commit | author | age
|
e2d605
|
1 |
#jinja2: lstrip_blocks: True |
S |
2 |
--- |
|
3 |
AWSTemplateFormatVersion: "2010-09-09" |
|
4 |
Mappings: |
c73d82
|
5 |
{% include 'templates/region_mapping.j2' %} |
e2d605
|
6 |
|
S |
7 |
Resources: |
|
8 |
Vpc: |
|
9 |
Type: "AWS::EC2::VPC" |
|
10 |
Properties: |
|
11 |
CidrBlock: "192.199.0.0/16" |
|
12 |
EnableDnsSupport: true |
|
13 |
EnableDnsHostnames: true |
|
14 |
Tags: |
|
15 |
- Key: Name |
|
16 |
Value: "{{vpcid_name_tag}}" |
|
17 |
- Key: Hostlication |
|
18 |
Value: |
|
19 |
Ref: "AWS::StackId" |
|
20 |
|
|
21 |
VpcInternetGateway: |
|
22 |
Type: "AWS::EC2::InternetGateway" |
|
23 |
|
|
24 |
VpcGA: |
|
25 |
Type: "AWS::EC2::VPCGatewayAttachment" |
|
26 |
Properties: |
|
27 |
InternetGatewayId: |
|
28 |
Ref: VpcInternetGateway |
|
29 |
VpcId: |
|
30 |
Ref: Vpc |
|
31 |
|
|
32 |
VpcRouteTable: |
|
33 |
Type: "AWS::EC2::RouteTable" |
|
34 |
Properties: |
|
35 |
VpcId: |
|
36 |
Ref: Vpc |
|
37 |
|
|
38 |
VPCRouteInternetGateway: |
|
39 |
DependsOn: VpcGA |
|
40 |
Type: "AWS::EC2::Route" |
|
41 |
Properties: |
|
42 |
GatewayId: |
|
43 |
Ref: VpcInternetGateway |
|
44 |
DestinationCidrBlock: "0.0.0.0/0" |
|
45 |
RouteTableId: |
|
46 |
Ref: VpcRouteTable |
|
47 |
|
|
48 |
PublicSubnet: |
|
49 |
Type: "AWS::EC2::Subnet" |
|
50 |
DependsOn: |
|
51 |
- Vpc |
|
52 |
Properties: |
3934e2
|
53 |
{% if aws_availability_zone is defined %} |
WK |
54 |
AvailabilityZone: {{ aws_availability_zone }} |
|
55 |
{% endif %} |
e2d605
|
56 |
CidrBlock: "192.199.0.0/24" |
S |
57 |
Tags: |
|
58 |
- Key: Name |
|
59 |
Value: "{{project_tag}}" |
|
60 |
- Key: Hostlication |
|
61 |
Value: |
|
62 |
Ref: "AWS::StackId" |
|
63 |
MapPublicIpOnLaunch: true |
|
64 |
VpcId: |
|
65 |
Ref: Vpc |
c73d82
|
66 |
|
e2d605
|
67 |
|
S |
68 |
PublicSubnetRTA: |
|
69 |
Type: "AWS::EC2::SubnetRouteTableAssociation" |
|
70 |
Properties: |
|
71 |
RouteTableId: |
|
72 |
Ref: VpcRouteTable |
|
73 |
SubnetId: |
|
74 |
Ref: PublicSubnet |
|
75 |
|
|
76 |
HostSG: |
|
77 |
Type: "AWS::EC2::SecurityGroup" |
|
78 |
Properties: |
|
79 |
GroupDescription: Host |
|
80 |
VpcId: |
|
81 |
Ref: Vpc |
|
82 |
Tags: |
|
83 |
- Key: Name |
|
84 |
Value: host_sg |
|
85 |
|
|
86 |
HostUDPPorts: |
|
87 |
Type: "AWS::EC2::SecurityGroupIngress" |
|
88 |
Properties: |
|
89 |
GroupId: |
|
90 |
Fn::GetAtt: |
|
91 |
- HostSG |
|
92 |
- GroupId |
|
93 |
IpProtocol: udp |
|
94 |
FromPort: 0 |
|
95 |
ToPort: 65535 |
|
96 |
CidrIp: "0.0.0.0/0" |
|
97 |
|
|
98 |
HostTCPPorts: |
|
99 |
Type: "AWS::EC2::SecurityGroupIngress" |
|
100 |
Properties: |
|
101 |
GroupId: |
|
102 |
Fn::GetAtt: |
|
103 |
- HostSG |
|
104 |
- GroupId |
|
105 |
IpProtocol: tcp |
|
106 |
FromPort: 0 |
|
107 |
ToPort: 65535 |
|
108 |
CidrIp: "0.0.0.0/0" |
|
109 |
|
|
110 |
zoneinternalidns: |
|
111 |
Type: "AWS::Route53::HostedZone" |
|
112 |
Properties: |
|
113 |
Name: "{{ zone_internal_dns }}" |
|
114 |
VPCs: |
|
115 |
- VPCId: |
|
116 |
Ref: Vpc |
|
117 |
VPCRegion: |
|
118 |
Ref: "AWS::Region" |
|
119 |
HostedZoneConfig: |
|
120 |
Comment: "Created By ansible agnostic deployer" |
|
121 |
|
|
122 |
CerttestDNS: |
|
123 |
Type: AWS::Route53::RecordSetGroup |
|
124 |
DependsOn: |
|
125 |
- master1EIP |
|
126 |
Properties: |
|
127 |
HostedZoneId: "{{HostedZoneId}}" |
|
128 |
RecordSets: |
|
129 |
- Name: "{{certtest_public_dns}}" |
|
130 |
Type: A |
|
131 |
TTL: 10 |
|
132 |
ResourceRecords: |
|
133 |
- Fn::GetAtt: |
|
134 |
- master1 |
|
135 |
- PublicIp |
|
136 |
|
|
137 |
CloudDNS: |
|
138 |
Type: AWS::Route53::RecordSetGroup |
|
139 |
DependsOn: |
|
140 |
{% for c in range(1,(infranode_instance_count|int)+1) %} |
|
141 |
- "infranode{{loop.index}}EIP" |
|
142 |
{% endfor %} |
|
143 |
Properties: |
|
144 |
HostedZoneId: "{{HostedZoneId}}" |
|
145 |
RecordSets: |
|
146 |
- Name: "{{cloudapps_dns}}" |
|
147 |
Type: A |
|
148 |
TTL: 900 |
|
149 |
ResourceRecords: |
|
150 |
{% for c in range(1,(infranode_instance_count|int)+1) %} |
|
151 |
- Fn::GetAtt: |
|
152 |
- infranode{{loop.index}} |
|
153 |
- PublicIp |
|
154 |
{% endfor %} |
c73d82
|
155 |
|
GC |
156 |
clientVMLaunchConfiguration: |
|
157 |
Type: AWS::AutoScaling::LaunchConfiguration |
|
158 |
DependsOn: HostSG |
|
159 |
Properties: |
|
160 |
AssociatePublicIpAddress: True |
|
161 |
BlockDeviceMappings: |
|
162 |
- DeviceName: "/dev/sda1" |
|
163 |
Ebs: |
|
164 |
VolumeSize: {{ rootfs_size_clientvm }} |
|
165 |
- DeviceName: "{{docker_device}}" |
|
166 |
Ebs: |
|
167 |
VolumeSize: 100 |
|
168 |
VolumeType: gp2 |
|
169 |
ImageId: |
|
170 |
Fn::FindInMap: |
|
171 |
- RegionMapping |
|
172 |
- Ref: AWS::Region |
|
173 |
- RHELAMI |
|
174 |
InstanceType: {{clientvm_instance_type}} |
|
175 |
KeyName: {{key_name}} |
|
176 |
SecurityGroups: |
|
177 |
- "Fn::GetAtt": |
|
178 |
- HostSG |
|
179 |
- GroupId |
|
180 |
|
|
181 |
clientVMScalingGroup: |
|
182 |
Type: AWS::AutoScaling::AutoScalingGroup |
|
183 |
DependsOn: VpcGA |
|
184 |
Properties: |
|
185 |
VPCZoneIdentifier: |
|
186 |
- Ref: PublicSubnet |
|
187 |
#AvailabilityZones: |
|
188 |
# Fn::GetAZs: "" |
|
189 |
# - Fn::GetAtt: |
|
190 |
# - PublicSubnetClientVM |
|
191 |
# - AvailabilityZone |
|
192 |
# - Fn::GetAtt: |
|
193 |
# - PublicSubnetClientVM2 |
|
194 |
# - AvailabilityZone |
|
195 |
LaunchConfigurationName: |
|
196 |
Ref: clientVMLaunchConfiguration |
|
197 |
MinSize: {{num_users}} |
|
198 |
MaxSize: 200 |
|
199 |
DesiredCapacity: {{num_users}} |
|
200 |
Tags: |
|
201 |
- Key: "owner" |
|
202 |
Value: "{{ email | default('unknownuser') }}" |
|
203 |
PropagateAtLaunch: True |
|
204 |
- Key: "Project" |
|
205 |
Value: "{{project_tag}}" |
|
206 |
PropagateAtLaunch: True |
|
207 |
- Key: "{{project_tag}}" |
|
208 |
Value: "clientvm" |
|
209 |
PropagateAtLaunch: True |
|
210 |
- Key: "AnsibleGroup" |
|
211 |
Value: "clientvms" |
|
212 |
PropagateAtLaunch: True |
|
213 |
- Key: "ostype" |
|
214 |
Value: "linux" |
|
215 |
PropagateAtLaunch: True |
|
216 |
|
e2d605
|
217 |
|
S |
218 |
{% for instance in instances %} |
|
219 |
{% if instance['dns_loadbalancer']|d(false)|bool and not instance['unique']|d(false)|bool %} |
|
220 |
{{instance['name']}}DNSLoadBalancer: |
|
221 |
Type: "AWS::Route53::RecordSetGroup" |
|
222 |
DependsOn: |
|
223 |
{% for c in range(1, (instance['count']|int)+1) %} |
|
224 |
- {{instance['name']}}{{c}}EIP |
|
225 |
{% endfor %} |
|
226 |
Properties: |
|
227 |
HostedZoneId: {{HostedZoneId}} |
|
228 |
RecordSets: |
|
229 |
- Name: "{{instance['name']}}.{{subdomain_base}}." |
|
230 |
Type: A |
|
231 |
TTL: 900 |
|
232 |
ResourceRecords: |
|
233 |
{% for c in range(1,(instance['count'] |int)+1) %} |
|
234 |
- "Fn::GetAtt": |
|
235 |
- {{instance['name']}}{{c}} |
|
236 |
- PublicIp |
|
237 |
{% endfor %} |
|
238 |
{% endif %} |
|
239 |
|
|
240 |
{% for c in range(1,(instance['count'] |int)+1) %} |
|
241 |
{{instance['name']}}{{loop.index}}: |
|
242 |
Type: "AWS::EC2::Instance" |
|
243 |
Properties: |
|
244 |
ImageId: |
|
245 |
Fn::FindInMap: |
|
246 |
- RegionMapping |
|
247 |
- Ref: AWS::Region |
|
248 |
- {{ instance['image_id'] | default('RHELAMI') }} |
|
249 |
InstanceType: "{{instance['flavor'][cloud_provider]}}" |
|
250 |
KeyName: "{{instance['key_name'] | default(key_name)}}" |
|
251 |
{% if instance['UserData'] is defined %} |
|
252 |
{{instance['UserData']}} |
|
253 |
{% endif %} |
|
254 |
SecurityGroupIds: |
|
255 |
- "Fn::GetAtt": |
|
256 |
- HostSG |
|
257 |
- GroupId |
|
258 |
SubnetId: |
|
259 |
Ref: PublicSubnet |
|
260 |
Tags: |
|
261 |
{% if instance['unique'] | d(false) | bool %} |
|
262 |
- Key: Name |
|
263 |
Value: {{instance['name']}} |
|
264 |
- Key: internaldns |
|
265 |
Value: {{instance['name']}}.{{chomped_zone_internal_dns}} |
|
266 |
{% else %} |
|
267 |
- Key: Name |
|
268 |
Value: {{instance['name']}}{{loop.index}} |
|
269 |
- Key: internaldns |
|
270 |
Value: {{instance['name']}}{{loop.index}}.{{chomped_zone_internal_dns}} |
|
271 |
{% endif %} |
|
272 |
{% if instance['name'] == 'node' %} |
|
273 |
{% if c > (node_instance_count|int) - (new_node_instance_count|int) %} |
|
274 |
- Key: newnode |
|
275 |
Value: true |
|
276 |
{% endif %} |
|
277 |
{% endif %} |
|
278 |
- Key: "owner" |
|
279 |
Value: "{{ email | default('unknownuser') }}" |
|
280 |
- Key: "Project" |
|
281 |
Value: "{{project_tag}}" |
|
282 |
- Key: "{{project_tag}}" |
|
283 |
Value: "{{ instance['name'] }}" |
|
284 |
{% for tag in instance['tags'] %} |
|
285 |
- Key: {{tag['key']}} |
|
286 |
Value: {{tag['value']}} |
|
287 |
{% endfor %} |
|
288 |
BlockDeviceMappings: |
|
289 |
- DeviceName: "/dev/sda1" |
|
290 |
Ebs: |
|
291 |
VolumeSize: {{ instance['rootfs_size'] | default('50') }} |
|
292 |
{% for vol in instance['volumes']|default([]) if |
|
293 |
(vol.purpose|d('') == 'glusterfs' and install_glusterfs|bool) |
|
294 |
or (vol.purpose|d('') == 'nfs' and install_nfs|bool) |
|
295 |
or vol.purpose|d('') not in ['glusterfs', 'nfs'] %} |
|
296 |
- DeviceName: "{{ vol['device_name'] }}" |
|
297 |
Ebs: |
|
298 |
VolumeType: "{{ vol['volume_type'] | d('gp2') }}" |
|
299 |
VolumeSize: "{{ vol['volume_size'] | d('20') }}" |
|
300 |
{% endfor %} |
|
301 |
|
|
302 |
{{instance['name']}}{{loop.index}}InternalDNS: |
|
303 |
Type: "AWS::Route53::RecordSetGroup" |
|
304 |
Properties: |
|
305 |
HostedZoneId: |
|
306 |
Ref: zoneinternalidns |
|
307 |
RecordSets: |
|
308 |
{% if instance['unique'] | d(false) | bool %} |
|
309 |
- Name: "{{instance['name']}}.{{zone_internal_dns}}" |
|
310 |
{% else %} |
|
311 |
- Name: "{{instance['name']}}{{loop.index}}.{{zone_internal_dns}}" |
|
312 |
{% endif %} |
|
313 |
Type: A |
|
314 |
TTL: 10 |
|
315 |
ResourceRecords: |
|
316 |
- "Fn::GetAtt": |
|
317 |
- {{instance['name']}}{{loop.index}} |
|
318 |
- PrivateIp |
|
319 |
|
|
320 |
{% if instance['public_dns'] %} |
|
321 |
{{instance['name']}}{{loop.index}}EIP: |
|
322 |
Type: "AWS::EC2::EIP" |
|
323 |
DependsOn: |
|
324 |
- VpcGA |
|
325 |
Properties: |
|
326 |
InstanceId: |
|
327 |
Ref: {{instance['name']}}{{loop.index}} |
|
328 |
|
|
329 |
{{instance['name']}}{{loop.index}}PublicDNS: |
|
330 |
Type: "AWS::Route53::RecordSetGroup" |
|
331 |
DependsOn: |
|
332 |
- {{instance['name']}}{{loop.index}}EIP |
|
333 |
Properties: |
|
334 |
HostedZoneId: {{HostedZoneId}} |
|
335 |
RecordSets: |
|
336 |
{% if instance['unique'] | d(false) | bool %} |
|
337 |
- Name: "{{instance['name']}}.{{subdomain_base}}." |
|
338 |
{% else %} |
|
339 |
- Name: "{{instance['name']}}{{loop.index}}.{{subdomain_base}}." |
|
340 |
{% endif %} |
|
341 |
Type: A |
|
342 |
TTL: 10 |
|
343 |
ResourceRecords: |
|
344 |
- "Fn::GetAtt": |
|
345 |
- {{instance['name']}}{{loop.index}} |
|
346 |
- PublicIp |
|
347 |
{% endif %} |
|
348 |
{% endfor %} |
|
349 |
{% endfor %} |
|
350 |
|
|
351 |
Route53User: |
|
352 |
Type: AWS::IAM::User |
|
353 |
Properties: |
|
354 |
Policies: |
|
355 |
- PolicyName: Route53Access |
|
356 |
PolicyDocument: |
|
357 |
Statement: |
|
358 |
- Effect: Allow |
|
359 |
Action: route53domains:* |
|
360 |
Resource: "*" |
|
361 |
- Effect: Allow |
|
362 |
Action: route53:* |
|
363 |
Resource: "*" |
|
364 |
|
|
365 |
Route53UserAccessKey: |
|
366 |
DependsOn: Route53User |
|
367 |
Type: AWS::IAM::AccessKey |
|
368 |
Properties: |
|
369 |
UserName: |
|
370 |
Ref: Route53User |
|
371 |
|
|
372 |
RegistryS3: |
|
373 |
Type: "AWS::S3::Bucket" |
|
374 |
Properties: |
|
375 |
BucketName: "{{ env_type }}-{{ guid }}" |
|
376 |
Tags: |
|
377 |
- Key: Name |
|
378 |
Value: "s3-{{ env_type }}-{{ guid }}" |
|
379 |
- Key: Project |
|
380 |
Value: "{{project_tag}}" |
|
381 |
- Key: owner |
|
382 |
Value: "{{ email | default('unknown')}}" |
|
383 |
|
|
384 |
S3User: |
|
385 |
Type: AWS::IAM::User |
|
386 |
DependsOn: |
|
387 |
- RegistryS3 |
|
388 |
Properties: |
|
389 |
Policies: |
|
390 |
- PolicyName: S3Access |
|
391 |
PolicyDocument: |
|
392 |
Statement: |
|
393 |
- Effect: Allow |
|
394 |
Action: s3:ListAllMyBuckets |
|
395 |
Resource: "*" |
|
396 |
- Effect: Allow |
|
397 |
Action: "s3:*" |
|
398 |
Resource: |
|
399 |
Fn::Join: |
|
400 |
- "" |
|
401 |
- - "arn:aws:s3:::" |
|
402 |
- Ref: RegistryS3 |
|
403 |
- "/*" |
|
404 |
|
|
405 |
S3UserAccessKey: |
|
406 |
Type: AWS::IAM::AccessKey |
|
407 |
DependsOn: |
|
408 |
- S3User |
|
409 |
Properties: |
|
410 |
UserName: |
|
411 |
Ref: S3User |
|
412 |
|
|
413 |
BucketPolicy: |
|
414 |
Type: AWS::S3::BucketPolicy |
|
415 |
DependsOn: |
|
416 |
- RegistryS3 |
|
417 |
Properties: |
|
418 |
PolicyDocument: |
|
419 |
Id: Give registry access to user |
|
420 |
Statement: |
|
421 |
- Sid: AllAccess |
|
422 |
Action: |
|
423 |
- "s3:*" |
|
424 |
Effect: Allow |
|
425 |
Resource: |
|
426 |
Fn::Join: |
|
427 |
- "" |
|
428 |
- - "arn:aws:s3:::" |
|
429 |
- Ref: RegistryS3 |
|
430 |
Principal: |
|
431 |
AWS: |
|
432 |
Fn::GetAtt: |
|
433 |
- S3User |
|
434 |
- Arn |
|
435 |
Bucket: |
|
436 |
Ref: RegistryS3 |
|
437 |
|
|
438 |
Outputs: |
c73d82
|
439 |
AutoScalingGroupClientVM: |
GC |
440 |
Value: |
|
441 |
Ref: clientVMScalingGroup |
e2d605
|
442 |
Route53internalzoneOutput: |
S |
443 |
Description: The ID of the internal route 53 zone |
|
444 |
Value: |
|
445 |
Ref: zoneinternalidns |
|
446 |
S3User: |
|
447 |
Value: |
|
448 |
Ref: S3User |
|
449 |
Description: IAM User for RegistryS3 |
|
450 |
S3UserAccessKey: |
|
451 |
Value: |
|
452 |
Ref: S3UserAccessKey |
|
453 |
Description: IAM User for RegistryS3 |
|
454 |
S3UserSecretAccessKey: |
|
455 |
Value: |
|
456 |
Fn::GetAtt: |
|
457 |
- S3UserAccessKey |
|
458 |
- SecretAccessKey |
|
459 |
Description: IAM User for RegistryS3 |
|
460 |
Route53User: |
|
461 |
Value: |
|
462 |
Ref: Route53User |
|
463 |
Description: IAM User for Route53 (Let's Encrypt) |
|
464 |
Route53UserAccessKey: |
|
465 |
Value: |
|
466 |
Ref: Route53UserAccessKey |
|
467 |
Description: IAM User for Route53 (Let's Encrypt) |
|
468 |
Route53UserSecretAccessKey: |
|
469 |
Value: |
|
470 |
Fn::GetAtt: |
|
471 |
- Route53UserAccessKey |
|
472 |
- SecretAccessKey |
|
473 |
Description: IAM User for Route53 (Let's Encrypt) |