-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcrestron-vc4.yaml
310 lines (281 loc) · 8.88 KB
/
crestron-vc4.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
tosca_definitions_version: cloudify_dsl_1_3
description: Crestron VC4 instance running on AlmaLinux
imports:
- https://cloudify.co/spec/cloudify/6.3.0/types.yaml
- plugin:cloudify-aws-plugin
- plugin:cloudify-utilities-plugin
- plugin:cloudify-ansible-plugin
inputs:
crestron_user:
type: string
display_label: Crestron Username
default: { get_secret: crestron_username }
crestron_password:
type: string
display_label: Crestron Password
default: { get_secret: crestron_password }
mariadb_password:
type: string
display_label: MariaDB Password
default: m4ri4dbp4ssw0rd
force_install:
type: string
display_label: Force Install
default: "n"
constraints:
- valid_values:
- "y"
- "n"
aws_region:
type: string
display_label: AWS Region
description: The AWS region to create the Crestron instance in
default: us-west-1
constraints:
- valid_values:
- us-east-1
- us-east-2
- us-west-1
- us-west-2
- eu-central-1
- eu-west-1
- eu-west-2
- eu-south-1
- eu-west-3
- eu-north-1
- af-south-1
- ap-east-1
- ap-south-1
- ap-northeast-3
- ap-northeast-2
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
- ca-central-1
- cn-north-1
- cn-northwest-1
- me-south-1
- sa-east-1
customer_name:
type: string
display_label: Customer Name
description: The name of the customer. Used to tag resources in AWS.
default: Acme
vpc_id:
type: string
display_label: VPC ID
description: Resource ID of VPC to be used
subnet_id:
type: string
display_label: Subnet ID
description: Subnet to deploy VC4 instance into
ssh_ips:
type: list
display_label: SSH IPs
description: List of allowed IPs for SSH
default:
- CidrIp: { concat: [ { get_secret: cloudify_manager_ip }, "/32" ] }
instance_type:
type: string
display_label: Instance Size
description: Instance size to deploy
default: t3.small
constraints:
- valid_values:
- t3.micro
- t3.small
- t3.medium
- t3.large
image_id:
type: dict
description: >
Map between region and AMI. Used to select the correct AMI based on
the selected region.
default:
us-east-1: ami-003d8719443bc8563
us-east-2: ami-0dac8ade8debb62ba
us-west-1: ami-02440b38a1406df17
us-west-2: ami-0334a3530c40996b7
eu-central-1: ami-0a0729878afb31258
eu-west-1: ami-020b40a8bc5b0f17a
eu-west-2: ami-0a338a615b4e4bc6e
# eu-south-1: region not yet activated
eu-west-3: ami-0fd561dcb9025ba8d
eu-north-1: ami-07c6f1f2138539768
# af-south-1: region not yet activated
# ap-east-1: region not yet activated
ap-south-1: ami-0bbc3b28478856d25
ap-northeast-3: ami-06542dce5738733d4
ap-northeast-2: ami-035656c419b0b8282
ap-southeast-1: ami-0e7b58f112f3eae18
ap-southeast-2: ami-0d6af43594155c6e2
ap-northeast-1: ami-0c5d53e63e1c52d11
ca-central-1: ami-038e7ba51f446819d
# me-south-1: region not yet activated
sa-east-1: ami-0173e73d98e0cb7ce
hidden: true
ami_id:
type: string
display_label: AMI ID
description: >
The AMI ID to use for the server deployment. Defaults to the
AlmaLinux OS 8.6.20220513 image for the selected region.
default: { get_input: [ image_id, { get_input: aws_region } ] }
dsl_definitions:
client_config: &client_config
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region }
node_templates:
ssh_key:
type: cloudify.keys.nodes.RSAKey
properties:
resource_config:
key_name: { concat: [ { get_input: customer_name }, "-vc4-key"] }
openssh_format: true
use_secret_store: true
use_secrets_if_exist: true
interfaces:
cloudify.interfaces.lifecycle:
create:
implementation: keys.cloudify_ssh_key.operations.create
inputs:
store_private_key_material: true
ec2_keypair:
type: cloudify.nodes.aws.ec2.Keypair
properties:
client_config: *client_config
resource_config:
KeyName: { concat: [ { get_input: customer_name }, "-vc4-key" ] }
PublicKeyMaterial: { get_attribute: [ ssh_key, public_key_export ] }
relationships:
- type: cloudify.relationships.depends_on
target: ssh_key
vc4_security_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
client_config: *client_config
resource_config:
GroupName: { concat: [ { get_input: customer_name }, "-vc4-server"] }
Description: VC4 Server security group
VpcId: { get_input: vpc_id }
Tags:
- Key: Name
Value: { concat: [ { get_input: customer_name }, "-vc4-server"] }
vc4_ingress_rules:
type: cloudify.nodes.aws.ec2.SecurityGroupRuleIngress
properties:
client_config: *client_config
resource_config:
kwargs:
IpPermissions:
- IpProtocol: icmp
FromPort: -1
ToPort: -1
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
IpRanges: { get_input: ssh_ips }
- IpProtocol: tcp
FromPort: 5671
ToPort: 5671
IpRanges: { get_input: ssh_ips }
- IpProtocol: tcp
FromPort: 53333
ToPort: 53333
IpRanges: { get_input: ssh_ips }
relationships:
- type: cloudify.relationships.contained_in
target: vc4_security_group
vc4_nic:
type: cloudify.nodes.aws.ec2.Interface
properties:
client_config: *client_config
resource_config:
kwargs:
Description: { concat: [ { get_input: customer_name }, "-vc4-nic"] }
SubnetId: { get_input: subnet_id }
Groups:
- { get_attribute: [ vc4_security_group, aws_resource_id ] }
relationships:
- type: cloudify.relationships.depends_on
target: vc4_security_group
cloud_init:
type: cloudify.nodes.CloudInit.CloudConfig
properties:
resource_config:
ssh_deletekeys: false
users:
- name: vc4admin
gcos: VC-4 Admin
shell: /bin/bash
sudo: ALL=(ALL) NOPASSWD:ALL
ssh-authorized-keys:
- { get_attribute: [ssh_key, public_key_export] }
primary_group: admins
groups: users, admin, webadmins
packages:
- unzip
final_message: "WOOOOOOOOOOOOOOOO - all done nerds!!"
relationships:
- type: cloudify.relationships.depends_on
target: ssh_key
vc4_server:
type: cloudify.nodes.aws.ec2.Instances
properties:
client_config: *client_config
agent_config:
install_method: none
user: vc4admin
key: { get_attribute: [ ssh_key, private_key_export ] }
# network: external
# extra:
# distro: centos
# distro_codename: 8
resource_config:
InstanceType: { get_input: instance_type }
ImageId: { get_input: ami_id }
kwargs:
KeyName: { concat: [ { get_input: customer_name }, "-vc4-key" ] }
UserData: { get_attribute: [cloud_init, cloud_config] }
use_public_ip: true
Tags:
- Key: Name
Value: { concat: [ { get_input: customer_name }, "-vc4-instance"] }
relationships:
- type: cloudify.relationships.depends_on
target: ec2_keypair
- type: cloudify.relationships.depends_on
target: vc4_nic
- type: cloudify.relationships.depends_on
target: cloud_init
vc4_application:
type: cloudify.nodes.Root
interfaces:
cloudify.interfaces.lifecycle:
start:
implementation: ansible.cloudify_ansible.tasks.run
inputs:
site_yaml_path: crestron-vc4/vc-4-master/installvc4.yml
sources: { get_attribute: [ SELF, sources ] }
galaxy_collections:
- community.mysql
- ansible.posix
run_data:
crestron_user: { get_input: crestron_user }
crestron_password: { get_input: crestron_password }
mariadb_password: { get_input: mariadb_password }
force_install: { get_input: force_install }
sensitive_keys:
- crestron_password
- mariadb_password
relationships:
- type: cloudify.ansible.relationships.connected_to_host
target: vc4_server
capabilities:
ami_id:
value: { get_input: ami_id }
server_ip:
value: { get_attribute: [ vc4_server, public_ip_address ] }