RubyGems - ciinabox-ecs - Versions diffs - 0.3.1 → 0.3.2.alpha.1622701697 - Mend

ciinabox-ecs 0.3.1 → 0.3.2.alpha.1622701697

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/templates/ecs-cluster.rb +2 -0
data/templates/services/sonarqube.rb +87 -48
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 15b9d63e5865821399629cc2350959b6c883f9b44778e7c383e76687c726800f
-  data.tar.gz: 13786bc661b595ea995b125bb30606986e56bee3e887e8031a428c40170136d6
+  metadata.gz: a8447edc3b32e93f320bd248182a452ee125acd51ec0a173a7ffb94194bb0535
+  data.tar.gz: 397b6d9c1f5b01337c70082512f984a03996d45372bb8d5b6db72ff6b3fda88b
 SHA512:
-  metadata.gz: 5765a699f82ed330a819b3a40c5640445648060e596ffd380a5d023f373154ee08c5d245b54c10099beb735a7625a2ea947e5edd982223b69cdeca54f943bf38
-  data.tar.gz: a6f72e6360747b853654f750c36a5db3bd04ed69a5143e5086f16dafbaa36846e458804b432da80c4b2802108135871ffe5865ebc45b3b7cd62b95d784ff14d6
+  metadata.gz: b5416bcacc149cfeaa3c6444ae38c58cf9b3050b03f120c47ebe661887e26662e875feb434e82973dab4d04f45563cb9a56eac6fe4912ca6c1f5e5ecb04c7a6a
+  data.tar.gz: 8c24c97d9c0f8ce72d4db03b9e539c41f19352a71b27035187032a940e9a35c381edca1ec2203e9dc2e1a6b0c1a938da51c03f1080c4cfd121939c94f0fe31ea

data/templates/ecs-cluster.rb CHANGED Viewed

@@ -190,6 +190,8 @@ CloudFormation {
         "echo ECS_ENABLE_TASK_CPU_MEM_LIMIT=false >> /etc/ecs/ecs.config\n",
         "INSTANCE_ID=$(echo `/opt/aws/bin/ec2-metadata -i | cut -f2 -d:`)\n",
         "PRIVATE_IP=`/opt/aws/bin/ec2-metadata -o | cut -f2 -d: | cut -f2 -d-`\n",
+        "echo 'vm.max_map_count=262144' >> /etc/sysctl.conf\n",
+        "sysctl -p\n",
         "hostname ciinabox-ecs-xx\n",
         "#{proxy_config_userdata}",
         "yum install -y python-pip\n",

data/templates/services/sonarqube.rb CHANGED Viewed

@@ -17,6 +17,9 @@ if service
   memory = service['ContainerMemory'] || 2048
   cpu = service['ContainerCPU'] || 300
   container_port = service['InstancePort'] || 0
+  postgres_url_param_arn = service['PostgresUrlParamArn'] || nil
+  postgres_user_param_arn = service['PostgresUserParamArn'] || nil
+  postgres_password_param_arn = service['PostgresPasswordParamArn'] || nil
 end
 CloudFormation {
@@ -30,54 +33,70 @@ CloudFormation {
   Resource('SonarQubeTask') {
     Type "AWS::ECS::TaskDefinition"
-    Property('ContainerDefinitions', [
-      {
-        Name: 'sonarqube',
-        MemoryReservation: memory,
-        Cpu: cpu,
-        Image: image,
-        Environment: [
-          {
-            Name: 'VIRTUAL_HOST',
-            Value: "sonar.#{dns_domain}"
-          },
-          {
-            Name: 'VIRTUAL_PORT',
-            Value: '9000'
-          }
-        ],
-        Ulimits: [
-          {
-            Name: "nofile",
-            SoftLimit: 65536,
-            HardLimit: 65536
-          }
-        ],
-        Essential: true,
-        MountPoints: [
-          {
-            ContainerPath: '/etc/localtime',
-            SourceVolume: 'timezone',
-            ReadOnly: true
-          },
-          {
-            ContainerPath: '/opt/sonarqube/extensions',
-            SourceVolume: 'sonarqube_extensions',
-            ReadOnly: false
-          },
-          {
-            ContainerPath: '/opt/sonarqube/logs',
-            SourceVolume: 'sonarqube_logs',
-            ReadOnly: false
-          },
-          {
-            ContainerPath: '/opt/sonarqube/data',
-            SourceVolume: 'sonarqube_data',
-            ReadOnly: false
-          }
-        ]
-      }
-    ])
+    Property('ExecutionRoleArn', FnGetAtt('TaskExecutionRole', 'Arn'))
+    sonarqube_container_def = {
+      Name: 'sonarqube',
+      MemoryReservation: memory,
+      Cpu: cpu,
+      Image: image,
+      Environment: [
+        {
+          Name: 'VIRTUAL_HOST',
+          Value: "sonar.#{dns_domain}"
+        },
+        {
+          Name: 'VIRTUAL_PORT',
+          Value: '9000'
+        }
+      ],
+      Ulimits: [
+        {
+          Name: "nofile",
+          SoftLimit: 65536,
+          HardLimit: 65536
+        }
+      ],
+      Essential: true,
+      MountPoints: [
+        {
+          ContainerPath: '/etc/localtime',
+          SourceVolume: 'timezone',
+          ReadOnly: true
+        },
+        {
+          ContainerPath: '/opt/sonarqube/extensions',
+          SourceVolume: 'sonarqube_extensions',
+          ReadOnly: false
+        },
+        {
+          ContainerPath: '/opt/sonarqube/logs',
+          SourceVolume: 'sonarqube_logs',
+          ReadOnly: false
+        },
+        {
+          ContainerPath: '/opt/sonarqube/data',
+          SourceVolume: 'sonarqube_data',
+          ReadOnly: false
+        }
+      ]
+    }
+    if postgres_user_param_arn then
+      sonarqube_container_def[:Secrets] = [
+        {
+          Name: 'SONARQUBE_JDBC_URL',
+          ValueFrom: postgres_url_param_arn
+        },
+        {
+          Name: 'SONARQUBE_JDBC_USERNAME',
+          ValueFrom: postgres_user_param_arn
+        },
+        {
+          Name: 'SONARQUBE_JDBC_PASSWORD',
+          ValueFrom: postgres_password_param_arn
+        }
+      ]
+    end
+    Property('ContainerDefinitions', [sonarqube_container_def])
     Property('Volumes', [
       {
         Name: 'timezone',
@@ -112,6 +131,26 @@ CloudFormation {
     ])
   }
+  Resource('TaskExecutionRole') {
+    Type 'AWS::IAM::Role'
+    Property('AssumeRolePolicyDocument', {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Principal": {
+            "Service": "ecs-tasks.amazonaws.com"
+          },
+          "Action": "sts:AssumeRole"
+        }
+      ]
+    })
+    Property('ManagedPolicyArns', [
+      'arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess',
+      'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
+    ])
+  }
   Resource('SonarQubeService') {
     Type 'AWS::ECS::Service'
     Property('Cluster', Ref('ECSCluster'))

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ciinabox-ecs
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.3.2.alpha.1622701697
 platform: ruby
 authors:
 - Base2Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-04-06 00:00:00.000000000 Z
+date: 2021-06-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -165,11 +165,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.2.15
+rubygems_version: 3.2.19
 signing_key:
 specification_version: 4
 summary: Manage ciinabox on Aws Ecs