-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME.me
238 lines (204 loc) · 7.47 KB
/
README.me
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
AWS/Ansible/WordPress
Summary:
This project creates a Web Instance for WordPress setup. AWS Cloud Formation
template that accepts user inputs as parameters and uses Configuration Management
tool – Ansible to create the Web Instance and installs WordPress.
Top level details:
1. AWS Cloud Formation template attached below (YAML), deploys VPC,
two public subnets, internet gateway, security groups, Internet Gateway and
EC2 (t2.micro), routing and installs Amazon Linux Ami.- Region =US-east-1
2. User is asked to enter several parameters related to WordPress and MySQL
admin passwords etc. and the KeyName. The template uses default cider for VPC
and subnets but can be overwritten by the user.
3. User is also asked to enter the Access Key and SecretKey.
4. The Cloud Formation, once the infrastructure is setup uses the UserData
capability to install EPEL (package loader, other necessary software and
Ansible – Configuration management tool).
5. A github repository is cloned from Githib.com that contains WordPress
playbook.
6. Ansible executes the playbook wordpress.yml.
7. The playbook uses wordpress_stack.yml.j2 to call AWS cloud formation
to create an EC2 in Public subnet B.
8. Wordpress_stack template uses the EC2 UserData to load
– httpd24, php56, php-56-mysqlnd mysql-server and mysql and starts the service
mysqld and httpd. It uses wget to download wordpress latest release and
installs it. User provided passwords are configured for WordPress and Myql.
Note: there are several ways to use the combination of AWS and Configuration
Management tool like Ansible and we have chosen a simple way to make the
solution happen. Good part of Ansible is that it is agent-less.
The following Cloud Formation Template starts the AWS stack:
Once the EC2 in region us-east-ib has been created, you can copy the Public IP
address and use it a browser to access the WordPress demo site.
AWSTemplateFormatVersion: '2010-09-09'
Description: >-
This CF template creates a VPC, Subnet A and Subnet B - both public. It
creates all necessary routes and attaches Internet gateway. It creates an EC2
and UserData is used to execute rest of the commands. It loads package loader
epel followed by boto3 and Ansible. It clones an Ansible/Wordpress git
repository from Github. It uses Ansible to execute a play-book to create
an EC2 and download all necessary software to run Word-press blog.
Parameters:
vpccidr:
Type: String
MinLength: 9
MaxLength: 18
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/\\d{1,2}"
ConstraintDescription: Must be a valid CIDR in the form x.x.x.x/16
Default: 10.20.0.0/16
psharedacidr:
Type: String
MinLength: 9
MaxLength: 18
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
ConstraintDescription: Must be a valid CDR range in the form x.x.x.x/22
Default: 10.20.0.0/22
psharedbcidr:
Type: String
MinLength: 9
MaxLength: 18
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
ConstraintDescription: Must be a valid CDR range in the form x.x.x.x/22
Default: 10.20.4.0/22
mysqlrootpass:
Type: String
MinLength: 8
MaxLength: 16
NoEcho: 'true'
mysqlwordpress:
Type: String
MinLength: 8
MaxLength: 16
NoEcho: 'true'
wordpressadminpass:
Type: String
MinLength: 8
MaxLength: 16
NoEcho: 'true'
wordpressadminemail:
Type: String
wpinstancekey:
Type: AWS::EC2::KeyPair::KeyName
Description: SSH key pair to use for WP instance
ansibleinstancekey:
Type: AWS::EC2::KeyPair::KeyName
Description: SSH key pair to use for Ansible instance
accesskeyid:
Type: String
NoEcho: 'true'
secretaccesskey:
Type: String
NoEcho: 'true'
Resources:
VPC:
Type: "AWS::EC2::VPC"
Properties:
CidrBlock: !Ref vpccidr
IGW:
Type: "AWS::EC2::InternetGateway"
SG:
Type: "AWS::EC2::SecurityGroup"
Properties:
VpcId: !Ref VPC
GroupDescription: "Enable SSH access via port 22 and open port 80"
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
IpProtocol: tcp
ToPort: "80"
FromPort: "80"
- CidrIp: 0.0.0.0/0
IpProtocol: tcp
ToPort: "22"
FromPort: "22"
- CidrIp: 0.0.0.0/0
IpProtocol: tcp
ToPort: "443"
FromPort: "443"
EC2Instance01:
Type: "AWS::EC2::Instance"
DeletionPolicy: Delete
Properties:
ImageId: ami-1853ac65 # Amazon Linux 2017.09.1 hvm
InstanceType: t2.micro
KeyName: !Ref ansibleinstancekey
SecurityGroupIds:
- !Ref SG
Tags:
- Key: "Name"
Value: !Sub
- ${stack}-ansible-instance
- { stack: !Ref 'AWS::StackName'}
SubnetId: !Ref SubnetPublicSharedA
UserData:
"Fn::Base64":
!Sub |
#!/bin/bash
yum update -y
sudo yum-config-manager --enable epel
yum install git -y
pip install --upgrade pip
ln -sf /usr/local/bin/pip /usr/bin/pip
pip install awscli
pip install boto3
pip install ansible
ln -sf /usr/local/bin/ansible /usr/bin/ansible
ln -sf /usr/local/bin/ansible-playbook /usr/bin/ansible-playbook
git clone https://github.com/gdilawari/gansible.git
export AWS_DEFAULT_REGION=us-east-1
export AWS_ACCESS_KEY_ID=${accesskeyid}
export AWS_SECRET_ACCESS_KEY=${secretaccesskey}
ansible-playbook gansible/wordpress.yml -e "wordpress_mode=create" -e "master_stack_name=${AWS::StackName}" -e "application_stack_name=${AWS::StackName}-wordpress" -e "key_pair_name=${wpinstancekey}" -e "mysql_root_pass=${mysqlrootpass}" -e "mysql_wordpress_pass=${mysqlwordpress}" -e "wordpress_admin_pass=${wordpressadminpass}" -e "wordpress_admin_email=${wordpressadminemail}"
S3OneBucket:
DeletionPolicy: Retain
Type: "AWS::S3::Bucket"
Properties:
AccessControl: PublicRead
WebsiteConfiguration:
ErrorDocument: index.html
IndexDocument: index.html
GatewayAttach:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
InternetGatewayId: !Ref IGW
VpcId: !Ref VPC
SubnetPublicSharedA:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: !Select [0, !GetAZs ]
CidrBlock: !Ref psharedacidr
MapPublicIpOnLaunch: true
VpcId: !Ref VPC
SubnetPublicSharedB:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: !Select [1, !GetAZs ]
CidrBlock: !Ref psharedbcidr
MapPublicIpOnLaunch: true
VpcId: !Ref VPC
SubnetRouteTableAssociatePublicA:
Type: "AWS::EC2::SubnetRouteTableAssociation"
Properties:
RouteTableId: !Ref RouteTablePublic
SubnetId: !Ref SubnetPublicSharedA
SubnetRouteTableAssociatePublicB:
Type: "AWS::EC2::SubnetRouteTableAssociation"
Properties:
RouteTableId: !Ref RouteTablePublic
SubnetId: !Ref SubnetPublicSharedB
RouteDefaultPublic:
Type: "AWS::EC2::Route"
DependsOn: GatewayAttach
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref IGW
RouteTableId: !Ref RouteTablePublic
RouteTablePublic:
Type: "AWS::EC2::RouteTable"
Properties:
VpcId: !Ref VPC
Outputs:
vpcid:
Description: ID of Shared Infrastructure VPC
Value: !Ref VPC
publicroutetable:
Description: ID of Public Route Table
Value: !Ref RouteTablePublic