def emit_configuration(): vpc = cfn.vpcs[0] region = Ref("AWS::Region") mesos_instance_class = template.add_parameter( Parameter( 'MesosInstanceType', Type='String', Default='m3.large', Description='Mesos instance type (for workers and masters)', AllowedValues=cfn.usable_instances(), ConstraintDescription='Instance size must be a valid instance type' ) ) ingress_rules = [ SecurityGroupRule( IpProtocol=p[0], CidrIp=DEFAULT_ROUTE, FromPort=p[1], ToPort=p[1] ) for p in [('tcp', 22), ('tcp', 5050), ('tcp', 8080)] ] mesos_security_group = template.add_resource( SecurityGroup( "Mesos", GroupDescription="Security Group for Mesos instances", VpcId=Ref(vpc), SecurityGroupIngress=ingress_rules, DependsOn=vpc.title ) ) # Allow any mesos instances to talk to each other template.add_resource( SecurityGroupIngress( "MesosSelfIngress", IpProtocol='-1', FromPort=0, ToPort=65535, GroupId=Ref(mesos_security_group), SourceSecurityGroupId=Ref(mesos_security_group), DependsOn=mesos_security_group.title ) ) default_policy = json.loads(cfn.load_template("default_policy.json.j2", {"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"} )) mesos_policy = json.loads(cfn.load_template("mesos_policy.json.j2", {"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"} )) # IAM role here iam_role = template.add_resource( Role( "MesosIamRole", AssumeRolePolicyDocument=ASSUME_ROLE_POLICY, Path="/", Policies=[ Policy( PolicyName='MesosDefaultPolicy', PolicyDocument=default_policy ), Policy( PolicyName='MesosIamPolicy', PolicyDocument=mesos_policy ) ], DependsOn=vpc.title ) ) # Instance profile here instance_profile = template.add_resource( InstanceProfile( "mesosInstanceProfile", Path="/", Roles=[Ref(iam_role)], DependsOn=iam_role.title ) ) # UserData here master_user_data = cfn.load_template("default-init.bash.j2", {"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "mesos_master"} ) # LaunchConfiguration for master mesos master_launch_configuration = template.add_resource( LaunchConfiguration( "MesosMasterLaunchConfiguration", ImageId=FindInMap('RegionMap', region, int(cfn.Amis.INSTANCE)), InstanceType=Ref(mesos_instance_class), IamInstanceProfile=Ref(instance_profile), KeyName=Ref(cfn.keyname), SecurityGroups=[Ref(mesos_security_group)], DependsOn=[instance_profile.title, mesos_security_group.title], AssociatePublicIpAddress=False, UserData=Base64(master_user_data) ) ) # Autoscaling Group for master Mesos master_asg_name = '.'.join(['mesos-master', CLOUDNAME, CLOUDENV]) master_asg = template.add_resource( AutoScalingGroup( "MesosMasterASG", AvailabilityZones=cfn.get_asg_azs(), DesiredCapacity="3", LaunchConfigurationName=Ref(master_launch_configuration), MinSize="3", MaxSize="3", NotificationConfiguration=NotificationConfiguration( TopicARN=Ref(cfn.alert_topic), NotificationTypes=[ EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR ] ), VPCZoneIdentifier=[Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.MASTER)], DependsOn=[sn.title for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.MASTER)] ) ) # Worker Mesos worker_user_data = cfn.load_template("default-init.bash.j2", {"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "mesos_slave"} ) worker_launch_configuration = template.add_resource( LaunchConfiguration( "MesosWorkerLaunchConfiguration", ImageId=FindInMap('RegionMap', region, int(cfn.Amis.INSTANCE)), InstanceType=Ref(mesos_instance_class), IamInstanceProfile=Ref(instance_profile), KeyName=Ref(cfn.keyname), SecurityGroups=[Ref(mesos_security_group)], DependsOn=[instance_profile.title, mesos_security_group.title], AssociatePublicIpAddress=False, UserData=Base64(worker_user_data) ) ) worker_asg_name = '.'.join(['mesos-worker', CLOUDNAME, CLOUDENV]), worker_asg = template.add_resource( AutoScalingGroup( "MesosWorkerASG", AvailabilityZones=cfn.get_asg_azs(), DesiredCapacity="3", LaunchConfigurationName=Ref(worker_launch_configuration), MinSize="3", MaxSize="12", NotificationConfiguration=NotificationConfiguration( TopicARN=Ref(cfn.alert_topic), NotificationTypes=[ EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR ] ), VPCZoneIdentifier=[Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.WORKER)], DependsOn=[sn.title for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.WORKER)] ) )
def emit_configuration(): # Parameters here jenkins_instance_class = template.add_parameter( Parameter( 'JenkinsInstanceType', Type='String', Default='t2.micro', Description='Chef jenkins instance type', AllowedValues=cfn.usable_instances(), ConstraintDescription='Instance size must be a valid instance type' )) # jenkins IAM role jenkins_role_name = '.'.join(['jenkins', CLOUDNAME, CLOUDENV]) jenkins_iam_role = template.add_resource( iam.Role('JenkinsIamRole', AssumeRolePolicyDocument=ASSUME_ROLE_POLICY, Path="/", Policies=[ iam.Policy(PolicyName='JenkinsPolicy', PolicyDocument=json.loads( cfn.load_template( "jenkins_policy.json.j2", { "env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1" }))), iam.Policy(PolicyName='JenkinsDefaultPolicy', PolicyDocument=json.loads( cfn.load_template( "default_policy.json.j2", { "env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1" }))) ], DependsOn=cfn.vpcs[0].title)) jenkins_instance_profile = template.add_resource( iam.InstanceProfile("JenkinsInstanceProfile", Path="/", Roles=[Ref(jenkins_iam_role)], DependsOn=jenkins_iam_role.title)) jenkins_user_data = cfn.load_template("default-init.bash.j2", { "env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "jenkins" }) ingress_rules = [ ec2.SecurityGroupRule(IpProtocol=p[0], CidrIp=DEFAULT_ROUTE, FromPort=p[1], ToPort=p[1]) for p in [('tcp', 22), ('tcp', 80), ('tcp', 443)] ] security_group = template.add_resource( ec2.SecurityGroup( "JenkinsSecurityGroup", GroupDescription='Security Group for jenkins instances', VpcId=Ref(cfn.vpcs[0]), SecurityGroupIngress=ingress_rules, DependsOn=cfn.vpcs[0].title, Tags=Tags(Name='.'.join(['jenkins-sg', CLOUDNAME, CLOUDENV])))) launch_cfg = template.add_resource( autoscaling.LaunchConfiguration( "JenkinsLaunchConfiguration", ImageId=FindInMap('RegionMap', Ref("AWS::Region"), int(cfn.Amis.EBS)), InstanceType=Ref(jenkins_instance_class), IamInstanceProfile=Ref(jenkins_instance_profile), AssociatePublicIpAddress=not USE_PRIVATE_SUBNETS, BlockDeviceMappings=[ ec2.BlockDeviceMapping( DeviceName='/dev/sda1', Ebs=ec2.EBSBlockDevice(DeleteOnTermination=True)) ], KeyName=Ref(cfn.keyname), SecurityGroups=[Ref(security_group)], DependsOn=[jenkins_instance_profile.title, security_group.title], UserData=Base64(jenkins_user_data))) asg_name = '.'.join(['jenkins', CLOUDNAME, CLOUDENV]) asg = template.add_resource( autoscaling.AutoScalingGroup( "JenkinsASG", AvailabilityZones=cfn.get_asg_azs(), DesiredCapacity="1", LaunchConfigurationName=Ref(launch_cfg), MinSize="1", MaxSize="1", NotificationConfiguration=autoscaling.NotificationConfiguration( TopicARN=Ref(cfn.alert_topic), NotificationTypes=[ EC2_INSTANCE_TERMINATE, EC2_INSTANCE_TERMINATE_ERROR, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR ]), VPCZoneIdentifier=[ Ref(sn) for sn in cfn.get_vpc_subnets(cfn.vpcs[0], cfn.SubnetTypes.PLATFORM) ]))
def emit_configuration(): vpc = cfn.vpcs[0] region = Ref("AWS::Region") vpn_instance_class = template.add_parameter( Parameter( 'VPNInstanceType', Type='String', Default='m3.medium', Description='VPN instance type', AllowedValues=cfn.usable_instances(), ConstraintDescription='Instance size must be a valid instance type' )) vpn_ingress_rules = [ SecurityGroupRule(IpProtocol=p[0], CidrIp=DEFAULT_ROUTE, FromPort=p[1], ToPort=p[1]) for p in [('tcp', 22), ('udp', 1194)] ] vpn_sg = template.add_resource( SecurityGroup("VPN", GroupDescription="Security Group for VPN ingress.", VpcId=Ref(vpc), SecurityGroupIngress=vpn_ingress_rules, DependsOn=vpc.title)) # IAM role for vpn vpn_policy = json.loads( cfn.load_template("vpn_policy.json.j2", { "env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-west-2" })) default_policy = json.loads( cfn.load_template("default_policy.json.j2", { "env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-west-2" })) vpn_role_name = '.'.join(['vpn', CLOUDNAME, CLOUDENV]) vpn_iam_role = template.add_resource( Role("VPNIamRole", AssumeRolePolicyDocument=ASSUME_ROLE_POLICY, Path="/", Policies=[ Policy(PolicyName="VPNDefaultPolicy", PolicyDocument=default_policy), Policy(PolicyName="VPNPolicy", PolicyDocument=vpn_policy) ], DependsOn=vpc.title)) vpn_instance_profile = template.add_resource( InstanceProfile("vpnInstanceProfile", Path="/", Roles=[Ref(vpn_iam_role)], DependsOn=vpn_iam_role.title)) vpn_user_data = cfn.load_template("default-init.bash.j2", { "env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "vpn" }) # Launch Configuration for vpns vpn_launchcfg = template.add_resource( LaunchConfiguration( "VPNLaunchConfiguration", ImageId=FindInMap('RegionMap', region, int(cfn.Amis.INSTANCE)), InstanceType=Ref(vpn_instance_class), IamInstanceProfile=Ref(vpn_instance_profile), KeyName=Ref(cfn.keyname), SecurityGroups=[Ref(vpn_sg)], DependsOn=[vpn_instance_profile.title, vpn_sg.title], AssociatePublicIpAddress=True, UserData=Base64(vpn_user_data))) # Create the babysitter autoscaling group vpn_asg_name = '.'.join(['vpn', CLOUDNAME, CLOUDENV]) vpn_asg = template.add_resource( AutoScalingGroup( "VPNASG", AvailabilityZones=cfn.get_asg_azs(), DesiredCapacity="1", LaunchConfigurationName=Ref(vpn_launchcfg), MinSize="1", MaxSize="1", NotificationConfiguration=NotificationConfiguration( TopicARN=Ref(cfn.alert_topic), NotificationTypes=[ EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR ]), VPCZoneIdentifier=[ Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.VPN) ], DependsOn=[ sn.title for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.VPN) ]))
def emit_configuration(): vpc = cfn.vpcs[0] region = Ref("AWS::Region") chefserver_instance_class = template.add_parameter( Parameter( 'ChefServerInstanceType', Type='String', Default='t2.medium', Description='Chef Server instance type', AllowedValues=cfn.usable_instances(), ConstraintDescription='Instance size must be a valid instance type' ) ) # Create IAM role for the chefserver instance # load the policies default_policy = json.loads(cfn.load_template("default_policy.json.j2", {"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"} )) chefserver_role_name = '.'.join(['chefserver', CLOUDNAME, CLOUDENV]) chefserver_iam_role = template.add_resource( Role( "ChefServerIamRole", AssumeRolePolicyDocument=ASSUME_ROLE_POLICY, Path="/", Policies=[ Policy( PolicyName="ChefServerPolicy", PolicyDocument=json.loads( cfn.load_template("chefserver_policy.json.j2", {"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"} ) ) ), Policy( PolicyName="ChefserverDefaultPolicy", PolicyDocument=default_policy ) ], DependsOn=vpc.title ) ) chefserver_instance_profile = template.add_resource( InstanceProfile( "chefserverInstanceProfile", Path="/", Roles=[Ref(chefserver_iam_role)], DependsOn=chefserver_iam_role.title ) ) chefserver_user_data = cfn.load_template("chefserver-init.bash.j2", {"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "chefserver"} ) chefserver_ingress_rules = [ SecurityGroupRule( IpProtocol=p[0], CidrIp='{0}.0.0/16'.format(CIDR_PREFIX), FromPort=p[1], ToPort=p[1] ) for p in [('tcp', 80), ('tcp', 443)] ] chefserver_sg = template.add_resource( SecurityGroup( "ChefServer", GroupDescription="Security Group for the Chef server", VpcId=Ref(vpc), SecurityGroupIngress=chefserver_ingress_rules, DependsOn=vpc.title ) ) chefserver_name = cfn.sanitize_id("ChefServer", CLOUDNAME, CLOUDENV) chefserver_instance = template.add_resource(Instance( chefserver_name, DependsOn=vpc.title, InstanceType=Ref(chefserver_instance_class), KeyName=Ref(cfn.keyname), SourceDestCheck=False, ImageId=FindInMap('RegionMap', region, int(cfn.Amis.EBS)), NetworkInterfaces=[ NetworkInterfaceProperty( Description='Network interface for {0}'.format(chefserver_name), GroupSet=[Ref(chefserver_sg)], SubnetId=Ref(cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM)[0]), AssociatePublicIpAddress=True, DeviceIndex=0, DeleteOnTermination=True ) ], BlockDeviceMappings=[ BlockDeviceMapping( DeviceName="/dev/sda1", Ebs=EBSBlockDevice( VolumeSize=50, DeleteOnTermination=False ) ) ] ))
def emit_configuration(): # Parameters here jenkins_instance_class = template.add_parameter( Parameter( 'JenkinsInstanceType', Type='String', Default='t2.micro', Description='Chef jenkins instance type', AllowedValues=cfn.usable_instances(), ConstraintDescription='Instance size must be a valid instance type' ) ) # jenkins IAM role jenkins_role_name = '.'.join(['jenkins', CLOUDNAME, CLOUDENV]) jenkins_iam_role = template.add_resource( iam.Role( 'JenkinsIamRole', AssumeRolePolicyDocument=ASSUME_ROLE_POLICY, Path="/", Policies=[ iam.Policy( PolicyName='JenkinsPolicy', PolicyDocument=json.loads(cfn.load_template("jenkins_policy.json.j2", {"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"} )) ), iam.Policy( PolicyName='JenkinsDefaultPolicy', PolicyDocument=json.loads(cfn.load_template("default_policy.json.j2", {"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"} )) ) ], DependsOn=cfn.vpcs[0].title ) ) jenkins_instance_profile = template.add_resource( iam.InstanceProfile( "JenkinsInstanceProfile", Path="/", Roles=[Ref(jenkins_iam_role)], DependsOn=jenkins_iam_role.title ) ) jenkins_user_data = cfn.load_template("default-init.bash.j2", {"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "jenkins"} ) ingress_rules = [ ec2.SecurityGroupRule( IpProtocol=p[0], CidrIp=DEFAULT_ROUTE, FromPort=p[1], ToPort=p[1] ) for p in [('tcp', 22), ('tcp', 80), ('tcp', 443)] ] security_group = template.add_resource( ec2.SecurityGroup( "JenkinsSecurityGroup", GroupDescription='Security Group for jenkins instances', VpcId=Ref(cfn.vpcs[0]), SecurityGroupIngress=ingress_rules, DependsOn=cfn.vpcs[0].title, Tags=Tags(Name='.'.join(['jenkins-sg', CLOUDNAME, CLOUDENV])) ) ) launch_cfg = template.add_resource( autoscaling.LaunchConfiguration( "JenkinsLaunchConfiguration", ImageId=FindInMap('RegionMap', Ref("AWS::Region"), int(cfn.Amis.EBS)), InstanceType=Ref(jenkins_instance_class), IamInstanceProfile=Ref(jenkins_instance_profile), AssociatePublicIpAddress=not USE_PRIVATE_SUBNETS, BlockDeviceMappings=[ ec2.BlockDeviceMapping( DeviceName='/dev/sda1', Ebs=ec2.EBSBlockDevice( DeleteOnTermination=True ) ) ], KeyName=Ref(cfn.keyname), SecurityGroups=[Ref(security_group)], DependsOn=[jenkins_instance_profile.title, security_group.title], UserData=Base64(jenkins_user_data) ) ) asg_name = '.'.join(['jenkins', CLOUDNAME, CLOUDENV]) asg = template.add_resource( autoscaling.AutoScalingGroup( "JenkinsASG", AvailabilityZones=cfn.get_asg_azs(), DesiredCapacity="1", LaunchConfigurationName=Ref(launch_cfg), MinSize="1", MaxSize="1", NotificationConfiguration=autoscaling.NotificationConfiguration( TopicARN=Ref(cfn.alert_topic), NotificationTypes=[ EC2_INSTANCE_TERMINATE, EC2_INSTANCE_TERMINATE_ERROR, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR ] ), VPCZoneIdentifier=[Ref(sn) for sn in cfn.get_vpc_subnets(cfn.vpcs[0], cfn.SubnetTypes.PLATFORM)] ) )
def emit_configuration(): vpc = cfn.vpcs[0] region = Ref("AWS::Region") zookeeper_instance_class = template.add_parameter( Parameter( 'ZookeeperInstanceType', Type='String', Default='m3.medium', Description='Zookeeper instance type', AllowedValues=cfn.usable_instances(), ConstraintDescription='Instance size must be a valid instance type' ) ) create_zookeeper_bucket = template.add_parameter( Parameter( 'CreateZookeeperBucket', Type='String', Description='Whether or not to create the Zookeeper bucket. This option is provided in case the bucket already exists.', Default='no', AllowedValues=['yes', 'no'], ConstraintDescription='Answer must be yes or no' ) ) conditions = { "ZookeeperBucketCondition": Equals( Ref(create_zookeeper_bucket), "yes" ) } for c in conditions: template.add_condition(c, conditions[c]) ingress_rules = [ SecurityGroupRule( IpProtocol='tcp', CidrIp='{0}.0.0/16'.format(CIDR_PREFIX), FromPort=p, ToPort=p ) for p in [2181, 8080] ] ingress_rules.append( SecurityGroupRule( IpProtocol='tcp', CidrIp=DEFAULT_ROUTE, FromPort=22, ToPort=2222 ) ) zookeeper_sg = template.add_resource( SecurityGroup( "Zookeeper", GroupDescription="Security Group for ZooKeeper instances", VpcId=Ref(vpc), SecurityGroupIngress=ingress_rules, DependsOn=vpc.title ) ) # Now add in another ingress rule that allows zookeepers to talk to each other # in the same SG for port in [2888, 3888]: template.add_resource( SecurityGroupIngress( "ZookeeperSelfIngress{0}".format(port), IpProtocol='tcp', FromPort=port, ToPort=port, GroupId=Ref(zookeeper_sg), SourceSecurityGroupId=Ref(zookeeper_sg), DependsOn=zookeeper_sg.title ) ) # Create the zookeeper s3 bucket zookeeper_bucket_name = Join('.', ['zookeeper', CLOUDNAME, region, CLOUDENV, 'leafme']) zookeeper_bucket = template.add_resource( Bucket( "ZookeeperBucket", BucketName=zookeeper_bucket_name, DeletionPolicy='Retain', Condition="ZookeeperBucketCondition" ) ) zookeeper_role_name = '.'.join(['zookeeper', CLOUDNAME, CLOUDENV]) zookeeper_iam_role = template.add_resource( Role( "ZookeeperIamRole", AssumeRolePolicyDocument=ASSUME_ROLE_POLICY, Path="/", Policies=[ Policy( PolicyName="ZookeeperDefaultPolicy", PolicyDocument=json.loads(cfn.load_template("default_policy.json.j2", {"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1" } )) ), Policy( PolicyName="ZookeeperPolicy", PolicyDocument=json.loads(cfn.load_template("zookeeper_policy.json.j2", {"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"} )) ) ], DependsOn=vpc.title ) ) zookeeper_instance_profile = template.add_resource( InstanceProfile( "zookeeperInstanceProfile", Path="/", Roles=[Ref(zookeeper_iam_role)], DependsOn=zookeeper_iam_role.title ) ) zookeeper_user_data = cfn.load_template("default-init.bash.j2", {"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "zookeeper"} ) # Launch Configuration for zookeepers zookeeper_launchcfg = template.add_resource( LaunchConfiguration( "ZookeeperLaunchConfiguration", ImageId=FindInMap('RegionMap', region, int(cfn.Amis.INSTANCE)), InstanceType=Ref(zookeeper_instance_class), IamInstanceProfile=Ref(zookeeper_instance_profile), AssociatePublicIpAddress=not USE_PRIVATE_SUBNETS, KeyName=Ref(cfn.keyname), SecurityGroups=[Ref(zookeeper_sg)], DependsOn=[zookeeper_instance_profile.title, zookeeper_sg.title], UserData=Base64(zookeeper_user_data) ) ) # Create the zookeeper autoscaling group zookeeper_asg_name = '.'.join(['zookeeper', CLOUDNAME, CLOUDENV]) zookeeper_asg = template.add_resource( AutoScalingGroup( "ZookeeperASG", AvailabilityZones=cfn.get_asg_azs(), DesiredCapacity="3", LaunchConfigurationName=Ref(zookeeper_launchcfg), MinSize="3", MaxSize="3", NotificationConfiguration=autoscaling.NotificationConfiguration( TopicARN=Ref(cfn.alert_topic), NotificationTypes=[ EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR ] ), VPCZoneIdentifier=[Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.MASTER)] ) )
def emit_configuration(): vpc = cfn.vpcs[0] region = Ref("AWS::Region") vpn_instance_class = template.add_parameter( Parameter( 'VPNInstanceType', Type='String', Default='m3.medium', Description='VPN instance type', AllowedValues=cfn.usable_instances(), ConstraintDescription='Instance size must be a valid instance type' ) ) vpn_ingress_rules = [ SecurityGroupRule( IpProtocol=p[0], CidrIp=DEFAULT_ROUTE, FromPort=p[1], ToPort=p[1] ) for p in [('tcp', 22), ('udp', 1194)] ] vpn_sg = template.add_resource( SecurityGroup( "VPN", GroupDescription="Security Group for VPN ingress.", VpcId=Ref(vpc), SecurityGroupIngress=vpn_ingress_rules, DependsOn=vpc.title ) ) # IAM role for vpn vpn_policy = json.loads(cfn.load_template("vpn_policy.json.j2", {"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-west-2"} )) default_policy = json.loads(cfn.load_template("default_policy.json.j2", {"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-west-2"} )) vpn_role_name = '.'.join(['vpn', CLOUDNAME, CLOUDENV]) vpn_iam_role = template.add_resource( Role( "VPNIamRole", AssumeRolePolicyDocument=ASSUME_ROLE_POLICY, Path="/", Policies=[ Policy( PolicyName="VPNDefaultPolicy", PolicyDocument=default_policy ), Policy( PolicyName="VPNPolicy", PolicyDocument=vpn_policy ) ], DependsOn=vpc.title ) ) vpn_instance_profile = template.add_resource( InstanceProfile( "vpnInstanceProfile", Path="/", Roles=[Ref(vpn_iam_role)], DependsOn=vpn_iam_role.title ) ) vpn_user_data = cfn.load_template("default-init.bash.j2", {"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "vpn"} ) # Launch Configuration for vpns vpn_launchcfg = template.add_resource( LaunchConfiguration( "VPNLaunchConfiguration", ImageId=FindInMap('RegionMap', region, int(cfn.Amis.INSTANCE)), InstanceType=Ref(vpn_instance_class), IamInstanceProfile=Ref(vpn_instance_profile), KeyName=Ref(cfn.keyname), SecurityGroups=[Ref(vpn_sg)], DependsOn=[vpn_instance_profile.title, vpn_sg.title], AssociatePublicIpAddress=True, UserData=Base64(vpn_user_data) ) ) # Create the babysitter autoscaling group vpn_asg_name = '.'.join(['vpn', CLOUDNAME, CLOUDENV]) vpn_asg = template.add_resource( AutoScalingGroup( "VPNASG", AvailabilityZones=cfn.get_asg_azs(), DesiredCapacity="1", LaunchConfigurationName=Ref(vpn_launchcfg), MinSize="1", MaxSize="1", NotificationConfiguration=NotificationConfiguration( TopicARN=Ref(cfn.alert_topic), NotificationTypes=[ EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR ] ), VPCZoneIdentifier=[Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.VPN)], DependsOn=[sn.title for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.VPN)] ) )
def emit_configuration(): vpc = cfn.vpcs[0] region = Ref("AWS::Region") chefserver_instance_class = template.add_parameter( Parameter( 'ChefServerInstanceType', Type='String', Default='t2.medium', Description='Chef Server instance type', AllowedValues=cfn.usable_instances(), ConstraintDescription='Instance size must be a valid instance type' )) # Create IAM role for the chefserver instance # load the policies default_policy = json.loads( cfn.load_template("default_policy.json.j2", { "env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1" })) chefserver_role_name = '.'.join(['chefserver', CLOUDNAME, CLOUDENV]) chefserver_iam_role = template.add_resource( Role("ChefServerIamRole", AssumeRolePolicyDocument=ASSUME_ROLE_POLICY, Path="/", Policies=[ Policy(PolicyName="ChefServerPolicy", PolicyDocument=json.loads( cfn.load_template( "chefserver_policy.json.j2", { "env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1" }))), Policy(PolicyName="ChefserverDefaultPolicy", PolicyDocument=default_policy) ], DependsOn=vpc.title)) chefserver_instance_profile = template.add_resource( InstanceProfile("chefserverInstanceProfile", Path="/", Roles=[Ref(chefserver_iam_role)], DependsOn=chefserver_iam_role.title)) chefserver_user_data = cfn.load_template("chefserver-init.bash.j2", { "env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "chefserver" }) chefserver_ingress_rules = [ SecurityGroupRule(IpProtocol=p[0], CidrIp='{0}.0.0/16'.format(CIDR_PREFIX), FromPort=p[1], ToPort=p[1]) for p in [('tcp', 80), ('tcp', 443)] ] chefserver_sg = template.add_resource( SecurityGroup("ChefServer", GroupDescription="Security Group for the Chef server", VpcId=Ref(vpc), SecurityGroupIngress=chefserver_ingress_rules, DependsOn=vpc.title)) chefserver_name = cfn.sanitize_id("ChefServer", CLOUDNAME, CLOUDENV) chefserver_instance = template.add_resource( Instance(chefserver_name, DependsOn=vpc.title, InstanceType=Ref(chefserver_instance_class), KeyName=Ref(cfn.keyname), SourceDestCheck=False, ImageId=FindInMap('RegionMap', region, int(cfn.Amis.EBS)), NetworkInterfaces=[ NetworkInterfaceProperty( Description='Network interface for {0}'.format( chefserver_name), GroupSet=[Ref(chefserver_sg)], SubnetId=Ref( cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM)[0]), AssociatePublicIpAddress=True, DeviceIndex=0, DeleteOnTermination=True) ], BlockDeviceMappings=[ BlockDeviceMapping(DeviceName="/dev/sda1", Ebs=EBSBlockDevice( VolumeSize=50, DeleteOnTermination=False)) ]))
def emit_configuration(): vpc = cfn.vpcs[0] region = Ref("AWS::Region") mesos_instance_class = template.add_parameter( Parameter( 'MesosInstanceType', Type='String', Default='m3.large', Description='Mesos instance type (for workers and masters)', AllowedValues=cfn.usable_instances(), ConstraintDescription='Instance size must be a valid instance type' )) ingress_rules = [ SecurityGroupRule(IpProtocol=p[0], CidrIp=DEFAULT_ROUTE, FromPort=p[1], ToPort=p[1]) for p in [('tcp', 22), ('tcp', 5050), ('tcp', 8080)] ] mesos_security_group = template.add_resource( SecurityGroup("Mesos", GroupDescription="Security Group for Mesos instances", VpcId=Ref(vpc), SecurityGroupIngress=ingress_rules, DependsOn=vpc.title)) # Allow any mesos instances to talk to each other template.add_resource( SecurityGroupIngress("MesosSelfIngress", IpProtocol='-1', FromPort=0, ToPort=65535, GroupId=Ref(mesos_security_group), SourceSecurityGroupId=Ref(mesos_security_group), DependsOn=mesos_security_group.title)) default_policy = json.loads( cfn.load_template("default_policy.json.j2", { "env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1" })) mesos_policy = json.loads( cfn.load_template("mesos_policy.json.j2", { "env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1" })) # IAM role here iam_role = template.add_resource( Role("MesosIamRole", AssumeRolePolicyDocument=ASSUME_ROLE_POLICY, Path="/", Policies=[ Policy(PolicyName='MesosDefaultPolicy', PolicyDocument=default_policy), Policy(PolicyName='MesosIamPolicy', PolicyDocument=mesos_policy) ], DependsOn=vpc.title)) # Instance profile here instance_profile = template.add_resource( InstanceProfile("mesosInstanceProfile", Path="/", Roles=[Ref(iam_role)], DependsOn=iam_role.title)) # UserData here master_user_data = cfn.load_template("default-init.bash.j2", { "env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "mesos_master" }) # LaunchConfiguration for master mesos master_launch_configuration = template.add_resource( LaunchConfiguration( "MesosMasterLaunchConfiguration", ImageId=FindInMap('RegionMap', region, int(cfn.Amis.INSTANCE)), InstanceType=Ref(mesos_instance_class), IamInstanceProfile=Ref(instance_profile), KeyName=Ref(cfn.keyname), SecurityGroups=[Ref(mesos_security_group)], DependsOn=[instance_profile.title, mesos_security_group.title], AssociatePublicIpAddress=False, UserData=Base64(master_user_data))) # Autoscaling Group for master Mesos master_asg_name = '.'.join(['mesos-master', CLOUDNAME, CLOUDENV]) master_asg = template.add_resource( AutoScalingGroup( "MesosMasterASG", AvailabilityZones=cfn.get_asg_azs(), DesiredCapacity="3", LaunchConfigurationName=Ref(master_launch_configuration), MinSize="3", MaxSize="3", NotificationConfiguration=NotificationConfiguration( TopicARN=Ref(cfn.alert_topic), NotificationTypes=[ EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR ]), VPCZoneIdentifier=[ Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.MASTER) ], DependsOn=[ sn.title for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.MASTER) ])) # Worker Mesos worker_user_data = cfn.load_template("default-init.bash.j2", { "env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "mesos_slave" }) worker_launch_configuration = template.add_resource( LaunchConfiguration( "MesosWorkerLaunchConfiguration", ImageId=FindInMap('RegionMap', region, int(cfn.Amis.INSTANCE)), InstanceType=Ref(mesos_instance_class), IamInstanceProfile=Ref(instance_profile), KeyName=Ref(cfn.keyname), SecurityGroups=[Ref(mesos_security_group)], DependsOn=[instance_profile.title, mesos_security_group.title], AssociatePublicIpAddress=False, UserData=Base64(worker_user_data))) worker_asg_name = '.'.join(['mesos-worker', CLOUDNAME, CLOUDENV]), worker_asg = template.add_resource( AutoScalingGroup( "MesosWorkerASG", AvailabilityZones=cfn.get_asg_azs(), DesiredCapacity="3", LaunchConfigurationName=Ref(worker_launch_configuration), MinSize="3", MaxSize="12", NotificationConfiguration=NotificationConfiguration( TopicARN=Ref(cfn.alert_topic), NotificationTypes=[ EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR ]), VPCZoneIdentifier=[ Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.WORKER) ], DependsOn=[ sn.title for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.WORKER) ]))
def emit_configuration(): vpc = cfn.vpcs[0] instance_class = template.add_parameter( Parameter( 'RegistryInstanceType', Type='String', Default='m3.medium', Description='Registry instance type', AllowedValues=cfn.usable_instances(), ) ) create_bucket = template.add_parameter( Parameter( 'CreateDockerRegistryBucket', Type='String', Description='Whether or not to create the Docker Registry bucket.', Default='no', AllowedValues=['yes', 'no'] ) ) condition_name = "DockerRegistryBucketCondition" conditions = { condition_name: Equals( Ref(create_bucket), "yes" ) } for c in conditions: template.add_condition(c, conditions[c]) # Create the registry bucket bucket_name = Join('.', ['docker-registry', CLOUDNAME, Ref("AWS::Region"), CLOUDENV, 'leafme']) bucket = template.add_resource( Bucket( "DockerRegistryBucket", BucketName=bucket_name, DeletionPolicy='Retain', Condition=condition_name ) ) ingress_rules = [ SecurityGroupRule( IpProtocol=p[0], CidrIp=DEFAULT_ROUTE, FromPort=p[1], ToPort=p[1] ) for p in [('tcp', 80), ('tcp', 22)] ] sg = template.add_resource( SecurityGroup( "DockerRegistry", GroupDescription="Security Group for Docker Registries", VpcId=Ref(vpc), SecurityGroupIngress=ingress_rules, DependsOn=vpc.title ) ) policy_vars = { "env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1" } # IAM role for docker registry policy = json.loads(cfn.load_template("registry_policy.json.j2", policy_vars)) default_policy = json.loads(cfn.load_template("default_policy.json.j2", policy_vars)) iam_role = template.add_resource( Role( "DockerRegistryIamRole", AssumeRolePolicyDocument=ASSUME_ROLE_POLICY, Path="/", Policies=[ Policy( PolicyName="RegistryDefaultPolicy", PolicyDocument=default_policy ), Policy( PolicyName="RegistryPolicy", PolicyDocument=policy ) ], DependsOn=vpc.title ) ) instance_profile = template.add_resource( InstanceProfile( "DockerRegistryInstanceProfile", Path="/", Roles=[Ref(iam_role)], DependsOn=iam_role.title ) ) user_data = cfn.load_template("default-init.bash.j2", {"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "docker_registry"} ) launch_config = template.add_resource( LaunchConfiguration( "RegistryLaunchConfiguration", ImageId=FindInMap('RegionMap', Ref("AWS::Region"), int(cfn.Amis.INSTANCE)), InstanceType=Ref(instance_class), IamInstanceProfile=Ref(instance_profile), KeyName=Ref(cfn.keyname), SecurityGroups=[Ref(sg)], DependsOn=[instance_profile.title, sg.title], AssociatePublicIpAddress=False, UserData=Base64(user_data) ) ) asg = template.add_resource( AutoScalingGroup( "RegistryAutoscalingGroup", AvailabilityZones=cfn.get_asg_azs(), DesiredCapacity="1", LaunchConfigurationName=Ref(launch_config), MinSize="1", MaxSize="1", NotificationConfiguration=NotificationConfiguration( TopicARN=Ref(cfn.alert_topic), NotificationTypes=[ EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR ] ), VPCZoneIdentifier=[Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM)], DependsOn=[sn.title for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM)] ) )
def emit_configuration(): vpc = cfn.vpcs[0] instance_class = template.add_parameter( Parameter( 'RegistryInstanceType', Type='String', Default='m3.medium', Description='Registry instance type', AllowedValues=cfn.usable_instances(), )) create_bucket = template.add_parameter( Parameter( 'CreateDockerRegistryBucket', Type='String', Description='Whether or not to create the Docker Registry bucket.', Default='no', AllowedValues=['yes', 'no'])) condition_name = "DockerRegistryBucketCondition" conditions = {condition_name: Equals(Ref(create_bucket), "yes")} for c in conditions: template.add_condition(c, conditions[c]) # Create the registry bucket bucket_name = Join( '.', ['docker-registry', CLOUDNAME, Ref("AWS::Region"), CLOUDENV, 'leafme']) bucket = template.add_resource( Bucket("DockerRegistryBucket", BucketName=bucket_name, DeletionPolicy='Retain', Condition=condition_name)) ingress_rules = [ SecurityGroupRule(IpProtocol=p[0], CidrIp=DEFAULT_ROUTE, FromPort=p[1], ToPort=p[1]) for p in [('tcp', 80), ('tcp', 22)] ] sg = template.add_resource( SecurityGroup("DockerRegistry", GroupDescription="Security Group for Docker Registries", VpcId=Ref(vpc), SecurityGroupIngress=ingress_rules, DependsOn=vpc.title)) policy_vars = {"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"} # IAM role for docker registry policy = json.loads( cfn.load_template("registry_policy.json.j2", policy_vars)) default_policy = json.loads( cfn.load_template("default_policy.json.j2", policy_vars)) iam_role = template.add_resource( Role("DockerRegistryIamRole", AssumeRolePolicyDocument=ASSUME_ROLE_POLICY, Path="/", Policies=[ Policy(PolicyName="RegistryDefaultPolicy", PolicyDocument=default_policy), Policy(PolicyName="RegistryPolicy", PolicyDocument=policy) ], DependsOn=vpc.title)) instance_profile = template.add_resource( InstanceProfile("DockerRegistryInstanceProfile", Path="/", Roles=[Ref(iam_role)], DependsOn=iam_role.title)) user_data = cfn.load_template("default-init.bash.j2", { "env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "docker_registry" }) launch_config = template.add_resource( LaunchConfiguration("RegistryLaunchConfiguration", ImageId=FindInMap('RegionMap', Ref("AWS::Region"), int(cfn.Amis.INSTANCE)), InstanceType=Ref(instance_class), IamInstanceProfile=Ref(instance_profile), KeyName=Ref(cfn.keyname), SecurityGroups=[Ref(sg)], DependsOn=[instance_profile.title, sg.title], AssociatePublicIpAddress=False, UserData=Base64(user_data))) asg = template.add_resource( AutoScalingGroup( "RegistryAutoscalingGroup", AvailabilityZones=cfn.get_asg_azs(), DesiredCapacity="1", LaunchConfigurationName=Ref(launch_config), MinSize="1", MaxSize="1", NotificationConfiguration=NotificationConfiguration( TopicARN=Ref(cfn.alert_topic), NotificationTypes=[ EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR ]), VPCZoneIdentifier=[ Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM) ], DependsOn=[ sn.title for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM) ]))