rok/jh.yml

## jh.yml
# To run:
# aws cloudformation create-stack \
# --template-body file://jh.yml \
# --profile <YOUR_USER_PROFILE> \
# --stack-name jupyterhub \
# --parameters ParameterKey=KeyName,ParameterValue=<YOUR_KEYPAIR_NAME> \
#              ParameterKey=InstanceType,ParameterValue=t2.micro

Parameters:
  KeyName:
    Type: "AWS::EC2::KeyPair::KeyName"
    Description: Amazon EC2 Key Pair
  InstanceType:
    Type: String
    Default: t2.micro
    Description: Enter t2.micro, m1.small, or m1.large, etc.

Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.1.0.0/16
      Tags:
        - Key: Application
          Value: !Ref AWS::StackId
        - Key: Network
          Value: Public

  PublicSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      MapPublicIpOnLaunch: true
      CidrBlock: 10.1.0.0/16
      Tags:
        - Key: Application
          Value: !Ref AWS::StackId
        - Key: Network
          Value: Public
    DependsOn: VPC

  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access via port 22 and HTTPS via 443
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIp: 0.0.0.0/0

  InternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Application
          Value: !Ref AWS::StackId
        - Key: Network
          Value: Public

  GatewayToInternet:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway

  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
        - Key: Application
          Value: !Ref AWS::StackId
        - Key: Network
          Value: Public

  PublicRoute:
    Type: AWS::EC2::Route
    DependsOn: GatewayToInternet
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway

  PublicSubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet
      RouteTableId: !Ref PublicRouteTable

  EC2Instance:
    Type: AWS::EC2::Instance

    Metadata:
      AWS::CloudFormation::Init:
        configSets:
          default:
          - create-files
          - run-commands

        create-files:
          files:
            /etc/supervisor/conf.d/jupyterhub.conf:
              content: |
                # /etc/supervisor/conf.d/jupyterhub.conf
                [program:jupyterhub]
                command=bash launch.sh
                directory=/srv/jupyterhub
                autostart=true
                autorestart=true
                startretries=3
                exitcode=0,2
                stopsignal=TERM
                redirect_stderr=true
                stdout_logfile=/var/log/jupyterhub.log
                stdout_logfile_maxbytes=1MB
                stdout_logfile_backups=10
                user=root

            /srv/jupyterhub/launch.sh:
              content: |
                #!/usr/bin/env bashpen
                # /srv/jupyterhub/launch.sh
                source /srv/jupyterhub/env/jupyterhub/bin/activate
                set -e
                exec jupyterhub -f ./jupyterhub_config.py $@

            /srv/jupyterhub/jupyterhub_config.py:
              content: |
                # /srv/jupyterhub/jupyterhub_config.py

                import os
                pjoin = os.path.join

                c = get_config()

                runtime_dir = os.path.join('/srv/jupyterhub')
                ssl_dir = pjoin(runtime_dir, 'ssl')

                c.JupyterHub.ip = '0.0.0.0'
                c.JupyterHub.port = 443
                c.JupyterHub.ssl_key = pjoin(ssl_dir, 'ssl.key')
                c.JupyterHub.ssl_cert = pjoin(ssl_dir, 'ssl.cert')
                c.JupyterHub.cookie_secret_file = pjoin(runtime_dir, 'jupyterhub_cookie_secret')
                c.JupyterHub.db_url = pjoin(runtime_dir, 'jupyterhub.sqlite')

                c.Authenticator.admin_users = {'ubuntu'}
                c.LocalAuthenticator.create_system_users = True
                c.JupyterHub.admin_access = True

        run-commands:
          commands:
            '1':
              command: echo $(hostname -I | cut -d\  -f1) $(hostname) | sudo tee -a /etc/hosts
            '2':
              command: |
                sudo DEBIAN_FRONTEND=noninteractive apt -y     \
                  -o Dpkg::Options::="--force-confdef"         \
                  -o Dpkg::Options::="--force-confold" upgrade
            '3':
              command: sudo apt -y install supervisor npm nodejs-legacy python3-pip
            '4':
              command: mkdir /srv/jupyterhub/ssl
            '5':
              command: |
                sudo openssl req -newkey rsa:2048 -nodes -x509 \
                  -keyout /srv/jupyterhub/ssl/ssl.key          \
                  -out /srv/jupyterhub/ssl/ssl.cert            \
                  -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"
            '6':
              command: sudo npm install -g configurable-http-proxy
            '7':
              command: sudo -H pip3 install --system notebook jupyterhub
            '8':
              command: sudo setcap 'cap_net_bind_service=+ep' $(readlink -f $(which node))
            '9':
              command: sudo supervisorctl start jupyterhub

    Properties:
      UserData:
        Fn::Base64: !Sub |
          #!bin/bash -xe

          sudo apt-get update
          sudo apt -y install python-setuptools
          sudo easy_install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz
          sudo /usr/local/bin/cfn-init -v --stack ${AWS::StackId} --resource EC2Instance --region ${AWS::Region}
          sudo /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackId} --resource EC2Instance --region ${AWS::Region}

      ImageId: ami-785db401
      InstanceType: !Ref InstanceType
      KeyName: !Ref KeyName
      SubnetId: !Ref PublicSubnet
      SecurityGroupIds:
        - !Ref InstanceSecurityGroup

      BlockDeviceMappings:
      - DeviceName: /dev/sda1
        Ebs:
          VolumeSize: 200

      Tags:
        - Key: Name
          Value: !Ref AWS::StackName

    DependsOn:
      - PublicSubnet
      - InstanceSecurityGroup
	# To run:
	# aws cloudformation create-stack \
	# --template-body file://jh.yml \
	# --profile <YOUR_USER_PROFILE> \
	# --stack-name jupyterhub \
	# --parameters ParameterKey=KeyName,ParameterValue=<YOUR_KEYPAIR_NAME> \
	# ParameterKey=InstanceType,ParameterValue=t2.micro

	Parameters:
	KeyName:
	Type: "AWS::EC2::KeyPair::KeyName"
	Description: Amazon EC2 Key Pair
	InstanceType:
	Type: String
	Default: t2.micro
	Description: Enter t2.micro, m1.small, or m1.large, etc.

	Resources:
	VPC:
	Type: AWS::EC2::VPC
	Properties:
	CidrBlock: 10.1.0.0/16
	Tags:
	- Key: Application
	Value: !Ref AWS::StackId
	- Key: Network
	Value: Public

	PublicSubnet:
	Type: AWS::EC2::Subnet
	Properties:
	VpcId: !Ref VPC
	MapPublicIpOnLaunch: true
	CidrBlock: 10.1.0.0/16
	Tags:
	- Key: Application
	Value: !Ref AWS::StackId
	- Key: Network
	Value: Public
	DependsOn: VPC

	InstanceSecurityGroup:
	Type: AWS::EC2::SecurityGroup
	Properties:
	GroupDescription: Enable SSH access via port 22 and HTTPS via 443
	VpcId: !Ref VPC
	SecurityGroupIngress:
	- IpProtocol: tcp
	FromPort: 22
	ToPort: 22
	CidrIp: 0.0.0.0/0
	- IpProtocol: tcp
	FromPort: 443
	ToPort: 443
	CidrIp: 0.0.0.0/0

	InternetGateway:
	Type: AWS::EC2::InternetGateway
	Properties:
	Tags:
	- Key: Application
	Value: !Ref AWS::StackId
	- Key: Network
	Value: Public

	GatewayToInternet:
	Type: AWS::EC2::VPCGatewayAttachment
	Properties:
	VpcId: !Ref VPC
	InternetGatewayId: !Ref InternetGateway

	PublicRouteTable:
	Type: AWS::EC2::RouteTable
	Properties:
	VpcId: !Ref VPC
	Tags:
	- Key: Application
	Value: !Ref AWS::StackId
	- Key: Network
	Value: Public

	PublicRoute:
	Type: AWS::EC2::Route
	DependsOn: GatewayToInternet
	Properties:
	RouteTableId: !Ref PublicRouteTable
	DestinationCidrBlock: 0.0.0.0/0
	GatewayId: !Ref InternetGateway

	PublicSubnetRouteTableAssociation:
	Type: AWS::EC2::SubnetRouteTableAssociation
	Properties:
	SubnetId: !Ref PublicSubnet
	RouteTableId: !Ref PublicRouteTable

	EC2Instance:
	Type: AWS::EC2::Instance

	Metadata:
	AWS::CloudFormation::Init:
	configSets:
	default:
	- create-files
	- run-commands

	create-files:
	files:
	/etc/supervisor/conf.d/jupyterhub.conf:
	content: \|
	# /etc/supervisor/conf.d/jupyterhub.conf
	[program:jupyterhub]
	command=bash launch.sh
	directory=/srv/jupyterhub
	autostart=true
	autorestart=true
	startretries=3
	exitcode=0,2
	stopsignal=TERM
	redirect_stderr=true
	stdout_logfile=/var/log/jupyterhub.log
	stdout_logfile_maxbytes=1MB
	stdout_logfile_backups=10
	user=root

	/srv/jupyterhub/launch.sh:
	content: \|
	#!/usr/bin/env bashpen
	# /srv/jupyterhub/launch.sh
	source /srv/jupyterhub/env/jupyterhub/bin/activate
	set -e
	exec jupyterhub -f ./jupyterhub_config.py $@

	/srv/jupyterhub/jupyterhub_config.py:
	content: \|
	# /srv/jupyterhub/jupyterhub_config.py

	import os
	pjoin = os.path.join

	c = get_config()

	runtime_dir = os.path.join('/srv/jupyterhub')
	ssl_dir = pjoin(runtime_dir, 'ssl')

	c.JupyterHub.ip = '0.0.0.0'
	c.JupyterHub.port = 443
	c.JupyterHub.ssl_key = pjoin(ssl_dir, 'ssl.key')
	c.JupyterHub.ssl_cert = pjoin(ssl_dir, 'ssl.cert')
	c.JupyterHub.cookie_secret_file = pjoin(runtime_dir, 'jupyterhub_cookie_secret')
	c.JupyterHub.db_url = pjoin(runtime_dir, 'jupyterhub.sqlite')

	c.Authenticator.admin_users = {'ubuntu'}
	c.LocalAuthenticator.create_system_users = True
	c.JupyterHub.admin_access = True

	run-commands:
	commands:
	'1':
	command: echo $(hostname -I \| cut -d\ -f1) $(hostname) \| sudo tee -a /etc/hosts
	'2':
	command: \|
	sudo DEBIAN_FRONTEND=noninteractive apt -y \
	-o Dpkg::Options::="--force-confdef" \
	-o Dpkg::Options::="--force-confold" upgrade
	'3':
	command: sudo apt -y install supervisor npm nodejs-legacy python3-pip
	'4':
	command: mkdir /srv/jupyterhub/ssl
	'5':
	command: \|
	sudo openssl req -newkey rsa:2048 -nodes -x509 \
	-keyout /srv/jupyterhub/ssl/ssl.key \
	-out /srv/jupyterhub/ssl/ssl.cert \
	-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"
	'6':
	command: sudo npm install -g configurable-http-proxy
	'7':
	command: sudo -H pip3 install --system notebook jupyterhub
	'8':
	command: sudo setcap 'cap_net_bind_service=+ep' $(readlink -f $(which node))
	'9':
	command: sudo supervisorctl start jupyterhub

	Properties:
	UserData:
	Fn::Base64: !Sub \|
	#!bin/bash -xe

	sudo apt-get update
	sudo apt -y install python-setuptools
	sudo easy_install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz
	sudo /usr/local/bin/cfn-init -v --stack ${AWS::StackId} --resource EC2Instance --region ${AWS::Region}
	sudo /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackId} --resource EC2Instance --region ${AWS::Region}

	ImageId: ami-785db401
	InstanceType: !Ref InstanceType
	KeyName: !Ref KeyName
	SubnetId: !Ref PublicSubnet
	SecurityGroupIds:
	- !Ref InstanceSecurityGroup

	BlockDeviceMappings:
	- DeviceName: /dev/sda1
	Ebs:
	VolumeSize: 200

	Tags:
	- Key: Name
	Value: !Ref AWS::StackName

	DependsOn:
	- PublicSubnet
	- InstanceSecurityGroup