Commit bfe10e9d by Feanil Patel

Merge pull request #714 from edx/feanil/admin_jenkins

Feanil/admin jenkins
parents f5586f40 5d3cc308
......@@ -88,6 +88,16 @@
"cg1.4xlarge"
],
"ConstraintDescription":"must be a valid EC2 instance type."
},
"JenkinsServerPort":{
"Description":"The TCP port for the Jenkins server",
"Type":"Number",
"Default":"8080"
},
"AsgardServerPort":{
"Description":"The TCP port for the Asgard server",
"Type":"Number",
"Default":"8090"
}
},
"Mappings":{
......@@ -684,14 +694,14 @@
},
{
"IpProtocol":"tcp",
"FromPort":"80",
"ToPort":"80",
"FromPort":{ "Ref": "JenkinsServerPort" },
"ToPort":{ "Ref": "JenkinsServerPort" },
"CidrIp":"0.0.0.0/0"
},
{
"IpProtocol":"tcp",
"FromPort":"443",
"ToPort":"443",
"FromPort":{ "Ref": "AsgardServerPort" },
"ToPort":{ "Ref": "AsgardServerPort" },
"CidrIp":"0.0.0.0/0"
}
]
......@@ -709,7 +719,25 @@
"Action": [ "sts:AssumeRole" ]
} ]
},
"Path": "/"
"Path": "/",
"Policies": [ {
"PolicyName": "AdminBasePolicy",
"PolicyDocument": {
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:Get*",
"s3:List*",
"ses:SendEmail",
"ses:SendRawEmail",
"ses:GetSendQuota"
],
"Resource":"*"
}
]
}
} ]
}
},
"AdminInstanceProfile": {
......@@ -770,8 +798,40 @@
},
"PropagateAtLaunch":true
}
],
"UserData":{
"Fn::Base64":{
"Fn::Join":[
"",
[
"#!/bin/bash -x\n",
"exec >> /home/ubuntu/cflog.log\n",
"exec 2>> /home/ubuntu/cflog.log\n",
"function error_exit\n",
"{\n",
" cfn-signal -e 1 -r \"$1\" '",
{
"Ref":"AdminServerWaitHandle"
},
"'\n",
" exit 1\n",
"}\n",
"apt-get -y update\n",
"apt-get -y install python-setuptools\n",
"echo \"Python Tools installed\" - `date`\n",
"easy_install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n",
"echo \"Cloudformation Boostrap installed \" - `date`\n",
"# If all went well, signal success\n",
"cfn-signal -e $? -r 'Edx Server configuration' '",
{
"Ref":"AdminServerWaitHandle"
},
"'\n"
]
]
}
}
}
},
"AdminSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup",
......@@ -791,37 +851,30 @@
},
{
"IpProtocol":"tcp",
"FromPort":"80",
"ToPort":"80",
"FromPort":{ "Ref": "JenkinsServerPort" },
"ToPort":{ "Ref": "JenkinsServerPort" },
"CidrIp":"0.0.0.0/0"
},
{
"IpProtocol":"tcp",
"FromPort":"443",
"ToPort":"443",
"FromPort":{ "Ref": "AsgardServerPort" },
"ToPort":{ "Ref": "AsgardServerPort" },
"CidrIp":"0.0.0.0/0"
}
],
"SecurityGroupEgress":[
{
"IpProtocol":"tcp",
"FromPort":"22",
"ToPort":"22",
"CidrIp":"10.0.0.0/16"
]
}
},
{
"IpProtocol":"tcp",
"FromPort":"80",
"ToPort":"80",
"CidrIp":"0.0.0.0/0"
"AdminServerWaitHandle":{
"Type":"AWS::CloudFormation::WaitConditionHandle"
},
{
"IpProtocol":"tcp",
"FromPort":"443",
"ToPort":"443",
"CidrIp":"0.0.0.0/0"
}
]
"AdminServerWaitCondition":{
"Type":"AWS::CloudFormation::WaitCondition",
"DependsOn":"AdminHost",
"Properties":{
"Handle":{
"Ref":"AdminServerWaitHandle"
},
"Timeout":"1200"
}
}
}
......
......@@ -7,3 +7,4 @@
jinja2_extensions=jinja2.ext.do
hash_behaviour=merge
host_key_checking = False
roles_path=../../../ansible-roles
# ansible-playbook -c ssh -vvvv --user=ubuntu -i ec2.py deployer.yml -e "@gh_users.yml" -e "@/path/to/secure/ansible/vars/hotg.yml" -e "@/path/to/configuration-secure/ansible/vars/common/common.yml" --limit="tag_aws_cloudformation_stack-name_<admin_stack_name>"
# You will need to create a gh_users.yml that contains the github names of users that should have login access to the machines.
# Setup user login on the bastion
- name: Configure Bastion
hosts: tag_role_bastion
sudo: True
gather_facts: False
roles:
- gh_users
# Configure an admin instance with jenkins and asgard.
- name: Configure instance(s)
hosts: tag_role_admin
sudo: True
gather_facts: True
roles:
- common
- gh_users
- jenkins_master
- hotg
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment