a980af8e15
Move F18 OpenShift origin files into the F18 directory Change-Id: I3318347085a1e640839c41ab58e233835e185f49
391 lines
15 KiB
YAML
391 lines
15 KiB
YAML
HeatTemplateFormatVersion: '2012-12-12'
|
|
Description: Template for setting up an AutoScaled OpenShift Origin environment
|
|
Parameters:
|
|
KeyName:
|
|
Description: Name of an existing keypair to enable SSH access to the instances
|
|
Type: String
|
|
MinLength: '1'
|
|
MaxLength: '64'
|
|
AllowedPattern: '[-_ a-zA-Z0-9]*'
|
|
Prefix:
|
|
Description: Your DNS Prefix
|
|
Type: String
|
|
Default: example.com
|
|
UpstreamDNS:
|
|
Description: Upstream DNS server
|
|
Type: String
|
|
Default: 8.8.8.8
|
|
BrokerServerFlavor:
|
|
Description: Flavor of broker server
|
|
Type: String
|
|
Default: m1.small
|
|
AllowedValues: [m1.small, m1.medium, m1.large, m1.xlarge]
|
|
ConstraintDescription: Must be a valid server flavor
|
|
NodeServerFlavor:
|
|
Description: Flavor of node servers
|
|
Type: String
|
|
Default: m1.small
|
|
AllowedValues: [m1.small, m1.medium, m1.large, m1.xlarge]
|
|
ConstraintDescription: Must be a valid server flavor
|
|
NodeCountMinimum:
|
|
Description: Minimum number of nodes to scale down to
|
|
Type: String
|
|
Default: '1'
|
|
AllowedPattern: '[0-9]*'
|
|
NodeCountMaximum:
|
|
Description: Maximum number of nodes to scale up to
|
|
Type: String
|
|
Default: '3'
|
|
AllowedPattern: '[0-9]*'
|
|
Mappings:
|
|
JeosImages:
|
|
Broker:
|
|
Image: F18-x86_64-openshift-origin-broker-cfntools
|
|
Node:
|
|
Image: F18-x86_64-openshift-origin-node-cfntools
|
|
Resources:
|
|
OpenshiftUser:
|
|
Type: AWS::IAM::User
|
|
OpenshiftOriginKeys:
|
|
Type: AWS::IAM::AccessKey
|
|
Properties:
|
|
UserName:
|
|
Ref: OpenshiftUser
|
|
OpenshiftOriginNodeGroup:
|
|
Type: AWS::AutoScaling::AutoScalingGroup
|
|
DependsOn: BrokerWaitCondition
|
|
Properties:
|
|
AvailabilityZones: []
|
|
LaunchConfigurationName:
|
|
Ref: NodeLaunchConfig
|
|
MinSize:
|
|
Ref: NodeCountMinimum
|
|
MaxSize:
|
|
Ref: NodeCountMaximum
|
|
LoadBalancerNames: []
|
|
OpenshiftOriginScaleUpPolicy:
|
|
Type: AWS::AutoScaling::ScalingPolicy
|
|
Properties:
|
|
AdjustmentType: ChangeInCapacity
|
|
AutoScalingGroupName:
|
|
Ref: OpenshiftOriginNodeGroup
|
|
Cooldown: '120'
|
|
ScalingAdjustment: '1'
|
|
OpenshiftOriginScaleDownPolicy:
|
|
Type: AWS::AutoScaling::ScalingPolicy
|
|
Properties:
|
|
AdjustmentType: ChangeInCapacity
|
|
AutoScalingGroupName:
|
|
Ref: OpenshiftOriginNodeGroup
|
|
Cooldown: '60'
|
|
ScalingAdjustment: '-1'
|
|
NodeScaleUp:
|
|
Type: AWS::CloudWatch::Alarm
|
|
Properties:
|
|
AlarmDescription: Scale-up if event received from broker
|
|
MetricName: Heartbeat
|
|
Namespace: system/linux
|
|
Statistic: SampleCount
|
|
Period: '60'
|
|
EvaluationPeriods: '1'
|
|
Threshold: '0'
|
|
AlarmActions: [{Ref: OpenshiftOriginScaleUpPolicy}]
|
|
Dimensions:
|
|
- Name: AutoScalingGroupName
|
|
Value:
|
|
Ref: OpenshiftOriginNodeGroup
|
|
ComparisonOperator: GreaterThanThreshold
|
|
NodeScaleDown:
|
|
Type: AWS::CloudWatch::Alarm
|
|
Properties:
|
|
AlarmDescription: Scale-down if event received from broker
|
|
MetricName: Heartbeat
|
|
Namespace: system/linux
|
|
Statistic: SampleCount
|
|
Period: '60'
|
|
EvaluationPeriods: '1'
|
|
Threshold: '0'
|
|
AlarmActions: [{Ref: OpenshiftOriginScaleDownPolicy}]
|
|
Dimensions:
|
|
- Name: AutoScalingGroupName
|
|
Value:
|
|
Ref: OpenshiftOriginNodeGroup
|
|
ComparisonOperator: GreaterThanThreshold
|
|
OpenShiftOriginSecurityGroup:
|
|
Type: AWS::EC2::SecurityGroup
|
|
Properties:
|
|
GroupDescription: Standard firewall rules
|
|
SecurityGroupIngress:
|
|
- {IpProtocol: udp, FromPort: '53', ToPort: '53', CidrIp: 0.0.0.0/0}
|
|
- {IpProtocol: tcp, FromPort: '53', ToPort: '53', CidrIp: 0.0.0.0/0}
|
|
- {IpProtocol: tcp, FromPort: '22', ToPort: '22', CidrIp: 0.0.0.0/0}
|
|
- {IpProtocol: tcp, FromPort: '80', ToPort: '80', CidrIp: 0.0.0.0/0}
|
|
- {IpProtocol: tcp, FromPort: '443', ToPort: '443', CidrIp: 0.0.0.0/0}
|
|
- {IpProtocol: tcp, FromPort: '8000', ToPort: '8000', CidrIp: 0.0.0.0/0}
|
|
- {IpProtocol: tcp, FromPort: '8443', ToPort: '8443', CidrIp: 0.0.0.0/0}
|
|
BrokerWaitHandle:
|
|
Type: AWS::CloudFormation::WaitConditionHandle
|
|
BrokerWaitCondition:
|
|
Type: AWS::CloudFormation::WaitCondition
|
|
DependsOn: BrokerInstance
|
|
Properties:
|
|
Handle:
|
|
Ref: BrokerWaitHandle
|
|
Timeout: '6000'
|
|
BrokerInstance:
|
|
Type: AWS::EC2::Instance
|
|
Properties:
|
|
ImageId:
|
|
Fn::FindInMap: [JeosImages, Broker, Image]
|
|
InstanceType:
|
|
Ref: BrokerServerFlavor
|
|
KeyName:
|
|
Ref: KeyName
|
|
SecurityGroups: [{Ref: OpenShiftOriginSecurityGroup}]
|
|
Tags:
|
|
- Key: Name
|
|
Value:
|
|
Fn::Join:
|
|
- '-'
|
|
- ['openshift', {Ref: Prefix}, 'broker']
|
|
UserData:
|
|
Fn::Base64:
|
|
Fn::Join:
|
|
- ''
|
|
- - |-
|
|
#!/bin/bash -x
|
|
export PREFIX=
|
|
- {Ref: Prefix}
|
|
- |-
|
|
|
|
export UPSTREAM_DNS=
|
|
- {Ref: UpstreamDNS}
|
|
- |-
|
|
|
|
export BROKER_WAIT_HANDLE="
|
|
- {Ref: BrokerWaitHandle}
|
|
- |-
|
|
"
|
|
/usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named ${PREFIX}
|
|
export DNS_SEC_KEY="`cat /var/named/K${PREFIX}.*.key | awk '{print $8}'`"
|
|
export EC2_INSTANCE_ID="`facter ec2_instance_id`"
|
|
export IP_ADDRESS="`facter ipaddress`"
|
|
mkdir -p /etc/heat
|
|
cat << EOF > /etc/heat/heat-credentials
|
|
AWSAccessKeyId=
|
|
- {Ref: OpenshiftOriginKeys}
|
|
- |-
|
|
|
|
AWSSecretKey=
|
|
- Fn::GetAtt: [OpenshiftOriginKeys, SecretAccessKey]
|
|
- |-
|
|
|
|
EOF
|
|
chmod 0400 /etc/heat/heat-credentials
|
|
|
|
cat << EOF > /etc/heat/notify-scale-up
|
|
#!/bin/bash
|
|
/opt/aws/bin/cfn-push-stats --credential-file /etc/heat/heat-credentials --heartbeat --watch
|
|
- {Ref: NodeScaleUp}
|
|
- |-
|
|
|
|
EOF
|
|
chmod 0700 /etc/heat/notify-scale-up
|
|
|
|
cat << EOF > /etc/heat/notify-scale-down
|
|
#!/bin/bash
|
|
/opt/aws/bin/cfn-push-stats --credential-file /etc/heat/heat-credentials --heartbeat --watch
|
|
- {Ref: NodeScaleDown}
|
|
- |-
|
|
|
|
EOF
|
|
chmod 0700 /etc/heat/notify-scale-down
|
|
|
|
cat << EOF > /root/configure.pp
|
|
\$my_hostname="\${ec2_instance_id}.${PREFIX}"
|
|
file { "update network settings - hostname":
|
|
path => "/etc/sysconfig/network",
|
|
content => "NETWORKING=yes\nNETWORKING_IPV6=no\nHOSTNAME=\${my_hostname}"
|
|
}
|
|
exec { "set hostname":
|
|
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
|
|
}
|
|
augeas{ "etc hosts setup" :
|
|
context => "/files/etc/hosts",
|
|
changes => [
|
|
"set 01/ipaddr \${ipaddress}",
|
|
"set 01/canonical \${my_hostname}",
|
|
],
|
|
}
|
|
augeas{ "network peerdns setup" :
|
|
context => "/files/etc/sysconfig/network-scripts/ifcfg-eth0",
|
|
changes => [
|
|
"set PEERDNS no",
|
|
],
|
|
}
|
|
class { 'openshift_origin' :
|
|
node_fqdn => \$my_hostname,
|
|
cloud_domain => '${PREFIX}',
|
|
named_tsig_priv_key => '${DNS_SEC_KEY}',
|
|
dns_servers => ['${UPSTREAM_DNS}'],
|
|
os_unmanaged_users => ['ec2-user'],
|
|
enable_network_services => true,
|
|
configure_firewall => true,
|
|
configure_ntp => true,
|
|
configure_activemq => true,
|
|
configure_qpid => false,
|
|
configure_mongodb => true,
|
|
configure_named => true,
|
|
configure_broker => true,
|
|
configure_console => true,
|
|
configure_node => false,
|
|
development_mode => true,
|
|
named_ipaddress => \$ipaddress,
|
|
mongodb_fqdn => \$my_hostname,
|
|
mq_fqdn => \$my_hostname,
|
|
broker_fqdn => \$my_hostname,
|
|
}
|
|
EOF
|
|
mkdir -p /etc/puppet/modules
|
|
puppet module install openshift/openshift_origin
|
|
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log
|
|
setsebool -P httpd_unified=on
|
|
service network restart | tee /var/log/configure_openshift.log;
|
|
service mongod restart | tee /var/log/configure_openshift.log;
|
|
service activemq restart | tee /var/log/configure_openshift.log;
|
|
service httpd restart | tee /var/log/configure_openshift.log;
|
|
service openshift-broker restart | tee /var/log/configure_openshift.log;
|
|
service openshift-console restart | tee /var/log/configure_openshift.log;
|
|
service named restart | tee /var/log/configure_openshift.log;
|
|
cat << EOF > /etc/resolv.conf
|
|
; generated by heat
|
|
search ${PREFIX}
|
|
nameserver 127.0.0.1
|
|
EOF
|
|
cat << _EOF > /root/nsupdate.cmd
|
|
key ${PREFIX} ${DNS_SEC_KEY}
|
|
server ${IP_ADDRESS} 53
|
|
update delete ${EC2_INSTANCE_ID}.${PREFIX} A
|
|
update add ${EC2_INSTANCE_ID}.${PREFIX} 180 A ${IP_ADDRESS}
|
|
send
|
|
_EOF
|
|
cat /root/nsupdate.cmd | nsupdate
|
|
setenforce 1
|
|
# All is well so signal success
|
|
/opt/aws/bin/cfn-signal -e 0 --data "${DNS_SEC_KEY}" -r "Broker setup complete" "${BROKER_WAIT_HANDLE}"
|
|
NodeLaunchConfig:
|
|
Type: AWS::AutoScaling::LaunchConfiguration
|
|
Properties:
|
|
ImageId:
|
|
Fn::FindInMap: [JeosImages, Node, Image]
|
|
InstanceType:
|
|
Ref: NodeServerFlavor
|
|
KeyName:
|
|
Ref: KeyName
|
|
SecurityGroups: [{Ref: OpenShiftOriginSecurityGroup}]
|
|
UserData:
|
|
Fn::Base64:
|
|
Fn::Join:
|
|
- ''
|
|
- - |-
|
|
#!/bin/bash -x
|
|
export DNS_SEC_KEY="`python -c 'print
|
|
- Fn::GetAtt: [BrokerWaitCondition, Data]
|
|
- |-
|
|
["00000"]'`"
|
|
export BROKER_IP=
|
|
- Fn::GetAtt: [BrokerInstance, PublicIp]
|
|
- |-
|
|
|
|
export PREFIX=
|
|
- {Ref: Prefix}
|
|
- |-
|
|
|
|
export EC2_INSTANCE_ID="`facter ec2_instance_id`"
|
|
export IP_ADDRESS="`facter ipaddress`"
|
|
cat << EOF > /root/configure.pp
|
|
\$my_hostname="\${ec2_instance_id}.${PREFIX}"
|
|
file { "update network settings - hostname":
|
|
path => "/etc/sysconfig/network",
|
|
content => "NETWORKING=yes\nNETWORKING_IPV6=no\nHOSTNAME=\${my_hostname}"
|
|
}
|
|
exec { "set hostname":
|
|
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
|
|
}
|
|
augeas{ "etc hosts setup" :
|
|
context => "/files/etc/hosts",
|
|
changes => [
|
|
"set 01/ipaddr \${ipaddress}",
|
|
"set 01/canonical \${my_hostname}",
|
|
],
|
|
}
|
|
augeas{ "network peerdns setup" :
|
|
context => "/files/etc/sysconfig/network-scripts/ifcfg-eth0",
|
|
changes => [
|
|
"set PEERDNS no",
|
|
],
|
|
}
|
|
class { "openshift_origin" :
|
|
node_fqdn => \$my_hostname,
|
|
cloud_domain => '${PREFIX}',
|
|
named_tsig_priv_key => '${DNS_SEC_KEY}',
|
|
dns_servers => ['${BROKER_IP}'],
|
|
os_unmanaged_users => ['ec2-user'],
|
|
enable_network_services => true,
|
|
configure_firewall => true,
|
|
configure_ntp => true,
|
|
configure_activemq => false,
|
|
configure_qpid => false,
|
|
configure_mongodb => false,
|
|
configure_named => false,
|
|
configure_broker => false,
|
|
configure_console => false,
|
|
configure_node => true,
|
|
development_mode => true,
|
|
named_ipaddress => '${BROKER_IP}',
|
|
mongodb_fqdn => '${BROKER_IP}',
|
|
mq_fqdn => '${BROKER_IP}',
|
|
broker_fqdn => '${BROKER_IP}',
|
|
}
|
|
EOF
|
|
mkdir -p /etc/puppet/modules
|
|
puppet module install openshift/openshift_origin
|
|
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log;
|
|
service network restart | tee /var/log/configure_openshift.log;
|
|
service cgconfig restart | tee /var/log/configure_openshift.log;
|
|
service cgred restart | tee /var/log/configure_openshift.log;
|
|
service openshift-cgroups restart | tee /var/log/configure_openshift.log;
|
|
service openshift-node-web-proxy restart | tee /var/log/configure_openshift.log;
|
|
service openshift-gears restart | tee /var/log/configure_openshift.log;
|
|
service openshift-port-proxy restart | tee /var/log/configure_openshift.log;
|
|
service mcollective restart | tee /var/log/configure_openshift.log;
|
|
service httpd restart | tee /var/log/configure_openshift.log;
|
|
service sshd restart | tee /var/log/configure_openshift.log;
|
|
cat << EOF > /etc/resolv.conf
|
|
; generated by heat
|
|
search ${PREFIX}
|
|
nameserver ${BROKER_IP}
|
|
EOF
|
|
cat << _EOF > /root/nsupdate.cmd
|
|
key ${PREFIX} ${DNS_SEC_KEY}
|
|
server ${BROKER_IP} 53
|
|
update delete ${EC2_INSTANCE_ID}.${PREFIX} A
|
|
update add ${EC2_INSTANCE_ID}.${PREFIX} 180 A ${IP_ADDRESS}
|
|
send
|
|
_EOF
|
|
cat /root/nsupdate.cmd | nsupdate
|
|
setenforce 1
|
|
Outputs:
|
|
OpenShiftConsole:
|
|
Value:
|
|
Fn::Join:
|
|
- ''
|
|
- ['https://', 'Fn::GetAtt': [BrokerInstance, PublicIp], '/console']
|
|
Description: URL for OpenShift Origins console
|
|
NameServerEntry:
|
|
Value:
|
|
Fn::Join:
|
|
- ''
|
|
- ['nameserver ', 'Fn::GetAtt': [BrokerInstance, PublicIp]]
|
|
Description: Entry to insert into /etc/resolv.conf for application host names to resolve
|