Skip to content

Commit

Permalink
Merge pull request #61 from malscent/main
Browse files Browse the repository at this point in the history 
Update per AWS suggestions
  • Loading branch information
@malscent
malscent authored Jun 24, 2021
2 parents 9da4d3e + 5b2bcc6 commit 0d7b8e7
Show file tree
Hide file tree
Showing 11 changed files with 402 additions and 192 deletions.
150 changes: 110 additions & 40 deletions aws/CouchbaseServer/couchbase-amzn-lnx2.template
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,47 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Couchbase Enterprise Edition Server on Amazon Linux 2",
"Metadata": {
"AWS::CloudFormation::Interface": {
"ParameterGroups": [
{
"Label": {
"default": "Network Configuration/Access"
},
"Parameters": [
"VpcName",
"SubnetList",
"SSHCIDR",
"KeyName"
]
},
{
"Label": {
"default": "Server Configuration"
},
"Parameters": [
"ServerInstanceCount",
"ServerDiskSize",
"ServerVersion",
"InstanceType",
"Username",
"Password"
]
}
],
"ParameterLabels": {
"SSHCIDR": {
"default": "Access CIDR"
},
"Username": {
"default": "Database Username"
},
"Password": {
"default": "Database Password"
}
}
}
},
"Mappings": {},
"Parameters": {
"ServerInstanceCount": {
Expand Down Expand Up @@ -136,49 +177,36 @@
}
},
"Resources": {
"UsernameParameter": {
"Type": "AWS::SSM::Parameter",
"CouchbaseSecret": {
"Type": "AWS::SecretsManager::Secret",
"Properties": {
"DataType": "text",
"Description": "Couchbase Admin Username",
"Name": {
"Fn::Join": [
"",
[
"/",
{
"Ref": "AWS::StackName"
},
"/cb_username"
"-CouchbaseSecret"
]
]
},
"Type": "String",
"Value": {
"Ref": "Username"
}
}
},
"PasswordParameter": {
"Type": "AWS::SSM::Parameter",
"Properties": {
"DataType": "text",
"Description": "Couchbase Admin Password",
"Name": {
"Description": "Couchbase Admin Username/Password Secret",
"SecretString": {
"Fn::Join": [
"",
[
"/",
"{\"username\": \"",
{
"Ref": "AWS::StackName"
"Ref": "Username"
},
"\", \"password\":\"",
{
"Ref": "Password"
},
"/cb_password"
"\"}"
]
]
},
"Type": "String",
"Value": {
"Ref": "Password"
}
}
},
Expand Down Expand Up @@ -212,10 +240,9 @@
},
"Timeout": "PT15M"
}
},
},
"DependsOn": [
"UsernameParameter",
"PasswordParameter"
"CouchbaseSecret"
]
},
"ServerLaunchTemplate": {
Expand Down Expand Up @@ -319,9 +346,12 @@
"ec2:DescribeTags",
"ec2:DescribeInstances",
"autoscaling:DescribeAutoScalingGroups",
"ssm:GetParameter"
"ssm:GetParameter",
"secretsmanager:GetSecretValue"
],
"Resource": "*"
"Resource": [
"*"
]
}
]
}
Expand All @@ -336,9 +366,19 @@
"VpcId": {
"Ref": "VpcName"
},
"SecurityGroupEgress": [
{
"IpProtocol": "tcp",
"Description": "Outbound Access",
"FromPort": 0,
"ToPort": 65535,
"CidrIp": "0.0.0.0/0"
}
],
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"Description": "SSH Ingress port",
"FromPort": 22,
"ToPort": 22,
"CidrIp": {
Expand All @@ -347,63 +387,93 @@
},
{
"IpProtocol": "tcp",
"Description": "Couchbase Server Ports",
"FromPort": 4369,
"ToPort": 4369,
"CidrIp": "0.0.0.0/0"
"CidrIp": {
"Ref": "SSHCIDR"
}
},
{
"IpProtocol": "tcp",
"Description": "Couchbase Server Ports",
"FromPort": 4984,
"ToPort": 4985,
"CidrIp": "0.0.0.0/0"
"CidrIp": {
"Ref": "SSHCIDR"
}
},
{
"IpProtocol": "tcp",
"Description": "Couchbase Server Admin API Port",
"FromPort": 8091,
"ToPort": 8096,
"CidrIp": "0.0.0.0/0"
"CidrIp": {
"Ref": "SSHCIDR"
}
},
{
"IpProtocol": "tcp",
"Description": "Couchbase Server Ports",
"FromPort": 9100,
"ToPort": 9105,
"CidrIp": "0.0.0.0/0"
"CidrIp": {
"Ref": "SSHCIDR"
}
},
{
"IpProtocol": "tcp",
"Description": "Couchbase Server Ports",
"FromPort": 9110,
"ToPort": 9122,
"CidrIp": "0.0.0.0/0"
"CidrIp": {
"Ref": "SSHCIDR"
}
},
{
"IpProtocol": "tcp",
"Description": "Couchbase Server Ports",
"FromPort": 9130,
"ToPort": 9130,
"CidrIp": "0.0.0.0/0"
"CidrIp": {
"Ref": "SSHCIDR"
}
},
{
"IpProtocol": "tcp",
"Description": "Couchbase Server Ports",
"FromPort": 9998,
"ToPort": 9999,
"CidrIp": "0.0.0.0/0"
"CidrIp": {
"Ref": "SSHCIDR"
}
},
{
"IpProtocol": "tcp",
"Description": "Couchbase Server Ports",
"FromPort": 11207,
"ToPort": 11215,
"CidrIp": "0.0.0.0/0"
"CidrIp": {
"Ref": "SSHCIDR"
}
},
{
"IpProtocol": "tcp",
"Description": "Couchbase Server Ports",
"FromPort": 18091,
"ToPort": 18096,
"CidrIp": "0.0.0.0/0"
"CidrIp": {
"Ref": "SSHCIDR"
}
},
{
"IpProtocol": "tcp",
"Description": "Couchbase Server Ports",
"FromPort": 21100,
"ToPort": 21299,
"CidrIp": "0.0.0.0/0"
"CidrIp": {
"Ref": "SSHCIDR"
}
}
]
}
Expand Down
2 changes: 2 additions & 0 deletions aws/CouchbaseServer/deploy.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,9 @@ SSHCIDR="0.0.0.0/0"
ServerInstanceCount=$2
ServerVersion=$3
VpcName=$(aws ec2 describe-vpcs --filter "Name=isDefault,Values=true" | jq -r '.Vpcs[].VpcId')
#VpcName=vpc-0c1cd329084365f10
SubnetId=$(aws ec2 describe-subnets --filter "Name=vpc-id,Values=${VpcName}" --max-items 1 --region "$REGION" | jq -r '.Subnets[].SubnetId')
#SubnetId=subnet-08476a90d895839b4

aws cloudformation create-stack \
--capabilities CAPABILITY_IAM \
Expand Down
37 changes: 25 additions & 12 deletions aws/CouchbaseServer/embedded_server.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,17 @@ yum install jq aws-cfn-bootstrap -y -q
stackName=$__AWSStackName__
# shellcheck disable=SC2154
VERSION=$__ServerVersion__

# shellcheck disable=SC2154
SECRET=$__CouchbaseSecret__

region=$(ec2-metadata -z | cut -d " " -f 2 | sed 's/.$//')
instanceId=$(ec2-metadata -i | cut -d " " -f 2)
resource="ServerAutoScalingGroup"

USERNAME=$(aws ssm get-parameter --with-decryption --name "/${stackName}/cb_username" --region "$region" | jq -r '.Parameter.Value')
PASSWORD=$(aws ssm get-parameter --with-decryption --name "/${stackName}/cb_password" --region "$region" | jq -r '.Parameter.Value')

SECRET_VALUE=$(aws secretsmanager get-secret-value --secret-id "${SECRET}" --version-stage AWSCURRENT --region "$region" | jq -r .SecretString)
USERNAME=$(echo "$SECRET_VALUE" | jq -r .username)
PASSWORD=$(echo "$SECRET_VALUE" | jq -r .password)


rallyAutoscalingGroup=$(aws ec2 describe-instances \
Expand All @@ -31,10 +34,9 @@ rallyAutoscalingGroupInstanceIDs=$(aws autoscaling describe-auto-scaling-groups
--query 'AutoScalingGroups[*].Instances[*].InstanceId' \
--auto-scaling-group-name "${rallyAutoscalingGroup}" \
| jq -r '.[] | .[]')

rallyInstanceID=$(echo "${rallyAutoscalingGroupInstanceIDs}" | cut -d " " -f1)

rallyAutoscalingGroupInstanceIDsArray=("$rallyAutoscalingGroupInstanceIDs")
# shellcheck disable=SC2206
IFS=$'\n' rallyAutoscalingGroupInstanceIDsArray=($rallyAutoscalingGroupInstanceIDs)
rallyInstanceID=${rallyAutoscalingGroupInstanceIDsArray[0]}

for i in "${rallyAutoscalingGroupInstanceIDsArray[@]}"; do
tags=$(aws ec2 describe-tags --region "${region}" --filter "Name=tag:Name,Values=*Rally" "Name=resource-id,Values=$i")
Expand All @@ -48,9 +50,16 @@ done
rallyPublicDNS=$(aws ec2 describe-instances \
--region "${region}" \
--query 'Reservations[0].Instances[0].NetworkInterfaces[0].Association.PublicDnsName' \
--instance-ids ${rallyInstanceID} \
--instance-ids "${rallyInstanceID}" \
--output text)
nodePublicDNS=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname)
if [[ "$rallyPublicDNS" == "None" ]]; then
rallyPublicDNS=$(aws ec2 describe-instances \
--region "${region}" \
--query 'Reservations[0].Instances[0].NetworkInterfaces[0].PrivateDnsName' \
--instance-ids "${rallyInstanceID}" \
--output text)
fi
nodePublicDNS=$(curl -sf http://169.254.169.254/latest/meta-data/public-hostname) || nodePublicDNS=$(hostname)
echo "Using the settings:"
echo "rallyPublicDNS $rallyPublicDNS"
echo "region $region"
Expand All @@ -76,6 +85,10 @@ if [[ ! -e "couchbase_installer.sh" ]]; then
curl -L --output "couchbase_installer.sh" "__SCRIPT_URL__"
fi

bash ./couchbase_installer.sh -ch "$CLUSTER_HOST" -u "$USERNAME" -p "$PASSWORD" -v "$VERSION" -os AMAZON -e AWS -s -c -d
# Calls back to AWS to signify that installation is complete
/opt/aws/bin/cfn-signal -e 0 --stack "$stackName" --resource "$resource" --region "$region"
if bash ./couchbase_installer.sh -ch "$CLUSTER_HOST" -u "$USERNAME" -p "$PASSWORD" -v "$VERSION" -os AMAZON -e AWS -s -c -d; then
# Calls back to AWS to signify that installation is complete
/opt/aws/bin/cfn-signal -e 0 --stack "$stackName" --resource "$resource" --region "$region"
else
/opt/aws/bin/cfn-signal -e 1 --stack "$stackName" --resource "$resource" --region "$region"
exit 1
fi
Loading

0 comments on commit 0d7b8e7

Please sign in to comment.