Skip to content

Instantly share code, notes, and snippets.

@amegianeg

amegianeg/17.03.1-ce-dev

Created April 7, 2017 14:37
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save amegianeg/02c02b4997d83e710c84cf048f439ce0 to your computer and use it in GitHub Desktop.
Save amegianeg/02c02b4997d83e710c84cf048f439ce0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
17.03.1-ce-dev
{
"AWSTemplateFormatVersion": "2010-09-09",
"Conditions": {
"CreateLogResources": {
"Fn::Equals": [
{
"Ref": "EnableCloudWatchLogs"
},
"yes"
]
},
"DockerCloudRegistration": {
"Fn::And": [
{
"Fn::Not": [
{
"Fn::Equals": [
{
"Ref": "DockerCloudClusterName"
},
""
]
}
]
},
{
"Fn::Not": [
{
"Fn::Equals": [
{
"Ref": "DockerCloudUsername"
},
""
]
}
]
},
{
"Fn::Not": [
{
"Fn::Equals": [
{
"Ref": "DockerCloudAPIKey"
},
""
]
}
]
}
]
},
"EFSSupported": {
"Fn::Equals": [
{
"Fn::FindInMap": [
"AWSRegion2AZ",
{
"Ref": "AWS::Region"
},
"EFSSupport"
]
},
"yes"
]
},
"HasOnly2AZs": {
"Fn::Equals": [
{
"Fn::FindInMap": [
"AWSRegion2AZ",
{
"Ref": "AWS::Region"
},
"NumAZs"
]
},
"2"
]
}
},
"Description": "Docker for AWS 17.03.1-ce (aws1) cloud",
"Mappings": {
"AWSInstanceType2Arch": {
"c3.2xlarge": {
"Arch": "HVM64"
},
"c3.4xlarge": {
"Arch": "HVM64"
},
"c3.8xlarge": {
"Arch": "HVM64"
},
"c3.large": {
"Arch": "HVM64"
},
"c3.xlarge": {
"Arch": "HVM64"
},
"c4.2xlarge": {
"Arch": "HVM64"
},
"c4.4xlarge": {
"Arch": "HVM64"
},
"c4.8xlarge": {
"Arch": "HVM64"
},
"c4.large": {
"Arch": "HVM64"
},
"c4.xlarge": {
"Arch": "HVM64"
},
"cc2.8xlarge": {
"Arch": "HVM64"
},
"cr1.8xlarge": {
"Arch": "HVM64"
},
"d2.2xlarge": {
"Arch": "HVM64"
},
"d2.4xlarge": {
"Arch": "HVM64"
},
"d2.8xlarge": {
"Arch": "HVM64"
},
"d2.xlarge": {
"Arch": "HVM64"
},
"g2.2xlarge": {
"Arch": "HVMG2"
},
"hi1.4xlarge": {
"Arch": "HVM64"
},
"hs1.8xlarge": {
"Arch": "HVM64"
},
"i2.2xlarge": {
"Arch": "HVM64"
},
"i2.4xlarge": {
"Arch": "HVM64"
},
"i2.8xlarge": {
"Arch": "HVM64"
},
"i2.xlarge": {
"Arch": "HVM64"
},
"m3.2xlarge": {
"Arch": "HVM64"
},
"m3.large": {
"Arch": "HVM64"
},
"m3.medium": {
"Arch": "HVM64"
},
"m3.xlarge": {
"Arch": "HVM64"
},
"m4.10xlarge": {
"Arch": "HVM64"
},
"m4.2xlarge": {
"Arch": "HVM64"
},
"m4.4xlarge": {
"Arch": "HVM64"
},
"m4.large": {
"Arch": "HVM64"
},
"m4.xlarge": {
"Arch": "HVM64"
},
"r3.2xlarge": {
"Arch": "HVM64"
},
"r3.4xlarge": {
"Arch": "HVM64"
},
"r3.8xlarge": {
"Arch": "HVM64"
},
"r3.large": {
"Arch": "HVM64"
},
"r3.xlarge": {
"Arch": "HVM64"
},
"r4.16xlarge": {
"Arch": "HVM64"
},
"r4.2xlarge": {
"Arch": "HVM64"
},
"r4.4xlarge": {
"Arch": "HVM64"
},
"r4.8xlarge": {
"Arch": "HVM64"
},
"r4.large": {
"Arch": "HVM64"
},
"r4.xlarge": {
"Arch": "HVM64"
},
"t2.2xlarge": {
"Arch": "HVM64"
},
"t2.large": {
"Arch": "HVM64"
},
"t2.medium": {
"Arch": "HVM64"
},
"t2.micro": {
"Arch": "HVM64"
},
"t2.small": {
"Arch": "HVM64"
},
"t2.xlarge": {
"Arch": "HVM64"
}
},
"AWSRegion2AZ": {
"ap-northeast-1": {
"AZ0": "0",
"AZ1": "1",
"AZ2": "0",
"EFSSupport": "no",
"Name": "Tokyo",
"NumAZs": "2"
},
"ap-northeast-2": {
"AZ0": "0",
"AZ1": "1",
"AZ2": "0",
"EFSSupport": "no",
"Name": "Seoul",
"NumAZs": "2"
},
"ap-south-1": {
"AZ0": "0",
"AZ1": "1",
"AZ2": "0",
"EFSSupport": "no",
"Name": "Mumbai",
"NumAZs": "2"
},
"ap-southeast-1": {
"AZ0": "0",
"AZ1": "1",
"AZ2": "0",
"EFSSupport": "no",
"Name": "Singapore",
"NumAZs": "2"
},
"ap-southeast-2": {
"AZ0": "0",
"AZ1": "1",
"AZ2": "2",
"EFSSupport": "no",
"Name": "Sydney",
"NumAZs": "3"
},
"ca-central-1": {
"AZ0": "0",
"AZ1": "1",
"AZ2": "0",
"EFSSupport": "no",
"Name": "Central",
"NumAZs": "2"
},
"eu-central-1": {
"AZ0": "0",
"AZ1": "1",
"AZ2": "0",
"EFSSupport": "no",
"Name": "Frankfurt",
"NumAZs": "2"
},
"eu-west-1": {
"AZ0": "0",
"AZ1": "1",
"AZ2": "2",
"EFSSupport": "yes",
"Name": "Ireland",
"NumAZs": "3"
},
"eu-west-2": {
"AZ0": "0",
"AZ1": "1",
"AZ2": "0",
"EFSSupport": "no",
"Name": "London",
"NumAZs": "2"
},
"sa-east-1": {
"AZ0": "0",
"AZ1": "1",
"AZ2": "0",
"EFSSupport": "no",
"Name": "Sao Paulo",
"NumAZs": "2"
},
"us-east-1": {
"AZ0": "0",
"AZ1": "1",
"AZ2": "2",
"EFSSupport": "yes",
"Name": "N. Virgina",
"NumAZs": "4"
},
"us-east-2": {
"AZ0": "0",
"AZ1": "1",
"AZ2": "2",
"EFSSupport": "yes",
"Name": "Ohio",
"NumAZs": "3"
},
"us-west-1": {
"AZ0": "0",
"AZ1": "1",
"AZ2": "0",
"EFSSupport": "no",
"Name": "N. California",
"NumAZs": "2"
},
"us-west-2": {
"AZ0": "0",
"AZ1": "1",
"AZ2": "2",
"EFSSupport": "yes",
"Name": "Oregon",
"NumAZs": "3"
}
},
"AWSRegionArch2AMI": {
"ap-northeast-1": {
"HVM64": "ami-35237952",
"HVMG2": "NOT_SUPPORTED"
},
"ap-northeast-2": {
"HVM64": "ami-795b8817",
"HVMG2": "NOT_SUPPORTED"
},
"ap-south-1": {
"HVM64": "ami-cb0675a4",
"HVMG2": "NOT_SUPPORTED"
},
"ap-southeast-1": {
"HVM64": "ami-c0932fa3",
"HVMG2": "NOT_SUPPORTED"
},
"ap-southeast-2": {
"HVM64": "ami-5856593b",
"HVMG2": "NOT_SUPPORTED"
},
"ca-central-1": {
"HVM64": "ami-ce18a5aa",
"HVMG2": "NOT_SUPPORTED"
},
"eu-central-1": {
"HVM64": "ami-672eff08",
"HVMG2": "NOT_SUPPORTED"
},
"eu-west-1": {
"HVM64": "ami-3e98a558",
"HVMG2": "NOT_SUPPORTED"
},
"eu-west-2": {
"HVM64": "ami-bf7c68db",
"HVMG2": "NOT_SUPPORTED"
},
"sa-east-1": {
"HVM64": "ami-8dc1a1e1",
"HVMG2": "NOT_SUPPORTED"
},
"us-east-1": {
"HVM64": "ami-b079c7a6",
"HVMG2": "NOT_SUPPORTED"
},
"us-east-2": {
"HVM64": "ami-a91d39cc",
"HVMG2": "NOT_SUPPORTED"
},
"us-west-1": {
"HVM64": "ami-a1bae1c1",
"HVMG2": "NOT_SUPPORTED"
},
"us-west-2": {
"HVM64": "ami-d849dcb8",
"HVMG2": "NOT_SUPPORTED"
}
},
"DockerForAWS": {
"version": {
"channel": "cloud-stable",
"docker": "17.03.1-ce",
"forAws": "aws-v17.03.1-ce-aws1"
}
},
"VpcCidrs": {
"pubsubnet1": {
"cidr": "172.31.0.0/20"
},
"pubsubnet2": {
"cidr": "172.31.16.0/20"
},
"pubsubnet3": {
"cidr": "172.31.32.0/20"
},
"pubsubnet4": {
"cidr": "172.31.48.0/20"
},
"vpc": {
"cidr": "172.31.0.0/16"
}
}
},
"Metadata": {
"AWS::CloudFormation::Interface": {
"ParameterGroups": [
{
"Label": {
"default": "Swarm Size"
},
"Parameters": [
"ManagerSize",
"ClusterSize"
]
},
{
"Label": {
"default": "Swarm Properties"
},
"Parameters": [
"KeyName",
"EnableSystemPrune",
"EnableCloudWatchLogs"
]
},
{
"Label": {
"default": "Swarm Manager Properties"
},
"Parameters": [
"ManagerInstanceType",
"ManagerDiskSize",
"ManagerDiskType"
]
},
{
"Label": {
"default": "Swarm Worker Properties"
},
"Parameters": [
"InstanceType",
"WorkerDiskSize",
"WorkerDiskType"
]
},
{
"Label": {
"default": "Docker Cloud registration (optional)"
},
"Parameters": [
"DockerCloudClusterName",
"DockerCloudUsername",
"DockerCloudAPIKey",
"DockerCloudRestHost",
"DockerIDJWTURL",
"DockerIDJWKURL"
]
}
],
"ParameterLabels": {
"ClusterSize": {
"default": "Number of Swarm worker nodes?"
},
"DockerCloudAPIKey": {
"default": "Docker ID API key?"
},
"DockerCloudClusterName": {
"default": "Swarm name?"
},
"DockerCloudRestHost": {
"default": "Docker Cloud environment?"
},
"DockerCloudUsername": {
"default": "Docker ID Username?"
},
"DockerIDJWTURL": {
"default": "ID service token URL?"
},
"DockerIDJWKURL": {
"default": "ID service certificate URL?"
},
"EnableCloudWatchLogs": {
"default": "Use Cloudwatch for container logging?"
},
"EnableSystemPrune": {
"default": "Enable daily resource cleanup?"
},
"InstanceType": {
"default": "Agent worker instance type?"
},
"KeyName": {
"default": "Which SSH key to use?"
},
"ManagerDiskSize": {
"default": "Manager ephemeral storage volume size?"
},
"ManagerDiskType": {
"default": "Manager ephemeral storage volume type"
},
"ManagerInstanceType": {
"default": "Swarm manager instance type?"
},
"ManagerSize": {
"default": "Number of Swarm managers?"
},
"WorkerDiskSize": {
"default": "Worker ephemeral storage volume size?"
},
"WorkerDiskType": {
"default": "Worker ephemeral storage volume type"
}
}
}
},
"Outputs": {
"ConnectToThisCluster": {
"Condition": "DockerCloudRegistration",
"Description": "Use this command to manage this swarm cluster from your local Docker Engine.",
"Value": {
"Fn::Join": [
"",
[
"docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock -e DOCKER_HOST dockercloud/client ",
{
"Ref": "DockerCloudClusterName"
}
]
]
}
},
"DefaultDNSTarget": {
"Description": "Use this name to update your DNS records",
"Value": {
"Fn::GetAtt": [
"ExternalLoadBalancer",
"DNSName"
]
}
},
"ELBDNSZoneID": {
"Description": "Use this zone ID to update your DNS records",
"Value": {
"Fn::GetAtt": [
"ExternalLoadBalancer",
"CanonicalHostedZoneNameID"
]
}
},
"Managers": {
"Description": "You can see the manager nodes associated with this cluster here. Follow the instructions here: https://docs.docker.com/docker-for-aws/deploy/",
"Value": {
"Fn::Join": [
"",
[
"https://",
{
"Ref": "AWS::Region"
},
".console.aws.amazon.com/ec2/v2/home?region=",
{
"Ref": "AWS::Region"
},
"#Instances:tag:aws:autoscaling:groupName=",
{
"Ref": "ManagerAsg"
},
";sort=desc:dnsName"
]
]
}
},
"ZoneAvailabilityComment": {
"Description": "Availabilty Zones Comment",
"Value": {
"Fn::If": [
"HasOnly2AZs",
"This region only has 2 Availabiliy Zones (AZ). If one of those AZs goes away, it will cause problems for your Swarm Managers. Please use a Region with at least 3 AZs.",
"This region has at least 3 Availability Zones (AZ). This is ideal to ensure a fully functional Swarm in case you lose an AZ."
]
}
}
},
"Parameters": {
"ClusterSize": {
"Default": "5",
"Description": "Number of worker nodes in the Swarm (0-1000).",
"MaxValue": "1000",
"MinValue": "0",
"Type": "Number"
},
"DockerCloudAPIKey": {
"Description": "Docker ID API key to use during registration",
"NoEcho": true,
"Type": "String"
},
"DockerCloudClusterName": {
"AllowedPattern": "([a-z0-9]+/[a-z0-9-]+)?",
"ConstraintDescription": "Must be in the format 'namespace/cluster_name' and must only contain letters, digits and hyphens",
"Description": "Name of the cluster (namespace/cluster_name) to be used when registering this Swarm with Docker Cloud",
"Type": "String"
},
"DockerCloudRestHost": {
"Default": "https://cloud.docker.com",
"Description": "Docker Cloud environment",
"Type": "String"
},
"DockerCloudUsername": {
"AllowedPattern": "([a-z0-9]+)?",
"ConstraintDescription": "Must only contain letters or digits",
"Description": "Docker ID username to use during registration",
"Type": "String"
},
"DockerIDJWTURL": {
"Default": "https://id.docker.com/api/id/v1/authz/token",
"Description": "ID JWT token service URL",
"Type": "String"
},
"DockerIDJWKURL": {
"Default": "https://id.docker.com/api/id/v1/authz/certs",
"Description": "ID JWK certificate URL",
"Type": "String"
},
"EnableCloudWatchLogs": {
"AllowedValues": [
"no",
"yes"
],
"Default": "yes",
"Description": "Send all Container logs to CloudWatch",
"Type": "String"
},
"EnableSystemPrune": {
"AllowedValues": [
"no",
"yes"
],
"Default": "no",
"Description": "Cleans up unused images, containers, networks and volumes",
"Type": "String"
},
"InstanceType": {
"AllowedValues": [
"t2.micro",
"t2.small",
"t2.medium",
"t2.large",
"t2.xlarge",
"t2.2xlarge",
"m4.large",
"m4.xlarge",
"m4.2xlarge",
"m4.4xlarge",
"m4.10xlarge",
"m3.medium",
"m3.large",
"m3.xlarge",
"m3.2xlarge",
"c4.large",
"c4.xlarge",
"c4.2xlarge",
"c4.4xlarge",
"c4.8xlarge",
"c3.large",
"c3.xlarge",
"c3.2xlarge",
"c3.4xlarge",
"c3.8xlarge",
"r3.large",
"r3.xlarge",
"r3.2xlarge",
"r3.4xlarge",
"r3.8xlarge",
"r4.large",
"r4.xlarge",
"r4.2xlarge",
"r4.4xlarge",
"r4.8xlarge",
"r4.16xlarge",
"i2.xlarge",
"i2.2xlarge",
"i2.4xlarge",
"i2.8xlarge"
],
"ConstraintDescription": "Must be a valid EC2 HVM instance type.",
"Default": "t2.micro",
"Description": "EC2 HVM instance type (t2.micro, m3.medium, etc).",
"Type": "String"
},
"KeyName": {
"ConstraintDescription": "Must be the name of an existing EC2 KeyPair",
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances",
"Type": "AWS::EC2::KeyPair::KeyName"
},
"ManagerDiskSize": {
"Default": "20",
"Description": "Size of Manager's ephemeral storage volume in GiB",
"MaxValue": "1024",
"MinValue": "20",
"Type": "Number"
},
"ManagerDiskType": {
"AllowedValues": [
"standard",
"gp2"
],
"Default": "standard",
"Description": "Manager ephemeral storage volume type",
"Type": "String"
},
"ManagerInstanceType": {
"AllowedValues": [
"t2.micro",
"t2.small",
"t2.medium",
"t2.large",
"t2.xlarge",
"t2.2xlarge",
"m4.large",
"m4.xlarge",
"m4.2xlarge",
"m4.4xlarge",
"m4.10xlarge",
"m3.medium",
"m3.large",
"m3.xlarge",
"m3.2xlarge",
"c4.large",
"c4.xlarge",
"c4.2xlarge",
"c4.4xlarge",
"c4.8xlarge",
"c3.large",
"c3.xlarge",
"c3.2xlarge",
"c3.4xlarge",
"c3.8xlarge",
"r3.large",
"r3.xlarge",
"r3.2xlarge",
"r3.4xlarge",
"r3.8xlarge",
"r4.large",
"r4.xlarge",
"r4.2xlarge",
"r4.4xlarge",
"r4.8xlarge",
"r4.16xlarge",
"i2.xlarge",
"i2.2xlarge",
"i2.4xlarge",
"i2.8xlarge"
],
"ConstraintDescription": "Must be a valid EC2 HVM instance type.",
"Default": "t2.micro",
"Description": "EC2 HVM instance type (t2.micro, m3.medium, etc).",
"Type": "String"
},
"ManagerSize": {
"AllowedValues": [
"1",
"3",
"5"
],
"Default": "3",
"Description": "Number of Swarm manager nodes (1, 3, 5)",
"Type": "Number"
},
"WorkerDiskSize": {
"Default": "20",
"Description": "Size of Workers's ephemeral storage volume in GiB",
"MaxValue": "1024",
"MinValue": "20",
"Type": "Number"
},
"WorkerDiskType": {
"AllowedValues": [
"standard",
"gp2"
],
"Default": "standard",
"Description": "Worker ephemeral storage volume type",
"Type": "String"
}
},
"Resources": {
"AttachGateway": {
"DependsOn": [
"Vpc",
"InternetGateway"
],
"Properties": {
"InternetGatewayId": {
"Ref": "InternetGateway"
},
"VpcId": {
"Ref": "Vpc"
}
},
"Type": "AWS::EC2::VPCGatewayAttachment"
},
"DockerLogGroup": {
"Condition": "CreateLogResources",
"Properties": {
"LogGroupName": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"lg"
]
]
},
"RetentionInDays": 7
},
"Type": "AWS::Logs::LogGroup"
},
"DynDBPolicies": {
"DependsOn": [
"ProxyRole",
"SwarmDynDBTable"
],
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"dynamodb:PutItem",
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:UpdateItem",
"dynamodb:Query"
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:aws:dynamodb:",
{
"Ref": "AWS::Region"
},
":",
{
"Ref": "AWS::AccountId"
},
":table/",
{
"Ref": "SwarmDynDBTable"
}
]
]
}
}
],
"Version": "2012-10-17"
},
"PolicyName": "dyndb-getput",
"Roles": [
{
"Ref": "ProxyRole"
}
]
},
"Type": "AWS::IAM::Policy"
},
"ExternalLoadBalancer": {
"DependsOn": [
"AttachGateway",
"ExternalLoadBalancerSG",
"PubSubnetAz1",
"PubSubnetAz2",
"PubSubnetAz3"
],
"Properties": {
"ConnectionSettings": {
"IdleTimeout": 600
},
"CrossZone": "true",
"HealthCheck": {
"HealthyThreshold": "2",
"Interval": "10",
"Target": "HTTP:44554/",
"Timeout": "2",
"UnhealthyThreshold": "4"
},
"Listeners": [
{
"InstancePort": "7",
"LoadBalancerPort": "7",
"Protocol": "TCP"
},
{
"InstancePort": "2376",
"LoadBalancerPort": "2376",
"Protocol": "TCP"
}
],
"LoadBalancerName": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"ELB"
]
]
},
"SecurityGroups": [
{
"Ref": "ExternalLoadBalancerSG"
}
],
"Subnets": {
"Fn::If": [
"HasOnly2AZs",
[
{
"Ref": "PubSubnetAz1"
},
{
"Ref": "PubSubnetAz2"
}
],
[
{
"Ref": "PubSubnetAz1"
},
{
"Ref": "PubSubnetAz2"
},
{
"Ref": "PubSubnetAz3"
}
]
]
},
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"ELB"
]
]
}
}
]
},
"Type": "AWS::ElasticLoadBalancing::LoadBalancer"
},
"ExternalLoadBalancerSG": {
"DependsOn": "Vpc",
"Properties": {
"GroupDescription": "External Load Balancer SecurityGroup",
"SecurityGroupIngress": [
{
"CidrIp": "0.0.0.0/0",
"FromPort": "0",
"IpProtocol": "-1",
"ToPort": "65535"
}
],
"VpcId": {
"Ref": "Vpc"
}
},
"Type": "AWS::EC2::SecurityGroup"
},
"FileSystemGP": {
"Condition": "EFSSupported",
"Properties": {
"FileSystemTags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"EFS-GP"
]
]
}
}
],
"PerformanceMode": "generalPurpose"
},
"Type": "AWS::EFS::FileSystem"
},
"FileSystemMaxIO": {
"Condition": "EFSSupported",
"Properties": {
"FileSystemTags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"EFS-MaxIO"
]
]
}
}
],
"PerformanceMode": "maxIO"
},
"Type": "AWS::EFS::FileSystem"
},
"InternetGateway": {
"DependsOn": "Vpc",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"IGW"
]
]
}
}
]
},
"Type": "AWS::EC2::InternetGateway"
},
"ManagerAsg": {
"CreationPolicy": {
"ResourceSignal": {
"Count": {
"Ref": "ManagerSize"
},
"Timeout": "PT20M"
}
},
"DependsOn": [
"SwarmDynDBTable",
"PubSubnetAz1",
"PubSubnetAz2",
"PubSubnetAz3",
"ExternalLoadBalancer"
],
"Properties": {
"DesiredCapacity": {
"Ref": "ManagerSize"
},
"HealthCheckGracePeriod": 300,
"HealthCheckType": "ELB",
"LaunchConfigurationName": {
"Ref": "ManagerLaunchConfigAws1"
},
"LoadBalancerNames": [
{
"Ref": "ExternalLoadBalancer"
}
],
"MaxSize": 5,
"MinSize": 0,
"Tags": [
{
"Key": "Name",
"PropagateAtLaunch": true,
"Value": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"Manager"
]
]
}
},
{
"Key": "swarm-node-type",
"PropagateAtLaunch": true,
"Value": "manager"
},
{
"Key": "swarm-stack-id",
"PropagateAtLaunch": true,
"Value": {
"Ref": "AWS::StackId"
}
},
{
"Key": "DOCKER_FOR_AWS_VERSION",
"PropagateAtLaunch": true,
"Value": {
"Fn::FindInMap": [
"DockerForAWS",
"version",
"forAws"
]
}
},
{
"Key": "DOCKER_VERSION",
"PropagateAtLaunch": true,
"Value": {
"Fn::FindInMap": [
"DockerForAWS",
"version",
"docker"
]
}
}
],
"VPCZoneIdentifier": [
{
"Fn::If": [
"HasOnly2AZs",
{
"Fn::Join": [
",",
[
{
"Ref": "PubSubnetAz1"
},
{
"Ref": "PubSubnetAz2"
}
]
]
},
{
"Fn::Join": [
",",
[
{
"Ref": "PubSubnetAz1"
},
{
"Ref": "PubSubnetAz2"
},
{
"Ref": "PubSubnetAz3"
}
]
]
}
]
}
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": {
"Ref": "ManagerSize"
},
"PauseTime": "PT20M",
"WaitOnResourceSignals": "true"
}
}
},
"ManagerLaunchConfigAws1": {
"DependsOn": "ExternalLoadBalancer",
"Properties": {
"AssociatePublicIpAddress": "true",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvdb",
"Ebs": {
"VolumeSize": {
"Ref": "ManagerDiskSize"
},
"VolumeType": {
"Ref": "ManagerDiskType"
}
}
}
],
"IamInstanceProfile": {
"Ref": "ProxyInstanceProfile"
},
"ImageId": {
"Fn::FindInMap": [
"AWSRegionArch2AMI",
{
"Ref": "AWS::Region"
},
{
"Fn::FindInMap": [
"AWSInstanceType2Arch",
{
"Ref": "ManagerInstanceType"
},
"Arch"
]
}
]
},
"InstanceType": {
"Ref": "ManagerInstanceType"
},
"KeyName": {
"Ref": "KeyName"
},
"SecurityGroups": [
{
"Ref": "ManagerVpcSG"
},
{
"Ref": "SwarmWideSG"
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/sh\n",
"export EXTERNAL_LB='",
{
"Ref": "ExternalLoadBalancer"
},
"'\n",
"export DOCKER_FOR_IAAS_VERSION='",
{
"Fn::FindInMap": [
"DockerForAWS",
"version",
"forAws"
]
},
"'\n",
"export LOCAL_IP=$(wget -qO- http://169.254.169.254/latest/meta-data/local-ipv4)\n",
"export INSTANCE_TYPE=$(wget -qO- http://169.254.169.254/latest/meta-data/instance-type)\n",
"export NODE_AZ=$(wget -qO- http://169.254.169.254/latest/meta-data/placement/availability-zone/)\n",
"export NODE_REGION=$(echo $NODE_AZ | sed 's/.$//')\n",
"export ENABLE_CLOUDWATCH_LOGS='",
{
"Ref": "EnableCloudWatchLogs"
},
"'\n",
"export AWS_REGION='",
{
"Ref": "AWS::Region"
},
"'\n",
"export MANAGER_SECURITY_GROUP_ID='",
{
"Ref": "ManagerVpcSG"
},
"'\n",
"export WORKER_SECURITY_GROUP_ID='",
{
"Ref": "NodeVpcSG"
},
"'\n",
"export DYNAMODB_TABLE='",
{
"Ref": "SwarmDynDBTable"
},
"'\n",
"export STACK_NAME='",
{
"Ref": "AWS::StackName"
},
"'\n",
"export STACK_ID='",
{
"Ref": "AWS::StackId"
},
"'\n",
"export ACCOUNT_ID='",
{
"Ref": "AWS::AccountId"
},
"'\n",
"export VPC_ID='",
{
"Ref": "Vpc"
},
"'\n",
"export SWARM_QUEUE='",
{
"Ref": "SwarmSQS"
},
"'\n",
"export CLEANUP_QUEUE='",
{
"Ref": "SwarmSQSCleanup"
},
"'\n",
"export RUN_VACUUM='",
{
"Ref": "EnableSystemPrune"
},
"'\n",
"export LOG_GROUP_NAME='",
{
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"lg"
]
]
},
"'\n",
"export ENABLE_EFS='",
{
"Fn::FindInMap": [
"AWSRegion2AZ",
{
"Ref": "AWS::Region"
},
"EFSSupport"
]
},
"'\n",
"export EFS_ID_REGULAR='",
{
"Fn::If": [
"EFSSupported",
{
"Ref": "FileSystemGP"
},
""
]
},
"'\n",
"export EFS_ID_MAXIO='",
{
"Fn::If": [
"EFSSupported",
{
"Ref": "FileSystemMaxIO"
},
""
]
},
"'\n",
"export DOCKER_EXPERIMENTAL='true' \n",
"export NODE_TYPE='manager'\n",
"export INSTANCE_NAME='ManagerAsg'\n",
"export DOCKERCLOUD_USER='",
{
"Ref": "DockerCloudUsername"
},
"'\n",
"export DOCKERCLOUD_API_KEY='",
{
"Ref": "DockerCloudAPIKey"
},
"'\n",
"export SWARM_NAME='",
{
"Ref": "DockerCloudClusterName"
},
"'\n",
"export INTERNAL_ENDPOINT='",
{
"Fn::GetAtt": [
"ExternalLoadBalancer",
"DNSName"
]
},
"'\n",
"export DOCKERCLOUD_REST_HOST='",
{
"Ref": "DockerCloudRestHost"
},
"'\n",
"export ID_JWT_URL='",
{
"Ref": "DockerIDJWTURL"
},
"'\n",
"export ID_JWK_URL='",
{
"Ref": "DockerIDJWKURL"
},
"'\n",
"echo \"$EXTERNAL_LB\" > /var/lib/docker/swarm/lb_name\n",
"echo \"# hostname : ELB_name\" >> /var/lib/docker/swarm/elb.config\n",
"echo \"127.0.0.1: $EXTERNAL_LB\" >> /var/lib/docker/swarm/elb.config\n",
"echo \"localhost: $EXTERNAL_LB\" >> /var/lib/docker/swarm/elb.config\n",
"echo \"default: $EXTERNAL_LB\" >> /var/lib/docker/swarm/elb.config\n",
"\n",
"echo '{\"experimental\": '$DOCKER_EXPERIMENTAL', \"labels\":[\"os=linux\", \"region='$NODE_REGION'\", \"availability_zone='$NODE_AZ'\", \"instance_type='$INSTANCE_TYPE'\", \"node_type='$NODE_TYPE'\"] ' > /etc/docker/daemon.json\n",
"if [ $ENABLE_CLOUDWATCH_LOGS == 'yes' ] ; then\n",
" echo ', \"log-driver\": \"awslogs\", \"log-opts\": {\"awslogs-group\": \"'$LOG_GROUP_NAME'\", \"tag\": \"{{.Name}}-{{.ID}}\" }}' >> /etc/docker/daemon.json\n",
"else\n",
" echo ' }' >> /etc/docker/daemon.json\n",
"fi\n",
"\n",
"chown -R docker /home/docker/\n",
"chgrp -R docker /home/docker/\n",
"rc-service docker restart\n",
"sleep 5\n",
"\n",
"docker run --label com.docker.editions.system --log-driver=json-file --restart=no -d -e DYNAMODB_TABLE=$DYNAMODB_TABLE -e NODE_TYPE=$NODE_TYPE -e REGION=$AWS_REGION -e STACK_NAME=$STACK_NAME -e STACK_ID=\"$STACK_ID\" -e ACCOUNT_ID=$ACCOUNT_ID -e INSTANCE_NAME=$INSTANCE_NAME -e DOCKER_FOR_IAAS_VERSION=$DOCKER_FOR_IAAS_VERSION -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker -v /var/log:/var/log docker4x/init-aws:$DOCKER_FOR_IAAS_VERSION\n",
"\n",
"docker run --label com.docker.editions.system --log-driver=json-file --name=guide-aws --restart=always -d -e DYNAMODB_TABLE=$DYNAMODB_TABLE -e NODE_TYPE=$NODE_TYPE -e REGION=$AWS_REGION -e STACK_NAME=$STACK_NAME -e INSTANCE_NAME=$INSTANCE_NAME -e VPC_ID=$VPC_ID -e STACK_ID=\"$STACK_ID\" -e ACCOUNT_ID=$ACCOUNT_ID -e SWARM_QUEUE=\"$SWARM_QUEUE\" -e CLEANUP_QUEUE=\"$CLEANUP_QUEUE\" -e RUN_VACUUM=$RUN_VACUUM -e DOCKER_FOR_IAAS_VERSION=$DOCKER_FOR_IAAS_VERSION -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker docker4x/guide-aws:$DOCKER_FOR_IAAS_VERSION\n",
"\n",
"docker volume create --name sshkey\n",
"\n",
"docker run --label com.docker.editions.system --log-driver=json-file -ti --rm --user root -v sshkey:/etc/ssh --entrypoint ssh-keygen docker4x/shell-aws:$DOCKER_FOR_IAAS_VERSION -A\n",
"\n",
"docker run --label com.docker.editions.system --log-driver=json-file --name=shell-aws --restart=always -d -p 22:22 -v /home/docker/:/home/docker/ -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/swarm/lb_name:/var/lib/docker/swarm/lb_name:ro -v /var/lib/docker/swarm/elb.config:/var/lib/docker/swarm/elb.config -v /usr/bin/docker:/usr/bin/docker -v /var/log:/var/log -v sshkey:/etc/ssh -v /etc/passwd:/etc/passwd:ro -v /etc/shadow:/etc/shadow:ro -v /etc/group:/etc/group:ro docker4x/shell-aws:$DOCKER_FOR_IAAS_VERSION\n",
"\n",
"if [ $ENABLE_EFS == 'yes' ] ; then\n",
" docker plugin install --alias cloudstor:aws --grant-all-permissions docker4x/cloudstor:$DOCKER_FOR_IAAS_VERSION CLOUD_PLATFORM=AWS EFS_ID_REGULAR=$EFS_ID_REGULAR EFS_ID_MAXIO=$EFS_ID_MAXIO DEBUG=1\n",
"fi\n",
"docker run --label com.docker.editions.system --log-driver=json-file --name=meta-aws --restart=always -d -p $LOCAL_IP:9024:8080 -e AWS_REGION=$AWS_REGION -e MANAGER_SECURITY_GROUP_ID=$MANAGER_SECURITY_GROUP_ID -e WORKER_SECURITY_GROUP_ID=$WORKER_SECURITY_GROUP_ID -v /var/run/docker.sock:/var/run/docker.sock docker4x/meta-aws:$DOCKER_FOR_IAAS_VERSION metaserver -iaas_provider=aws\n",
"docker run --label com.docker.editions.system --log-driver=json-file --name=l4controller-aws --restart=always -d -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/swarm:/var/lib/docker/swarm docker4x/l4controller-aws:$DOCKER_FOR_IAAS_VERSION run --log=4 --all=true\n",
"IS_LEADER=$(docker node inspect self -f '{{ .ManagerStatus.Leader }}')\n",
"if [ \"$IS_LEADER\" == \"true\" ]; then\n",
" docker run --label com.docker.editions.system --log-driver=json-file --name=cloud-aws --name=cloud_registration -v /var/run/docker.sock:/var/run/docker.sock -e DOCKER_USER=$DOCKERCLOUD_USER -e DOCKER_PASS=$DOCKERCLOUD_API_KEY -e SWARM_NAME=$SWARM_NAME -e INTERNAL_ENDPOINT=$INTERNAL_ENDPOINT -e DOCKERCLOUD_REST_HOST=$DOCKERCLOUD_REST_HOST -e JWT_URL=$ID_JWT_URL -e JWK_URL=$ID_JWK_URL -e DEBUG=true docker4x/cloud-aws:$DOCKER_FOR_IAAS_VERSION\n",
"fi\n"
]
]
}
}
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"ManagerVpcSG": {
"DependsOn": "NodeVpcSG",
"Properties": {
"GroupDescription": "Manager SecurityGroup",
"SecurityGroupIngress": [
{
"CidrIp": "0.0.0.0/0",
"FromPort": "22",
"IpProtocol": "tcp",
"ToPort": "22"
},
{
"FromPort": "2377",
"IpProtocol": "tcp",
"SourceSecurityGroupId": {
"Fn::GetAtt": [
"NodeVpcSG",
"GroupId"
]
},
"ToPort": "2377"
},
{
"FromPort": "4789",
"IpProtocol": "udp",
"SourceSecurityGroupId": {
"Fn::GetAtt": [
"NodeVpcSG",
"GroupId"
]
},
"ToPort": "4789"
},
{
"FromPort": "7946",
"IpProtocol": "tcp",
"SourceSecurityGroupId": {
"Fn::GetAtt": [
"NodeVpcSG",
"GroupId"
]
},
"ToPort": "7946"
},
{
"FromPort": "7946",
"IpProtocol": "udp",
"SourceSecurityGroupId": {
"Fn::GetAtt": [
"NodeVpcSG",
"GroupId"
]
},
"ToPort": "7946"
}
],
"VpcId": {
"Ref": "Vpc"
}
},
"Type": "AWS::EC2::SecurityGroup"
},
"MountTargetGP1": {
"Condition": "EFSSupported",
"DependsOn": [
"FileSystemGP",
"SwarmWideSG"
],
"Properties": {
"FileSystemId": {
"Ref": "FileSystemGP"
},
"SecurityGroups": [
{
"Ref": "SwarmWideSG"
}
],
"SubnetId": {
"Ref": "PubSubnetAz1"
}
},
"Type": "AWS::EFS::MountTarget"
},
"MountTargetGP2": {
"Condition": "EFSSupported",
"DependsOn": [
"FileSystemGP",
"SwarmWideSG"
],
"Properties": {
"FileSystemId": {
"Ref": "FileSystemGP"
},
"SecurityGroups": [
{
"Ref": "SwarmWideSG"
}
],
"SubnetId": {
"Ref": "PubSubnetAz2"
}
},
"Type": "AWS::EFS::MountTarget"
},
"MountTargetGP3": {
"Condition": "EFSSupported",
"DependsOn": [
"FileSystemGP",
"SwarmWideSG"
],
"Properties": {
"FileSystemId": {
"Ref": "FileSystemGP"
},
"SecurityGroups": [
{
"Ref": "SwarmWideSG"
}
],
"SubnetId": {
"Ref": "PubSubnetAz3"
}
},
"Type": "AWS::EFS::MountTarget"
},
"MountTargetMaxIO1": {
"Condition": "EFSSupported",
"DependsOn": [
"FileSystemMaxIO",
"SwarmWideSG"
],
"Properties": {
"FileSystemId": {
"Ref": "FileSystemMaxIO"
},
"SecurityGroups": [
{
"Ref": "SwarmWideSG"
}
],
"SubnetId": {
"Ref": "PubSubnetAz1"
}
},
"Type": "AWS::EFS::MountTarget"
},
"MountTargetMaxIO2": {
"Condition": "EFSSupported",
"DependsOn": [
"FileSystemMaxIO",
"SwarmWideSG"
],
"Properties": {
"FileSystemId": {
"Ref": "FileSystemMaxIO"
},
"SecurityGroups": [
{
"Ref": "SwarmWideSG"
}
],
"SubnetId": {
"Ref": "PubSubnetAz2"
}
},
"Type": "AWS::EFS::MountTarget"
},
"MountTargetMaxIO3": {
"Condition": "EFSSupported",
"DependsOn": [
"FileSystemMaxIO",
"SwarmWideSG"
],
"Properties": {
"FileSystemId": {
"Ref": "FileSystemMaxIO"
},
"SecurityGroups": [
{
"Ref": "SwarmWideSG"
}
],
"SubnetId": {
"Ref": "PubSubnetAz3"
}
},
"Type": "AWS::EFS::MountTarget"
},
"NodeAsg": {
"CreationPolicy": {
"ResourceSignal": {
"Count": {
"Ref": "ClusterSize"
},
"Timeout": "PT2H"
}
},
"DependsOn": "ManagerAsg",
"Properties": {
"DesiredCapacity": {
"Ref": "ClusterSize"
},
"HealthCheckGracePeriod": 300,
"HealthCheckType": "ELB",
"LaunchConfigurationName": {
"Ref": "NodeLaunchConfigAws1"
},
"LoadBalancerNames": [
{
"Ref": "ExternalLoadBalancer"
}
],
"MaxSize": 1000,
"MinSize": 0,
"Tags": [
{
"Key": "Name",
"PropagateAtLaunch": true,
"Value": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"worker"
]
]
}
},
{
"Key": "swarm-node-type",
"PropagateAtLaunch": true,
"Value": "worker"
},
{
"Key": "swarm-stack-id",
"PropagateAtLaunch": true,
"Value": {
"Ref": "AWS::StackId"
}
},
{
"Key": "DOCKER_FOR_AWS_VERSION",
"PropagateAtLaunch": true,
"Value": {
"Fn::FindInMap": [
"DockerForAWS",
"version",
"forAws"
]
}
},
{
"Key": "DOCKER_VERSION",
"PropagateAtLaunch": true,
"Value": {
"Fn::FindInMap": [
"DockerForAWS",
"version",
"docker"
]
}
}
],
"VPCZoneIdentifier": [
{
"Fn::If": [
"HasOnly2AZs",
{
"Fn::Join": [
",",
[
{
"Ref": "PubSubnetAz1"
},
{
"Ref": "PubSubnetAz2"
}
]
]
},
{
"Fn::Join": [
",",
[
{
"Ref": "PubSubnetAz1"
},
{
"Ref": "PubSubnetAz2"
},
{
"Ref": "PubSubnetAz3"
}
]
]
}
]
}
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": {
"Ref": "ClusterSize"
},
"PauseTime": "PT1H",
"WaitOnResourceSignals": "true"
}
}
},
"NodeLaunchConfigAws1": {
"DependsOn": "ManagerAsg",
"Properties": {
"AssociatePublicIpAddress": "true",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvdb",
"Ebs": {
"VolumeSize": {
"Ref": "WorkerDiskSize"
},
"VolumeType": {
"Ref": "WorkerDiskType"
}
}
}
],
"IamInstanceProfile": {
"Ref": "ProxyInstanceProfile"
},
"ImageId": {
"Fn::FindInMap": [
"AWSRegionArch2AMI",
{
"Ref": "AWS::Region"
},
{
"Fn::FindInMap": [
"AWSInstanceType2Arch",
{
"Ref": "InstanceType"
},
"Arch"
]
}
]
},
"InstanceType": {
"Ref": "InstanceType"
},
"KeyName": {
"Ref": "KeyName"
},
"SecurityGroups": [
{
"Ref": "NodeVpcSG"
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/sh\n",
"export EXTERNAL_LB='",
{
"Ref": "ExternalLoadBalancer"
},
"'\n",
"export DOCKER_FOR_IAAS_VERSION='",
{
"Fn::FindInMap": [
"DockerForAWS",
"version",
"forAws"
]
},
"'\n",
"export LOCAL_IP=$(wget -qO- http://169.254.169.254/latest/meta-data/local-ipv4)\n",
"export INSTANCE_TYPE=$(wget -qO- http://169.254.169.254/latest/meta-data/instance-type)\n",
"export NODE_AZ=$(wget -qO- http://169.254.169.254/latest/meta-data/placement/availability-zone/)\n",
"export NODE_REGION=$(echo $NODE_AZ | sed 's/.$//')\n",
"export ENABLE_CLOUDWATCH_LOGS='",
{
"Ref": "EnableCloudWatchLogs"
},
"'\n",
"export AWS_REGION='",
{
"Ref": "AWS::Region"
},
"'\n",
"export MANAGER_SECURITY_GROUP_ID='",
{
"Ref": "ManagerVpcSG"
},
"'\n",
"export WORKER_SECURITY_GROUP_ID='",
{
"Ref": "NodeVpcSG"
},
"'\n",
"export DYNAMODB_TABLE='",
{
"Ref": "SwarmDynDBTable"
},
"'\n",
"export STACK_NAME='",
{
"Ref": "AWS::StackName"
},
"'\n",
"export STACK_ID='",
{
"Ref": "AWS::StackId"
},
"'\n",
"export ACCOUNT_ID='",
{
"Ref": "AWS::AccountId"
},
"'\n",
"export VPC_ID='",
{
"Ref": "Vpc"
},
"'\n",
"export SWARM_QUEUE='",
{
"Ref": "SwarmSQS"
},
"'\n",
"export CLEANUP_QUEUE='",
{
"Ref": "SwarmSQSCleanup"
},
"'\n",
"export RUN_VACUUM='",
{
"Ref": "EnableSystemPrune"
},
"'\n",
"export LOG_GROUP_NAME='",
{
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"lg"
]
]
},
"'\n",
"export ENABLE_EFS='",
{
"Fn::FindInMap": [
"AWSRegion2AZ",
{
"Ref": "AWS::Region"
},
"EFSSupport"
]
},
"'\n",
"export EFS_ID_REGULAR='",
{
"Fn::If": [
"EFSSupported",
{
"Ref": "FileSystemGP"
},
""
]
},
"'\n",
"export EFS_ID_MAXIO='",
{
"Fn::If": [
"EFSSupported",
{
"Ref": "FileSystemMaxIO"
},
""
]
},
"'\n",
"export DOCKER_EXPERIMENTAL='true' \n",
"export NODE_TYPE='worker'\n",
"export INSTANCE_NAME='NodeAsg'\n",
"echo \"$EXTERNAL_LB\" > /var/lib/docker/swarm/lb_name\n",
"echo \"# hostname : ELB_name\" >> /var/lib/docker/swarm/elb.config\n",
"echo \"127.0.0.1: $EXTERNAL_LB\" >> /var/lib/docker/swarm/elb.config\n",
"echo \"localhost: $EXTERNAL_LB\" >> /var/lib/docker/swarm/elb.config\n",
"echo \"default: $EXTERNAL_LB\" >> /var/lib/docker/swarm/elb.config\n",
"\n",
"echo '{\"experimental\": '$DOCKER_EXPERIMENTAL', \"labels\":[\"os=linux\", \"region='$NODE_REGION'\", \"availability_zone='$NODE_AZ'\", \"instance_type='$INSTANCE_TYPE'\", \"node_type='$NODE_TYPE'\"] ' > /etc/docker/daemon.json\n",
"if [ $ENABLE_CLOUDWATCH_LOGS == 'yes' ] ; then\n",
" echo ', \"log-driver\": \"awslogs\", \"log-opts\": {\"awslogs-group\": \"'$LOG_GROUP_NAME'\", \"tag\": \"{{.Name}}-{{.ID}}\" }}' >> /etc/docker/daemon.json\n",
"else\n",
" echo ' }' >> /etc/docker/daemon.json\n",
"fi\n",
"\n",
"chown -R docker /home/docker/\n",
"chgrp -R docker /home/docker/\n",
"rc-service docker restart\n",
"sleep 5\n",
"\n",
"docker run --label com.docker.editions.system --log-driver=json-file --restart=no -d -e DYNAMODB_TABLE=$DYNAMODB_TABLE -e NODE_TYPE=$NODE_TYPE -e REGION=$AWS_REGION -e STACK_NAME=$STACK_NAME -e STACK_ID=\"$STACK_ID\" -e ACCOUNT_ID=$ACCOUNT_ID -e INSTANCE_NAME=$INSTANCE_NAME -e DOCKER_FOR_IAAS_VERSION=$DOCKER_FOR_IAAS_VERSION -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker -v /var/log:/var/log docker4x/init-aws:$DOCKER_FOR_IAAS_VERSION\n",
"\n",
"docker run --label com.docker.editions.system --log-driver=json-file --name=guide-aws --restart=always -d -e DYNAMODB_TABLE=$DYNAMODB_TABLE -e NODE_TYPE=$NODE_TYPE -e REGION=$AWS_REGION -e STACK_NAME=$STACK_NAME -e INSTANCE_NAME=$INSTANCE_NAME -e VPC_ID=$VPC_ID -e STACK_ID=\"$STACK_ID\" -e ACCOUNT_ID=$ACCOUNT_ID -e SWARM_QUEUE=\"$SWARM_QUEUE\" -e CLEANUP_QUEUE=\"$CLEANUP_QUEUE\" -e RUN_VACUUM=$RUN_VACUUM -e DOCKER_FOR_IAAS_VERSION=$DOCKER_FOR_IAAS_VERSION -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker docker4x/guide-aws:$DOCKER_FOR_IAAS_VERSION\n",
"\n",
"docker volume create --name sshkey\n",
"\n",
"docker run --label com.docker.editions.system --log-driver=json-file -ti --rm --user root -v sshkey:/etc/ssh --entrypoint ssh-keygen docker4x/shell-aws:$DOCKER_FOR_IAAS_VERSION -A\n",
"\n",
"docker run --label com.docker.editions.system --log-driver=json-file --name=shell-aws --restart=always -d -p 22:22 -v /home/docker/:/home/docker/ -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/swarm/lb_name:/var/lib/docker/swarm/lb_name:ro -v /var/lib/docker/swarm/elb.config:/var/lib/docker/swarm/elb.config -v /usr/bin/docker:/usr/bin/docker -v /var/log:/var/log -v sshkey:/etc/ssh -v /etc/passwd:/etc/passwd:ro -v /etc/shadow:/etc/shadow:ro -v /etc/group:/etc/group:ro docker4x/shell-aws:$DOCKER_FOR_IAAS_VERSION\n",
"\n",
"if [ $ENABLE_EFS == 'yes' ] ; then\n",
" docker plugin install --alias cloudstor:aws --grant-all-permissions docker4x/cloudstor:$DOCKER_FOR_IAAS_VERSION CLOUD_PLATFORM=AWS EFS_ID_REGULAR=$EFS_ID_REGULAR EFS_ID_MAXIO=$EFS_ID_MAXIO DEBUG=1\n",
"fi\n",
"# Worker user data\n"
]
]
}
}
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"NodeVpcSG": {
"DependsOn": "Vpc",
"Properties": {
"GroupDescription": "Node SecurityGroup",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"FromPort": "8",
"IpProtocol": "icmp",
"ToPort": "0"
},
{
"CidrIp": "0.0.0.0/0",
"FromPort": "0",
"IpProtocol": "udp",
"ToPort": "65535"
},
{
"CidrIp": "0.0.0.0/0",
"FromPort": "0",
"IpProtocol": "tcp",
"ToPort": "2374"
},
{
"CidrIp": "0.0.0.0/0",
"FromPort": "2376",
"IpProtocol": "tcp",
"ToPort": "65535"
}
],
"SecurityGroupIngress": [
{
"CidrIp": {
"Fn::FindInMap": [
"VpcCidrs",
"vpc",
"cidr"
]
},
"FromPort": "0",
"IpProtocol": "-1",
"ToPort": "65535"
}
],
"VpcId": {
"Ref": "Vpc"
}
},
"Type": "AWS::EC2::SecurityGroup"
},
"ProxyInstanceProfile": {
"DependsOn": "ProxyRole",
"Properties": {
"Path": "/",
"Roles": [
{
"Ref": "ProxyRole"
}
]
},
"Type": "AWS::IAM::InstanceProfile"
},
"ProxyPolicies": {
"DependsOn": "ProxyRole",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "elasticloadbalancing:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyName": "elb-update",
"Roles": [
{
"Ref": "ProxyRole"
}
]
},
"Type": "AWS::IAM::Policy"
},
"ProxyRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com",
"autoscaling.amazonaws.com"
]
}
}
],
"Version": "2012-10-17"
},
"Path": "/"
},
"Type": "AWS::IAM::Role"
},
"PubSubnet1RouteTableAssociation": {
"DependsOn": [
"PubSubnetAz1",
"RouteViaIgw"
],
"Properties": {
"RouteTableId": {
"Ref": "RouteViaIgw"
},
"SubnetId": {
"Ref": "PubSubnetAz1"
}
},
"Type": "AWS::EC2::SubnetRouteTableAssociation"
},
"PubSubnet2RouteTableAssociation": {
"DependsOn": [
"PubSubnetAz2",
"RouteViaIgw"
],
"Properties": {
"RouteTableId": {
"Ref": "RouteViaIgw"
},
"SubnetId": {
"Ref": "PubSubnetAz2"
}
},
"Type": "AWS::EC2::SubnetRouteTableAssociation"
},
"PubSubnet3RouteTableAssociation": {
"DependsOn": [
"PubSubnetAz3",
"RouteViaIgw"
],
"Properties": {
"RouteTableId": {
"Ref": "RouteViaIgw"
},
"SubnetId": {
"Ref": "PubSubnetAz3"
}
},
"Type": "AWS::EC2::SubnetRouteTableAssociation"
},
"PubSubnetAz1": {
"DependsOn": "Vpc",
"Properties": {
"AvailabilityZone": {
"Fn::Select": [
{
"Fn::FindInMap": [
"AWSRegion2AZ",
{
"Ref": "AWS::Region"
},
"AZ0"
]
},
{
"Fn::GetAZs": {
"Ref": "AWS::Region"
}
}
]
},
"CidrBlock": {
"Fn::FindInMap": [
"VpcCidrs",
"pubsubnet1",
"cidr"
]
},
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"Subnet1"
]
]
}
}
],
"VpcId": {
"Ref": "Vpc"
}
},
"Type": "AWS::EC2::Subnet"
},
"PubSubnetAz2": {
"DependsOn": "Vpc",
"Properties": {
"AvailabilityZone": {
"Fn::Select": [
{
"Fn::FindInMap": [
"AWSRegion2AZ",
{
"Ref": "AWS::Region"
},
"AZ1"
]
},
{
"Fn::GetAZs": {
"Ref": "AWS::Region"
}
}
]
},
"CidrBlock": {
"Fn::FindInMap": [
"VpcCidrs",
"pubsubnet2",
"cidr"
]
},
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"Subnet2"
]
]
}
}
],
"VpcId": {
"Ref": "Vpc"
}
},
"Type": "AWS::EC2::Subnet"
},
"PubSubnetAz3": {
"DependsOn": "Vpc",
"Properties": {
"AvailabilityZone": {
"Fn::Select": [
{
"Fn::FindInMap": [
"AWSRegion2AZ",
{
"Ref": "AWS::Region"
},
"AZ2"
]
},
{
"Fn::GetAZs": {
"Ref": "AWS::Region"
}
}
]
},
"CidrBlock": {
"Fn::FindInMap": [
"VpcCidrs",
"pubsubnet3",
"cidr"
]
},
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"Subnet3"
]
]
}
}
],
"VpcId": {
"Ref": "Vpc"
}
},
"Type": "AWS::EC2::Subnet"
},
"PublicRouteViaIgw": {
"DependsOn": [
"AttachGateway",
"RouteViaIgw"
],
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "InternetGateway"
},
"RouteTableId": {
"Ref": "RouteViaIgw"
}
},
"Type": "AWS::EC2::Route"
},
"RouteViaIgw": {
"DependsOn": "Vpc",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"RT"
]
]
}
}
],
"VpcId": {
"Ref": "Vpc"
}
},
"Type": "AWS::EC2::RouteTable"
},
"SwarmAPIPolicy": {
"DependsOn": "ProxyRole",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeVpcAttribute",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyName": "swarm-policy",
"Roles": [
{
"Ref": "ProxyRole"
}
]
},
"Type": "AWS::IAM::Policy"
},
"SwarmAutoscalePolicy": {
"DependsOn": "ProxyRole",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "autoscaling:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyName": "swarm-autoscale-policy",
"Roles": [
{
"Ref": "ProxyRole"
}
]
},
"Type": "AWS::IAM::Policy"
},
"SwarmDynDBTable": {
"DependsOn": "ExternalLoadBalancer",
"Properties": {
"AttributeDefinitions": [
{
"AttributeName": "node_type",
"AttributeType": "S"
}
],
"KeySchema": [
{
"AttributeName": "node_type",
"KeyType": "HASH"
}
],
"ProvisionedThroughput": {
"ReadCapacityUnits": 1,
"WriteCapacityUnits": 1
},
"TableName": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"dyndbtable"
]
]
}
},
"Type": "AWS::DynamoDB::Table"
},
"SwarmManagerUpgradeHook": {
"DependsOn": "SwarmSQS",
"Properties": {
"AutoScalingGroupName": {
"Ref": "ManagerAsg"
},
"LifecycleTransition": "autoscaling:EC2_INSTANCE_TERMINATING",
"NotificationTargetARN": {
"Fn::GetAtt": [
"SwarmSQS",
"Arn"
]
},
"RoleARN": {
"Fn::GetAtt": [
"ProxyRole",
"Arn"
]
}
},
"Type": "AWS::AutoScaling::LifecycleHook"
},
"SwarmSQS": {
"Properties": {
"MessageRetentionPeriod": 43200,
"ReceiveMessageWaitTimeSeconds": 10
},
"Type": "AWS::SQS::Queue"
},
"SwarmSQSCleanup": {
"Properties": {
"MessageRetentionPeriod": 43200,
"ReceiveMessageWaitTimeSeconds": 10
},
"Type": "AWS::SQS::Queue"
},
"SwarmSQSCleanupPolicy": {
"DependsOn": [
"ProxyRole",
"SwarmSQSCleanup"
],
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "sqs:*",
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"SwarmSQSCleanup",
"Arn"
]
}
}
],
"Version": "2012-10-17"
},
"PolicyName": "swarm-sqs-cleanup-policy",
"Roles": [
{
"Ref": "ProxyRole"
}
]
},
"Type": "AWS::IAM::Policy"
},
"SwarmSQSPolicy": {
"DependsOn": [
"ProxyRole",
"SwarmSQS"
],
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "sqs:*",
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"SwarmSQS",
"Arn"
]
}
}
],
"Version": "2012-10-17"
},
"PolicyName": "swarm-sqs-policy",
"Roles": [
{
"Ref": "ProxyRole"
}
]
},
"Type": "AWS::IAM::Policy"
},
"SwarmWideSG": {
"DependsOn": "Vpc",
"Properties": {
"GroupDescription": "Swarm wide access",
"SecurityGroupIngress": [
{
"CidrIp": {
"Fn::FindInMap": [
"VpcCidrs",
"vpc",
"cidr"
]
},
"FromPort": "0",
"IpProtocol": "-1",
"ToPort": "65535"
}
],
"VpcId": {
"Ref": "Vpc"
}
},
"Type": "AWS::EC2::SecurityGroup"
},
"SwarmWorkerUpgradeHook": {
"DependsOn": "SwarmSQS",
"Properties": {
"AutoScalingGroupName": {
"Ref": "NodeAsg"
},
"LifecycleTransition": "autoscaling:EC2_INSTANCE_TERMINATING",
"NotificationTargetARN": {
"Fn::GetAtt": [
"SwarmSQS",
"Arn"
]
},
"RoleARN": {
"Fn::GetAtt": [
"ProxyRole",
"Arn"
]
}
},
"Type": "AWS::AutoScaling::LifecycleHook"
},
"Vpc": {
"Properties": {
"CidrBlock": {
"Fn::FindInMap": [
"VpcCidrs",
"vpc",
"cidr"
]
},
"EnableDnsHostnames": "true",
"EnableDnsSupport": "true",
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"VPC"
]
]
}
}
]
},
"Type": "AWS::EC2::VPC"
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment