ciinabox-ecs 0.2.1 → 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +101 -66
- data/Rakefile +3 -3
- data/lambdas/acm_issuer_validator/install.sh +8 -0
- data/templates/services/artifactory.rb +119 -0
- metadata +3 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 602691115c440d23c67e6765a0860a35f6bb0824
|
4
|
+
data.tar.gz: 4bdf78250830dc865e5185bfbde985377a5a8d95
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6cece34d071f2f6798545ad7410926bbadf19b390f3833e46b6dc0452fa55ff8e9af44b2a96e6be0412584239caea2cc8ce8f34ab72ef7aa23b0b29daf2e4608
|
7
|
+
data.tar.gz: b883427bce1dc6cc2165f44fa22c5845e12b5150106a15454bea5caaa7be30a896849f9a11cb503743ef1b546173630929672608fd82bc65b74033802bdb71a2
|
data/README.md
CHANGED
@@ -10,6 +10,7 @@ Right Now ciinabox supports deploying:
|
|
10
10
|
* [bitbucket](https://www.atlassian.com/software/bitbucket)
|
11
11
|
* [hawtio](http://hawt.io/)
|
12
12
|
* [nexus](http://www.sonatype.org/nexus/)
|
13
|
+
* [artifactory](https://jfrog.com/open-source/)
|
13
14
|
* plus custom tasks and stacks
|
14
15
|
|
15
16
|
## Setup
|
@@ -56,7 +57,7 @@ If setting your own parameters and additional services, they should be configure
|
|
56
57
|
ciinaboxes/ciinabox_name/config/params.yml
|
57
58
|
|
58
59
|
e.g:
|
59
|
-
```
|
60
|
+
```yaml
|
60
61
|
log_level: ':debug'
|
61
62
|
timezone: 'Australia/Melbourne'
|
62
63
|
```
|
@@ -66,75 +67,22 @@ If you wish to add additional containers to your ciinabox environment, you can s
|
|
66
67
|
ciinaboxes/ciinabox_name/config/services.yml
|
67
68
|
|
68
69
|
e.g:
|
70
|
+
|
69
71
|
```yaml
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
72
|
+
services:
|
73
|
+
- jenkins:
|
74
|
+
- bitbucket:
|
75
|
+
LoadBalancerPort: 22
|
76
|
+
InstancePort: 7999
|
77
|
+
Protocol: TCP
|
78
|
+
- hawtio:
|
79
|
+
- nexus:
|
80
|
+
- artifactory:
|
81
|
+
- drone:
|
79
82
|
```
|
80
|
-
|
83
|
+
|
81
84
|
Please note that if you wish to do this, that you also need to create a CFNDSL template for the service under templates/services, with the name of the service as the filename (e.g. bitbucket.rb)
|
82
85
|
|
83
|
-
Note the drone service requires a minimum yaml configuration of below
|
84
|
-
```yml
|
85
|
-
services:
|
86
|
-
- drone:
|
87
|
-
params:
|
88
|
-
-
|
89
|
-
VPC:
|
90
|
-
Ref: VPC
|
91
|
-
-
|
92
|
-
SubnetPublicA:
|
93
|
-
Ref: SubnetPublicA
|
94
|
-
-
|
95
|
-
SubnetPublicB:
|
96
|
-
Ref: SubnetPublicB
|
97
|
-
-
|
98
|
-
ECSSubnetPrivateA:
|
99
|
-
Ref: ECSSubnetPrivateA
|
100
|
-
-
|
101
|
-
ECSSubnetPrivateB:
|
102
|
-
Ref: ECSSubnetPrivateB
|
103
|
-
-
|
104
|
-
SecurityGroupBackplane:
|
105
|
-
Ref: SecurityGroupBackplane
|
106
|
-
-
|
107
|
-
SecurityGroupOps:
|
108
|
-
Ref: SecurityGroupOps
|
109
|
-
-
|
110
|
-
SecurityGroupDev:
|
111
|
-
Ref: SecurityGroupDev
|
112
|
-
-
|
113
|
-
SecurityGroupNatGateway:
|
114
|
-
Ref: SecurityGroupNatGateway
|
115
|
-
-
|
116
|
-
SecurityGroupWebHooks:
|
117
|
-
Ref: SecurityGroupWebHooks
|
118
|
-
-
|
119
|
-
ECSENIPrivateIpAddress:
|
120
|
-
Ref: ECSENIPrivateIpAddress
|
121
|
-
tasks:
|
122
|
-
drone-server:
|
123
|
-
env:
|
124
|
-
DRONE_OPEN: true
|
125
|
-
```
|
126
|
-
to further configure drone ci refer to the drone ci's environment variable in the documentation http://docs.drone.io/installation/, you can add/override drone's environment variable to their corresponding yaml section (`drone-server` and `drone-agent`), example
|
127
|
-
```yml
|
128
|
-
tasks:
|
129
|
-
drone-server:
|
130
|
-
env:
|
131
|
-
DRONE_OPEN: true
|
132
|
-
DRONE_SECRET: base2services # if this value is not specified, a secure random hex will be used
|
133
|
-
drone-agent:
|
134
|
-
env:
|
135
|
-
DRONE_SECRET: base2services # if this value is not specified, a secure random hex will be used
|
136
|
-
```
|
137
|
-
|
138
86
|
## Getting Started
|
139
87
|
|
140
88
|
To get started install `ciinabox-ecs` ruby gem
|
@@ -143,6 +91,11 @@ To get started install `ciinabox-ecs` ruby gem
|
|
143
91
|
$ gem install ciinabox-ecs
|
144
92
|
```
|
145
93
|
|
94
|
+
During the setup process, you'll need to provide domain for the tools (e.g. `*.tools.example.com`) that has
|
95
|
+
matching Route53 zone in same AWS account where you are creating ciinabox. Optionally you can use local hosts file
|
96
|
+
hack in order to get routing working, but in this case usage of ACM certificates is not an option, and you'll need
|
97
|
+
to use selfsigned IAM server certificates.
|
98
|
+
|
146
99
|
### Quick setup
|
147
100
|
|
148
101
|
You can be guided through full installation of ciinabox by running `full_install` action. Interactive
|
@@ -456,3 +409,85 @@ configuration key to ARN of the freshly issued ACM certificate. You can do that
|
|
456
409
|
$ ciinabox-ecs update_cert_to_acm [ciinabox_name]
|
457
410
|
Set arn:aws:acm:ap-southeast-2:123456789012:certificate/2f2f3f9f-aaaa-bbbb-cccc-11dac04e7fb9 as default_cert_arn
|
458
411
|
```
|
412
|
+
|
413
|
+
## Enabling specific services
|
414
|
+
|
415
|
+
### Artifactory
|
416
|
+
|
417
|
+
Just add artifactory in your `ciinabox_name/config/services.yml`
|
418
|
+
Artifactory service is routed through nginx reverse proxy, so it's not
|
419
|
+
added to ELB by default (InstancePort=0)
|
420
|
+
|
421
|
+
```yaml
|
422
|
+
services:
|
423
|
+
- artifactory:
|
424
|
+
```
|
425
|
+
|
426
|
+
Defaults for artifactory are stated below, so if need be they can be overridden
|
427
|
+
|
428
|
+
```yaml
|
429
|
+
services:
|
430
|
+
- artifactory:
|
431
|
+
ContainerImage: base2/ciinabox-artifactory:5.9.3
|
432
|
+
ContainerMemory: 768
|
433
|
+
ContainerCPU: 0
|
434
|
+
InstancePort: 0
|
435
|
+
```
|
436
|
+
|
437
|
+
### Drone
|
438
|
+
|
439
|
+
|
440
|
+
Note the drone service requires a minimum yaml configuration of below
|
441
|
+
```yml
|
442
|
+
services:
|
443
|
+
- drone:
|
444
|
+
params:
|
445
|
+
-
|
446
|
+
VPC:
|
447
|
+
Ref: VPC
|
448
|
+
-
|
449
|
+
SubnetPublicA:
|
450
|
+
Ref: SubnetPublicA
|
451
|
+
-
|
452
|
+
SubnetPublicB:
|
453
|
+
Ref: SubnetPublicB
|
454
|
+
-
|
455
|
+
ECSSubnetPrivateA:
|
456
|
+
Ref: ECSSubnetPrivateA
|
457
|
+
-
|
458
|
+
ECSSubnetPrivateB:
|
459
|
+
Ref: ECSSubnetPrivateB
|
460
|
+
-
|
461
|
+
SecurityGroupBackplane:
|
462
|
+
Ref: SecurityGroupBackplane
|
463
|
+
-
|
464
|
+
SecurityGroupOps:
|
465
|
+
Ref: SecurityGroupOps
|
466
|
+
-
|
467
|
+
SecurityGroupDev:
|
468
|
+
Ref: SecurityGroupDev
|
469
|
+
-
|
470
|
+
SecurityGroupNatGateway:
|
471
|
+
Ref: SecurityGroupNatGateway
|
472
|
+
-
|
473
|
+
SecurityGroupWebHooks:
|
474
|
+
Ref: SecurityGroupWebHooks
|
475
|
+
-
|
476
|
+
ECSENIPrivateIpAddress:
|
477
|
+
Ref: ECSENIPrivateIpAddress
|
478
|
+
tasks:
|
479
|
+
drone-server:
|
480
|
+
env:
|
481
|
+
DRONE_OPEN: true
|
482
|
+
```
|
483
|
+
to further configure drone ci refer to the drone ci's environment variable in the documentation http://docs.drone.io/installation/, you can add/override drone's environment variable to their corresponding yaml section (`drone-server` and `drone-agent`), example
|
484
|
+
```yml
|
485
|
+
tasks:
|
486
|
+
drone-server:
|
487
|
+
env:
|
488
|
+
DRONE_OPEN: true
|
489
|
+
DRONE_SECRET: base2services # if this value is not specified, a secure random hex will be used
|
490
|
+
drone-agent:
|
491
|
+
env:
|
492
|
+
DRONE_SECRET: base2services # if this value is not specified, a secure random hex will be used
|
493
|
+
```
|
data/Rakefile
CHANGED
@@ -78,13 +78,13 @@ namespace :ciinabox do
|
|
78
78
|
tmp_file = write_config_tmp_file(config)
|
79
79
|
|
80
80
|
CfnDsl::RakeTask.new do |t|
|
81
|
-
extras = [[:yaml,
|
81
|
+
extras = [[:yaml,"#{current_dir}/config/default_params.yml"]]
|
82
82
|
extras << [:yaml, "#{current_dir}/config/default_lambdas.yml"]
|
83
83
|
if File.exist? "#{ciinaboxes_dir}/ciinabox_config.yml"
|
84
84
|
extras << [:yaml, "#{ciinaboxes_dir}/ciinabox_config.yml"]
|
85
85
|
end
|
86
|
-
(Dir["#{ciinaboxes_dir}/#{ciinabox_name}/config/*.yml"].map { |f| [:yaml,
|
87
|
-
extras << [:ruby,
|
86
|
+
(Dir["#{ciinaboxes_dir}/#{ciinabox_name}/config/*.yml"].map { |f| [:yaml,f]}).each {|c| extras<<c}
|
87
|
+
extras << [:ruby,"#{current_dir}/ext/helper.rb"]
|
88
88
|
extras << [:yaml, tmp_file.path]
|
89
89
|
t.cfndsl_opts = {
|
90
90
|
verbose: true,
|
@@ -0,0 +1,119 @@
|
|
1
|
+
require 'cfndsl'
|
2
|
+
require_relative '../../ext/helper'
|
3
|
+
|
4
|
+
if !defined? timezone
|
5
|
+
timezone = 'GMT'
|
6
|
+
end
|
7
|
+
|
8
|
+
image = 'base2/ciinabox-artifactory:5.9.3'
|
9
|
+
java_opts = ''
|
10
|
+
memory = 768
|
11
|
+
cpu = 0
|
12
|
+
container_port = 0
|
13
|
+
service = lookup_service('artifactory', services)
|
14
|
+
if service
|
15
|
+
service = {} if service.nil?
|
16
|
+
java_opts = service['JAVA_OPTS'] || ''
|
17
|
+
image = service['ContainerImage'] || image
|
18
|
+
memory = service['ContainerMemory'] || memory
|
19
|
+
cpu = service['ContainerCPU'] || cpu
|
20
|
+
container_port = service['InstancePort'] || 0
|
21
|
+
end
|
22
|
+
|
23
|
+
CloudFormation {
|
24
|
+
|
25
|
+
AWSTemplateFormatVersion "2010-09-09"
|
26
|
+
Description "ciinabox - ECS Service Artifactory v#{ciinabox_version}"
|
27
|
+
|
28
|
+
Parameter("ECSCluster"){ Type 'String' }
|
29
|
+
Parameter("ECSRole"){ Type 'String' }
|
30
|
+
Parameter("ServiceELB"){ Type 'String' }
|
31
|
+
|
32
|
+
Resource('ArtifactoryTask') {
|
33
|
+
Type "AWS::ECS::TaskDefinition"
|
34
|
+
Property('ContainerDefinitions', [
|
35
|
+
{
|
36
|
+
Name: 'artifactory',
|
37
|
+
Memory: memory,
|
38
|
+
Cpu: cpu,
|
39
|
+
Image: image,
|
40
|
+
Environment: [
|
41
|
+
{
|
42
|
+
Name: 'JAVA_OPTS',
|
43
|
+
Value: "#{java_opts} -Duser.timezone=#{timezone} -server -Djava.net.preferIPv4Stack=true"
|
44
|
+
},
|
45
|
+
{
|
46
|
+
Name: 'VIRTUAL_HOST',
|
47
|
+
Value: "artifactory.#{dns_domain}"
|
48
|
+
},
|
49
|
+
{
|
50
|
+
Name: 'VIRTUAL_PORT',
|
51
|
+
Value: '8081'
|
52
|
+
}
|
53
|
+
],
|
54
|
+
Essential: true,
|
55
|
+
MountPoints: [
|
56
|
+
{
|
57
|
+
ContainerPath: '/etc/localtime',
|
58
|
+
SourceVolume: 'timezone',
|
59
|
+
ReadOnly: true
|
60
|
+
},
|
61
|
+
{
|
62
|
+
ContainerPath: '/var/opt/jfrog/artifactory/data',
|
63
|
+
SourceVolume: 'artifactory_data',
|
64
|
+
ReadOnly: false
|
65
|
+
},
|
66
|
+
{
|
67
|
+
ContainerPath: '/var/opt/jfrog/artifactory/etc',
|
68
|
+
SourceVolume: 'artifactory_etc',
|
69
|
+
ReadOnly: false
|
70
|
+
},
|
71
|
+
{
|
72
|
+
ContainerPath: '/var/opt/jfrog/artifactory/logs',
|
73
|
+
SourceVolume: 'artifactory_logs',
|
74
|
+
ReadOnly: false
|
75
|
+
}
|
76
|
+
]
|
77
|
+
}
|
78
|
+
])
|
79
|
+
Property('Volumes', [
|
80
|
+
{
|
81
|
+
Name: 'timezone',
|
82
|
+
Host: {
|
83
|
+
SourcePath: '/etc/localtime'
|
84
|
+
}
|
85
|
+
},
|
86
|
+
{
|
87
|
+
Name: 'artifactory_data',
|
88
|
+
Host: {
|
89
|
+
SourcePath: '/data/artifactory/data'
|
90
|
+
}
|
91
|
+
},
|
92
|
+
{
|
93
|
+
Name: 'artifactory_etc',
|
94
|
+
Host: {
|
95
|
+
SourcePath: '/data/artifactory/etc'
|
96
|
+
}
|
97
|
+
},
|
98
|
+
{
|
99
|
+
Name: 'artifactory_logs',
|
100
|
+
Host: {
|
101
|
+
SourcePath: '/data/artifactory/logs'
|
102
|
+
}
|
103
|
+
}
|
104
|
+
])
|
105
|
+
}
|
106
|
+
|
107
|
+
Resource('ArtifactoryService') {
|
108
|
+
Type 'AWS::ECS::Service'
|
109
|
+
Property('Cluster', Ref('ECSCluster'))
|
110
|
+
Property('DesiredCount', 1)
|
111
|
+
Property('TaskDefinition', Ref('ArtifactoryTask'))
|
112
|
+
Property('Role', Ref('ECSRole')) unless container_port == 0
|
113
|
+
Property('LoadBalancers', [
|
114
|
+
{ ContainerName: 'artifactory', ContainerPort: container_port, LoadBalancerName: Ref('ServiceELB') }
|
115
|
+
]) unless container_port == 0
|
116
|
+
|
117
|
+
}
|
118
|
+
|
119
|
+
}
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ciinabox-ecs
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Base2Services
|
@@ -104,12 +104,14 @@ files:
|
|
104
104
|
- ext/helper.rb
|
105
105
|
- ext/policies.rb
|
106
106
|
- ext/zip_helper.rb
|
107
|
+
- lambdas/acm_issuer_validator/install.sh
|
107
108
|
- lambdas/acm_issuer_validator/lib/install.sh
|
108
109
|
- templates/bastion.rb
|
109
110
|
- templates/ciinabox.rb
|
110
111
|
- templates/ecs-cluster.rb
|
111
112
|
- templates/ecs-services.rb
|
112
113
|
- templates/lambdas.rb
|
114
|
+
- templates/services/artifactory.rb
|
113
115
|
- templates/services/bitbucket.rb
|
114
116
|
- templates/services/drone.rb
|
115
117
|
- templates/services/hawtio.rb
|