fix(contrib/ec2): add custom template

Matthew Fisher · Matthew Fisher · commit 08d6d2408114 · 2014-04-15T12:53:18.000-07:00
While CoreOS's default template is great for setting up a cluster
on CloudFormation, it's missing some custom security group rules
that Deis needs. This custom template is a copy of CoreOS's
template along with a few ports opened, which includes the ports
that the Deis components live on as well as linux's default
ephemeral port range, which docker relies on (as well as any
Deis apps)
diff --git a/contrib/ec2/deis.template b/contrib/ec2/deis.template
@@ -0,0 +1,148 @@
+{
+  "AWSTemplateFormatVersion": "2010-09-09",
+  "Description": "Deis on EC2: http://deis.io/",
+  "Mappings" : {
+      "RegionMap" : {
+          "ap-northeast-1" : {
+              "AMI" : "ami-85265f84"
+          },
+          "sa-east-1" : {
+              "AMI" : "ami-9757f58a"
+          },
+          "ap-southeast-2" : {
+              "AMI" : "ami-815fc7bb"
+          },
+          "ap-southeast-1" : {
+              "AMI" : "ami-b80350ea"
+          },
+          "us-east-1" : {
+              "AMI" : "ami-97617dfe"
+          },
+          "us-west-2" : {
+              "AMI" : "ami-0ccfa43c"
+          },
+          "us-west-1" : {
+              "AMI" : "ami-f8d3eabd"
+          },
+          "eu-west-1" : {
+              "AMI" : "ami-dbdc27ac"
+          }
+      }
+  },
+  "Parameters": {
+    "InstanceType" : {
+      "Description" : "EC2 instance type (m1.small, etc).",
+      "Type" : "String",
+      "Default" : "t1.micro",
+      "AllowedValues" : [ "t1.micro","m1.small","m1.medium","m1.large","m1.xlarge", "m3.xlarge", "m3.2xlarge", "m2.xlarge","m2.2xlarge","m2.4xlarge","c1.medium","c1.xlarge","cc1.4xlarge","cc2.8xlarge","cg1.4xlarge", "hi1.4xlarge", "hs1.8xlarge"],
+      "ConstraintDescription" : "must be a valid EC2 instance type."
+    },
+    "ClusterSize": {
+      "Default": "3",
+      "MinValue": "3",
+      "MaxValue": "12",
+      "Description": "Number of nodes in cluster (3-12).",
+      "Type": "Number"
+    },
+    "DiscoveryURL": {
+      "Description": "An unique etcd cluster discovery URL. Grab a new token from https://discovery.etcd.io/new",
+      "Type": "String"
+    },
+    "AdvertisedIPAddress": {
+      "Description": "Use 'private' if your etcd cluster is within one region or 'public' if it spans regions or cloud providers.",
+      "Default": "private",
+      "AllowedValues": ["private", "public"],
+      "Type": "String"
+    },
+    "AllowSSHFrom": {
+      "Description": "The net block (CIDR) that SSH is available to.",
+      "Default": "0.0.0.0/0",
+      "Type": "String"
+    },
+    "KeyPair" : {
+      "Description" : "The name of an EC2 Key Pair to allow SSH access to the instance.",
+      "Type" : "String"
+    }
+  },
+  "Resources": {
+    "CoreOSSecurityGroup": {
+      "Type": "AWS::EC2::SecurityGroup",
+      "Properties": {
+        "GroupDescription": "CoreOS SecurityGroup",
+        "SecurityGroupIngress": [
+          {"IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": {"Ref": "AllowSSHFrom"}}
+        ]
+      }
+    },
+    "DeisSecurityGroup": {
+      "Type": "AWS::EC2::SecurityGroup",
+      "Properties": {
+        "GroupDescription": "Deis SecurityGroup",
+        "SecurityGroupIngress": [
+          {"IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "CidrIp": "0.0.0.0/0"},
+          {"IpProtocol": "tcp", "FromPort": "514", "ToPort": "514", "CidrIp": "0.0.0.0/0"},
+          {"IpProtocol": "tcp", "FromPort": "2222", "ToPort": "2222", "CidrIp": "0.0.0.0/0"},
+          {"IpProtocol": "tcp", "FromPort": "5000", "ToPort": "5000", "CidrIp": "0.0.0.0/0"},
+          {"IpProtocol": "tcp", "FromPort": "5432", "ToPort": "5432", "CidrIp": "0.0.0.0/0"},
+          {"IpProtocol": "tcp", "FromPort": "6379", "ToPort": "6379", "CidrIp": "0.0.0.0/0"},
+          {"IpProtocol": "tcp", "FromPort": "8000", "ToPort": "8000", "CidrIp": "0.0.0.0/0"},
+          {"IpProtocol": "tcp", "FromPort": "49156", "ToPort": "65535", "CidrIp": "0.0.0.0/0"}
+        ]
+      }
+    },
+    "Ingress4001": {
+      "Type": "AWS::EC2::SecurityGroupIngress",
+      "Properties": {
+        "GroupName": {"Ref": "CoreOSSecurityGroup"}, "IpProtocol": "tcp", "FromPort": "4001", "ToPort": "4001", "SourceSecurityGroupId": {
+          "Fn::GetAtt" : [ "CoreOSSecurityGroup", "GroupId" ]
+        }
+      }
+    },
+    "Ingress7001": {
+      "Type": "AWS::EC2::SecurityGroupIngress",
+      "Properties": {
+        "GroupName": {"Ref": "CoreOSSecurityGroup"}, "IpProtocol": "tcp", "FromPort": "7001", "ToPort": "7001", "SourceSecurityGroupId": {
+          "Fn::GetAtt" : [ "CoreOSSecurityGroup", "GroupId" ]
+        }
+      }
+    },
+    "CoreOSServerAutoScale": {
+      "Type": "AWS::AutoScaling::AutoScalingGroup",
+      "Properties": {
+        "AvailabilityZones": {"Fn::GetAZs": ""},
+        "LaunchConfigurationName": {"Ref": "CoreOSServerLaunchConfig"},
+        "MinSize": "3",
+        "MaxSize": "12",
+        "DesiredCapacity": {"Ref": "ClusterSize"},
+        "Tags": [
+            {"Key": "Name", "Value": { "Ref" : "AWS::StackName" }, "PropagateAtLaunch": true}
+        ]
+      }
+    },
+    "CoreOSServerLaunchConfig": {
+      "Type": "AWS::AutoScaling::LaunchConfiguration",
+      "Properties": {
+        "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},
+        "InstanceType": {"Ref": "InstanceType"},
+        "KeyName": {"Ref": "KeyPair"},
+        "SecurityGroups": [{"Ref": "CoreOSSecurityGroup"}, {"Ref": "DeisSecurityGroup"}],
+        "UserData" : { "Fn::Base64":
+          { "Fn::Join": [ "", [
+            "#cloud-config\n\n",
+            "coreos:\n",
+            "  etcd:\n",
+            "    discovery: ", { "Ref": "DiscoveryURL" }, "\n",
+            "    addr: $", { "Ref": "AdvertisedIPAddress" }, "_ipv4:4001\n",
+            "    peer-addr: $", { "Ref": "AdvertisedIPAddress" }, "_ipv4:7001\n",
+            "  units:\n",
+            "    - name: etcd.service\n",
+            "      command: start\n",
+            "    - name: fleet.service\n",
+            "      command: start\n"
+            ] ]
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/contrib/ec2/provision-ec2-cluster.sh b/contrib/ec2/provision-ec2-cluster.sh
@@ -18,7 +18,7 @@ fi
 
 # create an EC2 cloudformation stack based on CoreOS's default template
 aws cloudformation create-stack \
-    --template-url https://s3.amazonaws.com/coreos.com/dist/aws/coreos-alpha.template \
+    --template-body "$(<deis.template)" \
     --stack-name deis \
     --parameters "$(<cloudformation.json)"
 
