示例#1
0
def emit_configuration():
    # Build the 6 sqs queues for farragut
    queues = [
        QueueConfig('farragut-aggregate-{0}'.format(CLOUDENV), 1800, 345600, 262144),
        QueueConfig('farragut-hourly-{0}'.format(CLOUDENV), 180, 345600, 262144),
        QueueConfig('farragut-leaf-site-{0}'.format(CLOUDENV), 30, 345600, 262144),
        QueueConfig('farragut-leaf-{0}'.format(CLOUDENV), 30, 345600, 262144),
        QueueConfig('farragut-{0}'.format(CLOUDENV), 1800, 345600, 262144),
        QueueConfig('farragut-import-{0}'.format(CLOUDENV), 30, 345600, 262144)
    ]
    for q in queues:
        template.add_resource(
            Queue(
                cfn.sanitize_id(q.name),
                VisibilityTimeout=q.visibility,
                MessageRetentionPeriod=q.retention,
                MaximumMessageSize=q.max_size,
                QueueName=q.name
            )
        )
示例#2
0
def emit_configuration():
    # Build the 6 sqs queues for farragut
    queues = [
        QueueConfig('farragut-aggregate-{0}'.format(CLOUDENV), 1800, 345600,
                    262144),
        QueueConfig('farragut-hourly-{0}'.format(CLOUDENV), 180, 345600,
                    262144),
        QueueConfig('farragut-leaf-site-{0}'.format(CLOUDENV), 30, 345600,
                    262144),
        QueueConfig('farragut-leaf-{0}'.format(CLOUDENV), 30, 345600, 262144),
        QueueConfig('farragut-{0}'.format(CLOUDENV), 1800, 345600, 262144),
        QueueConfig('farragut-import-{0}'.format(CLOUDENV), 30, 345600, 262144)
    ]
    for q in queues:
        template.add_resource(
            Queue(cfn.sanitize_id(q.name),
                  VisibilityTimeout=q.visibility,
                  MessageRetentionPeriod=q.retention,
                  MaximumMessageSize=q.max_size,
                  QueueName=q.name))
示例#3
0
def emit_configuration():
    vpc = cfn.vpcs[0]
    region = Ref("AWS::Region")

    chefserver_instance_class = template.add_parameter(
        Parameter(
            'ChefServerInstanceType', Type='String', Default='t2.medium',
            Description='Chef Server instance type',
            AllowedValues=cfn.usable_instances(),
            ConstraintDescription='Instance size must be a valid instance type'
        )
    )

    # Create IAM role for the chefserver instance
    # load the policies
    default_policy = json.loads(cfn.load_template("default_policy.json.j2",
        {"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"}
    ))

    chefserver_role_name = '.'.join(['chefserver', CLOUDNAME, CLOUDENV])
    chefserver_iam_role = template.add_resource(
        Role(
            "ChefServerIamRole",
            AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
            Path="/",
            Policies=[
                Policy(
                    PolicyName="ChefServerPolicy",
                    PolicyDocument=json.loads(
                        cfn.load_template("chefserver_policy.json.j2",
                            {"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"}
                        )
                    )
                ),
                Policy(
                    PolicyName="ChefserverDefaultPolicy",
                    PolicyDocument=default_policy
                )
            ],
            DependsOn=vpc.title
        )
    )

    chefserver_instance_profile = template.add_resource(
        InstanceProfile(
            "chefserverInstanceProfile",
            Path="/",
            Roles=[Ref(chefserver_iam_role)],
            DependsOn=chefserver_iam_role.title
        )
    )


    chefserver_user_data = cfn.load_template("chefserver-init.bash.j2",
        {"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "chefserver"}
    )

    chefserver_ingress_rules = [
        SecurityGroupRule(
            IpProtocol=p[0], CidrIp='{0}.0.0/16'.format(CIDR_PREFIX), FromPort=p[1], ToPort=p[1]
        ) for p in [('tcp', 80), ('tcp', 443)]
    ]

    chefserver_sg = template.add_resource(
        SecurityGroup(
            "ChefServer",
            GroupDescription="Security Group for the Chef server",
            VpcId=Ref(vpc),
            SecurityGroupIngress=chefserver_ingress_rules,
            DependsOn=vpc.title
        )
    )

    chefserver_name = cfn.sanitize_id("ChefServer", CLOUDNAME, CLOUDENV)
    chefserver_instance = template.add_resource(Instance(
        chefserver_name,
        DependsOn=vpc.title,
        InstanceType=Ref(chefserver_instance_class),
        KeyName=Ref(cfn.keyname),
        SourceDestCheck=False,
        ImageId=FindInMap('RegionMap', region, int(cfn.Amis.EBS)),
        NetworkInterfaces=[
            NetworkInterfaceProperty(
                Description='Network interface for {0}'.format(chefserver_name),
                GroupSet=[Ref(chefserver_sg)],
                SubnetId=Ref(cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM)[0]),
                AssociatePublicIpAddress=True,
                DeviceIndex=0,
                DeleteOnTermination=True
            )
        ],
        BlockDeviceMappings=[
            BlockDeviceMapping(
                DeviceName="/dev/sda1",
                Ebs=EBSBlockDevice(
                    VolumeSize=50,
                    DeleteOnTermination=False
                )
            )
        ]
    ))
示例#4
0
def emit_configuration():
    # Build an SQS queue for the babysitter
    """create_queue = template.add_parameter(
        Parameter(
            'CreateDeregistrationTopic',
            Type='String',
            Description='Whether or not to create the Chef Deregistration queue. This option is provided in case the queue already exists.',
            Default='no',
            AllowedValues=['yes', 'no'],
            ConstraintDescription='Answer must be yes or no'
        )
    )

    conditions = {
        "CreateDeregCondition": Equals(
            Ref(create_queue), "yes"
        )
    }

    for c in conditions:
        template.add_condition(c, conditions[c])"""

    queue_name = '_'.join(['chef-deregistration', CLOUDNAME, CLOUDENV])
    queue = template.add_resource(
        Queue(
            cfn.sanitize_id(queue_name),
            VisibilityTimeout=60,
            MessageRetentionPeriod=1209600,
            MaximumMessageSize=16384,
            QueueName=queue_name,
        ))

    alert_topic = template.add_resource(
        Topic(
            cfn.sanitize_id("BabysitterAlarmTopic{0}".format(CLOUDENV)),
            DisplayName='Babysitter Alarm',
            TopicName=queue_name,
            Subscription=[
                Subscription(Endpoint=GetAtt(queue, "Arn"), Protocol='sqs'),
            ],
            DependsOn=queue.title,
        ))

    queue_depth_alarm = template.add_resource(
        Alarm(
            "BabysitterQueueDepthAlarm",
            AlarmDescription=
            'Alarm if the queue depth grows beyond 200 messages',
            Namespace='AWS/SQS',
            MetricName='ApproximateNumberOfMessagesVisible',
            Dimensions=[
                MetricDimension(Name='QueueName',
                                Value=GetAtt(queue, "QueueName"))
            ],
            Statistic='Sum',
            Period='300',
            EvaluationPeriods='1',
            Threshold='200',
            ComparisonOperator='GreaterThanThreshold',
            #AlarmActions=[Ref(alert_topic), ],
            #InsufficientDataActions=[Ref(alert_topic), ],
            DependsOn=alert_topic.title,
        ), )

    queue_policy = {
        "Version":
        "2012-10-17",
        "Id":
        "BabysitterSNSPublicationPolicy",
        "Statement": [{
            "Sid": "AllowSNSPublishing",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": ["sqs:SendMessage"],
            "Resource": GetAtt(queue, "Arn"),
            "Condition": {
                "ArnEquals": {
                    "aws:SourceArn": Ref(alert_topic)
                }
            }
        }]
    }

    # Publish all events from SNS to the Queue
    template.add_resource(
        QueuePolicy(
            "BabysitterPublishSNStoSQSPolicy",
            Queues=[Ref(queue)],
            PolicyDocument=queue_policy,
            DependsOn=[queue.title, alert_topic.title],
        ))

    cfn.alert_topic = alert_topic
示例#5
0
def emit_configuration():
    vpc = cfn.vpcs[0]
    region = Ref("AWS::Region")

    chefserver_instance_class = template.add_parameter(
        Parameter(
            'ChefServerInstanceType',
            Type='String',
            Default='t2.medium',
            Description='Chef Server instance type',
            AllowedValues=cfn.usable_instances(),
            ConstraintDescription='Instance size must be a valid instance type'
        ))

    # Create IAM role for the chefserver instance
    # load the policies
    default_policy = json.loads(
        cfn.load_template("default_policy.json.j2", {
            "env": CLOUDENV,
            "cloud": CLOUDNAME,
            "region": "us-east-1"
        }))

    chefserver_role_name = '.'.join(['chefserver', CLOUDNAME, CLOUDENV])
    chefserver_iam_role = template.add_resource(
        Role("ChefServerIamRole",
             AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
             Path="/",
             Policies=[
                 Policy(PolicyName="ChefServerPolicy",
                        PolicyDocument=json.loads(
                            cfn.load_template(
                                "chefserver_policy.json.j2", {
                                    "env": CLOUDENV,
                                    "cloud": CLOUDNAME,
                                    "region": "us-east-1"
                                }))),
                 Policy(PolicyName="ChefserverDefaultPolicy",
                        PolicyDocument=default_policy)
             ],
             DependsOn=vpc.title))

    chefserver_instance_profile = template.add_resource(
        InstanceProfile("chefserverInstanceProfile",
                        Path="/",
                        Roles=[Ref(chefserver_iam_role)],
                        DependsOn=chefserver_iam_role.title))

    chefserver_user_data = cfn.load_template("chefserver-init.bash.j2", {
        "env": CLOUDENV,
        "cloud": CLOUDNAME,
        "deploy": "chefserver"
    })

    chefserver_ingress_rules = [
        SecurityGroupRule(IpProtocol=p[0],
                          CidrIp='{0}.0.0/16'.format(CIDR_PREFIX),
                          FromPort=p[1],
                          ToPort=p[1]) for p in [('tcp', 80), ('tcp', 443)]
    ]

    chefserver_sg = template.add_resource(
        SecurityGroup("ChefServer",
                      GroupDescription="Security Group for the Chef server",
                      VpcId=Ref(vpc),
                      SecurityGroupIngress=chefserver_ingress_rules,
                      DependsOn=vpc.title))

    chefserver_name = cfn.sanitize_id("ChefServer", CLOUDNAME, CLOUDENV)
    chefserver_instance = template.add_resource(
        Instance(chefserver_name,
                 DependsOn=vpc.title,
                 InstanceType=Ref(chefserver_instance_class),
                 KeyName=Ref(cfn.keyname),
                 SourceDestCheck=False,
                 ImageId=FindInMap('RegionMap', region, int(cfn.Amis.EBS)),
                 NetworkInterfaces=[
                     NetworkInterfaceProperty(
                         Description='Network interface for {0}'.format(
                             chefserver_name),
                         GroupSet=[Ref(chefserver_sg)],
                         SubnetId=Ref(
                             cfn.get_vpc_subnets(vpc,
                                                 cfn.SubnetTypes.PLATFORM)[0]),
                         AssociatePublicIpAddress=True,
                         DeviceIndex=0,
                         DeleteOnTermination=True)
                 ],
                 BlockDeviceMappings=[
                     BlockDeviceMapping(DeviceName="/dev/sda1",
                                        Ebs=EBSBlockDevice(
                                            VolumeSize=50,
                                            DeleteOnTermination=False))
                 ]))
示例#6
0
def emit_configuration():
    # Build an SQS queue for the babysitter

    """create_queue = template.add_parameter(
        Parameter(
            'CreateDeregistrationTopic',
            Type='String',
            Description='Whether or not to create the Chef Deregistration queue. This option is provided in case the queue already exists.',
            Default='no',
            AllowedValues=['yes', 'no'],
            ConstraintDescription='Answer must be yes or no'
        )
    )

    conditions = {
        "CreateDeregCondition": Equals(
            Ref(create_queue), "yes"
        )
    }

    for c in conditions:
        template.add_condition(c, conditions[c])"""


    queue_name = '_'.join(['chef-deregistration', CLOUDNAME, CLOUDENV])
    queue = template.add_resource(
        Queue(
            cfn.sanitize_id(queue_name),
            VisibilityTimeout=60,
            MessageRetentionPeriod=1209600,
            MaximumMessageSize=16384,
            QueueName=queue_name,
        )
    )

    alert_topic = template.add_resource(
        Topic(
            cfn.sanitize_id("BabysitterAlarmTopic{0}".format(CLOUDENV)),
            DisplayName='Babysitter Alarm',
            TopicName=queue_name,
            Subscription=[
                Subscription(
                    Endpoint=GetAtt(queue, "Arn"),
                    Protocol='sqs'
                ),
            ],
            DependsOn=queue.title,
        )
    )

    queue_depth_alarm = template.add_resource(
        Alarm(
            "BabysitterQueueDepthAlarm",
            AlarmDescription='Alarm if the queue depth grows beyond 200 messages',
            Namespace='AWS/SQS',
            MetricName='ApproximateNumberOfMessagesVisible',
            Dimensions=[
                MetricDimension(
                    Name='QueueName',
                    Value=GetAtt(queue, "QueueName")
                )
            ],
            Statistic='Sum',
            Period='300',
            EvaluationPeriods='1',
            Threshold='200',
            ComparisonOperator='GreaterThanThreshold',
            #AlarmActions=[Ref(alert_topic), ],
            #InsufficientDataActions=[Ref(alert_topic), ],
            DependsOn=alert_topic.title,
        ),
    )

    queue_policy = {
        "Version": "2012-10-17",
        "Id": "BabysitterSNSPublicationPolicy",
        "Statement": [{
            "Sid": "AllowSNSPublishing",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": ["sqs:SendMessage"],
            "Resource": GetAtt(queue, "Arn"),
            "Condition": {
                "ArnEquals": {"aws:SourceArn": Ref(alert_topic)}
            }
        }]
    }

    # Publish all events from SNS to the Queue
    template.add_resource(
        QueuePolicy(
            "BabysitterPublishSNStoSQSPolicy",
            Queues=[Ref(queue)],
            PolicyDocument=queue_policy,
            DependsOn=[queue.title, alert_topic.title],
        )
    )

    cfn.alert_topic = alert_topic