def stack(): t = template.create(description='Bastion') keypair = template.add_keypair_parameter(t) # network & subnets network = ec2.vpc(template=t, name='vpc', cidr='10.0.0.0/16') ig, iga = ec2.internet_gateway(template=t, vpc=network) public = ec2.subnet(template=t, name='public', cidr='10.0.0.0/24', vpc=network, gateway=ig) ng = ec2.nat_gateway(template=t, public_subnet=public, gateway_attachement=iga) private = ec2.subnet(template=t, name='private', cidr='10.0.100.0/24', vpc=network, nat=ng) # security groups bastion_sg = security.get_bastion_security_group(template=t, vpc=network) mgmt_sg = security.get_vdcm_management_security_group(template=t, vpc=network, cidr='0.0.0.0/0') ec2.instance_with_interfaces(template=t, name='bastion', ami=ec2.AMI.public_centos, type='c4.xlarge', keypair=keypair, role='bastion', placement_group=None, user_data=ec2.ETH1_USER_DATA, interfaces=[ (public, '10.0.0.6', bastion_sg, iga), (private, '10.0.100.6', mgmt_sg, None) ]) ec2.instance_with_interfaces(template=t, name='test', ami=ec2.AMI.public_centos, type='c4.large', keypair=keypair, role='test', placement_group=None, interfaces=[(private, '10.0.100.7', mgmt_sg, None)], user_data=None) return t
def stack(): t = template.create(description='stack used to build a vdcm ami') keypair = template.add_keypair_parameter(t) # iam service user & instance profile packer_iam_role = iam.InstanceProfiles.packer(template=t) iam.user(template=t, user_name='srvc_jenkins', policies=iam.Policies.jenkins(name='jenkins'), generate_key_serial=1) # network & subnets network = ec2.vpc(template=t, name='vpc', cidr='10.0.0.0/16') ig, iga = ec2.internet_gateway(template=t, vpc=network) public = ec2.subnet(template=t, name='public', cidr='10.0.0.0/24', vpc=network, gateway=ig) ng = ec2.nat_gateway(template=t, public_subnet=public, gateway_attachement=iga) private = ec2.subnet(template=t, name='private', cidr='10.0.1.0/24', vpc=network, nat=ng) # security groups bastion_security_group = security.get_bastion_security_group(template=t, vpc=network) management_security_group = security.get_vdcm_management_security_group(template=t, vpc=network, cidr='0.0.0.0/0') # bastion ec2.instance_with_interfaces(template=t, name='bastion', ami=ec2.AMI.public_centos, type='t2.small', tags={'auto-power': 'no'}, user_data=ec2.ETH1_USER_DATA, keypair=keypair, role='bastion', placement_group=None, interfaces=[ (public, '10.0.0.6', bastion_security_group, iga), (private, '10.0.1.6', management_security_group, None) ]) # builder ec2.instance_with_interfaces(template=t, name='build', ami=ec2.AMI.public_centos, type='t2.small', user_data=None, keypair=keypair, role='builder', placement_group=None, tags={'auto-power': 'no'}, iam_role=packer_iam_role, volume_size=40, interfaces=[ (private, '10.0.1.7', management_security_group, None), ]) return t
def stack(): t = template.create(description='openshift') keypair = template.add_keypair_parameter(t) hostedzonename = template.add_parameter( t, name='ClusterDnsDomainName', description='Domain name for cluster') deployer_ami = template.add_parameter( t, name='deployerami', description='ami used for deployer instance') worker_ami = template.add_parameter( t, name='workerami', description='ami used for worker, master instance') centos_hardned = template.add_parameter( t, name='centoshardned', description='ami used for bastion instance') zone1 = template.add_parameter(t, name='zone1', description='availability zone 1') template.add_parameter(t, name='zone2', description='availability zone 2') # iam & placement group group = ec2.placement_group(template=t, name='openshiftgroup') iam_role = iam.InstanceProfiles.ecr_full(template=t) # network & subnets network = ec2.vpc(template=t, name='vpc', cidr='10.0.0.0/16') ig, iga = ec2.internet_gateway(template=t, vpc=network) public = ec2.subnet(template=t, name='public', availability_zone=zone1, cidr='10.0.0.0/24', vpc=network, gateway=ig) ng = ec2.nat_gateway(template=t, public_subnet=public, gateway_attachement=iga) private = ec2.subnet(template=t, name='private', availability_zone=zone1, cidr='10.0.100.0/24', vpc=network, nat=ng) # security groups bastion_sg = security.get_bastion_security_group(template=t, vpc=network) private_sg = security.get_private_security_group(template=t, vpc=network, cidr='10.0.0.0/16', desc='private') elb_sg = security.get_elb_security_group(template=t, vpc=network) openshift_gui = security.rule(protocol='tcp', from_port='8443', to_port='8443', cidr='0.0.0.0/0') mpe_out = security.rule(protocol='tcp', from_port='80', to_port='80', cidr='0.0.0.0/0') elb_sg.SecurityGroupIngress.append(openshift_gui) elb_sg.SecurityGroupIngress.append(mpe_out) # bastion ec2.instance_with_interfaces(template=t, name='bastion', ami=centos_hardned, type='c4.large', keypair=keypair, role='bastion', placement_group=group, iam_role=iam_role, interfaces=[(public, '10.0.0.4', bastion_sg, iga)], volume_size=64) # deployer ec2.instance_with_interfaces(template=t, name='deployer', ami=deployer_ami, type='c4.2xlarge', keypair=keypair, role='deployer', placement_group=group, iam_role=iam_role, interfaces=[(private, '10.0.100.5', private_sg, None)], volume_size=64) instances = [] masters = 1 for i in range(0, masters): master = ec2.instance_with_interfaces( template=t, name='master{}'.format(i + 1), ami=worker_ami, type='c4.2xlarge', keypair=keypair, role='master', placement_group=group, iam_role=iam_role, interfaces=[(private, '10.0.100.1{}'.format(i), private_sg, None)], volume_size=64) instances.append(master) masterlb = elb.elastic_lb( template=t, name="masterELB", instances=instances, subnets=[public], instance_port=8443, load_balancer_port=8443, securitygroups=[elb_sg], instance_proto="TCP", load_balancer_proto="TCP", health_check=elb.health_check(name='masterlbhealthcheck')) route53.elb(template=t, name="masterRoute", hostedzonename=hostedzonename, elasticLB=masterlb, dns='master') instances = [] nodes = 2 for i in range(0, nodes): worker = ec2.instance_with_interfaces( template=t, name='node{}'.format(i + 1), ami=worker_ami, type='c4.4xlarge', keypair=keypair, role='worker', placement_group=group, iam_role=iam_role, volume_size=32, interfaces=[(private, '10.0.100.2{}'.format(i), private_sg, None)]) instances.append(worker) mpelb = elb.elastic_lb( template=t, name="mpeELB", instances=instances, subnets=[public], instance_port=80, load_balancer_port=80, instance_proto="TCP", load_balancer_proto="TCP", securitygroups=[elb_sg], health_check=elb.health_check(name='masterlbhealthcheck')) route53.elb(template=t, name="mpeRoute", hostedzonename=hostedzonename, elasticLB=mpelb, subdomain='*') return t
def stack(): t = template.create(description='openshift') keypair = template.add_keypair_parameter(t) vpc_param = template.add_vpcid_parameter(t) hostedzonename = template.add_parameter(t, name='ClusterDnsDomainName', description='Domain name for cluster') hostedzonename_video = template.add_parameter(t, name='VideoDnsDomainName', description='Domain name for cluster') worker_ami = template.add_parameter(t, name='workerami', description='ami used for worker, master instance') deployer_ami = template.add_parameter(t, name='deployerami', description='ami used for deployer instance') public_net_1 = template.add_publicsubnet_parameter(t, "PublicSubnet01") public_net_2 = template.add_publicsubnet_parameter(t, "PublicSubnet02") public_net_3 = template.add_publicsubnet_parameter(t, "PublicSubnet03") public_nets = [public_net_1, public_net_2, public_net_3] private_net_1 = template.add_privatesubnet_parameter(t, "PrivateSubnet01") private_net_2 = template.add_privatesubnet_parameter(t, "PrivateSubnet02") private_net_3 = template.add_privatesubnet_parameter(t, "PrivateSubnet03") private_nets = [private_net_1, private_net_2, private_net_3] iam_role_ecr = iam.InstanceProfiles.ecr_full(template=t) # security groups private_sg = security.get_private_security_group(template=t, vpc=vpc_param, cidr='10.242.0.0/16', desc='private') video_elb_sg = security.get_http_security_group(template=t, vpc=vpc_param, sg_name='CiscoVideo') video_elb_sg_osn = security.get_http_security_group(template=t, vpc=vpc_param, sg_name='OSNVideo', cidr=['80.227.100.0/23', '80.227.119.0/24']) master_elb_sg = security.get_elb_security_group(template=t, vpc=vpc_param, cidr=security.CISCO_CIDR) # deployer ec2.instance_with_interfaces(template=t, name='deployer', ami=deployer_ami, type='c4.2xlarge', keypair=keypair, role='deployer', iam_role=iam_role_ecr, interfaces=[(private_net_1, '10.242.2.6', private_sg, None)], volume_size=64) masters = [] num_masters = 3 for i in range(0, num_masters): zone = i % 3 master = ec2.instance_with_interfaces(template=t, name='master{}'.format(i+1), ami=worker_ami, type='c4.2xlarge', keypair=keypair, role='master', interfaces=[(private_nets[zone], None, private_sg, None)], volume_size=64) masters.append(master) masterelb = elb.elastic_lb(template=t, name="masterELB", instances=masters, subnets=public_nets, instance_port=8443, load_balancer_port=8443, instance_proto='TCP', load_balancer_proto='TCP', securitygroups=[master_elb_sg]) masterelbint = elb.elastic_lb(template=t, name="masterELBint", instances=masters, subnets=private_nets, instance_port=8443, load_balancer_port=8443, instance_proto='TCP', load_balancer_proto='TCP', securitygroups=[private_sg], scheme="internal") route53.elb(template=t, name="masterdns", hostedzonename=hostedzonename, elasticLB=masterelb, dns='master',) route53.elb(template=t, name="masterdnsint", hostedzonename=hostedzonename, elasticLB=masterelbint, dns='int-master') nodes = [] num_nodes = 2 for i in range(0, num_nodes): zone = i % 3 worker = ec2.instance_with_interfaces(template=t, name='node{}'.format(i+1), ami=worker_ami, type='c4.4xlarge', keypair=keypair, role='worker', volume_size=32, interfaces=[(private_nets[zone], None, private_sg, None)]) nodes.append(worker) mpeelb = elb.elastic_lb(template=t, name="mpeELB", instances=nodes, subnets=public_nets, instance_port=80, load_balancer_port=80, instance_proto="HTTP", load_balancer_proto="HTTP", securitygroups=[video_elb_sg, video_elb_sg_osn]) route53.elb(template=t, name="mpeRoute", hostedzonename=hostedzonename_video, elasticLB=mpeelb, subdomain='*') return t
def stack(): t = template.create(description='URCsmxPOC') keypair = template.add_keypair_parameter(t) hostedzonename = template.add_parameter(t, name='ClusterDnsDomainName', description='Domain name for cluster') zone1 = template.add_parameter(t, name='zone1', description='availability zone 1') template.add_parameter(t, name='zone2', description='availability zone 2') centos_hardned = template.add_parameter(t, name='centoshardned', description='ami used for bastion instance') worker_ami = template.add_parameter(t, name='workerami', description='ami used for worker, master instance') vdcm_ami = template.add_parameter(t, name='vdcmv8', description='ami used for vdcm instance') # iam & placement group group = ec2.placement_group(template=t, name='urcsmxgrp') iam_role = iam.InstanceProfiles.s3_full(template=t) # network & subnets network = ec2.vpc(template=t, name='vpc', cidr='10.0.0.0/16') ig, iga = ec2.internet_gateway(template=t, vpc=network) public = ec2.subnet(template=t, name='public', availability_zone=zone1, cidr='10.0.0.0/24', vpc=network, gateway=ig) ng = ec2.nat_gateway(template=t, public_subnet=public, gateway_attachement=iga) private = ec2.subnet(template=t, name='private', availability_zone=zone1, cidr='10.0.100.0/24', vpc=network, nat=ng) video = ec2.subnet(template=t, name='video', availability_zone=zone1, cidr='10.0.200.0/24', vpc=network, nat=ng) # security groups bastion_sg = security.get_bastion_security_group(template=t, vpc=network) vsm_sg = security.get_vsm_security_group(template=t, vpc=network) private_sg = security.get_private_security_group(template=t, vpc=network, cidr='10.0.0.0/16', desc='private') video_sg = security.get_private_security_group(template=t, vpc=network, cidr='10.0.200.0/24', desc='video') # bastion bastion = ec2.instance_with_interfaces(template=t, name='bastion', ami=centos_hardned, type='c4.large', keypair=keypair, role='bastion', placement_group=group, iam_role=iam_role, interfaces=[(public, '10.0.0.4', bastion_sg, iga)], volume_size=64) route53.route53(template=t, hostedzonename=hostedzonename, instance=bastion, subdomain='bastion', depends='bastioneth0EIPAssociation') # lisa ec2.instance_with_interfaces(template=t, name='lisaeth0', ami=worker_ami, type='c4.xlarge', keypair=keypair, role='lisa', placement_group=group, iam_role=iam_role, interfaces=[(private, '10.0.100.5', private_sg, None)], volume_size=32) # VSM vsm = ec2.instance_with_interfaces(template=t, name='vsm', ami=worker_ami, type='c4.2xlarge', keypair=keypair, role='vsm', placement_group=group, iam_role=iam_role, interfaces=[(public, '10.0.0.8', vsm_sg, iga), (private, '10.0.100.8', private_sg, None)], volume_size=64) route53.route53(template=t, hostedzonename=hostedzonename, instance=vsm, subdomain='vsm', depends='vsmeth0EIPAssociation') # IP streamer ec2.instance_with_interfaces(template=t, name='ips', ami=worker_ami, type='c4.2xlarge', keypair=keypair, role='ips', placement_group=group, iam_role=iam_role, interfaces=[(private, '10.0.100.9', private_sg, None), (video, '10.0.200.9', video_sg, None)], volume_size=32) # DCM DEMUX-MUX pool for i, name in enumerate(('demux', 'mux')): ec2.instance_with_interfaces(template=t, name='{}'.format(name), ami=vdcm_ami, type='c4.2xlarge', keypair=keypair, role='vdcm', placement_group=group, iam_role=iam_role, interfaces=[(private, '10.0.100.{}'.format(i + 10), private_sg, None), (video, '10.0.200.{}'.format(i + 10), video_sg, None)], volume_size=64) # DCM pool vdcm = 10 for i in range(0, vdcm): ec2.instance_with_interfaces(template=t, name='vdcm{}'.format(i), ami=vdcm_ami, type='c4.2xlarge', keypair=keypair, role='xcdr', placement_group=group, iam_role=iam_role, interfaces=[(private, '10.0.100.{}'.format(i + 20), private_sg, None), (video, '10.0.200.{}'.format(i + 20), video_sg, None)], volume_size=64) return t
def stack(): t = template.create(description='base vpc') keypair = template.add_keypair_parameter(t) zone_1 = template.add_parameter(t, name='zone1', description='availability zone 1') zone_2 = template.add_parameter(t, name='zone2', description='availability zone 2') zone_3 = template.add_parameter(t, name='zone3', description='availability zone 3') worker_ami = template.add_parameter( t, name='workerami', description='ami used for worker, master instance') centos_hardned = template.add_parameter( t, name='centoshardned', description='ami used for bastion instance') iam_role = iam.InstanceProfiles.ec2_full(t) # vpc vpc_param = ec2.vpc(template=t, name='vpc', cidr='10.242.0.0/16') # network & subnets ig, iga = ec2.internet_gateway(template=t, vpc=vpc_param) public_net_1 = ec2.subnet(template=t, name='PublicA', vpc=vpc_param, availability_zone=zone_1, cidr='10.242.0.0/26', gateway=ig) public_net_2 = ec2.subnet(template=t, name='PublicB', vpc=vpc_param, availability_zone=zone_2, cidr='10.242.0.64/26', gateway=ig) public_net_3 = ec2.subnet(template=t, name='PublicC', vpc=vpc_param, availability_zone=zone_3, cidr='10.242.0.128/26', gateway=ig) ng_a = ec2.nat_gateway(template=t, public_subnet=public_net_1, gateway_attachement=iga, name='NatgatewayA') ng_b = ec2.nat_gateway(template=t, public_subnet=public_net_2, gateway_attachement=iga, name='NatgatewayB') ng_c = ec2.nat_gateway(template=t, public_subnet=public_net_3, gateway_attachement=iga, name='NatgatewayC') private_net_1 = ec2.subnet(template=t, name='PrivateA', vpc=vpc_param, availability_zone=zone_1, cidr='10.242.2.0/24', nat=ng_a) private_net_2 = ec2.subnet(template=t, name='PrivateB', vpc=vpc_param, availability_zone=zone_2, cidr='10.242.3.0/24', nat=ng_b) private_net_3 = ec2.subnet(template=t, name='PrivateC', vpc=vpc_param, availability_zone=zone_3, cidr='10.242.4.0/24', nat=ng_c) # security groups bastion_sg = security.get_bastion_security_group(template=t, vpc=vpc_param) # create bastion ec2.instance_with_interfaces(template=t, name='bastion', ami=centos_hardned, type='c4.large', keypair=keypair, role='bastion', interfaces=[(public_net_1, '10.242.0.4', bastion_sg, iga)]) # vpc deployer ec2.instance_with_interfaces(template=t, name='vpcdeployer', ami=worker_ami, type='c4.large', keypair=keypair, role='vpcdeployer', iam_role=iam_role, interfaces=[(public_net_1, '10.242.0.5', bastion_sg, iga)], volume_size=32) template.add_output_ref(template=t, description='vpc_id', value=vpc_param) template.add_output_ref(template=t, description='public_net_1', value=public_net_1) template.add_output_ref(template=t, description='public_net_2', value=public_net_2) template.add_output_ref(template=t, description='public_net_3', value=public_net_3) template.add_output_ref(template=t, description='private_net_1', value=private_net_1) template.add_output_ref(template=t, description='private_net_2', value=private_net_2) template.add_output_ref(template=t, description='private_net_3', value=private_net_3) return t
def stack(): t = template.create(description='helloansible webservers') keypair = template.add_keypair_parameter(t) hostedzonename = template.add_parameter(t, name='ClusterDnsDomainName', description='Domain name') webserverami = template.add_parameter(t, name='webserverami', description='ami used for worker, master instance') centos_hardned = template.add_parameter(t, name='centoshardned', description='ami used for bastion instance') zone1 = template.add_parameter(t, name='zone1', description='availability zone 1') zone2 = template.add_parameter(t, name='zone2', description='availability zone 2') # iam & placement group group = ec2.placement_group(template=t, name='helloansible') iam_role = iam.InstanceProfiles.ecr_full(template=t) # network & subnets network = ec2.vpc(template=t, name='vpc', cidr='10.0.0.0/16') ig, iga = ec2.internet_gateway(template=t, vpc=network) # zone a public1 = ec2.subnet(template=t, name='public1', availability_zone=zone1, cidr='10.0.1.0/24', vpc=network, gateway=ig) nat1 = ec2.nat_gateway(template=t, public_subnet=public1, gateway_attachement=iga, name='nat1') private1 = ec2.subnet(template=t, name='private1', availability_zone=zone1, cidr='10.0.100.0/24', vpc=network, nat=nat1) # zone b public2 = ec2.subnet(template=t, name='public2', availability_zone=zone2, cidr='10.0.2.0/24', vpc=network, gateway=ig) nat2 = ec2.nat_gateway(template=t, public_subnet=public2, gateway_attachement=iga, name='nat2') private2 = ec2.subnet(template=t, name='private2', availability_zone=zone2, cidr='10.0.200.0/24', vpc=network, nat=nat2) # security groups bastion_sg = security.get_bastion_security_group(template=t, vpc=network) private_sg = security.get_private_security_group(template=t, vpc=network, cidr='10.0.0.0/16', desc='private') elb_sg = security.get_elb_security_group(template=t, vpc=network) rule1 = security.rule(protocol='tcp', from_port='8443', to_port='8443', cidr='0.0.0.0/0') rule2 = security.rule(protocol='tcp', from_port='80', to_port='80', cidr='0.0.0.0/0') elb_sg.SecurityGroupIngress.append(rule1) elb_sg.SecurityGroupIngress.append(rule2) # bastion ec2.instance_with_interfaces(template=t, name='bastion', ami=centos_hardned, type='c4.large', keypair=keypair, role='bastion', placement_group=group, iam_role=iam_role, interfaces=[(public1, '10.0.1.4', bastion_sg, iga)], volume_size=64) # webservers instances = [] count = 2 for i in range(0, count): if i % 2 == 0: # zone a webserver_network = private1 webserver_ip = '10.0.100.2{}' else: # zone b webserver_network = private2 webserver_ip = '10.0.200.2{}' webserver = ec2.instance_with_interfaces(template=t, name='webserver{}'.format(i+1), ami=webserverami, type='c4.large', keypair=keypair, role='webserver', volume_size=32, interfaces=[(webserver_network, webserver_ip.format(i), private_sg, None)]) instances.append(webserver) websrvelb = elb.elastic_lb(template=t, name="websrvelb", instances=instances, subnets=[public1,public2], instance_port=80, load_balancer_port=80, instance_proto="TCP", load_balancer_proto="TCP", securitygroups=[elb_sg], health_check=elb.health_check(name='masterlbhealthcheck')) route53.elb(template=t, name="webserverRoute", hostedzonename=hostedzonename, elasticLB=websrvelb, subdomain='*') return t
def stack(): # deployer_ami = 'ami-9501bcec' # cloud-init fixed deployer_ami = 'ami-e167e298' # cloud-init fixed, disabled NM worker_ami = ec2.AMI.centos_sriov t = template.create(description='Monitoring test setup') keypair = template.add_keypair_parameter(t) group = ec2.placement_group(template=t, name='monitorgroup') iam_role = 'ECRFACC' hostedzonename = 'kortrijkprodops.com.' # network & subnets cidr = '10.0.0.0/16' network = ec2.vpc(template=t, name='vpc', cidr=cidr) ig, iga = ec2.internet_gateway(template=t, vpc=network) public_subnet = ec2.subnet(template=t, name='public', cidr='10.0.0.0/24', vpc=network, gateway=ig) ng = ec2.nat_gateway(template=t, public_subnet=public_subnet, gateway_attachement=iga) private_subnet = ec2.subnet(template=t, name='management', cidr='10.0.10.0/24', vpc=network, nat=ng) # security groups bastion_sg = security.get_bastion_security_group(template=t, vpc=network) private_sg = security.get_private_security_group(template=t, vpc=network, cidr=cidr, desc='vdcmmanagement') vsm_sg = security.get_vsm_security_group(template=t, vpc=network) # bastion ec2.instance_with_interfaces(template=t, name='bastion', ami=ec2.AMI.centos_hardned, type='t2.micro', keypair=keypair, role='bastion', placement_group=None, interfaces=[ (public_subnet, '10.0.0.6', bastion_sg, iga), ]) # deployer ec2.instance_with_interfaces(template=t, name='deployer', ami=deployer_ami, type='c3.2xlarge', keypair=keypair, role='deployer', iam_role=iam_role, interfaces=[(private_subnet, '10.0.10.5', private_sg, None)], volume_size=64) master_instances = [] masters = 1 for i in range(0, masters): private_if = ec2.interface(template=t, name='master{}eth1'.format(i), subnet=private_subnet, ip_address='10.0.10.1{}'.format(i), security_groups=private_sg) master = ec2.instance( template=t, name='master{}'.format(i + 1), ami=worker_ami, type='c4.2xlarge', keypair=keypair, role='master', placement_group=group, iam_role=iam_role, interfaces=[private_if], volume_size=64, ) master_instances.append(master) elasticLB = elb.elastic_lb(template=t, name='masterlb', instances=master_instances, subnets=[public_subnet], load_balancer_port=8443, instance_port=8443, securitygroups=[vsm_sg]) route53.elb(template=t, name='master', hostedzonename=hostedzonename, elasticLB=elasticLB, dns='master') worker_instances = [] workers = 2 for i in range(0, workers): worker = ec2.instance_with_interfaces(template=t, name='worker{}'.format(i + 1), ami=worker_ami, type='c4.2xlarge', keypair=keypair, role='worker', placement_group=group, iam_role=iam_role, interfaces=[ (private_subnet, '10.0.10.2{}'.format(i), private_sg, None) ], volume_size=32) worker_instances.append(worker) elasticLB = elb.elastic_lb(template=t, name='workerlb', instances=worker_instances, subnets=[public_subnet], load_balancer_port=80, instance_port=30101, instance_proto="HTTP", load_balancer_proto="HTTP", securitygroups=[vsm_sg]) route53.elb(template=t, name='worker', hostedzonename=hostedzonename, elasticLB=elasticLB, subdomain='linear.rock') return t
def stack(): t = template.create(description='IPS') keypair = template.add_keypair_parameter(t) template.add_parameter(t, name='ClusterDnsDomainName', description='Domain name for cluster') centos_hardned = template.add_parameter( t, name='centoshardned', description='ami used for bastion instance') vdcm_ami = template.add_parameter(t, name='vdcm8', description='ami used for vdcm instance') zone1 = template.add_parameter(t, name='zone1', description='availability zone 1') template.add_parameter(t, name='zone2', description='availability zone 2') # iam & placement group group = ec2.placement_group(template=t, name='ipsgroup') iam_role = iam.InstanceProfiles.s3_full(template=t) # network & subnets network = ec2.vpc(template=t, name='vpc', cidr='10.0.0.0/16') ig, iga = ec2.internet_gateway(template=t, vpc=network) public = ec2.subnet(template=t, name='public', availability_zone=zone1, cidr='10.0.0.0/24', vpc=network, gateway=ig) ng = ec2.nat_gateway(template=t, public_subnet=public, gateway_attachement=iga) private = ec2.subnet(template=t, name='private', availability_zone=zone1, cidr='10.0.100.0/24', vpc=network, nat=ng) # security groups bastion_sg = security.get_bastion_security_group(template=t, vpc=network) private_sg = security.get_private_security_group(template=t, vpc=network, cidr='10.0.0.0/16', desc='private') # bastion ec2.instance_with_interfaces(template=t, name='bastion', ami=centos_hardned, type='c4.large', keypair=keypair, role='bastion', placement_group=group, iam_role=iam_role, interfaces=[(public, '10.0.0.4', bastion_sg, iga)], volume_size=64) # streamer ec2.instance_with_interfaces(template=t, name='ipstreamer', ami=centos_hardned, type='c4.2xlarge', keypair=keypair, role='ips', placement_group=group, iam_role=iam_role, interfaces=[(private, '10.0.100.5', private_sg, None)], volume_size=64) # vdcm ec2.instance_with_interfaces(template=t, name='vdcm', ami=vdcm_ami, type='c4.2xlarge', keypair=keypair, role='vdcm', placement_group=group, iam_role=iam_role, interfaces=[(private, '10.0.100.10', private_sg, None)], volume_size=64) return t
def stack(): t = template.create(description='openshift-ha') keypair = template.add_keypair_parameter(t) hostedzonename = template.add_parameter( t, name='ClusterDnsDomainName', description='Domain name for cluster') deployer_ami = template.add_parameter( t, name='deployerami', description='ami used for deployer instance') worker_ami = template.add_parameter( t, name='workerami', description='ami used for worker, master instance') centos_hardned = template.add_parameter( t, name='centoshardned', description='ami used for bastion instance') zone1 = template.add_parameter(t, name='zone1', description='availability zone 1') zone2 = template.add_parameter(t, name='zone2', description='availability zone 2') # iam & placement group # group = ec2.placement_group(template=t, name='openshiftgroup') iam_role = iam.InstanceProfiles.ecr_full(template=t) # network & subnets network = ec2.vpc(template=t, name='vpc', cidr='10.0.0.0/16') ig, iga = ec2.internet_gateway(template=t, vpc=network) # zone a public1 = ec2.subnet(template=t, name='public1', availability_zone=zone1, cidr='10.0.1.0/24', vpc=network, gateway=ig) nat1 = ec2.nat_gateway(template=t, public_subnet=public1, gateway_attachement=iga, name='nat1') private1 = ec2.subnet(template=t, name='private1', availability_zone=zone1, cidr='10.0.100.0/24', vpc=network, nat=nat1) # zone b public2 = ec2.subnet(template=t, name='public2', availability_zone=zone2, cidr='10.0.2.0/24', vpc=network, gateway=ig) nat2 = ec2.nat_gateway(template=t, public_subnet=public2, gateway_attachement=iga, name='nat2') private2 = ec2.subnet(template=t, name='private2', availability_zone=zone2, cidr='10.0.200.0/24', vpc=network, nat=nat2) publicnets = [public1, public2] privatenets = [private1, private2] # security groups bastion_sg = security.get_bastion_security_group(template=t, vpc=network) private_sg = security.get_private_security_group(template=t, vpc=network, cidr='10.0.0.0/16', desc='private') elb_sg = security.get_elb_security_group(template=t, vpc=network) mpe_out = security.rule(protocol='tcp', from_port='80', to_port='80', cidr='0.0.0.0/0') elb_sg.SecurityGroupIngress = [mpe_out] master_elb_sg = security.get_elb_security_group( template=t, vpc=network, sg_name='mastersecuritygroup', cidr=security.CISCO_CIDR) # bastion ec2.instance_with_interfaces(template=t, name='bastion', ami=centos_hardned, type='c4.large', keypair=keypair, role='bastion', interfaces=[(public1, '10.0.1.4', bastion_sg, iga)], volume_size=64) # deployer ec2.instance_with_interfaces(template=t, name='deployer', ami=deployer_ami, type='c4.2xlarge', keypair=keypair, role='deployer', iam_role=iam_role, interfaces=[(private1, '10.0.100.5', private_sg, None)], volume_size=64) # masters master1 = ec2.instance_with_interfaces(template=t, name='master1', ami=worker_ami, type='c4.2xlarge', keypair=keypair, role='master', interfaces=[ (private1, '10.0.100.11', private_sg, None) ], volume_size=64) master2 = ec2.instance_with_interfaces(template=t, name='master2', ami=worker_ami, type='c4.2xlarge', keypair=keypair, role='master', interfaces=[ (private2, '10.0.200.11', private_sg, None) ], volume_size=64) masterlb = elb.elastic_lb( template=t, name="masterLB", instances=[master1, master2], subnets=publicnets, instance_port=8443, load_balancer_port=8443, securitygroups=[master_elb_sg], load_balancer_proto='TCP', instance_proto='TCP', health_check=elb.health_check(name='masterlbhealthcheck')) route53.elb(template=t, name="masterDns", hostedzonename=hostedzonename, elasticLB=masterlb, dns='master') masterlbint = elb.elastic_lb( template=t, name="masterLBint", instances=[master1, master2], subnets=privatenets, instance_port=8443, load_balancer_port=8443, securitygroups=[private_sg], load_balancer_proto='TCP', instance_proto='TCP', health_check=elb.health_check(name='masterlbhealthcheck'), scheme="internal") route53.elb(template=t, name="masterDnsInt", hostedzonename=hostedzonename, elasticLB=masterlbint, dns='int-master') # workers instances = [] nodes = 2 for i in range(0, nodes): if i % 2 == 0: # zone a node_network = private1 node_ip = '10.0.100.2{}' else: # zone b node_network = private2 node_ip = '10.0.200.2{}' worker = ec2.instance_with_interfaces(template=t, name='node{}'.format(i + 1), ami=worker_ami, type='c4.4xlarge', keypair=keypair, role='worker', volume_size=32, interfaces=[(node_network, node_ip.format(i), private_sg, None)]) instances.append(worker) mpelb = elb.app_elb(template=t, name="mpeLB", subnets=publicnets, instances=instances, vpc=network, securitygroups=[elb_sg], instance_port=80, load_balancer_port=80, instance_proto="HTTP", load_balancer_proto="HTTP") route53.elb(template=t, name="mpeRoute", hostedzonename=hostedzonename, elasticLB=mpelb, subdomain='*') return t
def stack(): t = template.create(description='Lisa test setup') keypair = template.add_keypair_parameter(t) group = ec2.placement_group(template=t, name='lisagroup') iam_s3_full = iam.InstanceProfiles.s3_full(template=t) iam_ec2_full = iam.InstanceProfiles.ec2_full(template=t) # network & subnets cidr = '10.0.0.0/16' network = ec2.vpc(template=t, name='vpc', cidr=cidr) ig, iga = ec2.internet_gateway(template=t, vpc=network) public_subnet = ec2.subnet(template=t, name='public', cidr='10.0.0.0/24', vpc=network, gateway=ig) ng = ec2.nat_gateway(template=t, public_subnet=public_subnet, gateway_attachement=iga) private_subnet = ec2.subnet(template=t, name='management', cidr='10.0.10.0/24', vpc=network, nat=ng) video_subnet = ec2.subnet(template=t, name='video', cidr='10.0.100.0/24', vpc=network) # security groups bastion_sg = security.get_bastion_security_group(template=t, vpc=network) # in order for the pyaws magic to find this network to work, this needs to be called 'vdcmmanagement' mgmt_sg = security.get_private_security_group(template=t, vpc=network, cidr=cidr, desc='vdcmmanagement') # in order for the pyaws magic to find this network to work, this needs to be called vdcmvideo video_sg = security.get_private_security_group(template=t, vpc=network, cidr=cidr, desc='vdcmvideo') # bastion ec2.instance_with_interfaces(template=t, name='bastion', ami=ec2.AMI.centos_hardned, type='t2.micro', keypair=keypair, role='bastion', placement_group=None, interfaces=[ (public_subnet, '10.0.0.6', bastion_sg, iga), ]) # testserver testserver = ec2.instance_with_interfaces(template=t, name='testserver', ami=ec2.AMI.public_centos, type='t2.medium', keypair=keypair, role='maggie', volume_size=32, iam_role=iam_ec2_full, interfaces=[(private_subnet, '10.0.10.5', mgmt_sg, None), ] ) # ips ec2.instance_with_interfaces(template=t, name='streamer', ami=ec2.AMI.centos_sriov, type='c4.2xlarge', keypair=keypair, role='ips', user_data=ec2.ETH1_USER_DATA, placement_group=group, iam_role=iam_s3_full, volume_size=64, interfaces=[(private_subnet, '10.0.10.9', mgmt_sg, None), (video_subnet, '10.0.100.9', video_sg, None)]) # vdcm used to stream ec2.instance_with_interfaces(template=t, name='vdcmstreamer', ami=ec2.AMI.vdcm_8, type='c4.2xlarge', keypair=keypair, role='vdcmstreamer', placement_group=group, iam_role=iam_s3_full, interfaces=[(private_subnet, '10.0.10.10', mgmt_sg, None), (video_subnet, '10.0.100.10', video_sg, None)]) pool_of_vdcm = 0 for i in range(0, pool_of_vdcm): ec2.instance_with_interfaces(template=t, name='vdcm{}'.format(i), ami=ec2.AMI.vdcm_9, type='c4.4xlarge', keypair=keypair, role='vdcm', placement_group=group, interfaces=[(private_subnet, '10.0.10.{}'.format(100 + i), mgmt_sg, None), (video_subnet, '10.0.100.{}'.format(100 + i), video_sg, None)]) hostedzonename = 'kortrijkprodops.com.' elasticLB = elb.elastic_lb(template=t, name='elb' + testserver.title, instances=[testserver], subnets=[public_subnet], instance_port=443, load_balancer_port=443, securitygroups=[bastion_sg]) route53.elb(template=t, name='testserverdns', hostedzonename=hostedzonename, elasticLB=elasticLB, dns='testserver') return t