diff --git a/README.md b/README.md index e5c793d..8b01b18 100644 --- a/README.md +++ b/README.md @@ -7,32 +7,20 @@ [![][kong-logo]][website-url] -This CloudFormation template helps you model and set up Kong's resources in AWS easily. +This CloudFormation template helps you model and set up Kong's +resources in AWS easily. -Note: For Kong's version 0.8.x use the tag 3.0.0. +Note: For Kong's 0.10.x and older versions template please +check out the 4.0.0 or older tags. ## Summary You have option to chose between two templates: -### 1) Kong with Cassandra DB(Deprecated) +### 1) Kong with Cassandra DB (you need to bring yours own Cassandra cluster) -Provision Kong resources along with a new [Cassandra cluster](http://cassandra.apache.org/), using The [Datastax Cassandra](http://docs.datastax.com/en/cassandra/2.2/cassandra/install/installAMI.html) AMI in a new VPC or existing VPC. - -| Region | HVM AMIs | PV AMIs | -| ----------------: | ---------------------------------------------------------------------- | ---------------------------------------------------------------------- | -| `us-east-1` | [![Kong Stack launch][stack-badge]][us-east-1-caas-hvm-stack-url] | [![Kong Stack launch][stack-badge]][us-east-1-caas-pv-stack-url] | -| `us-west-1` | [![Kong Stack launch][stack-badge]][us-west-1-caas-hvm-stack-url] | [![Kong Stack launch][stack-badge]][us-west-1-caas-pv-stack-url] | -| `us-west-2` | [![Kong Stack launch][stack-badge]][us-west-2-caas-hvm-stack-url] | [![Kong Stack launch][stack-badge]][us-west-2-caas-pv-stack-url] | -| `eu-west-1` | [![Kong Stack launch][stack-badge]][eu-west-1-caas-hvm-stack-url] | [![Kong Stack launch][stack-badge]][eu-west-1-caas-pv-stack-url] | -| `ap-northeast-1` | [![Kong Stack launch][stack-badge]][ap-northeast-1-caas-hvm-stack-url] | [![Kong Stack launch][stack-badge]][ap-northeast-1-caas-pv-stack-url] | -| `ap-southeast-1` | [![Kong Stack launch][stack-badge]][ap-southeast-1-caas-hvm-stack-url] | [![Kong Stack launch][stack-badge]][ap-southeast-1-caas-pv-stack-url] | -| `ap-southeast-2` | [![Kong Stack launch][stack-badge]][ap-southeast-2-caas-hvm-stack-url] | [![Kong Stack launch][stack-badge]][ap-southeast-2-caas-pv-stack-url] | -| `sa-east-1` | [![Kong Stack launch][stack-badge]][sa-east-1-caas-hvm-stack-url] | [![Kong Stack launch][stack-badge]][sa-east-1-caas-pv-stack-url] | - -### 2) Kong without Cassandra DB (you need to bring yours) - -Provisions Kong resources with user provided Cassandra seed nodes in a new VPC or existing VPC. +Provisions Kong resources with user provided Cassandra seed nodes +in a new VPC or existing VPC. | Region | HVM AMIs | PV AMIs | | ----------------: | ------------------------------------------------------------------ | ---------------------------------------------------------------- | @@ -45,9 +33,10 @@ Provisions Kong resources with user provided Cassandra seed nodes in a new VPC o | `ap-southeast-2` | [![Kong Stack launch][stack-badge]][ap-southeast-2-hvm-stack-url] | [![Kong Stack launch][stack-badge]][ap-southeast-2-pv-stack-url] | | `sa-east-1` | [![Kong Stack launch][stack-badge]][sa-east-1-hvm-stack-url] | [![Kong Stack launch][stack-badge]][sa-east-1-pv-stack-url] | -### 3) Kong with Postgres DB +### 2) Kong with Postgres DB -Provisions Kong resources with user provided Cassandra seed nodes in a new VPC or existing VPC. +Provisions Kong resources with user provided Cassandra seed nodes +in a new VPC or existing VPC. | Region | HVM AMIs | PV AMIs | | ----------------: | ------------------------------------------------------------------ | ---------------------------------------------------------------- | @@ -63,7 +52,8 @@ Provisions Kong resources with user provided Cassandra seed nodes in a new VPC o ### Parameters -Recommended usage: use this cloud formation as basis for your own, adjust the variables and template to better suite your needs. +Recommended usage: use this cloud formation as basis for your +own, adjust the variables and template to better suite your needs. #### Cassandra @@ -76,7 +66,9 @@ Provisions Kong resources with user provided Cassandra seed nodes in a new VPC o | `KongFleetMaxSize` | `2` | Max Number of Kong instances *(Min: `1`)* | | `KongFleetDesiredSize` | `2` | Desired Number of Kong instances *(Min: `1`)* | | `KongInstanceType` | `c3.2xlarge` | EC2 instance type for Kong. Note: T2 instance is not supported on the EC2-Classic platform | -| `KongVersion` | `-` | Kong version to be deployed | +| `KongVersion` | `-` | Kong version to be deployed. Leave it blank to install latest version. | +| `KongMigration ` | `true` | Select `false` to not run the Kong migrations while Kong starts | +| `KongConfigs` | `` | Comma separated Kong configurations in KONG_=Val format | | `CassandraKeyName` | `-` | Existing EC2 KeyPair to enable SSH access to the instances for Cassandra | | `CassandraFleetSize` | `1` | Number of nodes in cluster. *(Min: `1`)* | | `CassandraInstanceType` | `c3.2xlarge` | EC2 instance type for Cassandra | @@ -103,7 +95,9 @@ Provisions Kong resources with user provided Cassandra seed nodes in a new VPC o | `KongFleetMaxSize` | `2` | Max Number of Kong instances *(Min: `1`)* | | `KongFleetDesiredSize` | `2` | Desired Number of Kong instances *(Min: `1`)* | | `KongInstanceType` | `c3.2xlarge` | EC2 instance type for Kong. Note: T2 instance is not supported on the EC2-Classic platform | -| `KongVersion` | `-` | Kong version to be deployed | +| `KongVersion` | `-` | Kong version to be deployed. Leave it blank to install latest version. | +| `KongMigration ` | `true` | Select `false` to not run the Kong migrations when Kong starts | +| `KongConfigs` | `` | Comma separated Kong configurations in KONG_=Val format | | `DBName` | `Kong` | Database name | | `DBHost` | `-` | The database host dns/ip address, leave blank to start a new RDS instance | | `DBPort` | `5432` | The database port, leave blank to start a new RDS instance | @@ -111,7 +105,7 @@ Provisions Kong resources with user provided Cassandra seed nodes in a new VPC o | `DBPassword` | `changeit` | The database admin account password | | `DBClass` | `db.m1.large` | Database instance class | | `DBPublicAccess` | `false` | Database public access | -| `DBVersion` | `9.4.7` | Postgres version | +| `DBVersion` | `9.4.7` | Postgres version | | `DBAllocatedStorage` | `5` | The size of the database (Gb) | | `DBSnapshotIdentifier` | `-` | The RDS snapshot name to restore to the new DB instance. | | `VpcId` | `-` | Optional- VPC Id of existing VPC. Leave blank to have a new VPC created | @@ -161,13 +155,13 @@ Provisions Kong resources with user provided Cassandra seed nodes in a new VPC o #### SSL Support -You can install SSL Certificate on the Kong Load Balancer or use the SSL plugin on Kong to enable HTTPS support. +You can install SSL Certificate on the Kong Load Balancer. -##### 1) [SSL Certificate for Kong Load Balancer](http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html) +##### [SSL Certificate for Kong Load Balancer](http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html) 1. Obtain the Kong Load Balancer `id` from the *"Resources tab"*. 2. Find the matching Kong Load Balancer instance. -3. Edit Listeners from the bottom pane, click Add. +3. Edit Listeners from the bottom pane, click Add. 4. In the Load Balancer Protocol column, select HTTPS (Secure HTTP). This updates the Load Balancer Port, Instance Protocol, and Instance Port columns. In the Instance Protocol column, select HTTP and update the Instance port to 8000. 5. By default, Elastic Load Balancing selects the current predefined security policy, ELBSecurityPolicy-2015-05, for your HTTPS/SSL listener. This is the recommended setting. 6. In the SSL Certificate column, click Change, and then you either upload a new certificate or choose an existing Certificate. @@ -178,15 +172,6 @@ You can install SSL Certificate on the Kong Load Balancer or use the SSL plugin 11. Click Edit. 12. Add Load Balancer Port for the HTTPS to the list and save. -##### 2) [Using Kong SSL Plugin](https://getkong.org/plugins/ssl/) - -1. SSH on each Kong node, upload the Certificate. -2. Update Kong node Security Group to open TCP port 8443. -3. Add HTTPS listener on Kong Load Balancer forwarding request to 8443 Instance port. -4. Open HTTPS listener port in Kong Load Balancer security group. -5. Enable the Kong [SSL plugin](https://getkong.org/plugins/ssl/). - - #### Important Note 1. The security configuration on the templates opens up all externally accessible ports to incoming traffic from any IP address if default is chosen *(`0.0.0.0/0`)* @@ -210,24 +195,6 @@ Support, Demo, Training, API Certifications and Consulting available at http://g [mailing-list-url]: https://groups.google.com/forum/#!forum/konglayer -[us-east-1-caas-hvm-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=kong-elb-cassandra-hvm&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-new-vpc-optional-hvm.template -[us-west-1-caas-hvm-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=us-west-1#/stacks/new?stackName=kong-elb-cassandra-hvm&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-new-vpc-optional-hvm.template -[us-west-2-caas-hvm-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/new?stackName=kong-elb-cassandra-hvm&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-new-vpc-optional-hvm.template -[eu-west-1-caas-hvm-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/new?stackName=kong-elb-cassandra-hvm&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-new-vpc-optional-hvm.template -[ap-northeast-1-caas-hvm-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=ap-northeast-1#/stacks/new?stackName=kong-elb-cassandra-hvm&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-new-vpc-optional-hvm.template -[ap-southeast-1-caas-hvm-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-1#/stacks/new?stackName=kong-elb-cassandra-hvm&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-new-vpc-optional-hvm.template -[ap-southeast-2-caas-hvm-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks/new?stackName=kong-elb-cassandra-hvm&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-new-vpc-optional-hvm.template -[sa-east-1-caas-hvm-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=sa-east-1#/stacks/new?stackName=kong-elb-cassandra-hvm&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-new-vpc-optional-hvm.template - -[us-east-1-caas-pv-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=kong-elb-cassandra-pv&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-new-vpc-optional-pv.template -[us-west-1-caas-pv-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=us-west-1#/stacks/new?stackName=kong-elb-cassandra-pv&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-new-vpc-optional-pv.template -[us-west-2-caas-pv-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/new?stackName=kong-elb-cassandra-pv&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-new-vpc-optional-pv.template -[eu-west-1-caas-pv-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/new?stackName=kong-elb-cassandra-pv&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-new-vpc-optional-pv.template -[ap-northeast-1-caas-pv-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=ap-northeast-1#/stacks/new?stackName=kong-elb-cassandra-pv&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-new-vpc-optional-pv.template -[ap-southeast-1-caas-pv-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-1#/stacks/new?stackName=kong-elb-cassandra-pv&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-new-vpc-optional-pv.template -[ap-southeast-2-caas-pv-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks/new?stackName=kong-elb-cassandra-pv&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-new-vpc-optional-pv.template -[sa-east-1-caas-pv-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=sa-east-1#/stacks/new?stackName=kong-elb-cassandra-pv&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-new-vpc-optional-pv.template - [us-east-1-hvm-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=kong-elb-hvm&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-user-vpc-optional-hvm.template [us-west-1-hvm-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=us-west-1#/stacks/new?stackName=kong-elb-hvm&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-user-vpc-optional-hvm.template [us-west-2-hvm-stack-url]: https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/new?stackName=kong-elb-hvm&templateURL=https:%2F%2Fs3.amazonaws.com%2Fkong-cf-templates%2Flatest%2Fkong-elb-cassandra-user-vpc-optional-hvm.template diff --git a/templates/kong-elb-cassandra-new-vpc-optional-hvm.template b/templates/kong-elb-cassandra-new-vpc-optional-hvm.template deleted file mode 100644 index 73355ed..0000000 --- a/templates/kong-elb-cassandra-new-vpc-optional-hvm.template +++ /dev/null @@ -1,799 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Kong CloudFormation template.Template creates load balanced Kong instances with Cassandra cluster in new VPC or user provided VPC", - "Parameters": { - "VpcId" : { - "Type" : "String", - "Description" : "Optional - VPC Id of existing VPC. Leave blank to have a new VPC created", - "Default" : "", - "AllowedPattern" : "^(?:vpc-[0-9a-f]{8}|)$", - "ConstraintDescription" : "VPC ID must begin with 'vpc-' or leave blank to have a new VPC created" - }, - "SubnetId1" : { - "Type" : "String", - "Description" : "Conditional- required if VpcId provided. Existing VPC Subnet Id 1 where ECS instances will run", - "Default" : "" - }, - "SubnetId2" : { - "Type" : "String", - "Description" : "Conditional- required if VpcId provided. Existing VPC Subnet 2 Id where ECS instances will run", - "Default" : "" - }, - "Subnet1AZ" : { - "Type" : "String", - "Description" : "Conditional- required if VpcId provided or if *-1a AZ not supported by account. Existing VPC Subnet 1 AvailabilityZone", - "Default" : "" - }, - "Subnet2AZ" : { - "Type" : "String", - "Description" : "Conditional- required if either VpcId or Subnet1AZ provided or *-1b AZ not supported by account. Existing VPC Subnet 2 AvailabilityZone", - "Default" : "" - }, - "CassandraKeyName": { - "Description": "Required- Name of an existing EC2 KeyPair to enable SSH access to the instances for Cassandra", - "Type": "AWS::EC2::KeyPair::KeyName", - "Default": "" - }, - "CassandraFleetSize": { - "Description": "Number of nodes in cassandra cluster", - "Type": "Number", - "Default": "1", - "MinValue": "1" - }, - "SSHLocation": { - "Description": "The IP address range that can be used to SSH to the Kong and Cassandra EC2 instances", - "Type": "String", - "MinLength": "9", - "MaxLength": "18", - "Default": "0.0.0.0\/0", - "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\/(\\d{1,2})", - "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x\/x." - }, - "CassandraOpsCenterAccess": { - "Description": "The IP address range that can access OpsCenter for Cassandra cluster management", - "Type": "String", - "MinLength": "9", - "MaxLength": "18", - "Default": "0.0.0.0\/0", - "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\/(\\d{1,2})", - "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x\/x." - }, - "KongProxyAccess": { - "Description": "The IP address range that can be used to access the Kong proxy port 8000", - "Type": "String", - "MinLength": "9", - "MaxLength": "18", - "Default": "0.0.0.0\/0", - "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\/(\\d{1,2})", - "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x\/x." - }, - "KongAdminAccess": { - "Description": "The IP address range that can be used to access the Kong Admin port 8001", - "Type": "String", - "MinLength": "9", - "MaxLength": "18", - "Default": "0.0.0.0\/0", - "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\/(\\d{1,2})", - "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x\/x." - }, - "KongKeyName": { - "Description": "Required- Name of an existing EC2 KeyPair to enable SSH access to the instances for Kong", - "Type": "AWS::EC2::KeyPair::KeyName", - "Default": "" - }, - "KongFleetMaxSize": { - "Description": "Max Number of Kong instances", - "Type": "Number", - "Default": "2", - "MinValue": "1" - }, - "KongFleetDesiredSize": { - "Description": "Desired Number of Kong instances", - "Type": "Number", - "Default": "2", - "MinValue": "1" - }, - "KongInstanceType": { - "Description": "Kong EC2 instance type. Note: T2 instance is not supported on the EC2-Classic platform", - "Type": "String", - "Default": "c3.2xlarge", - "AllowedValues": [ - "t2.small", - "t2.micro", - "t2.medium", - "t2.large", - "m3.medium", - "m3.large", - "m3.xlarge", - "m3.2xlarge", - "m4.large", - "m4.xlarge", - "m4.2xlarge", - "m4.4xlarge", - "m4.10xlarge", - "c3.large", - "c3.xlarge", - "c3.2xlarge", - "c3.4xlarge", - "c3.8xlarge", - "c4.large", - "c4.xlarge", - "c4.xlarge", - "c4.2xlarge", - "c4.4xlarge", - "c4.8xlarge", - "r3.large", - "r3.xlarge", - "r3.2xlarge", - "r3.4xlarge", - "r3.8xlarge" - ], - "ConstraintDescription": "must be a valid EC2 instance type." - }, - "CassandraInstanceType": { - "Description": "Cassandra EC2 instance type", - "Type": "String", - "Default": "c3.2xlarge", - "AllowedValues": [ - "m3.medium", - "m3.large", - "m3.xlarge", - "m3.2xlarge", - "c3.large", - "c3.xlarge", - "c3.2xlarge", - "c3.4xlarge", - "c3.8xlarge", - "cc2.8xlarge", - "cc1.4xlarge", - "g2.2xlarge", - "g2.8xlarge", - "cg1.4xlarge", - "r3.large", - "r3.xlarge", - "r3.2xlarge", - "r3.4xlarge", - "r3.8xlarge", - "d2.xlarge", - "d2.2xlarge", - "d2.4xlarge", - "d2.8xlarge", - "i2.xlarge", - "i2.2xlarge" - ], - "ConstraintDescription": "must be a valid EC2 instance type." - }, - "CassandraClusterName": { - "Default": "Cassandra Cluster", - "Description": "Cassandra cluster name", - "Type": "String" - }, - "CassandraClusterVersion": { - "Description": "Cassandra cluster version", - "Type": "String", - "Default": "Community", - "AllowedValues": [ - "Community", - "Enterprise" - ] - }, - "CassandraVersion": { - "Description": "Cassandra version", - "Type": "String", - "Default": "2.2.7", - "AllowedValues": [ - "2.2.7", - "2.2.4", - "2.2.3", - "2.2.0" - ] - }, - "KongVersion": { - "Description": "Kong version (Only 0.9.x and above supported)", - "Type": "String", - "Default": "0.10.3", - "AllowedValues": [ - "0.10.3", - "0.10.2", - "0.10.1", - "0.10.0", - "0.9.9", - "0.9.8", - "0.9.7", - "0.9.6", - "0.9.5", - "0.9.4", - "0.9.3", - "0.9.2", - "0.9.1", - "0.9.0" - ] - } - }, - "Mappings": { - "RegionKongAmiMap": { - "us-east-1": { - "HVM": "ami-1ecae776" - }, - "us-west-1": { - "HVM": "ami-d114f295" - }, - "us-west-2": { - "HVM": "ami-e7527ed7" - }, - "eu-west-1" : { - "HVM": "ami-a10897d6" - }, - "ap-northeast-1" : { - "HVM": "ami-cbf90ecb" - }, - "ap-southeast-1" : { - "HVM": "ami-68d8e93a" - }, - "ap-southeast-2" : { - "HVM": "ami-fd9cecc7" - }, - "sa-east-1" : { - "HVM" : "ami-b52890a8" - } - }, - "RegionCassAmiMap": { - "us-east-1": { - "HVM": "ami-711ca91a" - }, - "us-west-1": { - "HVM": "ami-17728c53" - }, - "us-west-2": { - "HVM": "ami-8b392cbb" - }, - "eu-west-1" : { - "HVM": "ami-72520e05" - }, - "ap-northeast-1" : { - "HVM": "ami-580eb458" - }, - "ap-southeast-1" : { - "HVM": "ami-a43836f6" - }, - "ap-southeast-2" : { - "HVM": "ami-df0042e5" - }, - "sa-east-1" : { - "HVM": "ami-43971f5e" - } - } - }, - "Conditions" : { - "CreateVpcResources" : { "Fn::Equals" : [ { "Ref" : "VpcId" }, "" ] }, - "ExistingVpcResources" : { "Fn::Not" : [ { "Fn::Equals" : [ { "Ref" : "VpcId" }, "" ] } ] }, - "UseAZParameter": { "Fn::Not" : [ {"Fn::And" : [ { "Fn::Equals" : [ { "Ref" : "Subnet1AZ" }, "" ]} , { "Fn::Equals" : [ { "Ref" : "Subnet1AZ" }, "" ] } ] } ] } - }, - "Resources": { - "VPC" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::VPC", - "Properties" : { - "CidrBlock" : "10.0.0.0/16", - "EnableDnsSupport" : "true", - "EnableDnsHostnames" : "true", - "Tags" : [ - { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }, - { "Key" : "Network", "Value" : "Public" } - ] - } - }, - "PublicSubnet1" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::Subnet", - "Properties" : { - "VpcId" : { "Ref" : "VPC" }, - "CidrBlock" : "10.0.0.0/23", - "AvailabilityZone" : { "Fn::If" : [ "UseAZParameter", { "Ref" : "Subnet1AZ" }, { "Fn::Select" : [ "0", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } } ] } ] }, - "Tags" : [ - { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }, - { "Key" : "Network", "Value" : "Public" } - ] - } - }, - "PublicSubnet2" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::Subnet", - "Properties" : { - "VpcId" : { "Ref" : "VPC" }, - "CidrBlock" : "10.0.4.0/23", - "AvailabilityZone" : { "Fn::Select" : [ "1", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } } ] }, - "AvailabilityZone" : { "Fn::If" : [ "UseAZParameter", { "Ref" : "Subnet2AZ" }, { "Fn::Select" : [ "1", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } } ] } ] }, - "Tags" : [ - { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }, - { "Key" : "Network", "Value" : "Public" } - ] - } - }, - "InternetGateway" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::InternetGateway", - "Properties" : { - "Tags" : [ - { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }, - { "Key" : "Network", "Value" : "Public" } - ] - } - }, - "AttachGateway" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::VPCGatewayAttachment", - "Properties" : { - "VpcId" : { "Ref" : "VPC" }, - "InternetGatewayId" : { "Ref" : "InternetGateway" } - } - }, - "PublicRouteTable" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::RouteTable", - "Properties" : { - "VpcId" : {"Ref" : "VPC"}, - "Tags" : [ - { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }, - { "Key" : "Network", "Value" : "Public" } - ] - } - }, - "PublicRoute" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::Route", - "DependsOn" : "AttachGateway", - "Properties" : { - "RouteTableId" : { "Ref" : "PublicRouteTable" }, - "DestinationCidrBlock" : "0.0.0.0/0", - "GatewayId" : { "Ref" : "InternetGateway" } - } - }, - "PublicSubnet1RouteTableAssociation" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::SubnetRouteTableAssociation", - "Properties" : { - "SubnetId" : { "Ref" : "PublicSubnet1" }, - "RouteTableId" : { "Ref" : "PublicRouteTable" } - } - }, - "PublicSubnet2RouteTableAssociation" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::SubnetRouteTableAssociation", - "Properties" : { - "SubnetId" : { "Ref" : "PublicSubnet2" }, - "RouteTableId" : { "Ref" : "PublicRouteTable" } - } - }, - "KongLoadBalancerNewVPC": { - "Condition" : "CreateVpcResources", - "Type": "AWS::ElasticLoadBalancing::LoadBalancer", - "Properties": { - "SecurityGroups" : [ { "Ref" : "LoadBalancerSecurityGroup" } ], - "Subnets" : [ { "Ref" : "PublicSubnet1" }, { "Ref" : "PublicSubnet2" } ], - "CrossZone" : "true", - "Listeners": [ - { - "LoadBalancerPort": "8000", - "InstancePort": "8000", - "Protocol": "HTTP" - }, - { - "LoadBalancerPort": "8001", - "InstancePort": "8001", - "Protocol": "HTTP" - } - ], - "HealthCheck": { - "Target": "TCP:8000", - "HealthyThreshold": "3", - "UnhealthyThreshold": "5", - "Interval" : "90", - "Timeout" : "60" - } - } - }, - "KongLoadBalancerExistingVPC": { - "Condition" : "ExistingVpcResources", - "Type": "AWS::ElasticLoadBalancing::LoadBalancer", - "Properties": { - "SecurityGroups" : [ { "Ref" : "LoadBalancerSecurityGroup" } ], - "Subnets" : [ - { "Ref" : "SubnetId1" }, { "Ref" : "SubnetId2" } - ], - "CrossZone" : "true", - "Listeners": [ - { - "LoadBalancerPort": "8000", - "InstancePort": "8000", - "Protocol": "HTTP" - }, - { - "LoadBalancerPort": "8001", - "InstancePort": "8001", - "Protocol": "HTTP" - } - ], - "HealthCheck": { - "Target": "TCP:8000", - "HealthyThreshold": "3", - "UnhealthyThreshold": "5", - "Interval" : "90", - "Timeout" : "60" - } - } - }, - "LoadBalancerSecurityGroup" : { - "Type" : "AWS::EC2::SecurityGroup", - "Properties" : { - "GroupDescription" : "Enable HTTP access on port 8000 and 8001", - "VpcId" : { "Fn::If" : [ "CreateVpcResources", { "Ref" : "VPC" }, { "Ref" : "VpcId" } ] }, - "SecurityGroupIngress" : [ - { "IpProtocol" : "tcp", "FromPort" : "8000", "ToPort" : "8000", "CidrIp" : { "Ref" : "KongProxyAccess" } }, - { "IpProtocol" : "tcp", "FromPort" : "8001", "ToPort" : "8001", "CidrIp" : { "Ref" : "KongAdminAccess" } } - ], - "SecurityGroupEgress" : [ - { "IpProtocol" : "tcp", "FromPort" : "1", "ToPort" : "65535", "CidrIp" : "0.0.0.0/0" } - ] - } - }, - - "KongScalingGroup": { - "Type": "AWS::AutoScaling::AutoScalingGroup", - "CreationPolicy": { - "ResourceSignal": { - "Count" : { "Ref" : "KongFleetDesiredSize" }, - "Timeout": "PT15M" - } - }, - "Properties": { - "AvailabilityZones" : { "Fn::If" : [ "CreateVpcResources", [{ "Fn::GetAtt" : [ "PublicSubnet1", "AvailabilityZone" ] }, { "Fn::GetAtt" : [ "PublicSubnet2", "AvailabilityZone" ] }], [{ "Ref" : "Subnet1AZ" }, { "Ref" : "Subnet2AZ" }]]}, - "VPCZoneIdentifier" : { "Fn::If" : [ "CreateVpcResources", [ { "Fn::Join" : [",", [ { "Ref" : "PublicSubnet1" }, { "Ref" : "PublicSubnet2" } ] ] } ], [{ "Ref" : "SubnetId1" }, { "Ref" : "SubnetId2" }] ] }, - "LaunchConfigurationName": { - "Ref": "KongLaunchConfig" - }, - "MinSize": "1", - "MaxSize": { - "Ref": "KongFleetMaxSize" - }, - "DesiredCapacity": { - "Ref": "KongFleetDesiredSize" - }, - "LoadBalancerNames": [ - { "Fn::If" : [ "CreateVpcResources", {"Ref" : "KongLoadBalancerNewVPC"}, {"Ref" : "KongLoadBalancerExistingVPC"} ]} - ], - "Tags" : [ - { "Key" : "Name", "Value" : { "Ref" : "AWS::StackId" }, "PropagateAtLaunch" : "true" } - ] - } - }, - "KongLaunchConfig": { - "Type": "AWS::AutoScaling::LaunchConfiguration", - "Properties": { - "AssociatePublicIpAddress" : true, - "ImageId": { - "Fn::FindInMap": [ - "RegionKongAmiMap", - { - "Ref": "AWS::Region" - }, - "HVM" - ] - }, - "InstanceType": { - "Ref": "KongInstanceType" - }, - "KeyName": { - "Ref": "KongKeyName" - }, - "SecurityGroups": [ - { - "Ref": "KongSecurityGroup" - } - ], - "UserData": { - "Fn::Base64": { - "Fn::Join": [ - "", - [ - "#!\/bin\/bash\n", - "yum update -y aws-cfn-bootstrap\n", - "echo '* soft nofile 65000' >> \/etc\/security\/limits.conf\n", - "echo '* hard nofile 65000' >> \/etc\/security\/limits.conf\n", - "kong_version=",{ "Ref" : "KongVersion" }, "\n", - "wget -O kong.rpm https://github.com/Mashape/kong/releases/download/$kong_version/kong-$kong_version.aws.rpm\n", - "if [ -e \".\/kong.rpm\" ]\n", - "then\n", - " echo \"Installing Kong...\" \n", - "else\n", - " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Failed to download Kong\" \n", - " echo \"failed to download kong, exiting...\" \n", - " exit\n", - "fi\n", - "yum install -y epel-release\n", - "yum install -y kong.rpm --nogpgcheck\n", - "echo \"database: cassandra\" >> hosts\n", - "echo \"cassandra:\" >> hosts\n", - "echo \" contact_points:\" >> hosts\n", - "cassandra_hosts=", { "Fn::GetAtt": [ "CassandraWaitCondition", "Data" ] }, "\n", - "cassandra_hosts=$(echo $cassandra_hosts | awk -F\"{\" '{print $2}')\n", - "cassandra_hosts=$(echo $cassandra_hosts | awk -F\"}\" '{print $1}')\n", - "IFS=', ' read -a host_array <<< \"$cassandra_hosts\"\n", - "for i in \"${host_array[@]}\"\n", - "do\n", - " hostName=$(echo $i | awk -F\":\" '{print $1}')\n", - " KONG_CASSANDRA_CONTACT_POINTS+=\"$hostName,\" \n", - "done;\n", - "KONG_CASSANDRA_CONTACT_POINTS=${KONG_CASSANDRA_CONTACT_POINTS:0:${#KONG_CASSANDRA_CONTACT_POINTS}-1}\n", - "echo \"$KONG_CASSANDRA_CONTACT_POINTS\"\n", - "export KONG_DATABASE=cassandra\n", - "export KONG_CASSANDRA_CONTACT_POINTS\n", - "export KONG_SERF_PATH=\/usr\/local\/bin\/serf\n", - "sleep `echo $(( RANDOM % ( 200 - 100 + 1 ) + 50))`\n", - "COUNTER=0\n", - "while [ $COUNTER -lt 4 ]; do\n", - " /usr/local/bin/kong health\n", - " if [[ $? -ne 0 ]]; then\n", - " echo \"trying to start kong..\"\n", - " su -s \/bin\/sh -c \"\/usr\/local\/bin\/kong start\" ec2-user\n", - " let COUNTER=COUNTER+1\n", - " sleep `echo $(( RANDOM % ( 120 - 30 + 1 ) + 30 ))`\n", - " else\n", - " /opt/aws/bin/cfn-signal -e 0 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Kong setup completed\" \n", - " break \n", - " fi\n", - "done\n", - "if ! /usr/local/bin/kong health; then\n", - " echo \"failed to start kong, exiting...\" \n", - " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Failed to start Kong\" \n", - "fi\n" - ] - ] - } - } - } - }, - "KongSecurityGroup": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Enable SSH access and HTTP access on the inbound port", - "VpcId" : { "Fn::If" : [ "CreateVpcResources", { "Ref" : "VPC" }, { "Ref" : "VpcId" } ] }, - "SecurityGroupIngress": [ - { "IpProtocol" : "tcp", "FromPort" : "8000", "ToPort" : "8001", "SourceSecurityGroupId" : { "Ref" : "LoadBalancerSecurityGroup" } }, - { "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "SSHLocation" } } - ], - "SecurityGroupEgress" : [ - { "IpProtocol" : "tcp", "FromPort" : "1", "ToPort" : "65535", "CidrIp" : "0.0.0.0/0" } - ] - } - }, - "IngressUDP7946": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - }, - "IpProtocol": "udp", "FromPort": "7946", "ToPort": "7946", - "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - } - } - }, - "Ingress7946": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "7946", "ToPort": "7946", - "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - } - } - }, - "CassandraWaitHandle" : { - "Type" : "AWS::CloudFormation::WaitConditionHandle" - }, - "CassandraWaitCondition" : { - "Type" : "AWS::CloudFormation::WaitCondition", - "DependsOn" : "CassandraGroup", - "Properties" : { - "Handle" : { "Ref" : "CassandraWaitHandle" }, - "Timeout" : "900", - "Count" : { "Ref" : "CassandraFleetSize" } - } - }, - "CassandraGroup": { - "Type": "AWS::AutoScaling::AutoScalingGroup", - "Properties": { - "AvailabilityZones" : { "Fn::If" : [ "CreateVpcResources", [{ "Fn::GetAtt" : [ "PublicSubnet1", "AvailabilityZone" ] }], [{ "Ref" : "Subnet1AZ" }]]}, - "VPCZoneIdentifier" : { "Fn::If" : [ "CreateVpcResources", [ { "Fn::Join" : [",", [ { "Ref" : "PublicSubnet1" } ] ] } ], [{ "Ref" : "SubnetId1" }] ] }, - "LaunchConfigurationName": { - "Ref": "CassandraLaunchConfig" - }, - "MinSize": { - "Ref": "CassandraFleetSize" - }, - "MaxSize": { - "Ref": "CassandraFleetSize" - }, - "DesiredCapacity": { - "Ref": "CassandraFleetSize" - }, - "Tags" : [ - { "Key" : "Name", "Value" : { "Ref" : "AWS::StackId" }, "PropagateAtLaunch" : "true" } - ] - } - }, - "CassandraSecurityGroup": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "VpcId" : { "Fn::If" : [ "CreateVpcResources", { "Ref" : "VPC" }, { "Ref" : "VpcId" } ] }, - "GroupDescription": "Cassandra SecurityGroup", - "SecurityGroupIngress": [ - {"IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": {"Ref": "SSHLocation"}}, - {"IpProtocol": "tcp", "FromPort": "8888", "ToPort": "8888", "CidrIp": {"Ref": "CassandraOpsCenterAccess"}} - ] - } - }, - "Ingress1024To65355": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "1024", "ToPort": "65355", "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - } - } - }, - "Ingress7000": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "7000", "ToPort": "7000", "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - } - } - }, - "Ingress7001": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "7001", "ToPort": "7001", "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - } - } - }, - "Ingress7199": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "7199", "ToPort": "7199", "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - } - } - }, - "Ingress61620": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "61620", "ToPort": "61620", "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - } - } - }, - "Ingress61621": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "61621", "ToPort": "61621", "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - } - } - }, - "Ingress9042": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "9042", "ToPort": "9042", "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - } - } - }, - "Ingress9160": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "9160", "ToPort": "9160", "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - } - } - }, - "CassandraLaunchConfig": { - "Type": "AWS::AutoScaling::LaunchConfiguration", - "Properties": { - "AssociatePublicIpAddress" : true, - "ImageId": { - "Fn::FindInMap": [ - "RegionCassAmiMap", - { - "Ref": "AWS::Region" - }, - "HVM" - ] - }, - "InstanceType": { - "Ref": "CassandraInstanceType" - }, - "KeyName": { - "Ref": "CassandraKeyName" - }, - "SecurityGroups": [ - { - "Ref": "CassandraSecurityGroup" - } - ], - "UserData": { - "Fn::Base64": { - "Fn::Join": [ - "", - [ - "#!\/bin\/bash\n", - "apt-get -y install python-setuptools\n", - "easy_install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n", - "publicip=`curl http://169.254.169.254/latest/meta-data/public-ipv4`\n", - "publichost=`curl http://169.254.169.254/latest/meta-data/public-hostname`\n", - "cfn-signal -e 0 --data $publicip --id $publichost --reason \"Kong setup completed\" '", { "Ref" : "CassandraWaitHandle" }, "'\n", - "--clustername ",{ "Ref": "CassandraClusterName" }, " --totalnodes ", { "Ref": "CassandraFleetSize" }," --version ", { "Ref": "CassandraClusterVersion" }," --release ",{"Ref": "CassandraVersion"}, - "\n" - ] - ] - } - } - } - } - }, - "Outputs": { - "ProxyURL": { - "Description": "Kong Proxy URL", - "Value": { - "Fn::Join": [ - "", - [ - "http:\/\/", - { "Fn::If" : [ "CreateVpcResources", { "Fn::GetAtt": [ "KongLoadBalancerNewVPC", "DNSName" ]}, { "Fn::GetAtt": [ "KongLoadBalancerExistingVPC", "DNSName" ] } ] }, - ":8000" - ] - ] - } - }, - "AdminURL": { - "Description": "Kong Admin URL", - "Value": { - "Fn::Join": [ - "", - [ - "http:\/\/", - { "Fn::If" : [ "CreateVpcResources", { "Fn::GetAtt": [ "KongLoadBalancerNewVPC", "DNSName" ]}, { "Fn::GetAtt": [ "KongLoadBalancerExistingVPC", "DNSName" ] } ] }, - ":8001" - ] - ] - } - } - } -} diff --git a/templates/kong-elb-cassandra-new-vpc-optional-pv.template b/templates/kong-elb-cassandra-new-vpc-optional-pv.template deleted file mode 100644 index f2251a4..0000000 --- a/templates/kong-elb-cassandra-new-vpc-optional-pv.template +++ /dev/null @@ -1,788 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Kong CloudFormation template.Template creates load balanced Kong instances with Cassandra cluster in new VPC or user provided VPC", - "Parameters": { - "VpcId" : { - "Type" : "String", - "Description" : "Optional - VPC Id of existing VPC. Leave blank to have a new VPC created", - "Default" : "", - "AllowedPattern" : "^(?:vpc-[0-9a-f]{8}|)$", - "ConstraintDescription" : "VPC ID must begin with 'vpc-' or leave blank to have a new VPC created" - }, - "SubnetId1" : { - "Type" : "String", - "Description" : "Conditional- required if VpcId provided. Existing VPC Subnet Id 1 where ECS instances will run", - "Default" : "" - }, - "SubnetId2" : { - "Type" : "String", - "Description" : "Conditional- required if VpcId provided. Existing VPC Subnet 2 Id where ECS instances will run", - "Default" : "" - }, - "Subnet1AZ" : { - "Type" : "String", - "Description" : "Conditional- required if VpcId provided or if *-1a AZ not supported by account. Existing VPC Subnet 1 AvailabilityZone", - "Default" : "" - }, - "Subnet2AZ" : { - "Type" : "String", - "Description" : "Conditional- required if either VpcId or Subnet1AZ provided or *-1b AZ not supported by account. Existing VPC Subnet 2 AvailabilityZone", - "Default" : "" - }, - "CassandraKeyName": { - "Description": "Required- Name of an existing EC2 KeyPair to enable SSH access to the instances for Cassandra", - "Type": "AWS::EC2::KeyPair::KeyName", - "Default": "" - }, - "CassandraFleetSize": { - "Description": "Number of nodes in cassandra cluster", - "Type": "Number", - "Default": "1", - "MinValue": "1" - }, - "SSHLocation": { - "Description": "The IP address range that can be used to SSH to the Kong and Cassandra EC2 instances", - "Type": "String", - "MinLength": "9", - "MaxLength": "18", - "Default": "0.0.0.0\/0", - "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\/(\\d{1,2})", - "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x\/x." - }, - "CassandraOpsCenterAccess": { - "Description": "The IP address range that can access OpsCenter for Cassandra cluster management", - "Type": "String", - "MinLength": "9", - "MaxLength": "18", - "Default": "0.0.0.0\/0", - "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\/(\\d{1,2})", - "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x\/x." - }, - "KongProxyAccess": { - "Description": "The IP address range that can be used to access the Kong proxy port 8000", - "Type": "String", - "MinLength": "9", - "MaxLength": "18", - "Default": "0.0.0.0\/0", - "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\/(\\d{1,2})", - "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x\/x." - }, - "KongAdminAccess": { - "Description": "The IP address range that can be used to access the Kong Admin port 8001", - "Type": "String", - "MinLength": "9", - "MaxLength": "18", - "Default": "0.0.0.0\/0", - "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\/(\\d{1,2})", - "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x\/x." - }, - "KongKeyName": { - "Description": "Required- Name of an existing EC2 KeyPair to enable SSH access to the instances for Kong", - "Type": "AWS::EC2::KeyPair::KeyName", - "Default": "" - }, - "KongFleetMaxSize": { - "Description": "Max Number of Kong instances", - "Type": "Number", - "Default": "2", - "MinValue": "1" - }, - "KongFleetDesiredSize": { - "Description": "Desired Number of Kong instances", - "Type": "Number", - "Default": "2", - "MinValue": "1" - }, - "KongInstanceType": { - "Description": "Kong EC2 instance type", - "Type": "String", - "Default": "c3.4xlarge", - "AllowedValues": [ - "m1.small", - "m1.medium", - "m1.large", - "m1.xlarge", - "m2.xlarge", - "m2.2xlarge", - "m2.4xlarge", - "m3.medium", - "m3.large", - "m3.xlarge", - "m3.2xlarge", - "c1.medium", - "c1.xlarge", - "c3.large", - "c3.xlarge", - "c3.2xlarge", - "c3.4xlarge", - "c3.8xlarge" - ], - "ConstraintDescription": "must be a valid EC2 instance type." - }, - "CassandraInstanceType": { - "Description": "Cassandra EC2 instance type", - "Type": "String", - "Default": "c3.2xlarge", - "AllowedValues": [ - "m3.medium", - "m3.large", - "m3.xlarge", - "m3.2xlarge", - "c3.large", - "c3.xlarge", - "c3.2xlarge", - "c3.4xlarge", - "c3.8xlarge", - "cc2.8xlarge", - "cc1.4xlarge", - "g2.2xlarge", - "g2.8xlarge", - "cg1.4xlarge", - "r3.large", - "r3.xlarge", - "r3.2xlarge", - "r3.4xlarge", - "r3.8xlarge", - "d2.xlarge", - "d2.2xlarge", - "d2.4xlarge", - "d2.8xlarge", - "i2.xlarge", - "i2.2xlarge" - ], - "ConstraintDescription": "must be a valid EC2 instance type." - }, - "CassandraClusterName": { - "Default": "Cassandra Cluster", - "Description": "Cassandra cluster name", - "Type": "String" - }, - "CassandraClusterVersion": { - "Description": "Cassandra cluster version", - "Type": "String", - "Default": "Community", - "AllowedValues": [ - "Community", - "Enterprise" - ] - }, - "CassandraVersion": { - "Description": "Cassandra version", - "Type": "String", - "Default": "2.2.7", - "AllowedValues": [ - "2.2.7", - "2.2.4", - "2.2.3", - "2.2.0" - ] - }, - "KongVersion": { - "Description": "Kong version (Only 0.9.x and above supported)", - "Type": "String", - "Default": "0.10.3", - "AllowedValues": [ - "0.10.3", - "0.10.2", - "0.10.1", - "0.10.0", - "0.9.9", - "0.9.8", - "0.9.7", - "0.9.6", - "0.9.5", - "0.9.4", - "0.9.3", - "0.9.2", - "0.9.1", - "0.9.0" - ] - } - }, - "Mappings": { - "RegionKongAmiMap": { - "us-east-1": { - "PV": "ami-1ccae774" - }, - "us-west-1": { - "PV": "ami-d514f291" - }, - "us-west-2": { - "PV": "ami-ff527ecf" - }, - "eu-west-1" : { - "PV": "ami-bf0897c8" - }, - "ap-northeast-1" : { - "PV": "ami-27f90e27" - }, - "ap-southeast-1" : { - "PV": "ami-acd9e8fe" - }, - "ap-southeast-2" : { - "PV": "ami-ff9cecc5" - }, - "sa-east-1" : { - "PV" : "ami-bb2890a6" - } - }, - "RegionCassAmiMap": { - "us-east-1": { - "HVM": "ami-711ca91a" - }, - "us-west-1": { - "HVM": "ami-17728c53" - }, - "us-west-2": { - "HVM": "ami-8b392cbb" - }, - "eu-west-1" : { - "HVM": "ami-72520e05" - }, - "ap-northeast-1" : { - "HVM": "ami-580eb458" - }, - "ap-southeast-1" : { - "HVM": "ami-a43836f6" - }, - "ap-southeast-2" : { - "HVM": "ami-df0042e5" - }, - "sa-east-1" : { - "HVM": "ami-43971f5e" - } - } - }, - "Conditions" : { - "CreateVpcResources" : { "Fn::Equals" : [ { "Ref" : "VpcId" }, "" ] }, - "ExistingVpcResources" : { "Fn::Not" : [ { "Fn::Equals" : [ { "Ref" : "VpcId" }, "" ] } ] }, - "UseAZParameter": { "Fn::Not" : [ {"Fn::And" : [ { "Fn::Equals" : [ { "Ref" : "Subnet1AZ" }, "" ]} , { "Fn::Equals" : [ { "Ref" : "Subnet1AZ" }, "" ] } ] } ] } - }, - "Resources": { - "VPC" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::VPC", - "Properties" : { - "CidrBlock" : "10.0.0.0/16", - "EnableDnsSupport" : "true", - "EnableDnsHostnames" : "true", - "Tags" : [ - { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }, - { "Key" : "Network", "Value" : "Public" } - ] - } - }, - "PublicSubnet1" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::Subnet", - "Properties" : { - "VpcId" : { "Ref" : "VPC" }, - "CidrBlock" : "10.0.0.0/23", - "AvailabilityZone" : { "Fn::If" : [ "UseAZParameter", { "Ref" : "Subnet1AZ" }, { "Fn::Select" : [ "0", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } } ] } ] }, - "Tags" : [ - { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }, - { "Key" : "Network", "Value" : "Public" } - ] - } - }, - "PublicSubnet2" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::Subnet", - "Properties" : { - "VpcId" : { "Ref" : "VPC" }, - "CidrBlock" : "10.0.4.0/23", - "AvailabilityZone" : { "Fn::Select" : [ "1", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } } ] }, - "AvailabilityZone" : { "Fn::If" : [ "UseAZParameter", { "Ref" : "Subnet2AZ" }, { "Fn::Select" : [ "1", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } } ] } ] }, - "Tags" : [ - { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }, - { "Key" : "Network", "Value" : "Public" } - ] - } - }, - "InternetGateway" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::InternetGateway", - "Properties" : { - "Tags" : [ - { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }, - { "Key" : "Network", "Value" : "Public" } - ] - } - }, - "AttachGateway" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::VPCGatewayAttachment", - "Properties" : { - "VpcId" : { "Ref" : "VPC" }, - "InternetGatewayId" : { "Ref" : "InternetGateway" } - } - }, - "PublicRouteTable" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::RouteTable", - "Properties" : { - "VpcId" : {"Ref" : "VPC"}, - "Tags" : [ - { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }, - { "Key" : "Network", "Value" : "Public" } - ] - } - }, - "PublicRoute" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::Route", - "DependsOn" : "AttachGateway", - "Properties" : { - "RouteTableId" : { "Ref" : "PublicRouteTable" }, - "DestinationCidrBlock" : "0.0.0.0/0", - "GatewayId" : { "Ref" : "InternetGateway" } - } - }, - "PublicSubnet1RouteTableAssociation" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::SubnetRouteTableAssociation", - "Properties" : { - "SubnetId" : { "Ref" : "PublicSubnet1" }, - "RouteTableId" : { "Ref" : "PublicRouteTable" } - } - }, - "PublicSubnet2RouteTableAssociation" : { - "Condition" : "CreateVpcResources", - "Type" : "AWS::EC2::SubnetRouteTableAssociation", - "Properties" : { - "SubnetId" : { "Ref" : "PublicSubnet2" }, - "RouteTableId" : { "Ref" : "PublicRouteTable" } - } - }, - "KongLoadBalancerNewVPC": { - "Condition" : "CreateVpcResources", - "Type": "AWS::ElasticLoadBalancing::LoadBalancer", - "Properties": { - "SecurityGroups" : [ { "Ref" : "LoadBalancerSecurityGroup" } ], - "Subnets" : [ { "Ref" : "PublicSubnet1" }, { "Ref" : "PublicSubnet2" } ], - "CrossZone" : "true", - "Listeners": [ - { - "LoadBalancerPort": "8000", - "InstancePort": "8000", - "Protocol": "HTTP" - }, - { - "LoadBalancerPort": "8001", - "InstancePort": "8001", - "Protocol": "HTTP" - } - ], - "HealthCheck": { - "Target": "TCP:8000", - "HealthyThreshold": "3", - "UnhealthyThreshold": "5", - "Interval" : "90", - "Timeout" : "60" - } - } - }, - - "KongLoadBalancerExistingVPC": { - "Condition" : "ExistingVpcResources", - "Type": "AWS::ElasticLoadBalancing::LoadBalancer", - "Properties": { - "SecurityGroups" : [ { "Ref" : "LoadBalancerSecurityGroup" } ], - "Subnets" : [ - { "Ref" : "SubnetId1" }, { "Ref" : "SubnetId2" } - ], - "CrossZone" : "true", - "Listeners": [ - { - "LoadBalancerPort": "8000", - "InstancePort": "8000", - "Protocol": "HTTP" - }, - { - "LoadBalancerPort": "8001", - "InstancePort": "8001", - "Protocol": "HTTP" - } - ], - "HealthCheck": { - "Target": "TCP:8000", - "HealthyThreshold": "3", - "UnhealthyThreshold": "5", - "Interval" : "90", - "Timeout" : "60" - } - } - }, - "LoadBalancerSecurityGroup" : { - "Type" : "AWS::EC2::SecurityGroup", - "Properties" : { - "GroupDescription" : "Enable HTTP access on port 8000 and 8001", - "VpcId" : { "Fn::If" : [ "CreateVpcResources", { "Ref" : "VPC" }, { "Ref" : "VpcId" } ] }, - "SecurityGroupIngress" : [ - { "IpProtocol" : "tcp", "FromPort" : "8000", "ToPort" : "8000", "CidrIp" : { "Ref" : "KongProxyAccess" } }, - { "IpProtocol" : "tcp", "FromPort" : "8001", "ToPort" : "8001", "CidrIp" : { "Ref" : "KongAdminAccess" } } - ], - "SecurityGroupEgress" : [ - { "IpProtocol" : "tcp", "FromPort" : "1", "ToPort" : "65535", "CidrIp" : "0.0.0.0/0" } - ] - } - }, - - "KongScalingGroup": { - "Type": "AWS::AutoScaling::AutoScalingGroup", - "CreationPolicy": { - "ResourceSignal": { - "Count" : { "Ref" : "KongFleetDesiredSize" }, - "Timeout": "PT15M" - } - }, - "Properties": { - "AvailabilityZones" : { "Fn::If" : [ "CreateVpcResources", [{ "Fn::GetAtt" : [ "PublicSubnet1", "AvailabilityZone" ] }, { "Fn::GetAtt" : [ "PublicSubnet2", "AvailabilityZone" ] }], [{ "Ref" : "Subnet1AZ" }, { "Ref" : "Subnet2AZ" }]]}, - "VPCZoneIdentifier" : { "Fn::If" : [ "CreateVpcResources", [ { "Fn::Join" : [",", [ { "Ref" : "PublicSubnet1" }, { "Ref" : "PublicSubnet2" } ] ] } ], [{ "Ref" : "SubnetId1" }, { "Ref" : "SubnetId2" }] ] }, - "LaunchConfigurationName": { - "Ref": "KongLaunchConfig" - }, - "MinSize": "1", - "MaxSize": { - "Ref": "KongFleetMaxSize" - }, - "DesiredCapacity": { - "Ref": "KongFleetDesiredSize" - }, - "LoadBalancerNames": [ - { "Fn::If" : [ "CreateVpcResources", {"Ref" : "KongLoadBalancerNewVPC"}, {"Ref" : "KongLoadBalancerExistingVPC"} ]} - ], - "Tags" : [ - { "Key" : "Name", "Value" : { "Ref" : "AWS::StackId" }, "PropagateAtLaunch" : "true" } - ] - } - }, - "KongLaunchConfig": { - "Type": "AWS::AutoScaling::LaunchConfiguration", - "Properties": { - "AssociatePublicIpAddress" : true, - "ImageId": { - "Fn::FindInMap": [ - "RegionKongAmiMap", - { - "Ref": "AWS::Region" - }, - "PV" - ] - }, - "InstanceType": { - "Ref": "KongInstanceType" - }, - "KeyName": { - "Ref": "KongKeyName" - }, - "SecurityGroups": [ - { - "Ref": "KongSecurityGroup" - } - ], - "UserData": { - "Fn::Base64": { - "Fn::Join": [ - "", - [ - "#!\/bin\/bash\n", - "yum update -y aws-cfn-bootstrap\n", - "echo '* soft nofile 65000' >> \/etc\/security\/limits.conf\n", - "echo '* hard nofile 65000' >> \/etc\/security\/limits.conf\n", - "kong_version=",{ "Ref" : "KongVersion" }, "\n", - "wget -O kong.rpm https://github.com/Mashape/kong/releases/download/$kong_version/kong-$kong_version.aws.rpm\n", - "if [ -e \".\/kong.rpm\" ]\n", - "then\n", - " echo \"Installing Kong...\" \n", - "else\n", - " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Failed to download Kong\" \n", - " echo \"failed to download kong, exiting...\" \n", - " exit\n", - "fi\n", - "yum install -y epel-release\n", - "yum install -y kong.rpm --nogpgcheck\n", - "echo \"database: cassandra\" >> hosts\n", - "echo \"cassandra:\" >> hosts\n", - "echo \" contact_points:\" >> hosts\n", - "cassandra_hosts=", { "Fn::GetAtt": [ "CassandraWaitCondition", "Data" ] }, "\n", - "cassandra_hosts=$(echo $cassandra_hosts | awk -F\"{\" '{print $2}')\n", - "cassandra_hosts=$(echo $cassandra_hosts | awk -F\"}\" '{print $1}')\n", - "IFS=', ' read -a host_array <<< \"$cassandra_hosts\"\n", - "for i in \"${host_array[@]}\"\n", - "do\n", - " hostName=$(echo $i | awk -F\":\" '{print $1}')\n", - " KONG_CASSANDRA_CONTACT_POINTS+=\"$hostName,\" \n", - "done;\n", - "KONG_CASSANDRA_CONTACT_POINTS=${KONG_CASSANDRA_CONTACT_POINTS:0:${#KONG_CASSANDRA_CONTACT_POINTS}-1}\n", - "export KONG_DATABASE=cassandra\n", - "export KONG_CASSANDRA_CONTACT_POINTS\n", - "export KONG_SERF_PATH=\/usr\/local\/bin\/serf\n", - "sleep `echo $(( RANDOM % ( 200 - 100 + 1 ) + 50 ))`\n", - "COUNTER=0\n", - "while [ $COUNTER -lt 4 ]; do\n", - " /usr/local/bin/kong health\n", - " if [[ $? -ne 0 ]]; then\n", - " echo \"trying to start kong..\"\n", - " su -s \/bin\/sh -c \"\/usr\/local\/bin\/kong start\" ec2-user\n", - " let COUNTER=COUNTER+1\n", - " sleep `echo $(( RANDOM % ( 120 - 30 + 1 ) + 30 ))`\n", - " else\n", - " /opt/aws/bin/cfn-signal -e 0 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Kong setup completed\" \n", - " break \n", - " fi\n", - "done\n", - "if ! /usr/local/bin/kong health; then\n", - " echo \"failed to start kong, exiting...\" \n", - " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Failed to start Kong\" \n", - "fi\n" - ] - ] - } - } - } - }, - "KongSecurityGroup": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Enable SSH access and HTTP access on the inbound port", - "VpcId" : { "Fn::If" : [ "CreateVpcResources", { "Ref" : "VPC" }, { "Ref" : "VpcId" } ] }, - "SecurityGroupIngress": [ - { "IpProtocol" : "tcp", "FromPort" : "8000", "ToPort" : "8001", "SourceSecurityGroupId" : { "Ref" : "LoadBalancerSecurityGroup" } }, - { "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "SSHLocation" } } - ], - "SecurityGroupEgress" : [ - { "IpProtocol" : "tcp", "FromPort" : "1", "ToPort" : "65535", "CidrIp" : "0.0.0.0/0" } - ] - } - }, - "IngressUDP7946": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - }, - "IpProtocol": "udp", "FromPort": "7946", "ToPort": "7946", - "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - } - } - }, - "Ingress7946": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "7946", "ToPort": "7946", - "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - } - } - }, - "CassandraWaitHandle" : { - "Type" : "AWS::CloudFormation::WaitConditionHandle" - }, - "CassandraWaitCondition" : { - "Type" : "AWS::CloudFormation::WaitCondition", - "DependsOn" : "CassandraGroup", - "Properties" : { - "Handle" : { "Ref" : "CassandraWaitHandle" }, - "Timeout" : "900", - "Count" : { "Ref" : "CassandraFleetSize" } - } - }, - "CassandraGroup": { - "Type": "AWS::AutoScaling::AutoScalingGroup", - "Properties": { - "AvailabilityZones" : { "Fn::If" : [ "CreateVpcResources", [{ "Fn::GetAtt" : [ "PublicSubnet1", "AvailabilityZone" ] }], [{ "Ref" : "Subnet1AZ" }]]}, - "VPCZoneIdentifier" : { "Fn::If" : [ "CreateVpcResources", [ { "Fn::Join" : [",", [ { "Ref" : "PublicSubnet1" } ] ] } ], [{ "Ref" : "SubnetId1" }] ] }, - "LaunchConfigurationName": { - "Ref": "CassandraLaunchConfig" - }, - "MinSize": { - "Ref": "CassandraFleetSize" - }, - "MaxSize": { - "Ref": "CassandraFleetSize" - }, - "DesiredCapacity": { - "Ref": "CassandraFleetSize" - }, - "Tags" : [ - { "Key" : "Name", "Value" : { "Ref" : "AWS::StackId" }, "PropagateAtLaunch" : "true" } - ] - } - }, - "CassandraSecurityGroup": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "VpcId" : { "Fn::If" : [ "CreateVpcResources", { "Ref" : "VPC" }, { "Ref" : "VpcId" } ] }, - "GroupDescription": "Cassandra SecurityGroup", - "SecurityGroupIngress": [ - {"IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": {"Ref": "SSHLocation"}}, - {"IpProtocol": "tcp", "FromPort": "8888", "ToPort": "8888", "CidrIp": {"Ref": "CassandraOpsCenterAccess"}} - ] - } - }, - "Ingress1024To65355": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "1024", "ToPort": "65355", "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - } - } - }, - "Ingress7000": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "7000", "ToPort": "7000", "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - } - } - }, - "Ingress7001": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "7001", "ToPort": "7001", "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - } - } - }, - "Ingress7199": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "7199", "ToPort": "7199", "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - } - } - }, - "Ingress61620": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "61620", "ToPort": "61620", "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - } - } - }, - "Ingress61621": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "61621", "ToPort": "61621", "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - } - } - }, - "Ingress9042": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "9042", "ToPort": "9042", "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - } - } - }, - "Ingress9160": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "CassandraSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "9160", "ToPort": "9160", "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - } - } - }, - "CassandraLaunchConfig": { - "Type": "AWS::AutoScaling::LaunchConfiguration", - "Properties": { - "AssociatePublicIpAddress" : true, - "ImageId": { - "Fn::FindInMap": [ - "RegionCassAmiMap", - { - "Ref": "AWS::Region" - }, - "HVM" - ] - }, - "InstanceType": { - "Ref": "CassandraInstanceType" - }, - "KeyName": { - "Ref": "CassandraKeyName" - }, - "SecurityGroups": [ - { - "Ref": "CassandraSecurityGroup" - } - ], - "UserData": { - "Fn::Base64": { - "Fn::Join": [ - "", - [ - "#!\/bin\/bash\n", - "apt-get -y install python-setuptools\n", - "easy_install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n", - "publicip=`curl http://169.254.169.254/latest/meta-data/public-ipv4`\n", - "publichost=`curl http://169.254.169.254/latest/meta-data/public-hostname`\n", - "cfn-signal -e 0 --data $publicip --id $publichost --reason \"Kong setup completed\" '", { "Ref" : "CassandraWaitHandle" }, "'\n", - "--clustername ",{ "Ref": "CassandraClusterName" }, " --totalnodes ", { "Ref": "CassandraFleetSize" }," --version ", { "Ref": "CassandraClusterVersion" }," --release ",{"Ref": "CassandraVersion"}, - "\n" - ] - ] - } - } - } - } - }, - "Outputs": { - "ProxyURL": { - "Description": "Kong Proxy URL", - "Value": { - "Fn::Join": [ - "", - [ - "http:\/\/", - { "Fn::If" : [ "CreateVpcResources", { "Fn::GetAtt": [ "KongLoadBalancerNewVPC", "DNSName" ]}, { "Fn::GetAtt": [ "KongLoadBalancerExistingVPC", "DNSName" ] } ] }, - ":8000" - ] - ] - } - }, - "AdminURL": { - "Description": "Kong Admin URL", - "Value": { - "Fn::Join": [ - "", - [ - "http:\/\/", - { "Fn::If" : [ "CreateVpcResources", { "Fn::GetAtt": [ "KongLoadBalancerNewVPC", "DNSName" ]}, { "Fn::GetAtt": [ "KongLoadBalancerExistingVPC", "DNSName" ] } ] }, - ":8001" - ] - ] - } - } - } -} diff --git a/templates/kong-elb-cassandra-user-vpc-optional-hvm.template b/templates/kong-elb-cassandra-user-vpc-optional-hvm.template index 1ef6646..028cf8e 100644 --- a/templates/kong-elb-cassandra-user-vpc-optional-hvm.template +++ b/templates/kong-elb-cassandra-user-vpc-optional-hvm.template @@ -122,52 +122,55 @@ "ConstraintDescription": "must be a valid EC2 instance type." }, "KongVersion": { - "Description": "Kong version (Only 0.9.x and above supported)", + "Description": "Kong version (Only 0.11.x and above supported). Leave it blank to install latest version.", + "Type": "String" + }, + "KongMigration": { + "Description": "run the Kong migrations by default, set it to false to disable it.", "Type": "String", - "Default": "0.10.3", + "Default": "true", "AllowedValues": [ - "0.10.3", - "0.10.2", - "0.10.1", - "0.10.0", - "0.9.9", - "0.9.8", - "0.9.7", - "0.9.6", - "0.9.5", - "0.9.4", - "0.9.3", - "0.9.2", - "0.9.1", - "0.9.0" - ] + "true", + "false" + ] + }, + "KongConfigs": { + "Description": "Kong configurations", + "Type": "CommaDelimitedList", + "ConstraintDescription": "must be in KONG_ENV1=v1[, KONG_ENV2=v2] format" } }, "Mappings": { "RegionKongAmiMap": { "us-east-1": { - "HVM": "ami-1ecae776" + "HVM": "ami-a4c7edb2" + }, + "us-east-2": { + "HVM": "ami-8a7859ef" }, "us-west-1": { - "HVM": "ami-d114f295" + "HVM": "ami-327f5352" }, "us-west-2": { - "HVM": "ami-e7527ed7" + "HVM": "ami-6df1e514" }, "eu-west-1" : { - "HVM": "ami-a10897d6" + "HVM": "ami-d7b9a2b1" + }, + "eu-west-2" : { + "HVM": "ami-ed100689" }, - "ap-northeast-1" : { - "HVM": "ami-cbf90ecb" + "eu-central-1" : { + "HVM": "ami-87dab1eb" }, "ap-southeast-1" : { - "HVM": "ami-68d8e93a" + "HVM": "ami-77af2014" }, "ap-southeast-2" : { - "HVM": "ami-fd9cecc7" + "HVM": "ami-10918173" }, "sa-east-1" : { - "HVM" : "ami-b52890a8" + "HVM" : "ami-87dab1eb" } } }, @@ -209,7 +212,6 @@ "Properties" : { "VpcId" : { "Ref" : "VPC" }, "CidrBlock" : "10.0.4.0/23", - "AvailabilityZone" : { "Fn::Select" : [ "1", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } } ] }, "AvailabilityZone" : { "Fn::If" : [ "UseAZParameter", { "Ref" : "Subnet2AZ" }, { "Fn::Select" : [ "1", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } } ] } ] }, "Tags" : [ { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }, @@ -300,7 +302,6 @@ } } }, - "KongLoadBalancerExistingVPC": { "Condition" : "ExistingVpcResources", "Type": "AWS::ElasticLoadBalancing::LoadBalancer", @@ -345,15 +346,14 @@ ] } }, - "KongScalingGroup": { "Type": "AWS::AutoScaling::AutoScalingGroup", "CreationPolicy": { - "ResourceSignal": { - "Count" : { "Ref" : "KongFleetDesiredSize" }, - "Timeout": "PT15M" - } - }, + "ResourceSignal": { + "Count" : { "Ref" : "KongFleetDesiredSize" }, + "Timeout": "PT15M" + } + }, "Properties": { "AvailabilityZones" : { "Fn::If" : [ "CreateVpcResources", [{ "Fn::GetAtt" : [ "PublicSubnet1", "AvailabilityZone" ] }, { "Fn::GetAtt" : [ "PublicSubnet2", "AvailabilityZone" ] }], [{ "Ref" : "Subnet1AZ" }, { "Ref" : "Subnet2AZ" }]]}, "VPCZoneIdentifier" : { "Fn::If" : [ "CreateVpcResources", [ { "Fn::Join" : [",", [ { "Ref" : "PublicSubnet1" }, { "Ref" : "PublicSubnet2" } ] ] } ], [{ "Ref" : "SubnetId1" }, { "Ref" : "SubnetId2" }] ] }, @@ -361,12 +361,8 @@ "Ref": "KongLaunchConfig" }, "MinSize": "1", - "MaxSize": { - "Ref": "KongFleetMaxSize" - }, - "DesiredCapacity": { - "Ref": "KongFleetDesiredSize" - }, + "MaxSize": "1", + "DesiredCapacity": "1", "LoadBalancerNames": [ { "Fn::If" : [ "CreateVpcResources", {"Ref" : "KongLoadBalancerNewVPC"}, {"Ref" : "KongLoadBalancerExistingVPC"} ]} ], @@ -375,6 +371,65 @@ ] } }, + "ASGUpdateRole":{ + "Type":"AWS::IAM::Role", + "Properties":{ + "Path":"/", + "Policies":[ + { + "PolicyName":"ASGUpdateRole", + "PolicyDocument":{ + "Version":"2012-10-17", + "Statement":[ + { + "Action":[ + "ec2:Describe*", + "cloudformation:DescribeStackResource" + ], + "Resource":[ + "*" + ], + "Effect":"Allow" + }, + { + "Effect":"Allow", + "Action":"autoscaling:UpdateAutoScalingGroup", + "Resource":[ + "*" + ] + } + ] + } + } + ], + "AssumeRolePolicyDocument":{ + "Statement":[ + { + "Action":[ + "sts:AssumeRole" + ], + "Effect":"Allow", + "Principal":{ + "Service":[ + "ec2.amazonaws.com" + ] + } + } + ] + } + } + }, + "ASGUpdateProfile":{ + "Type":"AWS::IAM::InstanceProfile", + "Properties":{ + "Path":"/", + "Roles":[ + { + "Ref":"ASGUpdateRole" + } + ] + } + }, "KongLaunchConfig": { "Type": "AWS::AutoScaling::LaunchConfiguration", "Properties": { @@ -399,6 +454,9 @@ "Ref": "KongSecurityGroup" } ], + "IamInstanceProfile": { + "Ref":"ASGUpdateProfile" + }, "UserData": { "Fn::Base64": { "Fn::Join": [ @@ -409,45 +467,57 @@ "echo '* soft nofile 65000' >> \/etc\/security\/limits.conf\n", "echo '* hard nofile 65000' >> \/etc\/security\/limits.conf\n", "kong_version=",{ "Ref" : "KongVersion" }, "\n", - "wget -O kong.rpm https://github.com/Mashape/kong/releases/download/$kong_version/kong-$kong_version.aws.rpm\n", - "if [ -e \".\/kong.rpm\" ]\n", + "if [ \"$kong_version\" != \"\" ]\n", "then\n", - " echo \"Installing Kong...\" \n", - "else\n", - " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Failed to download Kong\" \n", - " echo \"failed to download kong, exiting...\" \n", - " exit\n", - "fi\n", - "yum install -y epel-release\n", - "yum install -y kong.rpm --nogpgcheck\n", + " kong_version=\"-$kong_version\"\n", + "fi\n", + "kong_migrations=",{ "Ref" : "KongMigration" }, "\n", + "KONG_ENV=\"", { "Fn::Join": [ " ", { "Ref": "KongConfigs" } ] }, "\"\n", + "export $KONG_ENV\n", "CASSANDRA_HOSTS=(\"", { "Fn::Join": [ "\" \"", { "Ref": "CassandraSeedNodes" } ] }, "\")\n", "for i in \"${CASSANDRA_HOSTS[@]}\"\n", - "do\n", - " KONG_CASSANDRA_CONTACT_POINTS+=\"$i,\" \n", - "done;\n", - "KONG_CASSANDRA_CONTACT_POINTS=${KONG_CASSANDRA_CONTACT_POINTS:0:${#KONG_CASSANDRA_CONTACT_POINTS}-1}\n", - "export KONG_DATABASE=cassandra\n", - "export KONG_CASSANDRA_CONTACT_POINTS\n", - "export KONG_CASSANDRA_PORT=", {"Ref": "CassandraPort"}, "\n", - "export KONG_SERF_PATH=\/usr\/local\/bin\/serf\n", - "COUNTER=0\n", - "sleep `echo $(( RANDOM % ( 200 - 100 + 1 ) + 50 ))`\n", - "while [ $COUNTER -lt 4 ]; do\n", - " /usr/local/bin/kong health\n", - " if [[ $? -ne 0 ]]; then\n", - " echo \"trying to start kong..\"\n", - " su -s \/bin\/sh -c \"\/usr\/local\/bin\/kong start\" ec2-user\n", - " let COUNTER=COUNTER+1\n", - " sleep `echo $(( RANDOM % ( 120 - 30 + 1 ) + 30 ))`\n", - " else\n", - " /opt/aws/bin/cfn-signal -e 0 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Kong setup completed\" \n", - " break \n", - " fi\n", - "done\n", + "do\n", + " KONG_CASSANDRA_CONTACT_POINTS+=\"$i,\" \n", + "done;\n", + "KONG_CASSANDRA_CONTACT_POINTS=${KONG_CASSANDRA_CONTACT_POINTS:0:${#KONG_CASSANDRA_CONTACT_POINTS}-1}\n", + "export KONG_DATABASE=cassandra\n", + "export KONG_CASSANDRA_CONTACT_POINTS\n", + "export KONG_CASSANDRA_PORT=", {"Ref": "CassandraPort"}, "\n", + "echo \"[kong] installing Kong with following environments:\" \n", + "env\n", + "mkdir \/usr\/local\/kong && chown ec2-user \/usr\/local\/kong \n", + "wget https://bintray.com/kong/kong-community-edition-aws/rpm -O bintray-kong-kong-community-edition-aws.repo\n", + "if [ \"$?\" -ne \"0\" ]\n", + "then\n", + " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"failed to install kong-community-edition$kong_version\" \n", + " echo \"[kong] failed to install kong-community-edition$kong_version, exiting...\" \n", + " exit\n", + "fi\n", + "mv bintray-kong-kong-community-edition-aws.repo /etc/yum.repos.d/\n", + "yum update -y\n", + "yum install -y epel-release\n", + "yum install -y kong-community-edition$kong_version --nogpgcheck\n", + "if [ \"$?\" -ne \"0\" ]\n", + "then\n", + " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"failed to install kong-community-edition$kong_version\" \n", + " echo \"[kong] failed to install kong-community-edition$kong_version, exiting...\" \n", + " exit\n", + "fi\n", + "if [ \"$kong_migrations\" == \"true\" ]\n", + "then\n", + " echo \"[kong] starting migrations...\" \n", + " su -s \/bin\/sh -c \"\/usr\/local\/bin\/kong migrations up\" ec2-user\n", + "fi\n", + "su -s \/bin\/sh -c \"\/usr\/local\/bin\/kong start\" ec2-user\n", "if ! /usr/local/bin/kong health; then\n", - " echo \"failed to start kong, exiting...\" \n", + " echo \"[kong] failed to start kong, exiting...\" \n", " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Failed to start Kong\" \n", - "fi\n" + " exit\n", + "fi\n", + "instance_id=`curl http://169.254.169.254/latest/meta-data/instance-id`\n", + "autoscale_group=`aws ec2 describe-tags --filters \"Name=resource-id,Values=$instance_id\"", " --region ", { "Ref":"AWS::Region" }, " \"Name=key,Values=aws:autoscaling:groupName\"", " | sed -ne 's\/[ ]*\"Value\":\\s\"\\(.*\\)\",\/\\1\/p'`\n", + "aws autoscaling update-auto-scaling-group --auto-scaling-group-name $autoscale_group", " --region ", { "Ref":"AWS::Region" }, " --max-size ", { "Ref" : "KongFleetMaxSize" }, " --desired-capacity ", { "Ref": "KongFleetDesiredSize"}, " \n", + "/opt/aws/bin/cfn-signal -e 0 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Kong setup completed\" \n" ] ] } @@ -467,30 +537,6 @@ { "IpProtocol" : "tcp", "FromPort" : "1", "ToPort" : "65535", "CidrIp" : "0.0.0.0/0" } ] } - }, - "IngressUDP7946": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - }, - "IpProtocol": "udp", "FromPort": "7946", "ToPort": "7946", - "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - } - } - }, - "Ingress7946": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "7946", "ToPort": "7946", - "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - } - } } }, "Outputs": { diff --git a/templates/kong-elb-cassandra-user-vpc-optional-pv.template b/templates/kong-elb-cassandra-user-vpc-optional-pv.template index b79c3f0..d59d3f3 100644 --- a/templates/kong-elb-cassandra-user-vpc-optional-pv.template +++ b/templates/kong-elb-cassandra-user-vpc-optional-pv.template @@ -111,52 +111,52 @@ "ConstraintDescription": "must be a valid EC2 instance type." }, "KongVersion": { - "Description": "Kong version (Only 0.9.x and above supported)", + "Description": "Kong version (Only 0.11.x and above supported). Leave it blank to install latest version.", + "Type": "String" + }, + "KongMigration": { + "Description": "Run the Kong migrations by default, set it to false to disable it.", "Type": "String", - "Default": "0.10.3", + "Default": "true", "AllowedValues": [ - "0.10.3", - "0.10.2", - "0.10.1", - "0.10.0", - "0.9.9", - "0.9.8", - "0.9.7", - "0.9.6", - "0.9.5", - "0.9.4", - "0.9.3", - "0.9.2", - "0.9.1", - "0.9.0" - ] + "true", + "false" + ] + }, + "KongConfigs": { + "Description": "Kong configuration", + "Type": "CommaDelimitedList", + "ConstraintDescription": "must be in KONG_ENV1=v1[, KONG_ENV2=v2] format" } }, "Mappings": { "RegionKongAmiMap": { "us-east-1": { - "PV": "ami-1ccae774" + "PV": "ami-abc1ebbd" }, "us-west-1": { - "PV": "ami-d514f291" + "PV": "ami-347e5254" }, "us-west-2": { - "PV": "ami-ff527ecf" + "PV": "ami-98f3e7e1" }, - "eu-west-1" : { - "PV": "ami-bf0897c8" + "eu-west-1": { + "PV": "ami-c4bba0a2" }, - "ap-northeast-1" : { - "PV": "ami-27f90e27" + "eu-central-1": { + "PV": "ami-4dbc1a22" }, - "ap-southeast-1" : { - "PV": "ami-acd9e8fe" + "ap-northeast-1": { + "PV": "ami-d3d3c4b4" }, - "ap-southeast-2" : { - "PV": "ami-ff9cecc5" + "ap-southeast-1": { + "PV": "ami-42901f21" }, - "sa-east-1" : { - "PV" : "ami-bb2890a6" + "ap-southeast-2": { + "PV": "ami-43918120" + }, + "sa-east-1": { + "PV": "ami-1cdab170" } } }, @@ -198,7 +198,6 @@ "Properties" : { "VpcId" : { "Ref" : "VPC" }, "CidrBlock" : "10.0.4.0/23", - "AvailabilityZone" : { "Fn::Select" : [ "1", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } } ] }, "AvailabilityZone" : { "Fn::If" : [ "UseAZParameter", { "Ref" : "Subnet2AZ" }, { "Fn::Select" : [ "1", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } } ] } ] }, "Tags" : [ { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }, @@ -289,7 +288,6 @@ } } }, - "KongLoadBalancerExistingVPC": { "Condition" : "ExistingVpcResources", "Type": "AWS::ElasticLoadBalancing::LoadBalancer", @@ -337,11 +335,11 @@ "KongScalingGroup": { "Type": "AWS::AutoScaling::AutoScalingGroup", "CreationPolicy": { - "ResourceSignal": { - "Count" : { "Ref" : "KongFleetDesiredSize" }, - "Timeout": "PT15M" - } - }, + "ResourceSignal": { + "Count" : { "Ref" : "KongFleetDesiredSize" }, + "Timeout": "PT15M" + } + }, "Properties": { "AvailabilityZones" : { "Fn::If" : [ "CreateVpcResources", [{ "Fn::GetAtt" : [ "PublicSubnet1", "AvailabilityZone" ] }, { "Fn::GetAtt" : [ "PublicSubnet2", "AvailabilityZone" ] }], [{ "Ref" : "Subnet1AZ" }, { "Ref" : "Subnet2AZ" }]]}, "VPCZoneIdentifier" : { "Fn::If" : [ "CreateVpcResources", [ { "Fn::Join" : [",", [ { "Ref" : "PublicSubnet1" }, { "Ref" : "PublicSubnet2" } ] ] } ], [{ "Ref" : "SubnetId1" }, { "Ref" : "SubnetId2" }] ] }, @@ -349,12 +347,8 @@ "Ref": "KongLaunchConfig" }, "MinSize": "1", - "MaxSize": { - "Ref": "KongFleetMaxSize" - }, - "DesiredCapacity": { - "Ref": "KongFleetDesiredSize" - }, + "MaxSize": "1", + "DesiredCapacity": "1", "LoadBalancerNames": [ { "Fn::If" : [ "CreateVpcResources", {"Ref" : "KongLoadBalancerNewVPC"}, {"Ref" : "KongLoadBalancerExistingVPC"} ]} ], @@ -363,6 +357,65 @@ ] } }, + "ASGUpdateRole":{ + "Type":"AWS::IAM::Role", + "Properties":{ + "Path":"/", + "Policies":[ + { + "PolicyName":"ASGUpdateRole", + "PolicyDocument":{ + "Version":"2012-10-17", + "Statement":[ + { + "Action":[ + "ec2:Describe*", + "cloudformation:DescribeStackResource" + ], + "Resource":[ + "*" + ], + "Effect":"Allow" + }, + { + "Effect":"Allow", + "Action":"autoscaling:UpdateAutoScalingGroup", + "Resource":[ + "*" + ] + } + ] + } + } + ], + "AssumeRolePolicyDocument":{ + "Statement":[ + { + "Action":[ + "sts:AssumeRole" + ], + "Effect":"Allow", + "Principal":{ + "Service":[ + "ec2.amazonaws.com" + ] + } + } + ] + } + } + }, + "ASGUpdateProfile":{ + "Type":"AWS::IAM::InstanceProfile", + "Properties":{ + "Path":"/", + "Roles":[ + { + "Ref":"ASGUpdateRole" + } + ] + } + }, "KongLaunchConfig": { "Type": "AWS::AutoScaling::LaunchConfiguration", "Properties": { @@ -387,6 +440,9 @@ "Ref": "KongSecurityGroup" } ], + "IamInstanceProfile": { + "Ref":"ASGUpdateProfile" + }, "UserData": { "Fn::Base64": { "Fn::Join": [ @@ -396,18 +452,14 @@ "yum update -y aws-cfn-bootstrap\n", "echo '* soft nofile 65000' >> \/etc\/security\/limits.conf\n", "echo '* hard nofile 65000' >> \/etc\/security\/limits.conf\n", - "kong_version=",{ "Ref" : "KongVersion" }, "\n", - "wget -O kong.rpm https://github.com/Mashape/kong/releases/download/$kong_version/kong-$kong_version.aws.rpm\n", - "if [ -e \".\/kong.rpm\" ]\n", + "kong_version=-",{ "Ref" : "KongVersion" }, "\n", + "if [ \"$kong_version\" != \"\" ]\n", "then\n", - " echo \"Installing Kong...\" \n", - "else\n", - " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Failed to download Kong\" \n", - " echo \"failed to download kong, exiting...\" \n", - " exit\n", - "fi\n", - "yum install -y epel-release\n", - "yum install -y kong.rpm --nogpgcheck\n", + " kong_version=\"-$kong_version\"\n", + "fi\n", + "kong_migrations=",{ "Ref" : "KongMigration" }, "\n", + "KONG_ENV=\"", { "Fn::Join": [ " ", { "Ref": "KongConfigs" } ] }, "\"\n", + "export $KONG_ENV\n", "CASSANDRA_HOSTS=(\"", { "Fn::Join": [ "\" \"", { "Ref": "CassandraSeedNodes" } ] }, "\")\n", "for i in \"${CASSANDRA_HOSTS[@]}\"\n", "do\n", @@ -417,25 +469,41 @@ "export KONG_DATABASE=cassandra\n", "export KONG_CASSANDRA_CONTACT_POINTS\n", "export KONG_CASSANDRA_PORT=", {"Ref": "CassandraPort"}, "\n", - "export KONG_SERF_PATH=\/usr\/local\/bin\/serf\n", - "sleep `echo $(( RANDOM % ( 200 - 100 + 1 ) + 50 ))`\n", - "COUNTER=0\n", - "while [ $COUNTER -lt 4 ]; do\n", - " /usr/local/bin/kong health\n", - " if [[ $? -ne 0 ]]; then\n", - " echo \"trying to start kong..\"\n", - " su -s \/bin\/sh -c \"\/usr\/local\/bin\/kong start\" ec2-user\n", - " let COUNTER=COUNTER+1\n", - " sleep `echo $(( RANDOM % ( 120 - 30 + 1 ) + 30 ))`\n", - " else\n", - " /opt/aws/bin/cfn-signal -e 0 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Kong setup completed\" \n", - " break \n", - " fi\n", - "done\n", + "echo \"[kong] installing Kong with following environments:\" \n", + "env\n", + "mkdir \/usr\/local\/kong && chown ec2-user \/usr\/local\/kong \n", + "wget https://bintray.com/kong/kong-community-edition-aws/rpm -O bintray-kong-kong-community-edition-aws.repo\n", + "if [ \"$?\" -ne \"0\" ]\n", + "then\n", + " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"failed to install kong-community-edition$kong_version\" \n", + " echo \"[kong] failed to install kong-community-edition$kong_version, exiting...\" \n", + " exit\n", + "fi\n", + "mv bintray-kong-kong-community-edition-aws.repo /etc/yum.repos.d/\n", + "yum update -y\n", + "yum install -y epel-release\n", + "yum install -y kong-community-edition$kong_version --nogpgcheck\n", + "if [ \"$?\" -ne \"0\" ]\n", + "then\n", + " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"failed to install kong-community-edition$kong_version\" \n", + " echo \"[kong] failed to install kong-community-edition$kong_version, exiting...\" \n", + " exit\n", + "fi\n", + "if [ \"$kong_migrations\" == \"true\" ]\n", + "then\n", + " echo \"[kong] starting migrations...\" \n", + " su -s \/bin\/sh -c \"\/usr\/local\/bin\/kong migrations up\" ec2-user\n", + "fi\n", + "su -s \/bin\/sh -c \"\/usr\/local\/bin\/kong start\" ec2-user\n", "if ! /usr/local/bin/kong health; then\n", - " echo \"failed to start kong, exiting...\" \n", + " echo \"[kong] failed to start kong, exiting...\" \n", " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Failed to start Kong\" \n", - "fi\n" + " exit\n", + "fi\n", + "instance_id=`curl http://169.254.169.254/latest/meta-data/instance-id`\n", + "autoscale_group=`aws ec2 describe-tags --filters \"Name=resource-id,Values=$instance_id\"", " --region ", { "Ref":"AWS::Region" }, " \"Name=key,Values=aws:autoscaling:groupName\"", " | sed -ne 's\/[ ]*\"Value\":\\s\"\\(.*\\)\",\/\\1\/p'`\n", + "aws autoscaling update-auto-scaling-group --auto-scaling-group-name $autoscale_group", " --region ", { "Ref":"AWS::Region" }, " --max-size ", { "Ref" : "KongFleetMaxSize" }, " --desired-capacity ", { "Ref": "KongFleetDesiredSize"}, " \n", + "/opt/aws/bin/cfn-signal -e 0 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Kong setup completed\" \n" ] ] } @@ -456,18 +524,6 @@ ] } }, - "IngressUDP7946": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - }, - "IpProtocol": "udp", "FromPort": "7946", "ToPort": "7946", - "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - } - } - }, "Ingress7946": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { diff --git a/templates/kong-elb-postgres-optional-vpc-new-hvm.template b/templates/kong-elb-postgres-optional-vpc-new-hvm.template index 4447213..3544095 100644 --- a/templates/kong-elb-postgres-optional-vpc-new-hvm.template +++ b/templates/kong-elb-postgres-optional-vpc-new-hvm.template @@ -177,52 +177,55 @@ "ConstraintDescription": "must be a valid EC2 instance type." }, "KongVersion": { - "Description": "Kong version (Only 0.9.x and above supported)", + "Description": "Kong version (Only 0.11.x and above supported). Leave it blank to install latest version.", + "Type": "String" + }, + "KongMigration": { + "Description": "Run the Kong migrations by default, set it to false to disable migrations.", "Type": "String", - "Default": "0.10.3", + "Default": "true", "AllowedValues": [ - "0.10.3", - "0.10.2", - "0.10.1", - "0.10.0", - "0.9.9", - "0.9.8", - "0.9.7", - "0.9.6", - "0.9.5", - "0.9.4", - "0.9.3", - "0.9.2", - "0.9.1", - "0.9.0" - ] + "true", + "false" + ] + }, + "KongConfigs": { + "Description": "Kong configuration", + "Type": "CommaDelimitedList", + "ConstraintDescription": "must be in KONG_ENV1=v1[, KONG_ENV2=v2] format" } }, "Mappings": { "RegionKongAmiMap": { "us-east-1": { - "HVM": "ami-1ecae776" + "HVM": "ami-a4c7edb2" + }, + "us-east-2": { + "HVM": "ami-8a7859ef" }, "us-west-1": { - "HVM": "ami-d114f295" + "HVM": "ami-327f5352" }, "us-west-2": { - "HVM": "ami-e7527ed7" + "HVM": "ami-6df1e514" }, "eu-west-1" : { - "HVM": "ami-a10897d6" + "HVM": "ami-d7b9a2b1" + }, + "eu-west-2" : { + "HVM": "ami-ed100689" }, - "ap-northeast-1" : { - "HVM": "ami-cbf90ecb" + "eu-central-1" : { + "HVM": "ami-87dab1eb" }, "ap-southeast-1" : { - "HVM": "ami-68d8e93a" + "HVM": "ami-77af2014" }, "ap-southeast-2" : { - "HVM": "ami-fd9cecc7" + "HVM": "ami-10918173" }, "sa-east-1" : { - "HVM" : "ami-b52890a8" + "HVM" : "ami-87dab1eb" } } }, @@ -369,15 +372,14 @@ ] } }, - "KongScalingGroup": { "Type": "AWS::AutoScaling::AutoScalingGroup", "CreationPolicy": { - "ResourceSignal": { - "Count" : { "Ref" : "KongFleetDesiredSize" }, - "Timeout": "PT15M" - } - }, + "ResourceSignal": { + "Count" : { "Ref" : "KongFleetDesiredSize" }, + "Timeout": "PT15M" + } + }, "Properties": { "AvailabilityZones" : [{ "Fn::GetAtt" : [ "PublicSubnet1", "AvailabilityZone" ] }, { "Fn::GetAtt" : [ "PublicSubnet2", "AvailabilityZone" ] }], "VPCZoneIdentifier" : [{ "Ref" : "PublicSubnet1" }, { "Ref" : "PublicSubnet2" }], @@ -385,12 +387,8 @@ "Ref": "KongLaunchConfig" }, "MinSize": "1", - "MaxSize": { - "Ref": "KongFleetMaxSize" - }, - "DesiredCapacity": { - "Ref": "KongFleetDesiredSize" - }, + "MaxSize": "1", + "DesiredCapacity": "1", "LoadBalancerNames": [ {"Ref" : "KongLoadBalancerNewVPC"} ], @@ -399,6 +397,65 @@ ] } }, + "ASGUpdateRole":{ + "Type":"AWS::IAM::Role", + "Properties":{ + "Path":"/", + "Policies":[ + { + "PolicyName":"ASGUpdateRole", + "PolicyDocument":{ + "Version":"2012-10-17", + "Statement":[ + { + "Action":[ + "ec2:Describe*", + "cloudformation:DescribeStackResource" + ], + "Resource":[ + "*" + ], + "Effect":"Allow" + }, + { + "Effect":"Allow", + "Action":"autoscaling:UpdateAutoScalingGroup", + "Resource":[ + "*" + ] + } + ] + } + } + ], + "AssumeRolePolicyDocument":{ + "Statement":[ + { + "Action":[ + "sts:AssumeRole" + ], + "Effect":"Allow", + "Principal":{ + "Service":[ + "ec2.amazonaws.com" + ] + } + } + ] + } + } + }, + "ASGUpdateProfile":{ + "Type":"AWS::IAM::InstanceProfile", + "Properties":{ + "Path":"/", + "Roles":[ + { + "Ref":"ASGUpdateRole" + } + ] + } + }, "KongLaunchConfig": { "Type": "AWS::AutoScaling::LaunchConfiguration", "Properties": { @@ -423,6 +480,9 @@ "Ref": "KongSecurityGroup" } ], + "IamInstanceProfile": { + "Ref":"ASGUpdateProfile" + }, "UserData": { "Fn::Base64": { "Fn::Join": [ @@ -433,42 +493,54 @@ "echo '* soft nofile 65000' >> \/etc\/security\/limits.conf\n", "echo '* hard nofile 65000' >> \/etc\/security\/limits.conf\n", "kong_version=",{ "Ref" : "KongVersion" }, "\n", - "wget -O kong.rpm https://github.com/Mashape/kong/releases/download/$kong_version/kong-$kong_version.aws.rpm\n", - "if [ -e \".\/kong.rpm\" ]\n", + "if [ \"$kong_version\" != \"\" ]\n", "then\n", - " echo \"Installing Kong...\" \n", - "else\n", - " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Failed to download Kong\" \n", - " echo \"failed to download kong, exiting...\" \n", - " exit\n", - "fi\n", - "yum install -y epel-release\n", - "yum install -y kong.rpm --nogpgcheck\n", - "export KONG_DATABASE=postgres\n", + " kong_version=\"-$kong_version\"\n", + "fi\n", + "kong_migrations=",{ "Ref" : "KongMigration" }, "\n", + "KONG_ENV=\"", { "Fn::Join": [ " ", { "Ref": "KongConfigs" } ] }, "\"\n", + "export $KONG_ENV\n", + "export KONG_DATABASE=postgres\n", "export KONG_PG_HOST=", { "Fn::If" : [ "CreateRDS", { "Fn::GetAtt" : [ "PostgresDB", "Endpoint.Address" ] }, {"Ref" : "DBHost"}] }, "\n", "export KONG_PG_PORT=", { "Fn::If" : [ "CreateRDS", { "Fn::GetAtt" : [ "PostgresDB", "Endpoint.Port" ] }, {"Ref" : "DBPort"}] }, "\n", "export KONG_PG_USER=", { "Ref" : "DBUsername" }, "\n", "export KONG_PG_DATABASE=", { "Ref" : "DBName" }, "\n", "export KONG_PG_PASSWORD=", { "Ref" : "DBPassword" }, "\n", - "export KONG_SERF_PATH=\/usr\/local\/bin\/serf\n", - "sleep `echo $(( RANDOM % ( 120 - 30 + 1 ) + 30 ))`\n", - "COUNTER=0\n", - "while [ $COUNTER -lt 4 ]; do\n", - " /usr/local/bin/kong health\n", - " if [[ $? -ne 0 ]]; then\n", - " echo \"trying to start kong..\"\n", - " su -s \/bin\/sh -c \"\/usr\/local\/bin\/kong start\" ec2-user\n", - " let COUNTER=COUNTER+1\n", - " sleep `echo $(( RANDOM % ( 120 - 30 + 1 ) + 30 ))`\n", - " else\n", - " /opt/aws/bin/cfn-signal -e 0 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Kong setup completed\" \n", - " break \n", - " fi\n", - "done\n", + "echo \"[kong] installing Kong with following environments:\" \n", + "env\n", + "mkdir \/usr\/local\/kong && chown ec2-user \/usr\/local\/kong \n", + "wget https://bintray.com/kong/kong-community-edition-aws/rpm -O bintray-kong-kong-community-edition-aws.repo\n", + "if [ \"$?\" -ne \"0\" ]\n", + "then\n", + " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"failed to install kong-community-edition$kong_version\" \n", + " echo \"[kong] failed to install kong-community-edition$kong_version, exiting...\" \n", + " exit\n", + "fi\n", + "mv bintray-kong-kong-community-edition-aws.repo /etc/yum.repos.d/\n", + "yum update -y\n", + "yum install -y epel-release\n", + "yum install -y kong-community-edition$kong_version --nogpgcheck\n", + "if [ \"$?\" -ne \"0\" ]\n", + "then\n", + " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"failed to install kong$kong_version.aws.rpm\" \n", + " echo \"[kong] failed to install kong-$kong_version.aws.rpm, exiting...\" \n", + " exit\n", + "fi\n", + "if [ \"$kong_migrations\" == \"true\" ]\n", + "then\n", + " echo \"[kong] starting migrations...\" \n", + " su -s \/bin\/sh -c \"\/usr\/local\/bin\/kong migrations up\" ec2-user\n", + "fi\n", + "su -s \/bin\/sh -c \"\/usr\/local\/bin\/kong start\" ec2-user\n", "if ! /usr/local/bin/kong health; then\n", - " echo \"failed to start kong, exiting...\" \n", + " echo \"[kong] failed to start kong, exiting...\" \n", " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Failed to start Kong\" \n", - "fi\n" + " exit\n", + "fi\n", + "instance_id=`curl http://169.254.169.254/latest/meta-data/instance-id`\n", + "autoscale_group=`aws ec2 describe-tags --filters \"Name=resource-id,Values=$instance_id\"", " --region ", { "Ref":"AWS::Region" }, " \"Name=key,Values=aws:autoscaling:groupName\"", " | sed -ne 's\/[ ]*\"Value\":\\s\"\\(.*\\)\",\/\\1\/p'`\n", + "aws autoscaling update-auto-scaling-group --auto-scaling-group-name $autoscale_group", " --region ", { "Ref":"AWS::Region" }, " --max-size ", { "Ref" : "KongFleetMaxSize" }, " --desired-capacity ", { "Ref": "KongFleetDesiredSize"}, " \n", + "/opt/aws/bin/cfn-signal -e 0 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Kong setup completed\" \n" ] ] } @@ -501,18 +573,6 @@ } } }, - "IngressUDP7946": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - }, - "IpProtocol": "udp", "FromPort": "7946", "ToPort": "7946", - "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - } - } - }, "DBSubnetGroup" : { "Type" : "AWS::RDS::DBSubnetGroup", "Condition" : "CreateRDS", diff --git a/templates/kong-elb-postgres-optional-vpc-optional-hvm.template b/templates/kong-elb-postgres-optional-vpc-optional-hvm.template index cb3fd10..c95d4b5 100644 --- a/templates/kong-elb-postgres-optional-vpc-optional-hvm.template +++ b/templates/kong-elb-postgres-optional-vpc-optional-hvm.template @@ -227,52 +227,55 @@ "ConstraintDescription": "must be a valid EC2 instance type." }, "KongVersion": { - "Description": "Kong version (Only 0.9.x and above supported)", + "Description": "Kong version (Only 0.11.x and above supported). Leave it blank to install latest version.", + "Type": "String" + }, + "KongMigration": { + "Description": "Run the Kong migrations by default, set it to false to disable migrations.", "Type": "String", - "Default": "0.10.3", + "Default": "true", "AllowedValues": [ - "0.10.3", - "0.10.2", - "0.10.1", - "0.10.0", - "0.9.9", - "0.9.8", - "0.9.7", - "0.9.6", - "0.9.5", - "0.9.4", - "0.9.3", - "0.9.2", - "0.9.1", - "0.9.0" - ] + "true", + "false" + ] + }, + "KongConfigs": { + "Description": "Kong configuration", + "Type": "CommaDelimitedList", + "ConstraintDescription": "must be in KONG_ENV1=v1[, KONG_ENV2=v2] format" } }, "Mappings": { "RegionKongAmiMap": { "us-east-1": { - "HVM": "ami-1ecae776" + "HVM": "ami-a4c7edb2" + }, + "us-east-2": { + "HVM": "ami-8a7859ef" }, "us-west-1": { - "HVM": "ami-d114f295" + "HVM": "ami-327f5352" }, "us-west-2": { - "HVM": "ami-e7527ed7" + "HVM": "ami-6df1e514" }, "eu-west-1" : { - "HVM": "ami-a10897d6" + "HVM": "ami-d7b9a2b1" + }, + "eu-west-2" : { + "HVM": "ami-ed100689" }, - "ap-northeast-1" : { - "HVM": "ami-cbf90ecb" + "eu-central-1" : { + "HVM": "ami-87dab1eb" }, "ap-southeast-1" : { - "HVM": "ami-68d8e93a" + "HVM": "ami-77af2014" }, "ap-southeast-2" : { - "HVM": "ami-fd9cecc7" + "HVM": "ami-10918173" }, "sa-east-1" : { - "HVM" : "ami-b52890a8" + "HVM" : "ami-87dab1eb" } } }, @@ -323,7 +326,6 @@ "Properties" : { "VpcId" : { "Ref" : "VPC" }, "CidrBlock" : "10.0.4.0/23", - "AvailabilityZone" : { "Fn::Select" : [ "1", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } } ] }, "AvailabilityZone" : { "Fn::If" : [ "UseAZParameter", { "Ref" : "Subnet2AZ" }, { "Fn::Select" : [ "1", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } } ] } ] }, "Tags" : [ { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }, @@ -414,7 +416,6 @@ } } }, - "KongLoadBalancerExistingVPC": { "Condition" : "ExistingVpcResources", "Type": "AWS::ElasticLoadBalancing::LoadBalancer", @@ -459,14 +460,13 @@ ] } }, - "KongScalingGroup": { "Type": "AWS::AutoScaling::AutoScalingGroup", "CreationPolicy": { - "ResourceSignal": { - "Count" : { "Ref" : "KongFleetDesiredSize" }, - "Timeout": "PT15M" - } + "ResourceSignal": { + "Count" : { "Ref" : "KongFleetDesiredSize" }, + "Timeout": "PT15M" + } }, "Properties": { "AvailabilityZones" : { "Fn::If" : [ "CreateVpcResources", [{ "Fn::GetAtt" : [ "PublicSubnet1", "AvailabilityZone" ] }, { "Fn::GetAtt" : [ "PublicSubnet2", "AvailabilityZone" ] }], [{ "Ref" : "Subnet1AZ" }, { "Ref" : "Subnet2AZ" }]]}, @@ -475,12 +475,8 @@ "Ref": "KongLaunchConfig" }, "MinSize": "1", - "MaxSize": { - "Ref": "KongFleetMaxSize" - }, - "DesiredCapacity": { - "Ref": "KongFleetDesiredSize" - }, + "MaxSize": "1", + "DesiredCapacity": "1", "LoadBalancerNames": [ { "Fn::If" : [ "CreateVpcResources", {"Ref" : "KongLoadBalancerNewVPC"}, {"Ref" : "KongLoadBalancerExistingVPC"} ]} ], @@ -489,6 +485,65 @@ ] } }, + "ASGUpdateRole":{ + "Type":"AWS::IAM::Role", + "Properties":{ + "Path":"/", + "Policies":[ + { + "PolicyName":"ASGUpdateRole", + "PolicyDocument":{ + "Version":"2012-10-17", + "Statement":[ + { + "Action":[ + "ec2:Describe*", + "cloudformation:DescribeStackResource" + ], + "Resource":[ + "*" + ], + "Effect":"Allow" + }, + { + "Effect":"Allow", + "Action":"autoscaling:UpdateAutoScalingGroup", + "Resource":[ + "*" + ] + } + ] + } + } + ], + "AssumeRolePolicyDocument":{ + "Statement":[ + { + "Action":[ + "sts:AssumeRole" + ], + "Effect":"Allow", + "Principal":{ + "Service":[ + "ec2.amazonaws.com" + ] + } + } + ] + } + } + }, + "ASGUpdateProfile":{ + "Type":"AWS::IAM::InstanceProfile", + "Properties":{ + "Path":"/", + "Roles":[ + { + "Ref":"ASGUpdateRole" + } + ] + } + }, "KongLaunchConfig": { "Type": "AWS::AutoScaling::LaunchConfiguration", "Properties": { @@ -513,6 +568,9 @@ "Ref": "KongSecurityGroup" } ], + "IamInstanceProfile": { + "Ref":"ASGUpdateProfile" + }, "UserData": { "Fn::Base64": { "Fn::Join": [ @@ -523,42 +581,54 @@ "echo '* soft nofile 65000' >> \/etc\/security\/limits.conf\n", "echo '* hard nofile 65000' >> \/etc\/security\/limits.conf\n", "kong_version=",{ "Ref" : "KongVersion" }, "\n", - "wget -O kong.rpm https://github.com/Mashape/kong/releases/download/$kong_version/kong-$kong_version.aws.rpm\n", - "if [ -e \".\/kong.rpm\" ]\n", + "if [ \"$kong_version\" != \"\" ]\n", "then\n", - " echo \"Installing Kong...\" \n", - "else\n", - " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Failed to download Kong\" \n", - " echo \"failed to download kong, exiting...\" \n", - " exit\n", - "fi\n", - "yum install -y epel-release\n", - "yum install -y kong.rpm --nogpgcheck\n", + " kong_version=\"-$kong_version\"\n", + "fi\n", + "kong_migrations=",{ "Ref" : "KongMigration" }, "\n", + "KONG_ENV=\"", { "Fn::Join": [ " ", { "Ref": "KongConfigs" } ] }, "\"\n", + "export $KONG_ENV\n", "export KONG_DATABASE=postgres\n", "export KONG_PG_HOST=", { "Fn::If" : [ "CreateRDS", { "Fn::GetAtt" : [ "PostgresDB", "Endpoint.Address" ] }, {"Ref" : "DBHost"}] }, "\n", "export KONG_PG_PORT=", { "Fn::If" : [ "CreateRDS", { "Fn::GetAtt" : [ "PostgresDB", "Endpoint.Port" ] }, {"Ref" : "DBPort"}] }, "\n", "export KONG_PG_USER=", { "Ref" : "DBUsername" }, "\n", "export KONG_PG_DATABASE=", { "Ref" : "DBName" }, "\n", "export KONG_PG_PASSWORD=", { "Ref" : "DBPassword" }, "\n", - "export KONG_SERF_PATH=\/usr\/local\/bin\/serf\n", - "sleep `echo $(( RANDOM % ( 120 - 30 + 1 ) + 30 ))`\n", - "COUNTER=0\n", - "while [ $COUNTER -lt 4 ]; do\n", - " /usr/local/bin/kong health\n", - " if [[ $? -ne 0 ]]; then\n", - " echo \"trying to start kong..\"\n", - " su -s \/bin\/sh -c \"\/usr\/local\/bin\/kong start\" ec2-user\n", - " let COUNTER=COUNTER+1\n", - " sleep `echo $(( RANDOM % ( 120 - 30 + 1 ) + 30 ))`\n", - " else\n", - " /opt/aws/bin/cfn-signal -e 0 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Kong setup completed\" \n", - " break \n", - " fi\n", - "done\n", + "echo \"[kong] installing Kong with following environments:\" \n", + "env\n", + "mkdir \/usr\/local\/kong && chown ec2-user \/usr\/local\/kong \n", + "wget https://bintray.com/kong/kong-community-edition-aws/rpm -O bintray-kong-kong-community-edition-aws.repo\n", + "if [ \"$?\" -ne \"0\" ]\n", + "then\n", + " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"failed to install kong-community-edition$kong_version\" \n", + " echo \"[kong] failed to install kong-community-edition$kong_version, exiting...\" \n", + " exit\n", + "fi\n", + "mv bintray-kong-kong-community-edition-aws.repo /etc/yum.repos.d/\n", + "yum update -y\n", + "yum install -y epel-release\n", + "yum install -y kong-community-edition$kong_version --nogpgcheck\n", + "if [ \"$?\" -ne \"0\" ]\n", + "then\n", + " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"failed to install kong$kong_version.aws.rpm\" \n", + " echo \"[kong] failed to install kong-$kong_version.aws.rpm, exiting...\" \n", + " exit\n", + "fi\n", + "if [ \"$kong_migrations\" == \"true\" ]\n", + "then\n", + " echo \"[kong] starting migrations...\" \n", + " su -s \/bin\/sh -c \"\/usr\/local\/bin\/kong migrations up\" ec2-user\n", + "fi\n", + "su -s \/bin\/sh -c \"\/usr\/local\/bin\/kong start\" ec2-user\n", "if ! /usr/local/bin/kong health; then\n", - " echo \"failed to start kong, exiting...\" \n", + " echo \"[kong] failed to start kong, exiting...\" \n", " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Failed to start Kong\" \n", - "fi\n" + " exit\n", + "fi\n", + "instance_id=`curl http://169.254.169.254/latest/meta-data/instance-id`\n", + "autoscale_group=`aws ec2 describe-tags --filters \"Name=resource-id,Values=$instance_id\"", " --region ", { "Ref":"AWS::Region" }, " \"Name=key,Values=aws:autoscaling:groupName\"", " | sed -ne 's\/[ ]*\"Value\":\\s\"\\(.*\\)\",\/\\1\/p'`\n", + "aws autoscaling update-auto-scaling-group --auto-scaling-group-name $autoscale_group", " --region ", { "Ref":"AWS::Region" }, " --max-size ", { "Ref" : "KongFleetMaxSize" }, " --desired-capacity ", { "Ref": "KongFleetDesiredSize"}, " \n", + "/opt/aws/bin/cfn-signal -e 0 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Kong setup completed\" \n" ] ] } @@ -591,18 +661,6 @@ } } }, - "IngressUDP7946": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - }, - "IpProtocol": "udp", "FromPort": "7946", "ToPort": "7946", - "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - } - } - }, "DBSubnetGroup" : { "Type" : "AWS::RDS::DBSubnetGroup", "Condition" : "CreateRDS", diff --git a/templates/kong-elb-postgres-optional-vpc-optional-pv.template b/templates/kong-elb-postgres-optional-vpc-optional-pv.template index 305c71f..d9eb756 100644 --- a/templates/kong-elb-postgres-optional-vpc-optional-pv.template +++ b/templates/kong-elb-postgres-optional-vpc-optional-pv.template @@ -216,52 +216,52 @@ "ConstraintDescription": "must be a valid EC2 instance type." }, "KongVersion": { - "Description": "Kong version (Only 0.9.x and above supported)", + "Description": "Kong version (Only 0.11.x and above supported). Leave it blank to install latest version.", + "Type": "String" + }, + "KongMigration": { + "Description": "Run the Kong migrations by default, set it to false to disable migrations.", "Type": "String", - "Default": "0.10.3", + "Default": "true", "AllowedValues": [ - "0.10.3", - "0.10.2", - "0.10.1", - "0.10.0", - "0.9.9", - "0.9.8", - "0.9.7", - "0.9.6", - "0.9.5", - "0.9.4", - "0.9.3", - "0.9.2", - "0.9.1", - "0.9.0" - ] + "true", + "false" + ] + }, + "KongConfigs": { + "Description": "Kong configuration", + "Type": "CommaDelimitedList", + "ConstraintDescription": "must be in KONG_ENV1=v1[, KONG_ENV2=v2] format" } }, "Mappings": { "RegionKongAmiMap": { "us-east-1": { - "PV": "ami-1ccae774" + "PV": "ami-abc1ebbd" }, "us-west-1": { - "PV": "ami-d514f291" + "PV": "ami-347e5254" }, "us-west-2": { - "PV": "ami-ff527ecf" + "PV": "ami-98f3e7e1" + }, + "eu-west-1": { + "PV": "ami-c4bba0a2" }, - "eu-west-1" : { - "PV": "ami-bf0897c8" + "eu-central-1": { + "PV": "ami-4dbc1a22" }, - "ap-northeast-1" : { - "PV": "ami-27f90e27" + "ap-northeast-1": { + "PV": "ami-d3d3c4b4" }, - "ap-southeast-1" : { - "PV": "ami-acd9e8fe" + "ap-southeast-1": { + "PV": "ami-42901f21" }, - "ap-southeast-2" : { - "PV": "ami-ff9cecc5" + "ap-southeast-2": { + "PV": "ami-43918120" }, - "sa-east-1" : { - "PV" : "ami-bb2890a6" + "sa-east-1": { + "PV": "ami-1cdab170" } } }, @@ -312,7 +312,6 @@ "Properties" : { "VpcId" : { "Ref" : "VPC" }, "CidrBlock" : "10.0.4.0/23", - "AvailabilityZone" : { "Fn::Select" : [ "1", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } } ] }, "AvailabilityZone" : { "Fn::If" : [ "UseAZParameter", { "Ref" : "Subnet2AZ" }, { "Fn::Select" : [ "1", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } } ] } ] }, "Tags" : [ { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }, @@ -403,7 +402,6 @@ } } }, - "KongLoadBalancerExistingVPC": { "Condition" : "ExistingVpcResources", "Type": "AWS::ElasticLoadBalancing::LoadBalancer", @@ -448,15 +446,14 @@ ] } }, - "KongScalingGroup": { "Type": "AWS::AutoScaling::AutoScalingGroup", "CreationPolicy": { - "ResourceSignal": { - "Count" : { "Ref" : "KongFleetDesiredSize" }, - "Timeout": "PT15M" - } - }, + "ResourceSignal": { + "Count" : { "Ref" : "KongFleetDesiredSize" }, + "Timeout": "PT15M" + } + }, "Properties": { "AvailabilityZones" : { "Fn::If" : [ "CreateVpcResources", [{ "Fn::GetAtt" : [ "PublicSubnet1", "AvailabilityZone" ] }, { "Fn::GetAtt" : [ "PublicSubnet2", "AvailabilityZone" ] }], [{ "Ref" : "Subnet1AZ" }, { "Ref" : "Subnet2AZ" }]]}, "VPCZoneIdentifier" : { "Fn::If" : [ "CreateVpcResources", [ { "Fn::Join" : [",", [ { "Ref" : "PublicSubnet1" }, { "Ref" : "PublicSubnet2" } ] ] } ], [{ "Ref" : "SubnetId1" }, { "Ref" : "SubnetId2" }] ] }, @@ -464,12 +461,8 @@ "Ref": "KongLaunchConfig" }, "MinSize": "1", - "MaxSize": { - "Ref": "KongFleetMaxSize" - }, - "DesiredCapacity": { - "Ref": "KongFleetDesiredSize" - }, + "MaxSize": "1", + "DesiredCapacity": "1", "LoadBalancerNames": [ { "Fn::If" : [ "CreateVpcResources", {"Ref" : "KongLoadBalancerNewVPC"}, {"Ref" : "KongLoadBalancerExistingVPC"} ]} ], @@ -502,6 +495,9 @@ "Ref": "KongSecurityGroup" } ], + "IamInstanceProfile": { + "Ref":"ASGUpdateProfile" + }, "UserData": { "Fn::Base64": { "Fn::Join": [ @@ -512,48 +508,119 @@ "echo '* soft nofile 65000' >> \/etc\/security\/limits.conf\n", "echo '* hard nofile 65000' >> \/etc\/security\/limits.conf\n", "kong_version=",{ "Ref" : "KongVersion" }, "\n", - "wget -O kong.rpm https://github.com/Mashape/kong/releases/download/$kong_version/kong-$kong_version.aws.rpm\n", - "if [ -e \".\/kong.rpm\" ]\n", + "if [ \"$kong_version\" != \"\" ]\n", "then\n", - " echo \"Installing Kong...\" \n", - "else\n", - " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Failed to download Kong\" \n", - " echo \"failed to download kong, exiting...\" \n", - " exit\n", - "fi\n", - "yum install -y epel-release\n", - "yum install -y kong.rpm --nogpgcheck\n", + " kong_version=\"-$kong_version\"\n", + "fi\n", + "kong_migrations=",{ "Ref" : "KongMigration" }, "\n", + "KONG_ENV=\"", { "Fn::Join": [ " ", { "Ref": "KongConfigs" } ] }, "\"\n", + "export $KONG_ENV\n", "export KONG_DATABASE=postgres\n", "export KONG_PG_HOST=", { "Fn::If" : [ "CreateRDS", { "Fn::GetAtt" : [ "PostgresDB", "Endpoint.Address" ] }, {"Ref" : "DBHost"}] }, "\n", "export KONG_PG_PORT=", { "Fn::If" : [ "CreateRDS", { "Fn::GetAtt" : [ "PostgresDB", "Endpoint.Port" ] }, {"Ref" : "DBPort"}] }, "\n", "export KONG_PG_USER=", { "Ref" : "DBUsername" }, "\n", "export KONG_PG_DATABASE=", { "Ref" : "DBName" }, "\n", "export KONG_PG_PASSWORD=", { "Ref" : "DBPassword" }, "\n", - "export KONG_SERF_PATH=\/usr\/local\/bin\/serf\n", - "sleep `echo $(( RANDOM % ( 120 - 30 + 1 ) + 30 ))`\n", - "COUNTER=0\n", - "while [ $COUNTER -lt 4 ]; do\n", - " /usr/local/bin/kong health\n", - " if [[ $? -ne 0 ]]; then\n", - " echo \"trying to start kong..\"\n", - " su -s \/bin\/sh -c \"\/usr\/local\/bin\/kong start\" ec2-user\n", - " let COUNTER=COUNTER+1\n", - " sleep `echo $(( RANDOM % ( 120 - 30 + 1 ) + 30 ))`\n", - " else\n", - " /opt/aws/bin/cfn-signal -e 0 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Kong setup completed\" \n", - " break \n", - " fi\n", - "done\n", + "echo \"[kong] installing Kong with following environments:\" \n", + "env\n", + "mkdir \/usr\/local\/kong && chown ec2-user \/usr\/local\/kong \n", + "wget https://bintray.com/kong/kong-community-edition-aws/rpm -O bintray-kong-kong-community-edition-aws.repo\n", + "if [ \"$?\" -ne \"0\" ]\n", + "then\n", + " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"failed to set Kong rpm repo\" \n", + " echo \"[kong] failed to set Kong rpm repo, exiting...\" \n", + " exit\n", + "fi\n", + "mv bintray-kong-kong-community-edition-aws.repo /etc/yum.repos.d/\n", + "yum update -y\n", + "yum install -y epel-release\n", + "yum install -y kong-community-edition$kong_version --nogpgcheck\n", + "if [ \"$?\" -ne \"0\" ]\n", + "then\n", + " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"failed to install kong-community-edition$kong_version\" \n", + " echo \"[kong] failed to install kong-community-edition$kong_version, exiting...\" \n", + " exit\n", + "fi\n", + "if [ \"$kong_migrations\" == \"true\" ]\n", + "then\n", + " echo \"[kong] starting migrations...\" \n", + " su -s \/bin\/sh -c \"\/usr\/local\/bin\/kong migrations up\" ec2-user\n", + "fi\n", + "su -s \/bin\/sh -c \"\/usr\/local\/bin\/kong start\" ec2-user\n", "if ! /usr/local/bin/kong health; then\n", - " echo \"failed to start kong, exiting...\" \n", + " echo \"[kong] failed to start kong, exiting...\" \n", " /opt/aws/bin/cfn-signal -e 1 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Failed to start Kong\" \n", - "fi\n" + " exit\n", + "fi\n", + "instance_id=`curl http://169.254.169.254/latest/meta-data/instance-id`\n", + "autoscale_group=`aws ec2 describe-tags --filters \"Name=resource-id,Values=$instance_id\"", " --region ", { "Ref":"AWS::Region" }, " \"Name=key,Values=aws:autoscaling:groupName\"", " | sed -ne 's\/[ ]*\"Value\":\\s\"\\(.*\\)\",\/\\1\/p'`\n", + "aws autoscaling update-auto-scaling-group --auto-scaling-group-name $autoscale_group", " --region ", { "Ref":"AWS::Region" }, " --max-size ", { "Ref" : "KongFleetMaxSize" }, " --desired-capacity ", { "Ref": "KongFleetDesiredSize"}, " \n", + "/opt/aws/bin/cfn-signal -e 0 --stack ", { "Ref": "AWS::StackName" }, " --resource KongScalingGroup "," --region ", { "Ref" : "AWS::Region" }, " --reason \"Kong setup completed\" \n" ] ] } } } }, + "ASGUpdateRole":{ + "Type":"AWS::IAM::Role", + "Properties":{ + "Path":"/", + "Policies":[ + { + "PolicyName":"ASGUpdateRole", + "PolicyDocument":{ + "Version":"2012-10-17", + "Statement":[ + { + "Action":[ + "ec2:Describe*", + "cloudformation:DescribeStackResource" + ], + "Resource":[ + "*" + ], + "Effect":"Allow" + }, + { + "Effect":"Allow", + "Action":"autoscaling:UpdateAutoScalingGroup", + "Resource":[ + "*" + ] + } + ] + } + } + ], + "AssumeRolePolicyDocument":{ + "Statement":[ + { + "Action":[ + "sts:AssumeRole" + ], + "Effect":"Allow", + "Principal":{ + "Service":[ + "ec2.amazonaws.com" + ] + } + } + ] + } + } + }, + "ASGUpdateProfile":{ + "Type":"AWS::IAM::InstanceProfile", + "Properties":{ + "Path":"/", + "Roles":[ + { + "Ref":"ASGUpdateRole" + } + ] + } + }, "KongSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { @@ -568,30 +635,6 @@ ] } }, - "Ingress7946": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - }, - "IpProtocol": "tcp", "FromPort": "7946", "ToPort": "7946", - "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - } - } - }, - "IngressUDP7946": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId" : { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - }, - "IpProtocol": "udp", "FromPort": "7946", "ToPort": "7946", - "SourceSecurityGroupId": { - "Fn::GetAtt" : [ "KongSecurityGroup", "GroupId" ] - } - } - }, "DBSubnetGroup" : { "Type" : "AWS::RDS::DBSubnetGroup", "Condition" : "CreateRDS",