Created
November 5, 2012 04:57
-
-
Save rah/4015424 to your computer and use it in GitHub Desktop.
Example Ubuntu 12.04 GateOne CloudFormation Template for Amazon AWS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion" : "2010-09-09", | |
| "Description" : "GateOne instance on Ubuntu 12.04 to support web based SSH access", | |
| "Parameters" : { | |
| "KeyName" : { | |
| "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance", | |
| "Type" : "String", | |
| "MinLength": "1", | |
| "MaxLength": "64", | |
| "Default" : "aws-key", | |
| "AllowedPattern" : "[-_ a-zA-Z0-9]*", | |
| "ConstraintDescription" : "can contain only alphanumeric characters, spaces, dashes and underscores." | |
| }, | |
| "ImageId" : { | |
| "Description" : "EC2 image id - Must be a Ubuntu 12.04 - Current default is for Singapore region", | |
| "Type" : "String", | |
| "Default" : "ami-e88acaba" | |
| }, | |
| "InstanceType" : { | |
| "Description" : "EC2 instance type", | |
| "Type" : "String", | |
| "Default" : "t1.micro", | |
| "AllowedValues" : [ "t1.micro","m1.small","m1.medium","m1.large","m1.xlarge","m2.xlarge","m2.2xlarge","m2.4xlarge","c1.medium","c1.xlarge","cc1.4xlarge","cc2.8xlarge","cg1.4xlarge"], | |
| "ConstraintDescription" : "must be a valid EC2 instance type." | |
| }, | |
| "HTTPSAccess" : { | |
| "Description" : "Lockdown HTTPS access to the GateOne Server (default from anywhere)", | |
| "Type" : "String", | |
| "MinLength": "9", | |
| "MaxLength": "18", | |
| "Default" : "0.0.0.0/0", | |
| "AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
| "ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x." | |
| }, | |
| "GateOneUser": { | |
| "Description" : "The GateOne account username for authentication by the webserver", | |
| "Type": "String", | |
| "MinLength": "1", | |
| "MaxLength": "16", | |
| "AllowedPattern" : "[a-zA-Z][a-zA-Z0-9]*", | |
| "ConstraintDescription" : "must begin with a letter and contain only alphanumeric characters." | |
| }, | |
| "GateOnePassword": { | |
| "NoEcho": "true", | |
| "Description" : "The GateOne account password", | |
| "Type": "String", | |
| "MinLength": "1", | |
| "MaxLength": "41", | |
| "AllowedPattern" : "[a-zA-Z0-9]*", | |
| "ConstraintDescription" : "must contain only alphanumeric characters." | |
| } | |
| }, | |
| "Resources" : { | |
| "GateOneEIP" : { | |
| "Type" : "AWS::EC2::EIP" | |
| }, | |
| "GateOneSecurityGroup" : { | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "GroupDescription" : "Enable access to the GateOne Server", | |
| "SecurityGroupIngress" : [ | |
| { "IpProtocol" : "tcp", "FromPort" : "443", "ToPort" : "443", "CidrIp" : { "Ref" : "HTTPSAccess" } } , | |
| { "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0" } ] | |
| } | |
| }, | |
| "GateOneServer" : { | |
| "Type" : "AWS::EC2::Instance", | |
| "Properties" : { | |
| "InstanceType" : { "Ref" : "InstanceType" }, | |
| "KeyName" : { "Ref" : "KeyName" }, | |
| "ImageId" : { "Ref" : "ImageId" }, | |
| "SecurityGroupIds" : [{ "Ref" : "GateOneSecurityGroup" }], | |
| "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ | |
| "#!/bin/bash -v\n", | |
| "# Install dependencies for gateone\n", | |
| "export DEBIAN_FRONTEND=noninteractive\n", | |
| "apt-get update\n", | |
| "apt-get install -y python-support\n", | |
| "# install python tornado from liftoff\n", | |
| "wget https://github.com/liftoff/GateOne/downloads/python-tornado_2.4-1_all.deb\n", | |
| "dpkg -i python-tornado_2.4-1_all.deb\n", | |
| "# install GateOne from github\n", | |
| "wget https://github.com/liftoff/GateOne/downloads/gateone_1.1-1_all.deb\n", | |
| "dpkg -i gateone_1.1-1_all.deb\n", | |
| "# create user and passwd\n", | |
| "adduser ", { "Ref" : "GateOneUser" }, "\n", | |
| "echo ", { "Ref" : "GateOneUser" }, ":", { "Ref" : "GateOnePassword" }, " | chpasswd\n", | |
| "# Start and stop the service to auto generate config files\n", | |
| "service gateone start\n", | |
| "sleep 5\n", | |
| "# Modify the configuration for auth and origins\n", | |
| "mv /opt/gateone/server.conf /opt/gateone/server.bak\n", | |
| "sed -e 's|auth = \"none\"|auth = \"pam\"|' /opt/gateone/server.bak > /opt/gateone/server.1\n", | |
| "sed -e 's|origins = \"|origins = \"https:\/\/", { "Ref" : "GateOneEIP" }, ";|' /opt/gateone/server.1 > /opt/gateone/server.2\n", | |
| "mv /opt/gateone/server.2 /opt/gateone/server.conf\n", | |
| "rm /opt/gateone/server.1\n", | |
| "# Start service on boot\n", | |
| "update-rc.d gateone defaults\n", | |
| "# Restart the service\n", | |
| "service gateone restart\n", "'\n" | |
| ]]}} | |
| } | |
| }, | |
| "IPAssoc" : { | |
| "Type" : "AWS::EC2::EIPAssociation", | |
| "Properties" : { | |
| "InstanceId" : { "Ref" : "GateOneServer" }, | |
| "EIP" : { "Ref" : "GateOneEIP" } | |
| } | |
| } | |
| }, | |
| "Outputs" : { | |
| "GateOneIPAddress" : { | |
| "Description" : "IP Address of the GateOne server", | |
| "Value" : { "Ref" : "GateOneEIP" } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment