Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/yuki-takei/dupsworks

Scripts which build an OpsWorks Stack with HA-NAT Layer
https://github.com/yuki-takei/dupsworks

Last synced: about 1 month ago
JSON representation

Scripts which build an OpsWorks Stack with HA-NAT Layer

Host: GitHub
URL: https://github.com/yuki-takei/dupsworks
Owner: yuki-takei
License: apache-2.0
Created: 2014-04-15T16:19:54.000Z (over 10 years ago)
Default Branch: master
Last Pushed: 2014-12-16T17:39:47.000Z (about 10 years ago)
Last Synced: 2023-08-13T07:44:21.238Z (over 1 year ago)
Language: Python
Size: 1020 KB
Stars: 1
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

        DupsWorks

=========

Scripts which build an OpsWorks Stack with HA-NAT Layer

Summary

--------

### Application environments need High-Availability

Amazon VPC and OpsWorks are amazing solutions to publish applications.  

Suppose we are constructing such a structure:

  

    

      

    

  

that has **4 subnets**

* public subnet 1

* private subnet 1 (connectable to the Internet due to nat1)

* public subnet 2

* private subnet 2 (connectable to the Internet due to nat2)

To avoid to enclose Single Point Of Failure, it is preffered to have such a mechanism.

  

    

      

    

    

      

    

  

  

    checking heartbeat each other

    automatic failovering and recovering

  

But constructing as above is hard a little bit.

### What does DupsWorks do?

DupsWorks makes it easy to build a VPC sutructure as above, OpsWorks Stack, NAT Layer and instances, and install some scripts to NAT instances that provides High-Availability.

All processes are below:

1. create VPC

1. create 4 subnets

1. create an OpsWorks stack

1. create OpsWorks layers

  1. admin layer (for gateway instances)

  1. nat layer

1. set permissions (optional)

2. create OpsWorks instances

  1. 1 admin instance

  1. 2 NAT instances

1. start NAT instances

1. configure route

  1. public subnets -> internet gateway

  1. private subnets -> nat instances

  1. checking heartbeat route

1. configure NAT instances

  1. disable Source/dest. check.

  1. set '1' to net.ipv4.ip_forward using sysctl

  1. configure iptables and enable IP Masquerading

1. install scripts(check heartbeat and failover) to NAT instances.

Requirements

-------------

Dupsworks depends on Python 3 and some packages. You can install them using pip:

    pip install -r requirements.txt

Usage

-----

### Script Settings

1. Copy ``settings.cfg.example`` to ``settings.cfg``.

1. Edit params in ``[PersonalSettings]`` section.

#### Example:

```ini:settings.cfg

[PersonalSettings]

vpc_name = MyVPC

vpc_cidr                    = 10.0.0.0/16

vpc_subnet_az1_public_cidr  = 10.0.0.0/24

vpc_subnet_az1_private_cidr = 10.0.128.0/24

vpc_subnet_az2_public_cidr  = 10.0.1.0/24

vpc_subnet_az2_private_cidr = 10.0.129.0/24

region                      = us-east-1

vpc_subnet_az1              = us-east-1a

vpc_subnet_az2              = us-east-1b

stack_name = MyStack

stack_service_role_arn = arn:aws:iam::111111111111:role/aws-opsworks-service-role

stack_default_instance_profile_arn = arn:aws:iam::111111111111:instance-profile/aws-opsworks-ec2-role

    [[stack_permissions]]

        [[[hoge]]]

            iam_user_arn = arn:aws:iam::111111111111:user/hoge

            allow_ssh = True

            allow_sudo = True

```

#### Add permissions to "stack_default_instance_profile"

An OpsWorks Stack requires 2 ARNs. "Default IAM Instance Profile" is one of them.

When Dupsworks creates an OpsWorks Stack, the value you specified as "stack_default_instance_profile_arn" in settings.cfg will be set to "Default IAM Instance Profile".

You must add following permissions to the IAM Role:

    * allow to read EC2 information

    * allow modifing EC2 instance attributes

    * allow replacing route in VPC

in order to execute recipes of [weseek/vpcnat](https://github.com/weseek/chef-vpcnat).

See the [Security and Permissions](http://docs.aws.amazon.com/opsworks/latest/userguide/workingsecurity.html) page for more information.

### Security Credentials

Dupsworks uses [boto](http://aws.amazon.com/sdkforpython/) and [awscli](http://aws.amazon.com/jp/cli/).

You need to set your AWS security credentials before the script is able to

connect to AWS. The SDK will automatically pick up credentials in environment

variables:

    export AWS_ACCESS_KEY_ID="Your AWS Access Key ID"

    export AWS_SECRET_ACCESS_KEY="Your AWS Secret Access Key"

See the [AWS Security Credentials](http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html) page

for more information on getting your keys.

### Execute

    python build_stack.py

Contributing

------------

1. Fork the repository on Github

1. Write your change (and fix my poor English!)

1. Submit a Pull Request using Github

License and Authors

-------------------

- Author:: Yuki Takei ()

Copyright 2014 WESEEK, Inc.

Licensed under the Apache License, Version 2.0 (the "License");  

you may not use this file except in compliance with the License.  

You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software  

distributed under the License is distributed on an "AS IS" BASIS,  

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  

See the License for the specific language governing permissions and  

limitations under the License.