Port OpenShiftAutoScalaing to yaml
This deploys an identical stack to the original json. OpenShiftAutoScaling.template has been deleted to reduce maintenance burden. Change-Id: Ie2840f65ed0d6f6964b4be71d6b19368e844bac4
This commit is contained in:
parent
20cc5eaf24
commit
8b4a030af5
|
@ -1,453 +0,0 @@
|
|||
{
|
||||
"AWSTemplateFormatVersion": "2010-09-09",
|
||||
"Description": "Template for setting up an AutoScaled OpenShift Origin environment",
|
||||
"Parameters": {
|
||||
"KeyName": {
|
||||
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances",
|
||||
"Type": "String",
|
||||
"MinLength": "1",
|
||||
"MaxLength": "64",
|
||||
"AllowedPattern": "[-_ a-zA-Z0-9]*"
|
||||
},
|
||||
"Prefix": {
|
||||
"Description": "Your DNS Prefix",
|
||||
"Type": "String",
|
||||
"Default": "example.com"
|
||||
},
|
||||
"UpstreamDNS": {
|
||||
"Description": "Upstream DNS server",
|
||||
"Type": "String",
|
||||
"Default": "8.8.8.8"
|
||||
},
|
||||
"BrokerServerFlavor" : {
|
||||
"Description" : "Flavor of broker server",
|
||||
"Type" : "String",
|
||||
"Default" : "m1.small",
|
||||
"AllowedValues" : [ "m1.small", "m1.medium", "m1.large", "m1.xlarge" ],
|
||||
"ConstraintDescription" : "Must be a valid server flavor"
|
||||
},
|
||||
"NodeServerFlavor" : {
|
||||
"Description" : "Flavor of node servers",
|
||||
"Type" : "String",
|
||||
"Default" : "m1.small",
|
||||
"AllowedValues" : [ "m1.small", "m1.medium", "m1.large", "m1.xlarge" ],
|
||||
"ConstraintDescription" : "Must be a valid server flavor"
|
||||
},
|
||||
"NodeCountMinimum": {
|
||||
"Description": "Minimum number of nodes to scale down to",
|
||||
"Type" : "String",
|
||||
"Default" : "1",
|
||||
"AllowedPattern": "[0-9]*"
|
||||
},
|
||||
"NodeCountMaximum": {
|
||||
"Description": "Maximum number of nodes to scale up to",
|
||||
"Type" : "String",
|
||||
"Default" : "3",
|
||||
"AllowedPattern": "[0-9]*"
|
||||
}
|
||||
},
|
||||
"Mappings": {
|
||||
"JeosImages": {
|
||||
"Broker": {
|
||||
"Image": "F18-x86_64-openshift-origin-broker-cfntools"
|
||||
},
|
||||
"Node": {
|
||||
"Image": "F18-x86_64-openshift-origin-node-cfntools"
|
||||
}
|
||||
}
|
||||
},
|
||||
"Resources": {
|
||||
"OpenshiftUser" : {
|
||||
"Type" : "AWS::IAM::User"
|
||||
},
|
||||
"OpenshiftOriginKeys" : {
|
||||
"Type" : "AWS::IAM::AccessKey",
|
||||
"Properties" : {
|
||||
"UserName" : {"Ref": "OpenshiftUser"}
|
||||
}
|
||||
},
|
||||
"OpenshiftOriginNodeGroup" : {
|
||||
"Type" : "AWS::AutoScaling::AutoScalingGroup",
|
||||
"DependsOn": "brokerWaitCondition",
|
||||
"Properties" : {
|
||||
"AvailabilityZones" : { "Fn::GetAZs" : ""},
|
||||
"LaunchConfigurationName" : { "Ref" : "NodeLaunchConfig" },
|
||||
"MinSize" : { "Ref" : "NodeCountMinimum" },
|
||||
"MaxSize" : { "Ref" : "NodeCountMaximum" },
|
||||
"LoadBalancerNames" : []
|
||||
}
|
||||
},
|
||||
"OpenshiftOriginScaleUpPolicy" : {
|
||||
"Type" : "AWS::AutoScaling::ScalingPolicy",
|
||||
"Properties" : {
|
||||
"AdjustmentType" : "ChangeInCapacity",
|
||||
"AutoScalingGroupName" : { "Ref" : "OpenshiftOriginNodeGroup" },
|
||||
"Cooldown" : "60",
|
||||
"ScalingAdjustment" : "1"
|
||||
}
|
||||
},
|
||||
"OpenshiftOriginScaleDownPolicy" : {
|
||||
"Type" : "AWS::AutoScaling::ScalingPolicy",
|
||||
"Properties" : {
|
||||
"AdjustmentType" : "ChangeInCapacity",
|
||||
"AutoScalingGroupName" : { "Ref" : "OpenshiftOriginNodeGroup" },
|
||||
"Cooldown" : "60",
|
||||
"ScalingAdjustment" : "-1"
|
||||
}
|
||||
},
|
||||
"NodeAlarmHigh": {
|
||||
"Type": "AWS::CloudWatch::Alarm",
|
||||
"Properties": {
|
||||
"AlarmDescription": "Scale-up if Nodes > 50% for 1 minute",
|
||||
"MetricName": "NodeUtilization",
|
||||
"Namespace": "system/linux",
|
||||
"Statistic": "Average",
|
||||
"Period": "60",
|
||||
"EvaluationPeriods": "1",
|
||||
"Threshold": "50",
|
||||
"AlarmActions": [ { "Ref": "OpenshiftOriginScaleUpPolicy" } ],
|
||||
"Dimensions": [
|
||||
{
|
||||
"Name": "AutoScalingGroupName",
|
||||
"Value": { "Ref": "OpenshiftOriginNodeGroup" }
|
||||
}
|
||||
],
|
||||
"ComparisonOperator": "GreaterThanThreshold"
|
||||
}
|
||||
},
|
||||
"NodeAlarmLow": {
|
||||
"Type": "AWS::CloudWatch::Alarm",
|
||||
"Properties": {
|
||||
"AlarmDescription": "Scale-down if Nodes < 15% for 1 minute",
|
||||
"MetricName": "NodeUtilization",
|
||||
"Namespace": "system/linux",
|
||||
"Statistic": "Average",
|
||||
"Period": "60",
|
||||
"EvaluationPeriods": "1",
|
||||
"Threshold": "15",
|
||||
"AlarmActions": [ { "Ref": "OpenshiftOriginScaleDownPolicy" } ],
|
||||
"Dimensions": [
|
||||
{
|
||||
"Name": "AutoScalingGroupName",
|
||||
"Value": { "Ref": "OpenshiftOriginNodeGroup" }
|
||||
}
|
||||
],
|
||||
"ComparisonOperator": "LessThanThreshold"
|
||||
}
|
||||
},
|
||||
"OpenShiftOriginSecurityGroup": {
|
||||
"Type": "AWS::EC2::SecurityGroup",
|
||||
"Properties": {
|
||||
"GroupDescription": "Standard firewall rules",
|
||||
"SecurityGroupIngress": [
|
||||
{
|
||||
"IpProtocol": "udp",
|
||||
"FromPort": "53",
|
||||
"ToPort": "53",
|
||||
"CidrIp": "0.0.0.0/0"
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "53",
|
||||
"ToPort": "53",
|
||||
"CidrIp": "0.0.0.0/0"
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "22",
|
||||
"ToPort": "22",
|
||||
"CidrIp": "0.0.0.0/0"
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "80",
|
||||
"ToPort": "80",
|
||||
"CidrIp": "0.0.0.0/0"
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "443",
|
||||
"ToPort": "443",
|
||||
"CidrIp": "0.0.0.0/0"
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "8000",
|
||||
"ToPort": "8000",
|
||||
"CidrIp": "0.0.0.0/0"
|
||||
},
|
||||
{
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": "8443",
|
||||
"ToPort": "8443",
|
||||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"brokerWaitHandle": {
|
||||
"Type": "AWS::CloudFormation::WaitConditionHandle"
|
||||
},
|
||||
"brokerWaitCondition": {
|
||||
"Type": "AWS::CloudFormation::WaitCondition",
|
||||
"DependsOn": "BrokerInstance",
|
||||
"Properties": {
|
||||
"Handle": {
|
||||
"Ref": "brokerWaitHandle"
|
||||
},
|
||||
"Timeout": "6000"
|
||||
}
|
||||
},
|
||||
"BrokerInstance": {
|
||||
"Type": "AWS::EC2::Instance",
|
||||
"Properties": {
|
||||
"ImageId": {
|
||||
"Fn::FindInMap": [ "JeosImages", "Broker", "Image" ]
|
||||
},
|
||||
"InstanceType": {"Ref": "BrokerServerFlavor"},
|
||||
"KeyName": {
|
||||
"Ref": "KeyName"
|
||||
},
|
||||
"SecurityGroups": [
|
||||
{
|
||||
"Ref": "OpenShiftOriginSecurityGroup"
|
||||
}
|
||||
],
|
||||
"Tags": [
|
||||
{
|
||||
"Key": "Name",
|
||||
"Value": {
|
||||
"Fn::Join": [ "-", [ "openshift", { "Ref": "Prefix" }, "broker" ] ]
|
||||
}
|
||||
}
|
||||
],
|
||||
"UserData": {
|
||||
"Fn::Base64": {
|
||||
"Fn::Join": [
|
||||
"",
|
||||
[
|
||||
"#!/bin/bash -x\n",
|
||||
"export PREFIX=", { "Ref": "Prefix" }, "\n",
|
||||
"export UPSTREAM_DNS=", { "Ref": "UpstreamDNS" }, "\n",
|
||||
"export BROKER_WAIT_HANDLE=\"", { "Ref": "brokerWaitHandle" }, "\"\n",
|
||||
"/usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named ${PREFIX}\n",
|
||||
"export DNS_SEC_KEY=\"`cat /var/named/K${PREFIX}.*.key | awk '{print $8}'`\"\n",
|
||||
"export EC2_INSTANCE_ID=\"`facter ec2_instance_id`\"\n",
|
||||
"export IP_ADDRESS=\"`facter ipaddress`\"\n",
|
||||
"cat << EOF > /root/configure.pp\n",
|
||||
"\\$my_hostname=\"\\${ec2_instance_id}.${PREFIX}\"\n",
|
||||
"file { \"update network settings - hostname\":", "\n",
|
||||
" path => \"/etc/sysconfig/network\",\n",
|
||||
" content => \"NETWORKING=yes\\nNETWORKING_IPV6=no\\nHOSTNAME=\\${my_hostname}\"\n",
|
||||
"}\n",
|
||||
"exec { \"set hostname\":\n",
|
||||
" command => \"/bin/hostname \\${my_hostname} ; echo \\${my_hostname} > /etc/hostname\"\n",
|
||||
"}\n",
|
||||
"augeas{ \"etc hosts setup\" :\n",
|
||||
" context => \"/files/etc/hosts\",\n",
|
||||
" changes => [\n",
|
||||
" \"set 01/ipaddr \\${ipaddress}\",\n",
|
||||
" \"set 01/canonical \\${my_hostname}\",\n",
|
||||
" ],\n",
|
||||
"}\n",
|
||||
"augeas{ \"network peerdns setup\" :\n",
|
||||
" context => \"/files/etc/sysconfig/network-scripts/ifcfg-eth0\",\n",
|
||||
" changes => [\n",
|
||||
" \"set PEERDNS no\",\n",
|
||||
" ],\n",
|
||||
"}\n",
|
||||
"class { 'openshift_origin' :\n",
|
||||
" node_fqdn => \\$my_hostname,\n",
|
||||
" cloud_domain => '${PREFIX}',\n",
|
||||
" named_tsig_priv_key => '${DNS_SEC_KEY}',\n",
|
||||
" dns_servers => ['${UPSTREAM_DNS}'],\n",
|
||||
" os_unmanaged_users => ['ec2-user'],\n",
|
||||
" enable_network_services => true,\n",
|
||||
" configure_firewall => true,\n",
|
||||
" configure_ntp => true,\n",
|
||||
" configure_activemq => true,\n",
|
||||
" configure_qpid => false,\n",
|
||||
" configure_mongodb => true,\n",
|
||||
" configure_named => true,\n",
|
||||
" configure_broker => true,\n",
|
||||
" configure_console => true,\n",
|
||||
" configure_node => false,\n",
|
||||
" development_mode => true,\n",
|
||||
" named_ipaddress => \\$ipaddress,\n",
|
||||
" mongodb_fqdn => \\$my_hostname,\n",
|
||||
" mq_fqdn => \\$my_hostname,\n",
|
||||
" broker_fqdn => \\$my_hostname,\n",
|
||||
"}\n",
|
||||
"EOF\n",
|
||||
"mkdir -p /etc/puppet/modules\n",
|
||||
"puppet module install openshift/openshift_origin", "\n",
|
||||
"puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log", "\n",
|
||||
"setsebool -P httpd_unified=on\n",
|
||||
"service network restart | tee /var/log/configure_openshift.log;\n",
|
||||
"service mongod restart | tee /var/log/configure_openshift.log;\n",
|
||||
"service activemq restart | tee /var/log/configure_openshift.log;\n",
|
||||
"service httpd restart | tee /var/log/configure_openshift.log;\n",
|
||||
"service openshift-broker restart | tee /var/log/configure_openshift.log;\n",
|
||||
"service openshift-console restart | tee /var/log/configure_openshift.log;\n",
|
||||
"service named restart | tee /var/log/configure_openshift.log;\n",
|
||||
"cat << EOF > /etc/resolv.conf\n",
|
||||
"; generated by heat\n",
|
||||
"search ${PREFIX}\n",
|
||||
"nameserver 127.0.0.1\n",
|
||||
"EOF\n",
|
||||
"cat << _EOF > /root/nsupdate.cmd\n",
|
||||
"key ${PREFIX} ${DNS_SEC_KEY}\n",
|
||||
"server ${IP_ADDRESS} 53\n",
|
||||
"update delete ${EC2_INSTANCE_ID}.${PREFIX} A\n",
|
||||
"update add ${EC2_INSTANCE_ID}.${PREFIX} 180 A ${IP_ADDRESS}\n",
|
||||
"send\n",
|
||||
"_EOF\n",
|
||||
"cat /root/nsupdate.cmd | nsupdate\n",
|
||||
"setenforce 1\n",
|
||||
"# All is well so signal success\n",
|
||||
"/opt/aws/bin/cfn-signal -e 0 --data \"${DNS_SEC_KEY}\" -r \"Broker setup complete\" \"${BROKER_WAIT_HANDLE}\"\n"
|
||||
]
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"NodeLaunchConfig": {
|
||||
"Type": "AWS::AutoScaling::LaunchConfiguration",
|
||||
"Properties": {
|
||||
"ImageId": {
|
||||
"Fn::FindInMap": [ "JeosImages", "Node", "Image" ]
|
||||
},
|
||||
"InstanceType": {"Ref": "BrokerServerFlavor"},
|
||||
"KeyName": { "Ref": "KeyName" },
|
||||
"SecurityGroups": [ { "Ref": "OpenShiftOriginSecurityGroup" } ],
|
||||
"UserData": {
|
||||
"Fn::Base64": {
|
||||
"Fn::Join": [
|
||||
"",
|
||||
[
|
||||
"#!/bin/bash -x", "\n",
|
||||
"export DNS_SEC_KEY=\"`python -c 'print ",{ "Fn::GetAtt": [ "brokerWaitCondition", "Data" ] },"[\"00000\"]'`\"\n",
|
||||
"export BROKER_IP=", { "Fn::GetAtt": [ "BrokerInstance", "PublicIp" ] }, "\n",
|
||||
"export PREFIX=", { "Ref": "Prefix" }, "\n",
|
||||
"export EC2_INSTANCE_ID=\"`facter ec2_instance_id`\"\n",
|
||||
"export IP_ADDRESS=\"`facter ipaddress`\"\n",
|
||||
"mkdir -p /etc/cfn\n",
|
||||
"cat << EOF > /etc/cfn/cfn-credentials\n",
|
||||
"AWSAccessKeyId=", {"Ref" : "OpenshiftOriginKeys"}, "\n",
|
||||
"AWSSecretKey=", {"Fn::GetAtt": ["OpenshiftOriginKeys",
|
||||
"SecretAccessKey"]}, "\n",
|
||||
"EOF\n",
|
||||
"chown root:root /etc/cfn/cfn-credentials\n",
|
||||
"chmod 0400 /etc/cfn/cfn-credentials\n",
|
||||
|
||||
"cat << EOF > /tmp/stats-crontab.txt\n",
|
||||
"MAIL=\"\"\n",
|
||||
"\n",
|
||||
"* * * * * /opt/aws/bin/cfn-push-stats --watch ",
|
||||
{ "Ref" : "NodeAlarmHigh" },
|
||||
" --metric NodeUtilization",
|
||||
" --units Percent",
|
||||
" --value 45\n",
|
||||
"* * * * * /opt/aws/bin/cfn-push-stats --watch ",
|
||||
{ "Ref" : "NodeAlarmLow" },
|
||||
" --metric NodeUtilization",
|
||||
" --units Percent",
|
||||
" --value 45\n",
|
||||
"EOF\n",
|
||||
"chown root:root /tmp/stats-crontab.txt\n",
|
||||
"chmod 600 /tmp/stats-crontab.txt\n",
|
||||
"# install crontab\n",
|
||||
"crontab /tmp/stats-crontab.txt\n",
|
||||
|
||||
"cat << EOF > /root/configure.pp\n",
|
||||
"\\$my_hostname=\"\\${ec2_instance_id}.${PREFIX}\"\n",
|
||||
"file { \"update network settings - hostname\":", "\n",
|
||||
" path => \"/etc/sysconfig/network\",\n",
|
||||
" content => \"NETWORKING=yes\\nNETWORKING_IPV6=no\\nHOSTNAME=\\${my_hostname}\"\n",
|
||||
"}\n",
|
||||
"exec { \"set hostname\":\n",
|
||||
" command => \"/bin/hostname \\${my_hostname} ; echo \\${my_hostname} > /etc/hostname\"\n",
|
||||
"}\n",
|
||||
"augeas{ \"etc hosts setup\" :\n",
|
||||
" context => \"/files/etc/hosts\",\n",
|
||||
" changes => [\n",
|
||||
" \"set 01/ipaddr \\${ipaddress}\",\n",
|
||||
" \"set 01/canonical \\${my_hostname}\",\n",
|
||||
" ],\n",
|
||||
"}\n",
|
||||
"augeas{ \"network peerdns setup\" :\n",
|
||||
" context => \"/files/etc/sysconfig/network-scripts/ifcfg-eth0\",\n",
|
||||
" changes => [\n",
|
||||
" \"set PEERDNS no\",\n",
|
||||
" ],\n",
|
||||
"}\n",
|
||||
"class { \"openshift_origin\" :\n",
|
||||
" node_fqdn => \\$my_hostname,\n",
|
||||
" cloud_domain => '${PREFIX}',\n",
|
||||
" named_tsig_priv_key => '${DNS_SEC_KEY}',\n",
|
||||
" dns_servers => ['${BROKER_IP}'],\n",
|
||||
" os_unmanaged_users => ['ec2-user'],\n",
|
||||
" enable_network_services => true,\n",
|
||||
" configure_firewall => true,\n",
|
||||
" configure_ntp => true,\n",
|
||||
" configure_activemq => false,\n",
|
||||
" configure_qpid => false,\n",
|
||||
" configure_mongodb => false,\n",
|
||||
" configure_named => false,\n",
|
||||
" configure_broker => false,\n",
|
||||
" configure_console => false,\n",
|
||||
" configure_node => true,\n",
|
||||
" development_mode => true,\n",
|
||||
" named_ipaddress => '${BROKER_IP}',\n",
|
||||
" mongodb_fqdn => '${BROKER_IP}',\n",
|
||||
" mq_fqdn => '${BROKER_IP}',\n",
|
||||
" broker_fqdn => '${BROKER_IP}',\n",
|
||||
"}\n",
|
||||
"EOF\n",
|
||||
"mkdir -p /etc/puppet/modules\n",
|
||||
"puppet module install openshift/openshift_origin", "\n",
|
||||
"puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log;", "\n",
|
||||
"service network restart | tee /var/log/configure_openshift.log;\n",
|
||||
"service cgconfig restart | tee /var/log/configure_openshift.log;\n",
|
||||
"service cgred restart | tee /var/log/configure_openshift.log;\n",
|
||||
"service openshift-cgroups restart | tee /var/log/configure_openshift.log;\n",
|
||||
"service openshift-node-web-proxy restart | tee /var/log/configure_openshift.log;\n",
|
||||
"service openshift-gears restart | tee /var/log/configure_openshift.log;\n",
|
||||
"service openshift-port-proxy restart | tee /var/log/configure_openshift.log;\n",
|
||||
"service mcollective restart | tee /var/log/configure_openshift.log;\n",
|
||||
"service httpd restart | tee /var/log/configure_openshift.log;\n",
|
||||
"service sshd restart | tee /var/log/configure_openshift.log;\n",
|
||||
"cat << EOF > /etc/resolv.conf\n",
|
||||
"; generated by heat\n",
|
||||
"search ${PREFIX}\n",
|
||||
"nameserver ${BROKER_IP}\n",
|
||||
"EOF\n",
|
||||
"cat << _EOF > /root/nsupdate.cmd\n",
|
||||
"key ${PREFIX} ${DNS_SEC_KEY}\n",
|
||||
"server ${BROKER_IP} 53\n",
|
||||
"update delete ${EC2_INSTANCE_ID}.${PREFIX} A\n",
|
||||
"update add ${EC2_INSTANCE_ID}.${PREFIX} 180 A ${IP_ADDRESS}\n",
|
||||
"send\n",
|
||||
"_EOF\n",
|
||||
"cat /root/nsupdate.cmd | nsupdate\n",
|
||||
"setenforce 1\n"
|
||||
]
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
"Outputs" : {
|
||||
"OpenShiftConsole" : {
|
||||
"Value" : { "Fn::Join" : ["", ["https://", { "Fn::GetAtt" : [ "BrokerInstance", "PublicIp" ]}, "/console"]] },
|
||||
"Description" : "URL for OpenShift Origins console"
|
||||
},
|
||||
"NameServerEntry" : {
|
||||
"Value" : { "Fn::Join" : ["", ["nameserver ", { "Fn::GetAtt" : [ "BrokerInstance", "PublicIp" ]}]] },
|
||||
"Description" : "Entry to insert into /etc/resolv.conf for application host names to resolve"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,391 @@
|
|||
HeatTemplateFormatVersion: '2012-12-12'
|
||||
Description: Template for setting up an AutoScaled OpenShift Origin environment
|
||||
Parameters:
|
||||
KeyName:
|
||||
Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
|
||||
Type: String
|
||||
MinLength: '1'
|
||||
MaxLength: '64'
|
||||
AllowedPattern: '[-_ a-zA-Z0-9]*'
|
||||
Prefix:
|
||||
Description: Your DNS Prefix
|
||||
Type: String
|
||||
Default: example.com
|
||||
UpstreamDNS:
|
||||
Description: Upstream DNS server,
|
||||
Type: String
|
||||
Default: 8.8.8.8
|
||||
BrokerServerFlavor:
|
||||
Description: Flavor of broker server
|
||||
Type: String
|
||||
Default: m1.small
|
||||
AllowedValues: [m1.small, m1.medium, m1.large, m1.xlarge]
|
||||
ConstraintDescription: Must be a valid server flavor
|
||||
NodeServerFlavor:
|
||||
Description: Flavor of node servers
|
||||
Type: String
|
||||
Default: m1.small
|
||||
AllowedValues: [m1.small, m1.medium, m1.large, m1.xlarge]
|
||||
ConstraintDescription: Must be a valid server flavor
|
||||
NodeCountMinimum:
|
||||
Description: Minimum number of nodes to scale down to
|
||||
Type: String
|
||||
Default: '1'
|
||||
AllowedPattern: '[0-9]*'
|
||||
NodeCountMaximum:
|
||||
Description: Maximum number of nodes to scale up to
|
||||
Type: String
|
||||
Default: '3'
|
||||
AllowedPattern: '[0-9]*'
|
||||
Mappings:
|
||||
JeosImages:
|
||||
Broker:
|
||||
Image: F18-x86_64-openshift-origin-broker-cfntools
|
||||
Node:
|
||||
Image: F18-x86_64-openshift-origin-node-cfntools
|
||||
Resources:
|
||||
OpenshiftUser:
|
||||
Type: 'AWS::IAM::User'
|
||||
OpenshiftOriginKeys:
|
||||
Type: AWS::IAM::AccessKey
|
||||
Properties:
|
||||
UserName:
|
||||
Ref: OpenshiftUser
|
||||
OpenshiftOriginNodeGroup:
|
||||
Type: AWS::AutoScaling::AutoScalingGroup
|
||||
DependsOn: brokerWaitCondition
|
||||
Properties:
|
||||
AvailabilityZones:
|
||||
Fn::GetAZs: ''
|
||||
LaunchConfigurationName:
|
||||
Ref: NodeLaunchConfig
|
||||
MinSize:
|
||||
Ref: NodeCountMinimum
|
||||
MaxSize:
|
||||
Ref: NodeCountMaximum
|
||||
LoadBalancerNames: []
|
||||
OpenshiftOriginScaleUpPolicy:
|
||||
Type: AWS::AutoScaling::ScalingPolicy
|
||||
Properties:
|
||||
AdjustmentType: ChangeInCapacity
|
||||
AutoScalingGroupName:
|
||||
Ref: OpenshiftOriginNodeGroup
|
||||
Cooldown: '60'
|
||||
ScalingAdjustment: '1'
|
||||
OpenshiftOriginScaleDownPolicy:
|
||||
Type: AWS::AutoScaling::ScalingPolicy
|
||||
Properties:
|
||||
AdjustmentType: ChangeInCapacity
|
||||
AutoScalingGroupName:
|
||||
Ref: OpenshiftOriginNodeGroup
|
||||
Cooldown: '60'
|
||||
ScalingAdjustment: '-1'
|
||||
NodeAlarmHigh:
|
||||
Type: AWS::CloudWatch::Alarm
|
||||
Properties:
|
||||
AlarmDescription: Scale-up if Nodes > 50% for 1 minute
|
||||
MetricName: NodeUtilization
|
||||
Namespace: system/linux
|
||||
Statistic: Average
|
||||
Period: '60'
|
||||
EvaluationPeriods: '1'
|
||||
Threshold: '50'
|
||||
AlarmActions: [{Ref: OpenshiftOriginScaleUpPolicy}]
|
||||
Dimensions:
|
||||
- Name: AutoScalingGroupName
|
||||
Value:
|
||||
Ref: OpenshiftOriginNodeGroup
|
||||
ComparisonOperator: GreaterThanThreshold
|
||||
NodeAlarmLow:
|
||||
Type: AWS::CloudWatch::Alarm
|
||||
Properties:
|
||||
AlarmDescription: Scale-down if Nodes < 15% for 1 minute
|
||||
MetricName: NodeUtilization
|
||||
Namespace: system/linux
|
||||
Statistic: Average
|
||||
Period: '60'
|
||||
EvaluationPeriods: '1'
|
||||
Threshold: '15'
|
||||
AlarmActions: [{Ref: OpenshiftOriginScaleDownPolicy}]
|
||||
Dimensions:
|
||||
- Name: AutoScalingGroupName
|
||||
Value:
|
||||
Ref: OpenshiftOriginNodeGroup
|
||||
ComparisonOperator: LessThanThreshold
|
||||
OpenShiftOriginSecurityGroup:
|
||||
Type: AWS::EC2::SecurityGroup
|
||||
Properties:
|
||||
GroupDescription: Standard firewall rules
|
||||
SecurityGroupIngress:
|
||||
- {IpProtocol: udp, FromPort: '53', ToPort: '53', CidrIp: 0.0.0.0/0}
|
||||
- {IpProtocol: tcp, FromPort: '53', ToPort: '53', CidrIp: 0.0.0.0/0}
|
||||
- {IpProtocol: tcp, FromPort: '22', ToPort: '22', CidrIp: 0.0.0.0/0}
|
||||
- {IpProtocol: tcp, FromPort: '80', ToPort: '80', CidrIp: 0.0.0.0/0}
|
||||
- {IpProtocol: tcp, FromPort: '443', ToPort: '443', CidrIp: 0.0.0.0/0}
|
||||
- {IpProtocol: tcp, FromPort: '8000', ToPort: '8000', CidrIp: 0.0.0.0/0}
|
||||
- {IpProtocol: tcp, FromPort: '8443', ToPort: '8443', CidrIp: 0.0.0.0/0}
|
||||
brokerWaitHandle:
|
||||
Type: AWS::CloudFormation::WaitConditionHandle
|
||||
brokerWaitCondition:
|
||||
Type: AWS::CloudFormation::WaitCondition
|
||||
DependsOn: BrokerInstance
|
||||
Properties:
|
||||
Handle:
|
||||
Ref: brokerWaitHandle
|
||||
Timeout: '6000'
|
||||
BrokerInstance:
|
||||
Type: AWS::EC2::Instance
|
||||
Properties:
|
||||
ImageId:
|
||||
Fn::FindInMap: [JeosImages, Broker, Image]
|
||||
InstanceType:
|
||||
Ref: BrokerServerFlavor
|
||||
KeyName:
|
||||
Ref: KeyName
|
||||
SecurityGroups: [{Ref: OpenShiftOriginSecurityGroup}]
|
||||
Tags:
|
||||
- Key: Name
|
||||
Value:
|
||||
Fn::Join:
|
||||
- '-'
|
||||
- - openshift
|
||||
- {Ref: Prefix}
|
||||
- broker
|
||||
UserData:
|
||||
Fn::Base64:
|
||||
Fn::Join:
|
||||
- ''
|
||||
- - |-
|
||||
#!/bin/bash -x
|
||||
export PREFIX=
|
||||
- {Ref: Prefix}
|
||||
- |-
|
||||
|
||||
export UPSTREAM_DNS=
|
||||
- {Ref: UpstreamDNS}
|
||||
- |-
|
||||
|
||||
export BROKER_WAIT_HANDLE="
|
||||
- {Ref: brokerWaitHandle}
|
||||
- |-
|
||||
"
|
||||
/usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named ${PREFIX}
|
||||
export DNS_SEC_KEY="`cat /var/named/K${PREFIX}.*.key | awk '{print $8}'`"
|
||||
export EC2_INSTANCE_ID="`facter ec2_instance_id`"
|
||||
export IP_ADDRESS="`facter ipaddress`"
|
||||
cat << EOF > /root/configure.pp
|
||||
\$my_hostname="\${ec2_instance_id}.${PREFIX}"
|
||||
file { "update network settings - hostname":
|
||||
path => "/etc/sysconfig/network",
|
||||
content => "NETWORKING=yes\nNETWORKING_IPV6=no\nHOSTNAME=\${my_hostname}"
|
||||
}
|
||||
exec { "set hostname":
|
||||
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
|
||||
}
|
||||
augeas{ "etc hosts setup" :
|
||||
context => "/files/etc/hosts",
|
||||
changes => [
|
||||
"set 01/ipaddr \${ipaddress}",
|
||||
"set 01/canonical \${my_hostname}",
|
||||
],
|
||||
}
|
||||
augeas{ "network peerdns setup" :
|
||||
context => "/files/etc/sysconfig/network-scripts/ifcfg-eth0",
|
||||
changes => [
|
||||
"set PEERDNS no",
|
||||
],
|
||||
}
|
||||
class { 'openshift_origin' :
|
||||
node_fqdn => \$my_hostname,
|
||||
cloud_domain => '${PREFIX}',
|
||||
named_tsig_priv_key => '${DNS_SEC_KEY}',
|
||||
dns_servers => ['${UPSTREAM_DNS}'],
|
||||
os_unmanaged_users => ['ec2-user'],
|
||||
enable_network_services => true,
|
||||
configure_firewall => true,
|
||||
configure_ntp => true,
|
||||
configure_activemq => true,
|
||||
configure_qpid => false,
|
||||
configure_mongodb => true,
|
||||
configure_named => true,
|
||||
configure_broker => true,
|
||||
configure_console => true,
|
||||
configure_node => false,
|
||||
development_mode => true,
|
||||
named_ipaddress => \$ipaddress,
|
||||
mongodb_fqdn => \$my_hostname,
|
||||
mq_fqdn => \$my_hostname,
|
||||
broker_fqdn => \$my_hostname,
|
||||
}
|
||||
EOF
|
||||
mkdir -p /etc/puppet/modules
|
||||
puppet module install openshift/openshift_origin
|
||||
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log
|
||||
setsebool -P httpd_unified=on
|
||||
service network restart | tee /var/log/configure_openshift.log;
|
||||
service mongod restart | tee /var/log/configure_openshift.log;
|
||||
service activemq restart | tee /var/log/configure_openshift.log;
|
||||
service httpd restart | tee /var/log/configure_openshift.log;
|
||||
service openshift-broker restart | tee /var/log/configure_openshift.log;
|
||||
service openshift-console restart | tee /var/log/configure_openshift.log;
|
||||
service named restart | tee /var/log/configure_openshift.log;
|
||||
cat << EOF > /etc/resolv.conf
|
||||
; generated by heat
|
||||
search ${PREFIX}
|
||||
nameserver 127.0.0.1
|
||||
EOF
|
||||
cat << _EOF > /root/nsupdate.cmd
|
||||
key ${PREFIX} ${DNS_SEC_KEY}
|
||||
server ${IP_ADDRESS} 53
|
||||
update delete ${EC2_INSTANCE_ID}.${PREFIX} A
|
||||
update add ${EC2_INSTANCE_ID}.${PREFIX} 180 A ${IP_ADDRESS}
|
||||
send
|
||||
_EOF
|
||||
cat /root/nsupdate.cmd | nsupdate
|
||||
setenforce 1
|
||||
# All is well so signal success
|
||||
/opt/aws/bin/cfn-signal -e 0 --data "${DNS_SEC_KEY}" -r "Broker setup complete" "${BROKER_WAIT_HANDLE}"
|
||||
NodeLaunchConfig:
|
||||
Type: AWS::AutoScaling::LaunchConfiguration
|
||||
Properties:
|
||||
ImageId:
|
||||
Fn::FindInMap: [JeosImages, Node, Image]
|
||||
InstanceType:
|
||||
Ref: BrokerServerFlavor
|
||||
KeyName:
|
||||
Ref: KeyName
|
||||
SecurityGroups: [{Ref: OpenShiftOriginSecurityGroup}]
|
||||
UserData:
|
||||
Fn::Base64:
|
||||
Fn::Join:
|
||||
- ''
|
||||
- - |-
|
||||
#!/bin/bash -x
|
||||
export DNS_SEC_KEY="`python -c 'print
|
||||
- Fn::GetAtt: [brokerWaitCondition, Data]
|
||||
- |-
|
||||
["00000"]'`"
|
||||
export BROKER_IP=
|
||||
- Fn::GetAtt: [BrokerInstance, PublicIp]
|
||||
- |-
|
||||
|
||||
export PREFIX=
|
||||
- {Ref: Prefix}
|
||||
- |-
|
||||
|
||||
export EC2_INSTANCE_ID="`facter ec2_instance_id`"
|
||||
export IP_ADDRESS="`facter ipaddress`"
|
||||
mkdir -p /etc/cfn
|
||||
cat << EOF > /etc/cfn/cfn-credentials
|
||||
AWSAccessKeyId=
|
||||
- {Ref: OpenshiftOriginKeys}
|
||||
- |-
|
||||
|
||||
AWSSecretKey=
|
||||
- Fn::GetAtt: [OpenshiftOriginKeys, SecretAccessKey]
|
||||
- |-
|
||||
|
||||
EOF
|
||||
chown root:root /etc/cfn/cfn-credentials
|
||||
chmod 0400 /etc/cfn/cfn-credentials
|
||||
cat << EOF > /tmp/stats-crontab.txt
|
||||
MAIL=""
|
||||
* * * * * /opt/aws/bin/cfn-push-stats --metric NodeUtilization --units Percent --value 90 --watch
|
||||
- {Ref: NodeAlarmHigh}
|
||||
- |-
|
||||
|
||||
* * * * * /opt/aws/bin/cfn-push-stats --metric NodeUtilization --units Percent --value 90 --watch
|
||||
- {Ref: NodeAlarmLow}
|
||||
- |-
|
||||
|
||||
EOF
|
||||
chown root:root /tmp/stats-crontab.txt
|
||||
chmod 600 /tmp/stats-crontab.txt
|
||||
# install crontab
|
||||
crontab /tmp/stats-crontab.txt
|
||||
cat << EOF > /root/configure.pp
|
||||
\$my_hostname="\${ec2_instance_id}.${PREFIX}"
|
||||
file { "update network settings - hostname":
|
||||
path => "/etc/sysconfig/network",
|
||||
content => "NETWORKING=yes\nNETWORKING_IPV6=no\nHOSTNAME=\${my_hostname}"
|
||||
}
|
||||
exec { "set hostname":
|
||||
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
|
||||
}
|
||||
augeas{ "etc hosts setup" :
|
||||
context => "/files/etc/hosts",
|
||||
changes => [
|
||||
"set 01/ipaddr \${ipaddress}",
|
||||
"set 01/canonical \${my_hostname}",
|
||||
],
|
||||
}
|
||||
augeas{ "network peerdns setup" :
|
||||
context => "/files/etc/sysconfig/network-scripts/ifcfg-eth0",
|
||||
changes => [
|
||||
"set PEERDNS no",
|
||||
],
|
||||
}
|
||||
class { "openshift_origin" :
|
||||
node_fqdn => \$my_hostname,
|
||||
cloud_domain => '${PREFIX}',
|
||||
named_tsig_priv_key => '${DNS_SEC_KEY}',
|
||||
dns_servers => ['${BROKER_IP}'],
|
||||
os_unmanaged_users => ['ec2-user'],
|
||||
enable_network_services => true,
|
||||
configure_firewall => true,
|
||||
configure_ntp => true,
|
||||
configure_activemq => false,
|
||||
configure_qpid => false,
|
||||
configure_mongodb => false,
|
||||
configure_named => false,
|
||||
configure_broker => false,
|
||||
configure_console => false,
|
||||
configure_node => true,
|
||||
development_mode => true,
|
||||
named_ipaddress => '${BROKER_IP}',
|
||||
mongodb_fqdn => '${BROKER_IP}',
|
||||
mq_fqdn => '${BROKER_IP}',
|
||||
broker_fqdn => '${BROKER_IP}',
|
||||
}
|
||||
EOF
|
||||
mkdir -p /etc/puppet/modules
|
||||
puppet module install openshift/openshift_origin
|
||||
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log;
|
||||
service network restart | tee /var/log/configure_openshift.log;
|
||||
service cgconfig restart | tee /var/log/configure_openshift.log;
|
||||
service cgred restart | tee /var/log/configure_openshift.log;
|
||||
service openshift-cgroups restart | tee /var/log/configure_openshift.log;
|
||||
service openshift-node-web-proxy restart | tee /var/log/configure_openshift.log;
|
||||
service openshift-gears restart | tee /var/log/configure_openshift.log;
|
||||
service openshift-port-proxy restart | tee /var/log/configure_openshift.log;
|
||||
service mcollective restart | tee /var/log/configure_openshift.log;
|
||||
service httpd restart | tee /var/log/configure_openshift.log;
|
||||
service sshd restart | tee /var/log/configure_openshift.log;
|
||||
cat << EOF > /etc/resolv.conf
|
||||
; generated by heat
|
||||
search ${PREFIX}
|
||||
nameserver ${BROKER_IP}
|
||||
EOF
|
||||
cat << _EOF > /root/nsupdate.cmd
|
||||
key ${PREFIX} ${DNS_SEC_KEY}
|
||||
server ${BROKER_IP} 53
|
||||
update delete ${EC2_INSTANCE_ID}.${PREFIX} A
|
||||
update add ${EC2_INSTANCE_ID}.${PREFIX} 180 A ${IP_ADDRESS}
|
||||
send
|
||||
_EOF
|
||||
cat /root/nsupdate.cmd | nsupdate
|
||||
setenforce 1
|
||||
Outputs:
|
||||
OpenShiftConsole:
|
||||
Value:
|
||||
Fn::Join:
|
||||
- ''
|
||||
- ['https://', 'Fn::GetAtt': [BrokerInstance, PublicIp], '/console']
|
||||
Description: URL for OpenShift Origins console
|
||||
NameServerEntry:
|
||||
Value:
|
||||
Fn::Join:
|
||||
- ''
|
||||
- ['nameserver ', 'Fn::GetAtt': [BrokerInstance, PublicIp]]
|
||||
Description: Entry to insert into /etc/resolv.conf for application host names to resolve
|
||||
|
Loading…
Reference in New Issue