├── .gitignore
├── README.md
├── admin_security_group.tf
├── dcos_gateway.tf
├── dcos_user_data.sh
├── dhcp_options.tf
├── doc
    └── images
    │   └── dcos.png
├── host_keys.tf
├── internal_master_load_balancer.tf
├── internet_gateway.tf
├── key_pair.tf
├── lb_security_group.tf
├── master_instance_profile.tf
├── master_launch_configuration.tf
├── master_role.tf
├── master_route_table.tf
├── master_security_group.tf
├── master_server_group.tf
├── master_subnet.tf
├── master_subnet_network_acl_association.tf
├── master_subnet_route_table_association.tf
├── master_user_data.yml
├── multi-master.cloudformation.json
├── nat_instance.tf
├── outputs.tf
├── private_route_table.tf
├── private_subnet.tf
├── private_subnet_network_acl_association.tf
├── private_subnet_route_table_association.tf
├── provider.tf
├── public_route_table.tf
├── public_slave_launch_configuration.tf
├── public_slave_load_balancer.tf
├── public_slave_security_group.tf
├── public_slave_server_group.tf
├── public_slave_user_data.yml
├── public_subnet.tf
├── public_subnet_network_acl_association.tf
├── public_subnet_route_table_association.tf
├── s3_bucket.tf
├── single-master.cloudformation.json
├── slave_launch_configuration.tf
├── slave_security_group.tf
├── slave_server_group.tf
├── slave_user_data.yml
├── smack
    ├── enter_cassandra.sh
    ├── killrweather
    │   ├── app
    │   │   ├── Dockerfile
    │   │   ├── app.sh
    │   │   ├── build.sh
    │   │   ├── client_app.sh
    │   │   └── ingest.sh
    │   └── data
    │   │   ├── Dockerfile
    │   │   ├── build.sh
    │   │   └── import_data.sh
    ├── mesosphere
    │   └── cassandra
    │   │   ├── Dockerfile
    │   │   └── build.sh
    ├── run_app.sh
    ├── run_client_app.sh
    ├── run_ingest.sh
    └── show_kafka_topic.sh
├── terraform.tfvars.template
├── variables.tf
├── vpc.tf
├── vpn_gateway.tf
├── vpn_load_balancer.tf
├── vpn_security_group.tf
├── vpn_user_data.sh
└── vpn_user_data.yml


/.gitignore:
--------------------------------------------------------------------------------
1 | dcos/
2 | .idea/
3 | .terraform/
4 | *.tfstate
5 | *.tfstate.backup
6 | *.plan
7 | *.tfvars
8 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # DCOS Multi Master Terraform Module
  2 | 
  3 | Using this [Terraform][] [module][], you can launch your own [DCOS][] cluster.
  4 | 
  5 | The Mesosphere Datacenter Operating System (DCOS) spans all of the machines in your datacenter or cloud and treats 
  6 | them as a single, shared set of resources. DCOS provides a highly elastic and highly scalable way to build, deploy and 
  7 | manage modern applications using containers, microservices and big data systems.git 
  8 | 
  9 | ![DCOS](/doc/images/dcos.png)
 10 | 
 11 | ## Configurables
 12 | 
 13 | See [`variables.tf`](variables.tf) for a list of configurable parameters.
 14 | 
 15 | [Terraform]: https://www.terraform.io
 16 | [module]: https://www.terraform.io/docs/modules/index.html
 17 | [DCOS]: https://mesosphere.com/learn/
 18 | 
 19 | ## Module Instructions
 20 | 
 21 | To include this module in your Terraform code-base, use the following snippet:
 22 | 
 23 | ```hcl
 24 | module "dcos" {
 25 |   source = "github.com/zutherb/terraform-dcos"
 26 | 
 27 |   aws_access_key = "..."
 28 |   aws_secret_key = "..."
 29 |   aws_region     = "eu-central-1"
 30 |   ssh_public_key = "ssh-rsa ..."
 31 | 
 32 |   ...
 33 | }
 34 | ```
 35 | 
 36 | Then run `terraform get` to retrieve this module.
 37 | 
 38 | ## Stand-Alone Instructions
 39 | 
 40 | Any Terraform module can also be used on its own. To do so, follow these
 41 | instructions:
 42 | 
 43 | * clone the repository
 44 | * create a `terraform.tfvars` file with all the (required) variables
 45 | ```vim
 46 | aws_access_key="*****"
 47 | aws_secret_key="*****"
 48 | aws_region="eu-west-1"
 49 | ssh_public_key="ssh-rsa ***** bernd.zuther@codecentric.de"
 50 | 
 51 | openvpn_admin_user="openvpn"
 52 | openvpn_admin_pw="******"
 53 | ```
 54 | * *optionally* run `terraform plan -out terraform.plan`
 55 | * run `terraform apply [terraform.plan]`
 56 | 
 57 | ```bash
 58 | ```
 59 | 
 60 | ## Architecture
 61 | 
 62 | DCOS is based on [Mesos](http://mesos.apache.org/) and includes a distributed systems kernel. It also includes a set 
 63 | of core system services, such as a native [Marathon](https://mesosphere.github.io/marathon/) instance to manage processes 
 64 | and installable services, and [Mesos-DNS](https://github.com/mesosphere/mesos-dns) for service discovery.
 65 | 
 66 | ### Components
 67 | 
 68 | DCOS is comprised of Mesos master and agent nodes, a native DCOS Marathon instance, Mesos-DNS for service 
 69 | discovery, Admin Router for central authentication and proxy to DCOS services, and Zookeeper to coordinate and manage 
 70 | the installed DCOS services.
 71 | 
 72 | ![DCOS](https://docs.mesosphere.com/wp-content/uploads/2015/12/Enterprise-Architecture-Diagram.png)
 73 | 
 74 | [Read more](https://docs.mesosphere.com/administration/dcosarchitecture/components/)
 75 | 
 76 | ### Network Security
 77 | 
 78 | DCOS provides the admin, private, and public security zones. The admin zone is accessible via HTTP/HTTPS and SSH 
 79 | connections, and provides access to your master nodes. The private zone is a non-routable network that is only 
 80 | accessible from the admin zone or through the edgerouter from the public zone. The optional public zone is where 
 81 | publicly accessible applications are run. 
 82 | 
 83 | ![DCOS](https://docs.mesosphere.com/wp-content/uploads/2015/12/security-zones-ce.jpg)
 84 | 
 85 | [Read more](https://docs.mesosphere.com/administration/dcosarchitecture/security/)
 86 | 
 87 | ## Limitations
 88 | 
 89 | - The DCOS Community Edition does not provide authentication. Authentication is available in the DCOS Enterprise Edition.
 90 | - The DCOS CLI and web interface do not currently use an encrypted channel for communication. However, you can upload 
 91 |   your own SSL certificate to the masters and change your CLI and web interface configuration to use HTTPS instead of HTTP.
 92 | - You must secure your cluster by using security rules. It is strongly recommended that you only allow internal traffic.
 93 | - If there is sensitive data in your cluster, follow standard cloud policies for accessing that data. Either set up a 
 94 |   point to point VPN between your secure networks or run a VPN server inside your DCOS cluster.
 95 | 
 96 | ## OpenVPN
 97 | 
 98 | OpenVPN Access Server is a full featured secure network tunneling VPN software solution that integrates OpenVPN server 
 99 | capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages 
100 | that accommodate Windows, MAC, Linux, Android, and iOS environments. OpenVPN Access Server supports a wide range of 
101 | configurations, including secure and granular remote access to internal network and/ or private cloud network resources 
102 | and applications with fine-grained access control. 


--------------------------------------------------------------------------------
/admin_security_group.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_security_group" "admin" {
 2 |   name = "admin"
 3 |   description = "Enable admin access to servers"
 4 | 
 5 |   vpc_id = "${aws_vpc.dcos.id}"
 6 | }
 7 | 
 8 | resource "aws_security_group_rule" "admin_ingress_all" {
 9 |   security_group_id = "${aws_security_group.admin.id}"
10 | 
11 |   type = "ingress"
12 |   from_port = 0
13 |   to_port = 65535
14 |   protocol = "-1"
15 |   cidr_blocks = ["${var.admin_location}"]
16 | }
17 | 
18 | resource "aws_security_group_rule" "admin_egress_all" {
19 |   security_group_id = "${aws_security_group.admin.id}"
20 | 
21 |   type = "egress"
22 |   from_port = 0
23 |   to_port = 65535
24 |   protocol = "-1"
25 |   cidr_blocks = ["0.0.0.0/0"]
26 | }
27 | 


--------------------------------------------------------------------------------
/dcos_gateway.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_instance" "dcos" {
 2 |   vpc_security_group_ids = [
 3 |     "${aws_security_group.master.id}",
 4 |     "${aws_security_group.admin.id}"
 5 |   ]
 6 | 
 7 |   subnet_id = "${aws_subnet.master.id}"
 8 | 
 9 |   ami = "${lookup(var.ubuntu_amis, var.aws_region)}"
10 |   instance_type = "${var.dcos_gateway_instance_type}"
11 |   key_name = "${aws_key_pair.dcos.key_name}"
12 |   user_data = "${data.template_file.dcos_user_data.rendered}"
13 |   associate_public_ip_address = false
14 | 
15 |   tags {
16 |     Application = "${var.stack_name}"
17 |     Role = "dcos"
18 |   }
19 | 
20 |   lifecycle {
21 |     create_before_destroy = false
22 |   }
23 | }
24 | 
25 | data "template_file" "dcos_user_data" {
26 |   template = "${file("${path.module}/dcos_user_data.sh")}"
27 | 
28 |   vars {
29 |     internal_master_lb_dns_name = "${aws_elb.internal_master.dns_name}"
30 |   }
31 | }
32 | 


--------------------------------------------------------------------------------
/dcos_user_data.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | function init {
  3 |     export LC_ALL=C.UTF-8
  4 |     export LANG=C.UTF-8
  5 | 
  6 |     echo "export LC_ALL=C.UTF-8" >> ~/.bashrc
  7 |     echo "export LANG=C.UTF-8" >> ~/.bashrc
  8 | 
  9 |     apt-get install -y language-pack-UTF-8 language-pack-en python3
 10 |     ln -s /usr/bin/python3 /usr/bin/python
 11 | 
 12 |     curl "https://bootstrap.pypa.io/get-pip.py" -o "/tmp/get-pip.py"
 13 |     python /tmp/get-pip.py
 14 | 
 15 |     mkdir -p /opt/mesosphere/dcos-cli/bin/
 16 |     mkdir -p /opt/smack/state
 17 |     mkdir -p /opt/smack/conf
 18 |     mkdir -p /opt/vamp/conf/
 19 | }
 20 | 
 21 | function install_dcos_cli {
 22 |     curl -s --output /tmp/get-pip.py https://bootstrap.pypa.io/get-pip.py
 23 |     python /tmp/get-pip.py
 24 |     pip install virtualenv
 25 |     wget https://downloads.dcos.io/binaries/cli/linux/x86-64/dcos-1.8/dcos -O /opt/mesosphere/dcos-cli/bin/dcos
 26 |     chmod +x /opt/mesosphere/dcos-cli/bin/dcos
 27 |     ln -s /opt/mesosphere/dcos-cli/bin/dcos /usr/sbin/dcos
 28 |     dcos config set core.dcos_url http://leader.mesos
 29 |     dcos config set core.email johndoe@mesosphere.com
 30 |     dcos config set core.dcos_acs_token abc
 31 | }
 32 | 
 33 | function install_oracle_java {
 34 |     echo "install java"
 35 |     wget --no-cookies \
 36 |          --no-check-certificate \
 37 |          --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" \
 38 |          "http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.tar.gz" \
 39 |          -O /tmp/jdk-8u131-linux-x64.tar.gz
 40 |     tar xzf /tmp/jdk-8u131-linux-x64.tar.gz --directory=/usr/local/
 41 |     update-alternatives --install "/usr/bin/java" "java" "/usr/local/jdk1.8.0_131/bin/java" 1
 42 |     update-alternatives --install "/usr/bin/javac" "javac" "/usr/local/jdk1.8.0_131/bin/javac" 1
 43 |     update-alternatives --install "/usr/bin/javaws" "javaws" "/usr/local/jdk1.8.0_131/bin/javaws" 1
 44 |     update-alternatives --set "java" "/usr/local/jdk1.8.0_131/bin/java"
 45 |     update-alternatives --set "javac" "/usr/local/jdk1.8.0_131/bin/javac"
 46 |     update-alternatives --set "javaws" "/usr/local/jdk1.8.0_131/bin/javaws"
 47 |     export JAVA_HOME=/usr/local/jdk1.8.0_131/
 48 |     echo "export JAVA_HOME=$JAVA_HOME" >> ~/.bashrc
 49 | }
 50 | 
 51 | function update_dns_nameserver {
 52 |     apt-get install -y jq
 53 |     echo nameserver $(curl -s http://${internal_master_lb_dns_name}:8080/v2/info | jq '.leader' | \
 54 |          sed 's/\"//' | sed 's/\:8080"//') &> /etc/resolvconf/resolv.conf.d/head
 55 |     resolvconf -u
 56 | }
 57 | 
 58 | function waited_until_marathon_is_running {
 59 |     until $(curl --output /dev/null --silent --head --fail http://${internal_master_lb_dns_name}:8080/v2/info); do
 60 |         echo "waiting for marathon"
 61 |         sleep 5
 62 |     done
 63 | }
 64 | 
 65 | function waited_until_dns_is_ready {
 66 |     until $(curl --output /dev/null --silent --head --fail http://master.mesos); do
 67 |         echo "waiting for dns"
 68 |         sleep 5
 69 |         update_dns_nameserver
 70 |     done
 71 | }
 72 | 
 73 | function waited_until_kafka_is_running {
 74 |     until [ -n "$KAFKA_HOST" ] && [ -n "$KAFKA_PORT" ] ; do
 75 |         sleep 5
 76 |         echo "Kafka is not yet healthy"
 77 |         export_kafka_connection
 78 |     done
 79 | }
 80 | 
 81 | function export_kafka_connection {
 82 |     export KAFKA_CONNECTION=($(dcos kafka connection | jq .dns[0] | sed -r 's/[\"]+//g' | tr ":" " "))
 83 |     export KAFKA_HOST=$${KAFKA_CONNECTION[0]}
 84 |     echo "KAFKA_HOST: $KAFKA_HOST"
 85 |     export KAFKA_PORT=$${KAFKA_CONNECTION[1]}
 86 |     echo "KAFKA_PORT: $KAFKA_PORT"
 87 | }
 88 | 
 89 | function waited_until_cassandra_is_running {
 90 |     until [ -n "$CASSANDRA_HOST" ] && [ -n "$CASSANDRA_PORT" ] ; do
 91 |         sleep 5
 92 |         echo "Cassandra is not yet healthy"
 93 |         export_cassandra_connection
 94 |     done
 95 | }
 96 | 
 97 | function export_cassandra_connection {
 98 |     export CASSANDRA_CONNECTION=($(dcos cassandra connection | jq .dns[0] | sed -r 's/[\"]+//g' | tr ":" " "))
 99 |     export CASSANDRA_HOST=$${CASSANDRA_CONNECTION[0]}
100 |     echo "CASSANDRA_HOST: $CASSANDRA_HOST"
101 |     export CASSANDRA_PORT=$${CASSANDRA_CONNECTION[1]}
102 |     echo "CASSANDRA_PORT: $CASSANDRA_PORT"
103 | }
104 | 
105 | function init_cassandra_schema {
106 |     cat &> /opt/smack/conf/init_cassandra_schema_job.json << EOF
107 | {
108 |   "id": "init-cassandra-schema-job",
109 |   "description": "Initialize cassandra database",
110 |   "run": {
111 |     "cmd": "/opt/bus-demo/import_data.sh $CASSANDRA_HOST",
112 |     "cpus": 0.1,
113 |     "mem": 256,
114 |     "disk": 0,
115 |     "docker": {
116 |       "image": "codecentric/bus-demo-schema:3.0.7"
117 |     }
118 |   }
119 | }
120 | EOF
121 |     dcos job add /opt/smack/conf/init_cassandra_schema_job.json
122 |     dcos job run init-cassandra-schema-job
123 | }
124 | 
125 | function init_ingest_app {
126 |     cat &> /opt/smack/conf/ingest.json << EOF
127 | {
128 |   "id": "/bus-demo/ingest",
129 |   "cpus": 0.1,
130 |   "mem": 2048,
131 |   "disk": 0,
132 |   "instances": 1,
133 |   "container": {
134 |     "type": "DOCKER",
135 |     "volumes": [],
136 |     "docker": {
137 |       "image": "codecentric/bus-demo-ingest:0.2.0",
138 |       "network": "HOST",
139 |       "privileged": false,
140 |       "parameters": [],
141 |       "forcePullImage": true
142 |     }
143 |   },
144 |   "env": {
145 |     "CASSANDRA_HOST": "$CASSANDRA_HOST",
146 |     "CASSANDRA_PORT": "$CASSANDRA_PORT",
147 |     "KAFKA_HOST": "$KAFKA_HOST",
148 |     "KAFKA_PORT": "$KAFKA_PORT"
149 |   },
150 |   "upgradeStrategy": {
151 |     "minimumHealthCapacity": 0
152 |   }
153 | }
154 | EOF
155 |     dcos marathon app add /opt/smack/conf/ingest.json
156 | }
157 | 
158 | function waited_until_spark_is_running {
159 |     until dcos service | grep spark | awk '{print $3};' | grep True; do
160 |         echo "waiting for spark"
161 |         sleep 5
162 |     done
163 |     update_dns_nameserver
164 |     sleep 10
165 | }
166 | 
167 | 
168 | function init_spark_jobs {
169 |     cat &> /usr/sbin/run-pi << EOF
170 | dcos spark run --submit-args='--driver-cores 0.1 --driver-memory 1024M --class org.apache.spark.examples.SparkPi https://downloads.mesosphere.com/spark/assets/spark-examples_2.10-1.4.0-SNAPSHOT.jar 10000000'
171 | EOF
172 |     cat &> /usr/sbin/run-digest << EOF
173 | dcos spark run --submit-args='--driver-cores 0.1 --driver-memory 1024M --class de.nierbeck.floating.data.stream.spark.KafkaToCassandraSparkApp https://s3.eu-central-1.amazonaws.com/big-data-muc/bus-demo-digest-assembly-0.2.0.jar METRO-Vehicles $CASSANDRA_HOST $CASSANDRA_PORT $KAFKA_HOST $KAFKA_PORT'
174 | EOF
175 |     cat &> /usr/sbin/run-digest-hotspot << EOF
176 | dcos spark run --submit-args='--driver-cores 0.1 --driver-memory 1024M --class de.nierbeck.floating.data.stream.spark.CalcClusterSparkApp https://s3.eu-central-1.amazonaws.com/big-data-muc/bus-demo-digest-assembly-0.2.0.jar METRO-Vehicles $CASSANDRA_HOST $CASSANDRA_PORT $KAFKA_HOST $KAFKA_PORT @$'
177 | EOF
178 |     chmod 744 /usr/sbin/run-pi /usr/sbin/run-digest /usr/sbin/run-digest-hotspot
179 |     /usr/sbin/run-digest
180 | }
181 | 
182 | function init_dasboard {
183 |     cat &> /opt/smack/conf/dashboard.json << EOF
184 | {
185 |     "id": "/bus-demo/dashboard",
186 |     "container": {
187 |         "type": "DOCKER",
188 |         "docker": {
189 |             "image": "codecentric/bus-demo-dashboard:0.2.0",
190 |             "network": "HOST",
191 |             "forcePullImage": true
192 |         }
193 |     },
194 |     "acceptedResourceRoles": [
195 |         "slave_public"
196 |     ],
197 |     "env": {
198 |         "CASSANDRA_HOST": "$CASSANDRA_HOST",
199 |         "CASSANDRA_PORT": "$CASSANDRA_PORT",
200 |         "KAFKA_HOST": "$KAFKA_HOST",
201 |         "KAFKA_PORT": "$KAFKA_PORT"
202 |     },
203 |     "upgradeStrategy": {
204 |        "minimumHealthCapacity": 0
205 |     },
206 |     "dependencies": ["/bus-demo/ingest"],
207 |     "healthChecks": [
208 |         {
209 |           "path": "/",
210 |           "protocol": "HTTP",
211 |           "gracePeriodSeconds": 300,
212 |           "intervalSeconds": 60,
213 |           "timeoutSeconds": 20,
214 |           "maxConsecutiveFailures": 3,
215 |           "ignoreHttp1xx": false,
216 |           "port": 8000
217 |         }
218 |     ],
219 |     "cpus": 0.1,
220 |     "mem": 2048.0
221 | }
222 | EOF
223 |     dcos marathon app add /opt/smack/conf/dashboard.json
224 | }
225 | 
226 | function install_smack {
227 |     dcos package install --yes cassandra --package-version=1.0.16-3.0.8
228 |     dcos package install --cli cassandra
229 |     dcos package install --yes kafka --package-version=1.1.9-0.10.0.0
230 |     dcos package install --cli kafka
231 |     dcos package install --yes spark --package-version=1.0.2-2.0.0
232 |     dcos package install --cli spark
233 |     dcos package install --yes zeppelin --package-version=0.6.0
234 | }
235 | 
236 | init
237 | install_oracle_java                 #need for same commandline extension like kafka
238 | waited_until_marathon_is_running
239 | waited_until_dns_is_ready
240 | install_dcos_cli
241 | install_smack
242 | waited_until_kafka_is_running
243 | export_kafka_connection
244 | waited_until_cassandra_is_running
245 | export_cassandra_connection
246 | init_cassandra_schema
247 | init_ingest_app
248 | waited_until_spark_is_running
249 | init_spark_jobs
250 | init_dasboard
251 | 
252 | 


--------------------------------------------------------------------------------
/dhcp_options.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_vpc_dhcp_options" "dcos" {
 2 |   domain_name = "${var.aws_region}.${lookup(var.dns_domainnames, var.aws_region)}"
 3 |   domain_name_servers = ["AmazonProvidedDNS"]
 4 | }
 5 | 
 6 | resource "aws_vpc_dhcp_options_association" "dcos" {
 7 |   vpc_id = "${aws_vpc.dcos.id}"
 8 |   dhcp_options_id = "${aws_vpc_dhcp_options.dcos.id}"
 9 | }
10 | 


--------------------------------------------------------------------------------
/doc/images/dcos.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zutherb/terraform-dcos/68c554db01d44c5cd066bcde70299d8ca978e8e1/doc/images/dcos.png


--------------------------------------------------------------------------------
/host_keys.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_iam_access_key" "host_keys" {
 2 |   user = "${aws_iam_user.dcos.name}"
 3 | }
 4 | 
 5 | resource "aws_iam_user" "dcos" {
 6 |   name = "dcos-${var.stack_name}"
 7 | }
 8 | 
 9 | resource "aws_iam_user_policy" "dcos" {
10 |     name = "dcos"
11 |     user = "${aws_iam_user.dcos.name}"
12 |     policy = <<EOF
13 | {
14 |   "Statement": [
15 |     {
16 |       "Resource": [
17 |         "arn:aws:s3:::${aws_s3_bucket.exhibitor.id}/*",
18 |         "arn:aws:s3:::${aws_s3_bucket.exhibitor.id}"
19 |       ],
20 |       "Action": [
21 |         "s3:AbortMultipartUpload",
22 |         "s3:DeleteObject",
23 |         "s3:GetBucketAcl",
24 |         "s3:GetBucketPolicy",
25 |         "s3:GetObject",
26 |         "s3:GetObjectAcl",
27 |         "s3:ListBucket",
28 |         "s3:ListBucketMultipartUploads",
29 |         "s3:ListMultipartUploadParts",
30 |         "s3:PutObject",
31 |         "s3:PutObjectAcl"
32 |       ],
33 |       "Effect": "Allow"
34 |     },
35 |     {
36 |       "Resource": "*",
37 |       "Action": [
38 |         "ec2:DescribeKeyPairs",
39 |         "ec2:DescribeSubnets",
40 |         "autoscaling:DescribeLaunchConfigurations",
41 |         "autoscaling:UpdateAutoScalingGroup",
42 |         "autoscaling:DescribeAutoScalingGroups",
43 |         "autoscaling:DescribeScalingActivities",
44 |         "elasticloadbalancing:DescribeLoadBalancers"
45 |       ],
46 |       "Effect": "Allow"
47 |     }
48 |   ],
49 |   "Version": "2012-10-17"
50 | }
51 | EOF
52 | }
53 | 


--------------------------------------------------------------------------------
/internal_master_load_balancer.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_elb" "internal_master" {
 2 |   name = "master-${var.elb_version}-load-balancer"
 3 |   internal = true
 4 |   subnets = ["${aws_subnet.master.id}"]
 5 | 
 6 |   security_groups = [
 7 |     "${aws_security_group.master_lb.id}",
 8 |     "${aws_security_group.admin.id}",
 9 |     "${aws_security_group.slave.id}",
10 |     "${aws_security_group.public_slave.id}",
11 |     "${aws_security_group.master.id}"
12 |   ]
13 | 
14 |   health_check {
15 |     healthy_threshold = 2
16 |     unhealthy_threshold = 2
17 |     timeout = 5
18 |     target = "HTTP:5050/health"
19 |     interval = 30
20 |   }
21 | 
22 |   listener {
23 |     instance_port = 5050
24 |     instance_protocol = "http"
25 |     lb_port = 5050
26 |     lb_protocol = "http"
27 |   }
28 | 
29 |   listener {
30 |     instance_port = 2181
31 |     instance_protocol = "tcp"
32 |     lb_port = 2181
33 |     lb_protocol = "tcp"
34 |   }
35 | 
36 |   listener {
37 |     instance_port = 8181
38 |     instance_protocol = "http"
39 |     lb_port = 8181
40 |     lb_protocol = "http"
41 |   }
42 | 
43 | 
44 |   listener {
45 |     instance_port = 80
46 |     instance_protocol = "http"
47 |     lb_port = 80
48 |     lb_protocol = "http"
49 |   }
50 | 
51 |   listener {
52 |     instance_port = 443
53 |     instance_protocol = "tcp"
54 |     lb_port = 443
55 |     lb_protocol = "tcp"
56 |   }
57 | 
58 |   listener {
59 |     instance_port = 8080
60 |     instance_protocol = "http"
61 |     lb_port = 8080
62 |     lb_protocol = "http"
63 |   }
64 | }
65 | 


--------------------------------------------------------------------------------
/internet_gateway.tf:
--------------------------------------------------------------------------------
1 | resource "aws_internet_gateway" "dcos" {
2 |   vpc_id = "${aws_vpc.dcos.id}"
3 | 
4 |   tags {
5 |     Application = "${var.stack_name}"
6 |     Network = "Public"
7 |   }
8 | }
9 | 


--------------------------------------------------------------------------------
/key_pair.tf:
--------------------------------------------------------------------------------
1 | resource "aws_key_pair" "dcos" {
2 |   key_name = "dcos-${var.stack_name}"
3 |   public_key = "${var.ssh_public_key}"
4 | }
5 | 


--------------------------------------------------------------------------------
/lb_security_group.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_security_group" "master_lb" {
 2 |   name = "master_lb"
 3 |   description = "Mesos Master LB"
 4 | 
 5 |   vpc_id = "${aws_vpc.dcos.id}"
 6 | }
 7 | 
 8 | resource "aws_security_group_rule" "master_lb_ingress_slave_2181" {
 9 |   security_group_id = "${aws_security_group.master_lb.id}"
10 | 
11 |   type = "ingress"
12 |   from_port = 2181
13 |   to_port = 2181
14 |   protocol = "tcp"
15 |   source_security_group_id = "${aws_security_group.slave.id}"
16 | }
17 | 
18 | resource "aws_security_group_rule" "master_lb_egress_all" {
19 |   security_group_id = "${aws_security_group.master_lb.id}"
20 | 
21 |   type = "egress"
22 |   from_port = 0
23 |   to_port = 65535
24 |   protocol = "-1"
25 |   cidr_blocks = ["0.0.0.0/0"]
26 | }
27 | 


--------------------------------------------------------------------------------
/master_instance_profile.tf:
--------------------------------------------------------------------------------
1 | resource "aws_iam_instance_profile" "master" {
2 |   name = "master-${var.stack_name}"
3 |   path = "/"
4 | 
5 |   roles = ["${aws_iam_role.master.name}"]
6 | }
7 | 


--------------------------------------------------------------------------------
/master_launch_configuration.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_launch_configuration" "master" {
 2 |   iam_instance_profile = "${aws_iam_instance_profile.master.id}"
 3 |   security_groups = [
 4 |     "${aws_security_group.master.id}",
 5 |     "${aws_security_group.admin.id}"
 6 |   ]
 7 |   image_id = "${lookup(var.coreos_amis, var.aws_region)}"
 8 |   instance_type = "${var.master_instance_type}"
 9 |   key_name = "${aws_key_pair.dcos.key_name}"
10 |   user_data = "${data.template_file.master_user_data.rendered}"
11 |   associate_public_ip_address = false
12 | 
13 |   lifecycle {
14 |     create_before_destroy = false
15 |   }
16 | }
17 | 
18 | data "template_file" "master_user_data" {
19 |   template = "${file("${path.module}/master_user_data.yml")}"
20 | 
21 |   vars {
22 |     authentication_enabled      = "${var.authentication_enabled}"
23 |     bootstrap_id                = "${var.bootstrap_id}"
24 |     stack_name                  = "${var.stack_name}"
25 |     aws_region                  = "${var.aws_region}"
26 |     cluster_packages            = "${var.cluster_packages}"
27 |     aws_access_key_id           = "${aws_iam_access_key.host_keys.id}"
28 |     aws_secret_access_key       = "${aws_iam_access_key.host_keys.secret}"
29 |     fallback_dns                = "${var.fallback_dns}"
30 |     internal_master_lb_dns_name = "${aws_elb.internal_master.dns_name}"
31 |     public_lb_dns_name          = "${aws_elb.public_slaves.dns_name}"
32 |     exhibitor_s3_bucket         = "${aws_s3_bucket.exhibitor.id}"
33 |     dcos_base_download_url      = "${var.dcos_base_download_url}"
34 |   }
35 | }
36 | 


--------------------------------------------------------------------------------
/master_role.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_iam_role" "master" {
 2 |     name = "master-${var.stack_name}"
 3 |     path = "/"
 4 |     assume_role_policy = <<EOF
 5 | {
 6 |   "Statement": [
 7 |     {
 8 |       "Principal": {
 9 |         "Service": [
10 |           "ec2.amazonaws.com"
11 |         ]
12 |       },
13 |       "Action": [
14 |         "sts:AssumeRole"
15 |       ],
16 |       "Effect": "Allow"
17 |     }
18 |   ],
19 |   "Version": "2012-10-17"
20 | }
21 | EOF
22 | }
23 | 
24 | resource "aws_iam_role_policy" "master" {
25 |     name = "master"
26 |     role = "${aws_iam_role.master.id}"
27 |     policy = <<EOF
28 | {
29 |   "Statement": [
30 |     {
31 |       "Resource": [
32 |         "arn:aws:s3:::${aws_s3_bucket.exhibitor.id}/*",
33 |         "arn:aws:s3:::${aws_s3_bucket.exhibitor.id}"
34 |       ],
35 |       "Action": [
36 |         "s3:AbortMultipartUpload",
37 |         "s3:DeleteObject",
38 |         "s3:GetBucketAcl",
39 |         "s3:GetBucketPolicy",
40 |         "s3:GetObject",
41 |         "s3:GetObjectAcl",
42 |         "s3:ListBucket",
43 |         "s3:ListBucketMultipartUploads",
44 |         "s3:ListMultipartUploadParts",
45 |         "s3:PutObject",
46 |         "s3:PutObjectAcl"
47 |       ],
48 |       "Effect": "Allow"
49 |     },
50 |     {
51 |       "Resource": "*",
52 |       "Action": [
53 |         "ec2:DescribeKeyPairs",
54 |         "ec2:DescribeSubnets",
55 |         "autoscaling:DescribeLaunchConfigurations",
56 |         "autoscaling:UpdateAutoScalingGroup",
57 |         "autoscaling:DescribeAutoScalingGroups",
58 |         "autoscaling:DescribeScalingActivities",
59 |         "elasticloadbalancing:DescribeLoadBalancers"
60 |       ],
61 |       "Effect": "Allow"
62 |     }
63 |   ],
64 |   "Version": "2012-10-17"
65 | }
66 | EOF
67 | }
68 | 


--------------------------------------------------------------------------------
/master_route_table.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_route_table" "master" {
 2 |   vpc_id = "${aws_vpc.dcos.id}"
 3 | 
 4 |   route {
 5 |     cidr_block = "0.0.0.0/0"
 6 |     instance_id = "${aws_instance.nat.id}"
 7 |   }
 8 | 
 9 |   tags {
10 |     Application = "${var.stack_name}"
11 |     Network = "Master"
12 |   }
13 | }
14 | 


--------------------------------------------------------------------------------
/master_security_group.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_security_group" "master" {
 2 |   name = "master-${var.stack_name}"
 3 |   description = "Mesos Masters"
 4 | 
 5 |   vpc_id = "${aws_vpc.dcos.id}"
 6 | }
 7 | 
 8 | resource "aws_security_group_rule" "master_egress_all" {
 9 |   security_group_id = "${aws_security_group.master.id}"
10 | 
11 |   type = "egress"
12 |   from_port = 0
13 |   to_port = 65535
14 |   protocol = "-1"
15 |   cidr_blocks = ["0.0.0.0/0"]
16 | }
17 | 
18 | resource "aws_security_group_rule" "master_ingress_master" {
19 |   security_group_id = "${aws_security_group.master.id}"
20 | 
21 |   type = "ingress"
22 |   from_port = 0
23 |   to_port = 65535
24 |   protocol = "-1"
25 |   self = true
26 | }
27 | 
28 | resource "aws_security_group_rule" "master_ingress_public_slave" {
29 |   security_group_id = "${aws_security_group.master.id}"
30 | 
31 |   type = "ingress"
32 |   from_port = 0
33 |   to_port = 65535
34 |   protocol = "-1"
35 |   source_security_group_id = "${aws_security_group.public_slave.id}"
36 | }
37 | 
38 | resource "aws_security_group_rule" "master_ingress_slave" {
39 |   security_group_id = "${aws_security_group.master.id}"
40 | 
41 |   type = "ingress"
42 |   from_port = 0
43 |   to_port = 65535
44 |   protocol = "-1"
45 |   source_security_group_id = "${aws_security_group.slave.id}"
46 | }
47 | 
48 | resource "aws_security_group_rule" "master_ingress_master_lb_5050" {
49 |   security_group_id = "${aws_security_group.master.id}"
50 | 
51 |   type = "ingress"
52 |   from_port = 5050
53 |   to_port = 5050
54 |   protocol = "tcp"
55 |   source_security_group_id = "${aws_security_group.master_lb.id}"
56 | }
57 | 
58 | resource "aws_security_group_rule" "master_ingress_master_lb_80" {
59 |   security_group_id = "${aws_security_group.master.id}"
60 | 
61 |   type = "ingress"
62 |   from_port = 80
63 |   to_port = 80
64 |   protocol = "tcp"
65 |   source_security_group_id = "${aws_security_group.master_lb.id}"
66 | }
67 | 
68 | resource "aws_security_group_rule" "master_ingress_master_lb_8080" {
69 |   security_group_id = "${aws_security_group.master.id}"
70 | 
71 |   type = "ingress"
72 |   from_port = 8080
73 |   to_port = 8080
74 |   protocol = "tcp"
75 |   source_security_group_id = "${aws_security_group.master_lb.id}"
76 | }
77 | 
78 | resource "aws_security_group_rule" "master_ingress_master_lb_8081" {
79 |   security_group_id = "${aws_security_group.master.id}"
80 | 
81 |   type = "ingress"
82 |   from_port = 8081
83 |   to_port = 8081
84 |   protocol = "tcp"
85 |   source_security_group_id = "${aws_security_group.master_lb.id}"
86 | }
87 | 
88 | resource "aws_security_group_rule" "master_ingress_master_lb_2181" {
89 |   security_group_id = "${aws_security_group.master.id}"
90 | 
91 |   type = "ingress"
92 |   from_port = 2181
93 |   to_port = 2181
94 |   protocol = "tcp"
95 |   source_security_group_id = "${aws_security_group.master_lb.id}"
96 | }
97 | 


--------------------------------------------------------------------------------
/master_server_group.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_autoscaling_group" "master_server_group" {
 2 |   name = "Masters-${var.stack_name}"
 3 | 
 4 |   min_size = "${var.master_instance_count}"
 5 |   max_size = "${var.master_instance_count}"
 6 |   desired_capacity = "${var.master_instance_count}"
 7 | 
 8 |   load_balancers = ["${aws_elb.internal_master.id}"]
 9 | 
10 |   vpc_zone_identifier = ["${aws_subnet.master.id}"]
11 |   launch_configuration = "${aws_launch_configuration.master.id}"
12 | 
13 |   tag {
14 |     key = "role"
15 |     value = "mesos-master"
16 |     propagate_at_launch = true
17 |   }
18 | 
19 |   lifecycle {
20 |     create_before_destroy = false
21 |   }
22 | }
23 | 


--------------------------------------------------------------------------------
/master_subnet.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_subnet" "master" {
 2 |   vpc_id = "${aws_vpc.dcos.id}"
 3 |   cidr_block = "${var.master_subnet_range}"
 4 | 
 5 |   tags {
 6 |     Application = "${var.stack_name}"
 7 |     Network = "Master"
 8 |   }
 9 | }
10 | 


--------------------------------------------------------------------------------
/master_subnet_network_acl_association.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_network_acl" "master" {
 2 |   vpc_id = "${aws_vpc.dcos.id}"
 3 |   subnet_ids = ["${aws_subnet.master.id}"]
 4 | 
 5 |   egress {
 6 |     protocol = "-1"
 7 |     rule_no = 100
 8 |     action = "allow"
 9 |     cidr_block =  "0.0.0.0/0"
10 |     from_port = 0
11 |     to_port = 0
12 |   }
13 | 
14 |   ingress {
15 |     protocol = "-1"
16 |     rule_no = 100
17 |     action = "allow"
18 |     cidr_block =  "0.0.0.0/0"
19 |     from_port = 0
20 |     to_port = 0
21 |   }
22 | 
23 |   tags {
24 |     Application = "${var.stack_name}"
25 |     Network = "Master"
26 |   }
27 | }
28 | 


--------------------------------------------------------------------------------
/master_subnet_route_table_association.tf:
--------------------------------------------------------------------------------
1 | resource "aws_route_table_association" "master" {
2 |   subnet_id = "${aws_subnet.master.id}"
3 |   route_table_id = "${aws_route_table.master.id}"
4 | }
5 | 


--------------------------------------------------------------------------------
/master_user_data.yml:
--------------------------------------------------------------------------------
  1 | #cloud-config
  2 | "coreos":
  3 |   "units":
  4 |   - "command": |-
  5 |       start
  6 |     "content": |
  7 |       [Unit]
  8 |       Description=AWS Setup: Formats the /var/lib ephemeral drive
  9 |       Before=var-lib.mount dbus.service
 10 |       [Service]
 11 |       Type=oneshot
 12 |       RemainAfterExit=yes
 13 |       ExecStart=/bin/bash -c "(blkid -t TYPE=ext4 | grep xvdb) || (/usr/sbin/mkfs.ext4 -F /dev/xvdb)"
 14 |     "name": |-
 15 |       format-var-lib-ephemeral.service
 16 |   - "command": |-
 17 |       start
 18 |     "content": |
 19 |       [Unit]
 20 |       Description=AWS Setup: Mount /var/lib
 21 |       Before=dbus.service
 22 |       [Mount]
 23 |       What=/dev/xvdb
 24 |       Where=/var/lib
 25 |       Type=ext4
 26 |     "name": |-
 27 |       var-lib.mount
 28 |   - "command": |-
 29 |       stop
 30 |     "mask": !!bool |-
 31 |       true
 32 |     "name": |-
 33 |       etcd.service
 34 |   - "command": |-
 35 |       stop
 36 |     "mask": !!bool |-
 37 |       true
 38 |     "name": |-
 39 |       update-engine.service
 40 |   - "command": |-
 41 |       stop
 42 |     "mask": !!bool |-
 43 |       true
 44 |     "name": |-
 45 |       locksmithd.service
 46 |   - "command": |-
 47 |       stop
 48 |     "name": |-
 49 |       systemd-resolved.service
 50 |   - "command": |-
 51 |       restart
 52 |     "name": |-
 53 |       systemd-journald.service
 54 |   - "command": |-
 55 |       restart
 56 |     "name": |-
 57 |       docker.service
 58 |   - "command": |-
 59 |       start
 60 |     "content": |
 61 |       [Unit]
 62 |       Before=dcos.target
 63 |       [Service]
 64 |       Type=oneshot
 65 |       StandardOutput=journal+console
 66 |       StandardError=journal+console
 67 |       ExecStartPre=/usr/bin/mkdir -p /etc/profile.d
 68 |       ExecStart=/usr/bin/ln -sf /opt/mesosphere/environment.export /etc/profile.d/dcos.sh
 69 |     "name": |-
 70 |       dcos-link-env.service
 71 |   - "content": |
 72 |       [Unit]
 73 |       Description=Pkgpanda: Download DC/OS to this host.
 74 |       After=network-online.target
 75 |       Wants=network-online.target
 76 |       ConditionPathExists=!/opt/mesosphere/
 77 |       [Service]
 78 |       Type=oneshot
 79 |       StandardOutput=journal+console
 80 |       StandardError=journal+console
 81 |       ExecStartPre=/usr/bin/curl --keepalive-time 2 -fLsSv --retry 20 -Y 100000 -y 60 -o /tmp/bootstrap.tar.xz ${dcos_base_download_url}/bootstrap/${bootstrap_id}.bootstrap.tar.xz
 82 |       ExecStartPre=/usr/bin/mkdir -p /opt/mesosphere
 83 |       ExecStart=/usr/bin/tar -axf /tmp/bootstrap.tar.xz -C /opt/mesosphere
 84 |       ExecStartPost=-/usr/bin/rm -f /tmp/bootstrap.tar.xz
 85 |     "name": |-
 86 |       dcos-download.service
 87 |   - "command": |-
 88 |       start
 89 |     "content": |
 90 |       [Unit]
 91 |       Description=Pkgpanda: Specialize DC/OS for this host.
 92 |       Requires=dcos-download.service
 93 |       After=dcos-download.service
 94 |       [Service]
 95 |       Type=oneshot
 96 |       StandardOutput=journal+console
 97 |       StandardError=journal+console
 98 |       EnvironmentFile=/opt/mesosphere/environment
 99 |       ExecStart=/opt/mesosphere/bin/pkgpanda setup --no-block-systemd
100 |       [Install]
101 |       WantedBy=multi-user.target
102 |     "enable": !!bool |-
103 |       true
104 |     "name": |-
105 |       dcos-setup.service
106 |   "update":
107 |     "reboot-strategy": |-
108 |       off
109 | "write_files":
110 | - "content": |
111 |     ${dcos_base_download_url}
112 |   "owner": |-
113 |     root
114 |   "path": |-
115 |     /etc/mesosphere/setup-flags/repository-url
116 |   "permissions": |-
117 |     0644
118 | - "content": |
119 | ${cluster_packages}
120 |   "owner": |-
121 |     root
122 |   "path": |-
123 |     /etc/mesosphere/setup-flags/cluster-packages.json
124 |   "permissions": |-
125 |     0644
126 | - "content": |
127 |     [Journal]
128 |     MaxLevelConsole=warning
129 |     RateLimitInterval=1s
130 |     RateLimitBurst=20000
131 |   "owner": |-
132 |     root
133 |   "path": |-
134 |     /etc/systemd/journald.conf.d/dcos.conf
135 |   "permissions": |-
136 |     0644
137 | - "content": |
138 |     rexray:
139 |       loglevel: info
140 |       modules:
141 |         default-admin:
142 |           host: tcp://127.0.0.1:61003
143 |       storageDrivers:
144 |       - ec2
145 |       volume:
146 |         unmount:
147 |           ignoreusedcount: true
148 |   "path": |-
149 |     /etc/rexray/config.yml
150 |   "permissions": |-
151 |     0644
152 | - "content": |
153 |     MESOS_CLUSTER=${stack_name}
154 |   "path": |-
155 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/mesos-master-provider
156 | - "content": |
157 |     ADMINROUTER_ACTIVATE_AUTH_MODULE=${authentication_enabled}
158 |   "path": |-
159 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/adminrouter.env
160 | - "content": |
161 |     com.netflix.exhibitor.s3.access-key-id=${aws_access_key_id}
162 |     com.netflix.exhibitor.s3.access-secret-key=${aws_secret_access_key}
163 |   "path": |-
164 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/exhibitor.properties
165 | - "content": |
166 |     MASTER_SOURCE=exhibitor_uri
167 |     EXHIBITOR_URI=http://${internal_master_lb_dns_name}:8181/exhibitor/v1/cluster/status
168 |     EXHIBITOR_ADDRESS=${internal_master_lb_dns_name}
169 |     RESOLVERS=${fallback_dns}
170 |   "path": |-
171 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/dns_config
172 | - "content": |
173 |     EXHIBITOR_BACKEND=AWS_S3
174 |     AWS_REGION=${aws_region}
175 |     AWS_S3_BUCKET=${exhibitor_s3_bucket}
176 |     AWS_S3_PREFIX=${stack_name}
177 |   "path": |-
178 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/exhibitor
179 | - "content": |
180 |     {"uiConfiguration":{"plugins":{"banner":{"enabled":false,"backgroundColor":"#1E232F","foregroundColor":"#FFFFFF","headerTitle":null,"headerContent":null,"footerContent":null,"imagePath":null,"dismissible":null},"branding":{"enabled":false},"external-links": {"enabled": false},
181 | 
182 |     "authentication":{"enabled":false},
183 | 
184 |     "oauth":{"enabled":${authentication_enabled},"authHost":"https://dcos.auth0.com"},
185 | 
186 | 
187 |     "tracking":{"enabled":true}}}}
188 |   "path": |-
189 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/ui-config.json
190 | - "content": |
191 |     INTERNAL_MASTER_LB_DNSNAME=${internal_master_lb_dns_name}
192 |     MASTER_LB_DNSNAME=${public_lb_dns_name}
193 |   "path": |-
194 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/aws_dnsnames
195 | - "content": |-
196 |     {}
197 |   "path": |-
198 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/pkginfo.json
199 | - "content": ""
200 |   "path": |-
201 |     /etc/mesosphere/roles/master
202 | - "content": ""
203 |   "path": |-
204 |     /etc/mesosphere/roles/aws_master
205 | - "content": ""
206 |   "path": |-
207 |     /etc/mesosphere/roles/aws
208 | 


--------------------------------------------------------------------------------
/multi-master.cloudformation.json:
--------------------------------------------------------------------------------
   1 | {
   2 |   "Parameters": {
   3 |     "OAuthEnabled": {
   4 |       "AllowedValues": [
   5 |         "true",
   6 |         "false"
   7 |       ],
   8 |       "Description": "\nEnable OAuth authentication",
   9 |       "Type": "String",
  10 |       "Default": "true"
  11 |     },
  12 |     "KeyName": {
  13 |       "Description": "Required: Specify your AWS EC2 Key Pair.",
  14 |       "Type": "AWS::EC2::KeyPair::KeyName"
  15 |     },
  16 |     "SlaveInstanceCount": {
  17 |       "Description": "Required: Specify the number of private agent nodes or accept the default.",
  18 |       "Type": "Number",
  19 |       "Default": "5"
  20 |     },
  21 |     "PublicSlaveInstanceCount": {
  22 |       "Description": "Required: Specify the number of public agent nodes or accept the default.",
  23 |       "Type": "Number",
  24 |       "Default": "1"
  25 |     },
  26 |     "AdminLocation": {
  27 |       "Default": "0.0.0.0/0",
  28 |       "Type": "String",
  29 |       "AllowedPattern": "^([0-9]+\\.){3}[0-9]+\\/[0-9]+$",
  30 |       "MinLength": "9",
  31 |       "MaxLength": "18",
  32 |       "Description": "Optional: Specify the IP range to whitelist for access to the admin zone. Must be a valid CIDR.",
  33 |       "ConstraintDescription": "must be a valid CIDR."
  34 |     }
  35 |   },
  36 |   "Mappings": {
  37 |     "Parameters": {
  38 |       "PrivateSubnetRange": {
  39 |         "default": "10.0.0.0/22"
  40 |       },
  41 |       "StackCreationTimeout": {
  42 |         "default": "PT45M"
  43 |       },
  44 |       "PublicSubnetRange": {
  45 |         "default": "10.0.4.0/22"
  46 |       },
  47 |       "SlaveInstanceType": {
  48 |         "default": "m3.xlarge"
  49 |       },
  50 |       "VPCSubnetRange": {
  51 |         "default": "10.0.0.0/16"
  52 |       },
  53 |       "PublicSlaveInstanceType": {
  54 |         "default": "m3.xlarge"
  55 |       },
  56 |       "MasterInstanceType": {
  57 |         "default": "m3.xlarge"
  58 |       }
  59 |     },
  60 |     "NATAmi": {
  61 |       "eu-central-1": {
  62 |         "default": "ami-204c7a3d"
  63 |       },
  64 |       "eu-west-1": {
  65 |         "default": "ami-3760b040"
  66 |       },
  67 |       "us-west-2": {
  68 |         "default": "ami-bb69128b"
  69 |       },
  70 |       "us-west-1": {
  71 |         "default": "ami-2b2b296e"
  72 |       },
  73 |       "sa-east-1": {
  74 |         "default": "ami-b972dba4"
  75 |       },
  76 |       "ap-southeast-1": {
  77 |         "default": "ami-b082dae2"
  78 |       },
  79 |       "us-gov-west-1": {
  80 |         "default": "ami-e8ab1489"
  81 |       },
  82 |       "us-east-1": {
  83 |         "default": "ami-4c9e4b24"
  84 |       },
  85 |       "ap-southeast-2": {
  86 |         "default": "ami-996402a3"
  87 |       },
  88 |       "ap-northeast-1": {
  89 |         "default": "ami-55c29e54"
  90 |       }
  91 |     },
  92 |     "RegionToAmi": {
  93 |       "eu-central-1": {
  94 |         "stable": "ami-3ae31555"
  95 |       },
  96 |       "eu-west-1": {
  97 |         "stable": "ami-b7cba3c4"
  98 |       },
  99 |       "us-gov-west-1": {
 100 |         "stable": "ami-b712acd6"
 101 |       },
 102 |       "us-west-1": {
 103 |         "stable": "ami-ee57148e"
 104 |       },
 105 |       "us-west-2": {
 106 |         "stable": "ami-dc6ba3bc"
 107 |       },
 108 |       "sa-east-1": {
 109 |         "stable": "ami-61e3750d"
 110 |       },
 111 |       "ap-southeast-1": {
 112 |         "stable": "ami-3120fe52"
 113 |       },
 114 |       "us-east-1": {
 115 |         "stable": "ami-6d138f7a"
 116 |       },
 117 |       "ap-southeast-2": {
 118 |         "stable": "ami-b1291dd2"
 119 |       },
 120 |       "ap-northeast-1": {
 121 |         "stable": "ami-965899f7"
 122 |       }
 123 |     }
 124 |   },
 125 |   "Conditions": {
 126 |     "RegionIsUsEast1": {
 127 |       "Fn::Equals": [
 128 |         {
 129 |           "Ref": "AWS::Region"
 130 |         },
 131 |         "us-east-1"
 132 |       ]
 133 |     },
 134 |     "RegionIsUsGovWest1": {
 135 |       "Fn::Equals": [
 136 |         {
 137 |           "Ref": "AWS::Region"
 138 |         },
 139 |         "us-gov-west-1"
 140 |       ]
 141 |     }
 142 |   },
 143 |   "Outputs": {
 144 |     "ExhibitorS3Bucket": {
 145 |       "Value": {
 146 |         "Ref": "ExhibitorS3Bucket"
 147 |       },
 148 |       "Description": "Exhibitor S3 bucket name"
 149 |     },
 150 |     "PublicSlaveDnsAddress": {
 151 |       "Value": {
 152 |         "Fn::GetAtt": [
 153 |           "PublicSlaveLoadBalancer",
 154 |           "DNSName"
 155 |         ]
 156 |       },
 157 |       "Description": "Public slaves"
 158 |     },
 159 |     "DnsAddress": {
 160 |       "Value": {
 161 |         "Fn::GetAtt": [
 162 |           "ElasticLoadBalancer",
 163 |           "DNSName"
 164 |         ]
 165 |       },
 166 |       "Description": "Mesos Master"
 167 |     }
 168 |   },
 169 |   "Metadata": {
 170 |     "DcosImageCommit": "1b43ff7a0b9124db9439299b789f2e2dc3cc086c",
 171 |     "TemplateGenerationDate": "2016-11-15 18:07:47.173102",
 172 |     "AWS::CloudFormation::Designer": {
 173 |       "d5b2427f-2b9a-4f4b-8c23-048ebed12e67": {
 174 |         "size": {
 175 |           "width": 1050,
 176 |           "height": 960
 177 |         },
 178 |         "position": {
 179 |           "x": 60,
 180 |           "y": 90
 181 |         },
 182 |         "z": 1,
 183 |         "embeds": [
 184 |           "4ea2bcf9-8d10-4d8c-a95c-7c26d34ac218",
 185 |           "88e3d525-46fb-4b89-8384-31128d6806de",
 186 |           "8e56741d-9bf9-4797-9232-44f160a4fbba",
 187 |           "52026ae4-243c-4998-a8b4-5c6f161d4f68",
 188 |           "33a2115a-76e8-4187-acb8-dea920b41268",
 189 |           "4da6ce07-f059-4e52-8654-22e92bfbd005",
 190 |           "57daeaa5-0b4c-483f-aac5-4e5f3bdc25b8",
 191 |           "9b179aeb-9cb0-4e25-b3d5-84af58742c0b",
 192 |           "62825da7-6349-43c0-ab3b-65daada471ab",
 193 |           "9189a3bb-2eda-4819-aada-5da61395e962",
 194 |           "0f8e4454-f877-4695-aa84-a760773aaa9c"
 195 |         ]
 196 |       },
 197 |       "cab5ed47-4f4b-4804-9234-c9ee128ff1e2": {
 198 |         "size": {
 199 |           "width": 60,
 200 |           "height": 60
 201 |         },
 202 |         "position": {
 203 |           "x": 60,
 204 |           "y": 1110
 205 |         },
 206 |         "z": 1,
 207 |         "embeds": []
 208 |       },
 209 |       "4ea2bcf9-8d10-4d8c-a95c-7c26d34ac218": {
 210 |         "size": {
 211 |           "width": 60,
 212 |           "height": 60
 213 |         },
 214 |         "position": {
 215 |           "x": 780,
 216 |           "y": 660
 217 |         },
 218 |         "z": 2,
 219 |         "parent": "d5b2427f-2b9a-4f4b-8c23-048ebed12e67",
 220 |         "embeds": []
 221 |       },
 222 |       "88e3d525-46fb-4b89-8384-31128d6806de": {
 223 |         "size": {
 224 |           "width": 60,
 225 |           "height": 60
 226 |         },
 227 |         "position": {
 228 |           "x": 900,
 229 |           "y": 660
 230 |         },
 231 |         "z": 2,
 232 |         "parent": "d5b2427f-2b9a-4f4b-8c23-048ebed12e67",
 233 |         "embeds": []
 234 |       },
 235 |       "fd313ee3-6bd1-4df4-8012-f4723ad2c159": {
 236 |         "size": {
 237 |           "width": 60,
 238 |           "height": 60
 239 |         },
 240 |         "position": {
 241 |           "x": 180,
 242 |           "y": 1110
 243 |         },
 244 |         "z": 1,
 245 |         "embeds": [],
 246 |         "dependson": [
 247 |           "d5b2427f-2b9a-4f4b-8c23-048ebed12e67"
 248 |         ]
 249 |       },
 250 |       "8e56741d-9bf9-4797-9232-44f160a4fbba": {
 251 |         "size": {
 252 |           "width": 240,
 253 |           "height": 240
 254 |         },
 255 |         "position": {
 256 |           "x": 780,
 257 |           "y": 150
 258 |         },
 259 |         "z": 2,
 260 |         "parent": "d5b2427f-2b9a-4f4b-8c23-048ebed12e67",
 261 |         "embeds": [
 262 |           "dbfc2220-a350-4cef-b15d-0c4bb6089eb3"
 263 |         ]
 264 |       },
 265 |       "0c455641-9cd7-4986-b538-0edd4695595f": {
 266 |         "size": {
 267 |           "width": 60,
 268 |           "height": 60
 269 |         },
 270 |         "position": {
 271 |           "x": 300,
 272 |           "y": 1110
 273 |         },
 274 |         "z": 1,
 275 |         "embeds": []
 276 |       },
 277 |       "dcea6d48-51e2-47e7-adbe-e312628000e5": {
 278 |         "source": {
 279 |           "id": "cab5ed47-4f4b-4804-9234-c9ee128ff1e2"
 280 |         },
 281 |         "target": {
 282 |           "id": "d5b2427f-2b9a-4f4b-8c23-048ebed12e67"
 283 |         }
 284 |       },
 285 |       "bfbf5330-8679-42a0-8f75-ba4a51f5ef2c": {
 286 |         "size": {
 287 |           "width": 60,
 288 |           "height": 60
 289 |         },
 290 |         "position": {
 291 |           "x": 420,
 292 |           "y": 1110
 293 |         },
 294 |         "z": 1,
 295 |         "embeds": []
 296 |       },
 297 |       "d44cb758-3292-4763-a962-7f1ea3c68d96": {
 298 |         "size": {
 299 |           "width": 60,
 300 |           "height": 60
 301 |         },
 302 |         "position": {
 303 |           "x": 540,
 304 |           "y": 1110
 305 |         },
 306 |         "z": 1,
 307 |         "embeds": [],
 308 |         "isrelatedto": [
 309 |           "bfbf5330-8679-42a0-8f75-ba4a51f5ef2c"
 310 |         ]
 311 |       },
 312 |       "256ebd61-bd7a-49b2-8820-3f0fd6b5559c": {
 313 |         "size": {
 314 |           "width": 60,
 315 |           "height": 60
 316 |         },
 317 |         "position": {
 318 |           "x": 660,
 319 |           "y": 1110
 320 |         },
 321 |         "z": 1,
 322 |         "embeds": [],
 323 |         "isassociatedwith": [
 324 |           "d44cb758-3292-4763-a962-7f1ea3c68d96"
 325 |         ]
 326 |       },
 327 |       "52026ae4-243c-4998-a8b4-5c6f161d4f68": {
 328 |         "size": {
 329 |           "width": 60,
 330 |           "height": 60
 331 |         },
 332 |         "position": {
 333 |           "x": 90,
 334 |           "y": 750
 335 |         },
 336 |         "z": 2,
 337 |         "parent": "d5b2427f-2b9a-4f4b-8c23-048ebed12e67",
 338 |         "embeds": []
 339 |       },
 340 |       "4112bdf8-fe6a-458f-a9c3-8ee8e81bf936": {
 341 |         "source": {
 342 |           "id": "52026ae4-243c-4998-a8b4-5c6f161d4f68"
 343 |         },
 344 |         "target": {
 345 |           "id": "4ea2bcf9-8d10-4d8c-a95c-7c26d34ac218"
 346 |         }
 347 |       },
 348 |       "b515b1cb-182a-49d9-b397-2b28998dd4dc": {
 349 |         "source": {
 350 |           "id": "4ea2bcf9-8d10-4d8c-a95c-7c26d34ac218"
 351 |         },
 352 |         "target": {
 353 |           "id": "52026ae4-243c-4998-a8b4-5c6f161d4f68"
 354 |         }
 355 |       },
 356 |       "bff9717d-8f5d-4c97-b172-ab099c011fdf": {
 357 |         "size": {
 358 |           "width": 60,
 359 |           "height": 60
 360 |         },
 361 |         "position": {
 362 |           "x": 780,
 363 |           "y": 1110
 364 |         },
 365 |         "z": 1,
 366 |         "embeds": [],
 367 |         "isassociatedwith": [
 368 |           "0c455641-9cd7-4986-b538-0edd4695595f"
 369 |         ]
 370 |       },
 371 |       "33a2115a-76e8-4187-acb8-dea920b41268": {
 372 |         "size": {
 373 |           "width": 240,
 374 |           "height": 240
 375 |         },
 376 |         "position": {
 377 |           "x": 480,
 378 |           "y": 450
 379 |         },
 380 |         "z": 2,
 381 |         "parent": "d5b2427f-2b9a-4f4b-8c23-048ebed12e67",
 382 |         "embeds": [
 383 |           "d6f549af-a2d3-4e97-bd62-23a0464bb518"
 384 |         ],
 385 |         "dependson": [
 386 |           "d5b2427f-2b9a-4f4b-8c23-048ebed12e67"
 387 |         ]
 388 |       },
 389 |       "baffbc7e-9a8c-43ad-81e5-c461e434dc2f": {
 390 |         "source": {
 391 |           "id": "88e3d525-46fb-4b89-8384-31128d6806de"
 392 |         },
 393 |         "target": {
 394 |           "id": "52026ae4-243c-4998-a8b4-5c6f161d4f68"
 395 |         }
 396 |       },
 397 |       "4da6ce07-f059-4e52-8654-22e92bfbd005": {
 398 |         "size": {
 399 |           "width": 60,
 400 |           "height": 60
 401 |         },
 402 |         "position": {
 403 |           "x": 210,
 404 |           "y": 750
 405 |         },
 406 |         "z": 2,
 407 |         "parent": "d5b2427f-2b9a-4f4b-8c23-048ebed12e67",
 408 |         "embeds": []
 409 |       },
 410 |       "57daeaa5-0b4c-483f-aac5-4e5f3bdc25b8": {
 411 |         "size": {
 412 |           "width": 240,
 413 |           "height": 240
 414 |         },
 415 |         "position": {
 416 |           "x": 480,
 417 |           "y": 150
 418 |         },
 419 |         "z": 2,
 420 |         "parent": "d5b2427f-2b9a-4f4b-8c23-048ebed12e67",
 421 |         "embeds": [
 422 |           "797f4a42-5c69-4d82-8942-9ff734b3fb82"
 423 |         ],
 424 |         "dependson": [
 425 |           "d5b2427f-2b9a-4f4b-8c23-048ebed12e67"
 426 |         ]
 427 |       },
 428 |       "7398ff9c-0ee5-4baf-9378-a511efee6387": {
 429 |         "source": {
 430 |           "id": "33a2115a-76e8-4187-acb8-dea920b41268"
 431 |         },
 432 |         "target": {
 433 |           "id": "57daeaa5-0b4c-483f-aac5-4e5f3bdc25b8"
 434 |         }
 435 |       },
 436 |       "9b179aeb-9cb0-4e25-b3d5-84af58742c0b": {
 437 |         "size": {
 438 |           "width": 330,
 439 |           "height": 240
 440 |         },
 441 |         "position": {
 442 |           "x": 90,
 443 |           "y": 450
 444 |         },
 445 |         "z": 2,
 446 |         "parent": "d5b2427f-2b9a-4f4b-8c23-048ebed12e67",
 447 |         "embeds": [
 448 |           "cc0e4bb4-01f3-447e-bb7a-f8710b563375",
 449 |           "573ab7a3-43fe-4ed8-b089-b56525f05b9d"
 450 |         ]
 451 |       },
 452 |       "cc0e4bb4-01f3-447e-bb7a-f8710b563375": {
 453 |         "size": {
 454 |           "width": 60,
 455 |           "height": 60
 456 |         },
 457 |         "position": {
 458 |           "x": 120,
 459 |           "y": 510
 460 |         },
 461 |         "z": 3,
 462 |         "parent": "9b179aeb-9cb0-4e25-b3d5-84af58742c0b",
 463 |         "embeds": []
 464 |       },
 465 |       "573ab7a3-43fe-4ed8-b089-b56525f05b9d": {
 466 |         "size": {
 467 |           "width": 60,
 468 |           "height": 60
 469 |         },
 470 |         "position": {
 471 |           "x": 240,
 472 |           "y": 510
 473 |         },
 474 |         "z": 3,
 475 |         "parent": "9b179aeb-9cb0-4e25-b3d5-84af58742c0b",
 476 |         "embeds": []
 477 |       },
 478 |       "62825da7-6349-43c0-ab3b-65daada471ab": {
 479 |         "size": {
 480 |           "width": 330,
 481 |           "height": 240
 482 |         },
 483 |         "position": {
 484 |           "x": 90,
 485 |           "y": 150
 486 |         },
 487 |         "z": 2,
 488 |         "parent": "d5b2427f-2b9a-4f4b-8c23-048ebed12e67",
 489 |         "embeds": [
 490 |           "af335664-a760-45fe-84f4-1946b6e394bf",
 491 |           "5164d08a-5151-4e9b-9a99-171c457b1096"
 492 |         ]
 493 |       },
 494 |       "af335664-a760-45fe-84f4-1946b6e394bf": {
 495 |         "size": {
 496 |           "width": 60,
 497 |           "height": 60
 498 |         },
 499 |         "position": {
 500 |           "x": 120,
 501 |           "y": 210
 502 |         },
 503 |         "z": 3,
 504 |         "parent": "62825da7-6349-43c0-ab3b-65daada471ab",
 505 |         "embeds": []
 506 |       },
 507 |       "f54e7542-cfe6-4668-b9d6-7fe6173c93c8": {
 508 |         "source": {
 509 |           "id": "62825da7-6349-43c0-ab3b-65daada471ab"
 510 |         },
 511 |         "target": {
 512 |           "id": "57daeaa5-0b4c-483f-aac5-4e5f3bdc25b8"
 513 |         }
 514 |       },
 515 |       "9189a3bb-2eda-4819-aada-5da61395e962": {
 516 |         "size": {
 517 |           "width": 60,
 518 |           "height": 60
 519 |         },
 520 |         "position": {
 521 |           "x": 330,
 522 |           "y": 750
 523 |         },
 524 |         "z": 2,
 525 |         "parent": "d5b2427f-2b9a-4f4b-8c23-048ebed12e67",
 526 |         "embeds": [],
 527 |         "isrelatedto": [
 528 |           "88e3d525-46fb-4b89-8384-31128d6806de"
 529 |         ]
 530 |       },
 531 |       "c63f4cb0-df20-480a-8acd-557e7d47aeb4": {
 532 |         "source": {
 533 |           "id": "52026ae4-243c-4998-a8b4-5c6f161d4f68"
 534 |         },
 535 |         "target": {
 536 |           "id": "9189a3bb-2eda-4819-aada-5da61395e962"
 537 |         }
 538 |       },
 539 |       "bc999319-619a-436f-b136-1a4e78f1a19f": {
 540 |         "source": {
 541 |           "id": "4ea2bcf9-8d10-4d8c-a95c-7c26d34ac218"
 542 |         },
 543 |         "target": {
 544 |           "id": "9189a3bb-2eda-4819-aada-5da61395e962"
 545 |         }
 546 |       },
 547 |       "57e7164b-dba6-4709-b670-2d356a398165": {
 548 |         "source": {
 549 |           "id": "9189a3bb-2eda-4819-aada-5da61395e962"
 550 |         },
 551 |         "target": {
 552 |           "id": "4ea2bcf9-8d10-4d8c-a95c-7c26d34ac218"
 553 |         }
 554 |       },
 555 |       "795f89fd-4b5e-4413-acbe-1fde7101680e": {
 556 |         "size": {
 557 |           "width": 60,
 558 |           "height": 60
 559 |         },
 560 |         "position": {
 561 |           "x": 900,
 562 |           "y": 1110
 563 |         },
 564 |         "z": 1,
 565 |         "embeds": [],
 566 |         "isconnectedto": [
 567 |           "57daeaa5-0b4c-483f-aac5-4e5f3bdc25b8"
 568 |         ],
 569 |         "ismemberof": [
 570 |           "88e3d525-46fb-4b89-8384-31128d6806de",
 571 |           "4da6ce07-f059-4e52-8654-22e92bfbd005",
 572 |           "52026ae4-243c-4998-a8b4-5c6f161d4f68",
 573 |           "4ea2bcf9-8d10-4d8c-a95c-7c26d34ac218",
 574 |           "9189a3bb-2eda-4819-aada-5da61395e962"
 575 |         ]
 576 |       },
 577 |       "7b73d352-5bae-471f-9816-612b45f30448": {
 578 |         "source": {
 579 |           "id": "9189a3bb-2eda-4819-aada-5da61395e962"
 580 |         },
 581 |         "target": {
 582 |           "id": "52026ae4-243c-4998-a8b4-5c6f161d4f68"
 583 |         }
 584 |       },
 585 |       "eda0ab64-70dd-4997-a0a8-31e2fd60bd87": {
 586 |         "source": {
 587 |           "id": "fd313ee3-6bd1-4df4-8012-f4723ad2c159"
 588 |         },
 589 |         "target": {
 590 |           "id": "d5b2427f-2b9a-4f4b-8c23-048ebed12e67"
 591 |         }
 592 |       },
 593 |       "d7aac628-f6ce-4b7f-969a-ef6a21abd09a": {
 594 |         "size": {
 595 |           "width": 60,
 596 |           "height": 60
 597 |         },
 598 |         "position": {
 599 |           "x": 1020,
 600 |           "y": 1110
 601 |         },
 602 |         "z": 1,
 603 |         "embeds": [],
 604 |         "isconnectedto": [
 605 |           "57daeaa5-0b4c-483f-aac5-4e5f3bdc25b8"
 606 |         ],
 607 |         "ismemberof": [
 608 |           "4ea2bcf9-8d10-4d8c-a95c-7c26d34ac218"
 609 |         ],
 610 |         "dependson": [
 611 |           "eda0ab64-70dd-4997-a0a8-31e2fd60bd87"
 612 |         ]
 613 |       },
 614 |       "d6f549af-a2d3-4e97-bd62-23a0464bb518": {
 615 |         "size": {
 616 |           "width": 60,
 617 |           "height": 60
 618 |         },
 619 |         "position": {
 620 |           "x": 510,
 621 |           "y": 510
 622 |         },
 623 |         "z": 3,
 624 |         "parent": "33a2115a-76e8-4187-acb8-dea920b41268",
 625 |         "embeds": [],
 626 |         "references": [
 627 |           "fd313ee3-6bd1-4df4-8012-f4723ad2c159"
 628 |         ],
 629 |         "dependson": [
 630 |           "eda0ab64-70dd-4997-a0a8-31e2fd60bd87"
 631 |         ]
 632 |       },
 633 |       "797f4a42-5c69-4d82-8942-9ff734b3fb82": {
 634 |         "size": {
 635 |           "width": 60,
 636 |           "height": 60
 637 |         },
 638 |         "position": {
 639 |           "x": 510,
 640 |           "y": 210
 641 |         },
 642 |         "z": 3,
 643 |         "parent": "57daeaa5-0b4c-483f-aac5-4e5f3bdc25b8",
 644 |         "embeds": [],
 645 |         "dependson": [
 646 |           "eda0ab64-70dd-4997-a0a8-31e2fd60bd87"
 647 |         ],
 648 |         "isrelatedto": [
 649 |           "52026ae4-243c-4998-a8b4-5c6f161d4f68",
 650 |           "9189a3bb-2eda-4819-aada-5da61395e962",
 651 |           "4da6ce07-f059-4e52-8654-22e92bfbd005"
 652 |         ]
 653 |       },
 654 |       "c56c2962-e923-48c0-9687-aee8014c9528": {
 655 |         "size": {
 656 |           "width": 60,
 657 |           "height": 60
 658 |         },
 659 |         "position": {
 660 |           "x": 1170,
 661 |           "y": 90
 662 |         },
 663 |         "z": 1,
 664 |         "embeds": [],
 665 |         "isconnectedto": [
 666 |           "57daeaa5-0b4c-483f-aac5-4e5f3bdc25b8"
 667 |         ],
 668 |         "ismemberof": [
 669 |           "88e3d525-46fb-4b89-8384-31128d6806de",
 670 |           "4da6ce07-f059-4e52-8654-22e92bfbd005"
 671 |         ],
 672 |         "dependson": [
 673 |           "eda0ab64-70dd-4997-a0a8-31e2fd60bd87"
 674 |         ]
 675 |       },
 676 |       "069de8be-dfa4-43ff-b2bd-04dbba3e66db": {
 677 |         "size": {
 678 |           "width": 60,
 679 |           "height": 60
 680 |         },
 681 |         "position": {
 682 |           "x": 1170,
 683 |           "y": 210
 684 |         },
 685 |         "z": 1,
 686 |         "embeds": [],
 687 |         "ismemberof": [
 688 |           "9189a3bb-2eda-4819-aada-5da61395e962",
 689 |           "4da6ce07-f059-4e52-8654-22e92bfbd005"
 690 |         ],
 691 |         "isrelatedto": [
 692 |           "795f89fd-4b5e-4413-acbe-1fde7101680e",
 693 |           "bfbf5330-8679-42a0-8f75-ba4a51f5ef2c",
 694 |           "d44cb758-3292-4763-a962-7f1ea3c68d96",
 695 |           "0c455641-9cd7-4986-b538-0edd4695595f",
 696 |           "c56c2962-e923-48c0-9687-aee8014c9528",
 697 |           "256ebd61-bd7a-49b2-8820-3f0fd6b5559c"
 698 |         ]
 699 |       },
 700 |       "0d65cfc7-54a5-4eec-86d3-5d2492d226ad": {
 701 |         "size": {
 702 |           "width": 60,
 703 |           "height": 60
 704 |         },
 705 |         "position": {
 706 |           "x": 1170,
 707 |           "y": 330
 708 |         },
 709 |         "z": 1,
 710 |         "embeds": [],
 711 |         "ismemberof": [
 712 |           "52026ae4-243c-4998-a8b4-5c6f161d4f68"
 713 |         ],
 714 |         "isrelatedto": [
 715 |           "795f89fd-4b5e-4413-acbe-1fde7101680e",
 716 |           "bfbf5330-8679-42a0-8f75-ba4a51f5ef2c",
 717 |           "d44cb758-3292-4763-a962-7f1ea3c68d96",
 718 |           "0c455641-9cd7-4986-b538-0edd4695595f",
 719 |           "c56c2962-e923-48c0-9687-aee8014c9528",
 720 |           "bff9717d-8f5d-4c97-b172-ab099c011fdf"
 721 |         ]
 722 |       },
 723 |       "6a519ddf-75c5-430e-8a90-0c25e8ae7c69": {
 724 |         "size": {
 725 |           "width": 60,
 726 |           "height": 60
 727 |         },
 728 |         "position": {
 729 |           "x": 1170,
 730 |           "y": 450
 731 |         },
 732 |         "z": 1,
 733 |         "embeds": [],
 734 |         "ismemberof": [
 735 |           "4ea2bcf9-8d10-4d8c-a95c-7c26d34ac218"
 736 |         ],
 737 |         "isrelatedto": [
 738 |           "795f89fd-4b5e-4413-acbe-1fde7101680e",
 739 |           "bfbf5330-8679-42a0-8f75-ba4a51f5ef2c",
 740 |           "d44cb758-3292-4763-a962-7f1ea3c68d96",
 741 |           "0c455641-9cd7-4986-b538-0edd4695595f",
 742 |           "c56c2962-e923-48c0-9687-aee8014c9528",
 743 |           "bff9717d-8f5d-4c97-b172-ab099c011fdf"
 744 |         ]
 745 |       },
 746 |       "b9812ede-5e7b-4835-bf2d-f39dad166240": {
 747 |         "size": {
 748 |           "width": 60,
 749 |           "height": 60
 750 |         },
 751 |         "position": {
 752 |           "x": 1170,
 753 |           "y": 570
 754 |         },
 755 |         "z": 1,
 756 |         "embeds": [],
 757 |         "isconnectedto": [
 758 |           "57daeaa5-0b4c-483f-aac5-4e5f3bdc25b8",
 759 |           "d7aac628-f6ce-4b7f-969a-ef6a21abd09a"
 760 |         ],
 761 |         "isassociatedwith": [
 762 |           "6a519ddf-75c5-430e-8a90-0c25e8ae7c69"
 763 |         ],
 764 |         "dependson": [
 765 |           "eda0ab64-70dd-4997-a0a8-31e2fd60bd87"
 766 |         ]
 767 |       },
 768 |       "0cb5c123-6bd7-45dd-a4ae-7572a637179c": {
 769 |         "size": {
 770 |           "width": 60,
 771 |           "height": 60
 772 |         },
 773 |         "position": {
 774 |           "x": 1170,
 775 |           "y": 690
 776 |         },
 777 |         "z": 1,
 778 |         "embeds": [],
 779 |         "isconnectedto": [
 780 |           "57daeaa5-0b4c-483f-aac5-4e5f3bdc25b8",
 781 |           "c56c2962-e923-48c0-9687-aee8014c9528",
 782 |           "795f89fd-4b5e-4413-acbe-1fde7101680e"
 783 |         ],
 784 |         "isassociatedwith": [
 785 |           "069de8be-dfa4-43ff-b2bd-04dbba3e66db"
 786 |         ],
 787 |         "dependson": [
 788 |           "eda0ab64-70dd-4997-a0a8-31e2fd60bd87"
 789 |         ]
 790 |       },
 791 |       "dbfc2220-a350-4cef-b15d-0c4bb6089eb3": {
 792 |         "size": {
 793 |           "width": 60,
 794 |           "height": 60
 795 |         },
 796 |         "position": {
 797 |           "x": 810,
 798 |           "y": 210
 799 |         },
 800 |         "z": 3,
 801 |         "parent": "8e56741d-9bf9-4797-9232-44f160a4fbba",
 802 |         "embeds": [],
 803 |         "references": [
 804 |           "797f4a42-5c69-4d82-8942-9ff734b3fb82"
 805 |         ]
 806 |       },
 807 |       "0f8e4454-f877-4695-aa84-a760773aaa9c": {
 808 |         "size": {
 809 |           "width": 150,
 810 |           "height": 150
 811 |         },
 812 |         "position": {
 813 |           "x": 780,
 814 |           "y": 450
 815 |         },
 816 |         "z": 2,
 817 |         "parent": "d5b2427f-2b9a-4f4b-8c23-048ebed12e67",
 818 |         "embeds": [],
 819 |         "dependson": [
 820 |           "d5b2427f-2b9a-4f4b-8c23-048ebed12e67"
 821 |         ]
 822 |       },
 823 |       "af1e9101-ae5a-496f-b84a-f14f181a656c": {
 824 |         "source": {
 825 |           "id": "9b179aeb-9cb0-4e25-b3d5-84af58742c0b"
 826 |         },
 827 |         "target": {
 828 |           "id": "0f8e4454-f877-4695-aa84-a760773aaa9c"
 829 |         }
 830 |       },
 831 |       "b894df83-46b1-45e2-bbae-297330d87d0e": {
 832 |         "size": {
 833 |           "width": 60,
 834 |           "height": 60
 835 |         },
 836 |         "position": {
 837 |           "x": 1170,
 838 |           "y": 810
 839 |         },
 840 |         "z": 1,
 841 |         "embeds": [],
 842 |         "isconnectedto": [
 843 |           "0f8e4454-f877-4695-aa84-a760773aaa9c"
 844 |         ],
 845 |         "isassociatedwith": [
 846 |           "0d65cfc7-54a5-4eec-86d3-5d2492d226ad"
 847 |         ],
 848 |         "dependson": [
 849 |           "eda0ab64-70dd-4997-a0a8-31e2fd60bd87"
 850 |         ]
 851 |       },
 852 |       "5164d08a-5151-4e9b-9a99-171c457b1096": {
 853 |         "size": {
 854 |           "width": 60,
 855 |           "height": 60
 856 |         },
 857 |         "position": {
 858 |           "x": 240,
 859 |           "y": 210
 860 |         },
 861 |         "z": 3,
 862 |         "parent": "62825da7-6349-43c0-ab3b-65daada471ab",
 863 |         "embeds": []
 864 |       },
 865 |       "0bf3a112-20df-405b-b5a5-be693ad04d21": {
 866 |         "source": {
 867 |           "id": "8e56741d-9bf9-4797-9232-44f160a4fbba"
 868 |         },
 869 |         "target": {
 870 |           "id": "0f8e4454-f877-4695-aa84-a760773aaa9c"
 871 |         }
 872 |       }
 873 |     }
 874 |   },
 875 |   "AWSTemplateFormatVersion": "2010-09-09",
 876 |   "Description": "DC/OS AWS CloudFormation Template",
 877 |   "Resources": {
 878 |     "PrivateSubnetRouteTableAssociation": {
 879 |       "Properties": {
 880 |         "RouteTableId": {
 881 |           "Ref": "PrivateRouteTable"
 882 |         },
 883 |         "SubnetId": {
 884 |           "Ref": "PrivateSubnet"
 885 |         }
 886 |       },
 887 |       "Type": "AWS::EC2::SubnetRouteTableAssociation",
 888 |       "Metadata": {
 889 |         "AWS::CloudFormation::Designer": {
 890 |           "id": "0bf3a112-20df-405b-b5a5-be693ad04d21"
 891 |         }
 892 |       }
 893 |     },
 894 |     "PublicSlaveIngressThree": {
 895 |       "Properties": {
 896 |         "IpProtocol": "tcp",
 897 |         "CidrIp": "0.0.0.0/0",
 898 |         "GroupId": {
 899 |           "Ref": "PublicSlaveSecurityGroup"
 900 |         },
 901 |         "FromPort": "5052",
 902 |         "ToPort": "32000"
 903 |       },
 904 |       "Type": "AWS::EC2::SecurityGroupIngress"
 905 |     },
 906 |     "OutboundNetworkAclEntry": {
 907 |       "Properties": {
 908 |         "CidrBlock": "0.0.0.0/0",
 909 |         "RuleNumber": "100",
 910 |         "NetworkAclId": {
 911 |           "Ref": "PublicNetworkAcl"
 912 |         },
 913 |         "Egress": "true",
 914 |         "Protocol": "-1",
 915 |         "RuleAction": "allow",
 916 |         "PortRange": {
 917 |           "From": "0",
 918 |           "To": "65535"
 919 |         }
 920 |       },
 921 |       "Type": "AWS::EC2::NetworkAclEntry",
 922 |       "Metadata": {
 923 |         "AWS::CloudFormation::Designer": {
 924 |           "id": "5164d08a-5151-4e9b-9a99-171c457b1096"
 925 |         }
 926 |       }
 927 |     },
 928 |     "PrivateSubnet": {
 929 |       "Properties": {
 930 |         "VpcId": {
 931 |           "Ref": "Vpc"
 932 |         },
 933 |         "CidrBlock": {
 934 |           "Fn::FindInMap": [
 935 |             "Parameters",
 936 |             "PrivateSubnetRange",
 937 |             "default"
 938 |           ]
 939 |         },
 940 |         "Tags": [
 941 |           {
 942 |             "Value": {
 943 |               "Ref": "AWS::StackName"
 944 |             },
 945 |             "Key": "Application"
 946 |           },
 947 |           {
 948 |             "Value": "Private",
 949 |             "Key": "Network"
 950 |           }
 951 |         ]
 952 |       },
 953 |       "DependsOn": "Vpc",
 954 |       "Type": "AWS::EC2::Subnet",
 955 |       "Metadata": {
 956 |         "AWS::CloudFormation::Designer": {
 957 |           "id": "0f8e4454-f877-4695-aa84-a760773aaa9c"
 958 |         }
 959 |       }
 960 |     },
 961 |     "PrivateRoute": {
 962 |       "Properties": {
 963 |         "DestinationCidrBlock": "0.0.0.0/0",
 964 |         "RouteTableId": {
 965 |           "Ref": "PrivateRouteTable"
 966 |         },
 967 |         "InstanceId": {
 968 |           "Ref": "NATInstance"
 969 |         }
 970 |       },
 971 |       "Type": "AWS::EC2::Route",
 972 |       "Metadata": {
 973 |         "AWS::CloudFormation::Designer": {
 974 |           "id": "dbfc2220-a350-4cef-b15d-0c4bb6089eb3"
 975 |         }
 976 |       }
 977 |     },
 978 |     "ElasticLoadBalancer": {
 979 |       "Properties": {
 980 |         "HealthCheck": {
 981 |           "Target": "TCP:5050",
 982 |           "UnhealthyThreshold": "2",
 983 |           "Timeout": "5",
 984 |           "Interval": "30",
 985 |           "HealthyThreshold": "2"
 986 |         },
 987 |         "SecurityGroups": [
 988 |           {
 989 |             "Ref": "LbSecurityGroup"
 990 |           },
 991 |           {
 992 |             "Ref": "AdminSecurityGroup"
 993 |           }
 994 |         ],
 995 |         "Listeners": [
 996 |           {
 997 |             "LoadBalancerPort": "80",
 998 |             "Protocol": "TCP",
 999 |             "InstanceProtocol": "TCP",
1000 |             "InstancePort": "80"
1001 |           },
1002 |           {
1003 |             "LoadBalancerPort": "443",
1004 |             "Protocol": "TCP",
1005 |             "InstanceProtocol": "TCP",
1006 |             "InstancePort": "443"
1007 |           }
1008 |         ],
1009 |         "Subnets": [
1010 |           {
1011 |             "Ref": "PublicSubnet"
1012 |           }
1013 |         ]
1014 |       },
1015 |       "DependsOn": "GatewayToInternet",
1016 |       "Type": "AWS::ElasticLoadBalancing::LoadBalancer",
1017 |       "Metadata": {
1018 |         "AWS::CloudFormation::Designer": {
1019 |           "id": "c56c2962-e923-48c0-9687-aee8014c9528"
1020 |         }
1021 |       }
1022 |     },
1023 |     "PublicSlaveServerGroup": {
1024 |       "CreationPolicy": {
1025 |         "ResourceSignal": {
1026 |           "Timeout": {
1027 |             "Fn::FindInMap": [
1028 |               "Parameters",
1029 |               "StackCreationTimeout",
1030 |               "default"
1031 |             ]
1032 |           },
1033 |           "Count": {
1034 |             "Ref": "PublicSlaveInstanceCount"
1035 |           }
1036 |         }
1037 |       },
1038 |       "Properties": {
1039 |         "DesiredCapacity": {
1040 |           "Ref": "PublicSlaveInstanceCount"
1041 |         },
1042 |         "LoadBalancerNames": [
1043 |           {
1044 |             "Ref": "PublicSlaveLoadBalancer"
1045 |           }
1046 |         ],
1047 |         "MinSize": {
1048 |           "Ref": "PublicSlaveInstanceCount"
1049 |         },
1050 |         "MaxSize": {
1051 |           "Ref": "PublicSlaveInstanceCount"
1052 |         },
1053 |         "AvailabilityZones": [
1054 |           {
1055 |             "Fn::GetAtt": [
1056 |               "PublicSubnet",
1057 |               "AvailabilityZone"
1058 |             ]
1059 |           }
1060 |         ],
1061 |         "Tags": [
1062 |           {
1063 |             "Value": "mesos-slave",
1064 |             "Key": "role",
1065 |             "PropagateAtLaunch": "true"
1066 |           }
1067 |         ],
1068 |         "LaunchConfigurationName": {
1069 |           "Ref": "PublicSlaveLaunchConfig"
1070 |         },
1071 |         "VPCZoneIdentifier": [
1072 |           {
1073 |             "Ref": "PublicSubnet"
1074 |           }
1075 |         ]
1076 |       },
1077 |       "DependsOn": "GatewayToInternet",
1078 |       "Type": "AWS::AutoScaling::AutoScalingGroup",
1079 |       "Metadata": {
1080 |         "AWS::CloudFormation::Designer": {
1081 |           "id": "b9812ede-5e7b-4835-bf2d-f39dad166240"
1082 |         }
1083 |       }
1084 |     },
1085 |     "PublicSlaveIngressFour": {
1086 |       "Properties": {
1087 |         "IpProtocol": "udp",
1088 |         "CidrIp": "0.0.0.0/0",
1089 |         "GroupId": {
1090 |           "Ref": "PublicSlaveSecurityGroup"
1091 |         },
1092 |         "FromPort": "0",
1093 |         "ToPort": "21"
1094 |       },
1095 |       "Type": "AWS::EC2::SecurityGroupIngress"
1096 |     },
1097 |     "PublicSlaveIngressOne": {
1098 |       "Properties": {
1099 |         "IpProtocol": "tcp",
1100 |         "CidrIp": "0.0.0.0/0",
1101 |         "GroupId": {
1102 |           "Ref": "PublicSlaveSecurityGroup"
1103 |         },
1104 |         "FromPort": "0",
1105 |         "ToPort": "21"
1106 |       },
1107 |       "Type": "AWS::EC2::SecurityGroupIngress"
1108 |     },
1109 |     "GatewayToInternet": {
1110 |       "Properties": {
1111 |         "VpcId": {
1112 |           "Ref": "Vpc"
1113 |         },
1114 |         "InternetGatewayId": {
1115 |           "Ref": "InternetGateway"
1116 |         }
1117 |       },
1118 |       "DependsOn": "InternetGateway",
1119 |       "Type": "AWS::EC2::VPCGatewayAttachment",
1120 |       "Metadata": {
1121 |         "AWS::CloudFormation::Designer": {
1122 |           "id": "eda0ab64-70dd-4997-a0a8-31e2fd60bd87"
1123 |         }
1124 |       }
1125 |     },
1126 |     "NATInstance": {
1127 |       "Properties": {
1128 |         "NetworkInterfaces": [
1129 |           {
1130 |             "DeleteOnTermination": "true",
1131 |             "DeviceIndex": "0",
1132 |             "SubnetId": {
1133 |               "Ref": "PublicSubnet"
1134 |             },
1135 |             "AssociatePublicIpAddress": "true",
1136 |             "GroupSet": [
1137 |               {
1138 |                 "Ref": "SlaveSecurityGroup"
1139 |               },
1140 |               {
1141 |                 "Ref": "MasterSecurityGroup"
1142 |               },
1143 |               {
1144 |                 "Ref": "AdminSecurityGroup"
1145 |               }
1146 |             ]
1147 |           }
1148 |         ],
1149 |         "KeyName": {
1150 |           "Ref": "KeyName"
1151 |         },
1152 |         "InstanceType": "m3.medium",
1153 |         "ImageId": {
1154 |           "Fn::FindInMap": [
1155 |             "NATAmi",
1156 |             {
1157 |               "Ref": "AWS::Region"
1158 |             },
1159 |             "default"
1160 |           ]
1161 |         },
1162 |         "SourceDestCheck": "false"
1163 |       },
1164 |       "DependsOn": "GatewayToInternet",
1165 |       "Type": "AWS::EC2::Instance",
1166 |       "Metadata": {
1167 |         "AWS::CloudFormation::Designer": {
1168 |           "id": "797f4a42-5c69-4d82-8942-9ff734b3fb82"
1169 |         }
1170 |       }
1171 |     },
1172 |     "MasterServerGroup": {
1173 |       "CreationPolicy": {
1174 |         "ResourceSignal": {
1175 |           "Timeout": {
1176 |             "Fn::FindInMap": [
1177 |               "Parameters",
1178 |               "StackCreationTimeout",
1179 |               "default"
1180 |             ]
1181 |           },
1182 |           "Count": 3
1183 |         }
1184 |       },
1185 |       "Properties": {
1186 |         "DesiredCapacity": 3,
1187 |         "LoadBalancerNames": [
1188 |           {
1189 |             "Ref": "ElasticLoadBalancer"
1190 |           },
1191 |           {
1192 |             "Ref": "InternalMasterLoadBalancer"
1193 |           }
1194 |         ],
1195 |         "MinSize": 3,
1196 |         "MaxSize": 3,
1197 |         "AvailabilityZones": [
1198 |           {
1199 |             "Fn::GetAtt": [
1200 |               "PublicSubnet",
1201 |               "AvailabilityZone"
1202 |             ]
1203 |           }
1204 |         ],
1205 |         "Tags": [
1206 |           {
1207 |             "Value": "mesos-master",
1208 |             "Key": "role",
1209 |             "PropagateAtLaunch": "true"
1210 |           }
1211 |         ],
1212 |         "LaunchConfigurationName": {
1213 |           "Ref": "MasterLaunchConfig"
1214 |         },
1215 |         "VPCZoneIdentifier": [
1216 |           {
1217 |             "Ref": "PublicSubnet"
1218 |           }
1219 |         ]
1220 |       },
1221 |       "DependsOn": "GatewayToInternet",
1222 |       "Type": "AWS::AutoScaling::AutoScalingGroup",
1223 |       "Metadata": {
1224 |         "AWS::CloudFormation::Designer": {
1225 |           "id": "0cb5c123-6bd7-45dd-a4ae-7572a637179c"
1226 |         }
1227 |       }
1228 |     },
1229 |     "SlaveToMasterIngress": {
1230 |       "Properties": {
1231 |         "SourceSecurityGroupId": {
1232 |           "Ref": "SlaveSecurityGroup"
1233 |         },
1234 |         "IpProtocol": "-1",
1235 |         "GroupId": {
1236 |           "Ref": "MasterSecurityGroup"
1237 |         },
1238 |         "FromPort": "0",
1239 |         "ToPort": "65535"
1240 |       },
1241 |       "Type": "AWS::EC2::SecurityGroupIngress",
1242 |       "Metadata": {
1243 |         "AWS::CloudFormation::Designer": {
1244 |           "id": "7b73d352-5bae-471f-9816-612b45f30448"
1245 |         }
1246 |       }
1247 |     },
1248 |     "PublicSlaveIngressFive": {
1249 |       "Properties": {
1250 |         "IpProtocol": "udp",
1251 |         "CidrIp": "0.0.0.0/0",
1252 |         "GroupId": {
1253 |           "Ref": "PublicSlaveSecurityGroup"
1254 |         },
1255 |         "FromPort": "23",
1256 |         "ToPort": "5050"
1257 |       },
1258 |       "Type": "AWS::EC2::SecurityGroupIngress"
1259 |     },
1260 |     "PublicSlaveLaunchConfig": {
1261 |       "Properties": {
1262 |         "EbsOptimized": "true",
1263 |         "KeyName": {
1264 |           "Ref": "KeyName"
1265 |         },
1266 |         "SecurityGroups": [
1267 |           {
1268 |             "Ref": "PublicSlaveSecurityGroup"
1269 |           }
1270 |         ],
1271 |         "ImageId": {
1272 |           "Fn::FindInMap": [
1273 |             "RegionToAmi",
1274 |             {
1275 |               "Ref": "AWS::Region"
1276 |             },
1277 |             "stable"
1278 |           ]
1279 |         },
1280 |         "AssociatePublicIpAddress": "true",
1281 |         "UserData": {
1282 |           "Fn::Base64": {
1283 |             "Fn::Join": [
1284 |               "",
1285 |               [
1286 |                 "#cloud-config\n",
1287 |                 "\"coreos\":\n",
1288 |                 "  \"units\":\n",
1289 |                 "  - \"command\": |-\n",
1290 |                 "      start\n",
1291 |                 "    \"content\": |\n",
1292 |                 "      [Unit]\n",
1293 |                 "      Description=AWS Setup: Formats the /var/lib ephemeral drive\n",
1294 |                 "      Before=var-lib.mount dbus.service\n",
1295 |                 "      [Service]\n",
1296 |                 "      Type=oneshot\n",
1297 |                 "      RemainAfterExit=yes\n",
1298 |                 "      ExecStart=/bin/bash -c \"(blkid -t TYPE=ext4 | grep xvdb) || (/usr/sbin/mkfs.ext4 -F /dev/xvdb)\"\n",
1299 |                 "    \"name\": |-\n",
1300 |                 "      format-var-lib-ephemeral.service\n",
1301 |                 "  - \"command\": |-\n",
1302 |                 "      start\n",
1303 |                 "    \"content\": |\n",
1304 |                 "      [Unit]\n",
1305 |                 "      Description=AWS Setup: Mount /var/lib\n",
1306 |                 "      Before=dbus.service\n",
1307 |                 "      [Mount]\n",
1308 |                 "      What=/dev/xvdb\n",
1309 |                 "      Where=/var/lib\n",
1310 |                 "      Type=ext4\n",
1311 |                 "    \"name\": |-\n",
1312 |                 "      var-lib.mount\n",
1313 |                 "  - \"command\": |-\n",
1314 |                 "      stop\n",
1315 |                 "    \"mask\": !!bool |-\n",
1316 |                 "      true\n",
1317 |                 "    \"name\": |-\n",
1318 |                 "      etcd.service\n",
1319 |                 "  - \"command\": |-\n",
1320 |                 "      stop\n",
1321 |                 "    \"mask\": !!bool |-\n",
1322 |                 "      true\n",
1323 |                 "    \"name\": |-\n",
1324 |                 "      update-engine.service\n",
1325 |                 "  - \"command\": |-\n",
1326 |                 "      stop\n",
1327 |                 "    \"mask\": !!bool |-\n",
1328 |                 "      true\n",
1329 |                 "    \"name\": |-\n",
1330 |                 "      locksmithd.service\n",
1331 |                 "  - \"command\": |-\n",
1332 |                 "      stop\n",
1333 |                 "    \"name\": |-\n",
1334 |                 "      systemd-resolved.service\n",
1335 |                 "  - \"command\": |-\n",
1336 |                 "      restart\n",
1337 |                 "    \"name\": |-\n",
1338 |                 "      systemd-journald.service\n",
1339 |                 "  - \"command\": |-\n",
1340 |                 "      restart\n",
1341 |                 "    \"name\": |-\n",
1342 |                 "      docker.service\n",
1343 |                 "  - \"command\": |-\n",
1344 |                 "      start\n",
1345 |                 "    \"content\": |\n",
1346 |                 "      [Unit]\n",
1347 |                 "      Before=dcos.target\n",
1348 |                 "      [Service]\n",
1349 |                 "      Type=oneshot\n",
1350 |                 "      StandardOutput=journal+console\n",
1351 |                 "      StandardError=journal+console\n",
1352 |                 "      ExecStartPre=/usr/bin/mkdir -p /etc/profile.d\n",
1353 |                 "      ExecStart=/usr/bin/ln -sf /opt/mesosphere/environment.export /etc/profile.d/dcos.sh\n",
1354 |                 "    \"name\": |-\n",
1355 |                 "      dcos-link-env.service\n",
1356 |                 "  - \"content\": |\n",
1357 |                 "      [Unit]\n",
1358 |                 "      Description=Pkgpanda: Download DC/OS to this host.\n",
1359 |                 "      After=network-online.target\n",
1360 |                 "      Wants=network-online.target\n",
1361 |                 "      ConditionPathExists=!/opt/mesosphere/\n",
1362 |                 "      [Service]\n",
1363 |                 "      Type=oneshot\n",
1364 |                 "      StandardOutput=journal+console\n",
1365 |                 "      StandardError=journal+console\n",
1366 |                 "      ExecStartPre=/usr/bin/curl --keepalive-time 2 -fLsSv --retry 20 -Y 100000 -y 60 -o /tmp/bootstrap.tar.xz https://downloads.dcos.io/dcos/stable/bootstrap/e73ba2b1cd17795e4dcb3d6647d11a29b9c35084.bootstrap.tar.xz\n",
1367 |                 "      ExecStartPre=/usr/bin/mkdir -p /opt/mesosphere\n",
1368 |                 "      ExecStart=/usr/bin/tar -axf /tmp/bootstrap.tar.xz -C /opt/mesosphere\n",
1369 |                 "      ExecStartPost=-/usr/bin/rm -f /tmp/bootstrap.tar.xz\n",
1370 |                 "    \"name\": |-\n",
1371 |                 "      dcos-download.service\n",
1372 |                 "  - \"command\": |-\n",
1373 |                 "      start\n",
1374 |                 "    \"content\": |\n",
1375 |                 "      [Unit]\n",
1376 |                 "      Description=Pkgpanda: Specialize DC/OS for this host.\n",
1377 |                 "      Requires=dcos-download.service\n",
1378 |                 "      After=dcos-download.service\n",
1379 |                 "      [Service]\n",
1380 |                 "      Type=oneshot\n",
1381 |                 "      StandardOutput=journal+console\n",
1382 |                 "      StandardError=journal+console\n",
1383 |                 "      EnvironmentFile=/opt/mesosphere/environment\n",
1384 |                 "      ExecStart=/opt/mesosphere/bin/pkgpanda setup --no-block-systemd\n",
1385 |                 "      [Install]\n",
1386 |                 "      WantedBy=multi-user.target\n",
1387 |                 "    \"enable\": !!bool |-\n",
1388 |                 "      true\n",
1389 |                 "    \"name\": |-\n",
1390 |                 "      dcos-setup.service\n",
1391 |                 "    \"no_block\": !!bool |-\n",
1392 |                 "      true\n",
1393 |                 "  - \"command\": |-\n",
1394 |                 "      start\n",
1395 |                 "    \"content\": |-\n",
1396 |                 "      [Unit]\n",
1397 |                 "      Description=AWS Setup: Signal CloudFormation Success\n",
1398 |                 "      ConditionPathExists=!/var/lib/dcos-cfn-signal\n",
1399 |                 "      [Service]\n",
1400 |                 "      Type=simple\n",
1401 |                 "      Restart=on-failure\n",
1402 |                 "      StartLimitInterval=0\n",
1403 |                 "      RestartSec=15s\n",
1404 |                 "      EnvironmentFile=/opt/mesosphere/environment\n",
1405 |                 "      EnvironmentFile=/opt/mesosphere/etc/cfn_signal_metadata\n",
1406 |                 "      Environment=\"AWS_CFN_SIGNAL_THIS_RESOURCE=PublicSlaveServerGroup\"\n",
1407 |                 "      ExecStartPre=/bin/ping -c1 leader.mesos\n",
1408 |                 "      ExecStartPre=/opt/mesosphere/bin/cfn-signal\n",
1409 |                 "      ExecStart=/usr/bin/touch /var/lib/dcos-cfn-signal\n",
1410 |                 "    \"name\": |-\n",
1411 |                 "      dcos-cfn-signal.service\n",
1412 |                 "    \"no_block\": !!bool |-\n",
1413 |                 "      true\n",
1414 |                 "  \"update\":\n",
1415 |                 "    \"reboot-strategy\": |-\n",
1416 |                 "      off\n",
1417 |                 "\"write_files\":\n",
1418 |                 "- \"content\": |\n",
1419 |                 "    https://downloads.dcos.io/dcos/stable\n",
1420 |                 "  \"owner\": |-\n",
1421 |                 "    root\n",
1422 |                 "  \"path\": |-\n",
1423 |                 "    /etc/mesosphere/setup-flags/repository-url\n",
1424 |                 "  \"permissions\": |-\n",
1425 |                 "    0644\n",
1426 |                 "- \"content\": |\n",
1427 |                 "    [\"dcos-config--setup_500d179ba527f84b6fdf5fb37d53631249fc123e\", \"dcos-metadata--setup_500d179ba527f84b6fdf5fb37d53631249fc123e\"]\n",
1428 |                 "  \"owner\": |-\n",
1429 |                 "    root\n",
1430 |                 "  \"path\": |-\n",
1431 |                 "    /etc/mesosphere/setup-flags/cluster-packages.json\n",
1432 |                 "  \"permissions\": |-\n",
1433 |                 "    0644\n",
1434 |                 "- \"content\": |\n",
1435 |                 "    [Journal]\n",
1436 |                 "    MaxLevelConsole=warning\n",
1437 |                 "    RateLimitInterval=1s\n",
1438 |                 "    RateLimitBurst=20000\n",
1439 |                 "  \"owner\": |-\n",
1440 |                 "    root\n",
1441 |                 "  \"path\": |-\n",
1442 |                 "    /etc/systemd/journald.conf.d/dcos.conf\n",
1443 |                 "  \"permissions\": |-\n",
1444 |                 "    0644\n",
1445 |                 "- \"content\": |\n",
1446 |                 "    rexray:\n",
1447 |                 "      loglevel: info\n",
1448 |                 "      modules:\n",
1449 |                 "        default-admin:\n",
1450 |                 "          host: tcp://127.0.0.1:61003\n",
1451 |                 "      storageDrivers:\n",
1452 |                 "      - ec2\n",
1453 |                 "      volume:\n",
1454 |                 "        unmount:\n",
1455 |                 "          ignoreusedcount: true\n",
1456 |                 "  \"path\": |-\n",
1457 |                 "    /etc/rexray/config.yml\n",
1458 |                 "  \"permissions\": |-\n",
1459 |                 "    0644\n",
1460 |                 "- \"content\": |\n",
1461 |                 "    MESOS_CLUSTER=",
1462 |                 {
1463 |                   "Ref": "AWS::StackName"
1464 |                 },
1465 |                 "",
1466 |                 "\n",
1467 |                 "  \"path\": |-\n",
1468 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/mesos-master-provider\n",
1469 |                 "- \"content\": |\n",
1470 |                 "    ADMINROUTER_ACTIVATE_AUTH_MODULE=",
1471 |                 {
1472 |                   "Ref": "OAuthEnabled"
1473 |                 },
1474 |                 "",
1475 |                 "\n",
1476 |                 "  \"path\": |-\n",
1477 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/adminrouter.env\n",
1478 |                 "- \"content\": |\n",
1479 |                 "    MASTER_SOURCE=exhibitor_uri\n",
1480 |                 "    EXHIBITOR_URI=http://",
1481 |                 {
1482 |                   "Fn::GetAtt": [
1483 |                     "InternalMasterLoadBalancer",
1484 |                     "DNSName"
1485 |                   ]
1486 |                 },
1487 |                 ":8181/exhibitor/v1/cluster/status",
1488 |                 "\n",
1489 |                 "    EXHIBITOR_ADDRESS=",
1490 |                 {
1491 |                   "Fn::GetAtt": [
1492 |                     "InternalMasterLoadBalancer",
1493 |                     "DNSName"
1494 |                   ]
1495 |                 },
1496 |                 "",
1497 |                 "\n",
1498 |                 "    RESOLVERS=169.254.169.253\n",
1499 |                 "  \"path\": |-\n",
1500 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/dns_config\n",
1501 |                 "- \"content\": |\n",
1502 |                 "    EXHIBITOR_BACKEND=AWS_S3\n",
1503 |                 "    AWS_REGION=",
1504 |                 {
1505 |                   "Ref": "AWS::Region"
1506 |                 },
1507 |                 "",
1508 |                 "\n",
1509 |                 "    AWS_S3_BUCKET=",
1510 |                 {
1511 |                   "Ref": "ExhibitorS3Bucket"
1512 |                 },
1513 |                 "",
1514 |                 "\n",
1515 |                 "    AWS_S3_PREFIX=",
1516 |                 {
1517 |                   "Ref": "AWS::StackName"
1518 |                 },
1519 |                 "",
1520 |                 "\n",
1521 |                 "  \"path\": |-\n",
1522 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/exhibitor\n",
1523 |                 "- \"content\": |\n",
1524 |                 "    {\"uiConfiguration\":{\"plugins\":{\"banner\":{\"enabled\":false,\"backgroundColor\":\"#1E232F\",\"foregroundColor\":\"#FFFFFF\",\"headerTitle\":null,\"headerContent\":null,\"footerContent\":null,\"imagePath\":null,\"dismissible\":null},\"branding\":{\"enabled\":false},\"external-links\": {\"enabled\": false},\n",
1525 |                 "\n",
1526 |                 "    \"authentication\":{\"enabled\":false},\n",
1527 |                 "\n",
1528 |                 "    \"oauth\":{\"enabled\":",
1529 |                 {
1530 |                   "Ref": "OAuthEnabled"
1531 |                 },
1532 |                 ",\"authHost\":\"https://dcos.auth0.com\"},",
1533 |                 "\n",
1534 |                 "\n",
1535 |                 "\n",
1536 |                 "    \"tracking\":{\"enabled\":true}}}}\n",
1537 |                 "  \"path\": |-\n",
1538 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/ui-config.json\n",
1539 |                 "- \"content\": |\n",
1540 |                 "    AWS_REGION=",
1541 |                 {
1542 |                   "Ref": "AWS::Region"
1543 |                 },
1544 |                 "",
1545 |                 "\n",
1546 |                 "    AWS_STACK_ID=",
1547 |                 {
1548 |                   "Ref": "AWS::StackId"
1549 |                 },
1550 |                 "",
1551 |                 "\n",
1552 |                 "    AWS_STACK_NAME=",
1553 |                 {
1554 |                   "Ref": "AWS::StackName"
1555 |                 },
1556 |                 "",
1557 |                 "\n",
1558 |                 "    AWS_IAM_MASTER_ROLE_NAME=",
1559 |                 {
1560 |                   "Ref": "MasterRole"
1561 |                 },
1562 |                 "",
1563 |                 "\n",
1564 |                 "    AWS_IAM_SLAVE_ROLE_NAME=",
1565 |                 {
1566 |                   "Ref": "SlaveRole"
1567 |                 },
1568 |                 "",
1569 |                 "\n",
1570 |                 "  \"path\": |-\n",
1571 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/cfn_signal_metadata\n",
1572 |                 "- \"content\": |\n",
1573 |                 "    INTERNAL_MASTER_LB_DNSNAME=",
1574 |                 {
1575 |                   "Fn::GetAtt": [
1576 |                     "InternalMasterLoadBalancer",
1577 |                     "DNSName"
1578 |                   ]
1579 |                 },
1580 |                 "",
1581 |                 "\n",
1582 |                 "    MASTER_LB_DNSNAME=",
1583 |                 {
1584 |                   "Fn::GetAtt": [
1585 |                     "ElasticLoadBalancer",
1586 |                     "DNSName"
1587 |                   ]
1588 |                 },
1589 |                 "",
1590 |                 "\n",
1591 |                 "  \"path\": |-\n",
1592 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/aws_dnsnames\n",
1593 |                 "- \"content\": |-\n",
1594 |                 "    {}\n",
1595 |                 "  \"path\": |-\n",
1596 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/pkginfo.json\n",
1597 |                 "- \"content\": \"\"\n",
1598 |                 "  \"path\": |-\n",
1599 |                 "    /etc/mesosphere/roles/slave_public\n",
1600 |                 "- \"content\": \"\"\n",
1601 |                 "  \"path\": |-\n",
1602 |                 "    /etc/mesosphere/roles/aws\n"
1603 |               ]
1604 |             ]
1605 |           }
1606 |         },
1607 |         "BlockDeviceMappings": [
1608 |           {
1609 |             "VirtualName": "ephemeral0",
1610 |             "DeviceName": "/dev/sdb"
1611 |           }
1612 |         ],
1613 |         "InstanceType": {
1614 |           "Fn::FindInMap": [
1615 |             "Parameters",
1616 |             "PublicSlaveInstanceType",
1617 |             "default"
1618 |           ]
1619 |         },
1620 |         "IamInstanceProfile": {
1621 |           "Ref": "SlaveInstanceProfile"
1622 |         }
1623 |       },
1624 |       "Type": "AWS::AutoScaling::LaunchConfiguration",
1625 |       "Metadata": {
1626 |         "AWS::CloudFormation::Designer": {
1627 |           "id": "6a519ddf-75c5-430e-8a90-0c25e8ae7c69"
1628 |         }
1629 |       }
1630 |     },
1631 |     "MasterSecurityGroup": {
1632 |       "Properties": {
1633 |         "VpcId": {
1634 |           "Ref": "Vpc"
1635 |         },
1636 |         "GroupDescription": "Mesos Masters",
1637 |         "SecurityGroupIngress": [
1638 |           {
1639 |             "IpProtocol": "tcp",
1640 |             "SourceSecurityGroupId": {
1641 |               "Ref": "LbSecurityGroup"
1642 |             },
1643 |             "FromPort": "5050",
1644 |             "ToPort": "5050"
1645 |           },
1646 |           {
1647 |             "IpProtocol": "tcp",
1648 |             "SourceSecurityGroupId": {
1649 |               "Ref": "LbSecurityGroup"
1650 |             },
1651 |             "FromPort": "80",
1652 |             "ToPort": "80"
1653 |           },
1654 |           {
1655 |             "IpProtocol": "tcp",
1656 |             "SourceSecurityGroupId": {
1657 |               "Ref": "LbSecurityGroup"
1658 |             },
1659 |             "FromPort": "443",
1660 |             "ToPort": "443"
1661 |           },
1662 |           {
1663 |             "IpProtocol": "tcp",
1664 |             "SourceSecurityGroupId": {
1665 |               "Ref": "LbSecurityGroup"
1666 |             },
1667 |             "FromPort": "8080",
1668 |             "ToPort": "8080"
1669 |           },
1670 |           {
1671 |             "IpProtocol": "tcp",
1672 |             "SourceSecurityGroupId": {
1673 |               "Ref": "LbSecurityGroup"
1674 |             },
1675 |             "FromPort": "8181",
1676 |             "ToPort": "8181"
1677 |           },
1678 |           {
1679 |             "IpProtocol": "tcp",
1680 |             "SourceSecurityGroupId": {
1681 |               "Ref": "LbSecurityGroup"
1682 |             },
1683 |             "FromPort": "2181",
1684 |             "ToPort": "2181"
1685 |           }
1686 |         ]
1687 |       },
1688 |       "Type": "AWS::EC2::SecurityGroup",
1689 |       "Metadata": {
1690 |         "AWS::CloudFormation::Designer": {
1691 |           "id": "9189a3bb-2eda-4819-aada-5da61395e962"
1692 |         }
1693 |       }
1694 |     },
1695 |     "PublicSubnetNetworkAclAssociation": {
1696 |       "Properties": {
1697 |         "SubnetId": {
1698 |           "Ref": "PublicSubnet"
1699 |         },
1700 |         "NetworkAclId": {
1701 |           "Ref": "PublicNetworkAcl"
1702 |         }
1703 |       },
1704 |       "Type": "AWS::EC2::SubnetNetworkAclAssociation",
1705 |       "Metadata": {
1706 |         "AWS::CloudFormation::Designer": {
1707 |           "id": "f54e7542-cfe6-4668-b9d6-7fe6173c93c8"
1708 |         }
1709 |       }
1710 |     },
1711 |     "InternalMasterLoadBalancer": {
1712 |       "Properties": {
1713 |         "HealthCheck": {
1714 |           "Target": "TCP:5050",
1715 |           "UnhealthyThreshold": "2",
1716 |           "Timeout": "5",
1717 |           "Interval": "30",
1718 |           "HealthyThreshold": "2"
1719 |         },
1720 |         "Scheme": "internal",
1721 |         "SecurityGroups": [
1722 |           {
1723 |             "Ref": "LbSecurityGroup"
1724 |           },
1725 |           {
1726 |             "Ref": "AdminSecurityGroup"
1727 |           },
1728 |           {
1729 |             "Ref": "SlaveSecurityGroup"
1730 |           },
1731 |           {
1732 |             "Ref": "PublicSlaveSecurityGroup"
1733 |           },
1734 |           {
1735 |             "Ref": "MasterSecurityGroup"
1736 |           }
1737 |         ],
1738 |         "Listeners": [
1739 |           {
1740 |             "LoadBalancerPort": "5050",
1741 |             "Protocol": "HTTP",
1742 |             "InstanceProtocol": "HTTP",
1743 |             "InstancePort": "5050"
1744 |           },
1745 |           {
1746 |             "LoadBalancerPort": "2181",
1747 |             "Protocol": "TCP",
1748 |             "InstanceProtocol": "TCP",
1749 |             "InstancePort": "2181"
1750 |           },
1751 |           {
1752 |             "LoadBalancerPort": "8181",
1753 |             "Protocol": "HTTP",
1754 |             "InstanceProtocol": "HTTP",
1755 |             "InstancePort": "8181"
1756 |           },
1757 |           {
1758 |             "LoadBalancerPort": "80",
1759 |             "Protocol": "TCP",
1760 |             "InstanceProtocol": "TCP",
1761 |             "InstancePort": "80"
1762 |           },
1763 |           {
1764 |             "LoadBalancerPort": "443",
1765 |             "Protocol": "TCP",
1766 |             "InstanceProtocol": "TCP",
1767 |             "InstancePort": "443"
1768 |           },
1769 |           {
1770 |             "LoadBalancerPort": "8080",
1771 |             "Protocol": "HTTP",
1772 |             "InstanceProtocol": "HTTP",
1773 |             "InstancePort": "8080"
1774 |           }
1775 |         ],
1776 |         "Subnets": [
1777 |           {
1778 |             "Ref": "PublicSubnet"
1779 |           }
1780 |         ]
1781 |       },
1782 |       "Type": "AWS::ElasticLoadBalancing::LoadBalancer",
1783 |       "Metadata": {
1784 |         "AWS::CloudFormation::Designer": {
1785 |           "id": "795f89fd-4b5e-4413-acbe-1fde7101680e"
1786 |         }
1787 |       }
1788 |     },
1789 |     "PublicSlaveToMasterIngress": {
1790 |       "Properties": {
1791 |         "SourceSecurityGroupId": {
1792 |           "Ref": "PublicSlaveSecurityGroup"
1793 |         },
1794 |         "IpProtocol": "-1",
1795 |         "GroupId": {
1796 |           "Ref": "MasterSecurityGroup"
1797 |         },
1798 |         "FromPort": "0",
1799 |         "ToPort": "65535"
1800 |       },
1801 |       "Type": "AWS::EC2::SecurityGroupIngress",
1802 |       "Metadata": {
1803 |         "AWS::CloudFormation::Designer": {
1804 |           "id": "57e7164b-dba6-4709-b670-2d356a398165"
1805 |         }
1806 |       }
1807 |     },
1808 |     "SlaveServerGroup": {
1809 |       "CreationPolicy": {
1810 |         "ResourceSignal": {
1811 |           "Timeout": {
1812 |             "Fn::FindInMap": [
1813 |               "Parameters",
1814 |               "StackCreationTimeout",
1815 |               "default"
1816 |             ]
1817 |           },
1818 |           "Count": {
1819 |             "Ref": "SlaveInstanceCount"
1820 |           }
1821 |         }
1822 |       },
1823 |       "Properties": {
1824 |         "DesiredCapacity": {
1825 |           "Ref": "SlaveInstanceCount"
1826 |         },
1827 |         "MinSize": {
1828 |           "Ref": "SlaveInstanceCount"
1829 |         },
1830 |         "MaxSize": {
1831 |           "Ref": "SlaveInstanceCount"
1832 |         },
1833 |         "AvailabilityZones": [
1834 |           {
1835 |             "Fn::GetAtt": [
1836 |               "PrivateSubnet",
1837 |               "AvailabilityZone"
1838 |             ]
1839 |           }
1840 |         ],
1841 |         "Tags": [
1842 |           {
1843 |             "Value": "mesos-slave",
1844 |             "Key": "role",
1845 |             "PropagateAtLaunch": "true"
1846 |           }
1847 |         ],
1848 |         "LaunchConfigurationName": {
1849 |           "Ref": "SlaveLaunchConfig"
1850 |         },
1851 |         "VPCZoneIdentifier": [
1852 |           {
1853 |             "Ref": "PrivateSubnet"
1854 |           }
1855 |         ]
1856 |       },
1857 |       "DependsOn": "GatewayToInternet",
1858 |       "Type": "AWS::AutoScaling::AutoScalingGroup",
1859 |       "Metadata": {
1860 |         "AWS::CloudFormation::Designer": {
1861 |           "id": "b894df83-46b1-45e2-bbae-297330d87d0e"
1862 |         }
1863 |       }
1864 |     },
1865 |     "PublicNetworkAcl": {
1866 |       "Properties": {
1867 |         "VpcId": {
1868 |           "Ref": "Vpc"
1869 |         },
1870 |         "Tags": [
1871 |           {
1872 |             "Value": {
1873 |               "Ref": "AWS::StackName"
1874 |             },
1875 |             "Key": "Application"
1876 |           },
1877 |           {
1878 |             "Value": "Public",
1879 |             "Key": "Network"
1880 |           }
1881 |         ]
1882 |       },
1883 |       "Type": "AWS::EC2::NetworkAcl",
1884 |       "Metadata": {
1885 |         "AWS::CloudFormation::Designer": {
1886 |           "id": "62825da7-6349-43c0-ab3b-65daada471ab"
1887 |         }
1888 |       }
1889 |     },
1890 |     "PrivateNetworkAcl": {
1891 |       "Properties": {
1892 |         "VpcId": {
1893 |           "Ref": "Vpc"
1894 |         },
1895 |         "Tags": [
1896 |           {
1897 |             "Value": {
1898 |               "Ref": "AWS::StackName"
1899 |             },
1900 |             "Key": "Application"
1901 |           },
1902 |           {
1903 |             "Value": "Public",
1904 |             "Key": "Network"
1905 |           }
1906 |         ]
1907 |       },
1908 |       "Type": "AWS::EC2::NetworkAcl",
1909 |       "Metadata": {
1910 |         "AWS::CloudFormation::Designer": {
1911 |           "id": "9b179aeb-9cb0-4e25-b3d5-84af58742c0b"
1912 |         }
1913 |       }
1914 |     },
1915 |     "PrivateSubnetNetworkAclAssociation": {
1916 |       "Properties": {
1917 |         "SubnetId": {
1918 |           "Ref": "PrivateSubnet"
1919 |         },
1920 |         "NetworkAclId": {
1921 |           "Ref": "PrivateNetworkAcl"
1922 |         }
1923 |       },
1924 |       "Type": "AWS::EC2::SubnetNetworkAclAssociation",
1925 |       "Metadata": {
1926 |         "AWS::CloudFormation::Designer": {
1927 |           "id": "af1e9101-ae5a-496f-b84a-f14f181a656c"
1928 |         }
1929 |       }
1930 |     },
1931 |     "InboundNetworkAclEntry": {
1932 |       "Properties": {
1933 |         "CidrBlock": "0.0.0.0/0",
1934 |         "RuleNumber": "100",
1935 |         "NetworkAclId": {
1936 |           "Ref": "PublicNetworkAcl"
1937 |         },
1938 |         "Egress": "false",
1939 |         "Protocol": "-1",
1940 |         "RuleAction": "allow",
1941 |         "PortRange": {
1942 |           "From": "0",
1943 |           "To": "65535"
1944 |         }
1945 |       },
1946 |       "Type": "AWS::EC2::NetworkAclEntry",
1947 |       "Metadata": {
1948 |         "AWS::CloudFormation::Designer": {
1949 |           "id": "af335664-a760-45fe-84f4-1946b6e394bf"
1950 |         }
1951 |       }
1952 |     },
1953 |     "PublicSubnet": {
1954 |       "Properties": {
1955 |         "VpcId": {
1956 |           "Ref": "Vpc"
1957 |         },
1958 |         "CidrBlock": {
1959 |           "Fn::FindInMap": [
1960 |             "Parameters",
1961 |             "PublicSubnetRange",
1962 |             "default"
1963 |           ]
1964 |         },
1965 |         "Tags": [
1966 |           {
1967 |             "Value": {
1968 |               "Ref": "AWS::StackName"
1969 |             },
1970 |             "Key": "Application"
1971 |           },
1972 |           {
1973 |             "Value": "Public",
1974 |             "Key": "Network"
1975 |           }
1976 |         ]
1977 |       },
1978 |       "DependsOn": "Vpc",
1979 |       "Type": "AWS::EC2::Subnet",
1980 |       "Metadata": {
1981 |         "AWS::CloudFormation::Designer": {
1982 |           "id": "57daeaa5-0b4c-483f-aac5-4e5f3bdc25b8"
1983 |         }
1984 |       }
1985 |     },
1986 |     "AdminSecurityGroup": {
1987 |       "Properties": {
1988 |         "VpcId": {
1989 |           "Ref": "Vpc"
1990 |         },
1991 |         "GroupDescription": "Enable admin access to servers",
1992 |         "SecurityGroupIngress": [
1993 |           {
1994 |             "IpProtocol": "tcp",
1995 |             "CidrIp": {
1996 |               "Ref": "AdminLocation"
1997 |             },
1998 |             "FromPort": "22",
1999 |             "ToPort": "22"
2000 |           },
2001 |           {
2002 |             "IpProtocol": "tcp",
2003 |             "CidrIp": {
2004 |               "Ref": "AdminLocation"
2005 |             },
2006 |             "FromPort": "80",
2007 |             "ToPort": "80"
2008 |           },
2009 |           {
2010 |             "IpProtocol": "tcp",
2011 |             "CidrIp": {
2012 |               "Ref": "AdminLocation"
2013 |             },
2014 |             "FromPort": "443",
2015 |             "ToPort": "443"
2016 |           }
2017 |         ]
2018 |       },
2019 |       "Type": "AWS::EC2::SecurityGroup",
2020 |       "Metadata": {
2021 |         "AWS::CloudFormation::Designer": {
2022 |           "id": "4da6ce07-f059-4e52-8654-22e92bfbd005"
2023 |         }
2024 |       }
2025 |     },
2026 |     "PublicRoute": {
2027 |       "Properties": {
2028 |         "DestinationCidrBlock": "0.0.0.0/0",
2029 |         "RouteTableId": {
2030 |           "Ref": "PublicRouteTable"
2031 |         },
2032 |         "GatewayId": {
2033 |           "Ref": "InternetGateway"
2034 |         }
2035 |       },
2036 |       "DependsOn": "GatewayToInternet",
2037 |       "Type": "AWS::EC2::Route",
2038 |       "Metadata": {
2039 |         "AWS::CloudFormation::Designer": {
2040 |           "id": "d6f549af-a2d3-4e97-bd62-23a0464bb518"
2041 |         }
2042 |       }
2043 |     },
2044 |     "SlaveToMasterLBIngress": {
2045 |       "Properties": {
2046 |         "SourceSecurityGroupId": {
2047 |           "Ref": "SlaveSecurityGroup"
2048 |         },
2049 |         "IpProtocol": "tcp",
2050 |         "GroupId": {
2051 |           "Ref": "LbSecurityGroup"
2052 |         },
2053 |         "FromPort": "2181",
2054 |         "ToPort": "2181"
2055 |       },
2056 |       "Type": "AWS::EC2::SecurityGroupIngress",
2057 |       "Metadata": {
2058 |         "AWS::CloudFormation::Designer": {
2059 |           "id": "baffbc7e-9a8c-43ad-81e5-c461e434dc2f"
2060 |         }
2061 |       }
2062 |     },
2063 |     "SlaveToSlaveIngress": {
2064 |       "Properties": {
2065 |         "SourceSecurityGroupId": {
2066 |           "Ref": "SlaveSecurityGroup"
2067 |         },
2068 |         "IpProtocol": "-1",
2069 |         "GroupId": {
2070 |           "Ref": "SlaveSecurityGroup"
2071 |         },
2072 |         "FromPort": "0",
2073 |         "ToPort": "65535"
2074 |       },
2075 |       "Type": "AWS::EC2::SecurityGroupIngress"
2076 |     },
2077 |     "PublicRouteTable": {
2078 |       "Properties": {
2079 |         "VpcId": {
2080 |           "Ref": "Vpc"
2081 |         },
2082 |         "Tags": [
2083 |           {
2084 |             "Value": {
2085 |               "Ref": "AWS::StackName"
2086 |             },
2087 |             "Key": "Application"
2088 |           },
2089 |           {
2090 |             "Value": "Public",
2091 |             "Key": "Network"
2092 |           }
2093 |         ]
2094 |       },
2095 |       "DependsOn": "Vpc",
2096 |       "Type": "AWS::EC2::RouteTable",
2097 |       "Metadata": {
2098 |         "AWS::CloudFormation::Designer": {
2099 |           "id": "33a2115a-76e8-4187-acb8-dea920b41268"
2100 |         }
2101 |       }
2102 |     },
2103 |     "SlaveInstanceProfile": {
2104 |       "Properties": {
2105 |         "Roles": [
2106 |           {
2107 |             "Ref": "SlaveRole"
2108 |           }
2109 |         ],
2110 |         "Path": "/"
2111 |       },
2112 |       "Type": "AWS::IAM::InstanceProfile",
2113 |       "Metadata": {
2114 |         "AWS::CloudFormation::Designer": {
2115 |           "id": "bff9717d-8f5d-4c97-b172-ab099c011fdf"
2116 |         }
2117 |       }
2118 |     },
2119 |     "PublicSlaveToPublicSlaveIngress": {
2120 |       "Properties": {
2121 |         "SourceSecurityGroupId": {
2122 |           "Ref": "PublicSlaveSecurityGroup"
2123 |         },
2124 |         "IpProtocol": "-1",
2125 |         "GroupId": {
2126 |           "Ref": "PublicSlaveSecurityGroup"
2127 |         },
2128 |         "FromPort": "0",
2129 |         "ToPort": "65535"
2130 |       },
2131 |       "Type": "AWS::EC2::SecurityGroupIngress"
2132 |     },
2133 |     "PublicSlaveIngressSix": {
2134 |       "Properties": {
2135 |         "IpProtocol": "udp",
2136 |         "CidrIp": "0.0.0.0/0",
2137 |         "GroupId": {
2138 |           "Ref": "PublicSlaveSecurityGroup"
2139 |         },
2140 |         "FromPort": "5052",
2141 |         "ToPort": "32000"
2142 |       },
2143 |       "Type": "AWS::EC2::SecurityGroupIngress"
2144 |     },
2145 |     "SlaveSecurityGroup": {
2146 |       "Properties": {
2147 |         "VpcId": {
2148 |           "Ref": "Vpc"
2149 |         },
2150 |         "GroupDescription": "Mesos Slaves"
2151 |       },
2152 |       "Type": "AWS::EC2::SecurityGroup",
2153 |       "Metadata": {
2154 |         "AWS::CloudFormation::Designer": {
2155 |           "id": "52026ae4-243c-4998-a8b4-5c6f161d4f68"
2156 |         }
2157 |       }
2158 |     },
2159 |     "ExhibitorS3Bucket": {
2160 |       "DeletionPolicy": "Retain",
2161 |       "Type": "AWS::S3::Bucket",
2162 |       "Metadata": {
2163 |         "AWS::CloudFormation::Designer": {
2164 |           "id": "bfbf5330-8679-42a0-8f75-ba4a51f5ef2c"
2165 |         }
2166 |       }
2167 |     },
2168 |     "VPCDHCPOptionsAssociation": {
2169 |       "Properties": {
2170 |         "VpcId": {
2171 |           "Ref": "Vpc"
2172 |         },
2173 |         "DhcpOptionsId": {
2174 |           "Ref": "DHCPOptions"
2175 |         }
2176 |       },
2177 |       "DependsOn": "Vpc",
2178 |       "Type": "AWS::EC2::VPCDHCPOptionsAssociation",
2179 |       "Metadata": {
2180 |         "AWS::CloudFormation::Designer": {
2181 |           "id": "dcea6d48-51e2-47e7-adbe-e312628000e5"
2182 |         }
2183 |       }
2184 |     },
2185 |     "SlaveRole": {
2186 |       "Properties": {
2187 |         "Policies": [
2188 |           {
2189 |             "PolicyName": "Slaves",
2190 |             "PolicyDocument": {
2191 |               "Statement": [
2192 |                 {
2193 |                   "Effect": "Allow",
2194 |                   "Action": [
2195 |                     "cloudformation:*"
2196 |                   ],
2197 |                   "Resource": [
2198 |                     {
2199 |                       "Ref": "AWS::StackId"
2200 |                     },
2201 |                     {
2202 |                       "Fn::Join": [
2203 |                         "",
2204 |                         [
2205 |                           {
2206 |                             "Ref": "AWS::StackId"
2207 |                           },
2208 |                           "/*"
2209 |                         ]
2210 |                       ]
2211 |                     }
2212 |                   ]
2213 |                 },
2214 |                 {
2215 |                   "Effect": "Allow",
2216 |                   "Action": [
2217 |                     "ec2:CreateTags",
2218 |                     "ec2:DescribeInstances",
2219 |                     "ec2:CreateVolume",
2220 |                     "ec2:DeleteVolume",
2221 |                     "ec2:AttachVolume",
2222 |                     "ec2:DetachVolume",
2223 |                     "ec2:DescribeVolumes",
2224 |                     "ec2:DescribeVolumeStatus",
2225 |                     "ec2:DescribeVolumeAttribute",
2226 |                     "ec2:CreateSnapshot",
2227 |                     "ec2:CopySnapshot",
2228 |                     "ec2:DeleteSnapshot",
2229 |                     "ec2:DescribeSnapshots",
2230 |                     "ec2:DescribeSnapshotAttribute",
2231 |                     "autoscaling:DescribeAutoScalingGroups",
2232 |                     "cloudwatch:PutMetricData"
2233 |                   ],
2234 |                   "Resource": "*"
2235 |                 }
2236 |               ],
2237 |               "Version": "2012-10-17"
2238 |             }
2239 |           }
2240 |         ],
2241 |         "AssumeRolePolicyDocument": {
2242 |           "Statement": [
2243 |             {
2244 |               "Effect": "Allow",
2245 |               "Principal": {
2246 |                 "Service": [
2247 |                   "ec2.amazonaws.com"
2248 |                 ]
2249 |               },
2250 |               "Action": [
2251 |                 "sts:AssumeRole"
2252 |               ]
2253 |             }
2254 |           ],
2255 |           "Version": "2012-10-17"
2256 |         }
2257 |       },
2258 |       "Type": "AWS::IAM::Role",
2259 |       "Metadata": {
2260 |         "AWS::CloudFormation::Designer": {
2261 |           "id": "0c455641-9cd7-4986-b538-0edd4695595f"
2262 |         }
2263 |       }
2264 |     },
2265 |     "MasterRole": {
2266 |       "Properties": {
2267 |         "Policies": [
2268 |           {
2269 |             "PolicyName": "root",
2270 |             "PolicyDocument": {
2271 |               "Statement": [
2272 |                 {
2273 |                   "Effect": "Allow",
2274 |                   "Action": [
2275 |                     "s3:AbortMultipartUpload",
2276 |                     "s3:DeleteObject",
2277 |                     "s3:GetBucketAcl",
2278 |                     "s3:GetBucketPolicy",
2279 |                     "s3:GetObject",
2280 |                     "s3:GetObjectAcl",
2281 |                     "s3:ListBucket",
2282 |                     "s3:ListBucketMultipartUploads",
2283 |                     "s3:ListMultipartUploadParts",
2284 |                     "s3:PutObject",
2285 |                     "s3:PutObjectAcl"
2286 |                   ],
2287 |                   "Resource": [
2288 |                     {
2289 |                       "Fn::Join": [
2290 |                         "",
2291 |                         [
2292 |                           {
2293 |                             "Fn::If": [
2294 |                               "RegionIsUsGovWest1",
2295 |                               "arn:aws-us-gov:s3:::",
2296 |                               "arn:aws:s3:::"
2297 |                             ]
2298 |                           },
2299 |                           {
2300 |                             "Ref": "ExhibitorS3Bucket"
2301 |                           },
2302 |                           "/*"
2303 |                         ]
2304 |                       ]
2305 |                     },
2306 |                     {
2307 |                       "Fn::Join": [
2308 |                         "",
2309 |                         [
2310 |                           {
2311 |                             "Fn::If": [
2312 |                               "RegionIsUsGovWest1",
2313 |                               "arn:aws-us-gov:s3:::",
2314 |                               "arn:aws:s3:::"
2315 |                             ]
2316 |                           },
2317 |                           {
2318 |                             "Ref": "ExhibitorS3Bucket"
2319 |                           }
2320 |                         ]
2321 |                       ]
2322 |                     }
2323 |                   ]
2324 |                 },
2325 |                 {
2326 |                   "Effect": "Allow",
2327 |                   "Action": [
2328 |                     "cloudformation:*"
2329 |                   ],
2330 |                   "Resource": [
2331 |                     {
2332 |                       "Ref": "AWS::StackId"
2333 |                     },
2334 |                     {
2335 |                       "Fn::Join": [
2336 |                         "",
2337 |                         [
2338 |                           {
2339 |                             "Ref": "AWS::StackId"
2340 |                           },
2341 |                           "/*"
2342 |                         ]
2343 |                       ]
2344 |                     }
2345 |                   ]
2346 |                 },
2347 |                 {
2348 |                   "Effect": "Allow",
2349 |                   "Action": [
2350 |                     "ec2:DescribeKeyPairs",
2351 |                     "ec2:DescribeSubnets",
2352 |                     "autoscaling:DescribeLaunchConfigurations",
2353 |                     "autoscaling:UpdateAutoScalingGroup",
2354 |                     "autoscaling:DescribeAutoScalingGroups",
2355 |                     "autoscaling:DescribeScalingActivities",
2356 |                     "elasticloadbalancing:DescribeLoadBalancers"
2357 |                   ],
2358 |                   "Resource": "*"
2359 |                 }
2360 |               ],
2361 |               "Version": "2012-10-17"
2362 |             }
2363 |           }
2364 |         ],
2365 |         "AssumeRolePolicyDocument": {
2366 |           "Statement": [
2367 |             {
2368 |               "Effect": "Allow",
2369 |               "Principal": {
2370 |                 "Service": [
2371 |                   "ec2.amazonaws.com"
2372 |                 ]
2373 |               },
2374 |               "Action": [
2375 |                 "sts:AssumeRole"
2376 |               ]
2377 |             }
2378 |           ],
2379 |           "Version": "2012-10-17"
2380 |         },
2381 |         "Path": "/"
2382 |       },
2383 |       "Type": "AWS::IAM::Role",
2384 |       "Metadata": {
2385 |         "AWS::CloudFormation::Designer": {
2386 |           "id": "d44cb758-3292-4763-a962-7f1ea3c68d96"
2387 |         }
2388 |       }
2389 |     },
2390 |     "MasterInstanceProfile": {
2391 |       "Properties": {
2392 |         "Roles": [
2393 |           {
2394 |             "Ref": "MasterRole"
2395 |           }
2396 |         ],
2397 |         "Path": "/"
2398 |       },
2399 |       "Type": "AWS::IAM::InstanceProfile",
2400 |       "Metadata": {
2401 |         "AWS::CloudFormation::Designer": {
2402 |           "id": "256ebd61-bd7a-49b2-8820-3f0fd6b5559c"
2403 |         }
2404 |       }
2405 |     },
2406 |     "MasterToPublicSlaveIngress": {
2407 |       "Properties": {
2408 |         "SourceSecurityGroupId": {
2409 |           "Ref": "MasterSecurityGroup"
2410 |         },
2411 |         "IpProtocol": "-1",
2412 |         "GroupId": {
2413 |           "Ref": "PublicSlaveSecurityGroup"
2414 |         },
2415 |         "FromPort": "0",
2416 |         "ToPort": "65535"
2417 |       },
2418 |       "Type": "AWS::EC2::SecurityGroupIngress",
2419 |       "Metadata": {
2420 |         "AWS::CloudFormation::Designer": {
2421 |           "id": "bc999319-619a-436f-b136-1a4e78f1a19f"
2422 |         }
2423 |       }
2424 |     },
2425 |     "PrivateRouteTable": {
2426 |       "Properties": {
2427 |         "VpcId": {
2428 |           "Ref": "Vpc"
2429 |         },
2430 |         "Tags": [
2431 |           {
2432 |             "Value": {
2433 |               "Ref": "AWS::StackName"
2434 |             },
2435 |             "Key": "Application"
2436 |           },
2437 |           {
2438 |             "Value": "Public",
2439 |             "Key": "Network"
2440 |           }
2441 |         ]
2442 |       },
2443 |       "Type": "AWS::EC2::RouteTable",
2444 |       "Metadata": {
2445 |         "AWS::CloudFormation::Designer": {
2446 |           "id": "8e56741d-9bf9-4797-9232-44f160a4fbba"
2447 |         }
2448 |       }
2449 |     },
2450 |     "PublicSlaveLoadBalancer": {
2451 |       "Properties": {
2452 |         "HealthCheck": {
2453 |           "Target": "HTTP:9090/_haproxy_health_check",
2454 |           "UnhealthyThreshold": "2",
2455 |           "Timeout": "2",
2456 |           "Interval": "5",
2457 |           "HealthyThreshold": "2"
2458 |         },
2459 |         "SecurityGroups": [
2460 |           {
2461 |             "Ref": "PublicSlaveSecurityGroup"
2462 |           }
2463 |         ],
2464 |         "Listeners": [
2465 |           {
2466 |             "LoadBalancerPort": "80",
2467 |             "Protocol": "TCP",
2468 |             "InstanceProtocol": "TCP",
2469 |             "InstancePort": "80"
2470 |           },
2471 |           {
2472 |             "LoadBalancerPort": "443",
2473 |             "Protocol": "TCP",
2474 |             "InstanceProtocol": "TCP",
2475 |             "InstancePort": "443"
2476 |           }
2477 |         ],
2478 |         "Subnets": [
2479 |           {
2480 |             "Ref": "PublicSubnet"
2481 |           }
2482 |         ]
2483 |       },
2484 |       "DependsOn": "GatewayToInternet",
2485 |       "Type": "AWS::ElasticLoadBalancing::LoadBalancer",
2486 |       "Metadata": {
2487 |         "AWS::CloudFormation::Designer": {
2488 |           "id": "d7aac628-f6ce-4b7f-969a-ef6a21abd09a"
2489 |         }
2490 |       }
2491 |     },
2492 |     "InternetGateway": {
2493 |       "Properties": {
2494 |         "Tags": [
2495 |           {
2496 |             "Value": {
2497 |               "Ref": "AWS::StackName"
2498 |             },
2499 |             "Key": "Application"
2500 |           },
2501 |           {
2502 |             "Value": "Public",
2503 |             "Key": "Network"
2504 |           }
2505 |         ]
2506 |       },
2507 |       "DependsOn": "Vpc",
2508 |       "Type": "AWS::EC2::InternetGateway",
2509 |       "Metadata": {
2510 |         "AWS::CloudFormation::Designer": {
2511 |           "id": "fd313ee3-6bd1-4df4-8012-f4723ad2c159"
2512 |         }
2513 |       }
2514 |     },
2515 |     "PublicSubnetRouteTableAssociation": {
2516 |       "Properties": {
2517 |         "RouteTableId": {
2518 |           "Ref": "PublicRouteTable"
2519 |         },
2520 |         "SubnetId": {
2521 |           "Ref": "PublicSubnet"
2522 |         }
2523 |       },
2524 |       "Type": "AWS::EC2::SubnetRouteTableAssociation",
2525 |       "Metadata": {
2526 |         "AWS::CloudFormation::Designer": {
2527 |           "id": "7398ff9c-0ee5-4baf-9378-a511efee6387"
2528 |         }
2529 |       }
2530 |     },
2531 |     "PrivateOutboundNetworkAclEntry": {
2532 |       "Properties": {
2533 |         "CidrBlock": "0.0.0.0/0",
2534 |         "RuleNumber": "100",
2535 |         "NetworkAclId": {
2536 |           "Ref": "PrivateNetworkAcl"
2537 |         },
2538 |         "Egress": "true",
2539 |         "Protocol": "-1",
2540 |         "RuleAction": "allow",
2541 |         "PortRange": {
2542 |           "From": "0",
2543 |           "To": "65535"
2544 |         }
2545 |       },
2546 |       "Type": "AWS::EC2::NetworkAclEntry",
2547 |       "Metadata": {
2548 |         "AWS::CloudFormation::Designer": {
2549 |           "id": "573ab7a3-43fe-4ed8-b089-b56525f05b9d"
2550 |         }
2551 |       }
2552 |     },
2553 |     "MasterToMasterIngress": {
2554 |       "Properties": {
2555 |         "SourceSecurityGroupId": {
2556 |           "Ref": "MasterSecurityGroup"
2557 |         },
2558 |         "IpProtocol": "-1",
2559 |         "GroupId": {
2560 |           "Ref": "MasterSecurityGroup"
2561 |         },
2562 |         "FromPort": "0",
2563 |         "ToPort": "65535"
2564 |       },
2565 |       "Type": "AWS::EC2::SecurityGroupIngress"
2566 |     },
2567 |     "LbSecurityGroup": {
2568 |       "Properties": {
2569 |         "VpcId": {
2570 |           "Ref": "Vpc"
2571 |         },
2572 |         "GroupDescription": "Mesos Master LB"
2573 |       },
2574 |       "Type": "AWS::EC2::SecurityGroup",
2575 |       "Metadata": {
2576 |         "AWS::CloudFormation::Designer": {
2577 |           "id": "88e3d525-46fb-4b89-8384-31128d6806de"
2578 |         }
2579 |       }
2580 |     },
2581 |     "PublicSlaveIngressTwo": {
2582 |       "Properties": {
2583 |         "IpProtocol": "tcp",
2584 |         "CidrIp": "0.0.0.0/0",
2585 |         "GroupId": {
2586 |           "Ref": "PublicSlaveSecurityGroup"
2587 |         },
2588 |         "FromPort": "23",
2589 |         "ToPort": "5050"
2590 |       },
2591 |       "Type": "AWS::EC2::SecurityGroupIngress"
2592 |     },
2593 |     "PrivateInboundNetworkAclEntry": {
2594 |       "Properties": {
2595 |         "CidrBlock": "0.0.0.0/0",
2596 |         "RuleNumber": "100",
2597 |         "NetworkAclId": {
2598 |           "Ref": "PrivateNetworkAcl"
2599 |         },
2600 |         "Egress": "false",
2601 |         "Protocol": "-1",
2602 |         "RuleAction": "allow",
2603 |         "PortRange": {
2604 |           "From": "0",
2605 |           "To": "65535"
2606 |         }
2607 |       },
2608 |       "Type": "AWS::EC2::NetworkAclEntry",
2609 |       "Metadata": {
2610 |         "AWS::CloudFormation::Designer": {
2611 |           "id": "cc0e4bb4-01f3-447e-bb7a-f8710b563375"
2612 |         }
2613 |       }
2614 |     },
2615 |     "SlaveLaunchConfig": {
2616 |       "Properties": {
2617 |         "EbsOptimized": "true",
2618 |         "KeyName": {
2619 |           "Ref": "KeyName"
2620 |         },
2621 |         "SecurityGroups": [
2622 |           {
2623 |             "Ref": "SlaveSecurityGroup"
2624 |           }
2625 |         ],
2626 |         "ImageId": {
2627 |           "Fn::FindInMap": [
2628 |             "RegionToAmi",
2629 |             {
2630 |               "Ref": "AWS::Region"
2631 |             },
2632 |             "stable"
2633 |           ]
2634 |         },
2635 |         "AssociatePublicIpAddress": "false",
2636 |         "UserData": {
2637 |           "Fn::Base64": {
2638 |             "Fn::Join": [
2639 |               "",
2640 |               [
2641 |                 "#cloud-config\n",
2642 |                 "\"coreos\":\n",
2643 |                 "  \"units\":\n",
2644 |                 "  - \"command\": |-\n",
2645 |                 "      start\n",
2646 |                 "    \"content\": |\n",
2647 |                 "      [Unit]\n",
2648 |                 "      Description=AWS Setup: Formats the /var/lib ephemeral drive\n",
2649 |                 "      Before=var-lib.mount dbus.service\n",
2650 |                 "      [Service]\n",
2651 |                 "      Type=oneshot\n",
2652 |                 "      RemainAfterExit=yes\n",
2653 |                 "      ExecStart=/bin/bash -c \"(blkid -t TYPE=ext4 | grep xvdb) || (/usr/sbin/mkfs.ext4 -F /dev/xvdb)\"\n",
2654 |                 "    \"name\": |-\n",
2655 |                 "      format-var-lib-ephemeral.service\n",
2656 |                 "  - \"command\": |-\n",
2657 |                 "      start\n",
2658 |                 "    \"content\": |\n",
2659 |                 "      [Unit]\n",
2660 |                 "      Description=AWS Setup: Mount /var/lib\n",
2661 |                 "      Before=dbus.service\n",
2662 |                 "      [Mount]\n",
2663 |                 "      What=/dev/xvdb\n",
2664 |                 "      Where=/var/lib\n",
2665 |                 "      Type=ext4\n",
2666 |                 "    \"name\": |-\n",
2667 |                 "      var-lib.mount\n",
2668 |                 "  - \"command\": |-\n",
2669 |                 "      stop\n",
2670 |                 "    \"mask\": !!bool |-\n",
2671 |                 "      true\n",
2672 |                 "    \"name\": |-\n",
2673 |                 "      etcd.service\n",
2674 |                 "  - \"command\": |-\n",
2675 |                 "      stop\n",
2676 |                 "    \"mask\": !!bool |-\n",
2677 |                 "      true\n",
2678 |                 "    \"name\": |-\n",
2679 |                 "      update-engine.service\n",
2680 |                 "  - \"command\": |-\n",
2681 |                 "      stop\n",
2682 |                 "    \"mask\": !!bool |-\n",
2683 |                 "      true\n",
2684 |                 "    \"name\": |-\n",
2685 |                 "      locksmithd.service\n",
2686 |                 "  - \"command\": |-\n",
2687 |                 "      stop\n",
2688 |                 "    \"name\": |-\n",
2689 |                 "      systemd-resolved.service\n",
2690 |                 "  - \"command\": |-\n",
2691 |                 "      restart\n",
2692 |                 "    \"name\": |-\n",
2693 |                 "      systemd-journald.service\n",
2694 |                 "  - \"command\": |-\n",
2695 |                 "      restart\n",
2696 |                 "    \"name\": |-\n",
2697 |                 "      docker.service\n",
2698 |                 "  - \"command\": |-\n",
2699 |                 "      start\n",
2700 |                 "    \"content\": |\n",
2701 |                 "      [Unit]\n",
2702 |                 "      Before=dcos.target\n",
2703 |                 "      [Service]\n",
2704 |                 "      Type=oneshot\n",
2705 |                 "      StandardOutput=journal+console\n",
2706 |                 "      StandardError=journal+console\n",
2707 |                 "      ExecStartPre=/usr/bin/mkdir -p /etc/profile.d\n",
2708 |                 "      ExecStart=/usr/bin/ln -sf /opt/mesosphere/environment.export /etc/profile.d/dcos.sh\n",
2709 |                 "    \"name\": |-\n",
2710 |                 "      dcos-link-env.service\n",
2711 |                 "  - \"content\": |\n",
2712 |                 "      [Unit]\n",
2713 |                 "      Description=Pkgpanda: Download DC/OS to this host.\n",
2714 |                 "      After=network-online.target\n",
2715 |                 "      Wants=network-online.target\n",
2716 |                 "      ConditionPathExists=!/opt/mesosphere/\n",
2717 |                 "      [Service]\n",
2718 |                 "      Type=oneshot\n",
2719 |                 "      StandardOutput=journal+console\n",
2720 |                 "      StandardError=journal+console\n",
2721 |                 "      ExecStartPre=/usr/bin/curl --keepalive-time 2 -fLsSv --retry 20 -Y 100000 -y 60 -o /tmp/bootstrap.tar.xz https://downloads.dcos.io/dcos/stable/bootstrap/e73ba2b1cd17795e4dcb3d6647d11a29b9c35084.bootstrap.tar.xz\n",
2722 |                 "      ExecStartPre=/usr/bin/mkdir -p /opt/mesosphere\n",
2723 |                 "      ExecStart=/usr/bin/tar -axf /tmp/bootstrap.tar.xz -C /opt/mesosphere\n",
2724 |                 "      ExecStartPost=-/usr/bin/rm -f /tmp/bootstrap.tar.xz\n",
2725 |                 "    \"name\": |-\n",
2726 |                 "      dcos-download.service\n",
2727 |                 "  - \"command\": |-\n",
2728 |                 "      start\n",
2729 |                 "    \"content\": |\n",
2730 |                 "      [Unit]\n",
2731 |                 "      Description=Pkgpanda: Specialize DC/OS for this host.\n",
2732 |                 "      Requires=dcos-download.service\n",
2733 |                 "      After=dcos-download.service\n",
2734 |                 "      [Service]\n",
2735 |                 "      Type=oneshot\n",
2736 |                 "      StandardOutput=journal+console\n",
2737 |                 "      StandardError=journal+console\n",
2738 |                 "      EnvironmentFile=/opt/mesosphere/environment\n",
2739 |                 "      ExecStart=/opt/mesosphere/bin/pkgpanda setup --no-block-systemd\n",
2740 |                 "      [Install]\n",
2741 |                 "      WantedBy=multi-user.target\n",
2742 |                 "    \"enable\": !!bool |-\n",
2743 |                 "      true\n",
2744 |                 "    \"name\": |-\n",
2745 |                 "      dcos-setup.service\n",
2746 |                 "    \"no_block\": !!bool |-\n",
2747 |                 "      true\n",
2748 |                 "  - \"command\": |-\n",
2749 |                 "      start\n",
2750 |                 "    \"content\": |-\n",
2751 |                 "      [Unit]\n",
2752 |                 "      Description=AWS Setup: Signal CloudFormation Success\n",
2753 |                 "      ConditionPathExists=!/var/lib/dcos-cfn-signal\n",
2754 |                 "      [Service]\n",
2755 |                 "      Type=simple\n",
2756 |                 "      Restart=on-failure\n",
2757 |                 "      StartLimitInterval=0\n",
2758 |                 "      RestartSec=15s\n",
2759 |                 "      EnvironmentFile=/opt/mesosphere/environment\n",
2760 |                 "      EnvironmentFile=/opt/mesosphere/etc/cfn_signal_metadata\n",
2761 |                 "      Environment=\"AWS_CFN_SIGNAL_THIS_RESOURCE=SlaveServerGroup\"\n",
2762 |                 "      ExecStartPre=/bin/ping -c1 leader.mesos\n",
2763 |                 "      ExecStartPre=/opt/mesosphere/bin/cfn-signal\n",
2764 |                 "      ExecStart=/usr/bin/touch /var/lib/dcos-cfn-signal\n",
2765 |                 "    \"name\": |-\n",
2766 |                 "      dcos-cfn-signal.service\n",
2767 |                 "    \"no_block\": !!bool |-\n",
2768 |                 "      true\n",
2769 |                 "  \"update\":\n",
2770 |                 "    \"reboot-strategy\": |-\n",
2771 |                 "      off\n",
2772 |                 "\"write_files\":\n",
2773 |                 "- \"content\": |\n",
2774 |                 "    https://downloads.dcos.io/dcos/stable\n",
2775 |                 "  \"owner\": |-\n",
2776 |                 "    root\n",
2777 |                 "  \"path\": |-\n",
2778 |                 "    /etc/mesosphere/setup-flags/repository-url\n",
2779 |                 "  \"permissions\": |-\n",
2780 |                 "    0644\n",
2781 |                 "- \"content\": |\n",
2782 |                 "    [\"dcos-config--setup_500d179ba527f84b6fdf5fb37d53631249fc123e\", \"dcos-metadata--setup_500d179ba527f84b6fdf5fb37d53631249fc123e\"]\n",
2783 |                 "  \"owner\": |-\n",
2784 |                 "    root\n",
2785 |                 "  \"path\": |-\n",
2786 |                 "    /etc/mesosphere/setup-flags/cluster-packages.json\n",
2787 |                 "  \"permissions\": |-\n",
2788 |                 "    0644\n",
2789 |                 "- \"content\": |\n",
2790 |                 "    [Journal]\n",
2791 |                 "    MaxLevelConsole=warning\n",
2792 |                 "    RateLimitInterval=1s\n",
2793 |                 "    RateLimitBurst=20000\n",
2794 |                 "  \"owner\": |-\n",
2795 |                 "    root\n",
2796 |                 "  \"path\": |-\n",
2797 |                 "    /etc/systemd/journald.conf.d/dcos.conf\n",
2798 |                 "  \"permissions\": |-\n",
2799 |                 "    0644\n",
2800 |                 "- \"content\": |\n",
2801 |                 "    rexray:\n",
2802 |                 "      loglevel: info\n",
2803 |                 "      modules:\n",
2804 |                 "        default-admin:\n",
2805 |                 "          host: tcp://127.0.0.1:61003\n",
2806 |                 "      storageDrivers:\n",
2807 |                 "      - ec2\n",
2808 |                 "      volume:\n",
2809 |                 "        unmount:\n",
2810 |                 "          ignoreusedcount: true\n",
2811 |                 "  \"path\": |-\n",
2812 |                 "    /etc/rexray/config.yml\n",
2813 |                 "  \"permissions\": |-\n",
2814 |                 "    0644\n",
2815 |                 "- \"content\": |\n",
2816 |                 "    MESOS_CLUSTER=",
2817 |                 {
2818 |                   "Ref": "AWS::StackName"
2819 |                 },
2820 |                 "",
2821 |                 "\n",
2822 |                 "  \"path\": |-\n",
2823 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/mesos-master-provider\n",
2824 |                 "- \"content\": |\n",
2825 |                 "    ADMINROUTER_ACTIVATE_AUTH_MODULE=",
2826 |                 {
2827 |                   "Ref": "OAuthEnabled"
2828 |                 },
2829 |                 "",
2830 |                 "\n",
2831 |                 "  \"path\": |-\n",
2832 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/adminrouter.env\n",
2833 |                 "- \"content\": |\n",
2834 |                 "    MASTER_SOURCE=exhibitor_uri\n",
2835 |                 "    EXHIBITOR_URI=http://",
2836 |                 {
2837 |                   "Fn::GetAtt": [
2838 |                     "InternalMasterLoadBalancer",
2839 |                     "DNSName"
2840 |                   ]
2841 |                 },
2842 |                 ":8181/exhibitor/v1/cluster/status",
2843 |                 "\n",
2844 |                 "    EXHIBITOR_ADDRESS=",
2845 |                 {
2846 |                   "Fn::GetAtt": [
2847 |                     "InternalMasterLoadBalancer",
2848 |                     "DNSName"
2849 |                   ]
2850 |                 },
2851 |                 "",
2852 |                 "\n",
2853 |                 "    RESOLVERS=169.254.169.253\n",
2854 |                 "  \"path\": |-\n",
2855 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/dns_config\n",
2856 |                 "- \"content\": |\n",
2857 |                 "    EXHIBITOR_BACKEND=AWS_S3\n",
2858 |                 "    AWS_REGION=",
2859 |                 {
2860 |                   "Ref": "AWS::Region"
2861 |                 },
2862 |                 "",
2863 |                 "\n",
2864 |                 "    AWS_S3_BUCKET=",
2865 |                 {
2866 |                   "Ref": "ExhibitorS3Bucket"
2867 |                 },
2868 |                 "",
2869 |                 "\n",
2870 |                 "    AWS_S3_PREFIX=",
2871 |                 {
2872 |                   "Ref": "AWS::StackName"
2873 |                 },
2874 |                 "",
2875 |                 "\n",
2876 |                 "  \"path\": |-\n",
2877 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/exhibitor\n",
2878 |                 "- \"content\": |\n",
2879 |                 "    {\"uiConfiguration\":{\"plugins\":{\"banner\":{\"enabled\":false,\"backgroundColor\":\"#1E232F\",\"foregroundColor\":\"#FFFFFF\",\"headerTitle\":null,\"headerContent\":null,\"footerContent\":null,\"imagePath\":null,\"dismissible\":null},\"branding\":{\"enabled\":false},\"external-links\": {\"enabled\": false},\n",
2880 |                 "\n",
2881 |                 "    \"authentication\":{\"enabled\":false},\n",
2882 |                 "\n",
2883 |                 "    \"oauth\":{\"enabled\":",
2884 |                 {
2885 |                   "Ref": "OAuthEnabled"
2886 |                 },
2887 |                 ",\"authHost\":\"https://dcos.auth0.com\"},",
2888 |                 "\n",
2889 |                 "\n",
2890 |                 "\n",
2891 |                 "    \"tracking\":{\"enabled\":true}}}}\n",
2892 |                 "  \"path\": |-\n",
2893 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/ui-config.json\n",
2894 |                 "- \"content\": |\n",
2895 |                 "    AWS_REGION=",
2896 |                 {
2897 |                   "Ref": "AWS::Region"
2898 |                 },
2899 |                 "",
2900 |                 "\n",
2901 |                 "    AWS_STACK_ID=",
2902 |                 {
2903 |                   "Ref": "AWS::StackId"
2904 |                 },
2905 |                 "",
2906 |                 "\n",
2907 |                 "    AWS_STACK_NAME=",
2908 |                 {
2909 |                   "Ref": "AWS::StackName"
2910 |                 },
2911 |                 "",
2912 |                 "\n",
2913 |                 "    AWS_IAM_MASTER_ROLE_NAME=",
2914 |                 {
2915 |                   "Ref": "MasterRole"
2916 |                 },
2917 |                 "",
2918 |                 "\n",
2919 |                 "    AWS_IAM_SLAVE_ROLE_NAME=",
2920 |                 {
2921 |                   "Ref": "SlaveRole"
2922 |                 },
2923 |                 "",
2924 |                 "\n",
2925 |                 "  \"path\": |-\n",
2926 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/cfn_signal_metadata\n",
2927 |                 "- \"content\": |\n",
2928 |                 "    INTERNAL_MASTER_LB_DNSNAME=",
2929 |                 {
2930 |                   "Fn::GetAtt": [
2931 |                     "InternalMasterLoadBalancer",
2932 |                     "DNSName"
2933 |                   ]
2934 |                 },
2935 |                 "",
2936 |                 "\n",
2937 |                 "    MASTER_LB_DNSNAME=",
2938 |                 {
2939 |                   "Fn::GetAtt": [
2940 |                     "ElasticLoadBalancer",
2941 |                     "DNSName"
2942 |                   ]
2943 |                 },
2944 |                 "",
2945 |                 "\n",
2946 |                 "  \"path\": |-\n",
2947 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/aws_dnsnames\n",
2948 |                 "- \"content\": |-\n",
2949 |                 "    {}\n",
2950 |                 "  \"path\": |-\n",
2951 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/pkginfo.json\n",
2952 |                 "- \"content\": \"\"\n",
2953 |                 "  \"path\": |-\n",
2954 |                 "    /etc/mesosphere/roles/slave\n",
2955 |                 "- \"content\": \"\"\n",
2956 |                 "  \"path\": |-\n",
2957 |                 "    /etc/mesosphere/roles/aws\n"
2958 |               ]
2959 |             ]
2960 |           }
2961 |         },
2962 |         "BlockDeviceMappings": [
2963 |           {
2964 |             "VirtualName": "ephemeral0",
2965 |             "DeviceName": "/dev/sdb"
2966 |           }
2967 |         ],
2968 |         "InstanceType": {
2969 |           "Fn::FindInMap": [
2970 |             "Parameters",
2971 |             "SlaveInstanceType",
2972 |             "default"
2973 |           ]
2974 |         },
2975 |         "IamInstanceProfile": {
2976 |           "Ref": "SlaveInstanceProfile"
2977 |         }
2978 |       },
2979 |       "Type": "AWS::AutoScaling::LaunchConfiguration",
2980 |       "Metadata": {
2981 |         "AWS::CloudFormation::Designer": {
2982 |           "id": "0d65cfc7-54a5-4eec-86d3-5d2492d226ad"
2983 |         }
2984 |       }
2985 |     },
2986 |     "PublicSlaveSecurityGroup": {
2987 |       "Properties": {
2988 |         "VpcId": {
2989 |           "Ref": "Vpc"
2990 |         },
2991 |         "GroupDescription": "Mesos Slaves Public"
2992 |       },
2993 |       "Type": "AWS::EC2::SecurityGroup",
2994 |       "Metadata": {
2995 |         "AWS::CloudFormation::Designer": {
2996 |           "id": "4ea2bcf9-8d10-4d8c-a95c-7c26d34ac218"
2997 |         }
2998 |       }
2999 |     },
3000 |     "SlaveToPublicSlaveIngress": {
3001 |       "Properties": {
3002 |         "SourceSecurityGroupId": {
3003 |           "Ref": "SlaveSecurityGroup"
3004 |         },
3005 |         "IpProtocol": "-1",
3006 |         "GroupId": {
3007 |           "Ref": "PublicSlaveSecurityGroup"
3008 |         },
3009 |         "FromPort": "0",
3010 |         "ToPort": "65535"
3011 |       },
3012 |       "Type": "AWS::EC2::SecurityGroupIngress",
3013 |       "Metadata": {
3014 |         "AWS::CloudFormation::Designer": {
3015 |           "id": "b515b1cb-182a-49d9-b397-2b28998dd4dc"
3016 |         }
3017 |       }
3018 |     },
3019 |     "PublicSlaveToSlaveIngress": {
3020 |       "Properties": {
3021 |         "SourceSecurityGroupId": {
3022 |           "Ref": "PublicSlaveSecurityGroup"
3023 |         },
3024 |         "IpProtocol": "-1",
3025 |         "GroupId": {
3026 |           "Ref": "SlaveSecurityGroup"
3027 |         },
3028 |         "FromPort": "0",
3029 |         "ToPort": "65535"
3030 |       },
3031 |       "Type": "AWS::EC2::SecurityGroupIngress",
3032 |       "Metadata": {
3033 |         "AWS::CloudFormation::Designer": {
3034 |           "id": "4112bdf8-fe6a-458f-a9c3-8ee8e81bf936"
3035 |         }
3036 |       }
3037 |     },
3038 |     "DHCPOptions": {
3039 |       "Properties": {
3040 |         "DomainName": {
3041 |           "Fn::If": [
3042 |             "RegionIsUsEast1",
3043 |             "ec2.internal",
3044 |             {
3045 |               "Fn::Join": [
3046 |                 "",
3047 |                 [
3048 |                   {
3049 |                     "Ref": "AWS::Region"
3050 |                   },
3051 |                   ".compute.internal"
3052 |                 ]
3053 |               ]
3054 |             }
3055 |           ]
3056 |         },
3057 |         "DomainNameServers": [
3058 |           "AmazonProvidedDNS"
3059 |         ]
3060 |       },
3061 |       "Type": "AWS::EC2::DHCPOptions",
3062 |       "Metadata": {
3063 |         "AWS::CloudFormation::Designer": {
3064 |           "id": "cab5ed47-4f4b-4804-9234-c9ee128ff1e2"
3065 |         }
3066 |       }
3067 |     },
3068 |     "Vpc": {
3069 |       "Properties": {
3070 |         "Tags": [
3071 |           {
3072 |             "Value": {
3073 |               "Ref": "AWS::StackName"
3074 |             },
3075 |             "Key": "Application"
3076 |           },
3077 |           {
3078 |             "Value": "Public",
3079 |             "Key": "Network"
3080 |           }
3081 |         ],
3082 |         "CidrBlock": {
3083 |           "Fn::FindInMap": [
3084 |             "Parameters",
3085 |             "VPCSubnetRange",
3086 |             "default"
3087 |           ]
3088 |         },
3089 |         "EnableDnsHostnames": "true",
3090 |         "EnableDnsSupport": "true"
3091 |       },
3092 |       "Type": "AWS::EC2::VPC",
3093 |       "Metadata": {
3094 |         "AWS::CloudFormation::Designer": {
3095 |           "id": "d5b2427f-2b9a-4f4b-8c23-048ebed12e67"
3096 |         }
3097 |       }
3098 |     },
3099 |     "MasterToSlaveIngress": {
3100 |       "Properties": {
3101 |         "SourceSecurityGroupId": {
3102 |           "Ref": "MasterSecurityGroup"
3103 |         },
3104 |         "IpProtocol": "-1",
3105 |         "GroupId": {
3106 |           "Ref": "SlaveSecurityGroup"
3107 |         },
3108 |         "FromPort": "0",
3109 |         "ToPort": "65535"
3110 |       },
3111 |       "Type": "AWS::EC2::SecurityGroupIngress",
3112 |       "Metadata": {
3113 |         "AWS::CloudFormation::Designer": {
3114 |           "id": "c63f4cb0-df20-480a-8acd-557e7d47aeb4"
3115 |         }
3116 |       }
3117 |     },
3118 |     "MasterLaunchConfig": {
3119 |       "Properties": {
3120 |         "EbsOptimized": "true",
3121 |         "KeyName": {
3122 |           "Ref": "KeyName"
3123 |         },
3124 |         "SecurityGroups": [
3125 |           {
3126 |             "Ref": "MasterSecurityGroup"
3127 |           },
3128 |           {
3129 |             "Ref": "AdminSecurityGroup"
3130 |           }
3131 |         ],
3132 |         "ImageId": {
3133 |           "Fn::FindInMap": [
3134 |             "RegionToAmi",
3135 |             {
3136 |               "Ref": "AWS::Region"
3137 |             },
3138 |             "stable"
3139 |           ]
3140 |         },
3141 |         "AssociatePublicIpAddress": "true",
3142 |         "UserData": {
3143 |           "Fn::Base64": {
3144 |             "Fn::Join": [
3145 |               "",
3146 |               [
3147 |                 "#cloud-config\n",
3148 |                 "\"coreos\":\n",
3149 |                 "  \"units\":\n",
3150 |                 "  - \"command\": |-\n",
3151 |                 "      start\n",
3152 |                 "    \"content\": |\n",
3153 |                 "      [Unit]\n",
3154 |                 "      Description=AWS Setup: Formats the /var/lib ephemeral drive\n",
3155 |                 "      Before=var-lib.mount dbus.service\n",
3156 |                 "      [Service]\n",
3157 |                 "      Type=oneshot\n",
3158 |                 "      RemainAfterExit=yes\n",
3159 |                 "      ExecStart=/bin/bash -c \"(blkid -t TYPE=ext4 | grep xvdb) || (/usr/sbin/mkfs.ext4 -F /dev/xvdb)\"\n",
3160 |                 "    \"name\": |-\n",
3161 |                 "      format-var-lib-ephemeral.service\n",
3162 |                 "  - \"command\": |-\n",
3163 |                 "      start\n",
3164 |                 "    \"content\": |\n",
3165 |                 "      [Unit]\n",
3166 |                 "      Description=AWS Setup: Mount /var/lib\n",
3167 |                 "      Before=dbus.service\n",
3168 |                 "      [Mount]\n",
3169 |                 "      What=/dev/xvdb\n",
3170 |                 "      Where=/var/lib\n",
3171 |                 "      Type=ext4\n",
3172 |                 "    \"name\": |-\n",
3173 |                 "      var-lib.mount\n",
3174 |                 "  - \"command\": |-\n",
3175 |                 "      stop\n",
3176 |                 "    \"mask\": !!bool |-\n",
3177 |                 "      true\n",
3178 |                 "    \"name\": |-\n",
3179 |                 "      etcd.service\n",
3180 |                 "  - \"command\": |-\n",
3181 |                 "      stop\n",
3182 |                 "    \"mask\": !!bool |-\n",
3183 |                 "      true\n",
3184 |                 "    \"name\": |-\n",
3185 |                 "      update-engine.service\n",
3186 |                 "  - \"command\": |-\n",
3187 |                 "      stop\n",
3188 |                 "    \"mask\": !!bool |-\n",
3189 |                 "      true\n",
3190 |                 "    \"name\": |-\n",
3191 |                 "      locksmithd.service\n",
3192 |                 "  - \"command\": |-\n",
3193 |                 "      stop\n",
3194 |                 "    \"name\": |-\n",
3195 |                 "      systemd-resolved.service\n",
3196 |                 "  - \"command\": |-\n",
3197 |                 "      restart\n",
3198 |                 "    \"name\": |-\n",
3199 |                 "      systemd-journald.service\n",
3200 |                 "  - \"command\": |-\n",
3201 |                 "      restart\n",
3202 |                 "    \"name\": |-\n",
3203 |                 "      docker.service\n",
3204 |                 "  - \"command\": |-\n",
3205 |                 "      start\n",
3206 |                 "    \"content\": |\n",
3207 |                 "      [Unit]\n",
3208 |                 "      Before=dcos.target\n",
3209 |                 "      [Service]\n",
3210 |                 "      Type=oneshot\n",
3211 |                 "      StandardOutput=journal+console\n",
3212 |                 "      StandardError=journal+console\n",
3213 |                 "      ExecStartPre=/usr/bin/mkdir -p /etc/profile.d\n",
3214 |                 "      ExecStart=/usr/bin/ln -sf /opt/mesosphere/environment.export /etc/profile.d/dcos.sh\n",
3215 |                 "    \"name\": |-\n",
3216 |                 "      dcos-link-env.service\n",
3217 |                 "  - \"content\": |\n",
3218 |                 "      [Unit]\n",
3219 |                 "      Description=Pkgpanda: Download DC/OS to this host.\n",
3220 |                 "      After=network-online.target\n",
3221 |                 "      Wants=network-online.target\n",
3222 |                 "      ConditionPathExists=!/opt/mesosphere/\n",
3223 |                 "      [Service]\n",
3224 |                 "      Type=oneshot\n",
3225 |                 "      StandardOutput=journal+console\n",
3226 |                 "      StandardError=journal+console\n",
3227 |                 "      ExecStartPre=/usr/bin/curl --keepalive-time 2 -fLsSv --retry 20 -Y 100000 -y 60 -o /tmp/bootstrap.tar.xz https://downloads.dcos.io/dcos/stable/bootstrap/e73ba2b1cd17795e4dcb3d6647d11a29b9c35084.bootstrap.tar.xz\n",
3228 |                 "      ExecStartPre=/usr/bin/mkdir -p /opt/mesosphere\n",
3229 |                 "      ExecStart=/usr/bin/tar -axf /tmp/bootstrap.tar.xz -C /opt/mesosphere\n",
3230 |                 "      ExecStartPost=-/usr/bin/rm -f /tmp/bootstrap.tar.xz\n",
3231 |                 "    \"name\": |-\n",
3232 |                 "      dcos-download.service\n",
3233 |                 "  - \"command\": |-\n",
3234 |                 "      start\n",
3235 |                 "    \"content\": |\n",
3236 |                 "      [Unit]\n",
3237 |                 "      Description=Pkgpanda: Specialize DC/OS for this host.\n",
3238 |                 "      Requires=dcos-download.service\n",
3239 |                 "      After=dcos-download.service\n",
3240 |                 "      [Service]\n",
3241 |                 "      Type=oneshot\n",
3242 |                 "      StandardOutput=journal+console\n",
3243 |                 "      StandardError=journal+console\n",
3244 |                 "      EnvironmentFile=/opt/mesosphere/environment\n",
3245 |                 "      ExecStart=/opt/mesosphere/bin/pkgpanda setup --no-block-systemd\n",
3246 |                 "      [Install]\n",
3247 |                 "      WantedBy=multi-user.target\n",
3248 |                 "    \"enable\": !!bool |-\n",
3249 |                 "      true\n",
3250 |                 "    \"name\": |-\n",
3251 |                 "      dcos-setup.service\n",
3252 |                 "    \"no_block\": !!bool |-\n",
3253 |                 "      true\n",
3254 |                 "  - \"command\": |-\n",
3255 |                 "      start\n",
3256 |                 "    \"content\": |-\n",
3257 |                 "      [Unit]\n",
3258 |                 "      Description=AWS Setup: Signal CloudFormation Success\n",
3259 |                 "      ConditionPathExists=!/var/lib/dcos-cfn-signal\n",
3260 |                 "      [Service]\n",
3261 |                 "      Type=simple\n",
3262 |                 "      Restart=on-failure\n",
3263 |                 "      StartLimitInterval=0\n",
3264 |                 "      RestartSec=15s\n",
3265 |                 "      EnvironmentFile=/opt/mesosphere/environment\n",
3266 |                 "      EnvironmentFile=/opt/mesosphere/etc/cfn_signal_metadata\n",
3267 |                 "      Environment=\"AWS_CFN_SIGNAL_THIS_RESOURCE=MasterServerGroup\"\n",
3268 |                 "      ExecStartPre=/bin/ping -c1 leader.mesos\n",
3269 |                 "      ExecStartPre=/opt/mesosphere/bin/cfn-signal\n",
3270 |                 "      ExecStart=/usr/bin/touch /var/lib/dcos-cfn-signal\n",
3271 |                 "    \"name\": |-\n",
3272 |                 "      dcos-cfn-signal.service\n",
3273 |                 "    \"no_block\": !!bool |-\n",
3274 |                 "      true\n",
3275 |                 "  \"update\":\n",
3276 |                 "    \"reboot-strategy\": |-\n",
3277 |                 "      off\n",
3278 |                 "\"write_files\":\n",
3279 |                 "- \"content\": |\n",
3280 |                 "    https://downloads.dcos.io/dcos/stable\n",
3281 |                 "  \"owner\": |-\n",
3282 |                 "    root\n",
3283 |                 "  \"path\": |-\n",
3284 |                 "    /etc/mesosphere/setup-flags/repository-url\n",
3285 |                 "  \"permissions\": |-\n",
3286 |                 "    0644\n",
3287 |                 "- \"content\": |\n",
3288 |                 "    [\"dcos-config--setup_500d179ba527f84b6fdf5fb37d53631249fc123e\", \"dcos-metadata--setup_500d179ba527f84b6fdf5fb37d53631249fc123e\"]\n",
3289 |                 "  \"owner\": |-\n",
3290 |                 "    root\n",
3291 |                 "  \"path\": |-\n",
3292 |                 "    /etc/mesosphere/setup-flags/cluster-packages.json\n",
3293 |                 "  \"permissions\": |-\n",
3294 |                 "    0644\n",
3295 |                 "- \"content\": |\n",
3296 |                 "    [Journal]\n",
3297 |                 "    MaxLevelConsole=warning\n",
3298 |                 "    RateLimitInterval=1s\n",
3299 |                 "    RateLimitBurst=20000\n",
3300 |                 "  \"owner\": |-\n",
3301 |                 "    root\n",
3302 |                 "  \"path\": |-\n",
3303 |                 "    /etc/systemd/journald.conf.d/dcos.conf\n",
3304 |                 "  \"permissions\": |-\n",
3305 |                 "    0644\n",
3306 |                 "- \"content\": |\n",
3307 |                 "    rexray:\n",
3308 |                 "      loglevel: info\n",
3309 |                 "      modules:\n",
3310 |                 "        default-admin:\n",
3311 |                 "          host: tcp://127.0.0.1:61003\n",
3312 |                 "      storageDrivers:\n",
3313 |                 "      - ec2\n",
3314 |                 "      volume:\n",
3315 |                 "        unmount:\n",
3316 |                 "          ignoreusedcount: true\n",
3317 |                 "  \"path\": |-\n",
3318 |                 "    /etc/rexray/config.yml\n",
3319 |                 "  \"permissions\": |-\n",
3320 |                 "    0644\n",
3321 |                 "- \"content\": |\n",
3322 |                 "    MESOS_CLUSTER=",
3323 |                 {
3324 |                   "Ref": "AWS::StackName"
3325 |                 },
3326 |                 "",
3327 |                 "\n",
3328 |                 "  \"path\": |-\n",
3329 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/mesos-master-provider\n",
3330 |                 "- \"content\": |\n",
3331 |                 "    ADMINROUTER_ACTIVATE_AUTH_MODULE=",
3332 |                 {
3333 |                   "Ref": "OAuthEnabled"
3334 |                 },
3335 |                 "",
3336 |                 "\n",
3337 |                 "  \"path\": |-\n",
3338 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/adminrouter.env\n",
3339 |                 "- \"content\": |\n",
3340 |                 "    MASTER_SOURCE=exhibitor_uri\n",
3341 |                 "    EXHIBITOR_URI=http://",
3342 |                 {
3343 |                   "Fn::GetAtt": [
3344 |                     "InternalMasterLoadBalancer",
3345 |                     "DNSName"
3346 |                   ]
3347 |                 },
3348 |                 ":8181/exhibitor/v1/cluster/status",
3349 |                 "\n",
3350 |                 "    EXHIBITOR_ADDRESS=",
3351 |                 {
3352 |                   "Fn::GetAtt": [
3353 |                     "InternalMasterLoadBalancer",
3354 |                     "DNSName"
3355 |                   ]
3356 |                 },
3357 |                 "",
3358 |                 "\n",
3359 |                 "    RESOLVERS=169.254.169.253\n",
3360 |                 "  \"path\": |-\n",
3361 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/dns_config\n",
3362 |                 "- \"content\": |\n",
3363 |                 "    EXHIBITOR_BACKEND=AWS_S3\n",
3364 |                 "    AWS_REGION=",
3365 |                 {
3366 |                   "Ref": "AWS::Region"
3367 |                 },
3368 |                 "",
3369 |                 "\n",
3370 |                 "    AWS_S3_BUCKET=",
3371 |                 {
3372 |                   "Ref": "ExhibitorS3Bucket"
3373 |                 },
3374 |                 "",
3375 |                 "\n",
3376 |                 "    AWS_S3_PREFIX=",
3377 |                 {
3378 |                   "Ref": "AWS::StackName"
3379 |                 },
3380 |                 "",
3381 |                 "\n",
3382 |                 "  \"path\": |-\n",
3383 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/exhibitor\n",
3384 |                 "- \"content\": |\n",
3385 |                 "    {\"uiConfiguration\":{\"plugins\":{\"banner\":{\"enabled\":false,\"backgroundColor\":\"#1E232F\",\"foregroundColor\":\"#FFFFFF\",\"headerTitle\":null,\"headerContent\":null,\"footerContent\":null,\"imagePath\":null,\"dismissible\":null},\"branding\":{\"enabled\":false},\"external-links\": {\"enabled\": false},\n",
3386 |                 "\n",
3387 |                 "    \"authentication\":{\"enabled\":false},\n",
3388 |                 "\n",
3389 |                 "    \"oauth\":{\"enabled\":",
3390 |                 {
3391 |                   "Ref": "OAuthEnabled"
3392 |                 },
3393 |                 ",\"authHost\":\"https://dcos.auth0.com\"},",
3394 |                 "\n",
3395 |                 "\n",
3396 |                 "\n",
3397 |                 "    \"tracking\":{\"enabled\":true}}}}\n",
3398 |                 "  \"path\": |-\n",
3399 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/ui-config.json\n",
3400 |                 "- \"content\": |\n",
3401 |                 "    AWS_REGION=",
3402 |                 {
3403 |                   "Ref": "AWS::Region"
3404 |                 },
3405 |                 "",
3406 |                 "\n",
3407 |                 "    AWS_STACK_ID=",
3408 |                 {
3409 |                   "Ref": "AWS::StackId"
3410 |                 },
3411 |                 "",
3412 |                 "\n",
3413 |                 "    AWS_STACK_NAME=",
3414 |                 {
3415 |                   "Ref": "AWS::StackName"
3416 |                 },
3417 |                 "",
3418 |                 "\n",
3419 |                 "    AWS_IAM_MASTER_ROLE_NAME=",
3420 |                 {
3421 |                   "Ref": "MasterRole"
3422 |                 },
3423 |                 "",
3424 |                 "\n",
3425 |                 "    AWS_IAM_SLAVE_ROLE_NAME=",
3426 |                 {
3427 |                   "Ref": "SlaveRole"
3428 |                 },
3429 |                 "",
3430 |                 "\n",
3431 |                 "  \"path\": |-\n",
3432 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/cfn_signal_metadata\n",
3433 |                 "- \"content\": |\n",
3434 |                 "    INTERNAL_MASTER_LB_DNSNAME=",
3435 |                 {
3436 |                   "Fn::GetAtt": [
3437 |                     "InternalMasterLoadBalancer",
3438 |                     "DNSName"
3439 |                   ]
3440 |                 },
3441 |                 "",
3442 |                 "\n",
3443 |                 "    MASTER_LB_DNSNAME=",
3444 |                 {
3445 |                   "Fn::GetAtt": [
3446 |                     "ElasticLoadBalancer",
3447 |                     "DNSName"
3448 |                   ]
3449 |                 },
3450 |                 "",
3451 |                 "\n",
3452 |                 "  \"path\": |-\n",
3453 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/aws_dnsnames\n",
3454 |                 "- \"content\": |-\n",
3455 |                 "    {}\n",
3456 |                 "  \"path\": |-\n",
3457 |                 "    /etc/mesosphere/setup-packages/dcos-provider-aws--setup/pkginfo.json\n",
3458 |                 "- \"content\": \"\"\n",
3459 |                 "  \"path\": |-\n",
3460 |                 "    /etc/mesosphere/roles/master\n",
3461 |                 "- \"content\": \"\"\n",
3462 |                 "  \"path\": |-\n",
3463 |                 "    /etc/mesosphere/roles/aws_master\n",
3464 |                 "- \"content\": \"\"\n",
3465 |                 "  \"path\": |-\n",
3466 |                 "    /etc/mesosphere/roles/aws\n"
3467 |               ]
3468 |             ]
3469 |           }
3470 |         },
3471 |         "BlockDeviceMappings": [
3472 |           {
3473 |             "VirtualName": "ephemeral0",
3474 |             "DeviceName": "/dev/sdb"
3475 |           }
3476 |         ],
3477 |         "InstanceType": {
3478 |           "Fn::FindInMap": [
3479 |             "Parameters",
3480 |             "MasterInstanceType",
3481 |             "default"
3482 |           ]
3483 |         },
3484 |         "IamInstanceProfile": {
3485 |           "Ref": "MasterInstanceProfile"
3486 |         }
3487 |       },
3488 |       "Type": "AWS::AutoScaling::LaunchConfiguration",
3489 |       "Metadata": {
3490 |         "AWS::CloudFormation::Designer": {
3491 |           "id": "069de8be-dfa4-43ff-b2bd-04dbba3e66db"
3492 |         }
3493 |       }
3494 |     }
3495 |   }
3496 | }


--------------------------------------------------------------------------------
/nat_instance.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_instance" "nat" {
 2 |   ami = "${lookup(var.nat_amis, var.aws_region)}"
 3 |   instance_type = "m3.medium"
 4 |   subnet_id = "${aws_subnet.public.id}"
 5 |   source_dest_check = false
 6 |   associate_public_ip_address = true
 7 |   key_name = "${aws_key_pair.dcos.key_name}"
 8 | 
 9 |   vpc_security_group_ids = [
10 |     "${aws_security_group.slave.id}",
11 |     "${aws_security_group.master.id}",
12 |     "${aws_security_group.vpn.id}",
13 |     "${aws_security_group.admin.id}"
14 |   ]
15 | 
16 |   tags {
17 |     Application = "${var.stack_name}"
18 |     Role = "nat"
19 |   }
20 | }
21 | 


--------------------------------------------------------------------------------
/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "vpn_ssh" {
 2 |   value = "ssh ubuntu@${aws_instance.vpn.public_ip}"
 3 | }
 4 | 
 5 | output "dcos_cli" {
 6 |   value = "ssh ubuntu@${aws_instance.dcos.private_ip}"
 7 | }
 8 | 
 9 | output "vpn_http" {
10 |   value = "https://${aws_elb.vpn.dns_name}"
11 | }
12 | 
13 | output "internal_master" {
14 |   value = "http://${aws_elb.internal_master.dns_name}"
15 | }
16 | 
17 | output "public_slave" {
18 |   value = "${aws_elb.public_slaves.dns_name}"
19 | }
20 | 


--------------------------------------------------------------------------------
/private_route_table.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_route_table" "private" {
 2 |   vpc_id = "${aws_vpc.dcos.id}"
 3 | 
 4 |   route {
 5 |     cidr_block = "0.0.0.0/0"
 6 |     instance_id = "${aws_instance.nat.id}"
 7 |   }
 8 | 
 9 |   tags {
10 |     Application = "${var.stack_name}"
11 |     Network = "Private"
12 |   }
13 | }
14 | 


--------------------------------------------------------------------------------
/private_subnet.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_subnet" "private" {
 2 |   vpc_id = "${aws_vpc.dcos.id}"
 3 |   cidr_block = "${var.private_subnet_range}"
 4 | 
 5 |   tags {
 6 |     Application = "${var.stack_name}"
 7 |     Network = "Private"
 8 |   }
 9 | }
10 | 


--------------------------------------------------------------------------------
/private_subnet_network_acl_association.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_network_acl" "private" {
 2 |   vpc_id = "${aws_vpc.dcos.id}"
 3 |   subnet_ids = ["${aws_subnet.private.id}"]
 4 | 
 5 |   egress {
 6 |     protocol = "-1"
 7 |     rule_no = 100
 8 |     action = "allow"
 9 |     cidr_block =  "0.0.0.0/0"
10 |     from_port = 0
11 |     to_port = 0
12 |   }
13 | 
14 |   ingress {
15 |     protocol = "-1"
16 |     rule_no = 100
17 |     action = "allow"
18 |     cidr_block =  "0.0.0.0/0"
19 |     from_port = 0
20 |     to_port = 0
21 |   }
22 | 
23 |   tags {
24 |     Application = "${var.stack_name}"
25 |     Network = "Public"
26 |   }
27 | }
28 | 


--------------------------------------------------------------------------------
/private_subnet_route_table_association.tf:
--------------------------------------------------------------------------------
1 | resource "aws_route_table_association" "private" {
2 |   subnet_id = "${aws_subnet.private.id}"
3 |   route_table_id = "${aws_route_table.private.id}"
4 | }
5 | 


--------------------------------------------------------------------------------
/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 |   region = "${var.aws_region}"
3 |   access_key = "${var.aws_access_key}"
4 |   secret_key = "${var.aws_secret_key}"
5 | }
6 | 


--------------------------------------------------------------------------------
/public_route_table.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_route_table" "public" {
 2 |   vpc_id = "${aws_vpc.dcos.id}"
 3 | 
 4 |   route {
 5 |     cidr_block = "0.0.0.0/0"
 6 |     gateway_id = "${aws_internet_gateway.dcos.id}"
 7 |   }
 8 | 
 9 |   tags {
10 |     Application = "${var.stack_name}"
11 |     Network = "Public"
12 |   }
13 | }
14 | 


--------------------------------------------------------------------------------
/public_slave_launch_configuration.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_launch_configuration" "public_slave" {
 2 |   security_groups = ["${aws_security_group.public_slave.id}"]
 3 |   image_id = "${lookup(var.coreos_amis, var.aws_region)}"
 4 |   instance_type = "${var.public_slave_instance_type}"
 5 |   key_name = "${aws_key_pair.dcos.key_name}"
 6 |   user_data = "${data.template_file.public_slave_user_data.rendered}"
 7 |   associate_public_ip_address = true
 8 | 
 9 |   lifecycle {
10 |     create_before_destroy = false
11 |   }
12 | }
13 | 
14 | data "template_file" "public_slave_user_data" {
15 |   template = "${file("${path.module}/public_slave_user_data.yml")}"
16 | 
17 |   vars {
18 |     authentication_enabled      = "${var.authentication_enabled}"
19 |     bootstrap_id                = "${var.bootstrap_id}"
20 |     stack_name                  = "${var.stack_name}"
21 |     aws_region                  = "${var.aws_region}"
22 |     cluster_packages            = "${var.cluster_packages}"
23 |     aws_access_key_id           = "${aws_iam_access_key.host_keys.id}"
24 |     aws_secret_access_key       = "${aws_iam_access_key.host_keys.secret}"
25 |     fallback_dns                = "${var.fallback_dns}"
26 |     internal_master_lb_dns_name = "${aws_elb.internal_master.dns_name}"
27 |     public_lb_dns_name          = "${aws_elb.public_slaves.dns_name}"
28 |     exhibitor_s3_bucket         = "${aws_s3_bucket.exhibitor.id}"
29 |     dcos_base_download_url      = "${var.dcos_base_download_url}"
30 |   }
31 | }
32 | 


--------------------------------------------------------------------------------
/public_slave_load_balancer.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_elb" "public_slaves" {
 2 |   name = "public-slave-${var.elb_version}-load-balancer"
 3 | 
 4 |   subnets = ["${aws_subnet.public.id}"]
 5 | 
 6 |   security_groups = ["${aws_security_group.public_slave.id}"]
 7 | 
 8 |   health_check {
 9 |     healthy_threshold = 2
10 |     unhealthy_threshold = 2
11 |     timeout = 5
12 |     target = "HTTP:80/"
13 |     interval = 30
14 |   }
15 | 
16 |   listener {
17 |     instance_port = 80
18 |     instance_protocol = "http"
19 |     lb_port = 80
20 |     lb_protocol = "http"
21 |   }
22 | 
23 |   listener {
24 |     instance_port = 443
25 |     instance_protocol = "tcp"
26 |     lb_port = 443
27 |     lb_protocol = "tcp"
28 |   }
29 | }
30 | 


--------------------------------------------------------------------------------
/public_slave_security_group.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_security_group" "public_slave" {
 2 |   name = "Public-Slaves-${var.stack_name}"
 3 |   description = "Mesos Public Slaves"
 4 | 
 5 |   vpc_id = "${aws_vpc.dcos.id}"
 6 | }
 7 | 
 8 | resource "aws_security_group_rule" "public_slave_egress_all" {
 9 |   security_group_id = "${aws_security_group.public_slave.id}"
10 | 
11 |   type = "egress"
12 |   from_port = 0
13 |   to_port = 65535
14 |   protocol = "-1"
15 |   cidr_blocks = ["0.0.0.0/0"]
16 | }
17 | 
18 | resource "aws_security_group_rule" "public_slave_ingress_public_slave" {
19 |   security_group_id = "${aws_security_group.public_slave.id}"
20 | 
21 |   type = "ingress"
22 |   from_port = 0
23 |   to_port = 65535
24 |   protocol = "-1"
25 |   self = true
26 | }
27 | 
28 | resource "aws_security_group_rule" "public_slave_ingress_master" {
29 |   security_group_id = "${aws_security_group.public_slave.id}"
30 | 
31 |   type = "ingress"
32 |   from_port = 0
33 |   to_port = 65535
34 |   protocol = "-1"
35 |   source_security_group_id = "${aws_security_group.master.id}"
36 | }
37 | 
38 | resource "aws_security_group_rule" "public_slave_ingress_slave" {
39 |   security_group_id = "${aws_security_group.public_slave.id}"
40 | 
41 |   type = "ingress"
42 |   from_port = 0
43 |   to_port = 65535
44 |   protocol = "-1"
45 |   source_security_group_id = "${aws_security_group.slave.id}"
46 | }
47 | 
48 | resource "aws_security_group_rule" "public_slave_ingress_0_21_tcp" {
49 |   security_group_id = "${aws_security_group.public_slave.id}"
50 | 
51 |   type = "ingress"
52 |   from_port = 0
53 |   to_port = 21
54 |   protocol = "tcp"
55 |   cidr_blocks = ["0.0.0.0/0"]
56 | }
57 | 
58 | resource "aws_security_group_rule" "public_slave_ingress_0_21_udp" {
59 |   security_group_id = "${aws_security_group.public_slave.id}"
60 | 
61 |   type = "ingress"
62 |   from_port = 0
63 |   to_port = 21
64 |   protocol = "udp"
65 |   cidr_blocks = ["0.0.0.0/0"]
66 | }
67 | 
68 | resource "aws_security_group_rule" "public_slave_ingress_23_5050_udp" {
69 |   security_group_id = "${aws_security_group.public_slave.id}"
70 | 
71 |   type = "ingress"
72 |   from_port = 23
73 |   to_port = 5050
74 |   protocol = "udp"
75 |   cidr_blocks = ["0.0.0.0/0"]
76 | }
77 | 
78 | resource "aws_security_group_rule" "public_slave_ingress_5052_65535_udp" {
79 |   security_group_id = "${aws_security_group.public_slave.id}"
80 | 
81 |   type = "ingress"
82 |   from_port = 5052
83 |   to_port = 65535
84 |   protocol = "udp"
85 |   cidr_blocks = ["0.0.0.0/0"]
86 | }
87 | 


--------------------------------------------------------------------------------
/public_slave_server_group.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_autoscaling_group" "public_slave_server_group" {
 2 |   name = "Public-Slaves-${var.stack_name}"
 3 | 
 4 |   min_size = "${var.public_slave_instance_count}"
 5 |   max_size = "${var.public_slave_instance_count}"
 6 |   desired_capacity = "${var.public_slave_instance_count}"
 7 | 
 8 |   load_balancers = ["${aws_elb.public_slaves.id}"]
 9 |   
10 |   vpc_zone_identifier = ["${aws_subnet.public.id}"]
11 |   launch_configuration = "${aws_launch_configuration.public_slave.id}"
12 | 
13 |   tag {
14 |     key = "role"
15 |     value = "mesos-slave"
16 |     propagate_at_launch = true
17 |   }
18 | 
19 |   lifecycle {
20 |     create_before_destroy = false
21 |   }
22 | }
23 | 


--------------------------------------------------------------------------------
/public_slave_user_data.yml:
--------------------------------------------------------------------------------
  1 | #cloud-config
  2 | "coreos":
  3 |   "units":
  4 |   - "command": |-
  5 |       start
  6 |     "content": |
  7 |       [Unit]
  8 |       Description=AWS Setup: Formats the /var/lib ephemeral drive
  9 |       Before=var-lib.mount dbus.service
 10 |       [Service]
 11 |       Type=oneshot
 12 |       RemainAfterExit=yes
 13 |       ExecStart=/bin/bash -c "(blkid -t TYPE=ext4 | grep xvdb) || (/usr/sbin/mkfs.ext4 -F /dev/xvdb)"
 14 |     "name": |-
 15 |       format-var-lib-ephemeral.service
 16 |   - "command": |-
 17 |       start
 18 |     "content": |
 19 |       [Unit]
 20 |       Description=AWS Setup: Mount /var/lib
 21 |       Before=dbus.service
 22 |       [Mount]
 23 |       What=/dev/xvdb
 24 |       Where=/var/lib
 25 |       Type=ext4
 26 |     "name": |-
 27 |       var-lib.mount
 28 |   - "command": |-
 29 |       stop
 30 |     "mask": !!bool |-
 31 |       true
 32 |     "name": |-
 33 |       etcd.service
 34 |   - "command": |-
 35 |       stop
 36 |     "mask": !!bool |-
 37 |       true
 38 |     "name": |-
 39 |       update-engine.service
 40 |   - "command": |-
 41 |       stop
 42 |     "mask": !!bool |-
 43 |       true
 44 |     "name": |-
 45 |       locksmithd.service
 46 |   - "command": |-
 47 |       stop
 48 |     "name": |-
 49 |       systemd-resolved.service
 50 |   - "command": |-
 51 |       restart
 52 |     "name": |-
 53 |       systemd-journald.service
 54 |   - "command": |-
 55 |       restart
 56 |     "name": |-
 57 |       docker.service
 58 |   - "command": |-
 59 |       start
 60 |     "content": |
 61 |       [Unit]
 62 |       Before=dcos.target
 63 |       [Service]
 64 |       Type=oneshot
 65 |       StandardOutput=journal+console
 66 |       StandardError=journal+console
 67 |       ExecStartPre=/usr/bin/mkdir -p /etc/profile.d
 68 |       ExecStart=/usr/bin/ln -sf /opt/mesosphere/environment.export /etc/profile.d/dcos.sh
 69 |     "name": |-
 70 |       dcos-link-env.service
 71 |   - "content": |
 72 |       [Unit]
 73 |       Description=Pkgpanda: Download DC/OS to this host.
 74 |       After=network-online.target
 75 |       Wants=network-online.target
 76 |       ConditionPathExists=!/opt/mesosphere/
 77 |       [Service]
 78 |       Type=oneshot
 79 |       StandardOutput=journal+console
 80 |       StandardError=journal+console
 81 |       ExecStartPre=/usr/bin/curl --keepalive-time 2 -fLsSv --retry 20 -Y 100000 -y 60 -o /tmp/bootstrap.tar.xz ${dcos_base_download_url}/bootstrap/${bootstrap_id}.bootstrap.tar.xz
 82 |       ExecStartPre=/usr/bin/mkdir -p /opt/mesosphere
 83 |       ExecStart=/usr/bin/tar -axf /tmp/bootstrap.tar.xz -C /opt/mesosphere
 84 |       ExecStartPost=-/usr/bin/rm -f /tmp/bootstrap.tar.xz
 85 |     "name": |-
 86 |       dcos-download.service
 87 |   - "command": |-
 88 |       start
 89 |     "content": |
 90 |       [Unit]
 91 |       Description=Pkgpanda: Specialize DC/OS for this host.
 92 |       Requires=dcos-download.service
 93 |       After=dcos-download.service
 94 |       [Service]
 95 |       Type=oneshot
 96 |       StandardOutput=journal+console
 97 |       StandardError=journal+console
 98 |       EnvironmentFile=/opt/mesosphere/environment
 99 |       ExecStart=/opt/mesosphere/bin/pkgpanda setup --no-block-systemd
100 |       [Install]
101 |       WantedBy=multi-user.target
102 |     "enable": !!bool |-
103 |       true
104 |     "name": |-
105 |       dcos-setup.service
106 |   "update":
107 |     "reboot-strategy": |-
108 |       off
109 | "write_files":
110 | - "content": |
111 |     ${dcos_base_download_url}
112 |   "owner": |-
113 |     root
114 |   "path": |-
115 |     /etc/mesosphere/setup-flags/repository-url
116 |   "permissions": |-
117 |     0644
118 | - "content": |
119 | ${cluster_packages}
120 |   "owner": |-
121 |     root
122 |   "path": |-
123 |     /etc/mesosphere/setup-flags/cluster-packages.json
124 |   "permissions": |-
125 |     0644
126 | - "content": |
127 |     [Journal]
128 |     MaxLevelConsole=warning
129 |     RateLimitInterval=1s
130 |     RateLimitBurst=20000
131 |   "owner": |-
132 |     root
133 |   "path": |-
134 |     /etc/systemd/journald.conf.d/dcos.conf
135 |   "permissions": |-
136 |     0644
137 | - "content": |
138 |     rexray:
139 |       loglevel: info
140 |       modules:
141 |         default-admin:
142 |           host: tcp://127.0.0.1:61003
143 |       storageDrivers:
144 |       - ec2
145 |       volume:
146 |         unmount:
147 |           ignoreusedcount: true
148 |   "path": |-
149 |     /etc/rexray/config.yml
150 |   "permissions": |-
151 |     0644
152 | - "content": |
153 |     MESOS_CLUSTER=${stack_name}
154 |   "path": |-
155 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/mesos-master-provider
156 | - "content": |
157 |     ADMINROUTER_ACTIVATE_AUTH_MODULE=${authentication_enabled}
158 |   "path": |-
159 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/adminrouter.env
160 | - "content": |
161 |     com.netflix.exhibitor.s3.access-key-id=${aws_access_key_id}
162 |     com.netflix.exhibitor.s3.access-secret-key=${aws_secret_access_key}
163 |   "path": |-
164 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/exhibitor.properties
165 | - "content": |
166 |     MASTER_SOURCE=exhibitor_uri
167 |     EXHIBITOR_URI=http://${internal_master_lb_dns_name}:8181/exhibitor/v1/cluster/status
168 |     EXHIBITOR_ADDRESS=${internal_master_lb_dns_name}
169 |     RESOLVERS=${fallback_dns}
170 |   "path": |-
171 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/dns_config
172 | - "content": |
173 |     EXHIBITOR_BACKEND=AWS_S3
174 |     AWS_REGION=${aws_region}
175 |     AWS_S3_BUCKET=${exhibitor_s3_bucket}
176 |     AWS_S3_PREFIX=${stack_name}
177 |   "path": |-
178 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/exhibitor
179 | - "content": |
180 |     {"uiConfiguration":{"plugins":{"banner":{"enabled":false,"backgroundColor":"#1E232F","foregroundColor":"#FFFFFF","headerTitle":null,"headerContent":null,"footerContent":null,"imagePath":null,"dismissible":null},"branding":{"enabled":false},"external-links": {"enabled": false},
181 | 
182 |     "authentication":{"enabled":false},
183 | 
184 |     "oauth":{"enabled":${authentication_enabled},"authHost":"https://dcos.auth0.com"},
185 | 
186 | 
187 |     "tracking":{"enabled":true}}}}
188 |   "path": |-
189 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/ui-config.json
190 | - "content": |
191 |     INTERNAL_MASTER_LB_DNSNAME=${internal_master_lb_dns_name}
192 |     MASTER_LB_DNSNAME=${public_lb_dns_name}
193 |   "path": |-
194 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/aws_dnsnames
195 | - "content": |-
196 |     {}
197 |   "path": |-
198 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/pkginfo.json
199 | - "content": ""
200 |   "path": |-
201 |     /etc/mesosphere/roles/slave_public
202 | - "content": ""
203 |   "path": |-
204 |     /etc/mesosphere/roles/aws
205 | 


--------------------------------------------------------------------------------
/public_subnet.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_subnet" "public" {
 2 |   vpc_id = "${aws_vpc.dcos.id}"
 3 |   cidr_block = "${var.public_subnet_range}"
 4 | 
 5 |   tags {
 6 |     Application = "${var.stack_name}"
 7 |     Network = "Public"
 8 |   }
 9 | }
10 | 


--------------------------------------------------------------------------------
/public_subnet_network_acl_association.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_network_acl" "public" {
 2 |   vpc_id = "${aws_vpc.dcos.id}"
 3 |   subnet_ids = ["${aws_subnet.public.id}"]
 4 | 
 5 |   egress {
 6 |     protocol = "-1"
 7 |     rule_no = 100
 8 |     action = "allow"
 9 |     cidr_block =  "0.0.0.0/0"
10 |     from_port = 0
11 |     to_port = 0
12 |   }
13 | 
14 |   ingress {
15 |     protocol = "-1"
16 |     rule_no = 100
17 |     action = "allow"
18 |     cidr_block =  "0.0.0.0/0"
19 |     from_port = 0
20 |     to_port = 0
21 |   }
22 | 
23 |   tags {
24 |     Application = "${var.stack_name}"
25 |     Network = "Public"
26 |   }
27 | }
28 | 


--------------------------------------------------------------------------------
/public_subnet_route_table_association.tf:
--------------------------------------------------------------------------------
1 | resource "aws_route_table_association" "public" {
2 |   subnet_id = "${aws_subnet.public.id}"
3 |   route_table_id = "${aws_route_table.public.id}"
4 | }
5 | 


--------------------------------------------------------------------------------
/s3_bucket.tf:
--------------------------------------------------------------------------------
1 | resource "aws_s3_bucket" "exhibitor" {
2 |   bucket = "netflix-exhibitor-${var.exhibitor_uid}"
3 |   force_destroy = true
4 | 
5 |   lifecycle {
6 |     prevent_destroy = false
7 |   }
8 | }
9 | 


--------------------------------------------------------------------------------
/slave_launch_configuration.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_launch_configuration" "slave" {
 2 |   security_groups = ["${aws_security_group.slave.id}"]
 3 |   image_id = "${lookup(var.coreos_amis, var.aws_region)}"
 4 |   instance_type = "${var.slave_instance_type}"
 5 |   key_name = "${aws_key_pair.dcos.key_name}"
 6 |   user_data = "${data.template_file.slave_user_data.rendered}"
 7 |   associate_public_ip_address = false
 8 | 
 9 |   lifecycle {
10 |     create_before_destroy = false
11 |   }
12 | }
13 | 
14 | data "template_file" "slave_user_data" {
15 |   template = "${file("${path.module}/slave_user_data.yml")}"
16 | 
17 |   vars {
18 |     authentication_enabled      = "${var.authentication_enabled}"
19 |     bootstrap_id                = "${var.bootstrap_id}"
20 |     stack_name                  = "${var.stack_name}"
21 |     aws_region                  = "${var.aws_region}"
22 |     cluster_packages            = "${var.cluster_packages}"
23 |     aws_access_key_id           = "${aws_iam_access_key.host_keys.id}"
24 |     aws_secret_access_key       = "${aws_iam_access_key.host_keys.secret}"
25 |     fallback_dns                = "${var.fallback_dns}"
26 |     internal_master_lb_dns_name = "${aws_elb.internal_master.dns_name}"
27 |     public_lb_dns_name          = "${aws_elb.public_slaves.dns_name}"
28 |     exhibitor_s3_bucket         = "${aws_s3_bucket.exhibitor.id}"
29 |     dcos_base_download_url      = "${var.dcos_base_download_url}"
30 |   }
31 | }
32 | 


--------------------------------------------------------------------------------
/slave_security_group.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_security_group" "slave" {
 2 |   name = "slave-${var.stack_name}"
 3 |   description = "Mesos Slaves"
 4 | 
 5 |   vpc_id = "${aws_vpc.dcos.id}"
 6 | }
 7 | 
 8 | resource "aws_security_group_rule" "slave_egress_all" {
 9 |   security_group_id = "${aws_security_group.slave.id}"
10 | 
11 |   type = "egress"
12 |   from_port = 0
13 |   to_port = 65535
14 |   protocol = "-1"
15 |   cidr_blocks = ["0.0.0.0/0"]
16 | }
17 | 
18 | resource "aws_security_group_rule" "slave_ingress_slave" {
19 |   security_group_id = "${aws_security_group.slave.id}"
20 | 
21 |   type = "ingress"
22 |   from_port = 0
23 |   to_port = 65535
24 |   protocol = "-1"
25 |   self = true
26 | }
27 | 
28 | resource "aws_security_group_rule" "slave_ingress_master" {
29 |   security_group_id = "${aws_security_group.slave.id}"
30 | 
31 |   type = "ingress"
32 |   from_port = 0
33 |   to_port = 65535
34 |   protocol = "-1"
35 |   source_security_group_id = "${aws_security_group.master.id}"
36 | }
37 | 
38 | resource "aws_security_group_rule" "slave_ingress_public_slave" {
39 |   security_group_id = "${aws_security_group.slave.id}"
40 | 
41 |   type = "ingress"
42 |   from_port = 0
43 |   to_port = 65535
44 |   protocol = "-1"
45 |   source_security_group_id = "${aws_security_group.public_slave.id}"
46 | }
47 | 


--------------------------------------------------------------------------------
/slave_server_group.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_autoscaling_group" "slave_server_group" {
 2 |   name = "Slaves-${var.stack_name}"
 3 | 
 4 |   min_size = "${var.slave_instance_count}"
 5 |   max_size = "${var.slave_instance_count}"
 6 |   desired_capacity = "${var.slave_instance_count}"
 7 | 
 8 |   vpc_zone_identifier = ["${aws_subnet.private.id}"]
 9 |   launch_configuration = "${aws_launch_configuration.slave.id}"
10 | 
11 |   tag {
12 |     key = "role"
13 |     value = "mesos-slave"
14 |     propagate_at_launch = true
15 |   }
16 | 
17 |   lifecycle {
18 |     create_before_destroy = false
19 |   }
20 | }
21 | 


--------------------------------------------------------------------------------
/slave_user_data.yml:
--------------------------------------------------------------------------------
  1 | #cloud-config
  2 | "coreos":
  3 |   "units":
  4 |   - "command": |-
  5 |       start
  6 |     "content": |
  7 |       [Unit]
  8 |       Description=AWS Setup: Formats the /var/lib ephemeral drive
  9 |       Before=var-lib.mount dbus.service
 10 |       [Service]
 11 |       Type=oneshot
 12 |       RemainAfterExit=yes
 13 |       ExecStart=/bin/bash -c "(blkid -t TYPE=ext4 | grep xvdb) || (/usr/sbin/mkfs.ext4 -F /dev/xvdb)"
 14 |     "name": |-
 15 |       format-var-lib-ephemeral.service
 16 |   - "command": |-
 17 |       start
 18 |     "content": |
 19 |       [Unit]
 20 |       Description=AWS Setup: Mount /var/lib
 21 |       Before=dbus.service
 22 |       [Mount]
 23 |       What=/dev/xvdb
 24 |       Where=/var/lib
 25 |       Type=ext4
 26 |     "name": |-
 27 |       var-lib.mount
 28 |   - "command": |-
 29 |       stop
 30 |     "mask": !!bool |-
 31 |       true
 32 |     "name": |-
 33 |       etcd.service
 34 |   - "command": |-
 35 |       stop
 36 |     "mask": !!bool |-
 37 |       true
 38 |     "name": |-
 39 |       update-engine.service
 40 |   - "command": |-
 41 |       stop
 42 |     "mask": !!bool |-
 43 |       true
 44 |     "name": |-
 45 |       locksmithd.service
 46 |   - "command": |-
 47 |       stop
 48 |     "name": |-
 49 |       systemd-resolved.service
 50 |   - "command": |-
 51 |       restart
 52 |     "name": |-
 53 |       systemd-journald.service
 54 |   - "command": |-
 55 |       restart
 56 |     "name": |-
 57 |       docker.service
 58 |   - "command": |-
 59 |       start
 60 |     "content": |
 61 |       [Unit]
 62 |       Before=dcos.target
 63 |       [Service]
 64 |       Type=oneshot
 65 |       StandardOutput=journal+console
 66 |       StandardError=journal+console
 67 |       ExecStartPre=/usr/bin/mkdir -p /etc/profile.d
 68 |       ExecStart=/usr/bin/ln -sf /opt/mesosphere/environment.export /etc/profile.d/dcos.sh
 69 |     "name": |-
 70 |       dcos-link-env.service
 71 |   - "content": |
 72 |       [Unit]
 73 |       Description=Pkgpanda: Download DC/OS to this host.
 74 |       After=network-online.target
 75 |       Wants=network-online.target
 76 |       ConditionPathExists=!/opt/mesosphere/
 77 |       [Service]
 78 |       Type=oneshot
 79 |       StandardOutput=journal+console
 80 |       StandardError=journal+console
 81 |       ExecStartPre=/usr/bin/curl --keepalive-time 2 -fLsSv --retry 20 -Y 100000 -y 60 -o /tmp/bootstrap.tar.xz ${dcos_base_download_url}/bootstrap/${bootstrap_id}.bootstrap.tar.xz
 82 |       ExecStartPre=/usr/bin/mkdir -p /opt/mesosphere
 83 |       ExecStart=/usr/bin/tar -axf /tmp/bootstrap.tar.xz -C /opt/mesosphere
 84 |       ExecStartPost=-/usr/bin/rm -f /tmp/bootstrap.tar.xz
 85 |     "name": |-
 86 |       dcos-download.service
 87 |   - "command": |-
 88 |       start
 89 |     "content": |
 90 |       [Unit]
 91 |       Description=Pkgpanda: Specialize DC/OS for this host.
 92 |       Requires=dcos-download.service
 93 |       After=dcos-download.service
 94 |       [Service]
 95 |       Type=oneshot
 96 |       StandardOutput=journal+console
 97 |       StandardError=journal+console
 98 |       EnvironmentFile=/opt/mesosphere/environment
 99 |       ExecStart=/opt/mesosphere/bin/pkgpanda setup --no-block-systemd
100 |       [Install]
101 |       WantedBy=multi-user.target
102 |     "enable": !!bool |-
103 |       true
104 |     "name": |-
105 |       dcos-setup.service
106 |   "update":
107 |     "reboot-strategy": |-
108 |       off
109 | "write_files":
110 | - "content": |
111 |     ${dcos_base_download_url}
112 |   "owner": |-
113 |     root
114 |   "path": |-
115 |     /etc/mesosphere/setup-flags/repository-url
116 |   "permissions": |-
117 |     0644
118 | - "content": |
119 | ${cluster_packages}
120 |   "owner": |-
121 |     root
122 |   "path": |-
123 |     /etc/mesosphere/setup-flags/cluster-packages.json
124 |   "permissions": |-
125 |     0644
126 | - "content": |
127 |     [Journal]
128 |     MaxLevelConsole=warning
129 |     RateLimitInterval=1s
130 |     RateLimitBurst=20000
131 |   "owner": |-
132 |     root
133 |   "path": |-
134 |     /etc/systemd/journald.conf.d/dcos.conf
135 |   "permissions": |-
136 |     0644
137 | - "content": |
138 |     rexray:
139 |       loglevel: info
140 |       modules:
141 |         default-admin:
142 |           host: tcp://127.0.0.1:61003
143 |       storageDrivers:
144 |       - ec2
145 |       volume:
146 |         unmount:
147 |           ignoreusedcount: true
148 |   "path": |-
149 |     /etc/rexray/config.yml
150 |   "permissions": |-
151 |     0644
152 | - "content": |
153 |     MESOS_CLUSTER=${stack_name}
154 |   "path": |-
155 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/mesos-master-provider
156 | - "content": |
157 |     ADMINROUTER_ACTIVATE_AUTH_MODULE=${authentication_enabled}
158 |   "path": |-
159 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/adminrouter.env
160 | - "content": |
161 |     com.netflix.exhibitor.s3.access-key-id=${aws_access_key_id}
162 |     com.netflix.exhibitor.s3.access-secret-key=${aws_secret_access_key}
163 |   "path": |-
164 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/exhibitor.properties
165 | - "content": |
166 |     MASTER_SOURCE=exhibitor_uri
167 |     EXHIBITOR_URI=http://${internal_master_lb_dns_name}:8181/exhibitor/v1/cluster/status
168 |     EXHIBITOR_ADDRESS=${internal_master_lb_dns_name}
169 |     RESOLVERS=${fallback_dns}
170 |   "path": |-
171 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/dns_config
172 | - "content": |
173 |     EXHIBITOR_BACKEND=AWS_S3
174 |     AWS_REGION=${aws_region}
175 |     AWS_S3_BUCKET=${exhibitor_s3_bucket}
176 |     AWS_S3_PREFIX=${stack_name}
177 |   "path": |-
178 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/exhibitor
179 | - "content": |
180 |     {"uiConfiguration":{"plugins":{"banner":{"enabled":false,"backgroundColor":"#1E232F","foregroundColor":"#FFFFFF","headerTitle":null,"headerContent":null,"footerContent":null,"imagePath":null,"dismissible":null},"branding":{"enabled":false},"external-links": {"enabled": false},
181 | 
182 |     "authentication":{"enabled":false},
183 | 
184 |     "oauth":{"enabled":${authentication_enabled},"authHost":"https://dcos.auth0.com"},
185 | 
186 | 
187 |     "tracking":{"enabled":true}}}}
188 |   "path": |-
189 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/ui-config.json
190 | - "content": |
191 |     INTERNAL_MASTER_LB_DNSNAME=${internal_master_lb_dns_name}
192 |     MASTER_LB_DNSNAME=${public_lb_dns_name}
193 |   "path": |-
194 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/etc/aws_dnsnames
195 | - "content": |-
196 |     {}
197 |   "path": |-
198 |     /etc/mesosphere/setup-packages/dcos-provider-aws--setup/pkginfo.json
199 | - "content": ""
200 |   "path": |-
201 |     /etc/mesosphere/roles/slave
202 | - "content": ""
203 |   "path": |-
204 |     /etc/mesosphere/roles/aws
205 | 


--------------------------------------------------------------------------------
/smack/enter_cassandra.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | CASSANDRA_HOST=cassandra-dcos-node.cassandra.dcos.mesos
3 | CASSANDRA_IP=$(nslookup $CASSANDRA_HOST | grep Address | awk '{print $2}' | tail -n 1)
4 | docker run -it zutherb/cassandra-mesos-0.2.0-1 bin/cqlsh $CASSANDRA_IP


--------------------------------------------------------------------------------
/smack/killrweather/app/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM java:openjdk-8-jdk
 2 | 
 3 | ENV SBT_OPTS="-XX:+CMSClassUnloadingEnabled -XX:MaxPermSize=2G -Xmx2048M"
 4 | 
 5 | RUN apt-get update && \
 6 |     apt-get install -y git && \
 7 |     apt-get install curl && \
 8 |     wget -O /tmp/sbt.deb https://bintray.com/artifact/download/sbt/debian/sbt-0.13.0.deb && \
 9 |     dpkg -i /tmp/sbt.deb && \
10 |     git clone https://github.com/killrweather/killrweather.git /opt/killrweather && \
11 |     cd /opt/killrweather && \
12 |     sbt test package && \
13 |     rm -rf /tmp/sbt.deb
14 | 
15 | ADD ingest.sh /opt/killrweather/ingest.sh
16 | ADD client_app.sh /opt/killrweather/client_app.sh
17 | ADD app.sh /opt/killrweather/app.sh
18 | 
19 | WORKDIR /opt/killrweather
20 | 


--------------------------------------------------------------------------------
/smack/killrweather/app/app.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | echo "Parameters are: $@"
3 | echo 2 | sbt -mem 2048 app/run $@
4 | 


--------------------------------------------------------------------------------
/smack/killrweather/app/build.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | docker build -t zutherb/mesos-killrweather-app .


--------------------------------------------------------------------------------
/smack/killrweather/app/client_app.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | echo "Parameters are: $@"
3 | echo 2 | sbt -mem 2048 clients/run $@
4 | 


--------------------------------------------------------------------------------
/smack/killrweather/app/ingest.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | echo "Parameters are: $@"
3 | echo 1 | sbt -mem 2048 clients/run $@
4 | 


--------------------------------------------------------------------------------
/smack/killrweather/data/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM zutherb/cassandra-mesos-0.2.0-1
2 | 
3 | RUN apt-get update && \
4 |     apt-get install -y git && \
5 |     git clone https://github.com/killrweather/killrweather.git /opt/killrweather
6 | 
7 | ADD import_data.sh /opt/killrweather/import_data.sh
8 | 
9 | ENTRYPOINT ["/opt/killrweather/import_data.sh"]


--------------------------------------------------------------------------------
/smack/killrweather/data/build.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | docker build -t zutherb/mesos-killrweather-data .


--------------------------------------------------------------------------------
/smack/killrweather/data/import_data.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | if [ -z "$1" ];
 3 | then
 4 |     echo "**************************************************";
 5 |     echo "please specify hostname:";
 6 |     echo "";
 7 |     echo "cassandra-dcos-node.cassandra.dcos.mesos";
 8 |     echo "";
 9 |     echo "**************************************************";
10 |     exit 1
11 | fi
12 | cd /opt/killrweather/data
13 | /opt/cassandra/bin/cqlsh $1 < create-timeseries.cql
14 | /opt/cassandra/bin/cqlsh $1 < load-timeseries.cql


--------------------------------------------------------------------------------
/smack/mesosphere/cassandra/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM java:openjdk-7u95-jre
 2 | 
 3 | ENV DOWNLOAD_FILENAME apache-cassandra-2.2.5-bin.tar.gz
 4 | 
 5 | RUN apt-get update && \
 6 |     apt-get install -y python && \
 7 |     mkdir -p /opt/cassandra && \
 8 |     wget -O /tmp/$DOWNLOAD_FILENAME http://downloads.mesosphere.com/cassandra-mesos/artifacts/1.0.4-2.2.5/$DOWNLOAD_FILENAME && \
 9 |     tar xvzf /tmp/$DOWNLOAD_FILENAME -C "/tmp" && \
10 |     tar xvzf /tmp/$DOWNLOAD_FILENAME --strip-components=1 -C "/opt/cassandra" && \
11 |     rm -vf /tmp/$DOWNLOAD_FILENAME && \
12 |     rm -vf /tmp/apache-cassandra-2.1.4-bin.tar.gz && \
13 |     rm -vf /tmp/cassandra-mesos-executor.jar && \
14 |     rm -vf /tmp/cassandra-mesos-framework.jar
15 | 
16 | # Expose ports
17 | EXPOSE 7199 7000 7001 9160 9042
18 | 
19 | WORKDIR /opt/cassandra/bin
20 | 
21 | CMD ["/opt/cassandra/bin/cassandra", "-f"]
22 | 


--------------------------------------------------------------------------------
/smack/mesosphere/cassandra/build.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | docker build -t zutherb/cassandra-mesos-1.0.4-2.2.5 .
3 | 


--------------------------------------------------------------------------------
/smack/run_app.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | CASSANDRA_IP=$(nslookup cassandra-dcos-node.cassandra.dcos.mesos | grep Address | awk '{print $2}' | tail -n 1)
3 | ZOOKEEPER_IP=$(nslookup leader.mesos | grep Address | awk '{print $2}' | tail -n 1)
4 | docker run -it zutherb/mesos-killrweather-app ./app.sh -Dspark.cassandra.connection.host=$CASSANDRA_IP -Dkafka.zookeeper.connection=$ZOOKEEPER_IP
5 | 


--------------------------------------------------------------------------------
/smack/run_client_app.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | CASSANDRA_IP=$(nslookup cassandra-dcos-node.cassandra.dcos.mesos | grep Address | awk '{print $2}' | tail -n 1)
3 | KAFKA_IP=$(nslookup broker-0.kafka.mesos | grep Address | awk '{print $2}' | tail -n 1)
4 | ZOOKEEPER_IP=$(nslookup leader.mesos | grep Address | awk '{print $2}' | tail -n 1)
5 | docker run -it zutherb/mesos-killrweather-app ./client_app.sh -Dcassandra.connection.host=$CASSANDRA_IP -Dkafka.hosts.0=$KAFKA_IP:1025
6 | 


--------------------------------------------------------------------------------
/smack/run_ingest.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | CASSANDRA_IP=$(nslookup cassandra-dcos-node.cassandra.dcos.mesos | grep Address | awk '{print $2}' | tail -n 1)
3 | KAFKA_IP=$(nslookup broker-0.kafka.mesos | grep Address | awk '{print $2}' | tail -n 1)
4 | ZOOKEEPER_IP=$(nslookup leader.mesos | grep Address | awk '{print $2}' | tail -n 1)
5 | docker run -it zutherb/mesos-killrweather-app ./ingest.sh -Dcassandra.connection.host=$CASSANDRA_IP -Dkafka.hosts.0=$KAFKA_IP:1025 -Dkafka.zookeeper.connection=$ZOOKEEPER_IP


--------------------------------------------------------------------------------
/smack/show_kafka_topic.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | /usr/local/Cellar/kafka/0.10.0.0/bin/kafka-console-consumer --zookeeper master.mesos:2181/kafka \
3 |                                                            --topic killrweather.raw
4 | 


--------------------------------------------------------------------------------
/terraform.tfvars.template:
--------------------------------------------------------------------------------
1 | aws_access_key="******"
2 | aws_secret_key="******"
3 | aws_region="eu-central-1"
4 | ssh_public_key="ssh-rsa ****** bernd.zuther@codecentric.de"
5 | 
6 | openvpn_admin_user="openvpn"
7 | openvpn_admin_pw="******"
8 | 


--------------------------------------------------------------------------------
/variables.tf:
--------------------------------------------------------------------------------
  1 | variable "aws_access_key" {
  2 |   description = "AWS Access Key"
  3 | }
  4 | 
  5 | variable "aws_secret_key" {
  6 |   description = "AWS Secret Key"
  7 | }
  8 | 
  9 | variable "aws_region" {
 10 |   description = "AWS Region to launch configuration in"
 11 | }
 12 | 
 13 | variable "ssh_public_key" {
 14 |   description = "SSH public key to give SSH access"
 15 | }
 16 | 
 17 | variable "openvpn_admin_user" {
 18 |   description = "Username of the open VPN Admin User"
 19 | }
 20 | 
 21 | variable "openvpn_admin_pw" {
 22 |   description = "Password of the open VPN Admin User"
 23 | }
 24 | 
 25 | variable "exhibitor_uid" {
 26 |   description = "Unique Intentifier"
 27 | }
 28 | 
 29 | ###############################
 30 | ### CONFIGURABLE PARAMETERS ###
 31 | ###############################
 32 | 
 33 | variable "stack_name" {
 34 |   description = "DCOS stack name"
 35 |   default = "DCOS"
 36 | }
 37 | 
 38 | variable "elb_version" {
 39 |   description = "Loadbalancer Version"
 40 |   default = ""
 41 | }
 42 | 
 43 | variable "slave_instance_count" {
 44 |   description = "Number of slave nodes to launch"
 45 |   default = 5
 46 | }
 47 | 
 48 | variable "public_slave_instance_count" {
 49 |   description = "Number of public slave nodes to launch"
 50 |   default = 1
 51 | }
 52 | 
 53 | variable "admin_location" {
 54 |   description = "The IP range to whitelist for admin access. Must be a valid CIDR."
 55 |   default = "0.0.0.0/0"
 56 | }
 57 | 
 58 | ##################
 59 | ### PARAMETERS ###
 60 | ##################
 61 | 
 62 | variable "aws_availability_zones" {
 63 |   description = "AWS Availability zones"
 64 |   default = [
 65 |     "eu-west-1a",
 66 |     "eu-west-1b",
 67 |     "eu-west-1c"
 68 |   ]
 69 | }
 70 | 
 71 | variable "dcos_gateway_instance_type" {
 72 |   description = "Default instance type for masters"
 73 |   default = "m3.medium"
 74 | }
 75 | 
 76 | variable "vpn_instance_type" {
 77 |   description = "Default instance type for masters"
 78 |   default = "m3.medium"
 79 | }
 80 | 
 81 | variable "master_instance_type" {
 82 |   description = "Default instance type for masters"
 83 |   default = "m3.xlarge"
 84 | }
 85 | 
 86 | variable "slave_instance_type" {
 87 |   description = "Default instance type for slaves"
 88 |   default = "m3.xlarge"
 89 | }
 90 | 
 91 | variable "public_slave_instance_type" {
 92 |   description = "Default instance type for public slaves"
 93 |   default = "m3.xlarge"
 94 | }
 95 | 
 96 | variable "vpc_subnet_range" {
 97 |   description = "The IP range of the VPC subnet"
 98 |   default = "10.0.0.0/16"
 99 | }
100 | 
101 | variable "master_instance_count" {
102 |   description = "Amount of requested Masters"
103 |   default = 3
104 |   #when override number of instances please use an other cluster_packages (see below)
105 | }
106 | 
107 | variable "private_subnet_range" {
108 |   description = "Private Subnet IP range"
109 |   default = "10.0.0.0/22"
110 | }
111 | 
112 | variable "public_subnet_range" {
113 |   description = "Public Subnet IP range"
114 |   default = "10.0.4.0/24"
115 | }
116 | 
117 | variable "master_subnet_range" {
118 |   description = "Master Subnet IP range"
119 |   default = "10.0.5.0/24"
120 | }
121 | 
122 | variable "fallback_dns" {
123 |   description = "Fallback DNS IP"
124 |   default = "169.254.169.253"
125 | }
126 | 
127 | variable "coreos_amis" {
128 |   description = "AMI for CoreOS machine"
129 |   default = {
130 |     ap-northeast-1  = "ami-965899f7"
131 |     ap-southeast-1  = "ami-3120fe52"
132 |     ap-southeast-2  = "ami-b1291dd2"
133 |     eu-central-1    = "ami-3ae31555"
134 |     eu-west-1       = "ami-b7cba3c4"
135 |     sa-east-1       = "ami-61e3750d"
136 |     us-east-1       = "ami-6d138f7a"
137 |     us-gov-west-1   = "ami-b712acd6"
138 |     us-west-1       = "ami-ee57148e"
139 |     us-west-2       = "ami-dc6ba3bc"
140 |   }
141 | }
142 | 
143 | variable "nat_amis" {
144 |   description = "AMI for Amazon NAT machine"
145 |   default = {
146 |     ap-northeast-1  = "ami-55c29e54"
147 |     ap-southeast-1  = "ami-b082dae2"
148 |     ap-southeast-2  = "ami-996402a3"
149 |     eu-central-1    = "ami-204c7a3d"
150 |     eu-west-1       = "ami-3760b040"
151 |     sa-east-1       = "ami-b972dba4"
152 |     us-east-1       = "ami-4c9e4b24"
153 |     us-gov-west-1   = "ami-e8ab1489"
154 |     us-west-1       = "ami-2b2b296e"
155 |     us-west-2       = "ami-bb69128b"
156 |   }
157 | }
158 | 
159 | variable "dns_domainnames" {
160 |   description = "DNS Names for regions"
161 |   default = {
162 |     ap-northeast-1  = "compute.internal"
163 |     ap-southeast-1  = "compute.internal"
164 |     ap-southeast-2  = "compute.internal"
165 |     eu-central-1    = "compute.internal"
166 |     eu-west-1       = "compute.internal"
167 |     eu-west-2       = "compute.internal"
168 |     sa-east-1       = "compute.internal"
169 |     us-east-1       = "ec2.internal"
170 |     us-gov-west-1   = "compute.internal"
171 |     us-west-1       = "compute.internal"
172 |     us-west-2       = "compute.internal"
173 |   }
174 | }
175 | 
176 | variable "ubuntu_amis" {
177 |   description = "Ubuntu AMIs for regions"
178 |   default = {
179 |     ap-northeast-1  = "ami-2f4d3148"
180 |     ap-southeast-1  = "ami-f6953e95"
181 |     ap-southeast-2  = "ami-f5717596"
182 |     eu-central-1    = "ami-59ed2136"
183 |     eu-west-1       = "ami-ddfbd1ae"
184 |     sa-east-1       = "ami-4a79e326"
185 |     us-east-1       = "ami-43c92455"
186 |     us-west-1       = "ami-eb94c78b"
187 |     us-west-2       = "ami-e9873a89"
188 |   }
189 | }
190 | 
191 | variable "authentication_enabled" {
192 |   description = "authentication_enabled"
193 |   default = true
194 | }
195 | 
196 | variable "dcos_base_download_url" {
197 |   description = "base url that is used to download the dcos"
198 |   default = "https://downloads.dcos.io/dcos/stable"
199 | }
200 | 
201 | variable "bootstrap_id" {
202 |   description = "bootstrap id that is used to download the bootstrap files"
203 |   default = "5df43052907c021eeb5de145419a3da1898c58a5"
204 | }
205 | 
206 | //variable "cluster_packages" {
207 | //  description = "cluster packages for single master setup"
208 | //  default = <<EOF
209 | //    [
210 | //      "dcos-config--setup_2e94e4f724600dd9c9b3092f28f2b89ad9005673",
211 | //      "dcos-metadata--setup_2e94e4f724600dd9c9b3092f28f2b89ad9005673"
212 | //    ]EOF
213 | //}
214 | 
215 | variable "cluster_packages" {
216 |   description = "cluster packages for multi master setup"
217 |   default = <<EOF
218 |     [
219 |       "dcos-config--setup_3005760370194d0d05886172ae2d3d74c9cfbc89",
220 |       "dcos-metadata--setup_3005760370194d0d05886172ae2d3d74c9cfbc89"
221 |     ]EOF
222 | }
223 | 


--------------------------------------------------------------------------------
/vpc.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_vpc" "dcos" {
 2 |   cidr_block = "${var.vpc_subnet_range}"
 3 |   enable_dns_support = true
 4 |   enable_dns_hostnames = true
 5 | 
 6 |   tags {
 7 |     Name = "${var.stack_name}"
 8 |     Application = "${var.stack_name}"
 9 |     Network = "Public"
10 |   }
11 | }
12 | 


--------------------------------------------------------------------------------
/vpn_gateway.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_instance" "vpn" {
 2 |   vpc_security_group_ids = [
 3 |     "${aws_security_group.admin.id}",
 4 |     "${aws_security_group.vpn.id}",
 5 |     "${aws_security_group.master.id}",
 6 |     "${aws_security_group.slave.id}",
 7 |     "${aws_security_group.public_slave.id}"
 8 |   ]
 9 | 
10 |   subnet_id = "${aws_subnet.public.id}"
11 | 
12 |   ami = "${lookup(var.ubuntu_amis, var.aws_region)}"
13 |   instance_type = "${var.vpn_instance_type}"
14 |   key_name = "${aws_key_pair.dcos.key_name}"
15 |   user_data = "${data.template_file.vpn_user_data.rendered}"
16 |   associate_public_ip_address = true
17 | 
18 |   tags {
19 |     Application = "${var.stack_name}"
20 |     Role = "vpn"
21 |     Name = "vpn"
22 |     sshUser = "ec2-user"
23 |   }
24 | 
25 |   lifecycle {
26 |     create_before_destroy = false
27 |   }
28 | }
29 | 
30 | data "template_file" "vpn_user_data" {
31 |   template = "${file("${path.module}/vpn_user_data.sh")}"
32 | 
33 |   vars {
34 |     admin_user  = "${var.openvpn_admin_user}"
35 |     admin_pw    = "${var.openvpn_admin_pw}"
36 |     vpc_subnet_range    = "${var.vpc_subnet_range}"
37 |     internal_master_lb_dns_name = "${aws_elb.internal_master.dns_name}"
38 |   }
39 | }
40 | 


--------------------------------------------------------------------------------
/vpn_load_balancer.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_elb" "vpn" {
 2 |   name = "vpn-${var.elb_version}-load-balancer"
 3 |   subnets = ["${aws_subnet.public.id}"]
 4 | 
 5 |   instances = ["${aws_instance.vpn.id}"]
 6 | 
 7 |   security_groups = [
 8 |     "${aws_security_group.vpn.id}",
 9 |     "${aws_security_group.admin.id}"
10 |   ]
11 | 
12 |   health_check {
13 |     healthy_threshold = 2
14 |     unhealthy_threshold = 2
15 |     timeout = 5
16 |     target = "tcp:443"
17 |     interval = 30
18 |   }
19 | 
20 |   listener {
21 |     instance_port = 443
22 |     instance_protocol = "tcp"
23 |     lb_port = 443
24 |     lb_protocol = "tcp"
25 |   }
26 | }
27 | 


--------------------------------------------------------------------------------
/vpn_security_group.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_security_group" "vpn" {
 2 |   name = "vpn"
 3 |   description = "Mesos VPN"
 4 | 
 5 |   vpc_id = "${aws_vpc.dcos.id}"
 6 | }
 7 | 
 8 | resource "aws_security_group_rule" "vpn_egress_all" {
 9 |   security_group_id = "${aws_security_group.vpn.id}"
10 | 
11 |   type = "egress"
12 |   from_port = 0
13 |   to_port = 65535
14 |   protocol = "-1"
15 |   cidr_blocks = ["0.0.0.0/0"]
16 | }
17 | 
18 | resource "aws_security_group_rule" "vpn_ingress_443" {
19 |   security_group_id = "${aws_security_group.vpn.id}"
20 | 
21 |   type = "ingress"
22 |   from_port = 443
23 |   to_port = 443
24 |   protocol = "tcp"
25 | 
26 |   self = true
27 | }
28 | 
29 | resource "aws_security_group_rule" "vpn_ingress_943" {
30 |   security_group_id = "${aws_security_group.vpn.id}"
31 | 
32 |   type = "ingress"
33 |   from_port = 943
34 |   to_port = 943
35 |   protocol = "tcp"
36 | 
37 |   self = true
38 | }
39 | 
40 | resource "aws_security_group_rule" "vpn_ingress_1194" {
41 |   security_group_id = "${aws_security_group.vpn.id}"
42 | 
43 |   type = "ingress"
44 |   from_port = 1194
45 |   to_port = 1194
46 |   protocol = "udp"
47 | 
48 |   self = true
49 | }
50 | 
51 | 


--------------------------------------------------------------------------------
/vpn_user_data.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | function init {
  3 |     echo "init instance"
  4 |     export LC_ALL=C.UTF-8
  5 |     export LANG=C.UTF-8
  6 | 
  7 |     echo "export LC_ALL=C.UTF-8" >> ~/.bashrc
  8 |     echo "export LANG=C.UTF-8" >> ~/.bashrc
  9 | 
 10 |     apt-get install -y language-pack-UTF-8
 11 | }
 12 | 
 13 | function install_oracle_java {
 14 |     echo "Installing Oracle Java..."
 15 |     echo "Fetching Oracle Java..."
 16 |     wget --no-cookies \
 17 |          --no-check-certificate \
 18 |          --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" \
 19 |          "http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.tar.gz" \
 20 |          -O /tmp/jdk-8u131-linux-x64.tar.gz
 21 | 
 22 |     if [[ $? != 0 ]]; then
 23 |         echo "Failed during Oracle Java download."
 24 |         exit 1
 25 |     fi
 26 | 
 27 |     echo "Extracting Oracle Java..."
 28 |     tar xzf /tmp/jdk-8u131-linux-x64.tar.gz --directory=/usr/local/
 29 |     if [[ $? != 0 ]]; then
 30 |         echo "Failed during Oracle Java extraction."
 31 |         exit 1
 32 |     fi
 33 | 
 34 |     echo "Updating alternatives..."
 35 |     update-alternatives --install "/usr/bin/java" "java" "/usr/local/jdk1.8.0_131/bin/java" 1
 36 |     update-alternatives --install "/usr/bin/javac" "javac" "/usr/local/jdk1.8.0_131/bin/javac" 1
 37 |     update-alternatives --install "/usr/bin/javaws" "javaws" "/usr/local/jdk1.8.0_131/bin/javaws" 1
 38 |     update-alternatives --set "java" "/usr/local/jdk1.8.0_131/bin/java"
 39 |     update-alternatives --set "javac" "/usr/local/jdk1.8.0_131/bin/javac"
 40 |     update-alternatives --set "javaws" "/usr/local/jdk1.8.0_131/bin/javaws"
 41 | 
 42 |     echo "Exporting JAVA_HOME..."
 43 |     export JAVA_HOME=/usr/local/jdk1.8.0_131/
 44 |     echo "export JAVA_HOME=$JAVA_HOME" >> ~/.bashrc
 45 | }
 46 | 
 47 | function install_openvpnas {
 48 |     echo "Installing OpenVPN Access Server..."
 49 | 
 50 |     wget -O /tmp/openvpn-as-2.0.25-Ubuntu14.amd_64.deb http://swupdate.openvpn.org/as/openvpn-as-2.0.25-Ubuntu14.amd_64.deb
 51 |     if [[ $? != 0 ]]; then
 52 |         echo "Failed during OpenVPN download."
 53 |         exit 1
 54 |     fi
 55 | 
 56 |     dpkg -i /tmp/openvpn-as-2.0.25-Ubuntu14.amd_64.deb
 57 |     if [[ $? != 0 ]]; then
 58 |         echo "Failed during OpenVPN installation."
 59 |         exit 1
 60 |     fi
 61 | 
 62 |     rm -f /tmp/openvpn-as-2.0.25-Ubuntu14.amd_64.deb
 63 | 
 64 |     echo "Restarting OpenVPN...."
 65 |     systemctl daemon-reload
 66 |     systemctl restart openvpnas
 67 | }
 68 | 
 69 | function wait_until_marathon_is_running {
 70 |     until $(curl --output /dev/null --silent --head --fail http://${internal_master_lb_dns_name}:8080/v2/info); do
 71 |         echo "waiting for marathon"
 72 |         sleep 5
 73 |     done
 74 | }
 75 | 
 76 | function export_public_ip {
 77 |     echo "resolve public ip"
 78 |     export PUBLIC_IP=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname)
 79 |     echo "Public IP is: $PUBLIC_IP"
 80 | }
 81 | 
 82 | function export_dns_nameserver {
 83 |     echo "resolve dns server"
 84 |     apt-get install -y jq
 85 | 
 86 |     until [ -n "$DNS_NAMESERVER" ]; do
 87 |         sleep 5
 88 |         echo "waiting until name server is ready"
 89 |         export DNS_NAMESERVER=$(curl -s http://${internal_master_lb_dns_name}:8080/v2/info | jq '.leader' | sed 's/\"//' | sed 's/\:8080"//')
 90 |     done
 91 | 
 92 |     echo "Nameserver is: $DNS_NAMESERVER"
 93 | }
 94 | 
 95 | function install_openvpnas {
 96 |     echo "Install openvpnas"
 97 |     wget -O /tmp/openvpn-as-2.0.25-Ubuntu14.amd_64.deb http://swupdate.openvpn.org/as/openvpn-as-2.0.25-Ubuntu14.amd_64.deb
 98 |     dpkg -i /tmp/openvpn-as-2.0.25-Ubuntu14.amd_64.deb
 99 |     rm -f /tmp/openvpn-as-2.0.25-Ubuntu14.amd_64.deb
100 | 
101 |     service openvpnas restart
102 | }
103 | 
104 | 
105 | function setup_openvpnas {
106 |     echo "Setup openvpnas"
107 |     echo "Add openvpn admin ${admin_user}"
108 |     useradd ${admin_user}
109 |     echo "${admin_user}:${admin_pw}" | chpasswd
110 |     /usr/local/openvpn_as/scripts/sacli -u ${admin_user} -k prop_superuser -v true UserPropPut
111 | 
112 |     /usr/local/openvpn_as/scripts/sacli -u openvpn UserPropDelAll
113 | 
114 |     /usr/local/openvpn_as/scripts/sacli -k vpn.client.routing.reroute_dns -v custom ConfigPut
115 |     /usr/local/openvpn_as/scripts/sacli -k vpn.general.osi_layer -v 3 ConfigPut
116 |     /usr/local/openvpn_as/scripts/sacli -k vpn.server.routing.gateway_access -v true ConfigPut
117 |     /usr/local/openvpn_as/scripts/sacli -k vpn.client.routing.reroute_gw -v false ConfigPut
118 |     /usr/local/openvpn_as/scripts/sacli -k vpn.server.routing.private_network.0 -v ${vpc_subnet_range} ConfigPut
119 | 
120 |     waited_until_marathon_is_running
121 |     export_dns_nameserver
122 |     /usr/local/openvpn_as/scripts/sacli -k vpn.server.dhcp_option.dns.0 -v $DNS_NAMESERVER ConfigPut
123 | 
124 |     export_public_ip
125 |     /usr/local/openvpn_as/scripts/sacli -k host.name -v $PUBLIC_IP ConfigPut
126 | 
127 |     service openvpnas restart
128 | }
129 | 
130 | init
131 | install_oracle_java
132 | install_openvpnas
133 | setup_openvpnas
134 | 


--------------------------------------------------------------------------------
/vpn_user_data.yml:
--------------------------------------------------------------------------------
1 | admin_user=${admin_user}
2 | admin_pw=${admin_pw}


--------------------------------------------------------------------------------