From b49306390789969cd92d4165ec2bd54921816843 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Czoma?= Date: Fri, 8 May 2020 00:46:04 +0200 Subject: [PATCH] Sync with AWS-hosted quickstart (#45) * Converted templates to YAML, sync'd with AWS hosted version of this quickstart * Adjusted Testing parameters * Fix for commands log showing invalid requests * Adjusted scaling tier memory limits to latest requirements --- README.md | 1 + ci/solace-aws-ha-3az-prod-travistest.json | 4 + scripts/install-solace.sh | 18 +- scripts/semp_query.sh | 2 +- submodules/quickstart-aws-vpc | 2 +- submodules/quickstart-linux-bastion | 2 +- templates/nodecreate.template | 1373 +++++++---------- templates/solace-master.template | 898 ++++------- templates/solace.template | 1649 ++++++++------------- 9 files changed, 1553 insertions(+), 2396 deletions(-) diff --git a/README.md b/README.md index 3ea3cf2..6688006 100644 --- a/README.md +++ b/README.md @@ -118,6 +118,7 @@ The next screen will allow you to fill in the details for the selected launch op | Instance Type (MonitorNodeInstanceType) | t2.micro | The EC2 instance type for the PubSub+ event broker monitor instance in Availability Zone 3 (or Availability Zone 2, if you’re using only two zones). | | **AWS Quick Start Configuration** | | | | Quick Start S3 Bucket Name (QSS3BucketName) | solace-products | S3 bucket where the Quick Start templates and scripts are installed. Change this parameter to specify the S3 bucket name you’ve created for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. | +| Quick Start S3 bucket region (QSS3BucketRegion) | us-east-1 | The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value. | | Quick Start S3 Key Prefix (QSS3KeyPrefix) | pubsubplus-aws-ha-quickstart/latest/ | Specifies the S3 folder for your copy of Quick Start assets. Change this parameter if you decide to customize or extend the Quick Start for your own use. | ### Launch option 2: Parameters for deploying into an existing VPC diff --git a/ci/solace-aws-ha-3az-prod-travistest.json b/ci/solace-aws-ha-3az-prod-travistest.json index 16ed1c1..e75106e 100644 --- a/ci/solace-aws-ha-3az-prod-travistest.json +++ b/ci/solace-aws-ha-3az-prod-travistest.json @@ -55,6 +55,10 @@ "ParameterKey": "QSS3BucketName", "ParameterValue": "solace-cf-quickstart-travistest" }, + { + "ParameterKey": "QSS3BucketRegion", + "ParameterValue": "SolaceStackRegionNAME" + }, { "ParameterKey": "QSS3KeyPrefix", "ParameterValue": "solace/eventbroker/latest/" diff --git a/scripts/install-solace.sh b/scripts/install-solace.sh index cb38fa5..8f3404e 100644 --- a/scripts/install-solace.sh +++ b/scripts/install-solace.sh @@ -146,32 +146,32 @@ echo "`date` INFO: Solace message broker image and tag: `docker images | grep so # Decide which scaling tier applies based on system memory # and set maxconnectioncount, ulimit, devshm and swap accordingly MEM_SIZE=`cat /proc/meminfo | grep MemTotal | tr -dc '0-9'` -if [ ${MEM_SIZE} -lt 4000000 ]; then - # 100 if mem<4GiB +if [ ${MEM_SIZE} -lt 6600000 ]; then + # 100 if mem<6,325MiB maxconnectioncount="100" shmsize="1g" ulimit_nofile="2448:6592" SWAP_SIZE="1024" -elif [ ${MEM_SIZE} -lt 12000000 ]; then - # 1000 if 4GiB<=mem<12GiB +elif [ ${MEM_SIZE} -lt 14500000 ]; then + # 1000 if 6,325MiB<=mem<13,916MiB maxconnectioncount="1000" shmsize="2g" ulimit_nofile="2448:10192" SWAP_SIZE="2048" -elif [ ${MEM_SIZE} -lt 29000000 ]; then - # 10000 if 12GiB<=mem<28GiB +elif [ ${MEM_SIZE} -lt 30600000 ]; then + # 10000 if 13,916MiB<=mem<29,215MiB maxconnectioncount="10000" shmsize="2g" ulimit_nofile="2448:42192" SWAP_SIZE="2048" -elif [ ${MEM_SIZE} -lt 58000000 ]; then - # 100000 if 28GiB<=mem<56GiB +elif [ ${MEM_SIZE} -lt 57500000 ]; then + # 100000 if 29,215MiB<=mem<54,840MiB maxconnectioncount="100000" shmsize="3380m" ulimit_nofile="2448:222192" SWAP_SIZE="2048" else - # 200000 if 56GiB<=mem + # 200000 if 54,840MiB<=mem maxconnectioncount="200000" shmsize="3380m" ulimit_nofile="2448:422192" diff --git a/scripts/semp_query.sh b/scripts/semp_query.sh index b5ba51d..873703e 100644 --- a/scripts/semp_query.sh +++ b/scripts/semp_query.sh @@ -40,7 +40,7 @@ if [[ ${url} = "" || ${name} = "" || ${password} = "" || ${query} = "" ]]; then echo "{\"errorInfo\":\"missing parameter\"}" exit 1 fi -if [ `curl --write-out '%{http_code}' --silent --output /dev/null -u ${name}:${password} ${url}` != "200" ] ; then +if [ `curl --write-out '%{http_code}' --silent --output /dev/null -u ${name}:${password} ${url} -d "` != "200" ] ; then echo "{\"errorInfo\":\"management host is not responding\"}" exit 1 fi diff --git a/submodules/quickstart-aws-vpc b/submodules/quickstart-aws-vpc index ac8786c..f6e25e5 160000 --- a/submodules/quickstart-aws-vpc +++ b/submodules/quickstart-aws-vpc @@ -1 +1 @@ -Subproject commit ac8786cff8fd030798dc26d6c9566ef730536bd4 +Subproject commit f6e25e586deda72345483dca068902fc787806d6 diff --git a/submodules/quickstart-linux-bastion b/submodules/quickstart-linux-bastion index 229716f..de251de 160000 --- a/submodules/quickstart-linux-bastion +++ b/submodules/quickstart-linux-bastion @@ -1 +1 @@ -Subproject commit 229716f6353a5c36dd13692f60fa7817d0a95b53 +Subproject commit de251de2d051d7ed11ed5606d4508dc7a69496a8 diff --git a/templates/nodecreate.template b/templates/nodecreate.template index d74b4eb..0b0b647 100644 --- a/templates/nodecreate.template +++ b/templates/nodecreate.template @@ -1,814 +1,559 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "CloudFormation sub-template for Single Node EC2 deployment within Solace HA Cluster. (qs-1nm1r54hd)", - "Parameters": { - "SolaceDockerImage": { - "Description": "Solace PubSub+ message broker docker image reference: a docker registry name with optional tag or a download URL. The download URL can be obtained from http://dev.solace.com/downloads/ or it can be a url to a remotely hosted load version", - "Default": "solace/solace-pubsub-standard:latest", - "Type": "String" - }, - "AdminPassword": { - "Description": "Password to access Solace admin console and SEMP", - "Type": "String", - "NoEcho": "True" - }, - "ContainerLoggingFormat": { - "AllowedValues": [ - "graylog", - "legacy", - "raw", - "rfc5424" - ], - "ConstraintDescription": "Must be a valid container logging format.", - "Default": "graylog", - "Description": "Solace message broker logging format in CloudWatch", - "Type": "String" - }, - "BootDiskSize": { - "ConstraintDescription": "Deployment supports 8 to 128 GB for boot volumes", - "Default": "24", - "Description": "Allocated EBS storage for boot disk", - "MaxValue": "128", - "MinValue": "8", - "Type": "Number" - }, - "ClusterInfoHandle": { - "Description": "", - "Type": "String" - }, - "InstanceProfile": { - "Description": "IAM Profile for the deployment", - "Type": "String" - }, - "KeyPairName": { - "Description": "Name of an existing EC2 key pair within the AWS region; all instances will launch with this key pair", - "Type": "AWS::EC2::KeyPair::KeyName" - }, - "NodeDesignation": { - "Default": "unspecified", - "Description": "Tag for deployed instances", - "Type": "String" - }, - "NodeInstanceType": { - "ConstraintDescription": "Must be a valid EC2 instance type.", - "Default": "m4.large", - "Description": "Instance Type for Solace PubSub+ message broker nodes", - "Type": "String" - }, - "NodeSecurityGroup": { - "Description": "Comma separated list of security groups for the members of the cluster (e.g. sg-7f16e910,sg-4be93ca2); The security groups must be in the same VPC as the subnets", - "Type": "List" - }, - "ParentStackName": { - "Description": "Wrapper stack for this deployment", - "Type": "String" - }, - "PersistentStorage": { - "ConstraintDescription": "No more than 1024 GB per device (4 TB per node).", - "Default": "0", - "Description": "Allocated EBS storage for each block device (in GB; 4 devs per node); 0 indicates ephemeral storage only. Non-zero will cause a new io1 disk creation for message-spool which will NOT be deleted on stack termination", - "AllowedValues": [ - "0", - "20", - "40", - "80", - "160", - "320", - "640" - ], - "Type": "Number" - }, - "QSS3BucketName": { - "AllowedPattern": "^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$", - "ConstraintDescription": "Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).", - "Default": "solace-products", - "Description": "S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).", - "Type": "String" - }, - "QSS3KeyPrefix": { - "AllowedPattern": "^[0-9a-zA-Z-/]*$", - "ConstraintDescription": "Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).", - "Default": "pubsubplus-aws-ha-quickstart/latest/", - "Description": "S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).", - "Type": "String" - }, - "SubnetID": { - "Description": "Comma separated list of VPC subnet IDs for the cluster deployment (e.g. subnet-4b8d329f,subnet-bd73afc8); VPC must exist with proper configuration for Solacet cluster access (internal and external)and the subnets must be in the same VPC as the security groups", - "Type": "AWS::EC2::Subnet::Id" - } - }, - "Mappings": { - "AWSAMIRegionMap": { - "AMI": { - "AMZNLINUXHVM": "amzn-ami-hvm-2018.03.0.20190611-x86_64-gp2" - }, - "ap-northeast-1": { - "AMZNLINUXHVM": "ami-079e6fb1e856e80c1" - }, - "ap-northeast-2": { - "AMZNLINUXHVM": "ami-0e4a253fb5f082688" - }, - "ap-south-1": { - "AMZNLINUXHVM": "ami-01e074f40dfb9999d" - }, - "ap-southeast-1": { - "AMZNLINUXHVM": "ami-0d9233e8ce73df7b2" - }, - "ap-southeast-2": { - "AMZNLINUXHVM": "ami-0c91f97cadcc8499e" - }, - "ca-central-1": { - "AMZNLINUXHVM": "ami-003a0ba7ea76b2785" - }, - "eu-central-1": { - "AMZNLINUXHVM": "ami-0ab838eeee7f316eb" - }, - "eu-west-1": { - "AMZNLINUXHVM": "ami-071f4ce599deff521" - }, - "eu-west-2": { - "AMZNLINUXHVM": "ami-0e49551fc78560451" - }, - "eu-west-3": { - "AMZNLINUXHVM": "ami-0ec1d48c59dda554a" - }, - "sa-east-1": { - "AMZNLINUXHVM": "ami-04b202bf877b5027b" - }, - "us-east-1": { - "AMZNLINUXHVM": "ami-09d069a04349dc3cb" - }, - "us-east-2": { - "AMZNLINUXHVM": "ami-0d542ef84ec55d71c" - }, - "us-west-1": { - "AMZNLINUXHVM": "ami-04bc3da8f14823e88" - }, - "us-west-2": { - "AMZNLINUXHVM": "ami-01460aa81365561fe" - } - }, - "LinuxAMINameMap": { - "Amazon-Linux-HVM": { - "Code": "AMZNLINUXHVM" - } - }, - "Linux2BootDisk": { - "Amazon-Linux-HVM": { - "BootDisk": "/dev/xvda" - } - }, - "Linux2SpoolDisk": { - "Amazon-Linux-HVM": { - "SpoolDisk": "/dev/xvdb" - } - }, - "IOPsMap": { - "0": { - "IOPs": "0" - }, - "20": { - "IOPs": "1000" - }, - "40": { - "IOPs": "2000" - }, - "80": { - "IOPs": "4000" - }, - "160": { - "IOPs": "8000" - }, - "320": { - "IOPs": "16000" - }, - "640": { - "IOPs": "20000" - } - } - }, - "Conditions": { - "EphemeralStorage": { - "Fn::Equals": [ - { - "Ref": "PersistentStorage" - }, - "0" - ] - }, - "GovCloudCondition": { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "us-gov-west-1" - ] - } - }, - "Resources": { - "CloudFormationLogs": { - "Type": "AWS::Logs::LogGroup", - "Properties": { - "RetentionInDays": 7 - } - }, - "RecoveryTestAlarm": { - "Type": "AWS::CloudWatch::Alarm", - "Properties": { - "AlarmDescription": "Trigger a recovery when instance status check fails for 3 consecutive minutes.", - "Namespace": "AWS/EC2", - "MetricName": "StatusCheckFailed_System", - "Statistic": "Minimum", - "Period": "60", - "EvaluationPeriods": "3", - "ComparisonOperator": "GreaterThanThreshold", - "Threshold": "0", - "AlarmActions": [ - { - "Fn::Join": [ - "", - [ - "arn:aws:automate:", - { - "Ref": "AWS::Region" - }, - ":ec2:recover" - ] - ] - } - ], - "Dimensions": [ - { - "Name": "InstanceId", - "Value": { - "Ref": "NodeLaunchConfig" - } - } - ] - } - }, - "NodeLaunchConfig": { - "Type": "AWS::EC2::Instance", - "Metadata": { - "AWS::CloudFormation::Init": { - "configSets": { - "install_all": [ - "install_awscli", - "install_logs", - "install_docker", - "install_extras", - "install_solace" - ] - }, - "install_awscli": { - "packages": { - "python": { - "awscli": [] - } - } - }, - "install_logs": { - "packages": { - "yum": { - "awslogs": [] - } - }, - "files": { - "/etc/awslogs/awslogs.conf": { - "content": { - "Fn::Join": [ - "", - [ - "[general]\n", - "state_file= /var/awslogs/state/agent-state\n", - "[/var/log/cloud-init.log]\n", - "file = /var/log/cloud-init.log\n", - "log_group_name = ", - { - "Ref": "CloudFormationLogs" - }, - "\n", - "log_stream_name = {instance_id}/cloud-init.log\n", - "datetime_format = \n", - "[/var/log/cloud-init-output.log]\n", - "file = /var/log/cloud-init-output.log\n", - "log_group_name = ", - { - "Ref": "CloudFormationLogs" - }, - "\n", - "log_stream_name = {instance_id}/cloud-init-output.log\n", - "datetime_format = \n", - "[/var/log/cfn-init.log]\n", - "file = /var/log/cfn-init.log\n", - "log_group_name = ", - { - "Ref": "CloudFormationLogs" - }, - "\n", - "log_stream_name = {instance_id}/cfn-init.log\n", - "datetime_format = \n", - "[/var/log/cfn-hup.log]\n", - "file = /var/log/cfn-hup.log\n", - "log_group_name = ", - { - "Ref": "CloudFormationLogs" - }, - "\n", - "log_stream_name = {instance_id}/cfn-hup.log\n", - "datetime_format = \n", - "[/var/log/cfn-wire.log]\n", - "file = /var/log/cfn-wire.log\n", - "log_group_name = ", - { - "Ref": "CloudFormationLogs" - }, - "\n", - "log_stream_name = {instance_id}/cfn-wire.log\n", - "datetime_format = \n", - "[/var/log/solace.log]\n", - "file = /var/log/solace.log\n", - "log_group_name = ", - { - "Ref": "CloudFormationLogs" - }, - "\n", - "log_stream_name = {instance_id}/solace.log\n", - "datetime_format = \n" - ] - ] - }, - "mode": "000444", - "owner": "root", - "group": "root" - }, - "/etc/awslogs/awscli.conf": { - "content": { - "Fn::Join": [ - "", - [ - "[plugins]\n", - "cwlogs = cwlogs\n", - "[default]\n", - "region = ", - { - "Ref": "AWS::Region" - }, - "\n" - ] - ] - }, - "mode": "000444", - "owner": "root", - "group": "root" - } - }, - "commands": { - "01_create_state_directory": { - "command": "mkdir -p /var/awslogs/state" - } - }, - "services": { - "sysvinit": { - "awslogs": { - "enabled": "true", - "ensureRunning": "true", - "files": [ - "/etc/awslogs/awslogs.conf" - ] - } - } - } - }, - "install_docker": { - "packages": { - "yum": { - "docker": [], - "wget": [], - "lvm2": [] - } - }, - "files": { - "/etc/sysconfig/docker": { - "content": { - "Fn::Join": [ - "", - [ - "DAEMON_PIDFILE_TIMEOUT=10\n", - "OPTIONS=\"--default-ulimit nofile=1024:4096 --iptables=false --storage-driver overlay2\"\n" - ] - ] - }, - "mode": "000444", - "owner": "root", - "group": "root" - } - }, - "commands": { - "01_add_ec2-user_to_docker_group": { - "command": "usermod -a -G docker ec2-user" - } - }, - "services": { - "sysvinit": { - "docker": { - "enabled": "true", - "ensureRunning": "true", - "files": [ - "/etc/sysconfig/docker" - ] - } - } - } - }, - "install_extras": { - "packages": { - "yum": { - "epel-release": [], - "jq": [] - } - } - }, - "install_solace": { - "commands": { - "01_create_secrets_directory": { - "command": "mkdir -p /mnt/pubsubplus/secrets" - } - }, - "files": { - "/mnt/pubsubplus/secrets/solOSpasswd": { - "content": { - "Fn::Join": [ - "", - [ - { - "Ref": "AdminPassword" - }, - "\n" - ] - ] - } - }, - "/tmp/gen-cluster-hosts.sh": { - "source": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/gen-cluster-hosts.sh", - { - "QSS3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "mode": "000755", - "owner": "root", - "group": "root" - }, - "/tmp/wait-for-child-resource.sh": { - "source": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/wait-for-child-resource.sh", - { - "QSS3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "mode": "000755", - "owner": "root", - "group": "root" - }, - "/tmp/wait-for-resource.sh": { - "source": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/wait-for-resource.sh", - { - "QSS3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "mode": "000755", - "owner": "root", - "group": "root" - }, - "/etc/init.d/solace-pubsubplus": { - "source": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/init.d/solace-pubsubplus", - { - "QSS3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "mode": "000755", - "owner": "root", - "group": "root" - }, - "/tmp/install-solace.sh": { - "source": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/install-solace.sh", - { - "QSS3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "mode": "000755", - "owner": "root", - "group": "root" - }, - "/tmp/semp_query.sh": { - "source": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/semp_query.sh", - { - "QSS3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "mode": "000755", - "owner": "root", - "group": "root" - } - } - } - } - }, - "Properties": { - "BlockDeviceMappings": { - "Fn::If": [ - "EphemeralStorage", - [ - { - "DeviceName": { - "Fn::FindInMap": [ - "Linux2BootDisk", - "Amazon-Linux-HVM", - "BootDisk" - ] - }, - "Ebs": { - "VolumeSize": { - "Ref": "BootDiskSize" - }, - "DeleteOnTermination": "True" - } - } - ], - [ - { - "DeviceName": { - "Fn::FindInMap": [ - "Linux2BootDisk", - "Amazon-Linux-HVM", - "BootDisk" - ] - }, - "Ebs": { - "VolumeSize": { - "Ref": "BootDiskSize" - }, - "DeleteOnTermination": "False" - } - }, - { - "DeviceName": { - "Fn::FindInMap": [ - "Linux2SpoolDisk", - "Amazon-Linux-HVM", - "SpoolDisk" - ] - }, - "Ebs": { - "VolumeSize": { - "Ref": "PersistentStorage" - }, - "DeleteOnTermination": "False", - "VolumeType": "io1", - "Iops": { - "Fn::FindInMap": [ - "IOPsMap", - { - "Ref": "PersistentStorage" - }, - "IOPs" - ] - } - } - } - ] - ] - }, - "ImageId": { - "Fn::FindInMap": [ - "AWSAMIRegionMap", - { - "Ref": "AWS::Region" - }, - "AMZNLINUXHVM" - ] - }, - "InstanceType": { - "Ref": "NodeInstanceType" - }, - "KeyName": { - "Ref": "KeyPairName" - }, - "NetworkInterfaces": [ - { - "AssociatePublicIpAddress": true, - "DeleteOnTermination": true, - "Description": "Main interface", - "DeviceIndex": "0", - "GroupSet": { - "Ref": "NodeSecurityGroup" - }, - "SubnetId": { - "Ref": "SubnetID" - } - } - ], - "IamInstanceProfile": { - "Ref": "InstanceProfile" - }, - "Tags": [ - { - "Key": "Name", - "Value": { - "Fn::Join": [ - "-", - [ - { - "Ref": "ParentStackName" - }, - { - "Ref": "NodeDesignation" - } - ] - ] - } - }, - { - "Key": "ParentStack", - "Value": { - "Ref": "ParentStackName" - } - }, - { - "Key": "HARole", - "Value": { - "Ref": "NodeDesignation" - } - } - ], - "UserData": { - "Fn::Base64": { - "Fn::Join": [ - "", - [ - "#!/bin/bash -xe\n", - "AMI_SBIN=/tmp\n", - "yum install -y aws-cfn-bootstrap\n", - "\n", - "## Retrieve scripts to deploy Solace on the instances \n", - "/opt/aws/bin/cfn-init -v ", - " --stack ", - { - "Ref": "AWS::StackName" - }, - " --resource NodeLaunchConfig ", - " --configsets install_all ", - " --region ", - { - "Ref": "AWS::Region" - }, - "\n", - "## Wait for all nodes to come on-line\n", - "$AMI_SBIN/wait-for-child-resource.sh ", - { - "Ref": "ParentStackName" - }, - " MonitorStack NodeLaunchConfig\n", - "\n", - "$AMI_SBIN/wait-for-child-resource.sh ", - { - "Ref": "ParentStackName" - }, - " EventBrokerPrimaryStack NodeLaunchConfig\n", - "\n", - "$AMI_SBIN/wait-for-child-resource.sh ", - { - "Ref": "ParentStackName" - }, - " EventBrokerBackupStack NodeLaunchConfig\n", - "\n", - "## Now find the private IP addresses of all deployed nodes\n", - "## (generating /tmp/solacehosts and /tmp/ files)\n", - "$AMI_SBIN/gen-cluster-hosts.sh ", - { - "Ref": "ParentStackName" - }, - "\n", - "## Tag the instance (now that we're sure of launch index)\n", - "instance_id=$(curl -f http://169.254.169.254/latest/meta-data/instance-id)\n", - "instance_tag=", - { - "Ref": "ParentStackName" - }, - "-", - { - "Ref": "NodeDesignation" - }, - "\n", - " \n", - "aws ec2 create-tags", - " --region ", - { - "Ref": "AWS::Region" - }, - " --resources $instance_id --tags Key=Name,Value=$instance_tag\n", - "\n", - "cd /tmp\n", - "# Install Solace\n", - "$AMI_SBIN/install-solace.sh -c /tmp/solacehosts -d /tmp/solace", - " -u ", - { - "Ref": "SolaceDockerImage" - }, - " -p /mnt/pubsubplus/secrets/solOSpasswd", - " -s ", - { - "Ref": "PersistentStorage" - }, - " -v /dev/xvdb", - " -f ", - { - "Ref": "ContainerLoggingFormat" - }, - " -g ", - { - "Ref": "CloudFormationLogs" - }, - " -r ${instance_id}/solace.log", - " \n", - "## Signal back information for outputs (now that all nodes are up) \n", - "/opt/aws/bin/cfn-signal -e 0 -r 'Solace HA deployment complete' '", - { - "Ref": "ClusterInfoHandle" - }, - "'\n", - "\n" - ] - ] - } - } - } - } - }, - "Outputs": { - "EC2ID": { - "Description": "Reference to created ec2 instance", - "Value": { - "Ref": "NodeLaunchConfig" - }, - "Export": { - "Name": { - "Fn::Sub": "${AWS::StackName}-EC2ID" - } - } - } - } -} \ No newline at end of file +AWSTemplateFormatVersion: '2010-09-09' +Description: CloudFormation sub-template for Single Node EC2 deployment within Solace + HA Cluster. (qs-1nm1r54hd) +Parameters: + SolaceDockerImage: + Description: >- + Solace PubSub+ event broker docker image reference: a docker registry name + with optional tag or a download URL. The download URL can be obtained from http://dev.solace.com/downloads/ + or it can be a url to a remotely hosted load version + Default: solace/solace-pubsub-standard:latest + Type: String + AdminPassword: + Description: Password to access PubSub+ admin console and SEMP + Type: String + NoEcho: 'True' + ContainerLoggingFormat: + AllowedValues: + - graylog + - legacy + - raw + - rfc5424 + ConstraintDescription: Must be a valid container logging format. + Default: graylog + Description: PubSub+ event broker logging format in CloudWatch + Type: String + BootDiskSize: + ConstraintDescription: Deployment supports 8 to 128 GB for boot volumes + Default: '24' + Description: Allocated EBS storage for boot disk + MaxValue: '128' + MinValue: '8' + Type: Number + ClusterInfoHandle: + Description: '' + Type: String + InstanceProfile: + Description: IAM Profile for the deployment + Type: String + KeyPairName: + Description: Name of an existing EC2 key pair within the AWS region; all instances + will launch with this key pair + Type: AWS::EC2::KeyPair::KeyName + NodeDesignation: + Default: unspecified + Description: Tag for deployed instances + Type: String + NodeInstanceType: + ConstraintDescription: Must be a valid EC2 instance type. + Default: m4.large + Description: Instance Type for Solace PubSub+ event broker nodes + Type: String + NodeSecurityGroup: + Description: Comma separated list of security groups for the members of the cluster + (e.g. sg-7f16e910,sg-4be93ca2); The security groups must be in the same VPC + as the subnets + Type: List + ParentStackName: + Description: Wrapper stack for this deployment + Type: String + PersistentStorage: + ConstraintDescription: No more than 1024 GB per device (4 TB per node). + Default: '0' + Description: >- + Allocated EBS storage for each block device (in GB; 4 devs per node); 0 indicates + ephemeral storage only. Non-zero will cause a new io1 disk creation for message-spool + which will NOT be deleted on stack termination + AllowedValues: + - '0' + - '20' + - '40' + - '80' + - '160' + - '320' + - '640' + Type: Number + QSS3BucketName: + AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ + ConstraintDescription: Quick Start bucket name can include numbers, lowercase + letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen + (-). + Default: solace-products + Description: S3 bucket name for the Quick Start assets. Quick Start bucket name + can include numbers, lowercase letters, uppercase letters, and hyphens (-). + It cannot start or end with a hyphen (-). + Type: String + QSS3BucketRegion: + Default: 'us-east-1' + Description: 'The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.' + Type: String + QSS3KeyPrefix: + AllowedPattern: ^[0-9a-zA-Z-/]*$ + ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, + uppercase letters, hyphens (-), and forward slash (/). + Default: pubsubplus-aws-ha-quickstart/latest/ + Description: S3 key prefix for the Quick Start assets. Quick Start key prefix + can include numbers, lowercase letters, uppercase letters, hyphens (-), and + forward slash (/). + Type: String + SubnetID: + Description: >- + Comma separated list of VPC subnet IDs for the cluster deployment (e.g. subnet-4b8d329f,subnet-bd73afc8); + VPC must exist with proper configuration for Solacet cluster access (internal + and external) and the subnets must be in the same VPC as the security groups + Type: AWS::EC2::Subnet::Id +Mappings: + AWSAMIRegionMap: + AMI: + AMZNLINUXHVM: amzn-ami-hvm-2018.03.0.20190611-x86_64-gp2 + ap-northeast-1: + AMZNLINUXHVM: ami-02ddf94e5edc8e904 + ap-northeast-2: + AMZNLINUXHVM: ami-0ecd78c22823e02ef + ap-south-1: + AMZNLINUXHVM: ami-05695932c5299858a + ap-southeast-1: + AMZNLINUXHVM: ami-043afc2b8b6cfba5c + ap-southeast-2: + AMZNLINUXHVM: ami-01393ce9a3ca55d67 + ca-central-1: + AMZNLINUXHVM: ami-0fa94ecf2fef3420b + eu-central-1: + AMZNLINUXHVM: ami-0ba441bdd9e494102 + eu-west-1: + AMZNLINUXHVM: ami-0e61341fa75fcaa18 + eu-west-2: + AMZNLINUXHVM: ami-050b8344d77081f4b + eu-west-3: + AMZNLINUXHVM: ami-053418e626d0549fc + sa-east-1: + AMZNLINUXHVM: ami-05b7dbc290217250d + us-east-1: + AMZNLINUXHVM: ami-0e2ff28bfb72a4e45 + us-east-2: + AMZNLINUXHVM: ami-0998bf58313ab53da + us-west-1: + AMZNLINUXHVM: ami-021bb9f371690f97a + us-west-2: + AMZNLINUXHVM: ami-079f731edfe27c29c + LinuxAMINameMap: + Amazon-Linux-HVM: + Code: AMZNLINUXHVM + Linux2BootDisk: + Amazon-Linux-HVM: + BootDisk: /dev/xvda + Linux2SpoolDisk: + Amazon-Linux-HVM: + SpoolDisk: /dev/xvdb + IOPsMap: + '0': + IOPs: '0' + '20': + IOPs: '1000' + '40': + IOPs: '2000' + '80': + IOPs: '4000' + '160': + IOPs: '8000' + '320': + IOPs: '16000' + '640': + IOPs: '20000' +Conditions: + EphemeralStorage: !Equals + - !Ref 'PersistentStorage' + - '0' + GovCloudCondition: !Equals + - !Ref 'AWS::Region' + - us-gov-west-1 + UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] +Resources: + CloudFormationLogs: + Type: AWS::Logs::LogGroup + Properties: + RetentionInDays: 7 + RecoveryTestAlarm: + Type: AWS::CloudWatch::Alarm + Properties: + AlarmDescription: Trigger a recovery when instance status check fails for 3 + consecutive minutes. + Namespace: AWS/EC2 + MetricName: StatusCheckFailed_System + Statistic: Minimum + Period: '60' + EvaluationPeriods: '3' + ComparisonOperator: GreaterThanThreshold + Threshold: '0' + AlarmActions: + - !Join + - '' + - - 'arn:aws:automate:' + - !Ref 'AWS::Region' + - :ec2:recover + Dimensions: + - Name: InstanceId + Value: !Ref 'NodeLaunchConfig' + NodeRole: + Type: AWS::IAM::Role + Properties: + Policies: + - PolicyName: aws-quick-start-s3-policy + PolicyDocument: + Version: '2012-10-17' + Statement: + - Action: + - s3:GetObject + Resource: "*" + Effect: Allow + - PolicyName: ec2-policy + PolicyDocument: + Version: '2012-10-17' + Statement: + - Action: + - cloudformation:DescribeStackResources + - ec2:DescribeInstances + - ec2:CreateTags + Resource: '*' + Effect: Allow + - PolicyName: cloudwatch-policy + PolicyDocument: + Version: '2012-10-17' + Statement: + - Action: + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:PutLogEvents + - logs:DescribeLogStreams + Resource: + - arn:aws:logs:*:*:* + Effect: Allow + Path: / + AssumeRolePolicyDocument: + Statement: + - Action: + - sts:AssumeRole + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Version: '2012-10-17' + NodeProfile: + Type: AWS::IAM::InstanceProfile + Properties: + Roles: + - !Ref NodeRole + Path: / + NodeLaunchConfig: + Type: AWS::EC2::Instance + Metadata: + AWS::CloudFormation::Authentication: + S3AccessCreds: + type: S3 + roleName: !Ref NodeRole + buckets: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + AWS::CloudFormation::Init: + configSets: + install_all: + - install_awscli + - install_logs + - install_docker + - install_extras + - install_solace + install_awscli: + packages: + python: + awscli: [] + install_logs: + packages: + yum: + awslogs: [] + files: + /etc/awslogs/awslogs.conf: + content: !Join + - '' + - - "[general]\n" + - "state_file= /var/awslogs/state/agent-state\n" + - "[/var/log/cloud-init.log]\n" + - "file = /var/log/cloud-init.log\n" + - 'log_group_name = ' + - !Ref 'CloudFormationLogs' + - "\n" + - "log_stream_name = {instance_id}/cloud-init.log\n" + - "datetime_format = \n" + - "[/var/log/cloud-init-output.log]\n" + - "file = /var/log/cloud-init-output.log\n" + - 'log_group_name = ' + - !Ref 'CloudFormationLogs' + - "\n" + - "log_stream_name = {instance_id}/cloud-init-output.log\n" + - "datetime_format = \n" + - "[/var/log/cfn-init.log]\n" + - "file = /var/log/cfn-init.log\n" + - 'log_group_name = ' + - !Ref 'CloudFormationLogs' + - "\n" + - "log_stream_name = {instance_id}/cfn-init.log\n" + - "datetime_format = \n" + - "[/var/log/cfn-hup.log]\n" + - "file = /var/log/cfn-hup.log\n" + - 'log_group_name = ' + - !Ref 'CloudFormationLogs' + - "\n" + - "log_stream_name = {instance_id}/cfn-hup.log\n" + - "datetime_format = \n" + - "[/var/log/cfn-wire.log]\n" + - "file = /var/log/cfn-wire.log\n" + - 'log_group_name = ' + - !Ref 'CloudFormationLogs' + - "\n" + - "log_stream_name = {instance_id}/cfn-wire.log\n" + - "datetime_format = \n" + - "[/var/log/solace.log]\n" + - "file = /var/log/solace.log\n" + - 'log_group_name = ' + - !Ref 'CloudFormationLogs' + - "\n" + - "log_stream_name = {instance_id}/solace.log\n" + - "datetime_format = \n" + mode: '000444' + owner: root + group: root + /etc/awslogs/awscli.conf: + content: !Join + - '' + - - "[plugins]\n" + - "cwlogs = cwlogs\n" + - "[default]\n" + - 'region = ' + - !Ref 'AWS::Region' + - "\n" + mode: '000444' + owner: root + group: root + commands: + '01_create_state_directory': + command: mkdir -p /var/awslogs/state + services: + sysvinit: + awslogs: + enabled: 'true' + ensureRunning: 'true' + files: + - /etc/awslogs/awslogs.conf + install_docker: + packages: + yum: + docker: [] + wget: [] + lvm2: [] + files: + /etc/sysconfig/docker: + content: !Join + - '' + - - "DAEMON_PIDFILE_TIMEOUT=10\n" + - "OPTIONS=\"--default-ulimit nofile=1024:4096 --iptables=false\ + \ --storage-driver overlay2\"\n" + mode: '000444' + owner: root + group: root + commands: + '01_add_ec2-user_to_docker_group': + command: usermod -a -G docker ec2-user + services: + sysvinit: + docker: + enabled: 'true' + ensureRunning: 'true' + files: + - /etc/sysconfig/docker + install_extras: + packages: + yum: + epel-release: [] + jq: [] + install_solace: + commands: + '01_create_secrets_directory': + command: mkdir -p /mnt/pubsubplus/secrets + files: + /mnt/pubsubplus/secrets/solOSpasswd: + content: !Join + - '' + - - !Ref 'AdminPassword' + - "\n" + /tmp/gen-cluster-hosts.sh: + source: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/gen-cluster-hosts.sh + - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] + S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + mode: '000755' + owner: root + group: root + /tmp/wait-for-child-resource.sh: + source: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/wait-for-child-resource.sh + - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] + S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + mode: '000755' + owner: root + group: root + /tmp/wait-for-resource.sh: + source: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/wait-for-resource.sh + - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] + S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + mode: '000755' + owner: root + group: root + /etc/init.d/solace-pubsubplus: + source: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/init.d/solace-pubsubplus + - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] + S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + mode: '000755' + owner: root + group: root + /tmp/install-solace.sh: + source: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/install-solace.sh + - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] + S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + mode: '000755' + owner: root + group: root + /tmp/semp_query.sh: + source: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/semp_query.sh + - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] + S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + mode: '000755' + owner: root + group: root + Properties: + BlockDeviceMappings: !If + - EphemeralStorage + - - DeviceName: !FindInMap + - Linux2BootDisk + - Amazon-Linux-HVM + - BootDisk + Ebs: + VolumeSize: !Ref 'BootDiskSize' + DeleteOnTermination: 'True' + - - DeviceName: !FindInMap + - Linux2BootDisk + - Amazon-Linux-HVM + - BootDisk + Ebs: + VolumeSize: !Ref 'BootDiskSize' + DeleteOnTermination: 'False' + - DeviceName: !FindInMap + - Linux2SpoolDisk + - Amazon-Linux-HVM + - SpoolDisk + Ebs: + VolumeSize: !Ref 'PersistentStorage' + DeleteOnTermination: 'False' + VolumeType: io1 + Iops: !FindInMap + - IOPsMap + - !Ref 'PersistentStorage' + - IOPs + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref 'AWS::Region' + - AMZNLINUXHVM + InstanceType: !Ref 'NodeInstanceType' + KeyName: !Ref 'KeyPairName' + NetworkInterfaces: + - AssociatePublicIpAddress: true + DeleteOnTermination: true + Description: Main interface + DeviceIndex: '0' + GroupSet: !Ref 'NodeSecurityGroup' + SubnetId: !Ref 'SubnetID' + IamInstanceProfile: !Ref NodeProfile + Tags: + - Key: Name + Value: !Join + - '-' + - - !Ref 'ParentStackName' + - !Ref 'NodeDesignation' + - Key: ParentStack + Value: !Ref 'ParentStackName' + - Key: HARole + Value: !Ref 'NodeDesignation' + UserData: !Base64 + Fn::Join: + - '' + - - "#!/bin/bash -xe\n" + - "AMI_SBIN=/tmp\n" + - "yum install -y aws-cfn-bootstrap\n" + - "\n" + - "## Retrieve scripts to deploy PubSub+ on the instances \n" + - '/opt/aws/bin/cfn-init -v ' + - ' --stack ' + - !Ref 'AWS::StackName' + - ' --resource NodeLaunchConfig ' + - ' --configsets install_all ' + - ' --region ' + - !Ref 'AWS::Region' + - "\n" + - "## Wait for all nodes to come on-line\n" + - '$AMI_SBIN/wait-for-child-resource.sh ' + - !Ref 'ParentStackName' + - " MonitorStack NodeLaunchConfig\n" + - "\n" + - '$AMI_SBIN/wait-for-child-resource.sh ' + - !Ref 'ParentStackName' + - " EventBrokerPrimaryStack NodeLaunchConfig\n" + - "\n" + - '$AMI_SBIN/wait-for-child-resource.sh ' + - !Ref 'ParentStackName' + - " EventBrokerBackupStack NodeLaunchConfig\n" + - "\n" + - "## Now find the private IP addresses of all deployed nodes\n" + - "## (generating /tmp/solacehosts and /tmp/ files)\n" + - '$AMI_SBIN/gen-cluster-hosts.sh ' + - !Ref 'ParentStackName' + - "\n" + - "## Tag the instance (now that we're sure of launch index)\n" + - "instance_id=$(curl -f http://169.254.169.254/latest/meta-data/instance-id)\n" + - instance_tag= + - !Ref 'ParentStackName' + - '-' + - !Ref 'NodeDesignation' + - "\n" + - " \n" + - aws ec2 create-tags + - ' --region ' + - !Ref 'AWS::Region' + - " --resources $instance_id --tags Key=Name,Value=$instance_tag\n" + - "\n" + - "cd /tmp\n" + - "# Install PubSub+\n" + - $AMI_SBIN/install-solace.sh -c /tmp/solacehosts -d /tmp/solace + - ' -u ' + - !Ref 'SolaceDockerImage' + - ' -p /mnt/pubsubplus/secrets/solOSpasswd' + - ' -s ' + - !Ref 'PersistentStorage' + - ' -v /dev/xvdb' + - ' -f ' + - !Ref 'ContainerLoggingFormat' + - ' -g ' + - !Ref 'CloudFormationLogs' + - ' -r ${instance_id}/solace.log' + - " \n" + - "## Signal back information for outputs (now that all nodes are up)\ + \ \n" + - /opt/aws/bin/cfn-signal -e 0 -r 'PubSub+ HA deployment complete' ' + - !Ref 'ClusterInfoHandle' + - "'\n" + - "\n" +Outputs: + EC2ID: + Description: Reference to created ec2 instance + Value: !Ref 'NodeLaunchConfig' + Export: + Name: !Sub '${AWS::StackName}-EC2ID' diff --git a/templates/solace-master.template b/templates/solace-master.template index 74cec09..5755546 100644 --- a/templates/solace-master.template +++ b/templates/solace-master.template @@ -1,574 +1,324 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "This template creates a new VPC infrastructure for Solace high availability architecture. **WARNING** This template creates Amazon EC2 instance and related resources. You will be billed for the AWS resources used if you create a stack from this template. (qs-1nju7g5qq)", - "Metadata": { - "AWS::CloudFormation::Interface": { - "ParameterGroups": [ - { - "Label": { - "default": "Solace Configuration" - }, - "Parameters": [ - "SolaceDockerImage", - "AdminPassword", - "ContainerLoggingFormat" - ] - }, - { - "Label": { - "default": "Network Configuration" - }, - "Parameters": [ - "NumberOfAZs", - "AvailabilityZones", - "CreatePrivateSubnets", - "SSHAccessCIDR", - "RemoteAccessCIDR" - ] - }, - { - "Label": { - "default": "Common Amazon EC2 Configuration" - }, - "Parameters": [ - "KeyPairName", - "BootDiskSize" - ] - }, - { - "Label": { - "default": "Message Broker Instance Configuration" - }, - "Parameters": [ - "EventBrokerNodeInstanceType", - "EventBrokerNodeStorage" - ] - }, - { - "Label": { - "default": "Monitor Instance Configuration" - }, - "Parameters": [ - "MonitorNodeInstanceType" - ] - }, - { - "Label": { - "default": "AWS Quick Start Configuration" - }, - "Parameters": [ - "QSS3BucketName", - "QSS3KeyPrefix" - ] - } - ], - "ParameterLabels": { - "SolaceDockerImage": { - "default": "Solace Docker image reference" - }, - "AdminPassword": { - "default": "Password to access Solace admin console and SEMP" - }, - "ContainerLoggingFormat": { - "default": "Container logging format" - }, - "AvailabilityZones": { - "default": "Availability Zones" - }, - "NumberOfAZs": { - "default": "Number of Availability Zones" - }, - "BootDiskSize": { - "default": "Boot Disk Capacity (GiB)" - }, - "EventBrokerNodeInstanceType": { - "default": "Instance Type" - }, - "EventBrokerNodeStorage": { - "default": "Persistent Storage" - }, - "MonitorNodeInstanceType": { - "default": "Instance Type" - }, - "KeyPairName": { - "default": "Key Pair Name" - }, - "SSHAccessCIDR": { - "default": "Permitted IP range for console SSH access" - }, - "RemoteAccessCIDR": { - "default": "Allowed External Access CIDR" - }, - "CreatePrivateSubnets": { - "default": "Create production ready enviroment" - }, - "QSS3BucketName": { - "default": "Quick Start S3 Bucket Name" - }, - "QSS3KeyPrefix": { - "default": "Quick Start S3 Key Prefix" - } - } - } - }, - "Parameters": { - "SolaceDockerImage": { - "Description": "Solace PubSub+ message broker Docker image reference: a Docker registry name with optional tag or a download URL. The download URL can be obtained from http://dev.solace.com/downloads/ or it can be a url to a remotely hosted load version", - "Default": "solace/solace-pubsub-standard:latest", - "Type": "String" - }, - "AdminPassword": { - "Description": "Password to allow Solace admin access to configure the message broker instances", - "Type": "String", - "NoEcho": "True" - }, - "ContainerLoggingFormat": { - "AllowedValues": [ - "graylog", - "legacy", - "raw", - "rfc5424" - ], - "ConstraintDescription": "Must be a valid container logging format.", - "Default": "graylog", - "Description": "Solace message broker logging format in CloudWatch", - "Type": "String" - }, - "AvailabilityZones": { - "Description": "List of Availability Zones to use for the subnets in the VPC. Note: The logical order is preserved. The number of zones to choose must be equal to 'Number of Availability Zones' previously specified", - "Type": "List" - }, - "NumberOfAZs": { - "ConstraintDescription": "3 means each node in own az, 2 puts monitor and backup in one az", - "Default": "3", - "Description": "Number of availability zones to use", - "AllowedValues": [ - "2", - "3" - ], - "Type": "Number" - }, - "BootDiskSize": { - "ConstraintDescription": "Deployment supports 8 to 128 GB for boot volumes", - "Default": "24", - "Description": "Allocated EBS storage for boot disk", - "MaxValue": "128", - "MinValue": "8", - "Type": "Number" - }, - "EventBrokerNodeInstanceType": { - "AllowedValues": [ - "t2.small", - "t2.medium", - "t2.large", - "t2.xlarge", - "t2.2xlarge", - "m3.large", - "m3.xlarge", - "m4.large", - "m4.xlarge", - "m4.2xlarge", - "m4.4xlarge", - "m5.large", - "m5.xlarge", - "m5.2xlarge", - "m5.4xlarge" - ], - "ConstraintDescription": "Must be a valid EC2 instance type.", - "Default": "m4.large", - "Description": "Instance Type for Solace message broker message routing nodes. Note: Make sure that your region supports the selected instance type before continuing", - "Type": "String" - }, - "EventBrokerNodeStorage": { - "ConstraintDescription": "No more than 640 GiB per device.", - "Default": "0", - "Description": "Allocated EBS storage for each block device (in GiB); 0 indicates ephemeral storage only. Non-zero will cause a new io1 disk creation for message-spool which will NOT be deleted on stack termination", - "AllowedValues": [ - "0", - "20", - "40", - "80", - "160", - "320", - "640" - ], - "Type": "Number" - }, - "KeyPairName": { - "Description": "Name of an existing EC2 key pair within the AWS region; all instances will launch with this key pair", - "Type": "AWS::EC2::KeyPair::KeyName" - }, - "CreatePrivateSubnets": { - "AllowedValues": [ - "true", - "false" - ], - "Default": "true", - "Description": "Whether to create and use Private Subnets with a fronting ELB", - "Type": "String" - }, - "RemoteAccessCIDR": { - "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$", - "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/x", - "Description": "Allowed CIDR block for external access to cluster nodes", - "Type": "String" - }, - "SSHAccessCIDR": { - "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$", - "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/x", - "Description": "Allowed CIDR block for external access to cluster nodes for mgmt", - "Type": "String" - }, - "MonitorNodeInstanceType": { - "AllowedValues": [ - "t2.micro", - "t2.small", - "t2.medium", - "t2.large", - "t2.xlarge", - "m4.large", - "m5.large" - ], - "ConstraintDescription": "Must be a valid EC2 instance type.", - "Default": "t2.micro", - "Description": "Instance Type for Solace message broker monitoring node. Note: Make sure that your region supports the selected instance type before continuing", - "Type": "String" - }, - "QSS3BucketName": { - "AllowedPattern": "^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$", - "ConstraintDescription": "Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).", - "Default": "solace-products", - "Description": "S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).", - "Type": "String" - }, - "QSS3KeyPrefix": { - "AllowedPattern": "^[0-9a-zA-Z-/]*$", - "ConstraintDescription": "Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).", - "Default": "pubsubplus-aws-ha-quickstart/latest/", - "Description": "S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).", - "Type": "String" - } - }, - "Mappings": {}, - "Conditions": { - "Use3AZs": { - "Fn::Equals": [ - { - "Ref": "NumberOfAZs" - }, - "3" - ] - }, - "UsePrivateSubnets": { - "Fn::Equals": [ - { - "Ref": "CreatePrivateSubnets" - }, - "true" - ] - }, - "GovCloudCondition": { - "Fn::Equals": [ - { - "Ref": "AWS::Region" - }, - "us-gov-west-1" - ] - } - }, - "Resources": { - "VPCStack": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template", - { - "QSS3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "Parameters": { - "AvailabilityZones": { - "Fn::Join": [ - ",", - { - "Ref": "AvailabilityZones" - } - ] - }, - "CreatePrivateSubnets": { - "Ref": "CreatePrivateSubnets" - }, - "KeyPairName": { - "Ref": "KeyPairName" - }, - "NumberOfAZs": { - "Ref": "NumberOfAZs" - } - } - } - }, - - "BastionStack": { - "Type": "AWS::CloudFormation::Stack", - "Condition": "UsePrivateSubnets", - "DependsOn": [ - "VPCStack" - ], - "Properties": { - "TemplateURL": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template", - { - "QSS3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "Parameters": { - "BastionInstanceType": "t2.micro", - "BastionAMIOS": "Amazon-Linux-HVM", - "EnableBanner": "true", - "BastionBanner": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/solace-banner.txt", - { - "QSS3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "NumBastionHosts": "2", - "KeyPairName": { - "Ref": "KeyPairName" - }, - "PublicSubnet1ID": { - "Fn::GetAtt": [ - "VPCStack", - "Outputs.PublicSubnet1ID" - ] - }, - "PublicSubnet2ID": { - "Fn::GetAtt": [ - "VPCStack", - "Outputs.PublicSubnet2ID" - ] - }, - "RemoteAccessCIDR": { - "Ref": "SSHAccessCIDR" - }, - "VPCID": { - "Fn::GetAtt": [ - "VPCStack", - "Outputs.VPCID" - ] - } - } - } - }, - "SolaceStack": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}templates/solace.template", - { - "QSS3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "Parameters": { - "SolaceDockerImage": { - "Ref": "SolaceDockerImage" - }, - "AdminPassword": { - "Ref": "AdminPassword" - }, - "ContainerLoggingFormat": { - "Ref": "ContainerLoggingFormat" - }, - "NumberOfAZs": { - "Ref": "NumberOfAZs" - }, - "BootDiskSize": { - "Ref": "BootDiskSize" - }, - "EventBrokerNodeInstanceType": { - "Ref": "EventBrokerNodeInstanceType" - }, - "EventBrokerNodeStorage": { - "Ref": "EventBrokerNodeStorage" - }, - "MonitorNodeInstanceType": { - "Ref": "MonitorNodeInstanceType" - }, - "KeyPairName": { - "Ref": "KeyPairName" - }, - "QSS3BucketName": { - "Ref": "QSS3BucketName" - }, - "QSS3KeyPrefix": { - "Ref": "QSS3KeyPrefix" - }, - "RemoteAccessCIDR": { - "Ref": "RemoteAccessCIDR" - }, - "UsePrivateSubnets": { - "Ref": "CreatePrivateSubnets" - }, - "SSHSecurityGroupID": { - "Fn::If": [ - "UsePrivateSubnets", - { - "Fn::GetAtt": [ - "BastionStack", - "Outputs.BastionSecurityGroupID" - ] - }, - "default" - ] - }, - "PrivateSubnetIDs" : { - "Fn::If": [ - "UsePrivateSubnets", - { - "Fn::If": [ - "Use3AZs", - { - "Fn::Join": [ - ",", - [ - { - "Fn::GetAtt": [ - "VPCStack", - "Outputs.PrivateSubnet1AID" - ] - }, - { - "Fn::GetAtt": [ - "VPCStack", - "Outputs.PrivateSubnet2AID" - ] - }, - { - "Fn::GetAtt": [ - "VPCStack", - "Outputs.PrivateSubnet3AID" - ] - } - ] - ] - }, - { - "Fn::Join": [ - ",", - [ - { - "Fn::GetAtt": [ - "VPCStack", - "Outputs.PrivateSubnet1AID" - ] - }, - { - "Fn::GetAtt": [ - "VPCStack", - "Outputs.PrivateSubnet2AID" - ] - } - ] - ] - } - ] - }, - { - "Fn::GetAtt": [ - "VPCStack", - "Outputs.PublicSubnet1ID" - ] - } - ] - }, - "PublicSubnetIDs" : { - "Fn::If": [ - "Use3AZs", - { - "Fn::Join": [ - ",", - [ - { - "Fn::GetAtt": [ - "VPCStack", - "Outputs.PublicSubnet1ID" - ] - }, - { - "Fn::GetAtt": [ - "VPCStack", - "Outputs.PublicSubnet2ID" - ] - }, - { - "Fn::GetAtt": [ - "VPCStack", - "Outputs.PublicSubnet3ID" - ] - } - ] - ] - }, - { - "Fn::Join": [ - ",", - [ - { - "Fn::GetAtt": [ - "VPCStack", - "Outputs.PublicSubnet1ID" - ] - }, - { - "Fn::GetAtt": [ - "VPCStack", - "Outputs.PublicSubnet2ID" - ] - } - ] - ] - } - ] - }, - "VPCID": { - "Fn::GetAtt": [ - "VPCStack", - "Outputs.VPCID" - ] - } - } - } - } - } -} +AWSTemplateFormatVersion: '2010-09-09' +Description: >- + This template creates a new VPC infrastructure for PubSub+ high availability architecture. + **WARNING** This template creates Amazon EC2 instance and related resources. You + will be billed for the AWS resources used if you create a stack from this template. + (qs-1nju7g5qq) +Metadata: + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: PubSub+ Configuration + Parameters: + - SolaceDockerImage + - AdminPassword + - ContainerLoggingFormat + - Label: + default: Network Configuration + Parameters: + - NumberOfAZs + - AvailabilityZones + - CreatePrivateSubnets + - SSHAccessCIDR + - RemoteAccessCIDR + - Label: + default: Common Amazon EC2 Configuration + Parameters: + - KeyPairName + - BootDiskSize + - Label: + default: Event Broker Instance Configuration + Parameters: + - EventBrokerNodeInstanceType + - EventBrokerNodeStorage + - Label: + default: Monitor Instance Configuration + Parameters: + - MonitorNodeInstanceType + - Label: + default: AWS Quick Start Configuration + Parameters: + - QSS3BucketName + - QSS3BucketRegion + - QSS3KeyPrefix + ParameterLabels: + SolaceDockerImage: + default: PubSub+ Docker image reference + AdminPassword: + default: Password to access PubSub+ admin console and SEMP + ContainerLoggingFormat: + default: Container logging format + AvailabilityZones: + default: Availability Zones + NumberOfAZs: + default: Number of Availability Zones + BootDiskSize: + default: Boot Disk Capacity (GiB) + EventBrokerNodeInstanceType: + default: Instance Type + EventBrokerNodeStorage: + default: Persistent Storage + MonitorNodeInstanceType: + default: Instance Type + KeyPairName: + default: Key Pair Name + SSHAccessCIDR: + default: Permitted IP range for console SSH access + RemoteAccessCIDR: + default: Allowed External Access CIDR + CreatePrivateSubnets: + default: Create production ready enviroment + QSS3BucketName: + default: Quick Start S3 Bucket Name + QSS3BucketRegion: + default: Quick Start S3 bucket region + QSS3KeyPrefix: + default: Quick Start S3 Key Prefix +Parameters: + SolaceDockerImage: + Description: >- + Solace PubSub+ event broker Docker image reference: a Docker registry name + with optional tag or a download URL. The download URL can be obtained from http://dev.solace.com/downloads/ + or it can be a url to a remotely hosted load version + Default: solace/solace-pubsub-standard:latest + Type: String + AdminPassword: + Description: Password to allow Solace admin access to configure the event broker + instances + Type: String + NoEcho: 'True' + ContainerLoggingFormat: + AllowedValues: + - graylog + - legacy + - raw + - rfc5424 + ConstraintDescription: Must be a valid container logging format. + Default: graylog + Description: PubSub+ event broker logging format in CloudWatch + Type: String + AvailabilityZones: + Description: 'List of Availability Zones to use for the subnets in the VPC. Note: + The logical order is preserved. The number of zones to choose must be equal + to ''Number of Availability Zones'' previously specified' + Type: List + NumberOfAZs: + ConstraintDescription: 3 means each node in own az, 2 puts monitor and backup + in one az + Default: '3' + Description: Number of availability zones to use + AllowedValues: + - '2' + - '3' + Type: Number + BootDiskSize: + ConstraintDescription: Deployment supports 8 to 128 GB for boot volumes + Default: '24' + Description: Allocated EBS storage for boot disk + MaxValue: '128' + MinValue: '8' + Type: Number + EventBrokerNodeInstanceType: + AllowedValues: + - t2.small + - t2.medium + - t2.large + - t2.xlarge + - t2.2xlarge + - m3.large + - m3.xlarge + - m4.large + - m4.xlarge + - m4.2xlarge + - m4.4xlarge + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + ConstraintDescription: Must be a valid EC2 instance type. + Default: m4.large + Description: 'Instance Type for PubSub+ event broker message routing nodes. Note: + Make sure that your region supports the selected instance type before continuing' + Type: String + EventBrokerNodeStorage: + ConstraintDescription: No more than 640 GiB per device. + Default: '0' + Description: Allocated EBS storage for each block device (in GiB); 0 indicates + ephemeral storage only. Non-zero will cause a new io1 disk creation for message-spool + which will NOT be deleted on stack termination + AllowedValues: + - '0' + - '20' + - '40' + - '80' + - '160' + - '320' + - '640' + Type: Number + KeyPairName: + Description: Name of an existing EC2 key pair within the AWS region; all instances + will launch with this key pair + Type: AWS::EC2::KeyPair::KeyName + CreatePrivateSubnets: + AllowedValues: + - 'true' + - 'false' + Default: 'true' + Description: Whether to create and use Private Subnets with a fronting ELB + Type: String + RemoteAccessCIDR: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x + Description: Allowed CIDR block for external access to cluster nodes + Type: String + SSHAccessCIDR: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x + Description: Allowed CIDR block for external access to cluster nodes for mgmt + Type: String + MonitorNodeInstanceType: + AllowedValues: + - t2.micro + - t2.small + - t2.medium + - t2.large + - t2.xlarge + - m4.large + - m5.large + ConstraintDescription: Must be a valid EC2 instance type. + Default: t2.micro + Description: 'Instance Type for PubSub+ event broker monitoring node. Note: Make + sure that your region supports the selected instance type before continuing' + Type: String + QSS3BucketName: + AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ + ConstraintDescription: Quick Start bucket name can include numbers, lowercase + letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen + (-). + Default: solace-products + Description: S3 bucket name for the Quick Start assets. Quick Start bucket name + can include numbers, lowercase letters, uppercase letters, and hyphens (-). + It cannot start or end with a hyphen (-). + Type: String + QSS3BucketRegion: + Default: 'us-east-1' + Description: 'The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.' + Type: String + QSS3KeyPrefix: + AllowedPattern: ^[0-9a-zA-Z-/]*$ + ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, + uppercase letters, hyphens (-), and forward slash (/). + Default: pubsubplus-aws-ha-quickstart/latest/ + Description: S3 key prefix for the Quick Start assets. Quick Start key prefix + can include numbers, lowercase letters, uppercase letters, hyphens (-), and + forward slash (/). + Type: String +Mappings: {} +Conditions: + Use3AZs: !Equals + - !Ref 'NumberOfAZs' + - '3' + UsePrivateSubnets: !Equals + - !Ref 'CreatePrivateSubnets' + - 'true' + GovCloudCondition: !Equals + - !Ref 'AWS::Region' + - us-gov-west-1 + UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] +Resources: + VPCStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: + !Sub + - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template' + - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] + S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + Parameters: + AvailabilityZones: !Join + - ',' + - !Ref 'AvailabilityZones' + CreatePrivateSubnets: !Ref 'CreatePrivateSubnets' + KeyPairName: !Ref 'KeyPairName' + NumberOfAZs: !Ref 'NumberOfAZs' + BastionStack: + Type: AWS::CloudFormation::Stack + Condition: UsePrivateSubnets + DependsOn: + - VPCStack + Properties: + TemplateURL: + !Sub + - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template' + - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] + S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + Parameters: + BastionInstanceType: t2.micro + BastionAMIOS: Amazon-Linux-HVM + EnableBanner: 'true' + BastionBanner: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/solace-banner.txt + - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] + S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + NumBastionHosts: '2' + KeyPairName: !Ref 'KeyPairName' + PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' + PublicSubnet2ID: !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' + QSS3BucketName: !Ref QSS3BucketName + QSS3BucketRegion: !Ref QSS3BucketRegion + QSS3KeyPrefix: !Sub ${QSS3KeyPrefix}submodules/quickstart-linux-bastion/ + RemoteAccessCIDR: !Ref 'SSHAccessCIDR' + VPCID: !GetAtt 'VPCStack.Outputs.VPCID' + SolaceStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: + !Sub + - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/solace.template' + - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] + S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + Parameters: + SolaceDockerImage: !Ref 'SolaceDockerImage' + AdminPassword: !Ref 'AdminPassword' + ContainerLoggingFormat: !Ref 'ContainerLoggingFormat' + NumberOfAZs: !Ref 'NumberOfAZs' + BootDiskSize: !Ref 'BootDiskSize' + EventBrokerNodeInstanceType: !Ref 'EventBrokerNodeInstanceType' + EventBrokerNodeStorage: !Ref 'EventBrokerNodeStorage' + MonitorNodeInstanceType: !Ref 'MonitorNodeInstanceType' + KeyPairName: !Ref 'KeyPairName' + QSS3BucketName: !Ref 'QSS3BucketName' + QSS3BucketRegion: !Ref 'QSS3BucketRegion' + QSS3KeyPrefix: !Ref 'QSS3KeyPrefix' + RemoteAccessCIDR: !Ref 'RemoteAccessCIDR' + UsePrivateSubnets: !Ref 'CreatePrivateSubnets' + SSHSecurityGroupID: !If + - UsePrivateSubnets + - !GetAtt 'BastionStack.Outputs.BastionSecurityGroupID' + - default + PrivateSubnetIDs: !If + - UsePrivateSubnets + - !If + - Use3AZs + - !Join + - ',' + - - !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' + - !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' + - !GetAtt 'VPCStack.Outputs.PrivateSubnet3AID' + - !Join + - ',' + - - !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' + - !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' + - !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' + PublicSubnetIDs: !If + - Use3AZs + - !Join + - ',' + - - !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' + - !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' + - !GetAtt 'VPCStack.Outputs.PublicSubnet3ID' + - !Join + - ',' + - - !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' + - !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' + VPCID: !GetAtt 'VPCStack.Outputs.VPCID' diff --git a/templates/solace.template b/templates/solace.template index 3b4e2e8..81cd58c 100644 --- a/templates/solace.template +++ b/templates/solace.template @@ -1,996 +1,653 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "CloudFormation template to deploy Solace PubSub+ HA Event Brokers on AWS. (qs-1nju7g5r0)", - "Metadata": { - "AWS::CloudFormation::Interface": { - "ParameterGroups": [ - { - "Label": { "default": "Solace Configuration" }, - "Parameters": [ - "SolaceDockerImage", - "AdminPassword", - "ContainerLoggingFormat" - ] - }, - { - "Label": { "default": "Network Configuration" }, - "Parameters": [ - "VPCID", - "NumberOfAZs", - "UsePrivateSubnets", - "PublicSubnetIDs", - "PrivateSubnetIDs", - "SSHSecurityGroupID", - "RemoteAccessCIDR" - ] - }, - { - "Label": { "default": "Common Amazon EC2 Configuration" }, - "Parameters": [ - "KeyPairName", - "BootDiskSize" - ] - }, - { - "Label": { "default": "Event Broker Instance Configuration" }, - "Parameters": [ - "EventBrokerNodeInstanceType", - "EventBrokerNodeStorage" - ] - }, - { - "Label": { "default": "Monitor Instance Configuration" }, - "Parameters": [ "MonitorNodeInstanceType" ] - }, - { - "Label": { "default": "AWS Quick Start Configuration" }, - "Parameters": [ - "QSS3BucketName", - "QSS3KeyPrefix" - ] - } - ], - "ParameterLabels": { - "SolaceDockerImage": { - "default": "Solace Docker image reference" - }, - "AdminPassword": { - "default": "Password to access Solace admin console and SEMP" - }, - "ContainerLoggingFormat": { - "default": "Container logging format" - }, - "BootDiskSize": { - "default": "Boot Disk Capacity (GiB)" - }, - "EventBrokerNodeInstanceType": { - "default": "Instance Type" - }, - "EventBrokerNodeStorage": { - "default": "Persistent Storage" - }, - "MonitorNodeInstanceType": { - "default": "Instance Type" - }, - "KeyPairName": { - "default": "Key Pair Name" - }, - "NumberOfAZs": { - "default": "Number of Availability Zones to use" - }, - "RemoteAccessCIDR": { - "default": "Allowed External Access CIDR" - }, - "SSHSecurityGroupID": { - "default": "Security group allowed to access console SSH" - }, - "UsePrivateSubnets": { - "default": "Use private subnets" - }, - "VPCID": { - "default": "VPC ID" - }, - "PrivateSubnetIDs": { - "default": "Private Subnet IDs" - }, - "PublicSubnetIDs": { - "default": "Public Subnet IDs" - }, - "QSS3BucketName": { - "default": "Quick Start S3 Bucket Name" - }, - "QSS3KeyPrefix": { - "default": "Quick Start S3 Key Prefix" - } - } - } - }, - "Parameters": { - "SolaceDockerImage": { - "Description": "Solace PubSub+ message broker docker image reference: a docker registry name with optional tag or a download URL. The download URL can be obtained from http://dev.solace.com/downloads/ or it can be a url to a remotely hosted load version", - "Default": "solace/solace-pubsub-standard:latest", - "Type": "String" - }, - "AdminPassword": { - "Description": "Required password to access Solace admin console and SEMP", - "Type": "String", - "NoEcho": "True" - }, - "ContainerLoggingFormat": { - "AllowedValues": [ - "graylog", - "legacy", - "raw", - "rfc5424" - ], - "ConstraintDescription": "Must be a valid container logging format.", - "Default": "graylog", - "Description": "Solace message broker logging format in CloudWatch", - "Type": "String" - }, - "BootDiskSize": { - "ConstraintDescription": "Deployment supports 8 to 128 GB for boot volumes", - "Default": "24", - "Description": "Allocated EBS storage for boot disk", - "MaxValue": "128", - "MinValue": "8", - "Type": "Number" - }, - "EventBrokerNodeInstanceType": { - "AllowedValues": [ - "t2.small", - "t2.medium", - "t2.large", - "t2.xlarge", - "t2.2xlarge", - "m3.large", - "m3.xlarge", - "m4.large", - "m4.xlarge", - "m4.2xlarge", - "m4.4xlarge", - "m5.large", - "m5.xlarge", - "m5.2xlarge", - "m5.4xlarge" - ], - "ConstraintDescription": "Must be a valid EC2 instance type.", - "Default": "m4.large", - "Description": "Instance Type for Solace message broker message routing nodes. Note: Make sure that your region supports the selected instance type before continuing", - "Type": "String" - }, - "EventBrokerNodeStorage": { - "ConstraintDescription": "No more than 640 GiB per device.", - "Default": "0", - "Description": "Allocated EBS storage for each block device (in GiB); 0 indicates ephemeral storage only. Non-zero will cause a new io1 disk creation for message-spool which will NOT be deleted on stack termination", - "AllowedValues": [ - "0", - "20", - "40", - "80", - "160", - "320", - "640" - ], - "Type": "Number" - }, - "MonitorNodeInstanceType": { - "AllowedValues": [ - "t2.micro", - "t2.small", - "t2.medium", - "t2.large", - "t2.xlarge", - "m4.large", - "m5.large" - ], - "ConstraintDescription": "Must be a valid EC2 instance type.", - "Default": "t2.micro", - "Description": "Instance Type for Solace message broker monitoring node. Note: Make sure that your region supports the selected instance type before continuing", - "Type": "String" - }, - "KeyPairName": { - "Description": "Name of an existing EC2 key pair within the AWS region; all instances will launch with this key pair", - "Type": "AWS::EC2::KeyPair::KeyName" - }, - "NumberOfAZs": { - "ConstraintDescription": "3 means each node in own az, 2 puts monitor and backup in one az", - "Default": "3", - "Description": "Number of availability zones to use", - "AllowedValues": [ - "2", - "3" - ], - "Type": "Number" - }, - "RemoteAccessCIDR": { - "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$", - "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/x", - "Description": "Allowed CIDR block for external access to cluster nodes", - "Type": "String" - }, - "SSHSecurityGroupID": { - "Description": "ID of the SSH Security Group (e.g., sg-7f16e910). Note: This will be ignored if 'Use private subnets' is set to 'false'", - "Type": "String" - }, - "UsePrivateSubnets": { - "AllowedValues": [ - "true", - "false" - ], - "Default": "true", - "Description": "Whether to use Private Subnets with fronting Bastion Servers", - "Type": "String" - }, - "PrivateSubnetIDs": { - "Description": "Comma separated list of VPC private subnet IDs for the cluster deployment (e.g. subnet-4b8d329f,subnet-bd73afc8); VPC must exist with proper configuration for Solace cluster access. Note: This will be ignored if 'Use private subnets' is set to 'false'", - "Type": "List" - }, - "PublicSubnetIDs": { - "Description": "Comma separated list of VPC public subnet IDs for the cluster deployment (e.g. subnet-4b8d329f,subnet-bd73afc8); VPC must exist with proper configuration for Solace cluster access", - "Type": "List" - }, - "VPCID": { - "Description": "ID of the VPC (e.g. vpc-0343606e)", - "Type": "AWS::EC2::VPC::Id" - }, - "QSS3BucketName": { - "AllowedPattern": "^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$", - "ConstraintDescription": "Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).", - "Default": "solace-products", - "Description": "S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).", - "Type": "String" - }, - "QSS3KeyPrefix": { - "AllowedPattern": "^[0-9a-zA-Z-/]*$", - "ConstraintDescription": "Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).", - "Default": "pubsubplus-aws-ha-quickstart/latest/", - "Description": "S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).", - "Type": "String" - } - }, - "Mappings": { - "AWSInfoRegionMap": { - "ap-northeast-1": { - "Partition": "aws", - "QuickStartS3URL": "https://s3.amazonaws.com" - }, - "ap-northeast-2": { - "Partition": "aws", - "QuickStartS3URL": "https://s3.amazonaws.com" - }, - "ap-south-1": { - "Partition": "aws", - "QuickStartS3URL": "https://s3.amazonaws.com" - }, - "ap-southeast-1": { - "Partition": "aws", - "QuickStartS3URL": "https://s3.amazonaws.com" - }, - "ap-southeast-2": { - "Partition": "aws", - "QuickStartS3URL": "https://s3.amazonaws.com" - }, - "ca-central-1": { - "Partition": "aws", - "QuickStartS3URL": "https://s3.amazonaws.com" - }, - "eu-central-1": { - "Partition": "aws", - "QuickStartS3URL": "https://s3.amazonaws.com" - }, - "eu-west-1": { - "Partition": "aws", - "QuickStartS3URL": "https://s3.amazonaws.com" - }, - "eu-west-2": { - "Partition": "aws", - "QuickStartS3URL": "https://s3.amazonaws.com" - }, - "sa-east-1": { - "Partition": "aws", - "QuickStartS3URL": "https://s3.amazonaws.com" - }, - "us-east-1": { - "Partition": "aws", - "QuickStartS3URL": "https://s3.amazonaws.com" - }, - "us-east-2": { - "Partition": "aws", - "QuickStartS3URL": "https://s3.amazonaws.com" - }, - "us-west-1": { - "Partition": "aws", - "QuickStartS3URL": "https://s3.amazonaws.com" - }, - "us-west-2": { - "Partition": "aws", - "QuickStartS3URL": "https://s3.amazonaws.com" - } - } - }, - "Conditions": { - "EnableWaitConditions": { - "Fn::Equals": [ - "1", - "1" - ] - }, - "Use3AZs": { - "Fn::Equals": [ - {"Ref": "NumberOfAZs"}, - "3" - ] - }, - "UsePrivateSubnetsCondition": { - "Fn::Equals": [ - { "Ref": "UsePrivateSubnets" }, - "true" - ] - }, - "GovCloudCondition": { - "Fn::Equals": [ - { "Ref": "AWS::Region" }, - "us-gov-west-1" - ] - } - }, - "Resources": { - "SolaceVMRRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "Policies": [ - { - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ "s3:GetObject" ], - "Resource": { - "Fn::Sub": [ - "arn:${Partition}:s3:::${QSS3BucketName}/${QSS3KeyPrefix}*", - { - "Partition": { - "Fn::If": [ - "GovCloudCondition", - "aws-us-gov", - "aws" - ] - } - } - ] - }, - "Effect": "Allow" - } - ] - }, - "PolicyName": "s3-policy" - }, - { - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "cloudformation:DescribeStackResources", - "ec2:DescribeInstances", - "ec2:CreateTags" - ], - "Resource": [ - "*" - ], - "Effect": "Allow" - } - ] - }, - "PolicyName": "ec2-policy" - }, - { - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams" - ], - "Resource": [ - "arn:aws:logs:*:*:*" - ], - "Effect": "Allow" - } - ] - }, - "PolicyName": "cloudwatch-policy" - } - ], - "Path": "/", - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": [ "sts:AssumeRole" ], - "Principal": { "Service": [ "ec2.amazonaws.com" ] }, - "Effect": "Allow" - } - ], - "Version": "2012-10-17" - } - } - }, - "InstanceProfile": { - "Type": "AWS::IAM::InstanceProfile", - "Properties": { - "Path": "/", - "Roles": [ { "Ref": "SolaceVMRRole" } ] - } - }, - "EventBrokerPrimaryStack": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}templates/nodecreate.template", - { - "QSS3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "Parameters": { - "SolaceDockerImage": { - "Ref": "SolaceDockerImage" - }, - "AdminPassword": { - "Ref": "AdminPassword" - }, - "ContainerLoggingFormat": { - "Ref": "ContainerLoggingFormat" - }, - "BootDiskSize": { - "Ref": "BootDiskSize" - }, - "ClusterInfoHandle": { - "Ref": "ClusterInfoHandle" - }, - "InstanceProfile": { - "Ref": "InstanceProfile" - }, - "KeyPairName": { - "Ref": "KeyPairName" - }, - "NodeDesignation": "message-router-primary", - "NodeInstanceType": { - "Ref": "EventBrokerNodeInstanceType" - }, - "NodeSecurityGroup": { - "Fn::Join": [ - ",", - [ - { "Ref" : "EventBrokerSecurityGroup" }, - { "Ref" : "SolaceInternalSecurityGroup" }, - { "Ref" : "SolaceInternalSecurityGroupMember" }, - { "Ref" : "RemoteMgmtSecurityGroup" } - ] - ] - }, - "ParentStackName": { - "Ref": "AWS::StackName" - }, - "PersistentStorage": { - "Ref": "EventBrokerNodeStorage" - }, - "QSS3BucketName": { - "Ref": "QSS3BucketName" - }, - "QSS3KeyPrefix": { - "Ref": "QSS3KeyPrefix" - }, - "SubnetID": { - "Fn::Select": [ - 0, - { - "Fn::If": [ - "UsePrivateSubnetsCondition", - { "Ref": "PrivateSubnetIDs" }, - { "Ref": "PublicSubnetIDs" } - ] - } - ] - } - } - } - }, - "EventBrokerBackupStack": { - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}templates/nodecreate.template", - { - "QSS3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "Parameters": { - "SolaceDockerImage": { - "Ref": "SolaceDockerImage" - }, - "AdminPassword": { - "Ref": "AdminPassword" - }, - "ContainerLoggingFormat": { - "Ref": "ContainerLoggingFormat" - }, - "BootDiskSize": { - "Ref": "BootDiskSize" - }, - "ClusterInfoHandle": { - "Ref": "ClusterInfoHandle" - }, - "InstanceProfile": { - "Ref": "InstanceProfile" - }, - "KeyPairName": { - "Ref": "KeyPairName" - }, - "NodeDesignation": "message-router-backup", - "NodeInstanceType": { - "Ref": "EventBrokerNodeInstanceType" - }, - "NodeSecurityGroup": { - "Fn::Join": [ - ",", - [ - { "Ref" : "EventBrokerSecurityGroup" }, - { "Ref" : "SolaceInternalSecurityGroup" }, - { "Ref" : "SolaceInternalSecurityGroupMember" }, - { "Ref" : "RemoteMgmtSecurityGroup" } - ] - ] - }, - "ParentStackName": { - "Ref": "AWS::StackName" - }, - "PersistentStorage": { - "Ref": "EventBrokerNodeStorage" - }, - "QSS3BucketName": { - "Ref": "QSS3BucketName" - }, - "QSS3KeyPrefix": { - "Ref": "QSS3KeyPrefix" - }, - "SubnetID": { - "Fn::Select": [ - 1, - { - "Fn::If": [ - "UsePrivateSubnetsCondition", - { "Ref": "PrivateSubnetIDs" }, - { "Ref": "PublicSubnetIDs" } - ] - } - ] - } - } - } - }, - "MonitorStack" :{ - "Type": "AWS::CloudFormation::Stack", - "Properties": { - "TemplateURL": { - "Fn::Sub": [ - "https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}templates/nodecreate.template", - { - "QSS3Region": { - "Fn::If": [ - "GovCloudCondition", - "s3-us-gov-west-1", - "s3" - ] - } - } - ] - }, - "Parameters": { - "SolaceDockerImage": { - "Ref": "SolaceDockerImage" - }, - "AdminPassword": { - "Ref": "AdminPassword" - }, - "ContainerLoggingFormat": { - "Ref": "ContainerLoggingFormat" - }, - "BootDiskSize": { - "Ref": "BootDiskSize" - }, - "ClusterInfoHandle": { - "Ref": "ClusterInfoHandle" - }, - "InstanceProfile": { - "Ref": "InstanceProfile" - }, - "KeyPairName": { - "Ref": "KeyPairName" - }, - "NodeDesignation": "monitor", - "NodeInstanceType": { - "Ref": "MonitorNodeInstanceType" - }, - "NodeSecurityGroup": { - "Fn::Join": [ - ",", - [ - { "Ref" : "SolaceInternalSecurityGroup" }, - { "Ref" : "SolaceInternalSecurityGroupMember" }, - { "Ref" : "RemoteMgmtSecurityGroup" } - ] - ] - }, - "ParentStackName": { - "Ref": "AWS::StackName" - }, - "PersistentStorage": "0", - "QSS3BucketName": { - "Ref": "QSS3BucketName" - }, - "QSS3KeyPrefix": { - "Ref": "QSS3KeyPrefix" - }, - "SubnetID": { - "Fn::Select": [ - { "Fn::If": ["Use3AZs", 2, 1] }, - { - "Fn::If": [ - "UsePrivateSubnetsCondition", - { "Ref": "PrivateSubnetIDs" }, - { "Ref": "PublicSubnetIDs" } - ] - } - ] - } - } - } - }, - "SolaceInternalSecurityGroupMember": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "VpcId": { - "Ref": "VPCID" - }, - "GroupDescription": "All Solace Nodes" - } - }, - "SolaceInternalSecurityGroup": { - "Type": "AWS::EC2::SecurityGroup", - "DependsOn": [ "SolaceInternalSecurityGroupMember" ], - "Properties": { - "VpcId": { - "Ref": "VPCID" - }, - "GroupDescription": "All Solace Nodes", - "SecurityGroupIngress": [ - { - "IpProtocol": "tcp", - "FromPort": "8741", - "ToPort": "8741", - "SourceSecurityGroupId": { "Ref": "SolaceInternalSecurityGroupMember" } - }, - { - "IpProtocol": "tcp", - "FromPort": "8300", - "ToPort": "8302", - "SourceSecurityGroupId": { "Ref": "SolaceInternalSecurityGroupMember" } - }, - { - "IpProtocol": "udp", - "FromPort": "8300", - "ToPort": "8302", - "SourceSecurityGroupId": { "Ref": "SolaceInternalSecurityGroupMember" } - }, - { - "IpProtocol": "tcp", - "FromPort": "55555", - "ToPort": "55555", - "SourceSecurityGroupId": { "Ref": "SolaceInternalSecurityGroupMember" } - }, - { - "IpProtocol": "tcp", - "FromPort": "55003", - "ToPort": "55003", - "SourceSecurityGroupId": { "Ref": "SolaceInternalSecurityGroupMember" } - }, - { - "IpProtocol": "tcp", - "FromPort": "55443", - "ToPort": "55443", - "SourceSecurityGroupId": { "Ref": "SolaceInternalSecurityGroupMember" } - }, - { - "IpProtocol": "tcp", - "FromPort": "1443", - "ToPort": "1443", - "SourceSecurityGroupId": { "Ref": "SolaceInternalSecurityGroupMember" } - }, - { - "IpProtocol": "tcp", - "FromPort": "8000", - "ToPort": "8000", - "SourceSecurityGroupId": { "Ref": "SolaceInternalSecurityGroupMember" } - }, - { - "IpProtocol": "tcp", - "FromPort": "5672", - "ToPort": "5672", - "SourceSecurityGroupId": { "Ref": "SolaceInternalSecurityGroupMember" } - }, - { - "IpProtocol": "tcp", - "FromPort": "9000", - "ToPort": "9000", - "SourceSecurityGroupId": { "Ref": "SolaceInternalSecurityGroupMember" } - }, - { - "IpProtocol": "tcp", - "FromPort": "1883", - "ToPort": "1883", - "SourceSecurityGroupId": { "Ref": "SolaceInternalSecurityGroupMember" } - }, - { - "IpProtocol": "tcp", - "FromPort": "8008", - "ToPort": "8008", - "SourceSecurityGroupId": { "Ref": "SolaceInternalSecurityGroupMember" } - }, - { - "IpProtocol": "tcp", - "FromPort": "8080", - "ToPort": "8080", - "SourceSecurityGroupId": { "Ref": "SolaceInternalSecurityGroupMember" } - }, - { - "IpProtocol": "tcp", - "FromPort": "1943", - "ToPort": "1943", - "SourceSecurityGroupId": { "Ref": "SolaceInternalSecurityGroupMember" } - }, - { - "IpProtocol": "tcp", - "FromPort": "5550", - "ToPort": "5550", - "SourceSecurityGroupId": { "Ref": "SolaceInternalSecurityGroupMember" } - } - ] - } - }, - "RemoteMgmtSecurityGroup": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "VpcId": { - "Ref": "VPCID" - }, - "GroupDescription": "All devices external to AWS", - "SecurityGroupIngress": [ - { - "Fn::If": [ - "UsePrivateSubnetsCondition", - { - "IpProtocol": "tcp", - "FromPort": "22", - "ToPort": "22", - "SourceSecurityGroupId": { "Ref": "SSHSecurityGroupID" } - }, - { - "IpProtocol": "tcp", - "FromPort": "22", - "ToPort": "22", - "CidrIp": { "Ref": "RemoteAccessCIDR" } - } - ] - } - ] - } - }, - "EventBrokerSecurityGroup": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "VpcId": { - "Ref": "VPCID" - }, - "GroupDescription": "Event Broker Security Group", - "SecurityGroupIngress": [ - { - "IpProtocol": "tcp", - "FromPort": "55555", - "ToPort": "55555", - "CidrIp": { - "Ref": "RemoteAccessCIDR" - } - }, - { - "IpProtocol": "tcp", - "FromPort": "55003", - "ToPort": "55003", - "CidrIp": { - "Ref": "RemoteAccessCIDR" - } - }, - { - "IpProtocol": "tcp", - "FromPort": "55443", - "ToPort": "55443", - "CidrIp": { - "Ref": "RemoteAccessCIDR" - } - }, - { - "IpProtocol": "tcp", - "FromPort": "1443", - "ToPort": "1443", - "CidrIp": { - "Ref": "RemoteAccessCIDR" - } - }, - { - "IpProtocol": "tcp", - "FromPort": "8000", - "ToPort": "8000", - "CidrIp": { - "Ref": "RemoteAccessCIDR" - } - }, - { - "IpProtocol": "tcp", - "FromPort": "5672", - "ToPort": "5672", - "CidrIp": { - "Ref": "RemoteAccessCIDR" - } - }, - { - "IpProtocol": "tcp", - "FromPort": "9000", - "ToPort": "9000", - "CidrIp": { - "Ref": "RemoteAccessCIDR" - } - }, - { - "IpProtocol": "tcp", - "FromPort": "1883", - "ToPort": "1883", - "CidrIp": { - "Ref": "RemoteAccessCIDR" - } - }, - { - "IpProtocol": "tcp", - "FromPort": "8008", - "ToPort": "8008", - "CidrIp": { - "Ref": "RemoteAccessCIDR" - } - }, - { - "IpProtocol": "tcp", - "FromPort": "8080", - "ToPort": "8080", - "CidrIp": { - "Ref": "RemoteAccessCIDR" - } - }, - { - "IpProtocol": "tcp", - "FromPort": "1943", - "ToPort": "1943", - "CidrIp": { - "Ref": "RemoteAccessCIDR" - } - } - ] - } - }, - "ClusterInfoHandle": { - "Type": "AWS::CloudFormation::WaitConditionHandle" - }, - "ClusterInfoCondition": { - "Type": "AWS::CloudFormation::WaitCondition", - "Condition": "EnableWaitConditions", - "DependsOn": ["EventBrokerPrimaryStack", "EventBrokerBackupStack", "MonitorStack"], - "Properties": { - "Handle": { - "Ref": "ClusterInfoHandle" - }, - "Timeout": "300", - "Count": "1" - } - }, - "ELB": { - "Type": "AWS::ElasticLoadBalancing::LoadBalancer", - "DependsOn": ["EventBrokerPrimaryStack"], - "Condition": "UsePrivateSubnetsCondition", - "Properties":{ - "SecurityGroups": [ - { "Ref" : "EventBrokerSecurityGroup" }, - { "Ref" : "SolaceInternalSecurityGroupMember" } - ], - "Subnets" : { "Ref": "PublicSubnetIDs" }, - "Instances" : [ - {"Fn::GetAtt": ["EventBrokerPrimaryStack","Outputs.EC2ID"]}, - {"Fn::GetAtt": ["EventBrokerBackupStack","Outputs.EC2ID"]}, - {"Fn::GetAtt": ["MonitorStack","Outputs.EC2ID"]} - ], - "HealthCheck" : { - "Target" : { - "Fn::Join" : [ "", [ "HTTP:", 5550, "/health-check/guaranteed-active" ] ] - }, - "Timeout" : "3", - "Interval" : "5", - "UnhealthyThreshold" : "2", - "HealthyThreshold" : "2" - }, - "Listeners" : [ - { - "LoadBalancerPort" : "55555", - "InstancePort" : "55555", - "Protocol" : "TCP" - },{ - "LoadBalancerPort" : "55003", - "InstancePort" : "55003", - "Protocol" : "TCP" - },{ - "LoadBalancerPort" : "55443", - "InstancePort" : "55443", - "Protocol" : "TCP" - },{ - "LoadBalancerPort" : "1443", - "InstancePort" : "1443", - "Protocol" : "TCP" - },{ - "LoadBalancerPort" : "8000", - "InstancePort" : "8000", - "Protocol" : "TCP" - },{ - "LoadBalancerPort" : "5672", - "InstancePort" : "5672", - "Protocol" : "TCP" - },{ - "LoadBalancerPort" : "9000", - "InstancePort" : "9000", - "Protocol" : "TCP" - },{ - "LoadBalancerPort" : "1883", - "InstancePort" : "1883", - "Protocol" : "TCP" - },{ - "LoadBalancerPort" : "8008", - "InstancePort" : "8008", - "Protocol" : "TCP" - },{ - "LoadBalancerPort" : "8080", - "InstancePort" : "8080", - "Protocol" : "TCP" - },{ - "LoadBalancerPort" : "1943", - "InstancePort" : "1943", - "Protocol" : "TCP" - } - ] - } - } - } -} +AWSTemplateFormatVersion: '2010-09-09' +Description: CloudFormation template to deploy Solace PubSub+ HA Event Brokers on + AWS. (qs-1nju7g5r0) +Metadata: + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: Solace Configuration + Parameters: + - SolaceDockerImage + - AdminPassword + - ContainerLoggingFormat + - Label: + default: Network Configuration + Parameters: + - VPCID + - NumberOfAZs + - UsePrivateSubnets + - PublicSubnetIDs + - PrivateSubnetIDs + - SSHSecurityGroupID + - RemoteAccessCIDR + - Label: + default: Common Amazon EC2 Configuration + Parameters: + - KeyPairName + - BootDiskSize + - Label: + default: Event Broker Instance Configuration + Parameters: + - EventBrokerNodeInstanceType + - EventBrokerNodeStorage + - Label: + default: Monitor Instance Configuration + Parameters: + - MonitorNodeInstanceType + - Label: + default: AWS Quick Start Configuration + Parameters: + - QSS3BucketName + - QSS3BucketRegion + - QSS3KeyPrefix + ParameterLabels: + SolaceDockerImage: + default: Solace Docker image reference + AdminPassword: + default: Password to access Solace admin console and SEMP + ContainerLoggingFormat: + default: Container logging format + BootDiskSize: + default: Boot Disk Capacity (GiB) + EventBrokerNodeInstanceType: + default: Instance Type + EventBrokerNodeStorage: + default: Persistent Storage + MonitorNodeInstanceType: + default: Instance Type + KeyPairName: + default: Key Pair Name + NumberOfAZs: + default: Number of Availability Zones to use + RemoteAccessCIDR: + default: Allowed External Access CIDR + SSHSecurityGroupID: + default: Security group allowed to access console SSH + UsePrivateSubnets: + default: Use private subnets + VPCID: + default: VPC ID + PrivateSubnetIDs: + default: Private Subnet IDs + PublicSubnetIDs: + default: Public Subnet IDs + QSS3BucketName: + default: Quick Start S3 Bucket Name + QSS3BucketRegion: + default: Quick Start S3 bucket region + QSS3KeyPrefix: + default: Quick Start S3 Key Prefix +Parameters: + SolaceDockerImage: + Description: >- + Solace PubSub+ event broker docker image reference: a docker registry name + with optional tag or a download URL. The download URL can be obtained from http://dev.solace.com/downloads/ + or it can be a url to a remotely hosted load version + Default: solace/solace-pubsub-standard:latest + Type: String + AdminPassword: + Description: Required password to access Solace admin console and SEMP + Type: String + NoEcho: 'True' + ContainerLoggingFormat: + AllowedValues: + - graylog + - legacy + - raw + - rfc5424 + ConstraintDescription: Must be a valid container logging format. + Default: graylog + Description: PubSub+ event broker logging format in CloudWatch + Type: String + BootDiskSize: + ConstraintDescription: Deployment supports 8 to 128 GB for boot volumes + Default: '24' + Description: Allocated EBS storage for boot disk + MaxValue: '128' + MinValue: '8' + Type: Number + EventBrokerNodeInstanceType: + AllowedValues: + - t2.small + - t2.medium + - t2.large + - t2.xlarge + - t2.2xlarge + - m3.large + - m3.xlarge + - m4.large + - m4.xlarge + - m4.2xlarge + - m4.4xlarge + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + ConstraintDescription: Must be a valid EC2 instance type. + Default: m4.large + Description: 'Instance Type for PubSub+ event broker message routing nodes. Note: + Make sure that your region supports the selected instance type before continuing' + Type: String + EventBrokerNodeStorage: + ConstraintDescription: No more than 640 GiB per device. + Default: '0' + Description: Allocated EBS storage for each block device (in GiB); 0 indicates + ephemeral storage only. Non-zero will cause a new io1 disk creation for message-spool + which will NOT be deleted on stack termination + AllowedValues: + - '0' + - '20' + - '40' + - '80' + - '160' + - '320' + - '640' + Type: Number + MonitorNodeInstanceType: + AllowedValues: + - t2.micro + - t2.small + - t2.medium + - t2.large + - t2.xlarge + - m4.large + - m5.large + ConstraintDescription: Must be a valid EC2 instance type. + Default: t2.micro + Description: 'Instance Type for PubSub+ event broker monitoring node. Note: Make + sure that your region supports the selected instance type before continuing' + Type: String + KeyPairName: + Description: Name of an existing EC2 key pair within the AWS region; all instances + will launch with this key pair + Type: AWS::EC2::KeyPair::KeyName + NumberOfAZs: + ConstraintDescription: 3 means each node in own az, 2 puts monitor and backup + in one az + Default: '3' + Description: Number of availability zones to use + AllowedValues: + - '2' + - '3' + Type: Number + RemoteAccessCIDR: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x + Description: Allowed CIDR block for external access to cluster nodes + Type: String + SSHSecurityGroupID: + Description: 'ID of the SSH Security Group (e.g., sg-7f16e910). Note: This will + be ignored if ''Use private subnets'' is set to ''false''' + Type: String + UsePrivateSubnets: + AllowedValues: + - 'true' + - 'false' + Default: 'true' + Description: Whether to use Private Subnets with fronting Bastion Servers + Type: String + PrivateSubnetIDs: + Description: >- + Comma separated list of VPC private subnet IDs for the cluster deployment (e.g. + subnet-4b8d329f,subnet-bd73afc8); VPC must exist with proper configuration for + Solace cluster access. Note: This will be ignored if 'Use private subnets' is + set to 'false' + Type: List + PublicSubnetIDs: + Description: Comma separated list of VPC public subnet IDs for the cluster deployment + (e.g. subnet-4b8d329f,subnet-bd73afc8); VPC must exist with proper configuration + for Solace cluster access + Type: List + VPCID: + Description: ID of the VPC (e.g. vpc-0343606e) + Type: AWS::EC2::VPC::Id + QSS3BucketName: + AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ + ConstraintDescription: Quick Start bucket name can include numbers, lowercase + letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen + (-). + Default: solace-products + Description: S3 bucket name for the Quick Start assets. Quick Start bucket name + can include numbers, lowercase letters, uppercase letters, and hyphens (-). + It cannot start or end with a hyphen (-). + Type: String + QSS3BucketRegion: + Default: 'us-east-1' + Description: 'The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.' + Type: String + QSS3KeyPrefix: + AllowedPattern: ^[0-9a-zA-Z-/]*$ + ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, + uppercase letters, hyphens (-), and forward slash (/). + Default: pubsubplus-aws-ha-quickstart/latest/ + Description: S3 key prefix for the Quick Start assets. Quick Start key prefix + can include numbers, lowercase letters, uppercase letters, hyphens (-), and + forward slash (/). + Type: String +Mappings: + AWSInfoRegionMap: + ap-northeast-1: + Partition: aws + QuickStartS3URL: https://s3.amazonaws.com + ap-northeast-2: + Partition: aws + QuickStartS3URL: https://s3.amazonaws.com + ap-south-1: + Partition: aws + QuickStartS3URL: https://s3.amazonaws.com + ap-southeast-1: + Partition: aws + QuickStartS3URL: https://s3.amazonaws.com + ap-southeast-2: + Partition: aws + QuickStartS3URL: https://s3.amazonaws.com + ca-central-1: + Partition: aws + QuickStartS3URL: https://s3.amazonaws.com + eu-central-1: + Partition: aws + QuickStartS3URL: https://s3.amazonaws.com + eu-west-1: + Partition: aws + QuickStartS3URL: https://s3.amazonaws.com + eu-west-2: + Partition: aws + QuickStartS3URL: https://s3.amazonaws.com + sa-east-1: + Partition: aws + QuickStartS3URL: https://s3.amazonaws.com + us-east-1: + Partition: aws + QuickStartS3URL: https://s3.amazonaws.com + us-east-2: + Partition: aws + QuickStartS3URL: https://s3.amazonaws.com + us-west-1: + Partition: aws + QuickStartS3URL: https://s3.amazonaws.com + us-west-2: + Partition: aws + QuickStartS3URL: https://s3.amazonaws.com +Conditions: + EnableWaitConditions: !Equals + - '1' + - '1' + Use3AZs: !Equals + - !Ref 'NumberOfAZs' + - '3' + UsePrivateSubnetsCondition: !Equals + - !Ref 'UsePrivateSubnets' + - 'true' + GovCloudCondition: !Equals + - !Ref 'AWS::Region' + - us-gov-west-1 + UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] +Resources: + SolaceVMRRole: + Type: AWS::IAM::Role + Properties: + Policies: + - PolicyDocument: + Version: '2012-10-17' + Statement: + - Action: + - s3:GetObject + Resource: "*" + Effect: Allow + PolicyName: s3-policy + - PolicyDocument: + Version: '2012-10-17' + Statement: + - Action: + - cloudformation:DescribeStackResources + - ec2:DescribeInstances + - ec2:CreateTags + Resource: + - '*' + Effect: Allow + PolicyName: ec2-policy + - PolicyDocument: + Version: '2012-10-17' + Statement: + - Action: + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:PutLogEvents + - logs:DescribeLogStreams + Resource: + - arn:aws:logs:*:*:* + Effect: Allow + PolicyName: cloudwatch-policy + Path: / + AssumeRolePolicyDocument: + Statement: + - Action: + - sts:AssumeRole + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Version: '2012-10-17' + InstanceProfile: + Type: AWS::IAM::InstanceProfile + Properties: + Path: / + Roles: + - !Ref 'SolaceVMRRole' + EventBrokerPrimaryStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: + !Sub + - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/nodecreate.template' + - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] + S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + Parameters: + SolaceDockerImage: !Ref 'SolaceDockerImage' + AdminPassword: !Ref 'AdminPassword' + ContainerLoggingFormat: !Ref 'ContainerLoggingFormat' + BootDiskSize: !Ref 'BootDiskSize' + ClusterInfoHandle: !Ref 'ClusterInfoHandle' + InstanceProfile: !Ref 'InstanceProfile' + KeyPairName: !Ref 'KeyPairName' + NodeDesignation: message-router-primary + NodeInstanceType: !Ref 'EventBrokerNodeInstanceType' + NodeSecurityGroup: !Join + - ',' + - - !Ref 'EventBrokerSecurityGroup' + - !Ref 'SolaceInternalSecurityGroup' + - !Ref 'SolaceInternalSecurityGroupMember' + - !Ref 'RemoteMgmtSecurityGroup' + ParentStackName: !Ref 'AWS::StackName' + PersistentStorage: !Ref 'EventBrokerNodeStorage' + QSS3BucketName: !Ref 'QSS3BucketName' + QSS3BucketRegion: !Ref 'QSS3BucketRegion' + QSS3KeyPrefix: !Ref 'QSS3KeyPrefix' + SubnetID: !Select + - 0 + - !If + - UsePrivateSubnetsCondition + - !Ref 'PrivateSubnetIDs' + - !Ref 'PublicSubnetIDs' + EventBrokerBackupStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: + !Sub + - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/nodecreate.template' + - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] + S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + Parameters: + SolaceDockerImage: !Ref 'SolaceDockerImage' + AdminPassword: !Ref 'AdminPassword' + ContainerLoggingFormat: !Ref 'ContainerLoggingFormat' + BootDiskSize: !Ref 'BootDiskSize' + ClusterInfoHandle: !Ref 'ClusterInfoHandle' + InstanceProfile: !Ref 'InstanceProfile' + KeyPairName: !Ref 'KeyPairName' + NodeDesignation: message-router-backup + NodeInstanceType: !Ref 'EventBrokerNodeInstanceType' + NodeSecurityGroup: !Join + - ',' + - - !Ref 'EventBrokerSecurityGroup' + - !Ref 'SolaceInternalSecurityGroup' + - !Ref 'SolaceInternalSecurityGroupMember' + - !Ref 'RemoteMgmtSecurityGroup' + ParentStackName: !Ref 'AWS::StackName' + PersistentStorage: !Ref 'EventBrokerNodeStorage' + QSS3BucketName: !Ref 'QSS3BucketName' + QSS3BucketRegion: !Ref 'QSS3BucketRegion' + QSS3KeyPrefix: !Ref 'QSS3KeyPrefix' + SubnetID: !Select + - 1 + - !If + - UsePrivateSubnetsCondition + - !Ref 'PrivateSubnetIDs' + - !Ref 'PublicSubnetIDs' + MonitorStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: + !Sub + - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/nodecreate.template' + - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] + S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] + Parameters: + SolaceDockerImage: !Ref 'SolaceDockerImage' + AdminPassword: !Ref 'AdminPassword' + ContainerLoggingFormat: !Ref 'ContainerLoggingFormat' + BootDiskSize: !Ref 'BootDiskSize' + ClusterInfoHandle: !Ref 'ClusterInfoHandle' + InstanceProfile: !Ref 'InstanceProfile' + KeyPairName: !Ref 'KeyPairName' + NodeDesignation: monitor + NodeInstanceType: !Ref 'MonitorNodeInstanceType' + NodeSecurityGroup: !Join + - ',' + - - !Ref 'SolaceInternalSecurityGroup' + - !Ref 'SolaceInternalSecurityGroupMember' + - !Ref 'RemoteMgmtSecurityGroup' + ParentStackName: !Ref 'AWS::StackName' + PersistentStorage: '0' + QSS3BucketName: !Ref 'QSS3BucketName' + QSS3BucketRegion: !Ref 'QSS3BucketRegion' + QSS3KeyPrefix: !Ref 'QSS3KeyPrefix' + SubnetID: !Select + - !If + - Use3AZs + - 2 + - 1 + - !If + - UsePrivateSubnetsCondition + - !Ref 'PrivateSubnetIDs' + - !Ref 'PublicSubnetIDs' + SolaceInternalSecurityGroupMember: + Type: AWS::EC2::SecurityGroup + Properties: + VpcId: !Ref 'VPCID' + GroupDescription: All Solace Nodes + SolaceInternalSecurityGroup: + Type: AWS::EC2::SecurityGroup + DependsOn: + - SolaceInternalSecurityGroupMember + Properties: + VpcId: !Ref 'VPCID' + GroupDescription: All Solace Nodes + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: '8741' + ToPort: '8741' + SourceSecurityGroupId: !Ref 'SolaceInternalSecurityGroupMember' + - IpProtocol: tcp + FromPort: '8300' + ToPort: '8302' + SourceSecurityGroupId: !Ref 'SolaceInternalSecurityGroupMember' + - IpProtocol: udp + FromPort: '8300' + ToPort: '8302' + SourceSecurityGroupId: !Ref 'SolaceInternalSecurityGroupMember' + - IpProtocol: tcp + FromPort: '55555' + ToPort: '55555' + SourceSecurityGroupId: !Ref 'SolaceInternalSecurityGroupMember' + - IpProtocol: tcp + FromPort: '55003' + ToPort: '55003' + SourceSecurityGroupId: !Ref 'SolaceInternalSecurityGroupMember' + - IpProtocol: tcp + FromPort: '55443' + ToPort: '55443' + SourceSecurityGroupId: !Ref 'SolaceInternalSecurityGroupMember' + - IpProtocol: tcp + FromPort: '1443' + ToPort: '1443' + SourceSecurityGroupId: !Ref 'SolaceInternalSecurityGroupMember' + - IpProtocol: tcp + FromPort: '8000' + ToPort: '8000' + SourceSecurityGroupId: !Ref 'SolaceInternalSecurityGroupMember' + - IpProtocol: tcp + FromPort: '5672' + ToPort: '5672' + SourceSecurityGroupId: !Ref 'SolaceInternalSecurityGroupMember' + - IpProtocol: tcp + FromPort: '9000' + ToPort: '9000' + SourceSecurityGroupId: !Ref 'SolaceInternalSecurityGroupMember' + - IpProtocol: tcp + FromPort: '1883' + ToPort: '1883' + SourceSecurityGroupId: !Ref 'SolaceInternalSecurityGroupMember' + - IpProtocol: tcp + FromPort: '8008' + ToPort: '8008' + SourceSecurityGroupId: !Ref 'SolaceInternalSecurityGroupMember' + - IpProtocol: tcp + FromPort: '8080' + ToPort: '8080' + SourceSecurityGroupId: !Ref 'SolaceInternalSecurityGroupMember' + - IpProtocol: tcp + FromPort: '1943' + ToPort: '1943' + SourceSecurityGroupId: !Ref 'SolaceInternalSecurityGroupMember' + - IpProtocol: tcp + FromPort: '5550' + ToPort: '5550' + SourceSecurityGroupId: !Ref 'SolaceInternalSecurityGroupMember' + RemoteMgmtSecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + VpcId: !Ref 'VPCID' + GroupDescription: All devices external to AWS + SecurityGroupIngress: + - !If + - UsePrivateSubnetsCondition + - IpProtocol: tcp + FromPort: '22' + ToPort: '22' + SourceSecurityGroupId: !Ref 'SSHSecurityGroupID' + - IpProtocol: tcp + FromPort: '22' + ToPort: '22' + CidrIp: !Ref 'RemoteAccessCIDR' + EventBrokerSecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + VpcId: !Ref 'VPCID' + GroupDescription: Event Broker Security Group + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: '55555' + ToPort: '55555' + CidrIp: !Ref 'RemoteAccessCIDR' + - IpProtocol: tcp + FromPort: '55003' + ToPort: '55003' + CidrIp: !Ref 'RemoteAccessCIDR' + - IpProtocol: tcp + FromPort: '55443' + ToPort: '55443' + CidrIp: !Ref 'RemoteAccessCIDR' + - IpProtocol: tcp + FromPort: '1443' + ToPort: '1443' + CidrIp: !Ref 'RemoteAccessCIDR' + - IpProtocol: tcp + FromPort: '8000' + ToPort: '8000' + CidrIp: !Ref 'RemoteAccessCIDR' + - IpProtocol: tcp + FromPort: '5672' + ToPort: '5672' + CidrIp: !Ref 'RemoteAccessCIDR' + - IpProtocol: tcp + FromPort: '9000' + ToPort: '9000' + CidrIp: !Ref 'RemoteAccessCIDR' + - IpProtocol: tcp + FromPort: '1883' + ToPort: '1883' + CidrIp: !Ref 'RemoteAccessCIDR' + - IpProtocol: tcp + FromPort: '8008' + ToPort: '8008' + CidrIp: !Ref 'RemoteAccessCIDR' + - IpProtocol: tcp + FromPort: '8080' + ToPort: '8080' + CidrIp: !Ref 'RemoteAccessCIDR' + - IpProtocol: tcp + FromPort: '1943' + ToPort: '1943' + CidrIp: !Ref 'RemoteAccessCIDR' + ClusterInfoHandle: + Type: AWS::CloudFormation::WaitConditionHandle + ClusterInfoCondition: + Type: AWS::CloudFormation::WaitCondition + Condition: EnableWaitConditions + DependsOn: + - EventBrokerPrimaryStack + - EventBrokerBackupStack + - MonitorStack + Properties: + Handle: !Ref 'ClusterInfoHandle' + Timeout: '600' + Count: '1' + ELB: + Type: AWS::ElasticLoadBalancing::LoadBalancer + DependsOn: + - EventBrokerPrimaryStack + Condition: UsePrivateSubnetsCondition + Properties: + SecurityGroups: + - !Ref 'EventBrokerSecurityGroup' + - !Ref 'SolaceInternalSecurityGroupMember' + Subnets: !Ref 'PublicSubnetIDs' + Instances: + - !GetAtt 'EventBrokerPrimaryStack.Outputs.EC2ID' + - !GetAtt 'EventBrokerBackupStack.Outputs.EC2ID' + - !GetAtt 'MonitorStack.Outputs.EC2ID' + HealthCheck: + Target: !Join + - '' + - - 'HTTP:' + - 5550 + - /health-check/guaranteed-active + Timeout: '3' + Interval: '5' + UnhealthyThreshold: '2' + HealthyThreshold: '2' + Listeners: + - LoadBalancerPort: '55555' + InstancePort: '55555' + Protocol: TCP + - LoadBalancerPort: '55003' + InstancePort: '55003' + Protocol: TCP + - LoadBalancerPort: '55443' + InstancePort: '55443' + Protocol: TCP + - LoadBalancerPort: '1443' + InstancePort: '1443' + Protocol: TCP + - LoadBalancerPort: '8000' + InstancePort: '8000' + Protocol: TCP + - LoadBalancerPort: '5672' + InstancePort: '5672' + Protocol: TCP + - LoadBalancerPort: '9000' + InstancePort: '9000' + Protocol: TCP + - LoadBalancerPort: '1883' + InstancePort: '1883' + Protocol: TCP + - LoadBalancerPort: '8008' + InstancePort: '8008' + Protocol: TCP + - LoadBalancerPort: '8080' + InstancePort: '8080' + Protocol: TCP + - LoadBalancerPort: '1943' + InstancePort: '1943' + Protocol: TCP \ No newline at end of file