def emit_configuration():
# Build the 6 sqs queues for farragut
queues = [
QueueConfig('farragut-aggregate-{0}'.format(CLOUDENV), 1800, 345600, 262144),
QueueConfig('farragut-hourly-{0}'.format(CLOUDENV), 180, 345600, 262144),
QueueConfig('farragut-leaf-site-{0}'.format(CLOUDENV), 30, 345600, 262144),
QueueConfig('farragut-leaf-{0}'.format(CLOUDENV), 30, 345600, 262144),
QueueConfig('farragut-{0}'.format(CLOUDENV), 1800, 345600, 262144),
QueueConfig('farragut-import-{0}'.format(CLOUDENV), 30, 345600, 262144)
]
for q in queues:
template.add_resource(
Queue(
cfn.sanitize_id(q.name),
VisibilityTimeout=q.visibility,
MessageRetentionPeriod=q.retention,
MaximumMessageSize=q.max_size,
QueueName=q.name
)
)
def emit_configuration():
# Build the 6 sqs queues for farragut
queues = [
QueueConfig('farragut-aggregate-{0}'.format(CLOUDENV), 1800, 345600,
262144),
QueueConfig('farragut-hourly-{0}'.format(CLOUDENV), 180, 345600,
262144),
QueueConfig('farragut-leaf-site-{0}'.format(CLOUDENV), 30, 345600,
262144),
QueueConfig('farragut-leaf-{0}'.format(CLOUDENV), 30, 345600, 262144),
QueueConfig('farragut-{0}'.format(CLOUDENV), 1800, 345600, 262144),
QueueConfig('farragut-import-{0}'.format(CLOUDENV), 30, 345600, 262144)
]
for q in queues:
template.add_resource(
Queue(cfn.sanitize_id(q.name),
VisibilityTimeout=q.visibility,
MessageRetentionPeriod=q.retention,
MaximumMessageSize=q.max_size,
QueueName=q.name))
def emit_configuration():
vpc = cfn.vpcs[0]
region = Ref("AWS::Region")
chefserver_instance_class = template.add_parameter(
Parameter(
'ChefServerInstanceType', Type='String', Default='t2.medium',
Description='Chef Server instance type',
AllowedValues=cfn.usable_instances(),
ConstraintDescription='Instance size must be a valid instance type'
)
)
# Create IAM role for the chefserver instance
# load the policies
default_policy = json.loads(cfn.load_template("default_policy.json.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"}
))
chefserver_role_name = '.'.join(['chefserver', CLOUDNAME, CLOUDENV])
chefserver_iam_role = template.add_resource(
Role(
"ChefServerIamRole",
AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
Path="/",
Policies=[
Policy(
PolicyName="ChefServerPolicy",
PolicyDocument=json.loads(
cfn.load_template("chefserver_policy.json.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"}
)
)
),
Policy(
PolicyName="ChefserverDefaultPolicy",
PolicyDocument=default_policy
)
],
DependsOn=vpc.title
)
)
chefserver_instance_profile = template.add_resource(
InstanceProfile(
"chefserverInstanceProfile",
Path="/",
Roles=[Ref(chefserver_iam_role)],
DependsOn=chefserver_iam_role.title
)
)
chefserver_user_data = cfn.load_template("chefserver-init.bash.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "chefserver"}
)
chefserver_ingress_rules = [
SecurityGroupRule(
IpProtocol=p[0], CidrIp='{0}.0.0/16'.format(CIDR_PREFIX), FromPort=p[1], ToPort=p[1]
) for p in [('tcp', 80), ('tcp', 443)]
]
chefserver_sg = template.add_resource(
SecurityGroup(
"ChefServer",
GroupDescription="Security Group for the Chef server",
VpcId=Ref(vpc),
SecurityGroupIngress=chefserver_ingress_rules,
DependsOn=vpc.title
)
)
chefserver_name = cfn.sanitize_id("ChefServer", CLOUDNAME, CLOUDENV)
chefserver_instance = template.add_resource(Instance(
chefserver_name,
DependsOn=vpc.title,
InstanceType=Ref(chefserver_instance_class),
KeyName=Ref(cfn.keyname),
SourceDestCheck=False,
ImageId=FindInMap('RegionMap', region, int(cfn.Amis.EBS)),
NetworkInterfaces=[
NetworkInterfaceProperty(
Description='Network interface for {0}'.format(chefserver_name),
GroupSet=[Ref(chefserver_sg)],
SubnetId=Ref(cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM)[0]),
AssociatePublicIpAddress=True,
DeviceIndex=0,
DeleteOnTermination=True
)
],
BlockDeviceMappings=[
BlockDeviceMapping(
DeviceName="/dev/sda1",
Ebs=EBSBlockDevice(
VolumeSize=50,
DeleteOnTermination=False
)
)
]
))
def emit_configuration():
# Build an SQS queue for the babysitter
"""create_queue = template.add_parameter(
Parameter(
'CreateDeregistrationTopic',
Type='String',
Description='Whether or not to create the Chef Deregistration queue. This option is provided in case the queue already exists.',
Default='no',
AllowedValues=['yes', 'no'],
ConstraintDescription='Answer must be yes or no'
)
)
conditions = {
"CreateDeregCondition": Equals(
Ref(create_queue), "yes"
)
}
for c in conditions:
template.add_condition(c, conditions[c])"""
queue_name = '_'.join(['chef-deregistration', CLOUDNAME, CLOUDENV])
queue = template.add_resource(
Queue(
cfn.sanitize_id(queue_name),
VisibilityTimeout=60,
MessageRetentionPeriod=1209600,
MaximumMessageSize=16384,
QueueName=queue_name,
))
alert_topic = template.add_resource(
Topic(
cfn.sanitize_id("BabysitterAlarmTopic{0}".format(CLOUDENV)),
DisplayName='Babysitter Alarm',
TopicName=queue_name,
Subscription=[
Subscription(Endpoint=GetAtt(queue, "Arn"), Protocol='sqs'),
],
DependsOn=queue.title,
))
queue_depth_alarm = template.add_resource(
Alarm(
"BabysitterQueueDepthAlarm",
AlarmDescription=
'Alarm if the queue depth grows beyond 200 messages',
Namespace='AWS/SQS',
MetricName='ApproximateNumberOfMessagesVisible',
Dimensions=[
MetricDimension(Name='QueueName',
Value=GetAtt(queue, "QueueName"))
],
Statistic='Sum',
Period='300',
EvaluationPeriods='1',
Threshold='200',
ComparisonOperator='GreaterThanThreshold',
#AlarmActions=[Ref(alert_topic), ],
#InsufficientDataActions=[Ref(alert_topic), ],
DependsOn=alert_topic.title,
), )
queue_policy = {
"Version":
"2012-10-17",
"Id":
"BabysitterSNSPublicationPolicy",
"Statement": [{
"Sid": "AllowSNSPublishing",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": ["sqs:SendMessage"],
"Resource": GetAtt(queue, "Arn"),
"Condition": {
"ArnEquals": {
"aws:SourceArn": Ref(alert_topic)
}
}
}]
}
# Publish all events from SNS to the Queue
template.add_resource(
QueuePolicy(
"BabysitterPublishSNStoSQSPolicy",
Queues=[Ref(queue)],
PolicyDocument=queue_policy,
DependsOn=[queue.title, alert_topic.title],
))
cfn.alert_topic = alert_topic
def emit_configuration():
vpc = cfn.vpcs[0]
region = Ref("AWS::Region")
chefserver_instance_class = template.add_parameter(
Parameter(
'ChefServerInstanceType',
Type='String',
Default='t2.medium',
Description='Chef Server instance type',
AllowedValues=cfn.usable_instances(),
ConstraintDescription='Instance size must be a valid instance type'
))
# Create IAM role for the chefserver instance
# load the policies
default_policy = json.loads(
cfn.load_template("default_policy.json.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"region": "us-east-1"
}))
chefserver_role_name = '.'.join(['chefserver', CLOUDNAME, CLOUDENV])
chefserver_iam_role = template.add_resource(
Role("ChefServerIamRole",
AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
Path="/",
Policies=[
Policy(PolicyName="ChefServerPolicy",
PolicyDocument=json.loads(
cfn.load_template(
"chefserver_policy.json.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"region": "us-east-1"
}))),
Policy(PolicyName="ChefserverDefaultPolicy",
PolicyDocument=default_policy)
],
DependsOn=vpc.title))
chefserver_instance_profile = template.add_resource(
InstanceProfile("chefserverInstanceProfile",
Path="/",
Roles=[Ref(chefserver_iam_role)],
DependsOn=chefserver_iam_role.title))
chefserver_user_data = cfn.load_template("chefserver-init.bash.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"deploy": "chefserver"
})
chefserver_ingress_rules = [
SecurityGroupRule(IpProtocol=p[0],
CidrIp='{0}.0.0/16'.format(CIDR_PREFIX),
FromPort=p[1],
ToPort=p[1]) for p in [('tcp', 80), ('tcp', 443)]
]
chefserver_sg = template.add_resource(
SecurityGroup("ChefServer",
GroupDescription="Security Group for the Chef server",
VpcId=Ref(vpc),
SecurityGroupIngress=chefserver_ingress_rules,
DependsOn=vpc.title))
chefserver_name = cfn.sanitize_id("ChefServer", CLOUDNAME, CLOUDENV)
chefserver_instance = template.add_resource(
Instance(chefserver_name,
DependsOn=vpc.title,
InstanceType=Ref(chefserver_instance_class),
KeyName=Ref(cfn.keyname),
SourceDestCheck=False,
ImageId=FindInMap('RegionMap', region, int(cfn.Amis.EBS)),
NetworkInterfaces=[
NetworkInterfaceProperty(
Description='Network interface for {0}'.format(
chefserver_name),
GroupSet=[Ref(chefserver_sg)],
SubnetId=Ref(
cfn.get_vpc_subnets(vpc,
cfn.SubnetTypes.PLATFORM)[0]),
AssociatePublicIpAddress=True,
DeviceIndex=0,
DeleteOnTermination=True)
],
BlockDeviceMappings=[
BlockDeviceMapping(DeviceName="/dev/sda1",
Ebs=EBSBlockDevice(
VolumeSize=50,
DeleteOnTermination=False))
]))
def emit_configuration():
# Build an SQS queue for the babysitter
"""create_queue = template.add_parameter(
Parameter(
'CreateDeregistrationTopic',
Type='String',
Description='Whether or not to create the Chef Deregistration queue. This option is provided in case the queue already exists.',
Default='no',
AllowedValues=['yes', 'no'],
ConstraintDescription='Answer must be yes or no'
)
)
conditions = {
"CreateDeregCondition": Equals(
Ref(create_queue), "yes"
)
}
for c in conditions:
template.add_condition(c, conditions[c])"""
queue_name = '_'.join(['chef-deregistration', CLOUDNAME, CLOUDENV])
queue = template.add_resource(
Queue(
cfn.sanitize_id(queue_name),
VisibilityTimeout=60,
MessageRetentionPeriod=1209600,
MaximumMessageSize=16384,
QueueName=queue_name,
)
)
alert_topic = template.add_resource(
Topic(
cfn.sanitize_id("BabysitterAlarmTopic{0}".format(CLOUDENV)),
DisplayName='Babysitter Alarm',
TopicName=queue_name,
Subscription=[
Subscription(
Endpoint=GetAtt(queue, "Arn"),
Protocol='sqs'
),
],
DependsOn=queue.title,
)
)
queue_depth_alarm = template.add_resource(
Alarm(
"BabysitterQueueDepthAlarm",
AlarmDescription='Alarm if the queue depth grows beyond 200 messages',
Namespace='AWS/SQS',
MetricName='ApproximateNumberOfMessagesVisible',
Dimensions=[
MetricDimension(
Name='QueueName',
Value=GetAtt(queue, "QueueName")
)
],
Statistic='Sum',
Period='300',
EvaluationPeriods='1',
Threshold='200',
ComparisonOperator='GreaterThanThreshold',
#AlarmActions=[Ref(alert_topic), ],
#InsufficientDataActions=[Ref(alert_topic), ],
DependsOn=alert_topic.title,
),
)
queue_policy = {
"Version": "2012-10-17",
"Id": "BabysitterSNSPublicationPolicy",
"Statement": [{
"Sid": "AllowSNSPublishing",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": ["sqs:SendMessage"],
"Resource": GetAtt(queue, "Arn"),
"Condition": {
"ArnEquals": {"aws:SourceArn": Ref(alert_topic)}
}
}]
}
# Publish all events from SNS to the Queue
template.add_resource(
QueuePolicy(
"BabysitterPublishSNStoSQSPolicy",
Queues=[Ref(queue)],
PolicyDocument=queue_policy,
DependsOn=[queue.title, alert_topic.title],
)
)
cfn.alert_topic = alert_topic
