Merge pull request #1232 from deis/aws_vpc

feat(contrib/ec2): launch into vpc

Author: carmstrong

contrib/ec2/README.md

@@ -60,6 +60,25 @@ by adding a new entry to [cloudformation.json](cloudformation.json) like so:
 The only entry in cloudformation.json required to launch your cluster is `KeyPair`,
 which is already filled out. The defaults will be applied for the other settings.
 
+## Choose whether to launch into a VPC
+
+The provision script supports launching into Amazon VPC. You'll need to have already created and
+configured your VPC with at least one subnet and an internet gateway for the nodes.
+
+To launch your cluster into a VPC, export three additional environment variables: ```VPC_ID```,
+```VPC_SUBNETS```, ```VPC_ZONES```. ```VPC_ZONES``` must list the availability zones of the
+subnets in order.
+
+For example, if your VPC has ID ```vpc-a26218bf``` and consists of the subnets ```subnet-04d7f942```
+(which is in ```us-east-1b```) and ```subnet-2b03ab7f``` (which is in ```us-east-1c```) you would
+export:
+
+```
+export VPC_ID=vpc-a26218bf
+export VPC_SUBNETS=subnet-04d7f942,subnet-2b03ab7f
+export VPC_ZONES=us-east-1b,us-east-1c
+```
+
 ## Run the provision script
 Run the [cloudformation provision script][pro-script] to spawn a new CoreOS cluster:
 ```console

contrib/ec2/gen-json.py

@@ -10,4 +10,28 @@
 template['Resources']['CoreOSServerLaunchConfig']['Properties']['UserData']['Fn::Base64']['Fn::Join'] = [ '', lines ]
 template['Parameters']['ClusterSize']['Default'] = str(os.getenv('DEIS_NUM_INSTANCES', 3))
 
+VPC_ID = os.getenv('VPC_ID', None)
+VPC_SUBNETS = os.getenv('VPC_SUBNETS', None)
+VPC_ZONES = os.getenv('VPC_ZONES', None)
+
+if VPC_ID and VPC_SUBNETS and VPC_ZONES:
+  for resource in template['Resources'].keys():
+    resource_type = template['Resources'][resource]['Type']
+    if resource_type == 'AWS::EC2::SecurityGroup':
+      template['Resources'][resource]['Properties']['VpcId'] = VPC_ID
+    elif resource_type == 'AWS::EC2::SecurityGroupIngress':
+      template['Resources'][resource]['Properties']['GroupId'] = template['Resources'][resource]['Properties']['GroupName']
+      del template['Resources'][resource]['Properties']['GroupName']
+      template['Resources'][resource]['Properties']['SourceSecurityGroupId'] = {
+        'Ref': template['Resources'][resource]['Properties']['SourceSecurityGroupId']['Fn::GetAtt'][0]
+      }
+    elif resource_type == 'AWS::AutoScaling::LaunchConfiguration':
+      template['Resources'][resource]['Properties']['AssociatePublicIpAddress'] = False
+    elif resource_type == 'AWS::ElasticLoadBalancing::LoadBalancer':
+      del template['Resources'][resource]['Properties']['AvailabilityZones']
+      template['Resources'][resource]['Properties']['Subnets'] = VPC_SUBNETS.split(',')
+    elif resource_type == 'AWS::AutoScaling::AutoScalingGroup':
+      template['Resources'][resource]['Properties']['VPCZoneIdentifier'] = VPC_SUBNETS.split(',')
+      template['Resources'][resource]['Properties']['AvailabilityZones'] = VPC_ZONES.split(',')
+
 print json.dumps(template)

contrib/ec2/provision-ec2-cluster.sh

@@ -20,6 +20,14 @@ if [ -z "$DEIS_NUM_INSTANCES" ]; then
     DEIS_NUM_INSTANCES=3
 fi
 
+# make sure we have all VPC info
+if [ -n "$VPC_ID" ]; then
+  if [ -z "$VPC_SUBNETS" ] || [ -z "$VPC_ZONES" ]; then
+    echo_red 'To provision Deis in a VPC, you must also specify VPC_SUBNETS and VPC_ZONES.'
+    exit 1
+  fi
+fi
+
 # check that the CoreOS user-data file is valid
 $CONTRIB_DIR/util/check-user-data.sh