kite 0.0.2 → 0.0.3

data/tpl/aws/bin/make_manifest_concourse-cluster.sh

@@ -0,0 +1,96 @@
+#!/bin/bash
+#
+#  Please set the following environment variables:
+#  $DB_PASSWORD
+#  $CONCOURSE_URL
+#  $CONCOURSE_AUTH_USERNAME
+#  $CONCOURSE_AUTH_PASSWORD
+
+DIRECTOR_UUID=`bosh status --uuid`
+
+echo "director_uuid = $DIRECTOR_UUID"
+echo "concourse url = $CONCOURSE_URL"
+
+cat >concourse.yml <<YAML
+---
+name: concourse
+
+director_uuid: $DIRECTOR_UUID
+
+releases:
+- name: concourse
+  version: latest
+- name: garden-runc
+  version: latest
+
+stemcells:
+- alias: trusty
+  os: ubuntu-trusty
+  version: latest
+
+instance_groups:
+- name: web
+  instances: 1
+  vm_type: concourse_web
+  stemcell: trusty
+  azs: [z1]
+  networks: [{name: ops_services}]
+  jobs:
+  - name: atc
+    release: concourse
+    properties:
+      # replace with your CI's externally reachable URL e.g https://blah
+      external_url: $CONCOURSE_URL
+
+      basic_auth_username: $CONCOURSE_AUTH_USERNAME
+      basic_auth_password: $CONCOURSE_AUTH_PASSWORD
+
+      postgresql_database: &atc_db atc
+  - name: tsa
+    release: concourse
+    properties: {}
+
+- name: db
+  instances: 1
+  vm_type: concourse_db
+  stemcell: trusty
+  persistent_disk_type: default
+  azs: [z1]
+  networks: [{name: ops_services}]
+  jobs:
+  - name: postgresql
+    release: concourse
+    properties:
+      databases:
+      - name: *atc_db
+        # make up a role and password
+        role: dbrole
+        password: $DB_PASSWORD
+
+- name: worker
+  instances: 1
+  vm_type: concourse_worker
+  stemcell: trusty
+  azs: [z1]
+  networks: [{name: ops_services}]
+  jobs:
+  - name: groundcrew
+    release: concourse
+    properties: {}
+  - name: baggageclaim
+    release: concourse
+    properties: {}
+  - name: garden
+    release: garden-runc
+    properties:
+      garden:
+        listen_network: tcp
+        listen_address: 0.0.0.0:7777
+
+update:
+  canaries: 1
+  max_in_flight: 1
+  serial: false
+  canary_watch_time: 1000-60000
+  update_watch_time: 1000-60000
+YAML

data/tpl/aws/bootstrap.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+source ./.env
+
+pushd terraform && terraform apply && popd
+
+bash ./bin/make_manifest_bosh-init.sh
+bosh-init deploy bosh-director.yml
+
+read -p "Enter bosh director ip: " bosh_director_ip
+pushd terraform && BOSH_DIRECTOR_IP=$(terraform output eip) && popd
+bosh target $BOSH_DIRECTOR_IP
+
+bash ./bin/make_cloud_config.sh
+bosh update cloud-config aws-cloud.yml
+
+bosh upload stemcell https://bosh.io/d/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent
+bosh upload release https://bosh.io/d/github.com/concourse/concourse
+bosh upload release https://bosh.io/d/github.com/cloudfoundry-incubator/garden-runc-release
+
+bash ./bin/make_manifest_concourse-cluster.sh
+bosh deployment concourse.yml
+
+bosh deploy

data/tpl/aws/env.example.erb

@@ -0,0 +1,12 @@
+export AWS_ACCESS_KEY_ID=<%= @values['aws']['access_key_id'] %>
+export AWS_SECRET_ACCESS_KEY=<%= @values['aws']['secret_access_key'] %>
+export AWS_REGION=<%= @values['aws']['region'] %>
+export AWS_AZ=<%= @values['aws']['az'] %>
+export BOSH_PASSWORD=<%= @values['aws']['bosh_password'] %>
+export AWS_KEYPAIR_KEY_NAME=<%= @values['aws']['keypair_name'] %>
+export PRIVATE_KEY_PATH=<%= @values['aws']['private_key_path'] %>
+
+export DB_PASSWORD=<%= @values['aws']['db_password'] %>
+export CONCOURSE_URL=<%= @values['aws']['concourse_url'] %>
+export CONCOURSE_AUTH_USERNAME=<%= @values['aws']['concourse_auth_username'] %>
+export CONCOURSE_AUTH_PASSWORD=<%= @values['aws']['concourse_auth_password'] %>

data/tpl/aws/terraform/aws-concourse.tf

@@ -0,0 +1,127 @@
+# Create a Concourse security group
+resource "aws_security_group" "concourse-sg" {
+  name        = "concourse-sg"
+  description = "Concourse security group"
+  vpc_id      = "${aws_vpc.default.id}"
+  tags {
+  Name = "concourse-sg"
+  component = "concourse"
+  }
+
+  # outbound internet access
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # inbound connections from ELB
+  ingress {
+    from_port   = 8080
+    to_port     = 8080
+    protocol    = "tcp"
+    security_groups = ["${aws_security_group.elb-sg.id}"]
+  }
+
+  ingress {
+    from_port = 8080
+    to_port = 8080
+    protocol = "tcp"
+    cidr_blocks = [
+      "0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 2222
+    to_port     = 2222
+    protocol    = "tcp"
+    security_groups = ["${aws_security_group.elb-sg.id}"]
+  }
+}
+
+# Create an ELB security group
+resource "aws_security_group" "elb-sg" {
+  name        = "elb-sg"
+  description = "ELB security group"
+  vpc_id      = "${aws_vpc.default.id}"
+  tags {
+  Name = "elb-sg"
+  component = "concourse"
+  }
+
+  # outbound internet access
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # inbound http
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # inbound https
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # inbound https
+  ingress {
+    from_port   = 2222
+    to_port     = 2222
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+}
+
+# Create a new load balancer
+resource "aws_elb" "concourse" {
+  name = "concourse-elb"
+  subnets = ["${aws_subnet.ops_services.id}"]
+  security_groups = ["${aws_security_group.elb-sg.id}"]
+
+  listener {
+    instance_port = 8080
+    instance_protocol = "http"
+    lb_port = 80
+    lb_protocol = "http"
+  }
+
+  listener {
+    instance_port = 8080
+    instance_protocol = "http"
+    lb_port = 80
+    lb_protocol = "http"
+//    ssl_certificate_id = "${var.ssl_cert_arn}"
+}
+
+  listener {
+    instance_port = 2222
+    instance_protocol = "tcp"
+    lb_port = 2222
+    lb_protocol = "tcp"
+  }
+
+  tags {
+  component = "concourse"
+  }
+}
+
+# Create a CNAME record
+resource "aws_route53_record" "concourse" {
+   zone_id = "${var.ci_dns_zone_id}"
+   name = "${var.ci_hostname}"
+   type = "CNAME"
+   ttl = "300"
+   records = ["${aws_elb.concourse.dns_name}"]
+}

data/tpl/aws/terraform/aws-vault.tf

@@ -0,0 +1,26 @@
+# Create a Vault security group
+resource "aws_security_group" "vault-sg" {
+  name        = "vault-sg"
+  description = "Vault security group"
+  vpc_id      = "${aws_vpc.default.id}"
+  tags {
+  Name = "vault-sg"
+  component = "vault"
+  }
+
+  # outbound internet access
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # inbound http
+  ingress {
+    from_port   = 8200
+    to_port     = 8200
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}

data/tpl/aws/terraform/bosh-aws-base.tf

@@ -0,0 +1,118 @@
+# Specify the provider and access details
+provider "aws" {
+  region = "${var.aws_region}"
+}
+
+# Create a VPC to launch our instances into
+resource "aws_vpc" "default" {
+  cidr_block = "10.0.0.0/16"
+
+  tags {
+    Name = "bosh-default"
+    component = "bosh-director"
+  }
+}
+
+# Create an internet gateway to give our subnet access to the outside world
+resource "aws_internet_gateway" "default" {
+  vpc_id = "${aws_vpc.default.id}"
+  tags {
+    Name = "bosh-default"
+    component = "bosh-director"
+  }
+}
+
+# Grant the VPC internet access on its main route table
+resource "aws_route" "internet_access" {
+  route_table_id = "${aws_vpc.default.main_route_table_id}"
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id = "${aws_internet_gateway.default.id}"
+}
+
+# Create a subnet to launch our instances into
+resource "aws_subnet" "default" {
+  vpc_id = "${aws_vpc.default.id}"
+  availability_zone = "${var.aws_availability_zone}"
+  cidr_block = "10.0.0.0/24"
+  map_public_ip_on_launch = true
+  tags {
+    Name = "bosh-default"
+    component = "bosh-director"
+  }
+}
+
+# Create an ops_services subnet
+resource "aws_subnet" "ops_services" {
+  vpc_id = "${aws_vpc.default.id}"
+  availability_zone = "${var.aws_availability_zone}"
+  cidr_block = "10.0.10.0/24"
+  map_public_ip_on_launch = true
+  tags {
+    Name = "ops_services"
+    component = "ops_services"
+  }
+}
+
+# Create an EIP for our Director
+resource "aws_eip" "boshdirector" {
+  vpc = true
+}
+
+# The default security group
+resource "aws_security_group" "boshdefault" {
+  name = "boshdefault"
+  description = "Default BOSH security group"
+  vpc_id = "${aws_vpc.default.id}"
+  tags {
+    Name = "bosh-default"
+    component = "bosh-director"
+  }
+
+  # inbound access rules
+  ingress {
+    from_port = 6868
+    to_port = 6868
+    protocol = "tcp"
+    cidr_blocks = [
+      "0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port = 25555
+    to_port = 25555
+    protocol = "tcp"
+    cidr_blocks = [
+      "0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port = 22
+    to_port = 22
+    protocol = "tcp"
+    cidr_blocks = [
+      "0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port = 0
+    to_port = 65535
+    protocol = "tcp"
+    self = true
+  }
+
+  ingress {
+    from_port = 0
+    to_port = 65535
+    protocol = "udp"
+    self = true
+  }
+
+  # outbound internet access
+  egress {
+    from_port = 0
+    to_port = 0
+    protocol = "-1"
+    cidr_blocks = [
+      "0.0.0.0/0"]
+  }
+}

data/tpl/aws/terraform/outputs.tf

@@ -0,0 +1,15 @@
+output "security_group_id" {
+    value = "${aws_security_group.boshdefault.id}"
+}
+
+output "default_subnet_id" {
+    value = "${aws_subnet.default.id}"
+}
+
+output "ops_services_subnet_id" {
+    value = "${aws_subnet.ops_services.id}"
+}
+
+output "eip" {
+    value = "${aws_eip.boshdirector.public_ip}"
+}

data/tpl/aws/terraform/terraform.tfvars.erb

@@ -0,0 +1,7 @@
+aws_access_key_id="<%= @values['aws']['access_key_id'] %>"
+aws_secret_access_key="<%= @values['aws']['secret_access_key'] %>"
+aws_region="<%= @values['aws']['region'] %>"
+aws_availability_zone="<%= @values['aws']['az'] %>"
+//ssl_cert_arn="arn:aws:iam::12345"
+ci_dns_zone_id="<%= @values['aws']['ci_dns_zone_id'] %>"
+ci_hostname="<%= @values['aws']['ci_hostname'] %>"

data/tpl/aws/terraform/variables.tf

@@ -0,0 +1,26 @@
+variable "aws_access_key_id" {
+type = "string"
+}
+variable "aws_secret_access_key" {
+type = "string"
+}
+variable "aws_region" {
+    type = "string"
+    default =  "us-east-1"
+}
+variable "aws_availability_zone" {
+    type = "string"
+    default =  "us-east-1a"
+}
+//variable "source_access_block1" {
+//type = "string"
+//}
+variable "ci_hostname" {
+type = "string"
+}
+variable "ci_dns_zone_id" {
+type = "string"
+}
+//variable "ssl_cert_arn" {
+//type = "string"
+//}