def create_prediction_service_elb(self):
t = self.template
prediction_service_elastic_load_balancer = t.add_resource(
LoadBalancer("Euro2016ElasticLoadBalancer",
LoadBalancerName=Ref("ELBName"),
Subnets=Ref("ELBSubnetIds"),
Listeners=[{
"InstancePort": "8000",
"LoadBalancerPort": "80",
"Protocol": "HTTP"
}, {
"InstancePort": "8000",
"LoadBalancerPort": "443",
"Protocol": "HTTPS",
"SSLCertificateId": Ref("SSLCertificateId")
}],
SecurityGroups=Ref("ELBSecurityGroups"),
HealthCheck=HealthCheck(
HealthyThreshold="3",
Interval="30",
Target="HTTP:8000/status",
Timeout="5",
UnhealthyThreshold="5",
),
CrossZone=True,
Tags=[Tag("Name",
"euro2016-prediction-service-elb")]))
return prediction_service_elastic_load_balancer
def test_healthy_interval_too_low(self):
with self.assertRaises(ValueError):
HealthCheck(HealthyThreshold='1',
Interval='2',
Target='HTTP:80/index.html',
Timeout='4',
UnhealthyThreshold='9')
def create_elb(self, subnet1, subnet2, elb_sg):
load_balancer = self.t.add_resource(
LoadBalancer(
"LoadBalancer",
ConnectionDrainingPolicy=ConnectionDrainingPolicy(
Enabled=True,
Timeout=120,
),
Subnets=[Ref(subnet1), Ref(subnet2)],
HealthCheck=HealthCheck(
Target="TCP:80",
HealthyThreshold="2",
UnhealthyThreshold="9",
Interval="20",
Timeout="15",
),
Listeners=[
Listener(
LoadBalancerPort="80",
InstancePort="80",
Protocol="HTTP",
),
],
CrossZone=True,
SecurityGroups=[Ref(elb_sg)],
LoadBalancerName="webapp-elb",
Scheme="internet-facing",
))
return load_balancer
def test_healthy_interval_ok(self):
HealthCheck(
HealthyThreshold='2',
Interval='2',
Target='HTTP:80/index.html',
Timeout='4',
UnhealthyThreshold='9'
)
def test_healthy_interval_ok(self):
HealthCheck(
HealthyThreshold="2",
Interval="2",
Target="HTTP:80/index.html",
Timeout="4",
UnhealthyThreshold="9",
)
def test_healthy_interval_too_low(self):
with self.assertRaises(ValueError):
HealthCheck(
HealthyThreshold="1",
Interval="2",
Target="HTTP:80/index.html",
Timeout="4",
UnhealthyThreshold="9",
)
def add_elb(self):
t = self.template
self.elbSg = t.add_resource(
SecurityGroup(
'ElbSecurityGroup',
VpcId=Ref(self.vpcIdParam),
GroupDescription='Security group for ELB.',
SecurityGroupIngress=[
SecurityGroupRule(ToPort='80',
FromPort='80',
IpProtocol='tcp',
CidrIp="0.0.0.0/0")
#TODO HTTPS
],
Tags=self.defaultTags +
[Tag('Name', Join("", [self.namePrefix, 'ElbSecurityGroup']))
]))
self.elbListener = Listener('ElbListener',
LoadBalancerPort="80",
InstancePort="80",
Protocol="HTTP",
InstanceProtocol="HTTP")
self.elbHealthCheck = HealthCheck(Target="TCP:80",
Timeout="2",
Interval="5",
HealthyThreshold="2",
UnhealthyThreshold="2")
publicSubnetIds = [
self.sceptreUserData['subnets']['publicInfraAZ1Id'],
self.sceptreUserData['subnets']['publicInfraAZ2Id'],
self.sceptreUserData['subnets']['publicInfraAZ3Id']
]
self.elb = t.add_resource(
LoadBalancer('Elb',
Listeners=[self.elbListener],
Scheme='internet-facing',
HealthCheck=self.elbHealthCheck,
CrossZone=True,
Subnets=publicSubnetIds,
SecurityGroups=[Ref(self.elbSg)],
Tags=self.defaultTags +
[Tag('Name', Join("", [self.namePrefix, 'Elb']))]))
return 0
def health_check(name,
target='TCP:22',
healthy_threashold=2,
unhealthy_threashold=3,
interval=30,
timeout=3):
"""Classic elb health check"""
hc = HealthCheck(title=name + 'healthcheck')
hc.HealthyThreshold = healthy_threashold
hc.UnhealthyThreshold = unhealthy_threashold
hc.Interval = interval
hc.Target = target
hc.Timeout = timeout
return hc
def define_networking(t):
t.add_resource(
VPC("VPC",
CidrBlock=Ref(t.parameters["vpcCidrBlock"]),
InstanceTenancy="default",
EnableDnsSupport=True,
EnableDnsHostnames=False,
Tags=troposphere.cloudformation.Tags(Name=Join(
" ", ["BIG-IQ VPC:", Ref("AWS::StackName")]))))
t.add_resource(
Subnet("Subnet1",
CidrBlock=Ref(t.parameters["subnet1CidrBlock"]),
VpcId=Ref(t.resources["VPC"]),
AvailabilityZone=Ref(t.parameters["subnet1Az"]),
Tags=Tags(
Name=Join(" ", ["BIG-IQ Subnet 1:",
Ref("AWS::StackName")]))))
t.add_resource(
Subnet("Subnet2",
CidrBlock=Ref(t.parameters["subnet2CidrBlock"]),
VpcId=Ref(t.resources["VPC"]),
AvailabilityZone=Ref(t.parameters["subnet2Az"]),
Tags=Tags(
Name=Join(" ", ["Big-IQ Subnet 2:",
Ref("AWS::StackName")]))))
t.add_resource(
RouteTable("RouteTable1",
VpcId=Ref(t.resources["VPC"]),
Tags=Tags(Name=Join(
" ", ["BIG-IQ Route Table 1:",
Ref("AWS::StackName")]))))
t.add_resource(
RouteTable("RouteTable2",
VpcId=Ref(t.resources["VPC"]),
Tags=Tags(Name=Join(
" ", ["BIG-IQ Route Table 2:",
Ref("AWS::StackName")]))))
t.add_resource(
SubnetRouteTableAssociation("Subnet1RouteTableAssociation",
SubnetId=Ref(t.resources["Subnet1"]),
RouteTableId=Ref(
t.resources["RouteTable1"])))
t.add_resource(
SubnetRouteTableAssociation("Subnet2RouteTableAssociation",
SubnetId=Ref(t.resources["Subnet2"]),
RouteTableId=Ref(
t.resources["RouteTable2"])))
t.add_resource(
InternetGateway(
"IGW",
Tags=Tags(Name=Join(
" ", ["BIG-IQ Internet Gateway:",
Ref("AWS::StackName")]))))
t.add_resource(
VPCGatewayAttachment("IGWAttachment",
VpcId=Ref(t.resources["VPC"]),
InternetGatewayId=Ref(t.resources["IGW"])))
t.add_resource(
Route("Route1Default",
DestinationCidrBlock="0.0.0.0/0",
RouteTableId=Ref(t.resources["RouteTable1"]),
GatewayId=Ref(t.resources["IGW"])))
t.add_resource(
Route("Route2Default",
DestinationCidrBlock="0.0.0.0/0",
RouteTableId=Ref(t.resources["RouteTable2"]),
GatewayId=Ref(t.resources["IGW"])))
t.add_resource(NetworkAcl("VPCAcl", VpcId=Ref(t.resources["VPC"])))
t.add_resource(
SecurityGroup(
"SecurityGroup",
GroupName=Join(" ",
["BIG-IQ SG:", Ref("AWS::StackName")]),
GroupDescription="vpc-sg",
VpcId=Ref(t.resources["VPC"]),
SecurityGroupIngress=[
SecurityGroupRule(IpProtocol="tcp",
FromPort="443",
ToPort="443",
CidrIp="0.0.0.0/0"),
SecurityGroupRule(IpProtocol="tcp",
FromPort="80",
ToPort="80",
CidrIp="0.0.0.0/0"),
SecurityGroupRule(IpProtocol="tcp",
FromPort="22",
ToPort="22",
CidrIp="0.0.0.0/0"),
SecurityGroupRule(
IpProtocol=
"tcp", # TODO Determine actual ports which should be open
FromPort="1",
ToPort="65356",
CidrIp=Ref(t.parameters["vpcCidrBlock"]))
]))
t.add_resource(
SecurityGroup("ElbSecurityGroup",
GroupName=Join(
" ", ["ELB-SG-", Ref("AWS::StackName")]),
GroupDescription="vpc-sg",
VpcId=Ref(t.resources["VPC"]),
SecurityGroupIngress=[]))
t.add_resource(
LoadBalancer(
"ClassicELB",
SecurityGroups=[Ref(t.resources["ElbSecurityGroup"])],
HealthCheck=HealthCheck(HealthyThreshold="10",
Interval="30",
Target="TCP:22",
Timeout="5",
UnhealthyThreshold="2"),
Listeners=[
Listener(LoadBalancerPort="80",
InstancePort="80",
Protocol="TCP",
InstanceProtocol="TCP")
],
LoadBalancerName=Join("", ["ELB-", Ref("AWS::StackName")]),
Scheme="internet-facing",
Subnets=[Ref(t.resources["Subnet1"]),
Ref(t.resources["Subnet2"])]))
Ref(WebServerSecurityGroup),
"FromPort":
"3306"
}],
GroupDescription="Open database for access",
Condition="Is-EC2-VPC",
))
# @alias component @app:@elb to ElasticLoadBalancer
ElasticLoadBalancer = t.add_resource(
LoadBalancer(
"ElasticLoadBalancer",
HealthCheck=HealthCheck(
HealthyThreshold="2",
Interval="10",
Target="HTTP:80/",
Timeout="5",
UnhealthyThreshold="5",
),
LBCookieStickinessPolicy=[{
"PolicyName": "CookieBasedPolicy",
"CookieExpirationPeriod": "30"
}],
CrossZone="true",
Listeners=[{
"InstancePort": "80",
"PolicyNames": ["CookieBasedPolicy"],
"LoadBalancerPort": "80",
"Protocol": "HTTP"
}],
AvailabilityZones=GetAZs(""),
elb = t.add_resource(
LoadBalancer(
"elb" + role.upper(),
Subnets=Split(",", Ref(elb_identifier)),
Listeners=[
Listener(
LoadBalancerPort=80,
InstancePort=80,
Protocol='HTTP',
),
],
SecurityGroups=[Ref("defaultSG"),
Ref(elbSecurityGroup)],
HealthCheck=HealthCheck(
Target=rolemap[role]["elb"]["healthcheck"],
HealthyThreshold="2",
UnhealthyThreshold="2",
Interval="10",
Timeout="5"),
ConnectionDrainingPolicy=ConnectionDrainingPolicy(Enabled=True,
Timeout=300),
CrossZone=True,
Tags=Tags(Environment=Ref("environment"), Service=role)))
loadbalancer = [Ref(elb)]
identifier = ""
if rolemap[role]["instance"]["subnet"] in public_prefixes:
identifier = "pubsub" + rolemap[role]["instance"]["subnet"].upper()
# Dont name this resource since named resources need full stack destroy.
t.add_resource(
def add_kippo_sensors(self):
# Create the ELB
self.template.add_resource(
LoadBalancer(
'Elb',
Listeners=[
Listener(
InstancePort=80,
LoadBalancerPort=80,
Protocol='http',
),
Listener(
InstancePort=443,
LoadBalancerPort=443,
Protocol='tcp', # Plain TCP forwarding for HTTPS/SSL
),
],
CrossZone=True,
Subnets=Ref('ElbSubnetIdList'),
SecurityGroups=[Ref('ElbSecurityGroup')],
Scheme='internet-facing',
HealthCheck=HealthCheck(
Target='HTTP:80/kippo-graph/',
HealthyThreshold=2,
UnhealthyThreshold=5,
Interval=120,
Timeout=60,
),
))
self.template.add_output(
Output(
'ElbEndpoint',
Description='ELB endpoint address',
Value=GetAtt('Elb', 'DNSName'),
))
self.template.add_resource(
LaunchConfiguration(
'LaunchConfiguration',
KeyName=Ref('KeyName'),
ImageId=FindInMap('Ec2AmiMap', Ref('AWS::Region'), 'AmiId'),
InstanceType=Ref('Ec2InstanceType'),
SecurityGroups=[Ref('Ec2SecurityGroup')],
AssociatePublicIpAddress=True,
UserData=Base64(
Join('\n', [
'#cloud-config',
'repo_upgrade: security',
'runcmd:',
' - "/usr/bin/wget -O /tmp/configure_kippo_sensor.sh https://raw.githubusercontent.com/cdodd/aws-kippo-cluster/master/bootstrap/configure_kippo_sensor.sh"',
Join(
'',
[
' - "bash /tmp/configure_kippo_sensor.sh',
' ',
GetAtt('RdsInstance', 'Endpoint.Address'),
' ',
Ref('RdsRootPassword'),
' ',
Ref('RealSshPort'),
'"',
],
),
])),
))
self.template.add_resource(
AutoScalingGroup(
'Asg',
DesiredCapacity=Ref('KippoSensorCount'),
HealthCheckGracePeriod=1800,
HealthCheckType='ELB',
LaunchConfigurationName=Ref('LaunchConfiguration'),
LoadBalancerNames=[Ref('Elb')],
MaxSize=Ref('KippoSensorCount'),
MinSize=Ref('KippoSensorCount'),
Tags=[Tag(key='Name', value='kippo-sensor', propogate='true')],
VPCZoneIdentifier=Ref('Ec2SubnetIdList'),
))