├── inventory
└── local
├── .gitignore
├── ami-creator
├── amazon-linux
│ └── todo.md
└── ubuntu
│ ├── 02-build-edda-volume
│ ├── 02-build-asgard-volume
│ ├── 02-build-eureka-volume
│ ├── bootstrap-ami-creator
│ ├── cleanup
│ ├── 03-create-ami
│ ├── _include.sh
│ └── 01-prepare-ubuntu
├── foundation-ami
├── amazon-linux
│ └── todo.md
└── ubuntu
│ ├── bootstrap-ami-creator
│ ├── foundation-cleanup
│ ├── _include.sh
│ ├── foundation-create-ami
│ └── foundation-create-volume
├── playbooks
├── roles
│ ├── aminator
│ │ ├── vars
│ │ │ └── main.yml
│ │ ├── files
│ │ │ ├── environments.yml
│ │ │ └── get-latest-answersforaws-code.sh
│ │ └── tasks
│ │ │ └── main.yml
│ ├── asgard
│ │ ├── vars
│ │ │ └── main.yml
│ │ ├── templates
│ │ │ ├── tomcat-users.xml.j2
│ │ │ └── Config.groovy.j2
│ │ ├── defaults
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── files
│ │ │ └── server.xml
│ ├── oracle-java7
│ │ ├── files
│ │ │ ├── oab.list
│ │ │ └── pubring.gpg
│ │ ├── vars
│ │ │ └── main.yml
│ │ └── tasks
│ │ │ └── main.yml
│ ├── example
│ │ ├── vars
│ │ │ └── main.yml
│ │ └── tasks
│ │ │ └── main.yml
│ ├── mongodb
│ │ ├── files
│ │ │ └── mongodb.repo
│ │ └── tasks
│ │ │ └── main.yml
│ ├── emr
│ │ └── tasks
│ │ │ └── main.yml
│ ├── ice
│ │ ├── templates
│ │ │ ├── configure-ice.sh.j2
│ │ │ └── ice.properties.j2
│ │ ├── vars
│ │ │ └── main.yml
│ │ ├── files
│ │ │ ├── server.xml
│ │ │ └── samply-ice.policy
│ │ └── tasks
│ │ │ └── main.yml
│ ├── tomcat
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── defaults
│ │ │ └── main.yml
│ │ ├── files
│ │ │ └── port-forward-8080-to-80.sh
│ │ ├── templates
│ │ │ ├── tomcat7.conf.j2
│ │ │ └── default.j2
│ │ └── tasks
│ │ │ └── main.yml
│ ├── edda
│ │ ├── vars
│ │ │ └── main.yml
│ │ ├── files
│ │ │ └── configure-edda.sh
│ │ └── tasks
│ │ │ └── main.yml
│ ├── simian_army
│ │ ├── vars
│ │ │ └── main.yml
│ │ ├── files
│ │ │ ├── configure-simian-army.sh
│ │ │ ├── server.xml
│ │ │ └── sdb
│ │ └── tasks
│ │ │ └── main.yml
│ ├── eureka
│ │ ├── vars
│ │ │ └── main.yml
│ │ └── tasks
│ │ │ └── main.yml
│ ├── base
│ │ ├── tasks
│ │ │ ├── main.yml
│ │ │ ├── packages-repo-setup.yml
│ │ │ ├── packages-security.yml
│ │ │ ├── harden-basic.yml
│ │ │ ├── packages-editors.yml
│ │ │ ├── packages-system.yml
│ │ │ └── packages-networking.yml
│ │ └── files
│ │ │ ├── Amazon
│ │ │ ├── rc.local
│ │ │ ├── ssh_config
│ │ │ ├── sshd_config
│ │ │ └── ec2metadata
│ │ │ ├── Ubuntu
│ │ │ ├── rc.local
│ │ │ ├── ssh_config
│ │ │ ├── sshd_config
│ │ │ ├── precise
│ │ │ │ ├── sources.list.tmpl
│ │ │ │ └── sources.list
│ │ │ └── trusty
│ │ │ │ ├── sources.list.tmpl
│ │ │ │ └── sources.list
│ │ │ ├── ec
│ │ │ ├── emacs
│ │ │ └── s3get
│ └── genie
│ │ ├── vars
│ │ └── main.yml
│ │ ├── tasks
│ │ └── main.yml
│ │ └── files
│ │ └── server.xml
├── vars
│ ├── common.yml
│ ├── Debian.yml
│ ├── Ubuntu.yml
│ └── Amazon.yml
├── aminator-ubuntu.yml
├── base-ubuntu.yml
├── aminator-amazon-linux.yml
├── base-amazon-linux.yml
├── ice-ubuntu.yml
├── example-ubuntu.yml
├── ice-amazon-linux.yml
├── edda-ubuntu.yml
├── simian-army-ubuntu.yml
├── edda-amazon-linux.yml
├── eureka-ubuntu.yml
├── eureka-amazon-linux.yml
├── asgard-amazon-linux.yml
├── asgard-ubuntu.yml
└── genie-hadoop-emr.yml
├── cloudformation
├── generators
│ ├── asgard.py
│ └── eureka.py
├── aminator.json
├── asgard.json
├── other
│ └── manual-ami-baker.json
├── simian-army.json
├── edda.json
└── eureka.json
└── LICENSE.txt
/inventory/local:
--------------------------------------------------------------------------------
1 | localhost
2 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | *~
2 | .*~
3 | .DS_Store
4 | .project
5 | .pydevproject
6 |
--------------------------------------------------------------------------------
/ami-creator/amazon-linux/todo.md:
--------------------------------------------------------------------------------
1 | # TODO
2 |
3 | Finish me, well... start me, then finish me.
4 |
--------------------------------------------------------------------------------
/foundation-ami/amazon-linux/todo.md:
--------------------------------------------------------------------------------
1 | # TODO
2 |
3 | Finish me, well... start me, then finish me.
4 |
--------------------------------------------------------------------------------
/playbooks/roles/aminator/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | aminator_repo: https://github.com/Netflix/aminator.git
3 | aminator_branch: master
--------------------------------------------------------------------------------
/playbooks/vars/common.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ami_build: ami is defined and ami
3 | not_ami_build: ami is not defined or not ami
4 |
--------------------------------------------------------------------------------
/playbooks/roles/asgard/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | asgard_war_url: https://github.com/Netflix/asgard/releases/download/1.5.1/asgard.war
3 |
--------------------------------------------------------------------------------
/playbooks/roles/oracle-java7/files/oab.list:
--------------------------------------------------------------------------------
1 | deb file:///var/local/oab/deb / #Local Java - https://github.com/flexiondotorg/oab-java6
2 |
--------------------------------------------------------------------------------
/playbooks/roles/oracle-java7/files/pubring.gpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Answers4AWS/netflixoss-ansible/HEAD/playbooks/roles/oracle-java7/files/pubring.gpg
--------------------------------------------------------------------------------
/playbooks/vars/Debian.yml:
--------------------------------------------------------------------------------
1 | ntp_service_name: ntp
2 | ssh_service_name: ssh
3 | mongodb_service_name: mongodb
4 | tomcat_user: tomcat7
5 | rc_local_path: /etc/rc.local
6 |
--------------------------------------------------------------------------------
/playbooks/vars/Ubuntu.yml:
--------------------------------------------------------------------------------
1 | ntp_service_name: ntp
2 | ssh_service_name: ssh
3 | mongodb_service_name: mongodb
4 | tomcat_user: tomcat7
5 | rc_local_path: /etc/rc.local
6 |
--------------------------------------------------------------------------------
/playbooks/roles/example/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ami_build: ami is defined and ami
3 | not_ami_build: ami is not defined or not ami
4 | war_url: https://example.com/app.war
5 |
--------------------------------------------------------------------------------
/playbooks/vars/Amazon.yml:
--------------------------------------------------------------------------------
1 | ntp_service_name: ntpd
2 | ssh_service_name: sshd
3 | mongodb_service_name: mongod
4 | tomcat_user: tomcat
5 | rc_local_path: /etc/rc.d/rc.local
6 |
--------------------------------------------------------------------------------
/playbooks/roles/mongodb/files/mongodb.repo:
--------------------------------------------------------------------------------
1 | [mongodb]
2 | name=MongoDB Repository
3 | baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64/
4 | gpgcheck=0
5 | enabled=1
6 |
--------------------------------------------------------------------------------
/playbooks/roles/emr/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # EMR role
3 | - name: Install python-apt
4 | # Doing this enables the 'apt' module in later roles
5 | command: apt-get install -y python-apt
6 |
--------------------------------------------------------------------------------
/playbooks/roles/ice/templates/configure-ice.sh.j2:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | mkdir -p /mnt/ice_processor /mnt/ice_reader
4 | chown -R {{ tomcat_user }} /mnt/ice_processor /mnt/ice_reader
5 |
6 |
7 |
--------------------------------------------------------------------------------
/playbooks/roles/tomcat/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: restart tomcat
3 | service: name=tomcat7 state=restarted
4 | when: not_ami_build
5 |
6 | - name: run rc.local
7 | command: /etc/rc.local
8 | when: not_ami_build
9 |
--------------------------------------------------------------------------------
/playbooks/roles/asgard/templates/tomcat-users.xml.j2:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/playbooks/roles/edda/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ami_build: ami is defined and ami
3 | not_ami_build: ami is not defined or not ami
4 | latest_successful_build_url: https://netflixoss.ci.cloudbees.com/job/edda-master/lastSuccessfulBuild/artifact/build/libs/edda-2.2.0-SNAPSHOT.war
--------------------------------------------------------------------------------
/playbooks/aminator-ubuntu.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Aminator playbook for ubuntu
3 | - name: Aminator
4 | user: ubuntu
5 | sudo: True
6 | tags: aminator
7 | hosts: all
8 | roles:
9 | - base
10 | - aminator
11 | vars_files:
12 | - vars/{{ ansible_distribution }}.yml
13 |
--------------------------------------------------------------------------------
/playbooks/base-ubuntu.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Base playbook for ubuntu
3 | - name: Base
4 | user: ubuntu
5 | sudo: True
6 | hosts: all
7 | roles:
8 | - { role: base, tags: ['base'] }
9 | vars_files:
10 | - vars/common.yml
11 | - vars/{{ ansible_distribution }}.yml
12 |
--------------------------------------------------------------------------------
/playbooks/roles/simian_army/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ami_build: ami is defined and ami
3 | not_ami_build: ami is not defined or not ami
4 | latest_successful_build_url: https://oss.jfrog.org/oss-snapshot-local/com/netflix/simianarmy/simianarmy/2.6.0-SNAPSHOT/simianarmy-2.6.0-SNAPSHOT.war
5 |
--------------------------------------------------------------------------------
/playbooks/roles/edda/files/configure-edda.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | region=`ec2metadata --availability-zone | sed 's/.$//'`
4 |
5 | echo "Setting Edda region to $region"
6 | perl -i -pe "s/^edda\.region\=.*/edda.region=$region/" /var/lib/tomcat7/webapps/edda/WEB-INF/classes/edda.properties
7 |
8 |
--------------------------------------------------------------------------------
/playbooks/roles/eureka/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ami_build: ami is defined and ami
3 | not_ami_build: ami is not defined or not ami
4 | latest_successful_build_url: https://netflixoss.ci.cloudbees.com/job/eureka-master/lastSuccessfulBuild/artifact/eureka-server/build/libs/eureka-server-1.1.121-SNAPSHOT.war
--------------------------------------------------------------------------------
/playbooks/roles/base/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Main task list for Base
3 |
4 | - include: packages-repo-setup.yml
5 | - include: harden-basic.yml
6 | - include: packages-system.yml
7 | - include: packages-security.yml
8 | - include: packages-editors.yml
9 | - include: packages-networking.yml
10 |
--------------------------------------------------------------------------------
/playbooks/aminator-amazon-linux.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Aminator playbook for Amazon Linux
3 | - name: Aminator
4 | user: ec2-user
5 | sudo: True
6 | tags: aminator
7 | hosts: all
8 | roles:
9 | - base
10 | - aminator
11 | vars_files:
12 | - vars/{{ ansible_distribution }}.yml
13 |
14 |
--------------------------------------------------------------------------------
/playbooks/base-amazon-linux.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Base playbook for Amazon Linux
3 | - name: Base
4 | user: ec2-user
5 | sudo: True
6 | hosts: all
7 | roles:
8 | - { role: base, tags: ['base'] }
9 | vars_files:
10 | - vars/common.yml
11 | - vars/{{ ansible_distribution }}.yml
12 |
13 |
--------------------------------------------------------------------------------
/playbooks/roles/example/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Example role
3 | - name: Remove default root webapp
4 | file: path=/usr/local/tomcat/webapps/ROOT state=absent
5 |
6 | - name: Download WAR file from url
7 | get_url: url={{ war_url }} dest=/usr/local/tomcat/webapps/ROOT.war
8 | tags: deploy
9 |
10 |
--------------------------------------------------------------------------------
/playbooks/ice-ubuntu.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Ice playbook for ubuntu
3 | - name: Ice
4 | user: ubuntu
5 | sudo: True
6 | tags: ice
7 | hosts: all
8 | roles:
9 | - base
10 | - tomcat
11 | - ice
12 | vars:
13 | local_war: ""
14 | vars_files:
15 | - vars/{{ ansible_distribution }}.yml
16 |
--------------------------------------------------------------------------------
/playbooks/roles/base/files/Amazon/rc.local:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #
3 | # This script will be executed *after* all the other init scripts.
4 | # You can put your own initialization stuff in here if you don't
5 | # want to do the full Sys V style init stuff.
6 |
7 | touch /var/lock/subsys/local
8 |
9 | # ADD HERE
10 |
11 |
--------------------------------------------------------------------------------
/playbooks/example-ubuntu.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Example playbook for running your own application on ubuntu
3 | - name: Example
4 | user: ubuntu
5 | sudo: True
6 | tags: example
7 | hosts: all
8 | roles:
9 | - base
10 | - tomcat
11 | - example
12 | vars_files:
13 | - vars/{{ ansible_distribution }}.yml
14 |
--------------------------------------------------------------------------------
/playbooks/ice-amazon-linux.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Ice playbook for Amazon Linux
3 | - name: Ice
4 | user: ec2-user
5 | sudo: True
6 | tags: ice
7 | hosts: all
8 | roles:
9 | - base
10 | - tomcat
11 | - ice
12 | vars:
13 | local_war: ""
14 | vars_files:
15 | - vars/{{ ansible_distribution }}.yml
16 |
17 |
--------------------------------------------------------------------------------
/playbooks/edda-ubuntu.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Edda playbook for ubuntu
3 | - name: Edda
4 | user: ubuntu
5 | sudo: True
6 | tags: edda
7 | hosts: all
8 | roles:
9 | - base
10 | - tomcat
11 | - mongodb
12 | - edda
13 | vars:
14 | local_war: ""
15 | vars_files:
16 | - vars/{{ ansible_distribution }}.yml
17 |
--------------------------------------------------------------------------------
/playbooks/simian-army-ubuntu.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Simian Army playbook for ubuntu
3 | - name: Simian Army
4 | user: ubuntu
5 | sudo: True
6 | tags: monkeys
7 | hosts: all
8 | roles:
9 | - base
10 | - tomcat
11 | - simian_army
12 | vars:
13 | local_war: ""
14 | vars_files:
15 | - vars/{{ ansible_distribution }}.yml
16 |
--------------------------------------------------------------------------------
/playbooks/edda-amazon-linux.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Edda playbook for Amazon Linux
3 | - name: Edda
4 | user: ec2-user
5 | sudo: True
6 | tags: edda
7 | hosts: all
8 | roles:
9 | - base
10 | - tomcat
11 | - mongodb
12 | - edda
13 | vars:
14 | local_war: ""
15 | vars_files:
16 | - vars/{{ ansible_distribution }}.yml
17 |
18 |
--------------------------------------------------------------------------------
/playbooks/roles/genie/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ami_build: ami is defined and ami
3 | not_ami_build: ami is not defined or not ami
4 | latest_successful_build_url: https://netflixoss.ci.cloudbees.com/job/genie-master/lastSuccessfulBuild/artifact/genie-web/build/libs/genie-web-0.22-SNAPSHOT.war
5 | genie_repo: https://github.com/Netflix/genie.git
6 | genie_branch: master
--------------------------------------------------------------------------------
/playbooks/roles/base/files/Ubuntu/rc.local:
--------------------------------------------------------------------------------
1 | #!/bin/sh -e
2 | #
3 | # rc.local
4 | #
5 | # This script is executed at the end of each multiuser runlevel.
6 | # Make sure that the script will "exit 0" on success or any other
7 | # value on error.
8 | #
9 | # In order to enable or disable this script just change the execution
10 | # bits.
11 | #
12 |
13 | # ADD HERE
14 |
15 | exit 0
16 |
--------------------------------------------------------------------------------
/playbooks/roles/asgard/templates/Config.groovy.j2:
--------------------------------------------------------------------------------
1 | grails {
2 | awsAccounts=['{{ aws_account_number }}']
3 | awsAccountNames=['{{ aws_account_number }}':'{{ aws_account_name }}']
4 | }
5 | secret {
6 | accessId='{{ aws_access_id }}'
7 | secretKey='{{ aws_secret_key }}'
8 | }
9 | cloud {
10 | accountName='{{ aws_account_name }}'
11 | publicResourceAccounts=['amazon']
12 | }
13 |
--------------------------------------------------------------------------------
/playbooks/roles/base/files/ec:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | ##################################
3 | ### ###
4 | ### This file is ###
5 | ### managed by ansible ###
6 | ### ###
7 | ### DO NOT EDIT THIS FILE! ###
8 | ### ###
9 | ##################################
10 |
11 | # emacs backup file cleaning script
12 | rm -f *~ .*~
13 |
--------------------------------------------------------------------------------
/playbooks/eureka-ubuntu.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Eureka playbook for ubuntu
3 | - name: Eureka
4 | user: ubuntu
5 | sudo: True
6 | tags: eureka
7 | hosts: all
8 | roles:
9 | - base
10 | - tomcat
11 | - eureka
12 | vars:
13 | local_war: ""
14 | tomcat_extra_opts: "-Darchaius.deployment.applicationId=eureka -Deureka.datacenter=cloud"
15 | vars_files:
16 | - vars/{{ ansible_distribution }}.yml
17 |
--------------------------------------------------------------------------------
/playbooks/eureka-amazon-linux.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Eureka playbook for Amazon Linux
3 | - name: Eureka
4 | user: ec2-user
5 | sudo: True
6 | tags: eureka
7 | hosts: all
8 | roles:
9 | - base
10 | - tomcat
11 | - eureka
12 | vars:
13 | local_war: ""
14 | tomcat_extra_opts: "-Darchaius.deployment.applicationId=eureka -Deureka.datacenter=cloud"
15 | vars_files:
16 | - vars/{{ ansible_distribution }}.yml
17 |
18 |
--------------------------------------------------------------------------------
/playbooks/roles/tomcat/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Forward port 80 to 8080
3 | tomcat_skip_port_forwarding: False
4 |
5 | # JAVA_OPTS for Tomcat: memory
6 | tomcat_xmx: 512m
7 |
8 | # JAVA_OPTS for Tomcat: everything else
9 | tomcat_extra_opts: ""
10 |
11 | # This has nothing to do with the port forwarding above, so if you change
12 | # this, you probably want to disable the forwarding as well.
13 | tomcat_port: 8080
14 |
--------------------------------------------------------------------------------
/playbooks/roles/eureka/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Eureka role
3 | - name: Copy local Eureka WAR file {{ local_war }}
4 | copy: src={{ local_war }} dest=/usr/local/tomcat/webapps/eureka.war
5 | when: local_war != ""
6 | tags: deploy
7 |
8 | - name: Download snapshot build of Eureka from Cloudbees
9 | get_url: url={{ latest_successful_build_url }} dest=/usr/local/tomcat/webapps/eureka.war
10 | when: local_war == ""
11 | tags: deploy
12 |
13 |
--------------------------------------------------------------------------------
/playbooks/roles/tomcat/files/port-forward-8080-to-80.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -e
4 |
5 | echo "Forwarding port 8080 to 80 for Tomcat"
6 | iptables -t nat -A OUTPUT -d localhost -p tcp --dport 80 -j REDIRECT --to-ports 8080
7 | iptables -t nat -A OUTPUT -d `ec2metadata --local-ipv4` -p tcp --dport 80 -j REDIRECT --to-ports 8080
8 | iptables -t nat -A PREROUTING -d `ec2metadata --local-ipv4` -p tcp --dport 80 -j REDIRECT --to-ports 8080
9 |
--------------------------------------------------------------------------------
/playbooks/roles/base/files/emacs:
--------------------------------------------------------------------------------
1 | ;; ===== Set standard indent to 4 ====
2 | (setq standard-indent 4)
3 |
4 | ;; ========== Line by line scrolling ==========
5 | (setq scroll-step 1)
6 |
7 | ;; ========== Enable Line and Column Numbering ==========
8 | (line-number-mode 1)
9 | (column-number-mode 1)
10 |
11 | ;; ========== Colors ==========
12 | (global-font-lock-mode 1)
13 |
14 | ;; Enable downcase with C-x C-l
15 | (put 'downcase-region 'disabled nil)
16 |
--------------------------------------------------------------------------------
/playbooks/asgard-amazon-linux.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Asgard playbook for Amazon Linux
3 | - name: Asgard
4 | user: ec2-user
5 | sudo: True
6 | hosts: all
7 | roles:
8 | - { role: base, tags: ['base'] }
9 | - { role: tomcat, tags: ['tomcat'] }
10 | - { role: asgard, tags: ['asgard'] }
11 | vars:
12 | local_war: ""
13 | tomcat_extra_opts: "-Darchaius.deployment.applicationId=asgard -Dnetflix.datacenter=cloud"
14 | vars_files:
15 | - vars/common.yml
16 | - vars/{{ ansible_distribution }}.yml
17 |
18 |
--------------------------------------------------------------------------------
/playbooks/asgard-ubuntu.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Asgard playbook for ubuntu
3 | - name: Asgard
4 | user: ubuntu
5 | sudo: True
6 | hosts: all
7 | roles:
8 | - { role: base, tags: ['base'] }
9 | - { role: oracle-java7, tags: ['java'] }
10 | - { role: tomcat, tags: ['tomcat'] }
11 | - { role: asgard, tags: ['asgard'] }
12 | vars:
13 | local_war: ""
14 | tomcat_extra_opts: "-Darchaius.deployment.applicationId=asgard -Dnetflix.datacenter=cloud"
15 | vars_files:
16 | - vars/common.yml
17 | - vars/{{ ansible_distribution }}.yml
18 |
--------------------------------------------------------------------------------
/playbooks/roles/aminator/files/environments.yml:
--------------------------------------------------------------------------------
1 | default: ec2_yum_linux
2 | ec2_yum_linux:
3 | cloud: ec2
4 | distro: redhat
5 | provisioner: yum
6 | volume: linux
7 | blockdevice: linux
8 | finalizer: tagging_ebs
9 | ec2_apt_linux:
10 | cloud: ec2
11 | distro: debian
12 | provisioner: apt
13 | volume: linux
14 | blockdevice: linux
15 | finalizer: tagging_ebs
16 | ec2_ansible_linux:
17 | cloud: ec2
18 | distro: debian
19 | provisioner: ansible
20 | volume: linux
21 | blockdevice: linux
22 | finalizer: tagging_ebs
23 |
--------------------------------------------------------------------------------
/playbooks/genie-hadoop-emr.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Genie playbook to be run on the EMR master node
3 | - name: Genie
4 | user: hadoop
5 | sudo: True
6 | tags: genie
7 | hosts: all
8 | roles:
9 | - emr
10 | - tomcat
11 | - genie
12 | vars:
13 | local_war: ""
14 | tomcat_port: 7001
15 | tomcat_extra_opts: "-Darchaius.deployment.applicationId=genie -Dnetflix.datacenter=cloud -Dnetflix.genie.server.sys.home=/usr/local/tomcat/webapps/ROOT/genie-web/conf/system/apps/genie/bin"
16 | tomcat_skip_port_forwarding: True
17 | vars_files:
18 | - vars/{{ ansible_distribution }}.yml
19 |
--------------------------------------------------------------------------------
/playbooks/roles/simian_army/files/configure-simian-army.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | region=`ec2metadata --availability-zone | sed 's/.$//'`
4 |
5 | echo "Setting Simian Army region to $region"
6 | perl -i -pe "s/us-west-1/$region/" /var/lib/tomcat7/webapps/simianarmy/WEB-INF/classes/client.properties
7 |
8 |
9 | exists=`sdb ListDomains --region $region 2>&1 | grep 'SIMIAN_ARMY'`
10 | if [ -n "$exists" ]; then
11 | echo "The SIMIAN_ARMY SimpleDB domain in $region already exists"
12 | else
13 | echo "Creating the SIMIAN_ARMY SimpleDB domain in $region"
14 | sdb CreateDomain SIMIAN_ARMY --region $region
15 | fi
16 |
--------------------------------------------------------------------------------
/playbooks/roles/oracle-java7/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # The following variables are used in this task:
3 | # command: aws s3 cp {{ aws_cli_args }} {{ java_apt_s3_url }} {{ local_apt_path }}
4 |
5 | # S3 URL of the APT repository created with OAB that contains Oracle Java 7.
6 | # You need to modify this to your S3 bucket
7 | java_apt_s3_url: s3://a4a-apt/java/
8 |
9 | # The path to copy the APT repository to from S3. This path must also match the
10 | # path in files/oab.list
11 | local_apt_path: /var/local/oab/deb
12 |
13 | # Command line arguments to pass to S3 copy command
14 | aws_cli_args: --region us-west-2 --recursive
15 |
--------------------------------------------------------------------------------
/playbooks/roles/asgard/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Set to "no" to disable BASIC Authentication
3 | asgard_enable_basic_auth: yes
4 |
5 | # BASIC auth username to access Asgard
6 | asgard_username: asgard
7 |
8 | # BASIC auth password to access Asgard
9 | asgard_password: password
10 |
11 | # Friendly AWS Account Name (will appear in header of Asgard page) Such as dev/build/stage/prod
12 | aws_account_name: build
13 |
14 | # AWS Account Number where asgard lives
15 | aws_account_number: 11111
16 |
17 | # AWS API Access ID
18 | aws_access_id: ACCESS_ID_HERE
19 |
20 | # AWS API Secret Key
21 | aws_secret_key: SECRET_KEY_HERE
22 |
--------------------------------------------------------------------------------
/playbooks/roles/ice/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ami_build: ami is defined and ami
3 | not_ami_build: ami is not defined or not ami
4 | latest_successful_build_url: https://netflixoss.ci.cloudbees.com/job/ice-master/lastSuccessfulBuild/artifact/target/ice.war
5 |
6 | # The S3 buckets and prefixes (comma separated) where your S3 programmatic
7 | # billing files are stored
8 | ice_billing_s3_bucket_names: example-billing
9 | ice_billing_s3_bucket_prefix:
10 |
11 | # Your company's name
12 | ice_company_name: Your Company Name
13 |
14 | # The S3 bucket Ice can use as it's workspace (needs read and write access)
15 | ice_work_s3_bucket_name: example-ice-work
16 |
17 | # Your AWS Account ID
18 | ice_account1_aws_id: 123456789011
19 |
--------------------------------------------------------------------------------
/playbooks/roles/base/tasks/packages-repo-setup.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Set up package repositories
3 |
4 | - name: Ensure APT sources list includes multiverse
5 | copy: src={{ ansible_distribution }}/{{ ansible_distribution_release }}/sources.list dest=/etc/apt/sources.list owner=root group=root mode=0444
6 | when: ansible_distribution == 'Ubuntu'
7 |
8 | - name: Patch cloud-init APT sources template
9 | copy: src={{ ansible_distribution }}/{{ ansible_distribution_release }}/sources.list.tmpl dest=/etc/cloud/templates/sources.list.tmpl owner=root group=root mode=0444
10 | when: ansible_distribution == 'Ubuntu'
11 |
12 | - name: Update APT repo cache
13 | apt: update_cache=yes
14 | when: ansible_distribution == 'Ubuntu'
15 |
16 |
--------------------------------------------------------------------------------
/playbooks/roles/base/tasks/packages-security.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # TASK: Install the security related packages and services
3 |
4 | - name: Install security packages (apt version)
5 | apt: pkg={{ item }} state=latest
6 | with_items:
7 | - fail2ban
8 | - openssl
9 | when: ansible_distribution == 'Ubuntu'
10 |
11 | - name: Install security packages (yum version)
12 | yum: pkg={{ item }} state=latest enablerepo=epel
13 | with_items:
14 | - fail2ban
15 | when: ansible_distribution == 'Amazon'
16 |
17 | - name: Enable fail2ban service
18 | service: name=fail2ban enabled=yes
19 |
20 | - name: Starting fail2ban service
21 | service: name=fail2ban state=started
22 | when: not_ami_build
23 |
24 | - name: Stopping fail2ban service
25 | service: name=fail2ban state=stopped
26 | when: ami_build
27 |
28 |
--------------------------------------------------------------------------------
/playbooks/roles/base/tasks/harden-basic.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Basic hardening of any linux system
3 |
4 | - name: Remove unnecessary users
5 | user: name={{ item }} state=absent
6 | with_items:
7 | - games
8 | - gnats
9 | - irc
10 | - list
11 | - news
12 | - proxy
13 | - uucp
14 |
15 | - name: Set shell to nologin for users
16 | user: name={{ item }} shell=/usr/sbin/nologin
17 | with_items:
18 | - daemon
19 | - bin
20 | - lp
21 | - sys
22 | - man
23 | - mail
24 | - backup
25 | - nobody
26 | - libuuid
27 | when: ansible_distribution == 'Ubuntu'
28 |
29 | - name: Remove unnecessary groups
30 | group: name={{ item }} state=absent
31 | with_items:
32 | - news
33 | - uucp
34 | - proxy
35 | - list
36 | - irc
37 | - src
38 | - gnats
39 | - games
40 |
41 | - name: Secure root's home directory
42 | file: dest=/root state=directory mode=700
43 |
44 | # Shared memory
45 | - name: Secure tmpfs read only
46 | mount: name=/dev/shm src=tmpfs fstype=tmpfs opts=rw,nosuid,nodev,noexec state=present
47 | tags: tmpfs
48 |
--------------------------------------------------------------------------------
/ami-creator/ubuntu/02-build-edda-volume:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Copyright 2013 Answers for AWS LLC
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 |
16 | # Builds a Edda EBS volume to become the AMI
17 | #
18 | # This expects to run on an EC2 instance
19 | #
20 |
21 | # Include helper functions and variables
22 | . _include.sh
23 |
24 |
25 | echo
26 | echo "Building Edda"
27 |
28 | cat > torun < torun < torun <
2 |
3 |
4 |
5 |
6 |
7 |
8 |
10 |
11 |
14 |
21 |
22 |
24 |
25 |
26 |
27 |
28 |
--------------------------------------------------------------------------------
/playbooks/roles/tomcat/templates/tomcat7.conf.j2:
--------------------------------------------------------------------------------
1 | # System-wide configuration file for tomcat services
2 | # This will be sourced by tomcat and any secondary service
3 | # Values will be overridden by service-specific configuration
4 | # files in /etc/sysconfig
5 | #
6 | # Use this one to change default values for all services
7 | # Change the service specific ones to affect only one service
8 | # (see, for instance, /etc/sysconfig/tomcat7)
9 | #
10 |
11 | # Where your java installation lives
12 | JAVA_HOME="/usr/lib/jvm/jre"
13 |
14 | # Where your tomcat installation lives
15 | CATALINA_BASE="/usr/share/tomcat7"
16 | CATALINA_HOME="/usr/share/tomcat7"
17 | JASPER_HOME="/usr/share/tomcat7"
18 | CATALINA_TMPDIR="/var/cache/tomcat7/temp"
19 |
20 | # Use JAVA_OPTS to set java.library.path for libtcnative.so
21 | JAVA_OPTS="-Djava.library.path=/usr/lib64 -Xmx{{ tomcat_xmx }} {{ tomcat_extra_opts }}"
22 |
23 | # What user should run tomcat
24 | TOMCAT_USER="tomcat"
25 |
26 | # You can change your tomcat locale here
27 | #LANG="en_US"
28 |
29 | # Run tomcat under the Java Security Manager
30 | SECURITY_MANAGER="false"
31 |
32 | # Time to wait in seconds, before killing process
33 | SHUTDOWN_WAIT="30"
34 |
35 | # Whether to annoy the user with "attempting to shut down" messages or not
36 | SHUTDOWN_VERBOSE="false"
37 |
38 | # Set the TOMCAT_PID location
39 | CATALINA_PID="/var/run/tomcat7.pid"
40 |
41 | # Connector port is 8080 for this tomcat instance
42 | CONNECTOR_PORT="{{ tomcat_port }}"
43 |
44 | # If you wish to further customize your tomcat environment,
45 | # put your own definitions here
46 | # (i.e. LD_LIBRARY_PATH for some jdbc drivers)
47 |
48 |
--------------------------------------------------------------------------------
/playbooks/roles/simian_army/files/server.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
10 |
11 |
14 |
21 |
22 |
24 |
25 |
26 |
27 |
28 |
--------------------------------------------------------------------------------
/playbooks/roles/base/files/Ubuntu/ssh_config:
--------------------------------------------------------------------------------
1 | # This is the ssh client system-wide configuration file.
2 | # See ssh_config(5) manpage for more information.
3 |
4 | # Configuration data is parsed as follows:
5 | # 1. command line options
6 | # 2. user-specific file
7 | # 3. system-wide file
8 | # Any configuration value is only changed the first time it is set.
9 | # Thus, host-specific definitions should be at the beginning of the
10 | # configuration file, and defaults at the end.
11 |
12 | # Site-wide defaults
13 |
14 | Host *
15 | StrictHostKeyChecking no
16 | SendEnv LANG LC_*
17 | HashKnownHosts yes
18 | GSSAPIAuthentication yes
19 | GSSAPIDelegateCredentials no
20 | TCPKeepAlive yes
21 | ServerAliveInterval 15
22 | ServerAliveCountMax 3
23 | # ForwardAgent no
24 | # ForwardX11 no
25 | # ForwardX11Trusted yes
26 | # RhostsRSAAuthentication no
27 | # RSAAuthentication yes
28 | # PasswordAuthentication yes
29 | # HostbasedAuthentication no
30 | # GSSAPIAuthentication no
31 | # GSSAPIDelegateCredentials no
32 | # GSSAPIKeyExchange no
33 | # GSSAPITrustDNS no
34 | # BatchMode no
35 | # CheckHostIP yes
36 | # AddressFamily any
37 | # ConnectTimeout 0
38 | # IdentityFile ~/.ssh/identity
39 | # IdentityFile ~/.ssh/id_rsa
40 | # IdentityFile ~/.ssh/id_dsa
41 | # Port 22
42 | # Protocol 2,1
43 | # Cipher 3des
44 | # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
45 | # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
46 | # EscapeChar ~
47 | # Tunnel no
48 | # TunnelDevice any:any
49 | # PermitLocalCommand no
50 | # VisualHostKey no
51 | # ProxyCommand ssh -q -W %h:%p gateway.example.com
52 |
53 |
--------------------------------------------------------------------------------
/playbooks/roles/base/tasks/packages-system.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Install some helpful system packages
3 |
4 | - name: Install system packages (apt version)
5 | apt: pkg={{ item }} state=latest
6 | with_items:
7 | - git-core
8 | - less
9 | - perl
10 | - perl-modules
11 | - python
12 | - python-support
13 | - python-pip
14 | - sudo
15 | - sysstat
16 | - unzip
17 | - xfsprogs
18 | - zip
19 | when: ansible_distribution == 'Ubuntu'
20 |
21 | - name: Install system packages (yum version)
22 | yum: pkg={{ item }} state=latest
23 | with_items:
24 | - git
25 | - less
26 | - perl
27 | - python
28 | - python-pip
29 | - sudo
30 | - unzip
31 | - xfsprogs
32 | - zip
33 | when: ansible_distribution == 'Amazon'
34 |
35 | - name: Install boto Python library
36 | pip: name=boto state=latest
37 |
38 | - name: Install AWS CLI
39 | pip: name=awscli state=latest
40 |
41 | - name: Install s3get to be used by user-data on boot
42 | copy: src=s3get dest=/usr/bin/s3get owner=root group=root mode=0755
43 |
44 | # Get the super handy ec2metadata script over there
45 | - name: Copy ec2metadata script
46 | copy: src={{ ansible_distribution }}/ec2metadata dest=/usr/bin/ec2metadata owner=root group=root mode=0755
47 | when: ansible_distribution == 'Amazon'
48 | tags: ec2metadata
49 |
50 | - name: Copy rc.local template
51 | copy: src={{ ansible_distribution }}/rc.local dest={{ rc_local_path }} owner=root group=root mode=0755
52 |
53 | - name: Get cloud-init to manage hosts file
54 | lineinfile: 'dest=/etc/cloud/cloud.cfg state=present line="manage_etc_hosts: True" regexp="^manage_etc_hosts\: True" insertafter="^preserve_hostname"'
55 | tags: cloud-init
56 |
--------------------------------------------------------------------------------
/ami-creator/ubuntu/bootstrap-ami-creator:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Copyright 2013 Answers for AWS LLC
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 |
16 | # This script will bootstrap an EC2 instance running Ubuntu with the files
17 | # necessary to create NetflixOSS AMIs using Ansible.
18 | # Run this locally before running other scripts
19 | #
20 |
21 | # Halt execution on failure
22 | set -e
23 |
24 | # Make sure directory is correct since we depend on relative dirs
25 | if [ ! -f bootstrap-ami-creator ] ; then
26 | echo "ERROR: Please run this script from the directory it is located in"
27 | echo "Suggestion: cd netflixoss-ansible/ami-creator/ubuntu"
28 | exit 1
29 | fi
30 |
31 | # Display usage information
32 | function usage {
33 | echo "Usage: bootstrap-ami-creator INSTANCE"
34 | echo "Example: ./bootstrap-ami-creator ec2-12-12-12-12.compute-1.amazonaws.com"
35 | }
36 |
37 | # CLI arguments sanity check
38 | if [ $# -ne 1 ] ; then
39 | usage
40 | exit 2
41 | fi
42 |
43 | INSTANCE=$1
44 |
45 | # Now go do work
46 | echo "Copying scripts and files to ${INSTANCE}..."
47 | rsync -avz --exclude=.git --exclude-from=../../.gitignore --exclude=.gitignore \
48 | ../../ ubuntu@${INSTANCE}:
49 |
50 | echo
51 | echo "DONE"
52 | echo "You can now SSH to ${INSTANCE} and run create AMIs"
53 |
54 |
55 |
--------------------------------------------------------------------------------
/foundation-ami/ubuntu/bootstrap-ami-creator:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Copyright 2013 Answers for AWS LLC
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 |
16 | # This script will bootstrap an EC2 instance running Ubuntu with the files
17 | # necessary to create NetflixOSS AMIs using Ansible.
18 | # Run this locally before running other scripts
19 | #
20 |
21 | # Halt execution on failure
22 | set -e
23 |
24 | # Make sure directory is correct since we depend on relative dirs
25 | if [ ! -f bootstrap-ami-creator ] ; then
26 | echo "ERROR: Please run this script from the directory it is located in"
27 | echo "Suggestion: cd netflixoss-ansible/foundation-ami/ubuntu"
28 | exit 1
29 | fi
30 |
31 | # Display usage information
32 | function usage {
33 | echo "Usage: bootstrap-ami-creator INSTANCE"
34 | echo "Example: ./bootstrap-ami-creator ec2-12-12-12-12.compute-1.amazonaws.com"
35 | }
36 |
37 | # CLI arguments sanity check
38 | if [ $# -ne 1 ] ; then
39 | usage
40 | exit 2
41 | fi
42 |
43 | INSTANCE=$1
44 |
45 | # Now go do work
46 | echo "Copying scripts and files to ${INSTANCE}..."
47 | rsync -avz --exclude=.git --exclude-from=../../.gitignore --exclude=.gitignore \
48 | ../../ ubuntu@${INSTANCE}:
49 |
50 | echo
51 | echo "DONE"
52 | echo "You can now SSH to ${INSTANCE} and run create AMIs"
53 |
54 |
55 |
--------------------------------------------------------------------------------
/playbooks/roles/base/tasks/packages-networking.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Install networking packages, and utilities
3 |
4 | - name: Install networking packages (apt version)
5 | apt: pkg={{ item }} state=latest
6 | with_items:
7 | - dnsutils
8 | - lynx
9 | - openssh-client
10 | - openssh-server
11 | - ngrep
12 | - ntp
13 | - rsync
14 | - ssh
15 | - tcpdump
16 | - telnet
17 | - traceroute
18 | when: ansible_distribution == 'Ubuntu'
19 |
20 | - name: Install networking packages (yum version)
21 | yum: pkg={{ item }} state=latest enablerepo=epel
22 | with_items:
23 | - lynx
24 | - openssh-clients
25 | - openssh-server
26 | - ngrep
27 | - ntp
28 | - rsync
29 | - tcpdump
30 | - telnet
31 | - traceroute
32 | when: ansible_distribution == 'Amazon'
33 |
34 | - name: Make sure rsync is not running as a service
35 | service: name=rsync enabled=off
36 | when: ansible_distribution == 'Ubuntu'
37 |
38 | - name: Enable NTP service
39 | service: name={{ ntp_service_name }} enabled=yes
40 |
41 | - name: Starting NTP
42 | service: name={{ ntp_service_name }} state=started
43 | when: not_ami_build
44 |
45 | - name: Stopping NTP
46 | service: name={{ ntp_service_name }} state=stopped
47 | when: ami_build
48 |
49 | # SSH settings
50 | - name: Set SSH config
51 | copy: src={{ ansible_distribution }}/ssh_config dest=/etc/ssh/ssh_config owner=root mode=0440
52 |
53 | - name: Set SSHd config
54 | copy: src={{ ansible_distribution }}/sshd_config dest=/etc/ssh/sshd_config owner=root mode=0440
55 |
56 | - name: Enable SSH service
57 | service: name={{ ssh_service_name }} enabled=yes
58 |
59 | - name: Starting SSH service
60 | service: name={{ ssh_service_name }} state=started
61 | when: not_ami_build
62 |
63 | - name: Stopping SSH service
64 | service: name={{ ssh_service_name }} state=stopped
65 | when: ami_build
66 |
67 |
--------------------------------------------------------------------------------
/playbooks/roles/simian_army/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Simian Army role
3 | - name: Copy tomcat server.xml file
4 | copy: src=server.xml dest=/usr/local/tomcat/conf/server.xml owner=root group=root mode=0644
5 | notify:
6 | - restart tomcat
7 | tags: deploy
8 |
9 | - name: Remove default root webapp
10 | file: path=/usr/local/tomcat/webapps/ROOT state=absent
11 | tags: deploy
12 |
13 | - name: Copy local Simian Army WAR file {{ local_war }}
14 | copy: src={{ local_war }} dest=/usr/local/tomcat/webapps/simianarmy.war
15 | when: local_war != ""
16 | tags: deploy
17 |
18 | - name: Download snapshot build of Simian Army from Cloudbees
19 | get_url: url={{ latest_successful_build_url }} dest=/usr/local/tomcat/webapps/simianarmy.war
20 | when: local_war == ""
21 | tags: deploy
22 |
23 | - name: Remove any old version
24 | file: path=/usr/local/tomcat/webapps/simianarmy state=absent
25 | tags: deploy
26 |
27 | - name: Create Simian Army deployment directory
28 | file: path=/usr/local/tomcat/webapps/simianarmy state=directory
29 | tags: deploy
30 |
31 | - name: Decompress Simian Army WAR file
32 | command: chdir=/usr/local/tomcat/webapps/simianarmy unzip ../simianarmy.war
33 | tags: deploy
34 |
35 | - name: Remove source WAR file
36 | file: path=/usr/local/tomcat/webapps/simianarmy.war state=absent
37 | tags: deploy
38 |
39 | - name: Copy over SimpleDB script
40 | copy: src=sdb dest=/usr/bin/sdb owner=root group=root mode=0755
41 |
42 | - name: Copy configuration script
43 | copy: src=configure-simian-army.sh dest=/usr/bin/configure-simian-army.sh owner=root group=root mode=0755
44 | notify: run rc.local
45 | tags:
46 | - rc
47 | - config
48 |
49 | - name: Add configuration script to rc.local
50 | lineinfile: dest={{ rc_local_path }} insertbefore="^# ADD HERE" regexp="configure-simian-army" line="/usr/bin/configure-simian-army.sh"
51 | notify: run rc.local
52 | tags: rc
53 |
--------------------------------------------------------------------------------
/ami-creator/ubuntu/cleanup:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Copyright 2013 Answers for AWS LLC
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 |
16 | # Cleans up, or at least attempts to, everything left over when creating an AMI
17 | # Use this script after a failed or incorrectly built AMI too
18 |
19 | # Include helper functions and variables
20 | . _include.sh
21 |
22 | if [ -d $imagedir ]; then
23 | echo "Removing $imagedir"
24 |
25 | if [ -d $imagedir/proc ]; then
26 | sudo chroot $imagedir umount /proc
27 | fi
28 | sudo umount $imagedir
29 | fi
30 |
31 | if [ -d $ebsimagedir ]; then
32 | echo "Removing $ebsimagedir"
33 | sudo umount $ebsimagedir/dev
34 | sudo chroot $ebsimagedir umount /proc
35 | sudo chroot $ebsimagedir umount /dev/pts
36 | sudo umount $ebsimagedir
37 | fi
38 |
39 | echo "Removing /mnt/$codename-cloudimg-*"
40 | sudo rm -rf /mnt/$codename-cloudimg-*
41 |
42 | echo "Removing /mnt/$codename-server-cloudimg-amd64.edit.img"
43 | sudo rm -rf /mnt/$codename-server-cloudimg-amd64.edit.img
44 |
45 | if [ -f /tmp/image.volume.id ]; then
46 | VOL_ID=`cat /tmp/image.volume.id`
47 |
48 | echo "Detaching $VOL_ID"
49 | detached=`ec2-detach-volume --region $region $VOL_ID 2>&1`
50 |
51 | volNotExists=`echo $detached | grep "does not exist"`
52 | if [ "$volNotExists" == "" ]; then
53 | sleep 5
54 | echo "Deleting $VOL_ID"
55 | ec2-delete-volume --region $region $VOL_ID
56 | fi
57 |
58 | rm /tmp/image.volume.id
59 | fi
60 |
61 | if [ "$1" = "--full" ]; then
62 | echo "Removing downloaded Ubuntu image as well"
63 | sudo rm -f /mnt/$codename-server-* /mnt/README.files
64 | fi
--------------------------------------------------------------------------------
/foundation-ami/ubuntu/foundation-cleanup:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Copyright 2013 Answers for AWS LLC
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 |
16 | # Cleans up, or at least attempts to, everything left over when creating an AMI
17 | # Use this script after a failed or incorrectly built AMI too
18 |
19 | # Include helper functions and variables
20 | . _include.sh
21 |
22 | if [ -d $imagedir ]; then
23 | echo "Removing $imagedir"
24 |
25 | if [ -d $imagedir/proc ]; then
26 | sudo chroot $imagedir umount /proc
27 | fi
28 | sudo umount $imagedir
29 | fi
30 |
31 | if [ -d $ebsimagedir ]; then
32 | echo "Removing $ebsimagedir"
33 | sudo umount $ebsimagedir/dev
34 | sudo chroot $ebsimagedir umount /proc
35 | sudo chroot $ebsimagedir umount /dev/pts
36 | sudo umount $ebsimagedir
37 | fi
38 |
39 | echo "Removing /mnt/$codename-cloudimg-*"
40 | sudo rm -rf /mnt/$codename-cloudimg-*
41 |
42 | echo "Removing /mnt/$codename-server-cloudimg-amd64.edit.img"
43 | sudo rm -rf /mnt/$codename-server-cloudimg-amd64.edit.img
44 |
45 | if [ -f /tmp/image.volume.id ]; then
46 | VOL_ID=`cat /tmp/image.volume.id`
47 |
48 | echo "Detaching $VOL_ID"
49 | detached=`ec2-detach-volume --region $region $VOL_ID 2>&1`
50 |
51 | volNotExists=`echo $detached | grep "does not exist"`
52 | if [ "$volNotExists" == "" ]; then
53 | sleep 5
54 | echo "Deleting $VOL_ID"
55 | ec2-delete-volume --region $region $VOL_ID
56 | fi
57 |
58 | rm /tmp/image.volume.id
59 | fi
60 |
61 | if [ "$1" = "--full" ]; then
62 | echo "Removing downloaded Ubuntu image as well"
63 | sudo rm -f /mnt/$codename-server-* /mnt/README.files
64 | fi
--------------------------------------------------------------------------------
/playbooks/roles/ice/files/samply-ice.policy:
--------------------------------------------------------------------------------
1 | {
2 | "Version": "2012-10-17",
3 | "Statement": [
4 | {
5 | "Action": [
6 | "autoscaling:Describe*",
7 | "cloudformation:DescribeStacks",
8 | "cloudformation:DescribeStackEvents",
9 | "cloudformation:DescribeStackResources",
10 | "cloudformation:GetTemplate",
11 | "cloudfront:Get*",
12 | "cloudfront:List*",
13 | "cloudwatch:Describe*",
14 | "cloudwatch:Get*",
15 | "cloudwatch:List*",
16 | "directconnect:Describe*",
17 | "dynamodb:GetItem",
18 | "dynamodb:BatchGetItem",
19 | "dynamodb:Query",
20 | "dynamodb:Scan",
21 | "dynamodb:DescribeTable",
22 | "dynamodb:ListTables",
23 | "ec2:Describe*",
24 | "elasticache:Describe*",
25 | "elasticbeanstalk:Check*",
26 | "elasticbeanstalk:Describe*",
27 | "elasticbeanstalk:List*",
28 | "elasticbeanstalk:RequestEnvironmentInfo",
29 | "elasticbeanstalk:RetrieveEnvironmentInfo",
30 | "elasticloadbalancing:Describe*",
31 | "elastictranscoder:Read*",
32 | "elastictranscoder:List*",
33 | "iam:List*",
34 | "iam:Get*",
35 | "route53:Get*",
36 | "route53:List*",
37 | "redshift:Describe*",
38 | "redshift:ViewQueriesInConsole",
39 | "rds:Describe*",
40 | "rds:ListTagsForResource",
41 | "s3:Get*",
42 | "s3:List*",
43 | "sdb:GetAttributes",
44 | "sdb:List*",
45 | "sdb:Select*",
46 | "ses:Get*",
47 | "ses:List*",
48 | "sns:Get*",
49 | "sns:List*",
50 | "sqs:GetQueueAttributes",
51 | "sqs:ListQueues",
52 | "sqs:ReceiveMessage",
53 | "storagegateway:List*",
54 | "storagegateway:Describe*"
55 | ],
56 | "Effect": "Allow",
57 | "Resource": "*"
58 | },
59 | {
60 | "Action": [
61 | "s3:PutObject"
62 | ],
63 | "Resource": [
64 | "arn:aws:s3:::example-ice-working",
65 | "arn:aws:s3:::example-ice-working/*"
66 | ],
67 | "Effect": "Allow"
68 | }
69 | ]
70 | }
--------------------------------------------------------------------------------
/playbooks/roles/tomcat/templates/default.j2:
--------------------------------------------------------------------------------
1 | # Run Tomcat as this user ID. Not setting this or leaving it blank will use the
2 | # default of tomcat7.
3 | TOMCAT7_USER=tomcat7
4 |
5 | # Run Tomcat as this group ID. Not setting this or leaving it blank will use
6 | # the default of tomcat7.
7 | TOMCAT7_GROUP=tomcat7
8 |
9 | # The home directory of the Java development kit (JDK). You need at least
10 | # JDK version 1.5. If JAVA_HOME is not set, some common directories for
11 | # OpenJDK, the Sun JDK, and various J2SE 1.5 versions are tried.
12 | JAVA_HOME=/usr/lib/jvm/default-java
13 |
14 | # You may pass JVM startup parameters to Java here. If unset, the default
15 | # options will be: -Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC
16 | #
17 | # Use "-XX:+UseConcMarkSweepGC" to enable the CMS garbage collector (improved
18 | # response time). If you use that option and you run Tomcat on a machine with
19 | # exactly one CPU chip that contains one or two cores, you should also add
20 | # the "-XX:+CMSIncrementalMode" option.
21 | JAVA_OPTS="-Djava.awt.headless=true -XX:MaxPermSize=256M -Xmx{{ tomcat_xmx }} -XX:+UseConcMarkSweepGC {{ tomcat_extra_opts }}"
22 |
23 | # To enable remote debugging uncomment the following line.
24 | # You will then be able to use a java debugger on port 8000.
25 | #JAVA_OPTS="${JAVA_OPTS} -Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n"
26 |
27 | # Java compiler to use for translating JavaServer Pages (JSPs). You can use all
28 | # compilers that are accepted by Ant's build.compiler property.
29 | #JSP_COMPILER=javac
30 |
31 | # Use the Java security manager? (yes/no, default: no)
32 | #TOMCAT7_SECURITY=no
33 |
34 | # Number of days to keep logfiles in /var/log/tomcat7. Default is 14 days.
35 | LOGFILE_DAYS=14
36 |
37 | # Location of the JVM temporary directory
38 | # WARNING: This directory will be destroyed and recreated at every startup !
39 | #JVM_TMP=/tmp/tomcat7-temp
40 |
41 | # If you run Tomcat on port numbers that are all higher than 1023, then you
42 | # do not need authbind. It is used for binding Tomcat to lower port numbers.
43 | # NOTE: authbind works only with IPv4. Do not enable it when using IPv6.
44 | # (yes/no, default: no)
45 | #AUTHBIND=no
46 |
47 |
--------------------------------------------------------------------------------
/playbooks/roles/aminator/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Aminator role
3 | - name: Make sure this latest boto is installed
4 | pip: name=boto state=latest
5 |
6 | - name: Create config directory
7 | file: name=/etc/aminator state=directory owner=root group=root mode=0755
8 | tags: dirs
9 |
10 | - name: Create logging directory
11 | file: name=/var/log/aminator state=directory owner=root group=root mode=0755
12 | tags: dirs
13 |
14 | - name: Create working directories
15 | file: name={{ item }} state=directory owner=root group=root mode=0755
16 | with_items:
17 | - /var/aminator
18 | - /var/aminator/lock
19 | - /var/aminator/volumes
20 | tags: dirs
21 |
22 | - name: Checkout Aminator code from Github
23 | git: repo={{ aminator_repo }}
24 | dest=/usr/local/aminator
25 | version={{ aminator_branch }}
26 | tags: code
27 |
28 | - name: Install Aminator
29 | command: python setup.py install chdir=/usr/local/aminator
30 | tags: code
31 |
32 | - name: Copy config files
33 | command: cp /usr/local/aminator/aminator/default_conf/{{ item }} /etc/aminator/{{ item }}
34 | with_items:
35 | - aminator.yml
36 | - environments.yml
37 | - logging.yml
38 | tags: code
39 |
40 | - name: Install Ansible provisioner plugin
41 | command: aminator-plugin install ansible
42 | tags: plugins
43 |
44 | - name: Copy environments config that contains the plugins
45 | copy: src=environments.yml dest=/etc/aminator/environments.yml owner=root group=root mode=0644
46 | tags: config
47 |
48 | - name: Checkout NetflixOSS-Ansible code from Github
49 | git: repo=https://github.com/Answers4AWS/netflixoss-ansible.git
50 | dest=/usr/local/netflixoss-ansible
51 | version=master
52 | tags: netflixoss
53 |
54 | - name: Copy repo updating script
55 | copy: src=get-latest-answersforaws-code.sh dest=/usr/bin/get-latest-answersforaws-code.sh owner=root group=root mode=0755
56 | tags: netflixoss
57 |
58 | - name: Add repo updating script to rc.local
59 | lineinfile: dest={{ rc_local_path }} insertbefore="^# ADD HERE" regexp="get-latest-answersforaws-code" line="/usr/bin/get-latest-answersforaws-code.sh"
60 | tags: netflixoss
61 |
62 | - name: Install DistAMI
63 | pip: name=distami state=latest
64 | tags: distami
65 |
--------------------------------------------------------------------------------
/playbooks/roles/ice/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Ice role
3 | - name: Copy tomcat server.xml file
4 | copy: src=server.xml dest=/usr/local/tomcat/conf/server.xml owner=root group=root mode=0644
5 | notify: restart tomcat
6 | tags: deploy
7 |
8 | - name: Remove default root webapp
9 | file: path=/usr/local/tomcat/webapps/ROOT state=absent
10 | notify: restart tomcat
11 | tags: deploy
12 |
13 | - name: Copy local Ice WAR file {{ local_war }}
14 | copy: src={{ local_war }} dest=/usr/local/tomcat/webapps/ice.war
15 | when: local_war != ""
16 | tags: deploy
17 |
18 | - name: Download snapshot build of Ice from Cloudbees
19 | get_url: url={{ latest_successful_build_url }} dest=/usr/local/tomcat/webapps/ice.war
20 | when: local_war == ""
21 | tags: deploy
22 |
23 | - name: Remove any old version
24 | file: path=/usr/local/tomcat/webapps/ice state=absent
25 | tags: deploy
26 |
27 | - name: Create Ice deployment directory
28 | file: path=/usr/local/tomcat/webapps/ice state=directory
29 | tags: deploy
30 |
31 | - name: Decompress Ice WAR file
32 | command: chdir=/usr/local/tomcat/webapps/ice unzip ../ice.war
33 | notify: restart tomcat
34 | tags: deploy
35 |
36 | - name: Remove source WAR file
37 | file: path=/usr/local/tomcat/webapps/ice.war state=absent
38 | notify: restart tomcat
39 | tags: deploy
40 |
41 | - name: Copy configuration script
42 | template: src=configure-ice.sh.j2 dest=/usr/bin/configure-ice.sh owner=root group=root mode=0755
43 | notify: run rc.local
44 | tags:
45 | - rc
46 | - config
47 |
48 | - name: Add configuration script to rc.local
49 | lineinfile: dest={{ rc_local_path }} insertbefore="^# ADD HERE" regexp="configure-ice" line="/usr/bin/configure-ice.sh"
50 | notify: run rc.local
51 | tags: rc
52 |
53 | - name: Copy ice.properties
54 | template: src=ice.properties.j2 dest=/usr/local/tomcat/webapps/ice/WEB-INF/classes/ice.properties owner=root group=root mode=0644
55 | notify: restart tomcat
56 | tags: config
57 |
58 | - name: Add ICE_HOME to environment (apt version)
59 | lineinfile: dest=/etc/default/tomcat7 regexp="ICE_HOME" line="ICE_HOME=/usr/local/tomcat/webapps/ice/WEB-INF/classes/"
60 | when: ansible_distribution == 'Ubuntu'
61 | notify: restart tomcat
62 | tags: config
63 |
64 |
--------------------------------------------------------------------------------
/playbooks/roles/genie/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Genie role
3 | - name: Stopping tomcat7 service
4 | service: name=tomcat7 state=stopped
5 |
6 | - name: Copy tomcat server.xml file
7 | copy: src=server.xml dest=/usr/local/tomcat/conf/server.xml owner=root group=root mode=0644
8 |
9 | - name: Remove default root webapp
10 | file: path=/usr/local/tomcat/webapps/ROOT state=absent
11 |
12 | - name: Create Genie directory
13 | file: path=/mnt/tomcat/genie-jobs state=directory owner={{ tomcat_user }} group={{ tomcat_user }} mode=0755
14 |
15 | - name: Symlink genie-jobs to webapps
16 | file: src=/mnt/tomcat/genie-jobs dest=/usr/local/tomcat/webapps/genie-jobs state=link
17 |
18 | - name: Ensure Pig conf directory exists
19 | file: path=/home/hadoop/.versions/pig-0.11.1/conf state=directory owner={{ tomcat_user }} group={{ tomcat_user }} mode=0755
20 |
21 | # This is because Derby DB needs to be created
22 | - name: Make tomcat directory writable by tomcat
23 | file: path=/var/lib/tomcat7 state=directory owner={{ tomcat_user }} group={{ tomcat_user }} mode=0755
24 |
25 | - name: Ensure the pig.properties file exists
26 | # TODO: Replace with file state=touch after Ansible 1.4 is released
27 | command: touch /home/hadoop/.versions/pig-0.11.1/conf/pig.properties
28 |
29 | - name: Copy local Genie WAR file {{ local_war }}
30 | copy: src={{ local_war }} dest=/usr/local/tomcat/webapps/ROOT.war
31 | when: local_war != ""
32 | tags: deploy
33 |
34 | - name: Download snapshot build of Genie from Cloudbees
35 | get_url: url={{ latest_successful_build_url }} dest=/usr/local/tomcat/webapps/ROOT.war
36 | when: local_war == ""
37 | tags: deploy
38 |
39 | - name: Restart tomcat
40 | service: name=tomcat7 state=restarted
41 | tags: deploy
42 |
43 | - name: Clone Genie repository from GitHub
44 | git: repo={{ genie_repo }}
45 | dest=/home/hadoop/genie
46 | version={{ genie_branch }}
47 | sudo: True
48 | sudo_user: hadoop
49 | tags: clone
50 |
51 | - name: Wait for Tomcat to be available
52 | wait_for: port=7001 delay=30
53 |
54 | - name: Register EMR cluster with Genie
55 | command: sudo -u hadoop -H -i /home/hadoop/genie/deploy/aws/emr_genie_postinstall.sh
56 | tags: reg
57 |
58 |
59 | # NOTES:
60 | #
61 | # If Tomcat fails with:
62 | # SEVERE: Error listenerStart
63 | #
64 | # rm -r /usr/local/tomcat/genie-db /usr/local/tomcat/derby.log
65 | #
66 |
67 |
68 |
69 |
--------------------------------------------------------------------------------
/playbooks/roles/base/files/Amazon/ssh_config:
--------------------------------------------------------------------------------
1 | # $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $
2 |
3 | # This is the ssh client system-wide configuration file. See
4 | # ssh_config(5) for more information. This file provides defaults for
5 | # users, and the values can be changed in per-user configuration files
6 | # or on the command line.
7 |
8 | # Configuration data is parsed as follows:
9 | # 1. command line options
10 | # 2. user-specific file
11 | # 3. system-wide file
12 | # Any configuration value is only changed the first time it is set.
13 | # Thus, host-specific definitions should be at the beginning of the
14 | # configuration file, and defaults at the end.
15 |
16 | # Site-wide defaults for some commonly used options. For a comprehensive
17 | # list of available options, their meanings and defaults, please see the
18 | # ssh_config(5) man page.
19 |
20 | # Host *
21 | # ForwardAgent no
22 | # ForwardX11 no
23 | # RhostsRSAAuthentication no
24 | # RSAAuthentication yes
25 | # PasswordAuthentication yes
26 | # HostbasedAuthentication no
27 | # GSSAPIAuthentication no
28 | # GSSAPIDelegateCredentials no
29 | # GSSAPIKeyExchange no
30 | # GSSAPITrustDNS no
31 | # BatchMode no
32 | # CheckHostIP yes
33 | # AddressFamily any
34 | # ConnectTimeout 0
35 | # StrictHostKeyChecking ask
36 | # IdentityFile ~/.ssh/identity
37 | # IdentityFile ~/.ssh/id_rsa
38 | # IdentityFile ~/.ssh/id_dsa
39 | # Port 22
40 | # Protocol 2,1
41 | # Cipher 3des
42 | # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
43 | # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
44 | # EscapeChar ~
45 | # Tunnel no
46 | # TunnelDevice any:any
47 | # PermitLocalCommand no
48 | # VisualHostKey no
49 | # ProxyCommand ssh -q -W %h:%p gateway.example.com
50 | Host *
51 | GSSAPIAuthentication yes
52 | # If this option is set to yes then remote X11 clients will have full access
53 | # to the original X11 display. As virtually no X11 client supports the untrusted
54 | # mode correctly we set this to yes.
55 | ForwardX11Trusted yes
56 | # Send locale-related environment variables
57 | SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
58 | SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
59 | SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
60 | SendEnv XMODIFIERS
61 | # Don't show actual hostnames in .ssh/known_hosts
62 | HashKnownHosts yes
63 | TCPKeepAlive yes
64 | ServerAliveInterval 15
65 | ServerAliveCountMax 3
66 |
--------------------------------------------------------------------------------
/playbooks/roles/asgard/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Asgard role
3 | - name: Copy tomcat server.xml file
4 | copy: src=server.xml dest=/usr/local/tomcat/conf/server.xml owner=root group=root mode=0644
5 | tags: auth
6 | notify: restart tomcat
7 |
8 | - name: Remove default root webapp
9 | file: path=/usr/local/tomcat/webapps/ROOT state=absent
10 |
11 | - name: Create Asgard Home at /usr/share/tomcat7/.asgard
12 | file: path=/usr/share/tomcat7/.asgard state=directory owner={{ tomcat_user }} group={{ tomcat_user }} mode=0755
13 |
14 | - name: Copy over Config.groovy file
15 | template: src=Config.groovy.j2 dest=/usr/share/tomcat7/.asgard/Config.groovy owner={{ tomcat_user }} group={{ tomcat_user }} mode=0755
16 |
17 | - name: Copy local Asgard WAR file {{ local_war }}
18 | copy: src={{ local_war }} dest=/usr/local/tomcat/webapps/asgard.war
19 | when: local_war != ""
20 | tags: deploy
21 |
22 | - name: Download Asgard WAR file
23 | get_url: url={{ asgard_war_url }} dest=/usr/local/tomcat/webapps/asgard.war
24 | when: local_war == ""
25 | tags: deploy
26 |
27 | - name: Remove any old version
28 | file: path=/usr/local/tomcat/webapps/ROOT state=absent
29 | notify: restart tomcat
30 | tags: deploy
31 |
32 | - name: Create asgard deployment directory
33 | file: path=/usr/local/tomcat/webapps/ROOT state=directory
34 | tags: deploy
35 |
36 | - name: Decompress asgard WAR file
37 | command: chdir=/usr/local/tomcat/webapps/ROOT unzip ../asgard.war
38 | notify: restart tomcat
39 | tags: deploy
40 |
41 | - name: Remove source WAR file
42 | file: path=/usr/local/tomcat/webapps/asgard.war state=absent
43 | tags: deploy
44 |
45 | - name: Add BASIC auth requirements to web.xml
46 | lineinfile: dest=/usr/local/tomcat/webapps/ROOT/WEB-INF/web.xml regexp="security-constraint" line="/*asgardBASICasgard" insertbefore=""
47 | when: asgard_enable_basic_auth == "yes"
48 | notify: restart tomcat
49 | tags: auth
50 |
51 | - name: Remove BASIC auth from web.xml
52 | lineinfile: dest=/usr/local/tomcat/webapps/ROOT/WEB-INF/web.xml regexp="security-constraint" state=absent
53 | when: asgard_enable_basic_auth != "yes"
54 | notify: restart tomcat
55 | tags: auth
56 |
57 | - name: Copy over tomcat-users.xml file
58 | template: src=tomcat-users.xml.j2 dest=/usr/local/tomcat/conf/tomcat-users.xml owner=root group=root mode=0644
59 | when: asgard_enable_basic_auth == "yes"
60 | notify: restart tomcat
61 | tags: auth
62 |
63 |
--------------------------------------------------------------------------------
/playbooks/roles/asgard/files/server.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
12 |
17 |
18 |
19 |
20 |
22 |
23 |
25 |
26 |
30 |
32 |
33 |
36 |
43 |
44 |
46 |
47 |
48 |
49 |
50 |
--------------------------------------------------------------------------------
/playbooks/roles/base/files/Ubuntu/sshd_config:
--------------------------------------------------------------------------------
1 | # See the sshd_config(5) manpage for details
2 |
3 | # What ports, IPs and protocols we listen for
4 | Port 22
5 |
6 | # Use these options to restrict which interfaces/protocols sshd will bind to
7 | #ListenAddress ::
8 | #ListenAddress 0.0.0.0
9 |
10 | Protocol 2
11 | # HostKeys for protocol version 2
12 | HostKey /etc/ssh/ssh_host_rsa_key
13 | HostKey /etc/ssh/ssh_host_dsa_key
14 | HostKey /etc/ssh/ssh_host_ecdsa_key
15 |
16 | # Privilege Separation is turned on for security
17 | UsePrivilegeSeparation yes
18 |
19 | # Lifetime and size of ephemeral version 1 server key
20 | KeyRegenerationInterval 3600
21 | ServerKeyBits 768
22 |
23 | # Logging
24 | SyslogFacility AUTH
25 | LogLevel INFO
26 |
27 | # Authentication:
28 | LoginGraceTime 30
29 | PermitRootLogin no
30 | StrictModes yes
31 |
32 | RSAAuthentication yes
33 | PubkeyAuthentication yes
34 | #AuthorizedKeysFile %h/.ssh/authorized_keys
35 |
36 | # Don't read the user's ~/.rhosts and ~/.shosts files
37 | IgnoreRhosts yes
38 | # For this to work you will also need host keys in /etc/ssh_known_hosts
39 | RhostsRSAAuthentication no
40 | # similar for protocol version 2
41 | HostbasedAuthentication no
42 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
43 | #IgnoreUserKnownHosts yes
44 |
45 | # To enable empty passwords, change to yes (NOT RECOMMENDED)
46 | PermitEmptyPasswords no
47 |
48 | # Change to yes to enable challenge-response passwords (beware issues with
49 | # some PAM modules and threads)
50 | ChallengeResponseAuthentication no
51 |
52 | # Change to no to disable tunnelled clear text passwords
53 | PasswordAuthentication no
54 |
55 | # Kerberos options
56 | #KerberosAuthentication no
57 | #KerberosGetAFSToken no
58 | #KerberosOrLocalPasswd yes
59 | #KerberosTicketCleanup yes
60 |
61 | # GSSAPI options
62 | GSSAPIAuthentication no
63 | #GSSAPICleanupCredentials yes
64 |
65 | X11Forwarding yes
66 | X11DisplayOffset 10
67 | PrintMotd no
68 | PrintLastLog yes
69 | TCPKeepAlive yes
70 | #UseLogin no
71 |
72 | #MaxStartups 10:30:60
73 | #Banner /etc/issue.net
74 |
75 | # Allow client to pass locale environment variables
76 | AcceptEnv LANG LC_*
77 |
78 | Subsystem sftp /usr/lib/openssh/sftp-server
79 |
80 | # Set this to 'yes' to enable PAM authentication, account processing,
81 | # and session processing. If this is enabled, PAM authentication will
82 | # be allowed through the ChallengeResponseAuthentication and
83 | # PasswordAuthentication. Depending on your PAM configuration,
84 | # PAM authentication via ChallengeResponseAuthentication may bypass
85 | # the setting of "PermitRootLogin without-password".
86 | # If you just want the PAM account and session checks to run without
87 | # PAM authentication, then enable this but set PasswordAuthentication
88 | # and ChallengeResponseAuthentication to 'no'.
89 | UsePAM yes
90 |
91 | # Disable reverse DNS lookup to make SSH start faster
92 | UseDNS no
93 |
--------------------------------------------------------------------------------
/playbooks/roles/tomcat/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Tomcat role
3 | - name: Install Apache Tomcat 7 (apt version)
4 | apt: pkg={{ item }} state=latest
5 | with_items:
6 | - tomcat7
7 | - libtcnative-1
8 | - libapr1
9 | when: ansible_distribution == 'Ubuntu'
10 |
11 | - name: Install Apache Tomcat 7 (Debian apt version)
12 | apt: pkg={{ item }} state=latest
13 | with_items:
14 | - tomcat7
15 | when: ansible_distribution == 'Debian'
16 |
17 | - name: Install Apache Tomcat 7 (yum version)
18 | yum: pkg={{ item }} state=latest
19 | with_items:
20 | - tomcat7
21 | - tomcat-native
22 | when: ansible_distribution == 'Amazon'
23 |
24 | - name: Symlink to /usr/local/tomcat
25 | file: dest=/usr/local/tomcat state=link src=/var/lib/tomcat7
26 | when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
27 |
28 | - name: Symlink to /usr/local/tomcat
29 | file: dest=/usr/local/tomcat state=link src=/usr/share/tomcat7
30 | when: ansible_distribution == 'Amazon'
31 |
32 | - name: Symlink Java (Debian)
33 | file: src=/usr/lib/jvm/java-7-oracle dest=/usr/lib/jvm/default-java state=link
34 | when: ansible_distribution == 'Debian'
35 |
36 | - name: Fix webapps permissions so tomcat can deploy
37 | file: dest=/usr/local/tomcat/webapps state=directory owner={{ tomcat_user }} group={{ tomcat_user }} mode=0775
38 | when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
39 |
40 | - name: Tomcat service config (Ubuntu/Debian version)
41 | template: src=default.j2 dest=/etc/default/tomcat7 owner=root group=root mode=0644
42 | notify: restart tomcat
43 | when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
44 |
45 | - name: Tomcat service config (Amazon Linux version)
46 | template: src=tomcat7.conf.j2 dest=/etc/tomcat7/tomcat7.conf owner={{ tomcat_user }} group={{ tomcat_user }} mode=644
47 | notify: restart tomcat
48 | when: ansible_distribution == 'Amazon'
49 |
50 | - name: Copy port forwarding script
51 | copy: src=port-forward-8080-to-80.sh dest=/usr/bin/port-forward-8080-to-80.sh owner=root group=root mode=0755
52 | notify: run rc.local
53 | when: not tomcat_skip_port_forwarding|default(False)
54 | tags: rc
55 |
56 | - name: Add port forwarding script to rc.local
57 | lineinfile: dest={{ rc_local_path }} insertbefore="^# ADD HERE" regexp="port-forward-8080-to-80" line="/usr/bin/port-forward-8080-to-80.sh"
58 | notify: run rc.local
59 | when: not tomcat_skip_port_forwarding|default(False)
60 | tags: rc
61 |
62 | - name: Enable tomcat7 service
63 | service: name=tomcat7 enabled=yes
64 |
65 | - name: Starting tomcat7 service
66 | service: name=tomcat7 state=started
67 | when: not_ami_build
68 |
69 | - name: Stopping tomcat7 service
70 | service: name=tomcat7 state=stopped
71 | when: ami_build
72 |
73 |
74 |
75 |
76 |
77 |
--------------------------------------------------------------------------------
/playbooks/roles/base/files/Ubuntu/precise/sources.list.tmpl:
--------------------------------------------------------------------------------
1 | \## Note, this file is written by cloud-init on first boot of an instance
2 | \## modifications made here will not survive a re-bundle.
3 | \## if you wish to make changes you can:
4 | \## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
5 | \## or do the same in user-data
6 | \## b.) add sources in /etc/apt/sources.list.d
7 | \## c.) make changes to template file /etc/cloud/templates/sources.list.tmpl
8 | \###
9 |
10 | # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
11 | # newer versions of the distribution.
12 | deb $mirror $codename main
13 | deb-src $mirror $codename main
14 |
15 | \## Major bug fix updates produced after the final release of the
16 | \## distribution.
17 | deb $mirror $codename-updates main
18 | deb-src $mirror $codename-updates main
19 |
20 | \## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
21 | \## team. Also, please note that software in universe WILL NOT receive any
22 | \## review or updates from the Ubuntu security team.
23 | deb $mirror $codename universe
24 | deb-src $mirror $codename universe
25 | deb $mirror $codename-updates universe
26 | deb-src $mirror $codename-updates universe
27 |
28 | \## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
29 | \## team, and may not be under a free licence. Please satisfy yourself as to
30 | \## your rights to use the software. Also, please note that software in
31 | \## multiverse WILL NOT receive any review or updates from the Ubuntu
32 | \## security team.
33 | deb $mirror $codename multiverse
34 | # deb-src $mirror $codename multiverse
35 | deb $mirror $codename-updates multiverse
36 | # deb-src $mirror $codename-updates multiverse
37 |
38 | \## Uncomment the following two lines to add software from the 'backports'
39 | \## repository.
40 | \## N.B. software from this repository may not have been tested as
41 | \## extensively as that contained in the main release, although it includes
42 | \## newer versions of some applications which may provide useful features.
43 | \## Also, please note that software in backports WILL NOT receive any review
44 | \## or updates from the Ubuntu security team.
45 | deb $mirror $codename-backports main restricted universe multiverse
46 | # deb-src $mirror $codename-backports main restricted universe multiverse
47 |
48 | \## Uncomment the following two lines to add software from Canonical's
49 | \## 'partner' repository.
50 | \## This software is not part of Ubuntu, but is offered by Canonical and the
51 | \## respective vendors as a service to Ubuntu users.
52 | # deb http://archive.canonical.com/ubuntu $codename partner
53 | # deb-src http://archive.canonical.com/ubuntu $codename partner
54 |
55 | deb http://security.ubuntu.com/ubuntu $codename-security main
56 | deb-src http://security.ubuntu.com/ubuntu $codename-security main
57 | deb http://security.ubuntu.com/ubuntu $codename-security universe
58 | deb-src http://security.ubuntu.com/ubuntu $codename-security universe
59 | deb http://security.ubuntu.com/ubuntu $codename-security multiverse
60 | # deb-src http://security.ubuntu.com/ubuntu $codename-security multiverse
61 |
--------------------------------------------------------------------------------
/playbooks/roles/base/files/Ubuntu/trusty/sources.list.tmpl:
--------------------------------------------------------------------------------
1 | \## Note, this file is written by cloud-init on first boot of an instance
2 | \## modifications made here will not survive a re-bundle.
3 | \## if you wish to make changes you can:
4 | \## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
5 | \## or do the same in user-data
6 | \## b.) add sources in /etc/apt/sources.list.d
7 | \## c.) make changes to template file /etc/cloud/templates/sources.list.tmpl
8 | \###
9 |
10 | # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
11 | # newer versions of the distribution.
12 | deb $mirror $codename main
13 | deb-src $mirror $codename main
14 |
15 | \## Major bug fix updates produced after the final release of the
16 | \## distribution.
17 | deb $mirror $codename-updates main
18 | deb-src $mirror $codename-updates main
19 |
20 | \## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
21 | \## team. Also, please note that software in universe WILL NOT receive any
22 | \## review or updates from the Ubuntu security team.
23 | deb $mirror $codename universe
24 | deb-src $mirror $codename universe
25 | deb $mirror $codename-updates universe
26 | deb-src $mirror $codename-updates universe
27 |
28 | \## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
29 | \## team, and may not be under a free licence. Please satisfy yourself as to
30 | \## your rights to use the software. Also, please note that software in
31 | \## multiverse WILL NOT receive any review or updates from the Ubuntu
32 | \## security team.
33 | deb $mirror $codename multiverse
34 | # deb-src $mirror $codename multiverse
35 | deb $mirror $codename-updates multiverse
36 | # deb-src $mirror $codename-updates multiverse
37 |
38 | \## Uncomment the following two lines to add software from the 'backports'
39 | \## repository.
40 | \## N.B. software from this repository may not have been tested as
41 | \## extensively as that contained in the main release, although it includes
42 | \## newer versions of some applications which may provide useful features.
43 | \## Also, please note that software in backports WILL NOT receive any review
44 | \## or updates from the Ubuntu security team.
45 | # deb $mirror $codename-backports main restricted universe multiverse
46 | # deb-src $mirror $codename-backports main restricted universe multiverse
47 |
48 | \## Uncomment the following two lines to add software from Canonical's
49 | \## 'partner' repository.
50 | \## This software is not part of Ubuntu, but is offered by Canonical and the
51 | \## respective vendors as a service to Ubuntu users.
52 | # deb http://archive.canonical.com/ubuntu $codename partner
53 | # deb-src http://archive.canonical.com/ubuntu $codename partner
54 |
55 | deb http://security.ubuntu.com/ubuntu $codename-security main
56 | deb-src http://security.ubuntu.com/ubuntu $codename-security main
57 | deb http://security.ubuntu.com/ubuntu $codename-security universe
58 | deb-src http://security.ubuntu.com/ubuntu $codename-security universe
59 | deb http://security.ubuntu.com/ubuntu $codename-security multiverse
60 | # deb-src http://security.ubuntu.com/ubuntu $codename-security multiverse
61 |
--------------------------------------------------------------------------------
/playbooks/roles/base/files/Ubuntu/precise/sources.list:
--------------------------------------------------------------------------------
1 | ## Note, this file is written by cloud-init on first boot of an instance
2 | ## modifications made here will not survive a re-bundle.
3 | ## if you wish to make changes you can:
4 | ## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
5 | ## or do the same in user-data
6 | ## b.) add sources in /etc/apt/sources.list.d
7 | ## c.) make changes to template file /etc/cloud/templates/sources.list.tmpl
8 | #
9 |
10 | # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
11 | # newer versions of the distribution.
12 | deb http://archive.ubuntu.com/ubuntu/ precise main
13 | deb-src http://archive.ubuntu.com/ubuntu/ precise main
14 |
15 | ## Major bug fix updates produced after the final release of the
16 | ## distribution.
17 | deb http://archive.ubuntu.com/ubuntu/ precise-updates main
18 | deb-src http://archive.ubuntu.com/ubuntu/ precise-updates main
19 |
20 | ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
21 | ## team. Also, please note that software in universe WILL NOT receive any
22 | ## review or updates from the Ubuntu security team.
23 | deb http://archive.ubuntu.com/ubuntu/ precise universe
24 | deb-src http://archive.ubuntu.com/ubuntu/ precise universe
25 | deb http://archive.ubuntu.com/ubuntu/ precise-updates universe
26 | deb-src http://archive.ubuntu.com/ubuntu/ precise-updates universe
27 |
28 | ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
29 | ## team, and may not be under a free licence. Please satisfy yourself as to
30 | ## your rights to use the software. Also, please note that software in
31 | ## multiverse WILL NOT receive any review or updates from the Ubuntu
32 | ## security team.
33 | deb http://archive.ubuntu.com/ubuntu/ precise multiverse
34 | deb-src http://archive.ubuntu.com/ubuntu/ precise multiverse
35 | deb http://archive.ubuntu.com/ubuntu/ precise-updates multiverse
36 | deb-src http://archive.ubuntu.com/ubuntu/ precise-updates multiverse
37 |
38 | ## Uncomment the following two lines to add software from the 'backports'
39 | ## repository.
40 | ## N.B. software from this repository may not have been tested as
41 | ## extensively as that contained in the main release, although it includes
42 | ## newer versions of some applications which may provide useful features.
43 | ## Also, please note that software in backports WILL NOT receive any review
44 | ## or updates from the Ubuntu security team.
45 | # deb http://archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse
46 | # deb-src http://archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse
47 |
48 | ## Uncomment the following two lines to add software from Canonical's
49 | ## 'partner' repository.
50 | ## This software is not part of Ubuntu, but is offered by Canonical and the
51 | ## respective vendors as a service to Ubuntu users.
52 | # deb http://archive.canonical.com/ubuntu precise partner
53 | # deb-src http://archive.canonical.com/ubuntu precise partner
54 |
55 | deb http://security.ubuntu.com/ubuntu precise-security main
56 | deb-src http://security.ubuntu.com/ubuntu precise-security main
57 | deb http://security.ubuntu.com/ubuntu precise-security universe
58 | deb-src http://security.ubuntu.com/ubuntu precise-security universe
59 | deb http://security.ubuntu.com/ubuntu precise-security multiverse
60 | deb-src http://security.ubuntu.com/ubuntu precise-security multiverse
61 |
--------------------------------------------------------------------------------
/playbooks/roles/base/files/Ubuntu/trusty/sources.list:
--------------------------------------------------------------------------------
1 | ## Note, this file is written by cloud-init on first boot of an instance
2 | ## modifications made here will not survive a re-bundle.
3 | ## if you wish to make changes you can:
4 | ## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
5 | ## or do the same in user-data
6 | ## b.) add sources in /etc/apt/sources.list.d
7 | ## c.) make changes to template file /etc/cloud/templates/sources.list.tmpl
8 | #
9 |
10 | # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
11 | # newer versions of the distribution.
12 | deb http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty main
13 | deb-src http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty main
14 |
15 | ## Major bug fix updates produced after the final release of the
16 | ## distribution.
17 | deb http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-updates main
18 | deb-src http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-updates main
19 |
20 | ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
21 | ## team. Also, please note that software in universe WILL NOT receive any
22 | ## review or updates from the Ubuntu security team.
23 | deb http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty universe
24 | deb-src http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty universe
25 | deb http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-updates universe
26 | deb-src http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-updates universe
27 |
28 | ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
29 | ## team, and may not be under a free licence. Please satisfy yourself as to
30 | ## your rights to use the software. Also, please note that software in
31 | ## multiverse WILL NOT receive any review or updates from the Ubuntu
32 | ## security team.
33 | deb http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty multiverse
34 | # deb-src http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty multiverse
35 | deb http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
36 | # deb-src http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
37 |
38 | ## Uncomment the following two lines to add software from the 'backports'
39 | ## repository.
40 | ## N.B. software from this repository may not have been tested as
41 | ## extensively as that contained in the main release, although it includes
42 | ## newer versions of some applications which may provide useful features.
43 | ## Also, please note that software in backports WILL NOT receive any review
44 | ## or updates from the Ubuntu security team.
45 | # deb http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
46 | # deb-src http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
47 |
48 | ## Uncomment the following two lines to add software from Canonical's
49 | ## 'partner' repository.
50 | ## This software is not part of Ubuntu, but is offered by Canonical and the
51 | ## respective vendors as a service to Ubuntu users.
52 | # deb http://archive.canonical.com/ubuntu trusty partner
53 | # deb-src http://archive.canonical.com/ubuntu trusty partner
54 |
55 | deb http://security.ubuntu.com/ubuntu trusty-security main
56 | deb-src http://security.ubuntu.com/ubuntu trusty-security main
57 | deb http://security.ubuntu.com/ubuntu trusty-security universe
58 | deb-src http://security.ubuntu.com/ubuntu trusty-security universe
59 | deb http://security.ubuntu.com/ubuntu trusty-security multiverse
60 | deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse
61 |
--------------------------------------------------------------------------------
/foundation-ami/ubuntu/_include.sh:
--------------------------------------------------------------------------------
1 | # Copyright 2013 Answers for AWS LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | # A collection of variables, constants and functions that should be included in
16 | # various scripts.
17 | # Code adapted from: alestic-git
18 |
19 | # Brand used in AMI name and description
20 | brand="foundation"
21 |
22 | # Default size of AMI EBS volume
23 | size=10 # GB
24 |
25 | # Ubuntu release
26 | codename=precise
27 |
28 | # AMI name timestamp
29 | now=$(date -u +%Y%m%d-%H%M)
30 |
31 | copy_ami=1
32 | # Command line options
33 | while [ $# -gt 0 ]; do
34 | case $1 in
35 | --name) brand=$2; shift 2 ;;
36 | --size) size=$2; shift 2 ;;
37 | --codename) codename=$2; shift 2 ;;
38 | --now) now=$2; shift 2 ;;
39 | --no-copy) copy_ami=0; shift 1 ;;
40 | *) echo "$0: Unrecognized option: $1" >&2; exit 1;
41 | esac
42 | done
43 |
44 |
45 | # Ubuntu release
46 | case $codename in
47 | precise) release=12.04 ;;
48 | quantal) release=12.10 ;;
49 | raring) release=13.04 ;;
50 | *) echo "$0: Unrecognized codename: $codename" >&2; exit 1;
51 | esac
52 |
53 | # Architecture
54 | if [ $(uname -m) = 'x86_64' ]; then
55 | arch=x86_64
56 | arch2=amd64
57 | ephemeraldev=/dev/sdb
58 | else
59 | arch=i386
60 | arch2=i386
61 | ephemeraldev=/dev/sda2
62 | fi
63 |
64 | # AMI name and description
65 | name="$brand-ubuntu-$release-$arch-ebs-$now"
66 | description="${brand^} on Ubuntu $release"
67 |
68 | # AMI details
69 | imagename=$codename-server-cloudimg-$arch2
70 | imageurl=http://uec-images.ubuntu.com/$codename/current/$imagename.tar.gz
71 | amisurl=http://uec-images.ubuntu.com/query/$codename/server/released.current.txt
72 | zoneurl=http://169.254.169.254/latest/meta-data/placement/availability-zone
73 | zone=$(wget -qO- $zoneurl)
74 | region=$(echo $zone | perl -pe 's/.$//')
75 | akiid=$(wget -qO- $amisurl | egrep "ebs.$arch2.$region.*paravirtual" | cut -f9)
76 |
77 | # Gets the AKI ID for a given region
78 | function get_akiid() {
79 | local req_region=$1
80 | local akiid=$(wget -qO- $amisurl | egrep "ebs.$arch2.$req_region.*paravirtual" | cut -f9)
81 | echo $akiid
82 | }
83 |
84 | # Directories for image
85 | image=/mnt/$imagename.img
86 | thisImage=/mnt/$imagename.edit.img
87 | imagedir=/mnt/$codename-cloudimg-$arch2
88 | ebsimagedir=$imagedir-ebs
89 |
90 | # Directories for Ansible
91 | noss_ansible_dir=/usr/share/netflixoss-ansible
92 | playbooks_dir=$noss_ansible_dir/playbooks
93 | inventory_dir=$noss_ansible_dir/inventory
94 |
95 |
96 | # Runs a script as the ubuntu user in the image chroot environment
97 | # Usage: imgRunScriptAsUbuntu SCRIPT_FILE_TO_EXECUTE [flags]
98 | function imgRunScriptAsUbuntu() {
99 | file=$1
100 | flags=$2
101 | run="$ebsimagedir/home/ubuntu/run-helper-cmd"
102 |
103 | if [ "$flags" != "rerun" ]; then
104 | sudo mv $file $run
105 | sudo chmod 755 $run
106 | fi
107 | sudo -E chroot $ebsimagedir sudo -u ubuntu -H -i ./run-helper-cmd
108 | if [ "$flags" != "nodelete" ]; then
109 | sudo rm -f $run
110 | fi
111 | }
112 |
113 |
114 |
115 |
--------------------------------------------------------------------------------
/ami-creator/ubuntu/03-create-ami:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Copyright 2013 Answers for AWS LLC
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 |
16 | # Final step finished the AMI creation process
17 | #
18 | # This expects to run on an EC2 instance
19 | #
20 | # Code adapted from: alestic-git
21 |
22 | # Include helper functions and variables
23 | . _include.sh
24 |
25 | echo "-- Create AMI --"
26 | echo "Creating AMI: $name"
27 | read -e -p "Value for Name Tag for this AMI: " -i "${brand^}" tag_name
28 | echo "Will tag with: $tag_name"
29 | echo
30 |
31 | # Clean up chroot environment
32 | echo "Cleaning up chroot environment"
33 | sudo chroot $ebsimagedir umount /proc
34 | #sudo chroot $ebsimagedir umount /dev/pts
35 | sudo umount $ebsimagedir/dev
36 | sudo rm -f $ebsimagedir/usr/sbin/policy-rc.d
37 | sudo rm -rf $ebsimagedir/home/ambot/devops
38 | sudo rm -rf $ebsimagedir/home/ambot/.ansible $ebsimagedir/home/ambot/.ansible_async
39 | sudo rm -f $ebsimagedir/home/ambot/.bash_history
40 |
41 | export EC2_URL=http://ec2.$region.amazonaws.com
42 |
43 | volumeid=`cat /tmp/image.volume.id`
44 |
45 | echo "Unmounting EBS Volume"
46 | sudo umount $ebsimagedir
47 |
48 | echo "Detaching EBS volume"
49 | ec2-detach-volume --region $region "$volumeid"
50 | while ec2-describe-volumes --region $region "$volumeid" | grep -q ATTACHMENT
51 | do
52 | echo -n "."
53 | sleep 3
54 | done
55 | echo
56 |
57 | echo "Creating a snapshot of the EBS volume"
58 | snapshotid=$(ec2-create-snapshot --region $region --description "$name" "$volumeid" | cut -f2)
59 | while ec2-describe-snapshots --region $region "$snapshotid" | grep -q pending
60 | do
61 | echo -n "."
62 | sleep 3
63 | done
64 | echo
65 |
66 | echo "Register the snapshot as AMI"
67 | # Register the snapshot as a new AMI
68 | amiid=$(ec2-register \
69 | --name "$name" \
70 | --description "$description" \
71 | --architecture "$arch" \
72 | --kernel "$akiid" \
73 | --block-device-mapping $ephemeraldev=ephemeral0 \
74 | --region $region \
75 | --snapshot "$snapshotid" |
76 | cut -f2)
77 |
78 | echo "Deleting EBS volume"
79 | ec2-delete-volume --region $region "$volumeid"
80 |
81 | echo "Tagging snapshots"
82 | ec2-create-tags --region $region $snapshotid --tag Name="$tag_name AMI"
83 | echo
84 |
85 | echo "Tagging AMIs"
86 | ec2-create-tags --region $region $amiid --tag Name="$tag_name"
87 | echo
88 |
89 | cat <&2; exit 1;
41 | esac
42 | done
43 |
44 |
45 | # Ubuntu release
46 | case $codename in
47 | precise) release=12.04 ;;
48 | quantal) release=12.10 ;;
49 | raring) release=13.04 ;;
50 | *) echo "$0: Unrecognized codename: $codename" >&2; exit 1;
51 | esac
52 |
53 | # Architecture
54 | if [ $(uname -m) = 'x86_64' ]; then
55 | arch=x86_64
56 | arch2=amd64
57 | ephemeraldev=/dev/sdb
58 | else
59 | arch=i386
60 | arch2=i386
61 | ephemeraldev=/dev/sda2
62 | fi
63 |
64 | # AMI name and description
65 | name="$brand-ubuntu-$release-$arch2-ebs-$now"
66 | description="${brand^} on Ubuntu $release - AMI by Answers for AWS"
67 |
68 | # AMI details
69 | imagename=$codename-server-cloudimg-$arch2
70 | imageurl=http://uec-images.ubuntu.com/$codename/current/$imagename.tar.gz
71 | amisurl=http://uec-images.ubuntu.com/query/$codename/server/released.current.txt
72 | zoneurl=http://169.254.169.254/latest/meta-data/placement/availability-zone
73 | zone=$(wget -qO- $zoneurl)
74 | region=$(echo $zone | perl -pe 's/.$//')
75 | akiid=$(wget -qO- $amisurl | egrep "ebs.$arch2.$region.*paravirtual" | cut -f9)
76 |
77 | # Gets the AKI ID for a given region
78 | function get_akiid() {
79 | local req_region=$1
80 | local akiid=$(wget -qO- $amisurl | egrep "ebs.$arch2.$req_region.*paravirtual" | cut -f9)
81 | echo $akiid
82 | }
83 |
84 | # Directories for image
85 | image=/mnt/$imagename.img
86 | thisImage=/mnt/$imagename.edit.img
87 | imagedir=/mnt/$codename-cloudimg-$arch2
88 | ebsimagedir=$imagedir-ebs
89 |
90 | # Directories for Ansible
91 | noss_ansible_dir=/usr/share/netflixoss-ansible
92 | playbooks_dir=$noss_ansible_dir/playbooks
93 | inventory_dir=$noss_ansible_dir/inventory
94 |
95 | #export EC2_CERT=$(echo /tmp/cert.pem)
96 | #export EC2_PRIVATE_KEY=$(echo /tmp/pk.pem)
97 |
98 | # Runs a script as the ubuntu user in the image chroot environment
99 | # Usage: imgRunScriptAsUbuntu SCRIPT_FILE_TO_EXECUTE [flags]
100 | function imgRunScriptAsUbuntu() {
101 | file=$1
102 | flags=$2
103 | run="$ebsimagedir/home/ubuntu/run-helper-cmd"
104 |
105 | if [ "$flags" != "rerun" ]; then
106 | sudo mv $file $run
107 | sudo chmod 755 $run
108 | fi
109 | sudo -E chroot $ebsimagedir sudo -u ubuntu -H -i ./run-helper-cmd
110 | if [ "$flags" != "nodelete" ]; then
111 | sudo rm -f $run
112 | fi
113 | }
114 |
115 |
116 |
117 |
--------------------------------------------------------------------------------
/cloudformation/generators/asgard.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # Asgard CloudFormation template
4 |
5 | from troposphere import Template, Parameter, Join, Ref, FindInMap, Output, GetAtt
6 | import troposphere.ec2 as ec2
7 |
8 |
9 | template = Template()
10 | template.add_description('NetflixOSS Asgard 1.4.1 - Template by Answers for AWS')
11 |
12 | keyname = template.add_parameter(Parameter(
13 | "KeyPairName",
14 | Description = "Name of an existing EC2 KeyPair to enable SSH access to the instance",
15 | Type = "String",
16 | MinLength = "1",
17 | MaxLength = "64",
18 | AllowedPattern = "[-_ a-zA-Z0-9]*",
19 | ConstraintDescription = "can contain only alphanumeric characters, spaces, dashes and underscores."
20 | ))
21 |
22 | ip_address = template.add_parameter(Parameter(
23 | "YourIpAddress",
24 | Description = "Your IP address",
25 | Type = "String",
26 | ))
27 |
28 | instance_type = template.add_parameter(Parameter(
29 | "InstanceType",
30 | Description = "EC2 instance type to launch for Application servers",
31 | Type = "String",
32 | Default = "m1.medium",
33 | AllowedValues = [ "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.xlarge", "m3.2xlarge", "c1.medium", "c1.xlarge", "cg1.4xlarge" ],
34 | ConstraintDescription = "must be a valid EC2 instance type"
35 | ))
36 |
37 | java_license = template.add_parameter(Parameter(
38 | "OracleJava",
39 | Description = "Type 'yes' to accept the Oracle Java license found here: http://www.oracle.com/technetwork/java/javase/terms/license/index.html",
40 | Type = "String",
41 | AllowedValues = [ "yes", "YES", "'yes'", "Yes" ],
42 | ConstraintDescription = "Type 'yes' to agree to the license"
43 | ))
44 |
45 | template.add_mapping('RegionMap', {
46 | "us-east-1": {"AMI": "ami-7724131e"},
47 | "us-west-1": {"AMI": "ami-3cdcef79"},
48 | "us-west-2": {"AMI": "ami-a86f0998"},
49 | "eu-west-1": {"AMI": "ami-a8e10bdf"},
50 | "sa-east-1": {"AMI": "ami-4bf85856"},
51 | "ap-southeast-1": {"AMI": "ami-149fc846"},
52 | "ap-southeast-2": {"AMI": "ami-e5d749df"},
53 | "ap-northeast-1": {"AMI": "ami-8f39568e"}
54 | })
55 |
56 | # Create a security group
57 | sg = template.add_resource(ec2.SecurityGroup('AsgardSecurityGroup'))
58 | sg.GroupDescription = 'Access to Asgard Instance'
59 | sg.SecurityGroupIngress = [
60 | ec2.SecurityGroupRule(
61 | IpProtocol = 'tcp',
62 | FromPort = '22',
63 | ToPort = '22',
64 | CidrIp = '0.0.0.0/0'
65 | ),
66 | ec2.SecurityGroupRule(
67 | IpProtocol = 'tcp',
68 | FromPort = '80',
69 | ToPort = '80',
70 | CidrIp = Join('/', [Ref(ip_address), "32"])
71 | )
72 | ]
73 |
74 | ec2_instance = template.add_resource(ec2.Instance(
75 | "AsgardInstance",
76 | ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
77 | InstanceType=Ref(instance_type),
78 | KeyName=Ref(keyname),
79 | SecurityGroups=[Ref(sg)],
80 | Tags = [
81 | {'Key': 'Name', 'Value': 'Asgard'}
82 | ]
83 | ))
84 |
85 | template.add_output([
86 | Output(
87 | "PublicIP",
88 | Description="Public IP address of the Asgard instance",
89 | Value=GetAtt(ec2_instance, "PublicIp"),
90 | ),
91 | Output(
92 | "PrivateIP",
93 | Description="Private IP address of the Asgard instance",
94 | Value=GetAtt(ec2_instance, "PrivateIp"),
95 | ),
96 | Output(
97 | "PublicDNS",
98 | Description="Public DNSName of the Asgard instance",
99 | Value=GetAtt(ec2_instance, "PublicDnsName"),
100 | )
101 | ])
102 |
103 | print template.to_json()
104 |
105 |
106 | #import requests
107 | #myip_response = requests.get(url='http://icanhazip.com')
108 | #myip = myip_response.text
109 | #
110 | ## Create new CloudFormation Stack from template
111 | #from boto import cloudformation
112 | #try:
113 | # conn = cloudformation.connect_to_region('us-west-2')
114 | # stack_id = conn.create_stack(
115 | # 'Asgard',
116 | # template_body=template.to_json(),
117 | # parameters=[
118 | # ('KeyPairName', 'answersforaws'),
119 | # ('YourIpAddress', myip)
120 | # ]
121 | # )
122 | # print 'Created ' + stack_id
123 | #except Exception, e:
124 | # print e
125 | # print e.message
126 |
--------------------------------------------------------------------------------
/playbooks/roles/base/files/s3get:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | import sys
4 | import argparse
5 | import boto
6 | from boto.s3.connection import S3Connection
7 | import os
8 | import string
9 | import pwd, grp
10 |
11 | import pprint
12 | pp = pprint.PrettyPrinter(indent=2)
13 |
14 | class Cli(object):
15 | def __init__(self):
16 | ''' Initialization '''
17 |
18 | self.parse_cli_args()
19 |
20 |
21 | def parse_cli_args(self):
22 | ''' Command line argument parsing and checking '''
23 |
24 | self.parser = argparse.ArgumentParser(description='Downloads a file from S3')
25 | self.parser.add_argument('source', action='store',
26 | help='Location in S3 to download from. Eg: s3://mybucket/file.txt')
27 | self.parser.add_argument('local_dest', action='store',
28 | help='Local location to store the file. Eg: /tmp/file.txt')
29 | self.parser.add_argument('--mode', action='store',
30 | help='chmod the file to this after download. Eg: 0755')
31 | self.parser.add_argument('--owner', action='store',
32 | help='chown the file to this after download. Eg: pas')
33 | self.parser.add_argument('--group', action='store',
34 | help='chgrp the file to this after download. Eg: pas')
35 |
36 | # OK, go parse
37 | self.args = self.parser.parse_args()
38 |
39 |
40 | def run(self):
41 | ''' Main execution path '''
42 |
43 | conn = S3Connection() # No credentials here - use .boto or IAM Role
44 |
45 | s3_parts = self.args.source.split('/', 3)
46 |
47 | if s3_parts[0] != 's3:' or s3_parts[1] != '':
48 | print 'ERROR: source must be an S3 url'
49 | self.parser.print_help()
50 | sys.exit(1)
51 |
52 | source_bucket_name = s3_parts[2]
53 | source_key_name = s3_parts[3]
54 | source = conn.get_bucket(source_bucket_name)
55 |
56 | try:
57 | key = source.get_key(source_key_name)
58 | except boto.exception.S3ResponseError:
59 | print "ERROR: s3://%s/%s has permissions that prevent access" % (source_bucket_name, source_key_name)
60 | sys.exit(1)
61 |
62 | if key == None:
63 | print "ERROR: s3://%s/%s does not exist" % (source_bucket_name, source_key_name)
64 | sys.exit(1)
65 |
66 | print 'Downloading %s' % self.args.source
67 | key.get_contents_to_filename(self.args.local_dest, cb=self.progress_callback)
68 |
69 | # Set mode (if necessary)
70 | if self.args.mode:
71 | # Convert octal to int
72 | mode = string.atoi(self.args.mode, 8)
73 | os.chmod(self.args.local_dest, mode)
74 |
75 | # Set the owner and group if needed
76 | owner = -1
77 | group = -1
78 | if self.args.owner:
79 | try:
80 | owner = pwd.getpwnam(self.args.owner).pw_uid
81 | except KeyError:
82 | print 'ERROR: Unknown user: %s' % self.args.owner
83 | sys.exit(1)
84 | if self.args.group:
85 | try:
86 | group = grp.getgrnam(self.args.group).gr_gid
87 | except KeyError:
88 | print 'ERROR: Unknown group: %s' % self.args.group
89 | sys.exit(1)
90 | if owner > -1 or group > -1:
91 | try:
92 | os.chown(self.args.local_dest, owner, group)
93 | except OSError as e:
94 | print 'ERROR: Could not change owner or group'
95 | print e
96 | sys.exit(1)
97 |
98 | print 'Done writing %s' % os.path.abspath(self.args.local_dest)
99 |
100 |
101 | def progress_callback(self, nbytes, size):
102 | ''' Callback to show the progress of the download '''
103 |
104 | percent = 0
105 | size_in_kb = float(size) / 1024
106 | if size > 0:
107 | percent = (float(nbytes) / size) * 100
108 | print ' %2d%% of %s kb' % (percent, size_in_kb)
109 |
110 |
111 | ########################################################
112 |
113 | if __name__ == '__main__':
114 | cli = Cli()
115 | cli.run()
116 |
117 |
--------------------------------------------------------------------------------
/playbooks/roles/ice/templates/ice.properties.j2:
--------------------------------------------------------------------------------
1 |
2 | # whether or not to start processor
3 | ice.processor=true
4 |
5 | # whether or not to start reader/UI
6 | ice.reader=true
7 |
8 | # whether or not to start reservation capacity poller
9 | ice.reservationCapacityPoller=false
10 |
11 | # reservation period, possible values are oneyear, threeyear
12 | ice.reservationPeriod=threeyear
13 | # reservation utilization, possible values are LIGHT, MEDIUM, HEAVY
14 | ice.reservationUtilization=HEAVY
15 |
16 | # url prefix, e.g. http://ice.netflix.com/. Will be used in alert emails.
17 | ice.urlPrefix=
18 |
19 | # from email address
20 | ice.fromEmail=
21 |
22 | # ec2 ondemand hourly cost threshold to send alert email. The alert email will be sent at most once per day.
23 | ice.ondemandCostAlertThreshold=250
24 |
25 | # ec2 ondemand hourly cost alert emails, separated by ","
26 | ice.ondemandCostAlertEmails=
27 |
28 | # modify the following 5 properties according to your billing files configuration. if you have multiple payer accounts, you will need to specify multiple values for each property.
29 | # s3 bucket name where the billing files are. multiple bucket names are delimited by ",". Ice must have read access to billing s3 bucket.
30 | ice.billing_s3bucketname={{ ice_billing_s3_bucket_names }}
31 | # prefix of the billing files. multiple prefixes are delimited by ","
32 | ice.billing_s3bucketprefix={{ ice_billing_s3_bucket_prefix }}
33 | # specify your payer account id here if across-accounts IAM role access is used. multiple account ids are delimited by ",". "ice.billing_payerAccountId=,222222222222" means assumed role access is only used for the second bucket.
34 | #ice.billing_payerAccountId=,123456789012
35 | # specify the assumed role name here if you use IAM role access to read from billing s3 bucket. multiple role names are delimited by ",". "ice.billing_accessRoleName=,ice" means assumed role access is only used for the second bucket.
36 | #ice.billing_accessRoleName=,ice
37 | # specify external id here if it is used. multiple external ids are delimited by ",". if you don't use external id, you can leave this property unset.
38 | #ice.billing_accessExternalId=
39 |
40 | # specify your custom tags here. Multiple tags are delimited by ",". If specified, BasicResourceService will be used to generate resource groups for you.
41 | # PLEASE MAKE SURE you have limited number (e.g. < 100) of unique value combinations from your custom tags, otherwise Ice performance will be greatly affected.
42 | #ice.customTags=tag1,tag2
43 |
44 | # start date in millis from when you want to start processing the billing files
45 | ice.startmillis=1364774400000
46 |
47 | # you company name. it will be used by UI
48 | ice.companyName={{ ice_company_name }}
49 |
50 | # s3 bucket name where Ice can store output files. Ice must have read and write access to billing s3 bucket.
51 | ice.work_s3bucketname={{ ice_work_s3_bucket_name }}
52 | # prefix of Ice output files
53 | ice.work_s3bucketprefix=ice/
54 |
55 | # local directory for Ice processor. the directory must exist.
56 | ice.processor.localDir=/mnt/ice_processor
57 |
58 | # local directory for Ice reader. the directory must exist.
59 | ice.reader.localDir=/mnt/ice_reader
60 |
61 | # monthly data cache size for Ice reader.
62 | ice.monthlycachesize=12
63 |
64 | # change the follow account settings
65 | ice.account.account1={{ ice_account1_aws_id }}
66 | ice.account.account2=123456789012
67 | ice.account.account3=123456789013
68 | ice.account.account4=123456789014
69 | ice.account.account5=123456789015
70 | ice.account.account6=123456789016
71 |
72 | # set reservation owner accounts. "ice.owneraccount.account2=account3,account4" means reservations in account2 can be shared by account3 and account4
73 | # if reservation capacity poller is enabled, the poller will try to poll reservation capacity through ec2 API (desribeReservedInstances) for each reservation owner account.
74 | ice.owneraccount.account1=
75 | ice.owneraccount.account2=account3,account4
76 | ice.owneraccount.account5=account6
77 |
78 | # if reservation capacity poller needs to use IAM role to access ec2 API, set the assumed role here for each reservation owner account
79 | ice.owneraccount.account1.role=ice
80 | ice.owneraccount.account2.role=ice
81 | ice.owneraccount.account5.role=ice
82 |
83 | # if reservation capacity poller needs to use IAM role to access ec2 API and external id is used, set the external id here for each reservation owner account. otherwise you can leave it unset.
84 | ice.owneraccount.account1.externalId=
85 | ice.owneraccount.account2.externalId=
86 | ice.owneraccount.account5.externalId=
--------------------------------------------------------------------------------
/playbooks/roles/base/files/Amazon/sshd_config:
--------------------------------------------------------------------------------
1 | # $OpenBSD: sshd_config,v 1.89 2013/02/06 00:20:42 dtucker Exp $
2 |
3 | # This is the sshd server system-wide configuration file. See
4 | # sshd_config(5) for more information.
5 |
6 | # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
7 |
8 | # The strategy used for options in the default sshd_config shipped with
9 | # OpenSSH is to specify options with their default value where
10 | # possible, but leave them commented. Uncommented options override the
11 | # default value.
12 |
13 | # If you want to change the port on a SELinux system, you have to tell
14 | # SELinux about this change.
15 | # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
16 | #
17 | #Port 22
18 | #AddressFamily any
19 | #ListenAddress 0.0.0.0
20 | #ListenAddress ::
21 |
22 | # The default requires explicit activation of protocol 1
23 | #Protocol 2
24 |
25 | # HostKey for protocol version 1
26 | #HostKey /etc/ssh/ssh_host_key
27 | # HostKeys for protocol version 2
28 | #HostKey /etc/ssh/ssh_host_rsa_key
29 | #HostKey /etc/ssh/ssh_host_dsa_key
30 | #HostKey /etc/ssh/ssh_host_ecdsa_key
31 |
32 | # Lifetime and size of ephemeral version 1 server key
33 | #KeyRegenerationInterval 1h
34 | #ServerKeyBits 1024
35 |
36 | # Logging
37 | # obsoletes QuietMode and FascistLogging
38 | #SyslogFacility AUTH
39 | SyslogFacility AUTHPRIV
40 | #LogLevel INFO
41 |
42 | # Authentication:
43 |
44 | #LoginGraceTime 2m
45 | PermitRootLogin no
46 | # Only allow root to run commands over ssh, no shell
47 | PermitRootLogin forced-commands-only
48 | StrictModes yes
49 | #MaxAuthTries 6
50 | #MaxSessions 10
51 |
52 | #RSAAuthentication yes
53 | #PubkeyAuthentication yes
54 |
55 | # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
56 | # but this is overridden so installations will only check .ssh/authorized_keys
57 | AuthorizedKeysFile .ssh/authorized_keys
58 |
59 | #AuthorizedPrincipalsFile none
60 |
61 | #AuthorizedKeysCommand none
62 | #AuthorizedKeysCommandUser nobody
63 |
64 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
65 | #RhostsRSAAuthentication no
66 | # similar for protocol version 2
67 | #HostbasedAuthentication no
68 | # Change to yes if you don't trust ~/.ssh/known_hosts for
69 | # RhostsRSAAuthentication and HostbasedAuthentication
70 | #IgnoreUserKnownHosts no
71 | # Don't read the user's ~/.rhosts and ~/.shosts files
72 | #IgnoreRhosts yes
73 |
74 | # To disable tunneled clear text passwords, change to no here!
75 | #PasswordAuthentication yes
76 | #PermitEmptyPasswords no
77 | # EC2 uses keys for remote access
78 | PasswordAuthentication no
79 |
80 | # Change to no to disable s/key passwords
81 | #ChallengeResponseAuthentication yes
82 | ChallengeResponseAuthentication no
83 |
84 | # Kerberos options
85 | #KerberosAuthentication no
86 | #KerberosOrLocalPasswd yes
87 | #KerberosTicketCleanup yes
88 | #KerberosGetAFSToken no
89 | #KerberosUseKuserok yes
90 |
91 | # GSSAPI options
92 | #GSSAPIAuthentication no
93 | #GSSAPICleanupCredentials yes
94 | #GSSAPIStrictAcceptorCheck yes
95 | #GSSAPIKeyExchange no
96 |
97 | # Set this to 'yes' to enable PAM authentication, account processing,
98 | # and session processing. If this is enabled, PAM authentication will
99 | # be allowed through the ChallengeResponseAuthentication and
100 | # PasswordAuthentication. Depending on your PAM configuration,
101 | # PAM authentication via ChallengeResponseAuthentication may bypass
102 | # the setting of "PermitRootLogin without-password".
103 | # If you just want the PAM account and session checks to run without
104 | # PAM authentication, then enable this but set PasswordAuthentication
105 | # and ChallengeResponseAuthentication to 'no'.
106 | # WARNING: 'UsePAM no' is not supported in Fedora and may cause several
107 | # problems.
108 | #UsePAM no
109 | # Leaving enabled as described so that account and session checks are run
110 | UsePAM yes
111 |
112 | #AllowAgentForwarding yes
113 | #AllowTcpForwarding yes
114 | #GatewayPorts no
115 | #X11Forwarding no
116 | X11Forwarding yes
117 | #X11DisplayOffset 10
118 | #X11UseLocalhost yes
119 | #PrintMotd yes
120 | # Explicitly enable
121 | PrintLastLog yes
122 | TCPKeepAlive yes
123 | #UseLogin no
124 | UsePrivilegeSeparation sandbox # Default for new installations.
125 | #PermitUserEnvironment no
126 | #Compression delayed
127 | #ClientAliveInterval 0
128 | #ClientAliveCountMax 3
129 | #ShowPatchLevel no
130 | #UseDNS yes
131 | #PidFile /var/run/sshd.pid
132 | #MaxStartups 10:30:100
133 | #PermitTunnel no
134 | #ChrootDirectory none
135 | #VersionAddendum none
136 |
137 | # no default banner path
138 | #Banner none
139 |
140 | # Accept locale-related environment variables
141 | AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
142 | AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
143 | AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
144 | AcceptEnv XMODIFIERS
145 |
146 | # override default of no subsystems
147 | Subsystem sftp /usr/libexec/openssh/sftp-server
148 |
149 | # Uncomment this if you want to use .local domain
150 | #Host *.local
151 | # CheckHostIP no
152 |
153 | # Example of overriding settings on a per-user basis
154 | #Match User anoncvs
155 | # X11Forwarding no
156 | # AllowTcpForwarding no
157 | # ForceCommand cvs server
--------------------------------------------------------------------------------
/playbooks/roles/simian_army/files/sdb:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 | # Copyright 2013 Answers for AWS LLC
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 |
16 | # This is a tiny little script that performs a very small set of AWS SimpleDB
17 | # actions
18 |
19 | import sys
20 | import argparse
21 | import logging
22 |
23 | import boto.sdb
24 | from boto.utils import get_instance_metadata
25 |
26 | log = logging.getLogger(__name__)
27 |
28 |
29 |
30 | class Logging(object):
31 | # Logging formats
32 | _log_simple_format = '%(asctime)s [%(levelname)s] %(message)s'
33 | _log_detailed_format = '%(asctime)s [%(levelname)s] [%(name)s(%(lineno)s):%(funcName)s] %(message)s'
34 |
35 | def configure(self, verbosity = None):
36 | ''' Configure the logging format and verbosity '''
37 |
38 | # Configure our logging output
39 | if verbosity >= 2:
40 | logging.basicConfig(level=logging.DEBUG, format=self._log_detailed_format, datefmt='%F %T')
41 | elif verbosity >= 1:
42 | logging.basicConfig(level=logging.INFO, format=self._log_detailed_format, datefmt='%F %T')
43 | else:
44 | logging.basicConfig(level=logging.INFO, format=self._log_simple_format, datefmt='%F %T')
45 |
46 | # Configure Boto's logging output
47 | if verbosity >= 4:
48 | logging.getLogger('boto').setLevel(logging.DEBUG)
49 | elif verbosity >= 3:
50 | logging.getLogger('boto').setLevel(logging.INFO)
51 | else:
52 | logging.getLogger('boto').setLevel(logging.CRITICAL)
53 |
54 |
55 | def _fail(message="Unknown failure", code=1):
56 | log.error(message)
57 | sys.exit(code)
58 |
59 |
60 | def main():
61 | parser = argparse.ArgumentParser(description='Perform a very small set of actions against AWS SimpleDB')
62 | parser.add_argument('--region', metavar='REGION',
63 | help='the region to use (default is current region of EC2 instance this is running on). E.g. us-east-1')
64 | parser.add_argument('command', choices=['CreateDomain', 'ListDomains', 'DeleteDomain'],
65 | help='The command to run (either CreateDomain, ListDomains or DeleteDomain)')
66 | parser.add_argument('argument', metavar='ARG', nargs='*',
67 | help='The argument to pass to the command')
68 | parser.add_argument('--verbose', '-v', action='count',
69 | help='enable verbose output (-vvv for more)')
70 | args = parser.parse_args()
71 |
72 |
73 | Logging().configure(args.verbose)
74 |
75 | log.debug("CLI parse args: %s", args)
76 |
77 | if args.region:
78 | region = args.region
79 | else:
80 | # If no region was specified, assume this is running on an EC2 instance
81 | # and work out what region it is in
82 | log.debug("Figure out which region I am running in...")
83 | instance_metadata = get_instance_metadata(timeout=5)
84 | log.debug('Instance meta-data: %s', instance_metadata)
85 | if not instance_metadata:
86 | _fail('Could not determine region. This script is either not running on an EC2 instance, or the meta-data service is down')
87 |
88 | region = instance_metadata['placement']['availability-zone'][:-1]
89 | log.debug("Running in region: %s", region)
90 |
91 | conn = boto.sdb.connect_to_region(region)
92 |
93 | if args.command == 'ListDomains':
94 | log.info('Getting list of domains...')
95 | domains = conn.get_all_domains()
96 | for domain in domains:
97 | log.info(' - %s', domain.name)
98 |
99 | elif args.command == 'CreateDomain':
100 | if len(args.argument) != 1:
101 | _fail('The name of the domain is required as the first argument')
102 | domain_name = args.argument[0]
103 | log.info('Creating domain %s...', domain_name)
104 | domain = conn.create_domain(domain_name)
105 | if not domain:
106 | _fail('Unknown error while creating domain. Try increasing verbosity with -vvvv to find out why.')
107 |
108 | elif args.command == 'DeleteDomain':
109 | if len(args.argument) != 1:
110 | _fail('The name of the domain is required as the first argument')
111 | domain_name = args.argument[0]
112 | log.info('Deleting domain %s...', domain_name)
113 | success = conn.delete_domain(domain_name)
114 | if not success:
115 | _fail('Unknown error while deleting domain. Try increasing verbosity with -vvvv to find out why.')
116 |
117 | log.info('Completed successfully')
118 |
119 |
120 | if __name__ == "__main__":
121 | main()
122 |
--------------------------------------------------------------------------------
/cloudformation/generators/eureka.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # Eureka CloudFormation template
4 |
5 | from troposphere import Template, Parameter, Join, Ref, FindInMap, Output, GetAtt, GetAZs
6 | import troposphere.ec2 as ec2
7 | import troposphere.autoscaling as auto
8 | from troposphere.iam import Role, Policy, InstanceProfile, PolicyType
9 |
10 | template = Template()
11 | template.add_description('NetflixOSS Eureka 1.1.121 - Template by Answers for AWS')
12 |
13 | keyname = template.add_parameter(Parameter(
14 | "KeyPairName",
15 | Description = "Name of an existing EC2 KeyPair to enable SSH access to the instance",
16 | Type = "String",
17 | MinLength = "1",
18 | MaxLength = "64",
19 | AllowedPattern = "[-_ a-zA-Z0-9]*",
20 | ConstraintDescription = "can contain only alphanumeric characters, spaces, dashes and underscores."
21 | ))
22 |
23 | ip_address = template.add_parameter(Parameter(
24 | "YourIpAddress",
25 | Description = "Your IP address",
26 | Type = "String",
27 | ))
28 |
29 | instance_type = template.add_parameter(Parameter(
30 | "InstanceType",
31 | Description = "EC2 instance type to launch for Application servers",
32 | Type = "String",
33 | Default = "m1.medium",
34 | AllowedValues = [ "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.xlarge", "m3.2xlarge", "c1.medium", "c1.xlarge", "cg1.4xlarge" ],
35 | ConstraintDescription = "must be a valid EC2 instance type"
36 | ))
37 |
38 |
39 | template.add_mapping('RegionMap', {
40 | "us-east-1": {"AMI": "ami-99247ff0"},
41 | "us-west-1": {"AMI": "ami-ae0234eb"},
42 | "us-west-2": {"AMI": "ami-f40991c4"},
43 | "eu-west-1": {"AMI": "ami-c1c527b6"},
44 | "sa-east-1": {"AMI": "ami-df45e3c2"},
45 | "ap-southeast-1": {"AMI": "ami-2a9cc978"},
46 | "ap-southeast-2": {"AMI": "ami-1970ec23"},
47 | "ap-northeast-1": {"AMI": "ami-91d3b690"}
48 | })
49 |
50 | role = template.add_resource(Role('EurekaRole',
51 | AssumeRolePolicyDocument = {
52 | "Statement": [{
53 | "Effect": "Allow",
54 | "Principal":{
55 | "Service":["ec2.amazonaws.com"]
56 | },
57 | "Action":["sts:AssumeRole"]
58 | }]
59 | },
60 | Path = "/",
61 | Policies = [
62 | Policy(
63 | PolicyName = "EurekaPolicy",
64 | PolicyDocument = {
65 | "Statement": [
66 | {
67 | "Effect": "Allow",
68 | "Action": [
69 | "autoscaling:DescribeAutoScalingGroups",
70 | "ec2:AssociateAddress",
71 | "ec2:DisassociateAddress"
72 |
73 | ],
74 | "Resource": "*"
75 | }
76 | ]
77 | }
78 | )
79 | ]
80 | ))
81 |
82 | instance_profile = template.add_resource(InstanceProfile(
83 | "EurekaInstanceProfile",
84 | Path = "/",
85 | Roles = [Ref(role)]
86 | ))
87 |
88 |
89 | # Create a security group
90 | sg = template.add_resource(ec2.SecurityGroup('EurekaSecurityGroup'))
91 | sg.GroupDescription = 'Access to Eureka'
92 | sg.SecurityGroupIngress = [
93 | ec2.SecurityGroupRule(
94 | IpProtocol = 'tcp',
95 | FromPort = '22',
96 | ToPort = '22',
97 | CidrIp = '0.0.0.0/0'
98 | ),
99 | ec2.SecurityGroupRule(
100 | IpProtocol = 'tcp',
101 | FromPort = '80',
102 | ToPort = '80',
103 | CidrIp = Join('/', [Ref(ip_address), "32"])
104 | )
105 | ]
106 |
107 |
108 | # Launch config
109 | launch_config = template.add_resource(auto.LaunchConfiguration('MyLaunchConfig',
110 | ImageId = FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
111 | InstanceType = Ref(instance_type),
112 | KeyName = Ref(keyname),
113 | SecurityGroups = [Ref(sg)],
114 | IamInstanceProfile = Ref(instance_profile)
115 | ))
116 |
117 | # Autoscaling Group
118 | asg = template.add_resource(auto.AutoScalingGroup('MyASG',
119 | AvailabilityZones = GetAZs(''),
120 | Cooldown = 120,
121 | LaunchConfigurationName = Ref(launch_config),
122 | MaxSize = '1',
123 | MinSize = '1',
124 | Tags = [
125 | {'Key': 'Name',
126 | 'Value': 'Eureka',
127 | 'PropagateAtLaunch': 'true'}
128 | ]
129 | ))
130 |
131 | # Add generic output
132 | template.add_output(Output(
133 | 'Eureka',
134 | Description = 'Please go to the EC2 page in the AWS Web Console',
135 | Value = 'Look for the instance named Eureka and assign it an Elastic IP'
136 | ))
137 |
138 | # Print template
139 | print(template.to_json())
140 |
141 | #
142 | #import requests
143 | #myip_response = requests.get(url='http://icanhazip.com')
144 | #myip = myip_response.text
145 | #
146 | ## Create new CloudFormation Stack from template
147 | #from boto import cloudformation
148 | #try:
149 | # conn = cloudformation.connect_to_region('us-east-1')
150 | # stack_id = conn.create_stack(
151 | # 'Eureka',
152 | # template_body=template.to_json(),
153 | # parameters=[
154 | # ('KeyPairName', 'answersforaws'),
155 | # ('YourIpAddress', myip),
156 | # ]
157 | # )
158 | # print 'Created ' + stack_id
159 | #except Exception, e:
160 | # print e
161 | # print e.message
162 |
--------------------------------------------------------------------------------
/cloudformation/aminator.json:
--------------------------------------------------------------------------------
1 | {
2 | "AWSTemplateFormatVersion":"2010-09-09",
3 | "Description":"NetflixOSS Aminator 2.0.174 - Template by Answers for AWS",
4 | "Parameters":{
5 | "InstanceType":{
6 | "Description":"Type of EC2 instances to launch",
7 | "Type":"String",
8 | "Default":"m3.medium",
9 | "AllowedValues" : [ "t1.micro", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "c1.medium", "c1.xlarge", "cg1.4xlarge" ],
10 | "ConstraintDescription" : "must be a valid EC2 instance type."
11 | },
12 | "KeyName":{
13 | "Description":"The EC2 Key Pair to allow SSH access to the instances",
14 | "Type":"String",
15 | "MinLength": "1",
16 | "MaxLength": "64",
17 | "AllowedPattern" : "[-_ a-zA-Z0-9]*",
18 | "ConstraintDescription" : "can contain only alphanumeric characters, spaces, dashes and underscores."
19 | }
20 | },
21 |
22 | "Mappings":{
23 | "AWSRegion2AMI":{
24 | "us-east-1":{
25 | "ami":"ami-89b6ece0"
26 | },
27 | "us-west-1":{
28 | "ami":"ami-36c6f073"
29 | },
30 | "us-west-2":{
31 | "ami":"ami-ecc65ddc"
32 | },
33 | "eu-west-1":{
34 | "ami":"ami-b957b5ce"
35 | },
36 | "sa-east-1":{
37 | "ami":"ami-a15bfdbc"
38 | },
39 | "ap-southeast-1":{
40 | "ami":"ami-16bbee44"
41 | },
42 | "ap-southeast-2":{
43 | "ami":"ami-e31884d9"
44 | },
45 | "ap-northeast-1":{
46 | "ami":"ami-53beda52"
47 | }
48 | }
49 | },
50 |
51 | "Resources" : {
52 | "AminatorIamRole":{
53 | "Type":"AWS::IAM::Role",
54 | "Properties":{
55 | "AssumeRolePolicyDocument":{
56 | "Statement":[
57 | {
58 | "Effect":"Allow",
59 | "Principal":{
60 | "Service":[
61 | "ec2.amazonaws.com"
62 | ]
63 | },
64 | "Action":[
65 | "sts:AssumeRole"
66 | ]
67 | }
68 | ]
69 | },
70 | "Path":"/",
71 | "Policies":[
72 | {
73 | "PolicyName":"AminatorPolicy",
74 | "PolicyDocument":{
75 | "Statement": [
76 | {
77 | "Effect": "Allow",
78 | "Action": [
79 | "ec2:AttachVolume",
80 | "ec2:CopyImage",
81 | "ec2:CopySnapshot",
82 | "ec2:CreateImage",
83 | "ec2:CreateSnapshot",
84 | "ec2:CreateTags",
85 | "ec2:CreateVolume",
86 | "ec2:DeleteSnapshot",
87 | "ec2:DeleteTags",
88 | "ec2:DeleteVolume",
89 | "ec2:DeregisterImage",
90 | "ec2:DetachVolume",
91 | "ec2:ModifyImageAttribute",
92 | "ec2:ModifySnapshotAttribute",
93 | "ec2:ModifyVolumeAttribute",
94 | "ec2:RegisterImage",
95 | "ec2:ResetImageAttribute",
96 | "ec2:ResetSnapshotAttribute",
97 | "ec2:Describe*",
98 | "s3:Get*",
99 | "s3:List*"
100 | ],
101 | "Resource": "*"
102 | }
103 | ]
104 | }
105 | }
106 | ]
107 | }
108 | },
109 | "AminatorInstanceProfile":{
110 | "Type":"AWS::IAM::InstanceProfile",
111 | "Properties":{
112 | "Path":"/",
113 | "Roles":[
114 | {
115 | "Ref":"AminatorIamRole"
116 | }
117 | ]
118 | }
119 | },
120 |
121 | "AminatorASG":{
122 | "Type":"AWS::AutoScaling::AutoScalingGroup",
123 | "Properties":{
124 | "AvailabilityZones":{
125 | "Fn::GetAZs":""
126 | },
127 | "LaunchConfigurationName":{
128 | "Ref":"AminatorLaunchConfig"
129 | },
130 | "MinSize":1,
131 | "MaxSize":1,
132 | "Cooldown":"120",
133 | "Tags":[
134 | {
135 | "Key":"Name",
136 | "Value":"Aminator",
137 | "PropagateAtLaunch":"true"
138 | }
139 | ]
140 | }
141 | },
142 |
143 | "AminatorLaunchConfig":{
144 | "Type":"AWS::AutoScaling::LaunchConfiguration",
145 | "Properties":{
146 | "KeyName":{
147 | "Ref":"KeyName"
148 | },
149 | "ImageId":{
150 | "Fn::FindInMap":[
151 | "AWSRegion2AMI",
152 | {
153 | "Ref":"AWS::Region"
154 | },
155 | "ami"
156 | ]
157 | },
158 | "SecurityGroups":[
159 | {
160 | "Ref":"AminatorSecurityGroup"
161 | }
162 | ],
163 | "InstanceType":{ "Ref": "InstanceType" },
164 | "IamInstanceProfile":{
165 | "Ref":"AminatorInstanceProfile"
166 | }
167 | }
168 | },
169 |
170 | "AminatorSecurityGroup":{
171 | "Type":"AWS::EC2::SecurityGroup",
172 | "Properties":{
173 | "GroupDescription":"Access to Aminator",
174 | "SecurityGroupIngress":[
175 | {
176 | "IpProtocol":"tcp",
177 | "FromPort":"22",
178 | "ToPort":"22",
179 | "CidrIp":"0.0.0.0/0"
180 | }
181 | ]
182 | }
183 | }
184 | }
185 | }
--------------------------------------------------------------------------------
/cloudformation/asgard.json:
--------------------------------------------------------------------------------
1 | {
2 | "Description": "NetflixOSS Asgard 1.4.1 - Template by Answers for AWS",
3 | "Mappings": {
4 | "RegionMap": {
5 | "ap-northeast-1": {
6 | "AMI": "ami-8f39568e"
7 | },
8 | "ap-southeast-1": {
9 | "AMI": "ami-149fc846"
10 | },
11 | "ap-southeast-2": {
12 | "AMI": "ami-e5d749df"
13 | },
14 | "eu-west-1": {
15 | "AMI": "ami-a8e10bdf"
16 | },
17 | "sa-east-1": {
18 | "AMI": "ami-4bf85856"
19 | },
20 | "us-east-1": {
21 | "AMI": "ami-7724131e"
22 | },
23 | "us-west-1": {
24 | "AMI": "ami-3cdcef79"
25 | },
26 | "us-west-2": {
27 | "AMI": "ami-a86f0998"
28 | }
29 | }
30 | },
31 | "Outputs": {
32 | "PrivateIP": {
33 | "Description": "Private IP address of the Asgard instance",
34 | "Value": {
35 | "Fn::GetAtt": [
36 | "AsgardInstance",
37 | "PrivateIp"
38 | ]
39 | }
40 | },
41 | "PublicDNS": {
42 | "Description": "Public DNSName of the Asgard instance",
43 | "Value": {
44 | "Fn::GetAtt": [
45 | "AsgardInstance",
46 | "PublicDnsName"
47 | ]
48 | }
49 | },
50 | "PublicIP": {
51 | "Description": "Public IP address of the Asgard instance",
52 | "Value": {
53 | "Fn::GetAtt": [
54 | "AsgardInstance",
55 | "PublicIp"
56 | ]
57 | }
58 | }
59 | },
60 | "Parameters": {
61 | "InstanceType": {
62 | "AllowedValues": [
63 | "m1.medium",
64 | "m1.large",
65 | "m1.xlarge",
66 | "m2.xlarge",
67 | "m2.2xlarge",
68 | "m2.4xlarge",
69 | "m3.xlarge",
70 | "m3.2xlarge",
71 | "c1.medium",
72 | "c1.xlarge",
73 | "cg1.4xlarge"
74 | ],
75 | "ConstraintDescription": "must be a valid EC2 instance type",
76 | "Default": "m1.medium",
77 | "Description": "EC2 instance type to launch for Application servers",
78 | "Type": "String"
79 | },
80 | "KeyPairName": {
81 | "AllowedPattern": "[-_ a-zA-Z0-9]*",
82 | "ConstraintDescription": "can contain only alphanumeric characters, spaces, dashes and underscores.",
83 | "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance",
84 | "MaxLength": 64,
85 | "MinLength": 1,
86 | "Type": "String"
87 | },
88 | "OracleJava": {
89 | "AllowedValues": [
90 | "yes",
91 | "YES",
92 | "'yes'",
93 | "Yes"
94 | ],
95 | "ConstraintDescription": "Type 'yes' to agree to the license",
96 | "Description": "Type 'yes' to accept the Oracle Java license found here: http://www.oracle.com/technetwork/java/javase/terms/license/index.html",
97 | "Type": "String"
98 | },
99 | "YourIpAddress": {
100 | "Description": "Your IP address",
101 | "Type": "String"
102 | }
103 | },
104 | "Resources": {
105 | "AsgardInstance": {
106 | "Properties": {
107 | "ImageId": {
108 | "Fn::FindInMap": [
109 | "RegionMap",
110 | {
111 | "Ref": "AWS::Region"
112 | },
113 | "AMI"
114 | ]
115 | },
116 | "InstanceType": {
117 | "Ref": "InstanceType"
118 | },
119 | "KeyName": {
120 | "Ref": "KeyPairName"
121 | },
122 | "SecurityGroups": [
123 | {
124 | "Ref": "AsgardSecurityGroup"
125 | }
126 | ],
127 | "Tags": [
128 | {
129 | "Key": "Name",
130 | "Value": "Asgard"
131 | }
132 | ]
133 | },
134 | "Type": "AWS::EC2::Instance"
135 | },
136 | "AsgardSecurityGroup": {
137 | "Properties": {
138 | "GroupDescription": "Access to Asgard Instance",
139 | "SecurityGroupIngress": [
140 | {
141 | "CidrIp": "0.0.0.0/0",
142 | "FromPort": 22,
143 | "IpProtocol": "tcp",
144 | "ToPort": 22
145 | },
146 | {
147 | "CidrIp": {
148 | "Fn::Join": [
149 | "/",
150 | [
151 | {
152 | "Ref": "YourIpAddress"
153 | },
154 | "32"
155 | ]
156 | ]
157 | },
158 | "FromPort": 80,
159 | "IpProtocol": "tcp",
160 | "ToPort": 80
161 | }
162 | ]
163 | },
164 | "Type": "AWS::EC2::SecurityGroup"
165 | }
166 | }
167 | }
168 |
--------------------------------------------------------------------------------
/cloudformation/other/manual-ami-baker.json:
--------------------------------------------------------------------------------
1 | {
2 | "AWSTemplateFormatVersion":"2010-09-09",
3 | "Description":"A manual AMI baker instance - by Answers for AWS",
4 | "Parameters":{
5 | "InstanceType":{
6 | "Description":"Type of EC2 instances to launch",
7 | "Type":"String",
8 | "Default":"t1.micro",
9 | "AllowedValues" : [ "t1.micro", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.xlarge", "m3.2xlarge", "c1.medium", "c1.xlarge", "cg1.4xlarge" ],
10 | "ConstraintDescription" : "must be a valid EC2 instance type."
11 | },
12 | "KeyName":{
13 | "Description":"The EC2 Key Pair to allow SSH access to the instances",
14 | "Type":"String",
15 | "MinLength": "1",
16 | "MaxLength": "64",
17 | "AllowedPattern" : "[-_ a-zA-Z0-9]*",
18 | "ConstraintDescription" : "can contain only alphanumeric characters, spaces, dashes and underscores."
19 | }
20 | },
21 |
22 | "Mappings":{
23 | "AWSRegion2AMI":{
24 | "us-east-1":{
25 | "ami":"ami-69f5a900"
26 | },
27 | "us-west-1":{
28 | "ami":"ami-ecd8efa9"
29 | },
30 | "us-west-2":{
31 | "ami":"ami-30079e00"
32 | },
33 | "eu-west-1":{
34 | "ami":"ami-e21dfd95"
35 | },
36 | "sa-east-1":{
37 | "ami":"ami-5bac0a46"
38 | },
39 | "ap-southeast-1":{
40 | "ami":"ami-76134624"
41 | },
42 | "ap-southeast-2":{
43 | "ami":"ami-cd8b17f7"
44 | },
45 | "ap-northeast-1":{
46 | "ami":"ami-c933a8c8"
47 | }
48 | }
49 | },
50 |
51 | "Resources" : {
52 | "IamRole":{
53 | "Type":"AWS::IAM::Role",
54 | "Properties":{
55 | "AssumeRolePolicyDocument":{
56 | "Statement":[
57 | {
58 | "Effect":"Allow",
59 | "Principal":{
60 | "Service":[
61 | "ec2.amazonaws.com"
62 | ]
63 | },
64 | "Action":[
65 | "sts:AssumeRole"
66 | ]
67 | }
68 | ]
69 | },
70 | "Path":"/",
71 | "Policies":[
72 | {
73 | "PolicyName":"Policy",
74 | "PolicyDocument":{
75 | "Statement": [
76 | {
77 | "Effect": "Allow",
78 | "Action": [
79 | "ec2:AttachVolume",
80 | "ec2:CopyImage",
81 | "ec2:CopySnapshot",
82 | "ec2:CreateImage",
83 | "ec2:CreateSnapshot",
84 | "ec2:CreateTags",
85 | "ec2:CreateVolume",
86 | "ec2:DeleteSnapshot",
87 | "ec2:DeleteTags",
88 | "ec2:DeleteVolume",
89 | "ec2:DetachVolume",
90 | "ec2:ModifyImageAttribute",
91 | "ec2:ModifySnapshotAttribute",
92 | "ec2:ModifyVolumeAttribute",
93 | "ec2:RegisterImage",
94 | "ec2:ResetImageAttribute",
95 | "ec2:ResetSnapshotAttribute",
96 | "ec2:Describe*"
97 | ],
98 | "Resource": "*"
99 | }
100 | ]
101 | }
102 | }
103 | ]
104 | }
105 | },
106 | "InstanceProfile":{
107 | "Type":"AWS::IAM::InstanceProfile",
108 | "Properties":{
109 | "Path":"/",
110 | "Roles":[
111 | {
112 | "Ref":"IamRole"
113 | }
114 | ]
115 | }
116 | },
117 |
118 | "Instance":{
119 | "Type": "AWS::EC2::Instance",
120 | "Properties": {
121 | "IamInstanceProfile":{
122 | "Ref":"InstanceProfile"
123 | },
124 | "ImageId":{
125 | "Fn::FindInMap":[
126 | "AWSRegion2AMI",
127 | {
128 | "Ref":"AWS::Region"
129 | },
130 | "ami"
131 | ]
132 | },
133 | "InstanceType":{ "Ref": "InstanceType" },
134 | "KeyName":{
135 | "Ref":"KeyName"
136 | },
137 | "SecurityGroupIds": [ { "Ref": "SecurityGroup" } ],
138 | "Tags" : [ {
139 | "Key" : "Name",
140 | "Value" : "amibaker"
141 | } ],
142 | "UserData":{
143 | "Fn::Base64":{
144 | "Fn::Join":[
145 | "\n",
146 | [
147 | "#!/bin/bash",
148 | "apt-get update",
149 | "apt-get install -y git-core",
150 | "sudo -u ubuntu -H -i git clone https://github.com/Answers4AWS/netflixoss-ansible.git"
151 | ]
152 | ]
153 | }
154 | }
155 | }
156 | },
157 |
158 | "SecurityGroup":{
159 | "Type":"AWS::EC2::SecurityGroup",
160 | "Properties":{
161 | "GroupDescription":"Access to manual AMI baker",
162 | "SecurityGroupIngress":[
163 | {
164 | "IpProtocol":"tcp",
165 | "FromPort":"22",
166 | "ToPort":"22",
167 | "CidrIp":"0.0.0.0/0"
168 | }
169 | ]
170 | }
171 | }
172 | },
173 |
174 | "Outputs":{
175 | "step001":{
176 | "Description":"Step 1: SSH to this instance using your KeyPair",
177 | "Value":{
178 | "Fn::Join":[
179 | "",
180 | [
181 | "ssh -i ",
182 | {
183 | "Ref":"KeyName"
184 | },
185 | ".pem ubuntu@",
186 | {
187 | "Fn::GetAtt":[
188 | "Instance",
189 | "PublicDnsName"
190 | ]
191 | }
192 | ]
193 | ]
194 | }
195 | },
196 | "step002":{
197 | "Description":"Step 2: Create a Foundation EBS volume",
198 | "Value":"./netflixoss-ansible/foundation-ami/ubuntu/foundation-create-volume"
199 | },
200 | "step003":{
201 | "Description":"Step 3: Create your Foundation AMI from the Foundation EBS volume",
202 | "Value":"./netflixoss-ansible/foundation-ami/ubuntu/foundation-create-ami"
203 | }
204 | }
205 | }
206 |
--------------------------------------------------------------------------------
/cloudformation/simian-army.json:
--------------------------------------------------------------------------------
1 | {
2 | "AWSTemplateFormatVersion":"2010-09-09",
3 | "Description":"NetflixOSS Simian Army - Template by Answers for AWS",
4 | "Parameters":{
5 | "InstanceType":{
6 | "Description":"Type of EC2 instances to launch",
7 | "Type":"String",
8 | "Default":"t1.micro",
9 | "AllowedValues" : [ "t1.micro", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.xlarge", "m3.2xlarge", "c1.medium", "c1.xlarge", "cg1.4xlarge" ],
10 | "ConstraintDescription" : "must be a valid EC2 instance type."
11 | },
12 | "KeyName":{
13 | "Description":"The EC2 Key Pair to allow SSH access to the instances",
14 | "Type":"String",
15 | "MinLength": "1",
16 | "MaxLength": "64",
17 | "AllowedPattern" : "[-_ a-zA-Z0-9]*",
18 | "ConstraintDescription" : "can contain only alphanumeric characters, spaces, dashes and underscores."
19 | },
20 | "WebAccessIP":{
21 | "Description":"The IP address to allow web access from (your IP address)",
22 | "Type":"String",
23 | "MinLength": "7",
24 | "MaxLength": "15",
25 | "AllowedPattern" : "[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+",
26 | "ConstraintDescription" : "must be a valid IP address"
27 | }
28 | },
29 |
30 | "Mappings":{
31 | "AWSRegion2AMI":{
32 | "us-east-1":{
33 | "ami":"ami-b386cfda"
34 | },
35 | "us-west-1":{
36 | "ami":"ami-ee1124ab"
37 | },
38 | "us-west-2":{
39 | "ami":"ami-e0cc53d0"
40 | },
41 | "eu-west-1":{
42 | "ami":"ami-b819fccf"
43 | },
44 | "sa-east-1":{
45 | "ami":"ami-bddc7ba0"
46 | },
47 | "ap-southeast-1":{
48 | "ami":"ami-369ad164"
49 | },
50 | "ap-southeast-2":{
51 | "ami":"ami-29910c13"
52 | },
53 | "ap-northeast-1":{
54 | "ami":"ami-a1fa66a0"
55 | }
56 | }
57 | },
58 |
59 | "Resources" : {
60 | "SimianArmyIamRole":{
61 | "Type":"AWS::IAM::Role",
62 | "Properties":{
63 | "AssumeRolePolicyDocument":{
64 | "Statement":[
65 | {
66 | "Effect":"Allow",
67 | "Principal":{
68 | "Service":[
69 | "ec2.amazonaws.com"
70 | ]
71 | },
72 | "Action":[
73 | "sts:AssumeRole"
74 | ]
75 | }
76 | ]
77 | },
78 | "Path":"/",
79 | "Policies":[
80 | {
81 | "PolicyName":"SimianArmyPolicy",
82 | "PolicyDocument":{
83 | "Statement": [
84 | {
85 | "Effect": "Allow",
86 | "Action": [
87 | "ec2:CreateTags",
88 | "ec2:DeleteSnapshot",
89 | "ec2:DescribeImages",
90 | "ec2:DescribeInstances",
91 | "ec2:DescribeSnapshots",
92 | "ec2:DescribeVolumes",
93 | "ec2:TerminateInstances",
94 | "autoscaling:DeleteAutoScalingGroup",
95 | "autoscaling:DescribeAutoScalingGroups",
96 | "autoscaling:DescribeAutoScalingInstances",
97 | "autoscaling:DescribeLaunchConfigurations",
98 | "sdb:BatchDeleteAttributes",
99 | "sdb:BatchPutAttributes",
100 | "sdb:CreateDomain",
101 | "sdb:DeleteDomain",
102 | "sdb:DomainMetadata",
103 | "sdb:GetAttributes",
104 | "sdb:ListDomains",
105 | "sdb:PutAttributes",
106 | "sdb:Select",
107 | "ses:SendEmail"
108 | ],
109 | "Resource": "*"
110 | }
111 | ]
112 | }
113 | }
114 | ]
115 | }
116 | },
117 | "SimianArmyInstanceProfile":{
118 | "Type":"AWS::IAM::InstanceProfile",
119 | "Properties":{
120 | "Path":"/",
121 | "Roles":[
122 | {
123 | "Ref":"SimianArmyIamRole"
124 | }
125 | ]
126 | }
127 | },
128 |
129 | "SimianArmyASG":{
130 | "Type":"AWS::AutoScaling::AutoScalingGroup",
131 | "Properties":{
132 | "AvailabilityZones":{
133 | "Fn::GetAZs":""
134 | },
135 | "LaunchConfigurationName":{
136 | "Ref":"SimianArmyLaunchConfig"
137 | },
138 | "MinSize":1,
139 | "MaxSize":1,
140 | "Cooldown":"120",
141 | "Tags":[
142 | {
143 | "Key":"Name",
144 | "Value":"SimianArmy",
145 | "PropagateAtLaunch":"true"
146 | }
147 | ]
148 | }
149 | },
150 |
151 | "SimianArmyLaunchConfig":{
152 | "Type":"AWS::AutoScaling::LaunchConfiguration",
153 | "Properties":{
154 | "KeyName":{
155 | "Ref":"KeyName"
156 | },
157 | "ImageId":{
158 | "Fn::FindInMap":[
159 | "AWSRegion2AMI",
160 | {
161 | "Ref":"AWS::Region"
162 | },
163 | "ami"
164 | ]
165 | },
166 | "SecurityGroups":[
167 | {
168 | "Ref":"SimianArmySecurityGroup"
169 | }
170 | ],
171 | "InstanceType":{ "Ref": "InstanceType" },
172 | "IamInstanceProfile":{
173 | "Ref":"SimianArmyInstanceProfile"
174 | }
175 | }
176 | },
177 |
178 | "SimianArmySecurityGroup":{
179 | "Type":"AWS::EC2::SecurityGroup",
180 | "Properties":{
181 | "GroupDescription":"Access to Simian Army",
182 | "SecurityGroupIngress":[
183 | {
184 | "IpProtocol":"tcp",
185 | "FromPort":"22",
186 | "ToPort":"22",
187 | "CidrIp":"0.0.0.0/0"
188 | },
189 | {
190 | "IpProtocol":"tcp",
191 | "FromPort":"80",
192 | "ToPort":"80",
193 | "CidrIp":{
194 | "Fn::Join":[
195 | "",
196 | [
197 | { "Ref": "WebAccessIP" },
198 | "/32"
199 | ]
200 | ]
201 | }
202 | }
203 | ]
204 | }
205 | }
206 | }
207 | }
--------------------------------------------------------------------------------
/foundation-ami/ubuntu/foundation-create-volume:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Copyright 2013 Answers for AWS LLC
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 |
16 | # Creates a Foundation EBS Volume based on the latest Ubuntu LTS release.
17 | #
18 | # This expects to run on an EC2 instance
19 | #
20 | # Code adapted from: alestic-git
21 |
22 | # Include helper functions and variables
23 | . _include.sh
24 |
25 | echo "-- Create Foundation Volume --"
26 | echo "Ubuntu version: $release $codename"
27 | read -e -p "What size image would you like (Gb): " -i "$size" size
28 | echo "Creating image size: $size Gb"
29 | echo
30 | echo "Remember, if anything goes wrong, you can attempt to clean up by running"
31 | echo " ./foundation-cleanup"
32 | echo
33 |
34 | ########################################
35 | # Host updates below
36 | ########################################
37 |
38 | echo "Updating and installing packages needed to build the AMI"
39 |
40 | # Update and install Ubuntu packages
41 | export DEBIAN_FRONTEND=noninteractive
42 | sudo perl -pi -e 's/^# *(deb .*multiverse)$/$1/' /etc/apt/sources.list
43 | sudo apt-get update
44 | sudo -E apt-get upgrade -y
45 | sudo -E apt-get install --no-install-recommends -y \
46 | ec2-ami-tools \
47 | ec2-api-tools \
48 | git-core
49 |
50 | # This is here because we need to use IAM Roles
51 | if [ ! -e ec2-api-tools_1.6.6.0-0ubuntu1_all.deb ]; then
52 | wget http://mirrors.us.kernel.org/ubuntu/pool/multiverse/e/ec2-api-tools/ec2-api-tools_1.6.6.0-0ubuntu1_all.deb
53 | fi
54 | sudo dpkg -i ec2-api-tools_1.6.6.0-0ubuntu1_all.deb
55 |
56 | # Download base Ubuntu server image built by Canonical
57 | image=/mnt/$imagename.img
58 | imagedir=/mnt/$codename-cloudimg-$arch2
59 | if [ ! -e $image ]; then
60 | echo "Downloading Ubuntu Image"
61 | wget -qO- $imageurl |
62 | sudo tar xzf - -C /mnt
63 | fi
64 |
65 | echo "Mounting Ubunutu image"
66 | sudo mkdir -p $imagedir
67 | sudo cp $image $thisImage
68 | sudo mount -o loop $thisImage $imagedir
69 |
70 |
71 |
72 | ########################################
73 | # Begin AMI modifications below
74 | ########################################
75 |
76 | echo "Allow network access from chroot environment"
77 | sudo rm -f $imagedir/etc/resolv.conf
78 | sudo cp -f /etc/resolv.conf $imagedir/etc/
79 |
80 | echo "Configuring chroot environment to work like a booted OS"
81 | sudo chroot $imagedir mount -t proc none /proc
82 | #sudo chroot $imagedir mount -t devpts none /dev/pts
83 | cat < /dev/null
84 | #!/bin/sh
85 | exit 101
86 | EOF
87 | sudo chmod 755 $imagedir/usr/sbin/policy-rc.d
88 | DEBIAN_FRONTEND=noninteractive
89 |
90 | echo
91 | echo "Enabling multiverse repo"
92 | sudo perl -pi -e 's/^# *(deb .*multiverse)$/$1/' \
93 | $imagedir/etc/apt/sources.list \
94 | $imagedir/etc/cloud/templates/sources.list.tmpl
95 |
96 | echo "Adding locale"
97 | sudo -E chroot $imagedir locale-gen en_US.UTF-8
98 |
99 | # Upgrade and install packages on the target file system
100 | echo
101 | echo "Updating and upgrading image"
102 | sudo chroot $imagedir apt-get update
103 | sudo -E chroot $imagedir apt-get dist-upgrade -y
104 |
105 | echo "Installing new software on image"
106 | # Install software
107 | sudo -E chroot $imagedir \
108 | apt-get install --no-install-recommends -y \
109 | coreutils \
110 | git-core \
111 | libapt-pkg4.12 \
112 | make \
113 | python-crypto \
114 | python-support \
115 | python-jinja2 \
116 | python-pip
117 |
118 |
119 | # Use XFS for the target root file system because it is better than ext4
120 | #echo "Setting XFS config"
121 | #sudo perl -pi -e 's/ext4/xfs/' $imagedir/etc/fstab
122 | sudo perl -pi -e 's/cloudimg/uec/' $imagedir/etc/fstab
123 | sudo perl -pi -e 's/cloudimg/uec/' $imagedir/boot/grub/menu.lst
124 |
125 | echo "Creating EBS volume for image"
126 | # Create and mount temporary EBS volume with file system to hold new AMI image
127 | volumeid=$(ec2-create-volume --region $region --size $size --availability-zone $zone |
128 | cut -f2)
129 | if [ "$volumeid" = "" ]; then
130 | echo "ERROR: Could not create EBS volume using 'ec2-create-volume'"
131 | echo "Make sure this EC2 instance is in a Role that has permission to create EBS volumes"
132 | exit 1
133 | fi
134 | echo "$volumeid" > /tmp/image.volume.id
135 | instanceid=$(wget -qO- http://169.254.169.254/latest/meta-data/instance-id)
136 | ec2-attach-volume --region $region --device /dev/sdi --instance "$instanceid" "$volumeid"
137 | dev=/dev/xvdi
138 | while [ ! -e $dev ]
139 | do
140 | echo -n "."
141 | sleep 3
142 | done
143 | echo " Done"
144 |
145 | echo "Creating filesystem on EBS volume"
146 | sudo mkfs.ext4 -L uec-rootfs $dev
147 | sudo mkdir $ebsimagedir
148 | sudo mount $dev $ebsimagedir
149 |
150 | # Copy file system from temporary rootdir to EBS volume
151 | echo "Copying files from image to EBS volume"
152 | sudo rsync -axHAX $imagedir/ $ebsimagedir/
153 |
154 | echo "Unmounting image"
155 | sudo chroot $imagedir umount /proc
156 | sudo umount $imagedir
157 | sudo rm -f $thisImage
158 |
159 |
160 | ### Now only working on EBS volume
161 |
162 |
163 | echo "Mounting /proc and /dev/pts"
164 | #sudo chroot $ebsimagedir rm -rf /dev/*
165 | sudo chroot $ebsimagedir mount -t proc none /proc
166 | sudo mount -o bind /dev $ebsimagedir/dev
167 | #sudo chroot $ebsimagedir mkdir -p -v /dev/pts
168 | #sudo chroot $ebsimagedir chmod 755 /dev/pts
169 | #sudo chroot $ebsimagedir mount -t devpts none /dev/pts
170 | #sudo chroot $ebsimagedir mknod -m 666 /dev/null c 1 3
171 |
172 | echo
173 | echo "Installing Ansible"
174 | sudo -E chroot $ebsimagedir pip install ansible
175 |
176 | echo
177 | echo "DONE"
178 | echo
179 | echo "Volume Location: $ebsimagedir"
180 | echo "To do stuff inside the chroot environment:"
181 | echo "sudo -E chroot $ebsimagedir sudo su"
182 | echo
183 | echo "When you are done customizing (which may be now), run:"
184 | echo " ./foundation-create-ami"
185 | echo
186 |
187 |
188 |
--------------------------------------------------------------------------------
/cloudformation/edda.json:
--------------------------------------------------------------------------------
1 | {
2 | "AWSTemplateFormatVersion":"2010-09-09",
3 | "Description":"NetflixOSS Edda 2.1 - Template by Answers for AWS",
4 | "Parameters":{
5 | "InstanceType":{
6 | "Description":"Type of EC2 instances to launch",
7 | "Type":"String",
8 | "Default":"m1.medium",
9 | "AllowedValues" : [ "t1.micro", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.xlarge", "m3.2xlarge", "c1.medium", "c1.xlarge", "cg1.4xlarge" ],
10 | "ConstraintDescription" : "must be a valid EC2 instance type."
11 | },
12 | "KeyName":{
13 | "Description":"The EC2 Key Pair to allow SSH access to the instances",
14 | "Type":"String",
15 | "MinLength": "1",
16 | "MaxLength": "64",
17 | "AllowedPattern" : "[-_ a-zA-Z0-9]*",
18 | "ConstraintDescription" : "can contain only alphanumeric characters, spaces, dashes and underscores."
19 | },
20 | "WebAccessIP":{
21 | "Description":"The IP address to allow web access from (your IP address)",
22 | "Type":"String",
23 | "MinLength": "7",
24 | "MaxLength": "15",
25 | "AllowedPattern" : "[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+",
26 | "ConstraintDescription" : "must be a valid IP address"
27 | }
28 | },
29 |
30 | "Mappings":{
31 | "AWSRegion2AMI":{
32 | "us-east-1":{
33 | "ami":"ami-5d1d5534"
34 | },
35 | "us-west-1":{
36 | "ami":"ami-06093c43"
37 | },
38 | "us-west-2":{
39 | "ami":"ami-18ed7228"
40 | },
41 | "eu-west-1":{
42 | "ami":"ami-1a48ad6d"
43 | },
44 | "sa-east-1":{
45 | "ami":"ami-79a20564"
46 | },
47 | "ap-southeast-1":{
48 | "ami":"ami-10abe042"
49 | },
50 | "ap-southeast-2":{
51 | "ami":"ami-1f8b1625"
52 | },
53 | "ap-northeast-1":{
54 | "ami":"ami-a1bf23a0"
55 | }
56 | }
57 | },
58 |
59 | "Resources" : {
60 | "EddaIamRole":{
61 | "Type":"AWS::IAM::Role",
62 | "Properties":{
63 | "AssumeRolePolicyDocument":{
64 | "Statement":[
65 | {
66 | "Effect":"Allow",
67 | "Principal":{
68 | "Service":[
69 | "ec2.amazonaws.com"
70 | ]
71 | },
72 | "Action":[
73 | "sts:AssumeRole"
74 | ]
75 | }
76 | ]
77 | },
78 | "Path":"/",
79 | "Policies":[
80 | {
81 | "PolicyName":"EddaPolicy",
82 | "PolicyDocument":{
83 | "Statement": [
84 | {
85 | "Effect": "Allow",
86 | "Action": [
87 | "autoscaling:DescribeAutoScalingGroups",
88 | "autoscaling:DescribeLaunchConfigurations",
89 | "autoscaling:DescribePolicies",
90 | "cloudwatch:DescribeAlarms",
91 | "ec2:DescribeAddresses",
92 | "ec2:DescribeImages",
93 | "ec2:DescribeInstances",
94 | "ec2:DescribeReservedInstances",
95 | "ec2:DescribeSecurityGroups",
96 | "ec2:DescribeSnapshots",
97 | "ec2:DescribeTags",
98 | "ec2:DescribeVolumes",
99 | "elasticloadbalancing:DescribeInstanceHealth",
100 | "elasticloadbalancing:DescribeLoadBalancers",
101 | "iam:ListAccessKeys",
102 | "iam:ListGroupPolicies",
103 | "iam:ListGroups",
104 | "iam:ListGroupsForUser",
105 | "iam:ListRoles",
106 | "iam:ListUserPolicies",
107 | "iam:ListUsers",
108 | "iam:ListVirtualMFADevices",
109 | "s3:ListBucket",
110 | "s3:ListAllMyBuckets",
111 | "route53:ListHostedZones",
112 | "route53:ListResourceRecordSets",
113 | "sqs:GetQueueAttributes",
114 | "sqs:ListQueues",
115 | "rds:DescribeDBInstances"
116 | ],
117 | "Resource": "*"
118 | }
119 | ]
120 | }
121 | }
122 | ]
123 | }
124 | },
125 | "EddaInstanceProfile":{
126 | "Type":"AWS::IAM::InstanceProfile",
127 | "Properties":{
128 | "Path":"/",
129 | "Roles":[
130 | {
131 | "Ref":"EddaIamRole"
132 | }
133 | ]
134 | }
135 | },
136 |
137 | "EddaASG":{
138 | "Type":"AWS::AutoScaling::AutoScalingGroup",
139 | "Properties":{
140 | "AvailabilityZones":{
141 | "Fn::GetAZs":""
142 | },
143 | "LaunchConfigurationName":{
144 | "Ref":"EddaLaunchConfig"
145 | },
146 | "MinSize":1,
147 | "MaxSize":1,
148 | "Cooldown":"120",
149 | "Tags":[
150 | {
151 | "Key":"Name",
152 | "Value":"Edda",
153 | "PropagateAtLaunch":"true"
154 | }
155 | ]
156 | }
157 | },
158 |
159 | "EddaLaunchConfig":{
160 | "Type":"AWS::AutoScaling::LaunchConfiguration",
161 | "Properties":{
162 | "KeyName":{
163 | "Ref":"KeyName"
164 | },
165 | "ImageId":{
166 | "Fn::FindInMap":[
167 | "AWSRegion2AMI",
168 | {
169 | "Ref":"AWS::Region"
170 | },
171 | "ami"
172 | ]
173 | },
174 | "SecurityGroups":[
175 | {
176 | "Ref":"EddaSecurityGroup"
177 | }
178 | ],
179 | "InstanceType":{ "Ref": "InstanceType" },
180 | "IamInstanceProfile":{
181 | "Ref":"EddaInstanceProfile"
182 | }
183 | }
184 | },
185 |
186 | "EddaSecurityGroup":{
187 | "Type":"AWS::EC2::SecurityGroup",
188 | "Properties":{
189 | "GroupDescription":"Access to Edda",
190 | "SecurityGroupIngress":[
191 | {
192 | "IpProtocol":"tcp",
193 | "FromPort":"22",
194 | "ToPort":"22",
195 | "CidrIp":"0.0.0.0/0"
196 | },
197 | {
198 | "IpProtocol":"tcp",
199 | "FromPort":"80",
200 | "ToPort":"80",
201 | "CidrIp":{
202 | "Fn::Join":[
203 | "",
204 | [
205 | { "Ref": "WebAccessIP" },
206 | "/32"
207 | ]
208 | ]
209 | }
210 | }
211 | ]
212 | }
213 | }
214 | }
215 | }
--------------------------------------------------------------------------------
/ami-creator/ubuntu/01-prepare-ubuntu:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Copyright 2013 Answers for AWS LLC
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 |
16 | # Prepares an Ubuntu instance to create AMIs
17 | #
18 | # This expects to run on an EC2 instance
19 | #
20 | # Code adapted from: alestic-git
21 |
22 | # Include helper functions and variables
23 | . _include.sh
24 |
25 | echo "-- Prepare AMI creation --"
26 | echo "Ubuntu version: $release $codename"
27 | #read -e -p "What size image would you like (Gb): " -i "$size" size
28 | echo "Creating image size: $size Gb"
29 | echo
30 |
31 | ########################################
32 | # Host updates below
33 | ########################################
34 |
35 | echo "Updating and installing packages needed to build the AMI"
36 |
37 | # Update and install Ubuntu packages
38 | export DEBIAN_FRONTEND=noninteractive
39 | sudo perl -pi -e 's/^# *(deb .*multiverse)$/$1/' /etc/apt/sources.list
40 | sudo apt-get update
41 | sudo -E apt-get upgrade -y
42 | sudo -E apt-get install --no-install-recommends -y \
43 | ec2-ami-tools \
44 | ec2-api-tools \
45 | git-core \
46 | xfsprogs
47 |
48 | # This is here because we need ec2-copy-snapshot
49 | if [ ! -e /tmp/ec2-api-tools_1.6.6.0-0ubuntu1_all.deb ]; then
50 | cd /tmp
51 | wget http://mirrors.us.kernel.org/ubuntu/pool/multiverse/e/ec2-api-tools/ec2-api-tools_1.6.6.0-0ubuntu1_all.deb
52 | fi
53 | sudo dpkg -i /tmp/ec2-api-tools_1.6.6.0-0ubuntu1_all.deb
54 |
55 | # Download base Ubuntu server image built by Canonical
56 | image=/mnt/$imagename.img
57 | imagedir=/mnt/$codename-cloudimg-$arch2
58 | if [ ! -e $image ]; then
59 | echo "Downloading Ubuntu Image"
60 | wget -qO- $imageurl |
61 | sudo tar xzf - -C /mnt
62 | fi
63 |
64 | echo "Mounting Ubunutu image"
65 | sudo mkdir -p $imagedir
66 | sudo cp $image $thisImage
67 | sudo mount -o loop $thisImage $imagedir
68 |
69 |
70 |
71 | ########################################
72 | # Begin AMI modifications below
73 | ########################################
74 |
75 | echo "Allow network access from chroot environment"
76 | sudo rm -f $imagedir/etc/resolv.conf
77 | sudo cp -f /etc/resolv.conf $imagedir/etc/
78 |
79 | echo "Configuring chroot environment to work like a booted OS"
80 | sudo chroot $imagedir mount -t proc none /proc
81 | #sudo chroot $imagedir mount -t devpts none /dev/pts
82 | cat < /dev/null
83 | #!/bin/sh
84 | exit 101
85 | EOF
86 | sudo chmod 755 $imagedir/usr/sbin/policy-rc.d
87 | DEBIAN_FRONTEND=noninteractive
88 |
89 | echo
90 | echo "Enabling multiverse repo"
91 | sudo perl -pi -e 's/^# *(deb .*multiverse)$/$1/' \
92 | $imagedir/etc/apt/sources.list \
93 | $imagedir/etc/cloud/templates/sources.list.tmpl
94 |
95 | echo "Adding locale"
96 | sudo -E chroot $imagedir locale-gen en_US.UTF-8
97 |
98 | # Upgrade and install packages on the target file system
99 | echo
100 | echo "Updating and upgrading image"
101 | sudo chroot $imagedir apt-get update
102 | sudo -E chroot $imagedir apt-get dist-upgrade -y
103 |
104 | echo "Installing new software on image"
105 | # Install software
106 | sudo -E chroot $imagedir \
107 | apt-get install --no-install-recommends -y \
108 | coreutils \
109 | git-core \
110 | libapt-pkg4.12 \
111 | make \
112 | python-support \
113 | python-jinja2 \
114 | xfsprogs
115 |
116 |
117 | # Use XFS for the target root file system because it is better than ext4
118 | echo "Setting XFS config"
119 | sudo perl -pi -e 's/ext4/xfs/' $imagedir/etc/fstab
120 | sudo perl -pi -e 's/cloudimg/uec/' $imagedir/etc/fstab
121 | sudo perl -pi -e 's/cloudimg/uec/' $imagedir/boot/grub/menu.lst
122 |
123 | echo "Creating EBS volume for image"
124 | # Create and mount temporary EBS volume with file system to hold new AMI image
125 | volumeid=$(ec2-create-volume --region $region --size $size --availability-zone $zone |
126 | cut -f2)
127 | if [ "$volumeid" = "" ]; then
128 | echo "ERROR: Could not create EBS volume using 'ec2-create-volume'"
129 | echo "Make sure this EC2 instance is in a Role that has permission to create EBS volumes"
130 | exit 1
131 | fi
132 | echo "$volumeid" > /tmp/image.volume.id
133 | instanceid=$(wget -qO- http://169.254.169.254/latest/meta-data/instance-id)
134 | ec2-attach-volume --region $region --device /dev/sdi --instance "$instanceid" "$volumeid"
135 | dev=/dev/xvdi
136 | while [ ! -e $dev ]
137 | do
138 | echo -n "."
139 | sleep 3
140 | done
141 | echo " Done"
142 |
143 | echo "Creating filesystem on EBS volume"
144 | sudo mkfs.xfs -L uec-rootfs $dev
145 | sudo mkdir $ebsimagedir
146 | sudo mount $dev $ebsimagedir
147 |
148 | # Copy file system from temporary rootdir to EBS volume
149 | echo "Copying files from image to EBS volume"
150 | sudo rsync -axHAX $imagedir/ $ebsimagedir/
151 |
152 | echo "Unmounting image"
153 | sudo chroot $imagedir umount /proc
154 | sudo umount $imagedir
155 | sudo rm -f $thisImage
156 |
157 |
158 | ### Now only working on EBS volume
159 |
160 |
161 | echo "Mounting /proc and /dev/pts"
162 | #sudo chroot $ebsimagedir rm -rf /dev/*
163 | sudo chroot $ebsimagedir mount -t proc none /proc
164 | sudo mount -o bind /dev $ebsimagedir/dev
165 | #sudo chroot $ebsimagedir mkdir -p -v /dev/pts
166 | #sudo chroot $ebsimagedir chmod 755 /dev/pts
167 | #sudo chroot $ebsimagedir mount -t devpts none /dev/pts
168 | #sudo chroot $ebsimagedir mknod -m 666 /dev/null c 1 3
169 |
170 | echo
171 | echo "Installing Ansible"
172 | sudo -E chroot $ebsimagedir add-apt-repository -y ppa:rquillo/ansible
173 | sudo -E chroot $ebsimagedir apt-get update
174 | sudo -E chroot $ebsimagedir apt-get install -y ansible
175 |
176 | echo
177 | echo "Copy over NetflixOSS-Ansible playbooks"
178 | sudo mkdir -p $ebsimagedir/$noss_ansible_dir
179 | sudo rsync -a /home/ubuntu/netflixoss-ansible/playbooks/ $ebsimagedir/$playbooks_dir/
180 | sudo rsync -a /home/ubuntu/netflixoss-ansible/inventory/ $ebsimagedir/$inventory_dir/
181 |
182 | echo
183 | echo "DONE"
184 | echo
185 | echo "Image location: $ebsimagedir"
186 | echo "To do stuff to the image:"
187 | echo "sudo -E chroot $ebsimagedir sudo su"
188 | echo
189 |
190 |
191 |
--------------------------------------------------------------------------------
/playbooks/roles/base/files/Amazon/ec2metadata:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 | # vi: ts=4 noexpandtab
3 | #
4 | # Query and display EC2 metadata related to the AMI instance
5 | # Copyright (c) 2009 Canonical Ltd. (Canonical Contributor Agreement 2.5)
6 | #
7 | # Author: Alon Swartz
8 | #
9 | # This program is free software; you can redistribute it and/or modify
10 | # it under the terms of the GNU General Public License as published by
11 | # the Free Software Foundation; either version 2 of the License, or
12 | # (at your option) any later version.
13 | #
14 | # This program is distributed in the hope that it will be useful,
15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 | # GNU General Public License for more details.
18 | #
19 | # You should have received a copy of the GNU General Public License
20 | # along with this program. If not, see .
21 |
22 | instdata_host = "169.254.169.254"
23 | instdata_ver = "2009-04-04"
24 | instdata_url = "http://%s/%s" % (instdata_host, instdata_ver)
25 |
26 | __doc__ = """
27 | Query and display EC2 metadata.
28 |
29 | If no options are provided, all options will be displayed
30 |
31 | Options:
32 | -h --help show this help
33 |
34 | --kernel-id display the kernel id
35 | --ramdisk-id display the ramdisk id
36 | --reservation-id display the reservation id
37 |
38 | --ami-id display the ami id
39 | --ami-launch-index display the ami launch index
40 | --ami-manifest-path display the ami manifest path
41 | --ancestor-ami-ids display the ami ancestor id
42 | --product-codes display the ami associated product codes
43 | --availability-zone display the ami placement zone
44 |
45 | --instance-id display the instance id
46 | --instance-type display the instance type
47 |
48 | --local-hostname display the local hostname
49 | --public-hostname display the public hostname
50 |
51 | --local-ipv4 display the local ipv4 ip address
52 | --public-ipv4 display the public ipv4 ip address
53 |
54 | --block-device-mapping display the block device id
55 | --security-groups display the security groups
56 |
57 | --mac display the instance mac address
58 | --profile display the instance profile
59 | --instance-action display the instance-action
60 |
61 | --public-keys display the openssh public keys
62 | --user-data display the user data (not actually metadata)
63 |
64 | -u | --url URL use URL (default: %s)
65 |
66 | """ % instdata_url
67 |
68 | import sys
69 | import time
70 | import getopt
71 | import urllib2
72 | import socket
73 | import urlparse
74 |
75 | METAOPTS = ['ami-id', 'ami-launch-index', 'ami-manifest-path',
76 | 'ancestor-ami-ids', 'availability-zone', 'block-device-mapping',
77 | 'instance-action', 'instance-id', 'instance-type',
78 | 'local-hostname', 'local-ipv4', 'kernel-id', 'mac',
79 | 'profile', 'product-codes', 'public-hostname', 'public-ipv4',
80 | 'public-keys', 'ramdisk-id', 'reserveration-id', 'security-groups',
81 | 'user-data']
82 |
83 | class Error(Exception):
84 | pass
85 |
86 | class EC2Metadata:
87 | """Class for querying metadata from EC2"""
88 |
89 | def __init__(self, burl=instdata_url):
90 | self.burl = burl
91 |
92 | s = urlparse.urlsplit(burl)
93 | addr = s.netloc.split(":")[0]
94 | port = s.port
95 | if s.port == None:
96 | port = 80
97 | if not self._test_connectivity(addr, port):
98 | raise Error("could not establish connection to: %s:%s" % (addr, port))
99 |
100 | @staticmethod
101 | def _test_connectivity(addr, port):
102 | for i in range(6):
103 | s = socket.socket()
104 | try:
105 | s.connect((addr, port))
106 | s.close()
107 | return True
108 | except socket.error, e:
109 | time.sleep(1)
110 |
111 | return False
112 |
113 | def _get(self, uri):
114 | url = "%s/%s" % (self.burl, uri)
115 | try:
116 | resp = urllib2.urlopen(urllib2.Request(url))
117 | value = resp.read()
118 | except urllib2.HTTPError as e:
119 | if e.code == 404:
120 | return None
121 | # Eucalyptus may raise a 500 (Internal Server Error)
122 | if e.code == 500:
123 | return None
124 | raise
125 |
126 | return value
127 |
128 | def get(self, metaopt):
129 | """return value of metaopt"""
130 |
131 | if metaopt not in METAOPTS:
132 | raise Error('unknown metaopt', metaopt, METAOPTS)
133 |
134 | if metaopt == 'availability-zone':
135 | return self._get('meta-data/placement/availability-zone')
136 |
137 | if metaopt == 'public-keys':
138 | data = self._get('meta-data/public-keys')
139 | if data == None:
140 | return None
141 |
142 | keyids = [ line.split('=')[0] for line in data.splitlines() ]
143 |
144 | public_keys = []
145 | for keyid in keyids:
146 | uri = 'meta-data/public-keys/%d/openssh-key' % int(keyid)
147 | public_keys.append(self._get(uri).rstrip())
148 |
149 | return public_keys
150 |
151 | if metaopt == 'user-data':
152 | return self._get('user-data')
153 |
154 | return self._get('meta-data/' + metaopt)
155 |
156 | def get(metaopt):
157 | """primitive: return value of metaopt"""
158 |
159 | m = EC2Metadata()
160 | return m.get(metaopt)
161 |
162 | def display(metaopts, burl, prefix=False):
163 | """primitive: display metaopts (list) values with optional prefix"""
164 |
165 | m = EC2Metadata(burl)
166 | for metaopt in metaopts:
167 | value = m.get(metaopt)
168 | if not value:
169 | value = "unavailable"
170 |
171 | if prefix:
172 | print "%s: %s" % (metaopt, value)
173 | else:
174 | print value
175 |
176 | def usage(s=None):
177 | """display usage and exit"""
178 |
179 | if s:
180 | print >> sys.stderr, "Error:", s
181 | print >> sys.stderr, "Syntax: %s [options]" % sys.argv[0]
182 | print >> sys.stderr, __doc__
183 | sys.exit(1)
184 |
185 | def main():
186 | """handle cli options"""
187 |
188 | try:
189 | getopt_metaopts = METAOPTS[:]
190 | getopt_metaopts.append('help')
191 | getopt_metaopts.append('url=')
192 | opts, args = getopt.gnu_getopt(sys.argv[1:], "hu:", getopt_metaopts)
193 | except getopt.GetoptError, e:
194 | usage(e)
195 |
196 | burl = instdata_url
197 |
198 | metaopts = []
199 | prefix = False
200 | for opt, val in opts:
201 | if opt in ('-h', '--help'):
202 | usage()
203 | if opt in ('-u', '--url'):
204 | burl = val
205 | continue
206 |
207 | metaopts.append(opt.replace('--', ''))
208 |
209 | if len(metaopts) == 0:
210 | prefix = True
211 | metaopts = METAOPTS
212 |
213 | display(metaopts, burl, prefix)
214 |
215 |
216 | if __name__ == "__main__":
217 | main()
218 |
--------------------------------------------------------------------------------
/playbooks/roles/genie/files/server.xml:
--------------------------------------------------------------------------------
1 |
2 |
18 |
22 |
23 |
26 |
27 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
40 |
41 |
44 |
49 |
50 |
51 |
56 |
57 |
58 |
59 |
63 |
64 |
65 |
72 |
76 |
77 |
83 |
87 |
92 |
93 |
94 |
97 |
98 |
99 |
104 |
105 |
108 |
109 |
110 |
113 |
116 |
117 |
119 |
120 |
124 |
126 |
127 |
128 |
130 |
131 |
133 |
136 |
137 |
140 |
143 |
144 |
145 |
146 |
147 |
148 |
--------------------------------------------------------------------------------
/cloudformation/eureka.json:
--------------------------------------------------------------------------------
1 | {
2 | "Description": "NetflixOSS Eureka 1.1.121 - Template by Answers for AWS",
3 | "Mappings": {
4 | "RegionMap": {
5 | "ap-northeast-1": {
6 | "AMI": "ami-91d3b690"
7 | },
8 | "ap-southeast-1": {
9 | "AMI": "ami-2a9cc978"
10 | },
11 | "ap-southeast-2": {
12 | "AMI": "ami-1970ec23"
13 | },
14 | "eu-west-1": {
15 | "AMI": "ami-c1c527b6"
16 | },
17 | "sa-east-1": {
18 | "AMI": "ami-df45e3c2"
19 | },
20 | "us-east-1": {
21 | "AMI": "ami-99247ff0"
22 | },
23 | "us-west-1": {
24 | "AMI": "ami-ae0234eb"
25 | },
26 | "us-west-2": {
27 | "AMI": "ami-f40991c4"
28 | }
29 | }
30 | },
31 | "Outputs": {
32 | "Eureka": {
33 | "Description": "Please go to the EC2 page in the AWS Web Console",
34 | "Value": "Look for the instance named Eureka and assign it an Elastic IP"
35 | }
36 | },
37 | "Parameters": {
38 | "InstanceType": {
39 | "AllowedValues": [
40 | "m1.medium",
41 | "m1.large",
42 | "m1.xlarge",
43 | "m2.xlarge",
44 | "m2.2xlarge",
45 | "m2.4xlarge",
46 | "m3.xlarge",
47 | "m3.2xlarge",
48 | "c1.medium",
49 | "c1.xlarge",
50 | "cg1.4xlarge"
51 | ],
52 | "ConstraintDescription": "must be a valid EC2 instance type",
53 | "Default": "m1.medium",
54 | "Description": "EC2 instance type to launch for Application servers",
55 | "Type": "String"
56 | },
57 | "KeyPairName": {
58 | "AllowedPattern": "[-_ a-zA-Z0-9]*",
59 | "ConstraintDescription": "can contain only alphanumeric characters, spaces, dashes and underscores.",
60 | "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance",
61 | "MaxLength": 64,
62 | "MinLength": 1,
63 | "Type": "String"
64 | },
65 | "YourIpAddress": {
66 | "Description": "Your IP address",
67 | "Type": "String"
68 | }
69 | },
70 | "Resources": {
71 | "EurekaInstanceProfile": {
72 | "Properties": {
73 | "Path": "/",
74 | "Roles": [
75 | {
76 | "Ref": "EurekaRole"
77 | }
78 | ]
79 | },
80 | "Type": "AWS::IAM::InstanceProfile"
81 | },
82 | "EurekaRole": {
83 | "Properties": {
84 | "AssumeRolePolicyDocument": {
85 | "Statement": [
86 | {
87 | "Action": [
88 | "sts:AssumeRole"
89 | ],
90 | "Effect": "Allow",
91 | "Principal": {
92 | "Service": [
93 | "ec2.amazonaws.com"
94 | ]
95 | }
96 | }
97 | ]
98 | },
99 | "Path": "/",
100 | "Policies": [
101 | {
102 | "PolicyDocument": {
103 | "Statement": [
104 | {
105 | "Action": [
106 | "autoscaling:DescribeAutoScalingGroups",
107 | "ec2:AssociateAddress",
108 | "ec2:DisassociateAddress"
109 | ],
110 | "Effect": "Allow",
111 | "Resource": "*"
112 | }
113 | ]
114 | },
115 | "PolicyName": "EurekaPolicy"
116 | }
117 | ]
118 | },
119 | "Type": "AWS::IAM::Role"
120 | },
121 | "EurekaSecurityGroup": {
122 | "Properties": {
123 | "GroupDescription": "Access to Eureka",
124 | "SecurityGroupIngress": [
125 | {
126 | "CidrIp": "0.0.0.0/0",
127 | "FromPort": 22,
128 | "IpProtocol": "tcp",
129 | "ToPort": 22
130 | },
131 | {
132 | "CidrIp": {
133 | "Fn::Join": [
134 | "/",
135 | [
136 | {
137 | "Ref": "YourIpAddress"
138 | },
139 | "32"
140 | ]
141 | ]
142 | },
143 | "FromPort": 80,
144 | "IpProtocol": "tcp",
145 | "ToPort": 80
146 | },
147 | {
148 | "CidrIp": {
149 | "Fn::Join": [
150 | "/",
151 | [
152 | {
153 | "Ref": "YourIpAddress"
154 | },
155 | "32"
156 | ]
157 | ]
158 | },
159 | "FromPort": 8080,
160 | "IpProtocol": "tcp",
161 | "ToPort": 8080
162 | }
163 | ]
164 | },
165 | "Type": "AWS::EC2::SecurityGroup"
166 | },
167 | "MyASG": {
168 | "Properties": {
169 | "AvailabilityZones": {
170 | "Fn::GetAZs": ""
171 | },
172 | "Cooldown": 120,
173 | "LaunchConfigurationName": {
174 | "Ref": "MyLaunchConfig"
175 | },
176 | "MaxSize": 1,
177 | "MinSize": 1,
178 | "Tags": [
179 | {
180 | "Key": "Name",
181 | "PropagateAtLaunch": "true",
182 | "Value": "Eureka"
183 | }
184 | ]
185 | },
186 | "Type": "AWS::AutoScaling::AutoScalingGroup"
187 | },
188 | "MyLaunchConfig": {
189 | "Properties": {
190 | "IamInstanceProfile": {
191 | "Ref": "EurekaInstanceProfile"
192 | },
193 | "ImageId": {
194 | "Fn::FindInMap": [
195 | "RegionMap",
196 | {
197 | "Ref": "AWS::Region"
198 | },
199 | "AMI"
200 | ]
201 | },
202 | "InstanceType": {
203 | "Ref": "InstanceType"
204 | },
205 | "KeyName": {
206 | "Ref": "KeyPairName"
207 | },
208 | "SecurityGroups": [
209 | {
210 | "Ref": "EurekaSecurityGroup"
211 | }
212 | ]
213 | },
214 | "Type": "AWS::AutoScaling::LaunchConfiguration"
215 | }
216 | }
217 | }
218 |
--------------------------------------------------------------------------------
/LICENSE.txt:
--------------------------------------------------------------------------------
1 |
2 | Apache License
3 | Version 2.0, January 2004
4 | http://www.apache.org/licenses/
5 |
6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
7 |
8 | 1. Definitions.
9 |
10 | "License" shall mean the terms and conditions for use, reproduction,
11 | and distribution as defined by Sections 1 through 9 of this document.
12 |
13 | "Licensor" shall mean the copyright owner or entity authorized by
14 | the copyright owner that is granting the License.
15 |
16 | "Legal Entity" shall mean the union of the acting entity and all
17 | other entities that control, are controlled by, or are under common
18 | control with that entity. For the purposes of this definition,
19 | "control" means (i) the power, direct or indirect, to cause the
20 | direction or management of such entity, whether by contract or
21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
22 | outstanding shares, or (iii) beneficial ownership of such entity.
23 |
24 | "You" (or "Your") shall mean an individual or Legal Entity
25 | exercising permissions granted by this License.
26 |
27 | "Source" form shall mean the preferred form for making modifications,
28 | including but not limited to software source code, documentation
29 | source, and configuration files.
30 |
31 | "Object" form shall mean any form resulting from mechanical
32 | transformation or translation of a Source form, including but
33 | not limited to compiled object code, generated documentation,
34 | and conversions to other media types.
35 |
36 | "Work" shall mean the work of authorship, whether in Source or
37 | Object form, made available under the License, as indicated by a
38 | copyright notice that is included in or attached to the work
39 | (an example is provided in the Appendix below).
40 |
41 | "Derivative Works" shall mean any work, whether in Source or Object
42 | form, that is based on (or derived from) the Work and for which the
43 | editorial revisions, annotations, elaborations, or other modifications
44 | represent, as a whole, an original work of authorship. For the purposes
45 | of this License, Derivative Works shall not include works that remain
46 | separable from, or merely link (or bind by name) to the interfaces of,
47 | the Work and Derivative Works thereof.
48 |
49 | "Contribution" shall mean any work of authorship, including
50 | the original version of the Work and any modifications or additions
51 | to that Work or Derivative Works thereof, that is intentionally
52 | submitted to Licensor for inclusion in the Work by the copyright owner
53 | or by an individual or Legal Entity authorized to submit on behalf of
54 | the copyright owner. For the purposes of this definition, "submitted"
55 | means any form of electronic, verbal, or written communication sent
56 | to the Licensor or its representatives, including but not limited to
57 | communication on electronic mailing lists, source code control systems,
58 | and issue tracking systems that are managed by, or on behalf of, the
59 | Licensor for the purpose of discussing and improving the Work, but
60 | excluding communication that is conspicuously marked or otherwise
61 | designated in writing by the copyright owner as "Not a Contribution."
62 |
63 | "Contributor" shall mean Licensor and any individual or Legal Entity
64 | on behalf of whom a Contribution has been received by Licensor and
65 | subsequently incorporated within the Work.
66 |
67 | 2. Grant of Copyright License. Subject to the terms and conditions of
68 | this License, each Contributor hereby grants to You a perpetual,
69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
70 | copyright license to reproduce, prepare Derivative Works of,
71 | publicly display, publicly perform, sublicense, and distribute the
72 | Work and such Derivative Works in Source or Object form.
73 |
74 | 3. Grant of Patent License. Subject to the terms and conditions of
75 | this License, each Contributor hereby grants to You a perpetual,
76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
77 | (except as stated in this section) patent license to make, have made,
78 | use, offer to sell, sell, import, and otherwise transfer the Work,
79 | where such license applies only to those patent claims licensable
80 | by such Contributor that are necessarily infringed by their
81 | Contribution(s) alone or by combination of their Contribution(s)
82 | with the Work to which such Contribution(s) was submitted. If You
83 | institute patent litigation against any entity (including a
84 | cross-claim or counterclaim in a lawsuit) alleging that the Work
85 | or a Contribution incorporated within the Work constitutes direct
86 | or contributory patent infringement, then any patent licenses
87 | granted to You under this License for that Work shall terminate
88 | as of the date such litigation is filed.
89 |
90 | 4. Redistribution. You may reproduce and distribute copies of the
91 | Work or Derivative Works thereof in any medium, with or without
92 | modifications, and in Source or Object form, provided that You
93 | meet the following conditions:
94 |
95 | (a) You must give any other recipients of the Work or
96 | Derivative Works a copy of this License; and
97 |
98 | (b) You must cause any modified files to carry prominent notices
99 | stating that You changed the files; and
100 |
101 | (c) You must retain, in the Source form of any Derivative Works
102 | that You distribute, all copyright, patent, trademark, and
103 | attribution notices from the Source form of the Work,
104 | excluding those notices that do not pertain to any part of
105 | the Derivative Works; and
106 |
107 | (d) If the Work includes a "NOTICE" text file as part of its
108 | distribution, then any Derivative Works that You distribute must
109 | include a readable copy of the attribution notices contained
110 | within such NOTICE file, excluding those notices that do not
111 | pertain to any part of the Derivative Works, in at least one
112 | of the following places: within a NOTICE text file distributed
113 | as part of the Derivative Works; within the Source form or
114 | documentation, if provided along with the Derivative Works; or,
115 | within a display generated by the Derivative Works, if and
116 | wherever such third-party notices normally appear. The contents
117 | of the NOTICE file are for informational purposes only and
118 | do not modify the License. You may add Your own attribution
119 | notices within Derivative Works that You distribute, alongside
120 | or as an addendum to the NOTICE text from the Work, provided
121 | that such additional attribution notices cannot be construed
122 | as modifying the License.
123 |
124 | You may add Your own copyright statement to Your modifications and
125 | may provide additional or different license terms and conditions
126 | for use, reproduction, or distribution of Your modifications, or
127 | for any such Derivative Works as a whole, provided Your use,
128 | reproduction, and distribution of the Work otherwise complies with
129 | the conditions stated in this License.
130 |
131 | 5. Submission of Contributions. Unless You explicitly state otherwise,
132 | any Contribution intentionally submitted for inclusion in the Work
133 | by You to the Licensor shall be under the terms and conditions of
134 | this License, without any additional terms or conditions.
135 | Notwithstanding the above, nothing herein shall supersede or modify
136 | the terms of any separate license agreement you may have executed
137 | with Licensor regarding such Contributions.
138 |
139 | 6. Trademarks. This License does not grant permission to use the trade
140 | names, trademarks, service marks, or product names of the Licensor,
141 | except as required for reasonable and customary use in describing the
142 | origin of the Work and reproducing the content of the NOTICE file.
143 |
144 | 7. Disclaimer of Warranty. Unless required by applicable law or
145 | agreed to in writing, Licensor provides the Work (and each
146 | Contributor provides its Contributions) on an "AS IS" BASIS,
147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148 | implied, including, without limitation, any warranties or conditions
149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150 | PARTICULAR PURPOSE. You are solely responsible for determining the
151 | appropriateness of using or redistributing the Work and assume any
152 | risks associated with Your exercise of permissions under this License.
153 |
154 | 8. Limitation of Liability. In no event and under no legal theory,
155 | whether in tort (including negligence), contract, or otherwise,
156 | unless required by applicable law (such as deliberate and grossly
157 | negligent acts) or agreed to in writing, shall any Contributor be
158 | liable to You for damages, including any direct, indirect, special,
159 | incidental, or consequential damages of any character arising as a
160 | result of this License or out of the use or inability to use the
161 | Work (including but not limited to damages for loss of goodwill,
162 | work stoppage, computer failure or malfunction, or any and all
163 | other commercial damages or losses), even if such Contributor
164 | has been advised of the possibility of such damages.
165 |
166 | 9. Accepting Warranty or Additional Liability. While redistributing
167 | the Work or Derivative Works thereof, You may choose to offer,
168 | and charge a fee for, acceptance of support, warranty, indemnity,
169 | or other liability obligations and/or rights consistent with this
170 | License. However, in accepting such obligations, You may act only
171 | on Your own behalf and on Your sole responsibility, not on behalf
172 | of any other Contributor, and only if You agree to indemnify,
173 | defend, and hold each Contributor harmless for any liability
174 | incurred by, or claims asserted against, such Contributor by reason
175 | of your accepting any such warranty or additional liability.
176 |
177 | END OF TERMS AND CONDITIONS
178 |
179 | APPENDIX: How to apply the Apache License to your work.
180 |
181 | To apply the Apache License to your work, attach the following
182 | boilerplate notice, with the fields enclosed by brackets "[]"
183 | replaced with your own identifying information. (Don't include
184 | the brackets!) The text should be enclosed in the appropriate
185 | comment syntax for the file format. We also recommend that a
186 | file or class name and description of purpose be included on the
187 | same "printed page" as the copyright notice for easier
188 | identification within third-party archives.
189 |
190 | Copyright 2013 Answers for AWS LLC
191 |
192 | Licensed under the Apache License, Version 2.0 (the "License");
193 | you may not use this file except in compliance with the License.
194 | You may obtain a copy of the License at
195 |
196 | http://www.apache.org/licenses/LICENSE-2.0
197 |
198 | Unless required by applicable law or agreed to in writing, software
199 | distributed under the License is distributed on an "AS IS" BASIS,
200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
201 | See the License for the specific language governing permissions and
202 | limitations under the License.
203 |
--------------------------------------------------------------------------------