Skip to content

Commit

Permalink
Merge e5b2f9a into e04c461
Browse files Browse the repository at this point in the history
  • Loading branch information
@rstorey
rstorey committed Mar 11, 2019
2 parents e04c461 + e5b2f9a commit e039a74
Show file tree
Hide file tree
Showing 4 changed files with 91 additions and 83 deletions.
93 changes: 47 additions & 46 deletions cloudformation/infrastructure/bastion-hosts.yaml
View file
@@ -1,16 +1,14 @@
Description:
This template deploys a bastion host in each of the public subnets.
Description: This template deploys a bastion host in each of the public subnets.

Parameters:

EnvironmentName:
Description: An environment name that will be prefixed to resource names
Type: String
AllowedValues:
- dev
- test
- stage
- prod
- dev
- test
- stage
- prod

KeyPairName:
Description: key pair (within this region) for ECS instances access
Expand Down Expand Up @@ -53,16 +51,15 @@ Mappings:
prod: sg-066c68e77787b2a10

Resources:

Bastion1:
Type: AWS::EC2::Instance
Properties:
ImageId:
Fn::FindInMap:
- AWSRegionToAMI
- Ref: "AWS::Region"
- "AMI"
InstanceType: "t1.micro"
- AWSRegionToAMI
- Ref: 'AWS::Region'
- 'AMI'
InstanceType: 't1.micro'
IamInstanceProfile:
Fn::FindInMap:
- EnvironmentMapping
Expand All @@ -72,25 +69,27 @@ Resources:
Ref: KeyPairName
NetworkInterfaces:
- AssociatePublicIpAddress: true
DeviceIndex: "0"
DeviceIndex: '0'
GroupSet:
- Fn::FindInMap:
- EnvironmentMapping
- BastionHostsSecurityGroup
- Ref: EnvironmentName
- Fn::FindInMap:
- EnvironmentMapping
- BastionHostsSecurityGroup
- Ref: EnvironmentName
SubnetId:
Fn::FindInMap:
- EnvironmentMapping
- PublicSubnet1
- Ref: EnvironmentName
Fn::FindInMap:
- EnvironmentMapping
- PublicSubnet1
- Ref: EnvironmentName
UserData:
Fn::Base64: !Sub |
#!/bin/bash -xe
echo "Running userdata for ${EnvironmentName}"
yum -y update
yum -y install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-6-x86_64/pgdg-ami201503-96-9.6-2.noarch.rpm
yum -y install postgresql96
aws s3 cp s3://crowd-deployment/database-dumps/concordia.latest.dmp concordia.dmp
#!/bin/bash -xe
echo "Running userdata for ${EnvironmentName}"
echo "export ENV_NAME=${EnvironmentName}" >> /home/ec2-user/.bash_profile
source /home/ec2-user/.bash_profile
yum -y update
yum -y install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-6-x86_64/pgdg-ami201503-96-9.6-2.noarch.rpm
yum -y install postgresql96
aws s3 cp s3://crowd-deployment/database-dumps/concordia.latest.dmp concordia.dmp

Tags:
- Key: Name
Expand All @@ -101,10 +100,10 @@ Resources:
Properties:
ImageId:
Fn::FindInMap:
- AWSRegionToAMI
- Ref: "AWS::Region"
- "AMI"
InstanceType: "t1.micro"
- AWSRegionToAMI
- Ref: 'AWS::Region'
- 'AMI'
InstanceType: 't1.micro'
IamInstanceProfile:
Fn::FindInMap:
- EnvironmentMapping
Expand All @@ -114,25 +113,27 @@ Resources:
Ref: KeyPairName
NetworkInterfaces:
- AssociatePublicIpAddress: true
DeviceIndex: "0"
DeviceIndex: '0'
GroupSet:
- Fn::FindInMap:
- EnvironmentMapping
- BastionHostsSecurityGroup
- Ref: EnvironmentName
- Fn::FindInMap:
- EnvironmentMapping
- BastionHostsSecurityGroup
- Ref: EnvironmentName
SubnetId:
Fn::FindInMap:
- EnvironmentMapping
- PublicSubnet2
- Ref: EnvironmentName
Fn::FindInMap:
- EnvironmentMapping
- PublicSubnet2
- Ref: EnvironmentName
UserData:
Fn::Base64: !Sub |
#!/bin/bash -xe
echo "Running userdata for ${EnvironmentName}"
yum -y update
yum -y install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-6-x86_64/pgdg-ami201503-96-9.6-2.noarch.rpm
yum -y install postgresql96
aws s3 cp s3://crowd-deployment/database-dumps/concordia.latest.dmp concordia.dmp
#!/bin/bash -xe
echo "Running userdata for ${EnvironmentName}"
echo "export ENV_NAME=${EnvironmentName}" >> /home/ec2-user/.bash_profile
source /home/ec2-user/.bash_profile
yum -y update
yum -y install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-6-x86_64/pgdg-ami201503-96-9.6-2.noarch.rpm
yum -y install postgresql96
aws s3 cp s3://crowd-deployment/database-dumps/concordia.latest.dmp concordia.dmp
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-BastionHost-2
62 changes: 31 additions & 31 deletions cloudformation/infrastructure/data-load.yaml
View file
@@ -1,17 +1,16 @@
Description:
This template deploys a host in a private subnet and loads the most recent
database dump to the specified database server.
This template deploys a host in a private subnet and loads the most recent
database dump to the specified database server.

Parameters:

EnvironmentName:
Description: An environment name that will be prefixed to resource names
Type: String
AllowedValues:
- dev
- test
- stage
- prod
- dev
- test
- stage
- prod

PostgresqlHost:
Description: the end point of the RDS database host to restore
Expand Down Expand Up @@ -49,16 +48,15 @@ Mappings:
prod: sg-066c68e77787b2a10

Resources:

DataLoadHost:
Type: AWS::EC2::Instance
Properties:
ImageId:
Fn::FindInMap:
- AWSRegionToAMI
- Ref: "AWS::Region"
- "AMI"
InstanceType: "t1.micro"
- AWSRegionToAMI
- Ref: 'AWS::Region'
- 'AMI'
InstanceType: 't1.micro'
IamInstanceProfile:
Fn::FindInMap:
- EnvironmentMapping
Expand All @@ -67,29 +65,31 @@ Resources:
InstanceInitiatedShutdownBehavior: terminate
NetworkInterfaces:
- AssociatePublicIpAddress: true
DeviceIndex: "0"
DeviceIndex: '0'
GroupSet:
- Fn::FindInMap:
- EnvironmentMapping
- BastionHostsSecurityGroup
- Ref: EnvironmentName
- Fn::FindInMap:
- EnvironmentMapping
- BastionHostsSecurityGroup
- Ref: EnvironmentName
SubnetId:
Fn::FindInMap:
- EnvironmentMapping
- PrivateSubnet1
- Ref: EnvironmentName
Fn::FindInMap:
- EnvironmentMapping
- PrivateSubnet1
- Ref: EnvironmentName
UserData:
Fn::Base64: !Sub |
#!/bin/bash -xe
echo "Running userdata for ${EnvironmentName}"
yum -y update
yum -y install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-6-x86_64/pgdg-ami201503-96-9.6-2.noarch.rpm
yum -y install postgresql96
aws s3 cp s3://crowd-deployment/database-dumps/concordia.latest.dmp concordia.dmp
echo "${PostgresqlHost}:5432:*:concordia:${PostgresqlPassword}" >> /root/.pgpass
chmod 0600 /root/.pgpass
pg_restore --create --clean -Fc -U concordia -h ${PostgresqlHost} --dbname=postgres --no-password --no-owner --no-acl concordia.dmp
shutdown -h now
#!/bin/bash -xe
echo "Running userdata for ${EnvironmentName}"
echo "export ENV_NAME=${EnvironmentName}" >> /home/ec2-user/.bash_profile
source /home/ec2-user/.bash_profile
yum -y update
yum -y install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-6-x86_64/pgdg-ami201503-96-9.6-2.noarch.rpm
yum -y install postgresql96
aws s3 cp s3://crowd-deployment/database-dumps/concordia.latest.dmp concordia.dmp
echo "${PostgresqlHost}:5432:*:concordia:${PostgresqlPassword}" >> /root/.pgpass
chmod 0600 /root/.pgpass
pg_restore --create --clean -Fc -U concordia -h ${PostgresqlHost} --dbname=postgres --no-password --no-owner --no-acl concordia.dmp
shutdown -h now
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-DataLoadHost
9 changes: 6 additions & 3 deletions db_scripts/dump.sh
View file
Expand Up @@ -2,18 +2,21 @@

set -eu -o pipefail

ENV_NAME=prod

# aws cloudformation create-stack --region us-east-1 --stack-name $ENV_NAME-bastionhosts --template-url https://s3.amazonaws.com/crowd-deployment/infrastructure/bastion-hosts.yaml --parameters ParameterKey=EnvironmentName,ParameterValue=$ENV_NAME ParameterKey=KeyPairName,ParameterValue=rstorey@loc.gov --disable-rollback
# aws cloudformation delete-stack --region us-east-1 --stack-name $ENV_NAME-bastionhosts

if [[ -z "${ENV_NAME}" ]]; then
echo "ENV_NAME must be set prior to running this script."
exit 1
fi

if [ $ENV_NAME != "prod" ]; then
echo "This script should only be run in the production environment."
exit 1
fi

TODAY=$(date +%Y%m%d)
POSTGRESQL_PW="$(aws secretsmanager get-secret-value --secret-id crowd/${ENV_NAME}/DB/MasterUserPassword | python3 -c 'import json,sys;Secret=json.load(sys.stdin);SecretString=json.loads(Secret["SecretString"]);print(SecretString["password"])')"
POSTGRESQL_PW="$(aws secretsmanager get-secret-value --region us-east-1 --secret-id crowd/${ENV_NAME}/DB/MasterUserPassword | python -c 'import json,sys;Secret=json.load(sys.stdin);SecretString=json.loads(Secret["SecretString"]);print(SecretString["password"])')"
# TODO: look up the RDS endpoint for this environment
POSTGRESQL_HOST=${POSTGRESQL_HOST:-localhost}
DUMP_FILE=concordia.dmp
Expand Down
10 changes: 7 additions & 3 deletions db_scripts/restore.sh
View file
Expand Up @@ -2,16 +2,20 @@

set -eu -o pipefail

ENV_NAME=dev

# aws cloudformation create-stack --region us-east-1 --stack-name $ENV_NAME-bastionhosts --template-url https://s3.amazonaws.com/crowd-deployment/infrastructure/bastion-hosts.yaml --parameters ParameterKey=EnvironmentName,ParameterValue=$ENV_NAME ParameterKey=KeyPairName,ParameterValue=rstorey@loc.gov --disable-rollback
# aws cloudformation delete-stack --region us-east-1 --stack-name $ENV_NAME-bastionhosts

if [[ -z "${ENV_NAME}" ]]; then
echo "ENV_NAME must be set prior to running this script."
exit 1
fi

if [ $ENV_NAME = "prod" ]; then
echo "This script should not be run in the production environment."
exit 1
fi

POSTGRESQL_PW="$(aws secretsmanager get-secret-value --secret-id crowd/${ENV_NAME}/DB/MasterUserPassword | python3 -c 'import json,sys;Secret=json.load(sys.stdin);SecretString=json.loads(Secret["SecretString"]);print(SecretString["password"])')"
POSTGRESQL_PW="$(aws secretsmanager get-secret-value --region us-east-1 --secret-id crowd/${ENV_NAME}/DB/MasterUserPassword | python -c 'import json,sys;Secret=json.load(sys.stdin);SecretString=json.loads(Secret["SecretString"]);print(SecretString["password"])')"
# TODO: look up the RDS endpoint for this environment
POSTGRESQL_HOST=${POSTGRESQL_HOST:-localhost}
DUMP_FILE=/concordia.dmp
Expand Down

0 comments on commit e039a74

Please sign in to comment.