Skip to content

Instantly share code, notes, and snippets.

@arowla

arowla/aws_cloudformation_puppet_template

Created February 21, 2014 22:16
Show Gist options
  • Save arowla/9144769 to your computer and use it in GitHub Desktop.
Save arowla/9144769 to your computer and use it in GitHub Desktop.
Download ZIP
AWS CloudFormation Puppet Master bootstrapping script, as found in https://s3.amazonaws.com/cloudformation-examples/IntegratingAWSCloudFormationWithPuppet.pdf
Raw
aws_cloudformation_puppet_template
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Sample template to bring up Puppet Master instance that can be used to bootstrap and manage Puppet Clients. The Puppet Master is populated from an embedded template that defines the set of applications to load. **WARNING** This template creates one or more Amazon EC2 instances. You will be billed for the AWS resources used if you create a stack from this template.",
"Parameters": {
"InstanceType": {
"Description": "EC2 instance type for PuppetMaster",
"Type": "String",
"Default": "t1.micro",
"AllowedValues": [
"t1.micro",
"m1.small",
"m1.large",
"m1.xlarge",
"m2.xlarge",
"m2.2xlarge",
"m2.4xlarge",
"c1.medium",
"c1.xlarge",
"cc1.4xlarge"
],
"ConstraintDescription": "must contain only alphanumeric characters."
},
"KeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the PuppetMaster",
"Type": "String"
},
"ContentManifest": {
"Default": "/wordpress/: { include wordpress }",
"Description": "Manifest of roles to add to nodes.pp",
"Type": "String"
},
"ContentLocation": {
"Default": "https://s3.amazonaws.com/cloudformation-examples/wordpress-puppet-config.tar.gz",
"Description": "Location of package (Zip, GZIP or Git repository URL) that includes the PuppetMaster content",
"Type": "String"
}
},
"Mappings": {
"AWSInstanceType2Arch": {
"t1.micro": {
"Arch": "32"
},
"m1.small": {
"Arch": "32"
},
"m1.large": {
"Arch": "64"
},
"m1.xlarge": {
"Arch": "64"
},
"m2.xlarge": {
"Arch": "64"
},
"m2.2xlarge": {
"Arch": "64"
},
"m2.4xlarge": {
"Arch": "64"
},
"c1.medium": {
"Arch": "32"
},
"c1.xlarge": {
"Arch": "64"
},
"cc1.4xlarge": {
"Arch": "64"
}
},
"AWSRegionArch2AMI": {
"us-east-1": {
"32": "ami-7f418316",
"64": "ami-7341831a"
},
"us-west-1": {
"32": "ami-951945d0",
"64": "ami-971945d2"
},
"eu-west-1": {
"32": "ami-24506250",
"64": "ami-20506254"
},
"ap-southeast-1": {
"32": "ami-74dda626",
"64": "ami-7edda62c"
},
"ap-northeast-1": {
"32": "ami-dcfa4edd",
"64": "ami-e8fa4ee9"
}
}
},
"Resources": {
"CFNInitUser": {
"Type": "AWS::IAM::User",
"Properties": {
"Policies": [
{
"PolicyName": "AccessForCFNInit",
"PolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Action": "cloudformation:DescribeStackResource",
"Resource": "*"
}
]
}
}
]
}
},
"CFNKeys": {
"Type": "AWS::IAM::AccessKey",
"Properties": {
"UserName": {
"Ref": "CFNInitUser"
}
}
},
"PuppetMasterInstance": {
"Type": "AWS::EC2::Instance",
"Metadata": {
"AWS::CloudFormation::Init": {
"config": {
"packages": {
"yum": {
"puppet": [],
"puppet-server": [],
"ruby-devel": [],
"gcc": [],
"make": [],
"rubygems": []
},
"rubygems": {
"json": []
}
},
"sources": {
"/etc/puppet": {
"Ref": "ContentLocation"
}
},
"files": {
"/etc/yum.repos.d/epel.repo": {
"source": "https://s3.amazonaws.com/cloudformation-examples/enable-epel-on-amazon-linux-ami",
"mode": "000644",
"owner": "root",
"group": "root"
},
"/etc/puppet/autosign.conf": {
"content": "*.internal\n",
"mode": "100644",
"owner": "root",
"group": "wheel"
},
"/etc/puppet/fileserver.conf": {
"content": "[modules]\n allow *.internal\n",
"mode": "100644",
"owner": "root",
"group": "wheel"
},
"/etc/puppet/puppet.conf": {
"content": {
"Fn::Join": [
"",
[
"[main]\n",
" logdir=/var/log/puppet\n",
" rundir=/var/run/puppet\n",
" ssldir=$vardir/ssl\n",
" pluginsync=true\n",
"[agent]\n",
" classfile=$vardir/classes.txt\n",
" localconfig=$vardir/localconfig\n"
]
]
},
"mode": "000644",
"owner": "root",
"group": "root"
},
"/etc/puppet/modules/cfn/manifests/init.pp": {
"content": "class cfn {}",
"mode": "100644",
"owner": "root",
"group": "wheel"
},
"/etc/puppet/modules/cfn/lib/facter/cfn.rb": {
"source": "https://s3.amazonaws.com/cloudformation-examples/cfn-facter-plugin.rb",
"mode": "100644",
"owner": "root",
"group": "wheel"
},
"/etc/puppet/manifests/nodes.pp": {
"content": {
"Fn::Join": [
"",
[
"node basenode {\n",
" include cfn\n",
"}\n",
"node /^.*internal$/ inherits basenode {\n",
" case $cfn_roles {\n",
" ",
{
"Ref": "ContentManifest"
},
"\n",
" }\n",
"}\n"
]
]
},
"mode": "100644",
"owner": "root",
"group": "wheel"
},
"/etc/puppet/manifests/site.pp": {
"content": "import \"nodes\"\n",
"mode": "100644",
"owner": "root",
"group": "wheel"
}
},
"services": {
"sysvinit": {
"puppetmaster": {
"enabled": "true",
"ensureRunning": "true"
}
}
}
}
}
},
"Properties": {
"InstanceType": {
"Ref": "InstanceType"
},
"SecurityGroups": [
{
"Ref": "PuppetGroup"
}
],
"ImageId": {
"Fn::FindInMap": [
"AWSRegionArch2AMI",
{
"Ref": "AWS::Region"
},
{
"Fn::FindInMap": [
"AWSInstanceType2Arch",
{
"Ref": "InstanceType"
},
"Arch"
]
}
]
},
"KeyName": {
"Ref": "KeyName"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash\n",
"/opt/aws/bin/cfn-init --region ",
{
"Ref": "AWS::Region"
},
" -s ",
{
"Ref": "AWS::StackName"
},
" -r PuppetMasterInstance ",
" --access-key ",
{
"Ref": "CFNKeys"
},
" --secret-key ",
{
"Fn::GetAtt": [
"CFNKeys",
"SecretAccessKey"
]
},
"\n",
"/opt/aws/bin/cfn-signal -e $? '",
{
"Ref": "PuppetMasterWaitHandle"
},
"'\n"
]
]
}
}
}
},
"EC2SecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Group for clients to communicate with Puppet Master"
}
},
"PuppetGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Group for puppet communication",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "8140",
"ToPort": "8140",
"SourceSecurityGroupName": {
"Ref": "EC2SecurityGroup"
}
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"PuppetMasterWaitHandle": {
"Type": "AWS::CloudFormation::WaitConditionHandle"
},
"PuppetMasterWaitCondition": {
"Type": "AWS::CloudFormation::WaitCondition",
"DependsOn": "PuppetMasterInstance",
"Properties": {
"Handle": {
"Ref": "PuppetMasterWaitHandle"
},
"Timeout": "600"
}
}
},
"Outputs": {
"PuppetMasterDNSName": {
"Value": {
"Fn::GetAtt": [
"PuppetMasterInstance",
"PrivateDnsName"
]
},
"Description": "DNS Name of PuppetMaster"
},
"PuppetClientSecurityGroup": {
"Value": {
"Ref": "EC2SecurityGroup"
},
"Description": "Clients of the Puppet Master should be part of this security group"
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment