kite 0.0.2 → 0.0.3

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,96 @@
1
+ #!/bin/bash
2
+ #
3
+ # Please set the following environment variables:
4
+ # $DB_PASSWORD
5
+ # $CONCOURSE_URL
6
+ # $CONCOURSE_AUTH_USERNAME
7
+ # $CONCOURSE_AUTH_PASSWORD
8
+
9
+ DIRECTOR_UUID=`bosh status --uuid`
10
+
11
+ echo "director_uuid = $DIRECTOR_UUID"
12
+ echo "concourse url = $CONCOURSE_URL"
13
+
14
+ cat >concourse.yml <<YAML
15
+ ---
16
+ name: concourse
17
+
18
+ director_uuid: $DIRECTOR_UUID
19
+
20
+ releases:
21
+ - name: concourse
22
+ version: latest
23
+ - name: garden-runc
24
+ version: latest
25
+
26
+ stemcells:
27
+ - alias: trusty
28
+ os: ubuntu-trusty
29
+ version: latest
30
+
31
+ instance_groups:
32
+ - name: web
33
+ instances: 1
34
+ vm_type: concourse_web
35
+ stemcell: trusty
36
+ azs: [z1]
37
+ networks: [{name: ops_services}]
38
+ jobs:
39
+ - name: atc
40
+ release: concourse
41
+ properties:
42
+ # replace with your CI's externally reachable URL e.g https://blah
43
+ external_url: $CONCOURSE_URL
44
+
45
+ basic_auth_username: $CONCOURSE_AUTH_USERNAME
46
+ basic_auth_password: $CONCOURSE_AUTH_PASSWORD
47
+
48
+ postgresql_database: &atc_db atc
49
+ - name: tsa
50
+ release: concourse
51
+ properties: {}
52
+
53
+ - name: db
54
+ instances: 1
55
+ vm_type: concourse_db
56
+ stemcell: trusty
57
+ persistent_disk_type: default
58
+ azs: [z1]
59
+ networks: [{name: ops_services}]
60
+ jobs:
61
+ - name: postgresql
62
+ release: concourse
63
+ properties:
64
+ databases:
65
+ - name: *atc_db
66
+ # make up a role and password
67
+ role: dbrole
68
+ password: $DB_PASSWORD
69
+
70
+ - name: worker
71
+ instances: 1
72
+ vm_type: concourse_worker
73
+ stemcell: trusty
74
+ azs: [z1]
75
+ networks: [{name: ops_services}]
76
+ jobs:
77
+ - name: groundcrew
78
+ release: concourse
79
+ properties: {}
80
+ - name: baggageclaim
81
+ release: concourse
82
+ properties: {}
83
+ - name: garden
84
+ release: garden-runc
85
+ properties:
86
+ garden:
87
+ listen_network: tcp
88
+ listen_address: 0.0.0.0:7777
89
+
90
+ update:
91
+ canaries: 1
92
+ max_in_flight: 1
93
+ serial: false
94
+ canary_watch_time: 1000-60000
95
+ update_watch_time: 1000-60000
96
+ YAML
@@ -0,0 +1,24 @@
1
+ #!/usr/bin/env bash
2
+
3
+ source ./.env
4
+
5
+ pushd terraform && terraform apply && popd
6
+
7
+ bash ./bin/make_manifest_bosh-init.sh
8
+ bosh-init deploy bosh-director.yml
9
+
10
+ read -p "Enter bosh director ip: " bosh_director_ip
11
+ pushd terraform && BOSH_DIRECTOR_IP=$(terraform output eip) && popd
12
+ bosh target $BOSH_DIRECTOR_IP
13
+
14
+ bash ./bin/make_cloud_config.sh
15
+ bosh update cloud-config aws-cloud.yml
16
+
17
+ bosh upload stemcell https://bosh.io/d/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent
18
+ bosh upload release https://bosh.io/d/github.com/concourse/concourse
19
+ bosh upload release https://bosh.io/d/github.com/cloudfoundry-incubator/garden-runc-release
20
+
21
+ bash ./bin/make_manifest_concourse-cluster.sh
22
+ bosh deployment concourse.yml
23
+
24
+ bosh deploy
@@ -0,0 +1,12 @@
1
+ export AWS_ACCESS_KEY_ID=<%= @values['aws']['access_key_id'] %>
2
+ export AWS_SECRET_ACCESS_KEY=<%= @values['aws']['secret_access_key'] %>
3
+ export AWS_REGION=<%= @values['aws']['region'] %>
4
+ export AWS_AZ=<%= @values['aws']['az'] %>
5
+ export BOSH_PASSWORD=<%= @values['aws']['bosh_password'] %>
6
+ export AWS_KEYPAIR_KEY_NAME=<%= @values['aws']['keypair_name'] %>
7
+ export PRIVATE_KEY_PATH=<%= @values['aws']['private_key_path'] %>
8
+
9
+ export DB_PASSWORD=<%= @values['aws']['db_password'] %>
10
+ export CONCOURSE_URL=<%= @values['aws']['concourse_url'] %>
11
+ export CONCOURSE_AUTH_USERNAME=<%= @values['aws']['concourse_auth_username'] %>
12
+ export CONCOURSE_AUTH_PASSWORD=<%= @values['aws']['concourse_auth_password'] %>
@@ -0,0 +1,127 @@
1
+ # Create a Concourse security group
2
+ resource "aws_security_group" "concourse-sg" {
3
+ name = "concourse-sg"
4
+ description = "Concourse security group"
5
+ vpc_id = "${aws_vpc.default.id}"
6
+ tags {
7
+ Name = "concourse-sg"
8
+ component = "concourse"
9
+ }
10
+
11
+ # outbound internet access
12
+ egress {
13
+ from_port = 0
14
+ to_port = 0
15
+ protocol = "-1"
16
+ cidr_blocks = ["0.0.0.0/0"]
17
+ }
18
+
19
+ # inbound connections from ELB
20
+ ingress {
21
+ from_port = 8080
22
+ to_port = 8080
23
+ protocol = "tcp"
24
+ security_groups = ["${aws_security_group.elb-sg.id}"]
25
+ }
26
+
27
+ ingress {
28
+ from_port = 8080
29
+ to_port = 8080
30
+ protocol = "tcp"
31
+ cidr_blocks = [
32
+ "0.0.0.0/0"]
33
+ }
34
+
35
+ ingress {
36
+ from_port = 2222
37
+ to_port = 2222
38
+ protocol = "tcp"
39
+ security_groups = ["${aws_security_group.elb-sg.id}"]
40
+ }
41
+ }
42
+
43
+ # Create an ELB security group
44
+ resource "aws_security_group" "elb-sg" {
45
+ name = "elb-sg"
46
+ description = "ELB security group"
47
+ vpc_id = "${aws_vpc.default.id}"
48
+ tags {
49
+ Name = "elb-sg"
50
+ component = "concourse"
51
+ }
52
+
53
+ # outbound internet access
54
+ egress {
55
+ from_port = 0
56
+ to_port = 0
57
+ protocol = "-1"
58
+ cidr_blocks = ["0.0.0.0/0"]
59
+ }
60
+
61
+ # inbound http
62
+ ingress {
63
+ from_port = 80
64
+ to_port = 80
65
+ protocol = "tcp"
66
+ cidr_blocks = ["0.0.0.0/0"]
67
+ }
68
+
69
+ # inbound https
70
+ ingress {
71
+ from_port = 443
72
+ to_port = 443
73
+ protocol = "tcp"
74
+ cidr_blocks = ["0.0.0.0/0"]
75
+ }
76
+
77
+ # inbound https
78
+ ingress {
79
+ from_port = 2222
80
+ to_port = 2222
81
+ protocol = "tcp"
82
+ cidr_blocks = ["0.0.0.0/0"]
83
+ }
84
+
85
+ }
86
+
87
+ # Create a new load balancer
88
+ resource "aws_elb" "concourse" {
89
+ name = "concourse-elb"
90
+ subnets = ["${aws_subnet.ops_services.id}"]
91
+ security_groups = ["${aws_security_group.elb-sg.id}"]
92
+
93
+ listener {
94
+ instance_port = 8080
95
+ instance_protocol = "http"
96
+ lb_port = 80
97
+ lb_protocol = "http"
98
+ }
99
+
100
+ listener {
101
+ instance_port = 8080
102
+ instance_protocol = "http"
103
+ lb_port = 80
104
+ lb_protocol = "http"
105
+ // ssl_certificate_id = "${var.ssl_cert_arn}"
106
+ }
107
+
108
+ listener {
109
+ instance_port = 2222
110
+ instance_protocol = "tcp"
111
+ lb_port = 2222
112
+ lb_protocol = "tcp"
113
+ }
114
+
115
+ tags {
116
+ component = "concourse"
117
+ }
118
+ }
119
+
120
+ # Create a CNAME record
121
+ resource "aws_route53_record" "concourse" {
122
+ zone_id = "${var.ci_dns_zone_id}"
123
+ name = "${var.ci_hostname}"
124
+ type = "CNAME"
125
+ ttl = "300"
126
+ records = ["${aws_elb.concourse.dns_name}"]
127
+ }
@@ -0,0 +1,26 @@
1
+ # Create a Vault security group
2
+ resource "aws_security_group" "vault-sg" {
3
+ name = "vault-sg"
4
+ description = "Vault security group"
5
+ vpc_id = "${aws_vpc.default.id}"
6
+ tags {
7
+ Name = "vault-sg"
8
+ component = "vault"
9
+ }
10
+
11
+ # outbound internet access
12
+ egress {
13
+ from_port = 0
14
+ to_port = 0
15
+ protocol = "-1"
16
+ cidr_blocks = ["0.0.0.0/0"]
17
+ }
18
+
19
+ # inbound http
20
+ ingress {
21
+ from_port = 8200
22
+ to_port = 8200
23
+ protocol = "tcp"
24
+ cidr_blocks = ["0.0.0.0/0"]
25
+ }
26
+ }
@@ -0,0 +1,118 @@
1
+ # Specify the provider and access details
2
+ provider "aws" {
3
+ region = "${var.aws_region}"
4
+ }
5
+
6
+ # Create a VPC to launch our instances into
7
+ resource "aws_vpc" "default" {
8
+ cidr_block = "10.0.0.0/16"
9
+
10
+ tags {
11
+ Name = "bosh-default"
12
+ component = "bosh-director"
13
+ }
14
+ }
15
+
16
+ # Create an internet gateway to give our subnet access to the outside world
17
+ resource "aws_internet_gateway" "default" {
18
+ vpc_id = "${aws_vpc.default.id}"
19
+ tags {
20
+ Name = "bosh-default"
21
+ component = "bosh-director"
22
+ }
23
+ }
24
+
25
+ # Grant the VPC internet access on its main route table
26
+ resource "aws_route" "internet_access" {
27
+ route_table_id = "${aws_vpc.default.main_route_table_id}"
28
+ destination_cidr_block = "0.0.0.0/0"
29
+ gateway_id = "${aws_internet_gateway.default.id}"
30
+ }
31
+
32
+ # Create a subnet to launch our instances into
33
+ resource "aws_subnet" "default" {
34
+ vpc_id = "${aws_vpc.default.id}"
35
+ availability_zone = "${var.aws_availability_zone}"
36
+ cidr_block = "10.0.0.0/24"
37
+ map_public_ip_on_launch = true
38
+ tags {
39
+ Name = "bosh-default"
40
+ component = "bosh-director"
41
+ }
42
+ }
43
+
44
+ # Create an ops_services subnet
45
+ resource "aws_subnet" "ops_services" {
46
+ vpc_id = "${aws_vpc.default.id}"
47
+ availability_zone = "${var.aws_availability_zone}"
48
+ cidr_block = "10.0.10.0/24"
49
+ map_public_ip_on_launch = true
50
+ tags {
51
+ Name = "ops_services"
52
+ component = "ops_services"
53
+ }
54
+ }
55
+
56
+ # Create an EIP for our Director
57
+ resource "aws_eip" "boshdirector" {
58
+ vpc = true
59
+ }
60
+
61
+ # The default security group
62
+ resource "aws_security_group" "boshdefault" {
63
+ name = "boshdefault"
64
+ description = "Default BOSH security group"
65
+ vpc_id = "${aws_vpc.default.id}"
66
+ tags {
67
+ Name = "bosh-default"
68
+ component = "bosh-director"
69
+ }
70
+
71
+ # inbound access rules
72
+ ingress {
73
+ from_port = 6868
74
+ to_port = 6868
75
+ protocol = "tcp"
76
+ cidr_blocks = [
77
+ "0.0.0.0/0"]
78
+ }
79
+
80
+ ingress {
81
+ from_port = 25555
82
+ to_port = 25555
83
+ protocol = "tcp"
84
+ cidr_blocks = [
85
+ "0.0.0.0/0"]
86
+ }
87
+
88
+ ingress {
89
+ from_port = 22
90
+ to_port = 22
91
+ protocol = "tcp"
92
+ cidr_blocks = [
93
+ "0.0.0.0/0"]
94
+ }
95
+
96
+ ingress {
97
+ from_port = 0
98
+ to_port = 65535
99
+ protocol = "tcp"
100
+ self = true
101
+ }
102
+
103
+ ingress {
104
+ from_port = 0
105
+ to_port = 65535
106
+ protocol = "udp"
107
+ self = true
108
+ }
109
+
110
+ # outbound internet access
111
+ egress {
112
+ from_port = 0
113
+ to_port = 0
114
+ protocol = "-1"
115
+ cidr_blocks = [
116
+ "0.0.0.0/0"]
117
+ }
118
+ }
@@ -0,0 +1,15 @@
1
+ output "security_group_id" {
2
+ value = "${aws_security_group.boshdefault.id}"
3
+ }
4
+
5
+ output "default_subnet_id" {
6
+ value = "${aws_subnet.default.id}"
7
+ }
8
+
9
+ output "ops_services_subnet_id" {
10
+ value = "${aws_subnet.ops_services.id}"
11
+ }
12
+
13
+ output "eip" {
14
+ value = "${aws_eip.boshdirector.public_ip}"
15
+ }
@@ -0,0 +1,7 @@
1
+ aws_access_key_id="<%= @values['aws']['access_key_id'] %>"
2
+ aws_secret_access_key="<%= @values['aws']['secret_access_key'] %>"
3
+ aws_region="<%= @values['aws']['region'] %>"
4
+ aws_availability_zone="<%= @values['aws']['az'] %>"
5
+ //ssl_cert_arn="arn:aws:iam::12345"
6
+ ci_dns_zone_id="<%= @values['aws']['ci_dns_zone_id'] %>"
7
+ ci_hostname="<%= @values['aws']['ci_hostname'] %>"
@@ -0,0 +1,26 @@
1
+ variable "aws_access_key_id" {
2
+ type = "string"
3
+ }
4
+ variable "aws_secret_access_key" {
5
+ type = "string"
6
+ }
7
+ variable "aws_region" {
8
+ type = "string"
9
+ default = "us-east-1"
10
+ }
11
+ variable "aws_availability_zone" {
12
+ type = "string"
13
+ default = "us-east-1a"
14
+ }
15
+ //variable "source_access_block1" {
16
+ //type = "string"
17
+ //}
18
+ variable "ci_hostname" {
19
+ type = "string"
20
+ }
21
+ variable "ci_dns_zone_id" {
22
+ type = "string"
23
+ }
24
+ //variable "ssl_cert_arn" {
25
+ //type = "string"
26
+ //}