mozilla
/
mig-deploy
зеркало из https://github.com/mozilla/mig-deploy.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

add rds, additional subnets

This commit is contained in:
Aaron Meihm 2017-01-04 15:32:29 -06:00
Родитель ea6e8f10aa
Коммит b69d8d1df9
9 изменённых файлов: 191 добавлений и 30 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
ansible.cfg Normal file
Просмотреть файл

@ -0,0 +1,2 @@
[defaults]
vault_password_file=open_the_vault.sh

5
open_the_vault.sh Executable file
Просмотреть файл

@ -0,0 +1,5 @@
#!/bin/bash
gpg --batch --use-agent --decrypt vault_passphrase.gpg
exit 0

1
playbooks/base.yml
Просмотреть файл

@ -20,4 +20,3 @@
InstanceType: "t2.micro"
KeyName: "{{ keys }}"
DeployRepo: "{{ deployrepo }}"
AvailabilityZone: "{{ availability_zone }}"

21
playbooks/rds.yml Normal file
Просмотреть файл

@ -0,0 +1,21 @@
---
- hosts: localhost
connection: local
gather_facts: False
vars_files:
- "../vars/default.yml"
- "../vars/sec.yml"
tasks:
- name: Configure MIG RDS
action: cloudformation
stack_name="{{ rds_stack_name }}"
state="{{ state }}"
region="{{ region }}"
template="../templates/rds.json"
args:
template_parameters:
Environment: "{{ env }}"
DBPassword: "{{ migdbpass }}"
BaseStack: "{{ base_stack_name }}"

96
templates/base.json
Просмотреть файл

@ -27,10 +27,6 @@
"DeployRepo": {
"Type": "String",
"Description": "URL for MIG deploy repo"
},
"AvailabilityZone": {
"Type": "String",
"Description": "Availability zone to use for subnets"
}
},
"Resources": {
@ -58,14 +54,25 @@
"InternetGatewayId": { "Ref": "InternetGateway" }
}
},
"PublicSubnet": {
"PublicSubnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": { "Ref": "VPC" },
"CidrBlock": "10.20.0.0/24",
"AvailabilityZone": { "Ref": "AvailabilityZone" },
"AvailabilityZone": { "Fn::Select": ["0", { "Fn::GetAZs": "" }] },
"Tags": [
{ "Key": "Name", "Value": "mig public subnet" }
{ "Key": "Name", "Value": "mig public subnet 1" }
]
}
},
"PublicSubnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": { "Ref": "VPC" },
"CidrBlock": "10.20.1.0/24",
"AvailabilityZone": { "Fn::Select": ["1", { "Fn::GetAZs": "" }] },
"Tags": [
{ "Key": "Name", "Value": "mig public subnet 2" }
]
}
},
@ -87,22 +94,41 @@
"GatewayId": { "Ref": "InternetGateway" }
}
},
"PublicRouteTableAssoc": {
"PublicRouteTableAssoc1": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": { "Ref": "PublicSubnet" },
"SubnetId": { "Ref": "PublicSubnet1" },
"RouteTableId": { "Ref": "PublicRouteTable" }
}
},
"PrivateSubnet": {
"PublicRouteTableAssoc2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": { "Ref": "PublicSubnet2" },
"RouteTableId": { "Ref": "PublicRouteTable" }
}
},
"PrivateSubnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": { "Ref": "VPC" },
"CidrBlock": "10.20.1.0/24",
"AvailabilityZone": { "Ref": "AvailabilityZone" },
"CidrBlock": "10.20.2.0/24",
"AvailabilityZone": { "Fn::Select": ["0", { "Fn::GetAZs": "" }] },
"MapPublicIpOnLaunch": "false",
"Tags": [
{ "Key": "Name", "Value": "mig private subnet" }
{ "Key": "Name", "Value": "mig private subnet 1" }
]
}
},
"PrivateSubnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": { "Ref": "VPC" },
"CidrBlock": "10.20.3.0/24",
"AvailabilityZone": { "Fn::Select": ["1", { "Fn::GetAZs": "" }] },
"MapPublicIpOnLaunch": "false",
"Tags": [
{ "Key": "Name", "Value": "mig private subnet 2" }
]
}
},
@ -124,10 +150,17 @@
"InstanceId": { "Ref": "BastionInstance" }
}
},
"PrivateRouteTableAssoc": {
"PrivateRouteTableAssoc1": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": { "Ref": "PrivateSubnet" },
"SubnetId": { "Ref": "PrivateSubnet1" },
"RouteTableId": { "Ref": "PrivateRouteTable" }
}
},
"PrivateRouteTableAssoc2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": { "Ref": "PrivateSubnet2" },
"RouteTableId": { "Ref": "PrivateRouteTable" }
}
},
@ -144,7 +177,7 @@
"AssociatePublicIpAddress": "true",
"DeviceIndex": "0",
"DeleteOnTermination": "true",
"SubnetId": { "Ref": "PublicSubnet" }
"SubnetId": { "Ref": "PublicSubnet1" }
}],
"Tags": [
{ "Key": "Name", "Value": "mig bastion host" }
@ -174,7 +207,7 @@
"VpcId": { "Ref": "VPC" },
"SecurityGroupIngress": [
{ "IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": "0.0.0.0/0" },
{ "IpProtocol": "tcp", "FromPort": "0", "ToPort": "65535", "CidrIp": "10.20.0.0/16" },
{ "IpProtocol": "tcp", "FromPort": "0", "ToPort": "65535", "CidrIp": "10.20.0.0/16" }
],
"Tags": [
{ "Key": "Name", "Value": "mig bastion security group" }
@ -188,20 +221,25 @@
"Value": { "Ref": "VPC" },
"Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCId" }}
},
"PrivateSubnet": {
"Description": "Private subnet ID",
"Value": { "Ref": "PrivateSubnet" },
"Export": { "Name": {"Fn::Sub": "${AWS::StackName}-PrivateSubnet" }}
"PrivateSubnet1": {
"Description": "Private subnet 1 ID",
"Value": { "Ref": "PrivateSubnet1" },
"Export": { "Name": {"Fn::Sub": "${AWS::StackName}-PrivateSubnet1" }}
},
"PublicSubnet": {
"Description": "Public subnet ID",
"Value": { "Ref": "PublicSubnet" },
"Export": { "Name": {"Fn::Sub": "${AWS::StackName}-PublicSubnet" }}
"PrivateSubnet2": {
"Description": "Private subnet 2 ID",
"Value": { "Ref": "PrivateSubnet2" },
"Export": { "Name": {"Fn::Sub": "${AWS::StackName}-PrivateSubnet2" }}
},
"AvailabilityZone": {
"Description": "Availability zone",
"Value": { "Ref": "AvailabilityZone" },
"Export": { "Name": {"Fn::Sub": "${AWS::StackName}-AvailabilityZone" }}
"PublicSubnet1": {
"Description": "Public subnet 1 ID",
"Value": { "Ref": "PublicSubnet1" },
"Export": { "Name": {"Fn::Sub": "${AWS::StackName}-PublicSubnet1" }}
},
"PublicSubnet2": {
"Description": "Public subnet 2 ID",
"Value": { "Ref": "PublicSubnet2" },
"Export": { "Name": {"Fn::Sub": "${AWS::StackName}-PublicSubnet2" }}
},
"BastionInstanceId": {
"Description": "Bastion host instance ID",

82
templates/rds.json Normal file
Просмотреть файл

@ -0,0 +1,82 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "MIG database",
"Parameters": {
"Environment": {
"AllowedValues": [
"dev",
"stage",
"prod"
],
"Default": "dev",
"Description": "Environment",
"Type": "String"
},
"BaseStack": {
"Description": "Name of base stack",
"Type": "String"
},
"DBAllocatedStorage": {
"Description": "DB storage in GB",
"Type": "String",
"Default": "8"
},
"DBInstanceClass": {
"Description": "DB instance class",
"Type": "String",
"Default": "db.r3.large"
},
"DBUser": {
"Description": "DB username",
"Type": "String",
"Default": "migadmin"
},
"DBPassword": {
"Description": "DB password",
"Type": "String"
}
},
"Resources": {
"DBSubnetGroup": {
"Type": "AWS::RDS::DBSubnetGroup",
"Properties": {
"DBSubnetGroupDescription": "mig db subnet group",
"SubnetIds": [
{ "Fn::ImportValue": { "Fn::Sub": "${BaseStack}-PrivateSubnet1" }},
{ "Fn::ImportValue": { "Fn::Sub": "${BaseStack}-PrivateSubnet2" }}
]
}
},
"DB": {
"Type": "AWS::RDS::DBInstance",
"Properties": {
"AllocatedStorage": { "Ref": "DBAllocatedStorage" },
"BackupRetentionPeriod": "30",
"DBInstanceClass": { "Ref": "DBInstanceClass" },
"DBInstanceIdentifier": { "Fn::Sub": "db-${AWS::StackName}" },
"DBName": "mig",
"VPCSecurityGroups": [ { "Ref": "DBSecurityGroup" } ],
"Engine": "postgres",
"EngineVersion": "9.4.7",
"MasterUsername": { "Ref": "DBUser" },
"MasterUserPassword": { "Ref": "DBPassword" },
"DBSubnetGroupName": { "Ref": "DBSubnetGroup" },
"PubliclyAccessible": "false"
}
},
"DBSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": { "Fn::ImportValue": { "Fn::Sub": "${BaseStack}-VPCId" }},
"GroupDescription": "Security group for MIG RDS instance",
"SecurityGroupIngress": [
{ "IpProtocol": "tcp", "FromPort": "5432", "ToPort": "5432", "CidrIp": "10.20.2.0/24" },
{ "IpProtocol": "tcp", "FromPort": "5432", "ToPort": "5432", "CidrIp": "10.20.3.0/24" }
],
"Tags": [
{ "Key": "Name", "Value": "mig rds security group" }
]
}
}
}
}

4
vars/default.yml
Просмотреть файл

@ -1,6 +1,7 @@
---
region: us-west-2
availability_zone: us-west-2a
availability_zone2: us-west-2b
keys: "alm-keys"
ami_id: ami-2709bd47
state: present
@ -13,3 +14,6 @@ base_stack_name: "mig-base-{{ base_stack_id }}"
app_stack_id: "1"
app_stack_name: "mig-app-{{ app_stack_id }}"
api_certificate_name: "migapitmp"
rds_stack_id: "1"
rds_stack_name: "mig-rds-{{ rds_stack_id }}"

8
vars/sec.yml Normal file
Просмотреть файл

@ -0,0 +1,8 @@
$ANSIBLE_VAULT;1.1;AES256
31333565643430323461353761353031326430636638323435376337353866333561303038393835
3537363632623234616531323630363538373636316630370a393632636139613138313965633032
33333161396234303266613634306361373834343965343831396432613862623036303363656266
6235373761366564660a656138366432343639646131666666656265306236626562656539393962
33323332646364666264383764623563393738353735326166643232663265626434343238383935
35393735383761356130636135386438323332393731613838613636386132323838653332326236
356263633639333764663332373264653563

2
vault_passphrase.gpg Normal file
Просмотреть файл

@ -0,0 +1,2 @@
 ?âùšXòÿ]k2Bo¬nš°Îœãkó†EÞUA¡£Gº—ä`%zátÆÒùHò]‡JghR|V×<56> â&¡È¡Èj3y¯èCp`Ñ/~LÐ,W€xºþOÎx7£ò¤éØ…íh3è_Fsi2ÆrÉ’ßß <C39F>k,4Š<34>ø˜u…-OZ¡v+Ø_Îz|ñÈ<He¤»Ž&ÄóÒõšqšnÿˆ1¹-µ—ñ>ì…ÚÿÛIÄôâã•Ñ!K<>4|2¸£<C2B8>évÒð¤å:|ä¬g Û²×N°‡¿D ÌÊá Ae·6<0F>u«Ò!¾SïŠO£-SíÖ´÷œ¢ÔÂIæiÓ°ú‡·¯Ír×;<3B>a‰Ì_ò4)W…LByàßûûš(îÎkµÆHX"à5„ƒlik(1Úf<C39A>þ耥ëáOB_‡@"K?K_–…ÿ«gÞrC>·üyÊn„b–ªÿŠy[¦u<C2A6>Yñ¹5%§<15>MmüA-ms
LОz³)íÇ`R¡²}³ü0Ú§m²/¡gŸ‡”. '×`$WÌZú äã«aG<16>ùMF¹&»OÓ k  ˆÿžg<C5BE>¸ ²úb3×38£V¦Ê™>¯¯fvÿ}ˆØc‰‡• ³xºÞ‹ú <20>¦„ÿ¢/Ú­¹7GÒlp<>­±ºÈþ¼e>P0^=Ž»«p7¹Q\õø «M:¶AŠºûÂÑUêÑ0EI3Ñ/8²ÏŸ<>=¾ài„¡Ò°u¬å±'^Uvoµ2É€@j¹öÅhö„ß[]Pœ¬8&¥Ì