Skip to content

Instantly share code, notes, and snippets.

@christian-blades-cb

christian-blades-cb/cloudformation-coreos-stable-vpc-hvm.json

Created September 2, 2015 02:06
Show Gist options
  • Save christian-blades-cb/321c63e66503cd3c9ff0 to your computer and use it in GitHub Desktop.
Save christian-blades-cb/321c63e66503cd3c9ff0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cloudformation-coreos-stable-vpc-hvm.json
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "CoreOS on EC2: http://coreos.com/docs/running-coreos/cloud-providers/ec2/",
"Mappings" : {
"RegionMap" : {
"eu-central-1" : {
"AMI" : "ami-bececaa3"
},
"ap-northeast-1" : {
"AMI" : "ami-f2338ff2"
},
"us-gov-west-1" : {
"AMI" : "ami-c75033e4"
},
"sa-east-1" : {
"AMI" : "ami-11e9600c"
},
"ap-southeast-2" : {
"AMI" : "ami-8f88c8b5"
},
"ap-southeast-1" : {
"AMI" : "ami-b6d8d4e4"
},
"us-east-1" : {
"AMI" : "ami-3d73d356"
},
"us-west-2" : {
"AMI" : "ami-85ada4b5"
},
"us-west-1" : {
"AMI" : "ami-1db04f59"
},
"eu-west-1" : {
"AMI" : "ami-0e104179"
}
}
},
"Parameters": {
"InstanceType" : {
"Description" : "EC2 PV instance type (m3.medium, etc).",
"Type" : "String",
"Default" : "m4.xlarge",
"ConstraintDescription" : "Must be a valid EC2 HVM instance type."
},
"ClusterSize": {
"Default": "4",
"MinValue": "3",
"MaxValue": "50",
"Description": "Number of nodes in cluster.",
"Type": "Number"
},
"DiscoveryURL": {
"Description": "An unique etcd cluster discovery URL. Grab a new token from https://discovery.etcd.io/new",
"Type": "String"
},
"AdvertisedIPAddress": {
"Description": "Use 'private' if your etcd cluster is within one region or 'public' if it spans regions or cloud providers.",
"Default": "private",
"AllowedValues": ["private", "public"],
"Type": "String"
},
"AllowSSHFrom": {
"Description": "The net block (CIDR) that SSH is available to.",
"Default": "0.0.0.0/0",
"Type": "String"
},
"KeyPair" : {
"Description" : "The name of an EC2 Key Pair to allow SSH access to the instance.",
"Type" : "AWS::EC2::KeyPair::KeyName"
},
"MyVPC": {
"Description": "VPC in which to launch the cluster.",
"Type": "AWS::EC2::VPC::Id"
},
"SubnetId": {
"Type": "List<AWS::EC2::Subnet::Id>",
"Description": "Subnets in which to launch instances."
},
"SubnetAZs": {
"Default": "us-east-1a,us-east-1c",
"Type": "CommaDelimitedList",
"Description": "AZ(s) that your Subnet(s) support"
},
"LoadBalancerSubnets": {
"Description": "PUBLIC(!) subnets in which to place the Load Balancer",
"Type": "List<AWS::EC2::Subnet::Id>"
},
"LoadBalancerSSLCert": {
"Description": "SSL Cert to associate with your ELB",
"Type": "String"
},
"QuayIORobotKey": {
"Description": "Key for the quay.io robot account (for great deployment!)",
"Type": "String"
}
},
"Resources": {
"LoadBalancerSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "CoreOS LB Security Group",
"VpcId": { "Ref": "MyVPC" },
"SecurityGroupIngress": [
{"IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "CidrIp": "0.0.0.0/0"}
]
}
},
"CoreOSLoadBalancer": {
"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties": {
"CrossZone": true,
"Scheme": "internet-facing",
"Subnets": {"Ref": "LoadBalancerSubnets"},
"SecurityGroups": [ {"Ref": "LoadBalancerSecurityGroup"} ],
"HealthCheck": {
"HealthyThreshold": "10",
"UnhealthyThreshold": "2",
"Timeout": "5",
"Interval": "30",
"Target": "HTTP:8182/v2/status"
},
"Listeners": [
{
"InstancePort": "8181",
"InstanceProtocol": "HTTP",
"LoadBalancerPort": "443",
"Protocol": "HTTPS",
"SSLCertificateId": { "Fn::Join" : [ "", [ "arn:aws:iam::", {"Ref":"AWS::AccountId"}, ":server-certificate/", {"Ref": "LoadBalancerSSLCert"} ] ] }
}
]
}
},
"CoreOSSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "CoreOS SecurityGroup",
"VpcId": { "Ref": "MyVPC" },
"SecurityGroupIngress": [
{"IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": {"Ref": "AllowSSHFrom"}},
{"IpProtocol": "tcp", "FromPort": "8181", "ToPort": "8182", "SourceSecurityGroupId": { "Fn::GetAtt": [ "LoadBalancerSecurityGroup", "GroupId" ] }}
]
}
},
"IngressAllTCP": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": { "Fn::GetAtt": [ "CoreOSSecurityGroup", "GroupId" ] },
"IpProtocol": "tcp",
"FromPort": "0",
"ToPort": "65535",
"SourceSecurityGroupId": { "Fn::GetAtt": [ "CoreOSSecurityGroup", "GroupId" ] }
}
},
"CoreOSServerAutoScale": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"LaunchConfigurationName": {"Ref": "CoreOSServerLaunchConfig"},
"VPCZoneIdentifier": {"Ref": "SubnetId"},
"AvailabilityZones": { "Ref": "SubnetAZs" },
"MinSize": "3",
"MaxSize": "12",
"DesiredCapacity": {"Ref": "ClusterSize"},
"LoadBalancerNames": [{"Ref": "CoreOSLoadBalancer"}],
"Tags": [
{"Key": "Name", "Value": { "Ref" : "AWS::StackName" }, "PropagateAtLaunch": true}
]
}
},
"CoreOSServerLaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},
"InstanceType": {"Ref": "InstanceType"},
"KeyName": {"Ref": "KeyPair"},
"SecurityGroups": [{"Ref": "CoreOSSecurityGroup"}],
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvdb",
"Ebs": {
"DeleteOnTermination": true,
"VolumeType": "gp2",
"VolumeSize": 30
}
},
{
"DeviceName": "/dev/xvdc",
"Ebs": {
"DeleteOnTermination": true,
"VolumeType": "gp2",
"VolumeSize": 30
}
},
{
"DeviceName": "/dev/xvdd",
"Ebs": {
"DeleteOnTermination": true,
"VolumeType": "gp2",
"VolumeSize": 30
}
}
],
"UserData" : { "Fn::Base64":
{ "Fn::Join": [ "", [
"#cloud-config\n\n",
"coreos:\n",
" etcd:\n",
" discovery: ", { "Ref": "DiscoveryURL" }, "\n",
" addr: $", { "Ref": "AdvertisedIPAddress" }, "_ipv4:4001\n",
" peer-addr: $", { "Ref": "AdvertisedIPAddress" }, "_ipv4:7001\n",
" units:\n",
" - name: etcd.service\n",
" command: start\n",
" - name: fleet.service\n",
" command: start\n",
" - name: format-disks.service\n",
" runtime: true\n",
" command: start\n",
" content: |\n",
" [Unit]\n",
" Description=Wipe the EBS devices, only if the first one is not BTRFS yet.\n",
" [Service]\n",
" Type=oneshot\n",
" RemainAfterExit=yes\n",
" ExecStart=/bin/bash -c '(/usr/sbin/blkid -t TYPE=btrfs | grep /dev/xvdb) || (/usr/sbin/wipefs -fa /dev/xvdb && /usr/sbin/wipefs -fa /dev/xvdc && /usr/sbin/wipefs -fa /dev/xvdd && /usr/sbin/mkfs.btrfs -f /dev/xvdb)'\n",
" - name: var-lib-docker.mount\n",
" command: start\n",
" content: |\n",
" [Unit]\n",
" Description=More Storage for Docker\n",
" Requires=format-disks.service\n",
" After=format-disks.service\n",
" Before=docker.service\n",
" [Mount]\n",
" What=/dev/xvdb\n",
" Where=/var/lib/docker\n",
" Type=btrfs\n",
" - name: var-lib-docker-more.service\n",
" runtime: true\n",
" command: start\n",
" content: |\n",
" [Unit]\n",
" Description=Adds 2nd and 3rd EBS volumes to /var/lib/docker\n",
" Requires=format-disks.service\n",
" After=format-disks.service\n",
" RequiresMountsFor=/var/lib/docker\n",
" [Service]\n",
" Type=oneshot\n",
" RemainAfterExit=yes\n",
" ExecStart=/usr/bin/env bash -c '/usr/sbin/btrfs device add /dev/xvdc /var/lib/docker && /usr/sbin/btrfs device add /dev/xvdd /var/lib/docker'\n",
" - name: vulcand.service\n",
" command: start\n",
" content: |\n",
" [Unit]\n",
" Description=vulcand reverse proxy\n",
" Requires=docker.service\n",
" Requires=etcd.service\n",
" After=docker.service\n",
" After=etcd.service\n",
" \n",
" [Service]\n",
" ExecStartPre=-/usr/bin/env docker kill vulcand\n",
" ExecStartPre=-/usr/bin/env docker rm vulcand\n",
" ExecStartPre=/usr/bin/env docker pull christianbladescb/vulcand-coreos\n",
" ExecStart=/usr/bin/env docker run --name vulcand -p 8181:8181 -p 8182:8182 christianbladescb/vulcand-coreos -apiInterface='0.0.0.0' -statsdAddr='172.17.42.1:8185' -statsdPrefix='vulcand.' \n",
" ExecStop=/usr/bin/env docker stop vulcand\n",
" Restart=always\n",
" \n",
" [Install]\n",
" WantedBy=multi-user.target\n",
" \n",
" [X-Fleet]\n",
" Global=true\n",
"write_files:\n",
" - path: /home/core/.dockercfg\n",
" owner: core:core\n",
" permissions: 0644\n",
" content: |\n",
" {\n",
" \"quay.io\": {\n",
" \"auth\": \"", { "Ref": "QuayIORobotKey" }, "\",\n",
" \"email\": \"\"\n",
" }\n",
" }\n"
] ]
}
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment