
ec2.InternetGateway(
'InternetGateway',
Tags=Tags(Name='InternetGateway-{0}'.format(CLOUDNAME)),
DependsOn=vpc.title
)
)
gateway_attachment = template.add_resource(
ec2.VPCGatewayAttachment(
'GatewayAttachment',
VpcId=Ref(vpc),
InternetGatewayId=Ref(gateway),
DependsOn=gateway.title
)
)
public_routing_table = template.add_resource(
ec2.RouteTable(
'{0}PublicRouteTable'.format(cfn.VPC_NAME),
VpcId=Ref(vpc),
DependsOn=vpc.title
)
)
# Add in the public route through the gateway
template.add_resource(
ec2.Route(
'PublicRoute',
RouteTableId=Ref(public_routing_table),
DestinationCidrBlock=cfn.DEFAULT_ROUTE,
GatewayId=Ref(gateway),
DependsOn=gateway_attachment.title
)
)
# Define the Security Group for the NATs
nat_ingress_rules = [
ec2.SecurityGroupRule(
IpProtocol='tcp', CidrIp=cfn.DEFAULT_ROUTE, FromPort=p, ToPort=p
) for p in [22, 80, 443, 11371]
]
nat_egress_rules = [
ec2.SecurityGroupRule(
IpProtocol='-1', CidrIp=cfn.DEFAULT_ROUTE, FromPort=0, ToPort=65535,
)
]
nat_security_group = template.add_resource(
ec2.SecurityGroup(
'NATSecurityGroup',
GroupDescription='Security Group for NAT instances',
VpcId=Ref(vpc),
SecurityGroupIngress=nat_ingress_rules,
SecurityGroupEgress=nat_egress_rules,
DependsOn=vpc.title
)
)
platform_subnets = list()
master_subnets = list()
public_subnets = list()
vpn_subnets = list()
worker_subnets = list()
database_subnets = list()
subnet_identifier = 'private'
for idx, zone in enumerate(cfn.get_availability_zones()):
region = Ref('AWS::Region')
full_region_descriptor = Join('', [region, zone])
# create a public subnet in each availability zone
public_subnet = template.add_resource(
ec2.Subnet(
'{0}PublicSubnet{1}'.format(cfn.VPC_NAME, zone),
VpcId=Ref(vpc),
CidrBlock='{0}.{1}.0/24'.format(cfn.CIDR_PREFIX, 80 + idx),
AvailabilityZone=full_region_descriptor,
DependsOn=vpc.title,
Tags=Tags(Name=Join('-', [cfn.VPC_NAME, 'public-subnet', full_region_descriptor]))
)
)
public_subnets.append(public_subnet)
# Associate the public routing table with the subnet
template.add_resource(
ec2.SubnetRouteTableAssociation(
'{0}PublicRouteTableAssociation'.format(public_subnet.title),
SubnetId=Ref(public_subnet),
RouteTableId=Ref(public_routing_table),
DependsOn=public_subnet.title
)
)
# Create the NAT instance in the public subnet
nat_name = '{0}Nat{1}'.format(cfn.VPC_NAME, zone)
nat_instance = template.add_resource(
ec2.Instance(
nat_name,
DependsOn=vpc.title,
InstanceType=Ref(nat_instance_class),
KeyName=Ref(keyname_param),
SourceDestCheck=False,
ImageId=FindInMap('RegionMap', region, int(cfn.Amis.NAT)),
NetworkInterfaces=[
ec2.NetworkInterfaceProperty(
Description='Network interface for {0}'.format(nat_name),
GroupSet=[Ref(nat_security_group)],
SubnetId=Ref(public_subnet),
AssociatePublicIpAddress=True,
DeviceIndex=0,
DeleteOnTermination=True
)
],
Tags=Tags(Name=Join('-', [cfn.VPC_NAME, 'nat', full_region_descriptor]))
)
)
# Associate the private routing table with the NAT
private_routing_table = template.add_resource(
ec2.RouteTable(
'{0}PrivateRouteTable{1}'.format(cfn.VPC_NAME, zone),
VpcId=Ref(vpc),
DependsOn=nat_instance.title,
Tags=Tags(Name=Join('-', [cfn.VPC_NAME, 'private-route-table', full_region_descriptor]))
)
)
template.add_resource(
ec2.Route(
'PrivateRoute{0}'.format(zone.upper()),
RouteTableId=Ref(private_routing_table),
DestinationCidrBlock=cfn.DEFAULT_ROUTE,
InstanceId=Ref(nat_instance),
DependsOn=private_routing_table.title
)
)
worker_subnet = ec2.Subnet(
'{0}{1}WorkerSubnet{2}'.format(cfn.VPC_NAME, subnet_identifier, zone.upper()),
VpcId=Ref(vpc),
CidrBlock='{0}.{1}.0/22'.format(cfn.CIDR_PREFIX, 100 + (idx * 4)),
AvailabilityZone=full_region_descriptor,
DependsOn=vpc.title,
Tags=Tags(Name=Join('-', [cfn.VPC_NAME, '{0}-worker-subnet'.format(subnet_identifier), full_region_descriptor]))
)
worker_subnets.append(worker_subnet)
platform_subnet = ec2.Subnet(
'{0}{1}PlatformSubnet{2}'.format(cfn.VPC_NAME, subnet_identifier, zone.upper()),
VpcId=Ref(vpc),
CidrBlock='{0}.{1}.0/24'.format(cfn.CIDR_PREFIX, 10 + idx),
AvailabilityZone=full_region_descriptor,
DependsOn=vpc.title,
Tags=Tags(Name=Join('-', [cfn.VPC_NAME, '{0}-platform-subnet'.format(subnet_identifier), full_region_descriptor]))
)
platform_subnets.append(platform_subnet)
master_subnet = ec2.Subnet('{0}{1}MasterSubnet{2}'.format(cfn.VPC_NAME, subnet_identifier, zone.upper()),
VpcId=Ref(vpc),
CidrBlock='{0}.{1}.0/24'.format(cfn.CIDR_PREFIX, 90 + idx),
AvailabilityZone=full_region_descriptor,
DependsOn=vpc.title,
Tags=Tags(Name=Join('-', [cfn.VPC_NAME, '{0}-master-subnet'.format(subnet_identifier), full_region_descriptor]))
)
master_subnets.append(master_subnet)
vpn_subnet = ec2.Subnet(
'{0}VpnSubnet{1}'.format(cfn.VPC_NAME, zone),
VpcId=Ref(vpc),
CidrBlock='{0}.{1}.0/24'.format(cfn.CIDR_PREFIX, 60 + idx),
AvailabilityZone=full_region_descriptor,
DependsOn=vpc.title,
Tags=Tags(Name=Join('.', [full_region_descriptor, cfn.CLOUDNAME, cfn.CLOUDENV, "vpn-client"]))
)
vpn_subnets.append(vpn_subnet)
database_subnet = ec2.Subnet(
'{0}DatabaseSubnet{1}'.format(cfn.VPC_NAME, zone),
VpcId=Ref(vpc),
CidrBlock='{0}.{1}.0/24'.format(cfn.CIDR_PREFIX, 20 + idx),
AvailabilityZone=full_region_descriptor,
DependsOn=vpc.title,
Tags=Tags(Name=Join('-', [cfn.VPC_NAME, subnet_identifier, 'database-subnet', full_region_descriptor]))
)
database_subnets.append(database_subnet)
# Associate a routing table with each of the master/platform/worker subnets
if cfn.USE_PRIVATE_SUBNETS:
routing_table = private_routing_table
else:
routing_table = public_routing_table
for sn in chain(worker_subnets, master_subnets, platform_subnets, database_subnets):
template.add_resource(sn)
template.add_resource(
ec2.SubnetRouteTableAssociation(
'{0}{1}RouteTableAssociation'.format(sn.title, subnet_identifier),
SubnetId=Ref(sn),
RouteTableId=Ref(routing_table),
DependsOn=sn.title
)
)
# associate the public routing table with the VPN subnets
for sn in vpn_subnets:
template.add_resource(sn),
template.add_resource(
ec2.SubnetRouteTableAssociation(
'{0}RouteTableAssociation'.format(sn.title),
SubnetId=Ref(sn),
RouteTableId=Ref(public_routing_table),
DependsOn=sn.title
)
)
# affect the global state
cfn.add_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM, platform_subnets)
cfn.add_vpc_subnets(vpc, cfn.SubnetTypes.PUBLIC, public_subnets)
cfn.add_vpc_subnets(vpc, cfn.SubnetTypes.MASTER, master_subnets)
cfn.add_vpc_subnets(vpc, cfn.SubnetTypes.WORKER, worker_subnets)
cfn.add_vpc_subnets(vpc, cfn.SubnetTypes.VPN, vpn_subnets)
cfn.add_vpc_subnets(vpc, cfn.SubnetTypes.DATABASE, database_subnets)
def emit_configuration():
vpc = cfn.vpcs[0]
region = Ref("AWS::Region")
chefserver_instance_class = template.add_parameter(
Parameter(
'ChefServerInstanceType',
Type='String',
Default='t2.medium',
Description='Chef Server instance type',
AllowedValues=cfn.usable_instances(),
ConstraintDescription='Instance size must be a valid instance type'
))
# Create IAM role for the chefserver instance
# load the policies
default_policy = json.loads(
cfn.load_template("default_policy.json.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"region": "us-east-1"
}))
chefserver_role_name = '.'.join(['chefserver', CLOUDNAME, CLOUDENV])
chefserver_iam_role = template.add_resource(
Role("ChefServerIamRole",
AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
Path="/",
Policies=[
Policy(PolicyName="ChefServerPolicy",
PolicyDocument=json.loads(
cfn.load_template(
"chefserver_policy.json.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"region": "us-east-1"
}))),
Policy(PolicyName="ChefserverDefaultPolicy",
PolicyDocument=default_policy)
],
DependsOn=vpc.title))
chefserver_instance_profile = template.add_resource(
InstanceProfile("chefserverInstanceProfile",
Path="/",
Roles=[Ref(chefserver_iam_role)],
DependsOn=chefserver_iam_role.title))
chefserver_user_data = cfn.load_template("chefserver-init.bash.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"deploy": "chefserver"
})
chefserver_ingress_rules = [
SecurityGroupRule(IpProtocol=p[0],
CidrIp='{0}.0.0/16'.format(CIDR_PREFIX),
FromPort=p[1],
ToPort=p[1]) for p in [('tcp', 80), ('tcp', 443)]
]
chefserver_sg = template.add_resource(
SecurityGroup("ChefServer",
GroupDescription="Security Group for the Chef server",
VpcId=Ref(vpc),
SecurityGroupIngress=chefserver_ingress_rules,
DependsOn=vpc.title))
chefserver_name = cfn.sanitize_id("ChefServer", CLOUDNAME, CLOUDENV)
chefserver_instance = template.add_resource(
Instance(chefserver_name,
DependsOn=vpc.title,
InstanceType=Ref(chefserver_instance_class),
KeyName=Ref(cfn.keyname),
SourceDestCheck=False,
ImageId=FindInMap('RegionMap', region, int(cfn.Amis.EBS)),
NetworkInterfaces=[
NetworkInterfaceProperty(
Description='Network interface for {0}'.format(
chefserver_name),
GroupSet=[Ref(chefserver_sg)],
SubnetId=Ref(
cfn.get_vpc_subnets(vpc,
cfn.SubnetTypes.PLATFORM)[0]),
AssociatePublicIpAddress=True,
DeviceIndex=0,
DeleteOnTermination=True)
],
BlockDeviceMappings=[
BlockDeviceMapping(DeviceName="/dev/sda1",
Ebs=EBSBlockDevice(
VolumeSize=50,
DeleteOnTermination=False))
]))
def emit_configuration():
vpc = cfn.vpcs[0]
region = Ref("AWS::Region")
mesos_instance_class = template.add_parameter(
Parameter(
'MesosInstanceType',
Type='String',
Default='m3.large',
Description='Mesos instance type (for workers and masters)',
AllowedValues=cfn.usable_instances(),
ConstraintDescription='Instance size must be a valid instance type'
))
ingress_rules = [
SecurityGroupRule(IpProtocol=p[0],
CidrIp=DEFAULT_ROUTE,
FromPort=p[1],
ToPort=p[1])
for p in [('tcp', 22), ('tcp', 5050), ('tcp', 8080)]
]
mesos_security_group = template.add_resource(
SecurityGroup("Mesos",
GroupDescription="Security Group for Mesos instances",
VpcId=Ref(vpc),
SecurityGroupIngress=ingress_rules,
DependsOn=vpc.title))
# Allow any mesos instances to talk to each other
template.add_resource(
SecurityGroupIngress("MesosSelfIngress",
IpProtocol='-1',
FromPort=0,
ToPort=65535,
GroupId=Ref(mesos_security_group),
SourceSecurityGroupId=Ref(mesos_security_group),
DependsOn=mesos_security_group.title))
default_policy = json.loads(
cfn.load_template("default_policy.json.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"region": "us-east-1"
}))
mesos_policy = json.loads(
cfn.load_template("mesos_policy.json.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"region": "us-east-1"
}))
# IAM role here
iam_role = template.add_resource(
Role("MesosIamRole",
AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
Path="/",
Policies=[
Policy(PolicyName='MesosDefaultPolicy',
PolicyDocument=default_policy),
Policy(PolicyName='MesosIamPolicy',
PolicyDocument=mesos_policy)
],
DependsOn=vpc.title))
# Instance profile here
instance_profile = template.add_resource(
InstanceProfile("mesosInstanceProfile",
Path="/",
Roles=[Ref(iam_role)],
DependsOn=iam_role.title))
# UserData here
master_user_data = cfn.load_template("default-init.bash.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"deploy": "mesos_master"
})
# LaunchConfiguration for master mesos
master_launch_configuration = template.add_resource(
LaunchConfiguration(
"MesosMasterLaunchConfiguration",
ImageId=FindInMap('RegionMap', region, int(cfn.Amis.INSTANCE)),
InstanceType=Ref(mesos_instance_class),
IamInstanceProfile=Ref(instance_profile),
KeyName=Ref(cfn.keyname),
SecurityGroups=[Ref(mesos_security_group)],
DependsOn=[instance_profile.title, mesos_security_group.title],
AssociatePublicIpAddress=False,
UserData=Base64(master_user_data)))
# Autoscaling Group for master Mesos
master_asg_name = '.'.join(['mesos-master', CLOUDNAME, CLOUDENV])
master_asg = template.add_resource(
AutoScalingGroup(
"MesosMasterASG",
AvailabilityZones=cfn.get_asg_azs(),
DesiredCapacity="3",
LaunchConfigurationName=Ref(master_launch_configuration),
MinSize="3",
MaxSize="3",
NotificationConfiguration=NotificationConfiguration(
TopicARN=Ref(cfn.alert_topic),
NotificationTypes=[
EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH,
EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR
]),
VPCZoneIdentifier=[
Ref(sn)
for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.MASTER)
],
DependsOn=[
sn.title
for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.MASTER)
]))
# Worker Mesos
worker_user_data = cfn.load_template("default-init.bash.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"deploy": "mesos_slave"
})
worker_launch_configuration = template.add_resource(
LaunchConfiguration(
"MesosWorkerLaunchConfiguration",
ImageId=FindInMap('RegionMap', region, int(cfn.Amis.INSTANCE)),
InstanceType=Ref(mesos_instance_class),
IamInstanceProfile=Ref(instance_profile),
KeyName=Ref(cfn.keyname),
SecurityGroups=[Ref(mesos_security_group)],
DependsOn=[instance_profile.title, mesos_security_group.title],
AssociatePublicIpAddress=False,
UserData=Base64(worker_user_data)))
worker_asg_name = '.'.join(['mesos-worker', CLOUDNAME, CLOUDENV]),
worker_asg = template.add_resource(
AutoScalingGroup(
"MesosWorkerASG",
AvailabilityZones=cfn.get_asg_azs(),
DesiredCapacity="3",
LaunchConfigurationName=Ref(worker_launch_configuration),
MinSize="3",
MaxSize="12",
NotificationConfiguration=NotificationConfiguration(
TopicARN=Ref(cfn.alert_topic),
NotificationTypes=[
EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH,
EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR
]),
VPCZoneIdentifier=[
Ref(sn)
for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.WORKER)
],
DependsOn=[
sn.title
for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.WORKER)
]))
def emit_configuration():
vpc = cfn.vpcs[0]
instance_class = template.add_parameter(
Parameter(
'RegistryInstanceType', Type='String', Default='m3.medium',
Description='Registry instance type',
AllowedValues=cfn.usable_instances(),
)
)
create_bucket = template.add_parameter(
Parameter(
'CreateDockerRegistryBucket',
Type='String',
Description='Whether or not to create the Docker Registry bucket.',
Default='no',
AllowedValues=['yes', 'no']
)
)
condition_name = "DockerRegistryBucketCondition"
conditions = {
condition_name: Equals(
Ref(create_bucket), "yes"
)
}
for c in conditions:
template.add_condition(c, conditions[c])
# Create the registry bucket
bucket_name = Join('.', ['docker-registry', CLOUDNAME, Ref("AWS::Region"), CLOUDENV, 'leafme'])
bucket = template.add_resource(
Bucket(
"DockerRegistryBucket",
BucketName=bucket_name,
DeletionPolicy='Retain',
Condition=condition_name
)
)
ingress_rules = [
SecurityGroupRule(
IpProtocol=p[0], CidrIp=DEFAULT_ROUTE, FromPort=p[1], ToPort=p[1]
) for p in [('tcp', 80), ('tcp', 22)]
]
sg = template.add_resource(
SecurityGroup(
"DockerRegistry",
GroupDescription="Security Group for Docker Registries",
VpcId=Ref(vpc),
SecurityGroupIngress=ingress_rules,
DependsOn=vpc.title
)
)
policy_vars = { "env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1" }
# IAM role for docker registry
policy = json.loads(cfn.load_template("registry_policy.json.j2", policy_vars))
default_policy = json.loads(cfn.load_template("default_policy.json.j2", policy_vars))
iam_role = template.add_resource(
Role(
"DockerRegistryIamRole",
AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
Path="/",
Policies=[
Policy(
PolicyName="RegistryDefaultPolicy",
PolicyDocument=default_policy
),
Policy(
PolicyName="RegistryPolicy",
PolicyDocument=policy
)
],
DependsOn=vpc.title
)
)
instance_profile = template.add_resource(
InstanceProfile(
"DockerRegistryInstanceProfile",
Path="/",
Roles=[Ref(iam_role)],
DependsOn=iam_role.title
)
)
user_data = cfn.load_template("default-init.bash.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "docker_registry"}
)
launch_config = template.add_resource(
LaunchConfiguration(
"RegistryLaunchConfiguration",
ImageId=FindInMap('RegionMap', Ref("AWS::Region"), int(cfn.Amis.INSTANCE)),
InstanceType=Ref(instance_class),
IamInstanceProfile=Ref(instance_profile),
KeyName=Ref(cfn.keyname),
SecurityGroups=[Ref(sg)],
DependsOn=[instance_profile.title, sg.title],
AssociatePublicIpAddress=False,
UserData=Base64(user_data)
)
)
asg = template.add_resource(
AutoScalingGroup(
"RegistryAutoscalingGroup",
AvailabilityZones=cfn.get_asg_azs(),
DesiredCapacity="1",
LaunchConfigurationName=Ref(launch_config),
MinSize="1",
MaxSize="1",
NotificationConfiguration=NotificationConfiguration(
TopicARN=Ref(cfn.alert_topic),
NotificationTypes=[
EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR
]
),
VPCZoneIdentifier=[Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM)],
DependsOn=[sn.title for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM)]
)
)
def emit_configuration():
vpc = cfn.vpcs[0]
instance_class = template.add_parameter(
Parameter(
'RegistryInstanceType',
Type='String',
Default='m3.medium',
Description='Registry instance type',
AllowedValues=cfn.usable_instances(),
))
create_bucket = template.add_parameter(
Parameter(
'CreateDockerRegistryBucket',
Type='String',
Description='Whether or not to create the Docker Registry bucket.',
Default='no',
AllowedValues=['yes', 'no']))
condition_name = "DockerRegistryBucketCondition"
conditions = {condition_name: Equals(Ref(create_bucket), "yes")}
for c in conditions:
template.add_condition(c, conditions[c])
# Create the registry bucket
bucket_name = Join(
'.',
['docker-registry', CLOUDNAME,
Ref("AWS::Region"), CLOUDENV, 'leafme'])
bucket = template.add_resource(
Bucket("DockerRegistryBucket",
BucketName=bucket_name,
DeletionPolicy='Retain',
Condition=condition_name))
ingress_rules = [
SecurityGroupRule(IpProtocol=p[0],
CidrIp=DEFAULT_ROUTE,
FromPort=p[1],
ToPort=p[1]) for p in [('tcp', 80), ('tcp', 22)]
]
sg = template.add_resource(
SecurityGroup("DockerRegistry",
GroupDescription="Security Group for Docker Registries",
VpcId=Ref(vpc),
SecurityGroupIngress=ingress_rules,
DependsOn=vpc.title))
policy_vars = {"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"}
# IAM role for docker registry
policy = json.loads(
cfn.load_template("registry_policy.json.j2", policy_vars))
default_policy = json.loads(
cfn.load_template("default_policy.json.j2", policy_vars))
iam_role = template.add_resource(
Role("DockerRegistryIamRole",
AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
Path="/",
Policies=[
Policy(PolicyName="RegistryDefaultPolicy",
PolicyDocument=default_policy),
Policy(PolicyName="RegistryPolicy", PolicyDocument=policy)
],
DependsOn=vpc.title))
instance_profile = template.add_resource(
InstanceProfile("DockerRegistryInstanceProfile",
Path="/",
Roles=[Ref(iam_role)],
DependsOn=iam_role.title))
user_data = cfn.load_template("default-init.bash.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"deploy": "docker_registry"
})
launch_config = template.add_resource(
LaunchConfiguration("RegistryLaunchConfiguration",
ImageId=FindInMap('RegionMap', Ref("AWS::Region"),
int(cfn.Amis.INSTANCE)),
InstanceType=Ref(instance_class),
IamInstanceProfile=Ref(instance_profile),
KeyName=Ref(cfn.keyname),
SecurityGroups=[Ref(sg)],
DependsOn=[instance_profile.title, sg.title],
AssociatePublicIpAddress=False,
UserData=Base64(user_data)))
asg = template.add_resource(
AutoScalingGroup(
"RegistryAutoscalingGroup",
AvailabilityZones=cfn.get_asg_azs(),
DesiredCapacity="1",
LaunchConfigurationName=Ref(launch_config),
MinSize="1",
MaxSize="1",
NotificationConfiguration=NotificationConfiguration(
TopicARN=Ref(cfn.alert_topic),
NotificationTypes=[
EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH,
EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR
]),
VPCZoneIdentifier=[
Ref(sn)
for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM)
],
DependsOn=[
sn.title
for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM)
]))