From fe78be03226d267e3a57fd51650a9d83a11b16c9 Mon Sep 17 00:00:00 2001 From: Justin Ashworth Date: Wed, 16 Jun 2021 10:08:39 -0400 Subject: [PATCH 1/3] Update per AWS suggestions --- .../couchbase-amzn-lnx2.template | 67 ++++++++--- .../couchbase-amzn-lnx2.template | 108 ++++++++++++++---- .../couchbase-amzn-lnx2.template | 41 +++++-- 3 files changed, 168 insertions(+), 48 deletions(-) diff --git a/aws/CouchbaseServer/couchbase-amzn-lnx2.template b/aws/CouchbaseServer/couchbase-amzn-lnx2.template index f04b3c7..8b74f99 100644 --- a/aws/CouchbaseServer/couchbase-amzn-lnx2.template +++ b/aws/CouchbaseServer/couchbase-amzn-lnx2.template @@ -27,8 +27,7 @@ "6.0.3", "6.0.2", "6.0.1", - "6.0.0", - "7.0.0-beta" + "6.0.0" ] }, "InstanceType": { @@ -321,7 +320,9 @@ "autoscaling:DescribeAutoScalingGroups", "ssm:GetParameter" ], - "Resource": "*" + "Resource": [ + "*" + ] } ] } @@ -336,9 +337,19 @@ "VpcId": { "Ref": "VpcName" }, + "SecurityGroupEgress": [ + { + "IpProtocol": "tcp", + "Description": "Outbound Access", + "FromPort": 0, + "ToPort": 65535, + "CidrIp": "0.0.0.0/0" + } + ], "SecurityGroupIngress": [ { "IpProtocol": "tcp", + "Description": "SSH Ingress port", "FromPort": 22, "ToPort": 22, "CidrIp": { @@ -347,63 +358,93 @@ }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Ports", "FromPort": 4369, "ToPort": 4369, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Ports", "FromPort": 4984, "ToPort": 4985, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Admin API Port", "FromPort": 8091, "ToPort": 8096, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Ports", "FromPort": 9100, "ToPort": 9105, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Ports", "FromPort": 9110, "ToPort": 9122, - "CidrIp": "0.0.0.0/0" + "CidrIp":{ + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Ports", "FromPort": 9130, "ToPort": 9130, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Ports", "FromPort": 9998, "ToPort": 9999, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Ports", "FromPort": 11207, "ToPort": 11215, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Ports", "FromPort": 18091, "ToPort": 18096, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Ports", "FromPort": 21100, "ToPort": 21299, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } } ] } diff --git a/aws/CouchbaseServerAndSyncGateway/couchbase-amzn-lnx2.template b/aws/CouchbaseServerAndSyncGateway/couchbase-amzn-lnx2.template index 857f662..1354d26 100644 --- a/aws/CouchbaseServerAndSyncGateway/couchbase-amzn-lnx2.template +++ b/aws/CouchbaseServerAndSyncGateway/couchbase-amzn-lnx2.template @@ -27,8 +27,7 @@ "6.0.3", "6.0.2", "6.0.1", - "6.0.0", - "7.0.0-beta" + "6.0.0" ] }, "SyncGatewayInstanceCount": { @@ -285,9 +284,6 @@ "Type": "AWS::AutoScaling::AutoScalingGroup", "Condition": "InstallCouchbaseServer", "Properties": { - "AvailabilityZones": { - "Fn::GetAZs": "" - }, "LaunchTemplate": { "LaunchTemplateId": { "Ref": "ServerLaunchTemplate" @@ -299,10 +295,13 @@ ] } }, - "MinSize": 0, - "MaxSize": 100, + "MinSize": "0", + "MaxSize": "100", "DesiredCapacity": { "Ref": "ServerInstanceCount" + }, + "VPCZoneIdentifier": { + "Ref": "SubnetList" } }, "CreationPolicy": { @@ -382,9 +381,6 @@ "Type": "AWS::AutoScaling::AutoScalingGroup", "Condition": "InstallSyncGateway", "Properties": { - "AvailabilityZones": { - "Fn::GetAZs": "" - }, "LaunchTemplate": { "LaunchTemplateId": { "Ref": "SyncGatewayLaunchTemplate" @@ -396,8 +392,8 @@ ] } }, - "MinSize": 0, - "MaxSize": 100, + "MinSize": "0", + "MaxSize": "100", "LoadBalancerNames": [ { "Ref": "GatewayLoadBalancer" @@ -405,6 +401,9 @@ ], "DesiredCapacity": { "Ref": "SyncGatewayInstanceCount" + }, + "VPCZoneIdentifier": { + "Ref": "SubnetList" } }, "CreationPolicy": { @@ -563,9 +562,19 @@ "Condition": "InstallCouchbaseServer", "Properties": { "GroupDescription": "Enable SSH and Couchbase Ports", + "SecurityGroupEgress": [ + { + "IpProtocol": "tcp", + "Description": "Outbound Access", + "FromPort": 0, + "ToPort": 65535, + "CidrIp": "0.0.0.0/0" + } + ], "SecurityGroupIngress": [ { "IpProtocol": "tcp", + "Description": "Outbound Access", "FromPort": 22, "ToPort": 22, "CidrIp": { @@ -574,63 +583,93 @@ }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Inbound", "FromPort": 4369, "ToPort": 4369, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Inbound", "FromPort": 4984, "ToPort": 4985, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Inbound", "FromPort": 8091, "ToPort": 8096, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Inbound", "FromPort": 9100, "ToPort": 9105, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Inbound", "FromPort": 9110, "ToPort": 9122, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Inbound", "FromPort": 9130, "ToPort": 9130, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Inbound", "FromPort": 9998, "ToPort": 9999, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Inbound", "FromPort": 11207, "ToPort": 11215, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Inbound", "FromPort": 18091, "ToPort": 18096, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Server Inbound", "FromPort": 21100, "ToPort": 21299, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } } ] } @@ -640,9 +679,19 @@ "Condition": "InstallSyncGateway", "Properties": { "GroupDescription": "Enable SSH and Sync Gateway Ports", + "SecurityGroupEgress": [ + { + "IpProtocol": "tcp", + "Description": "Outbound Access", + "FromPort": 0, + "ToPort": 65535, + "CidrIp": "0.0.0.0/0" + } + ], "SecurityGroupIngress": [ { "IpProtocol": "tcp", + "Description": "SSH Inbound Port", "FromPort": 22, "ToPort": 22, "CidrIp": { @@ -651,21 +700,30 @@ }, { "IpProtocol": "tcp", + "Description": "Sync Gateway Inbound", "FromPort": 4984, "ToPort": 4984, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Sync Gateway Inbound", "FromPort": 4985, "ToPort": 4985, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Sync Gateway Inbound", "FromPort": 4986, "ToPort": 4986, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } } ] } diff --git a/aws/CouchbaseSyncGateway/couchbase-amzn-lnx2.template b/aws/CouchbaseSyncGateway/couchbase-amzn-lnx2.template index 27b90c2..f41b263 100644 --- a/aws/CouchbaseSyncGateway/couchbase-amzn-lnx2.template +++ b/aws/CouchbaseSyncGateway/couchbase-amzn-lnx2.template @@ -146,9 +146,6 @@ "SyncGatewayAutoScalingGroup": { "Type": "AWS::AutoScaling::AutoScalingGroup", "Properties": { - "AvailabilityZones": { - "Fn::GetAZs": "" - }, "LaunchTemplate": { "LaunchTemplateId": { "Ref": "SyncGatewayLaunchTemplate" @@ -160,8 +157,8 @@ ] } }, - "MinSize": 0, - "MaxSize": 100, + "MinSize": "0", + "MaxSize": "100", "LoadBalancerNames": [ { "Ref": "GatewayLoadBalancer" @@ -169,6 +166,9 @@ ], "DesiredCapacity": { "Ref": "SyncGatewayInstanceCount" + }, + "VPCZoneIdentifier": { + "Ref": "SubnetList" } }, "CreationPolicy": { @@ -240,7 +240,7 @@ "AvailabilityZones": { "Fn::GetAZs": "" }, - "CrossZone": "true", + "CrossZone": true, "Listeners": [ { "LoadBalancerPort": "4984", @@ -311,7 +311,9 @@ "autoscaling:DescribeAutoScalingGroups", "ssm:GetParameter" ], - "Resource": "*" + "Resource": [ + "*" + ] } ] } @@ -326,9 +328,19 @@ "VpcId": { "Ref": "VpcName" }, + "SecurityGroupEgress": [ + { + "IpProtocol": "tcp", + "Description": "Outbound Access", + "FromPort": 0, + "ToPort": 65535, + "CidrIp": "0.0.0.0/0" + } + ], "SecurityGroupIngress": [ { "IpProtocol": "tcp", + "Description": "SSH Port", "FromPort": 22, "ToPort": 22, "CidrIp": { @@ -337,21 +349,30 @@ }, { "IpProtocol": "tcp", + "Description": "Couchbase Sync Gateway Port", "FromPort": 4984, "ToPort": 4984, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Sync Gateway Port", "FromPort": 4985, "ToPort": 4985, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } }, { "IpProtocol": "tcp", + "Description": "Couchbase Sync Gateway Port", "FromPort": 4986, "ToPort": 4986, - "CidrIp": "0.0.0.0/0" + "CidrIp": { + "Ref": "SSHCIDR" + } } ] } From ec6880d78c601f21f012737550bd3a01afa38c1a Mon Sep 17 00:00:00 2001 From: Justin Ashworth Date: Wed, 16 Jun 2021 10:13:58 -0400 Subject: [PATCH 2/3] Fix for security group with vpc --- .../couchbase-amzn-lnx2.template | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/aws/CouchbaseServerAndSyncGateway/couchbase-amzn-lnx2.template b/aws/CouchbaseServerAndSyncGateway/couchbase-amzn-lnx2.template index 1354d26..e6371fc 100644 --- a/aws/CouchbaseServerAndSyncGateway/couchbase-amzn-lnx2.template +++ b/aws/CouchbaseServerAndSyncGateway/couchbase-amzn-lnx2.template @@ -561,6 +561,9 @@ "Type": "AWS::EC2::SecurityGroup", "Condition": "InstallCouchbaseServer", "Properties": { + "VpcId": { + "Ref": "VpcName" + }, "GroupDescription": "Enable SSH and Couchbase Ports", "SecurityGroupEgress": [ { @@ -678,6 +681,9 @@ "Type": "AWS::EC2::SecurityGroup", "Condition": "InstallSyncGateway", "Properties": { + "VpcId": { + "Ref": "VpcName" + }, "GroupDescription": "Enable SSH and Sync Gateway Ports", "SecurityGroupEgress": [ { From 5b2bcc6e8acfde1ba8eda44c0df8a701fe657a5a Mon Sep 17 00:00:00 2001 From: Justin Ashworth Date: Thu, 24 Jun 2021 15:14:10 -0400 Subject: [PATCH 3/3] Updated for private VPC and used UI to reorg parameters --- .../couchbase-amzn-lnx2.template | 93 ++++++++++++------- aws/CouchbaseServer/deploy.sh | 2 + aws/CouchbaseServer/embedded_server.sh | 37 +++++--- .../couchbase-amzn-lnx2.template | 79 +++++++++------- aws/CouchbaseServerAndSyncGateway/deploy.sh | 6 +- .../embedded_gateway.sh | 27 ++++-- .../embedded_server.sh | 42 ++++++--- .../couchbase-amzn-lnx2.template | 66 +++++++------ aws/CouchbaseSyncGateway/deploy.sh | 2 + aws/CouchbaseSyncGateway/embedded_gateway.sh | 26 +++--- script_url.txt | 2 +- 11 files changed, 233 insertions(+), 149 deletions(-) diff --git a/aws/CouchbaseServer/couchbase-amzn-lnx2.template b/aws/CouchbaseServer/couchbase-amzn-lnx2.template index 8b74f99..539b3ec 100644 --- a/aws/CouchbaseServer/couchbase-amzn-lnx2.template +++ b/aws/CouchbaseServer/couchbase-amzn-lnx2.template @@ -1,6 +1,47 @@ { "AWSTemplateFormatVersion": "2010-09-09", "Description": "Couchbase Enterprise Edition Server on Amazon Linux 2", + "Metadata": { + "AWS::CloudFormation::Interface": { + "ParameterGroups": [ + { + "Label": { + "default": "Network Configuration/Access" + }, + "Parameters": [ + "VpcName", + "SubnetList", + "SSHCIDR", + "KeyName" + ] + }, + { + "Label": { + "default": "Server Configuration" + }, + "Parameters": [ + "ServerInstanceCount", + "ServerDiskSize", + "ServerVersion", + "InstanceType", + "Username", + "Password" + ] + } + ], + "ParameterLabels": { + "SSHCIDR": { + "default": "Access CIDR" + }, + "Username": { + "default": "Database Username" + }, + "Password": { + "default": "Database Password" + } + } + } + }, "Mappings": {}, "Parameters": { "ServerInstanceCount": { @@ -27,7 +68,8 @@ "6.0.3", "6.0.2", "6.0.1", - "6.0.0" + "6.0.0", + "7.0.0-beta" ] }, "InstanceType": { @@ -135,49 +177,36 @@ } }, "Resources": { - "UsernameParameter": { - "Type": "AWS::SSM::Parameter", + "CouchbaseSecret": { + "Type": "AWS::SecretsManager::Secret", "Properties": { - "DataType": "text", - "Description": "Couchbase Admin Username", "Name": { "Fn::Join": [ "", [ - "/", { "Ref": "AWS::StackName" }, - "/cb_username" + "-CouchbaseSecret" ] ] }, - "Type": "String", - "Value": { - "Ref": "Username" - } - } - }, - "PasswordParameter": { - "Type": "AWS::SSM::Parameter", - "Properties": { - "DataType": "text", - "Description": "Couchbase Admin Password", - "Name": { + "Description": "Couchbase Admin Username/Password Secret", + "SecretString": { "Fn::Join": [ "", [ - "/", + "{\"username\": \"", { - "Ref": "AWS::StackName" + "Ref": "Username" }, - "/cb_password" + "\", \"password\":\"", + { + "Ref": "Password" + }, + "\"}" ] ] - }, - "Type": "String", - "Value": { - "Ref": "Password" } } }, @@ -211,10 +240,9 @@ }, "Timeout": "PT15M" } - }, + }, "DependsOn": [ - "UsernameParameter", - "PasswordParameter" + "CouchbaseSecret" ] }, "ServerLaunchTemplate": { @@ -318,10 +346,11 @@ "ec2:DescribeTags", "ec2:DescribeInstances", "autoscaling:DescribeAutoScalingGroups", - "ssm:GetParameter" + "ssm:GetParameter", + "secretsmanager:GetSecretValue" ], "Resource": [ - "*" + "*" ] } ] @@ -397,7 +426,7 @@ "Description": "Couchbase Server Ports", "FromPort": 9110, "ToPort": 9122, - "CidrIp":{ + "CidrIp": { "Ref": "SSHCIDR" } }, diff --git a/aws/CouchbaseServer/deploy.sh b/aws/CouchbaseServer/deploy.sh index 17dd2fe..c368992 100755 --- a/aws/CouchbaseServer/deploy.sh +++ b/aws/CouchbaseServer/deploy.sh @@ -27,7 +27,9 @@ SSHCIDR="0.0.0.0/0" ServerInstanceCount=$2 ServerVersion=$3 VpcName=$(aws ec2 describe-vpcs --filter "Name=isDefault,Values=true" | jq -r '.Vpcs[].VpcId') +#VpcName=vpc-0c1cd329084365f10 SubnetId=$(aws ec2 describe-subnets --filter "Name=vpc-id,Values=${VpcName}" --max-items 1 --region "$REGION" | jq -r '.Subnets[].SubnetId') +#SubnetId=subnet-08476a90d895839b4 aws cloudformation create-stack \ --capabilities CAPABILITY_IAM \ diff --git a/aws/CouchbaseServer/embedded_server.sh b/aws/CouchbaseServer/embedded_server.sh index 244c473..780bd87 100644 --- a/aws/CouchbaseServer/embedded_server.sh +++ b/aws/CouchbaseServer/embedded_server.sh @@ -11,14 +11,17 @@ yum install jq aws-cfn-bootstrap -y -q stackName=$__AWSStackName__ # shellcheck disable=SC2154 VERSION=$__ServerVersion__ - +# shellcheck disable=SC2154 +SECRET=$__CouchbaseSecret__ region=$(ec2-metadata -z | cut -d " " -f 2 | sed 's/.$//') instanceId=$(ec2-metadata -i | cut -d " " -f 2) resource="ServerAutoScalingGroup" -USERNAME=$(aws ssm get-parameter --with-decryption --name "/${stackName}/cb_username" --region "$region" | jq -r '.Parameter.Value') -PASSWORD=$(aws ssm get-parameter --with-decryption --name "/${stackName}/cb_password" --region "$region" | jq -r '.Parameter.Value') + +SECRET_VALUE=$(aws secretsmanager get-secret-value --secret-id "${SECRET}" --version-stage AWSCURRENT --region "$region" | jq -r .SecretString) +USERNAME=$(echo "$SECRET_VALUE" | jq -r .username) +PASSWORD=$(echo "$SECRET_VALUE" | jq -r .password) rallyAutoscalingGroup=$(aws ec2 describe-instances \ @@ -31,10 +34,9 @@ rallyAutoscalingGroupInstanceIDs=$(aws autoscaling describe-auto-scaling-groups --query 'AutoScalingGroups[*].Instances[*].InstanceId' \ --auto-scaling-group-name "${rallyAutoscalingGroup}" \ | jq -r '.[] | .[]') - -rallyInstanceID=$(echo "${rallyAutoscalingGroupInstanceIDs}" | cut -d " " -f1) - -rallyAutoscalingGroupInstanceIDsArray=("$rallyAutoscalingGroupInstanceIDs") +# shellcheck disable=SC2206 +IFS=$'\n' rallyAutoscalingGroupInstanceIDsArray=($rallyAutoscalingGroupInstanceIDs) +rallyInstanceID=${rallyAutoscalingGroupInstanceIDsArray[0]} for i in "${rallyAutoscalingGroupInstanceIDsArray[@]}"; do tags=$(aws ec2 describe-tags --region "${region}" --filter "Name=tag:Name,Values=*Rally" "Name=resource-id,Values=$i") @@ -48,9 +50,16 @@ done rallyPublicDNS=$(aws ec2 describe-instances \ --region "${region}" \ --query 'Reservations[0].Instances[0].NetworkInterfaces[0].Association.PublicDnsName' \ - --instance-ids ${rallyInstanceID} \ + --instance-ids "${rallyInstanceID}" \ --output text) -nodePublicDNS=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname) +if [[ "$rallyPublicDNS" == "None" ]]; then + rallyPublicDNS=$(aws ec2 describe-instances \ + --region "${region}" \ + --query 'Reservations[0].Instances[0].NetworkInterfaces[0].PrivateDnsName' \ + --instance-ids "${rallyInstanceID}" \ + --output text) +fi +nodePublicDNS=$(curl -sf http://169.254.169.254/latest/meta-data/public-hostname) || nodePublicDNS=$(hostname) echo "Using the settings:" echo "rallyPublicDNS $rallyPublicDNS" echo "region $region" @@ -76,6 +85,10 @@ if [[ ! -e "couchbase_installer.sh" ]]; then curl -L --output "couchbase_installer.sh" "__SCRIPT_URL__" fi -bash ./couchbase_installer.sh -ch "$CLUSTER_HOST" -u "$USERNAME" -p "$PASSWORD" -v "$VERSION" -os AMAZON -e AWS -s -c -d -# Calls back to AWS to signify that installation is complete -/opt/aws/bin/cfn-signal -e 0 --stack "$stackName" --resource "$resource" --region "$region" +if bash ./couchbase_installer.sh -ch "$CLUSTER_HOST" -u "$USERNAME" -p "$PASSWORD" -v "$VERSION" -os AMAZON -e AWS -s -c -d; then + # Calls back to AWS to signify that installation is complete + /opt/aws/bin/cfn-signal -e 0 --stack "$stackName" --resource "$resource" --region "$region" +else + /opt/aws/bin/cfn-signal -e 1 --stack "$stackName" --resource "$resource" --region "$region" + exit 1 +fi diff --git a/aws/CouchbaseServerAndSyncGateway/couchbase-amzn-lnx2.template b/aws/CouchbaseServerAndSyncGateway/couchbase-amzn-lnx2.template index e6371fc..4cbbd49 100644 --- a/aws/CouchbaseServerAndSyncGateway/couchbase-amzn-lnx2.template +++ b/aws/CouchbaseServerAndSyncGateway/couchbase-amzn-lnx2.template @@ -1,6 +1,29 @@ { "AWSTemplateFormatVersion": "2010-09-09", "Description": "Couchbase Enterprise Edition Server on Amazon Linux 2", + "Metadata": { + "AWS::CloudFormation::Interface": { + "ParameterGroups": [ + { + "Label": { "default": "Network Configuration/Access" }, + "Parameters": ["VpcName", "SubnetList", "SSHCIDR", "KeyName"] + }, + { + "Label": { "default": "Server Configuration" }, + "Parameters": ["ServerInstanceCount", "ServerDiskSize", "ServerVersion", "InstanceType", "Username", "Password"] + }, + { + "Label": { "default": "Sync Gateway Configuration" }, + "Parameters": ["SyncGatewayInstanceCount", "SyncGatewayVersion", "SyncGatewayInstanceType"] + } + ], + "ParameterLabels": { + "SSHCIDR": { "default": "Access CIDR" }, + "Username": { "default": "Database Username"}, + "Password": { "default": "Database Password"} + } + } + }, "Mappings": {}, "Parameters": { "ServerInstanceCount": { @@ -179,7 +202,7 @@ "Type": "AWS::EC2::KeyPair::KeyName" }, "SSHCIDR": { - "Description": "SSH CIDR", + "Description": "A CIDR that should be granted access to the database", "Type": "String", "MinLength": 9, "MaxLength": 18, @@ -232,51 +255,36 @@ } }, "Resources": { - "UsernameParameter": { - "Type": "AWS::SSM::Parameter", - "Condition": "Install", + "CouchbaseSecret": { + "Type": "AWS::SecretsManager::Secret", "Properties": { - "DataType": "text", - "Description": "Couchbase Admin Username", "Name": { "Fn::Join": [ "", [ - "/", { "Ref": "AWS::StackName" }, - "/cb_username" + "-CouchbaseSecret" ] ] }, - "Type": "String", - "Value": { - "Ref": "Username" - } - } - }, - "PasswordParameter": { - "Type": "AWS::SSM::Parameter", - "Condition": "Install", - "Properties": { - "DataType": "text", - "Description": "Couchbase Admin Password", - "Name": { + "Description": "Couchbase Admin Username/Password Secret", + "SecretString": { "Fn::Join": [ "", [ - "/", + "{\"username\": \"", { - "Ref": "AWS::StackName" + "Ref": "Username" + }, + "\", \"password\":\"", + { + "Ref": "Password" }, - "/cb_password" + "\"}" ] ] - }, - "Type": "String", - "Value": { - "Ref": "Password" } } }, @@ -313,8 +321,7 @@ } }, "DependsOn": [ - "UsernameParameter", - "PasswordParameter" + "CouchbaseSecret" ] }, "ServerLaunchTemplate": { @@ -415,8 +422,7 @@ } }, "DependsOn": [ - "UsernameParameter", - "PasswordParameter" + "CouchbaseSecret" ] }, "SyncGatewayLaunchTemplate": { @@ -473,8 +479,8 @@ "Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Condition": "InstallSyncGateway", "Properties": { - "AvailabilityZones": { - "Fn::GetAZs": "" + "Subnets": { + "Ref": "SubnetList" }, "CrossZone": "true", "Listeners": [ @@ -498,7 +504,7 @@ "Target": "HTTP:4984/", "HealthyThreshold": "3", "UnhealthyThreshold": "5", - "Interval": "30", + "Interval": "300", "Timeout": "5" } } @@ -547,7 +553,8 @@ "ec2:DescribeTags", "ec2:DescribeInstances", "autoscaling:DescribeAutoScalingGroups", - "ssm:GetParameter" + "ssm:GetParameter", + "secretsmanager:GetSecretValue" ], "Resource": "*" } diff --git a/aws/CouchbaseServerAndSyncGateway/deploy.sh b/aws/CouchbaseServerAndSyncGateway/deploy.sh index eb0bb80..cdaf78e 100755 --- a/aws/CouchbaseServerAndSyncGateway/deploy.sh +++ b/aws/CouchbaseServerAndSyncGateway/deploy.sh @@ -16,15 +16,17 @@ if [ -z "$REGION" ]; then fi Username="couchbase" Password="foo123!" -#KeyName="couchbase-${REGION}" -KeyName="ja-test-kp" +KeyName="couchbase-${REGION}" +#KeyName="ja-test-kp" SSHCIDR="0.0.0.0/0" ServerInstanceCount=$3 ServerVersion=$4 SyncGatewayInstanceCount=$5 SyncGatewayVersion=$6 VpcName=$(aws ec2 describe-vpcs --filter "Name=isDefault,Values=true" | jq -r '.Vpcs[].VpcId') +#VpcName=vpc-0c1cd329084365f10 SubnetId=$(aws ec2 describe-subnets --filter "Name=vpc-id,Values=${VpcName}" --max-items 1 --region "$REGION" | jq -r '.Subnets[].SubnetId') +#SubnetId=subnet-08476a90d895839b4 aws cloudformation create-stack \ diff --git a/aws/CouchbaseServerAndSyncGateway/embedded_gateway.sh b/aws/CouchbaseServerAndSyncGateway/embedded_gateway.sh index a806d80..33bddc4 100644 --- a/aws/CouchbaseServerAndSyncGateway/embedded_gateway.sh +++ b/aws/CouchbaseServerAndSyncGateway/embedded_gateway.sh @@ -11,14 +11,17 @@ yum install jq aws-cfn-bootstrap -q -y VERSION=$__SyncGatewayVersion__ # shellcheck disable=SC2154 stackName=$__AWSStackName__ +# shellcheck disable=SC2154 +SECRET=$__CouchbaseSecret__ + + resource="SyncGatewayAutoScalingGroup" region=$(ec2-metadata -z | cut -d " " -f 2 | sed 's/.$//') instanceId=$(ec2-metadata -i | cut -d " " -f 2) -USERNAME=$(aws ssm get-parameter --with-decryption --name "/${stackName}/cb_username" --region "$region" | jq -r '.Parameter.Value') -PASSWORD=$(aws ssm get-parameter --with-decryption --name "/${stackName}/cb_password" --region "$region" | jq -r '.Parameter.Value') - -resource="SyncGatewayAutoScalingGroup" +SECRET_VALUE=$(aws secretsmanager get-secret-value --secret-id "${SECRET}" --version-stage AWSCURRENT --region "$region" | jq -r .SecretString) +USERNAME=$(echo "$SECRET_VALUE" | jq -r .username) +PASSWORD=$(echo "$SECRET_VALUE" | jq -r .password) echo "Using the settings:" @@ -30,13 +33,17 @@ aws ec2 create-tags \ --resources "${instanceId}" \ --tags Key=Name,Value="${stackName}-SyncGateway" -CLUSTER_HOST=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname) +CLUSTER_HOST=$(curl -sf http://169.254.169.254/latest/meta-data/public-hostname) || CLUSTER_HOST=$(hostname) -# __SCRIPT_URL__ gets replaced during build +# https://github.com/couchbase-partners/marketplace-scripts/releases/download/v1.0.10/couchbase_installer.sh gets replaced during build if [[ ! -e "couchbase_installer.sh" ]]; then - curl -L --output "couchbase_installer.sh" "__SCRIPT_URL__" + curl -L --output "couchbase_installer.sh" "https://github.com/couchbase-partners/marketplace-scripts/releases/download/v1.0.10/couchbase_installer.sh" fi -bash ./couchbase_installer.sh -ch "$CLUSTER_HOST" -u "$USERNAME" -p "$PASSWORD" -v "$VERSION" -os AMAZON -e AWS -c -d -g -# calls back to AWS to signify that installation is complete and the stack can complete. -/opt/aws/bin/cfn-signal -e 0 --stack "$stackName" --resource "$resource" --region "$region" \ No newline at end of file +if bash ./couchbase_installer.sh -ch "$CLUSTER_HOST" -u "$USERNAME" -p "$PASSWORD" -v "$VERSION" -os AMAZON -e AWS -c -d -g; then + # Calls back to AWS to signify that installation is complete + /opt/aws/bin/cfn-signal -e 0 --stack "$stackName" --resource "$resource" --region "$region" +else + /opt/aws/bin/cfn-signal -e 1 --stack "$stackName" --resource "$resource" --region "$region" + exit 1 +fi diff --git a/aws/CouchbaseServerAndSyncGateway/embedded_server.sh b/aws/CouchbaseServerAndSyncGateway/embedded_server.sh index 9e133b5..4c930c1 100644 --- a/aws/CouchbaseServerAndSyncGateway/embedded_server.sh +++ b/aws/CouchbaseServerAndSyncGateway/embedded_server.sh @@ -11,15 +11,17 @@ yum install jq aws-cfn-bootstrap -y -q stackName=$__AWSStackName__ # shellcheck disable=SC2154 VERSION=$__ServerVersion__ - -resource="ServerAutoScalingGroup" +# shellcheck disable=SC2154 +SECRET=$__CouchbaseSecret__ region=$(ec2-metadata -z | cut -d " " -f 2 | sed 's/.$//') instanceId=$(ec2-metadata -i | cut -d " " -f 2) resource="ServerAutoScalingGroup" -USERNAME=$(aws ssm get-parameter --with-decryption --name "/${stackName}/cb_username" --region "$region" | jq -r '.Parameter.Value') -PASSWORD=$(aws ssm get-parameter --with-decryption --name "/${stackName}/cb_password" --region "$region" | jq -r '.Parameter.Value') + +SECRET_VALUE=$(aws secretsmanager get-secret-value --secret-id "${SECRET}" --version-stage AWSCURRENT --region "$region" | jq -r .SecretString) +USERNAME=$(echo "$SECRET_VALUE" | jq -r .username) +PASSWORD=$(echo "$SECRET_VALUE" | jq -r .password) rallyAutoscalingGroup=$(aws ec2 describe-instances \ @@ -32,10 +34,9 @@ rallyAutoscalingGroupInstanceIDs=$(aws autoscaling describe-auto-scaling-groups --query 'AutoScalingGroups[*].Instances[*].InstanceId' \ --auto-scaling-group-name "${rallyAutoscalingGroup}" \ | jq -r '.[] | .[]') - -rallyInstanceID=$(echo "${rallyAutoscalingGroupInstanceIDs}" | cut -d " " -f1) - -rallyAutoscalingGroupInstanceIDsArray=("$rallyAutoscalingGroupInstanceIDs") +# shellcheck disable=SC2206 +IFS=$'\n' rallyAutoscalingGroupInstanceIDsArray=($rallyAutoscalingGroupInstanceIDs) +rallyInstanceID=${rallyAutoscalingGroupInstanceIDsArray[0]} for i in "${rallyAutoscalingGroupInstanceIDsArray[@]}"; do tags=$(aws ec2 describe-tags --region "${region}" --filter "Name=tag:Name,Values=*Rally" "Name=resource-id,Values=$i") @@ -49,9 +50,16 @@ done rallyPublicDNS=$(aws ec2 describe-instances \ --region "${region}" \ --query 'Reservations[0].Instances[0].NetworkInterfaces[0].Association.PublicDnsName' \ - --instance-ids ${rallyInstanceID} \ + --instance-ids "${rallyInstanceID}" \ --output text) -nodePublicDNS=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname) +if [[ "$rallyPublicDNS" == "None" ]]; then + rallyPublicDNS=$(aws ec2 describe-instances \ + --region "${region}" \ + --query 'Reservations[0].Instances[0].NetworkInterfaces[0].PrivateDnsName' \ + --instance-ids "${rallyInstanceID}" \ + --output text) +fi +nodePublicDNS=$(curl -sf http://169.254.169.254/latest/meta-data/public-hostname) || nodePublicDNS=$(hostname) echo "Using the settings:" echo "rallyPublicDNS $rallyPublicDNS" echo "region $region" @@ -72,11 +80,15 @@ else fi CLUSTER_HOST=$rallyPublicDNS -# __SCRIPT_URL__ gets replaced during build +# https://github.com/couchbase-partners/marketplace-scripts/releases/download/v1.0.10/couchbase_installer.sh gets replaced during build if [[ ! -e "couchbase_installer.sh" ]]; then - curl -L --output "couchbase_installer.sh" "__SCRIPT_URL__" + curl -L --output "couchbase_installer.sh" "https://github.com/couchbase-partners/marketplace-scripts/releases/download/v1.0.10/couchbase_installer.sh" fi -bash ./couchbase_installer.sh -ch "$CLUSTER_HOST" -u "$USERNAME" -p "$PASSWORD" -v "$VERSION" -os AMAZON -e AWS -s -c -d -# Calls back to AWS to signify that installation is complete -/opt/aws/bin/cfn-signal -e 0 --stack "$stackName" --resource "$resource" --region "$region" \ No newline at end of file +if bash ./couchbase_installer.sh -ch "$CLUSTER_HOST" -u "$USERNAME" -p "$PASSWORD" -v "$VERSION" -os AMAZON -e AWS -s -c -d; then + # Calls back to AWS to signify that installation is complete + /opt/aws/bin/cfn-signal -e 0 --stack "$stackName" --resource "$resource" --region "$region" +else + /opt/aws/bin/cfn-signal -e 1 --stack "$stackName" --resource "$resource" --region "$region" + exit 1 +fi diff --git a/aws/CouchbaseSyncGateway/couchbase-amzn-lnx2.template b/aws/CouchbaseSyncGateway/couchbase-amzn-lnx2.template index f41b263..17b5e6f 100644 --- a/aws/CouchbaseSyncGateway/couchbase-amzn-lnx2.template +++ b/aws/CouchbaseSyncGateway/couchbase-amzn-lnx2.template @@ -1,6 +1,25 @@ { "AWSTemplateFormatVersion": "2010-09-09", "Description": "Couchbase Sync Gateway on Amazon Linux 2", + "Metadata": { + "AWS::CloudFormation::Interface": { + "ParameterGroups": [ + { + "Label": { "default": "Network Configuration/Access" }, + "Parameters": ["VpcName", "SubnetList", "SSHCIDR", "KeyName"] + }, + { + "Label": { "default": "Sync Gateway Configuration" }, + "Parameters": ["SyncGatewayInstanceCount", "SyncGatewayVersion", "SyncGatewayInstanceType", "Username", "Password"] + } + ], + "ParameterLabels": { + "SSHCIDR": { "default": "Access CIDR" }, + "Username": { "default": "Database Username"}, + "Password": { "default": "Database Password"} + } + } + }, "Mappings": {}, "Parameters": { "SyncGatewayInstanceCount": { @@ -97,49 +116,36 @@ } }, "Resources": { - "UsernameParameter": { - "Type": "AWS::SSM::Parameter", + "CouchbaseSecret": { + "Type": "AWS::SecretsManager::Secret", "Properties": { - "DataType": "text", - "Description": "Couchbase Admin Username", "Name": { "Fn::Join": [ "", [ - "/", { "Ref": "AWS::StackName" }, - "/cb_username" + "-CouchbaseSecret" ] ] }, - "Type": "String", - "Value": { - "Ref": "Username" - } - } - }, - "PasswordParameter": { - "Type": "AWS::SSM::Parameter", - "Properties": { - "DataType": "text", - "Description": "Couchbase Admin Password", - "Name": { + "Description": "Couchbase Admin Username/Password Secret", + "SecretString": { "Fn::Join": [ "", [ - "/", + "{\"username\": \"", { - "Ref": "AWS::StackName" + "Ref": "Username" }, - "/cb_password" + "\", \"password\":\"", + { + "Ref": "Password" + }, + "\"}" ] ] - }, - "Type": "String", - "Value": { - "Ref": "Password" } } }, @@ -180,8 +186,7 @@ } }, "DependsOn": [ - "UsernameParameter", - "PasswordParameter" + "CouchbaseSecret" ] }, "SyncGatewayLaunchTemplate": { @@ -237,8 +242,8 @@ "GatewayLoadBalancer": { "Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Properties": { - "AvailabilityZones": { - "Fn::GetAZs": "" + "Subnets": { + "Ref": "SubnetList" }, "CrossZone": true, "Listeners": [ @@ -309,7 +314,8 @@ "ec2:DescribeTags", "ec2:DescribeInstances", "autoscaling:DescribeAutoScalingGroups", - "ssm:GetParameter" + "ssm:GetParameter", + "secretsmanager:GetSecretValue" ], "Resource": [ "*" diff --git a/aws/CouchbaseSyncGateway/deploy.sh b/aws/CouchbaseSyncGateway/deploy.sh index b1f4ffb..0f8add5 100755 --- a/aws/CouchbaseSyncGateway/deploy.sh +++ b/aws/CouchbaseSyncGateway/deploy.sh @@ -27,7 +27,9 @@ SSHCIDR="0.0.0.0/0" SyncGatewayInstanceCount=$2 SyncGatewayVersion=$3 VpcName=$(aws ec2 describe-vpcs --filter "Name=isDefault,Values=true" | jq -r '.Vpcs[].VpcId') +#VpcName=vpc-0c1cd329084365f10 SubnetId=$(aws ec2 describe-subnets --filter "Name=vpc-id,Values=${VpcName}" --max-items 1 --region "$REGION" | jq -r '.Subnets[].SubnetId') +#SubnetId=subnet-08476a90d895839b4 aws cloudformation create-stack \ --capabilities CAPABILITY_IAM \ diff --git a/aws/CouchbaseSyncGateway/embedded_gateway.sh b/aws/CouchbaseSyncGateway/embedded_gateway.sh index 15c85c9..794500a 100644 --- a/aws/CouchbaseSyncGateway/embedded_gateway.sh +++ b/aws/CouchbaseSyncGateway/embedded_gateway.sh @@ -11,16 +11,17 @@ yum install jq aws-cfn-bootstrap -q -y VERSION=$__SyncGatewayVersion__ # shellcheck disable=SC2154 stackName=$__AWSStackName__ +# shellcheck disable=SC2154 +SECRET=$__CouchbaseSecret__ resource="SyncGatewayAutoScalingGroup" region=$(ec2-metadata -z | cut -d " " -f 2 | sed 's/.$//') instanceId=$(ec2-metadata -i | cut -d " " -f 2) -USERNAME=$(aws ssm get-parameter --with-decryption --name "/${stackName}/cb_username" --region "$region" | jq -r '.Parameter.Value') -PASSWORD=$(aws ssm get-parameter --with-decryption --name "/${stackName}/cb_password" --region "$region" | jq -r '.Parameter.Value') - - +SECRET_VALUE=$(aws secretsmanager get-secret-value --secret-id "${SECRET}" --version-stage AWSCURRENT --region "$region" | jq -r .SecretString) +USERNAME=$(echo "$SECRET_VALUE" | jq -r .username) +PASSWORD=$(echo "$SECRET_VALUE" | jq -r .password) echo "Using the settings:" echo "stackName '$stackName'" @@ -31,14 +32,17 @@ aws ec2 create-tags \ --resources "${instanceId}" \ --tags Key=Name,Value="${stackName}-SyncGateway" -CLUSTER_HOST=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname) +CLUSTER_HOST=$(curl -sf http://169.254.169.254/latest/meta-data/public-hostname) || CLUSTER_HOST=$(hostname) -# __SCRIPT_URL__ gets replaced during build +# https://github.com/couchbase-partners/marketplace-scripts/releases/download/v1.0.10/couchbase_installer.sh gets replaced during build if [[ ! -e "couchbase_installer.sh" ]]; then - curl -L --output "couchbase_installer.sh" "__SCRIPT_URL__" + curl -L --output "couchbase_installer.sh" "https://github.com/couchbase-partners/marketplace-scripts/releases/download/v1.0.10/couchbase_installer.sh" fi -bash ./couchbase_installer.sh -ch "$CLUSTER_HOST" -u "$USERNAME" -p "$PASSWORD" -v "$VERSION" -os AMAZON -e AWS -c -d -g - -# calls back to AWS to signify that installation is complete and the stack can complete. -/opt/aws/bin/cfn-signal -e 0 --stack "$stackName" --resource "$resource" --region "$region" \ No newline at end of file +if bash ./couchbase_installer.sh -ch "$CLUSTER_HOST" -u "$USERNAME" -p "$PASSWORD" -v "$VERSION" -os AMAZON -e AWS -c -d -g; then + # Calls back to AWS to signify that installation is complete + /opt/aws/bin/cfn-signal -e 0 --stack "$stackName" --resource "$resource" --region "$region" +else + /opt/aws/bin/cfn-signal -e 1 --stack "$stackName" --resource "$resource" --region "$region" + exit 1 +fi \ No newline at end of file diff --git a/script_url.txt b/script_url.txt index acd609d..6349682 100644 --- a/script_url.txt +++ b/script_url.txt @@ -1 +1 @@ -https://github.com/couchbase-partners/marketplace-scripts/releases/download/v1.0.9/couchbase_installer.sh \ No newline at end of file +https://github.com/couchbase-partners/marketplace-scripts/releases/download/v1.0.10/couchbase_installer.sh \ No newline at end of file