fernandohonig · November 12, 2014 12:30
diff --git a/heat-template b/heat-template
 heat_template_version: 2013-05-23
 
 description: |
  ELK stack Unlocked 18th November 2014
 
 # START OUTPUT SECTION ###########################################
 outputs:
  load_balancer_ip:
    value: { get_attr: [kibana_loadbalancer, PublicIp] }
    description: Kibana Load Balancer public IP
  private_key:
    value: { get_attr: [ssh_key, private_key] }
    description: "SSH Private Key"
  web_increment_url:
    description: POST to this URL to add capacity to Kibana
    value: {get_attr: [kibana_as_group_inc_policy_01_inc_webhook_01, capabilityUrl]}
  web_decrement_url:
    description: POST to this URL to remove capacity from Kibana
    value: {get_attr: [kibana_as_group_dec_policy_01_dec_webhook_01, capabilityUrl]}
 # END OUTPUT SECTION #############################################
 
 
 # START PARAMS SECTION ###########################################
 parameter_groups:
 
 - label: Kibana load balancer parameters
  parameters:
  - kibana_loadbalancer_name
 
 - label: Kibana servers parameters
  parameters:
  - kibana_hostname
  - kibana_image
  - kibana_flavor
 
 - label: Chef parameters
  parameters:
  - chef_server_url
  - chef_version
  - encrypted_data_bag_secret
  - environment
  - organization
  - role
  - validation_key
 
 parameters:
 
 # Kibana load balancer Parameters #
  kibana_loadbalancer_name:
    label: Kibana load balancer name
    description: Cloud Load Balancer's name (listening on port 443)
    type: string
    default: kibana
    constraints:
    - length:
        min: 1
        max: 64
    - allowed_pattern: "^[a-zA-Z][a-zA-Z0-9-]*$"
      description: |
        Must begin with a letter and contain only alphanumeric characters.
 
 # Server Parameters #
  kibana_hostname:
    label: Kibana servers name
    description: Kibana servers name
    type: string
    default: elkstack
    constraints:
    - length:
        min: 1
        max: 64
    - allowed_pattern: "^[a-zA-Z][a-zA-Z0-9-]*$"
      description: |
        Must begin with a letter and contain only alphanumeric characters.
 
  kibana_image:
    label: Operating system
    description: |
      Optional: Server image used for the server created
      as a part of this deployment.
    type: string
    default: 598a4282-f14b-4e50-af4c-b3e52749d9f9
    constraints:
    - allowed_values:
      - 70d38a32-5f63-45df-a0e7-7e06fc89370a # CentOS 6.5
      - 7e746552-2212-41d7-b216-a1024b83b0c4 # CentOS 6.5 (PVHVM)
      - bfa5783c-e40e-4668-adc1-feb0ae3d7a46 # CentOS 7 (PVHVM)
      - 7c0fe28a-6e29-4049-83bf-b8ac57608736 # Debian 6 (Squeeze)
      - b279d8e6-1cbd-4e7c-875a-f6dbffc4c4a0 # Debian 7 (Wheezy) (PVHVM)
      - e3015c6f-0103-4bb0-a6ca-59d619f9b645 # Red Hat Enterprise Linux 5.11
      - 8a10a510-ec4c-43db-8b87-6a58438b3f19 # Red Hat Enterprise Linux 6.5
      - ceb5d3d9-5879-4b30-a3d6-9175127d94ac # Red Hat Enterprise Linux 6.5 (PVHVM)
      - cca73d10-8953-4949-a2f2-1e5444a4130d # Ubuntu 12.04 LTS (Precise Pangolin)
      - a3da5530-71c6-4405-b64f-fd2da99d303c # Ubuntu 12.04 LTS (Precise Pangolin) (PVHVM)
      - a3ba4cf5-70b9-4805-afa2-30d1ab81a625 # Ubuntu 14.04 LTS (Trusty Tahr)
      - 598a4282-f14b-4e50-af4c-b3e52749d9f9 # Ubuntu 14.04 LTS (Trusty Tahr) (PVHVM)
      description: Must be a supported operating system.
 
  kibana_flavor:
    label: Kibana Server Size
    description: |
      Optional: Rackspace Cloud Server flavor to use. The size is based on the
      amount of RAM for the provisioned server.
    type: string
    default: performance1-1
    constraints:
    - allowed_values:
      - general1-1
      - general1-2
      - general1-4
      - general1-8
      - io1-120
      - io1-15
      - io1-30
      - io1-60
      - io1-90
      - performance1-1
      - performance1-2
      - performance1-4
      - performance1-8
      - performance2-120
      - performance2-15
      - performance2-30
      - performance2-60
      - performance2-90
      description: |
        Must be a valid Rackspace Cloud Server flavor for the region you have
        selected to deploy into.
 
 # Chef Parameters #
  chef_server_url:
    label: Chef Server URL
    description: |
       Optional: Chef Server URL. Defaults to None, but the BASH script will
       infer the Managed Chef URL from the organization
    type: string
    default: ''
 
  chef_version:
    label: version
    description: |
      Optional: Version of Chef Client to use
    type: string
    default: latest
 
  encrypted_data_bag_secret:
    label: encrypted_data_bag_secret
    description: |
      Required: Encrypted Data Bag Secret
    type: string
    default: ''
 
  environment:
    label: Environment
    description: |
      Required: Chef environment
    type: string
    default: ''
 
  organization:
    label: Organization
    description: |
      Required: Chef organization
    type: string
    default: ''
 
  role:
    label: Role
    description: |
      Optional: Chef Role. Will default to "production"
    type: string
    default: ''
 
  validation_key:
    label: Chef Validation Key
    description: |
      Required: chef-client will attempt to use the private key assigned to the
      chef-validator, located in /etc/chef/validation.pem. If, for any reason,
      the chef-validator is unable to make an authenticated request to the
      Chef server, the initial chef-client run will fail.
    type: string
    default: ''
 
 # END PARAMS SECTION ###########################################
 
 # START RESOURCES SECTION ######################################
 resources:
 
  ssh_key:
    type: "OS::Nova::KeyPair"
    properties:
      name: { get_param: "OS::stack_id" }
      save_private_key: true
 
 # Kibana Load Balancer
  kibana_loadbalancer:
    type: Rackspace::Cloud::LoadBalancer
    properties:
      name: { get_param: kibana_loadbalancer_name }
      metadata:
        rax-heat: { get_param: "OS::stack_id" }
      nodes: []
      protocol: HTTPS
      port: 443
      virtualIps:
        - {"type": "PUBLIC", "ipVersion": "IPV4"}
 
 # Kibana Web Servers #
  kibana_as_group:
    type: Rackspace::AutoScale::Group
    properties:
      groupConfiguration:
        name: kibana_as_group
        cooldown: 10
        minEntities: 2
        maxEntities: 10
      launchConfiguration:
        type: launch_server
        args:
          server:
            name: { get_param: kibana_hostname }
            imageRef: { get_param: kibana_image }
            flavorRef: { get_param: kibana_flavor }
            key_name: { get_resource: ssh_key }
            config_drive: true
            metadata:
              hotness_factor: "100"
              rax-heat: { get_param: "OS::stack_id" }
            networks:
              - uuid: "00000000-0000-0000-0000-000000000000"
              - uuid: "11111111-1111-1111-1111-111111111111"
            user_data:
              str_replace:
                template: |
                  #!/bin/bash
 
                  # Exit script if any command fails
                  set -e
                  set -o pipefail
 
                  LOGFILE="/var/log/cloud-init-chef-bootstrap.setup.$$"
 
                  # Initial timestamp and debug information
                  date > $LOGFILE
                  echo 'Starting cloud-init bootstrap' >> $LOGFILE
 
                  # Infer the Chef Server's URL if none was passed
                  CHEFSERVERURL='%chef_server_url%'
                  if [ -n $CHEFSERVERURL ]; then
                    echo 'chef_server_url parameter: not passed' >> $LOGFILE
                    CHEFSERVERURL='https://api.opscode.com/organizations/%organization%'
                  else
                    echo "chef_server_url parameter: $CHEFSERVERURL" >> $LOGFILE
                    CHEFSERVERURL='%chef_server_url%'
                  fi
                  echo 'chef_version parameter: %chef_version%' >> $LOGFILE
                  echo 'organization parameter: %organization%' >> $LOGFILE
                  echo 'role parameter: %role%' >> $LOGFILE
 
                  # Store the validation key in /etc/chef/validator.pem
                  echo 'Storing validation key in /etc/chef/validator.pem' >> $LOGFILE
                  mkdir /etc/chef /var/log/chef &>/dev/null
                  echo -e '%validation_key%' >/etc/chef/validator.pem
 
                  # Cook a minimal client.rb for getting the chef-client registered
                  echo 'Creating a minimal /etc/chef/client.rb' >> $LOGFILE
                  cat >/etc/chef/client.rb <<EOF
                    log_level        :info
                    log_location     STDOUT
                    chef_server_url  "$CHEFSERVERURL"
                    validation_key         "/etc/chef/validator.pem"
                    validation_client_name "%organization%-validator"
                  EOF
 
                  # Cook the first boot file
                  echo "Creating a minimal /etc/chef/first-boot.json" >> $LOGFILE
                  touch /etc/chef/first-boot.json
                  cat >/etc/chef/first-boot.json <<EOF
                  {"environment": "%environment%","run_list":["role[%role%]"]}
                  EOF
 
                  # Create the encrypted data bag file
                  echo 'Creating an encrypted data bag file in /etc/chef/encrypted_data_bag_secret' >> $LOGFILE
                  echo -e '%encrypted_data_bag_secret%' > /etc/chef/encrypted_data_bag_secret
 
                  # Install chef-client through omnibus (if not already available)
                  # Adjust to install the latest vs. a particular version
                  # TODO: if ! (hash 'chef-client' 2>/dev/null); then
                  #if [ ! -x /usr/bin/chef-client ]; then
                  echo 'Installing Chef using Omnibus installer' >> $LOGFILE
 
                  # Try "curl" first
                  # TODO: if hash 'curl' 2>/dev/null; then
                  if [ -x /usr/bin/curl ]; then
                    curl -L https://www.opscode.com/chef/install.sh | bash -s -- -v %chef_version% &>$LOGFILE
                  # Otherwise try "wget"
                  # TODO: elif hash 'wget' 2>/dev/null; then
                  elif [ -x /usr/bin/wget ]; then
                    wget -qO- https://www.opscode.com/chef/install.sh | bash -s -- -v %chef_version% &>$LOGFILE
                  else
                    echo 'Neither curl or wget are available' >> $LOGFILE
                  fi
 
                  # Kick off the first chef run
                  # TODO: if hash 'chef-client' 2>/dev/null; then
                  if [ -x /usr/bin/chef-client ]; then
                    echo 'Executing the first chef-client run' >> $LOGFILE
                    chef-client -j /etc/chef/first-boot.json
                  else
                    echo 'Failed to install Chef using Omnibus installer' >> $LOGFILE
                  fi
 
                  # Script complete. Log final timestamp
                  date >> $LOGFILE
 
                params:
                  "%chef_server_url%": { get_param: chef_server_url}
                  "%chef_version%": { get_param: chef_version}
                  "%encrypted_data_bag_secret%": { get_param: encrypted_data_bag_secret}
                  "%environment%": { get_param: environment}
                  "%organization%": { get_param: organization}
                  "%role%": { get_param: role}
                  "%validation_key%": { get_param: validation_key }
          loadBalancers:
            -
              loadBalancerId: { get_resource: kibana_loadbalancer }
              port: 443
 
  kibana_as_group_inc_policy_01:
    type: Rackspace::AutoScale::ScalingPolicy
    properties:
      group: { get_resource: kibana_as_group }
      name: "Add capacity to Kibana"
      change: 1
      cooldown: 59
      type: webhook
 
  kibana_as_group_dec_policy_01:
    type: Rackspace::AutoScale::ScalingPolicy
    properties:
      group: {get_resource: kibana_as_group }
      name: "Remove capacity from Kibana"
      change: -1
      cooldown: 59
      type: webhook
 
  kibana_as_group_inc_policy_01_inc_webhook_01:
    type: Rackspace::AutoScale::WebHook
    properties:
      policy: { get_resource: kibana_as_group_inc_policy_01 }
      name: "Add capacity to Kibana - Webhook"
      metadata:
        is_cool: "true"
        rax-heat: { get_param: "OS::stack_id" }
 
  kibana_as_group_dec_policy_01_dec_webhook_01:
    type: Rackspace::AutoScale::WebHook
    properties:
      policy: { get_resource: kibana_as_group_dec_policy_01 }
      name: "Remove capacity from Kibana - Webhook"
      metadata:
        is_cool: "false"
        rax-heat: { get_param: "OS::stack_id" }
 
 # END RESOURCES SECTION ########################################
	heat_template_version: 2013-05-23

	description: \|
	ELK stack Unlocked 18th November 2014

	# START OUTPUT SECTION ###########################################
	outputs:
	load_balancer_ip:
	value: { get_attr: [kibana_loadbalancer, PublicIp] }
	description: Kibana Load Balancer public IP
	private_key:
	value: { get_attr: [ssh_key, private_key] }
	description: "SSH Private Key"
	web_increment_url:
	description: POST to this URL to add capacity to Kibana
	value: {get_attr: [kibana_as_group_inc_policy_01_inc_webhook_01, capabilityUrl]}
	web_decrement_url:
	description: POST to this URL to remove capacity from Kibana
	value: {get_attr: [kibana_as_group_dec_policy_01_dec_webhook_01, capabilityUrl]}
	# END OUTPUT SECTION #############################################


	# START PARAMS SECTION ###########################################
	parameter_groups:

	- label: Kibana load balancer parameters
	parameters:
	- kibana_loadbalancer_name

	- label: Kibana servers parameters
	parameters:
	- kibana_hostname
	- kibana_image
	- kibana_flavor

	- label: Chef parameters
	parameters:
	- chef_server_url
	- chef_version
	- encrypted_data_bag_secret
	- environment
	- organization
	- role
	- validation_key

	parameters:

	# Kibana load balancer Parameters #
	kibana_loadbalancer_name:
	label: Kibana load balancer name
	description: Cloud Load Balancer's name (listening on port 443)
	type: string
	default: kibana
	constraints:
	- length:
	min: 1
	max: 64
	- allowed_pattern: "^[a-zA-Z][a-zA-Z0-9-]*$"
	description: \|
	Must begin with a letter and contain only alphanumeric characters.

	# Server Parameters #
	kibana_hostname:
	label: Kibana servers name
	description: Kibana servers name
	type: string
	default: elkstack
	constraints:
	- length:
	min: 1
	max: 64
	- allowed_pattern: "^[a-zA-Z][a-zA-Z0-9-]*$"
	description: \|
	Must begin with a letter and contain only alphanumeric characters.

	kibana_image:
	label: Operating system
	description: \|
	Optional: Server image used for the server created
	as a part of this deployment.
	type: string
	default: 598a4282-f14b-4e50-af4c-b3e52749d9f9
	constraints:
	- allowed_values:
	- 70d38a32-5f63-45df-a0e7-7e06fc89370a # CentOS 6.5
	- 7e746552-2212-41d7-b216-a1024b83b0c4 # CentOS 6.5 (PVHVM)
	- bfa5783c-e40e-4668-adc1-feb0ae3d7a46 # CentOS 7 (PVHVM)
	- 7c0fe28a-6e29-4049-83bf-b8ac57608736 # Debian 6 (Squeeze)
	- b279d8e6-1cbd-4e7c-875a-f6dbffc4c4a0 # Debian 7 (Wheezy) (PVHVM)
	- e3015c6f-0103-4bb0-a6ca-59d619f9b645 # Red Hat Enterprise Linux 5.11
	- 8a10a510-ec4c-43db-8b87-6a58438b3f19 # Red Hat Enterprise Linux 6.5
	- ceb5d3d9-5879-4b30-a3d6-9175127d94ac # Red Hat Enterprise Linux 6.5 (PVHVM)
	- cca73d10-8953-4949-a2f2-1e5444a4130d # Ubuntu 12.04 LTS (Precise Pangolin)
	- a3da5530-71c6-4405-b64f-fd2da99d303c # Ubuntu 12.04 LTS (Precise Pangolin) (PVHVM)
	- a3ba4cf5-70b9-4805-afa2-30d1ab81a625 # Ubuntu 14.04 LTS (Trusty Tahr)
	- 598a4282-f14b-4e50-af4c-b3e52749d9f9 # Ubuntu 14.04 LTS (Trusty Tahr) (PVHVM)
	description: Must be a supported operating system.

	kibana_flavor:
	label: Kibana Server Size
	description: \|
	Optional: Rackspace Cloud Server flavor to use. The size is based on the
	amount of RAM for the provisioned server.
	type: string
	default: performance1-1
	constraints:
	- allowed_values:
	- general1-1
	- general1-2
	- general1-4
	- general1-8
	- io1-120
	- io1-15
	- io1-30
	- io1-60
	- io1-90
	- performance1-1
	- performance1-2
	- performance1-4
	- performance1-8
	- performance2-120
	- performance2-15
	- performance2-30
	- performance2-60
	- performance2-90
	description: \|
	Must be a valid Rackspace Cloud Server flavor for the region you have
	selected to deploy into.

	# Chef Parameters #
	chef_server_url:
	label: Chef Server URL
	description: \|
	Optional: Chef Server URL. Defaults to None, but the BASH script will
	infer the Managed Chef URL from the organization
	type: string
	default: ''

	chef_version:
	label: version
	description: \|
	Optional: Version of Chef Client to use
	type: string
	default: latest

	encrypted_data_bag_secret:
	label: encrypted_data_bag_secret
	description: \|
	Required: Encrypted Data Bag Secret
	type: string
	default: ''

	environment:
	label: Environment
	description: \|
	Required: Chef environment
	type: string
	default: ''

	organization:
	label: Organization
	description: \|
	Required: Chef organization
	type: string
	default: ''

	role:
	label: Role
	description: \|
	Optional: Chef Role. Will default to "production"
	type: string
	default: ''

	validation_key:
	label: Chef Validation Key
	description: \|
	Required: chef-client will attempt to use the private key assigned to the
	chef-validator, located in /etc/chef/validation.pem. If, for any reason,
	the chef-validator is unable to make an authenticated request to the
	Chef server, the initial chef-client run will fail.
	type: string
	default: ''

	# END PARAMS SECTION ###########################################

	# START RESOURCES SECTION ######################################
	resources:

	ssh_key:
	type: "OS::Nova::KeyPair"
	properties:
	name: { get_param: "OS::stack_id" }
	save_private_key: true

	# Kibana Load Balancer
	kibana_loadbalancer:
	type: Rackspace::Cloud::LoadBalancer
	properties:
	name: { get_param: kibana_loadbalancer_name }
	metadata:
	rax-heat: { get_param: "OS::stack_id" }
	nodes: []
	protocol: HTTPS
	port: 443
	virtualIps:
	- {"type": "PUBLIC", "ipVersion": "IPV4"}

	# Kibana Web Servers #
	kibana_as_group:
	type: Rackspace::AutoScale::Group
	properties:
	groupConfiguration:
	name: kibana_as_group
	cooldown: 10
	minEntities: 2
	maxEntities: 10
	launchConfiguration:
	type: launch_server
	args:
	server:
	name: { get_param: kibana_hostname }
	imageRef: { get_param: kibana_image }
	flavorRef: { get_param: kibana_flavor }
	key_name: { get_resource: ssh_key }
	config_drive: true
	metadata:
	hotness_factor: "100"
	rax-heat: { get_param: "OS::stack_id" }
	networks:
	- uuid: "00000000-0000-0000-0000-000000000000"
	- uuid: "11111111-1111-1111-1111-111111111111"
	user_data:
	str_replace:
	template: \|
	#!/bin/bash

	# Exit script if any command fails
	set -e
	set -o pipefail

	LOGFILE="/var/log/cloud-init-chef-bootstrap.setup.$$"

	# Initial timestamp and debug information
	date > $LOGFILE
	echo 'Starting cloud-init bootstrap' >> $LOGFILE

	# Infer the Chef Server's URL if none was passed
	CHEFSERVERURL='%chef_server_url%'
	if [ -n $CHEFSERVERURL ]; then
	echo 'chef_server_url parameter: not passed' >> $LOGFILE
	CHEFSERVERURL='https://api.opscode.com/organizations/%organization%'
	else
	echo "chef_server_url parameter: $CHEFSERVERURL" >> $LOGFILE
	CHEFSERVERURL='%chef_server_url%'
	fi
	echo 'chef_version parameter: %chef_version%' >> $LOGFILE
	echo 'organization parameter: %organization%' >> $LOGFILE
	echo 'role parameter: %role%' >> $LOGFILE

	# Store the validation key in /etc/chef/validator.pem
	echo 'Storing validation key in /etc/chef/validator.pem' >> $LOGFILE
	mkdir /etc/chef /var/log/chef &>/dev/null
	echo -e '%validation_key%' >/etc/chef/validator.pem

	# Cook a minimal client.rb for getting the chef-client registered
	echo 'Creating a minimal /etc/chef/client.rb' >> $LOGFILE
	cat >/etc/chef/client.rb <<EOF
	log_level :info
	log_location STDOUT
	chef_server_url "$CHEFSERVERURL"
	validation_key "/etc/chef/validator.pem"
	validation_client_name "%organization%-validator"
	EOF

	# Cook the first boot file
	echo "Creating a minimal /etc/chef/first-boot.json" >> $LOGFILE
	touch /etc/chef/first-boot.json
	cat >/etc/chef/first-boot.json <<EOF
	{"environment": "%environment%","run_list":["role[%role%]"]}
	EOF

	# Create the encrypted data bag file
	echo 'Creating an encrypted data bag file in /etc/chef/encrypted_data_bag_secret' >> $LOGFILE
	echo -e '%encrypted_data_bag_secret%' > /etc/chef/encrypted_data_bag_secret

	# Install chef-client through omnibus (if not already available)
	# Adjust to install the latest vs. a particular version
	# TODO: if ! (hash 'chef-client' 2>/dev/null); then
	#if [ ! -x /usr/bin/chef-client ]; then
	echo 'Installing Chef using Omnibus installer' >> $LOGFILE

	# Try "curl" first
	# TODO: if hash 'curl' 2>/dev/null; then
	if [ -x /usr/bin/curl ]; then
	curl -L https://www.opscode.com/chef/install.sh \| bash -s -- -v %chef_version% &>$LOGFILE
	# Otherwise try "wget"
	# TODO: elif hash 'wget' 2>/dev/null; then
	elif [ -x /usr/bin/wget ]; then
	wget -qO- https://www.opscode.com/chef/install.sh \| bash -s -- -v %chef_version% &>$LOGFILE
	else
	echo 'Neither curl or wget are available' >> $LOGFILE
	fi

	# Kick off the first chef run
	# TODO: if hash 'chef-client' 2>/dev/null; then
	if [ -x /usr/bin/chef-client ]; then
	echo 'Executing the first chef-client run' >> $LOGFILE
	chef-client -j /etc/chef/first-boot.json
	else
	echo 'Failed to install Chef using Omnibus installer' >> $LOGFILE
	fi

	# Script complete. Log final timestamp
	date >> $LOGFILE

	params:
	"%chef_server_url%": { get_param: chef_server_url}
	"%chef_version%": { get_param: chef_version}
	"%encrypted_data_bag_secret%": { get_param: encrypted_data_bag_secret}
	"%environment%": { get_param: environment}
	"%organization%": { get_param: organization}
	"%role%": { get_param: role}
	"%validation_key%": { get_param: validation_key }
	loadBalancers:
	-
	loadBalancerId: { get_resource: kibana_loadbalancer }
	port: 443

	kibana_as_group_inc_policy_01:
	type: Rackspace::AutoScale::ScalingPolicy
	properties:
	group: { get_resource: kibana_as_group }
	name: "Add capacity to Kibana"
	change: 1
	cooldown: 59
	type: webhook

	kibana_as_group_dec_policy_01:
	type: Rackspace::AutoScale::ScalingPolicy
	properties:
	group: {get_resource: kibana_as_group }
	name: "Remove capacity from Kibana"
	change: -1
	cooldown: 59
	type: webhook

	kibana_as_group_inc_policy_01_inc_webhook_01:
	type: Rackspace::AutoScale::WebHook
	properties:
	policy: { get_resource: kibana_as_group_inc_policy_01 }
	name: "Add capacity to Kibana - Webhook"
	metadata:
	is_cool: "true"
	rax-heat: { get_param: "OS::stack_id" }

	kibana_as_group_dec_policy_01_dec_webhook_01:
	type: Rackspace::AutoScale::WebHook
	properties:
	policy: { get_resource: kibana_as_group_dec_policy_01 }
	name: "Remove capacity from Kibana - Webhook"
	metadata:
	is_cool: "false"
	rax-heat: { get_param: "OS::stack_id" }

	# END RESOURCES SECTION ########################################