Skip to content

Instantly share code, notes, and snippets.

@anthroprose
Last active Dec 18, 2015
Embed
What would you like to do?
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Zenoss",
"Parameters": {
"StackName": {
"Description": "Name for Customer",
"Type": "String",
"MinLength": "1",
"MaxLength": "64",
"AllowedPattern": "[-_ a-zA-Z0-9]*",
"ConstraintDescription": "can contain only alphanumeric characters, spaces, dashes and underscores."
},
"GUID": {
"Type": "String",
"Description": "GUID"
},
"InstanceSize": {
"Default": "m1.large",
"Type": "String",
"Description": "Instance Class",
"AllowedValues": [
"m1.large",
"m1.xlarge",
"m2.xlarge",
"m2.2xlarge",
"m2.4xlarge"
],
"ConstraintDescription": "must select a valid instance type."
},
"VolumeSize": {
"Default": "60",
"Type": "String",
"Description": "Size of Storage Volume"
},
"VPCID": {
"Type": "String",
"Description": "VPC ID"
},
"ZONEID": {
"Type": "String",
"Description": "Route53 ZoneID"
},
"Subnets": {
"Type": "String",
"Description": "Subnets"
},
"PublicRouteTable": {
"Type": "String",
"Description": "Public Route Table ID"
},
"RDSName": {
"Type": "String",
"Description": "DNS Entry for the RDS Instance"
},
"RDSPass": {
"Type": "String",
"Description": "Root Password for RDS Instance"
},
"ChefEnvironment": {
"Default": "Alex",
"Type": "String",
"Description": "Chef Environment to Use"
},
"ChefBucket": {
"Default": "zaas-admin-data-artifacts",
"Type": "String",
"Description": "S3 Bucket for Artifacts"
},
"ZenossVersion": {
"Default": "4.2.3-1695",
"Type": "String",
"Description": "Version String for Zenoss"
},
"ZenossPatchset": {
"Default": "zenoss_4.2.3_recommended_patches_r70992.tgz",
"Type": "String",
"Description": "Patchset Filename"
},
"ZenossPristine": {
"Default": "zenoss_4.2.3_pristine_r70992.tgz",
"Type": "String",
"Description": "Pristine Filename"
},
"ZenossImpact": {
"Default": "false",
"Type": "String",
"Description": "True/False for Impact Install"
}
},
"Mappings": {
"AWSRegionArch2Zenoss": {
"us-east-1": {
"64": "ami-54cf5c3d"
},
"us-west-1": {
"64": "ami-1bf9de5e"
},
"us-west-2": {
"64": "ami-2a31bf1a"
},
"eu-west-1": {
"64": "ami-e5e2d991"
},
"sa-east-1": {
"64": "ami-1e08d103"
},
"ap-southeast-1": {
"64": "ami-02eb9350"
},
"ap-southeast-2": {
"64": "ami-bcdf4e86"
},
"ap-northeast-1": {
"64": "ami-4e6cd34f"
}
}
},
"Resources": {
"CustomerSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "VPCID"
},
"GroupDescription": "Customer Security Group",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"DeregQueue": {
"Type": "AWS::SQS::Queue"
},
"DeregTopic": {
"Type": "AWS::SNS::Topic",
"Properties": {
"Subscription": [
{
"Endpoint": {
"Fn::GetAtt": [
"DeregQueue",
"Arn"
]
},
"Protocol": "sqs"
}
]
}
},
"CustomerASGServerGroup": {
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MinInstancesInService": "1",
"MaxBatchSize": "1"
}
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AvailabilityZones": {
"Fn::GetAZs": ""
},
"VPCZoneIdentifier": [
{
"Ref": "Subnets"
}
],
"LaunchConfigurationName": {
"Ref": "CustomerLaunchConfig"
},
"MinSize": "1",
"MaxSize": "1",
"NotificationConfiguration": {
"TopicARN": {
"Ref": "DeregTopic"
},
"NotificationTypes": [
"autoscaling:EC2_INSTANCE_TERMINATE"
]
}
}
},
"CustomerPolicy": {
"Type": "AWS::IAM::Policy",
"Properties": {
"Roles": [
{
"Ref": "CustomerRole"
}
],
"PolicyName": "CustomerPolicy",
"PolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Action": "cloudformation:DescribeStackResource",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"ec2:CreateSnapshot",
"ec2:CreateVolume",
"ec2:AttachVolume",
"ec2:CreateTags",
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:AssignPrivateIpAddresses",
"ec2:AttachNetworkInterface",
"ec2:CreateNetworkInterface",
"ec2:AssociateRouteTable",
"ec2:DescribeRouteTables",
"ec2:DisassociateRouteTable",
"sqs:SendMessage"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
{
"Fn::Join": [
"",
[
"arn:aws:s3:::zaas-customer-",
{
"Ref": "StackName"
}
]
]
},
{
"Fn::Join": [
"",
[
"arn:aws:s3:::zaas-customer-",
{
"Ref": "StackName"
},
"/*"
]
]
}
]
},
{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": [
{
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "ChefBucket"
}
]
]
},
{
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "ChefBucket"
},
"/*"
]
]
}
]
},
{
"Effect": "Allow",
"Action": [
"route53:*"
],
"Resource": [
"*"
]
}
]
}
}
},
"CustomerRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path": "/"
}
},
"CustomerProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [
{
"Ref": "CustomerRole"
}
]
}
},
"CustomerLaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Metadata": {
"AWS::CloudFormation::Init": {
"config": {
"files": {
"/etc/chef/client-attribs.json": {
"content": {
"Fn::Join": [
"",
[
"{\"run_list\": [ \"role[zenoss-cloudformation]\" ], \"cluster\": { \"name\": \"",
{
"Ref": "StackName"
},
"\" }, \"region\":\"",
{
"Ref": "AWS::Region"
},
"\", \"public_route_table\":\"",
{
"Ref": "PublicRouteTable"
},
"\", \"subnets\":\"",
{
"Ref": "Subnets"
},
"\", \"aws\": { \"route53\": { \"zone_id\": \"",
{
"Ref": "ZONEID"
},
"\" }, \"s3\": { \"bucket\":\"",
{
"Ref": "ChefBucket"
},
"\" } }, \"zenoss\": { \"version\": \"",
{
"Ref": "ZenossVersion"
},
"\", \"patchset\": \"",
{
"Ref": "ZenossPatchset"
},
"\", \"pristine\": \"",
{
"Ref": "ZenossPristine"
},
"\", \"impact\": \"",
{
"Ref": "ZenossImpact"
},
"\"}, \"zaas\": { \"name\": \"",
{
"Ref": "StackName"
},
"\", \"guid\":\"",
{
"Ref": "GUID"
},
"\" }, \"mysql\" : { \"server\": { \"role\": \"master\", \"host\": \"",
{
"Ref": "RDSName"
},
"\", \"pass\":\"",
{
"Ref": "RDSPass"
},
"\" } }, \"rabbitmq\" : { \"server\": { \"host\": \"localhost\" } }, \"postfix\" : { \"relayhost\": \"[email-smtp.",
{
"Ref": "AWS::Region"
},
".amazonaws.com]:25\" } }"
]
]
},
"mode": "000644",
"owner": "chef",
"group": "root"
},
"/etc/chef/getcerts.py": {
"content": {
"Fn::Join": [
"",
[
"import boto\n",
"from boto.s3.connection import S3Connection\n",
"s3 = S3Connection()\n",
"bucket = s3.get_bucket('",
{
"Ref": "ChefBucket"
},
"')\n",
"key = bucket.get_key('chef/client.rb')\n",
"key.get_contents_to_filename('/etc/chef/client.rb')\n",
"key = bucket.get_key('chef/zenosssaas-validator.pem')\n",
"key.get_contents_to_filename('/etc/chef/zenosssaas-validator.pem')\n"
]
]
},
"mode": "000754",
"owner": "chef",
"group": "root"
},
"/etc/chef/addnode.sh": {
"content": {
"Fn::Join": [
"",
[
"#!/bin/bash\n",
"echo \"client_key '/etc/chef/",
{
"Ref": "StackName"
},
".pem'\" >> /etc/chef/client.rb\n",
"echo \"node_name '",
{
"Ref": "StackName"
},
"'\" >> /etc/chef/client.rb\n"
]
]
},
"mode": "000754",
"owner": "chef",
"group": "root"
}
}
}
}
},
"Properties": {
"KeyName": {
"Ref": "AWS::Region"
},
"IamInstanceProfile": {
"Fn::GetAtt": [
"CustomerProfile",
"Arn"
]
},
"ImageId": {
"Fn::FindInMap": [
"AWSRegionArch2Zenoss",
{
"Ref": "AWS::Region"
},
"64"
]
},
"SecurityGroups": [
{
"Ref": "CustomerSecurityGroup"
}
],
"InstanceType": {
"Ref": "InstanceSize"
},
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sdh1",
"Ebs": {
"VolumeSize": {
"Ref": "VolumeSize"
}
}
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash -v\n",
"yum update -y aws-cfn-bootstrap\n",
"yum install -y xfsprogs aws-apitools-common aws-apitools-ec2 python python-boto\n",
"#do some chef things before the cfn-init due to order of operations\n",
"/bin/mkdir -p /etc/chef\n",
"/bin/mkdir -p /var/lib/chef\n",
"/bin/mkdir -p /var/log/chef\n",
"/usr/sbin/groupadd chef -r\n",
"/usr/sbin/useradd chef -r -s /bin/sh -d /var/lib/chef -g chef\n",
"/opt/aws/bin/cfn-init -s ",
{
"Ref": "AWS::StackName"
},
" -r CustomerLaunchConfig ",
" --region ",
{
"Ref": "AWS::Region"
},
" || error_exit 'Failed to run cfn-init'\n",
"while [ ! -e /dev/sdh1 ]; do echo waiting for /dev/sdh1 to attach; sleep 10; done\n",
"#install chef client for later\n",
"curl -L http://www.opscode.com/chef/install.sh | bash\n",
"cd /etc/chef\n",
"python /etc/chef/getcerts.py\n",
"bash /etc/chef/addnode.sh\n",
"/bin/chown -R chef:chef /etc/chef\n",
"/usr/bin/chef-client -j /etc/chef/client-attribs.json --once -E ",
{
"Ref": "ChefEnvironment"
},
" >>/var/log/chef-client.log\n"
]
]
}
}
}
}
},
"Outputs": {}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment