Add Gerrit slave to dual-master recipe
Complete the dual-master template by adding the replication
to a slave node.
Change-Id: Ia2c7dd69c7c81db38ac54746279913189c6d532e
diff --git a/dual-master/Makefile b/dual-master/Makefile
index b7a9034..d427867 100644
--- a/dual-master/Makefile
+++ b/dual-master/Makefile
@@ -3,19 +3,21 @@
CLUSTER_TEMPLATE:=cf-cluster.yml
SERVICE_MASTER_TEMPLATE:=cf-service-master.yml
+SERVICE_SLAVE_TEMPLATE:=cf-service-slave.yml
DNS_ROUTING_TEMPLATE:=cf-dns-route.yml
LOAD_BALANCER_TEMPLATE:=cf-service-lb.yml
AWS_FC_COMMAND=export AWS_PAGER=;aws cloudformation
.PHONY: create-all delete-all \
- cluster cluster-keys service-master-1 dns-routing \
- wait-for-cluster-creation wait-for-service-master-1-creation wait-for-service-master-2-creation wait-for-dns-routing-creation \
- wait-for-cluster-deletion wait-for-service-master-1-deletion wait-for-service-master-2-deletion wait-for-dns-routing-deletion \
+ cluster cluster-keys service-master-1 service-master-2 service-slave dns-routing \
+ wait-for-cluster-creation wait-for-service-master-1-creation wait-for-service-master-2-creation wait-for-service-slave-creation wait-for-dns-routing-creation \
+ wait-for-cluster-deletion wait-for-service-master-1-deletion wait-for-service-master-2-deletion wait-for-service-slave-deletion wait-for-dns-routing-deletion \
service-lb wait-for-service-lb-deletion wait-for-service-lb-creation \
gerrit-build gerrit-publish haproxy-publish syslog-sidecar-publish
create-all: gerrit-publish haproxy-publish syslog-sidecar-publish \
cluster wait-for-cluster-creation \
+ service-slave wait-for-service-slave-creation \
service-master-1 wait-for-service-master-1-creation \
service-master-2 wait-for-service-master-2-creation \
service-lb wait-for-service-lb-creation \
@@ -29,7 +31,8 @@
--region $(AWS_REGION) \
--parameters \
ParameterKey=DesiredCapacity,ParameterValue=$(CLUSTER_DESIRED_CAPACITY) \
- ParameterKey=ECSKeyName,ParameterValue=$(CLUSTER_KEYS)
+ ParameterKey=ECSKeyName,ParameterValue=$(CLUSTER_KEYS) \
+ ParameterKey=InstanceType,ParameterValue=$(CLUSTER_INSTANCE_TYPE)
service-master-1:
$(AWS_FC_COMMAND) create-stack \
@@ -53,7 +56,9 @@
ParameterKey=GerritDbVolume,ParameterValue=gerrit-db-master-1 \
ParameterKey=GerritLogsVolume,ParameterValue=gerrit-logs-master1 \
ParameterKey=PeerSubdomain,ParameterValue=$(MASTER2_SUBDOMAIN) \
- ParameterKey=LBSubdomain,ParameterValue=$(LB_SUBDOMAIN)
+ ParameterKey=LBSubdomain,ParameterValue=$(LB_SUBDOMAIN) \
+ ParameterKey=SlaveServiceStackName,ParameterValue=$(SERVICE_SLAVE_STACK_NAME)
+
service-master-2:
$(AWS_FC_COMMAND) create-stack \
@@ -77,7 +82,23 @@
ParameterKey=GerritDbVolume,ParameterValue=gerrit-db-master-2 \
ParameterKey=GerritLogsVolume,ParameterValue=gerrit-logs-master-2 \
ParameterKey=PeerSubdomain,ParameterValue=$(MASTER1_SUBDOMAIN) \
- ParameterKey=LBSubdomain,ParameterValue=$(LB_SUBDOMAIN)
+ ParameterKey=LBSubdomain,ParameterValue=$(LB_SUBDOMAIN) \
+ ParameterKey=SlaveServiceStackName,ParameterValue=$(SERVICE_SLAVE_STACK_NAME)
+
+service-slave:
+ $(AWS_FC_COMMAND) create-stack \
+ --stack-name $(SERVICE_SLAVE_STACK_NAME) \
+ --capabilities CAPABILITY_IAM \
+ --template-body file://`pwd`/$(SERVICE_SLAVE_TEMPLATE) \
+ --region $(AWS_REGION) \
+ --parameters \
+ ParameterKey=ClusterStackName,ParameterValue=$(CLUSTER_STACK_NAME) \
+ ParameterKey=HostedZoneName,ParameterValue=$(HOSTED_ZONE_NAME) \
+ ParameterKey=Subdomain,ParameterValue=$(SLAVE_SUBDOMAIN) \
+ ParameterKey=DockerRegistryUrl,ParameterValue=$(DOCKER_REGISTRY_URI) \
+ ParameterKey=CertificateArn,ParameterValue=$(SSL_CERTIFICATE_ARN) \
+ ParameterKey=GerritKeyPrefix,ParameterValue=$(GERRIT_KEY_PREFIX)\
+ ParameterKey=GerritDockerImage,ParameterValue=aws-gerrit/gerrit:$(IMAGE_TAG)
service-lb:
$(AWS_FC_COMMAND) create-stack \
@@ -129,6 +150,13 @@
--region $(AWS_REGION)
@echo "*** Service stack '$(SERVICE_MASTER2_STACK_NAME)' created"
+wait-for-service-slave-creation:
+ @echo "*** Wait for service slave stack '$(SERVICE_SLAVE_STACK_NAME)' creation"
+ $(AWS_FC_COMMAND) wait stack-create-complete \
+ --stack-name $(SERVICE_SLAVE_STACK_NAME) \
+ --region $(AWS_REGION)
+ @echo "*** Service stack '$(SERVICE_SLAVE_STACK_NAME)' created"
+
wait-for-service-lb-creation:
@echo "*** Wait for service lb stack '$(LOAD_BALANCER_STACK_NAME)' creation"
$(AWS_FC_COMMAND) wait stack-create-complete \
@@ -164,6 +192,13 @@
--region $(AWS_REGION)
@echo "*** Service stack master '$(SERVICE_MASTER2_STACK_NAME)' deleted"
+wait-for-service-slave-deletion:
+ @echo "*** Wait for service slave stack '$(SERVICE_SLAVE_STACK_NAME)' deletion"
+ $(AWS_FC_COMMAND) wait stack-delete-complete \
+ --stack-name $(SERVICE_SLAVE_STACK_NAME) \
+ --region $(AWS_REGION)
+ @echo "*** Service stack slave '$(SERVICE_SLAVE_STACK_NAME)' deleted"
+
wait-for-service-lb-deletion:
@echo "*** Wait for service lb stack '$(LOAD_BALANCER_STACK_NAME)' deletion"
$(AWS_FC_COMMAND) wait stack-delete-complete \
@@ -193,6 +228,11 @@
--stack-name $(SERVICE_MASTER2_STACK_NAME) \
--region $(AWS_REGION)
+delete-service-slave:
+ $(AWS_FC_COMMAND) delete-stack \
+ --stack-name $(SERVICE_SLAVE_STACK_NAME) \
+ --region $(AWS_REGION)
+
delete-service-lb:
$(AWS_FC_COMMAND) delete-stack \
--stack-name $(LOAD_BALANCER_STACK_NAME) \
@@ -205,8 +245,8 @@
delete-all: delete-dns-routing wait-for-dns-routing-deletion \
delete-service-lb wait-for-service-lb-deletion \
- delete-service-master-1 wait-for-service-master-1-deletion \
- delete-service-master-2 wait-for-service-master-2-deletion \
+ delete-service-master-1 delete-service-master-2 delete-service-slave \
+ wait-for-service-master-1-deletion wait-for-service-master-2-deletion wait-for-service-slave-deletion \
delete-cluster wait-for-cluster-deletion
gerrit-publish:
@@ -217,3 +257,9 @@
syslog-sidecar-publish:
$(MAKE) -C syslog-sidecar syslog-sidecar-publish
+
+git-daemon-publish:
+ $(MAKE) -C ../master-slave/git-daemon git-daemon-publish
+
+git-ssh-publish:
+ $(MAKE) -C ../master-slave/git-ssh git-ssh-publish
diff --git a/dual-master/cf-cluster.yml b/dual-master/cf-cluster.yml
index 4197929..011a2f5 100644
--- a/dual-master/cf-cluster.yml
+++ b/dual-master/cf-cluster.yml
@@ -177,6 +177,11 @@
{\"files\":
{\"collect_list\":
[
+ {\"file_path\": \"/var/lib/docker/volumes/gerrit-logs-master-2/_data/replication_log\",
+ \"log_group_name\": \"${AWS::StackName}\",
+ \"log_stream_name\": \"${EnvironmentName}/{instance_id}/master-2/replication_log\",
+ \"timezone\": \"UTC\"
+ },
{\"file_path\": \"/var/lib/docker/volumes/gerrit-logs-master-2/_data/httpd_log\",
\"log_group_name\": \"${AWS::StackName}\",
\"log_stream_name\": \"${EnvironmentName}/{instance_id}/master-2/httpd_log\",
diff --git a/dual-master/cf-service-master.yml b/dual-master/cf-service-master.yml
index 42ea576..7a24985 100644
--- a/dual-master/cf-service-master.yml
+++ b/dual-master/cf-service-master.yml
@@ -141,7 +141,7 @@
- Name: AWS_REGION
Value: !Ref AWS::Region
- Name: SETUP_REPLICATION
- Value: false
+ Value: true
- Name: GERRIT_KEY_PREFIX
Value: !Ref GerritKeyPrefix
- Name: SETUP_HA
diff --git a/dual-master/cf-service-slave.yml b/dual-master/cf-service-slave.yml
new file mode 100644
index 0000000..7415836
--- /dev/null
+++ b/dual-master/cf-service-slave.yml
@@ -0,0 +1,469 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: Deploy a service into an ECS cluster behind a public load balancer.
+Parameters:
+ GerritServiceName:
+ Type: String
+ Default: gerrit-slave
+ GitDaemonServiceName:
+ Type: String
+ Default: gerrit-git-daemon
+ GitSSHServiceName:
+ Type: String
+ Default: gerrit-git-ssh
+ ClusterStackName:
+ Description: Stack name of the ECS cluster to deply the serivces
+ Type: String
+ Default: gerrit-cluster
+ EnvironmentName:
+ Description: An environment name used to build the log stream names
+ Type: String
+ Default: test
+ GerritDockerImage:
+ Description: Gerrit official Docker image
+ Type: String
+ Default: aws-gerrit/gerrit:latest
+ GitDaemonDockerImage:
+ Description: Git daemon Docker image
+ Type: String
+ Default: aws-gerrit/git-daemon:latest
+ GitSSHDockerImage:
+ Description: Git SSH Docker image
+ Type: String
+ Default: aws-gerrit/git-ssh:latest
+ DockerRegistryUrl:
+ Description: Docker registry URL
+ Type: String
+ DesiredCount:
+ Description: How many instances of this task should we run across our cluster?
+ Type: Number
+ Default: 1
+ HTTPHostPort:
+ Description: Gerrit Host HTTP port
+ Type: Number
+ Default: 9080
+ HTTPContainePort:
+ Description: Gerrit Container HTTP port
+ Type: Number
+ Default: 8080
+ HTTPSPort:
+ Description: Gerrit HTTPS port
+ Type: Number
+ Default: 443
+ SSHHostPort:
+ Description: Gerrit SSH port
+ Type: Number
+ Default: 39418
+ SSHContainerPort:
+ Description: Gerrit SSH port
+ Type: Number
+ Default: 29418
+ GitPort:
+ Description: Git daemon port
+ Type: Number
+ Default: 9418
+ GitSSHPort:
+ Description: Git ssh port
+ Type: Number
+ Default: 1022
+ GitSSHContainerPort:
+ Description: Git ssh port
+ Type: Number
+ Default: 22
+ CertificateArn:
+ Description: SSL Certificates ARN
+ Type: String
+ HostedZoneName:
+ Description: The route53 HostedZoneName.
+ Type: String
+ Subdomain:
+ Description: The subdomain of the Gerrit cluster
+ Type: String
+ Default: gerrit-slave-demo
+ GerritGitVolume:
+ Description: Gerrit git volume name
+ Type: String
+ Default: gerrit-git-slave
+ GerritDataVolume:
+ Description: Gerrit data volume name
+ Type: String
+ Default: gerrit-data-slave
+ GerritCacheVolume:
+ Description: Gerrit cache volume name
+ Type: String
+ Default: gerrit-cache-slave
+ GerritDbVolume:
+ Description: Gerrit db volume name
+ Type: String
+ Default: gerrit-db-slave
+ GerritLogsVolume:
+ Description: Gerrit logs volume name
+ Type: String
+ Default: gerrit-logs-slave
+ GerritKeyPrefix:
+ Description: Gerrit credentials keys prefix
+ Type: String
+
+Resources:
+ GerritService:
+ Type: AWS::ECS::Service
+ DependsOn:
+ - HTTPListener
+ - SSHListener
+ Properties:
+ Cluster:
+ Fn::ImportValue:
+ !Join [':', [!Ref 'ClusterStackName', 'ClusterName']]
+ DesiredCount: !Ref DesiredCount
+ TaskDefinition: !Ref GerritTaskDefinition
+ LoadBalancers:
+ - ContainerName: !Ref GerritServiceName
+ ContainerPort: !Ref HTTPContainePort
+ TargetGroupArn: !Ref HTTPTargetGroup
+ - ContainerName: !Ref GerritServiceName
+ ContainerPort: !Ref SSHContainerPort
+ TargetGroupArn: !Ref SSHTargetGroup
+
+ GerritReplicationService:
+ Type: AWS::ECS::Service
+ DependsOn:
+ - GitListener
+ - GitSSHListener
+ Properties:
+ Cluster:
+ Fn::ImportValue:
+ !Join [':', [!Ref 'ClusterStackName', 'ClusterName']]
+ DesiredCount: !Ref DesiredCount
+ TaskDefinition: !Ref GerritReplicationTaskDefinition
+ LoadBalancers:
+ - ContainerName: !Ref GitDaemonServiceName
+ ContainerPort: !Ref GitPort
+ TargetGroupArn: !Ref GitTargetGroup
+ - ContainerName: !Ref GitSSHServiceName
+ ContainerPort: !Ref GitSSHContainerPort
+ TargetGroupArn: !Ref GitSSHTargetGroup
+
+ GerritTaskDefinition:
+ Type: AWS::ECS::TaskDefinition
+ Properties:
+ Family: !Join ['', [!Ref GerritServiceName, TaskDefinition]]
+ TaskRoleArn: !Ref ECSTaskExecutionRole
+ ExecutionRoleArn: !Ref ECSTaskExecutionRole
+ NetworkMode: bridge
+ ContainerDefinitions:
+ - Name: !Ref GerritServiceName
+ Essential: true
+ Image: !Sub '${DockerRegistryUrl}/${GerritDockerImage}'
+ Environment:
+ - Name: CANONICAL_WEB_URL
+ Value: !Sub 'https://${Subdomain}.${HostedZoneName}'
+ - Name: HTTPD_LISTEN_URL
+ Value: !Sub 'proxy-https://*:${HTTPContainePort}/'
+ - Name: CONTAINER_SLAVE
+ Value: true
+ - Name: GERRIT_KEY_PREFIX
+ Value: !Ref GerritKeyPrefix
+ - Name: AWS_REGION
+ Value: !Ref AWS::Region
+ MountPoints:
+ - SourceVolume: !Ref GerritGitVolume
+ ContainerPath: /var/gerrit/git
+ - SourceVolume: !Ref GerritDataVolume
+ ContainerPath: /var/gerrit/data
+ - SourceVolume: !Ref GerritCacheVolume
+ ContainerPath: /var/gerrit/cache
+ - SourceVolume: !Ref GerritDbVolume
+ ContainerPath: /var/gerrit/db
+ - SourceVolume: !Ref GerritLogsVolume
+ ContainerPath: /var/gerrit/logs
+ Cpu: 1024
+ Memory: 2048
+ PortMappings:
+ - ContainerPort: !Ref HTTPContainePort
+ HostPort: !Ref HTTPHostPort
+ Protocol: tcp
+ - ContainerPort: !Ref SSHContainerPort
+ HostPort: !Ref SSHHostPort
+ Protocol: tcp
+ LogConfiguration:
+ LogDriver: awslogs
+ Options:
+ awslogs-group: !Ref ClusterStackName
+ awslogs-region: !Ref AWS::Region
+ awslogs-stream-prefix: !Ref EnvironmentName
+ Volumes:
+ - Name: !Ref 'GerritDbVolume'
+ DockerVolumeConfiguration:
+ Scope: shared
+ Autoprovision: true
+ Driver: local
+ Labels:
+ gerrit-db: !Join ['-', [!Ref EnvironmentName, !Ref GerritDbVolume]]
+ - Name: !Ref 'GerritGitVolume'
+ DockerVolumeConfiguration:
+ Scope: shared
+ Autoprovision: true
+ Driver: local
+ Labels:
+ gerrit-git: !Join ['-', [!Ref EnvironmentName, !Ref GerritGitVolume]]
+ - Name: !Ref 'GerritDataVolume'
+ DockerVolumeConfiguration:
+ Scope: shared
+ Autoprovision: true
+ Driver: local
+ Labels:
+ gerrit-data: !Join ['-', [!Ref EnvironmentName, !Ref GerritDataVolume]]
+ - Name: !Ref 'GerritCacheVolume'
+ DockerVolumeConfiguration:
+ Scope: shared
+ Autoprovision: true
+ Driver: local
+ Labels:
+ gerrit-cache: !Join ['-', [!Ref EnvironmentName, !Ref GerritCacheVolume]]
+ - Name: !Ref 'GerritLogsVolume'
+ DockerVolumeConfiguration:
+ Scope: shared
+ Autoprovision: true
+ Driver: local
+ Labels:
+ gerrit-logs: !Join ['-', [!Ref EnvironmentName, !Ref GerritLogsVolume]]
+
+ GerritReplicationTaskDefinition:
+ Type: AWS::ECS::TaskDefinition
+ Properties:
+ Family: !Join ['', [!Ref GerritServiceName, TaskDefinition]]
+ TaskRoleArn: !Ref ECSTaskExecutionRole
+ ExecutionRoleArn: !Ref ECSTaskExecutionRole
+ NetworkMode: bridge
+ ContainerDefinitions:
+ - Name: !Ref GitDaemonServiceName
+ Essential: true
+ Image: !Sub '${DockerRegistryUrl}/${GitDaemonDockerImage}'
+ MountPoints:
+ - SourceVolume: !Ref GerritGitVolume
+ ContainerPath: /var/gerrit/git
+ Cpu: 256
+ Memory: 512
+ PortMappings:
+ - ContainerPort: !Ref GitPort
+ HostPort: !Ref GitPort
+ Protocol: tcp
+ LogConfiguration:
+ LogDriver: awslogs
+ Options:
+ awslogs-group: !Ref ClusterStackName
+ awslogs-region: !Ref AWS::Region
+ awslogs-stream-prefix: !Ref EnvironmentName
+ - Name: !Ref GitSSHServiceName
+ Essential: true
+ Image: !Sub '${DockerRegistryUrl}/${GitSSHDockerImage}'
+ Environment:
+ - Name: TZ
+ Value: US/Pacific
+ - Name: SSH_USERS
+ Value: gerrit:1000:1000
+ - Name: AWS_REGION
+ Value: !Ref AWS::Region
+ - Name: GERRIT_KEY_PREFIX
+ Value: !Ref GerritKeyPrefix
+ MountPoints:
+ - SourceVolume: !Ref GerritGitVolume
+ ContainerPath: /var/gerrit/git
+ Cpu: 256
+ Memory: 512
+ PortMappings:
+ - ContainerPort: !Ref GitSSHContainerPort
+ HostPort: !Ref GitSSHPort
+ Protocol: tcp
+ LogConfiguration:
+ LogDriver: awslogs
+ Options:
+ awslogs-group: !Ref ClusterStackName
+ awslogs-region: !Ref AWS::Region
+ awslogs-stream-prefix: !Ref EnvironmentName
+ Volumes:
+ - Name: !Ref 'GerritGitVolume'
+ DockerVolumeConfiguration:
+ Scope: shared
+ Autoprovision: true
+ Driver: local
+ Labels:
+ gerrit-git: !Join ['-', [!Ref EnvironmentName, !Ref GerritGitVolume]]
+
+ LoadBalancer:
+ Type: AWS::ElasticLoadBalancingV2::LoadBalancer
+ Properties:
+ Type: network
+ Scheme: internet-facing
+ Subnets:
+ - Fn::ImportValue:
+ !Join [':', [!Ref 'ClusterStackName', 'PublicSubnetOne']]
+ Tags:
+ - Key: Name
+ Value: !Join ['-', [!Ref 'EnvironmentName', !Ref 'GerritServiceName', 'nlb']]
+
+ HTTPTargetGroup:
+ Type: AWS::ElasticLoadBalancingV2::TargetGroup
+ DependsOn: LoadBalancer
+ Properties:
+ VpcId:
+ Fn::ImportValue:
+ !Join [':', [!Ref 'ClusterStackName', 'VPCId']]
+ Port: !Ref HTTPHostPort
+ Protocol: TCP
+ HealthCheckPort: !Ref HTTPContainePort
+
+ HTTPListener:
+ Type: AWS::ElasticLoadBalancingV2::Listener
+ DependsOn: LoadBalancer
+ Properties:
+ Certificates:
+ - CertificateArn: !Ref CertificateArn
+ DefaultActions:
+ - Type: forward
+ TargetGroupArn: !Ref HTTPTargetGroup
+ LoadBalancerArn: !Ref LoadBalancer
+ Port: !Ref HTTPSPort
+ Protocol: TLS
+
+ SSHTargetGroup:
+ Type: AWS::ElasticLoadBalancingV2::TargetGroup
+ DependsOn: LoadBalancer
+ Properties:
+ VpcId:
+ Fn::ImportValue:
+ !Join [':', [!Ref 'ClusterStackName', 'VPCId']]
+ Port: !Ref SSHHostPort
+ Protocol: TCP
+ HealthCheckPort: !Ref SSHContainerPort
+
+ SSHListener:
+ Type: AWS::ElasticLoadBalancingV2::Listener
+ DependsOn: LoadBalancer
+ Properties:
+ DefaultActions:
+ - Type: forward
+ TargetGroupArn: !Ref SSHTargetGroup
+ LoadBalancerArn: !Ref LoadBalancer
+ Port: !Ref SSHHostPort
+ Protocol: TCP
+
+ GitTargetGroup:
+ Type: AWS::ElasticLoadBalancingV2::TargetGroup
+ DependsOn: LoadBalancer
+ Properties:
+ VpcId:
+ Fn::ImportValue:
+ !Join [':', [!Ref 'ClusterStackName', 'VPCId']]
+ Port: !Ref GitPort
+ Protocol: TCP
+
+ GitListener:
+ Type: AWS::ElasticLoadBalancingV2::Listener
+ DependsOn: LoadBalancer
+ Properties:
+ DefaultActions:
+ - Type: forward
+ TargetGroupArn: !Ref GitTargetGroup
+ LoadBalancerArn: !Ref LoadBalancer
+ Port: !Ref GitPort
+ Protocol: TCP
+
+ GitSSHTargetGroup:
+ Type: AWS::ElasticLoadBalancingV2::TargetGroup
+ DependsOn: LoadBalancer
+ Properties:
+ VpcId:
+ Fn::ImportValue:
+ !Join [':', [!Ref 'ClusterStackName', 'VPCId']]
+ Port: !Ref GitSSHPort
+ Protocol: TCP
+
+ GitSSHListener:
+ Type: AWS::ElasticLoadBalancingV2::Listener
+ DependsOn: LoadBalancer
+ Properties:
+ DefaultActions:
+ - Type: forward
+ TargetGroupArn: !Ref GitSSHTargetGroup
+ LoadBalancerArn: !Ref LoadBalancer
+ Port: !Ref GitSSHPort
+ Protocol: TCP
+
+ SlaveDnsRecord:
+ Type: AWS::Route53::RecordSet
+ Properties:
+ Name: !Sub '${Subdomain}.${HostedZoneName}'
+ HostedZoneName: !Sub '${HostedZoneName}.'
+ Comment: DNS name for Gerrit Slave.
+ Type: A
+ AliasTarget:
+ DNSName: !GetAtt 'LoadBalancer.DNSName'
+ HostedZoneId: !GetAtt 'LoadBalancer.CanonicalHostedZoneID'
+ EvaluateTargetHealth: False
+
+ # This is a role which is used by the ECS tasks themselves.
+ ECSTaskExecutionRole:
+ Type: AWS::IAM::Role
+ Properties:
+ AssumeRolePolicyDocument:
+ Statement:
+ - Effect: Allow
+ Principal:
+ Service: [ecs-tasks.amazonaws.com]
+ Action: ['sts:AssumeRole']
+ Path: /
+ Policies:
+ - PolicyName: AmazonECSTaskExecutionRolePolicy
+ PolicyDocument:
+ Statement:
+ - Effect: Allow
+ Action:
+ # Allow the ECS Tasks to download images from ECR
+ - 'ecr:GetAuthorizationToken'
+ - 'ecr:BatchCheckLayerAvailability'
+ - 'ecr:GetDownloadUrlForLayer'
+ - 'ecr:BatchGetImage'
+ # Allow the ECS tasks to upload logs to CloudWatch
+ - 'logs:CreateLogStream'
+ - 'logs:PutLogEvents'
+ Resource: '*'
+ - PolicyName: AmazonECSTaskSecretManagerRolePolicy
+ PolicyDocument:
+ Statement:
+ - Effect: Allow
+ Action:
+ # Allow the ECS Tasks to get SSH Keys
+ - 'secretsmanager:GetSecretValue'
+ - 'kms:Decrypt'
+ Resource: '*'
+Outputs:
+ PublicLoadBalancerDNSName:
+ Description: The DNS name of the external load balancer
+ Value: !GetAtt 'LoadBalancer.DNSName'
+ Export:
+ Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicLoadBalancerDNSName' ] ]
+ CanonicalHostedZoneID:
+ Description: Canonical Hosted Zone ID
+ Value: !GetAtt 'LoadBalancer.CanonicalHostedZoneID'
+ Export:
+ Name: !Join [ ':', [ !Ref 'AWS::StackName', 'CanonicalHostedZoneID' ] ]
+ PublicLoadBalancerUrl:
+ Description: The url of the external load balancer
+ Value: !Join ['', ['http://', !GetAtt 'LoadBalancer.DNSName']]
+ Export:
+ Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicLoadBalancerUrl' ] ]
+ HostedZoneName:
+ Description: Route53 Hosted Zone name
+ Value: !Ref HostedZoneName
+ Export:
+ Name: !Join [ ':', [ !Ref 'AWS::StackName', 'HostedZoneName' ] ]
+ Subdomain:
+ Description: Service DNS subdomain
+ Value: !Ref Subdomain
+ Export:
+ Name: !Join [ ':', [ !Ref 'AWS::StackName', 'Subdomain' ] ]
+ CanonicalWebUrl:
+ Description: Canonical Web URL
+ Value: !Sub 'https://${Subdomain}.${HostedZoneName}'
+ Export:
+ Name: !Join [ ':', [ !Ref 'AWS::StackName', 'CanonicalWebUrl' ] ]
diff --git a/dual-master/setup.env.template b/dual-master/setup.env.template
index 6858912..b299707 100644
--- a/dual-master/setup.env.template
+++ b/dual-master/setup.env.template
@@ -1,7 +1,9 @@
CLUSTER_STACK_NAME:=$(AWS_PREFIX)-cluster
-CLUSTER_DESIRED_CAPACITY:=1
+CLUSTER_DESIRED_CAPACITY:=3
+CLUSTER_INSTANCE_TYPE:=m4.2xlarge
SERVICE_MASTER1_STACK_NAME:=$(AWS_PREFIX)-service-master-1
SERVICE_MASTER2_STACK_NAME:=$(AWS_PREFIX)-service-master-2
+SERVICE_SLAVE_STACK_NAME:=$(AWS_PREFIX)-service-slave
HTTP_HOST_PORT_MASTER2:=8081
SSH_HOST_PORT_MASTER2:=29419
HTTP_HOST_PORT_MASTER1:=8080
@@ -10,6 +12,7 @@
HOSTED_ZONE_NAME:=yourcompany.com
MASTER1_SUBDOMAIN:=$(AWS_PREFIX)-master-1.gerrit-demo
MASTER2_SUBDOMAIN:=$(AWS_PREFIX)-master-2.gerrit-demo
+SLAVE_SUBDOMAIN:=$(AWS_PREFIX)-slave.gerrit-demo
LB_SUBDOMAIN=$(AWS_PREFIX)-lb.gerrit-demo
DOCKER_REGISTRY_URI:=<yourAccountId>.dkr.ecr.us-east-1.amazonaws.com
SSL_CERTIFICATE_ARN=arn:aws:acm:us-east-1:<yourAccountId>:certificate/33e2c235-a4d1-42b7-b866-18d8d744975c