ciinabox-ecs 0.2.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f09d0c59cd5dad10cdaf47fa86f774cf228af8cc
-  data.tar.gz: 8bd1b3cc966ac2a9e9898ca51602c199529c3ed1
+  metadata.gz: 602691115c440d23c67e6765a0860a35f6bb0824
+  data.tar.gz: 4bdf78250830dc865e5185bfbde985377a5a8d95
 SHA512:
-  metadata.gz: a8f0596941a249276ac3a2624e2e641cc15a64cd66cbf28a24a87d97c7b237c4973ed6df6c764cdddb337a4e6342569e8d321f87890eb6788ea813926ff070fc
-  data.tar.gz: 4051d896f6552ee57e253dc5f4c3aefdd6ab6cffcb58ff187ef678723d7a930e976a8a884a1f0c172e7128a6b95b97b62d3aa3a4944d30318a2898993adce4da
+  metadata.gz: 6cece34d071f2f6798545ad7410926bbadf19b390f3833e46b6dc0452fa55ff8e9af44b2a96e6be0412584239caea2cc8ce8f34ab72ef7aa23b0b29daf2e4608
+  data.tar.gz: b883427bce1dc6cc2165f44fa22c5845e12b5150106a15454bea5caaa7be30a896849f9a11cb503743ef1b546173630929672608fd82bc65b74033802bdb71a2

data/README.md

@@ -10,6 +10,7 @@ Right Now ciinabox supports deploying:
  * [bitbucket](https://www.atlassian.com/software/bitbucket)
  * [hawtio](http://hawt.io/)
  * [nexus](http://www.sonatype.org/nexus/)
+ * [artifactory](https://jfrog.com/open-source/)
  * plus custom tasks and stacks
 
 ## Setup
@@ -56,7 +57,7 @@ If setting your own parameters and additional services, they should be configure
 ciinaboxes/ciinabox_name/config/params.yml
 
 e.g:
-```ruby
+```yaml
 log_level: ':debug'
 timezone: 'Australia/Melbourne'
 ```
@@ -66,75 +67,22 @@ If you wish to add additional containers to your ciinabox environment, you can s
 ciinaboxes/ciinabox_name/config/services.yml
 
 e.g:
+    
 ```yaml
----
-services:
-  - jenkins:
-  - bitbucket:
-      LoadBalancerPort: 22
-      InstancePort: 7999
-      Protocol: TCP
-  - hawtio:
-  - nexus:
+    services:
+      - jenkins:
+      - bitbucket:
+          LoadBalancerPort: 22
+          InstancePort: 7999
+          Protocol: TCP
+      - hawtio:
+      - nexus:
+      - artifactory:
+      - drone:
 ```
-
+    
 Please note that if you wish to do this, that you also need to create a CFNDSL template for the service under templates/services, with the name of the service as the filename (e.g. bitbucket.rb)
 
-Note the drone service requires a minimum yaml configuration of below
-```yml
-services:
-  - drone:
-      params:
-        -
-          VPC:
-            Ref: VPC
-        -
-          SubnetPublicA:
-            Ref: SubnetPublicA
-        -
-          SubnetPublicB:
-            Ref: SubnetPublicB
-        -
-          ECSSubnetPrivateA:
-            Ref: ECSSubnetPrivateA
-        -
-          ECSSubnetPrivateB:
-            Ref: ECSSubnetPrivateB
-        -
-          SecurityGroupBackplane:
-            Ref: SecurityGroupBackplane
-        -
-          SecurityGroupOps:
-            Ref: SecurityGroupOps
-        -
-          SecurityGroupDev:
-            Ref: SecurityGroupDev
-        -
-          SecurityGroupNatGateway:
-            Ref: SecurityGroupNatGateway
-        -
-          SecurityGroupWebHooks:
-            Ref: SecurityGroupWebHooks
-        -
-          ECSENIPrivateIpAddress:
-            Ref: ECSENIPrivateIpAddress
-      tasks:
-        drone-server:
-          env:
-            DRONE_OPEN: true
-```
-to further configure drone ci refer to the drone ci's environment variable in the documentation http://docs.drone.io/installation/, you can add/override drone's environment variable to their corresponding yaml section (`drone-server` and `drone-agent`), example
-```yml
-      tasks:
-        drone-server:
-          env:
-            DRONE_OPEN: true
-            DRONE_SECRET: base2services # if this value is not specified, a secure random hex will be used
-        drone-agent:
-          env:
-            DRONE_SECRET: base2services # if this value is not specified, a secure random hex will be used
-```
-
 ## Getting Started
 
 To get started install `ciinabox-ecs` ruby gem
@@ -143,6 +91,11 @@ To get started install `ciinabox-ecs` ruby gem
 $ gem install ciinabox-ecs
 ```
 
+During the setup process, you'll need to provide domain for the tools (e.g. `*.tools.example.com`) that has 
+matching Route53 zone in same AWS account where you are creating ciinabox. Optionally you can use local hosts file
+hack in order to get routing working, but in this case usage of ACM certificates is not an option, and you'll need
+to use selfsigned IAM server certificates. 
+
 ### Quick setup
 
 You can be guided through full installation of ciinabox by running `full_install` action. Interactive
@@ -456,3 +409,85 @@ configuration key to ARN of the freshly issued ACM certificate. You can do that
 $ ciinabox-ecs update_cert_to_acm [ciinabox_name]
 Set arn:aws:acm:ap-southeast-2:123456789012:certificate/2f2f3f9f-aaaa-bbbb-cccc-11dac04e7fb9 as default_cert_arn
 ```
+
+## Enabling specific services
+
+### Artifactory
+
+Just add artifactory in your `ciinabox_name/config/services.yml`
+Artifactory service is routed through nginx reverse proxy, so it's not
+added to ELB by default (InstancePort=0)
+
+```yaml
+services:
+ - artifactory:
+```
+
+Defaults for artifactory are stated below, so if need be they can be overridden
+
+```yaml
+services:
+  - artifactory:
+      ContainerImage: base2/ciinabox-artifactory:5.9.3
+      ContainerMemory: 768
+      ContainerCPU: 0
+      InstancePort: 0
+```
+
+### Drone
+
+
+Note the drone service requires a minimum yaml configuration of below
+```yml
+services:
+  - drone:
+      params:
+        -
+          VPC:
+            Ref: VPC
+        -
+          SubnetPublicA:
+            Ref: SubnetPublicA
+        -
+          SubnetPublicB:
+            Ref: SubnetPublicB
+        -
+          ECSSubnetPrivateA:
+            Ref: ECSSubnetPrivateA
+        -
+          ECSSubnetPrivateB:
+            Ref: ECSSubnetPrivateB
+        -
+          SecurityGroupBackplane:
+            Ref: SecurityGroupBackplane
+        -
+          SecurityGroupOps:
+            Ref: SecurityGroupOps
+        -
+          SecurityGroupDev:
+            Ref: SecurityGroupDev
+        -
+          SecurityGroupNatGateway:
+            Ref: SecurityGroupNatGateway
+        -
+          SecurityGroupWebHooks:
+            Ref: SecurityGroupWebHooks
+        -
+          ECSENIPrivateIpAddress:
+            Ref: ECSENIPrivateIpAddress
+      tasks:
+        drone-server:
+          env:
+            DRONE_OPEN: true
+```
+to further configure drone ci refer to the drone ci's environment variable in the documentation http://docs.drone.io/installation/, you can add/override drone's environment variable to their corresponding yaml section (`drone-server` and `drone-agent`), example
+```yml
+      tasks:
+        drone-server:
+          env:
+            DRONE_OPEN: true
+            DRONE_SECRET: base2services # if this value is not specified, a secure random hex will be used
+        drone-agent:
+          env:
+            DRONE_SECRET: base2services # if this value is not specified, a secure random hex will be used
+```

data/Rakefile

@@ -78,13 +78,13 @@ namespace :ciinabox do
     tmp_file = write_config_tmp_file(config)
 
     CfnDsl::RakeTask.new do |t|
-      extras = [[:yaml, "#{current_dir}/config/default_params.yml"]]
+      extras = [[:yaml,"#{current_dir}/config/default_params.yml"]]
       extras << [:yaml, "#{current_dir}/config/default_lambdas.yml"]
       if File.exist? "#{ciinaboxes_dir}/ciinabox_config.yml"
         extras << [:yaml, "#{ciinaboxes_dir}/ciinabox_config.yml"]
       end
-      (Dir["#{ciinaboxes_dir}/#{ciinabox_name}/config/*.yml"].map { |f| [:yaml, f] }).each { |c| extras<<c }
-      extras << [:ruby, "#{current_dir}/ext/helper.rb"]
+      (Dir["#{ciinaboxes_dir}/#{ciinabox_name}/config/*.yml"].map { |f| [:yaml,f]}).each {|c| extras<<c}
+      extras << [:ruby,"#{current_dir}/ext/helper.rb"]
       extras << [:yaml, tmp_file.path]
       t.cfndsl_opts = {
           verbose: true,

data/lambdas/acm_issuer_validator/install.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+rm -rf lib/*
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+rm -rf $DIR/lib/*
+
+docker run --rm -v $DIR:/dst -w /dst -u 1000 python:3-alpine pip install aws-acm-cert-validator==0.1.11 -t lib

data/templates/services/artifactory.rb

@@ -0,0 +1,119 @@
+require 'cfndsl'
+require_relative '../../ext/helper'
+
+if !defined? timezone
+  timezone = 'GMT'
+end
+
+image = 'base2/ciinabox-artifactory:5.9.3'
+java_opts = ''
+memory = 768
+cpu = 0
+container_port = 0
+service = lookup_service('artifactory', services)
+if service
+  service = {} if service.nil?
+  java_opts = service['JAVA_OPTS'] || ''
+  image = service['ContainerImage'] || image
+  memory = service['ContainerMemory'] || memory
+  cpu = service['ContainerCPU'] || cpu
+  container_port = service['InstancePort'] || 0
+end
+
+CloudFormation {
+
+  AWSTemplateFormatVersion "2010-09-09"
+  Description "ciinabox - ECS Service Artifactory v#{ciinabox_version}"
+
+  Parameter("ECSCluster"){ Type 'String' }
+  Parameter("ECSRole"){ Type 'String' }
+  Parameter("ServiceELB"){ Type 'String' }
+
+  Resource('ArtifactoryTask') {
+    Type "AWS::ECS::TaskDefinition"
+    Property('ContainerDefinitions', [
+      {
+        Name: 'artifactory',
+        Memory: memory,
+        Cpu: cpu,
+        Image: image,
+        Environment: [
+          {
+            Name: 'JAVA_OPTS',
+            Value: "#{java_opts} -Duser.timezone=#{timezone} -server -Djava.net.preferIPv4Stack=true"
+          },
+          {
+            Name: 'VIRTUAL_HOST',
+            Value: "artifactory.#{dns_domain}"
+          },
+          {
+            Name: 'VIRTUAL_PORT',
+            Value: '8081'
+          }
+        ],
+        Essential: true,
+        MountPoints: [
+          {
+            ContainerPath: '/etc/localtime',
+            SourceVolume: 'timezone',
+            ReadOnly: true
+          },
+          {
+            ContainerPath: '/var/opt/jfrog/artifactory/data',
+            SourceVolume: 'artifactory_data',
+            ReadOnly: false
+          },
+            {
+                ContainerPath: '/var/opt/jfrog/artifactory/etc',
+                SourceVolume: 'artifactory_etc',
+                ReadOnly: false
+            },
+            {
+                ContainerPath: '/var/opt/jfrog/artifactory/logs',
+                SourceVolume: 'artifactory_logs',
+                ReadOnly: false
+            }
+        ]
+      }
+    ])
+    Property('Volumes', [
+      {
+        Name: 'timezone',
+        Host: {
+          SourcePath: '/etc/localtime'
+        }
+      },
+      {
+        Name: 'artifactory_data',
+        Host: {
+          SourcePath: '/data/artifactory/data'
+        }
+      },
+      {
+          Name: 'artifactory_etc',
+          Host: {
+              SourcePath: '/data/artifactory/etc'
+          }
+      },
+      {
+          Name: 'artifactory_logs',
+          Host: {
+              SourcePath: '/data/artifactory/logs'
+          }
+      }
+    ])
+  }
+
+  Resource('ArtifactoryService') {
+    Type 'AWS::ECS::Service'
+    Property('Cluster', Ref('ECSCluster'))
+    Property('DesiredCount', 1)
+    Property('TaskDefinition', Ref('ArtifactoryTask'))
+    Property('Role', Ref('ECSRole')) unless container_port == 0
+    Property('LoadBalancers', [
+      { ContainerName: 'artifactory', ContainerPort: container_port, LoadBalancerName: Ref('ServiceELB') }
+    ]) unless container_port == 0
+
+  }
+
+}

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ciinabox-ecs
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - Base2Services
@@ -104,12 +104,14 @@ files:
 - ext/helper.rb
 - ext/policies.rb
 - ext/zip_helper.rb
+- lambdas/acm_issuer_validator/install.sh
 - lambdas/acm_issuer_validator/lib/install.sh
 - templates/bastion.rb
 - templates/ciinabox.rb
 - templates/ecs-cluster.rb
 - templates/ecs-services.rb
 - templates/lambdas.rb
+- templates/services/artifactory.rb
 - templates/services/bitbucket.rb
 - templates/services/drone.rb
 - templates/services/hawtio.rb