Skip to content

Instantly share code, notes, and snippets.

@ibejohn818

ibejohn818/infra.py

Last active December 31, 2017 22:19
Show Gist options
  • Save ibejohn818/7d2ef5863669e2363e99704bb89aec44 to your computer and use it in GitHub Desktop.
Save ibejohn818/7d2ef5863669e2363e99704bb89aec44 to your computer and use it in GitHub Desktop.
Download ZIP
proto-infras
Raw
infra.py
import stackformation
from stackformation import BotoSession, Infra
from stackformation.aws.stacks import ( iam, vpc, ec2,
ebs, s3, eip, elb, sns,
logs, alarms, asg, codedeploy
)
from stackformation.aws import Ami
from stackformation.aws import user_data
def common_stacks(infra):
# VPC
vpc_stack = infra.add_stack(vpc.VPCStack(num_azs=3))
# VPC Security Groups
ssh_sg = vpc_stack.add_security_group(vpc.SSHSecurityGroup())
web_sg = vpc_stack.add_security_group(vpc.WebSecurityGroup())
self_sg = vpc_stack.add_security_group(vpc.SelfReferenceSecurityGroup())
# IAM
iam_stack = infra.add_stack(iam.IAMStack())
# Instance Profiles
web_profile = iam_stack.add_role(iam.EC2Profile("WebProfile"))
web_profile.add_policy(iam.EC2FullAccess())
web_profile.add_policy(iam.ELBFullAccess())
web_profile.add_policy(iam.CloudWatchLogs())
# S3 stack
s3_stack = infra.add_stack(s3.S3Stack("test"))
# Bucket
test_bucket = s3_stack.add_bucket(s3.S3Bucket("jchtest"))
web_profile.add_policy(iam.S3ReadBucketAccess(test_bucket))
# Logs stack
log_stack = infra.add_stack(logs.LogStack("Web"))
# php log group
log_stack.add_group(logs.LogGroup('PHP'))
alarm_stack = infra.add_stack(alarms.AlarmStack())
alarm_stack.add_topic(sns_stack)
def prod_stacks(ubuntu_ami, aws_ami):
prod_infra = infra.create_sub_infra("prod")
prod_infra.add_vars({
'InputWebEC2TagName': "WebServer",
'InputWeb2ASGTagName': "WebServer",
'InputWeb2ASGInstanceType': "t2.small",
'InputWebEC2RootDeviceSize': "50",
'InputWebLogRetentionPeriodDays': 14,
})
common_stacks(prod_infra)
eip_stack = prod_infra.add_stack(eip.EIPStack())
vpc_stack = prod_infra.find_stack(vpc.VPCStack)
vpc_stack.base_cidr = "10.10"
web_sg = vpc_stack.find_security_group(vpc.WebSecurityGroup)
ssh_sg = vpc_stack.find_security_group(vpc.SSHSecurityGroup)
self_sg = vpc_stack.find_security_group(vpc.SelfReferenceSecurityGroup)
web_ip = eip_stack.add_ip("WebServer")
iam_stack = prod_infra.find_stack(iam.IAMStack)
cd_role = iam_stack.add_role(iam.CodeDeployRole("CodeDeploy"))
cd_role.add_policy(iam.CodeDeployPolicy())
web_profile = iam_stack.find_role(iam.EC2Profile)
cd_stack = prod_infra.add_stack(codedeploy.CodeDeployStack("Web", cd_role))
cd_app = cd_stack.add_app(codedeploy.App("Web"))
elb_stack = prod_infra.add_stack(elb.ELBStack("WebStack", vpc_stack))
elb_stack.add_security_group(web_sg)
asg_stack = asg.ASGStack("Web2", vpc_stack, web_profile)
asg_stack.add_security_group(web_sg)
asg_stack.add_security_group(ssh_sg)
asg_stack.add_security_group(self_sg)
asg_stack.keyname = 'jch'
# asg_stack.set_ami(aws_ami)
asg_stack.set_ami(ubuntu_ami)
asg_stack.add_elb(elb_stack)
prod_infra.add_stack(asg_stack)
ec2_stack = prod_infra.add_stack(ec2.EC2Stack("Web", vpc_stack, web_profile))
ec2_stack.set_ami(aws_ami)
ec2_stack.add_security_group(web_sg)
ec2_stack.add_security_group(ssh_sg)
cd_app.add_target(asg_stack)
alarm_stack = prod_infra.find_stack(alarms.AlarmStack)
alarm_stack.add_alarm(alarms.ELBHealthyHostsAlarm(elb_stack))
alarm_stack.add_alarm(alarms.EC2InstanceFailAlarm(ec2_stack))
alarm_stack.add_alarm(alarms.EC2HighCpuAlarm(ec2_stack))
return prod_infra
def dev_stacks():
dev_infra = infra.create_sub_infra("dev")
dev_infra.add_vars({
'InputWebStackEC2TagName': "WebDev",
'InputWebStackEC2InstanceType': "t2.medium",
'InputWebStackEC2RootDeviceSize': "50",
'InputWebEBSDeviceName': "/dev/xvdb",
'InputNFSEBSDeviceName': "/dev/xvdc",
'InputWebLogRetentionPeriodDays': 14,
})
common_stacks(dev_infra)
vpc_stack = dev_infra.find_stack(vpc.VPCStack)
vpc_stack.base_cidr = "10.50"
web_sg = vpc_stack.find_security_group(vpc.WebSecurityGroup)
ssh_sg = vpc_stack.find_security_group(vpc.SSHSecurityGroup)
self_sg = vpc_stack.find_security_group(vpc.SelfReferenceSecurityGroup)
iam_stack = dev_infra.find_stack(iam.IAMStack)
web_profile = iam_stack.find_role(iam.EC2Profile)
ebs_stack = dev_infra.add_stack(ebs.EBSStack("Vols", vpc_stack))
web_vol = ebs_stack.add_volume(ebs.EBSVolume('Web', 100))
nfs_vol = ebs_stack.add_volume(ebs.EBSVolume('NFS', 350))
ec2_stack = dev_infra.add_stack(ec2.EC2Stack("WebStack", vpc_stack, web_profile))
ec2_stack.keypair("jch")
ec2_stack.set_ami(aws_ami)
ec2_stack.add_volume(web_vol)
ec2_stack.add_volume(nfs_vol)
ec2_stack.add_user_data(user_data.MountEBS(web_vol, "/mnt/web"))
ec2_stack.add_user_data(user_data.MountEBS(nfs_vol, "/mnt/nfs"))
ec2_stack.add_security_group(ssh_sg)
alarm_stack = dev_infra.find_stack(alarms.AlarmStack)
alarm_stack.add_alarm(alarms.EC2InstanceFailAlarm(ec2_stack))
alarm_stack.add_alarm(alarms.EC2HighCpuAlarm(ec2_stack))
return dev_infra
def web_ami():
img = Ami("WebAwsLinux")
img.add_role('users', {}, 100)
img.add_role('sudo-nopw', {}, 50)
return img
def ubuntu_ami():
img = Ami("WebUbuntu", 'ubuntu')
img.add_role('sudo-nopw', {}, 50)
img.add_role('docker', {}, 70)
img.add_role('nginx', {}, 80)
img.add_role('users', {}, 100)
img.add_role('webubuntu', {}, 150)
return img
# boto connection
session = BotoSession(region_name='us-east-2')
# top level infra
infra = Infra("Jch", session)
# set ansible dir location
Ami.ANSIBLE_DIR="/home/jhardy/projects/johnchardy.com/sitev3/devops/ansible"
# Ami.ANSIBLE_ROLES = [
# '/home/jhardy/projects/johnchardy.com/ansible-roles/docker'
# ]
infra.add_vars({
'InputJhardySNSEmailAddress': '[email protected]'
})
ubuntu_ami = infra.add_image(ubuntu_ami())
aws_ami = infra.add_image(web_ami())
# ubuntu_ami.get_base_ami()
# top level sns topic
sns_stack = infra.add_stack(sns.SNSTopicStack("AlarmNotifications"))
# topic subscriptions
## slack subscription
slack_sub = sns_stack.add_subscription(sns.SlackSubscription("AwsAlarms"))
## email subscription
jhardy_sub = sns_stack.add_subscription(sns.EmailSubscription('Jhardy'))
# sub-infras
## prod
prod_infra = prod_stacks(ubuntu_ami, aws_ami)
## dev
dev_infra = dev_stacks()
Raw
stacks.py
from stackformation import (Infra, BotoSession)
from stackformation.aws import (Ami)
from stackformation.aws.stacks import (ec2, iam, asg, elb, ebs,
logs, s3, sns, alarms,
vpc, eip)
def ec2_web(infra, stacks, amis):
if infra.get_prefix() == "Prod":
return
ami = Ami("{}Web".format(infra.get_prefix()), "ubuntu")
ami.add_role("sudo-nopw", {}, 50)
ami.add_role("users", {}, 100)
amis.update({"{}Web".format(infra.get_prefix()): ami})
ec2_profile = stacks['iam'].add_role(iam.EC2AdminProfile("EC2Admin"))
web_node = infra.add_stack(ec2.EC2Stack("{}Web".format(infra.get_prefix()), stacks['vpc'], ec2_profile))
web_node.set_ami(ami)
infra.add_vars({
'Input{}WebEC2TagName'.format(infra.get_prefix()):
'{}Web'.format(infra.get_prefix()),
'Input{}WebEC2RootDeviceSize'.format(infra.get_prefix()):
'100'
})
def create_infra(infra, level, cidr, slack_topic):
infra = infra.create_sub_infra(level)
vpc_stack = infra.add_stack(vpc.VPCStack())
vpc_stack.base_cidr = cidr
stacks = {
"vpc": vpc_stack,
"iam": infra.add_stack(iam.IAMStack()),
"s3": infra.add_stack(s3.S3Stack("Buckets")),
"eip": infra.add_stack(eip.EIPStack("Addrs"))
}
amis = {}
buckets = {}
lgs = {}
ec2_web(infra, stacks, amis)
for k, v in amis.items():
infra.add_image(v)
return infra, stacks
session = BotoSession(region_name='us-east-2')
infra = Infra("Acme", session)
sns_stack = infra.add_stack(sns.SNSTopicStack("AlarmNotifications"))
slack_topic = sns_stack.add_subscription(sns.SlackSubscription("AwsAlarms"))
levels = ["Staging", "Prod"]
stacks = {}
staging, staging_stacks = create_infra(infra, "Staging", "10.100", slack_topic)
dev, dev_stacks = create_infra(infra, "Dev", "10.110", slack_topic)
prod, prod_stacks = create_infra(infra, "Prod", "10.120", slack_topic)
Ami.ANSIBLE_DIR="/home/jhardy/projects/johnchardy.com/sitev3/devops/ansible"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment