def GenerateDockerRegistryLayer(): t = Template() t.add_description("""\ DockerRegistry Layer """) stackname_param = t.add_parameter( Parameter( "StackName", Description="Environment Name (default: test)", Type="String", Default="test", )) vpcid_param = t.add_parameter( Parameter( "VpcId", Type="String", Description="VpcId of your existing Virtual Private Cloud (VPC)", Default="vpc-fab00e9f")) subnets = t.add_parameter( Parameter( "Subnets", Type="CommaDelimitedList", Description=( "The list SubnetIds, for public subnets in the " "region and in your Virtual Private Cloud (VPC) - minimum one" ), Default="subnet-b68f3bef,subnet-9a6208ff,subnet-bfdd4fc8")) keypair_param = t.add_parameter( Parameter("KeyPair", Description="Name of an existing EC2 KeyPair to enable SSH " "access to the instance", Type="String", Default="glueteam")) registry_ami_id_param = t.add_parameter( Parameter("RegistryAmiId", Description="Registry server AMI ID", Type="String", Default="ami-a10897d6")) iam_role_param = t.add_parameter( Parameter( "IamRole", Description="IAM Role name", Type="String", )) s3bucket_param = t.add_parameter( Parameter( "BucketName", Description="S3 Bucket Name (default: )", Type="String", Default="", )) # --------- Docker registry registry_sg = t.add_resource( ec2.SecurityGroup( 'RegistrySG', GroupDescription='Security group for Registry host', VpcId=Ref(vpcid_param), Tags=Tags(Name=Join("", [Ref(stackname_param), "RegistrySG"])), SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="22", ToPort="22", CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="80", ToPort="80", CidrIp="0.0.0.0/0", ), ])) registry_eip = t.add_resource(ec2.EIP( 'RegistryEIP', Domain='vpc', )) registry_eth0 = t.add_resource( ec2.NetworkInterface( "RegistryEth0", Description=Join("", [Ref(stackname_param), "Registry Eth0"]), GroupSet=[ Ref(registry_sg), ], SourceDestCheck=True, SubnetId=Select(0, Ref(subnets)), Tags=Tags( Name=Join("", [Ref(stackname_param), "Registry Interface 0"]), Interface="eth0", ))) registry_host = t.add_resource( ec2.Instance( 'RegistryHost', ImageId=Ref(registry_ami_id_param), InstanceType='t2.micro', KeyName=Ref(keypair_param), IamInstanceProfile=Ref(iam_role_param), NetworkInterfaces=[ ec2.NetworkInterfaceProperty( NetworkInterfaceId=Ref(registry_eth0), DeviceIndex="0", ), ], Tags=Tags(Name=Join("", [Ref(stackname_param), "Registry"]), Id=Join("", [Ref(stackname_param), "Registry"])), UserData=Base64( Join('', [ '#!/bin/bash\n', 'yum update -y aws-cfn-bootstrap\n', 'mkdir -p /root/build/redis /root/build/registry\n', 'touch /root/build/redis/Dockerfile\n', 'touch /root/build/redis/redis.conf\n', 'touch /root/build/registry/Dockerfile\n', ])), )) registry_eip_assoc = t.add_resource( ec2.EIPAssociation( "RegistryEIPAssoc", NetworkInterfaceId=Ref(registry_eth0), AllocationId=GetAtt("RegistryEIP", "AllocationId"), PrivateIpAddress=GetAtt("RegistryEth0", "PrimaryPrivateIpAddress"), )) return t
GroupSet=[ Ref(AllInternalAccessSecurityGroup), Ref(MonitorSecurityGroup) ], #Split(",", Join(",", [Join(",", Ref(SecurityGroupIdsParam)), Ref(MonitorSecurityGroup), ])), # SourceDestCheck=True, SubnetId=Select("0", Ref(PublicSubnetsToSpanParam)), Tags=Tags( Name="Interface 0", Interface="eth0", ), )) eipassoc1 = t.add_resource( ec2.EIPAssociation( "EIPAssoc1", NetworkInterfaceId=Ref(eth0), AllocationId=GetAtt("EIPMonitor", "AllocationId"), PrivateIpAddress=GetAtt("Eth0", "PrimaryPrivateIpAddress"), )) ######### End Monitor VM Pre-setup ####### def generate_new_instance(counter): # Create base StorReduce instance instance = ec2.Instance(BASE_NAME + str(counter)) instance.DependsOn = [ elasticLB.title, SrrBucket.title, StorReduceHostProfile.title, AllInternalAccessSecurityGroup.title ] instance.ImageId = FindInMap("AWSAMIRegion", Ref("AWS::Region"), "AMI") instance.IamInstanceProfile = Ref(StorReduceHostProfile)
' --region=', Ref('AWS::Region'), '\n', 'runas=root\n', ]), 'mode': '000400', 'owner': 'root', 'group': 'root', }, }, ), ), ), Tags=Tags( Name=Ref("AWS::StackName"), ), )) # Associate the Elastic IP separately, so it doesn't change when the instance changes. eip_assoc = template.add_resource(ec2.EIPAssociation( "EipAssociation", InstanceId=Ref(ec2_instance), EIP=Ref(eip), )) template.add_output([ Output( "PublicIP", Description="Public IP address of Elastic IP associated with the Dokku instance", Value=Ref(eip), ), ])
def GenerateStepJenkinsLayer(): t = Template() t.add_description("""\ Jenkins for Step Hackathon Layer """) stackname_param = t.add_parameter( Parameter( "StackName", Description="Environment Name (default: hackathon)", Type="String", Default="hackathon", )) vpcid_param = t.add_parameter( Parameter( "VpcId", Type="String", Description="VpcId of your existing Virtual Private Cloud (VPC)", Default="vpc-fab00e9f")) subnets = t.add_parameter( Parameter( "Subnets", Type="CommaDelimitedList", Description=( "The list SubnetIds, for public subnets in the " "region and in your Virtual Private Cloud (VPC) - minimum one" ), Default="subnet-b68f3bef,subnet-9a6208ff,subnet-bfdd4fc8")) keypair_param = t.add_parameter( Parameter("KeyPair", Description="Name of an existing EC2 KeyPair to enable SSH " "access to the instance", Type="String", Default="glueteam")) jenkins_ami_id_param = t.add_parameter( Parameter("JenkinsAmiId", Description="Jenkins server AMI ID (default: ami-f3641a84)", Type="String", Default="ami-f3641a84")) operations_subdomain_hosted_zone_param = t.add_parameter( Parameter("DashsoftHostedZoneParam", Description="HostedZone (default: hackathon.operations.dk)", Type="String", Default="hackathon.operations.dk")) iam_role_param = t.add_parameter( Parameter( "IamRole", Description="IAM Role name", Type="String", )) # --------- Jenkins instance jenkins_sg = t.add_resource( ec2.SecurityGroup( 'JenkinsSG', GroupDescription='Security group for Jenkins host', VpcId=Ref(vpcid_param), Tags=Tags(Name=Join("", [Ref(stackname_param), "SG"])), SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="22", ToPort="22", CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="80", ToPort="80", CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="443", ToPort="443", CidrIp="0.0.0.0/0", ), ])) jenkins_eip = t.add_resource(ec2.EIP( 'JenkinsEIP', Domain='vpc', )) jenkins_eth0 = t.add_resource( ec2.NetworkInterface( "JenkinsEth0", Description=Join("", [Ref(stackname_param), " Eth0"]), GroupSet=[ Ref(jenkins_sg), ], SourceDestCheck=True, SubnetId=Select(0, Ref(subnets)), Tags=Tags( Name=Join("", [Ref(stackname_param), " Interface 0"]), Interface="eth0", ))) jenkins_host = t.add_resource( ec2.Instance( 'JenkinsHost', ImageId=Ref(jenkins_ami_id_param), InstanceType='m3.medium', KeyName=Ref(keypair_param), IamInstanceProfile=Ref(iam_role_param), NetworkInterfaces=[ ec2.NetworkInterfaceProperty( NetworkInterfaceId=Ref(jenkins_eth0), DeviceIndex="0", ), ], Tags=Tags(Name=Ref(stackname_param), Id=Ref(stackname_param)), UserData=Base64(Join('', [ '#!/bin/bash\n', ])), )) jenkins_eip_assoc = t.add_resource( ec2.EIPAssociation( "JenkinsEIPAssoc", NetworkInterfaceId=Ref(jenkins_eth0), AllocationId=GetAtt("JenkinsEIP", "AllocationId"), PrivateIpAddress=GetAtt("JenkinsEth0", "PrimaryPrivateIpAddress"), )) jenkins_host_cname = t.add_resource( route53.RecordSetType( "JenkinsHostCname", HostedZoneName=Join( "", [Ref(operations_subdomain_hosted_zone_param), "."]), Comment=Join("", ["Jenkins host CNAME for ", Ref(stackname_param)]), Name=Join( "", ["jenkins.", Ref(operations_subdomain_hosted_zone_param), "."]), Type="A", TTL="60", ResourceRecords=[GetAtt("JenkinsHost", "PublicIp")], DependsOn="JenkinsEIPAssoc")) return t
def configure(self): """ Returns a BIND template """ self.defaults = {'instance_type': 't3.micro'} self.service = 'bind' self.set_description('Sets up BIND DNS servers') self.get_default_security_groups() self.get_standard_parameters() self.get_standard_policies() self.ami = self.add_parameter( Parameter('AMI', Type='String', Description='AMI ID for instances', Default=get_latest_ami_id( self.region, 'amzn2-ami-hvm-2.0.????????-x86_64-gp2', 'amazon'))) config = constants.ENVIRONMENTS[self.env][self.service] # All subnets in public get a DNS server subnets = self.get_subnets('public') # Add our security group security_group = self.add_resource( ec2.SecurityGroup( '{}SecurityGroup'.format(self.name), VpcId=self.vpc_id, GroupDescription='Security Group for {}'.format(self.name), SecurityGroupIngress=[ { "IpProtocol": "tcp", "FromPort": "53", "ToPort": "53", "CidrIp": "0.0.0.0/0" }, # DNS TCP { "IpProtocol": "udp", "FromPort": "53", "ToPort": "53", "CidrIp": "0.0.0.0/0" }, # DNS UDP ], SecurityGroupEgress=[{ "IpProtocol": "-1", "FromPort": "-1", "ToPort": "-1", "CidrIp": "0.0.0.0/0" }])) route53_zone = constants.ENVIRONMENTS[self.env]['route53_zone'] zonefile = '' for zone in config['forwarders']: zonefile += "\n" + self.make_bind_zone(zone) for subnet in subnets: subnet_name = subnet['AvailabilityZone'] role = '{}-{}-{}'.format(self.env, self.service, subnet_name) # myenv-bind-us-west-2a # Add the elastic IP and the ENI for it, then attach it. eip = self.add_resource( ec2.EIP('{}InstanceEIP'.format(self.cfn_name(role)), Domain='vpc')) eni = self.add_resource( ec2.NetworkInterface( '{}InstanceENI'.format(self.cfn_name(role)), SubnetId=subnet['SubnetId'], Description='ENI for {}'.format(role), GroupSet=[Ref(security_group)] + self.security_groups, SourceDestCheck=True, Tags=self.get_tags(service_override=self.service, role_override=role))) self.get_eni_policies() self.add_resource( ec2.EIPAssociation('{}AssociateVPNInstanceENI'.format( self.cfn_name(role)), AllocationId=GetAtt(eip, "AllocationId"), NetworkInterfaceId=Ref(eni))) # Add a route53 DNS name self.add_resource( route53.RecordSetGroup('{}Route53'.format(self.cfn_name(role)), HostedZoneName=route53_zone, RecordSets=[ route53.RecordSet( Name="{}.{}".format( role, route53_zone), ResourceRecords=[Ref(eip)], Type='A', TTL=600) ])) # Substitute the userdata template and feed it to CFN userdata_template = self.get_cloudinit_template( replacements=(('__PROMPT_COLOR__', self.prompt_color()), ('__SERVICE__', self.service), ('__BIND_ZONEFILE__', zonefile))) userdata = Sub( userdata_template.replace( '${', '${!') # Replace bash brackets with CFN escaped style .replace( '{#', '${' ), # Replace rain-style CFN escapes with proper CFN brackets {'CFN_ENI_ID': Ref(eni)}) launch_configuration = self.add_resource( autoscaling.LaunchConfiguration( '{}LaunchConfiguration'.format(self.cfn_name(role)), AssociatePublicIpAddress=True, KeyName=Ref(self.keypair_name), ImageId=Ref(self.ami), InstanceType=Ref(self.instance_type), InstanceMonitoring=False, IamInstanceProfile=Ref(self.instance_profile), UserData=Base64(userdata))) self.add_resource( autoscaling.AutoScalingGroup( '{}ASGroup'.format(self.cfn_name(role)), AvailabilityZones=[subnet['AvailabilityZone']], HealthCheckType='EC2', LaunchConfigurationName=Ref(launch_configuration), MinSize=0, MaxSize=1, DesiredCapacity=0, VPCZoneIdentifier=[subnet['SubnetId']], Tags=self.get_autoscaling_tags( service_override=self.service, role_override=role) + [autoscaling.Tag('Name', role, True)]))
]), 'mode': '000400', 'owner': 'root', 'group': 'root', }, }, ), ), ), Tags=Tags(Name=Ref("AWS::StackName"), ), )) # Associate the Elastic IP separately, so it doesn't change when the instance changes. eip_assoc = template.add_resource( ec2.EIPAssociation( "EipAssociation", InstanceId=Ref(ec2_instance), EIP=Ref(eip), )) template.add_output([ Output( "PublicIP", Description= "Public IP address of Elastic IP associated with the Dokku instance", Value=Ref(eip), ), ])
def build_template(self): t = self._init_template() # ami input + param self.infra.add_var( 'Input{}EC2Ami'.format(self.stack_name), self.ami ) ami_param = t.add_parameter(Parameter( 'Input{}EC2Ami'.format(self.stack_name), Type='String' )) # tag Name tag_name = t.add_parameter(Parameter( "Input{}EC2TagName".format(self.stack_name), Type="String", Default='{}EC2'.format(self.stack_name), Description="Tag name for {} EC2 Stack".format(self.stack_name) )) # instance type instance_type = t.add_parameter( Parameter( "Input{}EC2InstanceType".format( self.stack_name), Type="String", Description="Instance Type for {} EC2 Stack".format( self.stack_name), Default="t2.micro")) # root file size root_device_size = t.add_parameter(Parameter( "Input{}EC2RootDeviceSize".format(self.stack_name), Type="String", Default="20", Description="{} Root Device File Size".format(self.stack_name) )) # root device name root_device_name = t.add_parameter(Parameter( "Input{}EC2RootDeviceName".format(self.stack_name), Type="String", Default="/dev/xvda", Description="{} Root Device Name".format(self.stack_name) )) # root device type root_device_type = t.add_parameter(Parameter( "Input{}EC2RootDeviceType".format(self.stack_name), Type="String", Default="gp2", Description="{} Root Device Type".format(self.stack_name) )) # instance profile instance_profile_param = t.add_parameter(Parameter( self.iam_profile.output_instance_profile(), Type='String' )) # user data params user_data = [] for i in range(0, 4): user_data.append( Ref(t.add_parameter(Parameter( '{}UserData{}'.format(self.stack_name, i), Type='String', Default=' ', Description='{} UserData #{}'.format(self.stack_name, i) ))) ) # subnet if self.private_subnet: subnet = self.vpc.output_private_subnets()[0] else: self.network_interfaces[0].AssociatePublicIpAddress = True subnet = self.vpc.output_public_subnets()[0] subnet_param = t.add_parameter(Parameter( subnet, Type='String', Description='Subnet for ec2 {}'.format(self.stack_name) )) self.network_interfaces[0].SubnetId = Ref(subnet_param) for sg in self.security_groups: sg_param = t.add_parameter(Parameter( sg.output_security_group(), Type='String' )) self.network_interfaces[0].GroupSet.append(Ref(sg_param)) volumes = [] for volume in self.volumes: device_name = t.add_parameter(Parameter( 'Input{}EBSDeviceName'.format(volume.name), Type='String' )) volume_id = t.add_parameter(Parameter( volume.output_volume(), Type="String" )) volumes.append(ec2.MountPoint( VolumeId=Ref(volume_id), Device=Ref(device_name) )) instance = t.add_resource(ec2.Instance( '{}EC2Instance'.format(self.stack_name), Tags=Tags( Name=Ref(tag_name) ), ImageId=Ref(ami_param), Volumes=volumes, InstanceType=Ref(instance_type), IamInstanceProfile=Ref(instance_profile_param), NetworkInterfaces=self.network_interfaces, BlockDeviceMappings=[ ec2.BlockDeviceMapping( DeviceName=Ref(root_device_name), Ebs=ec2.EBSBlockDevice( VolumeSize=Ref(root_device_size), VolumeType=Ref(root_device_type), DeleteOnTermination=True ) ) ], UserData=Base64( Join('', [ "#!/bin/bash\n", "exec > >(tee /var/log/user-data.log|logger ", "-t user-data -s 2>/dev/console) 2>&1\n", ] + user_data )) )) if self.use_key: instance.KeyName = self.use_key if self.eip is not None: eip_ref = ensure_param(t, self.eip.output_allocation_id()) t.add_resource(ec2.EIPAssociation( '{}EIPAssoc'.format(self.stack_name), InstanceId=Ref(instance), AllocationId=Ref(eip_ref) )) t.add_output([ Output( '{}EC2Instance'.format(self.stack_name), Value=Ref(instance) ), Output( "{}TagName".format(self.stack_name), Value=Ref(tag_name) ) ]) return t