Create a gist now

Instantly share code, notes, and snippets.

Cloud Formation template for deploying the Eucalyptus Management Console on Eucalyptus
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "Deploy Eucalyptus Management Console with ELB, Autoscaling.",
"Parameters" : {
"ImageId" : {
"Description" : "The ID of the image to use for the console",
"Type" : "String",
"ConstraintDescription" : "Must be the ID of a CentOS image on the cloud."
},
"InstanceType" : {
"Description" : "WebServer EC2 instance type",
"Type" : "String",
"Default" : "m1.small",
"AllowedValues" : [ "t1.micro", "t2.micro", "t2.small", "t2.medium", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "c1.medium", "c1.xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "g2.2xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "i2.xlarge", "i2.2xlarge", "i2.4xlarge", "i2.8xlarge", "hi1.4xlarge", "hs1.8xlarge", "cr1.8xlarge", "cc2.8xlarge", "cg1.4xlarge"]
,
"ConstraintDescription" : "must be a valid EC2 instance type."
},
"KeyName" : {
"Description" : "The EC2 Key Pair to allow SSH access to the instances",
"Type" : "String",
"ConstraintDescription" : "must be the name of an existing EC2 KeyPair."
},
"SSLCertArn" : {
"Description" : "The ARN of the uploaded SSL cert to use for the ELB",
"Type" : "String",
"ConstraintDescription" : "Must be the ARN of an SSL cert uploaded to IAM."
},
"SSHLocation" : {
"Description" : "The IP address range that can be used to SSH to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
},
"CloudIP" : {
"Description" : "The IP or DNS name of the cloud front end",
"Type" : "String",
"Default": "10.111.5.150",
"ConstraintDescription" : "Must be either an IP address or DNS name resolvable and reachable from this cloud."
}
},
"Resources" : {
"ConsoleScalingGroup" : {
"Type" : "AWS::AutoScaling::AutoScalingGroup",
"Properties" : {
"AvailabilityZones" : { "Fn::GetAZs" : ""},
"LaunchConfigurationName" : { "Ref" : "ConsoleLaunchConfig" },
"MinSize" : "1",
"DesiredSize" : "1",
"MaxSize" : "3",
"LoadBalancerNames" : [ { "Ref" : "ConsoleELB" } ]
}
},
"ConsoleLaunchConfig" : {
"Type" : "AWS::AutoScaling::LaunchConfiguration",
"Metadata" : {
"Comment" : "Install a simple application"
},
"Properties" : {
"KeyName" : { "Ref" : "KeyName" },
"ImageId" : { "Ref" : "ImageId" },
"SecurityGroups" : [ { "Ref" : "ConsoleSecurityGroup" } ],
"InstanceType" : { "Ref" : "InstanceType" },
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#cloud-config\n",
"# vim: syntax=yaml\n",
"#\n",
"# This config installs the eucalyptus and epel repos, then installs and\n",
"# configures the eucaconsole package\n",
"runcmd:\n",
" - [ yum, -y, install, http://downloads.eucalyptus.com/software/eucalyptus/4.1/centos/6/x86_64/eucalyptus-4.1.0-0.0.23044.8.el6.x86_64.rpm' ]\n",
" - [ yum, -y, install, eucaconsole ]\n",
" - [ sed, -i, 's/localhost/",
{ "Ref" : "CloudIP" },
"/', /etc/eucaconsole/console.ini ]\n",
" - [ sed, -i, 's/secure\\ =\\ false/secure\\ =\\ true/', /etc/eucaconsole/console.ini ]\n",
" - [ service, eucaconsole, restart ]\n",
"write_files:\n",
"- content: |\n",
" [general]\n",
" session.encrypt_key = E8LnF9b8nx5E2kXlmFmM4BjDuesWt4j\n",
" session.validate_key = B0SFBpZ7DMvt4q0uW0hHZCRETGn8MT\n",
" path: /etc/eucaconsole/session-keys.ini\n"
]]}}
}
},
"ConsoleELB" : {
"Type" : "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties" : {
"AvailabilityZones" : { "Fn::GetAZs" : "" },
"CrossZone" : "true",
"Listeners" : [ {
"LoadBalancerPort" : "443",
"InstancePort" : "8888",
"Protocol" : "HTTPS",
"InstanceProtocol" : "HTTP",
"SSLCertificateId" : { "Ref" : "SSLCertArn" }
} ],
"HealthCheck" : {
"Target" : "HTTP:8888/",
"HealthyThreshold" : "3",
"UnhealthyThreshold" : "5",
"Interval" : "30",
"Timeout" : "5"
}
}
},
"ConsoleSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable SSH access and HTTP from the load balancer only",
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"CidrIp" : { "Ref" : "SSHLocation"}
},
{
"IpProtocol" : "tcp",
"FromPort" : "8888",
"ToPort" : "8888",
"SourceSecurityGroupOwnerId" : {"Fn::GetAtt" : ["ConsoleELB", "SourceSecurityGroup.OwnerAlias"]},
"SourceSecurityGroupName" : {"Fn::GetAtt" : ["ConsoleELB", "SourceSecurityGroup.GroupName"]}
} ]
}
}
},
"Outputs" : {
"URL" : {
"Description" : "The URL of the website",
"Value" : { "Fn::Join" : [ "", [ "https://", { "Fn::GetAtt" : [ "ConsoleELB", "DNSName" ]}]]}
}
}
}
@kamalgill

Why do we need to enable SSH access from the load balancer? Shouldn't we enable HTTPS (port 443) instead?

@kamalgill

The image constraint description Must be the ID of a CentOS image on the cloud isn't entirely accurate, since the console can run on any RPM-based distro (Fedora, CentOS, RHEL, etc.), right?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment