Exemplo n.º 1
0
def GenerateDockerRegistryLayer():
    t = Template()

    t.add_description("""\
    DockerRegistry Layer
    """)

    stackname_param = t.add_parameter(
        Parameter(
            "StackName",
            Description="Environment Name (default: test)",
            Type="String",
            Default="test",
        ))

    vpcid_param = t.add_parameter(
        Parameter(
            "VpcId",
            Type="String",
            Description="VpcId of your existing Virtual Private Cloud (VPC)",
            Default="vpc-fab00e9f"))

    subnets = t.add_parameter(
        Parameter(
            "Subnets",
            Type="CommaDelimitedList",
            Description=(
                "The list SubnetIds, for public subnets in the "
                "region and in your Virtual Private Cloud (VPC) - minimum one"
            ),
            Default="subnet-b68f3bef,subnet-9a6208ff,subnet-bfdd4fc8"))

    keypair_param = t.add_parameter(
        Parameter("KeyPair",
                  Description="Name of an existing EC2 KeyPair to enable SSH "
                  "access to the instance",
                  Type="String",
                  Default="glueteam"))

    registry_ami_id_param = t.add_parameter(
        Parameter("RegistryAmiId",
                  Description="Registry server AMI ID",
                  Type="String",
                  Default="ami-a10897d6"))

    iam_role_param = t.add_parameter(
        Parameter(
            "IamRole",
            Description="IAM Role name",
            Type="String",
        ))

    s3bucket_param = t.add_parameter(
        Parameter(
            "BucketName",
            Description="S3 Bucket Name (default: )",
            Type="String",
            Default="",
        ))

    # --------- Docker registry

    registry_sg = t.add_resource(
        ec2.SecurityGroup(
            'RegistrySG',
            GroupDescription='Security group for Registry host',
            VpcId=Ref(vpcid_param),
            Tags=Tags(Name=Join("", [Ref(stackname_param), "RegistrySG"])),
            SecurityGroupIngress=[
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort="22",
                    ToPort="22",
                    CidrIp="0.0.0.0/0",
                ),
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort="80",
                    ToPort="80",
                    CidrIp="0.0.0.0/0",
                ),
            ]))

    registry_eip = t.add_resource(ec2.EIP(
        'RegistryEIP',
        Domain='vpc',
    ))

    registry_eth0 = t.add_resource(
        ec2.NetworkInterface(
            "RegistryEth0",
            Description=Join("", [Ref(stackname_param), "Registry Eth0"]),
            GroupSet=[
                Ref(registry_sg),
            ],
            SourceDestCheck=True,
            SubnetId=Select(0, Ref(subnets)),
            Tags=Tags(
                Name=Join("", [Ref(stackname_param), "Registry Interface 0"]),
                Interface="eth0",
            )))

    registry_host = t.add_resource(
        ec2.Instance(
            'RegistryHost',
            ImageId=Ref(registry_ami_id_param),
            InstanceType='t2.micro',
            KeyName=Ref(keypair_param),
            IamInstanceProfile=Ref(iam_role_param),
            NetworkInterfaces=[
                ec2.NetworkInterfaceProperty(
                    NetworkInterfaceId=Ref(registry_eth0),
                    DeviceIndex="0",
                ),
            ],
            Tags=Tags(Name=Join("", [Ref(stackname_param), "Registry"]),
                      Id=Join("", [Ref(stackname_param), "Registry"])),
            UserData=Base64(
                Join('', [
                    '#!/bin/bash\n',
                    'yum update -y aws-cfn-bootstrap\n',
                    'mkdir -p /root/build/redis /root/build/registry\n',
                    'touch /root/build/redis/Dockerfile\n',
                    'touch /root/build/redis/redis.conf\n',
                    'touch /root/build/registry/Dockerfile\n',
                ])),
        ))

    registry_eip_assoc = t.add_resource(
        ec2.EIPAssociation(
            "RegistryEIPAssoc",
            NetworkInterfaceId=Ref(registry_eth0),
            AllocationId=GetAtt("RegistryEIP", "AllocationId"),
            PrivateIpAddress=GetAtt("RegistryEth0", "PrimaryPrivateIpAddress"),
        ))

    return t
        GroupSet=[
            Ref(AllInternalAccessSecurityGroup),
            Ref(MonitorSecurityGroup)
        ],  #Split(",", Join(",", [Join(",", Ref(SecurityGroupIdsParam)), Ref(MonitorSecurityGroup), ])),
        # SourceDestCheck=True,
        SubnetId=Select("0", Ref(PublicSubnetsToSpanParam)),
        Tags=Tags(
            Name="Interface 0",
            Interface="eth0",
        ),
    ))

eipassoc1 = t.add_resource(
    ec2.EIPAssociation(
        "EIPAssoc1",
        NetworkInterfaceId=Ref(eth0),
        AllocationId=GetAtt("EIPMonitor", "AllocationId"),
        PrivateIpAddress=GetAtt("Eth0", "PrimaryPrivateIpAddress"),
    ))

######### End Monitor VM Pre-setup #######


def generate_new_instance(counter):
    # Create base StorReduce instance
    instance = ec2.Instance(BASE_NAME + str(counter))
    instance.DependsOn = [
        elasticLB.title, SrrBucket.title, StorReduceHostProfile.title,
        AllInternalAccessSecurityGroup.title
    ]
    instance.ImageId = FindInMap("AWSAMIRegion", Ref("AWS::Region"), "AMI")
    instance.IamInstanceProfile = Ref(StorReduceHostProfile)
Exemplo n.º 3
0
                            ' --region=', Ref('AWS::Region'), '\n',
                            'runas=root\n',
                        ]),
                        'mode': '000400',
                        'owner': 'root',
                        'group': 'root',
                    },
                },
            ),
        ),
    ),
    Tags=Tags(
        Name=Ref("AWS::StackName"),
    ),
))

# Associate the Elastic IP separately, so it doesn't change when the instance changes.
eip_assoc = template.add_resource(ec2.EIPAssociation(
    "EipAssociation",
    InstanceId=Ref(ec2_instance),
    EIP=Ref(eip),
))

template.add_output([
    Output(
        "PublicIP",
        Description="Public IP address of Elastic IP associated with the Dokku instance",
        Value=Ref(eip),
    ),
])
Exemplo n.º 4
0
def GenerateStepJenkinsLayer():
    t = Template()

    t.add_description("""\
    Jenkins for Step Hackathon Layer
    """)

    stackname_param = t.add_parameter(
        Parameter(
            "StackName",
            Description="Environment Name (default: hackathon)",
            Type="String",
            Default="hackathon",
        ))

    vpcid_param = t.add_parameter(
        Parameter(
            "VpcId",
            Type="String",
            Description="VpcId of your existing Virtual Private Cloud (VPC)",
            Default="vpc-fab00e9f"))

    subnets = t.add_parameter(
        Parameter(
            "Subnets",
            Type="CommaDelimitedList",
            Description=(
                "The list SubnetIds, for public subnets in the "
                "region and in your Virtual Private Cloud (VPC) - minimum one"
            ),
            Default="subnet-b68f3bef,subnet-9a6208ff,subnet-bfdd4fc8"))

    keypair_param = t.add_parameter(
        Parameter("KeyPair",
                  Description="Name of an existing EC2 KeyPair to enable SSH "
                  "access to the instance",
                  Type="String",
                  Default="glueteam"))

    jenkins_ami_id_param = t.add_parameter(
        Parameter("JenkinsAmiId",
                  Description="Jenkins server AMI ID (default: ami-f3641a84)",
                  Type="String",
                  Default="ami-f3641a84"))

    operations_subdomain_hosted_zone_param = t.add_parameter(
        Parameter("DashsoftHostedZoneParam",
                  Description="HostedZone (default: hackathon.operations.dk)",
                  Type="String",
                  Default="hackathon.operations.dk"))

    iam_role_param = t.add_parameter(
        Parameter(
            "IamRole",
            Description="IAM Role name",
            Type="String",
        ))

    # --------- Jenkins instance

    jenkins_sg = t.add_resource(
        ec2.SecurityGroup(
            'JenkinsSG',
            GroupDescription='Security group for Jenkins host',
            VpcId=Ref(vpcid_param),
            Tags=Tags(Name=Join("", [Ref(stackname_param), "SG"])),
            SecurityGroupIngress=[
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort="22",
                    ToPort="22",
                    CidrIp="0.0.0.0/0",
                ),
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort="80",
                    ToPort="80",
                    CidrIp="0.0.0.0/0",
                ),
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort="443",
                    ToPort="443",
                    CidrIp="0.0.0.0/0",
                ),
            ]))

    jenkins_eip = t.add_resource(ec2.EIP(
        'JenkinsEIP',
        Domain='vpc',
    ))

    jenkins_eth0 = t.add_resource(
        ec2.NetworkInterface(
            "JenkinsEth0",
            Description=Join("", [Ref(stackname_param), " Eth0"]),
            GroupSet=[
                Ref(jenkins_sg),
            ],
            SourceDestCheck=True,
            SubnetId=Select(0, Ref(subnets)),
            Tags=Tags(
                Name=Join("", [Ref(stackname_param), " Interface 0"]),
                Interface="eth0",
            )))

    jenkins_host = t.add_resource(
        ec2.Instance(
            'JenkinsHost',
            ImageId=Ref(jenkins_ami_id_param),
            InstanceType='m3.medium',
            KeyName=Ref(keypair_param),
            IamInstanceProfile=Ref(iam_role_param),
            NetworkInterfaces=[
                ec2.NetworkInterfaceProperty(
                    NetworkInterfaceId=Ref(jenkins_eth0),
                    DeviceIndex="0",
                ),
            ],
            Tags=Tags(Name=Ref(stackname_param), Id=Ref(stackname_param)),
            UserData=Base64(Join('', [
                '#!/bin/bash\n',
            ])),
        ))

    jenkins_eip_assoc = t.add_resource(
        ec2.EIPAssociation(
            "JenkinsEIPAssoc",
            NetworkInterfaceId=Ref(jenkins_eth0),
            AllocationId=GetAtt("JenkinsEIP", "AllocationId"),
            PrivateIpAddress=GetAtt("JenkinsEth0", "PrimaryPrivateIpAddress"),
        ))

    jenkins_host_cname = t.add_resource(
        route53.RecordSetType(
            "JenkinsHostCname",
            HostedZoneName=Join(
                "", [Ref(operations_subdomain_hosted_zone_param), "."]),
            Comment=Join("", ["Jenkins host CNAME for ",
                              Ref(stackname_param)]),
            Name=Join(
                "",
                ["jenkins.",
                 Ref(operations_subdomain_hosted_zone_param), "."]),
            Type="A",
            TTL="60",
            ResourceRecords=[GetAtt("JenkinsHost", "PublicIp")],
            DependsOn="JenkinsEIPAssoc"))

    return t
Exemplo n.º 5
0
    def configure(self):
        """
        Returns a BIND template
        """
        self.defaults = {'instance_type': 't3.micro'}

        self.service = 'bind'
        self.set_description('Sets up BIND DNS servers')
        self.get_default_security_groups()
        self.get_standard_parameters()
        self.get_standard_policies()
        self.ami = self.add_parameter(
            Parameter('AMI',
                      Type='String',
                      Description='AMI ID for instances',
                      Default=get_latest_ami_id(
                          self.region, 'amzn2-ami-hvm-2.0.????????-x86_64-gp2',
                          'amazon')))

        config = constants.ENVIRONMENTS[self.env][self.service]

        # All subnets in public get a DNS server
        subnets = self.get_subnets('public')

        # Add our security group
        security_group = self.add_resource(
            ec2.SecurityGroup(
                '{}SecurityGroup'.format(self.name),
                VpcId=self.vpc_id,
                GroupDescription='Security Group for {}'.format(self.name),
                SecurityGroupIngress=[
                    {
                        "IpProtocol": "tcp",
                        "FromPort": "53",
                        "ToPort": "53",
                        "CidrIp": "0.0.0.0/0"
                    },  # DNS TCP
                    {
                        "IpProtocol": "udp",
                        "FromPort": "53",
                        "ToPort": "53",
                        "CidrIp": "0.0.0.0/0"
                    },  # DNS UDP
                ],
                SecurityGroupEgress=[{
                    "IpProtocol": "-1",
                    "FromPort": "-1",
                    "ToPort": "-1",
                    "CidrIp": "0.0.0.0/0"
                }]))

        route53_zone = constants.ENVIRONMENTS[self.env]['route53_zone']

        zonefile = ''
        for zone in config['forwarders']:
            zonefile += "\n" + self.make_bind_zone(zone)

        for subnet in subnets:
            subnet_name = subnet['AvailabilityZone']
            role = '{}-{}-{}'.format(self.env, self.service,
                                     subnet_name)  # myenv-bind-us-west-2a

            # Add the elastic IP and the ENI for it, then attach it.
            eip = self.add_resource(
                ec2.EIP('{}InstanceEIP'.format(self.cfn_name(role)),
                        Domain='vpc'))
            eni = self.add_resource(
                ec2.NetworkInterface(
                    '{}InstanceENI'.format(self.cfn_name(role)),
                    SubnetId=subnet['SubnetId'],
                    Description='ENI for {}'.format(role),
                    GroupSet=[Ref(security_group)] + self.security_groups,
                    SourceDestCheck=True,
                    Tags=self.get_tags(service_override=self.service,
                                       role_override=role)))
            self.get_eni_policies()

            self.add_resource(
                ec2.EIPAssociation('{}AssociateVPNInstanceENI'.format(
                    self.cfn_name(role)),
                                   AllocationId=GetAtt(eip, "AllocationId"),
                                   NetworkInterfaceId=Ref(eni)))

            # Add a route53 DNS name
            self.add_resource(
                route53.RecordSetGroup('{}Route53'.format(self.cfn_name(role)),
                                       HostedZoneName=route53_zone,
                                       RecordSets=[
                                           route53.RecordSet(
                                               Name="{}.{}".format(
                                                   role, route53_zone),
                                               ResourceRecords=[Ref(eip)],
                                               Type='A',
                                               TTL=600)
                                       ]))

            # Substitute the userdata template and feed it to CFN
            userdata_template = self.get_cloudinit_template(
                replacements=(('__PROMPT_COLOR__', self.prompt_color()),
                              ('__SERVICE__',
                               self.service), ('__BIND_ZONEFILE__', zonefile)))
            userdata = Sub(
                userdata_template.replace(
                    '${',
                    '${!')  # Replace bash brackets with CFN escaped style
                .replace(
                    '{#', '${'
                ),  # Replace rain-style CFN escapes with proper CFN brackets
                {'CFN_ENI_ID': Ref(eni)})

            launch_configuration = self.add_resource(
                autoscaling.LaunchConfiguration(
                    '{}LaunchConfiguration'.format(self.cfn_name(role)),
                    AssociatePublicIpAddress=True,
                    KeyName=Ref(self.keypair_name),
                    ImageId=Ref(self.ami),
                    InstanceType=Ref(self.instance_type),
                    InstanceMonitoring=False,
                    IamInstanceProfile=Ref(self.instance_profile),
                    UserData=Base64(userdata)))
            self.add_resource(
                autoscaling.AutoScalingGroup(
                    '{}ASGroup'.format(self.cfn_name(role)),
                    AvailabilityZones=[subnet['AvailabilityZone']],
                    HealthCheckType='EC2',
                    LaunchConfigurationName=Ref(launch_configuration),
                    MinSize=0,
                    MaxSize=1,
                    DesiredCapacity=0,
                    VPCZoneIdentifier=[subnet['SubnetId']],
                    Tags=self.get_autoscaling_tags(
                        service_override=self.service, role_override=role) +
                    [autoscaling.Tag('Name', role, True)]))
Exemplo n.º 6
0
                                ]),
                            'mode':
                            '000400',
                            'owner':
                            'root',
                            'group':
                            'root',
                        },
                    },
                ),
            ), ),
        Tags=Tags(Name=Ref("AWS::StackName"), ),
    ))

# Associate the Elastic IP separately, so it doesn't change when the instance changes.
eip_assoc = template.add_resource(
    ec2.EIPAssociation(
        "EipAssociation",
        InstanceId=Ref(ec2_instance),
        EIP=Ref(eip),
    ))

template.add_output([
    Output(
        "PublicIP",
        Description=
        "Public IP address of Elastic IP associated with the Dokku instance",
        Value=Ref(eip),
    ),
])
Exemplo n.º 7
0
    def build_template(self):

        t = self._init_template()

        # ami input + param
        self.infra.add_var(
            'Input{}EC2Ami'.format(self.stack_name),
            self.ami
        )

        ami_param = t.add_parameter(Parameter(
            'Input{}EC2Ami'.format(self.stack_name),
            Type='String'
        ))

        # tag Name
        tag_name = t.add_parameter(Parameter(
            "Input{}EC2TagName".format(self.stack_name),
            Type="String",
            Default='{}EC2'.format(self.stack_name),
            Description="Tag name for {} EC2 Stack".format(self.stack_name)
        ))

        # instance type
        instance_type = t.add_parameter(
            Parameter(
                "Input{}EC2InstanceType".format(
                    self.stack_name),
                Type="String",
                Description="Instance Type for {} EC2 Stack".format(
                    self.stack_name),
                Default="t2.micro"))

        # root file size
        root_device_size = t.add_parameter(Parameter(
            "Input{}EC2RootDeviceSize".format(self.stack_name),
            Type="String",
            Default="20",
            Description="{} Root Device File Size".format(self.stack_name)
        ))

        # root device name
        root_device_name = t.add_parameter(Parameter(
            "Input{}EC2RootDeviceName".format(self.stack_name),
            Type="String",
            Default="/dev/xvda",
            Description="{} Root Device Name".format(self.stack_name)
        ))

        # root device type
        root_device_type = t.add_parameter(Parameter(
            "Input{}EC2RootDeviceType".format(self.stack_name),
            Type="String",
            Default="gp2",
            Description="{} Root Device Type".format(self.stack_name)
        ))

        # instance profile
        instance_profile_param = t.add_parameter(Parameter(
            self.iam_profile.output_instance_profile(),
            Type='String'
        ))

        # user data params
        user_data = []
        for i in range(0, 4):
            user_data.append(
                Ref(t.add_parameter(Parameter(
                    '{}UserData{}'.format(self.stack_name, i),
                    Type='String',
                    Default=' ',
                    Description='{} UserData #{}'.format(self.stack_name, i)
                )))
            )

        # subnet
        if self.private_subnet:
            subnet = self.vpc.output_private_subnets()[0]
        else:
            self.network_interfaces[0].AssociatePublicIpAddress = True
            subnet = self.vpc.output_public_subnets()[0]

        subnet_param = t.add_parameter(Parameter(
            subnet,
            Type='String',
            Description='Subnet for ec2 {}'.format(self.stack_name)
        ))

        self.network_interfaces[0].SubnetId = Ref(subnet_param)

        for sg in self.security_groups:

            sg_param = t.add_parameter(Parameter(
                sg.output_security_group(),
                Type='String'
            ))

            self.network_interfaces[0].GroupSet.append(Ref(sg_param))

        volumes = []
        for volume in self.volumes:
            device_name = t.add_parameter(Parameter(
                'Input{}EBSDeviceName'.format(volume.name),
                Type='String'
            ))

            volume_id = t.add_parameter(Parameter(
                volume.output_volume(),
                Type="String"
            ))

            volumes.append(ec2.MountPoint(
                VolumeId=Ref(volume_id),
                Device=Ref(device_name)
            ))

        instance = t.add_resource(ec2.Instance(
            '{}EC2Instance'.format(self.stack_name),
            Tags=Tags(
                Name=Ref(tag_name)
            ),
            ImageId=Ref(ami_param),
            Volumes=volumes,
            InstanceType=Ref(instance_type),
            IamInstanceProfile=Ref(instance_profile_param),
            NetworkInterfaces=self.network_interfaces,
            BlockDeviceMappings=[
                ec2.BlockDeviceMapping(
                    DeviceName=Ref(root_device_name),
                    Ebs=ec2.EBSBlockDevice(
                        VolumeSize=Ref(root_device_size),
                        VolumeType=Ref(root_device_type),
                        DeleteOnTermination=True
                    )
                )
            ],
            UserData=Base64(
                Join('', [
                    "#!/bin/bash\n",
                    "exec > >(tee /var/log/user-data.log|logger ",
                    "-t user-data -s 2>/dev/console) 2>&1\n",
                ] + user_data
                ))
        ))

        if self.use_key:
            instance.KeyName = self.use_key

        if self.eip is not None:
            eip_ref = ensure_param(t, self.eip.output_allocation_id())
            t.add_resource(ec2.EIPAssociation(
                '{}EIPAssoc'.format(self.stack_name),
                InstanceId=Ref(instance),
                AllocationId=Ref(eip_ref)
            ))

        t.add_output([
            Output(
                '{}EC2Instance'.format(self.stack_name),
                Value=Ref(instance)
            ),
            Output(
                "{}TagName".format(self.stack_name),
                Value=Ref(tag_name)
            )
        ])

        return t