Create a gist now

Instantly share code, notes, and snippets.

Embed
Cloud Formation template for deploying the Eucalyptus Management Console on Eucalyptus
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "Deploy Eucalyptus Management Console with ELB, Autoscaling.",
"Parameters" : {
"ImageId" : {
"Description" : "The ID of the image to use for the console",
"Type" : "String",
"ConstraintDescription" : "Must be the ID of a CentOS image on the cloud."
},
"InstanceType" : {
"Description" : "WebServer EC2 instance type",
"Type" : "String",
"Default" : "m1.small",
"AllowedValues" : [ "t1.micro", "t2.micro", "t2.small", "t2.medium", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "c1.medium", "c1.xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "g2.2xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "i2.xlarge", "i2.2xlarge", "i2.4xlarge", "i2.8xlarge", "hi1.4xlarge", "hs1.8xlarge", "cr1.8xlarge", "cc2.8xlarge", "cg1.4xlarge"]
,
"ConstraintDescription" : "must be a valid EC2 instance type."
},
"KeyName" : {
"Description" : "The EC2 Key Pair to allow SSH access to the instances",
"Type" : "String",
"ConstraintDescription" : "must be the name of an existing EC2 KeyPair."
},
"SSLCertArn" : {
"Description" : "The ARN of the uploaded SSL cert to use for the ELB",
"Type" : "String",
"ConstraintDescription" : "Must be the ARN of an SSL cert uploaded to IAM."
},
"SSHLocation" : {
"Description" : "The IP address range that can be used to SSH to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
},
"CloudIP" : {
"Description" : "The IP or DNS name of the cloud front end",
"Type" : "String",
"Default": "10.111.5.150",
"ConstraintDescription" : "Must be either an IP address or DNS name resolvable and reachable from this cloud."
}
},
"Resources" : {
"ConsoleScalingGroup" : {
"Type" : "AWS::AutoScaling::AutoScalingGroup",
"Properties" : {
"AvailabilityZones" : { "Fn::GetAZs" : ""},
"LaunchConfigurationName" : { "Ref" : "ConsoleLaunchConfig" },
"MinSize" : "1",
"DesiredSize" : "1",
"MaxSize" : "3",
"LoadBalancerNames" : [ { "Ref" : "ConsoleELB" } ]
}
},
"ConsoleLaunchConfig" : {
"Type" : "AWS::AutoScaling::LaunchConfiguration",
"Metadata" : {
"Comment" : "Install a simple application"
},
"Properties" : {
"KeyName" : { "Ref" : "KeyName" },
"ImageId" : { "Ref" : "ImageId" },
"SecurityGroups" : [ { "Ref" : "ConsoleSecurityGroup" } ],
"InstanceType" : { "Ref" : "InstanceType" },
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#cloud-config\n",
"# vim: syntax=yaml\n",
"#\n",
"# This config installs the eucalyptus and epel repos, then installs and\n",
"# configures the eucaconsole package\n",
"runcmd:\n",
" - [ yum, -y, install, http://downloads.eucalyptus.com/software/eucalyptus/4.1/centos/6/x86_64/eucalyptus-4.1.0-0.0.23044.8.el6.x86_64.rpm' ]\n",
" - [ yum, -y, install, eucaconsole ]\n",
" - [ sed, -i, 's/localhost/",
{ "Ref" : "CloudIP" },
"/', /etc/eucaconsole/console.ini ]\n",
" - [ sed, -i, 's/secure\\ =\\ false/secure\\ =\\ true/', /etc/eucaconsole/console.ini ]\n",
" - [ service, eucaconsole, restart ]\n",
"write_files:\n",
"- content: |\n",
" [general]\n",
" session.encrypt_key = E8LnF9b8nx5E2kXlmFmM4BjDuesWt4j\n",
" session.validate_key = B0SFBpZ7DMvt4q0uW0hHZCRETGn8MT\n",
" path: /etc/eucaconsole/session-keys.ini\n"
]]}}
}
},
"ConsoleELB" : {
"Type" : "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties" : {
"AvailabilityZones" : { "Fn::GetAZs" : "" },
"CrossZone" : "true",
"Listeners" : [ {
"LoadBalancerPort" : "443",
"InstancePort" : "8888",
"Protocol" : "HTTPS",
"InstanceProtocol" : "HTTP",
"SSLCertificateId" : { "Ref" : "SSLCertArn" }
} ],
"HealthCheck" : {
"Target" : "HTTP:8888/",
"HealthyThreshold" : "3",
"UnhealthyThreshold" : "5",
"Interval" : "30",
"Timeout" : "5"
}
}
},
"ConsoleSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable SSH access and HTTP from the load balancer only",
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"CidrIp" : { "Ref" : "SSHLocation"}
},
{
"IpProtocol" : "tcp",
"FromPort" : "8888",
"ToPort" : "8888",
"SourceSecurityGroupOwnerId" : {"Fn::GetAtt" : ["ConsoleELB", "SourceSecurityGroup.OwnerAlias"]},
"SourceSecurityGroupName" : {"Fn::GetAtt" : ["ConsoleELB", "SourceSecurityGroup.GroupName"]}
} ]
}
}
},
"Outputs" : {
"URL" : {
"Description" : "The URL of the website",
"Value" : { "Fn::Join" : [ "", [ "https://", { "Fn::GetAtt" : [ "ConsoleELB", "DNSName" ]}]]}
}
}
}
@kamalgill

This comment has been minimized.

Show comment
Hide comment
@kamalgill

kamalgill Jan 21, 2015

Why do we need to enable SSH access from the load balancer? Shouldn't we enable HTTPS (port 443) instead?

Why do we need to enable SSH access from the load balancer? Shouldn't we enable HTTPS (port 443) instead?

@kamalgill

This comment has been minimized.

Show comment
Hide comment
@kamalgill

kamalgill Jan 21, 2015

The image constraint description Must be the ID of a CentOS image on the cloud isn't entirely accurate, since the console can run on any RPM-based distro (Fedora, CentOS, RHEL, etc.), right?

The image constraint description Must be the ID of a CentOS image on the cloud isn't entirely accurate, since the console can run on any RPM-based distro (Fedora, CentOS, RHEL, etc.), right?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment