From 4ea882b95445c7fc027342872781bbc0d4055744 Mon Sep 17 00:00:00 2001 From: David Surey Date: Thu, 6 May 2021 20:44:05 +0200 Subject: [PATCH 01/18] update BBB to 2.3.0 per default --- bbb-on-aws-param.json | 4 ++-- templates/bbb-on-aws-amifinder.template.yaml | 2 +- templates/bbb-on-aws-bbbappscalable.template.yaml | 2 +- templates/bbb-on-aws-bbbappsingle.template.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bbb-on-aws-param.json b/bbb-on-aws-param.json index 76bf655..b4c4c4d 100755 --- a/bbb-on-aws-param.json +++ b/bbb-on-aws-param.json @@ -1,7 +1,7 @@ { "Parameters" : { - "BBBApplicationVersion": "xenial-22", - "BBBApplicationInstanceOSVersion": "xenial-16.04", + "BBBApplicationVersion": "bionic-230", + "BBBApplicationInstanceOSVersion": "bionic-18.04", "BBBTurnInstanceOSVersion": "focal-20.04", "BBBECSInstanceType": "t3a.medium", "BBBApplicationInstanceType": "t3a.medium", diff --git a/templates/bbb-on-aws-amifinder.template.yaml b/templates/bbb-on-aws-amifinder.template.yaml index 87af00d..57cb8e7 100644 --- a/templates/bbb-on-aws-amifinder.template.yaml +++ b/templates/bbb-on-aws-amifinder.template.yaml @@ -18,7 +18,7 @@ Parameters: - focal-20.04 BBBApplicationInstanceOSVersion: Description: Ubuntu Version to be deployed for Application Instances - Default: xenial-16.04 + Default: bionic-18.04 Type: String AllowedValues: - xenial-16.04 diff --git a/templates/bbb-on-aws-bbbappscalable.template.yaml b/templates/bbb-on-aws-bbbappscalable.template.yaml index b0014ed..47b95e9 100644 --- a/templates/bbb-on-aws-bbbappscalable.template.yaml +++ b/templates/bbb-on-aws-bbbappscalable.template.yaml @@ -12,7 +12,7 @@ Parameters: BBBApplicationVersion: Description: Database engine version for Aurora PostgreSQL Type: String - Default: xenial-22 + Default: bionic-230 BBBOperatorEMail: Description: E-Mail address to notify if there are any operational issues Type: String diff --git a/templates/bbb-on-aws-bbbappsingle.template.yaml b/templates/bbb-on-aws-bbbappsingle.template.yaml index 43d9d68..0402b9c 100644 --- a/templates/bbb-on-aws-bbbappsingle.template.yaml +++ b/templates/bbb-on-aws-bbbappsingle.template.yaml @@ -12,7 +12,7 @@ Parameters: BBBApplicationVersion: Description: Database engine version for Aurora PostgreSQL Type: String - Default: xenial-22 + Default: bionic-230 BBBOperatorEMail: Description: E-Mail address to notify if there are any operational issues Type: String From 1d17b79bf5b6e8bd2e5c89da4009e9d7e6bf9dc0 Mon Sep 17 00:00:00 2001 From: David Surey Date: Thu, 6 May 2021 21:15:41 +0200 Subject: [PATCH 02/18] fixing #75, aurora-postgresql10 if serverless --- templates/bbb-on-aws-database.template.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/bbb-on-aws-database.template.yaml b/templates/bbb-on-aws-database.template.yaml index f2966d5..b4a226f 100755 --- a/templates/bbb-on-aws-database.template.yaml +++ b/templates/bbb-on-aws-database.template.yaml @@ -156,7 +156,7 @@ Resources: DBClusterIdentifier: Ref: BBBRDSCluster DBParameterGroupName: - Ref: "BBBRDSDBParameterGroupPostgres12" + Ref: BBBRDSDBParameterGroupPostgres12 AvailabilityZone: Fn::Select: - '0' @@ -191,7 +191,7 @@ Resources: Type: AWS::RDS::DBParameterGroup Properties: Description: Aurora PG 12 Database Instance Parameter Group for Cloudformation Stack - Family: aurora-postgresql12 + Family: !If [ BBBServerlessAurora, aurora-postgresql12, aurora-postgresql10 ] Parameters: shared_preload_libraries: auto_explain,pg_stat_statements,pg_hint_plan,pgaudit log_statement: "ddl" From babe5242798ea4341d3a4610db067abbeab43b33 Mon Sep 17 00:00:00 2001 From: David Surey Date: Thu, 6 May 2021 21:16:59 +0200 Subject: [PATCH 03/18] fixing #75, aurora-postgresql10 if serverless --- templates/bbb-on-aws-database.template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/bbb-on-aws-database.template.yaml b/templates/bbb-on-aws-database.template.yaml index b4a226f..1c19eb4 100755 --- a/templates/bbb-on-aws-database.template.yaml +++ b/templates/bbb-on-aws-database.template.yaml @@ -191,7 +191,7 @@ Resources: Type: AWS::RDS::DBParameterGroup Properties: Description: Aurora PG 12 Database Instance Parameter Group for Cloudformation Stack - Family: !If [ BBBServerlessAurora, aurora-postgresql12, aurora-postgresql10 ] + Family: !If [ BBBServerlessAurora, aurora-postgresql10, aurora-postgresql12 ] Parameters: shared_preload_libraries: auto_explain,pg_stat_statements,pg_hint_plan,pgaudit log_statement: "ddl" From e3d93d1fd11785e0199282139566266837ea196b Mon Sep 17 00:00:00 2001 From: David Surey Date: Thu, 6 May 2021 21:48:57 +0200 Subject: [PATCH 04/18] #77: make SES validation optional. But keep the creation of adedicated SMTP user --- CHANGELOG.MD | 14 ++++++++++++++ bbb-on-aws-master.template.yaml | 6 ++++++ bbb-on-aws-param.json | 3 ++- templates/bbb-on-aws-frontendapps.template.yaml | 12 ++++++++++++ 4 files changed, 34 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.MD b/CHANGELOG.MD index 73623ce..a706483 100644 --- a/CHANGELOG.MD +++ b/CHANGELOG.MD @@ -2,6 +2,20 @@ # Change Log All notable changes to this project will be documented in this file. +## [3.0.0] - 2021-05-07 + +### Upgrade Notes: +- the Big Blue Button version defaults now to 2.3.0. if you need to stay on 2.2.X please make sure to alter the BBB version parameter to xenial-22 and the Ubuntu version parameter to xenial-16.04. + +### Fixed +- #75: Serverless Aurora did not deploy due a missing !IF condition for the parametergroup +- #81: Single deployments failed due a missing condition + +### Changed +- #85: Default Big Blue Button version defaults to 2.3.0 (stable since 7 Days) +- #77: SES automation is now optional and can be overwritten by using the parameter +- #76: Cloudformation can now validate ACM certificates natively, so we do not need the custom resource anymore. + ## [2.3.0] - 2021-03-10 ### Upgrade Notes: diff --git a/bbb-on-aws-master.template.yaml b/bbb-on-aws-master.template.yaml index 31664ca..fb68339 100644 --- a/bbb-on-aws-master.template.yaml +++ b/bbb-on-aws-master.template.yaml @@ -455,6 +455,11 @@ Parameters: Description: Set the Region for the SES Service if deployment in a non-SES Region Type: String Default: "AWS::NoValue" + BBBSESValidated: + Description: If the SES Domain is already validated manually we do not need the automation + Type: String + Default: false + AllowedValues: [ true, false ] Conditions: BBBProdEnvironment: !Equals [!Ref BBBEnvironmentStage, prod] @@ -463,6 +468,7 @@ Conditions: BBBSingleEnvironment: !Equals [!Ref BBBEnvironmentType, single] BBBExistingVPC: !And [ !Not [ !Equals [ !Ref BBBVPCs, "" ]], !Equals [ !Select [ 0, !Split [ vpc-, !Ref BBBVPCs ]], "" ]] BBBNewVPC: !Not [ Condition: BBBExistingVPC ] + BBBSESNotValidated: !Equals [false, !Ref BBBSESValidated] Resources: diff --git a/bbb-on-aws-param.json b/bbb-on-aws-param.json index b4c4c4d..46ff923 100755 --- a/bbb-on-aws-param.json +++ b/bbb-on-aws-param.json @@ -40,6 +40,7 @@ "BBBGreenlightMemory": 1024, "BBBGreenlightCPU": 512, "BBBScaleliteMemory": 2048, - "BBBScaleliteCPU": 1024 + "BBBScaleliteCPU": 1024, + "BBBSESExternallyValidated": "false" } } diff --git a/templates/bbb-on-aws-frontendapps.template.yaml b/templates/bbb-on-aws-frontendapps.template.yaml index 3997474..81e8253 100644 --- a/templates/bbb-on-aws-frontendapps.template.yaml +++ b/templates/bbb-on-aws-frontendapps.template.yaml @@ -163,15 +163,22 @@ Parameters: BBBApplicationLogsGroup: Description: Log group to be used for the Application logs Type: String + BBBSESValidated: + Description: If the SES Domain is already validated manually we do not need the automation + Type: String + Default: false + AllowedValues: [ true, false ] Conditions: BBBSESRegionSet: !Not [ !Equals [ !Ref BBBSesRegion, "AWS::NoValue" ] ] BBBECSFargate: !Equals [ !Ref BBBECSInstanceType, fargate ] BBBECSEC2: !Not [ !Equals [ !Ref BBBECSInstanceType, fargate ] ] + BBBSESNotValidated: !Equals [false, !Ref BBBSESValidated] Resources: BBBSESDomainIdentity: Type: Custom::DomainIdentity + Condition: BBBSESNotValidated Properties: Domain: !Ref BBBDomainName Region: !If [ BBBSESRegionSet, !Ref BBBSesRegion, !Ref "AWS::Region" ] @@ -183,6 +190,7 @@ Resources: BBBSESVerifiedIdentity: Type: Custom::VerifiedIdentity + Condition: BBBSESNotValidated DependsOn: - BBBSESDkimRecords - BBBSESVerificationRecords @@ -194,6 +202,7 @@ Resources: BBBSESVerificationRecords: Type: AWS::Route53::RecordSetGroup + Condition: BBBSESNotValidated Properties: Comment: !Sub 'SES identity for ${BBBDomainName}' HostedZoneId: !Ref BBBHostedZone @@ -201,6 +210,7 @@ Resources: BBBSESDkimTokens: Type: Custom::DkimTokens + Condition: BBBSESNotValidated Properties: Domain: !GetAtt 'BBBSESDomainIdentity.Domain' Region: !GetAtt 'BBBSESDomainIdentity.Region' @@ -208,6 +218,7 @@ Resources: BBBSESDkimRecords: Type: AWS::Route53::RecordSetGroup + Condition: BBBSESNotValidated Properties: Comment: !Sub 'DKIM records for ${BBBDomainName}' HostedZoneId: !Ref BBBHostedZone @@ -215,6 +226,7 @@ Resources: BBBSESIdentityNotifications: Type: Custom::IdentityNotifications + Condition: BBBSESNotValidated Properties: Identity: !GetAtt BBBSESVerifiedIdentity.Identity Region: !GetAtt BBBSESVerifiedIdentity.Region From 3a8660fd59cffcc0e3f95df14038b7ef033d2046 Mon Sep 17 00:00:00 2001 From: David Surey Date: Thu, 6 May 2021 21:49:27 +0200 Subject: [PATCH 05/18] #77: make SES validation optional. But keep the creation of adedicated SMTP user --- bbb-on-aws-param.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bbb-on-aws-param.json b/bbb-on-aws-param.json index 46ff923..a54a45e 100755 --- a/bbb-on-aws-param.json +++ b/bbb-on-aws-param.json @@ -41,6 +41,6 @@ "BBBGreenlightCPU": 512, "BBBScaleliteMemory": 2048, "BBBScaleliteCPU": 1024, - "BBBSESExternallyValidated": "false" + "BBBSESValidated": "false" } } From bc2d4c9a301849b8e21eea5dbc5212ac671c6f24 Mon Sep 17 00:00:00 2001 From: David Surey Date: Thu, 6 May 2021 21:51:00 +0200 Subject: [PATCH 06/18] #77: missing parameter --- bbb-on-aws-master.template.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bbb-on-aws-master.template.yaml b/bbb-on-aws-master.template.yaml index fb68339..05b36d3 100644 --- a/bbb-on-aws-master.template.yaml +++ b/bbb-on-aws-master.template.yaml @@ -1096,6 +1096,8 @@ Resources: - Outputs.BBBRDSDBConnectionSecret BBBEnvironmentStage: Ref: BBBEnvironmentStage + BBBSESValidated: + Ref: BBBSESValidated BBBECSCluster: Fn::GetAtt: - BBBECSStack From 25c16b47718e1934601aea1f8d790dd3525e1d8d Mon Sep 17 00:00:00 2001 From: David Surey Date: Thu, 6 May 2021 22:06:47 +0200 Subject: [PATCH 07/18] ACM certs optional #77 --- CHANGELOG.MD | 1 + README.md | 2 ++ bbb-on-aws-master.template.yaml | 6 ++++++ bbb-on-aws-param.json | 3 +-- templates/bbb-on-aws-frontendapps.template.yaml | 15 ++++++++++++--- 5 files changed, 22 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.MD b/CHANGELOG.MD index a706483..3e95ce5 100644 --- a/CHANGELOG.MD +++ b/CHANGELOG.MD @@ -14,6 +14,7 @@ All notable changes to this project will be documented in this file. ### Changed - #85: Default Big Blue Button version defaults to 2.3.0 (stable since 7 Days) - #77: SES automation is now optional and can be overwritten by using the parameter +- #77: an existing ACM Certificate ARN can be added to reuse an existing or imported SSL certificate - #76: Cloudformation can now validate ACM certificates natively, so we do not need the custom resource anymore. ## [2.3.0] - 2021-03-10 diff --git a/README.md b/README.md index b9a7fec..359efc7 100644 --- a/README.md +++ b/README.md @@ -125,6 +125,8 @@ The deployment parameters are placed into the bbb-on-aws-param.json or to be set | BBBScaleliteMemory | 2048 | Memory limit for the Scalelite tasks | setting per task for all inheritated containers | BBBScaleliteCPU | 1024 | vCPU limit for the Scalelite tasks if deployed | setting once per task for all containers | BBBSesRegion| - | Region of the SES Service to be used | if the setup is planned to be deployed in a Region w/o Amazon SES, choose a proper region here. +| BBBSESValidated| false | controls if a pre validated SES domain is used | set to true if you setup the SES domain outside of this deployment +| BBBACMCertArn | - | existing SSL/TLS Certificate ARN for HTTPS | add your Certificate ARN here. e.g. if you imported your own Cert into ACM. # Deployment diff --git a/bbb-on-aws-master.template.yaml b/bbb-on-aws-master.template.yaml index 05b36d3..b2d576b 100644 --- a/bbb-on-aws-master.template.yaml +++ b/bbb-on-aws-master.template.yaml @@ -460,6 +460,10 @@ Parameters: Type: String Default: false AllowedValues: [ true, false ] + BBBACMCertArn: + Description: Set this parameter if you want to reuse an existing ACM certificate for your deployment + Type: String + Default: "AWS::NoValue" Conditions: BBBProdEnvironment: !Equals [!Ref BBBEnvironmentStage, prod] @@ -1123,6 +1127,8 @@ Resources: Fn::GetAtt: - BBBACMCertStack - Outputs.BBBACMCertProviderArn + BBBACMCertArn: + Ref: BBBACMCertArn BBBSESProviderArn: Fn::GetAtt: - BBBSESProviderStack diff --git a/bbb-on-aws-param.json b/bbb-on-aws-param.json index a54a45e..b4c4c4d 100755 --- a/bbb-on-aws-param.json +++ b/bbb-on-aws-param.json @@ -40,7 +40,6 @@ "BBBGreenlightMemory": 1024, "BBBGreenlightCPU": 512, "BBBScaleliteMemory": 2048, - "BBBScaleliteCPU": 1024, - "BBBSESValidated": "false" + "BBBScaleliteCPU": 1024 } } diff --git a/templates/bbb-on-aws-frontendapps.template.yaml b/templates/bbb-on-aws-frontendapps.template.yaml index 81e8253..f098c53 100644 --- a/templates/bbb-on-aws-frontendapps.template.yaml +++ b/templates/bbb-on-aws-frontendapps.template.yaml @@ -168,12 +168,17 @@ Parameters: Type: String Default: false AllowedValues: [ true, false ] + BBBACMCertArn: + Description: Set this parameter if you want to reuse an existing ACM certificate for your deployment + Type: String + Default: "AWS::NoValue" Conditions: BBBSESRegionSet: !Not [ !Equals [ !Ref BBBSesRegion, "AWS::NoValue" ] ] BBBECSFargate: !Equals [ !Ref BBBECSInstanceType, fargate ] BBBECSEC2: !Not [ !Equals [ !Ref BBBECSInstanceType, fargate ] ] - BBBSESNotValidated: !Equals [false, !Ref BBBSESValidated] + BBBSESNotValidated: !Equals [ false, !Ref BBBSESValidated ] + BBBACMNewCert: !Equals [ !Ref BBBACMCertArn, "AWS::NoValue" ] Resources: BBBSESDomainIdentity: @@ -385,6 +390,7 @@ Resources: BBBPublicCertificate: Type: Custom::Certificate + Condition: BBBACMNewCert Properties: DomainName: !Sub "*.${BBBDomainName}" ValidationMethod: DNS @@ -392,12 +398,14 @@ Resources: BBBPublicIssuedCertificate: Type: Custom::IssuedCertificate + Condition: BBBACMNewCert Properties: CertificateArn: !Ref BBBPublicCertificate ServiceToken: !Ref BBBACMCertProviderArn BBBPublicCertificateDNSRecord: Type: Custom::CertificateDNSRecord + Condition: BBBACMNewCert Properties: CertificateArn: !Ref BBBPublicCertificate DomainName: !Sub "*.${BBBDomainName}" @@ -405,6 +413,7 @@ Resources: BBBPublicDomainValidationRecord: Type: AWS::Route53::RecordSetGroup + Condition: BBBACMNewCert Properties: HostedZoneId: !Ref BBBHostedZone RecordSets: @@ -442,7 +451,7 @@ Resources: Port: 443 Protocol: HTTPS Certificates: - - CertificateArn: !Ref BBBPublicCertificate + - CertificateArn: !If [ BBBACMNewCert, !Ref BBBACMCertArn, !Ref BBBPublicCertificate ] BBBFrontendALBListenerRule: Type: AWS::ElasticLoadBalancingV2::ListenerRule @@ -535,7 +544,7 @@ Resources: Port: 443 Protocol: HTTPS Certificates: - - CertificateArn: !Ref BBBPublicCertificate + - CertificateArn: !If [ BBBACMNewCert, !Ref BBBACMCertArn, !Ref BBBPublicCertificate ] BBBScaleliteALBListenerRule: Type: AWS::ElasticLoadBalancingV2::ListenerRule From dc4108d47c61f8dd7b470c6a503b468b10e6e21d Mon Sep 17 00:00:00 2001 From: David Surey Date: Thu, 6 May 2021 22:15:41 +0200 Subject: [PATCH 08/18] elimination of the ACM custom resource, using CFN native implementation --- README.md | 2 - bbb-on-aws-master.template.yaml | 26 ------ templates/bbb-on-aws-acmcert.template.yaml | 92 ------------------- .../bbb-on-aws-frontendapps.template.yaml | 43 ++------- 4 files changed, 6 insertions(+), 157 deletions(-) delete mode 100644 templates/bbb-on-aws-acmcert.template.yaml diff --git a/README.md b/README.md index 359efc7..efa6bc1 100644 --- a/README.md +++ b/README.md @@ -337,7 +337,6 @@ Be sure NOT to use the main branch if you want to be sure not pulling potential - [Scalelite](https://github.com/blindsidenetworks/scalelite) - [Coturn](https://github.com/coturn/coturn) - [cfn-ses-provider](https://github.com/binxio/cfn-ses-provider) - - [cfn-certificate-provider](https://github.com/binxio/cfn-certificate-provider) - [cli53](https://github.com/barnybug/cli53) # Security @@ -358,6 +357,5 @@ Please be aware of the deviating licenses of the deployed open-source software c - cli53: [MIT License](https://github.com/barnybug/cli53/blob/master/LICENSE) - Coturn: [New BSD License](https://github.com/coturn/coturn/blob/master/LICENSE) - cfn-ses-provider - [Apache-2.0 License](https://github.com/binxio/cfn-ses-provider/blob/master/LICENSE) -- cfn-certificate-provider - [Apache-2.0 License](https://github.com/binxio/cfn-certificate-provider/blob/master/LICENSE) Please note that running this code will cause software that is licensed under [AGPL-3.0](https://www.gnu.org/licenses/agpl-3.0.de.html) to be deployed in the user’s account. \ No newline at end of file diff --git a/bbb-on-aws-master.template.yaml b/bbb-on-aws-master.template.yaml index b2d576b..d96f1ce 100644 --- a/bbb-on-aws-master.template.yaml +++ b/bbb-on-aws-master.template.yaml @@ -496,28 +496,6 @@ Resources: LogGroupName: !Join ["", ["/", !Ref "AWS::StackName", "/applicationlogs"]] RetentionInDays: 7 - BBBACMCertStack: - Type: AWS::CloudFormation::Stack - Condition: BBBScalableEnvironment - Properties: - TemplateURL: - Fn::Join: - - "" - - - "https://s3.amazonaws.com/" - - Fn::ImportValue: !Sub "${BBBStackBucketStack}-BBBStackBucket" - - "/bbb-on-aws-acmcert.template.yaml" - Parameters: - BBBEnvironmentStage: - Ref: BBBEnvironmentStage - Tags: - - Key: Name - Value: - Fn::Sub: BBBACMCertStack-${BBBEnvironmentName} - - Key: Environment - Value: !Ref BBBEnvironmentName - - Key: Stage - Value: !Ref BBBEnvironmentStage - BBBAMIFinderStack: Type: AWS::CloudFormation::Stack Properties: @@ -1123,10 +1101,6 @@ Resources: Fn::GetAtt: - BBBSecurityGroupStack - Outputs.BBBScaleliteELBSecurityGroup - BBBACMCertProviderArn: - Fn::GetAtt: - - BBBACMCertStack - - Outputs.BBBACMCertProviderArn BBBACMCertArn: Ref: BBBACMCertArn BBBSESProviderArn: diff --git a/templates/bbb-on-aws-acmcert.template.yaml b/templates/bbb-on-aws-acmcert.template.yaml deleted file mode 100644 index 21b996c..0000000 --- a/templates/bbb-on-aws-acmcert.template.yaml +++ /dev/null @@ -1,92 +0,0 @@ ---- -AWSTemplateFormatVersion: '2010-09-09' -Description: > - - This Cloudformation Template deploys a Custom Certificate Provider with DNS validation support. - - Disclaimer: Not for production use. Demo and testing purposes only. - - Author: David Surey , Bastian Klein - -Parameters: - BBBEnvironmentStage: - Type: String - Description: Select the appropriate environment - AllowedValues: - - stage - - prod - - dev - -Resources: - BBBACMCertLambdaRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Version: '2012-10-17' - Statement: - - Action: sts:AssumeRole - Effect: Allow - Principal: - Service: lambda.amazonaws.com - Policies: - - PolicyName: CFNCertificateDomainResourceRecordProvider - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - acm:RequestCertificate - - acm:DescribeCertificate - - acm:UpdateCertificateOptions - - acm:DeleteCertificate - Effect: Allow - Resource: "*" - - Effect: Allow - Action: - - lambda:InvokeFunction - Resource: - - !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${AWS::StackName}-cert-provider' - ManagedPolicyArns: - - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole - - BBBACMCertProviderLogGroup: - Type: AWS::Logs::LogGroup - Properties: - RetentionInDays: 7 - LogGroupName: !Join ["", ["/", !Ref "AWS::StackName", "/", !Ref BBBACMCertProvider]] - - BBBACMCertProvider: - Type: AWS::Lambda::Function - Properties: - FunctionName: !Sub ${AWS::StackName}-cert-provider - Description: CFN Certificate Domain Resource Record Provider - Code: - S3Bucket: !Sub "binxio-public-${AWS::Region}" - S3Key: lambdas/cfn-certificate-provider-0.2.5.zip - Handler: provider.handler - MemorySize: 128 - Role: !Sub ${BBBACMCertLambdaRole.Arn} - Runtime: python3.6 - Timeout: 300 - -Outputs: - BBBACMCertProvider: - Description: Name of the Certificate Provider - Value: - Ref: BBBACMCertProvider - BBBACMCertProviderLogGroup: - Description: Name of the Certificate Provider Log Group - Value: - Ref: BBBACMCertProviderLogGroup - BBBACMCertLambdaRole: - Description: Name of the Certificate Provider Lambda Role - Value: - Ref: BBBACMCertLambdaRole - BBBACMCertProviderArn: - Description: The Arn of the ACM Custom Resource Lambda Function - Value: !Sub ${BBBACMCertProvider.Arn} - - - - - - diff --git a/templates/bbb-on-aws-frontendapps.template.yaml b/templates/bbb-on-aws-frontendapps.template.yaml index f098c53..4db4fd0 100644 --- a/templates/bbb-on-aws-frontendapps.template.yaml +++ b/templates/bbb-on-aws-frontendapps.template.yaml @@ -97,9 +97,6 @@ Parameters: Description: CPU constraints for Scalelite Fargate Task Type: Number Default: 1024 - BBBACMCertProviderArn: - Description: ARN of the custom certificate provider - Type: String BBBSESProviderArn: Description: ARN of the custom SES provider Type: String @@ -389,41 +386,13 @@ Resources: - !Sub "arn:aws:cloudwatch:${AWS::Region}:${AWS::AccountId}:alarm:*" BBBPublicCertificate: - Type: Custom::Certificate - Condition: BBBACMNewCert - Properties: - DomainName: !Sub "*.${BBBDomainName}" - ValidationMethod: DNS - ServiceToken: !Ref BBBACMCertProviderArn - - BBBPublicIssuedCertificate: - Type: Custom::IssuedCertificate + Type: AWS::CertificateManager::Certificate Condition: BBBACMNewCert - Properties: - CertificateArn: !Ref BBBPublicCertificate - ServiceToken: !Ref BBBACMCertProviderArn - - BBBPublicCertificateDNSRecord: - Type: Custom::CertificateDNSRecord - Condition: BBBACMNewCert - Properties: - CertificateArn: !Ref BBBPublicCertificate - DomainName: !Sub "*.${BBBDomainName}" - ServiceToken: !Ref BBBACMCertProviderArn - - BBBPublicDomainValidationRecord: - Type: AWS::Route53::RecordSetGroup - Condition: BBBACMNewCert - Properties: - HostedZoneId: !Ref BBBHostedZone - RecordSets: - - Name: !GetAtt BBBPublicCertificateDNSRecord.Name - Type: !GetAtt BBBPublicCertificateDNSRecord.Type - TTL: 60 - Weight: 1 - SetIdentifier: !Ref BBBPublicCertificate - ResourceRecords: - - !GetAtt BBBPublicCertificateDNSRecord.Value + DomainName: !Sub "*.${BBBDomainName}" + DomainValidationOptions: + - !Sub "*.${BBBDomainName}" + - !Ref BBBHostedZone + ValidationMethod: DNS BBBFrontendALB: Type: AWS::ElasticLoadBalancingV2::LoadBalancer From f906096b9a3b8cc88f6f6e0f9c64bded9edbb9ea Mon Sep 17 00:00:00 2001 From: David Surey Date: Fri, 7 May 2021 19:33:26 +0200 Subject: [PATCH 09/18] bugfixing for EFS Task Definitions and Missing/Wrong Conditions --- CHANGELOG.MD | 5 +- bbb-on-aws-master.template.yaml | 1 + .../bbb-on-aws-bbbappscalable.template.yaml | 3 +- .../bbb-on-aws-bbbappsingle.template.yaml | 1 + templates/bbb-on-aws-database.template.yaml | 1 + .../bbb-on-aws-frontendapps.template.yaml | 69 ++++++++++++------- templates/bbb-on-aws-storage.template.yaml | 23 ++++++- 7 files changed, 74 insertions(+), 29 deletions(-) diff --git a/CHANGELOG.MD b/CHANGELOG.MD index 3e95ce5..4ebaff1 100644 --- a/CHANGELOG.MD +++ b/CHANGELOG.MD @@ -12,10 +12,11 @@ All notable changes to this project will be documented in this file. - #81: Single deployments failed due a missing condition ### Changed -- #85: Default Big Blue Button version defaults to 2.3.0 (stable since 7 Days) +- #84: Default Big Blue Button version defaults to 2.3.0 (stable since 7 Days) - #77: SES automation is now optional and can be overwritten by using the parameter - #77: an existing ACM Certificate ARN can be added to reuse an existing or imported SSL certificate -- #76: Cloudformation can now validate ACM certificates natively, so we do not need the custom resource anymore. +- #76: Cloudformation can now validate ACM certificates natively, so we do not need the custom resource anymore. +- #85: we're now utilizing IAM Roles when mounting the Shared Storage. Also the Storage now limits access to the APs utilizing these Roles. ## [2.3.0] - 2021-03-10 diff --git a/bbb-on-aws-master.template.yaml b/bbb-on-aws-master.template.yaml index d96f1ce..055721c 100644 --- a/bbb-on-aws-master.template.yaml +++ b/bbb-on-aws-master.template.yaml @@ -321,6 +321,7 @@ Parameters: - db.r4.4xlarge - db.r4.8xlarge - db.r4.16xlarge + - db.t3.micro - db.t3.small - db.t3.medium - db.t3.large diff --git a/templates/bbb-on-aws-bbbappscalable.template.yaml b/templates/bbb-on-aws-bbbappscalable.template.yaml index 47b95e9..d85b120 100644 --- a/templates/bbb-on-aws-bbbappscalable.template.yaml +++ b/templates/bbb-on-aws-bbbappscalable.template.yaml @@ -199,6 +199,7 @@ Resources: BBBApplicationEC2Role: Type: AWS::IAM::Role Properties: + RoleName: BBBApplicationEC2Role AssumeRolePolicyDocument: Statement: - Effect: Allow @@ -341,7 +342,7 @@ Resources: systemctl start route53-handler mkdir -p /mnt/bbb-recordings - echo "${BBBSharedStorageFS}: /mnt/bbb-recordings efs defaults,tls,accesspoint=${BBBSharedStorageAPspool},rw 0 0" >> /etc/fstab + echo "${BBBSharedStorageFS}: /mnt/bbb-recordings efs defaults,tls,iam,accesspoint=${BBBSharedStorageAPspool},rw 0 0" >> /etc/fstab mkdir -p /var/bigbluebutton diff --git a/templates/bbb-on-aws-bbbappsingle.template.yaml b/templates/bbb-on-aws-bbbappsingle.template.yaml index 0402b9c..78188d8 100644 --- a/templates/bbb-on-aws-bbbappsingle.template.yaml +++ b/templates/bbb-on-aws-bbbappsingle.template.yaml @@ -182,6 +182,7 @@ Resources: BBBApplicationEC2Role: Type: AWS::IAM::Role Properties: + RoleName: BBBApplicationEC2Role AssumeRolePolicyDocument: Statement: - Effect: Allow diff --git a/templates/bbb-on-aws-database.template.yaml b/templates/bbb-on-aws-database.template.yaml index 1c19eb4..6f29c88 100755 --- a/templates/bbb-on-aws-database.template.yaml +++ b/templates/bbb-on-aws-database.template.yaml @@ -38,6 +38,7 @@ Parameters: - db.r4.4xlarge - db.r4.8xlarge - db.r4.16xlarge + - db.t3.micro - db.t3.small - db.t3.medium - db.t3.large diff --git a/templates/bbb-on-aws-frontendapps.template.yaml b/templates/bbb-on-aws-frontendapps.template.yaml index 4db4fd0..bc722b0 100644 --- a/templates/bbb-on-aws-frontendapps.template.yaml +++ b/templates/bbb-on-aws-frontendapps.template.yaml @@ -331,6 +331,16 @@ Resources: - !Ref BBBApplicationBaseSecret - !Ref BBBLoadbalancerSecret + BBBScaleliteRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Statement: + - Effect: Allow + Principal: + Service: ecs-tasks.amazonaws.com + Action: 'sts:AssumeRole' + BBBGreenlightTaskExecutionRole: Type: AWS::IAM::Role Properties: @@ -359,6 +369,16 @@ Resources: - !Ref BBBAdministratorlogin - !Ref BBBLoadbalancerSecret + BBBGreenlightTaskRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Statement: + - Effect: Allow + Principal: + Service: ecs-tasks.amazonaws.com + Action: 'sts:AssumeRole' + BBBAutoscalingRole: Type: AWS::IAM::Role Properties: @@ -388,11 +408,9 @@ Resources: BBBPublicCertificate: Type: AWS::CertificateManager::Certificate Condition: BBBACMNewCert - DomainName: !Sub "*.${BBBDomainName}" - DomainValidationOptions: - - !Sub "*.${BBBDomainName}" - - !Ref BBBHostedZone - ValidationMethod: DNS + Properties: + DomainName: !Sub "*.${BBBDomainName}" + ValidationMethod: DNS BBBFrontendALB: Type: AWS::ElasticLoadBalancingV2::LoadBalancer @@ -407,9 +425,6 @@ Resources: BBBFrontendALBListener: Type: AWS::ElasticLoadBalancingV2::Listener - DependsOn: - - BBBPublicIssuedCertificate - - BBBPublicDomainValidationRecord Properties: DefaultActions: - Type: redirect @@ -420,7 +435,7 @@ Resources: Port: 443 Protocol: HTTPS Certificates: - - CertificateArn: !If [ BBBACMNewCert, !Ref BBBACMCertArn, !Ref BBBPublicCertificate ] + - CertificateArn: !If [ BBBACMNewCert, !Ref BBBPublicCertificate, !Ref BBBACMCertArn ] BBBFrontendALBListenerRule: Type: AWS::ElasticLoadBalancingV2::ListenerRule @@ -502,9 +517,6 @@ Resources: BBBScaleliteALBListener: Type: AWS::ElasticLoadBalancingV2::Listener - DependsOn: - - BBBPublicIssuedCertificate - - BBBPublicDomainValidationRecord Properties: DefaultActions: - Type: forward @@ -513,7 +525,7 @@ Resources: Port: 443 Protocol: HTTPS Certificates: - - CertificateArn: !If [ BBBACMNewCert, !Ref BBBACMCertArn, !Ref BBBPublicCertificate ] + - CertificateArn: !If [ BBBACMNewCert, !Ref BBBPublicCertificate, !Ref BBBACMCertArn ] BBBScaleliteALBListenerRule: Type: AWS::ElasticLoadBalancingV2::ListenerRule @@ -552,6 +564,7 @@ Resources: NetworkMode: !If [ BBBECSFargate, awsvpc, !Ref "AWS::NoValue" ] Memory: !Ref BBBGreenlightMemory Cpu: !Ref BBBGreenlightCPU + TaskRoleArn: !Ref BBBGreenlightTaskRole RequiresCompatibilities: !If - BBBECSFargate @@ -689,6 +702,7 @@ Resources: NetworkMode: !If [ BBBECSFargate, awsvpc, !Ref "AWS::NoValue" ] Memory: !Ref BBBScaleliteMemory Cpu: !Ref BBBScaleliteCPU + TaskRoleArn: !Ref BBBScaleliteRole RequiresCompatibilities: !If - BBBECSFargate @@ -696,29 +710,33 @@ Resources: - !Ref "AWS::NoValue" Volumes: - Name: !Join [ "", [ scalelite-recordings-volume-spool, !Ref BBBEnvironmentStage ] ] - efsVolumeConfiguration: - fileSystemId: !Ref BBBSharedStorageFS - transitEncryption: ENABLED + EFSVolumeConfiguration: + FilesystemId: !Ref BBBSharedStorageFS + TransitEncryption: ENABLED AuthorizationConfig: AccessPointId: !Ref BBBSharedStorageAPspool + IAM: ENABLED - Name: !Join [ "", [ scalelite-recordings-volume-published, !Ref BBBEnvironmentStage ] ] - efsVolumeConfiguration: - fileSystemId: !Ref BBBSharedStorageFS - transitEncryption: ENABLED + EFSVolumeConfiguration: + FilesystemId: !Ref BBBSharedStorageFS + TransitEncryption: ENABLED AuthorizationConfig: AccessPointId: !Ref BBBSharedStorageAPpublished + IAM: ENABLED - Name: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref BBBEnvironmentStage ] ] - efsVolumeConfiguration: - fileSystemId: !Ref BBBSharedStorageFS - transitEncryption: ENABLED + EFSVolumeConfiguration: + FilesystemId: !Ref BBBSharedStorageFS + TransitEncryption: ENABLED AuthorizationConfig: AccessPointId: !Ref BBBSharedStorageAPunpublished + IAM: ENABLED - Name: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref BBBEnvironmentStage ] ] - efsVolumeConfiguration: - fileSystemId: !Ref BBBSharedStorageFS - transitEncryption: ENABLED + EFSVolumeConfiguration: + FilesystemId: !Ref BBBSharedStorageFS + TransitEncryption: ENABLED AuthorizationConfig: AccessPointId: !Ref BBBSharedStorageAPrecordings + IAM: ENABLED ContainerDefinitions: - Name: scalelite-importer Essential: true @@ -1019,6 +1037,7 @@ Outputs: Value: !Ref BBBAutoscalingRole BBBPublicCertificate: Description: SSL Cert for the Frontend + Condition: BBBACMNewCert Value: !Ref BBBPublicCertificate BBBFrontendALB: Description: Frontend Application Load Balancer diff --git a/templates/bbb-on-aws-storage.template.yaml b/templates/bbb-on-aws-storage.template.yaml index c4a5816..db99775 100644 --- a/templates/bbb-on-aws-storage.template.yaml +++ b/templates/bbb-on-aws-storage.template.yaml @@ -40,7 +40,28 @@ Resources: Type: AWS::EFS::FileSystem Properties: Encrypted: true - + FileSystemPolicy: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: + - "elasticfilesystem:ClientMount" + - "elasticfilesystem:ClientWrite" + Principal: + AWS: "*" + Condition: + StringEquals: + aws:PrincipalArn: !Sub 'arn:aws:iam::${AWS::AccountId}:role/${AWS::StackName}-BBBScaleliteExecutionRole' + - Effect: "Allow" + Action: + - "elasticfilesystem:ClientMount" + - "elasticfilesystem:ClientWrite" + Principal: + AWS: "*" + Condition: + StringEquals: + aws:PrincipalArn: !Sub 'arn:aws:iam::${AWS::AccountId}:role/${AWS::StackName}-BBBApplicationEC2Role' + BBBSharedStorageMountTarget1: Type: AWS::EFS::MountTarget Properties: From 07a9276200e271e5b3324fdc18269545ca272593 Mon Sep 17 00:00:00 2001 From: David Surey Date: Fri, 7 May 2021 19:44:44 +0200 Subject: [PATCH 10/18] switching to serverless/fargate by default --- CHANGELOG.MD | 1 + bbb-on-aws-master.template.yaml | 4 ++-- bbb-on-aws-param.json | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.MD b/CHANGELOG.MD index 4ebaff1..222acf1 100644 --- a/CHANGELOG.MD +++ b/CHANGELOG.MD @@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file. ### Upgrade Notes: - the Big Blue Button version defaults now to 2.3.0. if you need to stay on 2.2.X please make sure to alter the BBB version parameter to xenial-22 and the Ubuntu version parameter to xenial-16.04. +- the deployment now defaults to "Serverless" deployments for ECS and Aurora. this will optimize costs especially in small/test environments. switching from instanced to serverless will resetup the database means you will have to restore the DB from a backup afterwards or start fresh with testings. to prevent this, ensure you're not just using defaults for your environment. ### Fixed - #75: Serverless Aurora did not deploy due a missing !IF condition for the parametergroup diff --git a/bbb-on-aws-master.template.yaml b/bbb-on-aws-master.template.yaml index 055721c..3ddb384 100644 --- a/bbb-on-aws-master.template.yaml +++ b/bbb-on-aws-master.template.yaml @@ -107,7 +107,7 @@ Parameters: BBBECSInstanceType: Description: Instance type for ECS Cluster worker nodes Type: String - Default: t3a.large + Default: fargate AllowedValues: - fargate - t3a.small @@ -327,7 +327,7 @@ Parameters: - db.t3.large - db.t3.xlarge - db.t3.2xlarge - Default: db.t3.medium + Default: serverless BBBServerlessAuroraMinCapacity: Description: The minimum capacity for the Amazon Aurora Serverless Cluster. Type: Number diff --git a/bbb-on-aws-param.json b/bbb-on-aws-param.json index b4c4c4d..962c982 100755 --- a/bbb-on-aws-param.json +++ b/bbb-on-aws-param.json @@ -3,12 +3,12 @@ "BBBApplicationVersion": "bionic-230", "BBBApplicationInstanceOSVersion": "bionic-18.04", "BBBTurnInstanceOSVersion": "focal-20.04", - "BBBECSInstanceType": "t3a.medium", + "BBBECSInstanceType": "fargate", "BBBApplicationInstanceType": "t3a.medium", "BBBApplicationDataVolumeSize": 50, "BBBApplicationRootVolumeSize": 20, "BBBTurnInstanceType": "t3a.micro", - "BBBDBInstanceType": "db.t3.medium", + "BBBDBInstanceType": "serverless", "BBBServerlessAuroraMinCapacity": 2, "BBBServerlessAuroraMaxCapacity": 4, "BBBCACHEDBInstanceType": "cache.t3.micro", From 65712a40a69c1010ad92fd3a87ca93387f0b962d Mon Sep 17 00:00:00 2001 From: David Surey Date: Fri, 7 May 2021 20:21:48 +0200 Subject: [PATCH 11/18] switching to serverless/fargate by default --- bbb-on-aws-param.json | 2 +- templates/bbb-on-aws-database.template.yaml | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bbb-on-aws-param.json b/bbb-on-aws-param.json index 962c982..1a11aa9 100755 --- a/bbb-on-aws-param.json +++ b/bbb-on-aws-param.json @@ -27,7 +27,7 @@ "BBBTurnMinInstances": 1, "BBBTurnDesiredInstances": 1, "BBBDBName": "frontendapp", - "BBBDBEngineVersion": "12.4", + "BBBDBEngineVersion": "10.12", "BBBEnvironmentStage": "dev", "BBBEnvironmentName": "bbbonaws", "BBBEnvironmentType": "scalable", diff --git a/templates/bbb-on-aws-database.template.yaml b/templates/bbb-on-aws-database.template.yaml index 6f29c88..9ee692e 100755 --- a/templates/bbb-on-aws-database.template.yaml +++ b/templates/bbb-on-aws-database.template.yaml @@ -130,7 +130,7 @@ Resources: DBSubnetGroupName: Ref: BBBDBSubnetGroup DBClusterParameterGroupName: - Ref: "BBBRDSDBClusterParameterGroupPostgres12" + Ref: "BBBRDSDBClusterParameterGroupPostgres" VpcSecurityGroupIds: - Ref: BBBDBSecurityGroup ScalingConfiguration: @@ -157,7 +157,7 @@ Resources: DBClusterIdentifier: Ref: BBBRDSCluster DBParameterGroupName: - Ref: BBBRDSDBParameterGroupPostgres12 + Ref: BBBRDSDBParameterGroupPostgres AvailabilityZone: Fn::Select: - '0' @@ -188,7 +188,7 @@ Resources: DBInstanceClass: Ref: BBBDBInstanceType - BBBRDSDBParameterGroupPostgres12: + BBBRDSDBParameterGroupPostgres: Type: AWS::RDS::DBParameterGroup Properties: Description: Aurora PG 12 Database Instance Parameter Group for Cloudformation Stack @@ -211,11 +211,11 @@ Resources: statement_timeout: 7200000 search_path: '"$user",public' - BBBRDSDBClusterParameterGroupPostgres12: + BBBRDSDBClusterParameterGroupPostgres: Type: AWS::RDS::DBClusterParameterGroup Properties: Description: CloudFormation Sample Aurora Cluster PG 12 Parameter Group - Family: aurora-postgresql12 + Family: !If [ BBBServerlessAurora, aurora-postgresql10, aurora-postgresql12 ] Parameters: timezone: Europe/Berlin @@ -378,7 +378,7 @@ Outputs: BBBRDSDBClusterParameterGroup: Description: The Big Blue Button DB Cluster Parameter Group Value: - Ref: "BBBRDSDBClusterParameterGroupPostgres12" + Ref: "BBBRDSDBClusterParameterGroupPostgres" BBBDBSubnetGroup: Description: The Big Blue Button DB Subnet Group Value: @@ -400,4 +400,4 @@ Outputs: BBBRDSDBParameterGroup: Description: The Big Blue Button DB Parameter Group Value: - Ref: "BBBRDSDBParameterGroupPostgres12" + Ref: "BBBRDSDBParameterGroupPostgres" From 875596b23b747c20e31cceeadb94e8f5eb01a248 Mon Sep 17 00:00:00 2001 From: David Surey Date: Fri, 7 May 2021 20:22:03 +0200 Subject: [PATCH 12/18] switching to serverless/fargate by default --- templates/bbb-on-aws-database.template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/bbb-on-aws-database.template.yaml b/templates/bbb-on-aws-database.template.yaml index 9ee692e..621adff 100755 --- a/templates/bbb-on-aws-database.template.yaml +++ b/templates/bbb-on-aws-database.template.yaml @@ -214,7 +214,7 @@ Resources: BBBRDSDBClusterParameterGroupPostgres: Type: AWS::RDS::DBClusterParameterGroup Properties: - Description: CloudFormation Sample Aurora Cluster PG 12 Parameter Group + Description: CloudFormation Sample Aurora Cluster PG Parameter Group Family: !If [ BBBServerlessAurora, aurora-postgresql10, aurora-postgresql12 ] Parameters: timezone: Europe/Berlin From 48a13ad17369bb22e93471b63bc4559f3367041a Mon Sep 17 00:00:00 2001 From: David Surey Date: Sat, 8 May 2021 23:18:48 +0200 Subject: [PATCH 13/18] bigfixes for roles and changes in sed commands to extract strings --- CHANGELOG.MD | 2 +- templates/bbb-on-aws-bbbappscalable.template.yaml | 9 +++++++-- templates/bbb-on-aws-frontendapps.template.yaml | 14 +++++++++++--- templates/bbb-on-aws-storage.template.yaml | 10 +++++----- 4 files changed, 24 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.MD b/CHANGELOG.MD index 222acf1..3c225bf 100644 --- a/CHANGELOG.MD +++ b/CHANGELOG.MD @@ -2,7 +2,7 @@ # Change Log All notable changes to this project will be documented in this file. -## [3.0.0] - 2021-05-07 +## [3.0.0] - 2021-05-08 ### Upgrade Notes: - the Big Blue Button version defaults now to 2.3.0. if you need to stay on 2.2.X please make sure to alter the BBB version parameter to xenial-22 and the Ubuntu version parameter to xenial-16.04. diff --git a/templates/bbb-on-aws-bbbappscalable.template.yaml b/templates/bbb-on-aws-bbbappscalable.template.yaml index d85b120..6b113ec 100644 --- a/templates/bbb-on-aws-bbbappscalable.template.yaml +++ b/templates/bbb-on-aws-bbbappscalable.template.yaml @@ -391,8 +391,13 @@ Resources: aws s3 cp s3://${BBBStackBucketStack}/scalelite-handler.sh /usr/local/bin/scalelite-handler.sh chmod +x /usr/local/bin/scalelite-handler.sh - SERVER="$(bbb-conf --secret | head -2 | tail -1 | sed -r 's/.*URL: //g')api" - SECRET=$(bbb-conf --secret | head -3 | tail -1 | sed -r 's/.*Secret: //g') + if [ ${BBBApplicationVersion} == "*23*" ]; then + SERVER="$(bbb-conf --secret | head -3 | tail -1 | sed -r 's/.*URL: //g')api" + SECRET=$(bbb-conf --secret | head -4 | tail -1 | sed -r 's/.*Secret: //g') + else + SERVER="$(bbb-conf --secret | head -2 | tail -1 | sed -r 's/.*URL: //g')api" + SECRET=$(bbb-conf --secret | head -3 | tail -1 | sed -r 's/.*Secret: //g') + fi sed -i "s/SECRET_PLACEHOLDER/$SECRET/g" /etc/systemd/system/scalelite-handler.service sed -i "s|SERVER_PLACEHOLDER|$SERVER|g" /etc/systemd/system/scalelite-handler.service diff --git a/templates/bbb-on-aws-frontendapps.template.yaml b/templates/bbb-on-aws-frontendapps.template.yaml index bc722b0..1a262fc 100644 --- a/templates/bbb-on-aws-frontendapps.template.yaml +++ b/templates/bbb-on-aws-frontendapps.template.yaml @@ -405,11 +405,19 @@ Resources: - !Ref BBBScaleliteService - !Sub "arn:aws:cloudwatch:${AWS::Region}:${AWS::AccountId}:alarm:*" - BBBPublicCertificate: - Type: AWS::CertificateManager::Certificate + BBBPublicCertificate: Condition: BBBACMNewCert - Properties: + Type: 'AWS::CertificateManager::Certificate' + Properties: + ValidationMethod: DNS DomainName: !Sub "*.${BBBDomainName}" + SubjectAlternativeNames: + - !Ref BBBDomainName + - !Sub "*.${BBBDomainName}" + DomainValidationOptions: + - DomainName: !Ref BBBDomainName + #ValidationDomain: !Ref BBBDomainName + HostedZoneId: !Ref BBBHostedZone ValidationMethod: DNS BBBFrontendALB: diff --git a/templates/bbb-on-aws-storage.template.yaml b/templates/bbb-on-aws-storage.template.yaml index db99775..88780ca 100644 --- a/templates/bbb-on-aws-storage.template.yaml +++ b/templates/bbb-on-aws-storage.template.yaml @@ -50,8 +50,8 @@ Resources: Principal: AWS: "*" Condition: - StringEquals: - aws:PrincipalArn: !Sub 'arn:aws:iam::${AWS::AccountId}:role/${AWS::StackName}-BBBScaleliteExecutionRole' + StringLike: + aws:PrincipalTag/Name: "*BBBFrontendApplicationStack*" - Effect: "Allow" Action: - "elasticfilesystem:ClientMount" @@ -59,9 +59,9 @@ Resources: Principal: AWS: "*" Condition: - StringEquals: - aws:PrincipalArn: !Sub 'arn:aws:iam::${AWS::AccountId}:role/${AWS::StackName}-BBBApplicationEC2Role' - + StringLike: + aws:PrincipalTag/Name: "*BBBApplicationStack*" + BBBSharedStorageMountTarget1: Type: AWS::EFS::MountTarget Properties: From 92df96fd3cf895bc6bcc9c5102c85647034b570c Mon Sep 17 00:00:00 2001 From: David Surey Date: Sun, 9 May 2021 22:07:25 +0200 Subject: [PATCH 14/18] version switch --- templates/bbb-on-aws-bbbappscalable.template.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/templates/bbb-on-aws-bbbappscalable.template.yaml b/templates/bbb-on-aws-bbbappscalable.template.yaml index 6b113ec..a3201ea 100644 --- a/templates/bbb-on-aws-bbbappscalable.template.yaml +++ b/templates/bbb-on-aws-bbbappscalable.template.yaml @@ -363,7 +363,6 @@ Resources: echo "$UUID /var/bigbluebutton ext4 defaults,nofail 0 2" >> /etc/fstab mount -a - turn_hostname=$(aws ssm get-parameter --region ${AWS::Region} --name "${BBBTurnHostnameParameter}" --with-decryption --output text --query Parameter.Value) turn_fqdn=$turn_hostname.${BBBDomainName} turnsecret=$(aws secretsmanager get-secret-value --region ${AWS::Region} --secret-id ${BBBTurnSecret} --query SecretString --output text | jq -r .turnkeyvalue) @@ -391,7 +390,7 @@ Resources: aws s3 cp s3://${BBBStackBucketStack}/scalelite-handler.sh /usr/local/bin/scalelite-handler.sh chmod +x /usr/local/bin/scalelite-handler.sh - if [ ${BBBApplicationVersion} == "*23*" ]; then + if [[ ${BBBApplicationVersion} == *"23"* ]]; then SERVER="$(bbb-conf --secret | head -3 | tail -1 | sed -r 's/.*URL: //g')api" SECRET=$(bbb-conf --secret | head -4 | tail -1 | sed -r 's/.*Secret: //g') else From e7e34150e450da2ba617b7299ce819070a2c0532 Mon Sep 17 00:00:00 2001 From: David Surey Date: Sun, 9 May 2021 22:52:29 +0200 Subject: [PATCH 15/18] new frontned/scalelite for new BBB --- bbb-on-aws-master.template.yaml | 4 ++++ bbb-on-aws-param.json | 12 ++++++------ templates/bbb-on-aws-bbbappscalable.template.yaml | 8 ++++++++ templates/bbb-on-aws-frontendapps.template.yaml | 1 - 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/bbb-on-aws-master.template.yaml b/bbb-on-aws-master.template.yaml index 3ddb384..5e4f551 100644 --- a/bbb-on-aws-master.template.yaml +++ b/bbb-on-aws-master.template.yaml @@ -873,6 +873,10 @@ Resources: Fn::GetAtt: - BBBTurnStack - Outputs.BBBTurnSecret + BBBLoadbalancerSecret: + Fn::GetAtt: + - BBBFontendAppsStack + - Outputs.BBBLoadbalancerSecret BBBNotificationTopic: Ref: BBBNotificationTopic BBBSystemLogsGroupArn: diff --git a/bbb-on-aws-param.json b/bbb-on-aws-param.json index 1a11aa9..61e7c8a 100755 --- a/bbb-on-aws-param.json +++ b/bbb-on-aws-param.json @@ -3,7 +3,7 @@ "BBBApplicationVersion": "bionic-230", "BBBApplicationInstanceOSVersion": "bionic-18.04", "BBBTurnInstanceOSVersion": "focal-20.04", - "BBBECSInstanceType": "fargate", + "BBBECSInstanceType": "t3a.medium", "BBBApplicationInstanceType": "t3a.medium", "BBBApplicationDataVolumeSize": 50, "BBBApplicationRootVolumeSize": 20, @@ -31,11 +31,11 @@ "BBBEnvironmentStage": "dev", "BBBEnvironmentName": "bbbonaws", "BBBEnvironmentType": "scalable", - "BBBgreenlightImage": "bigbluebutton/greenlight:release-2.7.20", - "BBBScaleliteApiImage": "blindsidenetwks/scalelite:v1.0.7-api", - "BBBScaleliteNginxImage": "blindsidenetwks/scalelite:v1.0.7-nginx", - "BBBScalelitePollerImage": "blindsidenetwks/scalelite:v1.0.7-poller", - "BBBScaleliteImporterImage": "blindsidenetwks/scalelite:v1.0.7-recording-importer", + "BBBgreenlightImage": "bigbluebutton/greenlight:v2", + "BBBScaleliteApiImage": "blindsidenetwks/scalelite:v1.1-beta.4-bionic230-alpine-api", + "BBBScaleliteNginxImage": "blindsidenetwks/scalelite:v1.1-beta.4-bionic230-alpine-nginx", + "BBBScalelitePollerImage": "blindsidenetwks/scalelite:v1.1-beta.4-bionic230-alpine-poller", + "BBBScaleliteImporterImage": "blindsidenetwks/scalelite:v1.1-beta.4-bionic230-alpine-recording-importer", "BBBCacheAZMode": "cross-az", "BBBGreenlightMemory": 1024, "BBBGreenlightCPU": 512, diff --git a/templates/bbb-on-aws-bbbappscalable.template.yaml b/templates/bbb-on-aws-bbbappscalable.template.yaml index a3201ea..4e90880 100644 --- a/templates/bbb-on-aws-bbbappscalable.template.yaml +++ b/templates/bbb-on-aws-bbbappscalable.template.yaml @@ -123,6 +123,9 @@ Parameters: BBBTurnSecret: Description: Secret string for the Turn server Type: String + BBBLoadbalancerSecret: + Description: Secret string for the BBB Api server + Type: String BBBSharedStorageFS: Description: File system id for the Amazon EFS volume to be mounted Type: String @@ -378,6 +381,11 @@ Resources: wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s -- -v ${BBBApplicationVersion} -s $instance_fqdn -e ${BBBOperatorEMail} -c $turn_fqdn:$turnsecret + #bbbsecret=$(aws secretsmanager get-secret-value --region ${AWS::Region} --secret-id ${BBBLoadbalancerSecret} --query SecretString --output text | jq -r .basekeyvalue) + + #bbb-conf --setsecret $bbbsecret + #bbb-conf --restart + groupadd -g 2000 scalelite-spool usermod -a -G scalelite-spool bigbluebutton diff --git a/templates/bbb-on-aws-frontendapps.template.yaml b/templates/bbb-on-aws-frontendapps.template.yaml index 1a262fc..efbd4df 100644 --- a/templates/bbb-on-aws-frontendapps.template.yaml +++ b/templates/bbb-on-aws-frontendapps.template.yaml @@ -416,7 +416,6 @@ Resources: - !Sub "*.${BBBDomainName}" DomainValidationOptions: - DomainName: !Ref BBBDomainName - #ValidationDomain: !Ref BBBDomainName HostedZoneId: !Ref BBBHostedZone ValidationMethod: DNS From 59a1f6f34d3d4814f8a74ad4f6c1950f116f1774 Mon Sep 17 00:00:00 2001 From: David Surey Date: Mon, 10 May 2021 23:05:06 +0200 Subject: [PATCH 16/18] #86 integration of Dockerhub mirror, fixes of scalelite-nginx fargate Command --- CHANGELOG.MD | 2 + README.md | 1 + bbb-on-aws-master.template.yaml | 10 ++-- bbb-on-aws-param.json | 12 +++-- destroy.sh | 3 ++ setup.sh | 50 ++++++++++++++++++- .../bbb-on-aws-bbbappscalable.template.yaml | 8 --- .../bbb-on-aws-frontendapps.template.yaml | 49 ++++++++++++++---- templates/bbb-on-aws-registry.template.yaml | 31 ++++++++++++ templates/bbb-on-aws-storage.template.yaml | 24 ++++----- 10 files changed, 149 insertions(+), 41 deletions(-) create mode 100644 templates/bbb-on-aws-registry.template.yaml diff --git a/CHANGELOG.MD b/CHANGELOG.MD index 3c225bf..a4381b2 100644 --- a/CHANGELOG.MD +++ b/CHANGELOG.MD @@ -7,6 +7,7 @@ All notable changes to this project will be documented in this file. ### Upgrade Notes: - the Big Blue Button version defaults now to 2.3.0. if you need to stay on 2.2.X please make sure to alter the BBB version parameter to xenial-22 and the Ubuntu version parameter to xenial-16.04. - the deployment now defaults to "Serverless" deployments for ECS and Aurora. this will optimize costs especially in small/test environments. switching from instanced to serverless will resetup the database means you will have to restore the DB from a backup afterwards or start fresh with testings. to prevent this, ensure you're not just using defaults for your environment. +- now you should have docker locally installed when planning a scalable deployment. this is due our approach to mirror the needed images to ensure availability when using scaling of the frontend and Scalelite LBs ### Fixed - #75: Serverless Aurora did not deploy due a missing !IF condition for the parametergroup @@ -18,6 +19,7 @@ All notable changes to this project will be documented in this file. - #77: an existing ACM Certificate ARN can be added to reuse an existing or imported SSL certificate - #76: Cloudformation can now validate ACM certificates natively, so we do not need the custom resource anymore. - #85: we're now utilizing IAM Roles when mounting the Shared Storage. Also the Storage now limits access to the APs utilizing these Roles. +- #86: adding ECR as container registry to prevent failures due dockerhub limitations ## [2.3.0] - 2021-03-10 diff --git a/README.md b/README.md index efa6bc1..4845130 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,7 @@ To run the automated, [setup script](./setup.sh) based deployment you need to ha - an [installed and configured ](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html) aws-cli - [a named profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html) at the aws-cli configuration reflecting the account you are planning to use for the deployment - [jq](https://stedolan.github.io/jq/) +- [docker](https://www.docker.com/) To run the step-by-step setup: diff --git a/bbb-on-aws-master.template.yaml b/bbb-on-aws-master.template.yaml index 5e4f551..57ab385 100644 --- a/bbb-on-aws-master.template.yaml +++ b/bbb-on-aws-master.template.yaml @@ -395,6 +395,10 @@ Parameters: Description: Scalelite Importer docker image identifier Type: String Default: "blindsidenetwks/scalelite:v1-recording-importer" + BBBECRRegistry: + Description: ECR Registry to be used. + Type: String + Default: "" BBBCacheAZMode: Description: Redis Cache AZ Mode Type: String @@ -873,10 +877,6 @@ Resources: Fn::GetAtt: - BBBTurnStack - Outputs.BBBTurnSecret - BBBLoadbalancerSecret: - Fn::GetAtt: - - BBBFontendAppsStack - - Outputs.BBBLoadbalancerSecret BBBNotificationTopic: Ref: BBBNotificationTopic BBBSystemLogsGroupArn: @@ -1128,6 +1128,8 @@ Resources: Ref: BBBScalelitePollerImage BBBScaleliteImporterImage: Ref: BBBScaleliteImporterImage + BBBECRRegistry: + Ref: BBBECRRegistry BBBCacheDBAddress: Fn::GetAtt: - BBBCacheDBStack diff --git a/bbb-on-aws-param.json b/bbb-on-aws-param.json index 61e7c8a..cddc5c8 100755 --- a/bbb-on-aws-param.json +++ b/bbb-on-aws-param.json @@ -3,7 +3,7 @@ "BBBApplicationVersion": "bionic-230", "BBBApplicationInstanceOSVersion": "bionic-18.04", "BBBTurnInstanceOSVersion": "focal-20.04", - "BBBECSInstanceType": "t3a.medium", + "BBBECSInstanceType": "fargate", "BBBApplicationInstanceType": "t3a.medium", "BBBApplicationDataVolumeSize": 50, "BBBApplicationRootVolumeSize": 20, @@ -32,10 +32,10 @@ "BBBEnvironmentName": "bbbonaws", "BBBEnvironmentType": "scalable", "BBBgreenlightImage": "bigbluebutton/greenlight:v2", - "BBBScaleliteApiImage": "blindsidenetwks/scalelite:v1.1-beta.4-bionic230-alpine-api", - "BBBScaleliteNginxImage": "blindsidenetwks/scalelite:v1.1-beta.4-bionic230-alpine-nginx", - "BBBScalelitePollerImage": "blindsidenetwks/scalelite:v1.1-beta.4-bionic230-alpine-poller", - "BBBScaleliteImporterImage": "blindsidenetwks/scalelite:v1.1-beta.4-bionic230-alpine-recording-importer", + "BBBScaleliteApiImage": "blindsidenetwks/scalelite:v1.1-beta.4-api", + "BBBScaleliteNginxImage": "blindsidenetwks/scalelite:v1.1-beta.4-nginx", + "BBBScalelitePollerImage": "blindsidenetwks/scalelite:v1.1-beta.4-poller", + "BBBScaleliteImporterImage": "blindsidenetwks/scalelite:v1.1-beta.4-recording-importer", "BBBCacheAZMode": "cross-az", "BBBGreenlightMemory": 1024, "BBBGreenlightCPU": 512, @@ -43,3 +43,5 @@ "BBBScaleliteCPU": 1024 } } + + diff --git a/destroy.sh b/destroy.sh index 10cafb1..c5809d6 100755 --- a/destroy.sh +++ b/destroy.sh @@ -62,6 +62,9 @@ echo "##################################################" aws cloudformation delete-stack --stack-name $BBBPREPSTACK --profile=$BBBPROFILE aws cloudformation wait stack-delete-complete --profile=$BBBPROFILE --stack-name $BBBPREPSTACK +aws cloudformation delete-stack --stack-name $BBBECRSTACK --profile=$BBBPROFILE +aws cloudformation wait stack-delete-complete --profile=$BBBPROFILE --stack-name $BBBECRSTACK + echo "##################################################" echo "Deletion done" diff --git a/setup.sh b/setup.sh index c7e0509..7f307c1 100755 --- a/setup.sh +++ b/setup.sh @@ -98,11 +98,57 @@ fi echo "##################################################" echo "File Copy finished" +ENVIRONMENTTYPE=$(jq -r ".Parameters.BBBEnvironmentType" bbb-on-aws-param.json) + +if [ "$ENVIRONMENTTYPE" == 'scalable' ] +then + BBBECRStack="${BBBSTACK}-registry" + aws cloudformation deploy --profile=$BBBPROFILE --stack-name $BBBECRStack \ + --parameter-overrides $PARAMETERS \ + $(jq -r '.Parameters | to_entries | map("\(.key)=\(.value)") | join(" ")' bbb-on-aws-param.json) \ + --template ./templates/bbb-on-aws-registry.template.yaml + + GREENLIGHTREGISTRY=`aws cloudformation describe-stacks --profile=$BBBPROFILE --query "Stacks[0].Outputs[0].OutputValue" --stack-name $BBBECRStack` + GREENLIGHTREGISTRY=`echo "${GREENLIGHTREGISTRYREGISTRY//\"}"` + SCALEILITEREGISTRY=`aws cloudformation describe-stacks --profile=$BBBPROFILE --query "Stacks[0].Outputs[1].OutputValue" --stack-name $BBBECRStack` + SCALEILITEREGISTRY=`echo "${SCALEILITEREGISTRY//\"}"` + + # we will mirror the needed images from dockerhub and push towards ECR + echo "##################################################" + echo "Mirror docker images to ECR for further usage" + echo "##################################################" + + IMAGES=( BBBgreenlightImage BBBScaleliteNginxImage BBBScaleliteApiImage BBBScalelitePollerImage BBBScaleliteImporterImage ) + + ACCOUNTID=$(aws sts get-caller-identity --query Account --output text --profile=$BBBPROFILE) + REGION=$(aws configure get region --profile=$BBBPROFILE) + REGISTRY=$ACCOUNTID.dkr.ecr.$REGION.amazonaws.com + SCALEILITEREGISTRY=$ACCOUNTID.dkr.ecr.$REGION.amazonaws.com/$SCALEILITEREGISTRY + GREENLIGHTREGISTRY=$ACCOUNTID.dkr.ecr.$REGION.amazonaws.com/$GREENLIGHTREGISTRY + + aws ecr get-login-password --profile=$BBBPROFILE | docker login --username AWS --password-stdin $SCALEILITEREGISTRY + aws ecr get-login-password --profile=$BBBPROFILE | docker login --username AWS --password-stdin $GREENLIGHTREGISTRY + + for IMAGE in "${IMAGES[@]}" + do + IMAGE=$(jq -r ".Parameters.$IMAGE" bbb-on-aws-param.json) + docker pull $IMAGE + docker tag $IMAGE $REGISTRY/$IMAGE + docker push $REGISTRY/$IMAGE + done + + echo "##################################################" + echo "Registry Preperation finished" +else + REGISTRY="Dockerhub" +fi + # Setting the dynamic Parameters for the Deployment PARAMETERS=" BBBOperatorEMail=$OPERATOREMAIL \ BBBStackBucketStack=$BBBSTACK-Sources \ BBBDomainName=$DOMAIN \ - BBBHostedZone=$HOSTEDZONE" + BBBHostedZone=$HOSTEDZONE \ + BBBECRRegistry=$REGISTRY" # Deploy the BBB infrastructure. echo "Building the BBB Environment" @@ -116,4 +162,4 @@ aws cloudformation deploy --profile=$BBBPROFILE --stack-name $BBBSTACK \ echo "##################################################" echo "Deployment finished" -exit 0 +exit 0 \ No newline at end of file diff --git a/templates/bbb-on-aws-bbbappscalable.template.yaml b/templates/bbb-on-aws-bbbappscalable.template.yaml index 4e90880..ddd8a12 100644 --- a/templates/bbb-on-aws-bbbappscalable.template.yaml +++ b/templates/bbb-on-aws-bbbappscalable.template.yaml @@ -123,9 +123,6 @@ Parameters: BBBTurnSecret: Description: Secret string for the Turn server Type: String - BBBLoadbalancerSecret: - Description: Secret string for the BBB Api server - Type: String BBBSharedStorageFS: Description: File system id for the Amazon EFS volume to be mounted Type: String @@ -380,11 +377,6 @@ Resources: done wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s -- -v ${BBBApplicationVersion} -s $instance_fqdn -e ${BBBOperatorEMail} -c $turn_fqdn:$turnsecret - - #bbbsecret=$(aws secretsmanager get-secret-value --region ${AWS::Region} --secret-id ${BBBLoadbalancerSecret} --query SecretString --output text | jq -r .basekeyvalue) - - #bbb-conf --setsecret $bbbsecret - #bbb-conf --restart groupadd -g 2000 scalelite-spool usermod -a -G scalelite-spool bigbluebutton diff --git a/templates/bbb-on-aws-frontendapps.template.yaml b/templates/bbb-on-aws-frontendapps.template.yaml index efbd4df..6eda923 100644 --- a/templates/bbb-on-aws-frontendapps.template.yaml +++ b/templates/bbb-on-aws-frontendapps.template.yaml @@ -72,6 +72,10 @@ Parameters: Description: Scalelite Importer docker image identifier Type: String Default: "blindsidenetwks/scalelite:v1-recording-importer" + BBBECRRegistry: + Description: ECR Registry to be used. + Type: String + Default: "" BBBCacheDBAddress: Description: Amazon ElastiCache Cluster address Type: String @@ -580,7 +584,11 @@ Resources: ContainerDefinitions: - Name: greenlight Essential: true - Image: !Ref BBBgreenlightImage + Image: + !Join + - '/' + - - !Ref BBBECRRegistry + - !Ref BBBgreenlightImage LogConfiguration: LogDriver: awslogs Options: @@ -747,7 +755,11 @@ Resources: ContainerDefinitions: - Name: scalelite-importer Essential: true - Image: !Ref BBBScaleliteImporterImage + Image: + !Join + - '/' + - - !Ref BBBECRRegistry + - !Ref BBBScaleliteImporterImage MountPoints: - ContainerPath: /var/bigbluebutton/spool SourceVolume: !Join [ "", [ scalelite-recordings-volume-spool, !Ref BBBEnvironmentStage ] ] @@ -755,7 +767,7 @@ Resources: SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref BBBEnvironmentStage ] ] - ContainerPath: /var/bigbluebutton/unpublished SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref BBBEnvironmentStage ] ] - - ContainerPath: /var/bigbluebutton/recordings + - ContainerPath: /var/bigbluebutton/recording/scalelite SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref BBBEnvironmentStage ] ] LogConfiguration: LogDriver: awslogs @@ -784,9 +796,14 @@ Resources: Value: 'true' - Name: NGINX_BEHIND_PROXY Value: 'true' + - Name: scalelite-poller Essential: true - Image: !Ref BBBScalelitePollerImage + Image: + !Join + - '/' + - - !Ref BBBECRRegistry + - !Ref BBBScalelitePollerImage LogConfiguration: LogDriver: awslogs Options: @@ -819,7 +836,11 @@ Resources: DependsOn: - ContainerName: scalelite-importer Condition: START - Image: !Ref BBBScaleliteNginxImage + Image: + !Join + - '/' + - - !Ref BBBECRRegistry + - !Ref BBBScaleliteNginxImage EntryPoint: !If - BBBECSFargate @@ -829,7 +850,7 @@ Resources: Command: !If - BBBECSFargate - - - "/bin/sh -c \"sed -i 's/scalelite-api/localhost/g' /etc/nginx/conf.d/scalelite.common && /etc/nginx/start -g daemon off\"" + - - "/bin/sh -c \"sed -i 's/scalelite-api/127.0.0.1/g' /etc/nginx/conf.d/scalelite-proxy.template && /etc/nginx/start -g daemon off\"" - !Ref "AWS::NoValue" Links: !If @@ -843,7 +864,7 @@ Resources: SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref BBBEnvironmentStage ] ] - ContainerPath: /var/bigbluebutton/unpublished SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref BBBEnvironmentStage ] ] - - ContainerPath: /var/bigbluebutton/recordings + - ContainerPath: /var/bigbluebutton/recording/scalelite SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref BBBEnvironmentStage ] ] LogConfiguration: LogDriver: awslogs @@ -878,7 +899,11 @@ Resources: Value: !Sub scalelite.${BBBDomainName} - Name: scalelite-api Essential: true - Image: !Ref BBBScaleliteApiImage + Image: + !Join + - '/' + - - !Ref BBBECRRegistry + - !Ref BBBScaleliteApiImage MountPoints: - ContainerPath: /var/bigbluebutton/spool SourceVolume: !Join [ "", [ scalelite-recordings-volume-spool, !Ref BBBEnvironmentStage ] ] @@ -886,7 +911,7 @@ Resources: SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref BBBEnvironmentStage ] ] - ContainerPath: /var/bigbluebutton/unpublished SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref BBBEnvironmentStage ] ] - - ContainerPath: /var/bigbluebutton/recordings + - ContainerPath: /var/bigbluebutton/recording/scalelite SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref BBBEnvironmentStage ] ] LogConfiguration: LogDriver: awslogs @@ -936,7 +961,11 @@ Resources: ContainerDefinitions: - Name: scalelite-handle-server Essential: true - Image: !Ref BBBScaleliteApiImage + Image: + !Join + - '/' + - - !Ref BBBECRRegistry + - !Ref BBBScaleliteApiImage LogConfiguration: LogDriver: awslogs Options: diff --git a/templates/bbb-on-aws-registry.template.yaml b/templates/bbb-on-aws-registry.template.yaml new file mode 100644 index 0000000..17f4b02 --- /dev/null +++ b/templates/bbb-on-aws-registry.template.yaml @@ -0,0 +1,31 @@ +--- +AWSTemplateFormatVersion: '2010-09-09' +Description: > + + This Cloudformation Template deploys the registry to handle the BigBlueButton container deployment. The Template deploys an ECR + registry for images to be pulled. + + Disclaimer: Not for production use. Demo and testing purposes only. + + Author: David Surey , Bastian Klein +Resources: + + BBBScaleliteRegistry: + Type: AWS::ECR::Repository + Properties: + RepositoryName: blindsidenetwks/scalelite + + BBBGreenlightRegistry: + Type: AWS::ECR::Repository + Properties: + RepositoryName: bigbluebutton/greenlight + +Outputs: + BBBGreenlightRegistry: + Description: Registry name for the ECR registry holding Greenlight and Scalelite Images + Value: + Ref: BBBGreenlightRegistry + BBBScaleliteRegistry: + Description: Registry name for the ECR registry holding Greenlight and Scalelite Images + Value: + Ref: BBBScaleliteRegistry \ No newline at end of file diff --git a/templates/bbb-on-aws-storage.template.yaml b/templates/bbb-on-aws-storage.template.yaml index 88780ca..cba0f50 100644 --- a/templates/bbb-on-aws-storage.template.yaml +++ b/templates/bbb-on-aws-storage.template.yaml @@ -97,12 +97,12 @@ Resources: FileSystemId: !Ref BBBSharedStorageFS PosixUser: Uid: "1000" - Gid: "1000" + Gid: "2000" RootDirectory: CreationInfo: OwnerGid: "1000" - OwnerUid: "1000" - Permissions: "0775" + OwnerUid: "2000" + Permissions: "0777" Path: "/spool" BBBSharedStorageAPpublished: @@ -111,12 +111,12 @@ Resources: FileSystemId: !Ref BBBSharedStorageFS PosixUser: Uid: "1000" - Gid: "1000" + Gid: "2000" RootDirectory: CreationInfo: OwnerGid: "1000" - OwnerUid: "1000" - Permissions: "0775" + OwnerUid: "2000" + Permissions: "0777" Path: "/published" BBBSharedStorageAPunpublished: @@ -125,12 +125,12 @@ Resources: FileSystemId: !Ref BBBSharedStorageFS PosixUser: Uid: "1000" - Gid: "1000" + Gid: "2000" RootDirectory: CreationInfo: OwnerGid: "1000" - OwnerUid: "1000" - Permissions: "0775" + OwnerUid: "2000" + Permissions: "0777" Path: "/unpublished" BBBSharedStorageAPrecordings: @@ -139,12 +139,12 @@ Resources: FileSystemId: !Ref BBBSharedStorageFS PosixUser: Uid: "1000" - Gid: "1000" + Gid: "2000" RootDirectory: CreationInfo: OwnerGid: "1000" - OwnerUid: "1000" - Permissions: "0775" + OwnerUid: "2000" + Permissions: "0777" Path: "/recordings" Outputs: From e818f7293e21a59b2b32c034c78716877e349f91 Mon Sep 17 00:00:00 2001 From: David Surey Date: Mon, 10 May 2021 23:10:45 +0200 Subject: [PATCH 17/18] added some notes to changelog --- CHANGELOG.MD | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.MD b/CHANGELOG.MD index a4381b2..e242768 100644 --- a/CHANGELOG.MD +++ b/CHANGELOG.MD @@ -20,6 +20,8 @@ All notable changes to this project will be documented in this file. - #76: Cloudformation can now validate ACM certificates natively, so we do not need the custom resource anymore. - #85: we're now utilizing IAM Roles when mounting the Shared Storage. Also the Storage now limits access to the APs utilizing these Roles. - #86: adding ECR as container registry to prevent failures due dockerhub limitations +- Versions of Greenlight and Scalelite are now current and reflect the new default Big Blue Button Version +- Fargate deployment version of Scalelite was broken, this is now fixed. ## [2.3.0] - 2021-03-10 From f809b5d763d4ae959c6fee8557745b5217d927d1 Mon Sep 17 00:00:00 2001 From: David Surey Date: Mon, 10 May 2021 23:11:10 +0200 Subject: [PATCH 18/18] release date --- CHANGELOG.MD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.MD b/CHANGELOG.MD index e242768..a6aa34b 100644 --- a/CHANGELOG.MD +++ b/CHANGELOG.MD @@ -2,7 +2,7 @@ # Change Log All notable changes to this project will be documented in this file. -## [3.0.0] - 2021-05-08 +## [3.0.0] - 2021-05-10 ### Upgrade Notes: - the Big Blue Button version defaults now to 2.3.0. if you need to stay on 2.2.X please make sure to alter the BBB version parameter to xenial-22 and the Ubuntu version parameter to xenial-16.04.