Skip to content

Instantly share code, notes, and snippets.

@lrakai

lrakai/dcos-cf-template-NAT-S3-Access.json

Last active September 18, 2017 16:16
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
DC/OS CloudFormation Template
Raw
dcos-cf-template-NAT-S3-Access.json
{
"Outputs": {
"PublicSlaveDnsAddress": {
"Value": {
"Fn::GetAtt": [
"PublicSlaveLoadBalancer",
"DNSName"
]
},
"Description": "Public slaves"
},
"ExhibitorS3Bucket": {
"Value": {
"Ref": "ExhibitorS3Bucket"
},
"Description": "Exhibitor S3 bucket name"
},
"DnsAddress": {
"Value": {
"Fn::GetAtt": [
"ElasticLoadBalancer",
"DNSName"
]
},
"Description": "Mesos Master"
}
},
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"PrivateOutboundNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"RuleAction": "allow",
"NetworkAclId": {
"Ref": "PrivateNetworkAcl"
},
"PortRange": {
"To": "65535",
"From": "0"
},
"CidrBlock": "0.0.0.0/0",
"RuleNumber": "100",
"Egress": "true",
"Protocol": "-1"
}
},
"SlaveToMasterLBIngress": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"FromPort": "2181",
"GroupId": {
"Ref": "LbSecurityGroup"
},
"SourceSecurityGroupId": {
"Ref": "SlaveSecurityGroup"
},
"IpProtocol": "tcp",
"ToPort": "2181"
}
},
"SlaveToPublicSlaveIngress": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"FromPort": "0",
"GroupId": {
"Ref": "PublicSlaveSecurityGroup"
},
"SourceSecurityGroupId": {
"Ref": "SlaveSecurityGroup"
},
"IpProtocol": "-1",
"ToPort": "65535"
}
},
"SlaveToMasterIngress": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"FromPort": "0",
"GroupId": {
"Ref": "MasterSecurityGroup"
},
"SourceSecurityGroupId": {
"Ref": "SlaveSecurityGroup"
},
"IpProtocol": "-1",
"ToPort": "65535"
}
},
"MasterLaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"IamInstanceProfile": {
"Ref": "MasterInstanceProfile"
},
"SecurityGroups": [
{
"Ref": "MasterSecurityGroup"
},
{
"Ref": "AdminSecurityGroup"
}
],
"KeyName": {
"Ref": "KeyName"
},
"AssociatePublicIpAddress": "true",
"ImageId": {
"Fn::FindInMap": [
"RegionToAmi",
{
"Ref": "AWS::Region"
},
"stable"
]
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#cloud-config",
"\n",
"\"coreos\":",
"\n",
" \"units\":",
"\n",
" - \"command\": |-",
"\n",
" start",
"\n",
" \"content\": |",
"\n",
" [Unit]",
"\n",
" Description=AWS Setup: Formats the /var/lib ephemeral drive",
"\n",
" Before=var-lib.mount dbus.service",
"\n",
" [Service]",
"\n",
" Type=oneshot",
"\n",
" RemainAfterExit=yes",
"\n",
" ExecStart=/bin/bash -c \"(blkid -t TYPE=ext4 | grep xvdb) || (/usr/sbin/mkfs.ext4 -F /dev/xvdb)\"",
"\n",
" \"name\": |-",
"\n",
" format-var-lib-ephemeral.service",
"\n",
" - \"command\": |-",
"\n",
" start",
"\n",
" \"content\": |",
"\n",
" [Unit]",
"\n",
" Description=AWS Setup: Mount /var/lib",
"\n",
" Before=dbus.service",
"\n",
" [Mount]",
"\n",
" What=/dev/xvdb",
"\n",
" Where=/var/lib",
"\n",
" Type=ext4",
"\n",
" \"name\": |-",
"\n",
" var-lib.mount",
"\n",
" - \"command\": |-",
"\n",
" stop",
"\n",
" \"mask\": !!bool |-",
"\n",
" true",
"\n",
" \"name\": |-",
"\n",
" etcd.service",
"\n",
" - \"command\": |-",
"\n",
" stop",
"\n",
" \"mask\": !!bool |-",
"\n",
" true",
"\n",
" \"name\": |-",
"\n",
" update-engine.service",
"\n",
" - \"command\": |-",
"\n",
" stop",
"\n",
" \"mask\": !!bool |-",
"\n",
" true",
"\n",
" \"name\": |-",
"\n",
" locksmithd.service",
"\n",
" - \"command\": |-",
"\n",
" stop",
"\n",
" \"name\": |-",
"\n",
" systemd-resolved.service",
"\n",
" - \"command\": |-",
"\n",
" restart",
"\n",
" \"name\": |-",
"\n",
" systemd-journald.service",
"\n",
" - \"command\": |-",
"\n",
" restart",
"\n",
" \"name\": |-",
"\n",
" docker.service",
"\n",
" - \"command\": |-",
"\n",
" start",
"\n",
" \"content\": |",
"\n",
" [Unit]",
"\n",
" Before=dcos.target",
"\n",
" [Service]",
"\n",
" Type=oneshot",
"\n",
" StandardOutput=journal+console",
"\n",
" StandardError=journal+console",
"\n",
" ExecStartPre=/usr/bin/mkdir -p /etc/profile.d",
"\n",
" ExecStart=/usr/bin/ln -sf /opt/mesosphere/bin/add_dcos_path.sh /etc/profile.d/dcos.sh",
"\n",
" \"name\": |-",
"\n",
" dcos-link-env.service",
"\n",
" - \"content\": |",
"\n",
" [Unit]",
"\n",
" Description=Pkgpanda: Download DC/OS to this host.",
"\n",
" After=network-online.target",
"\n",
" Wants=network-online.target",
"\n",
" ConditionPathExists=!/opt/mesosphere/",
"\n",
" [Service]",
"\n",
" Type=oneshot",
"\n",
" StandardOutput=journal+console",
"\n",
" StandardError=journal+console",
"\n",
" ExecStartPre=/usr/bin/curl --keepalive-time 2 -fLsSv --retry 20 -Y 100000 -y 60 -o /tmp/bootstrap.tar.xz https://downloads.dcos.io/dcos/stable/bootstrap/4d92536e7381176206e71ee15b5ffe454439920c.bootstrap.tar.xz",
"\n",
" ExecStartPre=/usr/bin/mkdir -p /opt/mesosphere",
"\n",
" ExecStart=/usr/bin/tar -axf /tmp/bootstrap.tar.xz -C /opt/mesosphere",
"\n",
" ExecStartPost=-/usr/bin/rm -f /tmp/bootstrap.tar.xz",
"\n",
" \"name\": |-",
"\n",
" dcos-download.service",
"\n",
" - \"command\": |-",
"\n",
" start",
"\n",
" \"content\": |",
"\n",
" [Unit]",
"\n",
" Description=Pkgpanda: Specialize DC/OS for this host.",
"\n",
" Requires=dcos-download.service",
"\n",
" After=dcos-download.service",
"\n",
" [Service]",
"\n",
" Type=oneshot",
"\n",
" StandardOutput=journal+console",
"\n",
" StandardError=journal+console",
"\n",
" EnvironmentFile=/opt/mesosphere/environment",
"\n",
" ExecStart=/opt/mesosphere/bin/pkgpanda setup --no-block-systemd",
"\n",
" [Install]",
"\n",
" WantedBy=multi-user.target",
"\n",
" \"enable\": !!bool |-",
"\n",
" true",
"\n",
" \"name\": |-",
"\n",
" dcos-setup.service",
"\n",
" \"no_block\": !!bool |-",
"\n",
" true",
"\n",
" - \"command\": |-",
"\n",
" start",
"\n",
" \"content\": |-",
"\n",
" [Unit]",
"\n",
" Description=AWS Setup: Signal CloudFormation Success",
"\n",
" ConditionPathExists=!/var/lib/dcos-cfn-signal",
"\n",
" [Service]",
"\n",
" Type=simple",
"\n",
" Restart=on-failure",
"\n",
" StartLimitInterval=0",
"\n",
" RestartSec=15s",
"\n",
" EnvironmentFile=/opt/mesosphere/environment",
"\n",
" EnvironmentFile=/opt/mesosphere/etc/cfn_signal_metadata",
"\n",
" Environment=\"AWS_CFN_SIGNAL_THIS_RESOURCE=MasterServerGroup\"",
"\n",
" ExecStartPre=/bin/ping -c1 leader.mesos",
"\n",
" ExecStartPre=/opt/mesosphere/bin/cfn-signal",
"\n",
" ExecStart=/usr/bin/touch /var/lib/dcos-cfn-signal",
"\n",
" \"name\": |-",
"\n",
" dcos-cfn-signal.service",
"\n",
" \"no_block\": !!bool |-",
"\n",
" true",
"\n",
" \"update\":",
"\n",
" \"reboot-strategy\": |-",
"\n",
" off",
"\n",
"\"write_files\":",
"\n",
"- \"content\": |",
"\n",
" https://downloads.dcos.io/dcos/stable",
"\n",
" \"owner\": |-",
"\n",
" root",
"\n",
" \"path\": |-",
"\n",
" /etc/mesosphere/setup-flags/repository-url",
"\n",
" \"permissions\": |-",
"\n",
" 0644",
"\n",
"- \"content\": |",
"\n",
" ",
{
"Fn::FindInMap": [
"ClusterPackagesJson",
"default",
"default"
]
},
"\n",
" \"owner\": |-",
"\n",
" root",
"\n",
" \"path\": |-",
"\n",
" /etc/mesosphere/setup-flags/cluster-packages.json",
"\n",
" \"permissions\": |-",
"\n",
" 0644",
"\n",
"- \"content\": |",
"\n",
" [Journal]",
"\n",
" MaxLevelConsole=warning",
"\n",
" RateLimitInterval=1s",
"\n",
" RateLimitBurst=20000",
"\n",
" \"owner\": |-",
"\n",
" root",
"\n",
" \"path\": |-",
"\n",
" /etc/systemd/journald.conf.d/dcos.conf",
"\n",
" \"permissions\": |-",
"\n",
" 0644",
"\n",
"- \"content\": |",
"\n",
" libstorage:",
"\n",
" integration:",
"\n",
" volume:",
"\n",
" operations:",
"\n",
" unmount:",
"\n",
" ignoreusedcount: true",
"\n",
" server:",
"\n",
" tasks:",
"\n",
" logTimeout: 5m",
"\n",
" rexray:",
"\n",
" loglevel: info",
"\n",
" service: ebs",
"\n",
" \"path\": |-",
"\n",
" /etc/rexray/config.yml",
"\n",
" \"permissions\": |-",
"\n",
" 0644",
"\n",
"- \"content\": |",
"\n",
" \"bound_values\":",
"\n",
" \"adminrouter_auth_enabled\": |-",
"\n",
" ",
{
"Ref": "OAuthEnabled"
},
"\n",
" \"agent_role\": |-",
"\n",
" ",
{
"Ref": "SlaveRole"
},
"\n",
" \"aws_region\": |-",
"\n",
" ",
{
"Ref": "AWS::Region"
},
"\n",
" \"aws_stack_id\": |-",
"\n",
" ",
{
"Ref": "AWS::StackId"
},
"\n",
" \"aws_stack_name\": |-",
"\n",
" ",
{
"Ref": "AWS::StackName"
},
"\n",
" \"cluster_name\": |-",
"\n",
" ",
{
"Ref": "AWS::StackName"
},
"\n",
" \"exhibitor_address\": |-",
"\n",
" ",
{
"Fn::GetAtt": [
"InternalMasterLoadBalancer",
"DNSName"
]
},
"\n",
" \"master_external_loadbalancer\": |-",
"\n",
" ",
{
"Fn::GetAtt": [
"ElasticLoadBalancer",
"DNSName"
]
},
"\n",
" \"master_role\": |-",
"\n",
" ",
{
"Ref": "MasterRole"
},
"\n",
" \"oauth_enabled\": |-",
"\n",
" ",
{
"Ref": "OAuthEnabled"
},
"\n",
" \"s3_bucket\": |-",
"\n",
" ",
{
"Ref": "ExhibitorS3Bucket"
},
"\n",
" \"s3_prefix\": |-",
"\n",
" ",
{
"Ref": "AWS::StackName"
},
"\n",
" \"late_bound_package_id\": |-",
"\n",
" dcos-provider-d32e054e113b14d97841dd13b974a222976a8d62-aws--setup",
"\n",
" \"owner\": |-",
"\n",
" root",
"\n",
" \"path\": |-",
"\n",
" /etc/mesosphere/setup-flags/late-config.yaml",
"\n",
" \"permissions\": |-",
"\n",
" 0644",
"\n",
"- \"content\": \"\"",
"\n",
" \"path\": |-",
"\n",
" /etc/mesosphere/roles/master",
"\n",
"- \"content\": \"\"",
"\n",
" \"path\": |-",
"\n",
" /etc/mesosphere/roles/aws_master",
"\n",
"- \"content\": \"\"",
"\n",
" \"path\": |-",
"\n",
" /etc/mesosphere/roles/aws",
"\n"
]
]
}
},
"EbsOptimized": {
"Ref": "EbsOptimizedNodes"
},
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sdb",
"VirtualName": "ephemeral0"
}
],
"InstanceType": {
"Ref": "MasterInstanceType"
}
}
},
"PublicSlaveToSlaveIngress": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"FromPort": "0",
"GroupId": {
"Ref": "SlaveSecurityGroup"
},
"SourceSecurityGroupId": {
"Ref": "PublicSlaveSecurityGroup"
},
"IpProtocol": "-1",
"ToPort": "65535"
}
},
"OutboundNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"RuleAction": "allow",
"NetworkAclId": {
"Ref": "PublicNetworkAcl"
},
"PortRange": {
"To": "65535",
"From": "0"
},
"CidrBlock": "0.0.0.0/0",
"RuleNumber": "100",
"Egress": "true",
"Protocol": "-1"
}
},
"PublicSlaveIngressSix": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"FromPort": "5052",
"GroupId": {
"Ref": "PublicSlaveSecurityGroup"
},
"CidrIp": "0.0.0.0/0",
"IpProtocol": "udp",
"ToPort": "32000"
}
},
"NATInstance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"IamInstanceProfile" : {
"Ref": "NatInstanceProfile"
},
"NetworkInterfaces": [
{
"DeleteOnTermination": "true",
"AssociatePublicIpAddress": "true",
"GroupSet": [
{
"Ref": "SlaveSecurityGroup"
},
{
"Ref": "MasterSecurityGroup"
},
{
"Ref": "AdminSecurityGroup"
}
],
"DeviceIndex": "0",
"SubnetId": {
"Ref": "PublicSubnet"
}
}
],
"InstanceType": "m3.medium",
"ImageId": {
"Fn::FindInMap": [
"NATAmi",
{
"Ref": "AWS::Region"
},
"default"
]
},
"SourceDestCheck": "false",
"KeyName": {
"Ref": "KeyName"
},
"Tags": [
{
"Key": "Name",
"Value": "NAT Instance"
}
]
},
"DependsOn": "GatewayToInternet"
},
"PublicSlaveIngressOne": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"FromPort": "0",
"GroupId": {
"Ref": "PublicSlaveSecurityGroup"
},
"CidrIp": "0.0.0.0/0",
"IpProtocol": "tcp",
"ToPort": "21"
}
},
"MasterServerGroup": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"CreationPolicy": {
"ResourceSignal": {
"Count": 1,
"Timeout": {
"Fn::FindInMap": [
"Parameters",
"StackCreationTimeout",
"default"
]
}
}
},
"Properties": {
"MinSize": "1",
"LaunchConfigurationName": {
"Ref": "MasterLaunchConfig"
},
"MaxSize": "1",
"DesiredCapacity": "1",
"Tags": [
{
"PropagateAtLaunch": "true",
"Key": "role",
"Value": "mesos-master"
},
{
"PropagateAtLaunch": "true",
"Key": "Name",
"Value": "Master"
}
],
"VPCZoneIdentifier": [
{
"Ref": "PublicSubnet"
}
],
"AvailabilityZones": [
{
"Fn::GetAtt": [
"PublicSubnet",
"AvailabilityZone"
]
}
],
"LoadBalancerNames": [
{
"Ref": "ElasticLoadBalancer"
},
{
"Ref": "InternalMasterLoadBalancer"
}
]
},
"DependsOn": "GatewayToInternet"
},
"PublicSubnetRouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "PublicRouteTable"
},
"SubnetId": {
"Ref": "PublicSubnet"
}
}
},
"PublicNetworkAcl": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
},
{
"Key": "Network",
"Value": "Public"
}
],
"VpcId": {
"Ref": "Vpc"
}
}
},
"PrivateSubnetNetworkAclAssociation": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "PrivateNetworkAcl"
},
"SubnetId": {
"Ref": "PrivateSubnet"
}
}
},
"PrivateInboundNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"RuleAction": "allow",
"NetworkAclId": {
"Ref": "PrivateNetworkAcl"
},
"PortRange": {
"To": "65535",
"From": "0"
},
"CidrBlock": "0.0.0.0/0",
"RuleNumber": "100",
"Egress": "false",
"Protocol": "-1"
}
},
"ExhibitorS3Bucket": {
"Type": "AWS::S3::Bucket"
},
"ExhibitorS3BucketPolicy": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "ExhibitorS3Bucket"
},
"PolicyDocument": {
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "ExhibitorS3Bucket"
},
"/*"
]
]
},
"Principal": "*"
}
]
}
}
},
"PublicRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "PublicRouteTable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "InternetGateway"
}
},
"DependsOn": "GatewayToInternet"
},
"PublicSlaveLaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"IamInstanceProfile": {
"Ref": "SlaveInstanceProfile"
},
"SecurityGroups": [
{
"Ref": "PublicSlaveSecurityGroup"
}
],
"KeyName": {
"Ref": "KeyName"
},
"AssociatePublicIpAddress": "true",
"ImageId": {
"Fn::FindInMap": [
"RegionToAmi",
{
"Ref": "AWS::Region"
},
"stable"
]
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#cloud-config",
"\n",
"\"coreos\":",
"\n",
" \"units\":",
"\n",
" - \"command\": |-",
"\n",
" start",
"\n",
" \"content\": |",
"\n",
" [Unit]",
"\n",
" Description=AWS Setup: Formats the /var/lib ephemeral drive",
"\n",
" Before=var-lib.mount dbus.service",
"\n",
" [Service]",
"\n",
" Type=oneshot",
"\n",
" RemainAfterExit=yes",
"\n",
" ExecStart=/bin/bash -c \"(blkid -t TYPE=ext4 | grep xvdb) || (/usr/sbin/mkfs.ext4 -F /dev/xvdb)\"",
"\n",
" \"name\": |-",
"\n",
" format-var-lib-ephemeral.service",
"\n",
" - \"command\": |-",
"\n",
" start",
"\n",
" \"content\": |",
"\n",
" [Unit]",
"\n",
" Description=AWS Setup: Mount /var/lib",
"\n",
" Before=dbus.service",
"\n",
" [Mount]",
"\n",
" What=/dev/xvdb",
"\n",
" Where=/var/lib",
"\n",
" Type=ext4",
"\n",
" \"name\": |-",
"\n",
" var-lib.mount",
"\n",
" - \"command\": |-",
"\n",
" stop",
"\n",
" \"mask\": !!bool |-",
"\n",
" true",
"\n",
" \"name\": |-",
"\n",
" etcd.service",
"\n",
" - \"command\": |-",
"\n",
" stop",
"\n",
" \"mask\": !!bool |-",
"\n",
" true",
"\n",
" \"name\": |-",
"\n",
" update-engine.service",
"\n",
" - \"command\": |-",
"\n",
" stop",
"\n",
" \"mask\": !!bool |-",
"\n",
" true",
"\n",
" \"name\": |-",
"\n",
" locksmithd.service",
"\n",
" - \"command\": |-",
"\n",
" stop",
"\n",
" \"name\": |-",
"\n",
" systemd-resolved.service",
"\n",
" - \"command\": |-",
"\n",
" restart",
"\n",
" \"name\": |-",
"\n",
" systemd-journald.service",
"\n",
" - \"command\": |-",
"\n",
" restart",
"\n",
" \"name\": |-",
"\n",
" docker.service",
"\n",
" - \"command\": |-",
"\n",
" start",
"\n",
" \"content\": |",
"\n",
" [Unit]",
"\n",
" Before=dcos.target",
"\n",
" [Service]",
"\n",
" Type=oneshot",
"\n",
" StandardOutput=journal+console",
"\n",
" StandardError=journal+console",
"\n",
" ExecStartPre=/usr/bin/mkdir -p /etc/profile.d",
"\n",
" ExecStart=/usr/bin/ln -sf /opt/mesosphere/bin/add_dcos_path.sh /etc/profile.d/dcos.sh",
"\n",
" \"name\": |-",
"\n",
" dcos-link-env.service",
"\n",
" - \"content\": |",
"\n",
" [Unit]",
"\n",
" Description=Pkgpanda: Download DC/OS to this host.",
"\n",
" After=network-online.target",
"\n",
" Wants=network-online.target",
"\n",
" ConditionPathExists=!/opt/mesosphere/",
"\n",
" [Service]",
"\n",
" Type=oneshot",
"\n",
" StandardOutput=journal+console",
"\n",
" StandardError=journal+console",
"\n",
" ExecStartPre=/usr/bin/curl --keepalive-time 2 -fLsSv --retry 20 -Y 100000 -y 60 -o /tmp/bootstrap.tar.xz https://downloads.dcos.io/dcos/stable/bootstrap/4d92536e7381176206e71ee15b5ffe454439920c.bootstrap.tar.xz",
"\n",
" ExecStartPre=/usr/bin/mkdir -p /opt/mesosphere",
"\n",
" ExecStart=/usr/bin/tar -axf /tmp/bootstrap.tar.xz -C /opt/mesosphere",
"\n",
" ExecStartPost=-/usr/bin/rm -f /tmp/bootstrap.tar.xz",
"\n",
" \"name\": |-",
"\n",
" dcos-download.service",
"\n",
" - \"command\": |-",
"\n",
" start",
"\n",
" \"content\": |",
"\n",
" [Unit]",
"\n",
" Description=Pkgpanda: Specialize DC/OS for this host.",
"\n",
" Requires=dcos-download.service",
"\n",
" After=dcos-download.service",
"\n",
" [Service]",
"\n",
" Type=oneshot",
"\n",
" StandardOutput=journal+console",
"\n",
" StandardError=journal+console",
"\n",
" EnvironmentFile=/opt/mesosphere/environment",
"\n",
" ExecStart=/opt/mesosphere/bin/pkgpanda setup --no-block-systemd",
"\n",
" [Install]",
"\n",
" WantedBy=multi-user.target",
"\n",
" \"enable\": !!bool |-",
"\n",
" true",
"\n",
" \"name\": |-",
"\n",
" dcos-setup.service",
"\n",
" \"no_block\": !!bool |-",
"\n",
" true",
"\n",
" - \"command\": |-",
"\n",
" start",
"\n",
" \"content\": |-",
"\n",
" [Unit]",
"\n",
" Description=AWS Setup: Signal CloudFormation Success",
"\n",
" ConditionPathExists=!/var/lib/dcos-cfn-signal",
"\n",
" [Service]",
"\n",
" Type=simple",
"\n",
" Restart=on-failure",
"\n",
" StartLimitInterval=0",
"\n",
" RestartSec=15s",
"\n",
" EnvironmentFile=/opt/mesosphere/environment",
"\n",
" EnvironmentFile=/opt/mesosphere/etc/cfn_signal_metadata",
"\n",
" Environment=\"AWS_CFN_SIGNAL_THIS_RESOURCE=PublicSlaveServerGroup\"",
"\n",
" ExecStartPre=/bin/ping -c1 leader.mesos",
"\n",
" ExecStartPre=/opt/mesosphere/bin/cfn-signal",
"\n",
" ExecStart=/usr/bin/touch /var/lib/dcos-cfn-signal",
"\n",
" \"name\": |-",
"\n",
" dcos-cfn-signal.service",
"\n",
" \"no_block\": !!bool |-",
"\n",
" true",
"\n",
" \"update\":",
"\n",
" \"reboot-strategy\": |-",
"\n",
" off",
"\n",
"\"write_files\":",
"\n",
"- \"content\": |",
"\n",
" https://downloads.dcos.io/dcos/stable",
"\n",
" \"owner\": |-",
"\n",
" root",
"\n",
" \"path\": |-",
"\n",
" /etc/mesosphere/setup-flags/repository-url",
"\n",
" \"permissions\": |-",
"\n",
" 0644",
"\n",
"- \"content\": |",
"\n",
" ",
{
"Fn::FindInMap": [
"ClusterPackagesJson",
"default",
"default"
]
},
"\n",
" \"owner\": |-",
"\n",
" root",
"\n",
" \"path\": |-",
"\n",
" /etc/mesosphere/setup-flags/cluster-packages.json",
"\n",
" \"permissions\": |-",
"\n",
" 0644",
"\n",
"- \"content\": |",
"\n",
" [Journal]",
"\n",
" MaxLevelConsole=warning",
"\n",
" RateLimitInterval=1s",
"\n",
" RateLimitBurst=20000",
"\n",
" \"owner\": |-",
"\n",
" root",
"\n",
" \"path\": |-",
"\n",
" /etc/systemd/journald.conf.d/dcos.conf",
"\n",
" \"permissions\": |-",
"\n",
" 0644",
"\n",
"- \"content\": |",
"\n",
" libstorage:",
"\n",
" integration:",
"\n",
" volume:",
"\n",
" operations:",
"\n",
" unmount:",
"\n",
" ignoreusedcount: true",
"\n",
" server:",
"\n",
" tasks:",
"\n",
" logTimeout: 5m",
"\n",
" rexray:",
"\n",
" loglevel: info",
"\n",
" service: ebs",
"\n",
" \"path\": |-",
"\n",
" /etc/rexray/config.yml",
"\n",
" \"permissions\": |-",
"\n",
" 0644",
"\n",
"- \"content\": |",
"\n",
" \"bound_values\":",
"\n",
" \"adminrouter_auth_enabled\": |-",
"\n",
" ",
{
"Ref": "OAuthEnabled"
},
"\n",
" \"agent_role\": |-",
"\n",
" ",
{
"Ref": "SlaveRole"
},
"\n",
" \"aws_region\": |-",
"\n",
" ",
{
"Ref": "AWS::Region"
},
"\n",
" \"aws_stack_id\": |-",
"\n",
" ",
{
"Ref": "AWS::StackId"
},
"\n",
" \"aws_stack_name\": |-",
"\n",
" ",
{
"Ref": "AWS::StackName"
},
"\n",
" \"cluster_name\": |-",
"\n",
" ",
{
"Ref": "AWS::StackName"
},
"\n",
" \"exhibitor_address\": |-",
"\n",
" ",
{
"Fn::GetAtt": [
"InternalMasterLoadBalancer",
"DNSName"
]
},
"\n",
" \"master_external_loadbalancer\": |-",
"\n",
" ",
{
"Fn::GetAtt": [
"ElasticLoadBalancer",
"DNSName"
]
},
"\n",
" \"master_role\": |-",
"\n",
" ",
{
"Ref": "MasterRole"
},
"\n",
" \"oauth_enabled\": |-",
"\n",
" ",
{
"Ref": "OAuthEnabled"
},
"\n",
" \"s3_bucket\": |-",
"\n",
" ",
{
"Ref": "ExhibitorS3Bucket"
},
"\n",
" \"s3_prefix\": |-",
"\n",
" ",
{
"Ref": "AWS::StackName"
},
"\n",
" \"late_bound_package_id\": |-",
"\n",
" dcos-provider-d32e054e113b14d97841dd13b974a222976a8d62-aws--setup",
"\n",
" \"owner\": |-",
"\n",
" root",
"\n",
" \"path\": |-",
"\n",
" /etc/mesosphere/setup-flags/late-config.yaml",
"\n",
" \"permissions\": |-",
"\n",
" 0644",
"\n",
"- \"content\": \"\"",
"\n",
" \"path\": |-",
"\n",
" /etc/mesosphere/roles/slave_public",
"\n",
"- \"content\": \"\"",
"\n",
" \"path\": |-",
"\n",
" /etc/mesosphere/roles/aws",
"\n"
]
]
}
},
"EbsOptimized": {
"Ref": "EbsOptimizedNodes"
},
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sdb",
"VirtualName": "ephemeral0"
}
],
"InstanceType": {
"Ref": "PublicSlaveInstanceType"
}
}
},
"SlaveLaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"AssociatePublicIpAddress": "false",
"IamInstanceProfile": {
"Ref": "SlaveInstanceProfile"
},
"SecurityGroups": [
{
"Ref": "SlaveSecurityGroup"
}
],
"KeyName": {
"Ref": "KeyName"
},
"EbsOptimized": {
"Ref": "EbsOptimizedNodes"
},
"ImageId": {
"Fn::FindInMap": [
"RegionToAmi",
{
"Ref": "AWS::Region"
},
"stable"
]
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#cloud-config",
"\n",
"\"coreos\":",
"\n",
" \"units\":",
"\n",
" - \"command\": |-",
"\n",
" start",
"\n",
" \"content\": |",
"\n",
" [Unit]",
"\n",
" Description=AWS Setup: Formats the /var/lib ephemeral drive",
"\n",
" Before=var-lib.mount dbus.service",
"\n",
" [Service]",
"\n",
" Type=oneshot",
"\n",
" RemainAfterExit=yes",
"\n",
" ExecStart=/bin/bash -c \"(blkid -t TYPE=ext4 | grep xvdb) || (/usr/sbin/mkfs.ext4 -F /dev/xvdb)\"",
"\n",
" \"name\": |-",
"\n",
" format-var-lib-ephemeral.service",
"\n",
" - \"command\": |-",
"\n",
" start",
"\n",
" \"content\": |",
"\n",
" [Unit]",
"\n",
" Description=AWS Setup: Mount /var/lib",
"\n",
" Before=dbus.service",
"\n",
" [Mount]",
"\n",
" What=/dev/xvdb",
"\n",
" Where=/var/lib",
"\n",
" Type=ext4",
"\n",
" \"name\": |-",
"\n",
" var-lib.mount",
"\n",
" - \"command\": |-",
"\n",
" stop",
"\n",
" \"mask\": !!bool |-",
"\n",
" true",
"\n",
" \"name\": |-",
"\n",
" etcd.service",
"\n",
" - \"command\": |-",
"\n",
" stop",
"\n",
" \"mask\": !!bool |-",
"\n",
" true",
"\n",
" \"name\": |-",
"\n",
" update-engine.service",
"\n",
" - \"command\": |-",
"\n",
" stop",
"\n",
" \"mask\": !!bool |-",
"\n",
" true",
"\n",
" \"name\": |-",
"\n",
" locksmithd.service",
"\n",
" - \"command\": |-",
"\n",
" stop",
"\n",
" \"name\": |-",
"\n",
" systemd-resolved.service",
"\n",
" - \"command\": |-",
"\n",
" restart",
"\n",
" \"name\": |-",
"\n",
" systemd-journald.service",
"\n",
" - \"command\": |-",
"\n",
" restart",
"\n",
" \"name\": |-",
"\n",
" docker.service",
"\n",
" - \"command\": |-",
"\n",
" start",
"\n",
" \"content\": |",
"\n",
" [Unit]",
"\n",
" Before=dcos.target",
"\n",
" [Service]",
"\n",
" Type=oneshot",
"\n",
" StandardOutput=journal+console",
"\n",
" StandardError=journal+console",
"\n",
" ExecStartPre=/usr/bin/mkdir -p /etc/profile.d",
"\n",
" ExecStart=/usr/bin/ln -sf /opt/mesosphere/bin/add_dcos_path.sh /etc/profile.d/dcos.sh",
"\n",
" \"name\": |-",
"\n",
" dcos-link-env.service",
"\n",
" - \"content\": |",
"\n",
" [Unit]",
"\n",
" Description=Pkgpanda: Download DC/OS to this host.",
"\n",
" After=network-online.target",
"\n",
" Wants=network-online.target",
"\n",
" ConditionPathExists=!/opt/mesosphere/",
"\n",
" [Service]",
"\n",
" Type=oneshot",
"\n",
" StandardOutput=journal+console",
"\n",
" StandardError=journal+console",
"\n",
" ExecStartPre=/usr/bin/curl --keepalive-time 2 -fLsSv --retry 20 -Y 100000 -y 60 -o /tmp/bootstrap.tar.xz https://downloads.dcos.io/dcos/stable/bootstrap/4d92536e7381176206e71ee15b5ffe454439920c.bootstrap.tar.xz",
"\n",
" ExecStartPre=/usr/bin/mkdir -p /opt/mesosphere",
"\n",
" ExecStart=/usr/bin/tar -axf /tmp/bootstrap.tar.xz -C /opt/mesosphere",
"\n",
" ExecStartPost=-/usr/bin/rm -f /tmp/bootstrap.tar.xz",
"\n",
" \"name\": |-",
"\n",
" dcos-download.service",
"\n",
" - \"command\": |-",
"\n",
" start",
"\n",
" \"content\": |",
"\n",
" [Unit]",
"\n",
" Description=Pkgpanda: Specialize DC/OS for this host.",
"\n",
" Requires=dcos-download.service",
"\n",
" After=dcos-download.service",
"\n",
" [Service]",
"\n",
" Type=oneshot",
"\n",
" StandardOutput=journal+console",
"\n",
" StandardError=journal+console",
"\n",
" EnvironmentFile=/opt/mesosphere/environment",
"\n",
" ExecStart=/opt/mesosphere/bin/pkgpanda setup --no-block-systemd",
"\n",
" [Install]",
"\n",
" WantedBy=multi-user.target",
"\n",
" \"enable\": !!bool |-",
"\n",
" true",
"\n",
" \"name\": |-",
"\n",
" dcos-setup.service",
"\n",
" \"no_block\": !!bool |-",
"\n",
" true",
"\n",
" - \"command\": |-",
"\n",
" start",
"\n",
" \"content\": |-",
"\n",
" [Unit]",
"\n",
" Description=AWS Setup: Signal CloudFormation Success",
"\n",
" ConditionPathExists=!/var/lib/dcos-cfn-signal",
"\n",
" [Service]",
"\n",
" Type=simple",
"\n",
" Restart=on-failure",
"\n",
" StartLimitInterval=0",
"\n",
" RestartSec=15s",
"\n",
" EnvironmentFile=/opt/mesosphere/environment",
"\n",
" EnvironmentFile=/opt/mesosphere/etc/cfn_signal_metadata",
"\n",
" Environment=\"AWS_CFN_SIGNAL_THIS_RESOURCE=SlaveServerGroup\"",
"\n",
" ExecStartPre=/bin/ping -c1 leader.mesos",
"\n",
" ExecStartPre=/opt/mesosphere/bin/cfn-signal",
"\n",
" ExecStart=/usr/bin/touch /var/lib/dcos-cfn-signal",
"\n",
" \"name\": |-",
"\n",
" dcos-cfn-signal.service",
"\n",
" \"no_block\": !!bool |-",
"\n",
" true",
"\n",
" \"update\":",
"\n",
" \"reboot-strategy\": |-",
"\n",
" off",
"\n",
"\"write_files\":",
"\n",
"- \"content\": |",
"\n",
" https://downloads.dcos.io/dcos/stable",
"\n",
" \"owner\": |-",
"\n",
" root",
"\n",
" \"path\": |-",
"\n",
" /etc/mesosphere/setup-flags/repository-url",
"\n",
" \"permissions\": |-",
"\n",
" 0644",
"\n",
"- \"content\": |",
"\n",
" ",
{
"Fn::FindInMap": [
"ClusterPackagesJson",
"default",
"default"
]
},
"\n",
" \"owner\": |-",
"\n",
" root",
"\n",
" \"path\": |-",
"\n",
" /etc/mesosphere/setup-flags/cluster-packages.json",
"\n",
" \"permissions\": |-",
"\n",
" 0644",
"\n",
"- \"content\": |",
"\n",
" [Journal]",
"\n",
" MaxLevelConsole=warning",
"\n",
" RateLimitInterval=1s",
"\n",
" RateLimitBurst=20000",
"\n",
" \"owner\": |-",
"\n",
" root",
"\n",
" \"path\": |-",
"\n",
" /etc/systemd/journald.conf.d/dcos.conf",
"\n",
" \"permissions\": |-",
"\n",
" 0644",
"\n",
"- \"content\": |",
"\n",
" libstorage:",
"\n",
" integration:",
"\n",
" volume:",
"\n",
" operations:",
"\n",
" unmount:",
"\n",
" ignoreusedcount: true",
"\n",
" server:",
"\n",
" tasks:",
"\n",
" logTimeout: 5m",
"\n",
" rexray:",
"\n",
" loglevel: info",
"\n",
" service: ebs",
"\n",
" \"path\": |-",
"\n",
" /etc/rexray/config.yml",
"\n",
" \"permissions\": |-",
"\n",
" 0644",
"\n",
"- \"content\": |",
"\n",
" \"bound_values\":",
"\n",
" \"adminrouter_auth_enabled\": |-",
"\n",
" ",
{
"Ref": "OAuthEnabled"
},
"\n",
" \"agent_role\": |-",
"\n",
" ",
{
"Ref": "SlaveRole"
},
"\n",
" \"aws_region\": |-",
"\n",
" ",
{
"Ref": "AWS::Region"
},
"\n",
" \"aws_stack_id\": |-",
"\n",
" ",
{
"Ref": "AWS::StackId"
},
"\n",
" \"aws_stack_name\": |-",
"\n",
" ",
{
"Ref": "AWS::StackName"
},
"\n",
" \"cluster_name\": |-",
"\n",
" ",
{
"Ref": "AWS::StackName"
},
"\n",
" \"exhibitor_address\": |-",
"\n",
" ",
{
"Fn::GetAtt": [
"InternalMasterLoadBalancer",
"DNSName"
]
},
"\n",
" \"master_external_loadbalancer\": |-",
"\n",
" ",
{
"Fn::GetAtt": [
"ElasticLoadBalancer",
"DNSName"
]
},
"\n",
" \"master_role\": |-",
"\n",
" ",
{
"Ref": "MasterRole"
},
"\n",
" \"oauth_enabled\": |-",
"\n",
" ",
{
"Ref": "OAuthEnabled"
},
"\n",
" \"s3_bucket\": |-",
"\n",
" ",
{
"Ref": "ExhibitorS3Bucket"
},
"\n",
" \"s3_prefix\": |-",
"\n",
" ",
{
"Ref": "AWS::StackName"
},
"\n",
" \"late_bound_package_id\": |-",
"\n",
" dcos-provider-d32e054e113b14d97841dd13b974a222976a8d62-aws--setup",
"\n",
" \"owner\": |-",
"\n",
" root",
"\n",
" \"path\": |-",
"\n",
" /etc/mesosphere/setup-flags/late-config.yaml",
"\n",
" \"permissions\": |-",
"\n",
" 0644",
"\n",
"- \"content\": \"\"",
"\n",
" \"path\": |-",
"\n",
" /etc/mesosphere/roles/slave",
"\n",
"- \"content\": \"\"",
"\n",
" \"path\": |-",
"\n",
" /etc/mesosphere/roles/aws",
"\n"
]
]
}
},
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sdb",
"VirtualName": "ephemeral0"
}
],
"InstanceType": {
"Ref": "SlaveInstanceType"
}
}
},
"PrivateSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
},
{
"Key": "Network",
"Value": "Private"
}
],
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": {
"Fn::FindInMap": [
"Parameters",
"PrivateSubnetRange",
"default"
]
}
},
"DependsOn": "Vpc"
},
"PublicSlaveSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"GroupDescription": "Mesos Slaves Public"
}
},
"AdminSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"SecurityGroupIngress": [
{
"FromPort": "22",
"CidrIp": {
"Ref": "AdminLocation"
},
"IpProtocol": "tcp",
"ToPort": "22"
},
{
"FromPort": "80",
"CidrIp": {
"Ref": "AdminLocation"
},
"IpProtocol": "tcp",
"ToPort": "80"
},
{
"FromPort": "443",
"CidrIp": {
"Ref": "AdminLocation"
},
"IpProtocol": "tcp",
"ToPort": "443"
}
],
"GroupDescription": "Enable admin access to servers"
}
},
"SlaveToSlaveIngress": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"FromPort": "0",
"GroupId": {
"Ref": "SlaveSecurityGroup"
},
"SourceSecurityGroupId": {
"Ref": "SlaveSecurityGroup"
},
"IpProtocol": "-1",
"ToPort": "65535"
}
},
"GatewayToInternet": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"InternetGatewayId": {
"Ref": "InternetGateway"
},
"VpcId": {
"Ref": "Vpc"
}
},
"DependsOn": "InternetGateway"
},
"SlaveServerGroup": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"CreationPolicy": {
"ResourceSignal": {
"Count": {
"Ref": "SlaveInstanceCount"
},
"Timeout": {
"Fn::FindInMap": [
"Parameters",
"StackCreationTimeout",
"default"
]
}
}
},
"Properties": {
"MinSize": {
"Ref": "SlaveInstanceCount"
},
"LaunchConfigurationName": {
"Ref": "SlaveLaunchConfig"
},
"MaxSize": {
"Ref": "SlaveInstanceCount"
},
"DesiredCapacity": {
"Ref": "SlaveInstanceCount"
},
"Tags": [
{
"PropagateAtLaunch": "true",
"Key": "role",
"Value": "mesos-slave"
},
{
"PropagateAtLaunch": "true",
"Key": "Name",
"Value": "Private Agent"
}
],
"VPCZoneIdentifier": [
{
"Ref": "PrivateSubnet"
}
],
"AvailabilityZones": [
{
"Fn::GetAtt": [
"PrivateSubnet",
"AvailabilityZone"
]
}
]
},
"DependsOn": [
"PrivateOutboundNetworkAclEntry",
"NATInstance"
]
},
"PrivateRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "PrivateRouteTable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"InstanceId": {
"Ref": "NATInstance"
}
}
},
"PrivateSubnetRouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "PrivateRouteTable"
},
"SubnetId": {
"Ref": "PrivateSubnet"
}
}
},
"DHCPOptions": {
"Type": "AWS::EC2::DHCPOptions",
"Properties": {
"DomainNameServers": [
"AmazonProvidedDNS"
],
"DomainName": {
"Fn::Join": [
"",
[
{
"Ref": "AWS::Region"
},
".compute.internal"
]
]
}
}
},
"MasterRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"Path": "/",
"Policies": [
{
"PolicyName": "root",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "ExhibitorS3Bucket"
},
"/*"
]
]
},
{
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "ExhibitorS3Bucket"
}
]
]
}
],
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:PutObjectAcl"
]
},
{
"Effect": "Allow",
"Action": [
"cloudformation:DescribeChangeSet",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:GetStackPolicy",
"cloudformation:GetTemplate",
"cloudformation:GetTemplateSummary",
"cloudformation:ListChangeSets",
"cloudformation:ListStackResources",
"cloudformation:ListStacks",
"cloudformation:SignalResource"
],
"Resource": [
{
"Ref": "AWS::StackId"
},
{
"Fn::Join": [
"",
[
{
"Ref": "AWS::StackId"
},
"/*"
]
]
}
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeKeyPairs",
"ec2:DescribeSubnets",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeScalingActivities",
"elasticloadbalancing:DescribeLoadBalancers"
],
"Resource": "*"
}
]
}
}
],
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
}
},
"SlaveSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"GroupDescription": "Mesos Slaves"
}
},
"PublicSubnetNetworkAclAssociation": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "PublicNetworkAcl"
},
"SubnetId": {
"Ref": "PublicSubnet"
}
}
},
"PublicSlaveToPublicSlaveIngress": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"FromPort": "0",
"GroupId": {
"Ref": "PublicSlaveSecurityGroup"
},
"SourceSecurityGroupId": {
"Ref": "PublicSlaveSecurityGroup"
},
"IpProtocol": "-1",
"ToPort": "65535"
}
},
"InboundNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"RuleAction": "allow",
"NetworkAclId": {
"Ref": "PublicNetworkAcl"
},
"PortRange": {
"To": "65535",
"From": "0"
},
"CidrBlock": "0.0.0.0/0",
"RuleNumber": "100",
"Egress": "false",
"Protocol": "-1"
}
},
"Vpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
},
{
"Key": "Network",
"Value": "Public"
}
],
"EnableDnsHostnames": "true",
"EnableDnsSupport": "true",
"CidrBlock": {
"Fn::FindInMap": [
"Parameters",
"VPCSubnetRange",
"default"
]
}
}
},
"VPCDHCPOptionsAssociation": {
"Type": "AWS::EC2::VPCDHCPOptionsAssociation",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"DhcpOptionsId": {
"Ref": "DHCPOptions"
}
},
"DependsOn": "Vpc"
},
"PublicSlaveServerGroup": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"CreationPolicy": {
"ResourceSignal": {
"Count": {
"Ref": "PublicSlaveInstanceCount"
},
"Timeout": {
"Fn::FindInMap": [
"Parameters",
"StackCreationTimeout",
"default"
]
}
}
},
"Properties": {
"MinSize": {
"Ref": "PublicSlaveInstanceCount"
},
"LaunchConfigurationName": {
"Ref": "PublicSlaveLaunchConfig"
},
"MaxSize": {
"Ref": "PublicSlaveInstanceCount"
},
"DesiredCapacity": {
"Ref": "PublicSlaveInstanceCount"
},
"Tags": [
{
"PropagateAtLaunch": "true",
"Key": "role",
"Value": "mesos-slave"
},
{
"PropagateAtLaunch": "true",
"Key": "Name",
"Value": "Public Agent"
}
],
"VPCZoneIdentifier": [
{
"Ref": "PublicSubnet"
}
],
"AvailabilityZones": [
{
"Fn::GetAtt": [
"PublicSubnet",
"AvailabilityZone"
]
}
],
"LoadBalancerNames": [
{
"Ref": "PublicSlaveLoadBalancer"
}
]
},
"DependsOn": "GatewayToInternet"
},
"InternetGateway": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
},
{
"Key": "Network",
"Value": "Public"
}
]
},
"DependsOn": "Vpc"
},
"PublicSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
},
{
"Key": "Network",
"Value": "Public"
}
],
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": {
"Fn::FindInMap": [
"Parameters",
"PublicSubnetRange",
"default"
]
}
},
"DependsOn": "Vpc"
},
"PublicSlaveToMasterIngress": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"FromPort": "0",
"GroupId": {
"Ref": "MasterSecurityGroup"
},
"SourceSecurityGroupId": {
"Ref": "PublicSlaveSecurityGroup"
},
"IpProtocol": "-1",
"ToPort": "65535"
}
},
"LbSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"GroupDescription": "Mesos Master LB"
}
},
"PrivateNetworkAcl": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
},
{
"Key": "Network",
"Value": "Public"
}
],
"VpcId": {
"Ref": "Vpc"
}
}
},
"MasterToSlaveIngress": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"FromPort": "0",
"GroupId": {
"Ref": "SlaveSecurityGroup"
},
"SourceSecurityGroupId": {
"Ref": "MasterSecurityGroup"
},
"IpProtocol": "-1",
"ToPort": "65535"
}
},
"ElasticLoadBalancer": {
"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties": {
"HealthCheck": {
"HealthyThreshold": "2",
"Interval": "30",
"UnhealthyThreshold": "2",
"Timeout": "5",
"Target": "TCP:5050"
},
"Listeners": [
{
"InstanceProtocol": "TCP",
"Protocol": "TCP",
"LoadBalancerPort": "80",
"InstancePort": "80"
},
{
"InstanceProtocol": "TCP",
"Protocol": "TCP",
"LoadBalancerPort": "443",
"InstancePort": "443"
}
],
"Subnets": [
{
"Ref": "PublicSubnet"
}
],
"SecurityGroups": [
{
"Ref": "LbSecurityGroup"
},
{
"Ref": "AdminSecurityGroup"
}
]
},
"DependsOn": "GatewayToInternet"
},
"PublicSlaveIngressThree": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"FromPort": "5052",
"GroupId": {
"Ref": "PublicSlaveSecurityGroup"
},
"CidrIp": "0.0.0.0/0",
"IpProtocol": "tcp",
"ToPort": "32000"
}
},
"PublicSlaveIngressFive": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"FromPort": "23",
"GroupId": {
"Ref": "PublicSlaveSecurityGroup"
},
"CidrIp": "0.0.0.0/0",
"IpProtocol": "udp",
"ToPort": "5050"
}
},
"PublicSlaveIngressFour": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"FromPort": "0",
"GroupId": {
"Ref": "PublicSlaveSecurityGroup"
},
"CidrIp": "0.0.0.0/0",
"IpProtocol": "udp",
"ToPort": "21"
}
},
"PublicSlaveIngressTwo": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"FromPort": "23",
"GroupId": {
"Ref": "PublicSlaveSecurityGroup"
},
"CidrIp": "0.0.0.0/0",
"IpProtocol": "tcp",
"ToPort": "5050"
}
},
"PrivateRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
},
{
"Key": "Network",
"Value": "Public"
}
],
"VpcId": {
"Ref": "Vpc"
}
}
},
"NatRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"Policies": [
{
"PolicyName": "NAT",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
{
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "ExhibitorS3Bucket"
}
]
]
}
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
{
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "ExhibitorS3Bucket"
},
"/*"
]
]
}
]
}
]
}
}
],
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
}
},
"SlaveRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"Policies": [
{
"PolicyName": "Slaves",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudformation:DescribeChangeSet",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:GetStackPolicy",
"cloudformation:GetTemplate",