зеркало из https://github.com/mozilla/mig-deploy.git
add primary relay instance
This commit is contained in:
Aaron Meihm
Родитель
a10ca401da
Коммит
616c46d30a
|
|
@ -18,6 +18,7 @@
|
|||
Environment: "{{ env }}"
|
||||
ImageId: "{{ ami_id }}"
|
||||
ApiInstanceType: "t2.medium"
|
||||
RelayInstanceType: "t2.medium"
|
||||
KeyName: "{{ keys }}"
|
||||
BaseStack: "{{ base_stack_name }}"
|
||||
RoleStack: "{{ role_stack_name }}"
|
||||
|
|
|
|||
|
|
@ -21,6 +21,11 @@
|
|||
"Description": "Instance type",
|
||||
"Type": "String"
|
||||
},
|
||||
"RelayInstanceType": {
|
||||
"Default": "t2.micro",
|
||||
"Description": "Instance type",
|
||||
"Type": "String"
|
||||
},
|
||||
"KeyName": {
|
||||
"Type": "AWS::EC2::KeyPair::KeyName"
|
||||
},
|
||||
|
|
@ -152,10 +157,49 @@
|
|||
} ],
|
||||
}
|
||||
},
|
||||
"Relay1": {
|
||||
"Type": "AWS::EC2::Instance",
|
||||
"Properties": {
|
||||
"ImageId": { "Ref": "ImageId" },
|
||||
"InstanceType": { "Ref": "RelayInstanceType" },
|
||||
"IamInstanceProfile": { "Ref": "InstanceProfile" },
|
||||
"KeyName": { "Ref": "KeyName" },
|
||||
"SecurityGroupIds": [ { "Ref": "RelaySecurityGroup" } ],
|
||||
"SubnetId": { "Fn::ImportValue": { "Fn::Sub": "${BaseStack}-PrivateSubnet1" }},
|
||||
"Tags": [
|
||||
{ "Key": "Name", "Value": "mig relay 1" }
|
||||
],
|
||||
"UserData": {
|
||||
"Fn::Base64": {
|
||||
"Fn::Join": [
|
||||
"",
|
||||
[
|
||||
"#!/bin/sh\n",
|
||||
"echo relay1 >> /etc/myrole\n",
|
||||
"apt-get update && apt-get -y install git ansible golang-go awscli\n",
|
||||
"export GOPATH=/root/go; mkdir $GOPATH\n",
|
||||
"go get -u go.mozilla.org/sops/cmd/sops\n",
|
||||
"cd /root && git clone ",
|
||||
{ "Ref": "DeployRepo" },
|
||||
"\n",
|
||||
"cd /root/mig-deploy/playbooks\n",
|
||||
"aws s3 cp ",
|
||||
{ "Ref": "SopsS3URL" },
|
||||
"/mig/mig-sec-",
|
||||
{ "Ref": "Environment" },
|
||||
".yml vars/sec.yml\n",
|
||||
"/root/go/bin/sops -d -i vars/sec.yml\n",
|
||||
"ansible-playbook entry.yml\n"
|
||||
]
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"APISecurityGroup": {
|
||||
"Type": "AWS::EC2::SecurityGroup",
|
||||
"Properties": {
|
||||
"GroupDescription": "Enable SSH access to API host",
|
||||
"GroupDescription": "Security group for api instances",
|
||||
"VpcId": { "Fn::ImportValue": { "Fn::Sub": "${BaseStack}-VPCId" }},
|
||||
"SecurityGroupIngress": [
|
||||
{ "IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "SourceSecurityGroupId": { "Fn::ImportValue": { "Fn::Sub": "${BaseStack}-BastionSecurityGroupId" }}},
|
||||
|
|
@ -178,6 +222,19 @@
|
|||
{ "Key": "Name", "Value": "mig api elb security group" }
|
||||
]
|
||||
}
|
||||
},
|
||||
"RelaySecurityGroup": {
|
||||
"Type": "AWS::EC2::SecurityGroup",
|
||||
"Properties": {
|
||||
"GroupDescription": "Security group for relay instances",
|
||||
"VpcId": { "Fn::ImportValue": { "Fn::Sub": "${BaseStack}-VPCId" }},
|
||||
"SecurityGroupIngress": [
|
||||
{ "IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "SourceSecurityGroupId": { "Fn::ImportValue": { "Fn::Sub": "${BaseStack}-BastionSecurityGroupId" }}}
|
||||
],
|
||||
"Tags": [
|
||||
{ "Key": "Name", "Value": "mig relay security group" }
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче