openshift · vanhalenar · Sep 26, 2024 · Sep 26, 2024 · Oct 2, 2024 · Oct 3, 2024
diff --git a/scripts/aws/cf-gen.yaml b/scripts/aws/cf-gen.yaml
@@ -0,0 +1,269 @@
+AWSTemplateFormatVersion: 2010-09-09
+Description: Template for RHEL machine Launch
+Conditions:
+  AddSecondaryVolume: !Not [!Equals [!Ref EC2Type, 'MetalMachine']]
+Mappings:
+ VolumeSize:
+   MetalMachine:
+     PrimaryVolumeSize: "300"
+     SecondaryVolumeSize: "0"
+     Throughput: 500
+     Iops: 6000
+   VirtualMachine:
+     PrimaryVolumeSize: "200"
+     SecondaryVolumeSize: "10"
+     Throughput: 125
+     Iops: 3000
+Parameters:
+  EC2Type:
+    Default: 'VirtualMachine'
+    Type: String
+  VpcCidr:
+    AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-4]))$
+    ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-24.
+    Default: 10.192.0.0/16
+    Description: CIDR block for VPC.
+    Type: String
+  PublicSubnetCidr:
+    Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone
+    Type: String
+    Default: 10.192.10.0/24
+  AmiId:
+    Description: Current RHEL AMI to use.
+    Type: AWS::EC2::Image::Id
+  Machinename:
+    AllowedPattern: ^([a-zA-Z][a-zA-Z0-9\-]{0,26})$
+    MaxLength: 27
+    MinLength: 1
+    ConstraintDescription: Machinename
+    Description: Machinename
+    Type: String
+    Default: rhel-testbed-ec2-instance
+  HostInstanceType:
+    Default: t2.medium
+    Type: String
+  PublicKeyString:
+    Type: String
+    Description: The public key used to connect to the EC2 instance
+  StackLaunchTemplate:
+    Type: String
+    Description: The name of the launch template
+
+Metadata:
+  AWS::CloudFormation::Interface:
+    ParameterGroups:
+    - Label:
+        default: "Host Information"
+      Parameters:
+      - HostInstanceType
+    - Label:
+        default: "Network Configuration"
+      Parameters:
+      - PublicSubnet
+    ParameterLabels:
+      PublicSubnet:
+        default: "Worker Subnet"
+      HostInstanceType:
+        default: "Worker Instance Type"
+
+Resources:
+## VPC Creation
+
+  RHELVPC:
+    Type: AWS::EC2::VPC
+    Properties:
+      CidrBlock: !Ref VpcCidr
+      EnableDnsHostnames: true
+      EnableDnsSupport: true
+      Tags:
+        - Key: Name
+          Value: RHELVPC
+
+## Setup internet access
+
+  RHELInternetGateway:
+    Type: AWS::EC2::InternetGateway
+    Properties:
+      Tags:
+        - Key: Name
+          Value: RHELInternetGateway
+
+  RHELGatewayAttachment:
+    Type: AWS::EC2::VPCGatewayAttachment
+    Properties:
+      VpcId: !Ref RHELVPC
+      InternetGatewayId: !Ref RHELInternetGateway
+
+  RHELPublicSubnet:
+    Type: AWS::EC2::Subnet
+    Properties:
+      VpcId: !Ref RHELVPC
+      CidrBlock: !Ref PublicSubnetCidr
+      MapPublicIpOnLaunch: true
+      Tags:
+        - Key: Name
+          Value: RHELPublicSubnet
+
+  RHELNatGatewayEIP:
+    Type: AWS::EC2::EIP
+    DependsOn: RHELGatewayAttachment
+    Properties:
+      Domain: vpc
+  RHELNatGateway:
+    Type: AWS::EC2::NatGateway
+    Properties:
+      AllocationId: !GetAtt RHELNatGatewayEIP.AllocationId
+      SubnetId: !Ref RHELPublicSubnet
+
+  RHELRouteTable:
+    Type: AWS::EC2::RouteTable
+    Properties:
+      VpcId: !Ref RHELVPC
+      Tags:
+        - Key: Name
+          Value: RHELRouteTable
+
+  RHELPublicRoute:
+    Type: AWS::EC2::Route
+    DependsOn: RHELGatewayAttachment
+    Properties:
+      RouteTableId: !Ref RHELRouteTable
+      DestinationCidrBlock: "0.0.0.0/0"
+      GatewayId: !Ref RHELInternetGateway
+
+  RHELPublicSubnetRouteTableAssociation:
+    Type: AWS::EC2::SubnetRouteTableAssociation
+    Properties:
+      RouteTableId: !Ref RHELRouteTable
+      SubnetId: !Ref RHELPublicSubnet
+
+## Setup EC2 Roles and security
+
+  RHELIamRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+        - Effect: "Allow"
+          Principal:
+            Service:
+            - "ec2.amazonaws.com"
+          Action:
+          - "sts:AssumeRole"
+      Path: "/"
+
+  RHELInstanceProfile:
+    Type: "AWS::IAM::InstanceProfile"
+    Properties:
+      Path: "/"
+      Roles:
+      - Ref: "RHELIamRole"
+
+  RHELSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: RHEL Host Security Group
+      SecurityGroupIngress:
+      - IpProtocol: icmp
+        FromPort: -1
+        ToPort: -1
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: tcp
+        FromPort: 22
+        ToPort: 22
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: tcp
+        FromPort: 80
+        ToPort: 80
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: tcp
+        FromPort: 443
+        ToPort: 443
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: tcp
+        FromPort: 5353
+        ToPort: 5353
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: tcp
+        FromPort: 5678
+        ToPort: 5678
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: tcp
+        FromPort: 6443
+        ToPort: 6443
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: tcp
+        FromPort: 30000
+        ToPort: 32767
+        CidrIp: 0.0.0.0/0
+      - IpProtocol: udp
+        FromPort: 30000
+        ToPort: 32767
+        CidrIp: 0.0.0.0/0
+      VpcId: !Ref RHELVPC
+
+  rhelLaunchTemplate:
+    Type: AWS::EC2::LaunchTemplate
+    Properties:
+      LaunchTemplateName: !Ref StackLaunchTemplate
+      LaunchTemplateData:
+        BlockDeviceMappings:
+        - DeviceName: /dev/sda1
+          Ebs:
+            VolumeSize: !FindInMap [VolumeSize, !Ref EC2Type, PrimaryVolumeSize]
+            VolumeType: gp3
+            Throughput: !FindInMap [VolumeSize, !Ref EC2Type, Throughput]
+            Iops: !FindInMap [VolumeSize, !Ref EC2Type, Iops]
+        - !If
+          - AddSecondaryVolume
+          - DeviceName: /dev/sdc
+            Ebs:
+              VolumeSize: !FindInMap [VolumeSize, !Ref EC2Type, SecondaryVolumeSize]
+              VolumeType: gp3
+          - !Ref AWS::NoValue
+
+  RHELInstance:
+    Type: AWS::EC2::Instance
+    Properties:
+      ImageId: !Ref AmiId
+      LaunchTemplate:
+        LaunchTemplateName: !Ref StackLaunchTemplate
+        Version: !GetAtt rhelLaunchTemplate.LatestVersionNumber
+      IamInstanceProfile: !Ref RHELInstanceProfile
+      InstanceType: !Ref HostInstanceType
+      NetworkInterfaces:
+      - AssociatePublicIpAddress: "True"
+        DeviceIndex: "0"
+        GroupSet:
+        - !GetAtt RHELSecurityGroup.GroupId
+        SubnetId: !Ref RHELPublicSubnet
+      Tags:
+      - Key: Name
+        Value: !Join ["", [!Ref Machinename]]
+      PrivateDnsNameOptions:
+        EnableResourceNameDnsARecord: true
+        HostnameType: resource-name
+      UserData:
+        Fn::Base64: !Sub |
+          #!/bin/bash -xe
+          echo "====== Authorizing public key ======" | tee -a /tmp/init_output.txt
+          echo "\${PublicKeyString}" >> /home/ec2-user/.ssh/authorized_keys
+          # Use the same defaults as OCP to avoid failing requests to apiserver, such as
+          # requesting logs.
+          echo "====== Updating inotify =====" | tee -a /tmp/init_output.txt
+          echo "fs.inotify.max_user_watches = 65536" >> /etc/sysctl.conf
+          echo "fs.inotify.max_user_instances = 8192" >> /etc/sysctl.conf
+          sysctl --system |& tee -a /tmp/init_output.txt
+          sysctl -a |& tee -a /tmp/init_output.txt
+
+Outputs:
+  InstanceId:
+    Description: RHEL Host Instance ID
+    Value: !Ref RHELInstance
+  PrivateIp:
+    Description: The bastion host Private DNS, will be used for cluster install pulling release image
+    Value: !GetAtt RHELInstance.PrivateIp
+  PublicIp:
+    Description: The bastion host Public IP, will be used for registering minIO server DNS
+    Value: !GetAtt RHELInstance.PublicIp