added target cfm from ditc

EC2 Default User · EC2 Default User · commit 80cb6f2079ff · 2012-06-23T03:02:56.000Z
diff --git a/software/infrastructure/target.template b/software/infrastructure/target.template
@@ -0,0 +1,304 @@
+{
+  "AWSTemplateFormatVersion" : "2010-09-09",
+  
+  "Description" : "CloudFormation Template to provision a target environment for the rails sample app",
+  
+  "Parameters" : {
+      
+    "KeyName" : {
+      "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances",
+      "Type" : "String",
+      "Default" : "ditc",
+      "MinLength": "1",
+      "MaxLength": "64",
+      "AllowedPattern" : "[-_ a-zA-Z0-9]*",
+      "ConstraintDescription" : "can contain only alphanumeric characters, spaces, dashes and underscores."
+    },
+
+    "InstanceType" : {
+      "Description" : "EC2 instance type",
+      "Type" : "String",
+      "Default" : "c1.medium",
+      "ConstraintDescription" : "must be a valid EC2 instance type."
+    },
+
+	"ApplicationName" : {
+	  "Description" : "CNAME for the application",
+	  "Type" : "String",
+	  "Default" : "target"
+	},
+	
+	"HostedZone" : {
+	  "Description" : "Domain to use",
+	  "Type" : "String",
+	  "Default" : "devopscloud.com"
+	},
+	
+	"EnvironmentType" : {
+	  "Description" : "Mode for rails to run in",
+	  "Type" : "String",
+	  "Default" : "development"
+	},
+	
+	"PrivateBucket" : {
+      "Description" : "S3 bucket for storing credentials",
+      "Type" : "String",
+      "Default" : "stelligentlabs-private",
+      "ConstraintDescription" : "Must be a valid S3 Bucket"
+    },
+	
+	"PublicBucket" : {
+	  "Description" : "S3 bucket for storing build artifacts",
+      "Type" : "String",
+      "Default" : "stelligentlabs",
+      "ConstraintDescription" : "Must be a valid S3 Bucket"
+	}
+  },
+  
+  "Mappings" : {
+    "AWSInstanceType2Arch" : {
+      "t1.micro"    : { "Arch" : "64" },
+      "m1.large"    : { "Arch" : "64" },
+      "c1.medium"   : { "Arch" : "64" }
+    },
+    "AWSRegionArch2AMI" : {
+      "us-east-1"      : { "64" : "ami-7341831a" }
+    }
+  },
+    
+  "Resources" : {     
+      
+    "CfnUser" : {
+      "Type" : "AWS::IAM::User",
+      "Properties" : {
+        "Path": "/",
+        "Policies": [{
+          "PolicyName": "root",
+          "PolicyDocument": { "Statement":[{
+            "Effect":"Allow",
+            "Action":"*",
+            "Resource":"*"
+          }
+        ]}
+       }]
+      }
+    },
+
+	"PrivateBucketPolicy" : {
+      "Type" : "AWS::S3::BucketPolicy",
+      "Properties" : {
+        "PolicyDocument": {
+          "Id":"PrivateBucketPolicy",
+          "Statement":[
+ 		    {
+              "Sid":"ReadAccess",
+	          "Action":["s3:GetObject"],
+	          "Effect":"Allow",
+	          "Resource": { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "PrivateBucket" } , "/*" ]]},
+	          "Principal":{ "AWS": { "Fn::GetAtt" : [ "CfnUser", "Arn" ]} }
+            }
+		  ]
+        },
+        "Bucket" : {"Ref" : "PrivateBucket"}
+      }
+    },
+
+    "HostKeys" : {
+      "Type" : "AWS::IAM::AccessKey",
+      "Properties" : {
+        "UserName" : { "Ref": "CfnUser" }
+      }
+    },
+
+	"Domain" : {
+      "Type" : "AWS::Route53::RecordSetGroup",
+	  "Properties" : {
+	    "HostedZoneName" : { "Fn::Join" : [ "", [ {"Ref" : "HostedZone"}, "." ]]},
+	    "RecordSets" : [
+		  {
+			"Name" : { "Fn::Join" : ["", [ { "Ref" : "ApplicationName" }, ".", { "Ref" : "HostedZone" }, "." ]]},
+			"Type" : "A",
+			"TTL"  : "900",
+			"ResourceRecords" : [ { "Ref" : "IPAddress" } ]
+		  }]
+	  }
+	},
+
+    "WebServer": {  
+      "Type": "AWS::EC2::Instance",
+ 	  "DependsOn" : "PrivateBucketPolicy",
+	  "Metadata" : {
+        "AWS::CloudFormation::Init" : {
+          "config" : {
+            "packages" : {
+              "yum" : {
+                "puppet"   : []
+              }
+            },
+
+			"sources" : {
+				"/home/ec2-user/" : { "Fn::Join" : ["", ["https://s3.amazonaws.com/stelligentlabs/puppet.tar.gz"]]}
+			},
+
+			"files" : {
+			  "/home/ec2-user/id_rsa.pub" : {
+			   "source" : { "Fn::Join" : ["", ["https://s3.amazonaws.com/", { "Ref" : "PrivateBucket" }, "/id_rsa.pub"]]},
+               "mode"   : "000500",
+               "owner"  : "root",
+               "group"  : "root",
+			   "authentication" : "S3AccessCreds"
+              },
+			  "/home/ec2-user/nodes.pp" : {
+                "content" : { "Fn::Join" : ["", [
+				  "node default {\n",
+					"include system\n",
+				    "include bundler\n",
+				    "include passenger\n",
+				    "include sqlite\n",
+				    "include git\n",
+					"include httpd\n",
+				  "}"
+                  ]]},
+                "mode"   : "000500",
+                "owner"  : "root",
+                "group"  : "root"
+              },
+			  
+
+			  "/etc/httpd/conf/virtualhosts" : {
+	            "content" : { "Fn::Join" : ["", [
+	              "NameVirtualHost *:80\n",
+	              "<VirtualHost *:80>\n",
+	              "ServerName ", { "Fn::Join" : [ ".", [ { "Ref" : "ApplicationName" }, { "Ref" : "HostedZone" }]]}, "\n",
+	              "ServerAlias ", { "Fn::Join" : [ ".", [ { "Ref" : "ApplicationName" }, { "Ref" : "HostedZone" }]]}, "\n",
+				  "RailsEnv ", {"Ref" : "EnvironmentType"}, "\n",
+				  "DocumentRoot /var/www/rails/public\n",
+				  "<Directory /var/www/rails/public>\n",
+				     "AllowOverride all\n",
+				     "Options -MultiViews\n",
+				  "</Directory>\n",
+	              "</VirtualHost>\n"
+	            ]]},
+	                "mode"   : "000500",
+	                "owner"  : "root",
+	                "group"  : "root"
+	          },
+			  "/etc/httpd/conf/passenger" : {
+	            "content" : { "Fn::Join" : ["", [
+	              "LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.13/ext/apache2/mod_passenger.so\n",
+	              "PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.13\n",
+	              "PassengerRuby /usr/bin/ruby\n"
+	            ]]},
+	                "mode"   : "000500",
+	                "owner"  : "root",
+	                "group"  : "root"
+	          }
+			}
+          }
+        },
+		
+		"AWS::CloudFormation::Authentication" : {
+		  "S3AccessCreds" : {
+		    "type" : "S3",
+		    "accessKeyId" : { "Ref" : "HostKeys" },
+		    "secretKey" : {"Fn::GetAtt": ["HostKeys", "SecretAccessKey"]},
+		    "buckets" : [ { "Ref" : "PrivateBucket" }, { "Ref" : "PublicBucket"} ]
+		  }
+		}
+      },
+      "Properties": {
+        "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" },
+                          { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] },
+        "InstanceType"   : { "Ref" : "InstanceType" },
+        "SecurityGroups" : [ {"Ref" : "FrontendGroup"} ],
+        "KeyName"        : { "Ref" : "KeyName" },
+		"Tags" : [{ "Key" : "Name", "Value" : "Target Environment" }],
+		"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
+		  "#!/bin/bash -v\n",
+		  "date > /home/ec2-user/starttime\n",
+          "yum update -y aws-cfn-bootstrap\n",
+
+          "# Install packages\n",
+          "/opt/aws/bin/cfn-init -s ", { "Ref" : "AWS::StackName" }, " -r WebServer ",
+          "    --access-key ",  { "Ref" : "HostKeys" },
+          "    --secret-key ", {"Fn::GetAtt": ["HostKeys", "SecretAccessKey"]},
+          "    --region ", { "Ref" : "AWS::Region" }, " || error_exit 'Failed to run cfn-init'\n",
+
+		  "# Build environment using Puppet\n",
+          "puppet apply --modulepath=/home/ec2-user/modules /home/ec2-user/nodes.pp\n",
+		
+		  "# Add in virtual hosts config\n",
+		  "cat /etc/httpd/conf/passenger >> /etc/httpd/conf/httpd.conf\n",
+		  "cat /etc/httpd/conf/virtualhosts >> /etc/httpd/conf/httpd.conf\n",
+		
+		  "# Add Public key for passwordless authentication from Jenkins Instance\n",
+		  "cat /home/ec2-user/id_rsa.pub >> /home/ec2-user/.ssh/authorized_keys\n",
+		
+		  "# Disable tty for ec2-user\n",
+		  "echo \"Defaults:%ec2-user !requiretty\" >> /etc/sudoers\n",
+		  "echo \"Defaults:ec2-user !requiretty\" >> /etc/sudoers\n",
+		
+		  "/opt/aws/bin/cfn-signal", " -e 0", " '", { "Ref" : "WaitHandle" }, "'","\n",
+
+		  "date > /home/ec2-user/stoptime"
+		]]}}
+      }
+    },
+
+    "IPAddress" : {
+      "Type" : "AWS::EC2::EIP"
+    },
+    
+    "IPAssoc" : {
+      "Type" : "AWS::EC2::EIPAssociation",
+      "Properties" : {
+        "InstanceId" : { "Ref" : "WebServer" },
+        "EIP" : { "Ref" : "IPAddress" }
+       }
+    },
+    
+    "FrontendGroup" : {
+      "Type" : "AWS::EC2::SecurityGroup",
+      "Properties" : {
+        "GroupDescription" : "Enable SSH and access to Apache",
+        "SecurityGroupIngress" : [
+          {"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0" },
+          {"IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0" }
+        ]
+      }      
+    },
+
+	"WaitHandle" : {
+      "Type" : "AWS::CloudFormation::WaitConditionHandle"
+    },
+    
+    "WaitCondition" : {
+      "Type" : "AWS::CloudFormation::WaitCondition",
+      "DependsOn" : "WebServer",
+      "Properties" : {
+        "Handle" : { "Ref" : "WaitHandle" },
+        "Timeout" : "1200"
+      }
+    }     
+  },
+  
+  "Outputs" : {
+    "InstanceIPAddress" : {
+      "Value" : { "Ref" : "IPAddress" }
+    },
+	"StackName" : {
+      "Value" : { "Ref" : "AWS::StackName" }
+    },
+    "ArtifactBucket" : {
+      "Value" : { "Ref" : "PublicBucket" }
+    },
+    "Domain" : {
+      "Value" : { "Fn::Join" : ["", [{ "Ref" : "ApplicationName" }, ".", { "Ref" : "HostedZone" }]] },
+      "Description" : "Full domain"
+    },
+	"SampleApp" : {
+      "Value" : { "Fn::Join" : ["", ["http://", { "Ref" : "ApplicationName" }, ".", { "Ref" : "HostedZone" }, "/"]] },
+      "Description" : "URL for newly created Sample App"
+    }
+  }
+}
